background image

DGS-3130 Series Layer 3 Stackable Managed Switch Web UI Reference Guide 

183 

6.

 

Layer 3 Features 

ARP 

Gratuitous ARP 

IPv6 Neighbor 

Interface 

UDP Helper 

IPv4 Static/Default Route 

IPv4 Route Table 

IPv6 Static/Default Route 

IPv6 Route Table 

Route Preference 

ECMP Settings 

RIP 

RIPng 

IP Route Filter 

Policy Route 

VRRP Settings 

 

ARP 

ARP Elevation 

This window is used to display and configure the Address Resolution Protocol (ARP) elevation state. This is used to 

allow all ARP traffic to the Switch where the destination is the Switch itself. This traffic will take a higher priority than 

other ARP packets. 
 
To view the following window, click 

L3 Features > ARP > ARP Elevation

, as shown below: 

 

Figure 6-1 ARP Elevation Window 

 
The fields that can be configured are described below: 

Parameter 

Description 

ARP Elevation State 

Select to enable or disable the ARP elevation feature here. 

Click the 

Apply

 button to accept the changes made. 

 

ARP Aging Time 

This window is used to display and configure the ARP aging time settings. 
To view the following window, click 

L3 Features > ARP > ARP Aging Time

, as shown below: 

Summary of Contents for DGS-3130 Series

Page 1: ......

Page 2: ... the D Link logo are trademarks of the D Link Corporation Microsoft and Windows are registered trademarks of the Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either as the entities claiming the marks and the names or their products D Link Corporation disclaims any proprietary interest in trademarks and trade names other than its own 2020 D Link Co...

Page 3: ...Configuration 8 Port Settings 8 Port Status 10 Port GBIC 11 Port Auto Negotiation 11 Error Disable Settings 12 Jumbo Frame 13 Interface Description 14 PoE 15 PoE System 15 PoE Status 16 PoE Configuration 17 PD Alive 18 PoE Statistics 19 PoE Measurement 20 System Log 20 System Log Settings 20 System Log Discriminator Settings 22 System Log Server Settings 23 System Log 25 System Attack Log 25 Time ...

Page 4: ...s 50 DHCP Server 51 DHCPv6 Server 59 DHCP Relay 63 DHCPv6 Relay 70 DHCP Auto Configuration 74 DNS 74 DNS Global Settings 75 DNS Name Server Settings 75 DNS Host Settings 76 IP Source Interface 76 File System 77 Stacking 79 Physical Stacking 82 Stacking Bandwidth 83 Virtual Stacking SIM 84 Single IP Settings 85 Topology 86 D Link Discovery Protocol 92 SMTP Settings 92 PPPoE Circuit ID Insertion Glo...

Page 5: ...146 Link Aggregation 148 L2 Protocol Tunnel 150 L2 Multicast Control 152 IGMP Snooping 152 MLD Snooping 159 Multicast VLAN 168 Multicast Filtering 172 LLDP 173 LLDP Global Settings 173 LLDP Port Settings 174 LLDP Management Address List 175 LLDP Basic TLVs Settings 176 LLDP Dot1 TLVs Settings 177 LLDP Dot3 TLVs Settings 177 LLDP MED Port Settings 178 LLDP Statistics Information 179 LLDP Local Port...

Page 6: ... RIPng Database 206 OSPF 206 OSPFv2 206 OSPFv3 220 IP Multicast Routing Protocol 230 IGMP 230 PIM 234 IPMC 238 IP Route Filter 239 Route Map 239 Policy Route 242 VRRP Settings 243 VRRPv3 Settings 245 7 Quality of Service QoS 248 Basic Settings 248 Port Default CoS 248 Port Scheduler Method 248 Queue Settings 250 CoS to Queue Mapping 250 Port Rate Limiting 251 Queue Rate Limiting 252 Advanced Setti...

Page 7: ... Address Entries 302 802 1X 302 802 1X Global Settings 307 802 1X Port Settings 307 Authentication Sessions Information 308 Authenticator Statistics 309 Authenticator Session Statistics 310 Authenticator Diagnostics 310 AAA 311 AAA Global Settings 311 Application Authentication Settings 312 Application Accounting Settings 312 Authentication Settings 314 Accounting Settings 316 RADIUS 318 RADIUS Gl...

Page 8: ...gs 364 Storm Control 364 DoS Attack Prevention Settings 367 SSH 368 SSH Global Settings 368 Host Key 369 SSH Server Connection 370 SSH User Settings 370 SSL 371 SSL Global Settings 372 Crypto PKI Trustpoint 372 SSL Service Policy 373 SFTP Server Settings 374 10 OAM 376 CFM 376 CFM Settings 376 CFM Port Settings 386 CFM Loopback Test 387 CFM Linktrace Settings 388 CFM Packet Counter 389 CFM Counter...

Page 9: ... Settings 418 Device Environment 419 12 Green 420 Power Saving 420 EEE 421 13 Save and Tools 423 Save Configuration 423 Firmware Upgrade Backup 423 Firmware Upgrade from HTTP 423 Firmware Upgrade from TFTP 424 Firmware Backup to HTTP 424 Firmware Backup to TFTP 425 Configuration Restore Backup 425 Configuration Restore from HTTP 425 Configuration Restore from TFTP 426 Configuration Backup to HTTP ...

Page 10: ...hancement 453 Peripheral 455 Port 456 Port Security 456 Reboot Schedule 456 Safeguard 457 SNMP 457 SSH 457 SSL 457 Stacking 458 Telnet 459 WAC 459 Web 460 Appendix C Trap Entries 461 802 1X 461 802 3ah OAM 461 Authentication Fail 462 BPDU Protection 462 CFM 462 CFM Extension 462 DDM 463 DHCP Server Screen Prevention 463 DoS Prevention 463 ERPS 464 ErrDisable 464 Gratuitous ARP 464 IP MAC Port Bind...

Page 11: ... Web UI Reference Guide ix Port 469 RMON 469 Safeguard 469 SIM 470 Stacking 471 Start 471 Storm Control 471 System File 472 Upload Download 472 VRRP 472 WAC 473 Appendix D RADIUS Attributes Assignment 474 Appendix E IETF RADIUS Attributes Support 477 ...

Page 12: ... Convention Description Boldface Font Indicates a button a toolbar icon menu or menu item For example Open the File menu and choose Cancel Used for emphasis May also indicate system messages or prompts appearing on screen For example You have mail Bold font is also used to represent filenames program names and commands For example use the copy command Initial capital letter Indicates a window name...

Page 13: ...DGS 3130 Series Layer 3 Stackable Managed Switch Web UI Reference Guide 2 CAUTION A caution indicates a potential for property damage personal injury or death ...

Page 14: ...SNMP agent on the Switch decodes the incoming SNMP messages and responds to requests with MIB objects stored in the database The SNMP agent on the Switch updates the MIB objects to generate statistics and counters Web User Interface Web UI The Web UI can be accessed from any computer running web browsing software from its MGMT port or LAN port when it is connected to any of the RJ45 or SFP SFP por...

Page 15: ...fter a user account was created login credentials will be required to access the Web UI During the sending and receiving of the login password to and from the Switch this information will be protected using TLS SSL to prevent attackers from snooping this information to gain unauthorized access to the Switch Web User Interface Web UI The Web UI provides access to various Switch configuration and ma...

Page 16: ...go to the D Link website AREA 2 This area displays a toolbar used to access Save and Tools menus AREA 3 This area displays a file explorer type menu tree with all configurable options Select the folder or window to display Open folders and click the hyperlinked window buttons and subfolders contained within them to display information pertaining to that category AREA 4 In this area the Switch s co...

Page 17: ...a list of basic information regarding the Switch It appears automatically when you log on to the Switch To return to the Device Information window after viewing other windows click the DGS 3130 30TS link Figure 3 1 Device Information Window System Information Settings This window is used to display and configure the system information settings and management interface configuration settings To vie...

Page 18: ... that can be configured in Management Interface are described below Parameter Description State Select to enable or disable the state of the management interface here IPv4 Address Enter the IPv4 address for this interface here Subnet Mask Enter the IPv4 subnet mask for this interface here Gateway Enter the gateway IPv4 address for this interface here Description Enter the description for the manag...

Page 19: ...lds that can be configured in Environment Temperature Threshold Settings are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here Thermal Select the thermal sensor ID High Threshold Enter the high threshold value of the warning temperature setting The range is from 100 to 200 degrees Celsius Tick the Default check box to return to the defa...

Page 20: ...ependent Interface Crossover MDIX option here Options to choose from are Auto Select this option for auto sensing of the optimal type of cabling Normal Select this option for normal cabling If this option is selected the port is in the MDIX mode and can be connected to a PC NIC using a straight through cable or a port in the MDI mode on another Switch through a cross over cable Cross Select this o...

Page 21: ...ation will start to negotiate the clock and flow control with its link partner 10M Specifies to force the port speed to 10Mbps This option is only available for 10Mbps copper connections 100M Specifies to force the port speed to 100Mbps This option is only available for 100Mbps copper connections 1000M Specifies to force the port speed to 1Gbps This option is only available for 1Gbps fiber connect...

Page 22: ...ormation found on each applicable physical port of this Switch To view the following window click System Port Configuration Port GBIC as shown below Figure 3 6 Port GBIC Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this display here Port Auto Negotiation This window is used to view detailed port auto negotiatio...

Page 23: ...r Description Unit Select the stacking unit ID of the Switch that will be displayed here Error Disable Settings This window is used to display and configure the recovery from the Error Disable causes and to configure the recovery interval To view the following window click System Port Configuration Error Disable Settings as shown below Figure 3 8 Error Disable Settings Window ...

Page 24: ...red for Error Disable Recovery Settings are described below Parameter Description ErrDisable Cause Select the error disabled cause here Options to choose from are Port Security Storm Control BPDU Attack Protection Dynamic ARP Inspection DHCP Snooping Loopback Detect L2PT Guard and D Link Unidirectional Link Detection State Select to enable or disable the error disabled recovery feature here Interv...

Page 25: ... Receive Frame Size Enter the maximum receive frame size value here This value must be between 64 and 12288 bytes By default this value is 1536 bytes Click the Apply button to accept the changes made Interface Description This window is used to display the status administrative status and description of each port on the Switch To view the following window click System Interface Description as show...

Page 26: ...e total power consumption exceeds the system power limit If the per port power consumption exceeds the per port power limit Active circuit protection automatically disables the port if there is a short Other ports will remain active Based on IEEE 802 3af at power is received and supplied according to the following classifications Class Maximum power used by the PD Maximum power supplied by the Swi...

Page 27: ... the power to the new connected PD with higher priority under power shortage conditions Trap State Select this option to enable or disable the sending of PoE trap notifications Click the Apply button to accept the changes made Click the Show Detail button to see the PoE system Parameters table at the bottom of the window After clicking the Show Detail button the following window will appear Figure...

Page 28: ...utton to remove the description from the entry PoE Configuration This window is used to display and configure the PoE configuration settings NOTE If the Switch failed to supply power to the IEEE 802 3at Powered Device PD Check if the PD connected to the port supports the IEEE 802 3at standard Manually configure the PoE power limit value to 30 Watts for the corresponding port To view the following ...

Page 29: ... maximum wattage is between 1000 mW and 30000 mW Time Range When selecting Auto in the Mode drop down list this option appears Tick the check box and enter the name of the time range to determine the activation period Click the Apply button to accept the changes made Click the Delete Time Range button remove the time range association for the entry PD Alive This window is used to display and confi...

Page 30: ...is the time the Switch will wait for the PD to recover from rebooting Action Select the action that will be taken here Options to choose from are Reset Specifies to reset the PoE port state Notify Specifies to send logs and traps to notify the administrator Both Specifies to send logs and traps and then to reset the PoE port state Click the Apply button to accept the changes made PoE Statistics Th...

Page 31: ...E Measurement as shown below Figure 3 167 PoE Measurement Window The fields that can be configured for PoE Measurement Table are described below Parameter Description Unit Select the stacking unit ID of the Switch that will be used here System Log System Log Settings This window is used to display and configure the system log settings To view the following window click System System Log System Log...

Page 32: ... source interface state Type Select the type of interface that will be used Options to choose from are Loopback Mgmt and VLAN VID Enter the interface VID used here For loopback interfaces this ID can be from 1 to 8 For the management Mgmt interface this value is always 0 For VLAN interfaces this value is from 1 to 4094 Click the Apply button to accept the changes made The fields that can be config...

Page 33: ...es 1 Alerts 2 Critical 3 Errors 4 Warnings 5 Notifications 6 Informational and 7 Debugging Discriminator Name Enter the discriminator name used here This name can be up to 15 characters long This specifies the name of the discriminator profile that will be used to filter console log messages based on the filtering criteria specified within that profile Click the Apply button to accept the changes ...

Page 34: ...ptions to choose from are Drops and Includes Severity Select the severity behavior option and the value of the type of information that will be logged Behavior options to choose from are Drops and Includes Severity value options to choose from are 0 Emergencies 1 Alerts 2 Critical 3 Errors 4 Warnings 5 Notifications 6 Informational and 7 Debugging Click the Apply button to accept the changes made ...

Page 35: ...rts 2 Critical 3 Errors 4 Warnings 5 Notifications 6 Informational and 7 Debugging Facility Select the facility number that will be logged here The range is from 0 to 23 Each facility number is associated with a specific facility See the table below Facility Number Facility Name Facility Description 0 kern Kernel messages 1 user User level messages 2 mail Mail system 3 daemon System daemons 4 auth...

Page 36: ... long Click the Apply button to accept the changes made Click the Delete button to delete the specified entry System Log This window is used to view and clear the system log To view the following window click System System Log System Log as shown below Figure 3 21 System Log Window Click the Clear Log button to clear the system log entries displayed in the table Enter a page number and click the G...

Page 37: ...s used to display and configure the time settings for the Switch To view the following window click System Time and SNTP Clock Settings as shown below Figure 3 23 Clock Settings Window The fields that can be configured are described below Parameter Description Time Enter the current time in hours HH minutes MM and seconds SS here For example 18 30 30 Date Enter the current day DD month MM and year...

Page 38: ...ng Recurring Setting Select to configure the summer time that should start and end on the specified week day of the specified month Date Setting Select to configure the summer time that should start and end on the specified date of the specified month Time Zone Select to specify your local time zone offset from Coordinated Universal Time UTC The fields that can be configured in Recurring Settings ...

Page 39: ...er time will start From Time Select the time of the day that summer time will start To Date of the Month Select date of the month that summer time will end To Month Select the month that summer time will end To Year Enter the year that the summer time will end To Time Select the time of the day that summer time will end Offset Enter the number of minutes to add during summer time The default value...

Page 40: ...fied entry Time Range This window is used to display and configure the time profile settings To view the following window click System Time Range as shown below Figure 3 26 Time Range Window The fields that can be configured are described below Parameter Description Range Name Enter the time profile range name here This name can be up to 32 characters long From Week To Week Select the starting and...

Page 41: ...DGS 3130 Series Layer 3 Stackable Managed Switch Web UI Reference Guide 30 Click the Delete Periodic button to delete the periodic entry Click the Delete button to delete the specified entry ...

Page 42: ...hange in the Switch configuration or operation such as show commands are not logged To view the following window click Management Command Logging as shown below Figure 4 1 Command Logging Window The fields that can be configured are described below Parameter Description Command Logging State Select to enable or disable the command logging function here Click the Apply button to accept the changes ...

Page 43: ...crypted MD5 Password After selecting Plain Text Encrypted SHA1 or Encrypted MD5 as the password type enter the password for this user account here Click the Apply button to accept the changes made Click the Delete button to delete the specified user account entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After selecting the Session Table t...

Page 44: ...assword recovery settings For example the administrator may need to update a user account because the password has been forgotten To view the following window click Management Password Recovery as shown below Figure 4 5 Password Recovery Window The fields that can be configured are described below Parameter Description Password Recovery State Select to enable or disable the password recovery featu...

Page 45: ...an be up to 32 characters long is case sensitive and can contain spaces In the encrypted form the password must be 35 bytes long and is case sensitive In the encrypted MD5 form the password must be 31 bytes long and is case sensitive Click the Apply button to accept the changes made Click the Edit button to re configure the specified entry The fields that can be configured in Login Method are desc...

Page 46: ... standard presentation of the information controlled by the on board SNMP agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The Switch supports the SNMP versions 1 2c and 3 The three versions of SNMP vary in the level of security provided between the management station and the network device In SNMPv1 and SNMPv2c user aut...

Page 47: ...he Web UI Traps Traps are messages that alert network personnel of events that occur on the Switch The events can be as serious as a reboot someone accidentally turned the Switch off unplugged the Switch or less serious like a port status change The Switch generates traps and sends them to the trap recipient or network manager Typical traps include trap messages for Authentication Failure Topology...

Page 48: ...links has come up Port Link Down Tick this option to control the sending of port link down notifications A linkDown trap is generated when the device recognizes that a one of the communication links is down Coldstart Tick this option to control the sending of SNMP coldStart notifications Warmstart Tick this option to control the sending of SNMP warmStart notifications Click the Apply button to acc...

Page 49: ...s an object tree MIB tree that will be included or excluded from access by an SNMP manager View Type Select the view type here Options to choose from are Included and Excluded Included Select to include this object in the list of objects that an SNMP manager can access Excluded Select to exclude this object from the list of objects that an SNMP manager can access Click the Add button to add a new ...

Page 50: ...e Switch s SNMP agent View Name Enter an alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the Switch The view name must exist in the SNMP View Table Access Right Select the access right here Options to choose from are Read Only and Read Write Read Only SNMP community members using the community string cr...

Page 51: ...access Security Level When selecting SNMPv3 in the User based Security Model drop down list this option is available NoAuthNoPriv Specify that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specify that authorization will be required but there will be no encryption of packets sent between the Switch and a remote SNMP manager...

Page 52: ...ay and configure the SNMP users that are currently configured on the Switch To view the following window click Management SNMP SNMP User Table Settings as shown below Figure 4 13 SNMP User Table Settings Window The fields that can be configured are described below Parameter Description User Name Enter SNMP user name here This name can be up to 32 characters long This is used to identify the SNMP u...

Page 53: ...word must be between 8 and 16 characters long Auth Protocol by Key When selecting v3 in the SNMP Version drop down list and selecting Key in the SNMP V3 Encryption drop down list this option is available Select the authentication level Options to choose from are the following MD5 Select to use the HMAC MD5 96 authentication level This field will require the user to enter a password or a key SHA Sp...

Page 54: ...Security Level When selecting SNMPv3 in the User based Security Model drop down list this option is available NoAuthNoPriv Specify that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specify that authorization will be required but there will be no encryption of packets sent between the Switch and a remote SNMP manager AuthPr...

Page 55: ...larm Trap Feature Click the Apply button to accept the changes made RMON Statistics Settings This window is used to display and configure the RMON statistics on the specified port To view the following window click Management RMON RMON Statistics Settings as shown below Figure 4 16 RMON Statistics Settings Window The fields that can be configured are described below Parameter Description Unit Sele...

Page 56: ...are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here Port Select the port that will be used here Index Enter the history group table index The value is from 1 to 65535 Bucket Number Enter the number of buckets specified for the RMON collection history group of statistics The range is from 1 to 65535 The default value is 50 Interval Ent...

Page 57: ...t identifier of the variable to be sampled Type Select the monitoring type Options to choose from are Absolute and Delta Rising Threshold Enter the rising threshold value between 0 and 2147483647 Falling Threshold Enter the falling threshold value between 0 and 2147483647 Rising Event Number Enter the index of the event entry that is used to notify the rising threshold crossing event The valid ran...

Page 58: ...rs long Type Select the RMON event entry type Options to choose from are None Log Trap and Log and Trap Community Enter the community string The string can be up to 127 characters Owner Enter the owner string The string can be up to 127 characters Click the Add button to add a new entry based on the information entered Click the Delete button to remove the specified entry Click the View Logs butto...

Page 59: ...in Source Interface are described below Parameter Description Source Interface State Select to enable or disable the source interface s state here Type Select the type of source interface that will be used here Options to choose from are Loopback Mgmt and VLAN VID Enter the interface ID here For loopback interfaces the range is from 1 to 8 For the management Mgmt interface this value can only be 0...

Page 60: ...x to return to the default setting The value is from 0 to 1439 minutes Enter 0 to disable the timeout The default value is 3 minutes Telnet Session Timeout Enter the time in minutes of the Telnet session timeout Tick the Default check box to return to the default setting The value is from 0 to 1439 minutes Enter 0 to disable the timeout The default value is 3 minutes SSH Session Timeout Enter the ...

Page 61: ...ngs This window is used to display and configure the DHCP class and the DHCP option matching pattern for the DHCP class To view the following window click Management DHCP DHCP Class Settings as shown below Figure 4 26 DHCP Class Settings Window The fields that can be configured are described below Parameter Description Class Name Enter the DHCP class name with a maximum of 32 characters Click the ...

Page 62: ...ly attached network This device is known as the DHCP client and when enabled it will emit query messages on the network before any IP parameters are set When the DHCP server receives this request it will allocate an IP address to the client The DHCP client may be then utilize the IP address allocated by the DHCP server as its local configuration The user can configure many DHCP related parameters ...

Page 63: ...ing Packet Enter the number of ping packets that the Switch will send out on the network containing the IP address to be allotted If the ping request is not returned the IP address is considered unique to the local network and then allotted to the requesting client A value of 0 means there is no ping test The range is from 0 to 10 The default value is 2 DHCP Ping Timeout Enter the amount of time t...

Page 64: ...ific page when multiple pages exist After clicking the Edit Class button the following page will appear Figure 4 30 DHCP Server Pool Settings Edit Class Window The fields that can be configured are described below Parameter Description Class Name Select an existing DHCP class name here that will be associated with this DHCP pool Start Address Enter the starting IPv4 address that will be associated...

Page 65: ...mal string in the space provided This string can be up to 254 characters long Select the None option to specify a zero length hexadecimal string After selecting IP enter the IPv4 address es in the space s provided Up to 8 IPv4 address can be entered Click the Apply button to accept the changes made Click the Delete button to remove the specified entry Click the Back button to return to the previou...

Page 66: ...ype Select the NetBIOS node type for Microsoft DHCP clients here The node type determines the method that NetBIOS uses to register and resolve names Options to choose from are Broadcast Peer To Peer Mixed and Hybrid A Broadcast system uses broadcasts A Peer To Peer p node system uses only point to point name queries to a name server WINS A Mixed m node system broadcasts first and then queries the ...

Page 67: ...low Figure 4 34 DHCP Server Manual Binding Window The fields that can be configured are described below Parameter Description Pool Name Enter the DHCP server pool name here This name can be up to 32 characters long Host Enter the DHCP host IPv4 address here Mask Enter the DHCP host network subnet mask here Hardware Address Enter the DHCP host MAC address here Client Identifier Enter the DHCP host ...

Page 68: ... here Hardware Address Enter the DHCP host MAC address here Client Identifier Enter the DHCP host identifier in hexadecimal notation here The client identifier is formatted by the media type and the MAC address Click the Apply button to accept the changes made Click the Delete button to remove the specified entry DHCP Server Dynamic Binding This window is used to view and clear the DHCP server dyn...

Page 69: ... view and clear the DHCP conflict entries from the DHCP server database To view the following window click Management DHCP DHCP Server DHCP Server IP Conflict as shown below Figure 4 377 DHCP Server IP Conflict Window The fields that can be configured are described below Parameter Description IP Address Enter the IPv4 address of the conflict entry to be located or cleared Pool Name Enter the DHCP ...

Page 70: ... DHCPv6 Server DHCPv6 Server Pool Settings This window is used to display and configure the DHCPv6 server pool settings To view the following window click Management DHCP DHCPv6 Server DHCPv6 Server Pool Settings as shown below Figure 4 399 DHCPv6 Server Pool Settings Window The fields that can be configured are described below Parameter Description Pool Name Enter the DHCPv6 server pool name here...

Page 71: ...lue is not specified then the default valid lifetime will be 2592000 seconds 30 days Preferred Lifetime Enter the preferred lifetime value here The range is from 60 to 4294967295 seconds If this value is not specified then the default preferred lifetime will be 604800 seconds 7 days DNS Server Enter the DNS server IPv6 address to be assigned to requesting DHCPv6 clients here Domain Name Enter the ...

Page 72: ... clients Use this window to exclude a single IPv6 address or a range of IPv6 addresses The excluded addresses are only applied to the pool s for address assignment To view the following window click Management DHCP DHCPv6 Server DHCPv6 Server Exclude Address as shown below Figure 4 401 DHCPv6 Server Exclude Address Window The fields that can be configured are described below Parameter Description ...

Page 73: ...e 4 423 DHCPv6 Server Interface Settings Window The fields that can be configured are described below Parameter Description Interface VLAN Enter the interface VLAN ID here The range is from 1 to 4094 Pool Name Enter the DHCPv6 server pool name here This name can be up to 12 characters long Rapid Commit Select to enable or disable two message exchange here By default two message exchange is not all...

Page 74: ...igure 4 445 DHCP Relay Global Settings Window The fields that can be configured are described below Parameter Description DHCP Relay Unicast State Select to globally enable or disable the DHCP relay unicast state here Click the Apply button to accept the changes made DHCP Relay Pool Settings This window is used to display and configure the DHCP relay pool on a DHCP relay agent To view the followin...

Page 75: ... below Parameter Description Source IP Address Enter the source subnet of client packets Subnet Mask Enter the network mask of the source subnet Click the Apply button to accept the changes made Click the Delete button to remove the specified entry Click the Back button to return to the previous window After clicking the Edit button under Destination the following window will appear Figure 4 478 D...

Page 76: ...ified entry Click the Back button to return to the previous window After clicking the Edit button the following window will appear Figure 4 50 DHCP Relay Pool Settings Class Edit Edit Window The fields that can be configured are described below Parameter Description Relay Target Enter the DHCP relay target for relaying packets that matches the value pattern of the option defined in the DHCP class ...

Page 77: ...policy for the DHCP relay agent Options to choose from are Keep Drop and Replace Keep Select to keep the packet that already has the relay option The packet is left unchanged and directly relayed to the DHCP server Drop Select to discard the packet that already has the relay option Replace Select to replace the packet that already has the relay option The packet will be replaced with a new option ...

Page 78: ...D Select the DHCP information circuit ID sub option Options to choose from are Default Select to use the default circuit ID sub option User Define Select to use a user defined circuit ID Enter the user defined string with the maximum of 32 characters in the text box Vendor1 Select to use vendor 1 as the circuit ID Expert UDF Select to use the expert UDF circuit ID Select the stand alone unit forma...

Page 79: ...atted as aa bb cc dd ee ff Uppercase Specifies that when using the uppercase format the Option 82 MAC address for the user defined profile username will be formatted as AA BB CC DD EE FF Delimiter Select the delimiter that will be used here Options to choose from are Hyphen Specifies that the format will be AA BB CC DD EE FF Colon Specifies that the format will be AA BB CC DD EE FF Dot Specifies t...

Page 80: ...lick the Apply button to accept the changes made DHCP Local Relay VLAN This window is used to display and configure local relay on a VLAN or a group of VLANs To view the following window click Management DHCP DHCP Relay DHCP Local Relay VLAN as shown below Figure 4 535 DHCP Local Relay VLAN Window The fields that can be configured are described below Parameter Description DHCP Local Relay VID List...

Page 81: ...ct to choose the User Define Field UDF for remote ID Options to choose from are ASCII and Hex ASCII Select to enter the ASCII string with a maximum of 128 characters in the text box HEX Select to enter the hexadecimal string with a maximum of 256 characters in the text box IPv6 DHCP Relay Remote ID Policy Select to choose Option 37 forwarding policy for the DHCPv6 relay agent Options to choose fro...

Page 82: ...tion MAC Format are described below Parameter Description Case Select the case that will be used here Options to choose from are Lowercase Specifies that the MAC format will be lowercase For example aa bb cc dd ee ff Uppercase Specifies that the MAC format will be uppercase For example AA BB CC DD EE FF Delimiter Select the delimiter that will be used here Options to choose from are Hyphen Specifi...

Page 83: ...AN ID for the relay destination here The range is from 1 to 4094 Click the Apply button to accept the changes made Click the Find button to locate a specific entry based on the information entered Click the Delete button to remove the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist DHCPv6 Relay Format Type Settings This window is...

Page 84: ... display and configure the DHCPv6 relay port settings To view the following window click Management DHCP DHCPv6 Relay DHCPv6 Relay Port Settings as shown below Figure 4 59 DHCPv6 Relay Port Settings Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the range of ports ...

Page 85: ...elay feature on the specified VLAN s here Click the Apply button to accept the changes made NOTE When the state of the DHCPv6 relay port is disabled the port will not relay or locally relay received DHCPv6 packets DHCP Auto Configuration This window is used to display and configure the DHCP auto configuration function To view the following window click Management DHCP Auto Configuration as shown b...

Page 86: ...p cache state here IP Domain Lookup Select to enable or disable the IP domain lookup state here IP Name Server Timeout Enter the maximum time to wait for a response from a specified name server This value is between 1 and 60 seconds IP DNS Server Select to globally enable or disable the DNS server feature here Click the Apply button to accept the changes made The fields that can be configured in I...

Page 87: ...for the host name and the IP address in the host table To view the following window click Management DNS DNS Host Settings as shown below Figure 4 594 DNS Host Settings Window The fields that can be configured are described below Parameter Description Host Name Enter the host name of the equipment IP Address Select and enter the IPv4 address of the equipment IPv6 Address Select and enter the IPv6 ...

Page 88: ... interface ID here For loopback interfaces this value is from 1 to 8 For the management interface Mgmt this value can only be 0 For VLAN interfaces this value is from 1 to 4094 Click the Apply button to accept the changes made File System This window is used to view manage and configure the Switch file system To view the following window click Management File System as shown below Figure 4 616 Fil...

Page 89: ...oot up image Click the Rename button to rename a specific file name Click the Delete button to remove a specific file from the file system NOTE If the boot configuration file is damaged the Switch will automatically revert back to the default configuration NOTE If the boot image file is damaged the Switch will automatically use the backup image file in the next boot up Click the Copy button to see...

Page 90: ... Using this method data transfer is only possible in one direction and if there is a break in the chain then data transfer will be affected Duplex Ring The Duplex Ring stacks Switches in a ring or circle format where data can be transferred in two directions This topology is very resilient due to the fact that if there is a break in the ring data can still be transferred through the stacking cable...

Page 91: ...the Switch stack Three possible roles exist when stacking with the Switch Primary Master The Primary Master is the leader of the stack It will maintain normal operations monitor operations and the running topology of the Stack This Switch will also assign Stack Unit IDs synchronize configurations and transmit commands to remaining Switches in the Switch stack The Primary Master can be manually set...

Page 92: ...e Primary Master and the Backup Master have been established the Primary Master will assign Stacking Unit IDs to Switches in the stack synchronize configurations for all Switches and then transmit commands to the rest of the Switches based on the configuration of the Primary Master Once these steps have been completed the Switch stack will enter a normal operating mode Stack Switch Swapping The st...

Page 93: ...logy mode Users can only get device information configure Box IDs save and reboot All stacking ports will be disabled and an error message will be produced on the local console port of each device in the stack Users must reconfigure Box IDs and reboot the stack to rectify the problem NOTE When constructing a stacking with different switch models static box_id setting is recommended If a new insert...

Page 94: ...ort stacking The DGS 3130 54TS 54S 54PS will use physical ports 49 and 50 for 2 port stacking The DGS 3130 54TS 54S 54PS will use physical ports 53 and 54 for 2 port stacking When the 4 port SFP or 4 port Hybrid stacking configuration is used a full duplex speed of up to 80Gbps will be used between two Switches using four physical ports aggregated into two virtual stacking ports The DGS 3130 30TS ...

Page 95: ...nly have one Commander Switch CS A SIM group accepts up to 32 Switches numbered 1 32 not including the Commander Switch numbered 0 Members of a SIM group must be in the same Layer 2 network There is no limit to the number of SIM groups in the same IP subnet broadcast domain however a single Switch can only belong to one group If multiple VLANs are configured the SIM group will only utilize the man...

Page 96: ...t the packets instead of executing packets The applications will decode the packet from the administrator modify some data and then send it to the MS After execution the CS may receive a response packet from the MS which it will encode and send it back to the administrator When a CaS becomes a MS it automatically becomes a member of the first SNMP community includes read write and read only to whi...

Page 97: ...s name is used to segment Switches into different SIM groups Click the Apply button to accept the changes made The fields that can be configured in SIM Settings are described below Parameter Description Trap State Select to enable or disable the SIM trap state here Interval Enter the interval in seconds The range is from 30 to 90 Hold Time Enter the hold time in seconds The range is from 100 to 25...

Page 98: ...w Figure 4 73 Topology Window There is a menu bar at the top of the window containing File Group Device View and Help File Print Topology Select this option to print the SIM topology map to any of the printers configured on the PC accessing the Web UI Preference Select this option to configure the display properties for the SIM topology map Figure 4 74 Preference ...

Page 99: ...ch CaS from the list and then select this option Add to Group to add the selected CaS to the SIM group Password authentication is required when a CaS is added to the SIM group Figure 4 75 Add to Group Input Password Enter the Password and click the Apply button to add the CaS to the SIM group Click the Cancel button to discard the addition and return to the Topology window Remove from Group Select...

Page 100: ...k the Save button to save the display Click the Back button to return to the previous window This window will display how the devices within the SIM Group connect to other groups and devices Possible icons on this window are as follows Icon Description Icon Description Group Layer 3 Member Switch Layer 2 Commander Switch Member Switch of other group Layer 3 Commander Switch Layer 2 Candidate Switc...

Page 101: ... Right Click Right click on a device to allow the user to perform various functions depending on the role of the Switch in the SIM group and the icon associated with it Group Commander Switch Member Switch Candidate Switch The fields that can be configured are described below Parameter Description Property Specifies to display more information about the device Configure Member Switch Only Specifie...

Page 102: ...d tagged with the last six digits of the MAC address to identify it Module Displays the full module name of the Switch MAC Address Displays the MAC address of the Switch Local Port Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Remote Port Displays the number of the physical port on the MS or CaS that the CS is connecte...

Page 103: ...e here This is used to configure interval between two consecutive DDP report messages Options to choose from are 30 60 90 120 seconds or Never Selecting Never instructs the Switch to stop sending report messages Click the Apply button to accept the changes made The fields that can be configured in DDP Port Settings are described below Parameter Description Unit Select the Switch unit that will be ...

Page 104: ...the SMTP IP type enter the SMTP server port number here The range is from 1 to 65535 By default this value is 25 SMTP IPv6 Server Port After selecting IPv6 as the SMTP IP type enter the SMTP server port number here The range is from 1 to 65535 By default this value is 25 Self Mail Address Enter the email address that represents the Switch here This string can be up to 254 characters long Send Inte...

Page 105: ... Insertion Global Settings as shown below Figure 4 86 PPPoE Circuit ID Insertion Global Settings Window The fields that can be configured in PPPoE Circuit ID Insertion Global Settings are described below Parameter Description Global PPPoE State Select this option to enable or disable the PPPoE Circuit ID Insertion on the Switch Select Disabled to disable PPPoE Circuit ID Insertion on the Switch Cl...

Page 106: ...ime interval value here The reboot will be initiated after the specified time interval has passed The range is from 1 to 43200 minutes 30 days Time Select and enter the time at which the reboot should be initiated here This time uses the 24 hour format for example 21 30 If the date was not specified the reboot will be initiated when the system clock reaches the time specified within the next 24 ho...

Page 107: ...es that this schedule is used to back up the configuration Log Specifies that this schedule is used to back up the system log File Name After clicking the Edit button enter the destination filename and path here State After clicking the Edit button select to enable or disable this schedule here Click the Apply button to accept the changes made Click the Find button to locate a specific entry based...

Page 108: ...ibed below Parameter Description Execute Entry Name Enter the name of the execution entry here This string can be up to 32 characters long Time Range After clicking the Edit button enter the time range schedule that will be used here Mode After clicking the Edit button select the mode here Options to choose from are Increase Specifies that the current configuration will not be cleared before execu...

Page 109: ...t number on which the MAC address entered resides This option could also drop the MAC address from the unicast static FDB Select the port number when selecting the Port Unit Select the stacking unit ID of the Switch that will be configured here Port Number After selecting the Port option select the port number used here VID Enter the VLAN ID on which the associated unicast MAC address resides MAC ...

Page 110: ...address The format of the destination MAC address is 01 XX XX XX XX XX Click the Apply button to accept the changes made Click the Delete All button to remove all the entries Click the Delete button to remove the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist MAC Address Table Settings This window is used to display and configure...

Page 111: ...red are described below Parameter Description Unit Select the stacking unit ID of the Switch that will be configured here From Port To Port Select the range of ports that will be used for this configuration here Status Select to enable or disable the MAC address learning function on the ports specified here Click the Apply button to accept the changes made After selecting the MAC Address VLAN Lear...

Page 112: ... button to navigate to a specific page when multiple pages exist MAC Address Table This window is used to view the entries listed in the MAC address table To view the following window click L2 Features FDB MAC Address Table as shown below Figure 5 6 MAC Address Table Window The fields that can be configured are described below Parameter Description Port Select the stacking unit ID and the port num...

Page 113: ...able or disable MAC notification globally on the Switch Interval Enter the time value between notifications This value must be between 1 and 2147483647 seconds By default this value is 1 second History Size Enter the maximum number of entries listed in the history log used for notification This value must be between 0 and 500 By default this value is 1 MAC Notification Trap State Select to enable ...

Page 114: ...w the following window click L2 Features VLAN 802 1Q VLAN as shown below Figure 5 9 802 1Q VLAN Window The fields that can be configured in 802 1Q VLAN are described below Parameter Description VID List Enter the VLAN ID list that will be created here Click the Apply button to create a new 802 1Q VLAN Click the Delete button to remove the 802 1Q VLAN specified The fields that can be configured in ...

Page 115: ...re This value must be between 1 and 16 Frame Type Select the frame type option here This function maps packets to protocol defined VLANs by examining the type octet within the packet header to discover the type of protocol associated with it Options to choose from are Ethernet 2 SNAP and LLC Ether Type Enter the Ethernet type value for the group here The protocol value is used to identify a protoc...

Page 116: ...oS queue that packets are forwarded to Once this field is specified packets accepted by the Switch that match this priority are forwarded to the CoS queue specified previously Click the Apply button to accept the changes made Click the Delete button to remove the specific entry GVRP GVRP Global This window is used to display and configure the global GARP VLAN Registration Protocol GVRP settings To...

Page 117: ...nge of ports that will be used for this configuration here GVRP Status Select the enable or disable the GVRP port status This enables the port to dynamically become a member of a VLAN By default this option is disabled Join Time Enter the Join Time value in centiseconds This value must be between 10 and 10000 centiseconds By default this value is 20 centiseconds Leave Time Enter the Leave Time val...

Page 118: ...lect the range of ports that will be used for this configuration here Action Select the advertised VLAN to port mapping action here Options to choose from are All Add Remove and Replace When selecting All all the advertised VLANs will be used Advertise VID List Enter the advertised VLAN ID list here Click the Apply button to accept the changes made GVRP Forbidden VLAN This window is used to displa...

Page 119: ...s used to view GVRP statistics information To view the following window click L2 Features VLAN GVRP GVRP Statistics Table as shown below Figure 5 16 GVRP Statistics Table Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit to be displayed here Port Select the port number to display GVRP statistic information for here Click the Find button ...

Page 120: ...n the port will be changed To view the following window click L2 Features VLAN MAC VLAN as shown below Figure 5 18 MAC VLAN Window The fields that can be configured are described below Parameter Description MAC Address Enter the unicast MAC address VID Enter the VLAN ID that will be used Priority Select the priority that is assigned to untagged packets This value is between 0 and 7 Click the Apply...

Page 121: ...he Switch unit that will be used for this configuration here Click the Show Detail button to view more detailed information about the VLAN on the specific interface Click the Edit button to re configure the specific entry After clicking the Show Detail button the following page will appear Figure 5 20 VLAN Interface VLAN Detail Window On this page more detailed information about the VLAN of the sp...

Page 122: ...runk Promiscuous and Trunk Secondary Acceptable Frame Select the acceptable frame behavior option here Options to choose from are Tagged Only Untagged Only and Admit All Ingress Checking Select to enable or disable the ingress checking function VLAN ID Enter the VLAN ID used for this configuration here This value must be between 1 and 4094 Clone Select this option to enable the clone feature From ...

Page 123: ...or Tagged parameters Allowed VLAN Range Enter the allowed VLAN range here Clone Select this option to enable the clone feature From Port To Port Select the range of ports that will be used in the clone feature here Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page When Trunk was selected as the VLAN Mode the followin...

Page 124: ... fields that can be configured are described below Parameter Description VLAN Mode Select the VLAN mode option here Options to choose from are Access Hybrid Trunk 802 1Q Tunnel Promiscuous Host Trunk Promiscuous and Trunk Secondary Acceptable Frame Select the acceptable frame behavior option here Options to choose from are Tagged Only Untagged Only and Admit All Ingress Checking Select to enable o...

Page 125: ...e of ports that will be used in the clone feature here Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page When Host was selected as the VLAN Mode the following page will appear Figure 5 26 VLAN Interface Host Window The fields that can be configured are described below Parameter Description VLAN Mode Select the VLAN m...

Page 126: ...ast protocols and the IPv6 protocol cannot run on a super VLAN interface To view the following window click L2 Features VLAN Super VLAN as shown below Figure 5 27 Super VLAN Window The fields that can be configured in Add Super VLAN are described below Parameter Description Super VID List Enter the super VLAN ID s that will be created here Click the Apply button to accept the changes made The fiel...

Page 127: ...ble Figure 5 28 Super VLAN IP Range List Window The fields that can be configured are described below Parameter Description Action Select the action that will be taken here Options to choose from are Add and Remove Start IP Address Enter the starting IP address in the range of this sub VLAN here End IP Address Enter the ending IP address in the range of this sub VLAN here Click the Back button to ...

Page 128: ...is used to configure the aging time for aging out the surveillance VLAN dynamic member ports The range is from 1 to 65535 minutes When the last surveillance device connected to the port stops sending traffic and the MAC address of this surveillance device is aged out the surveillance VLAN aging timer will be started The port will be removed from the surveillance VLAN after expiration of surveillan...

Page 129: ... choose from are Video Management server Specifies the surveillance device type as Video Management Server VMS VMS Client Remote Viewer Specifies the surveillance device type as VMS client Video Encoder Specifies the surveillance device type as Video Encoder Network Storage Specifies the surveillance device type as Network Storage Other IP Surveillance Device Specifies the surveillance device type...

Page 130: ... below Figure 5 32 Voice VLAN Global Window The fields that can be configured are described below Parameter Description Voice VLAN State Select to globally enable or disable the voice VLAN feature here Voice VLAN ID Enter the VLAN ID of the voice VLAN here The VLAN to be specified as the voice VLAN needs to pre exist before configuration The range is from 2 to 4094 Voice VLAN CoS Select the CoS of...

Page 131: ...received voice packets will be forwarded in the voice VLAN The received packets are determined as voice packets if the source MAC addresses of packets complies with the OUI addresses Mode Select the mode here Options to choose from are Auto Untagged Specifies that voice VLAN untagged membership will be automatically learned Auto Tagged Specifies that voice VLAN tagged membership will be automatica...

Page 132: ...unction If the source MAC address of the received packet matches any of the OUI patterns the received packet is determined as a voice packet The user defined OUI cannot be the same as the default OUI The default OUI cannot be deleted To view the following window click L2 Features VLAN Voice VLAN Voice VLAN OUI as shown below Figure 5 34 Voice VLAN OUI Window The fields that can be configured are d...

Page 133: ...ured are described below Parameter Description Unit Select the Switch unit that will be used in this display here Voice VLAN LLDP MED Device This window is used to view the voice VLAN LLDP MED device table To view the following window click L2 Features VLAN Voice VLAN Voice VLAN LLDP MED Device as shown below Figure 5 36 Voice VLAN LLDP MED Device Window Private VLAN This window is used to display...

Page 134: ...ured for Private VLAN Association are described below Parameter Description VID List Enter the private VLAN ID list here Action Select the action that will be taken for the private VLAN here Options to choose from are Add Remove and Disabled Secondary VID List Enter the secondary private VLAN ID here Click the Apply button to accept the changes made The fields that can be configured for Private VL...

Page 135: ...ndary private VLAN ID here When ticking the Remove Mapping option this specifies that this configuration will not be enabled Click the Apply button to accept the changes made VLAN Tunnel Dot1q Tunnel This window is used to display and configure the 802 1Q VLAN tunnel settings An 802 1Q tunnel port behaves as a User Network Interface UNI port of a service VLAN The trunk ports which are tagged membe...

Page 136: ...re From Port To Port Select the port range that will be used here Trust Inner Priority Select to enable or disable the 802 1Q Inner Trust Priority feature here When the trusting priority option is enabled on an 802 1Q tunnel port the priority of the VLAN tag in the received packets will be copied to the service VLAN tag Miss Drop Select to enable or disable the Miss Drop feature here If the VLAN m...

Page 137: ...d below Parameter Description Unit Select the Switch unit ID that will be used here From Port To Port Select the port range that will be used here Port Select the port that will be used for the search here Original VID List Enter the original VLAN ID list here The range is from 1 to 4094 Original Inner VID Enter the original inner VLAN ID here The range is from 1 to 4094 Action Select the action t...

Page 138: ...ID range is from 1 to 1000 Type Select the profile type here Different profiles can match different fields Options to choose from are Ethernet IP IPv6 and Ethernet IP Ethernet The profile can match Layer 2 fields IP The profile can match Layer 3 IP fields IPv6 The profile can match IPv6 destination or source addresses Ethernet IP The profile can match Layer 2 and Layer 3 IP fields Click the Add Pr...

Page 139: ... Enter the inner VLAN ID here The range is from 1 to 4094 Ethernet Type Enter the Ethernet type value here The range is from 0x0 to 0xFFFF Action Select the action that will be taken here Options to choose from are Dot1q Tunnel and Translate Dot1q Tunnel Specifies that the outer VID will be added for matched packets Translate Specifies that the outer VID will replace the outer VID of the matched p...

Page 140: ... 1 to 65535 Destination Port Enter the destination TCP UDP port number here The range is from 1 to 65535 IP Protocol Enter the Layer 3 IP protocol value here The range is from 0 to 255 Action Select the action that will be taken here Options to choose from are Dot1q Tunnel and Translate Dot1q Tunnel Specifies that the outer VID will be added for matched packets Translate Specifies that the outer V...

Page 141: ...ss and prefix length here Action Select the action that will be taken here Options to choose from are Dot1q Tunnel and Translate Dot1q Tunnel Specifies that the outer VID will be added for matched packets Translate Specifies that the outer VID will replace the outer VID of the matched packets New Outer VID Enter the new outer VLAN ID here The range is from 1 to 4094 802 1P Priority Select the 802 ...

Page 142: ...r VLAN ID here The range is from 1 to 4094 Ethernet Type Enter the Ethernet type value here The range is from 0x0 to 0xFFFF Src IP Address Enter the source IPv4 address and subnet mask here Dst IP Address Enter the destination IPv4 address and subnet mask here DSCP Enter the DSCP value here The range is from 0 to 63 Source Port Enter the source TCP UDP port number here The range is from 1 to 65535...

Page 143: ...any of the three spanning tree protocols STP RSTP or MSTP A Multiple Spanning Tree Instance MSTI ID will classify these instances MSTP will connect multiple spanning trees with a Common and Internal Spanning Tree CIST The CIST will automatically determine each MSTP region its maximum possible extent and will appear as one virtual bridge that runs a single spanning tree instance Frames assigned to ...

Page 144: ...D 1998 is this absence of immediate feedback from adjacent bridges 802 1Q 2005 MSTP 802 1D 2004 RSTP 802 1D 1998 STP Forwarding Learning Disabled Disabled Disabled No No Discarding Discarding Blocking No No Discarding Discarding Listening No No Learning Learning Learning No Yes Forwarding Forwarding Forwarding Yes Yes RSTP is capable of a more rapid transition to the Forwarding state RSTP no longe...

Page 145: ...ribed below Parameter Description STP State Select to enable or disable the global STP state here Click the Apply button to accept the changes made The fields that can be configured for STP Traps are described below Parameter Description STP New Root Trap Select to enable or disable the STP New Root Trap option here STP Topology Change Trap Select to enable or disable the STP Topology Change Trap ...

Page 146: ... Time Enter the bridge Forwarding Time value here This value must be between 4 and 30 seconds By default this value is 15 seconds Every port on the Switch spends this time in the Listening state while moving from the Blocking state to the Forwarding state TX Hold Count Enter the Transmit Hold Count value here This value must be between 1 and 10 times By default this value is 6 times This value is ...

Page 147: ...lues consistent with other devices on the bridged LAN Bridge Hello Time Enter the bridge Hello Time value here This value must be between 1 and 2 seconds By default this value is 2 seconds This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other switches that it is indeed the Root Bridge This field will only appear here when STP or RSTP is selected f...

Page 148: ...he probability the port will be chosen to forward packets State Select to enable or disable the STP port state Guard Root Select to enable or disable the Guard Root function Link Type Select the Link Type option here Options to choose from are Auto P2P and Shared A full duplex port is considered to have a Point to Point P2P connection Alternatively a half duplex port is considered to have a Shared...

Page 149: ...p Guard feature provides additional protection against Layer 2 forwarding loops STP loops An STP loop is created when an STP blocking port in a redundant topology erroneously transitions to the Forwarding state This usually happens because one of the ports in a physically redundant topology not necessarily the STP blocking port no longer receives STP BPDUs In its operation STP relies on continuous...

Page 150: ...Configuration Name identifies the MSTP region configured on the Switch Click the Apply button to accept the changes made In the Private VLAN Synchronize section the user can click the Apply button to synchronize the private VLANs The fields that can be configured for Instance ID Settings are described below Parameter Description Instance ID Enter the instance ID here This value must be between 1 a...

Page 151: ...the specific entry Click the Apply button to accept the changes made Enter a page number and click the Go button to navigate to a specific page when multiple pages exist MSTP Port Information This window is used to display and configure the MSTP port information settings To view the following window click L2 Features STP MSTP Port Information as shown below Figure 5 501 MSTP Port Information Windo...

Page 152: ...t layer One link within a ring will be blocked to avoid a Loop RPL Ring Protection Link When the failure happens protection switching blocks the failed link and unblocks the RPL When the failure clears protection switching blocks the RPL again and unblocks the link on which the failure is cleared ERPS This window is used to display and configure the Ethernet Ring Protection Switching ERPS settings...

Page 153: ...ring status information Click the Delete button to delete the specified ITU T G 8032 ERP physical ring Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After click the Edit Ring button the following window will appear Figure 5 523 ERPS Edit Ring Window The fields that can be configured are described below Parameter Description Instance ID Select ...

Page 154: ...nter the ring ID here The range is from 1 to 239 Select the Specify radio button to configure this parameter as normal Select the None radio button to revert this parameter to the default setting Ring Type Select the checkbox and then select the ring type here Options to choose from are Major Ring and Sub Ring Click the Back button to discard the changes made and return to the previous window Clic...

Page 155: ...ox and enter the inclusion VLAN list here A range is identified when a hyphen is used For example VLANs 1 to 5 can be entered as 1 5 A list is identified when commas are used For example use VLANs 1 3 5 The VLANs specified here will be protected by the ERP mechanism Select the Specify radio button to configure this parameter as normal Select the None radio button to revert this parameter to the de...

Page 156: ...ocked here This forcibly blocks an instance port immediately after force is configured irrespective of whether link failures have occurred Options to choose from are Port0 and Port1 Manual Ring Port Block Select the checkbox and select the ERP instance port that will be blocked here This forcibly blocks a port on which MS is configured when link failures and FS conditions are absent Options to cho...

Page 157: ...ween 10 and 2000 milliseconds By default this value is 500 milliseconds Hold Off Timer Select the checkbox and enter hold off timer value here This value must be between 0 and 10 seconds By default this value is 0 seconds WTR Timer Select the checkbox and enter the Wait To Restore WTR timer value here This value must be between 1 and 12 minutes By default this value is 5 minutes Click the Back but...

Page 158: ...onds The default setting is 10 seconds Trap State Select to enable or disable the loopback detection trap state Action Mode Select the action mode here Option to choose from are Shutdown Specifies to shut down the port in the port based mode or block traffic on the specific VLAN in the VLAN based mode when a loop has been detected None Specifies not to shut down the port in the port based mode or ...

Page 159: ...f a single link s bandwidth Link aggregation is most commonly used to link bandwidth intensive network devices such as servers to the backbone of a network The Switch allows the creation of up to 32 link aggregation groups each group consisting of up to 8 links ports Each port can only belong to a single link aggregation group Load balancing is automatically applied to the ports in the aggregated ...

Page 160: ...n MAC Click the Apply button to accept the changes made The fields that can be configured for Channel Group Information are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the list of ports that will be associated with this configuration here Group ID Enter the channel group number here This value must be betw...

Page 161: ...er Description Description Enter the description for the port channel here This string can be up to 64 characters long Click the Apply button to accept the changes made Click the Delete Description button to delete the description for the port channel Click the Edit button to re configure the specific entry Click the Back button to return to the previous page L2 Protocol Tunnel This window is used...

Page 162: ...ed the excessive protocol packets are dropped Select the Default option to use the default value Action Select the action that will be taken here Options to choose from are Add and Delete This is used to add or delete an L2PT tunneling multicast address to or from the specified protocol Tunneled Protocol Select the tunneled protocol here Options to choose from are GVRP Specifies that GVRP packets ...

Page 163: ...ons to choose from are 01 00 0C CC CC CC and 01 00 0C CC CC CD Threshold After selecting the Shutdown or Drop option in the Type field the following parameter will be available Enter the threshold value here This value must be between 1 and 4096 Click the Apply button to accept the changes made Click the Clear All button to clear all the counter information Click the Clear button to clear all the ...

Page 164: ...Status Settings are described below Parameter Description VID Enter a VLAN ID from 1 to 4094 and select to enable or disable IGMP snooping on the VLAN Click the Apply button to accept the changes made The fields that can be configured in IGMP Snooping Table are described below Parameter Description VID Enter a VLAN ID from 1 to 4094 Click the Find button to locate a specific entry based on the inf...

Page 165: ...re 5 646 IGMP Snooping Settings Show Detail Window The window displays the detail information about IGMP snooping VLAN Click the Modify button to edit the information in the following window After clicking the Modify or Edit button in IGMP Snooping Settings window the following window will appear Figure 5 657 IGMP Snooping Settings Modify Edit Window ...

Page 166: ...version sent by the IGMP snooping querier Options to choose from are 1 2 and 3 Query Interval Enter the interval at which the IGMP snooping querier sends IGMP general query messages periodically The range is from 1 to 31744 Max Response Time Enter the maximum response time in seconds advertised in IGMP snooping queries The range is from 1 to 25 Robustness Value Enter the robustness variable used i...

Page 167: ...ter Description Unit Select the Switch unit that will be used for this display here From Port To Port Select the range of ports that will be used for this display here Click the Find button to generate the display based on the selections made Click the Show All button to display all the available entries IGMP Snooping Groups Settings This window is used to display and configure the IGMP snooping s...

Page 168: ... Click the radio button and enter a VLAN ID of the multicast group The range is from 1 to 4094 Group Address Click the radio button and enter an IP multicast group address Detail Select this option to display the IGMP group detail information Click the Find button to locate a specific entry based on the information entered Click the Show All button to view all the entries IGMP Snooping Mrouter Set...

Page 169: ...cific page when multiple pages exist IGMP Snooping Statistics Settings This window is used to view and clear the IGMP snooping related statistics To view the following window click L2 Features L2 Multicast Control IGMP Snooping IGMP Snooping Statistics Settings as shown below Figure 5 71 IGMP Snooping Statistics Settings Window The fields that can be configured in IGMP Snooping Statistics Settings...

Page 170: ...listening port The active listening ports are the only ones to receive multicast group data MLD Control Messages These types of messages are transferred between devices using MLD snooping These messages are all defined by four ICMPv6 packet headers labeled 130 131 132 and 143 Multicast Listener Query Similar to the IGMPv2 Host Membership Query for IPv4 and labeled as 130 in the ICMPv6 packet heade...

Page 171: ...s made The fields that can be configured in VLAN Status Settings are described below Parameter Description VID Enter a VLAN ID from 1 to 4094 and select to enable or disable MLD snooping on the VLAN Click the Apply button to accept the changes made The fields that can be configured in MLD Snooping Table are described below Parameter Description VID Enter a VLAN ID from 1 to 4094 Click the Find but...

Page 172: ...gure 5 693 MLD Snooping Settings Show Detail Window The window displays the detail information about MLD snooping VLAN Click the Modify button to edit the information in the following window After clicking the Modify or Edit button in MLD Snooping Settings window the following window will appear Figure 5 704 MLD Snooping Settings Modify Edit Window ...

Page 173: ...rier State Select this option to enable or disable the querier state Query Version Select the general query packet version sent by the MLD snooping querier Options to choose from are 1 and 2 Query Interval Enter the interval at which the MLD snooping querier sends MLD general query messages periodically The range is from 1 to 31744 Max Response Time Enter the maximum response time in seconds adver...

Page 174: ...oup The range is from 1 to 4094 Group Address Click the radio button and enter an IP multicast group address Click the Apply button to accept the changes made Click the Delete button to remove the specified entry Click the Find button to locate a specific entry based on the information entered Click the Show All button to view all the entries Enter a page number and click the Go button to navigate...

Page 175: ...Select the Switch port range that will be used here This is only available if the Port option was selected as the action below Limit Number Enter the limit number here This is to configure the rate of MLD control packets that the Switch can process on a specific interface The range is from 1 to 1000 packets per second Select the No Limit option to remove the limitation Action Select the action tha...

Page 176: ... that VLAN The range is from 1 to 4094 Click the Apply button to accept the changes made Click the Delete button to delete an entry based on the information entered The fields that can be configured in Access Group Settings are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the appropriate port range used for...

Page 177: ...following window will appear Figure 5 78 MLD Snooping Filter Settings Show Detail Window Click the Back button to return to the previous window Enter a page number and click the Go button to navigate to a specific page when multiple pages exist MLD Snooping Mrouter Settings This window is used to display and configure the specified interface s as the router ports or forbidden to be IPv6 multicast ...

Page 178: ... the Apply button to accept the changes made Click the Delete button to remove the specified entry The fields that can be configured in MLD Snooping Mrouter Table are described below Parameter Description VID Enter a VLAN ID between 1 and 4094 Click the Find button to locate a specific entry based on the information entered Click the Show All button to view all the entries Enter a page number and ...

Page 179: ...ype Options to choose from are VLAN and Port VID Enter a VLAN ID between 1 and 4094 This is available when VLAN is selected in the Find Type drop down list Unit Select the Switch unit that will be used for this configuration here This is available when Port is selected in the Find Type drop down list From Port To Port Select the appropriate port range used for the configuration here This is availa...

Page 180: ...process in multicast VLANs Ignore VLAN Select the enable or disable the ignore VLAN feature here This specifies the setting for tagged IGMP or MLD control packets If enabled then the packet s VLAN is ignored and taken to match the profile to find its multicast VLAN When this option is enabled the Switch will ignore the VLAN of the receiving IGMP or MLD control packet and try to find a match profil...

Page 181: ...mation entered Select Delete to delete an entry based in the information entered Address Type Select the address type here Options to choose from are IPv4 and IPv6 IPv4 Specifies to enter the source IPv4 address for IGMP control packet reporting up to routers IPv6 Specifies to enter the source IPv6 address for MLD control packet reporting up to routers IP Address Enter the IPv4 IPv6 address here F...

Page 182: ...re here This name can be up to 32 characters long Action Select the action that will be taken here Options to choose from are Add and Delete Multiple ranges can be added to a multicast VLAN profile The IP address ranges specified in a single profile must be of the same address family Address Type Select the address type here Options to choose from are IPv4 and IPv6 IPv4 Specifies to use IPv4 multi...

Page 183: ...lick the Delete All button to delete all the entries found in the display table Click the Delete button to delete the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist The fields that can be configured in Access Group Table are described below Parameter Description VID Enter the multicast VLAN ID that will be used here The range is...

Page 184: ...n When selecting the Forward All option all multicast packets will be flooded based on the VLAN domain When selecting the Filter Unregistered option registered packets will be forwarded based on the forwarding table and all unregistered multicast packets will be filtered Click the Apply button to accept the changes made Enter a page number and click the Go button to navigate to a specific page whe...

Page 185: ...tween 1 and 10 Click the Apply button to accept the changes made The fields that can be configured in LLDP Configurations are described below Parameter Description Message TX Interval Enter the interval between consecutive transmissions of LLDP advertisements on each physical interface The range is from 5 to 32768 seconds Message TX Hold Multiplier Enter the multiplier on the LLDPDUs transmission ...

Page 186: ... The local LLDP agent can only transmit LLDP frames RX The local LLDP agent can only receive LLDP frames TX and RX The local LLDP agent can both transmit and receive LLDP frames Disabled The local LLDP agent can neither transmit nor receive LLDP frames The default value is TX and RX IP Subtype Select the type of the IP address information to be sent Options to choose from are Default IPv4 and IPv6...

Page 187: ...ata types from outbound LLDP advertisements The mandatory data type includes four basic types of TLVs end of LLDPDU TLV chassis ID TLV port ID TLV and TTL TLV The mandatory data types cannot be disabled There are also four data types which can be optionally selected These include Port Description System Name System Description and System Capability To view the following window click L2 Features LL...

Page 188: ...N ID TLV The Port VLAN ID TLV is an optional fixed length TLV that allows a VLAN bridge port to advertise the port VLAN ID PVID that will be associated with untagged or priority tagged frames Protocol VLAN Select this option to enable or disable sending the Port and Protocol VLAN ID PPVID TLV Enter the VLAN ID in PPVID TLV VLAN Name Select this option to enable or disable sending the VLAN name TLV...

Page 189: ... TLV to send The Link Aggregation TLV indicates contains the following information Whether the link is capable of being aggregated whether the link is currently in an aggregation and the aggregated port channel ID of the port If the port is not aggregated then the ID is 0 Maximum Frame Size Select this option to enable or disable the Maximum Frame Size TLV to send The Maximum Frame Size TLV indica...

Page 190: ...LLDP MED notification TLV Capabilities Select this option to enable or disable transmitting the LLDP MED capabilities TLV Inventory Select this option to enable or disable transmitting the LLDP MED inventory management TLV Network Policy Select this option to enable or disable transmitting the LLDP MED network policy TLV Click the Apply button to accept the changes made LLDP Statistics Information...

Page 191: ...Port Select the port number that will be used here Click the Clear Counter button to clear the counter information for the statistics displayed Click the Clear All button to clear all the counter information displayed LLDP Local Port Information This window is used to display the information currently available for populating outbound LLDP advertisements To view the following window click L2 Featu...

Page 192: ...ber that will be displayed Click the Find button to locate a specific entry based on the information entered Click the Show Detail button to view detailed information of the specific port After clicking the Show Detail button the following window will appear Figure 5 93 LLDP Local Port Information Show Detail Window To view more details about for example the MAC PHY Configuration Status click the ...

Page 193: ...ves packets from a remote station but is able to store the information locally To view the following window click L2 Features LLDP LLDP Neighbor Port Information as shown below Figure 5 795 LLDP Neighbor Port Information Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be displayed Port Select the port number that will be disp...

Page 194: ... is used to allow all ARP traffic to the Switch where the destination is the Switch itself This traffic will take a higher priority than other ARP packets To view the following window click L3 Features ARP ARP Elevation as shown below Figure 6 1 ARP Elevation Window The fields that can be configured are described below Parameter Description ARP Elevation State Select to enable or disable the ARP e...

Page 195: ...he IP address that will be associated with the MAC address here Hardware Address Enter the MAC address that will be associated with the IP address here Click the Apply button to accept the changes made Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple...

Page 196: ...to display and configure the ARP table settings To view the following window click L3 Features ARP ARP Table as shown below Figure 6 5 ARP Table Window The fields that can be configured are described below Parameter Description Interface VLAN Enter the interface VLAN ID used here This value must be between 1 and 4094 IP Address Select and enter the IP address to display here Mask After the IP Addr...

Page 197: ...ts in the ARP cache table Gratuitous ARP Trap State Select to enable or disable the gratuitous ARP feature trap state here IP Gratuitous ARP Dad Reply State Select to enable or disable the IP gratuitous ARP Dad reply state Gratuitous ARP Learning State Select to enable or disable the gratuitous ARP learning state Normally the system will only learn ARP entries from ARP reply packets or a normal AR...

Page 198: ...t the changes made Click the Find button to locate a specific entry based on the information entered Click the Clear button to clear all the information for the specific interface Click the Clear All button to clear all the dynamic IPv6 neighbor information in this table Click the Delete button to remove the specific entry Enter a page number and click the Go button to navigate to a specific page ...

Page 199: ...lobal state IP MTU Enter the MTU value here The range is from 512 to 16383 bytes By default this value is 1500 bytes IP Directed Broadcast Select to enable or disable the IP directed broadcast feature here This parameter is used to enable or disable the conversion of IP directed broadcasts received by the interface to physical broadcasts when the destination network is directly connected to the Sw...

Page 200: ...s will be used as the client ID sent with the discover message Class ID String Enter the class ID string here This string can be up to 32 characters long Select the Hex option to enter the Class ID string in the hexadecimal format This string can be up to 64 characters long This parameter is used to specify the vendor class identifier used as the value of Option 60 in the DHCP discover message Hos...

Page 201: ...Go button to navigate to a specific page when multiple pages exist After clicking the Show Detail button the following page will be available Figure 6 32 IPv6 Interface Detail IPv6 Interface Settings Window The fields that can be configured are described below Parameter Description IPv6 MTU Enter the IPv6 MTU value here The range is from 1280 to 65534 bytes By default this value is 1500 bytes This...

Page 202: ... the hop limit value here The range is from 0 to 255 The IPv6 packet originated by the system will also use this value as the initial hop limit Reachable Time Enter the Reachable Time here The range is from 0 to 3600000 milliseconds If the specified time is 0 the router will use 1200 seconds on the interface and advertise 1200 unspecified in the RA message The Reachable Time is used by the IPv6 no...

Page 203: ...tart button to restart the DHCPv6 client service The fields that can be configured for DHCPv6 Client Settings are described below Parameter Description Client State Select to enable or disable the DHCPv6 client service here Select the Rapid Commit option to proceed with two message exchange for address delegation The rapid commit option will be included in the Solicit message to request a two mess...

Page 204: ...c page when multiple pages exist After clicking the Edit button the following page will appear Figure 6 87 Loopback Interface Edit Window The fields that can be configured are described below Parameter Description State Select to enable or disable the loopback interface here Description Enter the description for the loopback interface here This string can be up to 64 characters long IP Address Ent...

Page 205: ... configured are described below Parameter Description Interface Null Enter the Null interface ID here This value can only be 0 Description After clicking the Edit button enter the description for the Null interface here This string can be up to 64 characters long Click the Apply button to accept the changes made Click the Edit button to modify the description for the Null interface UDP Helper IP F...

Page 206: ...to 2 To view the following window click L3 Features UDP Helper IP Helper Address as shown below Figure 6 20 IP Helper Address Window The fields that can be configured are described below Parameter Description Interface VLAN Enter the VLAN interface ID used here The range is from 1 to 4094 Helper Address Enter the target IPv4 address for the forwarding of the UDP broadcast packet here Click the App...

Page 207: ... Mask Enter the IPv4 network mask for this route here Gateway Enter the gateway address for this route here Null Interface Select to enable or disable the NULL interface here Backup State Select the backup state option here Weight Specifies a weight number greater than zero but less than the maximum paths number This number is used to replicate identical route paths multiple copies in the routing ...

Page 208: ... and configure the IPv6 static or default routes To view the following window click L3 Features IPv6 Static Default Route as shown below Figure 6 133 IPv6 Static Default Route Window The fields that can be configured are described below Parameter Description IPv6 Address Prefix Length Enter the IPv6 address and prefix length for this route here Tick the Default Route option to use this route as th...

Page 209: ...ame of the interface to display here Connected Select this option to display only connected routes RIPng Select this option to display only RIPng routes OSPFv3 Select this option to display only OSPFv3 routes Database Select this option to display all the related entries in the routing database instead of just the best route Summary Select this option to display a summary and count of the route so...

Page 210: ...the next hop entry for multiple paths destined for the same destination To view the following window click L3 Features ECMP Settings as shown below Figure 6 166 ECMP Settings Window The fields that can be configured in ECMP Load Balancing Settings are described below Parameter Description Destination IP Select this option to use the destination IP address as the ECMP hash key Source IP Select this...

Page 211: ... view the following window click L3 Features RIP RIP Settings as shown below Figure 6 177 RIP Settings Window The fields that can be configured in RIP Global Settings are described below Parameter Description RIP State Select to globally enable or disable the Routing Information Protocol RIP feature here Click the Apply button to accept the changes made The fields that can be configured in Redistr...

Page 212: ...from 1 to 65535 seconds Select the Default option to use the default value here which is 120 seconds Default Metric Enter the default metric value here The range is from 1 to 16 The default metric is used in redistributing routes from other routing protocols The routes being redistributed are learned by other protocols and may have an incompatible metric to RIP The specifying of the metric allows ...

Page 213: ...IP interface settings To view the following window click L3 Features RIP RIP Interface Settings as shown below Figure 6 29 RIP Interface Settings Window The fields that can be configured are described below Parameter Description Network Enter the IPv4 network address used by RIP here Interfaces that have a subnet belonging to the network specified here will be activated for RIP Passive Interface S...

Page 214: ...ticast packets Authentication Mode Select to disable or enable text authentication mode Authentication Text Password Enter the authentication text password It will be used if authentication mode is enabled The password can be up to 16 characters long Click the Apply button to accept the changes made Click the Back button to return to the previous window RIP Database This window is used to display ...

Page 215: ...d in RIPng Settings are described below Parameter Description Default Metric Enter the default metric value here The range is from 1 to 16 This value is used to specify the default metric for routes redistributed from other routing protocols If the routes being redistributed are learned from other protocols then they have an incompatible metric with IPv6 RIP Re specifying of metric allows the metr...

Page 216: ...bute Settings are described below Parameter Description Protocol Select the protocol whose routes are to be redistributed here Options to choose from are Connected OSPF and Static The Static option means to redistribute IPv6 static routes The Connected option refers to routes that are established automatically by virtue of configuring IPv6 address on an interface Metric Enter the value to be used ...

Page 217: ...e If this option is disabled the router will not send RIPng packets out through the interface However RIPng packets from other routers received on the interface will continue to be processed Click the Apply button to accept the changes made Enter a page number and click the Go button to navigate to a specific page when multiple pages exist RIPng Database This window is used to display the RIPng ro...

Page 218: ...metric value used here The range is from 1 to 16777214 Type Select the distance setting type here Options to choose from are Intra Area Inter Area External 1 and External 2 Inter Area Specifies the distance for OSPF inter area routes Intra Area Specifies the distance for OSPF intra area routes External 1 Specifies the distance for OSPF external type 5 and type 7 routes with a type 1 metric Externa...

Page 219: ...ption Compatible RFC3509 Select to enable or disable the implementation of Area Border Router ABR behavior as defined in RFC 3509 here Click the Apply button to accept the changes made Click the OK button to accept the changes made OSPFv2 Distribute List This window is used the view and configure the OSPFv2 Distribute List settings To view the following window click L3 Features OSPF OSPFv2 OSPFv2 ...

Page 220: ... the following window click L3 Features OSPF OSPFv2 OSPFv2 GR Helper Settings as shown below Figure 6 39 OSPFv2 GR Helper Settings Window The fields that can be configured are described below Parameter Description Graceful Restart Helper Select the graceful restart helper mode here Options to choose from are Unspec The OSPF graceful restart helper mode is unspecified Never Specifies to not to allo...

Page 221: ... to navigate to a specific page when multiple pages exist OSPFv2 Area Settings This window is used to display and configure the OSPFv2 area settings To view the following window click L3 Features OSPF OSPFv2 OSPFv2 Area Settings as shown below Figure 6 41 OSPFv2 Area Settings Window The fields that can be configured in OSPF Area Settings are described below Parameter Description Process ID Enter t...

Page 222: ...s to suppress the advertising of Type 3 summary LSAs Component routes are still hidden behind it Default Cost This parameter is available when NSSA or Stub is selected Enter the default cost value here This is the cost associated with the Type 3 default route that will be injected into the stub area and not so stubby area The range is from 0 to 65535 Default Select this option to use the default c...

Page 223: ...ge is from 0 to 4294967295 Network IP Address Enter the network IPv4 address here Network Mask Enter the network IPv4 subnet mask here Click the Apply button to accept the changes made The fields that can be configured in OSPF Interface Table are described below Parameter Description Interface Name Enter the name of the interface to be displayed here Click the Find button to locate a specific entr...

Page 224: ...er Hello Interval ensures faster detection of topological changes but generates more routing traffic and might cause routing instability Select the Default option to use the default value which is 10 seconds Dead Interval Enter the Dead Interval time value here The range is from 1 to 65535 seconds The Dead Interval is the amount of time that the router waits to receive an OSPF hello packet from th...

Page 225: ... a message digest based on the message digest key for the TX message The message digest and the key ID will be encoded in the packet The receiver of the packet will verify the digest in the message against the digest computed based on the locally defined message digest key corresponding to the same key ID The same key ID on the neighboring router should be defined with the same key string All the ...

Page 226: ...ose from are External Type 1 and External Type 2 This specifies the external link type of the route being redistributed into the OSPF routing domain If a metric type is not specified the Switch will adopt a Type 2 external route Metric Enter the metric value for the redistributed routes here The range is from 1 to 16777214 Route Map Name Enter the route map name here that filters the imported rout...

Page 227: ... the Dead Interval time after which a neighbor is regarded as offline if no hello packets are received within that time frame here The range is from 1 and 65535 seconds Select the Default option to use the default value which is 40 seconds Authentication Select the authentication type used here Options to choose from are None Simple Password and MD5 Password After selecting the Simple Password aut...

Page 228: ...ng window click L3 Features OSPF OSPFv2 OSPFv2 LSDB Table as shown below Figure 6 48 OSPFv2 LSDB Table Window The fields that can be configured are described below Parameter Description LSDB Type Select the LSDB type of information that will be displayed here Options to choose from are All Router Network Summary ASBR Summary External Stub and NSSA External Link State Select the link state informat...

Page 229: ... Find button to locate a specific entry based on the information entered Click the Show Detail button to view more detailed information about the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After clicking the Show Detail button the following page will appear Figure 6 49 OSPFv2 LSDB Table Show Detail Window Click the Back butto...

Page 230: ...e Show Detail button the following page will appear Figure 6 51 OSPFv2 Neighbor Table Show Detail Window Click the Back button to return to the previous window OSPFv2 Host Route Settings This window is used to display and configure the OSPFv2 host route settings The router will advertise specific host routes as router LSAs for a stub link To view the following window click L3 Features OSPF OSPFv2 ...

Page 231: ... Edit button to modify the specified entry Click the Show Detail button to view more detailed information about the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After clicking the Edit button the following page will appear Figure 6 54 OSPFv3 Process Settings Edit Window The fields that can be configured are described below Para...

Page 232: ...The range is from 1 to 254 By default this value is 110 for all OSPF routes Auto Bandwidth Enter the auto bandwidth value here This feature is used to control the reference value IPv6 OSPF uses when calculating metrics for interfaces The range is from 1 to 4294967 Click the Apply button to accept the changes made Enter a page number and click the Go button to navigate to a specific page when multi...

Page 233: ...pages exist OSPFv3 Area Settings This window is used to display and configure the OSPFv3 area settings To view the following window click L3 Features OSPF OSPFv3 OSPFv3 Area Settings as shown below Figure 6 57 OSPFv3 Area Settings Window The fields that can be configured in OSPFv3 Area Settings are described below Parameter Description OSPF Area ID Enter the OSPF area ID used here It can be specif...

Page 234: ... prefix LSA is suppressed and the component networks remain hidden from other networks Metric After selecting the NSSA option or Stub option enter the stub area metric value here The range is from 0 to 65535 Default Metric Select this option use the default metric value for this area which is 1 No Summary Select this option to prevent an ABR from sending inter area prefix LSAs into the stub area C...

Page 235: ...lay and configure the OSPFv3 interface settings To view the following window click L3 Features OSPF OSPFv3 OSPFv3 Interface Settings as shown below Figure 6 60 OSPFv3 Interface Settings Window The fields that can be configured in OSPFv3 Interface Settings are described below Parameter Description Instance ID Enter the instance identifier here The range is from 0 to 255 If not specified the default...

Page 236: ... 65535 Select the Default option to use the default value Hello Interval Enter the Hello Interval value between the hello packets that the router sends on an interface here This value is advertised in the hello packets The shorter the Hello Interval the earlier topological changes will be detected but more routing traffic will ensue This value must be the same for all routers and access servers on...

Page 237: ...e Retransmit Interval value here The range is from 1 to 65535 seconds After sending an LSA to a neighbor the router keeps the LSA until it receives an acknowledgement In case the router does not receive an acknowledgement during the set time the Retransmit Interval value it retransmits the LSA Set the retransmission interval value conservatively to avoid unnecessary retransmission The interval sho...

Page 238: ... ID here The range is from 0 to 255 Area ID Enter the OSPF area ID here It can be specified as an IPv4 address or in the decimal value format The decimal range is from 0 to 4294967295 Router ID Enter the router ID here associated with the virtual link neighbor Hello Interval Enter the Hello Interval value between the hello packets that the router sends on an interface here The range is from 1 to 6...

Page 239: ...e Go button to navigate to a specific page when multiple pages exist After clicking the Area ID link 0 0 0 1 the following page will appear Figure 6 64 OSPFv3 Virtual Link Settings Area ID Window Click the OK button to close the window and return to the previous window OSPFv3 LSDB Table This window is used to find and display the OSPFv3 LSDB information To view the following window click L3 Featur...

Page 240: ...o display information only about the NSSA external LSAs Area ID Select the area ID option here Options to choose from are All and Area ID To display all the LSAs of the specified area select the Area ID option and enter the OSPF area ID in the space provided It can be specified as an IPv4 address Link State Select the link state option here Options to choose from are All Self Originate and Adv Rou...

Page 241: ...r the OSPF neighbor ID here It can be specified as an IPv4 address Click the Find button to locate a specific entry based on the information entered Click the Show Detail button to view more detailed information for the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After clicking the Show Detail button the following page will a...

Page 242: ...Description Version Select the IGMP version Options to choose from are 1 2 and 3 The default version is 3 State Select this option to enable or disable the IGMP protocol state The default state is disabled Query Interval Enter the interval at which the router sends IGMP general query messages periodically The range is from 1 to 31744 The default value is 125 Query Max Response Time Enter the query...

Page 243: ...d on the information entered Click the Show All button to locate and display all the entries Click the Delete button to delete the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist IGMP Dynamic Group Table Page This window is used to find and display the IGMP dynamic group table To view the following window click L3 Features IP Mul...

Page 244: ...d configure the IGMP SSM mapping settings To view the following window click L3 Features IP Multicast Routing Protocol IGMP IGMP SSM Mapping Settings as shown below Figure 6 74 IGMP SSM Mapping Settings Window The fields that can be configured are described below Parameter Description SSM Mapping State Select to enable or disable the Subscriber Source IP Check feature here Source Address Specify t...

Page 245: ...erface page This window is used to display and configure the PIM interface settings To view the following window click L3 Features IP Multicast Routing Protocol PIM PIM for IPv4 PIM Interface as shown below Figure 6 76 PIM Interface Window Click the Edit button to modify the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After c...

Page 246: ...ect to enable or disable the BSR Domain Border feature here The default state is enabled Click the Apply button to accept the changes made Click the Back button to return to the previous window PIM BSR Candidate page This window is used to display and configure the PIM BSR candidate settings To view the following window click L3 Features IP Multicast Routing Protocol PIM PIM for IPv4 PIM BSR Candi...

Page 247: ...to remove the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist PIM RP Candidate page This window is used to display and configure the PIM RP candidate settings To view the following window click L3 Features IP Multicast Routing Protocol PIM PIM for IPv4 PIM RP Candidate as shown below Figure 6 80 PIM RP Candidate Window The fields...

Page 248: ...ure 6 81 PIM RP Table Window The fields that can be configured are described below Parameter Description RP Hash Enter the RP hash here Click the Find button to locate a specific entry based on the information entered Click the Show All button to locate and display all the entries Enter a page number and click the Go button to navigate to a specific page when multiple pages exist PIM Neighbor Tabl...

Page 249: ...s configuration here Packet Type Select the packet type here Options to choose from are DVMRP Specifies that the CPU will discard DVMRP Layer 3 control packets sent to it PIM Specifies that the CPU will discard PIM Layer 3 control packets sent to it IGMP Query Specifies that the CPU will discard IGMP Query Layer 3 control packets sent to it OSPF Specifies that the CPU will discard OSPF Layer 3 con...

Page 250: ...te Map Name Enter the route map name here This name can be up to 16 characters long Direction Select the direction for this rule here Options to choose from are Permit and Deny Permit Specifies that routes that match the rule entry are permitted Deny Specifies that routes that match the rule entry are denied Sequence ID Enter the sequence ID for this rule here The range is from 1 to 65535 Click th...

Page 251: ... be up to 32 characters long IPv6 Address ACL Select and enter the standard or extended IPv6 access list name here This option is used to define a clause to match the route based on the standard or extended IPv6 access list This string can be up to 32 characters long IPv6 Next Hop ACL Select and enter the standard IPv6 access list name here This option is used to define a clause to match the route...

Page 252: ... the next hop router to route the packet that passes the match clauses of the configured route map sequence Options to choose from are IP Address Peer Address and Recursive IP Address Specifies the IP addresses of the next hops to route the packet Enter the next hop IP addresses in the spaces provided here Up to 8 next hop IP addresses can be entered Recursive Specifies the IP address of the recur...

Page 253: ... will be used in the modification Options to choose from are Type 1 and Type 2 Type 1 Specifies to use the OSPF external type 1 metric Type 2 Specifies to use the OSPF external type 2 metric Click the Apply button to accept the changes made Click the Back button to return to the previous window Policy Route This window is used to display and configure the policy route settings To view the followin...

Page 254: ...virtual routers Others are the backup routers The master is responsible for forwarding the packets that are sent to the virtual router To view the following window click L3 Features VRRP Settings as shown below Figure 6 89 VRRP Settings Window The fields that can be configured in VRRP Settings are described below Parameter Description SNMP Server Traps VRRP New master Select to enable or disable t...

Page 255: ... made Click the Find button to locate a specific entry based on the information entered Click the Edit button to modify the specified entry Click the Delete button to delete the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist After clicking the Edit button the following page will appear Figure 6 90 VRRP Settings Edit Window The f...

Page 256: ...scribed below Parameter Description VLAN Enter the ID of the VLAN interface that will be used here The range is from 1 to 4094 VRID Enter the ID of the virtual router that will be created here The range is from 1 to 255 Address Family Select the address family used here Options to choose from are IPv4 Specifies to create an IPv4 virtual router IPv6 Specifies to create an IPv6 virtual router Interf...

Page 257: ...n the current master Priority Enter the priority value of the virtual router here The range is from 1 to 254 The master of a VRRP group is elected based on the priority The virtual router with the highest priority becomes the master and others with lower priorities act as the backup for the VRRP group If there are multiple routers with the same highest priority value the router with the larger IPv...

Page 258: ...iority value of the virtual router here The range is from 1 to 254 The master of a VRRP group is elected based on the priority The virtual router with the highest priority becomes the master and others with lower priorities act as the backup for the VRRP group If there are multiple routers with the same highest priority value the router with the larger IP address will become the Master The router ...

Page 259: ...the range of ports that will be used for this configuration here Default CoS Select the default CoS option for the port s specified here Options to choose from are 0 to 7 Select the Override option to override the CoS of the packets The default CoS will be applied to all incoming packets tagged or untagged received by the port Select the None option to specify that the CoS of the packets will be t...

Page 260: ...e corresponding weight is subtracted by 1 and the packet in the next lower CoS queue will be serviced When the weight of a CoS queue reaches zero the queue will not be serviced until its weight is replenished When weights of all CoS queues reach 0 the weights get replenished at a time Weighted Deficit Round Robin WDRR operates by serving an accumulated set of backlogged credits in the transmit que...

Page 261: ...lue here This value must be between 0 and 7 WRR Weight Enter the WRR weight value here This value must be between 0 and 127 To satisfy the behavior requirements of Expedited Forwarding EF the highest queue is always selected by the Per hop Behavior PHB EF and the schedule mode of this queue should be strict priority scheduling So the weight of the last queue should be zero while the Differentiate ...

Page 262: ...s To view the following window click QoS Basic Settings Port Rate Limiting as shown below Figure 7 5 Port Rate Limiting Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the range of ports that will be used for this configuration here Direction Select the direction op...

Page 263: ...r a flow control frame when the received traffic exceeds the limitation Click the Apply button to accept the changes made Queue Rate Limiting This window is used to display and configure the queue rate limiting settings To view the following window click QoS Basic Settings Queue Rate Limiting as shown below Figure 7 6 Queue Rate Limiting Window The fields that can be configured are described below...

Page 264: ...d bandwidth of one CoS cannot be used across physical ports When the Min Percent option is selected enter the minimum bandwidth percentage value in the space provided This value must be between 1 and 100 percent Also enter the maximum percentage value Max Percent in the space provided This value must be between 1 and 100 percent Click the Apply button to accept the changes made Advanced Settings D...

Page 265: ... view the following window click QoS Advanced Settings Port Trust State and Mutation Binding as shown below Figure 7 8 Port Trust State and Mutation Binding Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the range of ports that will be used for this configuration h...

Page 266: ...ct the range of ports that will be used for this configuration here CoS Select the CoS value to map to the DSCP list Options to choose from are 0 to 7 DSCP List Enter the DSCP list value to map to the CoS value here This value must be between 0 and 63 Click the Apply button to accept the changes made CoS Color Mapping This window is used to display and configure the CoS color mapping settings To v...

Page 267: ... ports that will be used for this configuration here CoS List Enter the CoS value that will be mapped to the color This value must be between 0 and 7 Color Select the color option that will be mapped to the CoS value Options to choose from are Green Yellow and Red Click the Apply button to accept the changes made DSCP Color Mapping This window is used to display and configure the DSCP color mappin...

Page 268: ...en 0 and 63 Color Select the color option that will be mapped to the DSCP value Options to choose from are Green Yellow and Red Click the Apply button to accept the changes made Class Map This window is used to display and configure the class map settings To view the following window click QoS Advanced Settings Class Map as shown below Figure 7 12 Class Map Window The fields that can be configured...

Page 269: ...ct and enter the DSCP list value that will be matched with this class map here This value must be between 0 and 63 Tick the IPv4 only option to match IPv4 packets only If not specified the match is for both IPv4 and IPv6 packets Precedence List Select and enter the precedence list value that will be matched with this class map here This value must be between 0 and 7 Tick the IPv4 only option to ma...

Page 270: ...p option the packet will be dropped When selecting the Set DSCP Transmit option enter the IP DSCP value in the space provided This value sets the IP differentiated services code point DSCP value and transmits the packet with the new IP DSCP value When selecting the Set 1P Transmit option enter the 1P transmit value in the space provided This value sets the 802 1p value and transmits the packet wit...

Page 271: ...None option no action will be taken When selecting the Drop option the packet will be dropped When selecting the Set DSCP Transmit option enter the IP DSCP value in the space provided This value sets the IP differentiated services code point DSCP value and transmits the packet with the new IP DSCP value When selecting the Set 1P Transmit option enter the 1P transmit value in the space provided Thi...

Page 272: ...lecting the Set 1P Transmit option enter the 1P transmit value in the space provided This value sets the 802 1p value and transmits the packet with the new value When selecting the Transmit option packets will be transmitted unaltered When selecting the Set DSCP 1P option enter the IP DSCP and 1P transmit values in the spaces provided Exceed Action Select the exceed action here The exceed action s...

Page 273: ...ltered When selecting the Set DSCP 1P option enter the IP DSCP and 1P transmit values in the spaces provided Color Aware Select the color aware option here Options to choose from are Disabled and Enabled When color aware is disabled the policer works in the color blind mode When color aware is enabled the policer works in the color aware mode Click the Apply button to accept the changes made Click...

Page 274: ...one Select this option to specify that no action will be taken Specify Select this option to specify that action will be taken based on the configurations made New Precedence Select the new precedence value for the packet here The range is from 0 to 7 Select the IPv4 only option to specify that IPv4 precedence will be marked only If not selected then both IPv4 and IPv6 precedence will be marked Fo...

Page 275: ...fies that the conform action is to drop the packet Set DSCP Transmit Specifies that the conform action is to modify the DSCP value and then to transmit the packet with the new DSCP value Enter the new DSCP value in the space provided Set 1P Transmit Specifies that the conform action is to modify the 802 1p value and then to transmit the packet with the new 802 1p value Enter the new 802 1p value i...

Page 276: ... transmit the packet with the new DSCP value Enter the new DSCP value in the space provided Set 1P Transmit Specifies that the violate action is to modify the 802 1p value and then to transmit the packet with the new 802 1p value Enter the new 802 1p value in the space provided Transmit Specifies that the violate action is to transmit the packet unmodified Set DSCP 1P Specifies that the violate ac...

Page 277: ...e packet flow into these queues by dropping random packets WRED employs two methods of avoiding congestion within the QoS queue 1 Every QoS queue has a minimum and a maximum level for acceptance of packets Once the maximum threshold has been reached for this queue the Switch will begin discarding all ingress packets this minimizing the allotted bandwidth for QoS When below the minimum threshold th...

Page 278: ...e packet will not be dropped or remarked for ECN Click the Apply button to accept the changes made Click the Find button to locate a specific entry based on the information entered Click the Reset Configuration button to reset the configuration on the specified entry WRED Queue This window is used to display and configure the WRED queue settings WRED drops packets based on the average queue size e...

Page 279: ...ture state on the specified port s here Profile Enter the WRED profile ID here The range is from 1 to 128 Weight Enter the exponential weight value here The range is from 0 to 15 This feature is used to configure the WRED exponential weight factor for the average queue size calculation for the queue Click the Apply button to accept the changes made ...

Page 280: ...lter CPU ACL ACL Configuration Wizard This window is used to guide the user to create a new ACL access list or configure an existing ACL access list Step 1 Create Update To view the following window click ACL ACL Configuration Wizard as shown below Figure 8 1 ACL Configuration Wizard Create Window Figure 8 2 ACL Configuration Wizard Update Window The fields that can be configured are described bel...

Page 281: ... page number and click the Go button to navigate to a specific page when multiple pages exist Step 2 Select Packet Type After clicking the Next button the following window will appear Figure 8 3 ACL Configuration Wizard Create Packet Type Window The fields that can be configured are described below Parameter Description MAC Select to create update a MAC ACL IPv4 Select to create update an IPv4 ACL...

Page 282: ...o choose from are Any Host and MAC When the Any option is selected any destination traffic will be evaluated according to the conditions of this rule When the Host option is selected enter the destination host MAC address here When the MAC option is selected the Wildcard option will also be available Enter the destination MAC address and wildcard value in the spaces provided Specify Ethernet Type ...

Page 283: ...ange is from 0x0 to 0xFFF Inner VID Enter the inner VLAN ID that will be associated with this ACL rule here The range is from 1 to 4094 Mask Enter the inner VLAN ID mask value here The range is from 0x0 to 0xFFF Time Range Enter the name of the time range profile that will be used in this ACL rule here This name can be up to 32 characters long Action Select the action that this rule will take here...

Page 284: ...ue 1 will be ignored The bit corresponding to the bit value 0 will be checked Destination Select and enter the destination information here Options to choose from are Any Host and IP When the Any option is selected any destination traffic will be evaluated according to the conditions of this rule When the Host option is selected enter the destination host IP address here When the IP option is sele...

Page 285: ...ue used here The range is from 0 to 255 When the ICMP Message Type is selected this numerical value will automatically be entered This parameter is only available in the protocol type ICMP Message Code When the ICMP Message Type is not selected enter the Message Code numerical value used here The range is from 0 to 255 When the ICMP Message Type is selected this numerical value will automatically ...

Page 286: ...he next step IPv6 After clicking the IPv6 radio button and the Next button the following window will appear Figure 8 6 ACL Configuration Wizard Create Packet Type IPv6 Window The fields that can be configured are described below Parameter Description Sequence No Enter the ACL rule number here This value must be between 1 and 65535 Select Auto Assign to automatically generate an ACL rule number for...

Page 287: ...nge and Mask When selecting the option the specific selected port number will be used When selecting the option all ports greater than the selected port will be used When selecting the option all ports smaller than the selected port will be used When selecting the option all ports excluding the selected port will be used When selecting the Range option the start port number and end port number sel...

Page 288: ... the protocol type ICMP DSCP Select the DSCP value that will be used here Options to choose from are default 0 af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 38 cs1 8 cs2 16 cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 and ef 46 Value The DSCP value can also manually be entered here The range is from 0 to 63 Mask Enter the DSCP mask value here The range is from ...

Page 289: ... button to accept the changes made and return to the main ACL Wizard window ACL Access List This window is used to display and configure the ACLs ACL rules and settings To view the following window click ACL ACL Access List as shown below Figure 8 8 ACL Access List Window The fields that can be configured are described below Parameter Description ACL Type Select the ACL type to find here Options t...

Page 290: ...clicking the Edit button the following page will appear Figure 8 9 ACL Access List Edit Window After clicking the Edit button the fields that can be configured are described below Parameter Description Start Sequence No Enter the start sequence number here Step Enter the sequence number step here The step range is from 1 to 32 This specifies the number that the sequence numbers step The default va...

Page 291: ...CL and clicking the Add Rule button the following page will appear Figure 8 11 Standard IP ACL Add Rule Window The fields that can be configured are described below Parameter Description Sequence No Enter the sequence number of this ACL rule here The range is from 1 to 65535 If this value is not specified the system will automatically generate an ACL rule number for this entry Action Select the ac...

Page 292: ...will be used in this ACL rule here This name can be up to 32 characters long Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page Extended IP ACL After selecting an Extended IP ACL and clicking the Add Rule button the following page will appear Figure 8 12 Extended IP ACL Add Rule Window The fields that can be configure...

Page 293: ... will also be available Enter the group of destination IP addresses by using a wildcard bitmap The bit corresponding to the bit value 1 will be ignored The bit corresponding to the bit value 0 will be checked Source Port Select and enter the source port value here Options to choose from are Range and Mask When selecting the option the specific selected port number will be used When selecting the o...

Page 294: ...y available in the protocol type ICMP TCP Flag Tick the appropriate TCP flag option to include the flag in this rule Options to choose from are ack fin psh rst syn and urg This parameter is only available in the protocol type TCP IP Precedence Select the IP precedence value used here Options to choose from are routine 0 priority 1 immediate 2 flash 3 flash override 4 critical 5 internet 6 and netw...

Page 295: ...ording to the conditions of this rule When the Host option is selected enter the source host IPv6 address here When the IPv6 option is selected the Prefix Length option will also be available Enter the source IPv6 address and prefix length value in the spaces provided Destination Select and enter the source IPv6 information here Options to choose from are Any Host IPv6 and Prefix Length When the A...

Page 296: ...are TCP UDP ICMP Protocol ID ESP 50 PCP 108 SCTP 132 and None Value The protocol ID can also manually be entered here The range is from 0 to 255 Mask After selecting the Protocol ID option manually enter the protocol mask value here The range is from 0x0 to 0xFF Fragments Select this option to include packet fragment filtering Source Select and enter the source IPv6 information here Options to cho...

Page 297: ...his parameter is only available in the protocol type TCP and UDP Destination Port Select and enter the source port value here Options to choose from are Range and Mask When selecting the option the specific selected port number will be used When selecting the option all ports greater than the selected port will be used When selecting the option all ports smaller than the selected port will be used...

Page 298: ...ered here The range is from 0 to 63 Mask Enter the DSCP mask value here The range is from 0x0 to 0x3F Traffic Class Select and enter the traffic class value here The range is from 0 to 255 Mask Enter the traffic class mask value here The range is from 0x0 to 0xFF Flow Label Enter the flow label value here This value must be between 0 and 1048575 Mask Enter the flow label mask value here The range ...

Page 299: ... type option here Options to choose from are aarp appletalk decent iv etype 6000 etype 8042 lat lavc sca mop console mop dump vines echo vines ip xns idp and arp Ethernet Type Enter the Ethernet type hexadecimal value here This value must be between 0x600 and 0xFFFF When the Ethernet type profile is selected above the appropriate hexadecimal value will automatically be entered Ethernet Type Mask E...

Page 300: ...RP 112 IP in IP 94 PCP 108 Protocol ID and None Value The protocol ID can also manually be entered here The range is from 0 to 255 Mask After selecting the Protocol ID option manually enter the protocol mask value here The range is from 0x0 to 0xFF Fragments Select this option to include packet fragment filtering Source Select and enter the source IP information here Options to choose from are Any...

Page 301: ...d option will also be available Enter the destination MAC address and wildcard value in the spaces provided Source Port Select and enter the source port value here Options to choose from are Range and Mask When selecting the option the specific selected port number will be used When selecting the option all ports greater than the selected port will be used When selecting the option all ports small...

Page 302: ...ue The IP precedence value can also manually be entered here The range is from 0 to 7 Mask Enter the IP precedence mask value here The range is from 0x0 to 0x7 ToS Select the Type of Service ToS value that will be used here Options to choose from are normal 0 min monetary cost 1 max reliability 2 max throughput 4 and min delay 8 Value The ToS value can also manually be entered here The range is fr...

Page 303: ...wing window click ACL ACL Interface Access Group as shown below Figure 8 177 ACL Interface Access Group Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the range of ports that will be used for this configuration here Direction Select the direction here Options to ch...

Page 304: ...Description Access Map Name Enter the access map name here This name can be up to 32 characters long Sub Map Number Enter the sub map number here This value must be between 1 and 65535 Action Select the action that will be taken here Options to choose from are Forward Drop and Redirect When the Redirect option is selected select the redirected interface from the drop down list Counter State Select...

Page 305: ...ist that will be matched will be displayed Match IPv6 Access List Here the IPv6 access list that will be matched will be displayed Match MAC Access List Here the MAC access list that will be matched will be displayed Match EXPERT Access List Here the EXPERT access list that will be matched will be displayed Click the Please Select button navigate to a list of access lists that can be selected to b...

Page 306: ...that can be configured are described below Parameter Description Access Map Name Enter the access map name here This name can be up to 32 characters long Action Select the action that will be taken here Options to choose from are Add and Delete VID List Enter the VLAN ID list that will be used here Click the Apply button to accept the changes made Click the Delete button to remove the specific ent...

Page 307: ...g Window The fields that can be configured in Match IP Access List are described below Parameter Description Sequence No Enter the sequence number of the associated match entry here The range is from 1 to 65535 The lower the number is the higher the priority of the access list ACL Name Enter the standard or extended IP access list name to be matched here This name can be up to 32 characters long A...

Page 308: ...cept the changes made Click the Delete button to delete the specified entry The fields that can be configured in Match Expert Access List are described below Parameter Description Sequence No Enter the sequence number of the associated match entry here The range is from 1 to 65535 The lower the number is the higher the priority of the access list ACL Name Enter the extended expert access list name...

Page 309: ... described below Parameter Description ACL List Select the radio button next to the access list entry to use that access list in the configuration Select the ACL and click the OK button to accept the selection made Enter a page number and click the Go button to navigate to a specific page when multiple pages exist ...

Page 310: ...ettings Port Security Port Security Global Settings This window is used to display and configure the global port security settings Port Security is a security feature that prevents unauthorized computers with source MAC addresses unknown to the Switch prior to locking the port or ports from connecting to the Switch s locked ports and gaining access to the network To view the following window click...

Page 311: ...nge is from 1 to 12288 Tick the No Limit checkbox to allow the maximum number of secure MAC address Click the Apply button to accept the changes made The fields that can be configured in Port Security VLAN Settings are described below Parameter Description VID List Enter the VLAN ID s here VLAN Max Learning Address Enter the maximum number of allowed MAC addresses that can be learned on the specif...

Page 312: ...crements the security violation count and record the system log Selecting Shutdown specifies to shut down the port if there is a security violation and record the system log Security Mode Select the security mode option here Options to choose from are Permanent and Delete on Timeout Selecting Permanent specifies that under this mode all learned MAC addresses will not be purged out unless the user ...

Page 313: ...n 1 and 4094 Click the Add button to add a new entry based on the information entered Click the Delete button to remove a new entry based on the information entered Click the Clear by Port button to clear the information based on the port selected Click the Clear by MAC button to clear the information based on the MAC address entered Click the Clear All button to clear all the information in this ...

Page 314: ...s of Client Authenticator and Authentication Server in greater detail Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator must be running a RADIUS Server program and must be configured properly on the Authenticator Switch Clients connected to a port on the Switch must be authenticated by the Authentication Server ...

Page 315: ...k to the Client Figure 9 7 The Authenticator Three steps must be implemented on the Switch to properly configure the Authenticator The 802 1X State must be Enabled Security 802 1X 802 1X Global Settings The 802 1X settings must be implemented by port Security 802 1X 802 1X Port Settings A RADIUS server must be configured on the Switch Security RADIUS RADIUS Server Settings Client The Client is sim...

Page 316: ... the port The following figure displays a more detailed explanation of how the authentication process is completed between the three roles stated above Figure 9 9 The 802 1X Authentication Process The D Link implementation of 802 1X allows network administrators to choose between two types of Access Control used on the Switch which are Port based Access Control This method requires only one user t...

Page 317: ...n until an event occurs that causes the Port to become Unauthorized Hence if the Port is actually connected to a shared media LAN segment with more than one attached device successfully authenticating one of the attached devices effectively provides access to the LAN for all devices on the shared segment Clearly the security offered in this situation is open to attack Figure 9 10 Example of Typica...

Page 318: ...as shown below Figure 9 12 802 1X Global Settings Window The fields that can be configured are described below Parameter Description 802 1X State Select to enable or disable the global 802 1X state here 802 1X Trap State Select to enable or disable the 802 1X trap state here Click the Apply button to accept the changes made 802 1X Port Settings This window is used to display and configure the 802 ...

Page 319: ...disable the forward PDU option here MaxReq Enter the maximum required times value here This value must be between 1 and 10 By default this option is 2 This option configures the maximum number of times that the backend authentication state machine will retransmit an Extensible Authentication Protocol EAP request frame to the supplicant before restarting the authentication process PAE Authenticator...

Page 320: ... session information based on the MAC address Enter a page number and click the Go button to navigate to a specific page when multiple pages exist Authenticator Statistics This window is used to view and clear the authenticator statistics To view the following window click Security 802 1X Authenticator Statistics as shown below Figure 9 15 Authenticator Statistics Window The fields that can be con...

Page 321: ... Parameter Description Unit Select the Switch unit that will be used for this query here Port Select the appropriate port used for the query here Click the Find button to locate a specific entry based on the information entered Click the Clear Counters button to clear the counter information based on the selections made Click the Clear All button to clear all the information in this table Authenti...

Page 322: ...ormation entered Click the Clear Counters button to clear the counter information based on the selections made Click the Clear All button to clear all the information in this table Enter a page number and click the Go button to navigate to a specific page when multiple pages exist AAA AAA Global Settings This window is used to enable or disable the global Authentication Authorization and Accountin...

Page 323: ...gure 9 19 Application Authentication Settings Window Click the Edit button to re configure the specific entry Figure 9 20 Application Authentication Settings Edit Window The fields that can be configured are described below Parameter Description Login Method List After clicking the Edit button for the specific entry enter the login method list name used here Click the Edit button to re configure t...

Page 324: ...k the Apply button to accept the changes made The fields that can be configured in Application Accounting Commands Method List are described below Parameter Description Application Select the application used here Options to choose from are Console Telnet and SSH Level Select the privilege level used here Options to choose from are levels 1 to 15 Commands Method List Enter the commands method list...

Page 325: ... database for authentication group Specifies to use the server groups defined by the AAA group server Enter the AAA group server name in the space provided This string can be up to 32 characters long radius Specifies to use the servers defined by the RADIUS server host command Click the Apply button to accept the changes made The fields that can be configured in AAA Authentication MAC Auth are des...

Page 326: ...tion group Specifies to use the server groups defined by the AAA group server Enter the AAA group server name in the space provided This string can be up to 32 characters long radius Specifies to use the servers defined by the RADIUS server host command Click the Apply button to accept the changes made The fields that can be configured in AAA Authentication IGMP Auth Default Group RADIUS are descr...

Page 327: ...e method list name that will be used with the AAA authentication login option here Method 1 Method 4 Select the method lists that will be used for this configuration here Options to choose from are none Normally the method is listed as the last method The user will pass authentication if it is not denied by previous method s authentication local Specifies to use the local database for authenticati...

Page 328: ...d 1 Method 4 Select the method lists that will be used for this configuration here Options to choose from are none group radius and tacacs The none option is only available for Method 1 Click the Apply button to accept the changes made After clicking the AAA Accounting Exec tab the following page will appear Figure 9 27 Accounting Settings AAA Accounting Exec Window The fields that can be configur...

Page 329: ...or Method 1 Click the Apply button to accept the changes made Click the Delete button to remove the specified entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist RADIUS RADIUS Global Settings This window is used to display and configure the global RADIUS settings To view the following window click Security RADIUS RADIUS Global Settings as show...

Page 330: ...re described below Parameter Description IPv4 RADIUS Source Interface Name Enter the name of the IPv4 RADIUS source interface here Click the Apply button to accept the changes made The fields that can be configured in RADIUS Global IPv6 Source Interface are described below Parameter Description IPv6 RADIUS Source Interface Name Enter the name of the IPv6 RADIUS source interface here Click the Appl...

Page 331: ...onds Key Type Select the key type that will be used here Options to choose from are Plain Text and Encrypted Key Enter the key used to communicate with the RADIUS server here This key can be up to 32 characters long Click the Apply button to accept the changes made Click the Delete button to remove the specified entry RADIUS Group Server Settings This window is used to display and configure the RA...

Page 332: ...me Enter the name of the source IPv4 RADIUS interface here IPv6 RADIUS Source Interface Name Enter the name of the source IPv6 RADIUS interface here Click the Apply button to accept the changes made Click the Delete button to remove the specified entry Click the Back button to return to the previous window RADIUS Statistic This window is used to view and clear the RADIUS statistics information To ...

Page 333: ...d even though the word TACACS is used in the Web UI TACACS Global Settings This window is used to display and configure the global TACACS server settings To view the following window click Security TACACS TACACS Global Settings as shown below Figure 9 34 TACACS Global Settings Window The fields that can be configured in TACACS Global IPv4 Source Interface are described below Parameter Description ...

Page 334: ...cept the changes made Click the Delete button to remove the specified entry TACACS Group Server Settings This window is used to display and configure the TACACS group server settings To view the following window click Security TACACS TACACS Group Server Settings as shown below Figure 9 36 TACACS Group Server Settings Window The fields that can be configured are described below Parameter Descriptio...

Page 335: ...ibed below Parameter Description Group Server Name Select the TACACS group server name from this list here Click the first Clear button to clear the information based on the group selected Click the Clear All button to clear all the information in this table Click the second Clear button to clear all the information for the specific entry IMPB The IP network layer uses a four byte address The Ethe...

Page 336: ...ing Select to enable or disable the global DHCP snooping status Information Option Allow Untrusted Select to enable or disable the option to globally allow DHCP packets with the relay Option 82 on the untrusted interface Source MAC Verification Select to enable or disable the verification that the source MAC address in a DHCP packet matches the client hardware address Station Move Deny Select to e...

Page 337: ...n to disable the function Trusted Select the trusted option here Options to choose from are No and Yes Ports connected to the DHCP server or to other Switches should be configured as trusted interfaces The ports connected to DHCP clients should be configured as untrusted interfaces DHCP snooping acts as a firewall between untrusted interfaces and DHCP servers Click the Apply button to accept the c...

Page 338: ...tabase are described below Parameter Description Write Delay Enter the write delay time value here This value must be between 60 and 86400 seconds By default this value is 300 seconds Click the Reset button to reset the information entered Click the Apply button to accept the changes made The fields that can be configured in Store DHCP Snooping Database are described below Parameter Description UR...

Page 339: ...e 9 43 DHCP Snooping Binding Entry Window The fields that can be configured are described below Parameter Description MAC Address Enter the MAC address of the DHCP snooping binding entry here VID Enter the VLAN ID of the DHCP snooping binding entry here This value must be between 1 and 4094 IP Address Enter the IP address of the DHCP snooping binding entry here Unit Select the Switch unit that wil...

Page 340: ...ry based on the information entered Click the Edit button to re configure the specific entry Click the Delete button to remove the specified entry After clicking the Edit button the following window will appear Figure 9 45 ARP Access List Edit Window The fields that can be configured are described below Parameter Description Action Select the action that will be taken here Options to choose from a...

Page 341: ... 46 ARP Inspection Settings Window The fields that can be configured in ARP Inspection Validation are described below Parameter Description Src MAC Select to enable or disable the source MAC option here This option specifies to check for ARP requests and response packets and the consistency of the source MAC address in the Ethernet header against the sender MAC address in the ARP payload Dst MAC S...

Page 342: ...ation entered Enter a page number and click the Go button to navigate to a specific page when multiple pages exist ARP Inspection Port Settings This window is used to display and configure the ARP inspection port settings To view the following window click Security IMPB IPv4 Dynamic ARP Inspection ARP Inspection Port Settings as shown below Figure 9 47 ARP Inspection Port Settings Window The field...

Page 343: ...d VLAN here Click the Apply button to accept the changes made ARP Inspection Statistics This window is used to view and clear the ARP inspection statistics information To view the following window click Security IMPB IPv4 Dynamic ARP Inspection ARP Inspection Statistics as shown below Figure 9 49 ARP Inspection Statistics Window The fields that can be configured are described below Parameter Descr...

Page 344: ...rt settings To view the following window click Security IMPB IPv4 IP Source Guard IP Source Guard Port Settings as shown below Figure 9 51 IP Source Guard Port Settings Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the appropriate port range used for the configura...

Page 345: ...appropriate port range used for the configuration here Click the Apply button to accept the changes made The fields that can be configured in IP Source Binding Entry are described below Parameter Description Unit Select the Switch unit that will be used for this query here From Port To Port Select the appropriate port range used for the query here IP Address Enter the IP address of the binding ent...

Page 346: ...as shown below Figure 9 53 IP Source Guard HW Entry Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this query here From Port To Port Select the appropriate port range used for the query here Click the Find button to locate a specific entry based on the information entered Enter a page number and click the Go butt...

Page 347: ... ARP or IP packets and the ARP packet or IP packet sent by the host passes the binding check To pass the binding check the source IP address source MAC address VLAN ID and arrival port number must match any of the entries defined by either the IP source guard static binding entry or the DHCP snooping learned dynamic binding entry When a port is enabled for IMPB loose mode access control a host wil...

Page 348: ...le based on the MAC address entered Enter the MAC address that will be cleared in the space provided Clear All Select this option to clear all entries that contain MAC addresses Click the Apply button to accept the changes made IPv6 IPv6 Snooping This window is used to display and configure the IPv6 snooping settings To view the following window click Security IMPB IPv6 IPv6 Snooping as shown belo...

Page 349: ...and manually configured IPv6 address Before assigning an IPv6 address the host must perform Duplicate Address Detection first ND snooping detects DAD messages DAD Neighbor Solicitation NS and DAD Neighbor Advertisement NA to build its binding database The NDP packet NS and NA is also used to detect whether a host is still reachable and determine whether to delete a binding or not DHCP PD snooping ...

Page 350: ...e used here Binding Max Entries Enter the maximum number of IPv6 snooping binding entries that is allowed here The range is from 0 to 1024 Click the Apply button to accept the changes made Click the Clear button to clear DHCPv6 snooping entries from the specified port After selecting the IPv6 Snooping NDP Entry Settings tab option the following page will be available Figure 9 588 IPv6 Snooping IPv...

Page 351: ...HCP PD Entry Settings Window The fields that can be configured are described below Parameter Description Unit Select the Switch stacking unit ID here From Port To Port Select the range of ports that will be used here Binding Max Entries Enter the maximum number of IPv6 snooping binding entries that is allowed here The range is from 0 to 1024 Click the Apply button to accept the changes made Click ...

Page 352: ...able the validation of the source MAC address option here When the Switch receives an ND message that contains a link layer address the source MAC address is checked against the link layer address The packet will be dropped if the link layer address and the MAC addresses are different from each other Target Port Tick this option to specify the target port Unit Select the Switch unit that will be u...

Page 353: ...utton to re configure the specific entry Click the Delete button to remove the specified entry After clicking the Please Select button the following window will appear Figure 9 62 IPv6 RA Guard Please Select Window Select the radio button next to the entry to use that ACL in the configuration Enter a page number and click the Go button to navigate to a specific page when multiple pages exist Click...

Page 354: ... this configuration here From Port To Port Select the appropriate port range used for the configuration here Click the Apply button to accept the changes made Click the Edit button to re configure the specific entry Click the Delete button to remove the specified entry After clicking the Please Select button the following window will appear Figure 9 604 IPv6 DHCP Guard Please Select Window Select ...

Page 355: ...to enable or disable the validate address feature here This is used to enable the IPv6 source guard to perform the validate address feature Validate Prefix Select to enable or disable the validate prefix feature here This is used to enable the IPv6 source guard to perform the IPv6 prefix guard operation Target Port Tick this option to specify the target port Unit Select the Switch unit that will b...

Page 356: ...escribed below Parameter Description Unit Select the Switch unit that will be used for this search here From Port To Port Select the appropriate port range used for the search here IPv6 Address Enter the IPv6 address to find here MAC Address Enter the MAC address to find here VID Enter the VLAN ID to find here Click the Find button to locate a specific entry based on the information entered Click ...

Page 357: ...37 DHCP Server Screening Global Settings Window The fields that can be configured in Trap Settings are described below Parameter Description Trap State Select to enable or disable the DHCP server screening trap here Click the Apply button to accept the changes made The fields that can be configured in Profile Settings are described below Parameter Description Profile Name Enter the DHCP server scr...

Page 358: ...rt s specified Server IP Enter the DHCP server IP address here Profile Name Enter the DHCP server screening profile that will be used for the port s specified here Click the Apply button to accept the changes made Click the Delete button to remove the specified entry ARP Spoofing Prevention This window is used to display and configure the ARP spoofing prevention settings When an entry is created A...

Page 359: ...otection function One is normal state and another is under attack state The under attack state has three modes drop block and shutdown A BPDU protection enabled port will enter an under attack state when it receives one STP BPDU packet and it will take action based on the configuration BPDU protection has a higher priority than the Forward BPDU FBPDU setting configured by configure STP command in ...

Page 360: ...disable the BPDU attack protection state on the port s specified Mode Select the BPDU attack protection mode that will be applied to the port s specified Options to choose from are Drop Block and Shutdown Drop Drop all received BPDU packets when the port enters under attack state Block Drop all packets include BPDU and normal packets when the port enters under attack state Shutdown Shut down the p...

Page 361: ...ame used for MAC authentication here This name can be up to 16 characters long Tick the Default option to restore the username to the client MAC address here Password Enter the password used for MAC authentication here Tick the Encrypt option save this password in the encrypted form Tick the Default option to restore the password to the client MAC address here Click the Apply button to accept the ...

Page 362: ...al IP is transformed into the physical IPIF IP interface address of the Switch to make the communication possible The host PC and other servers IP configurations do not depend on the virtual IP of WAC The virtual IP does not respond to any ICMP packets or ARP requests which means it is not allowed to configure a virtual IP on the same subnet as the Switch s IPIF IP interface or the same subnet as ...

Page 363: ...so that client may obtain an IP address Certain functions exist on the Switch that will filter HTTP packets such as the ACL function The user needs to be very careful when setting filter functions for the target VLAN so that these HTTP packets are not denied by the Switch If a RADIUS server is to be used for authentication the user must first establish a RADIUS Server with the appropriate paramete...

Page 364: ... interface or the same subnet as the host PCs subnet otherwise the Web authentication cannot operate correctly The defined URL only takes effect when the virtual IP address is configured The users get the FQDN URL stored on the DNS server to get the virtual IP address The obtained IP address must match the virtual IP address configured by the command If the IPv4 virtual IP is not configured the IP...

Page 365: ...ation here From Port To Port Select the appropriate port range used for the configuration here State Select to enable or disable the WAC feature on the port s specified Click the Apply button to accept the changes made WAC Customize Page This window is used to display and configure the WAC customized login page To view the following window click Security Web based Access Control WAC Customize Page...

Page 366: ...t button to replace the information with the default information Click the Apply button to accept the changes made Network Access Authentication Guest VLAN This window is used to display and configure the network access authentication guest VLAN settings To view the following window click Security Network Access Authentication Guest VLAN as shown below Figure 9 696 Guest VLAN Window The fields tha...

Page 367: ...nd only controls whether a host which is authenticated at a port set to the multi authenticate mode is allowed to move to another port If a station is allowed to move there are two situations It may either need to be re authenticated or directly moved to the new port without re authentication based on the following rule If the new port has the same authentication configuration as the original port...

Page 368: ...he user name used here This name can be up to 32 characters long VID Enter the VLAN ID used here Password Type Select the password type option here Options to choose from are Plain Text and Encrypted Password Enter the password used here Click the Apply button to accept the changes made Click the Delete button to remove the specified entry Network Access Authentication Port Settings This window is...

Page 369: ...thentication control When a port s authentication mode is changed to multi host the previous authentication VLAN s on this port will be cleared CompAuth Mode Select the compound authentication mode option here Options to choose from are Any and MAC WAC Selecting Any specifies that if any of the authentication method 802 1X MAC based Access Control or WAC to passes then pass Selecting MAC WAC speci...

Page 370: ... of the Switch while the attack is ongoing thus making it capable to forward essential packets over its network in a limited bandwidth If the CPU load rises above the rising threshold value the Safeguard Engine function will be activated and the Switch will enter the exhausted mode In the exhausted mode the Switch will limit the bandwidth available for ARP and broadcast IP packets If the CPU load ...

Page 371: ...nage Simple Network Management Protocol SSH Manage Secure Shell STP Protocol Spanning Tree Protocol Telnet Manage Telnet TFTP Manage Trivial File Transfer Protocol VRRP Protocol Virtual Router Redundancy Protocol Web Manage Hypertext Transfer Protocol HTTP and Hypertext Transfer Protocol Secure HTTPS A customized rate limit in packets per second can be assigned to the Safeguard Engine s sub interf...

Page 372: ...evel the Switch will move into Exhausted mode based on the parameters provided in this window Falling Threshold Enter the falling threshold value here This value must be between 20 and 100 This value is used to configure the acceptable level of CPU utilization as a percentage where the Switch leaves the Safeguard Engine state and returns to normal mode Click the Apply button to accept the changes ...

Page 373: ... Sub Interface Select the sub interface option here Options to choose from are Manage Protocol and Route Rate Limit Enter the rate limit value used here This value must be between 0 and 1024 packets per second Tick the No Limit option to disable the rate limit Click the Apply button to accept the changes made The fields that can be configured in Sub Interface Information are described below Parame...

Page 374: ...on are described below Parameter Description Protocol Name Select the protocol name option here Click the Find button to locate a specific entry based on the information entered Trusted Host This window is used to display and configure the trusted host settings To view the following window click Security Trusted Host as shown below Figure 9 744 Trusted Host Window The fields that can be configured...

Page 375: ...omain of an interface is empty then there is no restriction on Layer 2 forwarding of packets received by the port To view the following window click Security Traffic Segmentation Settings as shown below Figure 9 755 Traffic Segmentation Settings Window The fields that can be configured are described below Parameter Description Unit Select the receiving Switch unit that will be used for this config...

Page 376: ...e Apply button to accept the changes made The fields that can be configured in Storm Control Port Settings are described below Parameter Description From Port To Port Select the appropriate port range used for the configuration here Type Select the type of storm attack that will be controlled here Options to choose from are Broadcast Multicast and Unicast When the action is configured as the shutd...

Page 377: ... and 2147483647 Kbps KBPS Low Enter the low KBPS value used here This option specifies the low threshold value as a rate of kilobits per second at which traffic is received on the port This value must be between 1 and 2147483647 Kbps If the low KBPS is not specified the default value is 80 of the specified risen KBPS Click the Apply button to accept the changes made After selecting the Level optio...

Page 378: ...type of attack involves port scanning by using specific packets which contain source port 0 to 1023 and SYN flag Ping of Death Attack A ping of death is a type of attack on a computer that involves sending a malformed or otherwise a malicious ping to a computer A ping is normally 64 bytes in size many computers cannot handle a ping larger than the maximum IP packet size which is 65535 bytes The se...

Page 379: ...ions The steps required to use the SSH protocol for secure communication between a remote PC the SSH client and the Switch the SSH server are as follows Create a user account with admin level access using the User Accounts window This is identical to creating any other admin level User Account on the Switch including specifying a password This password is used to logon to the Switch once a secure ...

Page 380: ...st key To view the following window click Security SSH Host Key as shown below Figure 9 91 Host Key Window The fields that can be configured in Host Key Management are described below Parameter Description Crypto Key Type Select the crypto key type used here Options to choose from are the Rivest Shamir Adleman RSA key type and the Digital Signature Algorithm DSA key type Key Modulus Select the key...

Page 381: ...tions table To view the following window click Security SSH SSH Server Connection as shown below Figure 9 814 SSH Server Connection Window SSH User Settings This window is used to display and configure the SSH user settings To view the following window click Security SSH SSH User Settings as shown below Figure 9 825 SSH User Settings Window The fields that can be configured are described below Par...

Page 382: ... Cipher Block Chaining which means that a portion of the previously encrypted block of encrypted text is used in the encryption of the current block The Switch supports the 3DES EDE encryption code defined by the Data Encryption Standard DES to create the encrypted text Hash Algorithm This part of the cipher suite allows the user to choose a message digest function which will determine a Message A...

Page 383: ...aracters long Click the Apply button to accept the changes made The fields that can be configured in Import File are described below Parameter Description File Select Select the file type that will be loaded here Options to choose from are Certificate and Private Key After selecting the file type browse to the appropriate file located on the local computer by pressing the Browse button Destination...

Page 384: ...f the password phrase is not specified the NULL string will be used TFTP Server Path Enter the TFTP server path here Type Select the type of certificate that will be imported here Options to choose from are Both CA and Local Selecting Both specifies to import the CA certificate local certificate and key pairs Selecting CA specifies to import the CA certificate only Selecting Local specifies to imp...

Page 385: ...ust point name here This name can be up to 32 characters long Cipher Suites Select the cipher suites that will be associated with this profile here Click the Apply button to accept the changes made Click the Find button to locate a specific entry based on the information entered Click the Edit button to re configure the specific entry Click the Delete button to remove the specified entry SFTP Serv...

Page 386: ... SFTP Server Select to globally enable or disable the SFTP server feature here Idle Timeout Enter the idle timeout value here If the SFTP server detects no operation after the duration of the idle timer for a specific SFTP session the Switch will close this SFTP session The range is from 30 to 600 seconds By default this value is 120 seconds Click the Apply button to accept the changes made ...

Page 387: ... trap will be sent out LCK Trap State Select to enable or disable the Locked Signal LCK trap feature here If the trap status of LCK is enabled once an ETH LCK event occurs or an ETH LCK event clears a trap will be sent out All MPs Reply LTRs Select to enable or disable the all MPs Link Trace Reply LTR feature here According to IEEE 802 1ag a Bridge replies with one LTR to a Link Trace Message LTM ...

Page 388: ...IP An enumerated value indicates whether the management entity can create MIP Half Functions MHF for a maintenance domain Options to choose from are None Auto and Explicit None Specifies not to create the MIP for a maintenance domain Auto Specifies that MIPs will always be created on any port in this MD when there is no MEP configured on that port for the MAs with the same VID at this MD level or ...

Page 389: ... Parameter Description MA Name Enter the Maintenance Association MA entry name here This name can be up to 22 characters long Each MA in an MD must have a unique MA name MAs configured in different MDs may have the same MA identifier When the MA entry is deleted the configuration on it is also deleted MA VID Enter the Maintenance Association MA entry VLAN ID here The range is from 1 to 4094 Click ...

Page 390: ...onfigured on that port for the MA with the same VID at the next lower active MD level or there is no MA with the same VID at any lower active MD levels For an intermediate Switch in an MA the setting should be Auto in order for the MIPs to be created on this device Explicit Specifies that MIPs will be created on any port for this MA when there is no MEP configured on that port for the MAs with the...

Page 391: ...port number that will be used here Direction Select the direction of the MEP here Options to choose from are Up and Down Up Specifies to create an inward facing up MEP Down Specifies to create an outward facing down MEP Click the Apply button to accept the changes made Click the Back button to return to the previous window Click the Show Detail button to view more detailed information about the sp...

Page 392: ... Reference Guide 381 After clicking the Show Detail button the following page will appear Figure 10 6 CFM Settings Add MA Add MEP MEPID Detail Window Click the Edit button to modify the specified entry Click the Back button to return to the previous window ...

Page 393: ...er CFM PDUs transmitted by the MEP Fault Alarm Select the type of defects whose fault alarms can be sent by this MEP Options to choose from are None All MAC Status Remote CCM Error CCM and XCON CCM None Specifies that no fault alarm will be sent All Specifies that the fault alarms can be sent for all types of defects MAC Status Specifies that the fault alarms can be sent for the defects whose prio...

Page 394: ...xist on The range is from 0 to 7 LCK State Select the enable or disable the LCK feature on this interface here LCK Period Select the transmitting interval of the LCK PDU here Options to choose from are 1 Second and 1 Minute The default period is 1 second LCK Client Level Select the client level ID to which the MEP sends the LCK PDU here The default client MD level is the MD level that the most imm...

Page 395: ...iption MAC Address Enter the MAC address for the DM test here Period Interval Select the period interval time here This specifies the transmitting period of the DDM message and diagnostic interval Options to choose from are 100ms 1sec The transmission period is 100 milliseconds and the diagnostic interval is 1 second 1sec 10sec The transmission period is 1 second and the diagnostic interval is 10 ...

Page 396: ...tics information Click the Back button to return to the previous window After clicking the Edit LM button the following page will appear Figure 10 11 CFM Settings Add MA Add MEP Edit LM Window The fields that can be configured in CFM LM Settings are described below Parameter Description State Select to enable or disable the ITU Y 1731 Loss Measurement LM feature here When the administrative state ...

Page 397: ... Specifies to clear the stored statistics of ETH LM frames LMM and LMR Click the Clear button to clear the CFM LM statistics information based on the selection made Click the Clear All button to clear all the CFM LM statistics information Click the Back button to return to the previous window CFM Port Settings This window is used to display and configure the CFM port settings To view the following...

Page 398: ...and enter the remote MEP ID here The range is from 1 to 8191 MEPID Enter the MEP ID that will initiate the loopback test here The range is from 1 to 8191 MA Name Enter the MA name here This name can be up to 22 characters long Domain Name Enter the MD name here This name can be up to 22 characters long LBMs Number Enter the number of LBMs to be sent here The range is from 1 to 65535 By default thi...

Page 399: ...to initiate the link trace feature The range is from 1 to 8191 MA Name Enter the MA name here The name can be up to 22 characters long Domain Name Enter the MD name here The name can be up to 22 characters long TTL Enter the link trace message s TTL value here The range is from 2 to 255 The default value is 64 PDU Priority Select the 802 1p priority to be set in the transmitted LBMs here If not sp...

Page 400: ...r This window is used to find and display the CFM packet counter information To view the following window click OAM CFM CFM Packet Counter as shown below Figure 10 17 CFM Packet Counter Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit ID that will be used here Port Select the Switch port that will be used here Type Select the type of co...

Page 401: ... the Clear button to clear the counter information associated with all entries Enter a page number and click the Go button to navigate to a specific page when multiple pages exist CFM MIP CCM Table This window is used to display the MIP CCM database entries To view the following window click OAM CFM CFM MIP CCM Table as shown below Figure 10 19 CFM MIP CCM Table Window CFM MEP Fault Table This win...

Page 402: ...rt To Port Select the appropriate port range used for the configuration here Click the Test button to test the specific port Click the Clear button to clear all the information for the specific port Click the Clear All button to clear all the information in this table NOTE Cable diagnostic function limitations Cable length detection is only supported on physical port interface NOTE The maximum cab...

Page 403: ...e the interface will start OAM discovery If the OAM mode of this interface is active it initiates the discovery Otherwise it reacts to the discovery received from the peer Mode Select the Ethernet OAM mode here Options to choose from are Active and Passive The following two actions are allowed by ports in the active mode but disallowed by ports in the passive mode 1 Initiate OAM discovery 2 Start ...

Page 404: ...er to enter the remote loopback mode administrators must ensure that the local client is in the active mode and the OAM connection is established If the local client is already in the remote loopback mode then this feature cannot be applied Click the Apply button to accept the changes made The fields that can be configured in Ethernet OAM Table are described below Parameter Description Unit Select...

Page 405: ... set when an unrecoverable local failure condition has occurred Critical Event Select to enable or disable the critical event feature here This feature is used to configure the capability of the critical event If the capability for a critical event is disabled the port will never send out OAM PDUs with critical event bit set when an unspecified critical event has occurred Link Monitor Select the l...

Page 406: ...ol errors occur within the period an event notification OAM PDU should be generated with an error symbol period event TLV indicating that the threshold has been crossed in this window The range is from 10 to 600 deciseconds When Error Frame is selected as the link monitor enter the amount of time over which the threshold is defined here If the threshold frame errors occur within the period an even...

Page 407: ... The fields that can be configured are described below Parameter Description Unit Select the Switch unit ID that will be used here Port Select the Switch port that will be used here Action Select the Find option to find and display the log entries associated with the specified port Select the Clear option to clear the log entries associated with the specified port Click the Find button to find and...

Page 408: ...mation associated with the specified port s Click the Find button to find and display the statistics information associated with the specified port s Click the Show All button to display all the statistics information Ethernet OAM DULD Settings This window is used to display and configure the Ethernet OAM D Link Unidirectional Link Detection DULD settings DULD is an extension of 802 3ah Ethernet O...

Page 409: ...hat will be used here Admin State Select to enable or disable the admin state here This feature is used to enable Ethernet OAM unidirectional link detection on the specified port s Action Select the action that will be taken here Options to choose from are Normal and Shutdown Discovery Time Enter the discovery time value here The range is from 5 to 65535 seconds By default this value is 5 seconds ...

Page 410: ... shown below Figure 10 27 DDM Settings Window The fields that can be configured in DDM Global Settings are described below Parameter Description Transceiver Monitoring Traps Alarm Select to enable or disable the transceiver monitoring traps alarm feature here Transceiver Monitoring Traps Warning Select to enable or disable the transceiver monitoring traps warning feature here Click the Apply butto...

Page 411: ...ature Threshold Settings Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here Port Select the port used for the configuration here Action Select the action that will be taken here Options to choose from are Add and Delete Type Select the type of temperature threshold Options to choose from are L...

Page 412: ...e between 0 and 6 55 Volt Click the Apply button to accept the changes made DDM Bias Current Threshold Settings This window is used to display and configure the threshold of the bias current for specific ports on the Switch To view the following window click OAM DDM DDM Bias Current Threshold Settings as shown below Figure 10 30 DDM Bias Current Threshold Settings Window The fields that can be con...

Page 413: ...t Select the port used for the configuration here Action Select the action that will be taken here Options to choose from are Add and Delete Type Select the type of TX power threshold Options to choose from are Low Alarm Low Warning High Alarm and High Warning Power Unit Select the power unit here Options to choose from are mW and dBm Value Enter the threshold value either in mW or dBm here When s...

Page 414: ...w Alarm Low Warning High Alarm and High Warning Power Unit Select the power unit here Options to choose from are mW and dBm Value Enter the threshold value either in mW or dBm here When selecting mW in the Power Unit drop down list this value must be between 0 and 6 5535 When selecting dBm in the Power Unit drop down list this value must be between 40 and 8 1647 Click the Apply button to accept th...

Page 415: ... be used for this configuration here From Port To Port Select the range of ports that will be used for this configuration here Select the All option to use all the ports in this configuration Frame Type Select the frame type here Options to choose from are Broadcast Specifies to count only broadcast frames Multicast Specifies to count only multicast frames Unicast Specifies to count only unicast f...

Page 416: ... a page number and click the Go button to navigate to a specific page when multiple pages exist Utilization Port Utilization This window is used to view the port utilization table To view the following window click Monitoring Utilization Port Utilization as shown below Figure 11 2 Port Utilization Window The fields that can be configured are described below Parameter Description Unit Select the Sw...

Page 417: ...y Utilization Port Window The fields that can be configured are described below Parameter Description Type Select the history utilization type to display here Options to choose from are Memory Specifies to display the historical memory utilization information CPU Specifies to display the historical CPU utilization information Port Specifies to display the historical port utilization information Un...

Page 418: ... Options to choose from are All and 1 to 5 Click the Find button to display entries in the table based on the information selected Statistics Port This window is used to view the port statistics information To view the following window click Monitoring Statistics Port as shown below Figure 11 6 Port Window The fields that can be configured are described below Parameter Description Unit Select the ...

Page 419: ...I Reference Guide 408 Figure 11 7 Port Show Detail Window Click the Back button to return to the previous window Click the Refresh button to refresh the information displayed in the table CPU Port This window is used to view the CPU statistics information ...

Page 420: ...isplay here Options to choose from are All Layer 2 L2 Layer 3 L3 and Protocol Click the Find button to display entries in the table based on the information selected Click the Refresh button to refresh the information displayed in the table Click the Clear All button to clear all the statistics information displayed in the table Interface Counters This window is used to view the interface counter ...

Page 421: ...that will be used in this display here From Port To Port Select the range of ports that will be used in this display here Click the Find button to display entries in the table based on the information selected Click the Refresh button to refresh the information displayed in the table Click the Show Errors button to view more detailed error information on the specified port After clicking the Show ...

Page 422: ...ow Parameter Description Type Select the type of information to display here Options to choose from are Port and VLAN Interface VLAN Enter the VLAN ID that will be used in this display here Click the Find button to display entries in the table based on the information selected entered Click the Refresh button to refresh the counter information displayed in the table Interface History Counters This...

Page 423: ... 15 Minutes Specifies to display 15 minute based statistics count 1 Day Specifies to display daily based statistics count For 15 minute based statistics slot 1 represents the time from 15 minutes ago until now slot 2 represents the time from 30 minutes ago until 15 minutes ago and so on For 1 day based statistics slot 1 represents the time from 24 hours ago until now and slot 2 represents the time...

Page 424: ...rom Port To Port Select the range of ports that will be used in this display here Click the Find button to display entries in the table based on the information selected Click the Refresh button to refresh the counter information displayed in the table Click the Clear button clear the counter information displayed in the table based on the information selected Click the Clear All button clear all ...

Page 425: ...dow is used to display and configure the mirror feature s settings The Switch allows users to copy frames transmitted and received on a port and redirect the copies to another port Attach a monitoring device to the mirroring port such as a sniffer or an RMON probe to view details about the packets passing through the first port This is useful for network monitoring and troubleshooting purposes To ...

Page 426: ...hoose from are Port Remote VLAN and Replace Port After selecting this option select the Switch Unit ID and destination Port number from the drop down menus Remote VLAN After selecting this option select the Switch Unit ID and destination Port number from the drop down menus and enter the VID in the space provided The VID must be between 2 and 4094 Replace After selecting this option enter the ACL ...

Page 427: ...formation entered The fields that can be configured for Mirror Session Table are described below Parameter Description Mirror Session Type Select the mirror session type of information that will be displayed from the drop down menu Options to choose from are All Session Session Number Remote Session and Local Session After selecting the Session Number option select the session number from the seco...

Page 428: ...er the expiration time for the entry here The parameters of the entry will reset when the timer expired The range is from 0 to 2000000 seconds Selecting Infinite specifies that the entry will not expire Max Datagram Size Enter the maximum number of data bytes of a single sFlow datagram here The range is from 700 to 1400 bytes By default this value is 1400 bytes Collector Address Enter the remote s...

Page 429: ...specifies to sample ingress packets This is the default direction of a sampler Selecting Outbound specifies to sample egress packets Sampling Rate Enter packet sampling rate here This value must be between 0 and 65536 Entering 0 will disable this function If not specified the default value is 0 Max Header Size Enter the maximum number of bytes that should be copied from sampled packets This value ...

Page 430: ...x value for this poller here This value must be between 1 and 4 Interval Enter the maximum number of seconds between successive polling samples This value must be between 0 and 120 seconds Entering 0 will disable this feature By default this value is 0 Click the Apply button to accept the changes made Click the Delete button to remove the specified entry Enter a page number and click the Go button...

Page 431: ...e length detection power saving feature This feature will allow the Switch to automatically detect the cable length connected to the port and increase or reduce the required power to this port accordingly to save power Scheduled Port shutdown Power Saving Select this option to enable or disable applying the power saving by scheduled port shutdown Scheduled Dim LED Power Saving Select this option t...

Page 432: ...Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the appropriate port range used for the configuration here Time Range Enter the name of the time range to associate with the ports Click the Apply button to accept the changes made Click the Delete button to remove the specified entry EEE Energy Efficient Ethernet EEE is defined in IEEE 8...

Page 433: ...cribed below Parameter Description Unit Select the Switch unit that will be used for this configuration here From Port To Port Select the appropriate port range used for the configuration here State Select this option to enable or disable the state of this feature here Click the Apply button to accept the changes made ...

Page 434: ...n Window The fields that can be configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here File Path Enter the filename and path in the space provided Click the Apply button to save the configuration Firmware Upgrade Backup Firmware Upgrade from HTTP This window is used to initiate a firmware upgrade from a local PC using HTTP To ...

Page 435: ... configured are described below Parameter Description Unit Select the Switch unit that will be used for this configuration here TFTP Server IP Enter the TFTP server IP address here When select the IPv4 option enter the IPv4 address of the TFTP server in the space provided When the IPv6 option is selected enter the IPv6 address of the TFTP server in the space provided Source File Enter the source f...

Page 436: ...it that will be used for this configuration here TFTP Server IP Enter the TFTP server IP address here When select the IPv4 option enter the IPv4 address of the TFTP server in the space provided When the IPv6 option is selected enter the IPv6 address of the TFTP server in the space provided Source File Enter the source filename and path of the firmware file located on the Switch here This field can...

Page 437: ...on the Switch with this one Click the Restore button to initiate the configuration restore Configuration Restore from TFTP This window is used to initiate a configuration restore from a TFTP server To view the following window click Tools Configuration Restore Backup Configuration Restore from TFTP as shown below Figure 13 7 Configuration Restore from TFTP Window The fields that can be configured ...

Page 438: ...meter Description Unit Select the Switch unit that will be used for this configuration here Source File Enter the source filename and path of the configuration file located on the Switch here This field can be up to 64 characters long Select the running config option to back up the running configuration file from the Switch Select the startup config option to back up the start up configuration fil...

Page 439: ...the TFTP server This field can be up to 64 characters long Click the Backup button to initiate the configuration file backup Log Backup Log Backup to HTTP This window is used to initiate a system log backup to a local PC using HTTP To view the following window click Tools Log Backup Log Backup to HTTP as shown below Figure 13 10 Log Backup to HTTP Window The fields that can be configured are descr...

Page 440: ...ong Log Type Select the log type that will be backed up to the TFTP server When the System Log option is selected the system log will be backed up When the Attack Log is selected the attack log will be backed up Click the Backup button to initiate the system log backup Ping Ping is a small program that sends ICMP Echo packets to the IP address you specify The destination node then responds to or e...

Page 441: ...s to stop the ping after the amount of times entered here If this value is configured as 0 then the ping can only be stopped by clicking the Stop button manually The range is from 0 to 99 Source IPv4 Address Enter the source IPv4 address If the current Switch has more than one IP address you can enter one of them to this field When entered this IPv4 address will be used as the packets source IP ad...

Page 442: ...ow will appear Figure 13 13 Ping Please Select Window Select the radio button next to the entry to use that ACL in the configuration Enter a page number and click the Go button to navigate to a specific page when multiple pages exist Click the OK button to accept the selection made After clicking the Start button in IPv4 Ping section the following IPv4 Ping Result section will appear Figure 13 14 ...

Page 443: ...ops Port Enter the port number here The value range is from 1 to 65535 Timeout Enter the timeout period while waiting for a response from the remote device here A value of 1 to 65535 seconds can be specified The default is 5 seconds Length Enter the length value here This specifies the number of bytes of the outgoing datagram The range is from 1 to 1420 bytes ToS Enter the ToS value here This spec...

Page 444: ...is specifies the number of bytes of the outgoing datagram The range is from 1 to 1420 bytes Source IPv6 Address Enter the source IPv6 address here The specified IPv6 address must one of the IPv6 addresses configured for the Switch Probe Number Enter the probe time number here The range is from 1 to 1000 If unspecified the default value is 1 Click the Start button to initiate the route trace for ea...

Page 445: ...to reboot the Switch and alternatively save the configuration before doing so To view the following window click Tools Reboot System as shown below Figure 13 18 Reboot System Window When rebooting the Switch any configuration changes that was made during this session will be lost unless the Yes option is selected when asked to save the settings Click the Reboot button to alternatively save the set...

Page 446: ...h terminal emulation to the console port of the Switch Power on the Switch After the UART init is loaded to 100 the Switch will allow 2 seconds for the user to press the hotkey Shift 6 to enter the Password Recovery Mode Once the Switch enters the Password Recovery Mode all ports on the Switch will be disabled Boot Procedure V1 00 006 Power On Self Test 100 MAC Address F0 7D 68 36 30 00 H W Versio...

Page 447: ...escription Severity Event description AAA global state is enabled or disabled Log Message AAA is status Parameters description status The status indicates the AAA enabled or disabled Informational Event description Successful login Log Message Successful login through exec type from client ip authenticated by AAA aaa method server ip Username username Parameters description exec type It indicates ...

Page 448: ... failure Log Message Enable privilege failed through exec type from client ip authenticated by AAA aaa method server ip Username username Parameters description exec type It indicates the EXEC types e g Console Telnet SSH Web Web SSL client ip It indicates the client s IP address if valid through IP protocol aaa method It indicates the authentication method e g none local server server ip It indic...

Page 449: ... resource Log Message RADIUS server server ip assigns username ACL failure at port interface id acl script Parameters description server ip It indicates the RADIUS server IP address username It indicates the username for authentication interface id It indicates the port number of the client authenticated acl script The assign ACL script that authorized by from RADIUS server Warning ARP Log Descrip...

Page 450: ...ption vlanid Represents the VLAN identifier of the MEP mdlevel Represents the MD level of the MEP interface id Represents the interface number of the MEP mepdirection Can be inward or outward mepid Represents the MEPID of the MEP The value 0 means unknown MEPID macaddr Represents the MAC address of the MEP The value all zeros mean unknown MAC address Note In CFM hardware mode remote MEP informatio...

Page 451: ...evel VLAN vlanid Local Interface interface id Direction mepdirection Parameters Description vlanid Represents the VLAN identifier of the MEP mdlevel Represents the MD level of the MEP interface id Represents the interface number of the MEP mepdirection Represents the MEP direction which can be inward or outward mepid Represents the MEPID of the MEP macaddr Represents the MAC address of the MEP Inf...

Page 452: ...MEP mepdirection Represents the direction of the MEP This can be inward or outward mepid Represents the MEPID of the MEP Notification Configuration Firmware Log Description Severity Event description Firmware upgraded successfully Log Message Unit unitID Firmware upgraded by session successfully Username username IP ipaddr MAC macaddr Server IP serverIP File Name pathFile Parameters description un...

Page 453: ...ion Configuration downloaded successfully Log Message Unit unitID Configuration downloaded by session successfully Username username IP ipaddr MAC macaddr Server IP serverIP File Name pathFile Parameters description unitID The unit ID session The user s session username Represent current login user ipaddr Represent client IP address macaddr Represent client MAC address serverIP Server IP address p...

Page 454: ...unsuccessfully Username username IP ipaddr MAC macaddr Server IP serverIP File Name pathFile Parameters description unitID The unit ID session The user s session username Represent current login user ipaddr Represent client IP address macaddr Represent client MAC address serverIP Server IP address pathFile Path and file name on server Warning DAD Log Description Severity Event description When DUT...

Page 455: ...reshold type It can be one of the following types temperature supply voltage bias current TX power RX power high low High or low threshold Critical Event description when the any of SFP parameters recovers from the warning threshold Log Message Optical transceiver interface id component back to normal Parameters description interface id port interface ID component DDM threshold type It can be one ...

Page 456: ...age The IPv6 address ipv6address on interface ipif name rebinds success Parameters description ipv6address IPv6 address obtained from a DHCPv6 server ipif name Name of the DHCPv6 client interface Informational Event description The IPv6 prefix obtained from a delegation router starts renewing Log Message The IPv6 prefix ipv6networkaddr on interface intf name starts renewing Parameters description ...

Page 457: ...e packets IP ip address MAC mac address VLAN vlan id on interface id Parameters description type The type of ARP packet it indicates that ARP packet is request or ARP response ipaddr IP address macaddr MAC address vlanid VLAN ID interface id Interface name Warning ERPS Log Description Severity Event description manual Switch is issued Log Message Manual Switch is issued on node MAC macaddr instanc...

Page 458: ...cription Dying gasp event local Log Message Device encountered an OAM dying gasp event Warning Event description Critical event remote Log Message OAM critical event received Port interface id Parameters description interface id The interface name Warning Event description Critical event local Log Message Device encountered an OAM critical event Port interface id condition Parameters description i...

Page 459: ...tate Parameters description portNum 1 Interger value 2 Represent the logic port number of the device link state for ex 100Mbps FULL duplex Informational Event description Port link down Log Message Port portNum link down Parameters description portNum 1 Interger value 2 Represent the logic port number of the device Informational IP Directed Broadcast Log Description Severity Event description IP D...

Page 460: ...roup group_id The group id of the aggregation group that port detach from Informational LBD Log Description Severity Event Description Loop back is detected under port based mode Log Message IfInfo LBD loop occurred Parameters Description IfInfo The interface info Critical Event Description Port recovered from LBD blocked state under port based mode Log Message IfInfo LBD loop recovered Parameters...

Page 461: ...ort ID subtype Value list 1 interfaceAlias 1 2 portComponent 2 3 macAddress 3 4 networkAddress 4 5 interfaceName 5 6 agentCircuitId 6 7 local 7 portID port ID deviceClass LLDP MED device type Notice Event description Conflict LLDP MED device type detected Log Message Conflict LLDP MED device type detected on port portNum chassis id chassisType chassisID port id portType portID device class deviceC...

Page 462: ...D chassis ID portType port ID subtype Value list 1 interfaceAlias 1 2 portComponent 2 3 macAddress 3 4 networkAddress 4 5 interfaceName 5 6 agentCircuitId 6 7 local 7 portID port ID deviceClass LLDP MED device type Notice Login Logout Log Description Severity Event description Login through console successfully Log Message Unit unitID Successful login through Console Username username Parameters d...

Page 463: ...ion username Represent current login user ipaddr Represent client IP address Informational Event description Logout through telnet Log Message Logout through Telnet Username username IP ipaddr Parameters description username Represent current login user ipaddr Represent client IP address Informational Event description Login through SSH successfully Log Message Successful login through SSH Usernam...

Page 464: ...n which the host is authenticated vlan id the VLAN ID on which the host exists Critical Event description the authorized user number on the whole device has reached the maximum user limit Log Message MAC based Access Control enters stop learning state Warning Event description the authorized user number on the whole device is below the maximum user limit in a time interval Log Message MAC based Ac...

Page 465: ...ssage Spanning Tree port status change Instance InstanceID portNum old_status new_status Parameters description InstanceID Instance ID portNum Port ID old_status Old status new_status New status Notice Event description Spanning Tree port role changed Log Message Spanning Tree port role change Instance InstanceID portNum old_role new_role Parameters description InstanceID Instance ID portNum Port ...

Page 466: ...hange to alternate port due to the guard root Log Message Spanning Tree port role change Instance InstanceID portNum to alternate port due to the guard root Parameters description InstanceID Instance ID portNum Port ID Informational Event description Spanning Tree loop guard blocking Log Message Spanning Tree loop guard blocking Instance InstanceID portNum Parameters description InstanceID Instanc...

Page 467: ...e logical port number nway Represents the speed and duplex of link Informational Event description port linkdown Log Message Port port link down Parameters description port Represents the logical port number Informational Port Security Log Description Severity Event description Address full on a port Log Message MAC address mac address causes port security violation on interface id Parameters desc...

Page 468: ...dr with invalid community string Parameters Description ipaddr The IP address Informational SSH Log Description Severity Event description SSH server is enabled Log Message SSH server is enabled Informational Event description SSH server is disabled Log Message SSH server is disabled Informational SSL Log Description Severity Event description Successful login through Web SSL Log Message Successfu...

Page 469: ...escription unitID Box ID Macaddr MAC address Informational Event description Backup master changed to master Log Message Backup master changed to master Master Unit unitID Parameters description unitID Box ID Informational Event description Stacking topology change Log Message Stacking topology is Stack_TP_TYPE Master Unit unitID MAC macaddr Parameters description Stack_TP_TYPE The stacking topolo...

Page 470: ... Parameters description ipaddr The IP address of telnet client username the user name that used to login telnet server Informational WAC Log Description Severity Event description When a client host fails to authenticate Log Message WAC unauthenticated user User Name string IP ipaddr ipv6address MAC macaddr Port unitID portNum Parameters description string User name ipaddr IP address ipv6address I...

Page 471: ...cription Login failed through Web Log Message Login failed through Web Username username IP ipaddr Parameters description username The use name that used to login HTTP server ipaddr The IP address of HTTP client Warning Event description Web session timed out Log Message Web session timed out Username username IP ipaddr Parameters description username The use name that used to login HTTP server ip...

Page 472: ... 3 esnaSessionAuthVlan 4 esnaSessionAuthUserName 5 esDot1xExtNotifyFailReason 1 3 6 1 4 1 17 1 17 30 0 2 802 3ah OAM Trap Name Description OID dot3OamThresholdEvent This notification is sent when a local or remote threshold crossing event is detected Binding objects 1 dot3OamEventLogTimestamp 2 dot3OamEventLogOui 3 dot3OamEventLogType 4 dot3OamEventLogLocation 5 dot3OamEventLogWindowHi 6 dot3OamEv...

Page 473: ... esBpduProtectionAttackRecover This trap is sent when the BPDU attack recovered on an interface Binding objects 1 ifIndex 1 3 6 1 4 1 17 1 17 47 0 2 CFM Trap Name Description OID dot1agCfmFaultAlarm The trap is initiated when a connectivity defect is detected Binding objects 1 dot1agCfmMdIndex 2 dot1agCfmMaIndex 3 dot1agCfmMepIdentifier 1 3 111 2 802 1 1 8 0 1 CFM Extension Trap Name Description O...

Page 474: ... 3 6 1 4 1 17 1 17 72 0 1 esDdmWarningTrap A notification is generated when an abnormal warning situation occurs or recovers from an abnormal warning situation to normal status Binding objects 1 esDdmNotifyInfoIfIndex 2 esDdmNotifyInfoComponent 3 esDdmNotifyInfoAbnormalLevel 4 esDdmNotifyInfoThresholdExceedOrRecover 1 3 6 1 4 1 17 1 17 72 0 2 DHCP Server Screen Prevention Trap Name Description OID...

Page 475: ...n a port enters into error disabled state Binding objects 1 esErrDisNotifyInfoPortIfIndex 2 esErrDisNotifyInfoReasonID 1 3 6 1 4 1 17 1 17 45 0 1 esErrDisNotifyPortDisabledClear The trap is sent when a port loop restarts after the interval time Binding objects 1 esErrDisNotifyInfoPortIfIndex 2 esErrDisNotifyInfoReasonID 1 3 6 1 4 1 17 1 17 45 0 2 esErrDisNotifyVlanDisabledAssert The trap is sent w...

Page 476: ...ication links left the down state and transitioned into some other state but not into the notPresent state This other state is indicated by the included value of ifOperStatus Binding objects 1 ifIndex 2 if AdminStatus 3 ifOperStatu 1 3 6 1 6 3 1 1 5 4 linkDown A linkDown trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communicati...

Page 477: ...lesInserts 2 lldpStatsRemTablesDeletes 3 lldpStatsRemTablesDrops 4 lldpStatsRemTablesAgeouts 1 0 8802 1 1 2 0 0 1 lldpXMedTopologyChangeDetecte d A notification generated by the local device sensing a change in the topology that indicates that a new remote device attached to a local port or a remote device disconnected or moved from one port to another Binding objects 1 lldpRemChassisIdSubtype 2 l...

Page 478: ...on after its election as the new root e g upon expiration of the Topology Change Timer immediately subsequent to its election Implementation of this trap is optional 1 3 6 1 2 1 17 0 1 topologyChange A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state or from the Forwarding state to the Blocking state The trap is no...

Page 479: ...on is off The usage power is below the threshold At least 500 msec must elapse between notifications being emitted by the same object instance Binding objects 1 pethMainPseConsumptionPower 1 3 6 1 2 1 10 5 0 3 esPoeIfPowerDeniedNotification This Notification indicates if PSE state diagram enters the state POWER_DENIED At least 500 msec must elapse between notifications being emitted by the same ob...

Page 480: ... 1 6 3 1 1 5 4 linkDown A notification is generated when port linkdown Binding objects 1 ifIndex 2 if AdminStatus 3 ifOperStatu 1 3 6 1 6 3 1 1 5 3 RMON Trap Name Description OID risingAlarm The SNMP trap that is generated when an alarm entry crosses its rising threshold and generates an event that is configured for sending SNMP traps Binding objects 1 alarmIndex 2 alarmVariable 3 alarmSampleType ...

Page 481: ...r 2 ifIndex 1 3 6 1 4 1 17 1 17 225 0 0 1 3 esSingleIPMSLinkUp The commander Switch will send this notification when its member generates a link up notification Binding objects 1 esSingleIPMSMacAddr 2 ifIndex 1 3 6 1 4 1 17 1 17 225 0 0 1 4 esSingleIPMSAuthFail The commander Switch will send this notification when its member generates an authentication failure notification Binding objects 1 esSing...

Page 482: ...MSPowerFailure The commander switch will send this notification to the indicated host when its member generates a power failure notification 1 esSingleIpMSTrapMacAddr 2 esSingleIpMSTrapMessage 1 3 6 1 4 1 17 1 17 225 0 0 2 3 esSingleIpMSPowerRecover The commander switch will send this notification to the indicated host when its member generates a power recover notification 1 esSingleIpMSTrapMacAdd...

Page 483: ... 0 2 dsfUploadCfg The notification is sent when the user uploads configuration file successfully 1 3 6 1 4 1 17 1 14 14 0 3 dsfDownloadCfg The notification is sent when the user downloads configuration file successfully 1 3 6 1 4 1 17 1 14 14 0 4 dsfSaveCfg The notification is sent when the user saves configuration file successfully 1 3 6 1 4 1 17 1 14 14 0 5 Upload Download Trap Name Description ...

Page 484: ... 6 1 2 1 68 0 2 WAC Trap Name Description OID esWebAuthLoggedSuccess The trap is sent when a host has successfully logged in passed Web Authentication Binding objects 1 ifIndex 2 esnaSessionAuthVlan 3 esnaSessionClientMacAddress 4 esnaSessionClientAddrType 5 esnaSessionClientAddress 6 esnaSessionAuthUserName 1 3 6 1 4 1 17 1 17 154 0 1 esWebAuthLoggedFail The trap is sent when a host has failed to...

Page 485: ... privilege level attribute and authenticates successfully the device will not assign any privilege level to the access user If the privilege level is configured less than the minimum supported value or greater than the maximum supported value the privilege level will be ignored To assign the Ingress Egress Bandwidth by the RADIUS server the proper parameters should be configured on the RADIUS Serv...

Page 486: ...red on the RADIUS server To use VLAN assignment RFC 3580 defines the following tunnel attributes in RADIUS packets The table below shows the parameters for a VLAN RADIUS Tunnel Attribute Description Value Usage Tunnel Type This attribute indicates the tunneling protocol s to be used in the case of a tunnel initiator or the tunneling protocol in use in the case of a tunnel terminator 13 VLAN Requir...

Page 487: ...ribute are RADIUS Tunnel Attribute Description Value Usage Vendor ID Defines the vendor 171 DLINK Required Vendor Type Defines the attribute 14 for ACL script Required Attribute Specific Field Used to assign the ACL script The format is based on Access Control List ACL Commands ACL Script For example ip access list a1 permit host 10 90 90 100 exit mac access list extended m1 permit host 00 00 00 0...

Page 488: ...ibutes are defined in the RFC 2865 Remote Authentication Dial In User Service RADIUS RFC 2866 RADIUS Accounting RFC 2868 RADIUS Attributes for Tunnel Protocol Support and RFC 2869 RADIUS Extensions The following table lists the IETF RADIUS attributes supported by the D Link Switch RADIUS Authentication Attributes Number IETF Attribute 1 User Name 2 User Password 3 CHAP Password 4 NAS IP Address 5 ...

Page 489: ...6 Service Type 8 Framed IP Address 31 Calling Station ID 32 NAS Identifier 40 Acct Status Type 41 Acct Delay Time 42 Acct Input Octets 43 Acct Output Octets 44 Acct Session ID 45 Acct Authentic 46 Acct Session Time 47 Acct Input Packets 48 Acct Output Packets 49 Acct Terminate Cause 52 Acct Input Gigawords 53 Acct Output Gigawords 61 NAS Port Type 95 NAS IPv6 Address ...

Reviews: