manualshive.com logo in svg

CTC Union GSW-3208M1, User Manual

Share
Download
CTC Union GSW-3208M1 User Manual Download Page 37

34 

 
 

dot1x  agetime  x

 

command  is  used  to  set  aging  time.    “

x

”  is  a  number 

between 10~10000000 in seconds. 
This setting applies to the following modes, i.e. modes using the Port Security 
functionality to secure MAC addresses: 
• Single 802.1X 
• Multi 802.1X 
• MAC-Based Auth. 
When  the  NAS  module  uses  the  Port  Security  module  to   secure  MAC 
addresses, the Port Security module  needs  to  check  for  activity  on  the  MAC 
address  in  question  at  regular  intervals  and  free  resources  if  no  activity  is 
seen within a given period of time. This parameter controls exactly this period 
and can be set to a number between 10 and 1000000 seconds.   
If reauthentication is enabled and the port is in an 802.1X-based mode, this is 
not so critical, since supplicants that are no longer attached to the port will get 
removed upon the next reauthentication, whi ch will fail. But if reauthentication 
is not enabled, the only way to free resources is by aging the entries.   
For  ports  in  MAC-based  Auth.  mode,  reauthentication  doesn't  cause  direct 
communication  between  the  switch  and  the  client,  so  this  will  not  detect  
whether  the  client  is  still  attached  or  not,  and  the  only  way  to  free  any 
resources is to age the entry. 

dot1x  eapoltimeout  x

  command  is  used  to  determine  the  time  for 

retransmission of Request Identity EAPOL frames.   

x

” is a number between 

1~65535 in seconds.    This has no effect for MAC-based ports. 

dot1x guest_vlan

  command  is  used  to  enable  Guest  VLAN  function.    And 

no dot1x guest_vlan

” command is used to disable it.    When  it  is  enabled, 

the individual ports' ditto setting determines  whether  the  port  c an  be  moved 
into Guest VLAN.    The port setting is configured in port configuring  interface 
under prompt “(config-if)#”. 
A Guest VLAN is a special VLAN  - typically  with  limited  network  access  -  on 
which  802.1X-unaware  clients  are  placed  after  a  network  admi nistrator-
defined timeout.    This option is only available for EAPOL-based modes, i.e.: 

  Port-based 802.1X 

  Single 802.1X 

  Multi 802.1X 

While in the Guest VLAN, the switch monitors the link for EAPOL frames, and if 
one such frame is received, the switch  immediately takes the port  out  of  the 
Guest  VLAN  and  starts  authenticating  the  supplicant  according  to  the  port 
mode. If an EAPOL frame is received, the port will  never  be  able  to  go  back 
into the Guest VLAN if the "allow_if_eapol_seen" is disabled. 

dot1x guest_vlan vid x

 command is used to set the VLAN ID of Guest VLAN.   

x

” is a number between 1~4095 for VLAN ID. 

dot1x holdtime x

 command is used to set the Hold Time for 802.1x operation.   

x

” is a number between 10~10000000 for time in seconds. 

This setting applies to the following modes, i.e. modes using the Port Security 
functionality to secure MAC addresses: 

Summary of Contents for GSW-3208M1

Page 1: ...1 GSW 3208M1 3216M1 3424M1 L2 Managed GbE Switches ...

Page 2: ... w SNMP Version 2 0 November 06 2013 Updated We make no warranties with respect to this documentation and disclaim any implied warranties of merchantability quality or fitness for any particular purpose The information in this document is subject to change without notice We reserve the right to make revisions to this publication without obligation to notify any person or entity of any such changes...

Page 3: ...rts eight TX ports and two extra SFP ports for Gigabit Ethernet connections 2 16 TX 2 SFP 18G ports model This model supports sixteen TX ports and two extra SFP ports for Gigabit Ethernet connections 3 24 TX 4 SFP 24G ports model This model supports twenty four TX ports and four share SFP ports Port 21 24 are 1000TX RJ45 port SFP port optional for Gigabit connection And they can auto detect the co...

Page 4: ...mmands 70 6 2 5 VLAN Configuring Commands 97 6 2 6 Show Commands 99 6 3 ABOUT TELNET AND SNMP MANAGEMENT INTERFACES 138 6 3 1 About Telnet Management Interface 138 6 3 2 About SNMP Management Interface 138 6 4 MANAGEMENT WITH HTTP CONNECTION 139 6 4 1 Configuration System 141 6 4 2 Configuration Power Reduction 145 6 4 3 Configuration Ports 146 6 4 4 Configuration Security 147 6 4 5 Configuration ...

Page 5: ...Monitor Spanning Tree 214 6 4 24 Monitor MVR 216 6 4 25 Monitor IPMC 217 6 4 26 Monitor LLDP 220 6 4 27 Monitor MAC Table 222 6 4 28 Monitor VLANs 223 6 4 29 Monitor sFlow 224 6 4 30 Diagnostics Ping 225 6 4 31 Diagnostics Ping6 225 6 4 32 Diagnostics VeriPHY 226 6 4 33 Maintenance Restart Device 227 7 SOFTWARE UPDATE AND BACKUP 230 A PRODUCT HARDWARE SPECIFICATIONS 231 B PRODUCT SOFTWARE SPECIFIC...

Page 6: ...r port rate limit IGMP and port configuration Console is supported for command line settings Web Telnet and SNMP interfaces are for remote switch management through network IEEE 802 1x is supported for port security application These functions can meet most of the management request for current network 1 1 Package Contents One Gigabit Management Switch One AC power cord for AC power model only One...

Page 7: ...t function according to specifications beyond the temperature range of 0 to 50 degrees C For 8TX 2SFP 16TX 2SFP 24TX 4SFP model you can also install the switch on a 19 rack with rack mount kits as the picture Rack mount kits are option for 8TX 2SFP and 16TX 2SFP models Rack Mount Installation Before rack mounting the switch please pay attention to the following factors 1 Temperature Because the te...

Page 8: ...s Attach Rack Mount Brackets to the Switch 1 Position a Rack Mount Bracket on one side of the Switch 2 Line up the screw holes on the bracket with the screw holes on the side of the switch 3 Use a screwdriver to install the M3 flat head screws through the mounting bracket holes into the switch There could have two or four screws for one bracket That depends on the model that installed 4 Repeat Ste...

Page 9: ...Line up the screw holes on the bracket with the screw holes on the side of the rack 3 Use a screwdriver to install the rack screws through the mounting bracket holes into the rack 4 Repeat Step 1 3 to attach another bracket that is already attached to the switch on another side of the rack ...

Page 10: ...ctions you can connect long distance fiber optic cable to the switch Because this switch supports Auto MDI MDI X detection on each TX port you can use normal straight through cable for both workstation connection and hub switch cascading 3 2 Connecting to Another Ethernet Switch Hub This Switch can be connected to existing 10Mbps 100Mbps 1000Mbps hubs switches Because all TX ports on the Switch su...

Page 11: ...dress of the packet As a result the switch can significantly reduce unnecessary traffic The example below demonstrates the switch ability to segment the network The number of nodes on each segment is reduced thereby minimizing network contention collisions and boosting the available bandwidth per port With Management function of the switch network administrator is easy to monitor network status an...

Page 12: ...e SFP slot directly The switch can auto detect the fiber optic connection from SFP slot S F PS lo t Follow the steps for module adding and removing Add SFP Transceiver 1 Plug in the SFP Transceiver to SFP slot directly 2 Connect network cable to the SFP Transceiver If the connected devices are working the Link Act LED will be ON Remove SFP Transceiver Unplug the SFP Transceiver from SFP slot direc...

Page 13: ...16TX 2SFP 24TX 4SFP Models LED STATUS CONDITION Power ON Sw itch is receiving pow er OFF Sw itch is pow er OFF System OFF System is booting Green System is running Link Act ON Port has established a valid link Flashing Data packets being received or sent Green The connection speed is 1000Mbps Yellow The connection speed is 10M or 100Mbps ...

Page 14: ...ogether the bottleneck will happen at the cascading connection If more cables could be used for the cascading connection it will reduce the bottleneck problem In normal case switches will become unstable because of traffic looping when more than one cable is connected between them If the switches support trunk function they can treat these cables as one connection between them The traffic looping ...

Page 15: ...an learn the Mac address from user s packets and keep these Mac address in the ARL table for store and forward table lookup operation But these Mac addresses will be deleted from ARL table after some time when users do not send any packets to the switch This operation is called aging and the time is called aging time It is about 5 minutes normally it could be changed by users If users want to keep...

Page 16: ...s traffic This function can limit the network bandwidth utilization of users 10 IP Multicast with IGMP Snooping IP multicast function can forward packets to a group of users connected on different ports The user group is learned by the switch from packets of IGMP active router with IGMP snooping function It is often used for video applications 11 MVR Multicast VLAN Registration VLAN function will ...

Page 17: ...limit 16 LLDP Link Layer Discover Protocol LLDP protocol is used by network devices to advertise their identity capabilities and interconnections on a LAN network This switch can advertise its system information and show the information of the connected network devices by LLDP protocol 17 Software Backup Update This switch supports backup and update functions for its internal software and its netw...

Page 18: ...Windows Installation Disk Please refer to your Windows user manual for the installation 3 Power on the switch If everything is correct the booting screen will appear in the terminal program when the switch is powered on It will stop at the following screen after some initializing messages Softw are Version 10 P Ver 1 00 00 MAC Address 00 00 00 11 22 33 Number of Ports 10 Username Previlege Levels ...

Page 19: ...v6 echo packets to other netw ork nodes quit Quit commands reload Halts and performs a w arm restart show Show s information configure Enter configuration mode copy Copies from one file to another These are the basic system commands for the switch For system configuring configure command can enter the configure mode And the prompt will become configure config In the configure mode the general conf...

Page 20: ...previously run commands logout Disconnect ping Ping IPv4 address ICMPv4 echo packets to other netw ork nodes ping6 Ping IPv6 address ICMPv6 echo packets to other netw ork nodes quit Quit commands reload Halts and performs a w arm restart show Show s information copy Copies from one file to another These are the basic system commands for the switch With operator level it is allowed to view the swit...

Page 21: ...key can get last input command Down Arrow key this key can get next input command Left Arrow Right Arrow key the key can move the cursor Backspace key this key can delete the letter in front of cursor key this key can get the command list Command Mode There are four command modes for console interface 1 General Basic Commands These are basic commands after login Users can show switch configuration...

Page 22: ...or settings on Port 5 If the settings are for VLAN group it is done with interface vlan x command in configure mode And the prompt will become config if For example interface vlan 100 is for settings on VLAN 100 4 VLAN Configuring Commands If the settings are general VLAN settings it is done with vlan database command in configure mode And its prompt will become config vlan ...

Page 23: ...odes quit Quit commands reload Halts and performs a warm restart show Shows information configure Enter configuration mode copy Copies from one file to another 1 exit command This command is used to leave current operation mode It will do logout at this basic command interface 2 help command This is a help command and the console will prompt with all available commands 3 history command This comma...

Page 24: ...ing interval ip n count Number of echo requests to send 1 60 l length Send buffer size and length 2 1452 i ping interval 0 30 ip IPV6 address For example fc80 215 c5ff fe03 4dc7 7 quit command This command is used to quit the console interface 8 reload command This command is used to reset switch It will halt and perform a warm restart Enter reload at the prompt the switch will do warm restart in ...

Page 25: ...ation on the running configuration rate limit rate limits rmon Rmon sflow Sampling flow snmp Simple Netw ork Management Protocol statistis spanning tree Spanning tree configuration storm control Show storm control configuration system System information tacacs server TACACS server settings trunk Trunk information users Show users configuration version System hardw are and softw are versions vlan V...

Page 26: ...de And the prompt will become config In this mode administrator can do system configuration of the switch The operation of configure mode will be described in next section exit command can be used to quit this operation mode 11 copy command This command is used to backup system configuration firmware to TFTP server restore system configuration from TFTP server and update firmware from TFTP server ...

Page 27: ... IP ip address IPv4 or IPv6 address copy firmware running firmware tftp ip address yyy command is used to backup current running firmware to TFTP Server at IP ip address IPv4 or IPv6 address as file name yyy in binary format copy firmware tftp running firmware ip address yyy command is used to update the running firmware file yyy from TFTP Server at IP ip address IPv4 or IPv6 address ...

Page 28: ...n aggregation Set aggregation mode configuration arp inspection Set ARP inspection configuration default Restore to factory default setting dhcp relay Configures DHCP Relay Configuration dhcp snooping Configures DHCP Snooping Configuration dot1x Configures 802 1x port based access control end Exit from configure mode hostname Sets system s network name interface Enters privileged interface configu...

Page 29: ... Go back to last mode 2 help command This command is used to show all the available commands in this mode 3 history command This command is used to show the history of entering commands 4 logout command This command is used to logout from console interface 5 quit command This command is used to quit from console interface It has the same function as logout 6 aaa command This command is used to set...

Page 30: ... possible if the Authentication Method is set to a value other than none or local RADIUS Server is set by radius authentication server command for command line interface or set in AAA function for web interface TACACS Server is set by tacacs authentication server command for command line interface or set in AAA function for web interface 7 acl command This command is used to configure ACL access c...

Page 31: ...200 300 1000000 for unit kbps A rate limiter can be applied to ACE or port by its index number Next these are the commands for acl add x command to define a ACL rule Access Control Entry ACE The prompt is config ace x Enter at the prompt config ace x the commands will be shown For example config acl add 10 config ace 10 exit Exit from current mode help Show available commands history Show a list o...

Page 32: ...g config ace 10 frame type any Define Frame to any arp Define Frame to ARP ethernet type Ethernet Type 0x600 0xFFFF or any but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 ipv4 Define Frame to IPv4 Frame frame type any Any frame can match this ACE frame type arp Only ARP frames can match this ACE Notice the ARP frames won t match the ACE with ethernet type frame type ethernet type Only Ethernet ...

Page 33: ...y the rate limiter for this ACE x is the index of rate limiter with number 1 16 16 shutdown Specify the port shut down operation of the ACE shutdown command can enable this function If a frame matches the ACE the ingress port will be disabled 17 source mac this command is used to specify L2 source Mac address of packet for filter matching source mac any No SMAC filter is specified SMAC filter stat...

Page 34: ...r 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through the switch device arp inspection mode command can enable this function And no arp inspection mode can disable it After enable this function globally it also need to enable by port with port setup interface under prompt config if Only when both Global Mode and Por...

Page 35: ...P relay agents MAC address dhcp relay information mode command can enable DHCP Option 82 operation And no dhcp relay information mode command can disable it When DHCP relay information mode operation is enabled the agent inserts specific information option 82 into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client It only works when DH...

Page 36: ...usted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server After DHCP Snooping is enabled set trusted ports in port configuring interface under prompt config if next And connect DHCP servers on trusted ports only 13 dot1x command This command is used configure the general settings of 802 1x func...

Page 37: ...me for retransmission of Request Identity EAPOL frames x is a number between 1 65535 in seconds This has no effect for MAC based ports dot1x guest_vlan command is used to enable Guest VLAN function And no dot1x guest_vlan command is used to disable it When it is enabled the individual ports ditto setting determines whether the port can be moved into Guest VLAN The port setting is configured in por...

Page 38: ... radius_vlan is used to disable it When enabled the individual ports ditto setting determine whether RADIUS assigned VLAN is enabled on that port When disabled RADIUS server assigned VLAN is disabled on all ports RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming traffic will be classified to and swi...

Page 39: ...ups characteristics setting config interface ethernet Ethernet port vlan Sw itch Virtual LAN interface All the port setting commands are put in interface configuring mode like rate limit setting speed duplex setting And characteristics settings for VLAN groups are also done in interface configuring mode like IP address assignment For example the console will enter interface configuring mode for Po...

Page 40: ...rent configured DNS server on DUT and reply as a DNS resolver to the client device on the network no dns proxy command is used to disable it ip https command is used to configure https service of the switch Entering ip https the sub command will be shown config ip https secure server Enable secure HTTP server automatic redirect Automatically redirect w eb brow ser to HTTPS ip https secure server c...

Page 41: ...VLAN is also created x is VALN ID with number 1 4095 ip igmp snooping vlan x compatibility command is used to set the IGMP operation compatibility mode Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a network The allowed selection is IGMP Auto Forced IGMPv1 Forced IGMPv2 Forced IGMPv3 default compa...

Page 42: ...leave proxy command is used to enable IGMP Leave Proxy And no ip igmp snooping leave proxy command is used to disable it This feature can be used to avoid forwarding unnecessary leave messages to the router side ip igmp snooping proxy command is used to enable IGMP Proxy And no ip igmp snooping proxy command is used to disable it This feature can be used to avoid forwarding unnecessary join and le...

Page 43: ...responding static VLAN is also created x is VALN ID with number 1 4095 ip mld snooping vlan x compatibility command is used to set the MLD operation compatibility mode Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network The allowed selection is MLD Auto Forced MLDv1 Forced MLDv2 default compati...

Page 44: ...it ip mld snooping vlan x state command is used to set snooping state for the VLAN ip mld snooping leave proxy command is used to enable MLD Leave Proxy And no ip mld snooping leave proxy command is used to disable it This feature can be used to avoid forwarding unnecessary leave messages to the router side ip mld snooping proxy command is used to enable MLD Proxy And no ip mld snooping proxy comm...

Page 45: ...his function globally And no ip source guard mode is used to disable it globally Enabling IP Source Guard on ports is done in port interface configuring mode under prompt config if Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port ip source guard translation command is used to translate all dynamic entries to static entries 19 lldp c...

Page 46: ... of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value x is the Tx delay Interval Valid values are restricted to 1 8192 seconds lldp reinit delay x command is used to specify reinit delay When a port is disabled LLDP is disabled or the switch is rebooted an LLDP shutdown frame is transmitted to the neighboring units signalling that the LLDP information isn t valid anymore...

Page 47: ...e supported y y y y is the IPv4 host address of syslog server If the switch provides DNS feature it also can be a host name logging clear command is used to clear logging table information Entering logging clear the sub commands will be shown config logging clear 0 2 Logging level cr All logging clear x command is used to clear level x logging table information x is the logging level with value 0 ...

Page 48: ...red by port That is done in port configuring interface under prompt config if 22 mac address table command This command is used to configure functions for Mac address table of the switch Entering mac address table the sub commands will be shown config mac address table aging time Aging time for entries in the address table static Sets MAC address table static information mac address table aging ti...

Page 49: ... be allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch mac security mode command is u...

Page 50: ...or command can be used to disable mirror function of the switch 26 mvr command This command is used to configure MVR Multicast VLAN Registration function VLAN function will isolate traffic between VLAN groups But it will also isolate IP multicast traffic for subscribers in different VLANs The MVR function allows one multicast VLAN to be shared by subscribers in different VLANs That can reduce the ...

Page 51: ...status tagging Specify w hether the traversed IGMP MLD control frames w ill be sent as Untagged or Tagged w ith MVR VID mvr x llqi y command is used to define the maximum time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership LLQI Last Listener Query Interval is the maximun response time used to calculate the Maximun Respse Code ins...

Page 52: ...r x is the Multicast VLAN ID y is the priority with value 0 7 mvr x status clear command is used to clear MVR operational status and statistics for Mltuicast VLAN x x is the Multicast VLAN ID mvr x tagging tagged untagged command is used to specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged with MVR VID x is the Multicast VLAN ID mvr x name yyy command is used...

Page 53: ... control Configures TACACS Authentication Server tacacs authentication server Configures TACACS Authentication Server username Sets system s netw ork name voice vlan Voice VLAN Configuration For example mirror command can enable the mirror function and no mirror command can disable it ip default gateway 192 168 1 100 will set the IP gateway of the switch to 192 168 1 100 and no ip default gateway ...

Page 54: ...uration recurring will set the Daylight Saving Time duration to repeat the configuration every year ntp dst start time v w x y z command is used to set the start time of Daylight Saving Time duration v is the month number Its value is 1 12 w is the date number Its value is 1 31 x is the year number Its value is 2000 2097 y is the hour number Its value is 0 23 z is the minute number Its value is 0 ...

Page 55: ...CP then it can map this QoS to internal DSCP This internal DSCP then can do another egress map to affect the DSCP value when the frame is sent out It could rewrite the egress DSCP value when Egress Rewrite is not disable qos dscp classification mode x command is used to select the ingress DSCP value for classification mode x is the dscp value 0 63 Select the DSCP value to enable its QoS Class to i...

Page 56: ...ed DSCP values are treated as a non IP frame Entering qos qcl the following sub commands will be shown config qos qcl 1 256 QCE ID Entering qos qcl x the prompt will become config QCE x for further Queue Control Entry configuration x is the index of this QCE with number 1 256 For example enter qos qcl 10 config qos qcl 10 config QCE 10 And config QCE 10 exit Exit from current mode help Show availa...

Page 57: ...on x is the DSCP value between 0 63 7 ethernet command This command is used to assign ports to this QCL Entry Its format is config QCE 10 ethernet 1 10 Unit number format 1 x 1 x y z 1 x y 1 x y z 8 key command This command is used to define the key parameters for this QCL Entry The key parameter is the L2 to L4 information of a frame config QCE 10 key dmac type Destination MAC type frame type Fra...

Page 58: ...command x is the port number Please refer to qos command in Section 6 2 4 1 for the details 31 radius accounting server command This command is used to configures RADIUS Accounting Server Up to five RADIUS Accounting Servers are supported The following is the details of the command Configure the server radius accounting server x active command is used to activate RADIUS Accounting Server x x is th...

Page 59: ...rvals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead 32 radius authentication server command This command is used to configures RADIUS Authentication Server Up to five RADIUS Authentication Servers are supported The following is the details of t...

Page 60: ...sign In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead 33 rmon command This function is used to configure RMON function of the switch This switch supports RMON gr...

Page 61: ...e type absolute delta command is use to select the method of sampling the selected variable and calculating the value to be compared against the thresholds x is the index of the entry between 1 65535 The possible sample types are absolute Get the sample directly delta Calculate the difference between samples rmon alarm x startup alarm falling rising risingorfalling command is used to select the me...

Page 62: ...x of the entry The range is from 1 to 65535 For example entering rmon history 10 the follwing sub commands will be shown config rmon history 10 buckets Indicates the maximum data entries associated this History control entry stored in RMON data_source Indicates the port ID w hich w ants to be monitored interval Indicates the interval in seconds for sampling the history statistics data rmon history...

Page 63: ...r IP for list of receiver ID release Release time_out Set the Receiver Time_out for list of receiver ID sflow receiver datagramsize x command is used to set the Reciever Data gram length for list of receiver ID x is the maximum number of data bytes that can be sent in a single sample datagram This should be set to a value that avoids fragmentation of the sFlow datagrams Valid range is 200 to 1468 ...

Page 64: ...ndex of Trap community Defines SNMP community access string contact Sets the system contact string enable Enables SNMP function location Sets the system location string snmpv3 access Sets the snmpv3 community snmpv3 community Sets the snmpv3 community snmpv3 group Sets the snmpv3 group configuration snmpv3 user Sets the snmpv3 user configuration snmpv3 view Sets the snmpv3 view configuration versi...

Page 65: ...et xxx command is used to set the community string of get command for SNMP operation xxx is the community string snmp server community set xxx command is used to set the community string of set command for SNMP operation xxx is the community string snmp server contact xxx command is used to set the contact information for this switch xxx is the contact information string snmp server enable command...

Page 66: ...e treated as security name and map a SNMPv1 or SNMPv2c community string y y y y is the SNMP access source address z z z z is the SNMP access source address mask And no snmp server snmpv3 community community xxx command is used to delete a SNMPv3 Community Entry snmp server snmpv3 group security model v1 v2c usm security name xxx group name yyy command is used to create a SNMPv3 group xxx is a stri...

Page 67: ... the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID equal system engine ID then it is local user otherwise it s remote user User Name is a string identifying the user name that this entry should belong to T...

Page 68: ...onfiguration Name and Configuration Revision for MSTI Configuration xxx is a string as Configuration Name It is the name identifying the VLAN to MSTI mapping Bridges must share the name and revision as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters y is a number between 0 65535 as Configuration Revision It i...

Page 69: ...ess of the switch forms a Bridge Identifier spanning tree recovery x command is used to set edge port error recovery timeout It is the time to pass before a port in the error disabled state can be enabled x is the timeout value Valid values are between 30 and 86400 seconds 24 hours spanning tree transmit hop count x command is used to set the STP Bridge Transmit Hold Count parameter It is the numb...

Page 70: ...erver x port y command is used to assign the TCP port to use on the TACACS Authentication Server x is the server index number between 1 5 y is the TCP port number between 0 65535 If the port is set to 0 zero the default port 49 is used Configure the operation parameters tacacs authentication server dead time x command is used to specify Dead Time of Common Servers x is the Dead Time with a number ...

Page 71: ... level it is allowed to fully management the switch With operator level it is allowed to view the switch status and configuration and run some system maintenance commands With guest level it is allowed to view the switch status and configuration only No setup configure commands are supported 40 vlan command This command is used to enter VLAN configuring mode And the prompt will become config vlan ...

Page 72: ... is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit yyy is the description of OUI address Normally it describes which vendor telephony device it belongs to The allowed string length is 0 to 32 voice vlan oui clear command is used to clear OUI table All OUI entries will be deleted voice vlan oui delete ...

Page 73: ...ils And interface vlan x command is used to assign characteristics to a VLAN interface For example assigning IP address to a VLAN interface is done with this command 6 2 4 1 Interface Configuring Commands for Port Commands in Configuring Mode are for general switch settings And its prompt is config If the settings are for ports it is done with interface ethernet 1 x command in configure mode For e...

Page 74: ...ommands acl Access Control List Configuration arp inspection Set ARP inspection configuration channel group Adds ports to a trunk dhcp snooping Configures DHCP Snooping Configuration dot1x Configures 802 1x port based access control eee Set the eee mode end Exit from interface mode excessive Configure port transmit collision behavior flowcontrol Enables flow control during autoneg interface Enters...

Page 75: ...nterface 5 quit command This command is used to quit from console interface It has the same function as logout 6 acl command This command is used to configure the ACL parameters ACE for the interface port s These parameters will affect frames received on a port unless the frame matches a specific ACE Enter acl The sub commands will be shown config if acl action Select w hether forw arding is permi...

Page 76: ...l shutdown command is used to enable shutdown function for the interface port s If a frame is received on the port the port will be disabled And no acl shutdown command is used to disable it 7 arp inspection command This command is used to configure ARP Inspection function for the interface port s Enter arp inspection The sub commands will be shown config if arp inspection entry Add ARP inspection...

Page 77: ...x function for the interface port s Enter dot1x the sub commands will be shown config if dot1x authenticate Refresh restart 802 1X authentication process clear Clear 802 1X statistics guest_vlan Guest VLAN Enabled port control Needs dot1x aw are client RADIUS server authorization radius qos RADIUS Assigned QoS Enabled radius vlan RADIUS Assigned VLAN Enabled dot1x authenticate command is used to s...

Page 78: ...ss mac based Configures the port to MAC based authentication Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the...

Page 79: ...based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Single 802 1X variant Single 8...

Page 80: ...ion fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it s invalid or the supplicant is otherwise no longer present on the port the port s VLAN ID is immediately reverted to the original VLAN ID which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802...

Page 81: ...w control function of the interface port s no flowcontrol command is used to disable flow control function of the interface port s 15 interface command This command is used to change the interface port s for next setup commands config if interface ethernet Ethernet port config if interface ethernet 1 10 Unit number format 1 x 1 x y z 1 x y 1 x y z For example config interface ethernet 1 5 will set...

Page 82: ...r ip mld snooping router command is used to set the port as router port for IGMP MLD snooping operation And no ip igmp snooping router no ip mld snooping router command is used to set the port as non router port A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP MLD querier If an aggregation member port is selected as a router port the whole aggr...

Page 83: ... is used to enable LACP function on the ports And no lacp mode command is used to disable it lacp priority x command is used to set LACP Priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower number means greater priority lacp role active passiv...

Page 84: ... only the first address is shown in the LLDP neighbours table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighbours table If all ports have ...

Page 85: ...enerating loop protection PDU s or whether it is just passively looking for looped PDU s 21 mac learn command This command is used to configure Mac Address Learning function for the ports mac learn auto disable secure command is used to set the Mac Address Learning function for the ports auto Learning is done automatically as soon as a frame with unknown SMAC is received disable No learning is don...

Page 86: ...issuing IGMP MLD messages source port Configure uplink ports that receive and send multicast data as source ports Subscribers cannot be directly connected to source ports Note MVR source ports are not recommended to be overlapped with management VLAN ports 25 no command This command is used to disable a function or restore a setting to factory default of the switch config if no acl Access Control ...

Page 87: ...ty port monitor ethernet 1 x disabled enabled rx tx command is used to add Port x to the monitored port list And no port monitor ethernet 1 x command will remove Port x from monitored port list x is the monitored port number with format format 1 x 1 x y z 1 x y 1 x y z disabled Neither frames transmitted nor frames received are mirrored enabled Frames received and frames transmitted are mirrored o...

Page 88: ...ed to assign the interface port s to a Port based VLAN port vlan x command will assign the interface port s to a Port based VLAN x is the index of the Port based VLAN with value 1 10 And no port vlan x command is used to remove the interface port s from a Port based VLAN port vlan isolation command is used to put the ports to the isolation port group Memebers in the isolation port group will be is...

Page 89: ...configure the ingress mapping of the classified PCP DEI to QoS class DP level values when Tag Classification is set to Enabled w is pcp value 0 7 x is DEI value 0 1 y is QoS class value 0 7 z is DP level value 0 1 qos classification pcp x command is used to set the default PCP Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame It is also known as User Priority ...

Page 90: ...f the ingress queue And no qos policer mode command is used to disable it qos policer rate x command is used to set the port policer rate on the ports x is a value between 100 1000000 when the Unit is kbps or fps 1 3300 when the Unit is Mbps or kfps qos policer unit kbps fps command is used to set the port policer rate unit on the ports It could be kbps kilo bit per second or fps frame per second ...

Page 91: ...th value 0 7 x is DP level with value 0 1 y is PCP with value 0 7 z is DEI with value 0 1 qos tagremarking mode classified default mapped command is used to set the tag remarking operation mode classified Use classified PCP DEI values default Use default PCP DEI values mapped Use mapped versions of QoS class and DP level Note The egress port must be a tagged port for tag remarking operation qos ta...

Page 92: ...and This command is used to configure spanning tree function on interface port s config if spanning tree autoedge Set the STP autoEdge port bpduguard Set the bpduGuard port edge port Specifies spanning tree edge port mcheck Set the STP mCheck Migration Check variable for ports msti Specifies spanning tree MSTI p2p Set the STP point2point port restrictedrole Set the MSTP restrictedRole port restric...

Page 93: ...in MSTI x x is the index of MSTI with value 0 7 y is priority value in range 0 240 This can be used to control priority of ports having identical port cost spanning tree p2p auto false true command is used to set the ponit to point connection mode for the ports If the ports connects to a point to point LAN rather than to a shared medium the ponit to point connection mode is true This can be automa...

Page 94: ...ort speed to be auto 10hdx Set port speed to be 10M hdx 10fdx Set port speed to be 10M fdx 100hdx Set port speed to be 100M fdx 100fdx Set port speed to be 100M fdx 1000fdx Set port speed to be 1G fdx speed auto command will set the interface port s to auto negotiation mode speed 10hdx 10fdx command will set the interface port s to 10M speed full duplex or half duplex Speed 100hdx 100fdx command w...

Page 95: ...m port the TPID in tag of egress frame are always customized TPID as Service VLAN This is for Q in Q uplink connection s port When a port is setup as S port the TPID in tag of egress frame are always 0x88A8 as Service VLAN This is for Q in Q uplink connection unaware When a port is setup as Unaware Incoming frames will be treated as untagged Even when an incoming frame is tagged this tag is treate...

Page 96: ...ony device by OUI address lldp Detect telephony device by LLDP both Both OUI and LLDP voice vlan port mode auto disable force command is used to set Voice VLAN operation mode on the ports auto Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically disable Disjoin from Voice VLAN force Force join to Voice VLAN...

Page 97: ...d list will be shown config if exit Exit from current mode help Show available commands history Show a list of previously run commands logout Disconnect quit Quit commands interface Enters privileged interface configuration ip Set the IPv4 setup ipv6 Set othe IPv6 setup no Negates a command or sets its defaults 1 exit command This command is used to leave current operation mode Go back to last mod...

Page 98: ...P client function DHCP client function will try to get IP configuration from DHCP server in network And no ip address dhcp command can be used to disable it If DHCP fails and the configured IP address is zero DHCP will retry If DHCP server does not respond around 35 seconds and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will ann...

Page 99: ...red IPv6 settings will be used The router may delay responding to a router solicitation for a few seconds the total time needed to complete auto configuration can be significantly longer ipv6 address renew command is used to refresh the the IPv6 address got by IPv6 Auto Configuration function ipv6 address ipv6 address command is used to set IPv6 adress of the switch on this VLAN ipv6 address is th...

Page 100: ...is described in Section 6 2 4 2 Entering vlan database and the prompt will become config vlan database config vlan Enter at the prompt the sub command list will be shown config vlan exit Exit from current mode help Show available commands history Show a list of previously run commands logout Disconnect quit Quit commands end Exit from vlan mode no Negates a command or sets its defaults vlan Switch...

Page 101: ...an no vlan Sw itch Virtual LAN interface For example no vlan 100 command will remove VLAN 100 8 vlan command This command is used to create a 802 1Q VLAN or set the Custom S port EtherType for Q in Q operation vlan x command is used to create a VLAN x is the VLAN ID between 1 4094 no vlan x command is used to delete VLAN x vlan x name yyy command is used to create a VLAN with VLAN ID x and VLAN Na...

Page 102: ...ion Show loopback detection mac address table Configuration of the address table mac security MAC Security Configuration management Management IP filter map Maps priority mvr Show MVR Status ntp Simple Network Time Protocol configuration port Port characteristics queue Priority queue information radius server RADIUS server information running config Information on the running configuration rate li...

Page 103: ...abled Disabled Disabled 0 3 0 Permit Disabled Disabled Disabled Disabled Disabled 0 4 0 Permit Disabled Disabled Disabled Disabled Disabled 0 5 0 Permit Disabled Disabled Disabled Disabled Disabled 0 6 0 Permit Disabled Disabled Disabled Disabled Disabled 0 7 0 Permit Disabled Disabled Disabled Disabled Disabled 0 8 0 Permit Disabled Disabled Disabled Disabled Disabled 0 9 0 Permit Disabled Disabl...

Page 104: ...t User ID Port Frame Action Rate L Port C Mirror CPU Counter Confl S 1 All Any Permit Disabled Disabled Disabled No 29794 No Number of ACEs 1 User the ACL user ID the ACE ID number Port ingress port of the ACE Frame the frame type of the ACE Action action of the ACE Rate L the rate limiter number of the ACE Port C the port redirect operation of the ACE Frames matching the ACE are redirected to the...

Page 105: ... Disabled Frame Type Any Counter 31393 Action Permit MAC Parameters VLAN Parameters 802 1Q Tagged Any VLAN ID Any Tag Priority Any show acl command will show all ACE status For example show acl ID Type Port Policy Frame Action Rate L Port C Mirror Counter 1 User All Any Any Permit Disabled Disabled Disabled 31741 Number of ACEs 1 2 show calendar command This command will show current system time F...

Page 106: ...Last ID 1 Force Unauthorized Globally Disabled 2 Force Unauthorized Globally Disabled 3 Force Unauthorized Globally Disabled 4 Force Unauthorized Globally Disabled 5 Force Unauthorized Globally Disabled 6 Force Unauthorized Globally Disabled 7 Force Unauthorized Globally Disabled 8 Force Unauthorized Globally Disabled 9 Force Unauthorized Globally Disabled 10 Force Unauthorized Globally Disabled L...

Page 107: ...Frame Seen Disabled show dot1x guest_vlan command is used to show per port enabledness of Guest VLAN For example show dot1x guest_vlan Guest Port VLAN Current 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled show dot1x radius_qos command is used to show per port enabledness of RADIUS assigned QoS For example show dot1x radius_qos RADIUS...

Page 108: ...mand is used to show 802 1X statistics For example show dot1x statistics Port 1 EAPOL Statistics Rx Total 0 Tx Total 0 Rx Response Id 0 Tx Request Id 0 Rx Response 0 Tx Request 0 Rx Start 0 Rx Logoff 0 Rx Invalid Type 0 Rx Invalid Length 0 Port 1 Backend Server Statistics Rx Access Challenges 0 Tx Responses 0 Rx Other Requests 0 Rx Auth Successes 0 Rx Auth Failures 0 More 5 show eee command This c...

Page 109: ...atus show interface counters Interface counters information detailed_counters Interface detailed counters information dualMedia_fiberMode Show the port speed for fiber ports psec Port security status sfp Show the detected sfp type status Interface status information switchport Interface switchport information veriphy Run cable diagnostics show interface counters command will show statistics counte...

Page 110: ... 0 Rx Unicast 0 Tx Unicast 0 Rx Multicast 0 Tx Multicast 0 Rx Broadcast 0 Tx Broadcast 0 Rx Pause 0 Tx Pause 0 Rx 64 0 Tx 64 0 Rx 65 127 0 Tx 65 127 0 Rx 128 255 0 Tx 128 255 0 Rx 256 511 0 Tx 256 511 0 Rx 512 1023 0 Tx 512 1023 0 Rx 1024 1526 0 Tx 1024 1526 0 Rx 1527 0 Tx 1527 0 show interface psec port command will show MAC addresses learned by port security For example show interface psec port ...

Page 111: ...rface status Port Configuration Port State Mode Flow Control MaxFrame Pow er Excessive Link 1 Enabled Auto Disabled 9600 Disabled Discard Dow n 2 Enabled Auto Disabled 9600 Disabled Discard Dow n 3 Enabled Auto Disabled 9600 Disabled Discard Dow n 4 Enabled Auto Disabled 9600 Disabled Discard Dow n 5 Enabled Auto Disabled 9600 Disabled Discard Dow n 6 Enabled Auto Disabled 9600 Disabled Discard Do...

Page 112: ...re show interface switchport status command will show VLAN Port Configuration Status For example show interface sw itchport status Port VLAN User PortType PVID Frame Type Ing Filter Tx Tag UVID Conf licts 1 Static Unaw are 1 All Disabled Untag This 1 NAS No MVR No Voice VLAN No MSTP No Combined Unaw are 1 All Disabled Untag This 1 No More show interface veriphy command will run cable diagnostics F...

Page 113: ...fy IP Source Guard show ip arp inspection command is used to show ARP Inspection configuration and status For example show ip arp inspection ARP Inspection Configuration ARP Inspection Mode Disabled Port Port Mode 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled ARP Inspection Entry Table Type Port VLAN MAC Address IP Address show ip dh...

Page 114: ...Inform 0 Tx Inform 0 Rx Lease Query 0 Tx Lease Query 0 Rx Lease Unassigned 0 Tx Lease Unassigned 0 Rx Lease Unknow n 0 Tx Lease Unknow n 0 Rx Lease Active 0 Tx Lease Active 0 More show ip http server secure status commans will show current Http security mode status show ip http server secure status HTTPS Configuration HTTPS Mode Enabled HTTPS Redirect Mode Disabled show ip igmp command will show c...

Page 115: ...isabled IPv6 Link Local Address fe80 2c0 f9ff fe66 6699 IPv6 Address fc80 215 c5ff fe03 4dc0 IPv6 Prefix 120 IPv6 Router Active Configuration for IPv6 Static w ith Stateless IPv6 Address fe80 2 2c0 f9ff fe66 6699 64 Scope Link Status UP RUNNING Enabled MTU 1500 LinkMTU is 1500 IPv6 Address fc80 215 c5ff fe03 4dc0 128 Scope Global Status UP RUNNING Enabled MTU 1500 LinkMTU is 1500 show ip mld comma...

Page 116: ...urce Guard Mode Enabled Port Port Mode Dynamic Entry Limit 1 Disabled unlimited 2 Disabled unlimited 3 Disabled unlimited 4 Disabled unlimited 5 Disabled unlimited 6 Disabled unlimited 7 Disabled unlimited 8 Disabled unlimited 9 Disabled unlimited 10 Disabled unlimited IP Source Guard Entry Table Type Port VLAN IP Address MAC Address 9 show lacp command This command is used to show current LACP co...

Page 117: ...to Active Fast show lacp statistics command will show current LACP statistics show lacp statistics System Priority 32768 Port Timeout PriorityRx Frames Tx Frames Rx Unknow n Rx Illegal 1 Fast 327680 0 0 0 2 Fast 327680 0 0 0 3 Fast 327680 0 0 0 4 Fast 327680 0 0 0 5 Fast 327680 0 0 0 6 Fast 327680 0 0 0 7 Fast 327680 0 0 0 8 Fast 327680 0 0 0 9 Fast 327680 0 0 0 10 Fast 327680 0 0 0 show lacp stat...

Page 118: ...isabled 6 Disabled Enabled Enabled Enabled Enabled Enabled Disabled 7 Disabled Enabled Enabled Enabled Enabled Enabled Disabled 8 Disabled Enabled Enabled Enabled Enabled Enabled Disabled 9 Disabled Enabled Enabled Enabled Enabled Enabled Disabled 10 Disabled Enabled Enabled Enabled Enabled Enabled Disabled show lldp info command will show LLDP neighbor device information show lldp info No LLDP en...

Page 119: ...n cr show log command is used to show current system log content For example show log Number of entries Info 2 Warning 0 Error 0 All 2 ID Level Time Message 1 Info 2011 01 01T00 00 00 00 00 Sw itch just made a cold boot 2 Info 2011 01 01T00 00 03 00 00 Link up on port 7 show log configuration command is used to show current system log configuration For example show log configuration System Log Con...

Page 120: ... Port Mode Action Transmit 1 Enabled Shutdow n Enabled 2 Enabled Shutdow n Enabled 3 Enabled Shutdow n Enabled 4 Enabled Shutdow n Enabled 5 Enabled Shutdow n Enabled 6 Enabled Shutdow n Enabled 7 Enabled Shutdow n Enabled 8 Enabled Shutdow n Enabled 9 Enabled Shutdow n Enabled 10 Enabled Shutdow n Enabled show loopback detection status command will show the loop protection status show loopback de...

Page 121: ... 25 01 7 Static 1 00 c0 f9 66 66 99 None CPU Static 1 33 33 00 00 00 01 1 8 10 CPU Static 1 33 33 00 00 00 02 1 8 10 CPU Static 1 33 33 ff 03 4d c0 1 8 10 CPU Static 1 33 33 ff 66 66 99 1 8 10 CPU Dynamic 1 70 5a b6 f8 32 ea 7 Static 1 ff ff ff ff ff ff 1 10 CPU Static 10 00 00 00 01 02 03 5 show mac address table aging time command will show aging time of mac address table For example show mac ad...

Page 122: ... 23 8 0 9 0 10 0 Total Dynamic Addresses 23 Total Static Addresses 7 14 show mac security command This command is used to show Port Security Limit Control Configuration Limit Control allows for limiting the number of users on a given port show mac security Port Security Limit Control Configuration Mode Disabled Aging Disabled Age Period 3600 Port Mode Limit Action State 1 Disabled 4 None Disabled ...

Page 123: ...s Mode Disabled W WEB HTTPS S SNMP T TELNET SSH Idx Start IP Address End IP Address W S T 2 192 168 1 100 192 168 1 200 N N N show management statistics command will show management security statistics show management statistics Access Management Statistics HTTP Receive 0 Allow 0 Discard 0 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Rec...

Page 124: ... class DP level 1 0 0 1 0 0 1 1 1 1 0 0 0 1 1 0 1 2 0 2 0 2 1 2 1 3 0 3 0 3 1 3 1 4 0 4 0 4 1 4 1 5 0 5 0 5 1 5 1 6 0 6 0 6 1 6 1 7 0 7 0 7 1 7 1 More 17 show mvr command This command is used to show MVR configuration and status show mvr config Show MVR configuration group Show MVR group addresses sfm Show SFM including SSM related information for MVR statistics Show MVR operational statistics sho...

Page 125: ...Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled show mvr group command will show MVR Groups show mvr sfm command will show SFM including SSM related information for MVR show mvr statistics command will show MVR statistics show mvr statistics IPv4 Querier Rx Tx Rx Rx Rx Rx VID Status Query Query V1 Join V2 Join V3 Join V2 Leave 10 DISABLE 0 0 0 0 0 ...

Page 126: ...tring 1 64 90 182 55 2 64 236 96 53 3 4 5 show ntp dst command will show daylight saving time configuration show ntp dst System Daylight Saving Time DST Configuration Daylight Saving Time Mode Non Recurring Daylight Saving Time Start Time Settings Week 0 Day 0 Month 1 Date 1 Year 2000 Hour 0 Minute 0 Daylight Saving Time End Time Settings Week 0 Day 0 Month 1 Date 1 Year 2000 Hour 0 Minute 0 Dayli...

Page 127: ...how port monitor Mirror Configuration Mirror Port 5 Port Mode 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled CPU Disabled 20 show queue command This command is used to show QCL Queue Control List configuration and status show queue status Show QCL status cr show queue command will show QCL configuration show queue QoS QCL ID Frame SMA...

Page 128: ...out 15 seconds Server Dead Time 300 seconds RADIUS Authentication Server Configuration Server Mode IP Address Secret Port 1 Disabled 1812 2 Disabled 1812 3 Disabled 1812 4 Disabled 1812 5 Disabled 1812 RADIUS Accounting Server Configuration Server Mode IP Address Secret Port 1 Disabled 1813 2 Disabled 1813 3 Disabled 1813 4 Disabled 1813 5 Disabled 1813 show radius server statistics x command will...

Page 129: ...e vlan 1 ip address 192 168 1 118 255 255 255 0 ipv6 address fc80 215 c5ff fe03 4dc0 120 exit end 23 show rate limit command This command is used to show Rate Limit configuration of each port show rate limit ethernet QoS Port Policer Port Parm Policer 1 Mode Disabled Rate 500 kbps Unit kbps Flow Ctl Disabled 2 Mode Disabled Rate 500 kbps Unit kbps Flow Ctl Disabled 3 Mode Disabled Rate 500 kbps Un...

Page 130: ...taValue Number of entries 1 show rmon event command will show RMON event configuration show rmon event Id Description Type Community LastSent 1 abc none public Never Number of entries 1 show rmon history command will show RMON history configuration show rmon history Id Data Source controlBucketsRequested controlBucketsGranted Interval 10 1 3 6 1 2 1 2 2 1 1 10 50 50 1800 Number of entries 1 show r...

Page 131: ...ort Interval 8 10 show sflow flow_sampler command will show sFlow sampler configuration per port show sflow flow _sampler Flow Sampler Configuration Port Sampling Rate Max Hdr 8 20 128 show sflow receiver command will show sFlow Receiver configuration show sflow receiver Receiver Configuration Ow ner none Receiver 0 0 0 0 UDP Port 6343 Max Datagram 1400 bytes Time left 0 seconds show sflow statist...

Page 132: ... Mode Enabled SNMP Version 2c Read Community public Write Community private Trap Mode Disabled Trap Version 1 Trap Community public Trap Destination 192 168 1 10 Trap IPv6 Destination Trap Authentication Failure Disabled Trap Link up and Link dow n Enabled Trap Inform Mode Enabled Trap Inform Timeout seconds 1 Trap Inform Retry Times 5 Trap Probe Security Engine ID Enabled Trap Security Engine ID ...

Page 133: ...roup entry show snmp group SNMPv3 Groups Table Idx Model Security Name Group Name 1 v1 public default_ro_group 2 v1 private default_rw _group 3 v2c public default_ro_group 4 v2c private default_rw _group 5 usm default_user default_rw _group Number of entries 5 show snmp user command will show SNMPv3 user entry show snmp user SNMPv3 Users Table Idx Engine ID User Name Level Auth Priv 1 Local defaul...

Page 134: ...Edge AutoEdge restrRole restrTcn bpduGuard Point2point Aggr Enabled Disabled Enabled Disabled Disabled Disabled Enabled Port Mode AdminEdge AutoEdge restrRole restrTcn bpduGuard Point2point 1 Disabled Disabled Enabled Disabled Disabled Disabled Auto 2 Disabled Disabled Enabled Disabled Disabled Disabled Auto 3 Disabled Disabled Enabled Disabled Disabled Disabled Auto 4 Disabled Disabled Enabled Di...

Page 135: ...how spanning tree mst command will show system MSTP configuration show spanning tree mst Configuration name xxx Configuration rev 10 MSTI Bridge Priority CIST 32768 MSTI1 32768 MSTI2 32768 MSTI3 32768 MSTI4 32768 MSTI5 32768 MSTI6 32768 MSTI7 32768 MSTI VLANs mapped to MSTI MSTI1 No VLANs mapped MSTI2 No VLANs mapped MSTI3 No VLANs mapped MSTI4 No VLANs mapped MSTI5 No VLANs mapped MSTI6 No VLANs ...

Page 136: ...6 99 Int PathCost 0 Max Hops 20 TC Flag Steady TC Count 0 TC Last Port Port Role State Pri PathCost Edge P2P Uptime 28 storm control command This command is used to show storm control configuration of the switch For example show storm control QoS Storm Control Storm Unicast Disabled 1 fps Storm Multicast Disabled 1 fps Storm Broadcast Disabled 1 fps 29 show system command This command is used to s...

Page 137: ...rver Mode IP Address Secret Port 1 Disabled 49 2 Disabled 49 3 Disabled 49 4 Disabled 49 5 Disabled 49 31 show trunk command This command is used to show trunk configuration of the switch show trunk all Show s all Trunking Group Configuration cr show trunk command will show system trunk configuration show trunk Aggregation Configuration Aggregation Mode SMAC Enabled DMAC Disabled IP Enabled Port E...

Page 138: ...mple show version Softw are Version 10 P Ver 1 00 00 Softw are Date 2012 08 17T14 31 24 08 00 Number of Ports 10 34 show vlan command This command is used to show VLAN configuration of the switch show vlan id VLAN interface isolation Isolation VLAN entry name VLAN interface name port based Port Based Virtual LAN Configuration voice Show voice VLAN configuration cr show vlan command is used to show...

Page 139: ...mbined None No None VLAN forbidden port list VID VLAN Name Ports 10 aaa 2 show vlan isolation command will show port isolation settings show vlan isolation Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled show vlan name xxx command will show VLAN setting of VLAN xxx xxxx is the VLAN name show vlan name aaa VID VLAN Name U...

Page 140: ...Configuration Voice VLAN Mode Disabled Voice VLAN VLAN ID 1000 Voice VLAN Age Time seconds 86400 Voice VLAN Traffic Class 7 Voice VLAN OUI Table Telephony OUI Description Voice VLAN Port Configuration Port Mode Security Discovery Protocol 1 Disabled Disabled OUI 2 Disabled Disabled OUI 3 Disabled Disabled OUI 4 Disabled Disabled OUI 5 Disabled Disabled OUI 6 Disabled Disabled OUI 7 Disabled Disabl...

Page 141: ...ce is the same as console interface 6 3 2 About SNMP Management Interface If you want to use NMS to management the switch from remote site you have to set the IP NetMask Gateway address to the switch and configure the SNMP setting of the switch first Then you can use SNMP management program to manage this switch This switch supports SNMP v1 v2c v3 agent function and MIB II Interface Bridge MIB 802...

Page 142: ... command and the prompt will become config if 4 3 Enter ip address xxx xxx xxx xxx yyy yyy yyy yyy command xxx xxx xxx xxx is the IP address and yyy yyy yyy yyy is the netmask to modify IP address of the switch 4 4 Enter exit command to go back to config prompt 4 5 If IP Gateway will be set enter ip default gateway xxx xxx xxx xxx command to set the IP gateway of the switch xxx xxx xxx xxx is the ...

Page 143: ...ch function status and statistics monitor 3 Diagnostics this is diagnostics functions for switch 4 Maintenance this is for switch maintenance like firmware upgrade configuration backup restore system reset Middle part of homepage is the main operation area for each function This is Logout Click it to logout This is Help Click it to get help information for operation The details about management wi...

Page 144: ...ion and System Contact The information is also applied to SNMP agent function 2 Configuration System IP This page is used to setup IP configuration of the switch You can enable DHCP client function to get IP configuration from DHCP server automatically Or disable DHCP client function and set IP configuration manually ...

Page 145: ...figuration manually 4 Configuration System NTP This switch support NTP protocol to get time from Internet time server For such application you have to Enable the function and input the IP of Time Server Then click Save For such application you have to get the IP of Time Server from your network administrator first Then configure Time Zone and Daylight Saving Time at Configuration System Time page ...

Page 146: ...cation to configure Time Zone Daylight Saving Time function will set the system time one hour early than normal time in a period of time Start Time and End Time can be used to set the time period 6 Configuration System Log ...

Page 147: ...Server The Server Address is the IPv4 host address of syslog server If the switch provide DNS feature it also can be a host name The Syslog Level indicates what kind of message will send to syslog server Possible modes are Info Send informations warnings and errors Warning Send warnings and errors Error Send errors ...

Page 148: ...used to configure EEE Energy Efficient Ethernet function of the switch for power reduction It can be enabled by port EEE Urgent Queues will activate tranmission of frames as soon as data is available Otherwise the queue will postpone tranmsission until 3000 bytes are ready to be transmitted ...

Page 149: ...e jumbo frame function And make sure that the connected device can accept such a big packets Power Control is used to configure the power control function of ports It could be Disabled All power savings mechanisms disabled ActiPHY Link down power savings enabled Less power is used when link down PerfectReach Link up power savings enabled Less power is used when short cable Enabled Both link up and...

Page 150: ...very status of the switch 2 This is for operator This user can view configuration and status of the switch And this user can execute maintenance function of the switch 1 This for guest This user can view configuration and status of the switch only 2 Configuration Security Switch Auth Method This page is used to configure Authentication Method of the switch for management interface The Authenticati...

Page 151: ...guration Security Switch SSH This page is used to enable SSH function for remote Telnet connection 4 Configuration Security Switch HTTPS This page is used to enable HTTPS security function for remote web connection Automatic Redirect automatically redirects web browser to an HTTPS connection when both HTTPS mode and Automatic Redirect are enabled or redirects web browser to an HTTP connection when...

Page 152: ... to configure IP address range that is allowed for remote management The remote management interface could be HTTP HTTPS SNMP or TELNET SSH 6 Configuration Security Switch SNMP 6 1 Configuration Security Switch SNMP System ...

Page 153: ...is page is used to configure SNMP System configuration and Trap configuration 6 2 Configuration Security Switch SNMP Communities This page is used to configure SNMPv3 Community Entry could be added or deleted ...

Page 154: ...e added or deleted 6 4 Configuration Security Switch SNMP Groups This page is used to configure SNMPv3 Group Entry could be added or deleted 6 5 Configuration Security Switch SNMP Views This page is used to configure SNMPv3 View Entry could be added or deleted 6 6 Configuration Security Switch SNMP Access ...

Page 155: ...Switch RMON 7 1 Configuration Security Switch RMON Statistics This page is used to configure RMON Statistics Entry could be added or deleted 7 2 Configuration Security Switch RMON History This page is used to configure RMON History Entry could be added or deleted 7 3 Configuration Security Switch RMON Alarm ...

Page 156: ...Alarm Entry could be added or deleted 7 4 Configuration Security Switch RMON Event This page is used to configure RMON Event Entry could be added or deleted 6 4 4 2 Configuration Security Network 1 Configuration Security Network Limit Control ...

Page 157: ...sers on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below 2 Configuration Security Network NAS ...

Page 158: ...nticated first for network access through switch ports The authentication is processed by RADIUS Server The details for the operation is configured here RADIUS Server is configured in Configuration Security AAA page 3 Configuration Security Network ACL 3 1 Configuration Security Network ACL Ports ...

Page 159: ...e is used to configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE 3 2 Configuration Security Network ACL Rate Limiters ...

Page 160: ...lo bit per second 3 3 Configuration Security Network ACL Access Control List Click the ACE configuration window will be prompted Define the parameters for the ACE and select the action when the parameters are matched Click Save to create the ACE Click to add another ACE Click e to edit the ACE Click x to delete the ACE Click up arrow down arrow to move the ACE ...

Page 161: ...page is used to configure DHCP Snooping function When DHCP snooping mode operation is enabled the DHCP request mes sages will be forwarded to trusted ports and only allow reply packets from trusted ports That can prevent illegal DHCP Server connection 4 2 Configuration Security Network DHCP Relay ...

Page 162: ... when DHCP relay operation mode is enabled The option 82 circuit ID format as vlan_id module_id port_no The first four characters represent the VLAN ID the fifth and sixth characters are the module ID in standalone device it always equal 0 in stackable device it means switch ID and the last two characters are the port number For example 00030108 means the DHCP message receive form VLAN ID 3 switch...

Page 163: ...hen a host tries to spoof and use the IP address of another host This function limit the maximum number of dynamic clients that can be learned on given port Note Dynamic IP Source entry is learned from DHCP request Before enable IP Source Guard DHCP Snooping function should be enabled first Otherwise static IP Source entry should be created for IP Source Guard operation 5 2 Configuration Security ...

Page 164: ...is used to configure ARP Inspection function ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through the switch device Note Dynamic ARP entry is learned from DHCP request Before enable ARP Inspection ...

Page 165: ...162 This page is used to add delete Static ARP Entry in Static ARP Inspection Table This table will be used for ARP Inspection security function 6 4 4 3 Configuration Security AAA ...

Page 166: ...163 This page is used to configure RADIUS and TACACS Servers The settings are used for 802 1x network access and switch user login authentication operations ...

Page 167: ...gation Hash Mode and Static Aggregation Group The Aggregation Hash Mode selects the Hash Code Contributors that can be used to calculate the destination port for the frame Up to five Static Aggregation Groups can be used for Aggregation Assign ports to them for the operation 6 4 5 2 Configuration Aggregation LACP ...

Page 168: ... for Aggregation operation LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling several physical ports together to form a single logical port Two switches can create aggregation connection with LACP function ...

Page 169: ...ction Loopback on port will cause packet storm in switch If Loopback Detection is enabled on ports and Tx Mode is enabled the port is actively generating loop protection PDU s If loopback is found the action could be shutdown port or log it The shutdown time could be configured for some period ...

Page 170: ... Spanning Tree Bridge Settings This page is used to configure Spanning Tree Bridge configuration This switch supports STP IEEE 802 1D RSTP IEEE 802 1w and MSTP IEEE 802 1s It could be selected at Prorocol Version 6 4 7 2 Configuration Spanning Tree MSTI Mapping ...

Page 171: ...Identification consists of the name and revision to identify the VLAN to MSTI mapping Bridges must share the name and revision as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region 6 4 7 3 Configuration Spanning Tree MSTI Priorities ...

Page 172: ...ion MSTI Priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier 6 4 7 4 Configuration Spanning Tree CIST Ports ...

Page 173: ...170 This page is used to configure Spanning Tree opeartion on Ports 6 4 7 5 Configuration Spanning Tree MSTI Ports Select the MSTI Click Get The MSTI Port Configuration will be shown ...

Page 174: ...path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favour of higher path cost ports Priority controls the po...

Page 175: ...hannel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximum 8 MVR VLANs with corresponding channel settings for each Multicast VLAN There will be totally at maximum 256 group addresses for chann...

Page 176: ...173 ...

Page 177: ...oping 1 Configuration IPMC IGMP Snooping Basic Configuration This page is used to configure the basic configuration of IGMP Snooping function Configuration for general settings and port settings can be done here 2 Configuration IPMC IGMP Snooping VLAN Configuration ...

Page 178: ...igure it And Save Edit a IGMP VLAN Delete a IGMP VLAN 3 Configuration IPMC IGMP Snooping Port Group Filtering This page is used to maintain IGMP Filtering Group on Port The IP Multicast Group in the table will be filtered on the port 6 4 9 2 Configuration IPMC MLD Snooping 1 Configuration IPMC MLD Snooping Basic Configuration ...

Page 179: ...s and port settings can be done here 2 Configuration IPMC MLD Snooping VLAN Configuration This page is used to maintain the MLD Snooping VLAN Table The following functions are supported Add a new IGMP VLAN Configure it And Save Edit a IGMP VLAN Delete a IGMP VLAN 3 Configuration IPMC MLD Snooping Port Group Filtering ...

Page 180: ...177 This page is used to maintain MLD Filtering Group on Port The IP Multicast Group in the table will be filtered on the port ...

Page 181: ...pabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Infor...

Page 182: ... is used to configure Mac Table function of the switch Aging Time Mac Address Learning Static Mac Address can be configured in this function If Mac Address Learning is set to Secure only static MAC entries are learned all other frames are dropped ...

Page 183: ...LANs VLAN Membership This page is used to maintain 802 1Q VLAN Group Add a new VLAN and assign VLAN ID VLAN Name Ports to it Edit a VLAN Delete a VLAN 6 4 12 2 Configuration VLANs Ports This page is used to configure 802 1Q VLAN and Q in Q function on Ports ...

Page 184: ...normally us ed for ports connected to VLAN aware switches as 802 1Q VLAN trunk connection Tx tag should be set to Untag_pvid when this mode is used Specific A Port VLAN ID can be configured Untagged frames received on the port are classified to the Port VLAN ID If VLAN awareness is disabled Port Type is Unaware all frames received on the port are classified to the Port VLAN ID If the classified VL...

Page 185: ...182 ...

Page 186: ...s page is used to configure Port based VLAN Port based VLAN can be created edited deleted 6 4 13 2 Configuration Port Based VLANs Port Isolation This page is used to configure Port Isolation function If ports are marked as Isolation they cannot communicate with each other even they are in the same VLAN ...

Page 187: ...ch It can configure general system settings and port settings If the function is enabled the switch can auto detect VoIP traffic and forward the traffic in the Voice VLAN with specific priority The Voice VLAN port discovery protocol could be by OUI or LLDP OUI is the first three bytes of Mac Address 6 4 14 2 Configuration Voice VLAN OUI ...

Page 188: ...185 This page is used to maintain the OUI table for Voice IP traffic OUI is the first three bytes of Mac Address Packets with OUI in the table will be treated as Voice traffic ...

Page 189: ... tag Clicking it a PCP DEI to QoS class DP level mapping setting will be shown When it is enabled the ingress tag classification QoS operation of the port will follow the mapping for packet forwarding About DSCP classification DSCP Based is used to enable disable doing QoS by DSCP in IP header Check it and it is enabled For ingress DSCP classification configuration please refer to DSCP Based QoS p...

Page 190: ...ion are disabled QoS class and DP level settings are statically assigned to a port All frames received on that port will have the same QoS class and DP level This a Port based QoS 6 4 15 2 Configuration QoS Port Policing This page is used to configure Port Ingress Rate Limit If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames when...

Page 191: ...configure its Egress Scheduler The following page will be shown This page is used to configure Egress traffic Scheduler and Egress traffic Shaper on port The traffic scheduler could operate in Strict Priority mode or Weighted mode If in Weighted mode the weighting of each queue could be configured ...

Page 192: ...or by port Enable by checking it and give a limit value 6 4 15 4 Configuration QoS Port Shaping This page will show egress shaper settings of each port and each queue Click Port number to configure its Egress Shaper The following page will be shown ...

Page 193: ...ve a limit value 6 4 15 5 Configuration QoS Port Tag Remarking This page is used to show Egress Tag Remarking mode of each port The mode could be Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Click Port number to configure the Egress Tag Remarking mode for it The following page will be shown The mode could be Classi...

Page 194: ...the basic QoS Port DSCP Configuration settings for all switch ports You can configure DSCP ingress and egress settings In Ingress settings you can change ingress translation and classification settings for individual ports In egress settings you can configure Rewriting or Remapping for individual ports About Ingress Translate The ingress DSCP value can be translated to another DSCP value for QoS o...

Page 195: ...ess Classify could be Disable Disable ingress DSCP QoS class to internal DSCP mapping operation DSCP 0 Classify if incoming or translated if enabled DSCP is 0 Selected Classify only selected DSCP for which classification is enabled as specified in DSCP Translation page select by checking classify All works for all DSCP values About Egress Rewrite This is used to set the DSCP Rewrite for egress pac...

Page 196: ...n IP frame 6 4 15 8 Configuration QoS DSCP Translation This page is used to configure the basic QoS DSCP Translation settings for all DSCP values DSCP translation can be done in Ingress or Egress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate DSCP at Ingress side can be tr...

Page 197: ... page Please refer to the description about Egress Rewrite in Port DSCP page 6 4 15 9 Configuration QoS DSCP Classification This page is used to configure the mapping of QoS class and Drop Precedence Level to internal DSCP value Frames got a QoS class either from port default or VLAN Tag or DSCP then it can map this QoS to internal DSCP This internal DSCP then can do another egress map to affect t...

Page 198: ...figuration QoS Storm Control This page is used to configure storm control for the switch There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across...

Page 199: ...irrored on a mirror port where a frame analyzer can be attached to analyze the frame flow The mirror traffic could be transmit packets egress or destination mirroring receive packets ingress or source mirroring or both Frames from ports that have either source rx or destination tx mirroring enabled are mirrored on the mirror port Disabled disables mirroring ...

Page 200: ...The configuration is divided into two parts Configuration of the sFlow receiver a k a sFlow collector and configuration of per port flow and counter samplers sFlow configuration is not persisted to non volatile memory which means that a reboot will disable sFlow sampling ...

Page 201: ... 6 4 18 2 Monitor System Log This page is used to show system log information of the switch Level is a filter for showing expected system information Clear Level is the level that will be applied for clear operation by clicking Clear Clicking ID will show the details of the log 6 4 18 3 Monitor System Detailed Log ...

Page 202: ...199 This page is used to show the details of log Entering the ID details of the log will be shown ...

Page 203: ... Monitor Port State This page is used to show Port Link status Clicking port will show its statistics 6 4 19 2 Monitor Port Traffic Overview This page is used to show brief statistics of each port 6 4 19 3 Monitor Port QoS Statistics ...

Page 204: ... is not applied to the hardware due to hardware limitations About Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen that resources required to add a QCE may not be available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add ...

Page 205: ...s of port Select the port And detail statistics of the port will be shown 6 4 19 6 Monitor Port DDMI This page is used to show SFP transceiver information and status if the transceiver supports DDMI Digital Diagnostics Monitoring Interface function ...

Page 206: ...atistics of every interface 6 4 20 2 Monitor Security Network 1 1 Monitor Security Network Port Security Switch This page is used to show the current state of the port and the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively ...

Page 207: ...he user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously ag...

Page 208: ...he answer the NAS then allows or disallows access to the protected resource The switch implementes NAS by IEEE 802 1X Click port to show port state of 802 1x 2 2 Monitor Security Network NAS Port This page is used to show port state of 802 1x Select Port And the Port State of 802 1x will be shown 3 Monitor Security Network ACL Status This page is used to show the ACL status by different ACL users ...

Page 209: ...work DHCP Relay Statistics This page is used to show DHCP Relay statistics DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific info...

Page 210: ...s 6 Monitor Security Network IP Source Guard Entries in the Dynamic IP Source Guard Table are shown on this page The Dynamic IP Source Guard Table is sorted first by port then by VLAN ID then by IP address and then by MAC address 6 4 20 3 Monitor Security AAA 1 Monitor Security AAA RADIUS Overview This page provides an overview of the status of the RADIUS servers configurable on the Authentication...

Page 211: ...ed timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled 2 Monitor Security AAA RADIUS Details This page provides detailed statistics for a particular RADIUS server The statistics map closely to those specified in ...

Page 212: ...is page provides an overview of RMON Statistics entries 1 2 Monitor Security Switch RMON History This page provides an overview of RMON History entries 1 3 Monitor Security Switch RMON Alarm This page provides an overview of RMON Alarm entries 1 4 Monitor Security Switch RMON Event ...

Page 213: ...210 This page provides an overview of RMON Event table entries ...

Page 214: ...21 1 Monitor LACP System Status This page provides a status overview for all LACP instances 6 4 21 2 Monitor LACP Port Status This page provides a status overview for LACP status for all ports 6 4 21 3 Monitor LACP Port Statistics ...

Page 215: ...212 This page provides an overview for LACP statistics for all ports ...

Page 216: ... the loop protection port status for ports of the switch If loop happens on port packet storm will be generates from the switch That will cause serious problem for normal network operation Loop Protection function can prevent such problem happens on ports ...

Page 217: ...nning Tree 6 4 23 1 Monitor Spanning Tree Bridge Status This page provides a status overview of all STP bridge instances Click CIST or MSTIx STP Detailed Bridge Status will be shown 6 4 23 2 Monitor Spanning Tree Port Status ...

Page 218: ...f bridge ports in the switch MSTP The number of MSTP BPDU s received transmitted on the port RSTP The number of RSTP BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s recei...

Page 219: ...oups Information Table is sorted first by VLAN ID and then by group 6 4 24 3 Monitor MVR MVR SFM Information Entries in the MVR SFM Information Table are shown on this page The MVR SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the s...

Page 220: ... IGMP Snooping status Protocol status and statistics are shown Router Port active status is shown 2 Monitor IPMC IGMP Snooping Groups Information Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group 3 Monitor IPMC IGMP Snooping IPv4 SFM Information ...

Page 221: ...urce addresses belong to the sam e group are treated as single entry 6 4 25 2 Monitor IPMC MLD Snooping 1 Monitor IPMC MLD Snooping Status This page provides MLD Snooping status Protocol status and statistics are shown Router Port active status is shown 2 Monitor IPMC MLD Snooping Groups Information Entries in the MLD Group Table are shown on this page The MLD Group Table is sorted first by VLAN I...

Page 222: ...ge The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry ...

Page 223: ...rmation exchanged by LLDP By using EEE power savings can be achieved at the expense of traffic latency This latency occurs due to that the circuits EEE turn off to save power need time to boot up before sending traffic over the link This time is called wakeup time To achieve minimal latency devices can use LLDP to exchange information about their respective tx and rx wakeup time as a way to agree ...

Page 224: ... provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole switch while local counters refer to per port counters for the currently selected switch ...

Page 225: ...222 6 4 27 Monitor MAC Table Entries in the MAC Table are shown on this page The MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address ...

Page 226: ...23 6 4 28 Monitor VLANs 6 4 28 1 Monitor VLANs VLAN Membership This page provides an overview of membership status of VLAN 6 4 28 2 Monitor VLANs VLAN Port This page provides VLAN Port Status and Setting ...

Page 227: ...224 6 4 29 Monitor sFlow This page shows receiver and per port sFlow statistics ...

Page 228: ...l always be 8 bytes more than the requested data space the ICMP header The page refreshes automatically until responses to all packets are received or until a timeout occurs 6 4 31 Diagnostics Ping6 This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you click Start ICMPv6 packets are transmitted and the sequence number and round trip time are displayed...

Page 229: ... this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding unt...

Page 230: ...onfiguration is available immediately which means that no restart is necessary Yes Click to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the configuration Note Restoring factory default can also be performed by making a physical loopback between port 1 and port 2 within the first minute from switch reboot In the first minute after boot loo...

Page 231: ...come Alternate Image and the new firmware image will be the Active Image The Alternate Image can be switched to be Active Image by Image Select function to run the old firmware image Warning While the firmware is being updated Web access appears to be defunct Do not restart or power off the device at this time or the switch may fail to function afterwards 6 4 35 2 Maintenance Software Image Select...

Page 232: ...e or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 6 4 36 Maintenance Configuration 6 4 36 1 Maintenance Configuration Save You can save the switch configuration The configuration file is in CLI format 6 4 36 2 Maintenance Configuration Upload Browse to the location of a configuration file and click Upload You ca...

Page 233: ...on 6 4 36 for Configuration Backup Restore 2 From console telnet command Doing by TFTP protocol and done by copy command Please refer to the description of copy command in Section 6 2 2 This switch supports firmware image backup function The old Active Image will become Alternate Image backup image and the new firmware image will be the Active Image The Alternate Image backup image can be switched...

Page 234: ...andard Operating 0 to 50 Humidity 10 to 90 Non condensing Fan Fanless Bridging Function Filtering forwarding and learning Switching Method Store and forward Address Table 8K entries Filtering Forwarding Rate Line speed Maximum Packet Size 9600 Bytes Flow Control 802 3x for full duplex backpressure for half duplex 16TX 2SFP Model Access Method Ethernet CSMA CD Standards Conformance IEEE 802 3 10BAS...

Page 235: ...E 802 3z IEEE 802 3ab 1000Base Communication Rate 10 100 1000Mbps for TX 100 1000Mbps for SFP Full Half duplex auto negotiation MDI MDIX Auto Detect Indicator Panel LEDs for each unit Power System each port Link Act Green 1000M Yellow 10 100M Number of Ports 24 RJ45 TX 4 SFP ports 24 GE Ports totally Console D Sub 9 Dimensions 330 x 204 x 43 mm Certification CE Mark FCC Class A Temperature Standar...

Page 236: ...Aggregation static and LACP BPDU guard and restricted role BPDU transparency DHCP client DHCP snooping DHCP option 82 relay ARP inspection Port mirroring IP MAC binding Layer 2 3 Multicast IGMP MLD snooping 1024 groups IGMP MLD throttling filtering and leave proxy Fast Leave Normal Leave Immediate Leave MVR QoS 8 Priority Queues per Port Port Based priority Scheduler priority QoS Control List Stor...

Page 237: ...4 Client Power Saving ActiPHY PerfectReach Ethernet Energy Efficient power management EEE Management HTTP server CLI console port Telnet Management access filtering SSHv2 and HTTPS IPv6 Management System Syslog Software download through Web SNMPv1 v2c v3Agent RMON Group 1 2 3 and 9 IEEE 802 1AB 2005 Link Layer Discovery LLDP Text Configuration download or upload sFlow ...

Page 238: ...cause interference in which case the user at his own expense will be required to take whatever measures are required to correct the interference CE Mark Declaration of Conformance for EMI and Safety EEC This is to certify that this product complies with ISO IEC Guide 22 and EN45014 It conforms to the following specifications EMC EN55022 2010 Class A IEC61000 3 2 2005 A1 2008 A2 2009 IEC61000 3 3 2...

Page 239: ...om defects in material and workmanship for a period of warranty time from the date of purchase from us or the authorized reseller The warranty does not cover the product if it is damaged in the process of being installed We recommend that you have the company from whom you purchased this product install it ...

Page 240: ......

Reviews:

No comments

Brands by name

Popular brands

Load more brands