manualshive.com logo in svg

Draytek P2261, User Manual, Page: 195 / 234

Share
Download
Draytek P2261 User Manual Download Page 195

 

VigorSwitch P2261 User’s Guide 

187

a special packet containing a success or failure indication. 
Besides forwarding this decision to the supplicant, the 
switch uses it to open up or block traffic on the switch port 
connected to the supplicant. 

Note: 

Suppose two backend servers are enabled and that the 

server timeout is configured to X seconds (using the AAA 
configuration page), and suppose that the first server in the 
list is currently down (but not considered dead). Now, if the 
supplicant retransmits EAPOL Start frames at a rate faster 
than X seconds, then it will never get authenticated, because 
the switch will cancel on-going backend authentication 
server requests whenever it receives a new EAPOL Start 
frame from the supplicant. And since the server hasn't yet 
failed (because the X seconds haven't expired), the same 
server will be contacted upon the next backend 
authentication server request from the switch. This scenario 
will loop forever. Therefore, the server timeout should be 
smaller than the supplicant's EAPOL Start frame 
retransmission rate.   

Single 802.1X

 - In port-based 802.1X authentication, once a 

supplicant is successfully authenticated on a port, the whole 
port is opened for network traffic. This allows other clients 
connected to the port (for instance through a hub) to 
piggy-back on the successfully authenticated client and get 
network access even though they really aren't authenticated. 
To overcome this security breach, use the Single 802.1X 
variant. Single 802.1X is really not an IEEE standard, but 
features many of the same characteristics as does port-based 
802.1X. In Single 802.1X, at most one supplicant can get 
authenticated on the port at a time. Normal EAPOL frames 
are used in the communication between the supplicant and 
the switch. If more than one supplicant is connected to a 
port, the one that comes first when the port's link comes up 
will be the first one considered. If that supplicant doesn't 
provide valid credentials within a certain amount of time, 
another supplicant will get a chance. Once a supplicant is 
successfully authenticated, only that supplicant will be 
allowed access. This is the most secure of all the supported 
modes. In this mode, the Port Security module is used to 
secure a supplicant's MAC address once successfully 
authenticated.  

Multi 802.1X

 - In port-based 802.1X authentication, once a 

supplicant is successfully authenticated on a port, the whole 
port is opened for network traffic. This allows other clients 
connected to the port (for instance through a hub) to 
piggy-back on the successfully authenticated client and get 
network access even though they really aren't authenticated. 
To overcome this security breach, use the Multi 802.1X 
variant. 
Multi 802.1X is really not an IEEE standard, but features 
many of the same characteristics as does port-based 802.1X. 
Multi 802.1X is - like Single 802.1X - not an IEEE 
standard, but a variant that features many of the same 

Summary of Contents for P2261

Page 1: ......

Page 2: ...VigorSwitch P2261 User s Guide ii VigorSwitch P2261 PoE 24 2 Giga Port L2 Managed Switch User s Guide Version 1 0 Date 24 09 2012 Copyright 2012 All rights reserved ...

Page 3: ...ne 1 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials we will at our discretion repair or replace the defective products or components without charge for either part...

Page 4: ...lation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by t...

Page 5: ...nformation 22 2 2 2 System Information Device Name 23 2 2 3 System Information CPU Load 24 2 2 4 NTP Time Configuration 25 2 2 5 Account Users 26 2 2 6 Account Privilege Level 28 2 2 7 IP Configuration IPv4 29 2 2 8 IP Configuration IPv6 30 2 2 9 Port General Setup 32 2 2 10 Port Traffic Overview 34 2 2 11 Port Detailed Statistics 35 2 2 12 Port QoS Statistics 36 2 2 13 Port SFP Information 38 2 2...

Page 6: ...VR General Setup 92 2 3 26 MVR Group Information 93 2 3 27 MVR Statistics 94 2 3 28 LLDP LLDP General Setup 95 2 3 29 LLDP LLDP Neighbours 97 2 3 30 LLDP LLDP MED General Setup 98 2 3 31 LLDP LLDP MED Neighbours 105 2 3 32 LLDP EEE 109 2 3 33 LLDP Port Statistics 111 2 3 34 PoE General Setup 112 2 3 35 PoE Status 113 2 3 36 PoE Power Delay 114 2 3 37 PoE Auto Checking 115 2 3 38 PoE Schedule 116 2...

Page 7: ...s 179 2 4 13 DHCP Relay General Setup 180 2 4 14 DHCP Relay Statistics 182 2 4 15 NAS General Setup 183 2 4 16 NAS Switch Status 192 2 4 17 NAS Port Status 194 2 4 18 AAA General Setup 195 2 4 19 AAA RADIUS Overview 198 2 4 20 AAA RADIUS Details 199 2 4 21 Port Security Limit Control 201 2 4 22 Port Security Switch Status 203 2 4 23 Port Security Port Status 205 2 4 24 Access Management General Se...

Page 8: ...VigorSwitch P2261 User s Guide viii 3 2 Q A 225 ...

Page 9: ...he switch features comprehensive and useful function such as ACL IP MAC Binding DHCP Option 82 QoS Quality of Service Spanning Tree VLAN Port Trunking Bandwidth Control Port Security SNMP RMON IGMP Snooping capability via the intelligent software It is suitable for both metro LAN and office application In this switch Port 21 and Port 24 include two types of media TP and SFP Fiber LC BiDi LC this p...

Page 10: ... happened RMON is the abbreviation of Remote Network Monitoring and is a branch of the SNMP MIB The device supports MIB 2 RFC 1213 Bridge MIB RFC 1493 RMON MIB RFC 1757 statistics Group 1 2 3 9 Ethernet like MIB RFC 1643 Ethernet MIB RFC 1643 and so on I IG GM MP P S Sn no oo op pi in ng g Support IGMP version 2 RFC 2236 The function IGMP snooping is used to establish the multicast groups to forwa...

Page 11: ...ng and Broadcast Storm Control z IEEE802 1Q Q in Q nested VLAN support z Full duplex flow control IEEE802 3x and half duplex backpressure z Extensive front panel diagnostic LEDs System Power TP Port1 24 LINK ACT 10 100 1000Mbps SFP Port 21 24 SFP LINK ACT M Ma an na ag ge em me en nt t z Supports concisely the status of port and easily port configuration z Supports per port traffic monitoring coun...

Page 12: ...TFTP for firmware upgrade system log upload and configuration file import export z Supports remote boot the device through user interface and SNMP z Supports NTP network time synchronization and daylight saving z Supports 120 event log records in the main memory and display on the local console 1 1 3 3 P Pa ac ck ki in ng g L Li is st t Before you start installing the switch verify that the packag...

Page 13: ...ing on the front panel contains a ACT Power LED and 26 ports working status of the switch L LE ED D E Ex xp pl la an na at ti io on n LED Color Explanation POWER Green Lit when 3 3V power is coming up TP Port 1 24 RJ45 LEFT LINK ACT Green Lit when connection with remote device is good Blinks when any traffic is present TP Port 1 24 RJ45 RIGHT SPEED Green Lit Green when TP connection with remote de...

Page 14: ...hat the SFP module is the right model and conforms to the chassis 2 Slide the module along the slot Also be sure that the module is properly seated against the slot socket connector 3 Install the media cable for network connection 4 Repeat the above steps as needed for each module to be installed into slot s 5 Have the power ON after the above procedures are done T TP P P Po or rt t a an nd d C Ca...

Page 15: ...at the switch will flash all the LED once and automatically performs self test and is in ready state 1 1 5 5 2 2 I In ns st ta al ll li in ng g O Op pt ti io on na al l S SF FP P F Fi ib be er r T Tr ra an ns sc ce ei iv ve er rs s t to o t th he e s sw wi it tc ch h If you have no modules please skip this section 1 1 5 5 3 3 I In ns st ta al ll li in ng g C Ch ha as ss si is s t to o a a 1 19 9 I...

Page 16: ...he viewpoint of connector type there mainly are LC and BIDI LC Gigabit Fiber with multi mode LC SFP module Gigabit Fiber with single mode LC SFP module Gigabit Fiber with BiDi LC 1310nm SFP module Gigabit Fiber with BiDi LC 1550nm SFP module The following table lists the types of fiber that we support and those else not listed here are available upon request Multi mode Fiber Cable and Modal Bandwi...

Page 17: ... TP node distance over fiber optic and provide the long haul connection Typical Network Topology in Deployment A hierarchical network with minimum levels of switch may reduce the timing delay between server and client station Basically with this approach it will minimize the number of switches in any one path will lower the possibility of network loop and will improve network efficiency If more th...

Page 18: ...nager has to assign different names for each VLAN groups at one switch Case 3 Port based VLAN 2 VLAN1 members could not access VLAN2 VLAN3 and VLAN4 members VLAN2 members could not access VLAN1 and VLAN3 members but they could access VLAN4 members VLAN3 members could not access VLAN1 VLAN2 and VLAN4 VLAN4 members could not access VLAN1 and VLAN3 members but they could access VLAN2 members ...

Page 19: ...VigorSwitch P2261 User s Guide 11 Case 4 The same VLAN members can be at different switches with the same VID ...

Page 20: ...finish the configuration of the IP address or to know the IP address of the switch Then follow the procedures listed below 1 Set up a physical path between the configured the switch and a PC by a qualified UTP Cat 5 cable with RJ 45 connector Note If PC directly connects to the switch you have to setup the same subnet mask between them But subnet mask may be different for the PC in the remote site...

Page 21: ...ddress we used is version 4 known as IPv4 Network identifier Host identifier With the classful addressing it divides IP address into three classes class A class B and class C The rest of IP addresses are for multicast and broadcast The bit length of the network prefix is the same as that of the subnet mask and is denoted as IP address X for example 192 168 1 0 24 Each class has its address range d...

Page 22: ...s more efficiently and ease to manage IP network For a class B network 128 1 2 3 it may have a subnet mask 255 255 0 0 in default in which the first two bytes is with all 1s This means more than 60 thousands of nodes in flat IP address will be at the same network It s too large to manage practically Now if we divide it into smaller network by extending network prefix from 16 bits to say 24 bits th...

Page 23: ...is considered a physical network in an autonomous network So it owns a network IP address which may looks like 168 1 2 0 With the subnet mask a bigger network can be cut into small pieces of network If we want to have more than two independent networks in a worknet a partition to the network must be performed In this case subnet mask must be applied For different network applications the subnet ma...

Page 24: ...55 x is allowable in this case DNS The Domain Name Server translates human readable machine name to IP address Every machine on the Internet has a unique IP address A server generally has a static IP address To connect to a server the client needs to know the IP of the server However user generally uses the name to connect to the server Thus the switch DNS client program such as a browser will ask...

Page 25: ...f connection including LC BiDi LC for SFP For more details on the specification of the switch please refer to Appendix A The switch is suitable for the following applications Central Site Remote site application is used in carrier or ISP It is a system wide basic reference connection diagram This diagram demonstrates how the switch connects with other network devices and hosts ...

Page 26: ...VigorSwitch P2261 User s Guide 18 Peer to peer application is used in two remote offices Office Network Connection ...

Page 27: ...password are both admin For the first time to use please enter the default username and password then click the Login button The login process now is completed In this login menu you have to input the complete username and password respectively the switch will not give you a shortcut to username automatically This looks inconvenient but safer In the switch it supports a simple user management func...

Page 28: ...tion Location Contact Device Name System Up Time Current Time BIOS Version Firmware Version Hardware Mechanical Version Serial Number Host IP Address Host MAC Address Device Port RAM Size Flash Size and CPU Load With this information you will know the software version used MAC address serial number how many ports good and so on This is helpful while malfunctioning In the following figure left sect...

Page 29: ...indow for the port will be pop out It shows the basic information of the clicked port With this you ll see the information about the port status traffic status and bandwidth rating for egress and ingress respectively On the left top corner there is a pull down list for Auto Logout For the sake of security we provide auto logout function to protect you from illegal user as you are leaving If you do...

Page 30: ...t person and phone here for getting help soon You can configure this parameter through the device s user interface or SNMP Device name The name of the switch User defined Default is VigorSwitch P2261 System Date The date that this switch is powered up System Uptime The time accumulated since this switch is powered up Its format is day hour minute second BIOS version The version of the BIOS in this...

Page 31: ...rding database size of the device Transmit Queue Displays the information about the transmit priority queue of switch Maximum Frame Size Displays the information about switch supported maximum frame size 2 2 2 2 2 2 S Sy ys st te em m I In nf fo or rm ma at ti io on n D De ev vi ic ce e N Na am me e Function name Device Name Function description You can identify the system by configuring the conta...

Page 32: ... After finished the above settings click Apply to save the configuration 2 2 2 2 3 3 S Sy ys st te em m I In nf fo or rm ma at ti io on n C CP PU U L Lo oa ad d Function name CPU Load Function description This page displays the CPU load using an SVG graph The load is measured as averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are dis...

Page 33: ... Settings In this mode Clock Source is from Local Time Set the time manually 2 Use NTP Server In this mode Clock Source is from NTP Server The switch can link to Network Time Protocol server to obtain the correct time automatically when NTP server has been set Local Time Show the current time of the system Time Zone Offset Time Set Offset Provide the time zone offset relative to UTC GMT The offset...

Page 34: ... is 1 31 Default 1 Hour Range is 0 23 Default 0 NTP Configuration NTP is Network Time Protocol and is used to sync the network time based Greenwich Mean Time GMT If use the NTP mode and select a built in NTP time server or manually specify an user defined NTP server as well as Time Zone the switch will sync the time in a short after pressing Apply button Though it synchronizes the time automatical...

Page 35: ... to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read wri...

Page 36: ...ault setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Note You can add more u...

Page 37: ...o identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number is reduced drastically by the practice of webmasters taking addresses in large blocks the bulk of which remain unused There is a rather substant...

Page 38: ...NS lookup IP Address Provide the IP address of this switch in dotted decimal notation IP Mask Provide the IP mask of this switch dotted decimal notation IP Gateway Provide the IP address of the router in dotted decimal notation SNTP Server Provide the IP address of the SNTP Server in dotted decimal notation DNS Server Provide the IP address of the DNS Server in dotted decimal notation VLAN ID Prov...

Page 39: ...nds the total time needed to complete auto configuration can be significantly longer Address Provide the IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit g...

Page 40: ...rent port configuration and how to configure ports to non default settings including Linkup Linkdown Speed Current and Type Flow Control Current Rx Current Tx and Enabled Maximum Frame Size Excessive Collision Mode and Power Control Parameter description Port This is the logical port number for this row Description It describes to configure the Port s alias or any descriptions for the Port Identit...

Page 41: ...related to the setting for Configured Link Speed Maximum Frame Size This module offers 1518 9600 Bytes length to make the long packet Excessive Collision Mode There are two modes to choose when excessive collision happened in half duplex condition as below Discard The Discard mode determines whether the MAC drop frames after an excessive collision has occurred If yes a frame is dropped after exces...

Page 42: ...n Port Display the port number The number is 1 24 Both port 21 24 are optional modules Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The numbe...

Page 43: ...d transmit Parameter description Receive Total and Transmit Total Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitt...

Page 44: ...ignment The number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize The number of long 2 frames received with valid CRC Rx Fragments The number of short 1 frame received with invalid CRC Rx Jabber The number of long 2 frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding pro...

Page 45: ...cal port for the settings contained in the same row Q1 Qn There are several QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed manually when user use mouse to click on Refresh button Clear The simple counts will ...

Page 46: ...Mode Single Mode Tx Central Wavelength Display the fiber optical transmitting central wavelength for instance 850nm 1310nm 1550nm and so on Bit Rate Display the maximum baud rate of the fiber module supported for instance 10M 100M 1G and so on Vendor OUI Display the Manufacturer s OUI code which is assigned by IEEE Vendor Name Display the company name of the module manufacturer Vendor P N Display ...

Page 47: ...n exchange information about the devices wakeup time using the LLDP protocol For maximizing the power saving the circuit isn t started at once transmit data are ready for a port but is instead queued until 3000 bytes of data are ready to be transmitted For not introducing a large delay in case that data less then 3000 bytes shall be transmitted data are always transmitted after 48 us giving a maxi...

Page 48: ... the looping detection frames If you want to resume the locked port please find out the looping path and take off the looping path then select the resume the locked port and click on Resume to turn on the locked ports Function name General Setup Function description Display whether switch opens Loop protection Parameter description Global Configuration Enable Loop Protection Choose Enable to activ...

Page 49: ...de Controls whether the port is actively generating loop protection PDU s or whether it is just passively looking for looped PDU s After finished the above settings click Apply to save the configuration 2 2 2 2 1 16 6 L Lo oo op p P Pr ro ot te ec ct ti io on n S St ta at tu us s Function name General Status Function description Display the status for the switch which opens Loop protection Paramet...

Page 50: ...utton 2 2 2 2 1 17 7 T Tr ra ap p E Ev ve en nt t S Se ev ve er ri it ty y Function name Trap Event Severity Function description The function is used to set a Alarm trap and get the Event log The Trap Events Configuration function is used to enable the switch to send out the trap information while pre defined trap events occurred Parameter description Group Name The name identifies the severity g...

Page 51: ...t is used to govern the transfer of information between SNMP manager and agent and traverses the Object Identity OID of the management Information Base MIB described in the form of SMI syntax SNMP agent is running on the switch to response the request issued by SNMP manager Basically it is passive except issuing the trap information The switch supports a switch to turn on or off the SNMP agent If ...

Page 52: ...o both parties must have the same community name Parameter Description Get Community Indicate the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SN...

Page 53: ...is function is used to configure SNMPv3 communities The Community and User Name are unique To create a new community account please click the Add new community button and enter the account information then click Apply Max Group Number 4 Parameter Description Delete Click it to delete the selected community setting Community Display the community access string User Name Display a string identifying...

Page 54: ...ce subnet when combined with source mask Source Mask Indicates the SNMP access source address mask After finished the above settings click Apply to save the configuration The settings will take effect 2 2 2 2 2 21 1 S SN NM MP P U Us se er rs s Function name Users Function description This function is used to configure SNMPv3 user The Entry index key is User Name To create a new User Name account ...

Page 55: ...col The value of security level cannot be modified if entry already exists That means must first ensure that the value is set correctly Authentication Password A string identifying the authentication password phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is ASCII characters from 3...

Page 56: ...at this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong...

Page 57: ...ng length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 View Type Indicates the view type that this entry should belong to Possible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded In general if a view entry s view type is excluded there should be an...

Page 58: ... click the Add new access button and enter the access information then click Apply Max Group Number 14 Parameter Description Delete Click it to delete the selected user setting Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Model Indicates the security model tha...

Page 59: ...B objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Write View Name The name of the MIB view defines the MIB objects for which this request may potentially set new values The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Add new access Click it t...

Page 60: ...y No Number link for Trap Host configuration Version Display the version of the trap host Server IP Display the SNMP Host IP address UDP Port Display the port number for UDP Community Security Name Display the name of community security Severity Level Display the level for severity Security Level Display the level for security Authentication Protocol Display the protocol configured for authenticat...

Page 61: ...s Error Send errors Security Level There are three kinds of choices NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Authentication Protocol You can choose MD5 or SHA for authentication Authentication Password The length of MD5 Authentication Password is restricted to 8 32 The length of SHA Authentication Password is rest...

Page 62: ...n the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes a...

Page 63: ...f the switch Parameters description ID ID 1 of the system log entry Level Level of the system log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry Auto refresh The simple counts will be ref...

Page 64: ...ame System Log Detailed Log Function description It describes that display the detailed log information of the switch Parameters description ID ID 1 of the system log entry Message The detailed message of the system log entry Refresh The simple counts will be refreshed manually when user use mouse to click on Refresh button ...

Page 65: ...m mail Parameters description Mail Server Specify the IP Address of the server transferring your email Username Specify the username on the mail server Password Specify the password on the mail server Sender Set the mail sender name Return Path To set the mail return path as sender mail address Email Address 1 6 Email address that would like to receive the alarm message After finished the above se...

Page 66: ...elds allow the user to select the receiver ID Indicate the ID of this particular sFlow Receiver Currently one ID is supported as one collector is supported IP Type A drop down list to select the type of IP of Collector is displayed By default IPv4 is the type of Collector IP type You could use IPv4 or IPv6 IP Address The address of a reachable IP is to be entered into the text box This IP is used ...

Page 67: ...name sFlow Agent Sampler Function description The function is used to display the sFlow sampler what you set or you can edit it for your requirement That will help user based on a defined sampling rate an average of 1 out of N packets operations is randomly sampled This type of sampling does not provide a 100 accurate result but it does provide a result with quantifiable accuracy Parameters descri...

Page 68: ...n the following page Parameters description sFlow Ports This is the port number on which sFlow can be configured sFlow Instance Multiple instances of sFlow can be supported on the port Currently we support one sFlow instance on each port due to hardware limitation Sampler Type Sampler type on the port can be one of the following types None RX TX ALL If type is none then the sampling rate is 0 and ...

Page 69: ... ta at ti ic c T Tr ru un nk k The Aggregation Configuration is used to configure the settings of Link Aggregation You can bundle more than one port with the same speed full duplex and the same MAC to be a single logical port thus the logical port aggregates the bandwidth of these ports This means you can apply your current Ethernet equipments to build the bandwidth aggregation Function name Aggre...

Page 70: ...le By default IP Address is enabled TCP UDP Port Number The TCP UDP port number can be used to calculate the destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Aggregation Group Configuration Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no ...

Page 71: ...ed group An LACP trunk group with only one or less than one ready member port is not a real trunked group Parameters description Port The switch port number LACP Enabled Controls whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form max 12 LLAGs per switch and 2 GLAGs per stack Key The Key value incurred by th...

Page 72: ...id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local Ports Shows which ports are a part of this aggregation for this switch stack The format is Switch ID Port Auto refresh The simple counts will be...

Page 73: ...s that the port could not join the aggregation group but will join if other port leaves Meanwhile its LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GLAGs while IDs 3 14 are LLAGs Partner System ID The partner s System ID MAC address Partner Port The partner ...

Page 74: ...path cost when forwarding a packet from that device to the root device Then it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports...

Page 75: ...m age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds and MaxAge must be FwdDelay 1 2 Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information to Valid values are in the range 6...

Page 76: ...S ST TI I M Ma ap pp pi in ng g When you implement a Spanning Tree protocol on the switch that the bridge instance the CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped Due to the reason that you need to set the list of VLANs mapped to the MSTI the VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should...

Page 77: ...ration The settings will take effect 2 2 3 3 7 7 S Sp pa an nn ni in ng g T Tr re ee e M MS ST TI I P Pr ri io or ri it ti ie es s When you implement a Spanning Tree protocol on the switch for the bridge instance the CIST is the default instance which is always active For controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concat...

Page 78: ...tions and possibly change them as well Parameters description Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value ca...

Page 79: ...pology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full co...

Page 80: ... MSTI instance must be selected before displaying actual MSTI port configuration options It contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global Function name Spanning Tree MSTI Ports Function description The function is used to inspect the current STP MSTI port configurations and possibly change them as well Use the drop down list to choose one o...

Page 81: ... priority of ports having identical port cost See above After finished the above settings click Apply to save the configuration The settings will take effect 2 2 3 3 1 10 0 S Sp pa an nn ni in ng g T Tr re ee e B Br ri id dg ge e S St ta at tu us s After you complete the MSTI Port configuration you could to ask the switch display the Bridge Status Function name Spanning Tree Bridge Status Function...

Page 82: ...o ask the switch display the STP Port Status Function name Spanning Tree Port Status Function description The function is used to ask the switch to display the STP CIST port status for physical ports of the currently selected switch Parameters description Port The switch port number of the logical STP port CIST Role The current STP port role of the CIST port The port role can be one of the followi...

Page 83: ...s description Port The switch port number of the logical STP port MSTP The number of MSTP Configuration BPDU s received transmitted on the port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port D...

Page 84: ...that you enable IGMP proxy or snooping on the switch which connects to a router closer to the root of the tree This interface is the upstream interface The router on the upstream interface should be running IGMP IGMP Snooping is used to establish the multicast groups to forward the multicast packet to the member ports and in nature avoids wasting the bandwidth while IP multicast packets are runnin...

Page 85: ...e messages to the router side Port Related Configuration Port The switch port number Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leave Enable the fast leave on the port ...

Page 86: ...ate the displayed table starting from that or the next closest VLAN Table match Parameters description VLAN ID The VLAN ID of the entry Snooping Enabled Enable the per VLAN IGMP Snooping IGMP Querier Enable the IGMP Querier in the VLAN Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a ...

Page 87: ...1 15 5 I IG GM MP P S Sn no oo op pi in ng g P Po or rt t G Gr ro ou up p F Fi il lt te er ri in ng g With this feature you can filter multicast joins on a per port basis by configuring IP multicast profiles and associating them with individual switch ports An IGMP profile can contain one or more multicast groups and specifies whether access to the group is permitted or denied If an IGMP profile d...

Page 88: ...VigorSwitch P2261 User s Guide 80 ...

Page 89: ...on you could to let the switch display the IGMP Snooping Status Function name IGMP Snooping Status Function description The function is used to let the switch to display the IGMP Snooping detail status Parameters description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIV...

Page 90: ...e to set the IGMP Snooping function then you could let the switch to display the IGMP Snooping Group Information Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group The will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed...

Page 91: ...M groups Different applications running on different source hosts can arbitrarily reuse SSM group addresses without causing any excess traffic on the network Addresses in the range 232 0 0 0 8 232 0 0 0 to 232 255 255 255 are reserved for SSM by IANA In the switch you can configure SSM for arbitrary IP multicast addresses also Function name IGMP Snooping IPv4 SSM Information Function description T...

Page 92: ...e of IPv6 multicast traffic is only an indirect participant in MLD snooping it just provides multicast traffic and MLD doesn t interact with it Note however that in an application like desktop conferencing a network node may act as both a source and an MLD host but MLD interacts with that node only in its role as an MLD host A source node creates multicast traffic by sending packets to a multicast...

Page 93: ...ption MLD Snooping Configuration Snooping Enabled Enable the Global MLD Snooping Unregistered IPMCv6 Flooding enabled Enable unregistered IPMCv6 traffic flooding Please note that disabling unregistered IPMCv6 traffic flooding may lead to failure of Neighbor Discovery MLD SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in...

Page 94: ...he configuration The settings will take effect 2 2 3 3 2 20 0 M ML LD D S Sn no oo op pi in ng g V VL LA AN N G Ge en ne er ra al l S Se et tu up p Function name MLD Snooping VLAN General Setup Function description When MLD snooping is enabled on a VLAN the switch acts to minimize unnecessary multicast traffic If the switch receives multicast traffic destined for a given multicast address it forwa...

Page 95: ...100 in tenths of seconds 10 seconds LLQI Last Listener Query Interval The Last Listener Query Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Addre...

Page 96: ...unction description The function is used to set the Port Group Filtering in the MLD Snooping function On the web page that you could add a new filtering group and safety policy Parameters description Delete Click to delete the entry Port The logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Add new Filtering Group Click to add a new filtering group ...

Page 97: ...Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE Queries Transmitted The number of Transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Aut...

Page 98: ...t fields allow the user to select the starting point in the MLD Group Table Clicking the button will update the displayed table starting from that or the next closest MLD Group Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently di...

Page 99: ...t field When first visited the web page will show the first 20 entries from the beginning of the MLDv2 Information Table The Start from VLAN and group input fields allow the user to select the starting point in the MLDv2 Information Table Parameters description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintain...

Page 100: ...sends an IGMP join message to Switch A to join the appropriate multicast Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports Function name MVR General Setup Function description The function is used to set the MVR basic configuration and some parameters in the switch Parameters description MVR Mode Enable Disable the Global MVR VLAN ID Speci...

Page 101: ...e switch Entries in the MVR Group Table are shown on this page The MVR Group Table is sorted first by VLAN ID and then by group Parameters description VLAN ID VLAN ID of the group Groups Group ID of the group displayed Port Members Ports under this group Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed manually when user us...

Page 102: ... VLAN ID The Multicast VLAN ID V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed manually when user use mouse to...

Page 103: ... General Setup Function description The function is used to inspect and configure the current LLDP port settings Parameters description Tx Interval The switch periodically transmits LLDP frames to its neighbours for having the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Tx Hold E...

Page 104: ...ghbours table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics CDP TLVs are mapped onto LLDP neighbours table as shown below CDP TLV Device ID is mapped to the LLDP Chassis ID field CDP TLV Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address i...

Page 105: ...urs Function description The function is used to display a status overview for all LLDP neighbours The displayed table contains a row for each port on which an LLDP neighbour is detected The columns hold the following information Parameters description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbour s LLDP frames Remote Port...

Page 106: ...ngs will take effect 2 2 3 3 3 30 0 L LL LD DP P L LL LD DP P M ME ED D G Ge en ne er ra al l S Se et tu up p Media Endpoint Discovery is an enhancement of LLDP known as LLDP MED that provides the following facilities Auto discovery of LAN policies such as VLAN Layer 2 Priority and Differentiated services Diffserv settings enabling plug and play networking Device location discovery to allow creati...

Page 107: ... properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED...

Page 108: ...rm more relevant in buildings which have different floor to floor dimensions An altitude 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum is used for the coordinates given in these options WGS84 Geographical 3D World Geo...

Page 109: ...it Apartment suite Example Apt 42 Floor Floor Example 4 Room no Room number Example 450F Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional code Additional code Example 1320300003 Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Emergency Call Servic...

Page 110: ...a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that freq...

Page 111: ...tribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type 8 Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not ...

Page 112: ...a new policy Click to add a new policy Specify the Application type Tag VLAN ID L2 Priority and DSCP for the new policy Click Apply Port Policies Configuration Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration Port The port number to which the configuration applies Policy ID...

Page 113: ... Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for histor...

Page 114: ...inventory management LLDP MED Media Endpoint Class II The LLDP MED Media Endpoint Class II definition is applicable to all endpoint products that have IP media capabilities however may or may not be associated with a particular end user Capabilities include all of the capabilities defined for the previous Generic Endpoint Class Class I and are extended to include aspects related to media streaming...

Page 115: ...ice for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services 4 Guest Voice Signaling for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media 5 Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops 6 Video C...

Page 116: ... a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead Priority Priority is the Layer 2 priority to be used for the specified application type One of the eight priority levels 0 through 7 DSCP DSCP is th...

Page 117: ... transmitted Tx Tw The link partner s maximum time that transmit path can hold off sending data after deassertion of LPI Rx Tw The link partner s time that receiver would like the transmitter to hold off to allow time for the receiver to wake from sleep Fallback Receive Tw The link partner s fallback receive Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx S...

Page 118: ...on Echo Rx Tw The link partner s Echo Rx Tw value Resolved Tx Tw The resolved Tx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE i...

Page 119: ... detected Total Neighbours Entries Added Shows the number of new entries added since switch reboot Total Neighbours Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbours Entries Dropped Shows the number of LLDP frames dropped due to the entry table being full Total Neighbours Entries Aged Out Shows the number of entries deleted due to Time To Live expiring LL...

Page 120: ...ion about how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed manually when user use mouse to click on Refresh button Clear The simple counts w...

Page 121: ...iority There are three levels of power priority named Low High and Critical The priority is used in the case where the remote devices requires more power than the power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the highest port number Maximum Power The Maximum Power value contains a numerical value that indicates the maximum powe...

Page 122: ...ount of power the PD wants to be reserved Power Allocated The Power Allocated shows the amount of power the switch has allocated for the PD Power Used The Power Used shows how much power the PD currently is using Current Used The Power Used shows how much current the PD currently is using Priority The Priority shows the port s priority configured by the user Port Status The Port Status shows the p...

Page 123: ...y Mode Enable Disable this function Delay Time 0 300 sec Set the delay time for power mode 2 2 3 3 3 37 7 P Po oE E A Au ut to o C Ch he ec ck ki in ng g Function name PoE Auto Checking Parameters description Ping Check Check the device with PING command Ping IP Address Type the IP address of the device ...

Page 124: ...nd Date Set the ending date for such schedule profile Start Time Set the starting time for such schedule profile Duration Time Set the duration time for such schedule profile How Often Specify the frequency of the schedule profile 2 2 3 3 3 39 9 F Fi il lt te er ri in ng g D Da at ta a B Ba as se e G Ge en ne er ra al l S Se et tu up p Filtering Data Base gathers many functions including MAC Table...

Page 125: ...he MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here Parameters description Aging Configuration Disable Automatic Aging Check it to enable this function Aging Time By default dynamic entries are removed from the MAC table after 300 seconds This removal is also called aging Configure aging time by entering a value ...

Page 126: ...dress The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Adding a New Static Entry Click to add a new entry to the static MAC table Specify the VLAN ID MAC address and port members for the new entry Click Apply After finished the above settings click Apply to save the configuration The settings will take...

Page 127: ... management VLAN is used to establish an IP connection to the switch from a workstation connected to a port in the VLAN This connection supports a VSM SNMP and Telnet session By default the active management VLAN is VLAN 1 but you can designate any VLAN as the management VLAN using the Management VLAN window Only one management VLAN can be active at a time When you specify a new management VLAN yo...

Page 128: ... on the other stack switch units but with no port members The check box is greyed out when VLAN is displayed on other stacked switches but user can add member ports to it A VLAN without any port members on any stack unit will be deleted when you click Apply The button can be used to undo the addition of new VLANs Refresh The simple counts will be refreshed manually when user use mouse to click on ...

Page 129: ...the frame the frame is discarded By default ingress filtering is disabled no checkmark Frame Type Determines whether the port accepts all frames or only tagged untagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded By default the field is set to All Egress Rule Determines what device the port connects...

Page 130: ...o become an untagged frame These untagged frames will be transmitted PVID Configures the VLAN identifier for the port The allowed values are 1 through 4095 The default value is 1 Note The port must be a member of the same VLAN as the Port VLAN ID After finished the above settings click Apply to save the configuration The settings will take effect ...

Page 131: ...e uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID Currently we support the following VLAN user types CLI Web SNMP These are referred to as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server GVRP GARP VLAN Registration Proto...

Page 132: ...s the ID of this particular VLAN Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed manually when user use mouse to click on Refresh button 2 2 3 3 4 44 4 V VL LA AN N P Po or rt t S St ta at tu us s Function name VLAN Port Status Function description The function gathers the information of all VLAN status and reports it by t...

Page 133: ...ization while maintaining a loop free environment Port The logical port for the settings contained in the same row PVID Shows the VLAN identifier for that port The allowed values are 1 through 4095 The default value is 1 Port Type Shows the Port Type Port type can be any of Unaware C port S port Custom S port If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not re...

Page 134: ...v va at te e V VL LA AN N M Me em mb be er rs sh hi ip p In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be abl...

Page 135: ... are members and all boxes are unchecked Adding a New Private VLAN Click to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are not accepted and a warning message appears Click Reset to discard the incorrect entry The Privat...

Page 136: ...on address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or non protected port Function name VLAN Pr...

Page 137: ...LAN the next time it accesses the network As a result it will not be able to use the resources in the old VLAN On the other hand if Port A and Port B belong to the same VLAN after terminal devices access the network through Port B they will have access to the same resources as those accessing the network through Port A do which brings security issues To provide user access and ensure data security...

Page 138: ...e configured as needed Any unicast MAC address can be configured for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled on the selected stack switch unit when you click on Save A MAC based VLAN without any port members on any stack unit will be deleted when you click Apply The button can be ...

Page 139: ...n which involves communications between a Supplicant Authenticator and an Authentication Server Parameters description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed manually when user use mouse to cli...

Page 140: ...hanisms SNAP The Subnetwork Access Protocol SNAP is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the 8 bit 802 2 Service Access Point SAP fields SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier spaces It is used with IEEE 802 3 IEEE 802 4 IEEE 802 5 IEEE 802 11 and othe...

Page 141: ...protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of ...

Page 142: ...Protocol to Group mapping table and must not be pre used by any other existing mapping entry on this page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or exclude the port from the mapping make su...

Page 143: ...classify and schedule network traffic It is recommended that there must be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI Parameters description Voice VLAN Configuration Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before w...

Page 144: ...rt and configures the Voice VLAN members automatically Forced Force join to Voice VLAN Security Indicates the Voice VLAN port security mode When the function is enabled all non telephonic MAC addresses in the Voice VLAN will be blocked for 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice VLAN security mode operation Discovery Protocol Indi...

Page 145: ...ing length is 0 to 32 Add new entry Click to add a new entry in mapping table An empty row is added to the table the Group Name VLAN ID and port members can be configured as needed Legal values for a VLAN ID are 1 through 4095 The button can be used to undo the addition of new entry After finished the above settings click Apply to save the configuration The settings will take effect 2 2 3 3 5 53 3...

Page 146: ...ction description The function is used to configure the basic GARP Configuration settings for all switch ports Parameters description Port The Port column shows the list of ports for which you can configure GARP settings Timer Values Three different timers can be configured on this page 1 Join Timer The default value for Join timer is 200ms 2 Leave Timer The range of values for Leave Time is 600 1...

Page 147: ...ly to save the configuration The settings will take effect 2 2 3 3 5 54 4 G GA AR RP P S St ta at ti is st ti ic cs s Function name GARP Statistics Function description The function is used to display port statistics of GARP for all switch ports Parameters description Port The Port column shows the list of all ports for which per port GARP statistics are shown Peer MAC Peer MAC is MAC address of t...

Page 148: ...d GIP GVRP state machine maintain the contents of Dynamic VLAN Registration Entries for each VLAN and propagate these information to other GVRP aware devices to setup and update their knowledge database the set of VLANs associated with currently active members and through which ports these members can be reached Function name Aggregation Static Trunk Function description The function is used to co...

Page 149: ...ranges High flexibility is in the classification of incoming frames to a QoS class The QoS classification looks for information up to Layer 4 including IPv4 and IPv6 DSCP IPv4 TCP UDP port numbers and user priority of tagged frames This QoS classification mechanism is implemented in a QoS control list QCL The QoS class assigned to a frame is used throughout the device for providing queuing schedul...

Page 150: ...he DP level for frames not classified in any other way PCP Controls the default PCP for untagged frames DEI Controls the default DEI for untagged frames Tag Class Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode in order to configure the mode and ...

Page 151: ...affic Parameters description Port The port number for which the configuration below applies Mode To evoke which Port you need to enable the QoS Ingress Port Policers function Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 1000 w...

Page 152: ...iption The function is used to provide an overview of QoS Egress Port Schedulers for all switch ports Parameters description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers Mode Shows the scheduling mode for this port Weight Q0 Qn Shows the weight for this queue and port ...

Page 153: ...ction is to provide an overview of QoS Egress Port Shapers for all switch ports Parameters description Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers Shapers Q0 Qn Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps ...

Page 154: ...ng for all switch ports Others ports belong to the currently selected stack unit as reflected by the page header Parameters description Port The logical port for the settings contained in the same row Click on the port number in order to configure tag remarking Mode Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use map...

Page 155: ...settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress 1 Translate Enable the Ingress Translation click the checkbox 2 Classify Classification for a port have 4 different values z Disable No Ingress DSCP Classification z DSCP 0 Classify if incoming or translated if enabled DSCP is 0 z Selected Classif...

Page 156: ...CP P B Ba as se ed d Q Qo oS S Function name QoS DSCP Based QoS Function description The function is used to configure the DSCP Based QoS mode for the basic QoS DSCP based QoS Ingress Classification settings for all switches Parameters description DSCP Maximum number of support ed DSCP values are 64 Trust Click to check if the DSCP value is trusted QoS Class QoS Class value can be any of 0 7 DPL D...

Page 157: ...st translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate DSCP at Ingress side can be translated to any of 0 63 DSCP values 2 Classify Click to enable Classification at Ingress side Egress There are following configurable parameters for Egress side 1 Remap DP0 Select the DSCP value from select menu to which you...

Page 158: ...alue to a QoS Class and DPL value Parameters description QoS Class Available QoS Class value ranges from 0 to 7 QoS Class 0 7 can be mapped to followed parameters DPL Drop Precedence Level 0 1 can be configured for all available QoS Classes DSCP Select DSCP value 0 63 from DSCP menu to map DSCP to corresponding QoS Class and DPL value After finished the above settings click Apply to save the confi...

Page 159: ...f frame to look for incoming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed LLC Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames SMAC Displays the OUI field of Source MAC address i e first three octet byte of MAC...

Page 160: ...in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Click the to open the following page for adding a new QCE QoS Control Entry Parameters description Port Members Check the checkbox button in case you what to make any port...

Page 161: ...otocol number 0 255 TCP or UDP or Any Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP v...

Page 162: ...QCE then DP level will set to value displayed under DPL column DSCP Classified DSCP value If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Other buttons You can modify each QCE QoS Control Entry in the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down the list Delet...

Page 163: ... the type of frame to look for incoming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed LLC Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames Port Indicates the list of ports configured with the QCE Action Indicate...

Page 164: ...h You can click them to refresh the QCL information by manual any changes made locally will be undone After finished the above settings click Apply to save the configuration The settings will take effect 2 2 3 3 6 67 7 Q Qo oS S S St to or rm m C Co on nt tr ro ol l Function name QoS Storm Control Function description The function is used to configure the Storm control for the switch There is a un...

Page 165: ...ngle IP Management SIM a simple and useful method to optimize network utilities and management is designed to manage a group of switches as a single entity called an SIM group Implementing the SIM feature will have the following advantages for users z Simplify management of small workgroups or wiring closets while scaling networks to handle increased bandwidth demand z Reduce the number of IP addr...

Page 166: ...e settings will take effect 2 2 3 3 6 69 9 S Si in ng gl le e I IP P I In nf fo or rm ma at ti io on n Function name Single IP Information Function description The function is to display the Single IP information what you set on the switch Parameters description Index The ID of the active Slave Switch The parameter lets you know how many slave devices connect to the SIP group Model Name Display th...

Page 167: ...one Wireless Access Point and IP Camera etc Others you can leverage configuration to run a converged voice video and data network considering quality of service QoS bandwidth latency and high performance Parameters description Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a Easy Port check the box as Remove or exclude the port from the VLAN make...

Page 168: ...y The available value from 0 Low to 7 High If you want the voice has high priority then you can set the value with 7 Port Security It is used to scroll to enable or disable the Port Security function on the Port If you turn on the function then you need to set Port Security limit to allow how many device can access the port via MAC address Port Security Action It is used to scroll to select when t...

Page 169: ...Port to mirror also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored on this port Disabled disables mirroring Port The logical port for the settings contained in the same row Mode Select mirror mode Rx only Frames received on this port are mirrored on the mirror port Frames transmitted are not mirrored Tx only Frames transmitted...

Page 170: ...ically to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive an SSDP advertisement message from this s...

Page 171: ...rameters and etc Here we will just go over the standard and extended access lists for TCP IP As you create ACEs for ingress classification you can assign a policy for each port The policy number is 1 8 however each policy can be applied to any port This makes it very easy to determine what type of ACL policy you will be working with Function name ACL Ports Function description The function is used...

Page 172: ... logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The allowed values are Enabled ...

Page 173: ...th pps or kbps Parameters description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The rate unit is packets per second pps configure the rate as 1 2 4 512 1K 2K 4K 3276700k The 1 kpps is actually 1002 1 pps The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Unit Specify the rate unit The allowed values are pps Packets per second kbps Kbi...

Page 174: ... used to show the Access Control List ACL which is made up of the ACEs defined on this switch Each row describes the ACE that is defined The maximum number of ACEs is 256 on each switch Click on the lowest plus sign to add a new ACE to the list The reserved ACEs used for internal protocol cannot be edited or deleted the order sequence cannot be changed an the priority is highest Parameters descrip...

Page 175: ...edirect Indicates the port redirect operation of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port copy operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mi...

Page 176: ... filter for this ACE Any No policy filter is specified policy filter status is don t care Specific If you want to filter a specific policy with this ACE choose this value Two field for entering an policy value and bitmask appears Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethern...

Page 177: ...eived on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled Logging Indicates the logging operation of the ACE Possible values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Shutdown Indicates the port shut ...

Page 178: ...L ACL Status Function description The function is used to show the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations The maximum number of ACEs is 256 on each switch Parameters description User Indicates the ACL user Ingress Port Indicates the ingress port of the ACE Possible va...

Page 179: ...Indicates the port redirect operation of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port copy operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored T...

Page 180: ...ll be lost when the mode is enabled Translate dynamic static Click to translate all dynamic entries to static entries Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients that can be learned on give...

Page 181: ...ce Guard Table configure to manage the entries Parameters description Delete Check to delete the entry Port The logical port for the settings VLAN ID The ID number for the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Adding new entry Click to add a new entry to the Static IP Source Guard table Specify the Port VLAN ID IP address and IP Mask for the new entry...

Page 182: ...itch You could use the Dynamic IP Source Guard Table configure to manage the entries Parameters description Start from Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the IP traffic is permitted IP Address User IP address of the entry MAC Address Source MAC address Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simpl...

Page 183: ...anage the ARP table Parameters description ARP Inspection Configuration Mode Enable the Global ARP Inspection or disable the Global ARP Inspection Translate dynamic static Click to translate all dynamic entries to static entries Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on ...

Page 184: ...nage the ARP entries Parameters description Delete Check to delete the entry Port The logical port for the settings VLAN ID The VLAN ID number for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Add new entry Click to add a new entry to the Static ARP Inspection table Specify the Port VLAN ID MAC address and IP ...

Page 185: ...ntains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address Parameters description Start from Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the ARP traffic is permitted MAC Address User MAC address of the entry IP Address User IP address of the entry Auto refresh The simple counts will be refreshed automati...

Page 186: ... the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from the trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Mode Indicates the DHCP snooping port mode Possible port modes are Trusted ...

Page 187: ...ets received and transmitted Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx ...

Page 188: ...P servers may be on another network Parameters description Relay Mode Indicates the DHCP relay mode operation Possible modes are Enabled Enable DHCP relay mode operation When DHCP relay mode operation is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain And the DHCP broadcast message won t be flooded for security c...

Page 189: ...DHCP relay information mode operation is enabled if agent receives a DHCP message that already contains relay agent information it will enforce the policy And it only works under DHCP if relay information operation mode is enabled Possible policies are Replace Replace the original relay information when a DHCP message that already contains it is received Keep Keep the original relay information wh...

Page 190: ... in errors while being sent to clients Receive from Server The number of packets received from server Receive Missing Agent Option The number of packets received without agent information options Receive Missing Circuit ID Receive Missing Circuit ID Receive Missing Remote ID The number of packets received with the Remote ID option missing Receive Bad Circuit ID The number of packets whose Circuit ...

Page 191: ... al l S Se et tu up p Function name NAS General Setup Function description The function is used to configure the NAS parameters of the switch The NAS server can be employed to connect users to a variety of resources including Internet access conference calls printing documents on shared printers or by simply logging on to the Internet It can configure NAS setting of IEEE 802 1X MAC based authentic...

Page 192: ...When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is ...

Page 193: ...uthenticated supplicant is placed on the switch Incoming traffic will be classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned VLAN Enabled below for a detailed description The RADIUS Assigned VLAN Enabled checkbox provides a quick way to globally enable disable RADIUS ...

Page 194: ... port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Port based 802 1X In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the ...

Page 195: ...ess even though they really aren t authenticated To overcome this security breach use the Single 802 1X variant Single 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communication between the supplicant and the switch...

Page 196: ... client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the ...

Page 197: ...oS Class in an Access Accept packet Only the first occurrence of the attribute in the packet will be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 3 which translates into the desired QoS Class in the range 0 3 RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled a...

Page 198: ...rs moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e Port based 802 1X Single 802 1X Multi 802 1X For trouble shooting VLAN assignments use the Monitor VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration Guest VLAN Operation When a Gue...

Page 199: ...d or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Restart Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clic...

Page 200: ...ividual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most rec...

Page 201: ... here Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed manually when user use mouse to click on Refresh button After finished the above settings click Apply to save the configuration The settings will take effect ...

Page 202: ...2 1X authentication Parameters description Port State Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Auto refresh The simple counts will be refreshed automatically on the UI screen Refresh The simple counts will be refreshed ...

Page 203: ...erver does not reply within this timeframe we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm cause...

Page 204: ...vel set on the local switch Accounting Enable to record all the command users entered All the log data will be recorded on the server when enable For instance login time log out time IGMP setting VLAN setting etc RADIUS Authentication Server Configuration Enabled Enable the RADIUS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Authentication...

Page 205: ...Server IP address is expressed in dotted decimal notation Port The TCP port to use on the TACACS Authentication Server If the port is set to 0 zero the default port 49 is used on the TACACS Authentication Server Secret The secret up to 29 characters long shared between the TACACS Authentication Server and the switch stack After finished the above settings click Apply to save the configuration The ...

Page 206: ...e server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access accounting attempts Dead X seconds left Access accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead ...

Page 207: ...number of RADIUS Access Accept packets valid or invalid received from the server Access Rejects The number of RADIUS Access Reject packets valid or invalid received from the server Access Challenges The number of RADIUS Access Challenge packets valid or invalid received from the server Malformed Access Responses The number of malformed RADIUS Access Response packets received from the server Malfor...

Page 208: ...ted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout IP Address IP address and UDP port for the authentication server in question State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The serve...

Page 209: ... Limit Control is globally enabled or disabled on the switchstack If globally disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period Aging Period If Aging Enabled is checked then the aging period is controlled with this input If othe...

Page 210: ...r cannot exceed 1024 If the limit is exceeded the corresponding action is taken The stackswitch is born with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining ports have already used all available MAC addresses...

Page 211: ...ple counts will be refreshed manually when user use mouse to click on Refresh button After finished the above settings click Apply to save the configuration The settings will take effect 2 2 4 4 2 22 2 P Po or rt t S Se ec cu ur ri it ty y S Sw wi it tc ch h S St ta at tu us s Function name Port Security Switch Status Function description This function shows the Port Security status Port Security ...

Page 212: ...br has enabled port security State Shows the current state of the port It can take one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and ...

Page 213: ... cu ur ri it ty y P Po or rt t S St ta at tu us s Function name Port Security Port Status Function description The function shows the MAC addresses secured by the Port Security module Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based l...

Page 214: ...ntil the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If a...

Page 215: ...Disabled Disable access management mode operation Delete Check to delete the entry Start IP address Indicates the start IP address for the access management entry End IP address Indicates the end IP address for the access management entry HTTP HTTPS Indicates that the host can access the switch from HTTP HTTPS interface if the host IP address matches the IP address range provided in the entry SNMP...

Page 216: ...T and SSH Parameters description Interface The interface type through which the remote host can access the switch Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access management mode is enabled Discarded Packets Number of discarded packets from the interface when access managem...

Page 217: ...e SHell to securely access the Switch SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication Parameters description Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation After finished the above settings click Apply to save the configuration The settin...

Page 218: ...ser Parameters description Mode Indicates the HTTPS mode operation Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation Automatically redirect web browser to HTTPS when HTTPS mode is enabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode opera...

Page 219: ...ollowing values none Authentication is disabled and login is not possible local Use the local user database on the switch stack for authentication RADIUS Use a remote RADIUS server for authentication TACACS Use a remote TACACS server for authentication Fallback Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user dat...

Page 220: ...work including Restart Device Firmware upgrade Save Restore Import Export and Diagnostics 2 2 5 5 1 1 R Re es st ta ar rt t D De ev vi ic ce e Function name Restart Device Function description The function is used to restart switch for any maintenance needs Any configuration files or scripts that you saved in the switch should still be available afterwards Click Yes to restart the device ...

Page 221: ...he Switch can be enhanced with more value added functions by installing firmware upgrades Click Browser to select firmware in you device and click Upload Warning While the firmware is being updated web access appears to be defunct The front LED flashes Green Off with a frequency of 10 Hz while the firmware update is in progress Do not restart or power off the device at this time or the switch may ...

Page 222: ... name of primary preferred image is image the alternate image is named image bk Version The version of the firmware image Date The date where the firmware was produced Activate Alternate Image Click to use the alternate image This button may be disabled depending on system state Note In case the active firmware image is the alternate image only the Active Image table is shown In this case the Acti...

Page 223: ...faults Function description The function is used to save and restore the Switch configuration including reset to Factory Defaults Save Start Save Users Restore Users for any maintenance needs Any configuration files or scripts will recover to factory default values Click Yes to reset the Switch configuration to Factory Defaults Only the IP configuration is retained ...

Page 224: ...av ve e S St ta ar rt t Function name Save Restore Save Start Function description The function is used to save the Switch Start configuration Click Save to perform the work You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags ...

Page 225: ...unction name Save Restore Save User Function description The function is used to save users information Any current configuration files will be saved as XML format Click Save to perform the work You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags ...

Page 226: ...ame Save Restore Restore User Function description The function is used to restore user information back to the switch Any current configuration files will be restored via XML format Click Save to perform the work You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags ...

Page 227: ...name Export Import Export Config Function description The function is used to export the Switch configuration Any current configuration files will be exported as XML format Click Save configuration to perform the work You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags ...

Page 228: ...mport Config Function description The function is used to import the Switch Configuration for maintenance needs Any current configuration files will be exported as XML format Click Browser to select firmware in you device and click Upload You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags ...

Page 229: ... bytes Ping Count The count of the ICMP packet Values range from 1 time to 60 times Ping Interval The interval of the ICMP packet Values range from 0 second to 30 seconds Start Click the Start button then the switch will start to ping the device using ICMP packet size what set on the switch After you click Start 5 ICMP packets are transmitted and the sequence number roundtrip time are displayed up...

Page 230: ...the ICMP packet Values range from 0 second to 30 seconds Start Click the Start button then the switch will start to ping the device using ICMPv6 packet size what set on the switch After you click Start 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or un...

Page 231: ...y and you can view the cable diagnostics results in the cable status table Note that VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Parameters description Port The port where you are requesting V...

Page 232: ...VigorSwitch P2261 User s Guide 224 This page is left blank ...

Page 233: ...er r A A c ca an n c co on nn ne ec ct t t to o C Co om mp pu ut te er r B B b bu ut t c ca an nn no ot t c co on nn ne ec ct t t to o C Co om mp pu ut te er r C C t th hr ro ou ug gh h t th he e M Ma an na ag ge ed d S Sw wi it tc ch h The network device of Computer C may fail to work Please check the link act status of Computer C on the LED indicator Try another network device on this connection...

Page 234: ...g gu ur re e t th he e M Ma an na ag ge ed d S Sw wi it tc ch h The Hyperterm is the terminal program in Win95 98 NT Users can also use any other terminal programs in Linux Unix to configure the Managed Switch Please refer to the user guide of that terminal program But the COM port parameters baud rate data bits parity bits flow control must be the same as the setting of the console port of the Ma...

Reviews:

No comments