CTC Union GSW-3420FM User Manual Download Page 49 | Manualshive

Page: 49 / 145

background image

prevents unauthorized access to a network by requiring users to first submit
credentials for authentication. One or more central servers, the backend servers,
determine whether the user is allowed access to the network. These backend
(RADIUS) servers are configured on the "Configuration→Security→AAA" page.
The IEEE802.1X standard defines port-based operation, but non-standard
variants overcome security limitations as shall be explored below.

MAC-based authentication allows for authentication of more than one user on
the same port, and doesn't require the user to have special 802.1X supplicant
software installed on his system. The switch uses the user's MAC address to
authenticate against the backend server. Intruders can create counterfeit MAC
addresses, which makes MAC-based authentication less secure than 802.1X
authentication.

Configuration by Web

:

[Configuration] -> [Security] -> [Network] -> [NAS]

Click “

?

” at this web page to get details of the settings.

Configuration by Command

:

Enable/Disable :
(config)# dot1x system-auth-control
(config)# no dot1x system-auth-control

RADIUS-Assigned QoS / RADIUS-Assigned VLAN / Guest VLAN Enabled :
(config)# dot1x feature { [ guest-vlan ] [ radius-qos ] [ radius-vlan ] }*1
(config)# no dot1x feature { [ guest-vlan ] [ radius-qos ] [ radius-vlan ] }*1

For Guest VLAN ...
Guest VLAN ID / Max. Reauth. Count / Allow Guest VLAN if EAPOL Seen :

46

«
...
47
48
49
50
51
...
»

Summary of Contents for GSW-3420FM

Page 1: ...GSW 3420FM 20 X 100 1000Base X SFP slots 4 X GbE combo ports 10 100 1000Base T or 1000Base X L2 managed Ethernet Switch ...

Page 2: ...e associated with such unintended or unauthorized use even if such claim alleges that CTC Union Technologies was negligent regarding the design or manufacture of said product WARNING This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interfere...

Page 3: ...ty four SFP ports and four share TX ports Port 21 24 are 1000TX RJ45 port SFP port optional for Gigabit connection And they can auto detect the connection from 1000TX RJ45 port or SFP port 2 24 SFP 4 TX combo 2 SFP 10G ports model This model supports twenty four SFP ports four share TX ports and two SFP 10G ports Port 21 24 are 1000TX RJ45 port SFP port optional for Gigabit connection And they can...

Page 4: ...1 Console Interface Connection 11 6 1 2 Command Line Brief 11 6 2 WEB TELNET AND SNMP INTERFACES 15 6 2 1 Web Interface Connection 15 6 2 2 Telnet and SNMP Interface Connection 16 7 FUNCTION CONFIGURATION 18 7 1 FUNCTION BRIEF 18 7 2 SYSTEM CONFIGURATION 20 7 3 PORT CONFIGURATION 26 7 4 DHCP 29 7 5 SECURITY CONFIGURATION 32 7 5 1 Security for Switch Management 32 7 5 2 Security for Network Managem...

Page 5: ...t Egress Tag Remarking 112 7 13 6 Port DSCP Configuration 114 7 13 7 DSCP to Internal Priority Mapping Ingress 116 7 13 8 DSCP Ingress Translation and Egress Remap 117 7 13 9 Internal Priority to DSCP Mapping Egress 119 7 13 10 QoS Control List 120 7 13 11 Port Storm Control 122 7 13 12 Weighted Random Early Detection Configuration 123 7 14 PORT MIRRORING 124 7 15 SFLOW 125 7 16 DIAGNOSTICS 127 7 ...

Page 6: ...for command line settings Web Telnet and SNMP interfaces are for remote switch management through network These functions can meet most of the management request for current network 1 1 Package Contents One Gigabit Management Fiber Optic Switch One AC power cord for AC power model only One console cable Two rack mount kits and screws This user s manual ...

Page 7: ... the switch on a 19 rack with rack mount kits as the picture Rack Mount Installation Before rack mounting the switch please pay attention to the following factors 1 Temperature Because the temperature in a rack assembly could be higher than the ambient room temperature check that the rack environment temperature is within the specified operating temperature range Please refer to Product Specificat...

Page 8: ...witch There could have two or four screws for one bracket That depends on the model that installed 4 Repeat Step 1 3 to install another bracket to the switch 5 Now it is ready to mount to a rack Mount the Switch on a Rack 1 Position a bracket that is already attached to the switch on one side of the rack 2 Line up the screw holes on the bracket with the screw holes on the side of the rack 3 Use a ...

Page 9: ...stem is used double pole fusing is required in building installation 3 A LAN or LAN segment with all its associated interconnected equipment shall be entirely contained within a single low voltage power distribution and within a single building The LAN is considered to be in an environment A according IEEE802 3 or environment 0 according IEC TR 62102 respectively Never make direct electrical conne...

Page 10: ...ble to the switch Because this switch supports Auto MDI MDI X detection on each TX port you can use normal straight through cable for both workstation connection and hub switch cascading F i b e r O p t ic C a b l e s 3 2 Connecting to Another Ethernet Switch Hub This Switch can be connected to existing 10Mbps 100Mbps 1000Mbps hubs switches Because all TX ports on the Switch support Auto MDI MDI X...

Page 11: ...ntly reduce unnecessary traffic The example below demonstrates the switch ability to segment the network The number of nodes on each segment is reduced thereby minimizing network contention collisions and boosting the available bandwidth per port With Management function of the switch network administrator is easy to monitor network status and configure for different applications W o r k g r o u p...

Page 12: ... devices are working the Link Act LED will be ON Remove SFP Transceiver Unplug the SFP Transceiver from SFP slot directly 4 2 Adding DC Power Module This switch supports AC DC dual power inputs The DC power module could be not installed when the switch is shipped And the DC power module can be installed with the following steps 1 Power OFF the switch first 2 Remove the DC power module slot cover a...

Page 13: ...ng received or sent Green The connection speed is 1000Mbps Yellow The connection speed is 10M or 100Mbps For 24 GE 2 10GE Model LED STATUS CONDITION Power ON Switch is receiving power OFF Switch is power OFF System Yellow System is running power on diagnostic Green System is booting or running Link Act ON Port has established a valid link Flashing Data packets being received or sent Green The conn...

Page 14: ...ything is correct the booting screen will appear in the terminal program when the switch is powered on It will stop at the following screen after some initializing messages M25PXX Init device with JEDEC ID 0xC22018 Jaguar 1 board detected VSC7460 Rev B RedBoot fis load d managed Image loaded from 0x80040000 0x809903e4 RedBoot go press ENTER to get started Press ENTER and Username and Password will...

Page 15: ...t based Network Access Control enable Turn on privileged commands exit Exit from EXEC mode firmware Firmware upgrade swap help Description of the interactive help system logout Exit from EXEC mode more Display file no Negate a command or set its defaults ping Send ICMP echo messages reload Reload system send Send a message to other tty lines show Show running system information terminal Set termin...

Page 16: ...odes for console interface 1 General Basic Commands These are basic commands after login Users can show switch configuration status ping network device reboot switch The prompt is 2 Configure Mode Commands With configure terminal command user can enter Configure Mode Commands in Configuring Mode are for general switch settings And its prompt is config 3 Interface Configuring Commands for Port VLAN...

Page 17: ... Save Configuration Remember to do save after configuration is done with the following command copy running config startup config 14 ...

Page 18: ...yy command xxx xxx xxx xxx is the IP address and yyy yyy yyy yyy is the netmask to modify IP address of the switch 4 4 Enter exit command to go back to config prompt 4 5 If IP Gateway will be set enter ip route xxx xxx xxx xxx yyy yyy yyy yyy zzz zzz zzz zzz command to create a IP route entry xxx xxx xxx xxx is the the destination IP network or host address of this route yyy yyy yyy yyy is the des...

Page 19: ...rmware upgrade configuration backup restore system reset Middle part of homepage is the main operation area for each function This is Logout Click it to logout This is Help Click it to get help information for operation The details about management with http connection will be shown in the following sub sections 6 2 2 Telnet and SNMP Interface Connection Telnet Management Interface If you want to ...

Page 20: ... NetMask Gateway address to the switch Refer to Section 6 2 1 and configure the SNMP setting of the switch first Then you can use SNMP management program to manage this switch This switch supports SNMP v1 v2c v3 agent function and MIB II Interface Bridge MIB 802 1Q MIB and Private MIB The default GET community name is public and SET community name is private 17 ...

Page 21: ...ilege level configuration b Authentication method for console telnet ssh http interfaces c Switch management access limitation d SSH HTTPS configuration e SNMP configuration f RMON configuration b Security for Network Access a Network connection number limit on port b 802 1x network access configuration c ACL configuration d DHCP snooping and reply configuration e IP source guard configuration f A...

Page 22: ... configuration e Voice VLAN configuration f GVRP configuration 12 QoS a Port default QoS configuration b Port ingress policing and egress shaping configuration c Egress scheduling configuration d Egress tag remarking e DSCP QoS translation classification configuration f Storm control configuration g WRED configuration 13 Mirroring a Port Mirroring configuration 14 sFlow a sFlow configuration 15 Di...

Page 23: ... this web page to get details of the settings Configuration by Command System Name config hostname word32 config no hostname System Contact config snmp server contact line255 config no snmp server contact System Location config snmp server location line255 config no snmp server location Status by Web Monitor System Information Click at this web page to get details of the settings Status by Command...

Page 24: ...s of the settings Configuration by Command IPv4 Address config if vlan ip address ipv4_addr ipv4_netmask dhcp fallback ipv4_addr ipv4_netmask timeout uint For example config if vlan ip address 192 168 1 179 255 255 255 0 config if vlan no ip address IPv6 Address config if vlan ipv6 address ipv6_subnet For example config if vlan ipv6 address 1221 215 c5ff fe03 4dc7 126 config if vlan no ipv6 addres...

Page 25: ...age to get details of the settings Status by Command Show IP Address show ip interface brief show ipv6 interface vlan vlan_list brief statistics Show IP Routing Table show ip route show ipv6 route interface vlan vlan_list 3 Time configuration This switch can get time from NTP server and supports Time Zone and Daylight Saving setting Configuration by Web Configuration System NTP 22 ...

Page 26: ...ettings Configuration System Time Click at this web page to get details of the settings Configuration by Command NTP config ntp enable config ntp server 1 5 ip address ipv4_ucast ipv6_ucast hostname config no ntp enable config no ntp server 1 5 23 ...

Page 27: ...NTP Configuration System Time Click at this web page to get details of the settings Status by Command show clock show clock detail 4 Log configuration This switch can records event logs in local flash and syslog server Configuration by Web Configuration System Log Click at this web page to get details of the settings Configuration by Command Log Configuration config logging host ipv4_ucast hostnam...

Page 28: ... web page to get details of the settings Monitor System Detailed Log Click at this web page to get details of the settings Status by Command show logging show logging 1 4294967295 show logging info warning error 25 ...

Page 29: ...b page to get details of the settings Configuration by Command Apply the following command for configured ports first And the prompt will become config if For single port config interface GigabitEthernet 1 x For several ports config interface GigabitEthernet 1 x y z For a range of ports config interface GigabitEthernet 1 x y Speed config if speed 1000 100 10 auto 10 100 1000 config if no speed ...

Page 30: ...f config if no flowcontrol Maximum Frame Size config if mtu 1518 10056 config if no mtu Status by Web Configuration Ports Monitor Ports State Click at this web page to get details of the settings Monitor Ports Traffic Overview Click at this web page to get details of the settings Status by Command SFP DDMI 27 ...

Page 31: ...ist capabilities Link Status show interface GigabitEthernet port_list status Statistics show interface GigabitEthernet port_list statistics packets bytes errors discards filtered priority 0 7 up down clear statistics GigabitEthernet port_list ...

Page 32: ... untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configuration by Web Enable Disable VLAN Range Configuration DHCP Snooping Click at this web page to get details of the settings Configuration by Command Enable Disable 29 ...

Page 33: ...CP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host ...

Page 34: ... dhcp relay information option config ip dhcp relay information policy drop keep replace config no ip dhcp relay information policy DHCP Relay Server config ip helper address ipv4_ucast config no ip helper address Status by Web Monitor DHCP Relay Statistics Click at this web page to get details of the settings Status by Command clear ip dhcp relay statistics show ip dhcp relay statistics 31 ...

Page 35: ...or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standa...

Page 36: ...d unencrypted line31 config no username word31 Privilege Levels config web privilege group cword level cro 0 15 crw 0 15 sro 0 15 srw 0 15 Note 1 cword Function Name Note 2 cro Configuration Read only crw Configuration Execute Read write sro Status Statistics Read only srw Status Statistics Read write config no web privilege group cword level Status by Web User Configuration Security Switch Users ...

Page 37: ...es Configuration by Web Configuration Security Switch Auth Method Click at this web page to get details of the settings Configuration by Command config aaa authentication login console telnet ssh http local radius tacacs config no aaa authentication login console telnet ssh http Status by Web Configuration Security Switch Auth Method Click at this web page to get details of the settings Status by ...

Page 38: ...witch Access Management Click at this web page to get details of the settings Monitor Security Access Management Statistics Click at this web page to get details of the settings Status by Command show access management statistics 1 16 clear access management statistics 4 SSH HTTPS configuration This function is used to enabled disable SSH and HTTPS security functions Configuration by Web SSH Confi...

Page 39: ...ity Switch HTTPS Click at this web page to get details of the settings Status by Command SSH show ip ssh HTTPS show ip http server secure status 5 SNMP configuration SNMP is an acronym for Simple Network Management Protocol It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol for network management SNMP allow diverse network objects to participate in a network manageme...

Page 40: ...Click at the web page to get details of the settings Configuration Security Switch SNMP Trap Click Add New Entry The following page will appear 37 ...

Page 41: ... get details of the settings Configuration Security Switch SNMP Communities Click at the web page to get details of the settings Configuration Security Switch SNMP Users Click at the web page to get details of the settings 38 ...

Page 42: ...SNMP Access Click at the web page to get details of the settings Configuration by Command Enable Disable config snmp server config no snmp server Version config snmp server version v1 v2c v3 config no snmp server version Community config snmp server community v2c word127 ro rw config snmp server community v3 word127 ipv4_addr ipv4_netmask config no snmp server community v2c config no snmp server c...

Page 43: ...3 config snmp server security to group model v1 v2c v3 name word32 group word32 config no snmp server security to group model v1 v2c v3 name word32 Views v3 config snmp server view word32 word255 include exclude config no snmp server view word32 word255 Access v3 config snmp server access word32 model v1 v2c v3 any level auth noauth priv read word255 write word255 config no snmp server access word...

Page 44: ...ines the information that any network monitoring system will be able to provide RMON can be supported by monitoring devices known as probes e g LAN switches includes software in each switch that can trap information as traffic flows through and record it in its MIB A software agent can gather the information for presentation to the network administrator with a graphical user interface Configuratio...

Page 45: ...s uint 1 2147483647 absolute delta rising threshold 2147483648 2147483647 0 65535 falling threshold 2147483648 2147483647 0 65535 rising falling both config no rmon alarm 1 65535 Create a History Entry config rmon collection history 1 65535 buckets 1 65535 interval 1 3600 config no rmon collection history 1 65535 Create a Statistics Entry config rmon collection stats 1 65535 config no rmon collect...

Page 46: ...etails of the settings Monitor Security Switch RMON Alarm Click at the web page to get details of the settings Monitor Security Switch RMON Event Click at the web page to get details of the settings Status by Command show rmon alarm 1 65535 show rmon event 1 65535 show rmon history 1 65535 show rmon statistics 1 65535 43 ...

Page 47: ... a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken Configuration by Web Configuration Security Network Limit Control Click at this web page to get details of the settings Configuration by Command Enable Disable config port security config no port security Aging 44 ...

Page 48: ...config if port security violation protect trap trap shutdown shutdown config if no port security maximum config if no port security violation Status by Web Configuration Security Network Limit Control Monitor Security Network Port Security Switch Click at this web page to get details of the settings Status by Command show port security switch interface port_type_list 2 802 1x Network Access config...

Page 49: ...ser to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create counterfeit MAC addresses which makes MAC based authentication less secure than 802 1X authentication Configuration by Web Configuration Security Network NAS Click at this web page to get details of the settings Configuration ...

Page 50: ...ion config no dot1x authentication timer re authenticate config no dot1x timeout tx period config no dot1x authentication timer inactivity config no dot1x timeout quiet period For Configuration by Port Admin State config if dot1x port control force authorized force unauthorized auto single multi mac based config if no dot1x port control RADIUS Assigned QoS RADIUS Assigned VLAN Guest VLAN Enabled c...

Page 51: ...cess Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and ...

Page 52: ...he whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the Web page help text to get further information for each of them The maximum number of ACEs is 64 ACL Ports The ACL Ports configuration is used to assign a Policy ID to an ingress port This is useful t...

Page 53: ...ion Configuration Security Network ACL Rate Limiters Click at this web page to get details of the settings ACL Entry Configuration Configuration Security Network ACL Access Control List Click the following page will appear 50 ...

Page 54: ...st rate limiter config if no access list redirect config if no access list logging config if no access list shutdown config if no access list port state Rate Limiter Configuration config access list rate limiter 1 16 pps 0 131071 ACL Entry Configuration Create a ACL Entry with default setting config access list ace update 1 256 Delete a ACL Entry config no access list ace 1 256 Ingress Port config...

Page 55: ...ce update 1 256 redirect disable interface port_type_id port_type_list Insert the current ACE before the next ACE ID config access list ace update 1 256 last 1 256 Status by Web Monitor Security Network ACL Status Click at this web page to get details of the settings Status by Command clear access list ace statistics show access list ace statistics 1 256 interface port_type_id port_type_list rate ...

Page 56: ... Source Guard Static Table Click at this web page to get details of the settings Configuration by Command Enable Disable config ip verify source config no ip verify source Dynamic Client Number config ip verify source limit 0 2 config no ip verify source limit Translate Dynamic to Static config ip verify source translate 53 ...

Page 57: ...k at this web page to get details of the settings Status by Command show ip verify source interface port_type_list show ip source binding dhcp snooping static interface port_type_list 5 ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such atta...

Page 58: ...ify ARP Inspection is enabled on which VLAN Configuration Security Network ARP Inspection VLAN Configuration Click at this web page to get details of the settings Assign Static ARP Inspection Entry Configuration Security Network ARP Inspection Static Table 55 ...

Page 59: ...pection entry interface port_type_id vlan_id mac_ucast ipv4_ucast no ip arp inspection entry interface port_type_id vlan_id mac_ucast ipv4_ucast Logging ip arp inspection logging deny permit all no ip arp inspection logging ip arp inspection vlan vlan_list logging deny permit all no ip arp inspection vlan vlan_list logging Specify ARP Inspection is enabled on which VLAN ip arp inspection vlan vlan...

Page 60: ...spection Click at this web page to get details of the settings Status by Command show ip arp show ip arp inspection interface port_type_list vlan vlan_list show ip arp inspection entry dhcp snooping static interface port_type_list 57 ...

Page 61: ...mmand Global Configuration config radius server attribute 32 line1 255 config radius server attribute 4 ipv4_ucast config radius server attribute 95 ipv6_ucast config radius server deadtime 1 1440 config radius server key line1 63 config radius server retransmit 1 1000 config radius server timeout 1 1000 config no radius server attribute 32 config no radius server attribute 4 config no radius serv...

Page 62: ...cast ipv6_ucast auth port 0 65535 acct port 0 65535 Status by Web Monitor Security AAA RADIUS Overview Click at this web page to get details of the settings Monitor Security AAA RADIUS Details Click at this web page to get details of the settings Status by Command 59 ...

Page 63: ...ration by Web Configuration Security AAA TACACS Click at this web page to get details of the settings Configuration by Command Global Configuration config tacacs server deadtime 1 1440 config tacacs server key line1 63 config tacacs server timeout 1 1000 config no tacacs server deadtime config no tacacs server key config no tacacs server timeout Server Configuration config tacacs server host word1...

Page 64: ...Status by Command show tacacs server 61 ...

Page 65: ...on Aggregation Static Click at this web page to get details of the settings Configuration by Command Traffic distribution mode config aggregation mode smac dmac ip port config no aggregation mode Add Ports to Aggregation Group config if aggregation group uint config if no aggregation group Status by Web Configuration Aggregation Static Click at this web page to get details of the settings Status b...

Page 66: ...Port Configuration config if lacp config if lacp key 1 65535 auto config if lacp port priority 1 65535 config if lacp role active passive config if lacp timeout fast slow config if no lacp config if no lacp key 1 65535 auto config if no lacp port priority 1 65535 config if no lacp role active passive config if no lacp timeout fast slow Status by Web Monitor LACP System Status Click at this web pag...

Page 67: ...lick at this web page to get details of the settings Monitor LACP Port Statistics Click at this web page to get details of the settings Status by Command clear lacp statistics show lacp internal statistics system id neighbour 64 ...

Page 68: ...d the action could be shutdown port or log it The shutdown time could be configured for some interval Configuration by Web Configuration Loop Protection Click at this web page to get details of the settings Configuration by Command Global Enable Disable config loop protect config no loop protect Global Transmission Time config loop protect transmit time 1 10 config no loop protect transmit time Gl...

Page 69: ... loop detected config if loop protect action shutdown log config if no loop protect action Port Actively Generate PDUs config if loop protect tx mode config if no loop protect tx mode Status by Web Monitor Loop Protection Click at this web page to get details of the settings Status by Command show loop protect interface port_type_list 66 ...

Page 70: ...ection is changed because of the network topology detection operation of the protocol This switch supports MSTP RSTP STP functions Configuring them for spanning tree operation is done here 1 STP Bridge Configuration Configure general spanning tree bridge operation settings here Configuration by Web Configuration Spanning Tree Bridge Settings Click at this web page to get details of the settings Co...

Page 71: ...ng tree edge bpdu filter config no spanning tree edge bpdu filter Edge Port BPDU Guard config spanning tree edge bpdu guard config no spanning tree edge bpdu guard Port Error Recovery Timeout config spanning tree recovery interval 30 86400 config no spanning tree recovery interval Set the STP migration check clear spanning tree detected protocols interface port_type_list Status by Web Monitor Span...

Page 72: ...ings Status by Command show spanning tree summary show spanning tree active show spanning tree mst 2 MSTI Configuration VLAN Mapping Configuration by Web Configuration Spanning Tree MSTI Mapping Click at this web page to get details of the settings 69 ...

Page 73: ... this web page to get details of the settings Status by Command show spanning tree mst configuration 3 MSTI Configuration Priority Configuration by Web Configuration Spanning Tree MSTI Priorities Click at this web page to get details of the settings Configuration by Command MSTI Priority Configuration config spanning tree mst 0 7 priority 0 61440 config no spanning tree mst 0 7 priority Status by ...

Page 74: ...onfig if no spanning tree mst 0 7 cost Priority config if spanning tree mst 0 7 port priority 0 240 config if no spanning tree mst 0 7 port priority Admin Edge config if spanning tree edge config if no spanning tree edge Auto Edge config if spanning tree auto edge config if no spanning tree auto edge Restricted Role config if spanning tree restricted role config if no spanning tree restricted role...

Page 75: ... get details of the settings Monitor Spanning Tree Port Statistics Click at this web page to get details of the settings Status by Command clear spanning tree statistics interface port_type_list show spanning tree interface port_type_list show spanning tree detailed interface port_type_list 5 MSTI Port Configuration Configuration by Web Configuration Spanning Tree MSTI Ports Select a MSTI and clic...

Page 76: ...auto config if no spanning tree mst 0 7 cost Port Priority config if spanning tree mst 0 7 port priority 0 240 config if no spanning tree mst 0 7 port priority Status by Web Configuration Spanning Tree MSTI Ports Click at this web page to get details of the settings Status by Command show spanning tree mst 0 7 interface port_type_list 73 ...

Page 77: ...trol on IP multicast streams Configuration by Web Configuration IPMC Profile Profile Table Click at this web page to get details of the settings After profile name and description are set and saved Rule can be configured Clicking e the following page will appear for adding entry Entries are created at Configuration IPMC Profile Address Entry web page Configuration by Command Enable Disable config ...

Page 78: ...the eye icon the entry table will be shown Status by Command show ipmc profile word16 detail 2 Address Entry Configuration by Web Configuration IPMC Profile Address Entry Click at this web page to get details of the settings Configuration by Command Create Delete IP Multicast Address Entry for Profile config ipmc range word16 ipv4_mcast ipv4_mcast ipv6_mcast ipv6_mcast config no ipmc range word16 ...

Page 79: ...76 ...

Page 80: ... called MVR source ports It is allowed to create at maximum 4 MVR VLANs with corresponding channel profile for each Multicast VLAN The channel profile is defined by the IPMC Profile which provides the filtering conditions Configuration by Web Configuration MVR Click at this web page to get details of the settings Configuration by Command Enable Disable config mvr config no mvr VLAN Interface Setti...

Page 81: ... mvr name word16 channel config no mvr name word16 frame priority config no mvr name word16 frame tagged config no mvr name word16 igmp address config no mvr name word16 last member query interval config no mvr name word16 mode Immediate Leave Setting on Port Enable Disable config if mvr immediate leave config if no mvr immediate leave Port Role config if mvr vlan vlan_list type source receiver co...

Page 82: ...his web page to get details of the settings Status by Command show mvr vlan vlan_list name word16 group database interface port_type_list sfm information detail clear mvr vlan vlan_list name word16 statistics 79 ...

Page 83: ...GMP snooping is the process of listening to Internet Group Management Protocol IGMP network traffic The feature allows a network switch to listen in on the IGMP conversation between hosts and routers By listening to these conversations the switch maintains a map of which links need which IP multicast streams Multicasts may be filtered from the links which do not need them and thus controls which p...

Page 84: ...ooping Enable Disable config ip igmp snooping config no ip igmp snooping Unregistered IPMCv4 Flooding Enable Disable config ip igmp unknown flooding config no ip igmp unknown flooding IGMP SSM Range config ip igmp ssm range ipv4_mcast 4 32 config no ip igmp ssm range Proxy Enable Disable config ip igmp host proxy config no ip igmp host proxy Leave Proxy Enable Disable config ip igmp host proxy lea...

Page 85: ...dress ipv4_ucast config if vlan ip igmp snooping query interval 1 31744 config if vlan ip igmp snooping query max response time 0 31744 config if vlan ip igmp snooping robustness variable 1 255 config if vlan ip igmp snooping unsolicited report interval 0 31744 config if vlan no ip igmp snooping config if vlan no ip igmp snooping compatibility config if vlan no ip igmp snooping last member query i...

Page 86: ...r detail 2 MLD Snooping MLD is an acronym for Multicast Listener Discovery for IPv6 MLD is used by IPv6 routers to discover multicast listeners on a directly attached link much as IGMP is used in IPv4 The protocol is embedded in ICMPv6 instead of using a separate protocol MLD snooping allows the switch to examine MLD packets and make forwarding decisions based on their content You can configure th...

Page 87: ...PMC MLD Snooping Basic Configuration Click at this web page to get details of the settings MLD Snooping VLAN Configuration Configuration IPMC MLD Snooping VLAN Configuration Click at this web page to get details of the settings MLD Snooping Port Filtering Profile Configuration IPMC MLD Snooping Port Filtering Profile 84 ...

Page 88: ...mld host proxy leave proxy Port Related Basic Configuration Router Port Enable Disable config if ipv6 mld snooping mrouter config if no ipv6 mld snooping mrouter Immediate Leave Enable Disable config if ipv6 mld snooping immediate leave config if no ipv6 mld snooping immediate leave Throttling Max Group Number config if ipv6 mld snooping max groups 1 10 config if no ipv6 mld snooping max groups ML...

Page 89: ...nfig if vlan no ipv6 mld snooping querier election config if vlan no ipv6 mld snooping query interval config if vlan no ipv6 mld snooping query max response time config if vlan no ipv6 mld snooping robustness variable config if vlan no ipv6 mld snooping unsolicited report interval MLD Snooping Port Filtering Profile config if ipv6 mld snooping filter word16 config if no ipv6 mld snooping filter St...

Page 90: ...etails of the settings Status by Command clear ipv6 mld snooping vlan vlan_list statistics show ipv6 mld snooping vlan vlan_list group database interface port_type_list sfm information detail show ipv6 mld snooping mrouter detail 87 ...

Page 91: ...t to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management Protocol SNMP Configuration by Web Configuration LLDP C...

Page 92: ...ive Optional TLVs to transmit config if lldp tlv select management address port description system capabilities system description system name config if no lldp tlv select management address port description system capabilities system description system name CDP aware config if lldp cdp aware config if no lldp cdp aware Status by Web Monitor LLDP Neighbors Click at this web page to get details of ...

Page 93: ...Status by Command clear lldp statistics show lldp neighbors interface port_type_list show lldp statistics interface port_type_list 90 ...

Page 94: ... frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here Configuration by Web Configuration MAC Table Click at...

Page 95: ...s table learning secure config if no mac address table learning secure Status by Web Monitor MAC Table Click at this web page to get details of the settings Status by Command clear mac address table show mac address table conf static aging time learning count interface port_type_list address mac_addr vlan vlan_id vlan vlan_id interface port_type_list 92 ...

Page 96: ...Q conformant can include VLAN tags Traffic on a VLAN unaware i e IEEE 802 1D conformant portion of the network will not contain VLAN tags When a frame enters the VLAN aware portion of the network a tag is added to represent the VLAN membership of the frame s port or the port protocol combination depending on whether port based or port and protocol based VLAN classification is being used Each frame...

Page 97: ...Ingress Filter If port is in Hybrid mode config if switchport hybrid ingress filtering config if no switchport hybrid ingress filtering Ingress Acceptance If port is in Hybrid mode config if switchport hybrid acceptable frame type all tagged untagged config if no switchport hybrid acceptable frame type Egress Tagging If port is in Trunk mode config if switchport trunk vlan tag native config if no ...

Page 98: ...onfig if no switchport forbidden vlan Status by Web Monitor VLANs Membership Click at this web page to get details of the settings Monitor VLANs Ports Click at this web page to get details of the settings Status by Command show vlan id vlan_list name vword32 brief 95 ...

Page 99: ...his web page to get details of the settings Edit Port Isolation Setting Configuration Private VLANs Port Isolation Click at this web page to get details of the settings Configuration by Command Assign ports to Private VLAN config if pvlan range_list config if no pvlan range_list Set ports as Isolation config if pvlan isolation config if no pvlan isolation Status by Web Configuration Private VLANs ...

Page 100: ...ation by Web Configuration VCL MAC based VLAN Click at this web page to get details of the settings Configuration by Command Add Remove ports to Mac based VLAN config if switchport vlan mac mac_ucast vlan vlan_id config if no switchport vlan mac mac_ucast vlan vlan_id Status by Web Monitor VCL MAC based VLAN Click at this web page to get details of the settings Status by Command show vlan mac 97 ...

Page 101: ...is web page to get details of the settings Configuration by Command Add Delete Protocol Group config vlan protocol eth2 0x600 0xffff arp ip ipx at snap 0x0 0xffffff rfc_1042 snap_8021h 0x0 0xffff llc 0x0 0xff 0x0 0xff group word16 config no vlan protocol eth2 0x600 0xffff arp ip ipx at snap 0x0 0xffffff rfc_1042 snap_8021h 0x0 0xffff llc 0x0 0xff 0x0 0xff group word16 Add Remove ports to Protocol ...

Page 102: ... show vlan protocol eth2 0x600 0xffff arp ip ipx at snap 0x0 0xffffff rfc_1042 snap_8021h 0x0 0xffff llc 0x0 0xff 0x0 0xff 99 ...

Page 103: ... packet is subjected to the normal VLAN classification rules of the switch This IP subnet capability does not imply a routing function or that the VLAN is routed The IP subnet classification feature affects only the VLAN assignment of a packet Appropriate 802 1Q VLAN configuration must exist in order for the packet to be switched Configuration by Web Configuration VCL IP Subnet based VLAN Click at...

Page 104: ...m QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality Configuration by Web Voice VLAN Configuration Configuration Voice VLAN Configuration Click at this web page to get details of the settings OUI Definition Configuration Voice VLAN OUI Click at this web page to get details of the settings 101 ...

Page 105: ...ig no voice vlan oui oui Port Configuration Mode config if switchport voice vlan mode auto force disable config if no switchport voice vlan mode Security config if switchport voice vlan security config if no switchport voice vlan security Discovery Protocol config if switchport voice vlan discovery protocol oui lldp both config if no switchport voice vlan discovery protocol Status by Web Configura...

Page 106: ...cal area network LAN can register and de register attributes such as identifiers or addresses with each other Every end station and switch thus has a current record of all the other end stations and switches that can be reached GVRP like GARP eliminates unnecessary network traffic by preventing attempts to transmit information to unregistered users In addition it is necessary to manually configure...

Page 107: ...e time 60 300 leave all time 1000 5000 1 Enable Disable GVRP on Port config if gvrp config if no gvrp Emit a Request for test on Port config if gvrp join request vlan vlan_list config if gvrp leave request vlan vlan_list Status by Web Configuration GVRP Global config Configuration GVRP Port config Click at this web page to get details of the settings Status by Command show gvrp protocol state inte...

Page 108: ...hat specific QoS class There is a mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority 7 13 1 Port Ingress Classification This setting is used to configure the basic QoS Ingress Classification settings for all switch ports DSCP Based is used to enable disable doing QoS by DSCP in IP header Check it and it is enabled About DSCP classification For ingress DSCP c...

Page 109: ... dpl dpl config if no qos dpl Enable Disable DSCP QoS on Port config if qos trust dscp config if no qos trust dscp Status by Web Configuration QoS Port Classification Click at this web page to get details of the settings Status by Command show qos interface port_type_list 106 ...

Page 110: ...es when limit rate is reached Configuration by Web Configuration QoS Port Policing Click at this web page to get details of the settings Configuration by Command Port Ingress Policer config if qos policer uint fps flowcontrol config if no qos policer Status by Web Configuration QoS Port Policing Click at this web page to get details of the settings Status by Command show qos interface port_type_li...

Page 111: ...nfiguration by Web Configuration QoS Port Shaping Click port number port and queue egress scheduler and shapers setting page will appear The traffic scheduler could operate in Strict Priority mode or Weighted mode If in Weighted mode the weighting of each queue could be configured The traffic shaper could operate by queue or by port Enable by checking it and 108 ...

Page 112: ...onfig if qos shaper uint config if no qos shaper Queue Egress Shaper of Port config if qos queue shaper queue 0 7 uint excess config if no qos queue shaper queue 0 7 Status by Web Configuration QoS Port Shaping Click at this web page to get details of the settings Status by Command show qos interface port_type_list 109 ...

Page 113: ...guration by Web Configuration QoS Port Scheduler Click port number port and queue egress scheduler and shapers setting page will appear The traffic scheduler could operate in Strict Priority mode or Weighted mode If in Weighted mode the weighting of each queue could be configured The traffic shaper could operate by queue or by port Enable by checking it and 110 ...

Page 114: ...iguration by Command Weighting of Queue for WRR config if qos wrr 1 100 1 100 1 100 1 100 1 100 1 100 config if no qos wrr Status by Web Configuration QoS Port Scheduler Click at this web page to get details of the settings Status by Command show qos interface port_type_list 111 ...

Page 115: ...I values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Click Port number to configure the Egress Tag Remarking mode for it Configuration by Web Configuration QoS Port Tag Remarking Click port number port egress tag remarking setting page will apear If in Classified mode If in Default mode If in Mapped mode 112 ...

Page 116: ...rk mapped yellow 0 4 config if no qos tag remark Internal Priority to PCP and DEI Map Egress config if qos map cos tag cos 0 7 dpl 0 1 pcp 0 7 dei 0 1 config if no qos map cos tag cos 0 7 dpl 0 1 Status by Web Configuration QoS Port Tag Remarking Click port number port egress tag remarking setting page will apear Click at this web page to get details of the settings Status by Command show qos inte...

Page 117: ... default or VLAN Tag or DSCP is gotten the Ingress Classify can map this QoS class to internal DSCP This internal DSCP then can do another egress map to affect the DSCP value when the frame is sent out The QoS to internal DSCP mapping is set in DSCP Classification page and the mapping will be applied to egress packets when Egress Rewrite in Port DSCP page is enable Remap And the original DSCP valu...

Page 118: ...p translate Ingress Classify DSCP values config if qos dscp classify zero selected any config if no qos dscp classify Egress DSCP Rewrite config if qos dscp remark rewrite remap remap dp config if no qos dscp remark Status by Web Configuration QoS Port DSCP Click at this web page to get details of the settings Status by Command show qos interface port_type_list 115 ...

Page 119: ... DSCP values will not be applied Configuration by Web Configuration QoS DSCP Based QoS Click at this web page to get details of the settings Configuration by Command DSCP to Internal Priority Mapping and trust config qos map dscp cos 0 63 dscp cos 0 7 dpl dpl config no qos map dscp cos 0 63 dscp Status by Web Configuration QoS DSCP Based QoS Click at this web page to get details of the settings St...

Page 120: ...lected in Port DSCP page For Egress the settings are applied to Egress Rewrite in Port DSCP page Please refer to the description about Egress Rewrite in Port DSCP page Configuration by Web Configuration QoS DSCP Translation Click at this web page to get details of the settings Configuration by Command Ingress DSCP values translation mapping config qos map dscp ingress translation 0 63 dscp to 0 63...

Page 121: ... get details of the settings Status by Command Ingress DSCP values translation mapping show qos maps dscp ingress translation DSCP values selected for ingress classify show qos maps dscp classify Egress DSCP values translation mapping show qos maps dscp egress translation 118 ...

Page 122: ...ss DSCP value when Egress Rewrite in Port DSCP page is not disable Please refer to the description about Egress Rewrite in Port DSCP page Configuration by Web Configuration QoS DSCP Classification Click at this web page to get details of the settings Configuration by Command Internal Priority to DSCP Mapping config qos map cos dscp 0 7 dscp 0 63 dscp config no qos map cos dscp 0 7 Status by Web Co...

Page 123: ...rol List Click to create a QoS Control Entry Click at this web page to get details of the settings Configuration by Command Create Edit a QoS Control Entry Setup matched DMAC config qos qce 1 256 dmac unicast multicast broadcast any Setup matched frame type config qos qce 1 256 frame type any etype 0x600 0x7ff 0x801 0x86dc 0x86de 0xffff any llc dsap 0 0xff any ssap 0 0xff any control 0 0xff any sn...

Page 124: ...ID config qos qce 1 256 next uint Place QCE at the end config qos qce 1 256 last Delete a QoS Control Entry config no qos qce 1 256 Refresh QCE tables in hardware config qos qce refresh Status by Web Configuration QoS QoS Control List Click at this web page to get details of the settings Status by Command show qos qce 1 256 121 ...

Page 125: ...ion by Web Configuration QoS Storm Control Click at this web page to get details of the settings Configuration by Command Enable Rate Setting config if qos storm unicast broadcast unknown 100 13200000 fps Disable config if no qos storm unicast broadcast unknown Status by Web Configuration QoS Storm Control Click at this web page to get details of the settings Status by Command show qos interface p...

Page 126: ...ity packets to be dropped hence protecting the higher priority packets in the same queue In this way quality of service prioritization is made possible for important packets from a pool of packets using the same buffer It is more likely that standard traffic will be dropped instead of higher prioritized traffic Configuration by Web Configuration QoS WRED Click at this web page to get details of th...

Page 127: ...uration by Web Configuration Mirroring Click at this web page to get details of the settings Configuration by Command Mirroring Destination Port config monitor destination interface port_type_id config no monitor destination Mirroring Source Port config monitor source interface port_type_list cpu range_list both rx tx config no monitor source interface port_type_list cpu range_list Status by Web C...

Page 128: ...dditional information can be found at http sflow org Configuration by Web Configuration sFlow Click at this web page to get details of the settings Configuration by Command Agent IP Address config sflow agent ip ipv4 ipv4_addr ipv6 ipv6_addr config no sflow agent ip Receiver Configuration Receiver IP Address config sflow collector address receiver range_list word config no sflow collector address ...

Page 129: ...if sflow range_list config if no sflow range_list Flow Sampler Max Size config if sflow max sampling size sampler range_list 14 200 config if no sflow max sampling size sampler range_list Flow Sampler Sampling Rate config if sflow sampling rate sampler range_list 1 4294967295 Status by Web Monitor sFlow Click at this web page to get details of the settings Status by Command clear sflow statistics ...

Page 130: ...ation by Web Ping by IPv4 Configuration Diagnostics Ping Click at this web page to get details of the settings Ping by IPv6 Configuration Diagnostics Ping6 Click at this web page to get details of the settings Verify Cable Connection Configuration Diagnostics VeriPHY Click at this web page to get details of the settings 127 ...

Page 131: ...t details of the settings Ping by IPv6 Configuration Diagnostics Ping6 Click at this web page to get details of the settings Verify Cable Connection Configuration Diagnostics VeriPHY Click at this web page to get details of the settings Status by Command Ping by IPv4 ping ip word1 255 repeat 1 60 size 2 1452 interval 0 30 Ping by IPv6 ping ipv6 ipv6_addr repeat 1 60 size 2 1452 interval 0 30 inter...

Page 132: ...iguration Maintenance Restart Device Click at this web page to get details of the settings Factory Default Configuration Maintenance Factory Defaults Click at this web page to get details of the settings Software Upload Configuration Maintenance Software Upload Click at this web page to get details of the settings Software Image Select Configuration Maintenance Software Image Select 129 ...

Page 133: ...nfiguration Maintenance Configuration Save startup config Click at this web page to get details of the settings Configuration Download Configuration Maintenance Configuration Download Click at this web page to get details of the settings Configuration Upload Configuration Maintenance Configuration Upload 130 ...

Page 134: ...nance Configuration Activate Click at this web page to get details of the settings Configuration Delete Configuration Maintenance Configuration Delete Click at this web page to get details of the settings Configuration by Command System Reboot reload cold Factory Default reload defaults keep ip 131 ...

Page 135: ...mand line editing terminal editing no terminal editing Set the EXEC timeout terminal exec timeout 0 1440 0 3600 no terminal exec timeout Description of the interactive help system terminal help Control the command history function terminal history size 0 32 no terminal history size Set number of lines on a screen terminal length 0 3 512 no terminal length Set width of the display terminal terminal...

Page 136: ...Configuration Upload Click at this web page to get details of the settings Configuration Activate Configuration Maintenance Configuration Activate Click at this web page to get details of the settings Configuration Delete Configuration Maintenance Configuration Delete Click at this web page to get details of the settings Status by Command Show running configuration show running config all defaults...

Page 137: ...ation Backup Restore 2 From console telnet command Doing by TFTP protocol and done by copy command Please refer to the description of Maintenance function in Section 7 17 This switch supports firmware image backup function The old Active Image will become Alternate Image backup image and the new firmware image will be the Active Image The Alternate Image backup image can be switched to be Active I...

Page 138: ... condensing Bridging Function Filtering forwarding and learning Switching Method Store and forward Address Table 16K entries Filtering Forwarding Rate Line speed Maximum Packet Size 10056 Bytes Flow Control 802 3x for full duplex backpressure for half duplex 24SFP 4TX combo 2SFP Model Access Method Ethernet CSMA CD Standards Conformance IEEE 802 3 10BASE T IEEE 802 3u 100BASE IEEE 802 3z IEEE 802 ...

Page 139: ...Operating 0 to 50 Humidity 10 to 90 Non condensing Bridging Function Filtering forwarding and learning Switching Method Store and forward Address Table 16K entries Filtering Forwarding Rate Line speed Maximum Packet Size 10056 Bytes Flow Control 802 3x for full duplex backpressure for half duplex 136 ...

Page 140: ... Port isolation Private VLAN MAC based VLAN Protocol based VLAN IP subnet based VLAN Spanning Tree IEEE 802 1s MSTP Multiple spanning tree IEEE 802 1w RSTP Rapid spanning tree IEEE 802 1D STP Spanning tree BPDU Guard Restricted Role Link Aggregation Static and LACP IP Multicast IGMP v2 and v3 snooping MLD v1 snooping IGMP filtering profile IPMC throttling filtering leave proxy MVR and MVR profile ...

Page 141: ... policing port copy IP source guard Synchronization NTPv4 Client SFP DDMI Yes Management DHCP Client DNS client proxy HTTP Server CLI Console Port Telnet Text Configuration download or upload Management access filtering HTTPS SSHv2 IPv6 Management System Syslog Software Upload via web SNMP v1 v2c v3 Agent RMON Group 1 2 3 9 RMON alarm and event CLI web SNMP multiple trap destinations IEEE 802 1AB ...

Page 142: ...e interference in which case the user at his own expense will be required to take whatever measures are required to correct the interference CE Mark Declaration of Conformance for EMI and Safety EEC This is to certify that this product complies with ISO IEC Guide 22 and EN45014 It conforms to the following specifications EMC EN55022 2010 Class A IEC61000 3 2 2005 A1 2008 A2 2009 IEC61000 3 3 2008 ...

Page 143: ...efects in material and workmanship for a period of warranty time from the date of purchase from us or the authorized reseller The warranty does not cover the product if it is damaged in the process of being installed We recommend that you have the company from whom you purchased this product install it 140 ...

Page 144: ......

Page 145: ......

Reviews:

No comments

Related manuals for GSW-3420FM

Brand: ZyXEL Communications Pages: 125

Brand: Patton electronics Pages: 12

Husky HMG-1648EP

Brand: Ethernet Direct Pages: 16

Brand: Dataprobe Pages: 16

CyberSWITCH CSX101

Brand: Cabletron Systems Pages: 72

Brand: B+B SmartWorx Pages: 50

Brand: Cradlepoint Pages: 2

Total Access 1500 Dual FXS/DPO

Brand: ADTRAN Pages: 2

Brand: ActionTec MI424WR Pages: 3

Brand: Erbauer Pages: 36

Brand: LevelOne Pages: 4

Brand: TRENDnet Pages: 7

Brand: R.V.R. Elettronica Pages: 171

Brand: Tripp Lite Pages: 3

Brand: Helmholz Pages: 20

Brand: netsys Pages: 38

593/25, 593/45, 593/TB, RS-422, RS-485

Brand: Patton electronics Pages: 8

Brand: C&H Technologies Pages: 1

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands