manualshive.com logo in svg

EtherWAN EX26262, Management Manual

Share
Download
EtherWAN EX26262 Management Manual Download Page 90

–  90  –

 

C

HAPTER 

4  

|   Configuring the Switch

 

Configuring Security 

 

 

 

 

This switch uses the Extensible Authentication Protocol over LANs (EAPOL) 

to exchange authentication protocol messages with the client, and a 

remote RADIUS authentication server to verify user identity and access 

rights. These backend servers are configured on the AAA menu (see 

page 122

). 

 

When a client (i.e., Supplicant) connects to a switch port, the switch (i.e., 

Authenticator) responds with an EAPOL identity request. The client 

provides its identity (such as a user name) in an EAPOL response to the 

switch, which it forwards to the RADIUS server. The RADIUS server verifies 

the client identity and sends an access challenge back to the client. The 

EAP packet from the RADIUS server contains not only the challenge, but 

the authentication method to be used. The client can reject the 

authentication method and request another, depending on the 

configuration of the client software and the RADIUS server. The encryption 

method used by IEEE 802.1X to pass authentication messages can be MD5 

(Message-Digest 5), TLS (Transport Layer Security), PEAP (Protected 

Extensible Authentication Protocol), or TTLS (Tunneled Transport Layer 

Security). However, note that the only encryption method supported by 

MAC-Based authentication is MD5. The client responds to the appropriate 

method with its credentials, such as a password or certificate. The RADIUS 

server verifies the client credentials and responds with an accept or reject 

packet. If authentication is successful, the switch allows the client to 

access the network. Otherwise, network access is denied and the port 

remains blocked. 

 

The operation of 802.1X on the switch requires the following: 

 

 

The switch must have an IP address assigned (see 

page 48

). 

 

 

RADIUS authentication must be enabled on the switch and the IP 

address of the RADIUS server specified. Backend RADIUS servers are 

configured on the Authentication Configuration page (see 

page 122

). 

 

 

802.1X / MAC-based authentication must be enabled globally for the 

switch. 

 

 

The Admin State for each switch port that requires client authentication 

must be set to 802.1X or MAC-based. 

 

 

When using 802.1X authentication: 

 

 

Each client that needs to be authenticated must have dot1x client 

software installed and properly configured. 

 

 

When using 802.1X authentication, the RADIUS server and 802.1X 

client must support EAP. (The switch only supports EAPOL in order 

to pass the EAP packets from the server to the client.) 

 

 

The RADIUS server and client also have to support the same EAP 

authentication type - MD5, PEAP, TLS, or TTLS. (Native support for 

these encryption methods is provided in Windows 7, Windows Vista, 

Windows XP, and in Windows 2000 with Service Pack 4. To support 

Summary of Contents for EX26262

Page 1: ...Layer 2 Gigabit PoE Ethernet Switch Management Guide...

Page 2: ......

Page 3: ...MANAGEMENT GUIDE...

Page 4: ......

Page 5: ...ur attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that...

Page 6: ...6 ABOUT THIS GUIDE...

Page 7: ...N II WEB CONFIGURATION 33 3 USING THE WEB INTERFACE 35 Navigating the Web Browser Interface 35 Home Page 35 Configuration Options 36 Panel Display 36 Main Menu 37 4 CONFIGURING THE SWITCH 47 Configuri...

Page 8: ...g DHCP Snooping 111 Configuring DHCP Relay and Option 82 Information 114 Configuring IP Source Guard 115 Configuring ARP Inspection 119 Specifying Authentication Servers 122 Creating Trunk Groups 124...

Page 9: ...based VLANs 183 Protocol VLANs 184 Configuring Protocol VLAN Groups 185 Mapping Protocol Groups to Ports 186 Configuring IP Subnet based VLANs 187 Managing VoIP Traffic 189 Configuring VoIP Traffic 1...

Page 10: ...ion About Learned MAC Addresses 236 Displaying Port Status for Authentication Services 237 Displaying Port Statistics for 802 1X or Remote Authentication Service 238 Displaying ACL Status 242 Displayi...

Page 11: ...oping Information 271 Showing MLD Snooping Status 271 Showing MLD Snooping Group Information 272 Showing IPv6 SFM Information 273 Displaying LLDP Information 274 Displaying LLDP Neighbor Information 2...

Page 12: ...Saving Configuration Settings 298 Restoring Configuration Settings 298 SECTION III APPENDICES 301 A SOFTWARE SPECIFICATIONS 303 Software Features 303 Management Features 304 Standards 305 Management I...

Page 13: ...14 Authentication Server Operation 65 Figure 15 Authentication Method for Management Access 66 Figure 16 SSH Configuration 67 Figure 17 HTTPS Configuration 69 Figure 18 Access Management Configuratio...

Page 14: ...panning Tree Internal Spanning Tree 133 Figure 48 STA Bridge Configuration 136 Figure 49 Adding a VLAN to an MST Instance 138 Figure 50 Configuring STA Bridge Priorities 139 Figure 51 STP RSTP CIST Po...

Page 15: ...Displaying Port Tag Remarking Mode 201 Figure 83 Configuring Port Tag Remarking Mode 202 Figure 84 Configuring Port DSCP Translation and Rewriting 204 Figure 85 Configuring DSCP based QoS Ingress Clas...

Page 16: ...gure 119 RMON History Overview 255 Figure 120 RMON Alarm Overview 256 Figure 121 RMON Event Overview 256 Figure 122 LACP System Status 257 Figure 123 LACP Port Status 258 Figure 124 LACP Port Statisti...

Page 17: ...able 283 Figure 146 Showing VLAN Members 285 Figure 147 Showing VLAN Port Status 286 Figure 148 Showing MAC based VLAN Membership Status 287 Figure 149 Showing sFlow Statistics 289 Figure 150 ICMP Pin...

Page 18: ...18 FIGURES...

Page 19: ...upport 68 Table 6 SNMP Security Models and Levels 71 Table 7 Dynamic QoS Profiles 93 Table 8 QCE Modification Buttons 105 Table 9 Recommended STA Path Cost Range 140 Table 10 Recommended STA Path Cost...

Page 20: ...20 TABLES...

Page 21: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Page 22: ...22 SECTION I Getting Started...

Page 23: ...Port Authentication Port Security DHCP Snooping with Option 82 relay information IP Source Guard Access Control Lists Supports up to 256 rules DHCP Client DNS Client and Proxy service Port Configurati...

Page 24: ...S priority queueing ensures the minimum delay for moving real time multimedia data across the network While multicast filtering provides support for real time network applications Some of the manageme...

Page 25: ...E LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of...

Page 26: ...ed by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol will choose a single path and disable al...

Page 27: ...ecified interfaces based on protocol type IEEE 802 1Q TUNNELING QINQ This feature is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used...

Page 28: ...ery to manage multicast group registration for IPv4 traffic and MLD Snooping for IPv6 traffic It also supports Multicast VLAN Registration MVR which allows common multicast traffic such as television...

Page 29: ...king LACP all ports Disabled Storm Protection Status Broadcast Enabled 1 kpps Multicast disabled Unknown unicast disabled Status Enabled RSTP Defaults RSTP standard Spanning Tree Algorithm Edge Ports...

Page 30: ...10 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 DHCP Client Disabled Snooping Disabled DNS Proxy service Disabled Multicast Filtering IGMP Snooping Snooping Disabled Querier Disabled MLD Snoopin...

Page 31: ...ve addresses that start 192 168 1 x If the PC and switch are not on the same subnet you must manually set the PC s IP address to 192 168 1 x where x is any number from 1 to 254 except 10 4 Open your w...

Page 32: ...32 CHAPTER 2 Initial Switch Configuration logging out To change the password click Security and then Users Select root from the User Configuration list fill in the Password fields and then click Save...

Page 33: ...detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 35 Configuring the Switch on page 47 Monitoring the Switch...

Page 34: ...34 SECTION II Web Configuration...

Page 35: ...face you must first enter a user name and password The administrator has Read Write access to all configuration parameters and statistics The default user name for the administrator is root The defaul...

Page 36: ...n Action Save Sets specified values to the system Reset Cancels specified values and restores current values prior to pressing Save Logs out of the management interface Displays help for the selected...

Page 37: ...ime 53 Log Configures the logging of messages to a remote logging process specifies the remote log server and limits the type of system log messages sent 55 Ports Configures port connection settings 5...

Page 38: ...transmit data after maximum latency expires regardless queue length 57 Ports2 Configures port connection settings 58 Security 60 Switch 60 Users Configures user names passwords and access levels 61 Pr...

Page 39: ...n the IP Source Guard table or dynamic entries in the DHCP Snooping table 115 Configuration Enables IP source guard and sets the maximum number of clients that can learned dynamically 115 Static Table...

Page 40: ...specified port 162 LLDP Link Layer Discovery Protocol 162 LLDP Configures global LLDP timing parameters and port specific TLV attributes 163 LLDP MED Configures LLDP MED attributes including device l...

Page 41: ...bandwidth and port shaper 199 Port Tag Remarking Provides overview of QoS Egress Port Tag Remarking also sets the remarking mode classified PCP DEI values default PCP DEI values or mapped versions of...

Page 42: ...hows global and port settings for IEEE 802 1X Switch Shows port status for authentication services including 802 1X security state last source address used for authentication and last ID 237 Port Disp...

Page 43: ...ration 265 Statistics Shows statistics for IGMP protocol messages used by MVR 265 MVR Channel Groups Shows information about the interfaces associated with multicast groups assigned to the MVR VLAN 26...

Page 44: ...AN Membership Shows the current port members for all VLANs configured by a selected software module 284 VLAN Port Shows the VLAN attributes of port members for all VLANs configured by a selected softw...

Page 45: ...on the management station 298 Upload Restores configuration settings from a file on the management station 298 1 The Basic Configuration menu is a subset of Advanced Configuration The following config...

Page 46: ...46 CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface...

Page 47: ...ETERS These parameters are displayed System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters...

Page 48: ...ined via DHCP by default If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 1 10 and subnet mask 255 255 255 0 You can manually configure a specific...

Page 49: ...abase based on previous responses to DNS queries forwarded on behalf of attached clients If the required information is not in the local database the switch forwards the DNS query to a DNS server stor...

Page 50: ...n manually configure a link local address by entering the full address with the network prefix FE80 To connect to a larger network with multiple subnets you must configure a global unicast address The...

Page 51: ...its specifies that the first six colon separated values comprise the network portion of the address Router Sets the IPv6 address of the default next hop router An IPv6 default gateway must be defined...

Page 52: ...the switch periodically sends a request for a time update to a configured time server You can configure up to five time server IP addresses The switch will attempt to poll each server in the configur...

Page 53: ...ht and mornings have less This is known as Daylight Savings Time or Summer Time Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn PATH Basic Ad...

Page 54: ...ime basis From Start time for summer time To End time for summer time Offset The number of minutes to add during Daylight Saving Time Range 1 1440 WEB INTERFACE To set the time zone or Daylight Saving...

Page 55: ...ge to send log messages to syslog servers or other management stations You can also limit the event messages sent to specified types PATH Basic Advanced Configuration System Log COMMAND USAGE When rem...

Page 56: ...rver which will be sent syslog messages Syslog Level Limits log messages that are sent to the remote syslog server for the specified types Messages options include the following Info Send informations...

Page 57: ...circuits powered up when traffic is transmitted The devices can exchange information about the device wakeup time using LLDP protocol To maximize power savings the circuit is not started as soon as da...

Page 58: ...ETERS These parameters are displayed Link Indicates if the link is up or down Speed Sets the port speed and duplex mode using auto negotiation or manual selection The following options are supported D...

Page 59: ...port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment att...

Page 60: ...r the Secure Socket Layer SSL static configuration of client addresses and SNMP General Security Measures Network menu This switch supports many methods of segregating traffic for clients attached to...

Page 61: ...which provides read only access and privilege level 10 which also provides read write access To perform system maintenance software upload factory defaults etc the user s privilege level should be se...

Page 62: ...GURING USER PRIVILEGE LEVELS Use the Privilege Levels page to set the privilege level required to read or configure specific software modules or system settings PATH Advanced Configuration Security Sw...

Page 63: ...l group can be configured to access the following modules or system settings Configuration Read only Configuration Execute Read write Status Statistics Read only and Status Statistics Read write e g c...

Page 64: ...d on the switch or can be controlled with a RADIUS or TACACS remote access authentication server Note that the RADIUS servers used to authenticate client access for IEEE 802 1X port authentication are...

Page 65: ...ss the network through the switch This accounting can be used to provide reports auditing and billing for services that users have accessed By default management access is always checked against the a...

Page 66: ...ication method Options None Local RADIUS TACACS Default Local Selecting the option None disables access through the specified management interface Fallback Uses the local user database for authenticat...

Page 67: ...for management via the SSH protocol The switch supports both SSH Version 1 5 and 2 0 clients SSH service on this switch only supports password authentication The password can be authenticated either l...

Page 68: ...d connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The following web browsers and operating syste...

Page 69: ...ed Configuration Security Switch Access Management PARAMETERS These parameters are displayed Mode Enables or disables filtering of management access based on configured IP addresses Default Disabled S...

Page 70: ...e These objects are defined in a Management Information Base MIB that provides a standard presentation of the information controlled by the agent SNMP defines both the format of the MIB specifications...

Page 71: ...riv private default_rw_group default_view default_view Community string only v2c noAuth NoPriv user defined user defined user defined user defined Community string only v3 noAuth NoPriv user defined d...

Page 72: ...D The SNMPv3 engine ID Range 10 64 hex digits excluding a string of all 0 s or all F s Default 800007e5017f000001 An SNMPv3 engine is an independent SNMP agent that resides on the switch This engine p...

Page 73: ...ement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a res...

Page 74: ...uration Security Switch SNMP System 2 In the SNMP System Configuration table set the Mode to Enabled to enable SNMP service on the switch specify the SNMP version to use change the community access st...

Page 75: ...to authorize access by SNMP v1 and v2c clients should be listed in the SNMPv3 Communities Configuration table For security reasons you should consider removing the default strings PATH Advanced Confi...

Page 76: ...these strings for security reasons 3 Add any new community strings required for SNMPv1 or v2 clients that need to access the switch along with the source address and address mask for each client 4 Cl...

Page 77: ...of user connecting to the SNMP agent Range 1 32 characters ASCII characters 33 126 only Security Level The security level assigned to the user NoAuth NoPriv There is no authentication or encryption us...

Page 78: ...odel The user security model Options SNMP v1 v2c or the User based Security Model usm Security Name The name of a user connecting to the SNMP agent Range 1 32 characters ASCII characters 33 126 only T...

Page 79: ...ct user access to specified portions of the MIB tree The predefined view default_view includes access to the entire MIB tree CLI REFERENCES SNMP Commands on page 330 PARAMETERS These parameters are di...

Page 80: ...rity Switch SNMP Access PARAMETERS These parameters are displayed Group Name The name of the SNMP group Range 1 32 characters ASCII characters 33 126 only Security Model The user security model Option...

Page 81: ...nect to the management agent it will continue to perform any specified tasks and pass data back to the management station the next time it is contacted The switch supports mini RMON which consists of...

Page 82: ...Configuration CONFIGURING RMON HISTORY SAMPLES Use the RMON History Configuration page to collect statistics on a physical interface to monitor network utilization packet types and errors A historica...

Page 83: ...ling interval and maximum number of buckets requested 4 Click Save Figure 26 RMON History Configuration CONFIGURING RMON ALARMS Use the RMON Alarm Configuration page to define specific criteria that w...

Page 84: ...he thresholds Value The value of the statistic during the last sampling period Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the threshold...

Page 85: ...event will be generated Range 1 65535 WEB INTERFACE To configure an RMON alarm 1 Click Advanced Configuration Security Switch RMON Alarm 2 Click Add New Entry 3 Enter an index number the polling inter...

Page 86: ...e SNMP trap configuration page see Setting SNMPv3 Community Access Strings on page 75 prior to configuring it here Range 0 127 characters Last Event Time The value of sysUpTime when an event was last...

Page 87: ...rity will use the shortest requested aging period of all modules that use this functionality Range 10 10 000 000 seconds Default 3600 seconds Port Configuration Port Port identifier Mode Controls whet...

Page 88: ...ontrol is either globally disabled or disabled on the port Ready The limit is not yet reached This can be shown for all Actions Limit Reached Indicates that the limit is reached on this port This stat...

Page 89: ...02 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication Access to all switch ports...

Page 90: ...sed authentication is MD5 The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials and responds with an ac...

Page 91: ...nabled or disabled on the switch If globally disabled all ports are allowed to forward frames Reauthentication Enabled Sets clients to be re authenticated after an interval specified by the Re authent...

Page 92: ...itch will ignore new frames coming from the client during the hold time RADIUS Assigned QoS Enabled RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming...

Page 93: ...e by using a semicolon to separate each profile For example the attribute service policy in pp1 rate limit input 100 specifies that the diffserv profile name is pp1 and the ingress rate limit profile...

Page 94: ...ings determine whether RADIUS assigned VLAN is enabled for that port When unchecked RADIUS server assigned VLAN is disabled for all ports When RADIUS Assigned VLAN is both globally enabled and enabled...

Page 95: ...s are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick wa...

Page 96: ...ransmits an EAPOL Request Identity frame without receiving a response before adding a port to the Guest VLAN The value can only be changed if the Guest VLAN option is globally enabled Range 1 255 Allo...

Page 97: ...ast MAC address as the destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Co...

Page 98: ...ically learned on this port are removed from the common address table Authenticated MAC addresses are stored as dynamic entries in the switch s secure MAC address table Configured static MAC addresses...

Page 99: ...MAC Based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules reauthentication to whenever the quiet period of the port runs out EAPOL based...

Page 100: ...matches a permit rule or dropped as soon as it matches a deny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting co...

Page 101: ...ring Local Port Mirroring on page 212 ACL based port mirroring set by this parameter and port mirroring set on the general Mirror Configuration page are implemented independently To use ACL based mirr...

Page 102: ...L will be applied 4 Click Save Figure 32 ACL Port Configuration CONFIGURING RATE LIMITERS Use the ACL Rate Limiter Configuration page to define the rate limits applied to a port as configured either t...

Page 103: ...ltering rules for an ACL policy for a specific port or for all ports Rules applied to a port take effect immediately while those defined for a policy must be mapped to one or more ports using the ACL...

Page 104: ...rotocol type TTL IP fragment IP option flag source destination IP VLAN ID VLAN priority PARAMETERS These parameters are displayed ACCESS CONTROL LIST CONFIGURATION Ingress Port The ingress port of the...

Page 105: ...r filter for this ACE Any No policy filter is specified i e don t care Specific If you want to filter a specific policy with this ACE choose this value Two fields for entering an policy value and bitm...

Page 106: ...ress Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Network specifies the sender IP address and sender IP mask in the SIP Address and SIP Ma...

Page 107: ...owed 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Default Any IPv4 MAC Parameters DMAC Filt...

Page 108: ...st match this entry Default Any TCP PSH Specifies the TCP Push Function PSH value for this rule Options Any any value is allowed 0 TCP frames where the PSH field is set must not match this entry 1 TCP...

Page 109: ...on IP mask in the DIP Address and DIP Mask fields Default Any Response to take when a rule is matched Action Permits or denies a frame based on whether it matches an ACL rule Default Permit Rate Limit...

Page 110: ...B INTERFACE To configure an Access Control List for a port or a policy 1 Click Advanced Configuration Security Network ACL Access Control List 2 Click the button to add a new ACL or use the other ACL...

Page 111: ...c bindings configured with IP Source Guard DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port related information to a DHCP server This informa...

Page 112: ...CP packet is a reply packet from a DHCP server including OFFER ACK or NAK messages the packet is dropped If a DHCP DECLINE or RELEASE message is received from a client the switch forwards the packet o...

Page 113: ...rwarded to trusted ports and reply packets only allowed from trusted ports Default Disabled Port Port identifier Mode Enables or disables a port as a trusted source of DHCP messages Default Trusted WE...

Page 114: ...o which they are connected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire...

Page 115: ...ddress of a neighbor to access the network CONFIGURING GLOBAL AND PORT SETTINGS FOR IP SOURCE GUARD Use the IP Source Guard Configuration page to filter traffic on an insecure port which receives mess...

Page 116: ...inding the packet will be forwarded If IP source guard if enabled on an interface for which IP source bindings have not yet been configured neither by static configuration in the IP source guard bindi...

Page 117: ...Source Guard CONFIGURING STATIC BINDINGS FOR IP SOURCE GUARD Use the Static IP Source Guard Table to bind a static address to a port Table entries include a port identifier VLAN identifier IP address...

Page 118: ...o static IP source guard binding Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed Port The port to which a static entry is bound VLAN ID ID of a config...

Page 119: ...tion is controlled on a global and port basis By default ARP Inspection is disabled both globally and on all ports If ARP Inspection is globally enabled then it becomes active only on the ports where...

Page 120: ...Default Disabled Translate dynamic to static Click to translate all dynamic entries to static entries Port Mode Configuration Port Port identifier Mode Enables Dynamic ARP Inspection on a given port O...

Page 121: ...packets to any entries specified in the static ARP table If no static entry matches the packets then the DHCP snooping bindings database determines their validity PATH Advanced Configuration Security...

Page 122: ...equest Range 3 3600 seconds Default 15 seconds Dead Time The time after which the switch considers an authentication server to be dead if it does not reply Range 0 3600 seconds Default 300 seconds Set...

Page 123: ...ement access in the web interface 1 Click Advanced Configuration Security AAA 2 Configure the authentication method for management client types the common server timing parameters and address UDP port...

Page 124: ...he standby ports will automatically be activated to replace it USAGE GUIDELINES Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a...

Page 125: ...te a balanced load across all links in a trunk the switch uses a hash algorithm to calculate an output link number in the trunk However depending on the device to which a trunk is connected and the tr...

Page 126: ...ent hosts Do not use this mode for switch to server trunk links where the destination IP address is the same for all traffic One of the defaults TCP UDP Port Number All traffic with the same source an...

Page 127: ...target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically be assigned the next available tr...

Page 128: ...Default Auto Select the Specific option to manually configure a key Use the Auto selection to automatically set the key based on the actual link speed where 10Mb 1 100Mb 2 and 1Gb 3 Role Configures a...

Page 129: ...ection USAGE GUIDELINES The default settings for the control frame transmit interval and recover time may be adjusted to improve performance for your specific environment The response mode may also ne...

Page 130: ...iguration Port Port identifier Enable Enables loopback detection on a port Default Enabled Action Configures the response to take when a loop is detected on a port Options Shutdown Port Shutdown Port...

Page 131: ...1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s STP STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router...

Page 132: ...e number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to ch...

Page 133: ...t of the running spanning tree algorithm between switches that support the STP RSTP MSTP protocols Once you specify the VLANs to include in a Multiple Spanning Tree Instance MSTI the protocol will aut...

Page 134: ...lowing for faster convergence of a new topology for the failed instance To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP conf...

Page 135: ...becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Note that references to ports in this section mean...

Page 136: ...uthorized device The BPDU guard feature provides a secure response to invalid configurations because an administrator must manually enable the port Default Disabled Port Error Recovery Controls whethe...

Page 137: ...l area of your network However remember that you must configure all bridges that exist within the same MSTI Region with the same set of instances and the same instance on each bridge with the same set...

Page 138: ...pped VLANs to assign to this MST instance The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI Range 1 4094 WEB INTERFACE To add VLAN groups to an MSTP instance 1...

Page 139: ...16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 Default 128 Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the ST...

Page 140: ...ration settings can be applied to all trunks STP Enabled Sets the interface to enable STA disable STA or disable STA with BPDU transparency Default Enabled BPDU transparency is commonly used to suppor...

Page 141: ...e highest priority the port with lowest numeric identifier will be enabled Range 0 240 in steps of 16 Default 128 Admin Edge Fast Forwarding You can enable this option if an interface is attached to a...

Page 142: ...eceiving BPDUs It can prevent loops by shutting down an port when a BPDU is received instead of putting it into the spanning tree discarding state The BPDU guard feature provides a secure response to...

Page 143: ...ns interfaces which includes both ports and trunks PATH Basic Advanced Configuration Spanning Tree MSTI Ports PARAMETERS These parameters are displayed Port Port identifier This field is not applicabl...

Page 144: ...MSTI Port Configuration MULTICAST VLAN REGISTRATION Multicast VLAN Registration MVR is a protocol that controls access to a single network wide VLAN most commonly used for transmitting multicast traff...

Page 145: ...SAGE General Configuration Guidelines for MVR 1 Enable MVR globally on the switch and select the MVR VLAN 2 Set the interfaces that will join the MVR as source ports or receiver ports 3 If you are sur...

Page 146: ...c MVR allows dynamic MVR membership reports on source ports This is the default Compatible MVR membership reports are forbidden on source ports Tagging Specifies whether the traversed IGMP MLD control...

Page 147: ...an MVR receiver Just remember that only IGMP version 2 or 3 hosts can issue multicast leave messages If a version 1 host is receiving multicast traffic the switch can only remove the interface from th...

Page 148: ...able set of hosts Only IGMP version 2 or 3 hosts can issue multicast join or leave messages If MVR must be configured for an IGMP version 1 host the multicast groups must be statically assigned using...

Page 149: ...SNOOPING Multicasting is used to support real time applications such as videoconferencing or streaming audio A multicast server does not have to establish a separate connection with each client It mer...

Page 150: ...to all ports and possibly disrupting network performance If multicast routing is not supported on other switches in your network you can use IGMP Snooping and IGMP Query to monitor IGMP service reques...

Page 151: ...est service from a specific source for a multicast service these sources are all placed in the Include list and traffic is forwarded to the hosts from each of these sources IGMPv3 hosts may also reque...

Page 152: ...terfaces within the switch Fast Leave Immediately deletes a member port of a multicast service if a leave packet is received at that port Default Disabled The switch can be configured to immediately d...

Page 153: ...TINGS FOR IGMP SNOOPING AND QUERY Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping and query for a VLAN interface PATH Advanced Configuration IPMC IGMP Snooping VLAN Configurat...

Page 154: ...dicating that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 the maximum...

Page 155: ...ult 1 second WEB INTERFACE To configure VLAN settings for IGMP snooping and query 1 Click Configuration IPMC IGMP Snooping VLAN Configuration 2 Adjust the IGMP settings as required 3 Click Save Figure...

Page 156: ...ts with users that want to receive it This reduces the flooding of IPv6 multicast packets in the specified VLANs This switch supports MLD protocol version 1 MLDv1 control packets include Listener Quer...

Page 157: ...ies are learned If no router port is configured in the attached VLAN and Unregistered IPMCv6 Flooding is disabled any subsequent multicast traffic not found in the table is dropped otherwise it is flo...

Page 158: ...Disabled If MLD snooping cannot locate the MLD querier you can manually designate a port which is connected to a known MLD querier i e a multicast router switch This interface will then join all the...

Page 159: ...global and port related settings for MLD Snooping 1 Click Configuration IPMC MLD Snooping Basic Configuration 2 Adjust the MLD settings as required 3 Click Save Figure 59 Configuring Global and Port r...

Page 160: ...Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network Range MLD Auto Forced MLDv1 Forced MLDv2 De...

Page 161: ...e the group by sending out an MLD group specific or group and source specific query message and starts a timer If no reports are received before the timer expires the group record is deleted and a rep...

Page 162: ...port are checked against the these groups If a requested multicast group is denied the MLD report is dropped WEB INTERFACE To configure MLD Snooping Port Group Filtering 1 Click Configuration IPMC ML...

Page 163: ...agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner TTL in seconds is based on the following rule Transmission Interval Tr...

Page 164: ...r devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch When CDP awareness for a port is disabled the CDP information is not removed immediately but will b...

Page 165: ...enterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual...

Page 166: ...in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Con...

Page 167: ...Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Pr...

Page 168: ...y Call Service e g 911 and others such as defined by TIA or NENA ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN t...

Page 169: ...uto generated and will be used when selecting the polices that will be mapped to the specific ports Application Type Intended use of the application types Voice For use by dedicated IP Telephony hands...

Page 170: ...E 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame for...

Page 171: ...CE To configure LLDP MED TLVs 1 Click Configuration LLDP MED 2 Modify any of the timing parameters as required 3 Set the fast start repeat count descriptive information for the end point device and po...

Page 172: ...normally It then sends a second PoE Plus pulse that causes an 802 3at PD to respond as a Class 4 device and draw Class 4 current Afterwards the switch exchanges information with the PD such as duty cy...

Page 173: ...the port will reserve power using the class mode In this mode the Maximum Power fields have no effect For all modes if a port uses more power than the power reserved for that port it is shut down Powe...

Page 174: ...est priority will be turn off starting from the port with the highest port number Maximum Power The maximum power that can be delivered to a remote device Range 0 34 2 Watts depending on the PoE mode...

Page 175: ...ntry is discarded Range 10 1000000 seconds Default 300 seconds MAC Table Learning Auto Learning is done automatically as soon as a frame with an unknown source MAC address is received This is the defa...

Page 176: ...not be written to the address table Port Members Port identifier WEB INTERFACE To configure the MAC Address Table 1 Click Configuration MAC Table 2 Change the address aging time if required 3 Specify...

Page 177: ...IP subnets VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN feature...

Page 178: ...ort Members Port identifier Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VL...

Page 179: ...ass these frames on to the VLAN indicated in the outer tag It will not strip the outer tag nor change any components of the tag other than the EtherType field Port Port identifier Port Type Configures...

Page 180: ...itted from the port The assigned VLAN ID can be based on the ingress tag for tagged frames or the default PVID for untagged ingress frames Note that this mode is normally used for ports connected to V...

Page 181: ...nk ports and can not communicate with any other ports on the switch except for the uplink ports Ports assigned to both a private VLAN and an 802 1Q VLAN are designated as uplink ports and can communic...

Page 182: ...ACE To configure VLAN port members for private VLANs 1 Click Configuration Private VLANs PVLAN Membership 2 Add or delete members of any existing PVLAN or click Add New Private VLAN and mark the port...

Page 183: ...ddresses When MAC based VLAN classification is enabled untagged frames received by a port are assigned to the VLAN which is mapped to the frame s source MAC address When no MAC address is matched unta...

Page 184: ...annot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This...

Page 185: ...fields displayed depend on the selected frame type Ethernet EtherType value Range 0x0600 0xffff Default 0x0800 LLC Includes the DSAP Destination Service Access Point and SSAP Source Service Access Poi...

Page 186: ...S Use the Group Name to VLAN Mapping Table to map a protocol group to a VLAN for each interface that will participate in the group PATH Advanced Configuration VCL Protocol based VLANs Group to VLAN CO...

Page 187: ...LAN to which the protocol traffic will be forwarded 4 Select the ports which will be assigned to this protocol VLAN 5 Click Save Figure 72 Assigning Ports to Protocol VLANs CONFIGURING IP SUBNET BASED...

Page 188: ...annot be a broadcast or multicast IP address When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last PARA...

Page 189: ...sly affect voice quality The switch allows you to specify a Voice VLAN for the network and set a service priority for the VoIP traffic VoIP traffic can be detected on switch ports by using the source...

Page 190: ...rt The port will not detect VoIP traffic or be added to the Voice VLAN Auto3 The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port You must select a met...

Page 191: ...OUI table lookup and LLDP are used to detect VoIP traffic on a port This option only works when the detection mode is set to Auto LLDP should also be enabled before setting the discovery protocol to...

Page 192: ...nges to the OUI table will restart the auto detection process for attached VoIP devices PATH Advanced Configuration Voice VLAN OUI PARAMETERS These parameters are displayed Telephony OUI Specifies a g...

Page 193: ...ckets in a port s high priority queue will be transmitted before those in the lower priority queues You can set the default priority for each interface the queuing mode and queue weights The switch al...

Page 194: ...rt Classification see page 204 QoS Ingress Port Tag Classification Tag Classification Sets classification mode for tagged frames on this port Disabled Uses the default QoS class and DP level for tagge...

Page 195: ...es 1 Click Advanced Configuration QoS Port Classification 2 Click on the value displayed in the Tag Class field 3 Set the tag classification mode to Disabled to use the default QoS class and DP level...

Page 196: ...ded without any changes PATH Advanced Configuration QoS Port Policing PARAMETERS These parameters are displayed Port Port identifier Enabled Enables or disables port policing on a port Rate Controls t...

Page 197: ...ach queue Options Strict Weighted Default Strict DWRR services the queues in a manner similar to WRR but the next queue is serviced only when the queue s Deficit Counter becomes smaller than the packe...

Page 198: ...per The default value is 500 This value is restricted to 100 1000000 kbps or 1 3300 Mbps Unit Controls the unit of measure for the port shaper rate as kbps or Mbps Default kbps WEB INTERFACE To show a...

Page 199: ...oS Egress Port Shapers including the rate for each queue and port Click on any of the entries in the Port field to configure egress queue mode queue shaper rate and access to excess bandwidth and port...

Page 200: ...hapers CONFIGURING PORT REMARKING MODE Use the QoS Egress Port Tag Remarking page to show an overview of QoS Egress Port Tag Remarking mode Click on any of the entries in the Port field to configure t...

Page 201: ...arks matching egress frames with the specified Priority Code Point or User Priority value Range 0 7 Default 0 DEI Remarks matching egress frames with the specified Drop Eligible Indicator Range 0 1 De...

Page 202: ...CHAPTER 4 Configuring the Switch Quality of Service 202 Figure 83 Configuring Port Tag Remarking Mode...

Page 203: ...see page 205 All Classify all DSCP Egress Rewrite Configures port egress rewriting of DSCP values Disable Egress rewriting is not performed Enable Egress rewriting is performed without remapping Rema...

Page 204: ...es with trusted DSCP values are mapped to a specific QoS class and drop level DPL Frames with untrusted DSCP values are treated as non IP frames QoS Class QoS value to which the corresponding DSCP val...

Page 205: ...s ingress translation of DSCP values based on the specified classification method Ingress Classify Enable Classification at ingress side as defined in the QoS Port DSCP Configuration table see page 20...

Page 206: ...ce level PATH Advanced Configuration QoS DSCP Classification PARAMETERS These parameters are displayed QoS Class DPL Shows the mapping options for QoS class values and DP drop precedence levels DSCP D...

Page 207: ...ss drop precedence level and DSCP value defined by that entry Traffic not matching any of the QCEs are classified to the default QoS Class for the port PATH Advanced Configuration QoS QoS Control List...

Page 208: ...he following buttons are used to edit or move the QCEs Table 12 QCE Modification Buttons Button Description Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the Q...

Page 209: ...nd a Protocol ID Options for PID Any Specific 0x00 0xffff Default Any If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNA...

Page 210: ...e frame s content If a frame matches the QCE the following actions will be taken Class Classified QoS Class If a frame matches the QCE it will be put in the queue corresponding to the specified QoS cl...

Page 211: ...ams are not well designed or properly configured Traffic storms caused by any of these problems can severely degrade performance or bring your network to a complete halt You can protect your network f...

Page 212: ...m control for unknown unicast broadcast or multicast traffic by marking the Status box next to the required frame type 3 Select the control rate as a function of 2n pps i e a value with no suffix for...

Page 213: ...Port identifier Source Sets the source port from which traffic will be mirrored Select one of these options Disabled No frames are mirrored from this port Both Frames received and transmitted on this...

Page 214: ...t RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSPAN VLAN through IEEE 802 1Q trunk or hybrid ports that carry it to any RSPAN destination...

Page 215: ...figured as an RSPAN source intermediate or destination type static and dynamic trunks are not allowed A port can only be configured as one type of RSPAN interface source intermediate or destination On...

Page 216: ...tch through which mirrored traffic is passed on to the RSPAN VLAN The reflector port only applies to Source switch type MAC Table learning and STP must be disabled on the reflector port Port Port Iden...

Page 217: ...tion Mirroring RSPAN 2 Set the Mode to Enabled and the Type to Intermediate 3 Select the intermediate ports through which all mirrored traffic will be forwarded to other switches 4 Click Save Figure 9...

Page 218: ...step in UPnP networking is discovery When a device is added to the network the UPnP discovery protocol allows that device to broadcast its services to control points on the network Similarly when a co...

Page 219: ...entry and select Properties to display a list of device attributes advertised through UPnP PATH Advanced Configuration UPnP PARAMETERS These parameters are displayed Mode Enables disables UPnP on the...

Page 220: ...ved even at high traffic levels As the Collector receives streams from the various sFlow agents other switches or routers throughout the network a timely network wide picture of utilization and traffi...

Page 221: ...DP port timeout maximum datagram size sampling rate and maximum header size While active the current time left can be updated by clicking the Refresh button If locally managed the timeout can be chang...

Page 222: ...ng the Switch Configuring sFlow WEB INTERFACE To configure flow sampling 1 Click Advanced Configuration sFlow 2 Set the parameters for flow receiver flow sampler and counter poller 3 Click Save Figure...

Page 223: ...splaying the device name location and contact information PATH Monitor System Information PARAMETERS These parameters are displayed System To configure the following items see Configuring System Infor...

Page 224: ...ation Figure 97 System Information DISPLAYING CPU UTILIZATION Use the CPU Load page to display information on CPU utilization The load is averaged over the last 100ms 1sec and 10 seconds intervals The...

Page 225: ...the logged system and event messages PATH Monitor System Log PARAMETERS These parameters are displayed Display Filter Level Specifies the type of log messages to display Info Informational messages on...

Page 226: ...isplay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entri...

Page 227: ...TS You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the number of p...

Page 228: ...r of frames received with errors and the number of incomplete transmissions Drops Received Transmitted The number of frames discarded due to ingress or egress congestion Filtered Received The number o...

Page 229: ...ntry index Frame Type Indicates the type of frame to look for in incoming frames Possible frame types are Any Ethernet LLC SNAP IPv4 IPv6 Port Port identifier Action Indicates the classification actio...

Page 230: ...s a faulty port or unusually heavy loading All values displayed have been accumulated since the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by defau...

Page 231: ...han 64 octets long excluding framing bits but including FCS octets and were otherwise well formed Rx Oversize The total number of frames received that were longer than the configured maximum frame len...

Page 232: ...232 CHAPTER 5 Monitoring the Switch Displaying Information About Ports WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 105 Detailed Port Statistics...

Page 233: ...Management Statistics USAGE GUIDELINES Statistics will only be displayed on this page if access management is enabled on the Access Management Configuration menu see page 69 and traffic matching one...

Page 234: ...es to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules that may request port security services and on...

Page 235: ...ed on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count The two columns indicate the number of currently learned MAC addresses forwarding as well as...

Page 236: ...ive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blo...

Page 237: ...frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received...

Page 238: ...RADIUS Authentication Server PATH Monitor Security Network NAS Port PARAMETERS These parameters are displayed Port State Admin State The port s current administrative state Refer to NAS Admin State f...

Page 239: ...number of EAPOL frames of any type that have been transmitted by the switch Request ID The number of EAPOL Request Identity frames that have been transmitted by the switch Requests The number of vali...

Page 240: ...Server Counters Responses 802 1X based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communicat...

Page 241: ...AC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attach...

Page 242: ...es the ACL user see Configuring User Privilege Levels on page 62 for a list of software modules Ingress Port Indicates the ingress port to which the ACE applies Possible values are Any The ACE will ma...

Page 243: ...is 1 to 15 Port Redirect Indicates the port redirect operation implemented by the ACE Frames matching the ACE are redirected to the listed port Mirror Indicates the port mirror operation implemented...

Page 244: ...mber of ACK option 53 with value 5 packets received and transmitted Rx Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx Tx Release The number of release option 53 wi...

Page 245: ...number of packets relayed from the client to the server Transmit Error The number of packets containing errors that were sent to clients Receive from Server The number of packets received from the ser...

Page 246: ...s relay information Keep Agent Option The number of packets received where the DHCP client packet information was retained Drop Agent Option The number of packets that were dropped because they alread...

Page 247: ...ntries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per p...

Page 248: ...umber of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet...

Page 249: ...rmed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Bad Authenticators The number...

Page 250: ...onds left Access attempts were made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the dead time expires The num...

Page 251: ...server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other Info IP Address IP address and UDP port for the accounting serve...

Page 252: ...ring the Switch Displaying Information on Authentication Servers WEB INTERFACE To display statistics for configured authentication and accounting servers click Monitor Security AAA RADIUS Details Figu...

Page 253: ...events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of pa...

Page 254: ...statistics on a physical interface including network utilization packet types and errors PATH Monitor Security Switch RMON History PARAMETERS These parameters are displayed History Index Index of Hist...

Page 255: ...sampling the selected variable and calculating the value to be compared against the thresholds For more information see Configuring RMON Alarms on page 83 Value The value of the statistic during the l...

Page 256: ...ch RMON Alarm Figure 120 RMON Alarm Overview DISPLAYING RMON EVENT SETTINGS Use the RMON Alarm Event page to display configured event settings PATH Monitor Security Switch RMON Event PARAMETERS These...

Page 257: ...oup LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Partner Priority This priority is used to determine LAG membership and to id...

Page 258: ...he LACP protocol i e its MAC address Partner Port The partner port connected to this local port Partner Priority The partner port priority used to select a backup link WEB INTERFACE To display LACP st...

Page 259: ...conditions PATH Monitor Loop Protection PARAMETERS These parameters are displayed Port Port identifier Action Configured port action i e the response to take when a loop is detected on a port Transmi...

Page 260: ...s are displayed STA Bridges MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC addre...

Page 261: ...gured during a one second interval CIST Ports Aggregations State Port Port Identifier Port ID The port identifier as used by the RSTP protocol This consists of the priority part and the logical port i...

Page 262: ...es a connection to exactly one other bridge The flag may be automatically computed or explicitly configured The point to point properties of a port affect how fast it can transition RSTP states Uptime...

Page 263: ...topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is an alternate or backup port that may provide connectivi...

Page 264: ...rotocol packets crossing each port PATH Monitor Spanning Tree Port Statistics PARAMETERS These parameters are displayed Port Port Identifier MSTP The number of MSTP Configuration BPDU s received trans...

Page 265: ...tor MVR Statistics PARAMETERS These parameters are displayed VLAN ID Identifier of the VLAN that serves as the channel for streaming multicast services using MVR IGMP MLD Queries Received Number of re...

Page 266: ...ETERS These parameters are displayed Statistics VLAN ID Identifier of the VLAN that serves as the channel for streaming multicast services using MVR V1 Reports Received The number of IGMP V1 reports r...

Page 267: ...ARAMETERS These parameters are displayed VLAN ID VLAN identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN I...

Page 268: ...stream multicast router switch PATH Monitor IPMC IGMP Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version IGMP version used by the switch when...

Page 269: ...an interface on this switch WEB INTERFACE To display IGMP snooping status information click Monitor IGMP Snooping Status Figure 133 IGMP Snooping Status SHOWING IGMP SNOOPING GROUP INFORMATION Use th...

Page 270: ...TERS These parameters are displayed VLAN ID VLAN identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID por...

Page 271: ...orts connected to an upstream multicast router switch PATH Monitor IPMC MLD Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version MLD version use...

Page 272: ...o an interface on this switch WEB INTERFACE To display MLD snooping status information click Monitor MLD Snooping Status Figure 136 MLD Snooping Status SHOWING MLD SNOOPING GROUP INFORMATION Use the M...

Page 273: ...S These parameters are displayed VLAN ID VLAN Identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID port n...

Page 274: ...t devices connected directly to the switch s ports which are advertising information through LLDP PATH Monitor LLDP Neighbors PARAMETERS These parameters are displayed Local Port The local port to whi...

Page 275: ...The IPv4 address of the remote device If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement If the neighbor device allows m...

Page 276: ...any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of TIA 1057 applicable to both Media Endpoints Class II and Generic Endpoints Class I...

Page 277: ...information embedded L2 switch support inventory management Capabilities The neighbor unit s LLDP MED capabilities LLDP MED capabilities Network Policy Location Identification Extended Power via MDI P...

Page 278: ...ved Power Source The Source represents the power source being utilized by a PSE or PD device For a PSE device it can run on its Primary Power Source or Backup Power Source If it is unknown what power...

Page 279: ...nk partner s fallback receive Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discrete levels for savings this...

Page 280: ...y LLDP neighbor EEE information click Monitor LLDP EEE Figure 142 LLDP Neighbor EEE Information DISPLAYING LLDP PORT STATISTICS Use the LLDP Port Statistics page to display statistics on LLDP global c...

Page 281: ...s as well as any specific usage rules defined for the particular Type Length Value TLV TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs If a TLV is malformed it...

Page 282: ...mum power it will use The PD classes include Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested Amount of power...

Page 283: ...ut fields allow you to select the starting point in the table Type Indicates whether the entry is static or dynamic Dynamic MAC addresses are learned by monitoring the source address for traffic enter...

Page 284: ...Web or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server MVR Eliminates the need to duplicate multicast traffic...

Page 285: ...ption of the software modules that use VLAN management services Port Port Identifier PVID The native VLAN assigned to untagged frames entering this port Port Type Shows whether or not a port processes...

Page 286: ...us click Monitor VLANs VLAN Port 2 Select a software module from the drop down list on the right side of the page Figure 147 Showing VLAN Port Status DISPLAYING INFORMATION ABOUT MAC BASED VLANS Use t...

Page 287: ...ATION ABOUT FLOW SAMPLING Use the sFlow Statistics page to display information on sampled traffic including the owner receiver address remaining sampling time and statistics for UDP control packets an...

Page 288: ...ge Diagnostics Ping Ping6 Flow Samples The total number of flow samples sent to the sFlow receiver Counter Samples The total number of counter samples sent to the sFlow receiver Port Statistics Port P...

Page 289: ...289 CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling WEB INTERFACE 1 To display information on sampled traffic click Monitor sFlow Figure 149 Showing sFlow Statistics...

Page 290: ...290 CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling...

Page 291: ...IPv4 address consists of 4 numbers 0 to 255 separated by periods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the app...

Page 292: ...an IPv4 or IPv6 Address After you press Start the sequence number and round trip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are recei...

Page 293: ...faults that can occur on Category 5 twisted pair cabling WEB INTERFACE To run cable diagnostics 1 Click Diagnostics VeriPHY 2 Select all ports or indicate a specific port for testing 3 Click Start If...

Page 294: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 294...

Page 295: ...aving configuration settings and resetting the switch RESTARTING THE SWITCH Use the Restart Device page to restart the switch PATH Maintenance Restart Device WEB INTERFACE To restart the switch 1 Clic...

Page 296: ...1 Click Maintenance Factory Defaults 2 Click Yes The factory defaults are immediately restored which means that no reboot is necessary Figure 153 Factory Defaults UPGRADING FIRMWARE Use the Software...

Page 297: ...a frequency of 10 Hz while the firmware update is in progress Do not reset or power off the device at this time or the switch may fail to function afterwards Figure 154 Software Upload ACTIVATING THE...

Page 298: ...Click Maintenance Configuration Save 2 Click the Save configuration button 3 Specify the directory and name of the file under which to save the current configuration settings The configuration file i...

Page 299: ...tion Files WEB INTERFACE To restore your current configuration settings 1 Click Maintenance Configuration Upload 2 Click the Browse button and select the configuration file 3 Click the Upload button t...

Page 300: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 300...

Page 301: ...301 SECTION III APPENDICES This section provides additional information and includes these items Software Specifications on page 303 Troubleshooting on page 307 License Information on page 309...

Page 302: ...302 SECTION III Appendices...

Page 303: ...0 Mbps at half full duplex 1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast...

Page 304: ...traffic policing and egress traffic shaping MULTICAST FILTERING IGMP Snooping IPv4 MLD Snooping IPv6 Multicast VLAN Registration ADDITIONAL FEATURES DHCP Client Relay Option 82 DNS Client Proxy Flow S...

Page 305: ...E 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging ARP RFC 826 DHCP Client RFC 2131 DHCPv6 Cl...

Page 306: ...636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q Quality of Service MIB RAD...

Page 307: ...e port you are using has not been disabled Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be s...

Page 308: ...switch follow these steps 1 Enable logging 2 Set the error messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages...

Page 309: ...copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and...

Page 310: ...u distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License...

Page 311: ...s These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Page 312: ...ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two...

Page 313: ...according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DHCP Dynamic Host Control Protocol Provides a framework for passing...

Page 314: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Page 315: ...1S An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1W An IEEE standard for the Rapid Spanning Tree Protocol RSTP which...

Page 316: ...by this switch can pass multicast traffic along to participating hosts IP PRECEDENCE The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority l...

Page 317: ...egion and prevents VLAN members from being segmented from the rest of the group MULTICAST SWITCHING A process whereby the switch filters incoming multicast frames for services for which no attached ho...

Page 318: ...rity of one flow or limiting the priority of another flow RADIUS Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to...

Page 319: ...T Defines a remote communication facility for interfacing to a terminal device over TCP IP TFTP Trivial File Transfer Protocol A TCP IP protocol commonly used for software downloads UDP User Datagram...

Page 320: ...GLOSSARY 320...

Page 321: ...ormation option policy 114 DHCP snooping 111 DNS server 49 Domain Name Service See DNS downloading software 296 using HTTP 296 using TFTP 296 drop precedence QoS 194 DSCP classification QoS 206 rewrit...

Page 322: ...m name 164 LLDP MED 166 logging syslog traps 56 to syslog servers 56 log in web interface 35 logon authentication 61 encryption keys 122 RADIUS client 122 RADIUS server 122 settings 122 TACACS client...

Page 323: ...utonegotiation 58 broadcast storm threshold 211 capabilities 58 configuring 58 duplex mode 58 flow control 59 mirroring local traffic 212 mirroring remote traffic 214 multicast storm threshold 211 spe...

Page 324: ...ting 53 system information configuring 47 displaying 223 system logs 225 displaying 225 system software alternate image 297 downloading 296 T TACACS logon authentication 64 122 settings 122 Telnet SSH...

Page 325: ......

Page 326: ......

Reviews:

No comments

Brands by name

Popular brands

Load more brands