Digisol DG-GS4528S User Manual Download Page 1

Page: 1 / 536

As our product undergoes continuous development the specifications are subject to change without prior notice

DG-GS4528S

Gigabit Ethernet Managed Layer 2 Switch

User Manual

V1.0

2010-11-16

Summary of Contents for DG-GS4528S

Page 1: ...TM As our product undergoes continuous development the specifications are subject to change without prior notice DG GS4528S Gigabit Ethernet Managed Layer 2 Switch User Manual V1 0 2010 11 16...

Page 2: ...ally disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their...

Page 3: ...USER MANUAL DG GS4528S GIGABIT ETHERNET MANAGED LAYER 2 SWITCH Layer 2 Switch with 24 10 100 1000BASE T RJ 45 Ports and 4 Gigabit Combination Ports RJ 45 SFP DG GS4528S E112010 CS R01 149100000109A...

Page 4: ......

Page 5: ...r attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that c...

Page 6: ...ABOUT THIS GUIDE 6...

Page 7: ...uthentication 32 Access Control Lists 33 Port Configuration 33 Rate Limiting 33 Port Mirroring 33 Port Trunking 33 Storm Control 33 Static Addresses 33 IEEE 802 1D Bridge 34 Store and Forward Switchin...

Page 8: ...9 Saving or Restoring Configuration Settings 49 SECTION II WEB CONFIGURATION 51 3 USING THE WEB INTERFACE 53 Connecting to the Web Interface 53 Navigating the Web Browser Interface 54 Home Page 54 Con...

Page 9: ...nfiguring DHCP Snooping 115 Configuring DHCP Relay and Option 82 Information 118 Configuring IP Source Guard 119 Configuring Global and Port Settings for IP Source Guard 119 Configuring Static Binding...

Page 10: ...ort Members 176 Configuring Private VLANs 178 Using Port Isolation 180 Managing VoIP Traffic 181 Configuring VoIP Traffic 181 Configuring Telephony OUI 183 Quality of Service 185 Configuring Port Leve...

Page 11: ...playing Information on Authentication Servers 220 Displaying a List of Authentication Servers 220 Displaying Statistics for Configured Authentication Servers 221 Displaying Information on LACP 225 Dis...

Page 12: ...COMMAND LINE INTERFACE 255 8 USING THE COMMAND LINE INTERFACE 257 Accessing the CLI 257 Console Connection 257 Telnet Connection 258 Entering Commands 259 Keywords and Arguments 259 Minimum Abbreviat...

Page 13: ...ntp mode 280 ip ntp server add 281 ip ntp server ipv6 add 281 ip ntp server delete 282 11 PORT COMMANDS 283 port configuration 283 port mode 285 port flow control 285 port state 286 port maxframe 287...

Page 14: ...11 User Configuration 312 security switch users configuration 312 security switch users add 312 security switch users delete 313 Privilege Level Configuration 313 security switch privilege level confi...

Page 15: ...switch snmp trap mode 331 security switch snmp trap version 332 security switch snmp trap community 332 security switch snmp trap destination 332 security switch snmp trap ipv6 destination 333 securi...

Page 16: ...security network limit configuration 350 security network limit mode 350 security network limit aging 351 security network limit agetime 351 security network limit port 352 security network limit lim...

Page 17: ...security network dhcp relay statistics 378 DHCP Snooping Commands 379 security network dhcp snooping configuration 379 security network dhcp snooping mode 380 security network dhcp snooping port mode...

Page 18: ...txhold 401 stp maxhops 402 stp maxage 402 stp fwddelay 403 stp cname 403 stp bpdufilter 404 stp bpduguard 404 stp recovery 405 stp status 406 stp msti priority 406 stp msti map 407 stp msti add 407 s...

Page 19: ...mp flooding 426 igmp groups 426 igmp status 427 18 LINK AGGREGATION COMMANDS 429 aggr configuration 430 aggr add 430 aggr delete 431 aggr lookup 431 aggr mode 432 19 LACP COMMANDS 435 lacp configurati...

Page 20: ...56 lldpmed fast 456 lldpmed info 457 lldpmed debug_med_transmit_var 458 22 QOS COMMANDS 459 qos configuration 460 qos default 460 qos tagprio 461 qos qcl port 461 qos qcl add 462 qos qcl delete 463 qo...

Page 21: ...configuration 484 mvr group 485 mvr status 485 mvr mode 485 mvr port mode 486 mvr multicast vlan 486 mvr port type 487 mvr immediate leave 487 28 VOICE VLAN COMMANDS 489 voice vlan configuration 489...

Page 22: ...04 mld flooding 505 mld groups 505 mld status 506 mld version 506 SECTION IV APPENDICES 507 A SOFTWARE SPECIFICATIONS 509 Software Features 509 Management Features 510 Standards 511 Management Informa...

Page 23: ...gement Configuration 80 Figure 16 SNMP System Configuration 85 Figure 17 SNMPv3 Community Configuration 86 Figure 18 SNMPv3 User Configuration 88 Figure 19 SNMPv3 Group Configuration 89 Figure 20 SNMP...

Page 24: ...for IGMP Snooping and Query 153 Figure 47 IGMP Snooping Port Group Filtering Configuration 154 Figure 48 Configuring Global and Port related Settings for MLD Snooping 157 Figure 49 Configuring VLAN Se...

Page 25: ...atus 215 Figure 83 DHCP Snooping Statistics 217 Figure 84 DHCP Relay Statistics 218 Figure 85 Dynamic ARP Inspection Table 219 Figure 86 Dynamic IP Source Guard Table 219 Figure 87 RADIUS Overview 221...

Page 26: ...Status 246 Figure 105 ICMP Ping 248 Figure 106 VeriPHY Cable Diagnostics 249 Figure 107 Restart Device 251 Figure 108 Factory Defaults 252 Figure 109 Software Upload 253 Figure 110 Configuration Save...

Page 27: ...189 Table 13 Mapping CoS Values to Egress Queues 190 Table 14 System Capabilities 237 Table 15 Keystroke Commands 262 Table 16 Command Group Index 263 Table 17 System Commands 265 Table 18 IP Command...

Page 28: ...able 44 Recommended STA Path Costs 416 Table 45 Default STA Path Costs 416 Table 46 IGMP Commands 419 Table 47 IGMP Configuration 420 Table 48 Link Aggregation Commands 429 Table 49 LACP Commands 435...

Page 29: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Page 30: ...SECTION I Getting Started 30...

Page 31: ...l Security Measures Private VLANs Port Authentication Port Security DHCP Snooping with Option 82 relay information IP Source Guard Access Control Lists Supports up to 128 rules DHCP Client Supported D...

Page 32: ...er i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from...

Page 33: ...incorporated in IEEE 802 3 2002 RATE LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a net...

Page 34: ...Tree Protocol STP IEEE 802 1D Supported by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol wi...

Page 35: ...prioritize incoming traffic based on input from the end station application These functions can be used to provide independent priorities for delay sensitive data and best effort data This switch also...

Page 36: ...00 bps Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication User Name admin Password none RADIUS Authentication Disabled TACACS Authentication Disabled 802 1X Port Authe...

Page 37: ...gged frames Traffic Prioritization Ingress Port Priority 0 Queue Mode Strict Weighted Round Robin Queue 0 1 2 3 Weight 1 2 4 8 Ethernet Type Disabled VLAN ID Disabled VLAN Priority Tag Disabled ToS Pr...

Page 38: ...1 Introduction System Defaults 38 System Log console only Status Disabled Messages Logged to Flash All levels NTP Clock Synchronization Disabled Table 2 System Defaults Continued Function Parameter D...

Page 39: ...u to configure switch parameters monitor port connections and display statistics using a standard web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 or ab...

Page 40: ...nection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or a PC running a terminal emulation pro...

Page 41: ...h supports four Telnet sessions or four SSH sessions Telnet and SSH cannot be used concurrently After configuring the switch s IP parameters you can access the onboard configuration program from anywh...

Page 42: ...ters and is case sensitive To prevent unauthorized access to the switch set the password as follows Type system password password where password is your new password system password Description Set or...

Page 43: ...y default ASSIGNING AN IPV4 ADDRESS Before you can assign an IP address to the switch you must obtain the following information from your network administrator IP address for the switch Network mask f...

Page 44: ...6 address and gateway one double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields To generate an IPv6 global unicast address for the switch type the...

Page 45: ...cp DHCP Client Enabled Active Configuration IP Address 192 168 0 3 IP Mask 255 255 255 0 IP Router 0 0 0 0 DNS Server 0 0 0 0 SNTP Server NOTE Response time from DHCP servers vary considerably for dif...

Page 46: ...construct for the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB...

Page 47: ...e where version indicates the SNMP client version 1 2c 3 community string specifies access rights for a version 1 2c host and host address is the IP address for the trap receiver For a more detailed d...

Page 48: ...lled r d snmp user add 800007e5017f000001 steve md5 greenearth des blueseas snmp group add usm steve r d snmp view add mib 2 included 1 3 6 1 2 1 snmp view add 802 1d included 1 3 6 1 2 1 17 snmp acce...

Page 49: ...xecuted after boot up also known as run time code This code runs the switch operations and provides the CLI and web management interfaces It can be uploaded from a TFTP server using the CLI or from a...

Page 50: ...CHAPTER 2 Initial Switch Configuration Managing System Files 50...

Page 51: ...detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 53 Configuring the Switch on page 61 Monitoring the Switch...

Page 52: ...SECTION II Web Configuration 52...

Page 53: ...asks 1 Configured the switch with a valid IP address subnet mask and default gateway using an out of band serial connection or DHCP protocol See Setting an IP Address on page 42 2 Set the system passw...

Page 54: ...image of the front panel on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 1 Home Page CONFIGURATION OPTIONS Configur...

Page 55: ...pproximately once every 5 seconds or click Refresh to refresh the screen right now Clicking on the image of a port opens the Detailed Statistics page as described on page 203 Figure 2 Front Panel Indi...

Page 56: ...EEE 802 1X 94 ACL Access Control Lists 105 Ports Assigns ACL rate limiter and other parameters to ports 105 Rate Limiters Configures rate limit policies 107 Access Control List Configures ACLs based o...

Page 57: ...e filtered on specified port 153 MLD Snooping 154 Basic Configuration Configures Multicast Listener Discovery Snooping 155 VLAN Configuration Configures MLD snooping per VLAN interface 158 Port Group...

Page 58: ...UPnP Enables UPNP and defines timeout values 195 Monitor 197 System 197 Information Displays basic system description switch s MAC address system time and software version 197 CPU Load Displays graph...

Page 59: ...port then VLAN ID MAC address and finally IP address 219 AAA Authentication Authorization and Accounting 220 RADIUS Overview Displays status of configured RADIUS authentication and accounting servers...

Page 60: ...selected software module 243 VLAN Port Shows the VLAN attributes of port members for all VLANs configured by a selected software module which uses VLAN management including PVID VLAN aware ingress fil...

Page 61: ...ame Name assigned to the switch system Maximum length 255 characters System Location Specifies the system location Maximum length 255 characters System Timezone Offset minutes Sets the time zone as an...

Page 62: ...for the switch The IP address for the switch is obtained via DHCP by default for VLAN 1 To manually configure an address you need to change the switch s default settings to values that are compatible...

Page 63: ...5 0 IP Router IP address of the gateway router between the switch and management stations that exist on other network segments VLAN ID ID of the configured VLAN By default all ports on the switch are...

Page 64: ...larger network with multiple segments the switch must be configured with a global unicast address A link local address must be manually configured but a global unicast address can either be manually c...

Page 65: ...er advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the interface identifier i e the switch s MAC address Default Disabled Address Manually conf...

Page 66: ...k based on periodic updates from an NTP time server Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries If the clock is not set the...

Page 67: ...6 NTP Configuration CONFIGURING PORT CONNECTIONS Use the Port Configuration page to configure the connection parameters for each port This page includes options for enabling auto negotiation or manua...

Page 68: ...when connecting to other types of switches Flow Control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill...

Page 69: ...100 meters Enabling power saving mode can significantly reduce power used for cable lengths of 20 meters or less and continue to ensure signal integrity The following options are supported Disabled A...

Page 70: ...number of users accessing a port The addresses assigned to DHCP clients can also be carefully controlled using static or dynamic bindings with DHCP Snooping and IP Source Guard commands ARP Inspection...

Page 71: ...Read access of all system functions except for maintenance and debugging 10 read and write access of all system functions except for maintenance and debugging 15 read and write access of all system f...

Page 72: ...iple modules or access to various system settings System Contact Name Location Timezone Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limi...

Page 73: ...for maintenance and debugging 10 read and write access of all system functions except for maintenance and debugging 15 read and write access of all system functions including maintenance and debuggin...

Page 74: ...or TACACS remote access authentication server Note that the RADIUS servers used to authenticate client access for IEEE 802 1X port authentication are also configured on this page see page 94 Remote A...

Page 75: ...tication method and the corresponding parameters for the remote authentication protocol on the Network Access Server Configuration page Local and remote logon authentication can be used to control man...

Page 76: ...e Authentication Method Selects the authentication method Options None Local RADIUS TACACS Default Local Selecting the option None disables access through the specified management interface Fallback U...

Page 77: ...h for management via the SSH protocol The switch supports both SSH Version 1 5 and 2 0 clients SSH service on this switch only supports password authentication The password can be authenticated either...

Page 78: ...icate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establi...

Page 79: ...nagement Configuration page to create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web interface SNMP or Telnet The management inte...

Page 80: ...or through Secure Shell which provides authentication and encryption WEB INTERFACE To configure addresses allowed access to management interfaces on the switch 1 Click Configuration Security Switch A...

Page 81: ...to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings To communicate with the switch the management station must first submit a valid community string for authenti...

Page 82: ...2c Read Community The community used for read only access to the SNMP agent Range 0 255 characters ASCII characters 33 126 only Default public This parameter only applies to SNMPv1 and SNMPv2c SNMPv3...

Page 83: ...Configuration Trap Mode Enables or disables SNMP traps Default Disabled You should enable SNMP traps so that key events are reported by this switch to your management station Traps indicating status c...

Page 84: ...cknowledge receipt Range 0 255 Default 5 Trap Probe Security Engine ID SNMPv3 Specifies whether or not to use the engine ID of the SNMP trap probe in trap and inform messages Default Enabled Trap Secu...

Page 85: ...n the SNMP Trap Configuration table enable the Trap Mode to allow the switch to send SNMP traps Specify the trap version trap community and IP address of the management station that will receive trap...

Page 86: ...I characters 33 126 only Default public private For SNMPv3 these strings are treated as a Security Name and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 Groups Configuration table...

Page 87: ...device you must first specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and en...

Page 88: ...Enter a remote Engine ID of up to 64 hexadecimal characters 4 Define the user name security level authentication and privacy settings 5 Click Save Figure 18 SNMPv3 User Configuration CONFIGURING SNMP...

Page 89: ...SM the current entry must first be deleted Group Name The name of the SNMP group Range 1 32 characters ASCII characters 33 126 only WEB INTERFACE To configure SNMPv3 groups 1 Click Configuration Secur...

Page 90: ...dicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Generally if the view type of an entry is excluded another entry of view type included shoul...

Page 91: ...he User based Security Model usm Default any Security Level The security level assigned to the group NoAuth NoPriv There is no authentication or encryption used in SNMP communications This is the defa...

Page 92: ...the underlying functionality but limit checks and corresponding actions are disabled Aging Enabled If enabled secured MAC addresses are subject to aging as discussed under Aging Period With aging enab...

Page 93: ...ing is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent every time the limit is exceeded Shutdown If Limit 1 MAC addresses is seen on the port shut down the...

Page 94: ...sses allowed and the response to a violation 4 Click Save Figure 22 Port Limit Control Configuration CONFIGURING AUTHENTICATION THROUGH NETWORK ACCESS SERVERS Network switches can provide open and eas...

Page 95: ...nfiguration of the client software and the RADIUS server The encryption method used by IEEE 802 1X to pass authentication messages can be MD5 Message Digest 5 TLS Transport Layer Security PEAP Protect...

Page 96: ...4 To support these encryption methods in Windows 95 and 98 you can use the AEGIS dot1x client or other comparable client software MAC based authentication allows for authentication of more than one u...

Page 97: ...intervals and free resources if no activity is seen within the given age period If reauthentication is enabled and the port is in a 802 1X based mode this is not so critical since supplicants that are...

Page 98: ...nly available for single client modes i e port based 802 1X and Single 802 1X RADIUS Attributes Used in Identifying a QoS Class The User Priority Table attribute defined in RFC4675 forms the basis for...

Page 99: ...gs off on a port with a dynamic QoS assignment the switch restores the original QoS configuration for the port When a user attempts to log into the network with a returned dynamic QoS profile that is...

Page 100: ...ying a VLAN ID in an Access Accept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Acce...

Page 101: ...is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout...

Page 102: ...hat comes first when the port s link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance...

Page 103: ...es involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several cl...

Page 104: ...ized mode or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode X clients are currently authorized a...

Page 105: ...eny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to another port or to the system log...

Page 106: ...huts down a port when a macthing frame is seen Default Disabled Counter The number of frames which have matched any of the rules defined in the selected policy WEB INTERFACE To configure ACL policies...

Page 107: ...ate limiter identifier Range 0 14 Default 1 Rate pps The threshold above which packets are dropped Options 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1024K pps Default 1 pps D...

Page 108: ...ACL Ports Configuration menu page 105 CLI REFERENCES ACL Commands on page 367 USAGE GUIDELINES Rules within an ACL are checked in the configured order from top to bottom A packet will be accepted as...

Page 109: ...Control List Configuration page ACCESS CONTROL LIST CONFIGURATION Ingress Port Any port port identifier or policy Frame Type The type of frame to match Action Shows whether a frame is permitted or de...

Page 110: ...Any DMAC Filter The type of destination MAC address Options Any MC multicast BC broadcast UC unicast Specific user defined Default Any Ethernet Type Parameters EtherType Filter This option can only be...

Page 111: ...ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Default Any RARP DMAC Match Specifies whether frames can be matched according to their target...

Page 112: ...ode of an ICMP packet to filter for this rule Options Any Specific 0 255 Default Any UDP Parameters Source Port Filter Specifies the UDP source filter for this rule Options Any Specific 0 65535 Range...

Page 113: ...d 0 TCP frames where the URG field is set must not match this entry 1 TCP frames where the URG field is set must match this entry Default Any IP TTL Specifies the time to Live settings for this rule O...

Page 114: ...Info or All logging levels Shutdown Shuts down a port when a macthing frame is seen Default Disabled Counter Shows he number of frames which have matched any of the rules defined for this ACL VLAN Pa...

Page 115: ...istered with DHCP Snooping or using the static bindings configured with IP Source Guard DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port rela...

Page 116: ...t is processed as follows If the DHCP packet is a reply packet from a DHCP server including OFFER ACK or NAK messages the packet is dropped If a DHCP DECLINE or RELEASE message is received from a clie...

Page 117: ...est messages will be forwarded to trusted ports and reply packets only allowed from trusted ports Default Disabled Port Mode Enables or disables a port as a trusted source of DHCP messages Default Tru...

Page 118: ...by the VLAN and switch port to which they are connected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having...

Page 119: ...ntries in the IP Source Guard table or dynamic entries in the DHCP Snooping table when enabled see Configuring DHCP Snooping IP source guard can be used to prevent traffic attacks caused when a host t...

Page 120: ...ing table and the entry type is static IP source guard binding the packet will be forwarded If DHCP snooping is enabled IP source guard will check the VLAN ID source IP address and port number If a ma...

Page 121: ...isable IP Source Guard globally and for any given ports 3 Set the maximum number of dynamic clients for any port 4 Click Save Figure 30 Configuring Global and Port based Settings for IP Source Guard C...

Page 122: ...Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed in the web interface Port The port to which a static entry is bound VLAN ID ID of a configured VLAN Ra...

Page 123: ...P Snooping This database is built by DHCP snooping if it is enabled globally on the switch and on the required ports ARP Inspection can also validate ARP packets against statically configured addresse...

Page 124: ...RING GLOBAL AND PORT SETTINGS FOR ARP INSPECTION Use the ARP Inspection Configuration page to enable ARP inspection globally for the switch and for any ports on which it is required CLI REFERENCES ARP...

Page 125: ...ake precedence over entries in the DHCP snooping bindings database The switch first compares ARP packets to any entries specified in the static ARP table If no static entry matches the packets then th...

Page 126: ...and TACACS server software is beyond the scope of this guide Refer to the documentation provided with the RADIUS and TACACS server software CLI REFERENCES AAA Commands on page 390 PARAMETERS The follo...

Page 127: ...for RADIUS accounting servers or 49 for TACACS authentication servers Secret Encryption key used to authenticate logon access for the client Maximum length 29 characters To set an empty secret use two...

Page 128: ...enecks exist as well as providing a fault tolerant link between two switches The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manual...

Page 129: ...to 14 trunks on a switch with up to 16 ports per trunk The ports at both ends of a connection must be configured as trunk ports When configuring static trunks on switches of different types they must...

Page 130: ...four load balancing modes as described in the following section Aggregation Mode Configuration also applies to LACP see Configuring LACP on page 132 PARAMETERS The following parameters are displayed...

Page 131: ...rload a single port member of the trunk for application traffic of a specific type such as web browsing However it can be used effectively in combination with the IP Address option One of the defaults...

Page 132: ...loop in the network be sure you enable LACP before connecting the ports and also disconnect the ports before disabling LACP If the target switch has also enabled LACP on the connected ports the trunk...

Page 133: ...s whether LACP is enabled on this switch port LACP will form an aggregation when two or more ports are connected to the same partner LACP can form up to 12 LAGs per switch Key The LACP administration...

Page 134: ...CHAPTER 4 Configuring the Switch Creating Trunk Groups 134 5 Click Save Figure 36 LACP Port Configuration...

Page 135: ...hen it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated bridging devices...

Page 136: ...can be grouped into a Multiple Spanning Tree Instance MSTI MSTP builds a separate Multiple Spanning Tree MST for each instance to maintain connectivity among each of the assigned VLAN groups MSTP the...

Page 137: ...ge to configure settings for STA which apply globally to the switch CLI REFERENCES STP Commands on page 399 COMMAND USAGE Spanning Tree Protocol1 Uses RSTP for the internal state machine but sends onl...

Page 138: ...nments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the new mode temporarily disrupting user...

Page 139: ...in a region and the common internal spanning tree CIST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop...

Page 140: ...the required attributes 3 Click Save Figure 40 STA Bridge Configuration CONFIGURING MULTIPLE SPANNING TREES Use the MSTI Mapping page to add VLAN groups to an MSTP instance MSTI or to designate the n...

Page 141: ...share this MSTI on the MSTI Mapping page 3 Enter the spanning tree priority for the CIST and selected MST instance on the MSTI Priorities page NOTE All VLANs are automatically added to the CIST MST I...

Page 142: ...does not have to be a configured VLAN 3 Click Save Figure 41 Adding a VLAN to an MST Instance CONFIGURING SPANNING TREE BRIDGE PRIORITIES Use the MSTI Priorities page to configure the bridge priority...

Page 143: ...LAN groups to an MSTP instance 1 Click Configuration Spanning Tree MSTI Priorities 2 Set the bridge priority for the CIST or any configured MSTI 3 Click Save Figure 42 Configuring STA Bridge Prioritie...

Page 144: ...k port to the service provider s network to forward BPDU packets to other ports instead of discarding these packets or attempting to process them Path Cost This parameter is used by the STA to determi...

Page 145: ...d timeout problems However remember that this feature should only be enabled for ports connected to an end node device Default Edge Auto Edge Controls whether automatic edge detection is enabled on a...

Page 146: ...alid BPDU s Contrary to the similar bridge setting the port Edge status does not affect this setting A port entering error disabled state due to this setting is subject to the bridge Port Error Recove...

Page 147: ...e to indicate the preferred path References to ports in this section means interfaces which includes both ports and trunks CLI REFERENCES STP Commands on page 399 PARAMETERS The following parameters a...

Page 148: ...re the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanni...

Page 149: ...vice IGMP Query thereby identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multica...

Page 150: ...abled IGMP leave proxy suppresses all unnecessary IGMP leave messages so that a non querier switch forwards an IGMP leave packet only when the last dynamic member port leaves a multicast group The lea...

Page 151: ...the query within the specified timeout period If Fast Leave is enabled the switch assumes that only one host is connected to the interface Therefore Fast Leave should only be enabled on an interface i...

Page 152: ...ry for a VLAN interface CLI REFERENCES IGMP Commands on page 419 PARAMETERS The following parameters are displayed on the IGMP Snooping VLAN Configuration page VLAN ID VLAN Identifier Snooping Enabled...

Page 153: ...tings for IGMP snooping and query 1 Click Configuration IGMP Snooping VLAN Configuration 2 Adjust the IGMP settings as required 3 Click Save Figure 46 Configuring VLAN Settings for IGMP Snooping and Q...

Page 154: ...p Filtering Configuration MLD SNOOPING Multicast Listener Discovery MLD snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4 That is MLD snooping dynamically con...

Page 155: ...mine which hosts want to receive multicast traffic Default Disabled This switch can passively snoop on MLD Listener Query and Report packets transferred between IP multicast routers switches and IP mu...

Page 156: ...ion as a router port which leads towards a Layer 3 multicast device or MLD querier Default Disabled If MLD snooping cannot locate the MLD querier you can manually designate a port which is connected t...

Page 157: ...groups to which a port can belong Range 1 10 Default unlimited MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reac...

Page 158: ...the interface settings will not take effect until snooping is re enabled globally IGMP Querier When enabled the switch can serve as the Querier if selected in the bidding process with other competing...

Page 159: ...rt CLI REFERENCES MLD Snooping Commands on page 497 PARAMETERS The following parameters are displayed on the MLD Snooping Port Group Filtering Configuration page Port Port identifier Range 1 28 Filter...

Page 160: ...or video on demand across a service provider s network Any multicast traffic entering an MVR VLAN is sent to all attached subscribers This protocol can significantly reduce to processing overhead requ...

Page 161: ...of the other However if IGMP snooping and MVR are both enabled MVR reacts only to join and leave messages from multicast groups configured under MVR Join and leave messages from all other multicast g...

Page 162: ...that can receive multicast data sent through the MVR VLAN Any port configured as a receiver port will be dynamically added to the MVR VLAN when it forwards an IGMP report or join message from an atta...

Page 163: ...configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers CONFIGURING LLDP TIMING AND TLVS Use the LLDP Configuration pag...

Page 164: ...to re initialize after LLDP ports are disabled or the link goes down Range 1 10 seconds Default 2 seconds When LLDP is re initialized on a port all information in the remote system s LLDP MIB associat...

Page 165: ...Capa The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB...

Page 166: ...cy power inventory and device location details Both LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate netwo...

Page 167: ...transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP frame with new information is received It should be noted...

Page 168: ...de The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City Ci...

Page 169: ...Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised a...

Page 170: ...gies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those adverti...

Page 171: ...7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 DSCP DSCP value used to provide Diffserv node behavior for the specified applicatio...

Page 172: ...his information is used to pass traffic directly between the inbound and outbound ports All the addresses learned by monitoring traffic are stored in the dynamic address table You can also manually co...

Page 173: ...AC Learning Table is grayed out another software module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Stat...

Page 174: ...ocated anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having...

Page 175: ...etwork devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs bu...

Page 176: ...ic interfaces including whether or not the ports are VLAN aware enabling ingress filtering accepting Queue in Queue frames with embedded tags setting the accepted frame types and configuring the defau...

Page 177: ...tagged frames are being forwarded across the switch The switch will pass these frames on to the VLAN indicated in the outer tag It will not strip the outer tag nor change any components of the tag oth...

Page 178: ...same VLAN as the Port VLAN ID WEB INTERFACE To configure attributes for VLAN port members 1 Click Configuration VLANs Ports 2 Configure in the required settings for each interface 3 Click Save Figure...

Page 179: ...viders is required for other client groups CLI REFERENCES PVLAN Commands on page 307 PARAMETERS The following parameters are displayed on the Private VLAN Membership Configuration page PVLAN ID Privat...

Page 180: ...nt communications between ports within the same PVLAN An isolated port cannot forward any unicast multicast or broadcast traffic to any other ports in the same PVLAN CLI REFERENCES PVLAN Commands on p...

Page 181: ...port as a tagged member the Voice VLAN Alternatively switch ports can be manually configured CONFIGURING VOIP TRAFFIC Use the Voice VLAN Configuration page to configure the switch for VoIP traffic Fir...

Page 182: ...is selected be sure to configure the MAC address ranges in the Telephony OUI list Forced3 The Voice VLAN feature is enabled on the port Security Enables security filtering that discards any non VoIP...

Page 183: ...r a specific port 3 Click Save Figure 60 Configuring Global and Port Settings for a Voice VLAN CONFIGURING TELEPHONY OUI Use the Voice VLAN OUI Table to identify VoIP devices attached to the switch Vo...

Page 184: ...IP equipment The OUI must be 6 characters long and the input format xx xx xx where x is a hexadecimal digit Description User defined text that identifies the VoIP devices WEB INTERFACE To configure MA...

Page 185: ...each port Data packets in a port s high priority queue will be transmitted before those in the lower priority queues You can set the default priority for each interface the queuing mode and queue wei...

Page 186: ...he queues based on a strict rule that requires all traffic in a higher priority queues to be processed before lower priority queues are serviced or uses Weighted Round Robin WRR queuing that specifies...

Page 187: ...g mechanisms that is traffic shaping as provided by the Rate Limiters described on page 107 In the packet forwarding path differentiated services are realized by mapping the codepoint contained in a f...

Page 188: ...output link is not required to service any of the other queues CS1 CS7 Class Selector code points which use values compatible with IP Precedence and IEEE 802 1p Expedited Forwarding DSCP value assigne...

Page 189: ...ayed on the QoS Control List Configuration page QCL Configuration QCL A list of classification criteria used to determine the traffic class to which a frame is assigned Up to 28 QCLs can be configured...

Page 190: ...ormal Medium High Default Low Tag Priority Uses the User Priority value 3 bits as defined by IEEE 802 1p as an index to the eight QoS Class values The default priority levels are assigned according to...

Page 191: ...omer service package by limiting traffic into or out of the switch Packets that exceed the acceptable amount of traffic are dropped while conforming traffic is forwarded without any changes CLI REFERE...

Page 192: ...f measure for the port shaper Options kbps Mbps Default kbps WEB INTERFACE To configure Rate Limits 1 Click Configuration QoS Rate Limiters 2 To set an rate limit on ingress traffic check Policer Enab...

Page 193: ...e displayed on the Storm Control Configuration page Frame Type Specifies broadcast multicast or unknown unicast traffic Status Enables or disables storm control Default Disabled Rate pps The threshold...

Page 194: ...isplayed on the Mirror Configuration page Port to mirror to The destination port that will mirror the traffic from the source port All mirror sessions must share the same destination port Default Disa...

Page 195: ...control point has discovered a device its next step is to learn more about the device and its capabilities by retrieving the device s description from the URL provided by the device in the discovery...

Page 196: ...Configuration page Mode Enables disables UPnP on the device Default Disabled TTL Sets the time to live TTL value for UPnP messages transmitted by the switch Range 4 255 Default 4 Advertising Duration...

Page 197: ...e location and contact information CLI REFERENCES System Commands on page 265 PARAMETERS These parameters are displayed in the web interface System To configure the following items see Configuring Sys...

Page 198: ...play information on CPU utilization The load is averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed In order to display the graph your browser must support the...

Page 199: ...display Info Informational messages only Warning Warning conditions Error Error conditions All All levels Start from ID The error ID from which to start the display with entries per page The number of...

Page 200: ...from the first available entry ID updates the system log entries ending at the last entry currently displayed updates the system log entries starting from the last entry currently displayed and update...

Page 201: ...WEB INTERFACE To display an image of the switch s ports click Monitor Ports State Figure 73 Port State Overview DISPLAYING AN OVERVIEW OF PORT STATISTICS Use the Port Statistics Overview page to displ...

Page 202: ...vice queue PARAMETERS These parameters are displayed in the web interface Low Queue Receive Transmit The number of packets received and transmitted through the low priority queue Normal Queue Receive...

Page 203: ...roblems with the switch such as a faulty port or unusually heavy loading All values displayed have been accumulated since the last system reboot and are shown as counts per second Statistics are refre...

Page 204: ...packet could be to free up buffer space Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The total number of frames received that were less than 64 octets long...

Page 205: ...ement traffic security controls for client access to the data ports and the status of remote authentication access servers DISPLAYING ACCESS MANAGEMENT STATISTICS Use the Access Management Statistics...

Page 206: ...le requesting port security services the service state the current number of learned addresses and the maximum number of secure addresses allowed Port Security is a module with no direct configuration...

Page 207: ...ke one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown M...

Page 208: ...S These parameters are displayed in the web interface MAC Address The MAC address seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed VLAN ID...

Page 209: ...ecurity state last source address used for authentication and last ID CLI REFERENCES security network nas configuration on page 355 PARAMETERS These parameters are displayed in the web interface Port...

Page 210: ...isplay port status for authentication services click Monitor Security Network NAS Switch Figure 80 Network Access Server Switch Status DISPLAYING PORT STATISTICS FOR 802 1X OR REMOTE AUTHENTICATION SE...

Page 211: ...dentity frames that have been received by the switch Responses The number of valid EAPOL response frames other than Response Identity frames that have been received by the switch Start The number of E...

Page 212: ...based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Auth Failures 802 1X and MAC ba...

Page 213: ...ows No supplicants attached This column is not available for MAC based Auth MAC Address For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column hol...

Page 214: ...rk acl status on page 374 PARAMETERS These parameters are displayed in the web interface User Indicates the ACL user see Configuring User Privilege Levels on page 72 for a list of software modules Ing...

Page 215: ...t Copy Indicates the port copy operation implemented by the ACE Frames matching the ACE are copied to the listed port CPU Forwards packet that matched the specific ACE to the CPU CPU Once Forwards fir...

Page 216: ...f NAK option 53 with value 6 packets received and transmitted Rx Tx Release The number of release option 53 with value 7 packets received and transmitted Rx Tx Inform The number of inform option 53 wi...

Page 217: ...isplayed in the web interface Server Statistics Transmit to Server The number of packets relayed from the client to the server Transmit Error The number of packets containing errors that were sent to...

Page 218: ...taining errors that were sent to servers Receive from Client The number of packets received from clients Receive Agent Option The number of packets received where the switch Replace Agent Option The n...

Page 219: ...EB INTERFACE To display the Dynamic ARP Inspection Table click Monitor Security Network ARP Inspection Figure 85 Dynamic ARP Inspection Table DISPLAYING ENTRIES IN THE IP SOURCE GUARD TABLE Open the D...

Page 220: ...RS These parameters are displayed in the web interface IP Address The IP address and UDP port number of this server Status The current state of the server This field takes one of the following values...

Page 221: ...tistics on page 396 PARAMETERS These parameters are displayed in the web interface RADIUS Authentication Statistics Receive Packets Access Accepts The number of RADIUS Access Accept packets valid or i...

Page 222: ...a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Timeouts The number...

Page 223: ...of RADIUS packets of unknown types that were received from the server on the accounting port Packets Dropped The number of RADIUS packets that were received from the server on the accounting port and...

Page 224: ...ut will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip...

Page 225: ...view of LACP groups CLI REFERENCES lacp status on page 439 PARAMETERS These parameters are displayed in the web interface Aggr ID The Aggregation ID associated with this Link Aggregation Group LAG Par...

Page 226: ...r the port link is down Backup The port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key Current operational value of the key for the...

Page 227: ...439 PARAMETERS These parameters are displayed in the web interface Port Port Identifier LACP Transmitted The number of LACP frames sent from each port LACP Received The number of LACP frames received...

Page 228: ...e in the Spanning Tree that this switch has been accepted as the root device Root Port The number of the port on this switch that is closest to the root This switch communicates with the root device t...

Page 229: ...ail or are removed State Displays the current state of this port in the Spanning Tree Blocking Port receives STA configuration messages but does not forward packets Learning Port has transmitted confi...

Page 230: ...n spanning tree bridge and port status click Monitor Spanning Tree Bridge Status Figure 92 Spanning Tree Bridge Status DISPLAYING PORT STATUS FOR STA Use the Port Status page to display the STA functi...

Page 231: ...d packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the port...

Page 232: ...DU s received and discarded on a port WEB INTERFACE To display information on spanning port statistics click Monitor Spanning Tree Port Statistics Figure 94 Spanning Tree Port Statistics SHOWING IGMP...

Page 233: ...MP Version 3 reports V2 Leave Received The number of received IGMP Version 2 leave reports IGMP Groups VLAN ID VLAN Identifier Groups The IP address for a specific multicast service Port Members The p...

Page 234: ...d selected through the bidding process the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic Queries Transmitted The number of transmitted...

Page 235: ...formation for active MLD groups click Monitor MLD Snooping Groups Information Figure 97 MLD Snooping Group Information DISPLAYING MVR INFORMATION Use the MVR Status page to display statistics for IGMP...

Page 236: ...r of IGMP V2 reports received V3 Reports Received The number of IGMP V3 reports received V2 Leaves Received The number of IGMP V2 leaves received Multicast Groups VLAN ID Identifier of the VLAN that s...

Page 237: ...for the particular chassis in this system Remote Port ID A string that contains the specific identifier for the port from which this LLDPDU was transmitted System Name A string that indicates the syst...

Page 238: ...h an LLDP frame was received Device Type LLDP MED devices are comprised of two primary types LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infra...

Page 239: ...eric Endpoint Class Class I and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gatewa...

Page 240: ...or an untagged VLAN VLAN ID The VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the...

Page 241: ...or any reason Total Neighbors Entries Dropped The number of times which the remote database on this switch dropped an LLDPDU because the entry table was full Total Neighbors Entries Aged Out The numbe...

Page 242: ...P Port Statistics Figure 101 LLDP Port Statistics DISPLAYING THE MAC ADDRESS TABLE Use the MAC Address Table to display dynamic and static address entries associated with the CPU and each port CLI REF...

Page 243: ...gned to each port VLAN MEMBERSHIP Use the VLAN Membership Status page to display the current port members for all VLANs configured by a selected software module CLI REFERENCES vlan lookup on page 304...

Page 244: ...Members The ports assigned to this VLAN WEB INTERFACE 1 To display VLAN members click Monitor VLAN VLAN Membership 2 Select a software module from the drop down list on the right side of the page Fig...

Page 245: ...iscarded Frame Type Shows whether the port accepts all frames or only tagged frames If the port only accepts tagged frames untagged frames received on that port are discarded Tx Tag Shows egress filte...

Page 246: ...CHAPTER 5 Monitoring the Switch Displaying Information About VLANs 246 Figure 104 Showing VLAN Port Status...

Page 247: ...bers 0 to 255 separated by periods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros requi...

Page 248: ...iagnostics can be performed on all ports or on a specific port Cable Status Shows the cable length operating conditions and isolates a variety of common faults that can occur on Category 5 twisted pai...

Page 249: ...in the cable status table Note that VeriPHY is only accurate for cables 7 140 meters long Ports will be linked down while running VeriPHY Therefore running VeriPHY on a management port will cause the...

Page 250: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 250...

Page 251: ...g configuration settings and resetting the switch RESTARTING THE SWITCH Use the Restart Device page to restart the switch CLI REFERENCES system reboot on page 268 WEB INTERFACE To restart the switch 1...

Page 252: ...actory defaults 1 Click Maintenance Factory Defaults 2 Click Yes The factory defaults are immediately restored which means that no reboot is necessary Figure 108 Factory Defaults UPGRADING FIRMWARE Us...

Page 253: ...t configuration to a file on your computer or to restore previously saved configuration settings to the switch SAVING CONFIGURATION SETTINGS Use the Configuration Save page to save the current configu...

Page 254: ...ously saved configuration settings to the switch from a file on your local management station CLI REFERENCES config load on page 474 WEB INTERFACE To restore your current configuration settings 1 Clic...

Page 255: ...ds on page 265 IP Commands on page 271 Port Commands on page 283 MAC Commands on page 293 VLAN Commands on page 299 PVLAN Commands on page 307 Security Commands on page 311 STP Commands on page 399 IG...

Page 256: ...SECTION III Command Line Interface 256 UPnP Commands on page 479 MVR Commands on page 483 Voice VLAN Commands on page 489 MLD Snooping Commands on page 497...

Page 257: ...E CONNECTION To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user name is admin with no password When the adminis...

Page 258: ...255 255 0 192 168 0 1 1 If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an...

Page 259: ...pecifies the port You can enter commands as follows To enter a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privil...

Page 260: ...col snooping Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media QoS Quality of Service Mirror Port mirroring Co...

Page 261: ...e disable MAC Lookup mac_addr vid Mirror Mode port_list enable disable rx tx MLD Proxy enable disable MVR Multicast VLAN vid MAC Agetime age_time MLD State vid enable disable MVR Port Type port_list s...

Page 262: ...n use the Tab key to complete partial commands or enter a partial command followed by the character to display a list of possible matches You can also use the following editing keystrokes for command...

Page 263: ...y maximum attached hosts 802 1X port authentication access control lists DHCP snooping DHCP relay IP source guard address resolution protocol and designated authentication servers 311 STP Configures S...

Page 264: ...CHAPTER 8 Using the Command Line Interface CLI Command Groups 264...

Page 265: ...1 28 or all EXAMPLE System configuration System Contact System Name System Location Timezone Offset 0 MAC Address 00 17 7c 0a ef 6c System Time 1970 01 01 03 59 40 0000 System Uptime 03 59 40 Software...

Page 266: ...SETTING None COMMAND USAGE No blank spaces are permitted as part of the name string EXAMPLE System name RD System system contact This command displays or sets the system contact SYNTAX system contact...

Page 267: ...splays or sets the time zone for the switch s internal clock SYNTAX system timezone offset offset Number of minutes before after UTC Range 720 minutes before to 720 minutes after DEFAULT SETTING no of...

Page 268: ...System will reset in a few seconds Username system restore default This command restores the original factory settings Note that the LAN IP Address Subnet Mask and Gateway IP Address will be reset to...

Page 269: ...essages only warning Shows warning conditions error Shows error conditions clear Clears log messages DEFAULT SETTING Displays all entries Displays all message levels EXAMPLE System log all 590 Info 19...

Page 270: ...CHAPTER 9 System Commands 270...

Page 271: ...uests for mapping host names to IP addresses are forwarded ip dns_proxy Displays or sets DNS proxy mode which can maintain a local database based on previous responses to DNS queries forwarded on beha...

Page 272: ...tch is obtained via DHCP by default If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 2 10 and subnet mask 255 255 255 0 This switch supports both...

Page 273: ...as soon as it is powered on EXAMPLE IP dhcp enable IP dhcp DHCP Client Enabled Active Configuration IP Address 192 168 0 3 IP Mask 255 255 255 0 IP Router 0 0 0 0 DNS Server 0 0 0 0 SNTP Server IP ip...

Page 274: ...btain an address from a DHCP server using the ip dhcp command page 272 Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the...

Page 275: ...f the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seco...

Page 276: ...a local database based on previous responses to DNS queries forwarded on behalf of attached clients SYNTAX ip dns_proxy enable disable enable Enables DNS proxy service disable Disables DNS proxy servi...

Page 277: ...This address can be automatically configured using this command or it can be manually configured using the ip ipv6 setup command page 278 When autoconfiguration is enabled the network portion of the a...

Page 278: ...lon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields To connect to a larger network with multiple subnets you must configure a global unicas...

Page 279: ...size excludes MAC IP and ICMP headers DEFAULT SETTING Packet Size 68 bytes Count 5 COMMAND USAGE An IPv6 address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon sepa...

Page 280: ...configuration EXAMPLE IP NTP configuration IP NTP Configuration NTP Mode Enabled Idx Server IP host address a b c d or a host name string 1 0 north america pool ntp org 2 3 4 5 IP NTP ip ntp mode This...

Page 281: ...ne COMMAND USAGE The switch attempts to periodically update the time from the specified servers The switch will poll the time servers in the order specified until a response is received The polling in...

Page 282: ...ed until a response is received The polling interval is fixed at 15 minutes EXAMPLE IP NTP Server ipv6 add 2 fe80 215 c5ff fe03 4dc7 IP NTP Server ip ntp server delete This command deletes an entry fr...

Page 283: ...isplays or sets port speed and duplex mode port flow control Displays or sets flow control mode port state Displays or sets administrative state to enabled or disabled port maxframe Displays or sets t...

Page 284: ...Enabled Auto Disabled 9600 Disabled Discard Down 16 Enabled Auto Disabled 9600 Disabled Discard Down 17 Enabled Auto Disabled 9600 Disabled Discard Down 18 Enabled Auto Disabled 9600 Disabled Discard...

Page 285: ...optimal settings will be negotiated between the link partners based on their advertised capabilities DEFAULT SETTING Auto negotiation COMMAND USAGE NOTE The 1000BASE T standard does not support forced...

Page 286: ...he following example Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for...

Page 287: ...connect to other devices Only sufficient power is used to maintain connection requirements SYNTAX port power port list enable disable actiphy perfectreach port list A specific port or a range of ports...

Page 288: ...This command displays or sets the response to take when excessive transmit collisions are detected on a port SYNTAX port excessive port list discard restart port list A specific port or a range of por...

Page 289: ...packets received and transmitted through the low priority queue normal The number of packets received and transmitted through the normal priority queue medium The number of packets received and transm...

Page 290: ...diagnostics results in the cable status table Note that VeriPHY is only accurate for cables 7 140 meters long Potential conditions which may be listed by the diagnostics include OK Correctly terminate...

Page 291: ...Open 0 Short 0 Short 0 4 Open 0 Open 0 Open 0 Open 0 5 Open 0 Open 0 Open 0 Open 0 6 Open 0 Open 0 Open 0 Open 0 7 Open 0 Open 0 Open 0 Open 0 8 Open 0 Open 0 Open 0 Open 0 9 Open 0 Open 0 Open 0 Open...

Page 292: ...CHAPTER 11 Port Commands 292...

Page 293: ...e 21 MAC Commands Command Function mac configuration Displays MAC address table configuration for specified ports mac add Adds a static MAC address to the specified port and VLAN mac delete Deletes a...

Page 294: ...o the assigned port and will not be moved When a static address is seen on another port the address will be ignored and will not be written to the address table A static address cannot be learned on a...

Page 295: ...X mac agetime age time age time The time after which a learned entry is discarded Range 10 1000000 seconds or 0 to disable aging DEFAULT SETTING 300 seconds EXAMPLE MAC agetime 100 MAC mac learning Th...

Page 296: ...An example of such a module is the MAC Based Authentication under 802 1X EXAMPLE MAC learning 9 secure MAC mac dump This command displays sorted list of MAC address entries SYNTAX mac dump mac max mac...

Page 297: ...or all DEFAULT SETTING Displays statistics for all ports EXAMPLE MAC statistics 1 Port Dynamic Addresses 1 0 Total Dynamic Addresses 5 Total Static Addresses 4 MAC mac flush This command clears all l...

Page 298: ...CHAPTER 12 MAC Commands 298...

Page 299: ...rts and list of ports assigned to each VLAN vlan aware Displays or sets whether or not a port processes the VLAN ID in ingress frames vlan pvid Displays or sets the VLAN ID assigned to untagged frames...

Page 300: ...has been assigned is different from the default PVID a tag indicating the VLAN to which this frame was assigned will be inserted in the egress frame Otherwise the frame is transmitted without a VLAN...

Page 301: ...n assigned is inserted in frames transmitted from the port The assigned VLAN ID can be based on the ingress tag for tagged frames or the default PVID for untagged ingress frames Note that this mode is...

Page 302: ...eives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports DEFAULT SETTING Disabled COMMAND USAGE Ingress filtering only affects tagged frames Ingress f...

Page 303: ...It will not strip the outer tag nor change any components of the tag other than the EtherType field EXAMPLE VLAN stag 9 enable VLAN vlan add This command adds specified ports to a VLAN SYNTAX vlan add...

Page 304: ...settings such as the PVID or untagged VLAN ID This switch supports the following VLAN user modules combined Shows information for all active user modules static Ports statically assigned to a VLAN th...

Page 305: ...membership or VLAN port configuration the following conflicts can occur Functional conflicts between features Conflicts due to hardware limitations Direct conflicts between user modules For a descrip...

Page 306: ...CHAPTER 13 VLAN Commands 306...

Page 307: ...e of ports Range 1 28 or all EXAMPLE PVLAN configuration 1 10 Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled PVLAN ID Por...

Page 308: ...of both a standard IEEE 802 1Q VLAN and the private VLAN By default all ports are configured as members of VLAN 1 and PVLAN 1 Because all of these ports are members of 802 1Q VLAN 1 isolation cannot b...

Page 309: ...isolate port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables port isolation disable Disables port isolation DEFAULT SETTING Disabled COMMAND USAGE P...

Page 310: ...CHAPTER 14 PVLAN Commands 310...

Page 311: ...ys information about MAC address learning and the entries authorized by port security services Port Security Limits Configures port security limit controls including maximum allowed MAC addresses and...

Page 312: ...to the switch SYNTAX security switch users add user name password privilege level user name The name of the user Maximum length 31 characters case sensitive Maximum users 16 password The authenticatio...

Page 313: ...ection describes the commands used to set the privilege level required to read or configure specific software modules or system settings security switch privilege level configuration This command show...

Page 314: ...10 1 10 Private_VLANs 5 10 5 10 QoS 5 10 5 10 SNMP 5 10 5 10 Security 5 10 5 10 Spanning_Tree 5 10 5 10 System 5 10 1 10 UPnP 5 10 5 10 VLANs 5 10 5 10 Voice_VLAN 5 10 5 10 Security Switch Privilege L...

Page 315: ...ingle module e g LACP RSTP or QoS but a few groups contains more than one module The following describes the groups which contain multiple modules or access to various system settings System Contact N...

Page 316: ...nfiguration This command displays the authentication method used for each management access protocol SYNTAX security switch auth configuration EXAMPLE Security Switch Auth configuration Auth Configura...

Page 317: ...cates through TACACS enable Enables fallback to local authentication if remote authentication fails If authentication fallback is enabled the switch uses the local user database for authentication if...

Page 318: ...le Enables SSH service on the switch disable Disables HTTPS service on the switch DEFAULT SETTING Disabled COMMAND USAGE SSH provides remote management access to this switch as a secure replacement fo...

Page 319: ...page 395 To use SSH with password authentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not...

Page 320: ...itch to enable the Secure Hypertext Transfer Protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface If you enable HTTPS you m...

Page 321: ...management access to the HTTP web interface for the switch are automatically redirected to HTTPS disable Disables HTTPS redirect DEFAULT SETTING Disabled EXAMPLE Security Switch HTTPS redirect enable...

Page 322: ...nd IP Address W S T 1 192 168 0 4 192 168 0 4 N N Y Security Switch Access Table 31 Management Access Commands Command Function security switch access configuration Displays the access mode and the nu...

Page 323: ...p addr web snmp telnet access id Entry index Range 1 16 start ip addr The starting IPv4 address of a range end ip addr The ending IPv4 address of a range web Adds IP address es to the HTTP HTTPS group...

Page 324: ...lnet SSH group DEFAULT SETTING None COMMAND USAGE An IPv6 address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colo...

Page 325: ...ookup This command displays specified access management entry SYNTAX security switch access lookup access id access id Entry index Range 1 16 EXAMPLE Security Switch Access lookup 1 W WEB HTTPS S SNMP...

Page 326: ...atures that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree To configure management access for SNMPv3 clients you need to fir...

Page 327: ...obe mode security switch snmp trap security engine id Displays or sets the SNMP trap security engine ID security switch snmp trap security name Displays or sets the SNMP trap security name security sw...

Page 328: ...IPv6 Destination Trap Authentication Failure Enabled Trap Link up and Link down Enabled Trap Inform Mode Enabled Trap Inform Timeout seconds 1 Trap Inform Retry Times 5 Trap Probe Security Engine ID...

Page 329: ...View Type OID Subtree 1 default_view included 1 Number of entries 1 SNMPv3 Accesses Table Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of...

Page 330: ...nity string for SNMP read access SYNTAX security switch snmp read community community community The community string used for read only access to the SNMP agent Range 0 255 characters ASCII characters...

Page 331: ...v1 or SNMPv2 clients in the SNMPv3 communities table see the security switch snmp community lookup command on page 339 EXAMPLE Security Switch SNMP write community r d Security Switch SNMP security sw...

Page 332: ...his command displays or sets the community string for SNMP traps SYNTAX security switch snmp trap community community community The community access string to use when sending SNMP trap packets Range...

Page 333: ...al values One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING Displays trap destination EXAMPLE Security Switch SNMP Trap ipv...

Page 334: ...inform mode This command displays or sets the SNMP trap inform mode SYNTAX security switch snmp trap inform mode enable disable enable Enables sending notifications as inform messages disable Disable...

Page 335: ...e 0 2147 seconds DEFAULT SETTING 1 second EXAMPLE Security Switch SNMP Trap Inform timeout 5 Security Switch SNMP Trap Inform security switch snmp trap inform retry times This command displays or sets...

Page 336: ...curity switch snmp trap security engine id engine id engine id Specifies the SNMP trap security engine ID Range 10 64 hex digits excluding a string of all 0 s or all F s DEFAULT SETTING None COMMAND U...

Page 337: ...rap security name steve Security Switch SNMP security switch snmp engine id This command displays or sets the SNMPv3 local engine ID SYNTAX security switch snmp engine id engine id engine id The SNMPv...

Page 338: ...7 and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 groups table see security switch snmp group add command page 342 ip address Specifies the source address of an SNMP client addres...

Page 339: ...192 168 2 19 255 255 255 0 4 tps 192 168 2 18 255 255 255 0 Number of entries 4 Security Switch SNMP Community delete 4 Security Switch SNMP Community security switch snmp community lookup This comma...

Page 340: ...quests or informs to it See the security switch snmp trap security engine id command on page 336 user name The name of user connecting to the SNMP agent Range 1 32 characters ASCII characters 33 126 o...

Page 341: ...User delete 2 Security Switch SNMP User security switch snmp user changekey This command changes an SNMPv3 user password SYNTAX security switch snmp user changekey engine id user name auth password p...

Page 342: ...p entry SYNTAX security switch snmp group add security model security name group name security model The user security model Options v1 v2c or the User based Security Model usm security name The name...

Page 343: ...Group security switch snmp group delete This command deletes an SNMPv3 group entry SYNTAX security switch snmp group delete index index Index to SNMPv3 group table Range 1 64 DEFAULT SETTING None EXAM...

Page 344: ...ncluded excluded Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Generally if the view type of an entry is excluded another entry of view...

Page 345: ...included 1 2 ifEntry a included 1 3 5 1 2 1 2 2 1 1 Number of entries 2 Security Switch SNMP View delete 2 Security Switch SNMP View security switch snmp view lookup This command displays SNMPv3 view...

Page 346: ...hPriv SNMP communications use both authentication and encryption read view name The configured view for read access Range 1 32 characters ASCII characters 33 126 only write view name The configured vi...

Page 347: ...Auth NoPriv 3 r d usm Auth Priv Number of entries 3 Security Switch SNMP Access PORT SECURITY STATUS This section describes the commands used to display information about MAC address learning Port Sec...

Page 348: ...rol 8 802 1X D DHCP Snooping V Voice VLAN Port Users State MAC Cnt 1 L Ready 2 Security Network Psec security network psec port This command shows the entries authorized by port security services incl...

Page 349: ...ied response Table 34 Port Security Limit Control Commands Command Function security network limit configuration Shows information about port security limit controls including the per port setting the...

Page 350: ...mit configuration 1 Port Security Limit Control Configuration Mode Enabled Aging Disabled Age Period 3600 Port Mode Limit Action 1 Enabled 4 Trap Security Network Limit security network limit mode Thi...

Page 351: ...rces are freed on the switch EXAMPLE Security Network Limit aging enable Security Network Limit security network limit agetime This command sets the timeout after which entries are aged out if no traf...

Page 352: ...ecurity Network Limit port 1 enable Security Network Limit security network limit limit This command sets the maximum number of MAC addresses that can be secured on a port or range of ports SYNTAX sec...

Page 353: ...one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent every time the limit is exceeded shut If Limit 1 MAC addresses is seen on the port shut down the port This implies that al...

Page 354: ...ess control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication Client authentication is controlled centrally by a RADIUS server using EA...

Page 355: ...packet security network nas agetime The period used to calculate when to age out a client allowed access to the switch through Single 802 1X Multi 802 1X and MAC based authentication security network...

Page 356: ...mode enable disable enable Enables 802 1X and MAC based authentication disable Disables 802 1X and MAC based authentication DEFAULT SETTING Disabled COMMAND USAGE This command configures 802 1X and M...

Page 357: ...the switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attac...

Page 358: ...be attached to a port can be limited using the Port Security Limit Control functionality DEFAULT SETTING All ports Authorized COMMAND USAGE Port Admin state can only be set to Force Authorized for po...

Page 359: ...involve communication between the switch and the client and therefore does not imply that a client is still present on a port see the security network nas agetime command This command is only effectiv...

Page 360: ...time The age out time a client allowed access to the switch through Single 802 1X Multi 802 1X and MAC based authentication Range 10 1 000 000 seconds DEFAULT SETTING 300 seconds COMMAND USAGE When th...

Page 361: ...is put on hold in the Unauthorized state In this state the hold timer does not count down during an on going authentication In MAC based Authentication mode the switch will ignore new frames coming fr...

Page 362: ...supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecti...

Page 363: ...his VLAN ID the port will be set to be a member of that VLAN ID and the port will be forced into VLAN unaware mode Once assigned all traffic arriving on the port will be classified and switched on the...

Page 364: ...if the Guest VLAN option is globally enabled Range 1 255 allow if eapol seen The switch remembers if an EAPOL frame has been received on the port for the lifetime of the port Once the switch considers...

Page 365: ...runs out for EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately SYNTAX security network nas authenticate port list now port list Applies this comman...

Page 366: ...ver DEFAULT SETTING All ports COMMAND USAGE This command provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based authenticated ports it...

Page 367: ...isabled Disabled Disabled Disabled 818 Rate Limiter Rate 1 1 2 1 3 1 4 1 5 1 Table 36 ACL Commands Command Function security network acl configuration Displays ACL configuration settings including pol...

Page 368: ...enies a frame if it matches a rule defined in the assigned policy see the security network acl policy command rate limiter Specifies a rate limiter see the security network acl rate command on page 36...

Page 369: ...defined EXAMPLE Security Network ACL policy 9 7 Security Network ACL security network acl rate This command displays or sets the rate limiter and maximum packet rate SYNTAX security network acl rate r...

Page 370: ...y policy An ACL policy identifier to which this ACE is assigned Range 1 8 vlan id The VLAN to filter for this rule Range 1 4095 or any tag priority Specifies the User Priority value found in the VLAN...

Page 371: ...RP frames where the PRO is equal to IP 0x800 any any value is allowed Default any ip One of the following IP parameters sip Source IP address a b c d n or any dip Destination IP address a b c d n or a...

Page 372: ...rames with any value in the PSH field ack TCP frames with any value in the ACK field urg 0 1 any Specifies the TCP Urgent Pointer field significant URG value for this rule Options 0 TCP frames where t...

Page 373: ...s an access control entry SYNTAX security network acl delete ace id ace id An ACL entry Range 1 128 DEFAULT SETTING None EXAMPLE Security Network ACL delete 9 Security Network ACL security network acl...

Page 374: ...cp upnp arp_inspection ip_source_guard conflicts combined Shows the status for ACL rules used by all software modules static Shows the status for ACL rules configured through the CLI Web or SNMP dhcp...

Page 375: ...tion EXAMPLE Security Network DHCP Relay configuration DHCP Relay Mode Disabled DHCP Relay Server NULL DHCP Relay Information Mode Disabled Table 37 DHCP Relay Commands Command Function security netwo...

Page 376: ...into the request so that the DHCP server knows the subnet of the client then forwards the packet to the DHCP server When the server receives the DHCP request it allocates a free IP address for the DHC...

Page 377: ...DHCP Relay Option 82 support DEFAULT SETTING Disabled COMMAND USAGE DHCP also provides a mechanism for sending information about the switch and its DHCP clients to the DHCP server Known as DHCP Optio...

Page 378: ...p Security Network DHCP Relay Information security network dhcp relay statistics This command displays or clears DHCP relay statistics SYNTAX security network dhcp relay statistics clear clear Clears...

Page 379: ...how DHCP snooping is performed on this switch see Configuring DHCP Snooping on page 115 security network dhcp snooping configuration This command shows the administrative setting for the switch and t...

Page 380: ...ecurity Network DHCP Snooping security network dhcp snooping mode This command enables or disables DHCP snooping globally on the switch SYNTAX security network dhcp snooping mode enable disable enable...

Page 381: ...clears statistics for various types of DHCP protocol packets SYNTAX security network dhcp snooping statistics port list clear port list A specific port or a range of ports Range 1 28 or all clear Cle...

Page 382: ...and the maximum number of clients that can learned dynamically and also shows entries in the IP Source Guard table SYNTAX security network ip source guard configuration EXAMPLE Security Network IP So...

Page 383: ...22 Disabled unlimited 23 Disabled unlimited 24 Disabled unlimited 25 Disabled unlimited 26 Disabled unlimited 27 Disabled unlimited 28 Disabled unlimited IP Source Guard Entry Table Type Port VLAN IP...

Page 384: ...isable Disables IP Source Guard on the specified ports DEFAULT SETTING Disabled EXAMPLE Security Network IP Source Guard port mode 2 enable Security Network IP Source Guard security network ip source...

Page 385: ...the specified source IP address and compared with the address for each IP packet entering the port to which this entry applies DEFAULT SETTING No static entries are configured COMMAND USAGE Static add...

Page 386: ...n describes the commands used for Dynamic ARP Inspection ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets It provides protection aga...

Page 387: ...3 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled 21 Disabled 22 Disabled 23 Disabled 24 Disabled Table 40 ARP Inspection Commands Command Function securit...

Page 388: ...e switch disable Disables Dynamic ARP Inspection globally on the switch DEFAULT SETTING Disabled EXAMPLE Security Network ARP Inspection mode enable Security Network ARP Inspection security network ar...

Page 389: ...bindings database for the list of valid IP to MAC address bindings Static ARP entries take precedence over entries in the DHCP snooping bindings database The switch first compares ARP packets to any...

Page 390: ...Dead Time 300 seconds Table 41 AAA Commands Command Function security aaa auth configuration Displays settings for authentication servers and the authentication methods used for each access protocol s...

Page 391: ...3 TACACS Authentication Server Configuration Server Mode IP Address Secret Port 1 Disabled 49 2 Disabled 49 3 Disabled 49 4 Disabled 49 5 Disabled 49 Security AAA security aaa auth timeout This comman...

Page 392: ...cation server settings SYNTAX security aaa auth radius server index enable disable ip addr secret server port server index Allows you to specify up to five servers These servers are queried in sequenc...

Page 393: ...ess must also be configured or negotiated between the authentication server and logon client This switch can pass authentication messages between the server and client that have been encrypted using M...

Page 394: ...UDP port of accounting server used for accounting messages Range 0 65535 where 0 means that the switch will use the default port 1813 To set an empty secret use two quotes To use spaces in the secret...

Page 395: ...uotes in the secret are not allowed DEFAULT SETTING Authentication Disabled Server Port 49 COMMAND USAGE By default management access is always checked against the authentication database stored on th...

Page 396: ...ecurity AAA statistics Server 1 192 168 0 19 1812 RADIUS Authentication Statistics Rx Access Accepts 0 Tx Access Requests 0 Rx Access Rejects 0 Tx Access Retransmissions 0 Rx Access Challenges 0 Tx Pe...

Page 397: ...henticators 0 Tx Pending Requests 0 Rx Unknown Types 0 Tx Timeouts 0 Rx Packets Dropped 0 State Disabled Round Trip Time 0 ms Server 4 0 0 0 0 1812 RADIUS Authentication Statistics Rx Access Accepts 0...

Page 398: ...0 1813 RADIUS Accounting Statistics Rx Responses 0 Tx Requests 0 Rx Malformed Responses 0 Tx Retransmissions 0 Rx Bad Authenticators 0 Tx Pending Requests 0 Rx Unknown Types 0 Tx Timeouts 0 Rx Packet...

Page 399: ...any specified ports or link aggregation groups MSTI Commands stp msti priority Displays or sets the CIST MSTI bridge priority stp msti map Displays or clears the MSTI VLAN mapping configuration stp ms...

Page 400: ...RSTP set to STP forced compatibility mode rstp Rapid Spanning Tree IEEE 802 1w DEFAULT SETTING MSTP COMMAND USAGE RSTP supports connections to either RSTP or STP nodes by monitoring the incoming proto...

Page 401: ...of a new topology for the failed instance To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to pa...

Page 402: ...passing on the BPDU When the hop count reaches zero the message is dropped EXAMPLE STP maxhops 10 STP stp maxage This command displays or sets the CIST MSTI bridge maximum age SYNTAX stp maxage maxim...

Page 403: ...ition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result EXAMPLE STP fwddelay 20 STP stp cname This...

Page 404: ...is designed to work in conjunction with edge ports which should only connect end stations to the switch and therefore do not need to process BPDUs However note that if a trunking port connected to ano...

Page 405: ...st manually enable the port Before enabling BPDU Guard the interface must first be configured as an edge port with the stp port edge command EXAMPLE STP bpduguard enable STP stp recovery This command...

Page 406: ...66 E1 Root ID 32768 00 17 7C 0A D8 C6 Root Port 1 Root PathCost 200000 Regional Root F0 00 00 17 7C 0A 01 C0 Int PathCost 0 Max Hops 20 TC Flag Steady TC Count 161 TC Last 0d 01 10 47 Port Port Role S...

Page 407: ...ti priority 240 STP stp msti map This command displays or clears the MSTI VLAN mapping configuration SYNTAX stp msti map msti clear msti STP bridge instance number Range 0 7 where 0 is the CIST and 1...

Page 408: ...area of your network However remember that you must configure all bridges within the same MST Region page 403 with the same set of instances and the same instance on each bridge with the same set of...

Page 409: ...rts Range 1 28 or all enable Enables interface as an edge port disable Disables interface as an edge port DEFAULT SETTING Enabled COMMAND USAGE You can enable this option if an interface is attached t...

Page 410: ...whether automatic edge detection is enabled on a bridge port When enabled the bridge can determine that a port is at the edge of the network if no BPDU s received on the port EXAMPLE STP port autoedge...

Page 411: ...ys or sets the MSTP port restricted role SYNTAX stp port restrictedrole port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables MSTP port restricted rol...

Page 412: ...network administrator to prevent bridges external to a core region of the network from causing address flushing in that region possibly because those bridges are not under the full control of the adm...

Page 413: ...c port or range of ports Range 1 28 or all enable Enables BPDU transparency on the specified ports disable BPDU transparency on the specified ports DEFAULT SETTING Disabled COMMAND USAGE BPDU transpar...

Page 414: ...N Tx TCN Rx Ill Rx Unk 1 0 5122 7005 1899 0 0 0 0 0 0 STP stp port mcheck This command performs STP protocol migration check for specified ports SYNTAX stp port mcheck port list port list A specific p...

Page 415: ...erfaces SYNTAX stp msti port cost msti port list path cost msti STP bridge instance number Range 0 7 where 0 is the CIST and 1 7 are MST instances port list A specific port or a range of ports Range 1...

Page 416: ...e Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000...

Page 417: ...0 240 in steps of 16 Options 0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 DEFAULT SETTING 128 COMMAND USAGE This command defines the priority for the use of a port in the Spanning Tree Alg...

Page 418: ...CHAPTER 16 STP Commands 418...

Page 419: ...all DEFAULT SETTING All ports Table 46 IGMP Commands Command Function igmp configuration Displays IGMP snooping settings for the switch all VLANs and specified ports igmp mode Displays or sets the IGM...

Page 420: ...ges are suppressed unless received from the last member port in the group Flooding Shows if unregistered multicast traffic is flooded into attached VLANs VLAN Settings VID VLAN identifier State Shows...

Page 421: ...e multicast filters accordingly EXAMPLE IGMP mode enable IGMP igmp leave proxy This command displays or sets IGMP leave proxy for the switch SYNTAX igmp leave proxy enable disable enable Enables IGMP...

Page 422: ...fied VLAN SYNTAX igmp state vlan id enable disable vlan id VLAN identifier Range 1 4095 enable Enables IGMP snooping When enabled the switch will monitor network traffic on the indicated VLAN interfac...

Page 423: ...itch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream...

Page 424: ...ping Fast Leave is only effective if IGMP snooping is enabled and IGMPv2 or IGMPv3 snooping is used Fast Leave does not apply to a port if the switch has learned that a multicast router is attached to...

Page 425: ...ort is dropped EXAMPLE IGMP filtering 9 239 1 1 1 IGMP igmp router This command displays or sets specified ports which are attached to a known IGMP router SYNTAX igmp router port list enable disable p...

Page 426: ...e multicast entries for IGMP snooping is filled no new entries are learned If no router port is configured in the attached VLAN and unregistered multicast flooding is disabled any subsequent multicast...

Page 427: ...er Range 1 4095 DEFAULT SETTING Displays status for all VLANs COMMAND USAGE For a description of the information displayed by this command see Showing IGMP Snooping Information on page 232 EXAMPLE IGM...

Page 428: ...CHAPTER 17 IGMP Commands 428...

Page 429: ...nk via the configuration interface Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before makin...

Page 430: ...d or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk aggr configuration This command displays configuration settings for all link aggregation groups SYNTAX aggr co...

Page 431: ...s 1 LLAG1 Static 4 8 4 5 Aggr aggr delete This command deletes a link aggregation group SYNTAX aggr delete aggr id aggr id Trunk identifier Range 1 14 COMMAND USAGE To avoid creating a loop in the net...

Page 432: ...c through the switch is destined for many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic ip IP Address All traffic...

Page 433: ...e a balanced load across all links in a trunk the switch uses a hash algorithm to calculate an output link number in the trunk However depending on the device to which a trunk is connected and the tra...

Page 434: ...CHAPTER 18 Link Aggregation Commands 434...

Page 435: ...in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Besides balancing the load across each port in the trunk the other ports provid...

Page 436: ...e made for the entire trunk If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically...

Page 437: ...sabled Auto Active 4 Enabled Auto Active 5 Enabled Auto Active 6 Enabled Auto Active 7 Enabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active LACP lacp mode This com...

Page 438: ...y The key must be set to the same value for ports that belong to the same LAG Range 0 65535 or auto DEFAULT SETTING auto A trunk formed with another switch using LACP will automatically be assigned th...

Page 439: ...em ID Partner Key Last Changed Ports 1 00 30 fc 12 34 56 3 01 34 46 4 5 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 2 2 Disabled 2 3 Disabled 1 4 Enabled 2 1 00 17 7c 0a 34 56 2 5...

Page 440: ...ple shows the number of LACP frames received and transmitted as well as the number of unknown or illegal LACP frames that have been discarded LACP statistics 4 5 Port Rx Frames Tx Frames Rx Unknown Rx...

Page 441: ...port list port list A specific port or a range of ports Range 1 28 or all DEFAULT SETTING All ports Table 50 LLDP Commands Command Function lldp configuration Displays LLDP configuration settings for...

Page 442: ...ransmission only DEFAULT SETTING Disabled EXAMPLE LLDP mode enable LLDP lldp optional_tlv This command displays or sets LLDP optional TLVs for specified ports SYNTAX lldp optional_tlv port list port_d...

Page 443: ...tion about the specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address The interface number a...

Page 444: ...0 seconds DEFAULT SETTING 3 COMMAND USAGE The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a t...

Page 445: ...P MIB after LLDP ports are disabled or the link goes down SYNTAX lldp reinit reinit reinit The delay before attempting to re initialize after LLDP ports are disabled or the link goes down Range 1 10 s...

Page 446: ...ards Errors Unknown Organz Aged 4 174 144 0 0 0 0 1392 0 LLDP lldp info This command displays information about devices connected directly to the switch s ports which are advertising information throu...

Page 447: ...assis ID field CDP TLV Address is mapped into the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbors table CDP T...

Page 448: ...CHAPTER 20 LLDP Commands 448...

Page 449: ...rts Range 1 28 or all DEFAULT SETTING All ports COMMAND USAGE For a description of the information displayed by this command see Configuring LLDP MED TLVs on page 166 Table 51 LLDP MED Commands Comman...

Page 450: ...stal_com_name p_o_box additional_code civic_value country The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US state National subdivisions state canton region province pre...

Page 451: ...SETTING None COMMAND USAGE The Civic Address Location is defined in IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI EXAMPLE LLDPMED civic country US LLDPMED civic...

Page 452: ...e a different policy for the voice signaling than for the voice media This application type should not be advertised if all the same network policies apply as those advertised in the Voice application...

Page 453: ...header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 untagged Indicates that the specified application type is using an untagged VLAN Untagged indicates t...

Page 454: ...ork Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other t...

Page 455: ...2767 with a maximum of 4 digits meters Representing meters of Altitude defined by the vertical datum specified floor Representing altitude in a form more relevant in buildings which have different flo...

Page 456: ...med fast This command shows or sets LLDP MED fast start repeat count SYNTAX lldpmed fast count count The number of times fast start LLDPDUs are sent during the activation of the fast start mechanism d...

Page 457: ...value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start...

Page 458: ...subdivsion CA City Roseville Street Foothills House No 8000 Unit R3L LLDPMED lldpmed debug_med_transm it_var This command shows or sets the current value of the global medTansmitEnable variable Sectio...

Page 459: ...port Displays or sets the QCL assigned to specified ports qos qcl add Adds or modifies a QoS control entry qos qcl delete Deletes a QoS control entry qos qcl lookup Displays the specified QoS control...

Page 460: ...Strict 1 2 4 8 3 Low 0 1 Disabled Disabled Strict 1 2 4 8 4 Low 0 1 Disabled Disabled Strict 1 2 4 8 5 Low 0 1 Disabled Disabled Strict 1 2 4 8 6 Low 0 1 Disabled Disabled Strict 1 2 4 8 7 Low 0 1 Di...

Page 461: ...have VLAN tags are tagged with the input port s default ingress tag priority and then placed in the appropriate priority queue at the output port Note that if the output port is an untagged member of...

Page 462: ...atted packets Range 0x600 0xffff hex Default 0xffff A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX vlan id VLAN...

Page 463: ...ium Normal or High defined by that entry Traffic not matching any of the QCEs are classified to the default QoS Class for the port see the qos default command on page 460 EXAMPLE QoS QCL add 1 1 tos 1...

Page 464: ...s all QCLs EXAMPLE QoS QCL lookup QCL ID 1 QCE ID Type Class Mapping 1 VLAN ID 1 Low 2 UDP TCP 0 Low QoS QCL qos mode This command displays or sets the egress queuing mode for specified ports SYNTAX q...

Page 465: ...64 the switch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue The traffic classes are mapped to one of the egress queues provided for ea...

Page 466: ...orts SYNTAX qos shaper port list enable disable bit rate port list A specific port or range of ports Range 1 28 or all enable Enables egress rate limiting disable Disables egress rate limiting bit rat...

Page 467: ...then be dropped Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps translates into an enforced threshold of 1002 1 pps EXAMPLE QoS Storm un...

Page 468: ...ackets are dropped Options 1 2 4 512 1k 2k 4k 1024k pps DEFAULT SETTING Disabled 2 pps when enabled COMMAND USAGE The specified limit applies to each port Any packets exceeding the specified threshold...

Page 469: ...P remarking for specified ports SYNTAX qos dscp queue mapping port list class dscp port list A specific port or range of ports Range 1 28 or all class Output queue buffer Range low normal medium high...

Page 470: ...CHAPTER 22 QoS Commands 470...

Page 471: ...AX mirror configuration port list port list A specific port or a range of ports Range 1 28 or all EXAMPLE Mirror configuration 1 5 Mirror Port 9 Port Mode 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5...

Page 472: ...o the destination port DEFAULT SETTING Displays the destination mirror port EXAMPLE Mirror port 9 Mirror mirror mode This command displays or sets the mirror mode for specified source ports SYNTAX mir...

Page 473: ...later be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection The configurati...

Page 474: ...saved configuration file The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length is 31 characters for files on the sw...

Page 475: ...ftware file provided for the switch After the software image is uploaded a message announces that the firmware update has been initiated After about a minute the firmware is updated and the switch is...

Page 476: ...Inc RedBoot is free software covered by the eCos license derived from the GNU General Public License You are welcome to change it and or distribute copies of it under certain conditions Under the lic...

Page 477: ...colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields file name The name of the file to load from the TFTP server The destination file nam...

Page 478: ...CHAPTER 25 Firmware Commands 478...

Page 479: ...ation 100 UPnP upnp mode This command displays or sets UPnP operational mode SYNTAX upnp mode enable disable enable Enables UPnP on the switch disable Disables UPnP on the switch DEFAULT SETTING Disab...

Page 480: ...e description When a device is known to the control point periodic event notification messages are sent A UPnP description for a service includes a list of actions the service responds to and a list o...

Page 481: ...ed in Simple Service Discover Protocol SSDP packets which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch Due to the unrelia...

Page 482: ...CHAPTER 26 UPnP Commands 482...

Page 483: ...ting the behavior of the other However if IGMP snooping and MVR are both enabled MVR reacts only to join and leave messages from multicast groups configured under MVR Join and leave messages from all...

Page 484: ...Disabled Receive Disabled 8 Disabled Receive Disabled 9 Disabled Receive Disabled 10 Disabled Receive Disabled 11 Disabled Receive Disabled 12 Disabled Receive Disabled 13 Disabled Receive Disabled 1...

Page 485: ...ID V1 Reports V2 Reports V3 Reports V2 Leave 100 0 3 2 0 MVR mvr mode This command displays or sets the global MVR operational mode SYNTAX mvr mode enable disable enable Enables MVR on the switch disa...

Page 486: ...led on the switch for this setting to take effect MVR only needs to be enabled on a receiver port if there are subscribers receiving multicast traffic from one of the MVR groups EXAMPLE MVR port mode...

Page 487: ...ces supported by the MVR VLAN DEFAULT SETTING All ports are configured as receiver ports EXAMPLE MVR port type 1 source MVR mvr immediate leave This command displays or sets MVR immediate leave on the...

Page 488: ...CHAPTER 27 MVR Commands 488 EXAMPLE MVR immediate leave 2 enable MVR...

Page 489: ...AN Commands Command Function voice vlan configuration Displays the Voice VLAN configuration settings the OUI table and port related settings voice vlan discovery protocol Displays or sets the method f...

Page 490: ...Disabled Disabled OUI 2 Auto Enabled LLDP 3 Disabled Disabled OUI 4 Disabled Disabled OUI 5 Disabled Disabled OUI 6 Disabled Disabled OUI 7 Disabled Disabled OUI 8 Disabled Disabled OUI 9 Disabled Dis...

Page 491: ...ed be sure to configure the MAC address ranges in the Telephony OUI list see the voice vlan oui add command MAC address OUI numbers must be configured in the Telephony OUI list so that the switch reco...

Page 492: ...attached Range 1 4095 DEFAULT SETTING 1000 COMMAND USAGE The Voice VLAN cannot be the same as that defined for any other function on the switch such as the management VLAN using the ip setup command t...

Page 493: ...y queues for each port For information on how these queues are used see Configuring Port Level Queue Settings on page 185 EXAMPLE Voice VLAN traffic class 3 Voice VLAN voice vlan oui add This command...

Page 494: ...tached VoIP devices EXAMPLE Voice VLAN oui delete 00 01 e3 Voice VLAN voice vlan oui clear This command deletes all entries from the Voice VLAN OUI table SYNTAX voice vlan oui clear EXAMPLE Voice VLAN...

Page 495: ...p version command before the Voice VLAN port mode is set to auto or force This prevents the spanning tree s ingress filter from dropping VoIP traffic tagged for the Voice VLAN EXAMPLE Voice VLAN port...

Page 496: ...CHAPTER 28 Voice VLAN Commands 496...

Page 497: ...ld configuration Displays MLD snooping settings for the switch all VLANs specified ports and filtered groups mld mode Displays or sets the MLD snooping mode for the switch mld leave proxy Displays or...

Page 498: ...if the router is configured to issue MLD host messages on behalf of hosts discovered through standard MLD interfaces Flooding Shows if unregistered multicast traffic is flooded into attached VLANs VLA...

Page 499: ...disable enable Enables MLD snooping globally for the switch When MLD snooping is enabled the switch will monitor network traffic to determine which hosts want to receive multicast traffic disable Disa...

Page 500: ...is a non querier the receiving port is not the last dynamic member port in the group and the receiving port is not a router port the switch will generate and send a group specific GS listener query to...

Page 501: ...ess FF02 2 for MLDv1 EXAMPLE MLD proxy enable MLD mld state This command displays or sets the MLD snooping state for the specified VLAN SYNTAX mld state vlan id enable disable vlan id VLAN identifier...

Page 502: ...ere is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the servi...

Page 503: ...device either a service host or a neighbor running MLD snooping Fast Leave does not apply to a port if the switch has learned that a multicast router is attached to it Fast Leave can improve bandwidth...

Page 504: ...is dropped EXAMPLE MLD filtering 9 FF00 0 0 0 0 0 0 10C MLD mld router This command displays or sets specified ports which are attached to a known MLD router SYNTAX mld router port list enable disabl...

Page 505: ...d to store multicast entries for MLD snooping is filled no new entries are learned If no router port is configured in the attached VLAN and unregistered multicast flooding is disabled any subsequent m...

Page 506: ...see Showing MLD Snooping Information on page 234 EXAMPLE MLD status Querier Rx Tx Rx Rx Rx VID Status Queries Queries V1 Reports V2 Reports V1 Leave 1 ACTIVE 0 64 0 149 0 2 ACTIVE 0 64 0 0 0 MLD mld v...

Page 507: ...507 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 509 Troubleshooting on page 513 License Information on page 515...

Page 508: ...SECTION IV Appendices 508...

Page 509: ...ps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a critical threshold PORT MIRRORING Multip...

Page 510: ...IGMP Snooping IPv4 MLD Snooping IPv6 Multicast VLAN Registration ADDITIONAL FEATURES DHCP Client Relay Option 82 DNS Proxy LLDP Link Layer Discover Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP...

Page 511: ...EE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging ARP RFC 826 DHCP Client RFC 2131 HTTPS IC...

Page 512: ...1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB Q Bridge MIB RFC 2674Q Quality of Service MIB RADIUS Accounting Server MIB RFC 4670 RADIUS...

Page 513: ...umber of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of con...

Page 514: ...r messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages 6 Repeat the sequence of commands or other actions that...

Page 515: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Page 516: ...notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any p...

Page 517: ...red to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if yo...

Page 518: ...bution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exce...

Page 519: ...well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries information DS byte used by each hop to give it a particular forwarding trea...

Page 520: ...le Authentication Protocol over LAN EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch A user name and pas...

Page 521: ...EE 802 3AC Defines frame extensions for VLAN tagging IEEE 802 3X Defines Ethernet frame start stop requests and timers used for flow control on full duplex links Now incorporated in IEEE 802 3 2002 IG...

Page 522: ...GATION See Port Trunk MD5 MD5 Message Digest is an algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm which has been br...

Page 523: ...et port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe This allows data on the target port to be studied unobstructively PORT TRUNK Defines a network link aggreg...

Page 524: ...dcasts sent by NTP servers SSH Secure Shell is a secure replacement for remote access functions including Telnet SSH can authenticate users with a cryptographic key and encrypt data connections betwee...

Page 525: ...dinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accurate atomic time The UTC does not have daylight saving time VLAN Virtual LAN A Vir...

Page 526: ...GLOSSARY 526...

Page 527: ...n 437 lacp key 438 lacp mode 437 lacp role 438 lacp statistics 439 lacp status 439 lldp cdp_aware 447 lldp configuration 441 lldp delay 444 lldp hold 444 lldp info 446 lldp interval 443 lldp mode 442...

Page 528: ...373 security network acl lookup 373 security network acl policy 369 security network acl rate 369 security network acl status 374 security network arp inspection configuration 387 security network arp...

Page 529: ...mp group lookup 343 security switch snmp mode 329 security switch snmp read community 330 security switch snmp trap authentication failure 333 security switch snmp trap community 332 security switch s...

Page 530: ...479 upnp ttl 480 V vlan add 303 vlan aware 300 vlan configuration 299 vlan delete 303 vlan frametype 301 vlan ingressfilter 302 vlan lookup 304 vlan pvid 301 vlan stag 302 vlan status 304 voice vlan a...

Page 531: ...default settings system 36 DHCP 63 272 client 63 272 dynamic configuration 45 272 DHCP relay information option 118 377 information option policy 118 378 DHCP snooping 115 379 DNS server 63 276 Domain...

Page 532: ...web interface 54 logon authentication 70 312 390 encryption keys 127 394 395 RADIUS client 127 392 RADIUS server 127 392 settings 126 127 390 TACACS client 74 395 TACACS server 74 127 395 M main menu...

Page 533: ...331 333 334 filtering IP addresses 79 323 324 trap destination 83 332 trap manager 83 332 SNMPv3 engine identifier local 83 337 340 engine identifier remote 87 340 groups 88 342 user configuration 87...

Page 534: ...N acceptable frame type 177 301 egress mode 177 ingress filtering 177 302 interface configuration 176 178 300 303 VLANs 299 adding static members 175 303 creating 175 303 description 174 displaying ba...

Page 535: ......

Page 536: ......

Search results

Summary of Contents for DG-GS4528S

Reviews:

Brands by name

Popular brands

Digisol DG-GS4528S, User Manual

Search results

Summary of Contents for DG-GS4528S

Reviews:

Brands by name

Popular brands