CTC Union IFS-1604GSM Series User Manual Download | Manualshive

Page: 259 / 385

background image

Chapter 4. Web Configuration & Operation

259

CHAPTER 4

WEB OPERATION & CONFIGURATION

4.5.5.4 DHCP

DHCP Snooping allows the switch to protect a network from attacking by other devices or rogue DHCP servers. When
DHCP Snooping is enabled on the switch, it can filter IP traffic on insecure (untrusted) ports that the source addresses
cannot  be  identified  by  DHCP  Snooping.  The  addresses  assigned  to  connected  clients  on  insecure  ports  can  be
carefully  controlled  by  either  using  the  dynamic  binding  registered  with  DHCP  Snooping  or  using  the  static  binding
configured with IP Source Guard.

4.5.5.4.1 Snooping Configuration

DHCP Snooping Configuration

Snooping Mode:

Enable or disable DHCP Snooping function globally. When DHCP snooping mode operation is enabled,

the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports.

Port Mode Configuration

Port:

Port number. "Port *" rules apply to all ports.

Mode:

Select the DCHP Snooping port mode. Ports can be set to either “Trusted” or “Untrusted”.

«
...
257
258
259
260
261
...
»

Summary of Contents for IFS-1604GSM Series

Page 1: ...1 IGS 812SM Series IGS 1604SM Series IFS 1604GSM Series Industrial Gigabit Fast Ethernet 20 Port Managed Switches ...

Page 2: ...t CTC Union Technologies was negligent regarding the design or manufacture of said product TRADEMARKS Microsoft is a registered trademark of Microsoft Corp HyperTerminal is a registered trademark of Hilgraeve Inc ActiPHY and VeriReach are registered trademarks of Vitesse Semiconductor WARNING This equipment has been tested and found to comply with the limits for a Class A digital device pursuant t...

Page 3: ...FX Managed Industrial Switch IGS 1604SM E Gigabit Ethernet 16TP 4FX Managed Industrial Switch Extended Temperature IFS 1604GSM Fast Ethernet 16TP 4FX Managed Industrial Switch IFS 1604GSM E Fast Ethernet 16TP 4FX Managed Industrial Switch Extended Temperature This document is the current official release manual Contents are subject to change without prior notice Please check CTC Union s website fo...

Page 4: ... OPERATION 27 3 3 CLI MODES 28 3 4 QUICK KEYS 28 3 5 COMMAND SYNTAX 28 3 6 BASIC CONFIGURATIONS 29 3 6 1 Configuring IPv4 Address 29 3 6 2 Enter Config Interface Mode 29 3 6 3 Save Configurations 30 3 6 4 Restart the Device 30 3 6 5 Load Factory Defaults 30 3 6 6 Show System and Software Information 30 3 6 7 Show SFP Information 31 3 6 8 Show Running Configurations 31 3 6 9 Show History Commands 3...

Page 5: ...upgrade 42 3 8 31 ip dhcp retry interface vlan 42 3 8 32 more 42 3 8 33 ping ip 42 3 8 34 ping ipv6 42 3 8 35 ptp 43 3 8 36 reload cold 43 3 8 37 reload defaults 43 3 8 38 send 43 3 8 39 terminal editing 44 3 8 40 terminal exec timeout 44 3 8 41 terminal history size 44 3 8 42 terminal length 45 3 8 43 terminal width 45 3 8 44 traceroute ip 45 3 8 45 no port security shutdown 45 3 8 46 show interf...

Page 6: ... config if dot1x re authenticate 60 3 9 9 config if duplex 61 3 9 10 config enable 61 3 9 10 1 config enable password 61 3 9 10 2 config enable password level 61 3 9 10 3 config enable secret 62 3 9 11 config erps 62 3 9 11 1 config erps group guard guard_time_ms 62 3 9 11 2 config erps group holdoff holdoff_time_ms 63 3 9 11 3 config erps group major port0 interface port1 interface port_type port...

Page 7: ...nterface 79 3 9 18 23 config ip ssh 80 3 9 18 24 config ip verify source 80 3 9 18 25 config ip verify source translate 80 3 9 18 26 config if ip arp inspection check vlan 81 3 9 18 27 config if ip arp inspection logging 81 3 9 18 28 config if ip arp inspection trust 81 3 9 18 29 config if ip dhcp snooping trust 81 3 9 18 30 config if ip igmp snooping filter 82 3 9 18 31 config if ip igmp snooping...

Page 8: ...ipv6 mld snooping filter 95 3 9 20 9 config if ipv6 mld snooping immediate leave 95 3 9 20 10 config if ipv6 mld snooping max groups 95 3 9 20 11 config if ipv6 mld snooping mrouter 96 3 9 21 config lacp 96 3 9 21 1 config lacp system priority 96 3 9 21 2 config if lacp 96 3 9 21 3 config if lacp key 97 3 9 21 4 config if lacp port priority v_1_to_65535 97 3 9 21 5 config if lacp role active passi...

Page 9: ...g if media type 116 3 9 28 config if mtu 116 3 9 29 config mep 117 3 9 29 1 config mep inst 117 3 9 29 2 config mep inst ais 117 3 9 29 3 config mep inst aps 118 3 9 29 4 config mep inst cc 118 3 9 29 5 config mep inst client domain 119 3 9 29 6 config mep inst client flow 119 3 9 29 7 config mep inst dm 120 3 9 29 8 config mep inst dm ns 120 3 9 29 9 config mep inst dm overflow reset 121 3 9 29 1...

Page 10: ...nst domain 139 3 9 35 2 config ptp clockinst filter 140 3 9 35 3 config ptp clockinst mode 140 3 9 35 4 config ptp clockinst priority1 141 3 9 35 5 config ptp clockinst priority2 141 3 9 35 6 config ptp clockinst time property 142 3 9 35 7 config ptp clockinst uni 142 3 9 35 8 config if ptp clockinst 143 3 9 35 9 config if ptp clockinst announce 143 3 9 35 10 config if ptp clockinst delay asymmetr...

Page 11: ...64 3 9 40 2 config rmon event 165 3 9 40 3 config if rmon collection history 166 3 9 40 4 config if rmon collection stats 166 3 9 41 config if shutdown 166 3 9 42 config smtp 167 3 9 42 1 config smtp 167 3 9 42 2 config smtp auth 167 3 9 42 3 config smtp event 167 3 9 42 4 config smtp port 167 3 9 42 5 config smtp recipient 168 3 9 42 6 config smtp server ip address 168 3 9 42 7 config smtp userna...

Page 12: ...anning tree recovery interval 185 3 9 44 21 config spanning tree transmit hold count 186 3 9 44 22 config if spanning tree 186 3 9 44 23 config if spanning tree auto edge 186 3 9 44 24 config if spanning tree bpdu guard 187 3 9 44 25 config if spanning tree edge 187 3 9 44 26 config if spanning tree link type 187 3 9 44 27 config if spanning tree mst instance cost 188 3 9 44 28 config if spanning ...

Page 13: ...2 Port Status 204 4 1 3 Refresh 204 4 1 4 Help System 204 4 1 5 Logout 204 4 2 SYSTEM 205 4 2 1 System Configuration 205 4 2 2 System Information 206 4 2 3 System IP 206 4 2 4 System IP Status 208 4 2 5 System NTP 208 4 2 6 System Time 209 4 2 7 System Log Configuration 210 4 2 8 System Log Information 210 4 2 9 System Detailed Log 211 4 2 10 System CPU Load 211 4 2 11 System SMTP 212 4 3 GREEN ET...

Page 14: ... Statistics 246 4 5 5 2 NAS 246 4 5 5 2 1 Configuration 247 4 5 5 2 2 Switch Status 250 4 5 5 2 3 Port Statistics 250 4 5 5 3 ACL 252 4 5 5 3 1 Ports 252 4 5 5 3 2 Rate Limiters 253 4 5 5 3 3 Access Control List 253 4 5 5 3 4 ACL Status 257 4 5 5 4 DHCP 259 4 5 5 4 1 Snooping Configuration 259 4 5 5 4 2 Snooping Statistics 260 4 5 5 4 3 Relay Configuration 260 4 5 5 4 4 Relay Statistics 261 4 5 5 ...

Page 15: ...0 IPMC 307 4 10 1 IGMP Snooping 307 4 10 1 1 Basic Configuration 307 4 10 1 2 VLAN Configuration 309 4 10 1 3 Port Filtering Profile 310 4 10 1 4 Status 311 4 10 1 5 Groups Information 312 4 10 1 6 IPv4 SFM Information 312 4 10 2 MLD Snooping 313 4 10 2 1 Basic Configuration 313 4 10 2 2 VLAN Configuration 314 4 10 2 3 Port Filtering Profile 315 4 10 2 4 Status 316 4 10 2 5 Groups Information 317 ...

Page 16: ... Queue Policing 340 4 18 4 Port Scheduler 341 4 18 5 Port Shaping 344 4 18 6 Port Tag Remarking 344 4 18 7 Port DSCP 346 4 18 8 DSCP Based QoS 347 4 18 9 DSCP Translation 348 4 18 10 DSCP Classification 349 4 18 11 QoS Control List 349 4 18 12 Storm Control 352 4 19 MIRRORING 352 4 20 UPNP 353 4 21 PTP IEEE1588 354 4 21 1 Configuration 354 4 21 2 Status 358 4 22 DIAGNOSTICS 359 4 22 1 Ping 359 4 2...

Page 17: ...rnet transmission Housed in rugged DIN rail or wall mountable enclosures these switches are designed for harsh environments such as industrial networking and intelligent transportation systems ITS and are also suitable for many military and utility market applications where environmental conditions exceed commercial product specifications Standard operating temperature range models 10 C 60 C and w...

Page 18: ...04SM E model is identical in every way except it can support an extended operating temperature range of 40 C to 75 C 1 2 3 IFS 1604GSM The IFS 1604GSM is an Industrial Fast Ethernet Switch IFS for commercial temperature range of 10 C to 60 C There are 16 LAN ports with RJ 45 connectors that support 10M 100M Ethernet There are 4 fiber ports that support 100M 1000M dual rate speed and utilize SFP ca...

Page 19: ...ption STP RSTP MSTP ITU T G 8032 Ethernet Protection Ring EPR for cabling redundancy QoS Traffic classification QoS CoS Band width control for Ingress and Egress broadcast storm control DiffServ IEEE802 1q VLAN MAC based VLAN IP subnet based VLAN Protocol based VLAN VLAN translation MVR Dynamic IEEE 802 3ad LACP Link Aggregation Static Link Aggregation IGMP MLD snooping V1 V2 V3 IGMP Filtering Thr...

Page 20: ...rol IEEE 802 3x for full duplex mode back pressure for half duplex mode MTU 9600 Bytes Jumbo Frames MAC Table 8K Connectors LAN 16 x RJ 45 10 100BaseTX 16 x RJ 45 10 100 1000BaseX or 8 x RJ 45 10 100 1000BaseTX auto detect speed auto negotiate duplex auto MDI MDI X function Full Half duplex Fiber 4 X 100 1000 BaseX or 12 X 100 1000 BaseX dual speed mode SFP slots supporting DDMI Console RS 232 RJ ...

Page 21: ...ght side Detailed descriptions for each feature are also provided in the following sub sections 5 6 Top Panel Front Panel 1 2 4 5 1 2 3 3 RJ 45 LAN ports SFP based fiber optical ports RJ 45 console port LED indicators Terminal block for two power inputs and alarm relay contact Earth ground screw Screw holes for din rail and wall mounting kit 1 2 3 4 5 6 7 Index Reference Side Rear Panel 5 6 7 ...

Page 22: ... utilize SFP modules for fiber transmissions Each of the fiber ports has an associated status LED to indicate the presence or absence of fiber link and will also flash when there is Ethernet activity on the port Each of three SFP cages may insert any standard SFP module and be configured for 100M or 1000M operation By having a third fiber port these devices can be used in a ring or linear topology...

Page 23: ... any web browser Front of unit 2 4 1 RJ 45 Pin Assignment This RJ 45 connector provides an RS 232 DCE data communication equipment asynchronous serial connection for local management 2 4 2 Accessory Cable This DB9F to RJ 45 cable provides a connection for the RS 232 This cable is used between the IFS IGS Series and the serial port of terminal Pin Ref Definition Direction 3 RxD Receive Data Out tow...

Page 24: ... Web user interface See Alarm Configuration in SNMP for more information on configuring alarm relay and triggering fault events Please note that the alarm relay contact can only support 1A current at 24VDC Do not apply voltage and current that exceed these specifications 2 6 Earth Ground Connection A separate Earth grounding terminal is provided on the top mental palate for safety grounding of the...

Page 25: ...en this unit is the master in a fiber ring and all units are configured for u Ring or ERPS Ethernet Ring Protection Switching or G 8032 RJ 45 Link Act Green On Port link is up and works in 10M 100M Blinking Traffic is present Amber For IGS 1604SM IGS 812SM only On Port link is up and works in 1000M Blinking Traffic is present Fiber Link Act Green On The fiber link is up Blinking Traffic is present...

Page 26: ...INSTALLATION 2 8 2 Un mounting IFS IGS Series with DIN Rail bracket has a steel spring in the upper rail of the bracket This spring is compressed for mounting and un mounting by applying downward force Mounting Un mounting ...

Page 27: ...nt Protocol SNMP The operator will use SNMP management software to manage and monitor the IFS IGS Series switches on a network This requires some configuration of the device to allow SNMP management In addition the network management platform will need to import and compile the proprietary MIB management information base file so that the manager knows how to manage the IFS IGS devices 3 2 CONSOLE ...

Page 28: ...f commands available in the current mode Up arrow key To view the previous entered commands Down arrow key To view the previous entered commands Tab key To complete an unfinished command 3 5 Command Syntax Commands introduced in this user manual are written using the coherent symbols and easy to understand syntax and style Although users can issue Help command to complete a desired command in CLI ...

Page 29: ... 9 3 6 1 Configuring IPv4 Address IP address 192 168 0 101 Subnet mask 255 255 255 0 config terminal config interface vlan 1 config if vlan ip address 192 168 0 101 255 255 255 0 config if vlan exit config exit show ip interface brief Vlan Address Method Status 1 192 168 0 101 24 Manual DOWN 3 6 2 Enter Config Interface Mode Enter Port 3 s Config Interface mode config terminal config interface Fas...

Page 30: ... and full license terms must have been made available to you Redboot comes with ABSOLUTELY NO WARRANTY RedBoot fi lo d managed Image loaded from 0x80040000 0x80ae54cc RedBoot go Press ENTER to get started 3 6 5 Load Factory Defaults Load factory default settings reload defaults Reloading defaults attempting to keep IP address Please stand by Load factory defaults but keep IP settings reload defaul...

Page 31: ...er Fiber Type Wave Length Wave Length 2 Link Length TX Power RX Power RX Sensitivity Temperature 19 No SFP Module CTC UNION SFS 7020 WA DDI Single 1310 nm 1550 nm 20 km 6 dBm 37 dBm 23 dBm 28 degree C CTC UNION SFS 7020 WB DDI Single 1550 nm 1310 nm 20 km 6 dBm 37 dBm 23 dBm 25 degree C 3 6 8 Show Running Configurations show running config Building configuration username admin privilege 15 passwor...

Page 32: ...ock detail show dot1x show history 3 6 10 Help Help command can be issued in User Exec and Global Config mode to get a hint message describing how to use show command to get help from CLI help Help may be requested at any point in a command by entering a question mark If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help ...

Page 33: ...mpt Username admin Password disable In User mode only limited commands are available These commands are used for clearing statistics entering Exec mode and pinging the specified destination To configure a function you should enter Config mode or Config Interface mode 3 7 1 clear ip arp Syntax clear ip arp Explanation Clear ARP cache 3 7 2 clear lldp statistics Syntax clear lldp statistics Explanat...

Page 34: ... help messages 3 7 7 logout Syntax logout Explanation Logout the Command Line Interface 3 7 8 ping ip Syntax ping ip v_ip_addr repeat count size size interval seconds v_ip_addr Specify IPv4 address that you want to ping repeat count The number of packets that are sent to the destination IP or host size size The size of the packet interval seconds Timeout interval The ping test is successful only w...

Page 35: ...aittime waittime Parameters v_ip_addr Specify the IP address of the destination host maxTTL maxttl Specify the maximum number of hops that the system will trace waittime waittime Specify how long the system will wait for a reply Explanation Trace the the path of a packet to reach the specified IP or host 3 7 11 show commands In User mode show commands can be issued to display current status or set...

Page 36: ...r Explanation Clear the specified group s ERPS statistics 3 8 5 clear ip arp Syntax clear ip arp Explanation Clear ARP cache 3 8 6 clear ip dhcp detailed statistics Syntax clear ip dhcp detailed statistics server client snooping relay helper all interface port_type in_port_list Explanation ClearIP DHCP statistics Parameter server client snooping relay helper all Specify the type of information tha...

Page 37: ...vlan_list icmp icmp msg type Explanation Clear IPv4 statistics for system interface and ICMP 3 8 11 clear ipv6 mld snooping Syntax clear ipv6 mld snooping vlan v_vlan_list statistics Explanation Clear statistics for IPv6 MLD Snooping 3 8 12 clear ipv6 neighbors Syntax clear ipv6 neighbors Explanation Clear the table for IPv6 neighbors 3 8 13 clear ipv6 statistics Syntax clear ipv6 statistics syste...

Page 38: ...ar mep inst lm dm tst Explanation Clear a specific instance MEP information 3 8 19 clear mvr Syntax clear mvr vlan v_vlan_list name mvr_name statistics Explanation Clear MVR statistics 3 8 20 clear spanning tree Syntax clear spanning tree statistics interface port_type v_port_type_list detected protocols interface port_type v_port_type_list_1 Explanation Clear specific interfaces Spanning Tree sta...

Page 39: ...ile in flash or TFTP server Explanation Save running configurations to startup configurations Example Save running configurations to startup configurations Explanation Save startup configurations to running configurations Example Save running configurations to startup configurations Explanation Save running configurations to Flash 201 copy running config Flash 201 Building configuration Saving 148...

Page 40: ...ectory of flash r 1970 01 01 00 00 00 284 default config rw 2015 01 01 01 56 32 1487 startup config rw 2015 01 01 01 56 49 1487 201 3 files 3258 bytes total delete flash 201 dir Directory of flash r 1970 01 01 00 00 00 284 default config rw 2015 01 01 01 56 32 1487 startup config 2 files 1771 bytes total dir Directory of flash r 1970 01 01 00 00 00 284 default config rw 2015 01 01 01 56 32 1487 st...

Page 41: ...t apply to this command Explanation To initialize dot1x function in an interface immediately 3 8 28 erps Syntax erps group command clear force manual port0 port1 Explanation Configure ERPS instance Parameters group 1 64 Specify a group number between 1 64 clear force manual Specify an action port0 port1 Specify port0 east or port1 west that applies to this command 3 8 29 firmware swap Syntax firmw...

Page 42: ...ery process 3 8 32 more Syntax more path path Specify the filename Explanation Display file in Flash or in TFTP server 3 8 33 ping ip Syntax ping ip v_ip_addr repeat count size size interval seconds Explanation Ping the specified IP Parameters addr Specify the IPv4 address or IPv6 address for ping test 3 8 34 ping ipv6 Syntax ping ipv6 v_ipv6_addr repeat count size size interval seconds interface ...

Page 43: ...atus 3 8 36 reload cold Syntax reload cold Explanation Perform a cold reload on the system 3 8 37 reload defaults Syntax reload defaults keep ip Explanation Restore the device to factory default settings Parameters keep ip Keep VLAN 1 IP setting 3 8 38 send Syntax send session_list console 0 vty vty_list message Explanation Send messages to other tty lines Parameters session_list console 0 vty vty...

Page 44: ...al exec timeout Syntax terminal exec timeout 0 1440 0 3600 Parameters 0 1440 Specify the timeout value in minutes 0 3600 Specify the timeout value in seconds Explanation Set up terminal timeout value Show show terminal show terminal Negation no terminal exec timeout 3 8 41 terminal history size Syntax terminal history size 0 32 Parameters 0 32 Specify the current history size 0 means to disable Ex...

Page 45: ...erminal display width Show show terminal show terminal Negation no terminal width 3 8 44 traceroute ip Syntax traceRoute ip v_ip_addr maxTTL maxttl waittime waittime Parameters v_ip_addr Specify the IP address of the destination host maxTTL maxttl Specify the maximum number of hops that the system will trace waittime waittime Specify how long the system will wait for a reply Explanation Trace the ...

Page 46: ...iphy diagnostics test 3 8 47 show commands In Exec mode show commands can be issued to display current status or settings of a certain command They will be introduced in Section 3 9 Commands in Config Mode 3 9 Commands in Config Mode 3 9 1 config aaa authentication login Syntax config aaa authentication login console telnet ssh http local radius tacacs local radius tacacs local radius tacacs Expla...

Page 47: ... management entry web snmp telnet all Specify matched hosts can access the switch from which interface Example Allow IP 192 168 0 1 to 192 168 0 10 to access the device via Web SNMP and Telnet Negation config no access management config no access management access_id Show show access management statistics access_id_list Clear clear access management statistics 3 9 3 config access list 3 9 3 1 conf...

Page 48: ...able interface PORT_TYPE Redirect frames to a specific port or disable this function shutdown Enable shutdown function tag any tagged untagged Specify whether frames should be tagged or untagged tag priority 0 1 0 3 2 3 4 5 4 7 6 7 TagPriority 0 7 any Specify the priority value vid Vid 1 4095 any Specify the VLAN ID Show show access list interface port_type v_port_type_list rate limiter rate_limit...

Page 49: ...is function redirect disable interface PORT_TYPE Redirect frames to a specific port or disable this function shutdown Enable shutdown function tag any tagged untagged Specify whether frames should be tagged or untagged tag priority 0 1 0 3 2 3 4 5 4 7 6 7 TagPriority 0 7 any Specify the priority value vid Vid 1 4095 any Specify the VLAN ID Show show access list interface port_type v_port_type_list...

Page 50: ...tion config if no access list logging 3 9 3 6 config if access list mirror Syntax config if access list mirror Explanation Enable a specific port s frames to be mirrored to a destination port Show show access list interface port_type v_port_type_list Negation config if no access list mirror 3 9 3 7 config if access list policy Syntax config if access list policy policy_id Parameters policy_id 0 25...

Page 51: ...rt when specified rules are matched Negation config if no access list shutdown 3 9 3 11 config if access list redirect port copy Syntax config if access list redirect port copy interface port_type port_type_id port_type port_type_list Parameters redirect port copy Redirect or copy this port s frames to the specified port interface port_type port_type_id port_type port_type_list Specify the redirec...

Page 52: ... aggregation mode 3 9 4 2 config if aggregation group Syntax config if aggregation group unit Explanation Add this specific interface to the specified aggregation group Parameters unit Specify the aggregation group ID Negation config if no aggregation group Show show aggregation mode 3 9 5 config banner 3 9 5 1 config banner motd banner Syntax config banner motd banner Parameters motd Type in the ...

Page 53: ... used to repeat the configuration every year Parameters summer time word16 Specify a description for this day light setting date start_month_var start_date_var start_year_var start_hour_var end_month_var end_date_var end_year_var end_hour_var offset_var start_month_var 1 12 Specify the starting month start_date_var 1 31 Specify the starting day start_year_var 2000 2097 Specify the starting year st...

Page 54: ...end_day_var end_month_var end_hour_var offset_var start_week_var 1 5 Specify the starting week start_day_var 1 31 Specify the starting day start_month_var 1 12 Specify the starting month start_hour_var hh mm Specify the time to start end_week_var 1 5 Specify the ending week end_day_var 1 31 Specify the ending day end_month_var 1 12 Specify the ending month end_hour_var hh mm Specify the time to en...

Page 55: ...planation To enable 802 1x service Example Enable 802 1x service Negation config no dot1x system auth control Show show dot1x status interface port_type v_port_type_list brief show dot1x status interface port_type v_port_type_list brief 3 9 8 2 config dot1x re authentication Syntax config dot1x re authentication Explanation Set clients to be re authenticated after an interval set in Re authenticat...

Page 56: ... authentication value between 1 and 3600 Example Set re authentication timer to 100 Negation config no dot1x authentication timer re authenticate 3 9 8 4 config dot1x timeout tx period Syntax config dot1x timeout tx period v_1_to_65535 Explanation Specify the time that the switch waits for a supplicant response during an authentication session before transmitting a Request Identify EAPOL packet By...

Page 57: ...yntax config dot1x timeout quiet period v_10_to_1000000 Explanation The time after an EAP Failure indication or RADIUS timeout that a client is not allowed access This setting applies to ports running Single 802 1X Multi 802 1X or MAC based authentication By default hold time is set to 10 seconds The allowed range is 10 1000000 seconds Parameters 10 1000000 Specify a value between 10 and 1000000 s...

Page 58: ...Specify the guest VLAN ID The allowed VLAN ID range is from 1 to 4095 Negation config no dot1x guest vlan 3 9 8 9 config dot1x guest vlan supplicant Syntax config dot1x guest vlan supplicant Explanation Enable Guest VLAN supplicant function The switch remembers if an EAPOL frame has been received on the port for the life time of the port Once the switch considers whether to enter the Guest VLAN it...

Page 59: ...comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once succe...

Page 60: ...ax config if dot1x radius vlan Explanation Enable RADIUS Assigned VLAN on the selected interfaces Example Enable RADIUS Assigned VLAN on port 1 10 Negation config if no dot1x radius vlan 3 9 8 15 config if dot1x re authenticate Syntax config if dot1x re authenticate Explanation Schedules reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based aut...

Page 61: ...for this specific interface Example Set port 1 s duplex mode to auto Negation config if no duplex Show show interface port_type v_port_type_list status show interface port_type v_port_type_list status 3 9 10 config enable 3 9 10 1 config enable password Syntax config enable password password Explanation Configure enable password Parameters password password Specify the enable mode password 3 9 10 ...

Page 62: ...assword password Specify the enable mode password Explanation Configure enable secret password and privilege level Negation config no enable secret 0 5 level priv 3 9 11 config erps 3 9 11 1 config erps group guard guard_time_ms Syntax config erps group guard guard_time_ms Explanation Configure the specified group s guard time Parameters group 1 64 Specify a group number The allowed range is from ...

Page 63: ... port0 Specify Port 0 s port type and port number Port 0 is also known as E port East port which is used by some of the other vendors port_type port1 Specify Port 1 s port type and port number Port 1 is also known as W port West port which is used by some of the other vendors When this port is interconnected with the other sub ring 0 is used in this field to indicate that no west port is associate...

Page 64: ... to Restore timer in revertive mode Parameters group 1 64 Specify a group number The allowed range is from 1 to 64 wtr_time_minutes Specify Wait to Restore timer in minutes The allowed range is from 1 to 12 minutes Negation config no erps group revertive Show show erps groups detail statistics 3 9 11 6 config erps group rpl owner neighbor port0 port1 Syntax config erps group rpl owner neighbor por...

Page 65: ...ecify Port 1 s port type and port numbr or specify major ring s group ID Negation config no erps group Show show erps groups detail statistics 3 9 11 8 config erps group topology change propagate Syntax config erps group topology change propagate Parameters group 1 64 Specify a group number The allowed range is from 1 to 64 Explanation Allow topology change notification propagation Negation config...

Page 66: ...cs 3 9 12 config if excessive restart Syntax config if excessive restart Explanation Restart backoff algorithm after 16 collisions No excessive restart means discard frames after 16 collisions Negation config if no excessive restart Show show interface port_type v_port_type_list status show interface port_type v_port_type_list status 3 9 13 config if flowcontrol on off Syntax config if flowcontrol...

Page 67: ...t Syntax config green ethernet led on event link change v_0_to_65535 error Explanation The switch will bring LED intensity to 100 for the specified period in the event of any error such as link down Parameters link change v_0_to_65535 Specify how long LED intensity 100 lasts when errors occur The allowed value is from 0 to 65535 error Bring LED intensity to 100 in the event of errors Example Bring...

Page 68: ...ic frames by mapping the frames to a specific queue done with QOS and then mark the queue as an urgent queue When an urgent queue gets data to be transmitted the circuits will be powered up at once and the latency will be reduced to the wakeup time Queues set will activate transmission of frames as soon as data is available Otherwise the queue will postpone transmission until a burst of frames can...

Page 69: ...g gvrp 3 9 15 1 config gvrp Syntax config gvrp Explanation Globally enable GVRP function Example Globally enable GVRP function Negation config no gvrp 3 9 15 2 config gvrp max vlans Syntax config gvrp max vlans maxvlans Explanation Set up the maximum number of VLANs can be learned via GVRP Parameters maxvlans Specify the number of VLANs learned via GVRP Example Set the maximum number of VLANs can ...

Page 70: ...at LeaveAll PDUs are created A LeaveAll PDU indicates that all registrations are shortly de registered Participants will need to rejoin in order to maintain registration The valid value is 1000 to 5000 centi seconds The factory default 1000 centi seconds NOTE The LeaveAll time parameter must be greater than the Leave time parameter Negation config no gvrp time join time jointime leave time leaveti...

Page 71: ..._port_list switchport access trunk hybrid show interface port_type v_port_type_list capabilities show interface port_type v_port_type_list statistics packets bytes errors discards filtered priority priority_v_0_to_7 up down show interface port_type v_port_type_list status show interface port_type v_port_type_list veriphy show interface vlan vlist show interface port_type in_port_list switchport ac...

Page 72: ... arp inspection interface port_type in_port_type_list vlan in_vlan_list Clear clear ip arp 3 9 18 2 config ip arp inspection entry interface Syntax config ip arp inspection entry interface port_type in_port_type_id vlan_var mac_var ipv4_var Explanation Create ARP static entry Parameters port_type in_port_type_id Specify the port type and port number vlan_var Specify a configured VLAN ID mac_var Sp...

Page 73: ...inspection entry dhcp snooping static interface port_type in_port_type_list 3 9 18 4 config ip arp inspection vlan Syntax config ip arp inspection vlan in_vlan_list Explanation Specify ARP inspection is enabled on which VLAN Parameters in_vlan_list Specify a list of VLAN ID to be used for ARP inspection Negation config no ip arp inspection vlan in_vlan_list Show show ip arp show ip arp Clear clear...

Page 74: ...rmation option Syntax config ip dhcp relay information option Explanation Enable DHCP Relay option 82 function Please note that Relay Mode must be enabled before this function is able to take effect Example Enable DHCP Relay option 82 function Negation config no ip dhcp relay information option 3 9 18 8 config ip dhcp relay information policy drop keep replace Syntax config ip dhcp relay informati...

Page 75: ...DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports Example Enable DHCP snooping function Example Set the holdtime to 5 Negation config no ip dhcp snooping Show show ip dhcp snooping interface port_type in_port_list show ip dhcp snooping interface port_type in_port_list show ip dhcp snooping table Clear clear ip dhcp snooping statistics interfac...

Page 76: ...s disabled web browser will automatically redirect to an HTTP connection Example Enable the HTTPS operation mode Negation config no ip http secure server Show show ip http server secure status 3 9 18 13 config ip http secure redirect Syntax config ip http secure redirect Explanation Enable the HTTPS redirect mode operation It applies only if HTTPS mode is Enabled Automatically redirects HTTP of we...

Page 77: ...ic and determine which hosts will receive multicast traffic The switch can passively monitor or snoop on IGMP Query and Report packets transferred between IP multicast routers and IP multicast service subscribers to identify the multicast group members The switch simply monitors the IGMP packets passing through it picks out the group registration information and configures the multicast filters ac...

Page 78: ...c Select the checkbox to flood traffic Negation config no ip igmp unknown flooding 3 9 18 19 config ip name server Syntax config ip name server v_ipv4_ucast dhcp interface vlan v_vlan_id Explanation Set up DNS IP address manually or obtain DNS IP address via specific VLAN DHCP server Parameters v_ipv4_ucast Manually specify unicast IPv4 name server address dhcp interface vlan v_vlan_id Configure D...

Page 79: ...oute 3 9 18 21 config ip routing Syntax config ip routing Explanation Enable IPv4 and IPv6 routing Example Enable IPv4 and IPv6 routing Negation config no ip routing Show show ip route show ipv6 route interface vlan vlan_list show ip route show ipv6 route interface vlan vlan_list 3 9 18 22 config ip source binding interface Syntax config ip source binding interface port_type in_port_type_id vlan_v...

Page 80: ... is preferred to Telnet unless the management network is trusted Telnet passes authentication credentials in plain text making those credentials susceptible to packet capture and analysis SSH provides a secure authentication method The SSH in this device uses version 2 of SSH protocol 3 9 18 24 config ip verify source Syntax config ip verify source Explanation Enable IP source guard function Negat...

Page 81: ... log types Deny Log denied entries Permit Log permitted entries All Log all entries Negation config if no ip arp inspection logging 3 9 18 28 config if ip arp inspection trust Syntax config if ip arp inspection trust Explanation Enable trust state on the selected interfaces Negation config if no ip arp inspection trust 3 9 18 29 config if ip dhcp snooping trust Syntax config if ip dhcp snooping tr...

Page 82: ...t service without sending an IGMP group specific GS query to that interface Negation config if no ip igmp snooping immediate leave Show show ip igmp snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail show ip igmp snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail 3 9 18 32 config if ip igmp snooping...

Page 83: ...ource interface port_type in_port_type_list show ip verify source interface port_type in_port_type_list 3 9 18 35 config if ip verify source limit Syntax config if ip verify source limit 0 2 Explanation Specify the maximum number of dynamic clients that can be learned on a port The available options are 0 1 2 If the port mode is enabled and the maximum number of dynamic clients is equal 0 the swit...

Page 84: ...p icmp msg type 3 9 18 38 config if vlan ip igmp snooping compatibility Syntax config if vlan ip igmp snooping compatibility auto v1 v2 v3 Explanation Configure IGMP Snooping version used for this specific VLAN Parameters auto v1 v2 v3 Specify one of the IGMP Snooping options auto Compatible with Version 1 Version 2 and Version 3 v1 Compatible with IGMP version 1 v2 Compatible with IGMP version 2 ...

Page 85: ...address Syntax config if vlan ip igmp snooping querier address v_ipv4_ucast Explanation Specify IGMP Snooping querier IP address Parameters v_ipv4_ucast Specify IGMP Snooping querier unicast IP address Negation config if vlan no ip igmp snooping querier address 3 9 18 42 config if vlan ip igmp snooping querier election Syntax config if vlan ip igmp snooping querier election Explanation Enable IGMP...

Page 86: ...2 or greater By default it is set to 2 Parameters ipmc_rv 1 255 Specify IPMC Robustness Variable value The valid value is 1 255 Negation config if vlan no ip igmp snooping robustness variable 3 9 18 46 config if vlan ip igmp snooping unsolicited report interval Syntax config if vlan ip igmp snooping unsolicited report interval ipmc_uri Explanation The Unsolicited Report Interval is the amount of t...

Page 87: ...6 mld snooping compatibility auto v1 v2 Explanation Configure MLD Snooping version used for this specific VLAN Parameters auto v1 v2 v3 Specify one of the MLD Snooping options auto Compatible with Version 1 Version 2 v1 Compatible with MLD version 1 v2 Compatible with MLD version 2 Negation config if vlan no ipv6 mld snooping compatibility 3 9 18 50 config if vlan ipv6 mld snooping last member que...

Page 88: ...MLD Snooping querier election function Negation config if vlan no ipv6 mld snooping querier election 3 9 18 53 config if vlan ipv6 mld snooping query interval ipmc_qi Syntax config if vlan ipv6 mld snooping query interval ipmc_qi Explanation Specify MLD Query interval value Parameters ipmc_qi 1 31744 Specify IPMC Query interval value The valid value is 1 31744 Negation config if vlan no ipv6 mld s...

Page 89: ...config if vlan ipv6 mld snooping unsolicited report interval ipmc_uri Explanation The Unsolicited Report Interval is the amount of time that the upstream interface should transmit unsolicited IGMP reports when report suppression proxy reporting is enabled The allowed range for URI is 0 31744 seconds Parameters ipmc_uri 0 31744 Specify Unsolicited Report Interval value The valid value is 0 31744 Ne...

Page 90: ...Specify the multicast IP range The available IP range is from 224 0 0 0 239 255 255 255 Negation config no no ipmc range entry_name Show show ipmc profile profile_name detail 3 9 19 4 config ipmc profile default range Syntax config ipmc profile default range entry_name Parameters entry_name word16 Specify an entry name in 16 characters for this IPMC profile Explanation To set default IPMC Profile ...

Page 91: ...file range entry_name permit deny log next next_entry Parameters entry_name Specify an entry name permit deny Specify the action taken upon receiving the Join Report frame that has the group address matches the address range of the rule Permit Group address matches the range specified in the rule will be learned Deny Group address matches the range specified in the rule will be dropped log Log whe...

Page 92: ...mld snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail show ipv6 mld snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail 3 9 20 2 config ipv6 mld host proxy leave proxy Syntax config ipv6 mld host proxy leave proxy Explanation Enable IPv6 MLD leave proxy To prevent multicast router from becoming over...

Page 93: ...v_port_type_list sfm information detail show ipv6 mld snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail 3 9 20 4 config ipv6 mld snooping vlan Syntax config ipv6 mld snooping vlan v_vlan_list Parameters v_vlan_list Specify VLAN ID for MLD Negation config no ipv6 mld snooping vlan v_vlan_list Show show ipv6 mld snooping vlan v_vlan_list group datab...

Page 94: ...fic Example Enable IPv6 MLD proxy Negation config no ipv6 mld unknown flooding Show show ipv6 mld snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail show ipv6 mld snooping mrouter detail show ipv6 mld snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail show ipv6 mld snooping mrouter detail 3 9 20 7 c...

Page 95: ... service without sending an IGMP group specific GS query to that interface Negation config if no ipv6 mld snooping immediate leave Show show ipv6 mld snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail show ipv6 mld snooping vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail 3 9 20 10 config if ipv6 mld snoop...

Page 96: ...ng vlan v_vlan_list group database interface port_type v_port_type_list sfm information detail show ipv6 mld snooping mrouter detail 3 9 21 config lacp 3 9 21 1 config lacp system priority Syntax configure lacp system priority v_1_to_65535 Parameters v_1_to_65535 The priority of the port The allowed value range is from 1 to 65535 Explanation Configure system priority for LACP function The lower nu...

Page 97: ...port priority v_1_to_65535 Explanation Configure a LACP key for this interface Parameters v_1_to_65535 Specify a LACP port priority for this interface The lower number means greater priority This priority value controls which ports will be active and which ones will be in a backup role Negation config if no lacp port priority v_1_to_65535 Show show lacp internal statistics system id neighbour 3 9 ...

Page 98: ...w show lacp internal statistics system id neighbour 3 9 22 config line 3 9 22 1 config line Syntax configure line 0 16 console 0 vty 0 15 Explanation Enter the specific line When Enter is pressed the command line changes to config line Parameters 0 16 console 0 vty 0 15 Specify one of the options 0 16 List of line numbers console 0 Console line connection vty 0 15 VTY lines are the Virtual Termina...

Page 99: ...nfig line editing Explanation Enable command line editing Negation config line no editing Show show line alive show line alive 3 9 22 4 config line end Syntax config line end Explanation Return to EXEC mode Example Return to EXEC mode Example Enable IPv6 MLD proxy config t config line console 0 config line end config t config line console 0 config line do show aaa console local telnet local ssh lo...

Page 100: ...x config line exec timeout min sec Parameters min Specify timeout in minutes The allowed range is 0 to 1440 sec Specify timeout in seconds The allowed range is 0 to 3600 Negation config line no exec timeout Show show line alive show line alive 3 9 22 7 config line exit Syntax config line exit Explanation Return to Config mode Example Return to Config mode Example Enable IPv6 MLD proxy config t con...

Page 101: ...2 10 config line length Syntax config line length length Explanation Configure the number of lines displayed on the screen config t config line console 0 config line history size 10 config t config line console 0 config line help Help may be requested at any point in a command by entering a question mark If nothing matches the help list will be empty and you must backup until entering a shows the ...

Page 102: ...n of this device Parameters location Location description for the terminal The characters allowed are 32 Example Configure the location cabinet5a Negation config line no location Show show line alive show line alive 3 9 22 12 config line motd banner Syntax config line motd banner Explanation Enable the display of motd message of the day banner Example Enable motd banner config t config line consol...

Page 103: ...e privilege level to 5 for vty 1 Negation config line no privilege level Show show line alive show line alive 3 9 22 14 config line width Syntax config line width width Explanation Configure the width of the terminal line Parameters width Specify the width of the terminal line The allowed range is 40 to 512 Specify 0 for unlimited width Example Change of width of vty 1 to 60 Negation config line n...

Page 104: ...tax config lldp reinit val Explanation Configure a delay between the shutdown frame and a new LLDP initialization Parameters val Specify a value between 1 and 10 seconds Example Set the LLDP re initiation value to 3 Negation config no lldp reinit 3 9 23 3 config lldp timer Syntax config lldp timer val Explanation Configure the interval between LLDP frames are sent to its neighbors for updated disc...

Page 105: ...gs84 nad83 navd88 nad83 mllw Specify one of the options WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is the North American Vertical Datum of 1988 NAVD88 This datum pair is to be used when referencing locations on land not near tidal water ...

Page 106: ... new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including between Network Connectivity Devices or to other types of links Parameters v_1_to_10 Specify a valid value between 1 a...

Page 107: ...me p o box additional code Specify one of the options country The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US state National subdivisions state canton region province prefecture county County parish gun Japan district city City township shi Japan Example Copenhagen district City division borough city district ward chou Japan block Neighbourhood block street Street...

Page 108: ... v_word25 Explanation Configure a value for Emergency Location Information Parameters v_word25 A value for Emergency Location Information ELIN Example Set the emergency location information to 911 Negation config no lldp med location tlv elin addr 3 9 23 10 config lldp med location tlv latitude Syntax config lldp med location tlv latitude north south v_word8 Explanation Configure a value for latit...

Page 109: ... untagged l2 priority v_0_to_7 dscp v_0_to_63 Explanation Configure a LLDP MED policy ID for a service Parameters policy_index Specify a policy ID The valid range is from 0 to 31 voice voice signaling guest voice signaling guest voice softphone voice video conferencing streaming video video signaling Specify one of the services for this policy ID tagged v_vlan_id untagged Specify whether this serv...

Page 110: ...erface Parameters v_range_list Assign a policy to this interface Negation config if no lldp med media vlan policy list v_range_list Show show lldp med media vlan policy v_0_to_31 show lldp med media vlan policy v_0_to_31 3 9 23 15 config if lldp med transmit tlv Syntax config if lldp med transmit tlv capabilities location network policy Explanation To configure LLDP MED TLV Type for specific inter...

Page 111: ...e sent from this device Negation config if no lldp tlv select management address port description system capabilities system description system name Show show lldp neighbors interface port_type v_port_type_list show lldp neighbors interface port_type v_port_type_list 3 9 23 18 config if lldp transmit Syntax config if lldp transmit Explanation To configure LLDP Tx only mode for specific interface N...

Page 112: ...mple Use IPv4 address to configure log server Example Set the holdtime to 5 Negation config no logging host Show show logging show logging logging_id 1 4294967295 show logging info warning error 3 9 24 3 config logging level Syntax config logging level info warning error Explanation Configure what kind of messages will send to syslog server Parameters info warning error Specify one of the log mess...

Page 113: ...anation Configure the period for which a port will be kept disabled Parameters t 0 604800 Specify a shutdown time value The valid values are from 0 to 604800 seconds 0 means that a port is kept disabled until next device restart Example Set the shutdown time value to 180 seconds Negation config no loop protect shutdown time Show show loop protect interface port_type plist 3 9 25 3 config loop prot...

Page 114: ...ct action Syntax config if loop protect action shutdown log Explanation Configure the action taken when loops are detected on a port Parameters shutdown log When a loop is detected on a port the loop protection will immediately take appropriate actions Actions will be taken include Shutdown Port Shutdown Port and Log or Log Only Negation config if no loop protect action Show show loop protect inte...

Page 115: ...ow mac address table conf static aging time learning count interface port_type v_port_type_list address v_mac_addr vlan v_vlan_id vlan v_vlan_id_1 interface port_type v_port_type_list_1 show mac address table aging time 3 9 26 2 config mac address table static Syntax config mac address table static v_mac_addr vlan v_vlan_id interface port_type v_port_type_list Explanation Configure the static MAC ...

Page 116: ...ng mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Negation config if no mac address table learning secure Show show mac address table conf static aging time learning count interface port_type v_port_type_list address v_mac_addr vlan v_vlan_id vlan v_vlan_id_1 interface port_type v_port_typ...

Page 117: ...c vlan Specify a domain option Port This is a MEP in the Port Domain Flow Instance is a Port CURRENTLY Port is available for use Evc This is a MEP in the EVC Domain Flow Instance is a EVC The EVC must be created VLAN This is a MEP in the VLAN Domain Flow Instance is a VLAN The VLAN must be created vid vid A C tag or S tag depending on VLAN port type is added with this VID Entering 0 means no tag w...

Page 118: ...t MAC Must be multi in case of RAPS Ring Automatic Protection Switching Protocol uni OAM PDU is transmitted with unicast MAC The MAC is taken from peer MEP MAC database This option is only possible in case of LAPS Linear Automatic Protection Switching Protocol laps raps octet octet Specify an option laps APS PDU is transmitted as L APS this is for ELPS raps APS PDU is transmitted as R APS this is ...

Page 119: ...le are EVC and VLAN domain Show show mep inst peer cc lm dm lt lb tst aps client ais lck detail 3 9 29 6 config mep inst client flow Syntax config mep inst client flow cflow level level ais prio aisprio ais highest lck prio lckprio lck highest Explanation Configure the priority to be used when transmitting AIS in each client flow Parameters inst Specify an instance ID number client flow cflow unit...

Page 120: ...g and receiving timestamps of initiators Frame Delay RxTimeb TxTimeStampf Flow The frame delay calculated by the transmitting and receiving timestamps of initiators and remotes Frame Delay RxTimeb TxTimeStampf TxTimeStampb RxTimeStampf interval interval Interval between PDU transmission in 10ms Min value is 10 last n lastn The last N dalays used for average last N calculation Min value is 10 Negat...

Page 121: ...nst dm proprietary Syntax config mep inst dm proprietary Explanation Use proprietary Delay Measurement Parameters inst Specify an instance ID number Negation config no mep inst dm proprietary Show show mep inst peer cc lm dm lt lb tst aps client ais lck detail Clear clear mep inst lm dm tst 3 9 29 11 config mep inst dm syncronized Syntax config mep inst dm syncronized Explanation Configure time sy...

Page 122: ...eer MAC To wards MIP only unicast Loop Back is possible count count The number of LBM PDU to be sent size size The number of bytes in the LBM PDU Data Pattern TLV interval interval The number of bytes in the LBM PDU Data Pattern TLV Negation config no mep inst lb Show show mep inst peer cc lm dm lt lb tst aps client ais lck detail 3 9 29 13 config mep inst lck Syntax config mep inst lck fr1s fr1m ...

Page 123: ...OAM PDU is transmitted with unicast MAC The MAC is taken from peer MEP MAC database In case of LM there is only one peer MEP single dual Dual ended LM is based on CCM PDU Single ended LM is based on LMM LMR PDU fr10s fr1s fr6m fr1m fr6h Specify a frame rate fr10s Frame rate is 10 f s fr1s Frame rate is 1 f s fr6m Frame rate is 6 f min fr1m Frame rate is 1 f min fr6h Frame rate is 6 f hour flr flr ...

Page 124: ... ITU MEG ID or the IEEE Short MA depending on the selected MEG ID format The ITU max is 13 characters The ITU CC max is 15 characters The IEEE max is 16 characters itu itu cc ieee name name Specify a MEG ID format itu The MEG ID has ITU format ICC UMC The meg id max is 13 characters itu cc The MEG ID has ITU Country Code format CC ICC UMC The meg id max is 15 characters ieee The MEG ID Short MA Na...

Page 125: ...e test signal priority in case of tagged OAM In the EVC domain this is the COS ID dei Drop Eligible Indicator in case of tagged OAM mep id mepid Configure Peer MEP ID value for unicast TST The MAC is taken from peer MEP MAC database sequence Enable sequence number in TST PDU all zero all one one zero Specify an option all zero Test pattern is set to all zero all one Test pattern is set to all one ...

Page 126: ... an instance ID number Negation config no mep inst tst tx Show show mep inst peer cc lm dm lt lb tst aps client ais lck detail Clear clear mep inst lm dm tst 3 9 29 23 config mep inst vid Syntax config mep inst vid vid Explanation To configure VID of MEP Parameters inst Specify an instance ID number vid The MEP VID value Negation config no mep inst vid Show show mep inst peer cc lm dm lt lb tst ap...

Page 127: ... port_type v_port_type_list cpu cpu_switch_range both rx tx Explanation Configure which source ports RX or TX traffic should be mirrored to the destination port Parameters interface port_type v_port_type_list Specify the interface type means all interfaces both rx tx Specify which direction of traffic should be mirrored to the destination port both means both received and transmitted traffic rx me...

Page 128: ...mvr_name channel Show show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail 3 9 31 3 config mvr name mvr_name frame priority Syntax config mvr name mvr_name frame priority cos_priority Explanation Configure the priority for ...

Page 129: ...vr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail 3 9 31 5 config mvr name mvr_name igmp address Syntax config mvr name mvr_name igmp address v_ipv4_ucast Explanation Configure IGMP IPv4 address for the specified MVR entry Par...

Page 130: ... The allowed range is from 0 to 31744 tenths of a second Example Set LMQI value to 600 tenths of a second Negation config no mvr vlan mvr_name last member query interval Show show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information de...

Page 131: ... no mvr vlan v_vlan_list Show show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail 3 9 31 9 config mvr vlan v_vlan_list channel Syntax config mvr vlan v_vlan_list channel profile_name Explanation Configure MVR name and chan...

Page 132: ...lan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail 3 9 31 11 config mvr vlan v_vlan_list frame tagged Syntax config mvr vlan v_vlan_list frame tagged Explanation Tagged IGMP MLD frames will be sent Parameters v_vlan_list Specify MV...

Page 133: ...an v_vlan_list last member query interval Syntax config mvr vlan v_vlan_list last member query interval ipmc_lmqi Explanation Configure the maximum time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership Parameters v_vlan_list Specify MVR VLAN ID for this entry ipmc_lmqi Specify the LMQI Last Member Query Interval value By default LM...

Page 134: ...tail show mvr vlan v_vlan_list name mvr_name group database interface port_type v_port_type_list sfm information detail 3 9 31 15 config if mvr immediate leave Syntax config if mvr immediate leave Explanation Enable immediate leave function When enabled the device immediately removes a port from a multicast stream as soon as it receives leave message for that group This option only applies to an i...

Page 135: ...mvr vlan Syntax config if mvr vlan v_vlan_list type source receiver Explanation Configure port role of a specific MVR VLAN ID for this specific interface Parameters v_vlan_list MVR Multicast VLAN list source receiver Specify MVR port role source MVR source port receiver MVR receiver port Negation config if no mvr immediate leave 3 9 32 config ntp 3 9 32 1 config ntp Syntax config ntp Explanation E...

Page 136: ...lon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once name_var The domain name for NTP server Example Set the NTP server 1 to 192 168 1 253 Negation config no ntp server index_var Show show ntp status 3 9 33 config port security 3 9 33 1 ...

Page 137: ...planation Configure a desired aging time value If Aging is enabled secured MAC addresses are subject to aging as discussed this command With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corre...

Page 138: ...rity violation protect trap trap shutdown shutdown Explanation If the limit is exceeded the specified action will take effect Parameters protect trap trap shutdown shutdown Specify one of the actions taken when the limit is exceeded protect Do not allow more than the specified limit of MAC addresses to access on a port No action is further taken trap If Limit 1 MAC addresses are seen on the port s...

Page 139: ...nds available in Configuration mode Parameters exec configure config vlan line interface if vlan ipmc profile snmps host stp aggr dhcp pool rfc2544 profile Specify the group command that you want to configure level privilege Specify the privilege level The allowed range is 0 to 15 cmd Initial valid words and literals of the command to modify in 128 characters Example The following example sets the...

Page 140: ...ave port state port ds interface port_type v_port_type_list 3 9 35 3 config ptp clockinst mode Syntax config ptp clockinst mode boundary e2etransparent p2ptransparent master slave onestep twostep ethernet ip4multi ip4unicast oneway twoway id v_clock_id vid vid prio tag Explanation Configure details of a PTP clock instance Parameters clockinst 0 3 Specify the instance number boundary e2etransparent...

Page 141: ... Specify Clock priority 1 for PTP BMC algorithm 0 is highest priority Negation config no ptp clockinst priority1 Show show ptp clockinst default current parent time property filter uni slave port state port ds interface port_type v_port_type_list show ptp clockinst default current parent time property filter uni slave port state port ds interface port_type v_port_type_list 3 9 35 5 config ptp cloc...

Page 142: ...raceable Specify this to denote freq traceable True ptptimescale Specify this to denote ptptimescale True time source time_source Specify time source value Valid range is 0 to 255 Show show ptp clockinst default current parent time property filter uni slave port state port ds interface port_type v_port_type_list show ptp clockinst default current parent time property filter uni slave port state po...

Page 143: ... announce Syntax config if ptp clockinst announce interval interval timeout timeout 1 Explanation Configure the settings for announce timing messages Parameters clockinst 0 3 Specify the instance number interval interval timeout timeout 1 Specify the time for sending announce messages The range is 0 to 4 seconds For timeout value specify the time for announcing timeout messages The range is 2 to 1...

Page 144: ... End to end delay measurement p2p Peer to peer delay measurement Negation config if no ptp clockinst delay asymmetry Show show ptp clockinst default current parent time property filter uni slave port state port ds interface port_type v_port_type_list show ptp clockinst default current parent time property filter uni slave port state port ds interface port_type v_port_type_list 3 9 35 12 config if ...

Page 145: ...yntax config if ptp clockinst ingress latency ingress_latency Explanation Configure ingress latency measured in ns as defined in IEEE 1588 Section 7 3 4 2 Parameters clockinst 0 3 Specify the instance number ingress_latency Specify ingress latency The range is 100000 to 100000 Negation config if no ptp clockinst ingress latency Show show ptp clockinst default current parent time property filter un...

Page 146: ... but it can be a member of multiple Private VLANs Parameters pvlan_list Specify the private VLAN ID Negation config if no pvlan pvlan_list Show show pvlan pvlan_list 3 9 36 2 config if pvlan isolation Syntax config if pvlan isolation Explanation Enable Port Isolation function on this specific interface Port Isolation is used to prevent communications between customer ports in a same Private VLAN T...

Page 147: ...pl Show show qos show qos interface port_type port wred maps dscp cos dscp ingress translation dscp classify cos dscp dscp egress translation storm qce qce 3 9 37 2 config qos map dscp classify Syntax config qos map dscp classify dscp_num be af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef va Parameters dscp classify dscp_num be af11 af12 af13 af21 af22 af...

Page 148: ...ed number is from 0 to 63 be Default PHB DSCP 0 for best effort traffic af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 Assured Forwarding PHB AF 11 DSCP 10 12 DSCP 12 13 DSCP 14 21 DSCP 18 22 DSCP 20 23 DSCP 22 31 DSCP 26 32 DSCP 28 33 DSCP 30 41 DSCP 34 42 DSCP 36 cs1 cs2 cs3 cs4 cs5 cs6 cs7 Class selector PHB CS1 precedence 1 DSCP 8 CS2 precedence 2 DSCP 16 CS3 precedence 3 DSCP 24 ...

Page 149: ...cs2 cs3 cs4 cs5 cs6 cs7 Class selector PHB CS1 precedence 1 DSCP 8 CS2 precedence 2 DSCP 16 CS3 precedence 3 DSCP 24 CS4 precedence 4 DSCP 32 CS5 precedence 5 DSCP 40 CS6 precedence 6 DSCP 48 CS7 precedence 7 DSCP 56 ef Expedited Forwarding PHB DSCP 46 va Voice Admit PHB DSCP 44 Example The following example maps cs4 to cs5 Negation config no qos map dscp egress translation dscp_num be af11 af12 a...

Page 150: ...map dscp ingress translation dscp_num be af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef va Show show qos show qos interface port_type port wred maps dscp cos dscp ingress translation dscp classify cos dscp dscp egress translation storm qce qce 3 9 37 6 config qos qce refresh Syntax config qos qce refresh Explanation To refresh QCE Example Refresh QCE 3 9...

Page 151: ... PCP range or specify any to allow any PCP values dei ot_dei any Specify a specific DEI or specify any to allow any DEI frame type any etype etype_type any llc dsap llc_dsap any ssap llc_ssap any control llc_control any snap snap_data any ipv4 proto pr4 tcp udp any sip sip4 any dip dip4 any dscp dscp4 be af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef va ...

Page 152: ...scp By default any is used Indicate a DSCP value or a range of DSCP value fragment By default any is used Datagrams sometimes may be fragmented to ensure they can pass through a network device that uses a maximum transfer unit smaller than the original packet s size ipv6 proto IPv6 protocol includes Any TCP UDP Other If TCP or UDP is specified you may need to further define Sport Source port numbe...

Page 153: ...torm unicast multicast broadcast Show show qos storm 3 9 37 9 config if qos cos Syntax config if qos cos cos Explanation Configure CoS value on this selecte infterface Parameters cos Specify COS value 1 7 Negation config if no qos cos Show show qos show qos interface port_type port wred maps dscp cos dscp ingress translation dscp classify cos dscp dscp egress translation storm qce qce 3 9 37 10 co...

Page 154: ...Syntax config if qos dscp classify zero selected any Explanation Configure a classification method Parameters zero selected any Specify a classification method zero Classify if incoming DSCP is 0 selected Classify only selected DSCP for which classification is enabled in DSCP Translation table any Classify all DSCP Negation config if no qos dscp classify Show show qos show qos interface port_type ...

Page 155: ... interface Negation config if no qos dscp translate Show show qos show qos interface port_type port wred maps dscp cos dscp ingress translation dscp classify cos dscp dscp egress translation storm qce qce 3 9 37 15 config if qos map cos tag cos Syntax config if qos map cos tag cos cos dpl dpl pcp pcp dei dei Explanation Configure QoS class DP level to PCP DEI Mapping of QoS for specific interface ...

Page 156: ... show qos interface port_type port wred maps dscp cos dscp ingress translation dscp classify cos dscp dscp egress translation storm qce qce 3 9 37 18 config if qos policer Syntax config if qos policer rate fps flowcontrol Explanation Configure PCP value for specific interface Parameters rate Indicate the rate for the policer By default 500kbps is used The allowed range for kbps and fps is 100 to 1...

Page 157: ...ueue shaper queue Syntax config if qos queue shaper queue queue rate excess Explanation Configure Egress Queue Policers Rate of QoS for specific interface Parameters queue 0 7 Specify a queue or a range rate 100 3300000 Specify Policer rate in kbps excess Allow all excess bandwidth Negation config if no qos queue shaper queue queue Show show qos show qos interface port_type port wred maps dscp cos...

Page 158: ... interface port_type port wred maps dscp cos dscp ingress translation dscp classify cos dscp dscp egress translation storm qce qce 3 9 37 23 config if qos trust dscp Syntax config if qos trust dscp Explanation Enable DSCP Classification of QoS for specific interface Negation config if no qos trust dscp Show show qos show qos interface port_type port wred maps dscp cos dscp ingress translation dscp...

Page 159: ... w4 1 100 Specify weight for queue 4 w5 1 100 Specify weight for queue 5 Negation config if no qos wrr Show show qos show qos interface port_type port wred maps dscp cos dscp ingress translation dscp classify cos dscp dscp egress translation storm qce qce 3 9 38 config radius server 3 9 38 1 config radius server attribute 32 Syntax config radius server attribute 32 id Explanation Configure Radius ...

Page 160: ...dress Negation config no radius server attribute 95 Show show radius server statistics 3 9 38 4 config radius server deadtime Syntax config radius server deadtime minutes Explanation Configure RADIUS server deadtime value Deadtime is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually ...

Page 161: ...ut value If you prefer to use the global value leave this field blank retransmit retries Specify a value for retransmit retry If retransmit value is specified here it will replace the global retransmit value If you prefer to use the global value leave this field blank key key Specify a secret key If secret key is specified here it will replace the global secret key If you prefer to use the global ...

Page 162: ...rver retransmit Show show radius server statistics 3 9 38 8 config radius server timeout Syntax config radius server timeout seconds Explanation Configure the time the switch waits for a reply from an authentication server before it retransmits the request Parameters seconds Specify RADIUS server timeout value The valid range is 1 to 1000 Example Set RADIUS server timeout to 60 Negation config no ...

Page 163: ...tances 3 9 39 2 config ring instance ring Syntax config ring instance ring master east interface port_type east_port west interface port_type west_port Parameters instance 0 5 Specify the ring instance number ring This is a closed ring type master Set this ring to master ring east interface port_type east_port Specify the east port type Fast Ethernet or Gigabit Ethernet and port number west interf...

Page 164: ...castPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifIndex interval absolute delta rising threshold rising_threshold rising_event_id falling threshold falling_threshold falling_event_id rising falling both Explanation Configure RMON alarm settings RMON Alarm configuration defines specific criteria that will generate response events It can be set to test data over any specified time interval and ca...

Page 165: ...ld reaches the rising threshold and again moves back down to the failing threshold Range 2147483647 to 2147483647 falling_event_id Indicates the falling index of an event The range is 0 65535 rising falling both Specify a method that is used to sample the selected variable and calculate the value to be compared against the thresholds rising Trigger alarm when the first value is larger than the ris...

Page 166: ...quested for this entry The allowed range is 1 65535 interval interval Indicates the polling interval By default 1800 seconds is specified The allowed range is 1 3600 seconds Negation config if no rmon collection history id Show show rmon history id_list 3 9 40 4 config if rmon collection stats Syntax config if rmon collection stats id Explanation Configure RMON Statistics table using this command ...

Page 167: ...rt power power1 power2 interface linkup linkdown poe Explanation Specify what events will result in alert email messages being generated and sent Parameters system warmstart coldstart Enable Warm Start and Cold Start mail event power power1 power2 Enable Power 1 and Power 2 status mail event interface linkup linkdown poe Enable interface link up linkdown and PoE mail event Negation config no smtp ...

Page 168: ... recipient Show show smtp status 3 9 42 6 config smtp server ip address Syntax config smtp server ip address word_var Explanation Configure SMTP server IP address Parameters ip address word_var Specify SMTP server IP address Negation config no smtp server Show show smtp status 3 9 42 7 config smtp username username password encrypted Syntax config smtp username username password encrypted encry_pa...

Page 169: ...pted password for SMTP server authentication Parameters username username Specify the valid authentication username for SMTP server password unencrypted encry_password Enter the authentication password for username of SMTP server Show show smtp status 3 9 43 config snmp server 3 9 43 1 config snmp server Syntax config snmp server Explanation Enable SNMP server service Example Enable SNMP server se...

Page 170: ...length is 1 to 32 and the allowed content is ASCII characters from 0x21 to 0x7E write write_name The name of the MIB view defining the MIB objects for which this request may potentially set new values The allowed string length is 1 to 32 and the allowed content is ASCII characters from 0x21 to 0x7E Negation config no snmp server access group_name model v1 v2c v3 any level auth noauth priv Show sho...

Page 171: ...ommunity v3 3 9 43 5 config snmp server contact Syntax config snmp server contact v_line255 Explanation Configure system contact information Parameters v_line255 Specify system contact information This could be a person s name email address or other descriptions The allowed string length is 0 255 and the allowed content is the ASCII characters from 32 126 Example Set system contact information to ...

Page 172: ...t changes to config snmps host Example Set SNMP server hostname to RemoteSnmp Negation config snmp server host conf_name Show show snmp host conf_name system switch power interface aaa 3 9 43 8 config snmp server location Syntax config snmp server location v_line255 Parameters v_line255 Specify the descriptive location of this device The allowed string length is 0 255 Example Set the location to C...

Page 173: ...nation Configure SNMPv3 User settings Parameters username word 32 A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 0x21 to 0x7E engine id engineID An octet string identifying the engine ID that this entry should belong to The string must contain an even number in hexadecimal format with number ...

Page 174: ...ates the privacy protocol that this entry should belong to Possible privacy protocols are DES An optional flag to indicate that this user uses DES authentication protocol AES An optional flag to indicate that this user uses AES authentication protocol priv_passwd A string identifying the privacy password phrase The allowed string length is 8 to 32 and the allowed content is ASCII characters from 0...

Page 175: ...d overstep the excluded view entry Negation config no snmp server view view_name oid_subtree Show show snmp view view_name oid_subtree 3 9 43 14 config if snmp server host conf_name alarm Syntax config if snmp server host conf_name alarm linkdown Explanation Configure SNMP linkdown alarm for the selected interface Parameters conf_name word 32 Specify the name of the host alarm linkdown Enable link...

Page 176: ...rap destination port SNMP Agent will send SNMP message via this port the port range is 1 65535 The default SNMP trap port is 162 traps informs Specify one of the options Negation config snmps host no host 3 9 43 18 config snmps host host v_ipv4_ucast Syntax config snmps host host v_ipv4_ucast v_word45 udp_port traps informs Explanation Configure the SNMP trap destination IPv4 address Parameters v_...

Page 177: ...ation and privacy A unique engine ID for these traps and informs is needed When Trap Probe Security Engine ID is enabled the ID will be probed automatically Otherwise the ID specified in this field is used The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed securtyname Indicates the SNMP trap security name S...

Page 178: ...counting A trap will be issued at any authentication failure system coldstart warmstart The system trap events include the following coldstart The switch has booted from a powered off or due to power cycling power failure warmstart The switch has been rebooted from an already powered on state switch stp rmon Indicates that the Switch group s traps Possible traps are stp Enable STP trap rmon Enable...

Page 179: ...ge Explanation Enable auto edge function When enabled a port is automatically determined to be at the edge of the network when it receives no BPDUs Negation config stp aggr no spanning tree auto edge Show show spanning tree 3 9 44 4 config stp aggr spanning tree bpdu guard Syntax config stp aggr spanning tree bpdu guard Explanation Enable BPDU guard function This feature protects ports from receiv...

Page 180: ...atically determines whether the interface is attached to a point to point link or shared medium Negation config stp aggr no spanning tree link type Show show spanning tree 3 9 44 7 config stp aggr spanning tree mst instance cost Syntax config stp aggr spanning tree mst instance cost cost auto Explanation Configure MSTI and its path cost value Parameters mst instance 0 15 Specify MST instance numbe...

Page 181: ... Root Port for the CIST or any MSTI even if it has the best spanning tree priority Negation config stp aggr no spanning tree restricted role Show show spanning tree 3 9 44 10 config stp aggr spanning tree restricted tcn Syntax config stp aggr spanning tree restricted tcn Explanation Enable restricted TCN function If enabled this causes the port not to propagate received topology change notificatio...

Page 182: ...d start a new spanning tree calculation process BPDU Guard is therefore used to prevent the device from suffering malicious attacks With this function enabled when edge ports receive configuration BPDUs STP disables those affected edge ports After a period of recovery time those disabled ports are re activated Example Enable edge BPDU guard function Negation config no spanning tree edge bpdu guard...

Page 183: ...tance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Example Map MST Instance 1 to priority 61440 Negation config no spanning tree mst instance priority Show show spanning tree 3 9 44 15 config spanning tree mst instance vlan v_vlan_list Syntax config spanning tree mst instance vlan v_vlan_list Parameters instance 0 7 Specify an instance ID 0 means CIST 1 7...

Page 184: ...t max age maxage forward time fwdtime Parameters maxage 6 40 Specify the max age value The valid range is from 6 to 40 forward time fwdtime Fort STP bridges the Forward Delay is the time spent in each Listening and Learning state before the Forwarding state is entered This delay occurs when a new bridge comes onto a network Valid values are 4 30 seconds Explanation If another switch in the spannin...

Page 185: ...n v_0_to_65535 Parameters name name Specify a name for this MSTI By default the switch s MAC address is used The maximum length is 32 characters In order to share spanning trees for MSTI bridges must have the same configuration name and revision value revision v_0_to_65535 Specify a revision number for this MSTI The allowed range is 0 65535 Explanation Configure a name and revision number for this...

Page 186: ... utilization and decreasing this value might slow down convergence It is recommended to remain Transmit Hold Count to the default setting Example Set the spanning tree transmit hold count to 6 Negation config no spanning tree transmit hold count Show show spanning tree 3 9 44 22 config if spanning tree Syntax config if spanning tree Explanation Enable Spanning Tree on this interface Negation confi...

Page 187: ...ig if spanning tree edge Syntax config if spanning tree edge Explanation If an interface is attached to end nodes you can set it to Edge Negation config if no spanning tree edge Show show spanning tree 3 9 44 26 config if spanning tree link type Syntax config if spanning tree link type point to point shared auto Explanation Configure the link type attached to an interface Parameters point to point...

Page 188: ... spanning tree mst instance cost Show show spanning tree 3 9 44 28 config if spanning tree mst instance port priority Syntax config if spanning tree mst instance port priority prio Explanation Configure MSTI and its port priority Parameters mst instance 0 15 Specify MST instance number Specify 0 to denote CIST Specify 1 15 to denote MSTI 1 15 port priority prio Specify a port priority value Negati...

Page 189: ...slate the original VLAN ID to a new VLAN ID so as to exchange data across different VLANs and improve VLAN scaling VLAN translation replaces an incoming C VLAN tag with an S VLAN tag instead of adding an additional tag When configuring VLAN Translation both ends of the link normally must be able to replace tags appropriately In other words both ends must be configured to translate the C VLAN tag t...

Page 190: ...o switchport access vlan Show show switchport forbidden vlan vid name name show switchport forbidden vlan vid name name 3 9 46 4 config if switchport hybrid acceptable frame type Syntax config if switchport hybrid acceptable frame type all tagged untagged Explanation Configure the accepted frame types Available options include all accept all frames tagged accept only tagged frames untagged accept ...

Page 191: ...urrent list remove Remove VLANs from the current list except All VLANs except the following specified in vlan_list vlan_list Specify the VLAN list Negation config if no switchport hybrid allowed vlan Show show vlan status 3 9 46 6 config if switchport hybrid egress tag Syntax config if switchport hybrid egress tag none all except native Explanation Determines egress tagging of a port Parameters no...

Page 192: ...9 config if switchport hybrid port type Syntax config if switchport hybrid port type unaware c port s port s custom port Explanation Configures the port type in Hybrid mode for the port Parameters unaware c port s port s custom port There are four port types available Each port type s ingress and egress action is described in the following table Action Port Type Ingress Action Egress Action Unawar...

Page 193: ...S custom port will be set to an self customized value which can be set by the user using the column of Ethertype for Custom S ports When an untagged frame is received on a port a tag PVID is attached and then forwarded Negation config if no switchport hybrid port type Show show vlan status 3 9 46 10 config if switchport mode Syntax config if switchport mode access trunk hybrid Explanation Configur...

Page 194: ...Negation config if no switchport trunk vlan tag native 3 9 46 14 config if switchport vlan ip subnet id Syntax config if switchport vlan ip subnet id vce_id ipv4 vlan vid Explanation IP Subnet based VLAN configuration is to map untagged ingress frames to a specific VLAN if the source address is found in the IP subnet to VLAN mapping table When IP subnet based VLAN classification is enabled the sou...

Page 195: ...ess to the associated VLAN ID Negation config if no switchport vlan mac mac_addr vlan vid Show show vlan mac address mac_addr 3 9 46 16 config if switchport vlan mapping Syntax config if switchport vlan mapping group Explanation Configure group VLAN mapping table for this specific interface Parameters group 1 20 Indicate the Group ID that applies to this rule Negation config if no switchport vlan ...

Page 196: ...acs server deadtime minutes Explanation Deadtime is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Parameters minutes 1 1440 Specify a value for tacacs server deadtime The allowed deadtime range is between 1 to 1440...

Page 197: ... host_name port port Show show tacacs server 3 9 48 config upnp 3 9 48 1 config upnp Syntax config upnp Explanation Enable upnp operation Example Enable upnp operation Negation config no upnp Show show upnp 3 9 48 2 config upnp advertising duration Syntax config upnp advertising duration v_100_to_86400 Parameters v_100_to_86400 Specify the advertising duration The allowed range is 100 to 86400 sec...

Page 198: ...s command to configure a new user account Parameters username username word31 Specify a new username The allowed characters are 31 privilege priv 0 15 Specify the privilege level for this new user account The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But other values need to refer to each group privilege...

Page 199: ...the fully control of the device But other values need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user...

Page 200: ...encrypted password line31 Specify the unencrypted password for this user account The UNENCRYPTED Plain Text user password Any printable characters including space is accepted Example Create the new user account with the following settings Negation config no username username Show show users show users 3 9 50 config vlan 3 9 50 1 config vlan Syntax config vlan vlist Explanation Configure allowed VL...

Page 201: ...ical VLAN groups for each required protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets Parameters protocol eth2 etype arp ip ipx at snap oui rfc 1042 snap 8021h pid llc dsap ssap There are three frame types available for selection these are Ethernet SNAP and LLC The value field will need to be changed a...

Page 202: ...ds are Aggregation DHCP Debug Dhcp_Client Diagnostics EPS ERPS ETH_LINK_OAM EVC IP2 IPMC_Snooping LACP LLDP Loop_Protect MAC_Table MEP MVR Maintenance Mirroring NTP POE PTP Ports Private_VLANs QoS RPC Security Spanning_Tree System Timer UPnP VCL VLAN_Translation VLANs Voice_VLAN level cro cro 0 15 crw crw 0 15 sro sro 0 15 srw srw 0 15 1 Every group has an authorization Privilege level for the fol...

Page 203: ...b based management for the first time or after returning the device back to factory defaults input the default IP address 10 1 1 1 in your web browser Then a standard login prompt will appear depending on the type of browser used The example below is with Firefox browser Enter the IFS IGS factory default username admin with no password After successfully entering the web based management the Port ...

Page 204: ...ctly on a local LAN we recommend not using the auto refresh function as it does generate a bit of traffic 4 1 4 Help System The IFS IGS Series has an online help system to aid the engineer when setting the parameters of the device Each functional setting page is accompanied by a specific help for that functional page The user can display this help pop up at any time by clicking the help icon 4 1 5...

Page 205: ...after entering the configuration information System Contact Indicate the descriptive contact information This could be a person s name email address or other descriptions The allowed string length is 0 255 and the allowed content is the ASCII characters from 32 126 System Name Indicate the hostname for this device Alphabets A Z a z digits 0 9 and minus sign can be used However space characters are...

Page 206: ...tack should act as a Host or a Router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed between all interfaces When configuring this device for multiple VLANs the Router mode should be chosen Router mode is the default mode DNS Server This setting controls the DNS name resolution done by the switch The following modes are supported From any DHCP interfa...

Page 207: ...ease For DHCP interfaces with an active lease this column shows the current interface address as provided by the DHCP server IPv6 Address An IPv6 address is a 128 bit record represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16...

Page 208: ... the NTP mode operation Possible modes are Enabled Enable NTP client mode operation Disabled Disable NTP client mode operation Server Enter the IPv4 or IPv6 address of an NTP server IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as ...

Page 209: ...elect appropriate Time Zone from the drop down and click Save to set Acronym Set the acronym of the time zone Daylight Saving Time Configuration Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disable to disable the Daylight Saving Time configuration Select Recurring and configure th...

Page 210: ...owledgments The syslog packet will always send out even if the syslog server does not exist When the mode of operation is disabled no syslog packets are sent out Server Address This sets the IPv4 host address of syslog server If the switch provides DNS feature it also can be a host name Syslog Level This sets what kind of messages will send to syslog server Possible levels are Info Send informatio...

Page 211: ...mber 4 2 10 System CPU Load This page displays the CPU load using an SVG graph The load is measured as averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Automatic refresh occurs every 3 seconds ...

Page 212: ...our server requires authentication In most cases this is required and the following must be entered Username Enter the valid authentication username for SMTP server Password Enter the authentication password for username of SMTP server Recipient mail address Up to four recipient s E mail addresses may be entered When alert events are triggered email messages will be sent to the indicated email add...

Page 213: ...ink Down Enable disable Port Link down mail event 4 3 Green Ethernet The configuration under the Green Ethernet menu includes a number of power saving techniques 4 3 1 Green Ethernet LED Configure the LED light intensity to reduce power consumption The LED light intensity may be adjusted in a percentage of intensity during programmable time periods In the above setting example the LED intensity ha...

Page 214: ...c Engineers IEEE EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits are powered up The time it takes to power up the circuits is called wakeup time The default wakeup time is 17 us for 1Gbit links and 30 us for other link speeds EEE devices must agree upon the value of the wakeup time in order to make sure that both the receiving and t...

Page 215: ...se the queue will postpone transmission until a burst of frames can be transmitted 4 3 3 Green Ethernet Status Display the energy saving status for all ports In the above we can see that port 1 is saving power through PerfectReach as the Ethernet cable is short Our port 2 is connected to an EEE compliant device but with short cable so we have savings both by EEE and PerfectReach Ports 3 through 8 ...

Page 216: ...dicates the link is up and red that it is down Current Speed This column provides the current link speed 10 100 1G and duplex fdx Full Duplex hdx Half Duplex of each port Configured Speed This pull down selects any available link speed for the given switch port Only speeds supported by the specific port are shown Options for IGS 812SM IGS 1604SM Options for IFS 1604GSM Fiber options Possible coppe...

Page 217: ... The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is also related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS This switch supports up to 9600 byte packets Excessive Collision Mode This setting configures the port transmi...

Page 218: ...ort Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process The counter display can be updated by clicking the Refresh button When Auto refresh is chec...

Page 219: ...er queue 4 4 5 Ports QCL Status This page shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch User Indicates the QCL user QCE Indicates the index of QCE Frame Type Indicates the type of frame to look for incoming frames Po...

Page 220: ...value displayed under DSCP column Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications it may happen that resources required to add a QCE may not be available In that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on pressing Resolve Co...

Page 221: ...Transmit Queue Counters Displays the number of received and transmitted packets per input and output queue Receive Error Counters Rx Drops The number of frames dropped due to lack of receive buffers or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize The number of long 2 frame...

Page 222: ... down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Port Port number Pair The status of the cable pair OK Correctly terminated pair Open Open pair Short Shorted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short...

Page 223: ... Laser wavelength Tx Wave Length 2 Laser wavelength Rx not all SFP support this reading Link Length Link Length This is a marketing specification for this SFP module not an actual measurement TX Power The laser diode transmit power is reported by the SFP that support DDI Digital Diagnostic monitoring Interface RX Power The receive optical power is reported by SFP that support DDI RX Sensitivity Th...

Page 224: ...tch 4 5 1 1 Users This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser By default there is only one user admin assigned the highest privilege level of 15 Click the entries in User Name column to edit the existing users Or click the Add New User button to insert a new user entry ...

Page 225: ...he device But other values need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Ge...

Page 226: ...ss Limit ACL HTTPS SSH ARP Inspection IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Levels Every group has an authorization Pr...

Page 227: ...s case the next method is tried Each method is tried from left to right and continues until a method either approves or rejects a user If a remote server is used for primary authentication it is recommended to configure secondary authentication as local This will enable the management client to login via the local user database if none of the configured authentication servers are alive 4 5 1 4 SSH...

Page 228: ...peration Disabled Disable HTTPS redirect mode operation 4 5 2 Access Management 4 5 2 1 Access Management Configuration Configure the access management table on this page The maximum number of entries is 16 If the application s type matches any one of the access management entries it will be allowed access to the switch Mode Indicates the access management mode operation Possible modes are Enabled...

Page 229: ...s This page provides statistics for access management Interface The interface type through which any remote host can access the switch Received Packets The number of received packets from the interface when access management mode is enabled Allowed Packets The number of allowed packets from the interface when access management mode is enabled Discarded Packets The number of discarded packets from ...

Page 230: ...E These two fields are applicable only for SNMP version v1 or v2c If SNMP version is v3 the community string will be associated with SNMPv3 communities table SNMPv3 provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a particular range of source addresses can be used to restrict source subnet Engine ID Indicates the SNMPv3 ...

Page 231: ...SCII characters from 0x21 to 0x7E Trap Destination Address Indicates the SNMP trap destination address It allows a valid IP address in dotted decimal notation x y z w Also allowed is a valid hostname A valid hostname is a string drawn from the alphabet A Z a z digits 0 9 dot and dash Spaces are not allowed The first character must be an alpha character and the first and last characters cannot be a...

Page 232: ...security name is needed when traps and informs are enabled SNMP Trap Event System The system trap events include the following Warm Start The switch has been rebooted from an already powered on state Cold Start The switch has booted from a powered off or due to power cycling power failure AAA Authentication Authorization and Accounting A trap will be issued at any authentication failure Switch Ind...

Page 233: ...elay Power 2 Status Select the checkbox to enable Power 2 status alarm relay function Once power 2 fails the alarm relay contacts are open and Fault LED indicator is on in amber Clear the checkbox to disable Power 2 status alarm relay Interface Indicates the Interface group s alarm relay Possible options are Link Down none specific all ports Link down alarm relay Once link down occurs on the selec...

Page 234: ...e The entry index keys are Engine ID and User Name Engine ID An octet string identifying the engine ID that this entry should belong to The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Mod...

Page 235: ...o 32 characters For SHA authentication protocol the allowed string length is 8 to 40 characters The allowed content is ASCII characters from 0x21 to 0x7E Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols are None No privacy protocol DES An optional flag to indicate that this user uses DES authentication protocol AES An optional flag to indi...

Page 236: ...g identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 0x21 to 0x7E View Type Indicates the view type that this entry should belong to Possible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should b...

Page 237: ...o privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is ASCII characters from 0x21 to 0x7E Write View Name The name of the MIB view defining the MIB objects for which this request may ...

Page 238: ...te button to remove a newly inserted entry or select the checkbox to remove a saved entry during the next save Click the Save button to save settings or changes Click the Reset button to restore changed settings to the default settings 4 5 4 3 RMON Alarm Configuration RMON Alarm configuration defines specific criteria that will generate response events It can be set to test data over any specified...

Page 239: ...d until the sampled value has fallen below the rising threshold reaches the falling threshold and again moves back up to the rising threshold The threshold range is 2147483647 to 2147483647 Rising Index Indicates the rising index of an event The range is 1 65535 Falling Threshold If the current value is less than the falling threshold and the last sample value was greater than this threshold then ...

Page 240: ...5 RMON Statistics Overview This RMON statistics overview page shows interface statistics All values displayed have been accumulated since the last system reboot and are shown as counts per second The system will automatically refresh every 60 seconds by default ID Display an ID index Data Source Port ID to Monitor Drop The total number of dropped packets due to lack of resources Octets The total n...

Page 241: ...o lack of resources Octets The total number of octets of data received Pkts The total number of packets including bad packets broadcast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had ...

Page 242: ...Threshold If the current value is greater than the rising threshold and the last sample value was less than this threshold then an alarm will be generated Rising Index The index of the event to use if an alarm is triggered by monitored variables crossing above the rising threshold Falling Threshold If the current value is less than the falling threshold and the last sample value was greater than t...

Page 243: ...ng as discussed under Aging Period With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch Aging Period If Aging Enabled is checked then the aging pe...

Page 244: ...ays to re open the port Boot the switch Disable and re enable Limit Control on the port or the switch Click the Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State Display the current state of the port from the port security limit control s point of view The displayed state might be one of the following...

Page 245: ...le abbreviated by that letter has enabled port security State This shows the current status of a port It can be one of the following states Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at le...

Page 246: ...ve decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address is still forwarding traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user module has decided to hold the MAC ad...

Page 247: ...rval set in Reauthentication Period field Re autentication can be used to detect if a new device is attached to a switch port Reauthentication Period Specify the time interval for a connected device to be re authenticated By default the re authenticated period is set to 3600 seconds The allowed range is 1 3600 seconds EAPOL Timeout Specify the time that the switch waits for a supplicant response d...

Page 248: ...he maximum number of times the switch transmits an EAPOL Request Identity frame without receiving a response before adding a port to the Guest VLAN The value can only be changed when the Guest VLAN option is globally enabled The range is 1 255 Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received on the port for the life time of the port Once the switch considers ...

Page 249: ...DIUS Assigned VLAN on a port Guest VLAN Enabled Select the checkbox to enable Guest VLAN on a port Port State Display the current state of the port from 802 1X authentication point of view The possible states are as follows Globally Disabled 802 1X and MAC based authentication are globally disabled Link Down 802 1X and MAC based authentication are enabled but there is no link on a port Authorized ...

Page 250: ...most recently received EAPOL frame for EAPOL based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication QoS Class Display the QoS class that NAS assigns to the port This field is left blank if QoS is not set by NAS Port VLAN ID The VLAN ID of the port assigned by NAS This field is left blank if V...

Page 251: ... have been received by the switch Logoff The number of valid EAPOL Logoff frames that have been received by the switch Invalid Type The number of EAPOL frames that have been received by the switch in which the frame type is not recognized Invalid Length The number of EAPOL frames that have been received by the switch in which the Packet Body Length field is invalid Transmit EAPOL Counters Total Th...

Page 252: ... Rate Limiters configuration page Port Redirect Select a port to which matching frames are redirected Mirror Enable or disable mirroring feature When enabled a copy of matched frames will be mirrored to the destination port specified in Mirror configuration page ACL based port mirroring set by this parameter and port mirroring set on the general Mirror Configuration page are implemented independen...

Page 253: ...e allowed values are 0 3276700 pps or 1 100 200 300 1000000 kbps Unit Select the unit of measure used in rate 4 5 5 3 3 Access Control List Access Control List is to establish filtering rules for an ACL policy for a particular port or for all ports Rules applied to a port take effect immediately Ingress Port The ingress port of the access control entry Select All to apply to all ports or select a ...

Page 254: ...Select All to apply an ACL rule to all ports or select a particular port Policy Filter Select the policy filter type Any means no policy filter is assigned to this rule or don t care Select Specific to filter specific policy with this ACE Frame Type Select a frame type to match Available frame types include Any Ethernet ARP IPv4 By default any frame type is used Action Select the action type eithe...

Page 255: ...Any To allow all types of destination MAC addresses MC Multicast MAC address BC Broadcast MAC address UC Unicast MAC address Specific Use this to self define a destination MAC address This option is for Ethernet frame type only Ethernet Type Parameter Ether Type Filter This option can only be used to filter Ethernet II formatted packets Select Specific to define an Ether Type value ARP Parameter A...

Page 256: ...to indicate a match and not a match IP Select 0 to indicate that Protocol Address Space field in ARP RARP frame is not equal to IP 0x800 Select 1 to indicate that Protocol Address Space is equal to IP 0x800 Select Any to indicate a match and not a match Ethernet Select 0 to indicate that Hardware Address Space field in ARP RARP frame is not equal to Ethernet 1 Select 1 to indicate that Hardware Ad...

Page 257: ...limit field greater than zero must not be able to match this entry 1 denotes that IPv6 frames with a hop limit field greater than zero must be able to match this entry 4 5 5 3 4 ACL Status This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations The maximum number o...

Page 258: ...ration is disabled Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frame...

Page 259: ...n insecure ports can be carefully controlled by either using the dynamic binding registered with DHCP Snooping or using the static binding configured with IP Source Guard 4 5 5 4 1 Snooping Configuration DHCP Snooping Configuration Snooping Mode Enable or disable DHCP Snooping function globally When DHCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted port...

Page 260: ...kets received and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform The number of inform option 53 with value 8 packets received and transmitted Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Unassigned The number of lease unassigned option 53 with va...

Page 261: ...it to Server The number of packets that are relayed from client to server Transmit Error The number of packets that resulted in errors while being sent to clients Receive from Client The number of packets received from server Receive Missing Agent Option The number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID op...

Page 262: ...n 4 5 5 5 IP Source Guard 4 5 5 5 1 Configuration IP Source Guard Configuration Mode Enable or disable IP source guard globally Translate dynamic to static Click this button to translate dynamic entries to static ones Port Mode Configuration Port The port number Port rules apply to all ports Mode Enable or disable IP source guard on a port Please note that to make IP source guard work both global ...

Page 263: ...valid MAC address Click the Add New Entry button to insert an entry to the table Select the Delete checkbox to remove the entry during the next save Click the Save button to save settings or changes Click the Reset button to restore settings to default settings or previously configured settings 4 5 5 5 3 Dynamic Table The Dynamic IP Source Guard table shows entries sorted by port VLAN ID IP addres...

Page 264: ... globally Port Mode Configuration Port The port number Port rules apply to all ports Mode Enable or disable ARP Inspection on a port Please note that to make ARP inspection work both global mode and port mode must be enabled Check VLAN Enable or disable check VLAN operation Log Type There are four log types available None Log nothing Deny Log denied entries Permit Log permitted entries All Log all...

Page 265: ...N setting Log Type There are four log types available None Log nothing Deny Log denied entries Permit Log permitted entries All Log all entries Click the Add New Entry button to insert an entry to the table Select the Delete checkbox to remove the entry during the next save Click the Save button to save newly configured settings or changes Click the Reset button to restore settings to default sett...

Page 266: ...ttings to default settings or previously configured settings 4 5 5 6 4 Dynamic Table Configuration Port The port number of this entry VLAN ID VLAN ID in which the ARP traffic is permitted MAC Address User MAC address of this entry IP Address User IP address of this entry Translate to static Click the button to translate the dynamic entry to static one 4 5 5 6 5 Dynamic Table Status Port The port n...

Page 267: ... configured The allowed deadtime range is between 0 to 1440minutes Key Specify the secret key up to 64 characters This is shared between the RADIUS sever and the switch NAS IP Address The IPv4 address is used as attribute 4 in RADIUS Access Request packets If this field is left blank the IP address of the outgoing interface is used NAS IPv6 Address The IPv6 address is used as attribute 95 in RADIU...

Page 268: ...ank 4 5 6 2 RADIUS Overview The number of Authentication Accounting server Five Authentication Accounting servers are supported Click on the number to view each server s details IP Address The configured IP address and UPD port number Status The current state of RADIUS authentication server Displayed states include the following Disabled This server is disabled Not Ready The server is ready but IP...

Page 269: ... The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server Unknown Types The number of RADIUS packets that were received with unknown types from the server on the authentication port and dropped Packets Dropped The number of RADIUS packets that were received from the server on the authentication port and dropped for ...

Page 270: ...communication with the server yet RADIUS Accounting Statistics for Server Responses The number of RADIUS packets valid or invalid received from the server Malformed Responses The number of malformed RADIUS packets received from the server Malformed packets include packets with an invalid length Bad authenticators or unknown types are not included as malformed access responses Bad Authenticators Th...

Page 271: ...00 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet 4 5 6 4 TACACS Global Configuration Timeout The time the switch waits for a reply from a TACACS server before it retransmits the request Deadtime Deadtime is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the ...

Page 272: ...ion uses multiple ports in parallel to increase the link speed And there are two types of aggregation that are available namely Static and LACP Under the Aggregation heading are two major icons static and LACP 4 6 1 Static Aggregation Mode Configuration Source MAC Address All traffic from the same Source MAC address is output on the same link in a trunk Destination MAC Address All traffic with the...

Page 273: ...d ports on another devices You can configure any number of ports on the Switch as LACP as long as they are not already configured as part of a static trunk If ports on other devices are also configured as LACP the Switch and the other devices will negotiate a trunk link between them 4 6 2 1 Port Configuration Port The port number Port settings apply to all ports LACP Enabled Enable LACP on a switc...

Page 274: ...f the connection must designate as Passive LACP ports Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet Prio The priority of the port The lower number means greater priority This priority value controls which ports will be active and which ones will be in a backup role 4 6 ...

Page 275: ...l join LAG Key The aggregation key value on a port Aggr ID Display the aggregation ID active on a port Partner System ID LAG partner s system ID Partner Port The partner port connected to this local port Partner Prio The priority value of the partner 4 6 2 4 Port Statistics Port The port number LACP Received The number of LACP packets received on a port LACP Transmitted The number of LACP packets ...

Page 276: ...ly The functions covered in this section can be seen from the Redundancy menu 4 7 1 u Ring u Ring is a proprietary redundancy technology that supports 250 units in a ring topology and can bring redundant paths into service within 10 ms when link failures occur Compared with spanning tree protocol u Ring achieves faster recovery time on the network and is more flexible and scalable in network archi...

Page 277: ...xist with u Ring type or u Chain type No third party devices are used in this ring type Figure 4 Sub Ring Master The Master is generally used to decide which segment acts as a backup path The user can manually select the checkbox to set the device in a ring as a Master However if all devices Master checkboxes are left unchecked the u Ring protocol will assign one of the devices in the ring as the ...

Page 278: ...ess is selected as the Master If the Master is mis assigned to the device that does not have an edge the u Ring redundancy protocol will ignore this mis configuration Note When selecting u Chain type only the devices with an edge port or edge ports are eligible to be elected as the Master Manually select the Master in a ring If several devices are set to Master the u Ring redundancy protocol decid...

Page 279: ...s The path is never ringed The Master is elected and backup path is blocked The network with a redundant path works normally The physical link or connection in the ring is down The status of backup path is changed from blocked to forwarding status when one of the forwarding paths is down 4 7 2 Loop Protection Loops sometimes occur in a network due to improper connecting hardware problem or faulty ...

Page 280: ... each port Port settings apply to all ports Enable Enable or disable the selected ports loop protection function Action When a loop is detected on a port the loop protection will immediately take appropriate actions Actions will be taken include Shutdown Port Shutdown Port and Log or Log Only Shutdown Port A loop detected port is shutdown for a period of time configured in Shutdown Time Shutdown P...

Page 281: ... example the MAC address table used by the switch or bridge can fail since the same MAC addresses and hence the same network hosts are seen on multiple ports Second a broadcast storm occurs This is caused by broadcast packets being forwarded in an endless loop between switches A broadcast storm can consume all available CPU resources and bandwidth To solve problems causing by bridge loops spanning...

Page 282: ...dges and interfaces then you need to adjust the priorities to achieve optimized performance For MSTP operation this is the priority of the CIST Otherwise this is the priority of the STP RSTP bridge Forward Delay Fort STP bridges the Forward Delay is the time spent in each Listening and Learning state before the Forwarding state is entered This delay occurs when a new bridge comes onto a network Va...

Page 283: ...us attacks or mis settings When edge ports receive configuration BPDUs they will be automatically set to non edge ports and start a new spanning tree calculation process BPDU Guard is therefore used to prevent the device from suffering malicious attacks With this function enabled when edge ports receive configuration BPDUs STP disables those affected edge ports After a period of recovery time thos...

Page 284: ...ANs are allowed Separate VLANs with a comma and use hyphen to denote a range of VLANs Example 2 5 20 40 Leave the field empty for unused MSTI 4 7 3 3 MSTI Priorities MSTI Display MSTI instance number MSTI priority rule applies to all ports Priority Select an appropriate priority for each MSTI instance Bridge priority is used in selecting the root device root port and designated port The device wit...

Page 285: ...re 1 to 200000000 Please note that path cost takes precedence over port priority Priority Select port priority Admin Edge If an interface is attached to end nodes you can set it to Edge Auto Edge Select the checkbox to enable this feature When enabled a port is automatically determined to be at the edge of the network when it receives no BPDUs Restricted Role If enabled this causes the port not to...

Page 286: ... discarding state If enabled the port will disable itself upon receiving valid BPDU s Point to Point Select the link type attached to an interface Auto The switch automatically determines whether the interface is attached to a point to point link or shared medium Forced True It is a point to point connection Forced False It is a shared medium connection 4 7 3 5 MSTI Ports Select a specific MSTI th...

Page 287: ...iled bridge status Bridge ID The unique bridge ID for this instance consisting a priority value and MAC address of the bridge switch Root ID Display the root device s priority value and MAC address Root Port The number of the port on this switch that is closest to the root This switch communicates with the root device through this port If there is no root port then this switch has been accepted as...

Page 288: ...rt If there is no root port then this switch has been accepted as the root device of the Spanning Tree network Regional Root The Bridge ID of the currently elected regional root bridge inside the MSTP region of this bridge This parameter only applies to the CIST instance Internal Root Cost The Regional Root Path Cost For the Regional Root Bridge the cost is zero For all other CIST instances in the...

Page 289: ...connection or not This can be both automatically and manually configured Uptime The time since the bridge port was last initialized 4 7 3 7 Port Status Port The port number CIST Role The role assigned by Spanning Tree Algorithm Roles can be Designated Port Backup Port Root Port or Non STP CIST State Display the current state of a port The CIST state must be one of the following Discarding Ports on...

Page 290: ...ure details of this MEP entry Domain Port This is a MEP in the Port Domain Flow Instance is a Port Currently Port is available for use Esp Future use MEP This is a MEP in the EVC Domain Flow Instance is a EVC The EVC must be created Mpls Future use Mode Select either Mep Maintenance Entity End Point or Mip Maintenance Entity Intermediate Point Direction Select the traffic direction either Ingress ...

Page 291: ...ed by ITU in Y 1731 ANNEX A The maximum characters allowed for ICC format is 6 MEG id can allow 7 characters in maximum IEEE String This is defined by IEEE in 802 1ag The Domain name and short name can be input is 8 characters long MEG id can be 8 characters long as well ICC Domain Name Depending on the format selected enter ITU ICC or IEEE Maintenance Domain Name MEG id This is either ITU UMC MEG...

Page 292: ... all zeros Unicast Peer MAC The target switch or device s unicast MAC address You can specify unicast MAC address in xx xx xx xx xx xx xx xx xx xx xx xx or xxxxxxxxxxxx format where x is a hexadecimal digit NOTE When Peer MEP ID field is configured the device can auto negotiate the neighboring device s MAC address Therefore the user can set Unicast Peer MAC field to all zeros 00 00 00 00 00 00 for...

Page 293: ...ibed in G 8032 Type R APS APS PDU is transmitted as R APS this is for ERPS L APS APS PDU is transmitted as L APS this is for ELPS Last Octet This is the last octet of the transmitted and expected RAPS multi cast MAC In G 8031 03 2010 a RAPS multi cast MAC is defined as 01 19 A7 00 00 XX In current standard the value for this last octet is 01 and the usage of other values is for further study Click...

Page 294: ...LBM transmitted the transaction ID in the PDU is incremented Transmitted The total number of LBM PDU transmitted Reply MAC The MAC of the replying MEP MIP In case of multi cast LBM replies can be received from all peer MEP in the group This MAC is not shown in case of To Send 0 Received The total number of LBR PDU received from this Reply MAC Out of Order The number of LBR PDU received from this R...

Page 295: ...l to send or receive TST PDU Dei The DEI to be inserted as PCP bits in TAG if any Priority The priority to be inserted as PCP bits in TAG if any Peer MEP The TST frame destination MAC will be taken from the Unicast Peer MAC configuration of this peer Rate The TST frame transmission bit rate in Mega bits pr second Limit on Caracal is 400 Mbps Limit on Serval is 1Gbps Size The TST frame size This is...

Page 296: ...n in client layer flows Priority On Caracal this priority is used in sink direction client layer On Serval for each client EVC the highest COS ID ECE Class is used Frame Rate Select the frame rate of AIS PDU This is the inverse of transmission period as described in Y 1731 Protection Select the checkbox to enable protection This means that the first 3 AIS PDU is transmitted as fast as possible in ...

Page 297: ... unicast or multicast The unicast MAC will be taken from the Unicast Peer MAC configuration In case of enable of Continuity Check and dual ended Loss Measurement both implemented on SW based CCM Cast has to be the same Ended Single Single ended Loss Measurement implemented on LMM LMR Dual Dual ended Loss Measurement implemented on SW based CCM FLR Interval This is the interval in seconds where the...

Page 298: ...to transmit 1DM DMR Proprietary The proprietary way with follow up packets to transmit 1DM DMR Calc This is only used if the Way is configured to Two way Round trip The frame delay calculated by the transmitting and receiving timestamps of initiators Frame Delay RxTimeb TxTimeStampf Flow The frame delay calculated by the transmitting and receiving timestamps of initiators and remotes Frame Delay R...

Page 299: ...age delay since last clear The unit is microsecond Average last N The average delay of the last n packets since last clear The unit is microsecond Average Variation Total The average delay variation since last clear The unit is microsecond Average Variation last N The average delay variation of the last n packets since last clear The unit is microsecond Min The minimum delay since last clear The u...

Page 300: ...path instead of making a calculation to find out the forwarding path Because of this fault detection mechanism ERPS can converge in less than 50 milliseconds and recover quickly to forward traffic The following sections will provide a reference to ERPS web configurations ERPS ID Specify an ID for this group Port 0 Port 0 is also known as E port East port which is used by some of the other vendors ...

Page 301: ...he switch will show an alarm status on the ERPS Click the Add New Protection Group button to create a new entry Click the Delete button to remove a new entry Click Save to save changes Click Reset to undo any changes made locally and restore changes to previously saved default values Click Refresh to manually refresh ERPS information 4 8 IPMC Profile The IPMC Profile includes the following two sub...

Page 302: ...ule will be learned Deny Group address matches the range specified in the rule will be dropped Log Select the logging preference receiving the Join Report frame that has the group address matches the address range of the rule Enable Corresponding information of the group address that matches the range specified in the rule will be logged Disable Corresponding information of the group address that ...

Page 303: ...side in different VLANs Clients in different VLANs intend to join or leave the multicast group simply by sending the IGMP Join or Leave message to a receiver port The receiver port that belongs to one of the multicast groups can receive multicast stream from the media server MVR further isolates users who are not intended to receive multicast traffic and hence provide data security by VLAN segrega...

Page 304: ...e string is 32 Both alphabets and numbers are allowed for use IGMP Address Specify the IPv4 unicast address as source address used in IP header for IGMP control frames Mode Two MVR operation modes are provided Dynamic MVR allows dynamic MVR membership reports on source ports This is the default mode Compatible MVR membership reports are forbidden on source ports Tagging Specify whether IGMP MLD co...

Page 305: ...receive multicast data Immediate Leave Setting Port The port number Port rule applies to all ports Immediate Leave Enable for disable immediate leave function When enabled the device immediately removes a port from a multicast stream as soon as it receives leave message for that group This option only applies to an interface configured as MVR receivers 4 9 2 MVR Statistics This page displays MVR s...

Page 306: ...p Group The group address Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address The source IP Address Currently the system limits the total number of source IP addresses for filtering to be 128 When there is no source filtering address None is shown in the Source Address field Type Indicat...

Page 307: ... that IGMP packets sent in a multicast network When IGMP snooping is enabled in a switch it analyses all the IGMP packets between hosts connected to the switch and multicast routers in the network When a switch receives an IGMP report for a given multicast group from a host the switch adds the host s port number to the multicast list for that group When the switch hears an IGMP Leave it removes th...

Page 308: ...IGMP leave proxy suppresses all unnecessary IGMP leave messages so that a non querier switch forwards an IGMP leave packet only when the last dynamic member port leaves a multicast group Proxy Enabled When enabled the switch performs like IGMP Snooping with Proxy Reporting as defined in DSL Forum TR 101 April 2006 Port Related Configuration Port The port number Router Port Tick the checkbox on a g...

Page 309: ...rced IGMPv3 By default IGMP Auto is used PRI Select the priority of interface This field indicates the IGMP control frame priority level generated by the system which is used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest By default interface priority value is set to 0 RV The robustness variable RV allows tuning for the expected packet loss on a subnet I...

Page 310: ...per port basis Before you select a filtering profile for filtering purposes you must set up profiles in IPMC Profile page Port The port number Filtering Profile Select the configured multicast groups that are denied on a port When a certain multicast group is selected on a port IGMP join reports received on a port are dropped Click the summary button to view details of the selected IPMC profile ...

Page 311: ...VE or IDLE DISABLE denotes the specific interface is administratively disabled Queries Transmitted The number of queries transmitted Queries Received The number of queries received V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Route...

Page 312: ... is 32 4 10 1 6 IPv4 SFM Information VLAN ID Display the VLAN ID of the group Groups Display the IP address of a multicast group Port The switch port number Mode The filtering mode maintained per VLAN ID port number and group address Source Address The source IP address available for filtering Type Display either Allow or Deny type Hardware Filter Switch Indicates whether the data plane destined t...

Page 313: ...guration Snooping Enabled Select the checkbox to globally enable MLD Snooping feature When enabled this device will monitor network traffic and determine which hosts would like to receive multicast traffic The switch can passively monitor or snoop on MLD Listener Query and Report packets transferred between IP multicast routers and IP multicast service subscribers to identify the multicast group m...

Page 314: ...ure that multicast traffic is passed to all appropriate interfaces within the switch Fast Leave Enable fast leave function if the checkbox is ticked When a leave packet is received the switch immediately removes it from a multicast service without sending a MLD group specific GS query to that interface Throttling This field limits the maximum number of multicast groups that a port can join at the ...

Page 315: ...maximum amount of time that the IGMP router waits to receive a response to a General Query message The QRI applies when the switch is acting as the querier and is used to inform other devices of the maximum time this system waits for a response to general queries By default RQI is set to 10 seconds The allowed range is 0 31744 tenths of a second LLQI The Last Listener Query Interval sets the inter...

Page 316: ...ics VLAN ID The VLAN ID of this entry Querier Version The current working Querier version Host Version The current host version Querier Status Show the Querier status that is either ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Queries Transmitted The number of queries transmitted Queries Received The number of queries received V1 Reports Received The number of...

Page 317: ...D Snooping groups can be learned is 32 4 10 2 6 IPv6 SFM Information VLAN ID Display the VLAN ID of the group Group Display the IP address of a multicast group Port The switch port number Mode The filtering mode maintained per VLAN ID port number and group address Source Address The source IP address available for filtering Type Display either Allow or Deny type Hardware Filter Switch Indicates wh...

Page 318: ...on about each other A set of attributes referred to TLVs are used to discover neighbour devices Details such as port description system name system description system capabilities management address can be sent and received on this device The LLDP menu contains the following sub menus Select the appropriate menu to set up detailed configurations 4 11 1 Configuration LLDP Parameters Tx Interval Spe...

Page 319: ...witch will send out LLDP information but will drop LLDP information received from neighbours CDP Aware CDP aware operation is used to decode incoming CDP Cisco Discovery Protocol frames If enabled CDP TLVs that can be mapped into a corresponding field in the LLDP neighbors table are decoded all others are discarded CDP TLVs are mapped into LLDP neighbors table as shown below Optional TLVs LLDP use...

Page 320: ...ended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including between Network Connectivity Devices or to other types of links Coordinates Location Latitude Latitude SHOULD be normalized to within 0 90 degrees with a maximum of 4 digits It is possible to specify the direction to either North...

Page 321: ...ry code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City City township shi Japan Example Copenhagen City District City division borough city district ward chou Japan Block Neighbourhood Neighbourhood block Street Street Example Poppelvej Leading street direction Example N Trailing street su...

Page 322: ... one of 64 code point values 0 63 as defined in IETF RFC 2474 4 11 3 Neighbours Local Port The local port that a remote LLDP capable device is attached Chassis ID An ID indicating the particular chassis in this system Port ID A remote port ID that LDPDUs were transmitted Port Description A remote port s description System Name The system name assigned to the remote system System Capabilities This ...

Page 323: ...ice from a PSE device or the minimum power a PSE device is capable of sourcing over a maximum length cable based on its current configuration 4 11 6 LLDP EEE Local Port The port for this switch on which the LLDP frame was received Tx Tw The link partner s maximum time that transmit path can hold off sending data after deassertion of LPI Rx Tw The link partner s time that receiver would like the tr...

Page 324: ...7 LLDP Global Counters Global Counters Total Neighbours Entries Added Shows the number of new entries added since the switch was rebooted and for which the remote TTL has not yet expired Total Neighbors Entries Deleted The number of LLDP neighbors which have been removed from the LLDP remote systems MIB for any reason Total Neighbors Entries Dropped The number of times which the remote database on...

Page 325: ... rules as well as any specific usage rules defined for the particular Type Length Value TLV TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizational TLVs discarded Age Outs Each LLDP frame contain...

Page 326: ... port Auto On a given port learning is automatically done once unknown SMAC is received Disable Disable MAC learning function Secure Only static MAC entries listed in Static MAC Table Configuration are learned Others will be dropped NOTE Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is los...

Page 327: ...Members Ports associated with this entry 4 14 VLAN Translation VLAN Translation is especially useful for users who want to translate the original VLAN ID to a new VLAN ID so as to exchange data across different VLANs and improve VLAN scaling VLAN translation replaces an incoming C VLAN tag with an S VLAN tag instead of adding an additional tag When configuring VLAN Translation both ends of the lin...

Page 328: ... the same Group ID NOTE By default each port is mapped to a group with a group ID equal to the port number For example port 2 is mapped to the group with ID is 2 Port Number Click the appropriate radio button to include a port into a group 4 14 2 VID Translation Mapping Group ID Indicate the Group ID that applies to this translation rule VLAN ID Indicate the VLAN ID that will be mapped to a new VI...

Page 329: ...network VLANs can help group devices that communicate frequently with other in the same VLAN so as to divide the entire network into several broadcast domains VLANs make changes of devices or relocation more easily In traditional networks when moving a device geographically to a new location for example move a device in floor 2 to floor 4 the network administrator may need to change the IP or even...

Page 330: ...e a port in a forbidden port list check the box as shown To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and for every new VLAN entry all boxes are unchecked Add New VLAN Click the button once to add a new VLAN entry Save VLAN membership changes will be saved and new VLANs are enabled after clicking Save button Reset Click Reset button to ...

Page 331: ...d by S port will be set to 0x88A8 When an untagged frame is received on a port a tag PVID is attached and then forwarded S custom port When a tagged frame is received on a port 3 If a tagged frame with TPID 0x88A8 it is forwarded 4 If the TPID of tagged frame is not 0x88A8 ex 0x8810 it will be discarded The TIPID of frame transmitted by S custom port will be set to an self customized value which c...

Page 332: ...play the selected port type on a port Ingress Filtering Display whether Ingress Filtering is enabled or disabled Frame Type Display the accepted frame type on a port Tx Tag Display the Egress action on a port UVID Display the untagged VLAN ID A port s UVID determines the packet s behavior at the egress side If the VID of Ethernet frames leaving a port match the UVID these frames will be sent untag...

Page 333: ...st be a member of both a VLAN and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANs PVLAN ID Specify the PVLAN ID Valid values are 1 to 20 Port Members Select the checkbox if you would like a port to belong to a certain Priv...

Page 334: ...AC based VLAN configuration page is to set up VLANs based on source MAC addresses When ingress untagged frames are received by a port source MAC address is processed to decide which VLAN these untagged frames belong When source MAC addresses does not match the rules created untagged frames are assigned to the receiving port s native VLAN ID PVID 4 17 1 1 Membership Configuration MAC Address Indica...

Page 335: ... grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including security and easy accessibility To avoid these problems you can configure this switch with protocol based VLANs that divide the physical...

Page 336: ...protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of the OUI field is 00 00 00 then value of the PID will be etherType 0x0600 0xffff and if value of the OUI is other than 00 00 00 then valid value of the PID will be any value from 0x0000 to 0xffff LLC Logical Link Control This includes DSAP Destination Service Access Point and SSAP ...

Page 337: ... Length Indicate the network mask length VLAN ID Indicate the VLAN ID Port Members Assign ports to this rule Click the Add New Entry button to insert a new entry to the list Click the Delete button to remove a newly inserted entry or select the checkbox to remove a saved entry during the next save 4 18 QoS Network traffic is always unpredictable and the only basic assurance that can be offered is ...

Page 338: ...ault Drop Precedence Level PCP Select the appropriate value for the default Priority Code Point or User Priority for untagged frames DEI Select the appropriate value for the default Drop Eligible Indicator for untagged frames Tag Class This field displays classification mode for tagged frames on this port Disabled Use the default QoS class and DP level for tagged frames Enabled Use the mapped vers...

Page 339: ...bled Select the checkbox to enable port policing function on a port Rate Indicate the rate for the policer By default 500kbps is used The allowed range for kbps and fps is 100 to 1000000 The allowed range for Mbps and kfps is 1 to 3300Mbps Unit Select the unit of measure for the policer Flow Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead ...

Page 340: ...ttings apply to all ports Queue 0 7 Enable Select the appropriate checkboxes to enable queue policing function on switch ports When enabled the following image will appear Rate Indicate the rate for the ingress queue policer By default 500kbps is used Allowed range for kbps is 100 to 1000000 Allowed range for Mbps is 1 to 3300Mbps ...

Page 341: ...sure for the ingress queue policer Save Save the current running configurations to memory Reset Clear all selected settings 4 18 4 Port Scheduler Port Click the port to set up detailed settings for port scheduler Mode Display scheduler mode selected Weight Display the weight in percentage assigned to Q0 Q5 ...

Page 342: ...IGURATION This page allows you to set up the Schedulers and Shapers for a specific port Scheduler Mode The device offers two modes to handle queues Strict mode This gives egress queues with higher priority to be transmitted first before lower priority queues are serviced ...

Page 343: ...x to allow excess bandwidth Queue Schedule Queue Scheduler When Scheduler Mode is set to Weighted the user needs to indicate a relative weight for each queue DWRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority...

Page 344: ...NFIGURATION 4 18 5 Port Shaping This displays each port s queue shaper and port shaper s rate Click the port number to modify or reset queue shaper and port shaper s rates See Port Scheduler for detailed explanation on each configuration option 4 18 6 Port Tag Remarking ...

Page 345: ...es Default PCP 0 Default DEI 0 Mapped Use the mapping of the classified QoS class values and DP levels to PCP DEI values QoS class DP level Show the mapping options for QoS class values and DP levels drop precedence PCP Remarks matching egress frames with the specified Priority Code Point or User Priority value Range 0 7 Default 0 DEI Remarks matching egress frames with the specified Drop Eligible...

Page 346: ... which classification is enabled in DSCP Translation table All Classify all DSCP Egress Rewrite Configure port egress rewriting of DSCP values Disable Egress rewriting is disabled Enable Enable egress rewriting is enabled but with remapping Remap DP aware Frame with DSCP from analyzer is remapped and remarked with the remapped DSCP value Depending on the frame s DP level the remapped DSCP value is...

Page 347: ... trusted DSCP values are mapped to a specific QoS class and drop precedence level DPL Frames with untrusted DSCP values are treated as non IP frames QoS Class Select the QoS class to the corresponding DSCP value for ingress processing By default 0 is used Allowed range is 0 to 7 DPL Select the drop precedence level to the corresponding DSCP value for ingress processing By default 0 is used The val...

Page 348: ...anslation of DSCP values based on the specified classification method Ingress Classify Enable classification at ingress side as defined in the QoS port DSCP Configuration Table Egress Remap DP0 Remap DP0 value to the selected DSCP value DP0 indicates a drop precedence with a low priority Egress Remap DP1 Remap DP1 value to the selected DSCP value DP1 indicates a drop precedence with a high priorit...

Page 349: ...e MAC address VID PCP DEI values Once a QCE is mapped to a port traffic matching the first entry in the QoS Control List is assigned to the QoS class drop precedence level and DSCP value defined by that entry Traffic not matching any of the QCEs are classified to the default QoS Class for the port This page displays rules created in QoS control list QCL only The maximum number of QCL is 256 on thi...

Page 350: ... be put in the queue corresponding to the specified QoS class DPL The drop precedence level will be set to the specified value DSCP The DSCP value will be set to the specified value You can modify each QCE QoS Control Entry in the table using the following buttons Insert a new QCE before the current row Edit the QCE entry Move the QCE up the list Move the QCE down the list Delete the QCE The lowes...

Page 351: ...ntrol Control field may contain command response or sequence information depending on whether the LLC frame type is Unnumbered Supervisory or Information By default any is used Select specific to indicate a value 0x00 to 0xFF SNAP SubNetwork Access Protocol can be distinguished by an OUI and a Protocol ID Options for PID Any Specific 0x00 0xffff Default Any If the OUI is hexadecimal 000000 the pro...

Page 352: ... based on basic classification rules DPL If a frame matches the QCE the drop precedence level will be set to the selected value or left unchanged DSCP If a frame matches the QCE the DSCP value will be set to the selected one 4 18 12 Storm Control Storm Control is used to keep a network from downgraded performance or a complete halt by setting up a threshold for traffic like broadcast unicast and m...

Page 353: ...es transmitted on this port are mirrored on the mirror port Enable Both frames received and transmitted re mirrored on the mirror port 4 20 UPnP Mode Enable or disable UPnP operation TTL TTL Time to live is used to configure how many steps an UPnP advertisement can travel before it disappears Advertising Duration This defines how often an UPnP advertisement is sent The duration is carried in Simpl...

Page 354: ...lave Only 2 Step Flag True if two step Sync events and Pdelay_Resp events are used Clock Identity This shows unique clock identifier One Way If true one way measurements are used This parameter applies only to a slave In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay requests Protocol Select tr...

Page 355: ...t Method Shows the actual clock adjustment method The method depends on the available hardware Synchronize to System Clock Click this button to synchronize the System Clock to PTP Time Ports Configuration Click to edit the port data set for the ports assigned to this clock instance Clock Default Dataset The clock default data set is defined in the IEEE 1588 Standard It holds three groups of data t...

Page 356: ... VLAN Tag Enable This shows whether VLAN tagging for the PTP frames is enabled True or not False VID This shows VLAN Identifier used for tagging the VLAN packets PCP This shows Priority Code Point value used for PTP frames Clock current Data Set The clock current data set is defined in the IEEE 1588 Standard The current data set is dynamic stpRm This stands for Steps Removed and is the number of P...

Page 357: ...rameters are overwritten by the grandmasters timing properties The parameters are not used in the current PTP implementation Unicast Slave Configuration When operating in IPv4 Unicast mode the slave is configured up to 5 master IP addresses The slave then requests Announce messages from all the configured masters The slave uses the BMC algorithm to select one as master clock the slave then request...

Page 358: ...rt in E2Emode This value is announced from the master to the slave in an announce message The value is reflected in the MDR field in the Slave Delay Asymmetry If the transmission delay for a link in not symmetric the asymmetry can be configured here see IEEE 1588 Section 7 4 2 Communication path asymmetry Ingress latency Ingress latency measured in ns as defined in IEEE 1588 Section 7 3 4 2 Egress...

Page 359: ...he IP address that you wish to ping Ping Length The size or length of echo packets Ping Count The number of echo packets will be sent Ping Interval The time interval between each ping request 4 22 2 Ping6 This Ping function is for ICMPv6 packets IP Address Enter the IP address that you wish to ping Ping Length The size or length of echo packets Ping Count The number of echo packets will be sent Pi...

Page 360: ...to factory default settings Click Continue button to reset your device to factory defaults settings Please note that all changed settings will be lost It is recommended that a copy of the current configuration is saved to your local device 4 23 3 Software 4 23 3 1 Upload Update the latest Firmware file Select a Firmware file this file should have dat extension name from your local device and then ...

Page 361: ...nning configurations in XML format in your local device 4 23 4 2 Restore Restore With IP Check the Restore With IP box if you want to use the IP settings saved in the Configuration file that you want to restore Select a configuration file and then click Upload to restore the previously saved settings Once uploading is successful the settings saved in the uploaded configuration file will take effec...

Page 362: ...r the user defined Master is also supported and then block a port resided in Master device for backup purposes Once the disconnection is detected on the network u Ring can bring backup ports back into forwarding mode so that the disconnected path can keep contact with the whole network The purpose of this document is to give valuable aid to a network engineer in topology design deployment and conf...

Page 363: ... initial configuration and in order to avoid an Ethernet Loop condition please do not connect the physical Ring prior to completion of the u Ring configuration Configuration A Make sure SW 1 SW 2 SW 3 s Loop Protection STP ERPS and MEP configurations are all disabled Backup path ...

Page 364: ...CEDURE 364 B Add a new Instance in Redundancy u Ring Configuration page SW 1 Select u Ring type and select East port 10 and West port 9 from the pull down menu Then click Save button Delete all created entries Delete all created entries ...

Page 365: ...ROCEDURE 365 SW 2 Select u Ring type and select East port 9 and West port 10 from the pull down menu Then click Save button SW 3 Select u Ring type and select East port 9 and West port 10 from the pull down menu Then click Save button ...

Page 366: ...APPENDIX A u Ring CONFIGURATION PROCEDURE 366 C Connect the physical ring Once cabling is connected correctly u Ring starts working ...

Page 367: ... port is brought back to Forwarding mode or not A Check the Redundancy u Ring status page of each device SW 1 1 The role of SW 1 is Slave which means that East and West port will not be blocked forward data 2 East and West port are Forwarding data 3 The Green color means that the ring connection is good SW 2 1 SW 2 has the biggest MAC address among switches in the ring Therefore it is elected as t...

Page 368: ...ast port 3 The Green color means that the ring connection is good SW 3 1 The role of SW 3 is Slave which means that East and West port will not be blocked forward data 2 East and West port are Forwarding data 3 The Green color means that the ring connection is good B Using Ping to test the connectivity between Switches Go to Diagnostics Ping page 1 2 3 ...

Page 369: ...ot ping the other switch please check that you have correct cabling and configurations including IP assignment u Ring configuration C Disconnect a port to see whether the status of blocked port in SW 2 Port 10 changes to Forwarding or not 1 Manually disconnect Port 9 in SW 1 ...

Page 370: ...0 2 The status of SW 1 Port 9 and SW 3 Port 10 is down SW 1 1 The status of port 9 is down 2 The Red alarm color means that there is something wrong with the ring This may result from physical disconnection Manually disconnect Port 9 in SW 1 1 2 ...

Page 371: ...alarm color means that there is something wrong with the ring This may result from physical disconnection SW 2 1 The status of Port 10 changes from Blocking to Forwarding 2 The Red alarm color means that there is something wrong with the ring This may result from physical disconnection 1 2 1 2 ...

Page 372: ...or 256 bits AMS AMS is an acronym for Auto Media Select AMS is used for dual media ports ports supporting both copper cu and fiber SFP cables AMS automatically determines if a SFP or a CU cable is inserted and switches to the corresponding media If both SFP and cu cables are inserted the port will select the preferred media APS APS is an acronym for Automatic Protection Switching This protocol is ...

Page 373: ...nym for Differentiated Services Code Point It is a field in the header of IP packets for packet classification purposes EEE EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802 3az EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking ...

Page 374: ...rom any point within the network IGMP IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It is an integral part of the IP multicast specification like ICMP for unicast connections IGMP can be used...

Page 375: ...ons attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is store...

Page 376: ...STP protocol provides for multiple spanning tree instances while ensuring RSTP and STP compatibility The standard was originally defined by IEEE 802 1s but was later incorporated in IEEE 802 1D 2005 MVR Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANs The main reason for using MVR is to save b...

Page 377: ...1Q frame It is also known as User Priority PD PD is an acronym for Powered Device In a PoE system the power is delivered from a PSE power sourcing equipment to a remote device The remote device is called a PD PHY PHY is an abbreviation for Physical Interface Transceiver and is the device that implements the Ethernet physical layer IEEE 802 3 PING Ping Packet InterNet Grouper is a program that send...

Page 378: ...acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID There are six QCE frame types Ethernet Type VLAN UDP TCP Port DSCP TOS and Tag Priority Frames can be classified by one of 4 different QoS classes Low Normal Medium and High for individual application QCI QCI is an acronym for QoS Class Identifier This is a special identifier defining the quality of packet com...

Page 379: ...vers for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Microsoft Windows networking Samba can be installed on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the master b...

Page 380: ...elect one wikipedia SSH SSH is an acronym for Secure SHell It is a network protocol that allows data to be exchanged using a secure channel between two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee...

Page 381: ...most significant 6 bits of the ToS field are fully decoded into 64 possibilities and the singular code that results is compared against the corresponding bit in the IPv4 ToS priority control bit 0 63 TLV TLV is an acronym for Type Length Value A LLDP frame can contain multiple pieces of information Each of these pieces of information is known as TLV TKIP TKIP is an acronym for Temporal Key Integri...

Page 382: ...an wired networks When introduced in 1999 WEP was intended to provide confidentiality comparable to that of a traditional wired network Wikipedia WiFi WiFi is an acronym for Wireless Fidelity It is meant to be used generically when referring of any type of 802 11 network whether 802 11b 802 11a dual band etc The term is promulgated by the Wi Fi Alliance WPA WPA is an acronym for Wi Fi Protected Ac...

Page 383: ...ce to the wireless network Wikipedia WRED WRED is an acronym for Weighted Random Early Detection It is an active queue management mechanism that provides preferential treatment of higher priority frames when traffic builds up within a queue A frame s DP level is used as input to WRED A higher DP level assigned to a frame results in a higher probability that the frame is dropped during times of con...

Page 384: ...This page is intentionally left blank Date Version Details 2014 9 5 V1 1 Modify grammatical errors 2015 5 5 V1 2 Add CLI PTP ...

Page 385: ......

Reviews:

No comments

Related manuals for IFS-1604GSM Series

SmartSwitch 6500

Brand: Cabletron Systems Pages: 150

MMAC-Plus 9H421-12

Brand: Cabletron Systems Pages: 38

Brand: Cabletron Systems Pages: 86

MMAC-Plus 9T125-24

Brand: Cabletron Systems Pages: 30

7C03 MMAC SmartSWITCH

Brand: Cabletron Systems Pages: 16

Brand: H3C Pages: 32

Brand: H3C Pages: 22

Brand: H3C Pages: 488

Brand: H3C Pages: 3

Brand: H3C Pages: 8

Brand: H3C Pages: 25

Brand: H3C Pages: 31

Brand: H3C Pages: 23

Brand: H3C Pages: 24

Brand: H3C Pages: 126

Brand: H3C Pages: 42

Brand: H3C Pages: 32

Brand: H3C Pages: 13

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands