Comtrol RocketLinx MP1204-XT User Manual Download | Manualshive

Page: 84 / 414

background image

84 - Configuration Pages

RocketLinx MP1204-XT User Guide

: 2000644 Rev. A

Security | Network | NAS

RADIUS-Assigned
VLAN Enabled

When

RADIUS-Assigned VLAN

is both globally enabled and enabled (checked) for a

given port, the MP1204-XT reacts to VLAN ID information carried in the RADIUS
Access-Accept packet transmitted by the RADIUS server when a supplicant is
successfully authenticated. If present and valid, the ports

Port VLAN ID

is changed

to this VLAN ID, the port is set to be a member of that VLAN ID, and the port is
forced into VLAN unaware mode. Once assigned, all traffic arriving on the port is
classified and switched on the RADIUS-assigned VLAN ID.

If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a
VLAN ID or its invalid, or the supplicant is otherwise no longer present on the
port, the ports VLAN ID is immediately reverted to the original VLAN ID (which
may be changed by the administrator in the meanwhile without affecting the
RADIUS-assigned).

This option is only available for single-client modes:

•

Port-based 802.1X

•

Single 802.1X

For troubleshooting VLAN assignments, use the

Monitor | VLANs | VLAN

Membership

and

VLAN Port

pages. These pages show which modules have

(temporarily) overridden the current Port VLAN configuration.

RADIUS attributes used in identifying a VLAN ID; RFC2868 and RFC3580 form
the basis for the attributes used in identifying a VLAN ID in an Access-Accept
packet. The following criteria are used:

•

The T

unnel-Medium-Type

,

Tunnel-Type

, and

Tunnel-Private-Group-ID

attributes

must all be present at least once in the Access-Accept packet.

•

The MP1204-XT looks for the first set of these attributes that have the same
Tag value and fulfill the following requirements (if Tag == 0 is used, the

Tunnel-Private-Group-ID

does not need to include a

Tag

):

•

Value of

Tunnel-Medium-Type

must be set to IEEE-802 (ordinal 6).

•

Value of

Tunnel-Type

must be set to VLAN (ordinal 13).

•

Value of

Tunnel-Private-Group-ID

must be a string of ASCII chars in the range

0 - 9, which is interpreted as a decimal string representing the VLAN ID.
Leading 0s are discarded. The final value must be in the range [1; 4095].

Item

Configuration | Security | Network | NAS (Continued)

«
...
82
83
84
85
86
...
»

Summary of Contents for RocketLinx MP1204-XT

Page 1: ...RocketLinx MP1204 XT Industrial PoE Managed Switch 8 Gigabit Copper Ports 4 Gigabit SFP Ports User Guide ...

Page 2: ...21 2018 Copyright 2018 Comtrol Corporation All Rights Reserved Comtrol Corporation makes no representations or warranties with regard to the contents of this document or to the suitability of the Comtrol product for any particular purpose Specifications are subject to change without notice Some software or features may not be available at the time of publication Contact your reseller for current p...

Page 3: ... IP Address 29 Using the Console Port 29 Using Telnet to Configure the IP Address 30 Using the Web Interface to Configure the IP Address 31 Web Interface Overview 33 Logging Into the MP1204 XT 33 Navigational Menus 34 Common Buttons 34 Ending a Session 35 Configuration Pages 37 Configuration System Menus 37 System Information 37 System IP 38 System NTP 40 System Time 41 System Log 44 System Alarm ...

Page 4: ...s 87 Security Network ACL Ports 87 Security Network ACL Rate Limiters 89 Security Network ACL Access Control List 90 Security Network IP Source Guard Menus 100 Security Network IP Source Guard Configuration 100 Security Network IP Source Guard Static Table 101 Security Network ARP Inspection Menus 101 Security Network ARP Inspection Port Configuration 102 Security Network ARP Inspection VLAN Confi...

Page 5: ...te VLANs Menu 147 Private VLANs Membership 147 Private VLANs Port Isolation 148 Configuration VCL Menu 148 VCL MAC Based VLAN 149 VCL Protocol Based VLAN Menu 150 VCL Protocol Based VLAN Protocol to Group 150 VCL Protocol Based VLAN Group to VLAN 151 VCL IP Subnet Based VLAN 152 Configuration Voice VLAN Menu 153 Voice VLAN Configuration 153 Voice VLAN OUI 155 Configuration QoS Menu 155 QoS Port Cl...

Page 6: ...tics 200 Security Network Sub Menus 200 Security Network Port Security Switch 201 Security Network Port Security Port 203 Security Network NAS Switch 204 NAS Admin State 205 Security Network NAS Port 207 Security Network ACL Status 210 Security Network ARP Inspection 211 Security Network IP Source Guard 212 Security AAA Sub Menus 213 Security AAA RADIUS Overview 213 Security AAA RADIUS Details 214...

Page 7: ...bors 238 LLDP PoE 241 LLDP EEE 242 LLDP Port Statistics 244 Monitor PoE 246 Monitor MAC Table 248 Monitor VLANs 249 VLANs Membership 249 VLANs Ports 250 Monitor sFlow 252 Monitor RingV2 253 Monitor DDMI 254 DDMI Overview 254 DDMI Detailed 255 Diagnostics Pages 257 Ping 257 Ping6 258 VeriPhy 259 Maintenance Pages 261 Maintenance Restart Device 261 Maintenance Factory Defaults 261 Using the Web Inte...

Page 8: ...ow green ethernet 275 show ip 275 show ipmc 276 show ipv6 276 show lacp 277 show line 277 show logging 277 show loop protec 277 show ntp status 278 show users 278 show running cfg 278 show running config interface Gigabit 278 show running config interface vlan 278 show running config all defautls 279 show running config feature 279 show running config line 279 show running config vlan 280 show ver...

Page 9: ...291 show interface ports portNo priority 291 show qos 291 show queue shaper 291 show port shaper 292 show pvlan pvlan_list 292 show pvlan isolation interface port_type port_type_list 292 show interface gigabit portNo port isolation 292 show interface gigabit portNo storm control 293 show interface gigabit portNo transceiver 293 show qos interface 293 show qos maps 294 show qos qce 294 show qos sto...

Page 10: ...able disable 304 configuration save and replace 305 clear ip igmp snooping statistics 305 clear logging 305 clear mac address table 305 debug 306 delete 306 dir 306 do 306 duplex 307 editing 307 firmware 307 flowcontrol 307 frame sizes 308 green etherneteee 308 green etherneteee optimize for power 308 green etherneteee urgent queues 308 help 309 iparp inspection 309 ip arp inspection translate 309...

Page 11: ...tor source cpu 321 speed 321 tacacs server host 321 tacacs server key 322 tacacs server timeout 322 traps 322 upnp 322 upnp advertising duration 323 upnp ttl 323 username 323 web 324 flow control enable disble 324 speed 325 port enable disable 325 Date Time 325 VLAN Commands 326 vlan 326 vlan ethertype s custom port 326 vlan protocol 327 vlan trunking 327 switchport access vlan 327 switchport forb...

Page 12: ...ee auto edge 336 spanning tree bpdu guard 336 spanning tree edge 336 spanning tree edge bpdu filter 337 spanning tree mode 337 spanning tree mst cost 337 spanning tree mst port priority 338 spanning tree mst priority 338 spanning tree mst vlan 338 spanning tree mst forward time 338 spanning tree mst max age 339 spanning tree mst max hops 339 spanning tree mst name 339 spanning tree mst instance 34...

Page 13: ... 352 qos queue policer 352 qos shaper unit 352 IGMP Functional Commands 353 ip igmp host proxy leave proxy 353 ip igmp snooping 353 ip igmp snooping immediate leave 353 ip igmp snooping last member query interval 353 ip igmp snooping max groups 354 ip igmp snooping mrouter 354 ip igmp snooping querier 354 ip igmp snooping query interval 354 ip igmp snooping vlan 355 ip igmp ssm range 355 ip igmp u...

Page 14: ...bute 4 363 radius server attribute 95 363 radius server deadtime 363 radius server host auth port acct port timeout retransmit key 364 radius server key 364 radius server retransmit 364 radius server timeout 364 tacacs server deadtime 1 1440 365 tacacs server host auth port timeout key 365 tacacs server deadtime 1 1440 365 tacacs server deadtime 1 1440 365 dot1x feature 366 dot1x authentication ti...

Page 15: ...re Commands 377 gvrp 377 gvrpjoin request vlan 377 gvrpleave request vlan 377 gvrp max vlans 377 gvrp time join time 1 20 leave time 60 300 leave all time 1000 50 378 Voice VLAN Configure Commands 379 voice vlan 379 voice vlan aging time 379 voice vlan class 379 voice vlan oui 380 voice vlan vid 380 Profile Alarm Commands 381 profile alarm 381 alarm 381 PoE Commands 382 poe management mode 382 poe...

Page 16: ...p Precedence Level 389 DSA 389 DSCP 389 E 390 ECE 390 EEE 390 EPS 390 ERPS 390 Ethernet Type 390 EVC 390 F 391 FTP 391 Fast Leave 391 G 392 GARP 392 GVRP 392 H 393 HQoS 393 HTTP 393 HTTPS 393 I 394 ICMP 394 IEEE 802 1X 394 IGMP 394 IGMP Querier 394 IMAP 394 IP 394 IPMC 395 IPMC Profile 395 IP Source Guard 395 IVL 395 J 396 JSON 396 L 397 LACP 397 LLC 397 LLDP 397 LLDP MED 397 LLQI 397 LOC 397 M 39...

Page 17: ...01 Optional TLVs 401 OUI 401 P 402 PCP 402 PD 402 PHY 402 PING 402 PoE 402 Policer 402 POP3 402 PPPoE 403 POST 403 Private VLAN 403 PTP 403 Q 404 QCE 404 QCL 404 QL 404 QoS 404 QoS class 404 Querier Election 404 R 405 RARP 405 RADIUS 405 RDI 405 RFC2544 405 Router Port 405 RSA 405 RSTP 405 S 406 SAMBA 406 sFlows 406 SHA 406 Shaper 406 SMTP 406 SNAP 406 SNMP 406 SNTP 407 SSID 407 SSH 407 SSM 407 ...

Page 18: ...07 Switch ID 407 SyncE 407 T 408 TACACS 408 Tag Priority 408 TCP 408 TELNET 408 TFTP 408 ToS 408 TLV 409 TKIP 409 TT LOOP 409 U 410 UDLD 410 UDP 410 UPnP 410 V 411 VLAN 411 VLAN ID 411 Voice VLAN 411 W 412 WEP 412 WiFi 412 WPA 412 WPA PSK 412 WPA Radius 412 WPS 412 WRED 413 WTR 413 Y 413 Y 1564 413 ...

Page 19: ...wer consumption does not exceed parameters that you define This includes power budget control functions to limit power output on devices not reporting correct consumption rates and device priority options to guarantee power to critical devices while avoiding power supply overloads The MP1204 XT is equipped with full Layer 2 management capabilities to provide the most flexible network configuration...

Page 20: ...y 128 ACE 256 ICMP Type Code 255 RADIUS Server 5 TACACS Server 5 MAC based VLAN Entry 256 IP subnet based VLAN Entry 128 Protocol based VLAN Group 125 Voice VLAN OUI 16 QCE 256 IP Interface 8 IP Route 32 Security Access Management 16 MVR VLAN 4 MAC Learning table address 8k IGMP Group 256 Function Name System Maximum Value ...

Page 21: ...and PWR2 must use the same mode Note Power should be disconnected from the power supply before connecting it to the MP1204 XT Otherwise your screwdriver blade can inadvertently short your terminal connections to the grounded enclosure 1 Insert the positive and negative wires into PWR and PWR contacts You can connect a single power supply or both power supplies depending on your requirements 2 Tigh...

Page 22: ...nd Ground The alarm relay output contacts are in the middle of the DC terminal block connector as shown in the figure below The alarm relay output is Normal Open and it is closed when it detects any predefined failure such as power failures or Ethernet link failures Note The relay output with current carrying capacity of 0 5A 24 VDC ...

Page 23: ...iber transceivers and supports both 100 1000 Mbps fiber speed connections Comtrol recommends using Comtrol approved SFP mini GBIC transceivers Note Never attempt to view optical connectors that might be emitting laser energy Do not power up the laser product without connecting the laser to the optical fiber or putting the dust cover in position as laser outputs will emit infrared laser light at th...

Page 24: ... A DIN Rail Mounting DIN Rail Mounting Use the following procedure to mount the MP1204 XT on a DIN rail 1 Attach the DIN clip using the screws in the accessory kit 2 Hook the unit onto the DIN rail 3 Push the bottom of the unit towards the DIN rail until it locks in place ...

Page 25: ...2000644 Rev A Installing the Hardware 25 Wall Mounting Wall Mounting Use the following procedure to mount the MP1204 XT on a wall or panel 1 Screw the wall mount brackets with screws in the accessory kit 2 Mount it to a wall or panel ...

Page 26: ...t link up and there is traffic detected Off Ethernet link down Copper Port Speed On Yellow A 1000Mbps connection is detected Off No link a 10Mbps or 100 Mbps connection is detected SFP Port Link Act On Green Ethernet link up Off Ethernet link down SFP Port Speed On Yellow SFP port speed 1000Mbps connection is detected Off No link or a SFP port speed 100Mbps connection is detected PoE LED On Yellow...

Page 27: ...stem Reset System Reset The Reset button is provided to reboot the system without the need to remove power Under normal circumstances you will not need to reset the MP1204 XT However on rare occasions the MP1204 XT may not respond and then you may need to push the Reset button ...

Page 28: ...28 Installing the Hardware RocketLinx MP1204 XT User Guide 2000644 Rev A System Reset ...

Page 29: ...ettings Use the following procedure to configure the IP address using the Console port Note Use Ctrl h if you need to delete a character or characters to correct a typo 1 Connect the RJ45 male connector to the MP1204 XT console port and connect the RS 232 DB9 female connector cable the COM port 2 Start the terminal emulation software and configure the port as listed above 3 You may need to press E...

Page 30: ...ce to configure the IP address Using the Web Interface to Configure the IP Address on Page 31 Note The default IP address of the MP1204 XT is 192 168 250 250 1 Open the command prompt and enter telnet 192 168 250 250 2 Enter admin as the Username and press the Enter key 3 Enter admin as the Password and press the Enter key 4 Enter enable and press the Enter key 5 Enter configure terminal and press...

Page 31: ...168 250 250 1 Open your browser and enter 192 168 250 250 2 Click Configuration System IP 3 Select the Mode Host or a Router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed between all interfaces Note Refer to the help or System IP on Page 38 for more information about the options on this page 4 If applicable select the appropriate DNS option 5 Enter ...

Page 32: ...32 Configuring the IP Address RocketLinx MP1204 XT User Guide 2000644 Rev A Using the Web Interface to Configure the IP Address ...

Page 33: ...T After programming the IP address you can open the web interface Note The login screen may appear under your browser depending on your browser If you do not see the login screen minimize your browser and enter the user name and password Field Description Username Login user name The maximum length is 32 Default admin Password Login user password The maximum length is 32 Default admin ...

Page 34: ... in the four main menus on the left side of the screen Configuration Monitor Diagnostics Maintenance This illustrates the categories under the main menus Common Buttons The following are not discussed in the upcoming sections because the functionality is the same across all of the pages Buttons Click to save changes Click to revert to previously saved values Click to delete a setting ...

Page 35: ... Overview 35 Ending a Session Ending a Session To end a session close your web browser This prevents an unauthorized user from accessing the system using your user name and password If you logout and leave the browser open another user may access the MP1204 XT ...

Page 36: ...36 Web Interface Overview RocketLinx MP1204 XT User Guide 2000644 Rev A Ending a Session ...

Page 37: ...de together with information on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are per...

Page 38: ... DNS Server This setting controls the DNS name resolution done by the MP1204 XT The following modes are supported No DNS server No DNS server is used Configured IPv4 or IPv6 Explicitly provides the IP address of the DNS Server in dotted decimal notation From any DHCPv4 interfaces The first DNS server offered from a DHCPv4 lease to a DHCP enabled interface is used From this DHCPv4 interface Specify...

Page 39: ...f the interface in dotted decimal notation If DHCP is enabled this field configures the fallback address The field may be left blank if IPv4 operation on the interface is not desired or no DHCP fallback address is desired IPv4 Mask The IPv4 network mask in number of bits prefix length Valid values are between 0 and 30 bits for a IPv4 address If DHCP is enabled this field configures the fallback ad...

Page 40: ...d decimal notation or a valid IPv6 notation Gateway and Network must be of the same type Next Hop VLAN Only for IPv6 The VLAN ID VID of the specific IPv6 interface associated with the gateway The given VID ranges from 1 to 4094 and is effective only when the corresponding IPv6 interface is valid If the IPv6 gateway address is link local it must specify the next hop VLAN for the gateway If the IPv6...

Page 41: ...6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 Item Con...

Page 42: ...me duration Select Disable to disable the Daylight Saving Time configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Recurring Configurations Start time settings Week Select the starting week number Day Select the starti...

Page 43: ...g month Date Select the ending date Year Select the ending year Hours Select the ending hour Minutes Select the ending minute Offset settings Offset Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Date Time Configuration Date Time Settings Year Year of current date time Range 2000 to 2037 Month Month of current date time Date Date of current date time Hours Hour of c...

Page 44: ...s not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet always sends out even if the syslog server does not exist Possible modes are Enabled Enable server mode operation Disabled Disable server mode operation Server Address Indicates the IPv4 host address of the syslog server If the switch supports DNS it also c...

Page 45: ...ed If alarm entry is Enabled then the alarm is shown in the alarm history current when it occurs The Alarm LED is lit the Alarm Relay is also enabled SNMP trap are sent if any SNMP trap entry exists and enabled Disabled If the alarm entry is Disabled then the alarm is not be captured shown in alarm history current when an alarm occurs then it does not trigger the Alarm LED change Alarm Relay and S...

Page 46: ... link The port is power up for short moment in order to determine if cable is inserted PerfectReach Cable length power savings enabled PerfectReach works by determining the cable length and lowering the power for ports with short cables EEE Controls whether EEE is enabled for the MP1204 XT port For maximizing power savings the circuit is not started immediately to transmit data ready for a port bu...

Page 47: ...ion of frames as soon as data is available Otherwise the queue postpones transmission until a burst of frames can be transmitted Item Configuration Ports Port This is the logical port number for this row Link The current link state is displayed graphically Green indicates that the link is up and red that it is down Current Link Speed Provides the current link speed of the port Item Configuration G...

Page 48: ...n 1Gbps full duplex Flow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx sett...

Page 49: ...Enabled Enable DHCP server per system Disabled Disable DHCP server per system VLAN Mode VLAN Range Indicates the VLAN range in which the DHCP server is enabled or disabled The first VLAN ID must be smaller than or equal to the second VLAN ID But if the VLAN range contains only 1 VLAN ID then you can enter it into either one of the first and second VLAN ID or both If you want to disable an existing...

Page 50: ...bled Enable DHCP server per VLAN Disabled Disable DHCP server per VLAN Click to add a new VLAN range Item Configuration DHCP Server Excluded IP IP Range Define the IP range to be excluded IP addresses The first excluded IP must be smaller than or equal to the second excluded IP BUT if the IP range contains only one excluded IP then you can just input it to either one of the first and second exclud...

Page 51: ...tail settings you can click the pool name to go into the configuration page Type Displays which type of the pool it is Network the pool defines a pool of IP addresses to service more than one DHCP client Host the pool services for a specific DHCP client identified by client identifier or hardware address If is displayed it means not defined IP Displays the network number of the DHCP address pool I...

Page 52: ... Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the DHCP request messages are forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted source of the DHCP messages Untrusted Conf...

Page 53: ...id port_no The first four characters represent the VLAN ID the fifth and sixth characters are the module ID 0 and the last two characters are the port number For example 00030108 means that the DHCP message was received from VLAN ID 3 switch ID 1 port No The Option 82 remote ID value is equal the switch MAC address Possible modes are Enabled Enable the DHCP relay information mode operation When DH...

Page 54: ...allows letters numbers and underscores Password The password of the user The allowed string length is 0 to 31 Any printable characters including space is accepted Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups that is that is granted the fully control of the device But others value need to refer to each group...

Page 55: ...RocketLinx MP1204 XT User Guide 2000644 Rev A Configuration Pages 55 Security Switch Privilege Levels Security Switch Privilege Levels This page provides an overview of the user privilege levels ...

Page 56: ... Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Lev...

Page 57: ...d login is not possible local Use the local user database on the switch for authentication radius Use remote RADIUS server s for authentication tacacs Use remote TACACS server s for authentication Methods that involve remote servers are timed out if the remote servers are off line In this case the next method is tried Each method is tried from left to right and continues until a method either appr...

Page 58: ...y Switch HTTPS Mode Indicates the HTTPS mode operation When the current connection is HTTPS to apply HTTPS disabled mode operation automatically redirects web browser to an HTTP connection Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation It only significant if HTTPS mode Enabled is selected A...

Page 59: ... the entry It is deleted during the next save VLAN ID Indicates the VLAN ID for the access management entry Start IP address Indicates the start IP address for the access management entry End IP address Indicates the end IP address for the access management entry HTTP HTTPS Indicates that the host can access the MP1204 XT from HTTP HTTPS interface if the host IP address matches the IP address rang...

Page 60: ...des are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 Read Community Indicates the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allow...

Page 61: ... ID The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed Change of the Engine ID clears all original local users Object Configuration Security Switch SNMP Trap Global Settings Mode Indicates the trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode oper...

Page 62: ...ot or a dash Indicates the SNMP trap destination IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also repre...

Page 63: ...upported version 1 SNMP v2c Set the SNMP trap to the supported version 2c SNMP v3 Set the SNMP trap to the supported version 3 Trap Community Indicates the community access string when sending an SNMP trap packet The allowed string length is 0 to 255 and the allowed content is ASCII characters from 33 to 126 Trap Destination Address Indicates the SNMP trap destination address It allows a valid IP ...

Page 64: ...s are Enabled Enable SNMP trap inform mode operation Disabled Disable SNMP trap inform mode operation Trap Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Trap Probe Security Engine ID Indicates the SNMP trap probe security engine ID mode of operation Possib...

Page 65: ...save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string is treated as a security name and maps a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of source addresses can be used to restrict source ...

Page 66: ...h this user can communicate In other words if the user engine ID equals the system engine ID then it is a local user otherwise it s a remote user User name A string identifying the user name to which this entry should belong The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Level Indicates the security model to which this entry should belong P...

Page 67: ...es AES authentication protocol Privacy Password A string identifying the privacy password phrase The allowed string length is 8 to 32 and the allowed content is ASCII characters from 33 to 126 Click to add a new user entry Item Configuration Security Switch SNMP Groups Delete Check to delete the entry It is deleted during the next save Security Model Indicates the security model to which this entr...

Page 68: ...content is ASCII characters from 33 to 126 View Type Indicates the view type that this entry should belong to Possible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded In general if a view entry s view type is excluded there should be another view entry existing with view t...

Page 69: ...rity models are any Any security model accepted v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The name of ...

Page 70: ...e 73 Security Switch RMON Statistics Use this page to configure the RMON Statistics table The entry index key is ID Item Configuration Security Switch RMON Statistics Delete Check to delete the entry It is deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must a...

Page 71: ... 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is Switch 3 Port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Buckets Indicates the maximum data entries associated this Histor...

Page 72: ...nbound packets that are discarded even the packets are normal InErrors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol InUnknownProtos The number of the inbound packets that were discarded because of the unknown or un support protocol OutOctets The number of octets transmitted out of the interface including framing characters Ou...

Page 73: ... Falling threshold value 2147483648 to 2147483647 Falling Index Falling event index 1 to 65535 Click to add a new access entry Item Configuration Security Switch RMON Event Delete Check to delete the entry It is deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Ind...

Page 74: ...74 Configuration Pages RocketLinx MP1204 XT User Guide 2000644 Rev A Security Switch RMON Event Click to add a new community entry Item Configuration Security Switch RMON Event Continued ...

Page 75: ...Network Limit Control This page allows you to configure the Port Security Limit Control system and port settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one o...

Page 76: ...t is not exceeded Now suppose that the end host logs off or powers down If it was not for aging the end host would still take up resources on the MP1204 XT and is allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the MP1204 XT starts looking for frames from the end host and if such frames are not s...

Page 77: ...or the MP1204 XT 3 Click the Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above are taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The limit is not...

Page 78: ...he network These backend RADIUS servers are configured on the Configuration Security AAA page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and does not require the user to have special 802 1X supplicant software install...

Page 79: ...range 1 to 3600 seconds EAPOL Timeout Determines the time for retransmission of Request Identity EAPOL frames Valid values are in the range 1 to 65535 seconds This has no effect for MAC based ports Aging Period This setting applies to the following modes that is modes using the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses th...

Page 80: ...N on which a successfully authenticated supplicant is placed on the switch Incoming traffic is classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned VLAN Enabled below for a detailed description The RADIUS Assigned VLAN Enabled check box provides a quick way to globally...

Page 81: ...POL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the MP1204 XT and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicants port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TL...

Page 82: ...s allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicants MAC address once successfully authenticated Multi 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same characteristics In Multi 802 1X one or more supplicants can get authenticated on the same port at the sa...

Page 83: ...ate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality RADIUS Assigned QoS Enabled When RADIUS Assigned QoS is both globally enab...

Page 84: ...option is only available for single client modes Port based 802 1X Single 802 1X For troubleshooting VLAN assignments use the Monitor VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ...

Page 85: ...goes down or the ports Admin State is changed and if not the port is placed in the Guest VLAN Otherwise it does not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The MP1204 XT does not transmit an EAPOL ...

Page 86: ...e Schedules a reauthentication whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication is attempted immediately The button only has effect for successfully authenticated clients on the port and does not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a rea...

Page 87: ...ity Network ACL Access Control List on Page 90 Security Network ACL Ports Use this page to configure the ACL parameters ACE of each MP1204 XT port These parameters affect frames received on a port unless the frame matches a specific ACE Item Configuration Security Network ACL Ports Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port Th...

Page 88: ...de the 4 bytes CRC The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Note The logging feature only works when the packet length is less than 1518 without VLAN tags and the System Log memory size and logging rate are limited Shutdown Specify the port shut down operation of this po...

Page 89: ...figure the rate limiter for the ACL of the MP1204 XT Item Configuration Security Network ACL Rate Limiters Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The rate range is located 0 3276700 in pps Or 0 100 200 300 1000000 in kbps Unit Specify the rate unit The allowed values are pps packets per second kbps Kbits per second ...

Page 90: ...ACE matches any frame type EType The ACE matches Ethernet Type frames Note that an Ethernet Type based ACE does not get matched by IP and ARP frames ARP The ACE matches ARP RARP frames IPv4 The ACE matches all IPv4 frames IPv4 ICMP The ACE matches IPv4 frames with ICMP protocol IPv4 UDP The ACE matches IPv4 frames with UDP protocol IPv4 TCP The ACE matches IPv4 frames with TCP protocol IPv4 Other ...

Page 91: ...ror port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled Counter The counter indicates the number of times the ACE was hit by a frame Button Function Inserts a new ACE before the current row Edits the ACE row Moves the ACE up the list Moves the ACE down the list Deletes the ACE The lowest pl...

Page 92: ...itmask When Specific is selected for the policy filter you can enter a specific policy bitmask The allowed range is 0x0 to 0xff Notice the usage of bitmask if the binary bit value is 0 it means this bit is don t care The real matched pattern is policy_value policy_bitmask For example if the policy value is 3 and the policy bitmask is 0x10 bit 0 is don t care bit then policy 2 and 3 are applied to ...

Page 93: ...he ACE Notice that the logging message does not include the 4 bytes CRC information The allowed values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Note The logging feature only works when the packet length is less than 1518 without VLAN tags and the System Log memory size and logging rate are limited Shutdown Specify the port shu...

Page 94: ...r is specified VLAN ID filter status is don t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value Tag Priority Specify the tag priority f...

Page 95: ...ic target IP address in dotted decimal notation Target IP Mask When Network is selected for the Target IP Filter you can enter a specific target IP mask in dotted decimal notation ARP Sender MAC Match Specify whether frames can hit the action according to their sender hardware address field SHA settings 0 ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the ...

Page 96: ... this IP protocol value IP TTL Specify the Time to Live settings for this ACE zero IPv4 frames with a Time to Live field greater than zero must not be able to match this entry non zero IPv4 frames with a Time to Live field greater than zero must be able to match this entry Any Any value is allowed don t care IP Fragment Specify the fragment offset settings for this ACE This involves the settings f...

Page 97: ...xtra fields for defining ICMP parameters appears These fields are explained later in this help file UDP Select UDP to filter IPv6 UDP protocol frames Extra fields for defining UDP parameters appears These fields are explained later in this help file TCP Select TCP to filter IPv6 TCP protocol frames Extra fields for defining TCP parameters appears These fields are explained later in this help file ...

Page 98: ...er Specify the TCP UDP source filter for this ACE Any No TCP UDP source filter is specified TCP UDP source filter status is don t care Specific If you want to filter a specific TCP UDP source filter with this ACE you can enter a specific TCP UDP source value A field for entering a TCP UDP source value appears Range If you want to filter a specific TCP UDP source range filter with this ACE you can ...

Page 99: ...e to match this entry Any Any value is allowed don t care TCP PSH Specify the TCP Push Function PSH value for this ACE 0 TCP frames where the PSH field is set must not be able to match this entry 1 TCP frames where the PSH field is set must be able to match this entry Any Any value is allowed don t care TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE 0 TCP frames wh...

Page 100: ...ration Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard All configured ACEs are lost when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum ...

Page 101: ...etwork ARP Inspection Port Configuration on Page 102 Security Network ARP Inspection VLAN Configuration on Page 103 Security Network ARP Inspection Static Table on Page 103 Security Network ARP Inspection Dynamic Table on Page 104 Item Configuration Network IP Source Guard Static Table Delete Check to delete the entry It is deleted during the next save Port The logical port for the settings VLAN I...

Page 102: ...ration Disabled Disable ARP Inspection operation If you want to inspect the VLAN configuration you have to enable the setting of Check VLAN The default setting of Check VLAN is disabled When the setting of Check VLAN is disabled the log type of ARP Inspection refers to the port setting If Check VLAN is enabled the log type of ARP Inspection refers to the VLAN setting Possible setting of Check VLAN...

Page 103: ...p When the end is reached the warning message is shown in the displayed table Use the Reset button to start over Specify ARP Inspection is enabled on which VLANs First you have to enable the port setting on Port mode configuration page Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Second you can specify which VLAN is inspected on ...

Page 104: ... continuous refresh with the same start address The button uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Click to add a new entry ...

Page 105: ... is the number of times in the range 1 to 1000 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Deadtime Deadtime which can be set to a number between 0 to 1440 minutes is the period during which the MP1204 XT does not send new requests to a server that has failed to respond to a previous requ...

Page 106: ...left blank the NAS Identifier is not included in the packet Server Configuration Delete To delete a RADIUS server entry check this box The entry is deleted during the next Save Hostname The IP address or hostname of the RADIUS server Auth Port The UDP port to use on the RADIUS server for authentication Acct Port The UDP port to use on the RADIUS server for accounting Timeout This optional setting ...

Page 107: ... trying to contact a server that it has already determined as dead Setting the Deadtime to a value greater than 0 zero enables this feature but only if more than one server has been configured Key The secret key up to 63 characters long shared between the TACACS server and the switch Server Configuration Delete To delete a TACACS server entry check this box The entry is deleted during the next Sav...

Page 108: ...le the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destinati...

Page 109: ...rt from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group Item Aggregation LACP Port The MP1204 XT port number LACP Enabled Controls whether LACP is enabled on the MP1204 XT port LACP forms an aggregation when two or more ports are connected to the same partner Key The Key value incur...

Page 110: ...ive waits for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast transmits LACP packets each second while Slow waits for 30 seconds before sending a LACP packet Prio The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter controls which ports...

Page 111: ...nterval between each loop protection PDU sent on each port valid values are 1 to 10 seconds Shutdown Time The period in seconds for which a port is kept disabled in the event of a loop is detected and the port action shuts down the port Valid values are 0 to 604800 seconds 7 days A value of zero keeps a port disabled until next device restart Port Configuration Port The MP1204 XT port number of th...

Page 112: ...ty of the STP RSTP bridge Forward Delay The delay used by STP Bridges to transit Root and Designated Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Maximum Hop Count This defines the initial value of remaining H...

Page 113: ...ve topology Port Error Recovery Controls whether a port in the error disabled state automatically is enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time to pass before a port in the error disabled state can be enabled Valid values are between 3...

Page 114: ...ion in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI Mapping MSTI The bridge instance The CIST is not available for explicit mapping as it receives the VLANs not explicitly mapped VLANs Mapped The list of VLANs mapped to the MSTI The V...

Page 115: ... priority configuration and if necessary make changes Item Configuration Spanning Tree MSTI Priorities MSTI The bridge instance The CIST is the default instance which is always active Priorities Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier ...

Page 116: ...nded values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See abov...

Page 117: ... If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causin...

Page 118: ...d ports Click the Get button to retrieve settings for a specific MSTI Item Configuration Spanning Tree MSTI Ports Port The MP1204 XT port number of the corresponding STP CIST and MSTI port Path Cost Controls the path cost incurred by the port The Auto setting sets the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined v...

Page 119: ...bled Delete Check to delete the entry The designated entry is deleted during the next save Profile Name The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Profile Description Additional description which is composed of at maximum 64 alphabetic and numeric characters a...

Page 120: ...IPMC Profile Address Entry Delete Check to delete the entry The designated entry is deleted during the next save Entry Name The name used for indexing the address entry table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabetic character must be present Start Address The starting IPv4 IPv6 Multicast Group Address that is used a...

Page 121: ...r PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports You can create a maximum of four MVR VLANs with corresponding channel profile for each Multicast VLAN The channel profile is defined by the IPMC Profile which provides the filtering conditions ...

Page 122: ...allows dynamic MVR membership reports on source ports In Compatible mode MVR membership reports are forbidden on source ports The default is Dynamic mode Tagging Specify whether the traversed IGMP MLD control frames are sent as Untagged or Tagged with MVR VID The default is Tagged Priority Specify how the traversed IGMP MLD control frames are sent in prioritized manner The default Priority is 0 LL...

Page 123: ...r port if it is a subscriber port and should only receive multicast data It does not receive data unless it becomes a member of the multicast group by issuing IGMP MLD messages Note MVR source ports are not recommended to be overlapped with management VLAN ports Select the port role by clicking the Role symbol to change the setting I indicates Inactive S indicates Source R indicates Receiver The d...

Page 124: ...ce Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Leave Proxy Enabled Enable IGMP Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages on the router side Proxy Enabled Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary join and leave messages on the router side Rout...

Page 125: ...When the Querier Address is not set system uses IPv4 management address of the IP interface associated with this VLAN When the IPv4 management address is not set system uses the first available IPv4 management address Otherwise system uses a pre defined value By default this value is 192 168 250 250 Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending...

Page 126: ...rval is 10 in tenths of seconds 1 second URI URI is the Unsolicited Report Interval which is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Click to add a new IGMP VLAN Specify the VID and configure the new entry and then click Save The specific VLAN starts working after the co...

Page 127: ... IPMC MLD Snooping Basic Configuration Snooping Enable Enable the Global MLD Snooping Unregistered IPMCv6 Flooding Enable Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled When MLD Snooping is disabled unregistered IPMCv6 traffic flooding is always active in spite of this setting MLD SSM Range SSM Source Specific Multicast Range allows ...

Page 128: ...er port the whole aggregation acts as a router port Fast Leave Enable the fast leave feature on the port Throttling Enable to limit the number of multicast groups to which a switch port can belong Item Configuration IPMC MLD Snooping VLAN Configuration Delete Check to delete the entry The designated entry is deleted during the next save VLAN ID The VLAN ID of the entry MLD Snooping Enabled Enable ...

Page 129: ...econds 10 seconds LLQI LLQI Last Listener Query Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address and Source Specific Query messages The allo...

Page 130: ... Item Configuration IPMC MLD Snooping Port Filtering Profile Port The logical port for the settings Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile is shown by clicking the view button Profile Management Button You can inspect the rules of the designated profile by using the view button View the rules associated with t...

Page 131: ...iguration LLDP LLDP LLDP Parameters Tx Interval The switch periodically transmits LLDP frames to its neighbors for having the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be conside...

Page 132: ... not send out LLDP information and drops the LLDP information received from neighbors Enabled The MP1204 XT sends out LLDP information and analyzes the LLDP information received from neighbors CDP Aware Select CDP awareness The CDP operation is restricted to decoding incoming CDP frames The switch doesn t transmit CDP frames CDP frames are only decoded if LLDP on the port is enabled Only CDP TLVs ...

Page 133: ...ut gets removed when the hold time is exceeded Port Descr Optional TLV When checked the port description is included in LLDP information transmitted Sys Name Optional TLV When checked the system name is included in LLDP information transmitted Sys Descr Optional TLV When checked the system description is included in LLDP information transmitted Sys Capa Optional TLV When checked the system capabil...

Page 134: ...4 Configuration Pages RocketLinx MP1204 XT User Guide 2000644 Rev A LLDP LLDP MED LLDP LLDP MED This page allows you to configure the LLDP MED This function applies to VoIP devices which support LLDP MED ...

Page 135: ...to repeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frame With Fast start repeat count it is possible to specify the number of times the fast start transmission would be repeated The recommended value is 4 times given that 4 LLDP frames with a 1 second interval are transmitted when an LLDP frame with new information is received It sh...

Page 136: ...untry code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City City township shi Japan Example Copenhagen City district City division borough city district ward chou Japan Block Neighborhood Neighborhood block Street Street Example Riverview Leading street direction Leading street direction Ex...

Page 137: ...e service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services 4 Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those adv...

Page 138: ...ed in IEEE 802 1Q 2003 L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application type L2 Priority may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 DSCP DSCP value to be used to provide Diffserv node behavior for the specified application type as defin...

Page 139: ...for each port PD is specified in the Maximum Power fields Class mode In Class mode each port automatically determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Four different port classes exist and one for 4 7 15 4 or 30 Watts In Class mode the Maximum Power fields have no effect LLDP MED mode This LLDP MED mode is similar to th...

Page 140: ...uration Primary Power Supply W For being able to determine the amount of power the PD may use it must be defined what amount of power a power source can deliver Valid values are in the range 0 to 240 Watts PoE Port Configuration Port This is the logical port number for this row Mode Disable PoE disabled for the port Enable Enables PoE for the port Schedule Enables PoE for the port by scheduling Op...

Page 141: ...e week Item Configuration PoE Power Scheduler PoE Power Scheduling Control on Port Port Select the port number that you want to schedule using the drop list PoE Power Scheduling Interval Configuration Day Check marks indicate which day are members of the set Interval Start Select the start hour and minute End Select the end hour and minute Action Power On Select the radio button to apply power on ...

Page 142: ...e interval one day Each interval has 30 minutes Day Green indicates the power is on and red that it is off Directly changes check marks to indicate which day are members of the time interval Check or uncheck as needed to modify the scheduling table Item Configuration PoE PoE Reset Delete Check to delete the entry The designated entry is deleted during the next save Day Check marks indicate which d...

Page 143: ... seconds MAC Table Learning Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be re...

Page 144: ...onfiguration Allowed Access VLANs This field shows the allowed Access VLANs i e it only affects ports configured as Access ports Ports in other modes are members of all VLANs specified in the Allowed VLANs field By default only VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specified with a dash separating the low...

Page 145: ...all VLANs 1 4095 The VLANs that a trunk port is member of may be limited by the use of Allowed VLANs Frames classified to a VLAN that the port is not a member of are discarded By default all frames but frames classified to the Port VLAN a k a Native VLAN get tagged on egress Frames classified to the Port VLAN do not get C tagged on egress Egress tagging can be changed to tag all frames in which ca...

Page 146: ...rts always have ingress filtering enabled If ingress filtering is enabled check box is checked frames classified to a VLAN that the port is not a member of get discarded If ingress filtering is disabled frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine However the port never transmits frames classified to VLANs that it is not a member of I...

Page 147: ...e a member of one VLAN but it can be a member of multiple Private VLANs Forbidden VLANs A port may be configured to never be member of one or more VLANs This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs The trick is to mark such VLANs as forbidden on the port in question The syntax is identical to the syntax used in ...

Page 148: ...ge Any values outside this range are not accepted and a warning message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The Private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new Private VLANs Item Configuration Private VLANs Port Isolation Port Members A check box is provided for each por...

Page 149: ...cked Click the Add New Entry button to add a new MAC based VLAN entry An empty row is added to the table and the MAC based VLAN entry can be configured as needed Any unicast MAC address can be configured for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled when you click the Save button A ...

Page 150: ... in this text field depends on the option selected from the preceding Frame Type selection menu Below is the criteria for three different Frame Types For Ethernet Values in the text field when Ethernet is selected as a Frame Type is called etype Valid values for etype ranges from 0x0600 0xffff For LLC Valid value in this case is comprised of two different sub values DSAP 1 byte long string 0x00 0x...

Page 151: ...integers 0 9 no special character is allowed whichever Group name you try map to a VLAN must be present in Protocol to Group mapping table and must not be pre used by any other existing mapping entry on this page VLAN ID Indicates the ID to which Group Name is mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mappi...

Page 152: ...user configurable It s value ranges from 0 128 If a VCE ID is 0 application auto generates the VCE ID for that entry Deletion and lookup of IP subnet based VLAN are based on VCE ID IP Address Indicates the IP address Mask Length Indicates the network mask length VLAN ID Indicates the VLAN ID VLAN ID can be changed for the existing entries Port Members A row of check boxes for each port is displaye...

Page 153: ...n GUI Item Configuration Voice VLAN Configuration Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode operation VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal e...

Page 154: ...N port security mode When the function is enabled all non telephonic MAC addresses in the Voice VLAN are blocked for 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice VLAN security mode operation Port Discovery Protocol Indicates the Voice VLAN port discovery protocol It only works when auto detect mode is enabled We should enable LLDP feat...

Page 155: ...marking on Page 161 QoS Port DSCP on Page 162 QoS DSCP Based QoS on Page 163 QoS DSCP Translation on Page 164 QoS DSCP Classification on Page 165 QoS QoS Control List on Page 166 QoS Storm Policing on Page 170 Item Configuration Voice VLAN OUI Delete Check to delete the entry It is deleted during the next save Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vend...

Page 156: ...ruled by a QCL entry Note If the default CoS has been dynamically changed then the actual default CoS is shown in parentheses after the configured default CoS DPL Controls the default drop precedence level All frames are classified to a drop precedence level If the port is VLAN aware and the frame is tagged then the frame is classified to a DPL that is equal to the DEI value in the tag Otherwise t...

Page 157: ...and DEI for tagged frames Click the mode in order to configure the mode and or mapping Note This setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always classified to the default CoS and DPL DSCP Based Click to enable DSCP Based QoS Ingress Port Classification Address Mode The IP MAC address mode specifying whether the QCL classification must be ba...

Page 158: ...ort is in flow control mode then pause frames are sent instead of discarding frames Item Configuration QoS Queue Policing Port The port number for which the configuration below applies Enable Enable or disable the queue policer for this switch port Rate Controls the rate for the queue policer This value is restricted to 100 3276700 when Unit is kbps and 1 3276 when Unit is Mbps The rate is interna...

Page 159: ...ovides an overview of QoS Egress Port Schedulers for all switch ports Items Configuration QoS Port Scheduler Port The logical port for the settings contained in the same row Click the port number in order to configure the schedulers Mode Shows the scheduling mode for this port Qn Shows the weight for this queue and port ...

Page 160: ...f QoS Egress Port Shapers for all switch ports Item Configuration QoS Port Shaping Port The logical port for the settings contained in the same row Click the port number in order to configure the shapers Qn Shows disabled or actual queue shaper rate for example 800 Mbps Port Shows disabled or actual port shaper rate for example 800 Mbps ...

Page 161: ...Remarking for all switch ports Item Configuration QoS Port Tag Remarking Port The logical port for the settings contained in the same row Click the port number in order to configure tag remarking Mode Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level ...

Page 162: ... settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress Translate Classify Translate To enable the Ingress Translation click the check box Classify Classification for a port have 4 different values Disable No Ingress DSCP Classification DSCP 0 Classify if incoming or translated if enabled DSCP is 0 Se...

Page 163: ...ss Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation Egress Remap DP0 table or from the DSCP Translation Egress Remap DP1 table Item Configuration QoS DSCP Based QoS DSCP Maximum number of supported DSCP values are 64 Trust Controls whe...

Page 164: ...sing the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation Translate Classify Translation DSCP at Ingress side can be translated to any of 0 63 DSCP values Classify Click to enable Classification at Ingress side Egress There are the following configurable parameters for Egress side Remap DP0 Controls the remapping for frames with DP level 0 Remap DP1 Contro...

Page 165: ...lassification QoS DSCP Classification This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value Item Configuration QoS DSCP Classification QoS Class Actual QoS class DPL Actual Drop Precedence Level DSCP Select the classified DSCP value 0 63 ...

Page 166: ...alues are Any Match any DMAC Unicast Match unicast DMAC Multicast Match multicast DMAC Broadcast Match broadcast DMAC The default value is Any SMAC Match specific source MAC address or Any If a port is configured to match on DMAC DIP this field indicates the DMAC Tag Type Indicates tag type Possible values are Any Match tagged and untagged frames Untagged Match untagged frames Tagged Match tagged ...

Page 167: ...ken on ingress frame if parameters configured are matched with the frame s content Possible actions are CoS Classify Class of Service DPL Classify Drop Precedence Level DSCP Classify DSCP value Modification Buttons You can modify each QCE QoS Control Entry in the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down th...

Page 168: ... this field is the Destination MAC address Tag Value of Tag field can be Untagged Tagged or Any VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Valid value of DEI can be 0 1 or Any Inner Tag Value of Inner Tag field can be Unt...

Page 169: ...CP It can be a specific value range of values or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP IPv6 Protocol IP protocol number 0 255 TCP or UDP or Any Source IP 32 LS ...

Page 170: ... DMAC pair not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Item Configuration QoS Storm Policing Frame Type The settings in a particular row apply to the frame type listed here Unicast Multicast or Broadcast Enable Enable or disable the storm control status for the given frame type Rate The rate...

Page 171: ...nfiguration Mirroring Mirroring Remote Mirroring Configuration Mode To Enabled Disabled the mirror or Remote Mirroring function Type Select switch type Mirror The switch is running on mirror mode The source port s and destination port are located on this switch Source The switch is a source node for monitor flow The source port s reflector port and intermediate port s are located on this switch In...

Page 172: ...elected VLANs on this field Note The Mirroring session shall have either ports or VLANs as sources but not both Port Configuration Port The logical port for the settings contained in the same row Source The following mirror modes are available Disabled Neither frames transmitted nor frames received are mirrored Both Frames received and frames transmitted are mirrored on the Intermediate Destinatio...

Page 173: ...in time is a value in the range 1 20 in the units of centi seconds i e in units of one hundredth of a second The default is 20 Leave time Leave time is a value in the range 60 300 in the units of centi seconds i e in units of one hundredth of a second The default is 60 LeaveAll time LeaveAll time is a value in the range 1000 5000 in the units of centi seconds i e in units of one hundredth of a sec...

Page 174: ...or GVRP This configuration can be performed either before or after GVRP is configured globally the protocol operation is the same Item Configuration GVRP Port Config Port The logical port that is to be configured Mode Mode can be either Disabled or GVRP enabled These values turn the GVRP feature off or on respectively for the port in question ...

Page 175: ...lso known as sFlow collector Configuration of per port flow and counter samplers sFlow configuration is not persisted to non volatile memory which means that a reboot disables sFlow sampling Item Configuration sFlow Agent Configuration IP Address The IP address used as Agent IP address in sFlow datagrams It serves as a unique key that identifies this agent over extended periods of time Both IPv4 a...

Page 176: ... used Timeout The number of seconds remaining before sampling stops and the current sFlow owner is released While active the current time left can be updated by clicking the Refresh button If locally managed the timeout can be changed on the fly without affecting any other settings Max Datagram Size The maximum number of data bytes that can be sent in a single sample datagram This should be set to...

Page 177: ...igure it Group 1 Index 1 It supports configuration of ring Group 2 Index 2 It supports configuration of ring coupling and dual homing Group 3 Index 3 It supports configuration of chain and balancing chain Mode Enable Ring on the specific group When Group 1 or 2 is enabled all configuration of Group 3 are reset to default Group 3 all configuration options are locked To configure Group 3 both Group1...

Page 178: ...state When Role is ring slave both ring ports are forward port When Role is coupling primary only need one ring port named primary port When Role is coupling backup only need one ring port named backup port This backup port is redundant port it is blocking port in normal state When Role is dual homing one ring port is primary port and another is backup port This backup port is redundant port it is...

Page 179: ... XT User Guide 2000644 Rev A Configuration Pages 179 Configuration DDMI Configuration DDMI Configure DDMI on this page Item Configuration DDMI Mode Enabled Enable DDMI mode operation Disabled Disable DDMI mode operation ...

Page 180: ...180 Configuration Pages RocketLinx MP1204 XT User Guide 2000644 Rev A Configuration DDMI ...

Page 181: ... page Item Monitor System Information Contact The system contact configured in Configuration System Information System Contact Name The system name configured in Configuration System Information System Name Location The system location configured in Configuration System Information System Location MAC Address The MAC Address of this switch Chip ID The Chip ID of this switch System Date The current...

Page 182: ...er the last 100ms 1sec and 10 seconds intervals The last 1 256 samples maximum 256 are graphed and the last numbers are displayed as text as well Check the Auto refresh box to refresh the page automatically every 3 seconds Software Version The software version of this switch Software Date The date when the switch software was produced Item Monitor System Information Continued ...

Page 183: ...The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Status The status flags of the interface and or address IP Routes Network The destination IP network or host address of this route Gateway The gateway address of this route Status The status flags of the route Neighbor cache IP Address The IP address ...

Page 184: ...starting from that or the closest next entry match In addition these input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start input field The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use th...

Page 185: ...urrently displayed Updates the table entries starting from the last entry currently displayed Updates the table entries ending at the last available entry Item Monitor System Detailed Log ID The ID 1 of the system log entry Message The detailed message of the system log entry Updates the system log entry to the current entry ID Updates the system log entry to the first available entry ID Updates t...

Page 186: ... The current alarm is displayed on this page Updates the system log entry to the next available entry ID Updates the system log entry to the last available entry ID Item Monitor System Alarm Description Alarm Type Description Time Alarm occurrence date time Item Monitor System Detailed Log ...

Page 187: ... the port green link up red link down EEE Shows if EEE is enabled for the port reflects the settings at the Port Power Savings configuration page LP EEE cap Shows if the link partner is EEE capable EEE Savings Shows if the system is currently saving power due to EEE When EEE is enabled the MP1204 XT powers down if no frame has been received or transmitted in 5 uSec Actiphy Saving Shows if the syst...

Page 188: ...ages are under the Monitor Port menu Ports State on Page 188 Ports Traffic Overview on Page 189 Ports QoS Statistics on Page 190 Ports QCL Status on Page 190 Ports Detailed Statistics on Page 192 Ports State This page provides an overview of the current switch port states RJ45 ports SFP ports State Disabled Down Link ...

Page 189: ...ort The logical port for the settings contained in the same row Packet The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames fil...

Page 190: ...onflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch Item Monitor Ports QoS Statistics Port The logical port for the settings contained in the same row Qn There are eight QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Item Monitor Ports QCL Status Use...

Page 191: ...gured are matched with the frame s content Possible actions are CoS Classify Class of Service DPL Classify Drop Precedence Level DSCP Classify DSCP value Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen that resources required to add a QCE may not be available in that case it shows conflict status as Yes otherwise it is always No P...

Page 192: ...Tx Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast TThe number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of...

Page 193: ...C Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize The number of long 2 frames received with valid CRC Rx Fragments The number of short 1 frames received with invalid CRC Rx Jabber The number of long 2 frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwardin...

Page 194: ...ings with network type pools Manual Binding Number of bindings that administrator assigns an IP address to a client That is the pool is of host type Expired Binding Number of bindings that their lease time expired or they are cleared from Automatic Manual type bindings DHCP Message Received Counters DISCOVER Number of DHCP DISCOVER messages received REQUEST Number of DHCP REQUEST messages received...

Page 195: ...ing Possible states are Committed Allocated Expired Pool Name The pool that generates the binding Server ID Server IP address to service the binding Click to clear selected bindings If the selected binding is Automatic or Manual then it is changed to be Expired If the selected binding is Expired then it is freed Click to clear all Automatic bindings and Change them to Expired bindings Click to cle...

Page 196: ...displayed table starting from that or the closest next Dynamic DHCP snooping Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is...

Page 197: ...eive Missing Agent Option The number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID option missing Receive Missing Remote ID The number of packets received with the Remote ID option missing Receive Bad Circuit ID The number of packets whose Circuit ID option did not match known circuit ID Receive Bad Remote ID The...

Page 198: ... number of packets that were dropped which were received with relay agent information Item Monitor DHCP Detailed Statistics Rx and Tx Discover The number of discover option 53 with value 1 packets received and transmitted Rx and Tx Offer The number of offer option 53 with value 2 packets received and transmitted Rx and Tx Request The number of request option 53 with value 3 packets received and tr...

Page 199: ...ue 11 packets received and transmitted Rx and Tx Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx and Tx Active The number of lease active option 53 with value 13 packets received and transmitted Rx Discarded checksum error The number of discard packet that IP UDP checksum is error Rx Discarded from Untrusted The number of discarded packet that are co...

Page 200: ... Network Port Security Switch on Page 201 Security Network Port Security Port on Page 203 Security Network NAS Switch on Page 204 Security Network NAS Port on Page 207 Security Network ACL Status on Page 210 Security Network ARP Inspection on Page 211 Security Network IP Source Guard on Page 212 Item Security Access Management Interface The interface type through which the remote host can access t...

Page 201: ...owing the MAC address to forward If only one chooses to block it it is blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status Item Monitor Security Network Port Security Switch User Module Legend User Module Name The full name of a module that may request Port Security services Abbr A one l...

Page 202: ... MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses for...

Page 203: ...tem Monitor Security Network Port Security Port MAC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it is not allowed to transmit or receive traffic Time of Addition Shows the date and t...

Page 204: ...orce Authorized or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Last Source The source MAC address carried in the most recently ...

Page 205: ...he supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentic...

Page 206: ...upplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal dig...

Page 207: ...ed or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized QoS Class The QoS class assigned by the RADIUS server The field is blank if n...

Page 208: ...ess is currently selected To populate the table select one of the attached MAC Addresses from the table below Attached MAC Addresses Identity Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicant...

Page 209: ...n the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason the client remains in the unauthenticated state for Hold Time seconds Last Authentication Shows the date and time of the last authentication of the client successful as well as unsuccessful Item Monitor Sec...

Page 210: ...tched by IP and ARP frames ARP The ACE matches ARP RARP frames IPv4 The ACE matches all IPv4 frames IPv4 ICMP The ACE matches IPv4 frames with ICMP protocol IPv4 UDP The ACE matches IPv4 frames with UDP protocol IPv4 TCP The ACE matches IPv4 frames with TCP protocol IPv4 Other The ACE matches IPv4 frames which are not ICMP UDP TCP IPv6 The ACE matches all IPv6 standard frames Action Indicates the ...

Page 211: ...resh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Mirror Specify the mirror operation of this port The allowed values are Enable...

Page 212: ...atch In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Item Monitor Security Net...

Page 213: ...dress UDP Port notation of this server Status The current status of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made...

Page 214: ...d the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but gets re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabl...

Page 215: ... displayed is the one with the lowest ID found in the Statistics table RADIUS Accounting Statistics Packet Counters RADIUS accounting server packet counter There are five receive and four transmit counters Other Info This section contains information about the state of the server and the latest round trip time Item Monitor Security Switch RMON Statistics ID Indicates the index of Statistics entry ...

Page 216: ...r of frames which size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions on this Ethernet segment 64 The total number of packets including bad packets received that were 64 octets in length 65 127 The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 The total number of packets inclu...

Page 217: ... network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRCErrors The total number of packets received that had a length excluding framing bits but inclu...

Page 218: ...tor Security Switch RMON Alarm ID Indicates the index of Alarm control entry Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds Value The value of the statistic during th...

Page 219: ... the beginning of the Event table The first displayed is the one with the lowest Event Index and Log Index found in the Event table Items Monitor Security Switch RMON Event Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry Log Time Indicates Event log time Log Description Indicates the Event description Updates the table starting from the first entry...

Page 220: ... group Aggregation LACP Sub Menus Aggregation LACP System Status on Page 221 Aggregation LACP Port Status on Page 221 Aggregation LACP Port Statistics on Page 222 Item Monitor Aggregation Status Aggr ID The Aggregation ID associated with this aggregation instance Name Name of the Aggregation group ID Type Type of the Aggregation group Static or LACP Speed Speed of the Aggregation group Configured ...

Page 221: ...r LACP status for all ports Object Description Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last Changed The time since this aggregation changed Local Ports Shows whi...

Page 222: ...her port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group Partner System ID The partner s System ID MAC address Partner Port The partner s port number connected to this port Partner Prio The partner s port priority Item Monitor Aggregation LACP Port Stati...

Page 223: ...Item Monitor Loop Protection Port The switch port number of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected ...

Page 224: ...onitor Spanning Tree Bridge Status MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge it is zero For all other Bridges it is the sum of the Port Path Costs ...

Page 225: ...ort Status Port The switch port number of the logical STP port CIST Role The current STP port role of the CIST port The port role can be one of the following values AlternatePort BackupPort RootPort DesignatedPort or Disabled CIST State The current STP port state of the CIST port The port state can be one of the following values Discarding Learning or Forwarding Uptime The time since the bridge po...

Page 226: ...rt MSTP The number of MSTP BPDU s received transmitted on the port RSTP The number of RSTP BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the p...

Page 227: ...t VLAN ID IGMP MLD Queries Received The number of Received Queries for IGMP and MLD respectively IGMP MLD Queries Transmitted The number of Transmitted Queries for IGMP and MLD respectively IGMPv1 Joins Received The number of Received IGMPv1 Join s IGMPv2 MLDv1 Report s Received The number of Received IGMPv2 Join s and MLDv1 Report s respectively IGMPv3 MLDv2 Report s Received The number of Receiv...

Page 228: ...ups Information Table Clicking the Refresh button updates the displayed table starting from that or the closest next MVR Channels Groups Information Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The uses the last entry of the currently displayed table as a basis...

Page 229: ...us refresh with the same start address The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Item Monitor MVR MVR SFM Information VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering m...

Page 230: ...32 IPMC IGMP Snooping Status This page provides IGMP Snooping status Item Monitoring IPMC IGMP Snooping Status VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Querier Transmitted The number of Tr...

Page 231: ...s The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over V3 Report Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Router Port Displays which ports act as router ports A router port is a port on the Ethernet sw...

Page 232: ...he same start address The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over IPMC MLD Snooping IPMC MLD Snooping Status on Page 233 IPMC MLD Snooping Groups Information on Page 234 IPMC MLD Snooping IPv6 SFM Information on Page 235 Item Monitor IPMC IGMP Sn...

Page 233: ...Transmitted Queries Queries Received The number of Received Queries V1 Report Received The number of Received V1 Reports V2 Report Received The number of Received V2 Reports V1 Leaves Received The number of Received V1 Leaves Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier Static denot...

Page 234: ...roup Table Clicking the Refresh button updates the displayed table starting from that or the closest next MLD Group Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The uses the last entry of the currently displayed table as a basis for the next lookup When the end...

Page 235: ...he value of the first displayed entry allowing for continuous refresh with the same start address The uses the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Item Monitor IPMC MLD Snooping Groups Information VLAN ID VLAN ID of the group Group Group address of th...

Page 236: ...s a status overview for all LLDP neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected Item Monitor LLDP Neighbors Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Port ID The Port ID is the identification of the neighbor port Port Description Port Description is the por...

Page 237: ...int 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbor s IP address...

Page 238: ... 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint Device Definition LLDP MED Endpoint Devices as defined in TIA 1057 are located at the IEEE 802 LAN network edge and participate in IP communication servic...

Page 239: ...P media Capabilities include all of the capabilities defined for the previous Generic Endpoint Class I and Media Endpoint Class II classes and are extended to include aspects related to end user devices Example product categories expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances ...

Page 240: ...agged or an untagged VLAN Can be Tagged or Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of ...

Page 241: ...ckup Power Source it is indicated as Unknown If the device is a PD device it can either run on its local power supply or it can use the PSE as power source It can also use both its local power supply and the PSE If it is unknown what power supply the PD device is using it is indicated as Unknown Power Priority Power Priority represents the priority of the PD device or the power priority associated...

Page 242: ...rom sleep Fallback Receive Tw The link partner s fallback receive Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discrete levels for savings this provides the transmitter with additional information that it may use for a more efficient allocation Systems that do not implement this option default the value to...

Page 243: ...n exchanged via LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE in Sync Shows whether the switch and the link partner have agreed on wake times Red Switch and link partner have not agreed on wakeup times Green Switch and link partner have agreed on ...

Page 244: ...cs Global Counters Neighbor entries were last change Shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows th...

Page 245: ...Port ID is not already contained within the table Entries are removed from the table when a given port s link is down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLV...

Page 246: ...e PD Class shows the PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested This shows the requested amount of power the PD wants to be reserved Power Allocated This shows the amount of power the switch has allocated for the PD Power Used This shows how much power the PD currently...

Page 247: ...isabled by user PoE turned OFF Power budget exceeded The total requested or used power by the PDs exceeds the maximum power the Power Supply can deliver and port s with the lowest priority is are powered down No PD detected No PD detected for the port PoE turned OFF PD overload The PD has requested or used more power than the port can deliver and is powered down PoE turned OFF PD is off Invalid PD...

Page 248: ...tton updates the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The uses the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text No...

Page 249: ...splayed table starting from that or the closest next VLAN Table match The uses the last entry of the currently displayed VLAN entry as a basis for the next lookup When the end is reached the text No data exists for the selected user is shown in the table Use the button to start over Item Monitor VLANs Membership VLAN User Various internal software modules may use VLAN services to configure VLAN me...

Page 250: ... services to configure VLAN port configuration on the fly The drop down list on the right allows for selecting between showing VLAN memberships as configured by an administrator Admin or as configured by one of these internal software modules The Combined entry shows a combination of the administrator and internal software modules configuration and basically reflects what is actually configured in...

Page 251: ...lected user Untagged VLAN ID If Tx Tag is overridden by the selected user and is set to Tag or Untag UVID then this field shows the VLAN ID the user wants to tag or untag on egress The field is empty if not overridden by the selected user Conflicts Two users may have conflicting requirements to a port s configuration For instance one user may require all frames to be tagged on egress while another...

Page 252: ...MP Owner contains a string identifying the sFlow receiver IP Address Hostname The IP address or hostname of the sFlow receiver Timeout The number of seconds remaining before sampling stops and the current sFlow owner is released Tx Successes The number of UDP datagrams successfully sent to the sFlow receiver Tx Errors The number of UDP datagrams that has failed transmission The most common source ...

Page 253: ...hat were sampled upon reception ingress on the port and Tx flow samples contains the number of packets that were sampled upon transmission egress on the port Counter Samples The total number of counter samples sent to the sFlow receiver originating from this port Item Monitor RingV2 Group Index The group index This parameter is used for easy identifying which ring group Mode It indicates whether t...

Page 254: ...overview information Item Monitor DDMI Overview Port DDMI port Vendor Indicates Vendor name SFP vendor name Part Number Indicates Vendor PN Part number provided by SFP vendor Serial Number Indicates Vendor SN Serial number provided by vendor Revision Indicates Vendor rev Revision level for part number provided by vendor Date Code Indicates Date code Vendor s manufacturing date code Transceiver Ind...

Page 255: ...the drop list This illustrates the Monitor DDMI Detailed page Item Monitor DDMI Detailed Transceiver Information Vendor Indicates Vendor name SFP vendor name Part Number Indicates Vendor PN Part number provided by SFP vendor Serial Number Indicates Vendor SN Serial number provided by vendor Revision Indicates Vendor rev Revision level for part number provided by vendor Date Code Indicates Date cod...

Page 256: ...larm threshold value of temperature voltage TX bias TX power and RX power High Warn Threshold The high warn threshold value of temperature voltage TX bias TX power and RX power Low Warn Threshold The low warn threshold value of temperature voltage TX bias TX power and RX power Low Alarm Threshold The low alarm threshold value of temperature voltage TX bias TX power and RX power Item Monitor DDMI D...

Page 257: ...The count of the ICMP packet Values range from 1 time to 60 times Ping Interval The interval of the ICMP packet Values range from 0 second to 30 seconds Egress Interface Only for IPv6 The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and are effective only when the corresponding IPv6 interface is valid When the egress interface is not ...

Page 258: ... packet Values range from 1 time to 60 times Ping Interval The interval of the ICMP packet Values range from 0 second to 30 seconds Egress Interface only for IPv6 The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and are effective only when the corresponding IPv6 interface is valid When the egress interface is not given PING6 finds the...

Page 259: ...y and you can view the cable diagnostics results in the cable status table Note VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports are linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port causes the MP1204 XT to stop responding until VeriPHY is complete After pressing the Start button the following table shows up Item Diagnos...

Page 260: ...short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable pair The resolution is 3 meters Item Diagn...

Page 261: ...aintenance Restart Device You can restart the MP1204 XT using this page Maintenance Factory Defaults You can reset the configuration of the MP1204 XT on this page Only the IP configuration is retained The new configuration is available immediately which means that no restart is necessary ...

Page 262: ...Click Maintenance Factory Defaults and then click the Yes button 3 Click Maintenance Configuration Save startup config 4 Click the Save Configuration button Use this procedure if you want to reset all of the configuration settings including the IP settings 1 Click Maintenance Configuration Activate 2 Select default config and then click the Activate Configuration button 3 Change your system s IP a...

Page 263: ...ings 1 Access the CLI using the console port or telnet 2 Type reload defaults keep ip 3 Check the interface VLAN and IP address to confirm only management IP setting kept by entering these commands show int vlan 1 show vlan show int vlan 1 4 Save the new settings to the flash by entering copy running config startup config To reset the all configuration to default completely including the IP config...

Page 264: ...tioning The front LED flashes Green Off with a frequency of 10 Hz while the firmware update is in progress Do not restart or power off the device at this time or the switch may fail to function afterwards In the event that you need to upgrade the firmware on the MP1204 XT you can refer to the following procedure 1 Open the Web UI using the IP address and go to the Maintenance Software Upload page ...

Page 265: ...wn In this case the Activate Alternate Image button is also disabled 2 If the alternate image is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device automatically uses the primary image slot and activate this 3 The firmware version and date information may be empty for older firmware releases This does not constitute an error Item ...

Page 266: ...nfiguration Activate on Page 267 Configuration Delete on Page 268 Configuration Save startup config Copy the running config to the startup config thereby ensuring that the currently active configuration is used at the next reboot Configuration Download It is possible to download any of the files on the switch to the web browser Select the file and click the Download Configuration button Note Downl...

Page 267: ...nt configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system files mentioned above plus two other files it is not possible to create new files but an existing file must be overwritten or another deleted first Configuration Activate It is possible to activate any of ...

Page 268: ... Configuration Delete Configuration Delete It is possible to delete any of the writable files stored in flash including startup config If this is done and the switch is rebooted without a prior Save operation this effectively resets the switch to default configuration ...

Page 269: ...es are also listed in the table Interface Parameter Console Baud rate 115200bps Data bit 8 Parity None Stop bit 1 Telnet Port 23 SSH Port 22 In Windows you can run terminal emulator such as PuTTY Mode Access Level Prompt Init Mode Guest Enable Mode Guest Config Mode Guest conf Alarm Profile Config Mode Engineer alarm profile conf Gigabit Interface Config Mode Engineer gigabit intf conf ACL Profile...

Page 270: ...hitespace character complete the word before the Tab If tab is pressed after a whitespace character complete the next word Display available commands If is pressed after a non whitespace character show possible choices for this word If is pressed after a whitespace character show possible choices for the next word Up Arrow CTRL P Up history Down Arrow CTRL N Down history Home CTRL A Move the curso...

Page 271: ...values are enclosed in when you must use one of the values specified Initialize Mode Commands The commands in this section except enable command can be executed under all command modes These commands are global commands exit configure terminal enable Show terminal Description Exit current mode and quit CLI Syntax exit Parameter None Description Enter configuration mode Syntax configure terminal Pa...

Page 272: ...ck Show clock detail Description Show command history Note commands issued in one execution mode only appear in history of that execution mode Syntax show history Parameter None Description Show current time Syntax show clock detail Parameter None Description Show detailed information Syntax show clock detail Parameter None ...

Page 273: ...nfigure terminal disable show aaa show access management Description Enter configuration mode Syntax configure Parameter None Description Enter init mode Syntax disable Parameter None Description Show AAA Syntax show aaa Parameter None Description Access management configuration Syntax show access management statistics access_id_list Parameter Name Description statistics Statistics data access_id_...

Page 274: ... Port v_port_type_list PORT_LIST Port list in 1 1 14 rate limiter Rate limiter rate_limiter_list RateLimiterList 1 16 Rate limiter ID ace Access list entry statistics Traffic statistics ace_list AceId 1 256 ACE ID static The ACEs that are configured by users manually loop protect The ACEs that are configured by Loop Protect module ipmc The ACEs that are configured by IPMC module ip source guard Th...

Page 275: ...st show green ethernet eee interface port_type port_list show green ethernet energy detect interface port_type port_list show green ethernet short reach interface port_type port_list Parameters Name Description eee Shows green ethernet EEE status for a specific port or ports energy detect Shows green ethernet energy detect status for a specific port or ports short reach Shows green ethernet short ...

Page 276: ...tatistics Traffic statistics verify verify command Description IPMC information Syntax show ipmc profile profile_name detail show ipmc range entry_name Parameters Name Description profile IPMC profile configuration range A range of IPv4 IPv6 multicast addresses for the profile profile_name ProfileName word16 Profile name in 16 char s detail Detail information of a profile entry_name EntryName word...

Page 277: ...ve line information Syntax show line alive Parameters Name Description alive Display information about alive lines Description Logging information Syntax show logging log_id switch switch_list show logging info warning error switch switch_list Parameters Name Description log_id logging_id 1 4294967295 Logging ID error Error info Infomation warning Warning Description Loop protect information Synta...

Page 278: ...ne Description Show account list Syntax show account Parameter None Description Show running configuration Syntax show running cfg Parameter None Description Show port config Syntax show running config interface port_type list all defaults Parameters Name Description list port_type_list Port list in 1 1 14 all defaults Include most all default values Description Show default running configuration ...

Page 279: ... clock dhcp dhcp snooping dhcp_server dns dot1x green ethernet http icli ip igmp snooping ip igmp snooping port ip igmp snooping vlan ipmc profile ipmc profile range ipv4 ipv6 ipv6 mld snooping ipv6 mld snooping port ipv6 mld snooping vlan lacp lldp logging loop protect mac monitor mstp mvr mvr port ntp phy port port security pvlan qos rmon snmp source guard ssh tring_g1 tring_g2 tring_g3 user vla...

Page 280: ...list all defaults Parameters Name Description list vlan_list List of VLAN numbers all defaults Include most all default values Description Show firmware hardware and software status update status Syntax show version Parameter None Description Show current time Syntax Show clock Parameter None Description Show DDMI configuration Syntax show ddmi Parameter None Description Show version information S...

Page 281: ...w mac address table conf static aging time learning count interface port_type port_type_list address mac_addr vlan vlan_id vlan vlan_id interface port_type port_type_list Parameter None Description User added static mac addresses Syntax show mac address table conf static aging time learning count interface port_type v_port_type_list address v_mac_addr vlan v_vlan_id vlan v_vlan_id_1 interface port...

Page 282: ...rface port_type v_port_type_list_1 Description All static mac addresses Syntax show mac address table conf static aging time learning count interface port_type v_port_type_list address v_mac_addr vlan v_vlan_id vlan v_vlan_id_1 interface port_type v_port_type_list_1 Description Show MAC learning table per port Syntax show mac address table interface port_type port_type_list Parameter Name Descript...

Page 283: ...ticast VLAN name group database Multicast group database from MVR interface Search by port port_type GigabitEthernet 1 Gigabit Ethernet Port v_port_type_list PORT_LIST Port list in 1 1 14 sfm information Including source filter multicast information from MVR detail Detail information statistics of MVR group database Description Show static MAC forwarding table Syntax show mac address table static ...

Page 284: ... show interface port_type port_type_list status Parameters Name Description port_type Port type in Fast or Giga ethernet portNo Valid values 1 10 Type Mandatory Description Show Ethernet counter per gigabit port Syntax show interface port_type port_type_list statistics Parameter Name Description port_type Port type in Fast or Giga ethernet portNo Valid values 1 10 Type Mandatory counter Show Gigab...

Page 285: ...formation for each port Syntax show poe show poe interface port_type v_port_type_list Parameters Name Description poe Power over Ethernet port_type GigabitEthernet 1 Gigabit Ethernet Port v_port_type_list PORT_LIST Port list in 1 1 14 Description Port security Syntax show port security Parameters Name Description port Show MAC Addresses learned by Port Security switch Show Port Security status int...

Page 286: ...tion Syntax show snmp show snmp access group_name v1 v2c v3 any auth noauth priv show snmp community v3 community show snmp host conf_name system switch interface aaa show snmp mib context show snmp mib ifmib ifIndex show snmp security to group v1 v2c v3 security_name show snmp user username engineID show snmp view view_name oid_subtree Parameters Name Description access access configuration group...

Page 287: ...ity to group configuration security_name SecurityName word32 security group name user User username Username word32 Security user name engineID Engiedid word10 32 Security Engine ID view MIB view configuration view_name ViewName word32 MIB view name oid_subtree OidSubtree word255 MIB view OID Description System Wide Spanning Tree Setting Status Syntax show spanning tree summary active interface po...

Page 288: ...rameters Name Description vlan Show forbidden access for specific VLAN id vid VLAN id name Show forbidden access for specific VLAN name name VLAN name Description TACACS configuration Syntax show tacacs server Parameter None Description Show bridge port memberset status Syntax show vlan Parameter None Description Show bridge port member set status per VLAN index 1 4094 Syntax show vlan id vlanid P...

Page 289: ... vlan id vlan_list name name brief Parameters Name Description id VLAN status by VLAN id vlan_list vlan_list VLAN IDs 1 4095 name VLAN status by VLAN name name vword32 A VLAN name brief VLAN summary information Description Show VLAN ip subnet entries Syntax show vlan ip subnet id subnet_id Parameters Name Description id Show a specific ip subnet entry subnet_id 1 128 The specific ip subnet to show...

Page 290: ... oui 0x0 0xffffff SNAP OUI Range 0x000000 0XFFFFFF rfc 1042 SNAP OUI is rfc 1042 snap 8021h SNAP OUI is 8021h Description Show the VLANs configured for each interface Syntax show vlan status interface port_type plist combined admin nas mvr voice vlan mstp erps vcl evc gvrp all conflicts Parameters Name Description admin Show the VLANs configured by administrator all Show all VLANs configured combi...

Page 291: ...ameter None Description Show QoS per gigabit port Syntax show interface port_type port_type_list statistics priority 0 7 Parameter Name Description priority 0 7 Valid values 0 7 Type Mandatory port_type Port type in Fast or Giga ethernet portNo Valid values 0 10 Type Mandatory Description Show scheduler profile table Syntax show queue scheduler profile Parameter None Description Show queue shaper ...

Page 292: ...ption PVLAN ID Syntax show pvlan pvlan_list Parameter Name Description pvlan_list PVLAN ID to show configuration for Description Show all port isolation information Syntax show pvlan isolation interface port_type port_type_list Parameters Name Description port_type Port type in Fast or Giga ethernet portNo Valid values 1 10 Type Mandatory Description Show isolation information per gigabit port Syn...

Page 293: ...meters Name Description port_type Port type in Fast or Giga ethernet portNo Valid values 1 10 Type Mandatory Description Show interface transceiver Syntax show interface GigabitEthernet interface port_type_list transceiver Parameter Name Description portNo Valid values 11 14 for 14 port model Type Mandatory Description QoS interface information Syntax show qos interface port_type port Parameters N...

Page 294: ...Map for dscp to cos dscp egress translation Map for dscp egress translation dscp ingress translation Map for dscp ingress translation Description QCE Syntax show qos qce qce Parameter Name Description qce Id 1 256 QCE ID Description Show storm control information by VLAN Syntax show vlan unknown uc show vlan unknown mc show vlan broadcast Parameters Name Description unknown uc Show unknown unicast...

Page 295: ...cription show rmon information Syntax show rmon alarm id_list show rmon event id_list show rmon history id_list show rmon statistics id_list Parameters Name Description alarm Display the RMON alarm table event Display the RMON event table history Display the RMON history table statistics Display the RMON statistics table id_list 1 65535 Statistics entry list Description Show interface gigaport inf...

Page 296: ...Tag Syntax show ext tpid Parameter None Description Show VLAN interface information of all VLANs Syntax show interface vlan Parameter None Description Show VLAN interface information of specify VLAN Syntax show interface vlan vlanid Parameter Name Description vlanid VLAN ID Valid values 1 4094 Type Mandatory Description Show protocol based VLAN information for all entries Syntax show protocol vlan...

Page 297: ...erface gigabit portNo vlan Parameter Name Description portNo Gigabit port Valid values 1 10 Type Mandatory Description Show VLAN translation table for all Syntax show vlan trans Parameter None Description Show IGMP group membership table Syntax show multicast fdb Parameter None Description Show dot1x information Syntax show dot1x Parameter None Description Show dot1x stats Syntax show dot1x status...

Page 298: ... Name Description all Show all dot1x statistics eapol Show EAPOL statistics radius Show Backend Server statistics interface Interface port_type GigabitEthernet 1 Gigabit Ethernet Port v_port_type_list PORT_LIST Port list in 1 1 14 Description show radius server statistics Syntax show radius server statistics Parameter Name Description statistics Count radius packet statistics Description show rfc2...

Page 299: ...rt_type GigabitEthernet 1 Gigabit Ethernet Port port_list port_type_list Port list in 1 1 14 Description Web privilege Syntax show web privilege group group_name level Parameters Name Description privilege Web privilege group Web privilege grou group_name CWORD Valid words are Aggregation DHCP Debug Dhcp_Client Diagnostics EEE Green_Ethernet IP2 IPMC_Snooping LACP LLDP Loop_Protect MAC_Table MVR M...

Page 300: ...Syntax interface gigabit portNo Parameter Name Description portNo Valid values 1 10 Type Mandatory Description Vlan Ethernet interface enter mode of interface vlan Syntax interface vlan vlanid Parameter Name Description vlanid Valid values 1 4094 Type Mandatory Description Authentication Syntax aaa authentication Parameter Name Description authentication Authentication Description Management confi...

Page 301: ...regation mode dmac ip port smac Parameter Name Description dmac Destination MAC affects the distribution ip IP address affects the distribution port IP port affects the distribution smac Source MAC affects the distribution Description Clear alarm history Syntax alarm history clear Parameter None Description Banner control Syntax banner LINE exec login motd Parameter Name Description LINE c banner ...

Page 302: ...ameter None Description Rate limiter Syntax default access list rate limiter rate_limiter_list Parameter Name Description RateLimiterId 1 16 Rate limiter ID Description Enter Scheduling Profile Config Mode Syntax profile sch Parameter None Description Set NTP server address Syntax ntp server 1 5 ip address ipv4_ucast ipv6_ucast hostname Parameters Name Description 1 5 index number ipv4 ipv6 Type M...

Page 303: ...t timezone Type Mandatory default Set time zone to default GMT UTC Type Mandatory Description Set date time Syntax clock summer time word16 date 1 12 1 31 2000 2097 hhmm 1 12 1 31 2000 2097 hhmm 1 1440 Parameters Name Description word16 Valid values please see list timezone Type Mandatory day Valid values 1 31 Type Mandatory month Valid values 1 12 Type Mandatory year Valid values 2000 2097 Type M...

Page 304: ... 0 15 password encrypted word4 44 Parameters Name Description word31 Valid values 1 31 characters Type Mandatory 0 15 Valid values 0 15 Type Mandatory word4 44 Valid values 4 44 characters Type Mandatory Description Delete an account Syntax no username word31 Parameter Name Description word31 Valid values 1 31 characters Type Mandatory Description Disable or enable syslog service Syntax logging on...

Page 305: ... Currently running configuration startup config Startup configuration syntax check Perform syntax check on source configuration Filename File in FLASH or on TFTP server Description clear ipigmpsnoopingstatisti Syntax clear ip igmp snooping vlan vlan_list statistics Parameter Name Description vlan_list VLAN list Description clear logging Syntax clear logging info warning error switch switch_list Pa...

Page 306: ...t Parameter Name Description word Word for prompt in 32 char s Description Delete one file in flash file system Syntax delete word Parameter Name Description word Name of file to delete Description Directory of all files in flash file system Syntax dir Parameter None Description To run exec commands in config mode Syntax do line Parameter Name Description line Exec Command ...

Page 307: ...ull duplex auto Auto negotiation of duplex mode half full Advertise half full duplex Description Enable command line editing Syntax editing Parameter None Description Firmware swap and upgrade Syntax firmware swap upgrade Parameters Name Description swap Swap between Active and Alternate firmware image upgrade Firmware upgrade Description Enable Disable flow control Syntax flowcontrol on off Param...

Page 308: ... testing with 1024 byte TST PDUs 1280 Enable testing with 1280 byte TST PDUs 1518 Enable testing with 1518 byte TST PDUs 2000 Enable testing with 2000 byte TST PDUs 9600 Enable testing with 9600 byte TST PDUs Description Powering down of PHYs when there is no traffic Syntax green etherneteee Parameter None Description Set if EEE shall be optimized for least power consumption else optimized for lea...

Page 309: ...ast ipv4_ucast Parameters Name Description port_type Port type in Fast or Gigaethernet port_type_id Port ID in the format of switch no port no vlan_id Select a VLAN id to configure mac_ucast Select a MAC address to configure ipv4_ucast Select an IP Address to configure Description arp inspection entry interface config Syntax ip arp inspection entry interface port_type in_port_type_id vlan_var mac_...

Page 310: ...rver Description IP ARP inspection vlan setting Syntax ip arp inspection vlan vlan_list Parameter Name Description vlan_list arp inspection vlan list Description IP DNS proxy service Syntax ipdns proxy Parameter None Description IP http secure redirect Syntax ip http secure redirect Parameter None Description IP Secure HTTP web server Syntax ip http secure server Parameter None ...

Page 311: ... format of switch no port no vlan_id Select a VLAN id to configure ipv4_ucast Select an IP Address to configure mac_ucast Select a MAC address to configure Description IP Secure Shell Syntax ipssh Parameter None Description IP name server Syntax ip name server v_ipv4_ucast dhcp interface vlan v_vlan_id Parameters Name Description v_ipv4_ucast A valid IPv4 unicast address dhcp Dynamic Host Configur...

Page 312: ...ce translate all entries Description IPMC profile configuration Syntax ipmc profile Parameter None Description A range of IPv4 IPv6 multicast addresses for the profile Syntax ipmc range word16 ipv4_mcast ipv4_mcast ipv6_mcast ipv6_mcast Parameters Name Description word16 Range entry name in 16 char s ipv4_mcast Valid IPv4 multicast address ipv4_mcast Valid IPv4 multicast address that is not less t...

Page 313: ...her priority Description Console terminal control Syntax line 0 16 console 0 vty 0 15 Parameters Name Description 0 16 List of line numbers console Console terminal line vty Virtual terminal Description Domain name and IP address Syntax logging host v_ipv4_ucast v_word45 Parameters Name Description hostname Donain name of the log server ipv4_ucast IP address of the log server Description Log level...

Page 314: ...ne Description MAC table entries configuration Syntax mac address table aging time v_0_10_to_1000000 Parameter Name Description v_0_10_to_1000000 Aging time in seconds 0 disables aging Description MAC table entries configuration Syntax mac address table static v_mac_addr vlan v_vlan_id interface port_type v_port_type_list Parameters Name Description v_mac_addr 48 bit MAC address v_vlan_id VLAN IDs...

Page 315: ...me Description debug Debugging functions port securit Port security psec limit terminal Set terminal line parameters Description The ping function Syntax ping ip ipv6 Parameters Name Description ip IP ICMP echo ipv6 IPv6 ICMPv6 echo Description Port security Syntax port security aging time v_10_to_10000000 Parameters Name Description aging Enable disable port security aging time Time in seconds be...

Page 316: ...configuration mod dhcp pool DHCP Pool Configuration Mode exec Exec mode if vlan VLAN Interface Mode interface Port List Interface Mode ipmc profile IPMC Profile Mode line Line configuration mode rfc2544 profile RFC2544 Profile Mode snmps host SNMP Server Host Mode stp aggr STP Aggregation Mode Description System or configuration reset Syntax reload cold default Parameters Name Description cold Rel...

Page 317: ...ded because of the unknown or un support protocol ifOutDiscards The number of outbound packets that are discarded event the packets is normal ifOutErrors The The number of outbound packets that could not be transmitted because of errors ifOutNUcastPkts The number of broad cast and multi cast packets that request to transmit ifOutOctets The number of octets transmitted out of the interface includin...

Page 318: ... Generate SNMP trap when the event fires Description Terminal control Syntax terminal editing exec timeout help history length width Parameters Name Description editing Enable command line editing exec timeout Set the EXEC timeout help Description of the interactive help system history Control the command history function length Set number of lines on a screen width Set width of the display termin...

Page 319: ...iption vlanid Create an empty VLAN index Valid values 1 4094 Type Mandatory name VLAN Name 0 31 String Size 0 31 Type Mandatory Description Delete VLAN memberset setting Syntax vlan disable vlanid Parameter Name Description vlanid Valid values 1 4094 Type Mandatory Description Configure aging time for a bridge port Syntax mac address table aging time time Parameter Name Description time Valid valu...

Page 320: ... sfp dual Parameters Name Description rj45 rj45 interface copper interface sfp sfp interface fiber interface dual Dual media interface cu fiber interface Description The destination port That is the port that traffic should be mirrored to Syntax monitor destination interface port_type port_type_id Parameters Name Description port_type Port type port_type_id Port Number Description Mirror Interface...

Page 321: ... source port to tx will mirror egress traffic Description Configures interface speed If you use 10 100 or 1000 keywords with the auto keyword the port will only advertise the specified speeds Syntax speed 10g 2500 1000 100 10 auto 10 100 1000 Parameters Name Description 1000 1Gbps 100 100Mbps 10 10Mbps auto Auto negotiation 10 10Mbps 10 0 100Mbps 1000 1Gbps Description Configure TACACS server Synt...

Page 322: ...tion Time to wait for a TACACS server to reply Syntax tacacs server timeout 1 1000 Parameter Name Description 1 1000 Wait time in seconds Description trap event configuration Syntax traps aaa authentication system coldstart warmstart switch stp rmon Parameters Name Description aaa authentication AAA authentication fail event coldstart Cold start event warmstart Warm start event stp STP event rmon ...

Page 323: ...ption 1 255 TTL value Description User account Syntax username username privilege priv password encrypted encry_password username username privilege priv password none username username privilege priv password unencrypted password Parameters Name Description username Username word31 User name allows letters numbers and underscores privilege Set user privilege level priv User privilege level passwo...

Page 324: ...cs EEE Green_Ethernet IP2 IPMC_Snooping LACP LLDP Loop_Protect MAC_Table MVR Maintenance Mirroring NTP Ports Private_VLANs QoS RPC Security Spanning_Tree System Timer VCL VLANs Voice_VLAN XXRP sFlow level Web privilege group level cro Configuration Read only level crw Configuration Read write level sro Status Statistics Read only level srw Status Statistics Read write level cro Cro 0 15 crw Crw 0 ...

Page 325: ...tion auto Auto negotiation full l000mbps Set 1000Mbps full duplexing full 100mbps Set 100Mbps full duplexing full 10mbps Set 10Mbps full duplexing half 100mbps Set 100Mbps half duplexing half 10mbps Set 10Mbps half duplexing Description Set interface gigabit port enable or disable Syntax port enable disable Parameters Name Description disable Turn off gigabit port enable Turn off gigabit port Desc...

Page 326: ... VLAN commands vlan vlan ethertype s custom port Description VLAN commands Syntax vlan vlan_list Parameter Name Description vlan_lis ISL VLAN IDs 1 4095 Description Vlan Ether type for custom S ports configuration Syntax vlan ethertype s custom port 0x0600 0xffff Parameter Name Description 0x0600 0xffff Ethertype Range 0x0600 0xffff ...

Page 327: ... is ARP ip Ether Type is IP ipx Ether Type is IPX at Ether Type is AppleTalk 0x0 0xffffff SNAP OUI Range 0x000000 0XFFFFFF rfc_1042 SNAP OUI is rfc_1042 snap_8021h SNAP OUI is 8021h 0x0 0xffff PID Range 0x0 0xFFFF 0x0 0xff DSAP Range 0x00 0xFF 0x0 0xff SSAP Range 0x00 0xFF word16 Group Name Range 1 16 characters Description Change whether trunking of unknown VLANs is enabled Syntax vlan trunking P...

Page 328: ...Ds Description Set acceptable frame type on a port Syntax switchport hybrid acceptable frame type all tagged untagged Parameters Name Description all Allow all frames tagged Allow only tagged frames untagged Allow only untagged frames Description Set allowed VLAN characteristics when interface is in hybrid mode Syntax switchport hybrid allowed vlan all none add remove except vlan_list Parameters N...

Page 329: ...meters Name Description none No egress tagging all Tag all frames except native Tag all frames except frames classified to native VLAN of the hybrid port Description VLAN Ingress filter configuration Syntax switchport hybrid ingress filtering Parameter None Description Set switching mode Syntax switchport mode access trunk hybrid Parameters Name Description access Set mode to ACCESS unconditionall...

Page 330: ...ll All VLANs none No VLANs add Add VLANs to the current list remove Remove VLANs from the current list except All VLANs except the following vlan_list VLAN IDs of the allowed VLANs when this port is in trunk mode Description Protocol based VLAN group commands Syntax switchport vlan protocol group word16 vlan vlan_id Parameters Name Description word16 Group Name Range 1 16 characters vlan_id VLAN I...

Page 331: ..._addr ipv4_netmask dhcp fallback ipv4_addr ipv4_netmask timeout uint Parameters Name Description ipv4_addr IP address ipv4_netmask IP netmask dhcp Enable DHCP fallback DHCP fallback settings ipv4_addr DHCP fallback address ipv4_netmask DHCP fallback netmask timeout DHCP fallback timeout uint DHCP fallback timeout in seconds Description Interface Internet Protocol config commands Domain Name System...

Page 332: ...resses Syntax ip dhcp excluded address low_ip high_ip Parameters Name Description low_ip Low IP address high_ip High IP addres Description Pool name in 32 characters Syntax ip dhcp pool pool_name Parameter None Description DHCP Server Syntax ip dhcp server Parameter None Description DHCP relay agent configuration Syntax ipdhcp relay Parameter None Description IP DHCP relay information option Optio...

Page 333: ...ion vlan_id Vlan ID Description IP DHCP snooping Syntax ipdhcp snooping Parameter None Description DHCP relay server Syntax ip helper address v_ipv4_ucast Parameter Name Description Ip ipv4_ucast IP address of the DHCP relay server Description Configure the IPv6 address of an interface Syntax ipv6 address ipv6_subnet Parameter Name Description ipv6_subnet IPv6 prefix x x y z Description IPv6 Maxim...

Page 334: ...oup2 Configure ring protection v2 group2 Ring group3 Configure ring protection v2 group3 Chain Description Set guard time Syntax guard time ringGuardTimerDef Parameter Name Description ringGuardTimerDef 10 3600 unit second Default is 10 seconds Description Enable Disable ring group Syntax mode disable enable Parameters Name Description disable Set the specified Ring group to Disabled enable Set th...

Page 335: ...ain member b chain terminal 1 b chain terminal 2 b chain central block b chain member Parameters Name Description ring master Set role to ring master ring slave Set role to ring slave coupling primary Set role to coupling primary coupling backup Set role to coupling backup dual homing Set role to dual homing chain head Set role to chain head chain member Set role to chain member chain tail Set rol...

Page 336: ...rd spanning tree edge Description Enable disable STP on this interface Syntax spanning tree Parameter None Description Spanning Tree protocol Syntax spanning tree aggregation Parameter None Description Auto detect edge status Syntax spanning tree auto edge Parameter None Description Enable disable BPDU guard Syntax spanning tree bpdu guard Parameter None Description Edge port spanning tree STP Bri...

Page 337: ...on mode STP protocol mode stp 802 1D Spanning Tree rstp Rabid Spanning Tree 802 1w mstp Multiple Spanning Tree 802 1s Syntax spanning tree mode stp rstp mstp Parameters Name Description stp 802 1D Spanning Tree rstp Rabid Spanning Tree 802 1w mstp Multiple Spanning Tree 802 1s Description STP bridge instance STP Cost of this port Syntax spanning tree mst 0 7 cost 1 200000000 auto Parameters Name D...

Page 338: ...ST2 1 0 240 STP priority of this port Description Priority of the instance Range in seconds Syntax spanning tree mst 0 7 priority 0 61440 Parameters Name Description 0 7 instance 0 7 CIST 0 MST2 1 0 61440 Priority of the instance Description VLAN keyword Syntax spanning tree mst 0 7 vlan vlan_list Parameters Name Description 0 7 instance 0 7 CIST 0 MST2 1 vlan_list Range of VLANs Description forwa...

Page 339: ...max age 6 40 forward time 4 30 Parameters Name Description 6 40 Max bridge age before timeout 4 30 forward time Description MSTP bridge max hop count Syntax spanning tree mst max hops 6 40 Parameter Name Description 6 40 MSTP bridge max hop count Description Name of the bridge Revision Revision keyword Syntax spanning tree mst name word32 revision 0 65535 Parameters Name Description word32 Name of...

Page 340: ...ance Instance 0 7 instance 0 7 CIST 0 MST2 1 priority Priority of the instance vlan VLAN keyword prio Prio 0 61440 Range in seconds v_vlan_list vlan_list Range of VLANs Description Recovery Syntax spanning tree recovery interval interval Parameters Name Description interval The interval interva Interval 30 86400 Range in seconds Description Transmit Syntax spanning tree transmit hold count holdcou...

Page 341: ...ce Description The agent IP address used as agent address in UDP datagrams Defaults to IPv4 loopback address Syntax sflow agent ip ipv4 ipv4_addr ipv6 ipv6_addr Parameters Name Description ipv4_addr Ipv4 address ipv6_addr ipv6 address Description Sflow runtime see sflow_icli_functions Syntax sflow collector address receiver range_list word Parameter Name Description range_list Sampler instance Des...

Page 342: ...cription Specifies the statistical sampling rate The sample rate is specified as N to sample 1 Nth of the packets n the monitored flows There are no restrictions on the value but the switch will adjust it to the closest possible sampling rate Syntax sflow sampling rate sampler range_list 1 4294967295 Parameters Name Description range_list Sampler instance 1 4294967295 Sampling rate Description Rec...

Page 343: ...ation Syntax snmp server access group name model v1 v2c v3 any level auth noauth priv read word255 write word255 Parameters Name Description group name 32 words v1 v2c v3 any V1 v3 security model level security level auth noauth priv authNoPriv Security Level noAuthNoPriv Security Level authPriv Security Level read specify a read view for the group word255 read view name Description Set the SNMP v...

Page 344: ...ddress ipv4_netmask IPv4 netmask Description Set SNMP server s configurations Syntax snmp server host word32 Parameter Name Description word32 Name of the host configuration Description Set SNMP host s configurations Syntax snmp server host Name of the host configuration traps linkup linkdown lldp Parameters Name Description Name of the host configuration Name of the host configuration 200 1468 pa...

Page 345: ...ion Username 32 words Engine ID octet string word10 32 MD5 Set MD5 protocol sha Set SHA protocol word8 40 SHA password priv Set Privacy des aes Set DES AES protocol word8 32 Set privacy password Description Set the SNMP server s version Syntax snmp server version v1 v2c v3 Parameter Name Description v1 v2c v3 SNMP v1 v2c v3 Description Snmp MIB view configuration Syntax snmp server view word32 wor...

Page 346: ...P port of the trap messges traps Send Trap messages to this host informs Send Inform messages to this host Description SNMP server contact Syntax snmp server contact v_line255 Parameter Name Description v_line255 line255 contact string Description SNMP server engine ID Syntax snmp server engine id local engineID Parameters Name Description local Set SNMP local engine ID engineID Engineid word10 32...

Page 347: ...ity model v1 v1 security model v2c v2c security model v3 v3 security model name security user security_name SecurityName word32 security user name group security group group_name GroupName word32 security group name Description host configuration Syntax host ipv4_ucast hostname 1 65535 traps informs Parameters Name Description Ipv4_ucast IP address of SNMP trap host hostname hostname of SNMP trap ...

Page 348: ... QCE ID refresh Refresh QCE tables in hardware update Update an existing QCE Description QoS storm Syntax qos storm unicast multicast broadcast rate kfps 1024 kfps Parameters Name Description broadcast Police broadcast frames multicast Police multicast frames unicast Police unicast frames rate 1024 Rate is 1024 kfps Rate 1 2 4 8 16 32 64 128 256 512 Policer rate default fps Description Class of se...

Page 349: ...tion Configure cos mapping to dscptable Syntax qos map cos dscp 0 7 dpl 0 1 dscp 0 63 be af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef va Parameters Name Description 0 7 Cos level 0 1 Specific drop precedence level 0 63 Dscp level be Default PHB DSCP 0 for best effort traffic af11 13 Assured Forwarding PHB 11 13 DSCP 10 12 14 af22 23 Assured Forwarding ...

Page 350: ...nce 1 7 DSCP 8 cs value ef Expedited Forwarding PHB DSCP 46 va Voice Admit PHB DSCP 44 0 1 Specific drop precedence level Description Configure dscp egress translation Syntax qos map dscp egress translation 0 63 be af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef va 0 1 to 0 63 be af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 ...

Page 351: ...ult PHB DSCP 0 for best effort traffic af11 13 Assured Forwarding PHB 11 13 DSCP 10 12 14 af22 23 Assured Forwarding PHB 22 23 DSCP 20 22 af31 33 Assured Forwarding PHB 31 33 DSCP 26 28 30 Af41 43 Assured Forwarding PHB 41 43 DSCP 34 36 38 cs1 7 Class Selector PHB CS1 7 precedence 1 7 DSCP 8 cs value ef Expedited Forwarding PHB DSCP 46 va Voice Admit PHB DSCP 44 0 1 Specific drop precedence level ...

Page 352: ... 7 uint excess Parameters Name Description 1 100 every level proportion unit Traffic meter excess Agree the shaper could be excess or not Description Configure queue policer command Syntax qos queue policer queue 0 7 uint Parameters Name Description 0 7 Queue number uint Traffic meter Description Configure qos shaper command Syntax qos shaper uint Parameters Name Description 1 100 every level prop...

Page 353: ...ion IGMP proxy for leave configuration Syntax ip igmp host proxy leave proxy Parameter Name Description leave proxy IGMP proxy for leave Description Snooping igmp Syntax ip igmp snooping Parameter None Description IP IGMP snooping immediate leave configuration Syntax Ip igmp snooping immediate leave Parameter None Description IP IGMP snooping Last Member Query Interval in tenths of seconds Syntax ...

Page 354: ...MP group registration Description IP IGMP snooping Multicast router port configuration Syntax Ip igmp snooping mrouter Parameter None Description IP IGMP querier configuration Syntax ip igmp snooping querier election address ipv4_ucast Parameters Name Description election Act as an IGMP Querier to join Querier Election address IGMP Querier address configuration ipv4_ucast A valid IPv4 unicast addr...

Page 355: ...er Name Description vlan_list VLAN identifier s VID Description SSM range Syntax ip igmp ssm range v_ipv4_mcast ipv4_prefix_length Parameters Name Description v_ipv4_mcast Valid IPv4 multicast address ipv4_prefix_length Length Description IP IGMP flooding unregistered IPv4 multicast traffic Syntax ip igmp unknown flooding Parameter None Description clear ip igmp snooping statisti Syntax clear ip i...

Page 356: ...rameter None Description mvr immediate leave configuration Syntax mvr immediate leave Parameter None Description Multicast VLAN name and channel configuration Syntax mvr name word16 channel word16 Parameters Name Description name word16 MVR multicast VLAN name channel word16 Profile name in 16 char s Description Multicast VLAN interface CoS priority Syntax mvr name word16 frame priority 0 7 Parame...

Page 357: ...escription MVR address configuration used in IGMP Syntax mvr name word16 igmp address ipv4_ucast Parameters Name Description name word16 MVR multicast VLAN name ipv4_ucast A valid IPv4 unicast address Description Configure last Member Query Interval in tenths of seconds Syntax mvr name word16 last member query interval 0 31744 Parameters Name Description name word16 MVR multicast VLAN name 0 31744...

Page 358: ...n Multicast VLAN Registration configuration Syntax mvr vlan vlan_list name word16 Parameters Name Description vlan_list MVR multicast VLAN list name word16 MVR multicast VLAN name in 16 char s Description MVR channel configuration Syntax mvr vlan vlan_list channel word16 Parameters Name Description vlan_list MVR multicast VLAN list channel word16 MVR multicast channel name in 16 char s Description...

Page 359: ... will be sent Syntax mvr vlan vlan_list igmp address ipv4_ucast Parameters Name Description vlan_list MVR multicast VLAN list ipv4_ucast A valid IPv4 unicast address for IGMP Description Dynamic MVR vlan operation mode Syntax mvr vlan vlan_list mode dynamic compatible Parameters Name Description vlan_list MVR multicast VLAN list dynamic Dynamic MVR operation mode compatible Compatible MVR operatio...

Page 360: ...figuration Syntax ipv6 mld host proxy leave proxy Parameter Name Description leave proxy MLD proxy for leave configuration Description ipv6 mld snooping Syntax ipv6 mld snooping Parameter None Description IPv6 MLD snooping compatibility configuration Syntax ipv6 mld snooping compatibility auto v1 v2 Parameters Name Description auto Compatible with MLDv1 MLDv2 v1 Forced MLDv1 v2 Forced MLDv2 Descri...

Page 361: ...31744 tenths of seconds Description IPv6 MLD group throttling configuration Syntax ipv6 mld snooping max groups 1 10 Parameter Name Description 1 10 Maximum number of MLD group registration Description ipv6 mld snooping multicast router port configuration Syntax ipv6 mld snooping mrouter Parameter None Description IPv6 MLD snooping query interval in seconds Syntax ipv6 mld snooping query interval ...

Page 362: ... SSM range Syntax ipv6 mld ssm range v_ipv6_mcast ipv6_prefix_length Parameters Name Description v_ipv6_mcast Valid IPv6 multicast address ipv6_prefix_length length Description Flooding unregistered IPv6 multicast traffic Syntax ipv6 mld unknown flooding Parameter None Description IPv6 Route Syntax ipv6 route v_ipv6_subnet v_ipv6_ucast interface vlan v_vlan_id v_ipv6_addr Parameters Name Descripti...

Page 363: ...ver attribute Syntax radius server attribute 32 id Parameter Name Description id Id line1 253 Description Configure radius server attribute Syntax radius server attribute 4 ipv4_ucast Parameter Name Description ipv4_ucast ipv4_ucast address Description Configure radius server attribute Syntax radius server attribute 95 ipv6_ucast Parameter Name Description ipv6_ucast Ipv6_ucast address Description...

Page 364: ...ss auth port 0 65535 UDP port number for RADIUS authentication server acct port 0 65535 UDP port number for RADIUS accounting server timeout 1 1000 Wait time in seconds for this RADIUS server to reply overrides default retransmit 1 1000 Description radius server key Syntax radius server key key Parameter Name Description key Key line1 63 The shared key Description radius server retransmit Syntax r...

Page 365: ...40 Parameter Name Description 1 1440 Time in minutes Description Configure tacacs server host behavior Syntax tacacs server host word1 255 port 0 65535 timeout 1 1000 key line1 63 Parameter Name Description 1 1440 TCP port number Description Time to stop using a TACACS server that doesn t respond Syntax tacacs server deadtime 1 1440 Parameter Name Description 1 1440 Time in minutes Description Tim...

Page 366: ...es state of RADIUS assigned QoS radius vlan Globally enables disables state of RADIUS assigned VLAN Description dot1x authentication timer Syntax dot1x authentication timer inactivity v_10_to_100000 re authenticate v_1_to_3600 Parameters Name Description inactivity Time in seconds between check for activity on successfully authenticated MAC addresses re authenticate The period between re authentic...

Page 367: ...econds before a MAC address that failed authentication gets a new authentication chance tx period the time between EAPOL retransmissions Description G Enables disables Guest VLAN globally or on one or more ports Syntax dot1x guest vlan dot1x guest vlan 1 4095 Parameter Name Description 1 4095 Guest VLAN ID used when entering the Guest VLAN Description Forces a reinitialization of the clients on th...

Page 368: ... 1X Authentication single Single Host 802 1X Authentication multi Multiple Host 802 1X Authentication mac based Switch authenticates on behalf of the client Description Enables disables per port state of RADIUS assigned VLAN Syntax dot1x radius vlan Parameter None Description show radius server statistics Syntax show radius server statistics Parameter Name Description statistics Count radius packe...

Page 369: ...mmand Line Interface CLI 369 Authenticate Mode Commands end exit hostname Description Level exit Syntax end Parameter None Description Level exit Syntax end Parameter None Description This system s network name Syntax hostname hostname Parameter None ...

Page 370: ...tion configuration on port Syntax loop protect Parameter None Description Loop protection configuration on port Syntax loop protect action shutdown log Parameters Name Description shutdown Shutdown port log Generate log Description Loop protection shutdown time interval Syntax loop protect shutdown time 0 604800 Parameter Name Description 0 604800 Shutdown time in second Description Loop protectio...

Page 371: ...P1204 XT User Guide 2000644 Rev A Command Line Interface CLI 371 Loop Protection Configure Commands loop protect tx mode Description Loop protection actively generate PDUs Syntax loop protect tx mode Parameter None ...

Page 372: ...etic system type nad83 mllw Mean lower low water datum 1983 nad83 navd88 North American vertical datum 1983 wgs84 World Geodetic System 1984 fast Number of times to repeat LLDP frame transmission at fast start v_1_to_10 1 10 location tlv LLDP MED Location Type Length Value parameter altitude Altitude parameter civic addr Civic address information and postal information elin addr Emergency Location...

Page 373: ...time between each LLDP frame transmitted in seconds Syntax lldp timer 5 32768 Parameter Name Description 5 32768 5 32768 seconds Description Which optional TLVs to transmit Syntax lldp tlv select management address port description system capabilities system description system name Parameters Name Description management address Enable Disable transmission of management address port description Ena...

Page 374: ...cription Sets LLDP transmission delay the amount of time that the transmission of LLDP frames will delayed after LLDP configuration has changed in seconds Syntax lldp transmission delay 1 8192 Parameter Name Description 1 8192 transmission delay seconds Description Enable Disabled transmision of LLDP frames Syntax lldp transmit Parameter None ...

Page 375: ...Description Rename an existing profile Syntax rfc2544 rename profile word32 word32 Parameters Name Description profile word32 Old profile name word32 New profile name Description Save a report to a file on a TFTP server Syntax rfc2544 save word32 word Parameter Name Description word32 Name of existing report to save word TFTP server URL on the form tftp server port path to file Description Start e...

Page 376: ...fc2544 stop word32 show rfc2544 profile word32 Description Stop execution of an ongoing test Syntax rfc2544 stop word32 Parameter Name Description word32 Report name to stop execution of Description show rfc2544 profile name Syntax show rfc2544 profile word32 Parameter Name Description word32 rfc2544 profile name ...

Page 377: ...e GVRP on port s Syntax gvrp Parameter None Description Emit a Join Request for test purpose Syntax gvrp join request vlan vlan_list Parameter Name Description vlan_list List of VLANs Description Emit a leave Request for test purpose Syntax gvrp leave request vlan vlan_list Parameter Name Description vlan_list List of VLANs Description gvrpmaximum number of VLANs Syntax gvrp max vlans 1 4095 Param...

Page 378: ...n time 1 20 leave time 60 300 leave all time 1000 50 Description Set gvrp time Syntax gvrp time join time 1 20 leave time 60 300 leave all time 1000 5000 Parameter Name Description 1 20 join timer available from 1 to 20 60 300 leave timer available from 60 to 300 1000 5000 leaveall timer available from 1000 to 5000 ...

Page 379: ...pliance attributes Syntax voice vlan Parameter None Description Set secure learning aging time for voice traffic Syntax voice vlan aging time 10 10000000 Parameter Name Description 10 10000000 Aging time 10 10000000 seconds Description Set voice traffic class Syntax voice vlan class 0 7 low normal medium high Parameters Name Description 0 7 Traffic class value low Traffic class low 0 normal Traffi...

Page 380: ...voice vlan vid Description Set voice traffic OUI configuration Syntax voice vlan oui oui description line32 Parameters Name Description oui OUI value description Set description for the OUI line32 Description line Description Set voice VLAN ID Syntax voice vlan vid vlan_id Parameter Name Description vlan_id VLAN ID 1 4095 ...

Page 381: ...e alarm Syntax profile alarm Parameter None Description Set alarm content Syntax alarm alarmId mask unmask major minor Parameters 101 114 GE 1 14 Port link down for 14 port model Name Description alarmId 151 set Power alarm mask Set alarm as mask it means event will not be send notify unmask Set alarm as un mask it means event will be send notify major Set alarm level as major minor Set alarm leve...

Page 382: ...ermined by class and power is managed according to power consumption class reserved power Max port power determined by class and power is managed according to reserved power lldp consumption Max port power determined by LLDP Media protocol and power is managed according to power consumption lldp reserved power Max port power determined by LLDP Media protocol and power is managed according to reser...

Page 383: ...ort in allocation mode Syntax poe power limit power Parameter Name Description power Maximum power for the interface 0 15 4 Watt for PoE standard mode 0 30 0 Watt for PoE plus mode Description Set PoE port priority Syntax poe priority priority Parameters Name Description critical Set priority to critical high Set priority to high low Set priority to low Description Set PoE power reset time Syntax ...

Page 384: ...dule Description Set PoE power scheduling during the week Syntax poe schedule Day range_list Parameters Name Description fri mon sat sun thu tue wed Day range_list There are 48 time interval one day Each interval has 30 minutes 1 00 00 00 29 2 00 30 00 59 3 01 00 01 29 47 23 00 23 29 48 23 30 23 59 ...

Page 385: ...E even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated with a Policy 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports page There are number of parameters that can ...

Page 386: ...vailability Also Port Aggregation Link Aggregation ARP ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as an Ethernet address ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known Before using IP the host sends a broadcast ARP request containing the Internet addre...

Page 387: ... MEP functionality that is able to detect loss of continuity in a network by transmitting CCM frames to a peer MEP CCM CCM is an acronym for Continuity Check Message It is a OAM frame transmitted from a MEP to it s peer MEP and used to implement CC functionality CDP CDP is an acronym for Cisco Discovery Protocol ...

Page 388: ... a human network administrator Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address DHCP Relay DHCP Relay is used to forward and to transfer DHCP messages between the clien...

Page 389: ...nts banking etc or other services that rely on the affected computer Dotted Decimal Notation Dotted Decimal Notation refers to a method of writing IP addresses using decimal numbers and dots as separators between octets An IPv4 dotted decimal address has the form x y z w where x y z and w are decimal numbers between 0 and 255 Drop Precedence Level Every incoming frame is classified to a Drop Prece...

Page 390: ...ffic in a ring topology while also ensuring that the Ethernet layer remains loop free Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame EVC EVC is an acronym for Ethernet Virtual Connection MEF standards describe services provided to customers at ...

Page 391: ...Multicast snooping Fast Leave processing allows the switch to remove an interface from the forwarding table entry without first sending out group specific queries to the interface The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even whe...

Page 392: ... generic protocol for registering attribute with other participants and is specified in IEEE 802 1D 2004 clause 12 GVRP GVRP is an acronym for GARP VLAN Registration Protocol It is a protocol for dynamically registering VLANs on ports and is specified in IEEE 802 1Q 2005 clause 11 GVRP is an example of the use of GARP hence the G in GVRP ...

Page 393: ...m that is designed to wait for HTTP requests and handle them when they arrive The Web browser is an HTTP client sending requests to server machines An HTTP client initiates a request by establishing a Transmission Control Protocol TCP connection to a particular port on a remote host port 80 by default An HTTP server listening on that port waits for the client to send a request message HTTPS HTTPS ...

Page 394: ...nds IGMP Query messages onto a particular link This router is called the Querier There will be only one IGMP Querier that wins Querier election on a particular link IMAP IMAP is an acronym for Internet Message Access Protocol It is a protocol for email clients to retrieve email messages from a mail server IMAP is the protocol that IMAP clients use to communicate with the servers and SMTP is the pr...

Page 395: ...cronym for IP MultiCast IPMC supports IPv4 and IPv6 multicasting IPMCv4 denotes multicast for IPv4 IPMCv6 denotes multicast for IPv6 IPMC Profile IPMC Profile is an acronym for IP MultiCast Profile IPMC Profile is used to deploy the access control on IP multicast streams IP Source Guard IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering tr...

Page 396: ...J J JSON JSON Java Script Object Notation is a lightweight data interchange format As an alternative to XML it can be used to transmit dynamic data between web server and application It uses human readable text and consist with one or more attribute value pairs ...

Page 397: ...the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making ...

Page 398: ...pying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD MLD is an acronym for Multicast Listener Discovery for IPv6 MLD is used by IPv6 routers to discover multicast listeners on a directly attached link much as IGMP is used in IPv4 The protocol is embedded in ICMPv6 instead of using a separate protocol MLD Querier A router sends MLD Query messag...

Page 399: ...e spanning tree instances while ensuring RSTP and STP compatibility The standard was originally defined by IEEE 802 1s but was later incorporated in IEEE 802 1D 2005 MVR Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANs The main reason for using MVR is to save bandwidth by preventing duplicate ...

Page 400: ...s not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and transport services described in the Open Systems Interconnection OSI model NFS NFS is an acronym for Network File System It allows hosts to mount partitions on a remote system and use them as though they are...

Page 401: ...me contains multiple TLVs For some TLVs it is configurable if the switch shall include the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLVs is disabled the corresponding information is not included in the LLDP frame OUI OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which ven...

Page 402: ...Power Over Ethernet Power Over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable It could for example be used for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply Policer A policer can limit the bandwidth of received frames It is located in front of...

Page 403: ...ver Ethernet and in plain Metro Ethernet networks Wikipedia POST POST is an acronym for Post On Self Telf It is run automatically on various components at power on The power on self test POST is used to test the basic hardware It includes ready made tests e g BIST embedded in hardware or ASICs such as memory tests serdes tests internal loopback test etc Private VLAN In a private VLAN PVLANs provid...

Page 404: ...s a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to ...

Page 405: ... to a service level agreement SLA and is usually run during service activation Router Port A router port is a port on the Ethernet switch that leads switch towards the Layer 3 multicast device RSA RSA is one of the first practicable public key cryptosystems and is widely used for secure data transmission In such a cryptosystem the encryption key is public and differs from the decryption key which ...

Page 406: ...org SHA SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the message of any length Shaper A shaper can limit the bandwidth of transmitted frames It is located after the...

Page 407: ...abbreviation for Synchronization Status Message and is containing a QL indication STP Spanning Tree Protocol is an OSI layer 2 protocol which ensures a loop free topology for any bridged LAN The original STP protocol is now obsolete by RSTP SVL Shared VLAN Learning allows for frames initially classified to a particular VLAN based on Port VLAN ID or VLAN tag information be bridged on a shared VLAN ...

Page 408: ...nsuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP TELNET TELNET is an acronym for TELetype NETwork It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provi...

Page 409: ...grity Protocol It used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet TT LOOP TT LOOP is an acronym for Traffic Test Loop a firmware module that provides methods to perform tests that are defined in RFC 2544 Benchmarking Methodo...

Page 410: ...encing of the packets This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units to exchange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish differe...

Page 411: ...le distinct mutually isolated broadcast domains VLAN ID VLAN ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality ...

Page 412: ...kipedia WPA PSK WPA PSK is an acronym for Wi Fi Protected Access Pre Shared Key WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer ...

Page 413: ...bleshooting Ethernet based services It is the only standard test methodology that allows for complete validation of Ethernet service level agreements SLAs in a single test ITU T Y 1564 is designed around three key objectives 1 To serve as a network service level agreement SLA validation tool ensuring that a service meets its guaranteed performance settings in a controlled test time 2 To ensure tha...

Page 414: ...414 Glossary RocketLinx MP1204 XT User Guide 2000644 Rev A Y ...

Reviews:

No comments

Related manuals for RocketLinx MP1204-XT

MMAC-Plus 9G426-02

Brand: Cabletron Systems Pages: 12

MMAC-Plus 9F310-02

Brand: Cabletron Systems Pages: 4

Brand: Cabletron Systems Pages: 16

Brand: cable matters Pages: 4

Brand: CableCreation Pages: 7

Brand: Datavideo Pages: 58

Brand: H3C Pages: 38

Brand: H3C Pages: 36

Brand: H3C Pages: 9

Brand: H3C Pages: 36

S12500X-AF Series

Brand: H3C Pages: 21

S12500X-AF Series

Brand: H3C Pages: 42

Brand: H3C Pages: 16

Brand: H-Tronic Pages: 32

PARAGON II Series

Brand: Raritan Pages: 1

Paragon Manager

Brand: Raritan Pages: 117

Brand: Zigen Pages: 40

Brand: Zigen Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands