manualshive.com logo in svg

Evidence Cross-8/HPoE-10G, User Manual

Share
Download
Evidence Cross-8/HPoE-10G User Manual Download Page 210

a port, the whole port is opened for network traffic. This allows other clients connected
to the port (for instance through a hub) to piggy-back on the successfully authenticated
client and get network access even though they really aren't authenticated. To overcome
this security breach, use the Single 802.1X variant. Single 802.1X is really not an IEEE
standard, but features many of the same characteristics as does port-based 802.1X. In
Single 802.1X, at most one supplicant can get authenticated on the port at a time.
Normal EAPOL frames are used in the communication between the supplicant and the
switch. If more than one supplicant is connected to a port, the one that comes first
when the port's link comes up will be the first one considered. If that supplicant doesn't
provide valid credentials within a certain amount of time, another supplicant will get a
chance. Once a supplicant is successfully authenticated, only that supplicant will be
allowed access. This is the most secure of all the supported modes. In this mode, the

Port Security

  module is used to secure a supplicant's MAC address once successfully

authenticated. 

Multi 802.1X :

In port-based 802.1X authentication, once a supplicant is successfully authenticated on
a port, the whole port is opened for network traffic. This allows other clients connected
to the port (for instance through a hub) to piggy-back on the successfully authenticated
client and get network access even though they really aren't authenticated. To overcome
this security breach, use the Multi 802.1X variant.
Multi 802.1X is really not an IEEE standard, but features many of the same characteristics
as does port-based 802.1X. Multi 802.1X is - like Single 802.1X - not an IEEE standard,
but a variant that features many of the same characteristics. In Multi 802.1X, one or
more  supplicants  can  get  authenticated   on  the  same port  at  the  same time.  Each
supplicant is authenticated individually and secured in the MAC table using the  

Port

Security

 module.

In Multi 802.1X it is not possible to use the multicast BPDU MAC address as destination
MAC address for EAPOL frames sent from the switch towards the supplicant, since that
would cause all supplicants attached to the port to reply to requests sent from the
switch. Instead, the switch uses the supplicant's MAC address, which is obtained from
the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant. An
exception to this is when no supplicants are attached. In this case, the switch sends
EAPOL Request Identity frames using the BPDU multicast MAC address as destination -
to wake up any supplicants that might be on the port.
The maximum number of supplicants that can be attached to a port can be limited
using the 

Port Security Limit Control

 functionality. 

MAC-based Auth.:

Unlike port-based 802.1X, MAC-based authentication is not a standard, but merely a
best-practices method adopted by the industry. In MAC-based authentication, users are
called clients, and the switch acts as the supplicant on behalf of clients. The initial frame
(any kind of frame) sent by a client is snooped by the switch, which in turn uses the
client's MAC address as both username and password in the subsequent EAP exchange
with   the   RADIUS  server.   The   6-byte   MAC  address   is   converted   to   a   string   on   the
following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator between the
lower-cased   hexadecimal   digits.   The   switch   only   supports   the  

MD5-Challenge

authentication method, so the RADIUS server must be configured accordingly.
When   authentication   is   complete,   the   RADIUS   server   sends   a   success   or   failure
indication, which in turn causes the switch to open up or block traffic for that particular
client,   using   the  

Port   Security

  module.   Only   then   will   frames   from   the   client   be

forwarded on the switch. There are no EAPOL frames involved in this authentication,
and therefore, MAC-based Authentication has nothing to do with the 802.1X standard.
The advantage of MAC-based authentication over port-based 802.1X is that several

Summary of Contents for Cross-8/HPoE-10G

Page 1: ......

Page 2: ... 10G GUI User Guide 10 Ports L2 Managed GbE PoE Switch Release A2 2018 Manufacture Corporation All rights reserved All brand and product names are trademarks or registered trademarks of their respective companies 2 ...

Page 3: ...dge of general switch functions the Internet Protocol IP and Hypertext Transfer Protocol HTTP CONVENTIONS The following conventions are used throughout this manual to show information WARRANTY See the Customer Support Warranty booklet included with the product A copy of the specific warranty terms applicable to your Manufacture products and replacement parts can be obtained from your Manufacture S...

Page 4: ......

Page 5: ...2 5 UPNP 44 CHAPTER 3 PORT MANAGEMENT 45 3 1 PORT CONFIGURATION 45 3 2 PORT STATISTICS 48 3 3 SFP PORT INFO 52 3 4 ENERGY EFFICIENT ETHERNET 54 3 5 LINK AGGREGATION 55 3 5 1 Static Configuration 55 3 5 2 LACP Configuration 57 3 5 3 System Status 59 3 5 4 Internal Status 60 3 5 5 Neighbor Status 62 3 5 6 Port Status 64 3 6 LOOP PROTECTION 66 3 6 1 Configuration 66 3 6 2 Status 68 3 7 UDLD 70 3 7 1 ...

Page 6: ... 7 2 DSCP Translation 126 6 7 3 DSCP Classification 128 6 7 4 DSCP Based QoS 130 6 8 QOS CONTROL LIST 132 6 8 1 Configuration 132 6 8 2 Status 137 6 9 QOS STATISTICS 139 6 10 WRED 140 CHAPTER 7 SPANNING TREE 142 7 1 STP CONFIGURATION 142 7 2 MSTI CONFIGURATION 145 7 3 STP STATUS 149 7 4 PORT STATISTICS 153 CHAPTER 8 MAC ADDRESS TABLES 155 8 1 CONFIGURATION 155 8 2 INFORMATION 158 CHAPTER 9 MULTICA...

Page 7: ... 1 1 Account 209 11 1 2 Privilege Levels 211 11 1 3 Auth Method 212 11 1 4 Access Method 215 11 1 5 HTTPS 217 11 2 802 1X 219 11 2 1 Configuration 219 11 2 2 Status 227 11 3 IP SOURCE GUARD 229 11 3 1 Configuration 229 11 3 2 Static Table 231 11 3 3 Dynamic Table 233 11 4 ARP INSPECTION 235 11 4 1 Configuration 235 11 4 2 VLAN Configuration 237 11 4 3 Static Table 239 11 4 4 Dynamic Table 241 11 5...

Page 8: ...11 16 1 CONFIGURATION 311 16 2 STATUS 313 CHAPTER 17 EVENT NOTIFICATION 315 17 1 SNMP TRAP 315 17 2 EMAIL 318 17 3 LOG 320 17 3 1 Syslog 320 17 3 2 View Log 322 17 4 DIGITAL I O 324 17 5 EVENT CONFIGURATION 325 CHAPTER 18 DIAGNOSTICS 327 18 1 PING 327 18 2 TRACEROUTE 329 18 3 CABLE DIAGNOSTICS 331 18 4 MIRRORING 333 18 5 SFLOW 335 18 5 1 Configuration 335 18 5 2 Statistics 338 CHAPTER 19 MAINTENAN...

Page 9: ...19 4 2 Firmware Selection 350 ...

Page 10: ...Revision History ...

Page 11: ...and applications more effectively It provides the ideal combination of affordability and capabilities for entry level networking includes small business or enterprise application and helps you create a more efficient better connected workforce Cross 8 HPoE 10G L2 Managed GbE PoE Switch provide 10 ports in a single device the specification is highlighted as follows L2 features provide better manage...

Page 12: ...nagement Chapter 6 Quality of Service Chapter 7 Spanning tree Chapter 8 MAC Address Tables Chapter 9 Multicast Chapter 10 DHCP Chapter 11 Security Chapter 12 Access Control Chapter 13 SNMP Chapter 14 MEP Chapter 15 ERPS Chapter 16 PTP Chapter 17 Event Notification Chapter 18 Diagnostics Chapter 19 Maintenance Ordering information Variable N 10 Variable Y 8 ...

Page 13: ...cation The default username is Admin and password is 1234 For the first time to use please enter the default username and password and then click the Login button The login process now is completed In this login menu you have to input the complete username and password respectively the Cross 8 HPoE 10G will not give you a shortcut to username automatically This looks inconvenient but safer In the ...

Page 14: ...NOTE AS Cross 8 HPoE 10G the function enable dhcp so If you do not have DHCP server to provide ip addresses to the switch the Switch default ip 192 168 1 1 Figure 1 The login page 4 ...

Page 15: ...itch system s contact information is provided here Web interface To configure System Information in the web interface 1 Click System and System Information 2 Write System Name Location Contact information in this page 3 Click Apply Figure 2 1 System Information Parameter description Model Name Displays the factory defined model name for identification purpose System Description Displays the system...

Page 16: ...rsion of this switch Hardware Version Displays the hardware version of the device Mechanical Version Displays the mechanical version of the device Series Number The serial number of this switch MAC Address The MAC Address of this switch Powers Status Displays the powers status of the system Powers Displays the powers of the system Temperature Status Displays the temperature status of the system Te...

Page 17: ...Click to refresh the page immediately Figure 2 1 The System Information buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds ...

Page 18: ...ck Apply Figure 2 2 1 The IP settings Parameter description IPv4 DHCP Client Enable Enable the DHCP client by checking this box If this option is enabled the system will configure the IPv4 address and mask of the interface using the DHCP protocol The DHCP client will announce the configured System Name as hostname to provide DNS lookup IPv4 Address The IPv4 address of the interface in dotted decim...

Page 19: ...ovide the valid IPv6 unicast except linklocal address of the DNS Server Make sure the configured DNS server could be reachable e g via PING6 for activating DNS service From any DHCPv4 interfaces The first DNS server offered from a DHCPv4 lease to a DHCPv4 enabled interface will be used From this DHCPv4 interface Specify from which DHCPv4 enabled interface a provided DNS server should be preferred ...

Page 20: ...interfaces DNS Server This setting controls the DNS name resolution done by the switch There are four servers available for configuration and the index of the server presents the preference less index has higher priority in doing DNS name resolution The following modes are supported No DNS server No DNS server will be used Configured IPv4 Explicitly provide the valid IPv4 unicast address of the DN...

Page 21: ... interface IPv4 DHCP Enabled Enable the DHCP client by checking this box If this option is enabled the system will configure the IPv4 address and mask of the interface using the DHCP protocol IPv4 DHCP Fallback Timeout The number of seconds for trying to obtain a DHCP lease After this period expires a configured IPv4 address will be used as IPv4 interface address A value of zero disables the fallb...

Page 22: ...h Valid values are between 1 and 128 bits for a IPv6 address The field may be left blank if IPv6 operation on the interface is not desired IP Routes Delete Select this option to delete an existing IP route Network The destination IP network or host address of this route Valid format is dotted decimal notation or a valid IPv6 notation A default route can use the value 0 0 0 0 or IPv6 notation Mask ...

Page 23: ...es the IP routes and the neighbour cache ARP cache status Web Interface To display the log configuration in the web interface 1 Click System IP Address Status and IP Status 2 Display the IP Configuration information Figure 2 2 3 1 The IP Status Parameter description IP Interfaces Interface Show the name of the interface Type Show the address type of the entry This may be LINK or IPv4 Address Show ...

Page 24: ... of the route Neighbour cache IP Address Show the IP address of the entry Link Address Show the Link MAC address for which a binding to the IP address given exist Buttons Figure 2 2 3 1 The IP Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately ...

Page 25: ...Information Base Parameter description Start from ID Input field allow the user to change the starting point in this table Protocol The protocol of the route DHCP The route is created by DHCP Connected The destination network is connected directly Static The route is created by user Network Prefix Network and prefix example 10 0 0 0 16 of the given route entry NextHop The IP address of nexthop Val...

Page 26: ...ically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Page Updates the system log entries turn to the first page Next Page Updates the system log entries turn to the next page First Entry Updates the table starting from the first entry in the IPMC Profile Address Configuration Next Entry Updates the table starting with the entry after the last entry cu...

Page 27: ...nterface 1 Click System and System Time 2 Specify the Time parameter 3 Click Apply Figure 2 3 The time configuration Parameter description Time Configuration Clock Source There are two modes for configuring how the Clock Source from Select Local Settings Clock Source from Local Time Select NTP Server Clock Source from NTP Server System Date Show the current time of the system The year of system da...

Page 28: ...onfiguration Default Disabled Start time settings Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute End time settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes Select the starting minute Offset setting...

Page 29: ...me to come out the local time otherwise you will not able to get the correct time The switch supports configurable time zone from 12 to 13 step 1 hour Default Time zone 8 Hrs Parameter description Server 1 to 5 Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For ex...

Page 30: ... as Station and Media Access Control Connectivity Discovery specified in standards document IEEE 802 1AB 2 4 1 LLDP Configuration You can per port to do the LLDP configuration and the detail parameters the settings will take effect immediately This page allows the user to inspect and configure the current LLDP port settings Web Interface To configure LLDP 1 Click System LLDP and LLDP configuration...

Page 31: ...e logical LLDP port Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled the switch will send out LLD...

Page 32: ... transmitted Sys Capa Optional TLV When checked the system capability is included in LLDP information transmitted Mgmt Addr Optional TLV When checked the management address is included in LLDP information transmitted Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 2 4 2 LLDP MED Configuration Media Endpoint Discovery is an enha...

Page 33: ... and LLDP MED Configuration 2 Modify Fast start repeat count parameter default is 4 3 Modify Transmit TLVs parameters 4 Modify Coordinates Location parameters 5 Fill Civic Address Location parameters 6 Fill Emergency Call Service parameters 7 Add new policy 8 Click Apply will show following Policy Port Configuration 9 Select Policy ID for each port 10 Click Apply ...

Page 34: ...twork Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbour has been detected in order share LLDP MED information as fast as possible to new neighbours Because there is a risk of an LLDP frame being lost during transmissi...

Page 35: ...d for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions that can relay IEEE 802 frames via any method An Endpoint Device a LLDP MED Device that sits at the network edge and provides some aspect of IP communications service based on IEEE 802 LAN technology The main difference between a Network Connectivity Device and an Endpoint De...

Page 36: ... to be used when referencing locations on land not near tidal water which would use Datum NAD83 MLLW NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich the associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on water sea ocean Civic Address Location IETF Geopriv Civic Address based Location Configuration Info...

Page 37: ...ncy Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues wi...

Page 38: ...ecific ports Application Type Intended use of the application types 1 Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications 2 Voice Signalling conditional for use in network topologies that require a d...

Page 39: ...d frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN ID VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 L2 Priority L2 Priority is the Layer 2 priority to ...

Page 40: ...tification of the neighbour s LLDP frames Port ID The Remote Port ID is the identification of the neighbour port Port Description Port Description is the port description advertised by the neighbour unit System Name System Name is the name advertised by the neighbour unit System Capabilities System Capabilities describes the neighbour unit s capabilities The possible capabilities are 1 Other 2 Rep...

Page 41: ...ighbours The displayed table contains a row for each port on which an LLDP neighbour is detected This function applies to VoIP devices which support LLDP MED The columns hold the following information Web Interface To show LLDP MED neighbor 1 Click System LLDP and LLDP MED Neighbour 2 Click Refresh for manual update web screen 3 Click Auto refresh for auto update web screen Figure 2 4 4 The LLDP M...

Page 42: ...point products that require the base LLDP discovery services defined in TIA 1057 however do not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration...

Page 43: ...with their own IP Telephony handsets and other similar appliances supporting interactive voice services 4 Guest Voice Signalling for use in network topologies that require a different policy for the guest voice signalling than for the guest voice media 5 Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops 6 Video Conferencing for use by dedicate...

Page 44: ...4 code point values 0 through 63 Auto negotiation Auto negotiation identifies if MAC PHY auto negotiation is supported by the link partner Auto negotiation status Auto negotiation status identifies if auto negotiation is currently enabled at the link partner If Auto negotiation is supported and Auto negotiation status is disabled the 802 3 PMD operating mode will be determined the operational MAU ...

Page 45: ...SE as power source It can also use both its local power supply and the PSE If it is unknown what power supply the PD device is using it is indicated as Unknown Power Priority Power Power Priority represents the priority of the PD device or the power priority associated with the PSE type device s interface that is sourcing the power There are three levels of power priority The three levels are Crit...

Page 46: ...P Neighbour EEE information Parameter description Local Port The interface at which LLDP frames are received or transmitted Tx Tw The link partner s maximum time that transmit path can hold off sending data after deassertion of LPI Rx Tw The link partner s time that receiver would like the transmitter to hold off to allow time for the receiver to wake from sleep Fallback Receive Tw The link partne...

Page 47: ...e NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE in Sync Shows whether the switch and the link partner have agreed on wake times Red Switch and link partner have not agreed on wakeup times Green Switch and link partner have agreed on wakeup times Buttons Figure 2 4 6 The LLDP Neighbor EEE buttons Auto ref...

Page 48: ...he number of entries deleted due to Time To Live expiring Local Counters The displayed table contains a row for each port The columns hold the following information Local Port The port on which LLDP frames are received or transmitted Tx Frames The number of LLDP frames transmitted on the port Rx Frames The number of LLDP frames received on the port Rx Errors The number of received LLDP frames cont...

Page 49: ... value Org Discarded The number of organizationally received TLVs Age Outs Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Buttons Figure 2 4 7 The LLDP Statistics information buttons Auto refresh Check this box to refre...

Page 50: ...t to previously saved values Figure 2 5 The UPnP Configuration Parameter description These parameters are displayed on the UPnP Configuration page Mode Indicates the UPnP operation mode Possible modes are on Enable UPnP mode operation off Disable UPnP mode operation When the mode is enabled two ACEs are added automatically to trap UPNP related packets to CPU The ACEs are automatically removed when...

Page 51: ...l only be applied when IP Addressing Mode is static Valid configurable values ranges from 1 to 4095 Default value is 1 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Chapter 3 Port Management The section describes to configure the Port detail parameters of the switch Others you could use the Port configure to enable or disable...

Page 52: ...ps half duplex mode 10Mbps FDX Forces the cu port in 10Mbps full duplex mode 100Mbps HDX Forces the cu port in 100Mbps half duplex mode 100Mbps FDX Forces the cu port in 100Mbps full duplex mode 1Gbps FDX Forces the port in 1Gbps full duplexFlow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed...

Page 53: ...You can click them for refresh the Port link Status by manual Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 54: ...on when you click Clear 4 If you want to see the detail of port statistic then you need to click that port Figure 3 2 The Port Statistics Overview Parameter description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in er...

Page 55: ...ccurs every 3 seconds Refresh Click to refresh the page Clear Clears the counters for all ports If you want to see the detail of port statistic then you need to click that port The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit ...

Page 56: ...eceived and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive and Transmit Size Counters The number of received and transmitted good and bad packets split into categories ba...

Page 57: ...frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Tx Oversize The number of frames dropped due to frame oversize Buttons Figure 3 2 The Detailed Port Statistics buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page Clear Clears th...

Page 58: ...SFP Port Information Parameter description Upper left scroll bar To scroll which port to display the Port statistics Connector Type Display the connector type for instance UTP SC ST LC and so on Fiber Type Display the fiber mode for instance Multi Mode Single Mode Tx Central Wavelength Display the fiber optical transmitting central wavelength for instance 850nm 1310nm 1550nm and so on Bit Rate Dis...

Page 59: ...made Temperature Show the current temperature of SFP module Vcc Show the working DC voltage of SFP module Mon1 Bias mA Show the Bias current of SFP module Mon2 TX PWR Show the transmit power of SFP module Mon3 RX PWR Show the receiver power of SFP module Buttons Figure 3 3 The SFP Port Information buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every ...

Page 60: ...that both the receiving and transmitting device has all circuits powered up when traffic is transmitted The devices can exchange information about the devices wakeup time using the LLDP protocol Web Interface To configure an Energy Efficient Ethernet in the web interface 1 Click Port Management and Energy Efficient Ethernet 2 Select enable or disable Energy Efficient Ethernet by the port 3 Click t...

Page 61: ...iously saved values Figure 3 5 1 The Static Configuration Parameter description Hash Code Contributors Source MAC Address The Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the d...

Page 62: ...ll duplex ports can join an aggregation and ports must be in the same speed in each group Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 3 5 2 LACP Configuration This page allows the user to inspect the current LACP port configurations and possibly change them as well Web Interface To configure the LACP Port Configuration in t...

Page 63: ... Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet Prio The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lowe...

Page 64: ...rt of this aggregation for this switch The format is Switch ID Port Buttons Figure 3 5 3 The LACP System Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 3 5 4 Internal Status This page provides a status overview for the LACPinternal i e local system status for all ports Only ports that are part ...

Page 65: ...the system considers this link to be aggregateable i e a potential candidate for aggregation Synchronization Show whether the system considers this link to be IN_SYNC i e it has been allocated to the correct LAG the group has been associated with a compatible Aggregator and the identity of the LAG is consistent with the System ID and operational Key information transmitted Collecting Show if colle...

Page 66: ...nterface Click Port Management Link Aggregation and Neighbor Status Checked Auto refresh 1 Click Refresh to refresh the port detailed statistics Figure 3 5 5 The LACP Neighbor Port Status Parameter description Aggr ID The aggregation group ID which the port is assigned to Port The switch port number State The current port state Down The port is not active Active The port is in active state Standby...

Page 67: ...k is enabled Defaulted Show if the Actor s Receive machine is using Defaulted operational Partner information Expired Show if that the Actor s Receive machine is in the EXPIRED state Buttons Figure 3 5 5 The LACP Neighbor Port Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 3 5 6 Port Status Thi...

Page 68: ...AC address Partner Port The partner s port number connected to this port Partner Prio The partner s port priority Buttons Figure 3 5 4 The Port Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 3 6 Loop Protection 3 6 1 Configuration The loop Protection is used to detect the presence of traffic Wh...

Page 69: ...op Protection Controls whether loop protections is enabled as a whole Transmission Time The interval between each loop protection PDU sent on each port Valid values are 1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled in the event of a loop is detected and the port action shuts down the port Valid values are 10 to 604800 seconds 7 days Port Configuration P...

Page 70: ...ort is actively generating loop protection PDU s or whether it is just passively looking for looped PDU s Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 71: ... Refresh to refresh the Loop Protection Status Figure 3 6 2 Loop Protection Status Parameter description Port The switch port number of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the...

Page 72: ...e Reset button It will revert to previously saved values Figure 3 7 1 The UDLD Configuration Parameter description Port Port number of the switch UDLD Mode Configures the UDLD mode on a port Valid values are Disable Normal and Aggressive Default mode is Disable Disable In disabled mode UDLD functionality doesn t exists on port Normal In normal mode if the link state of the port was determined to b...

Page 73: ...is 7 seconds Currently default time interval is supported due to lack of detailed information in RFC 5171 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 74: ...eed to evoke the Auto refresh 4 Click Refresh to refresh the Loop Protection Status Figure 3 7 2 UDLD Status Parameter description UDLD port status UDLD Admin State The current port state of the logical port Enabled if any of state Normal Aggressive is Enabled Device ID local The ID of Device Device Name local Name of the Device Bidirectional State The current state of the port Neighbour Status Po...

Page 75: ...our Device Buttons Figure 3 7 2 UDLD Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Port 1 Select port that you want to display the DHCP Detailed Statistics ...

Page 76: ...4 1 PoE Configuration This page allows the user to inspect and configure the current PoE port settings and show all PoE Supply W Web Interface To configure Power over Ethernet in the web interface 1 Click PoE Management and PoE Configuration 2 Specify the Reserved Power determined 3 Specify the PoE or PoE Mode PoE Schedule Priority Maximum Power W Delay Mode and Delay Time 4 Click Apply to save th...

Page 77: ...es for configuring when to shut down the ports 1 Actual Consumption In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port The ports are shut down according to the ports priority If two ports have the same priority ...

Page 78: ... The maximum allowed value is 30 W Delay Mode Turn on off the power delay function Enabled Enable POE Power Delay Disabled Disable POE Power Delay Delay Time 0 300sec When rebooting the PoE port will start to provide power to the PD when it out of delay time default 0 range 0 300 sec Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved val...

Page 79: ... for this row PD Class Each PD is classified according to a class that defines the maximum power the PD will use The PD Class shows the PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested The Power Requested shows the requested amount of power the PD wants to be reserved Power ...

Page 80: ...get exceeded The total requested or used power by the PDs exceeds the maximum power the Power Supply can deliver and port s with the lowest priority is are powered down No PD detected No PD detected for the port PoE turned OFF PD overload The PD has requested or used more power than the port can deliver and is powered down PoE turned OFF PD is off Invalid PD PD detected but is not working correctl...

Page 81: ...eboot Click Apply to apply the change Figure 4 3 The PoE Power Delay Parameter description Port This is the logical port number for this row Delay Mode Turn on off the power delay function Enabled Enable POE Power Delay Disabled Disable POE Power Delay Delay Time 0 300sec When rebooting the PoE port will start to provide power to the PD when it out of delay time Default 0 range 0 300 sec Buttons A...

Page 82: ...re action and reboot time 4 Click Apply to apply the change Figure 4 4 The PoE Auto Checking Parameter description Ping Check Enable Ping Check function can detects the connection between PoE port and power device Disable will turn off the detection Port This is the logical port number for this row Ping IP Address The PD s IP Address the system should ping Startup Time After startup time device wi...

Page 83: ...ng Keep Ping the remote PD but does nothing further Reboot Cut off the power of the PoE port make PD rebooted Reboot time sec When PD has been rebooted the PoE port restored power after the specified time Default 15 range 3 120 sec Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 84: ...d Time 4 Click Apply to apply the change Figure 4 5 The PoE Schedule Profile Parameter description Profile The index of profile There are 16 profiles in the configuration Name The name of profile The default name is Profile User can define the name for identifying the profile Week Day The day to schedule PoE Start Time The time to start PoE The time 00 00 means the first second of this day End Tim...

Page 85: ... Reset Click to undo any changes made locally and revert to previously saved values ...

Page 86: ...tion to the old management VLAN is lost For this reason you should have a connection between your management station and a port in the new management VLAN or connect to the new management VLAN through a multi VLAN route Web Interface To configure VLAN membership configuration in the web interface 1 Click VLAN Management and VLAN Configuration 2 Modify Global VLAN Configuration parameter 3 Scroll t...

Page 87: ...he scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN a k a Access VLAN which by default is 1 accepts untagged frames and C tagged frames discards all frames that are not classified to the Access VLAN on egress all frames are transmitted untagged Trunk Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to oth...

Page 88: ...on egress they will be tagged with a C tag S Port On ingress frames with a VLAN tag with TPID 0x8100 or 0x88A8 get classified to the VLAN ID embedded in the tag If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with an S tag S Custom Port On ingress frames with a VLAN tag with a TPID 0x8100 or equal to the Et...

Page 89: ...syntax is identical to the syntax used in the Existing VLANs field By default a port may become member of all possible VLANs and is therefore set to 1 4095 The field may be left empty which means that the port will not be member of any of the existing VLANs but if it is configured for VLAN Trunking it will still be able to carry all unknown VLANs Forbidden VLANs A port may be configured to never b...

Page 90: ...ser module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID Currently we support the following VLAN user types NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server GVRP Adjacent VLAN aware devices can exchange VLAN information with e...

Page 91: ...LANs configured by a selected VLAN User selection shall be allowed by a Combo Box When combined Users are selected it shall show this information for all the VLAN Users and this is by default VLAN membership allows the frames classified to the VLAN ID to be forwarded on the respective VLAN member ports Show entries You can choose how many items you want to show up You can choose the Vlan User Butt...

Page 92: ...n Authentication Server GVRP Adjacent VLAN aware devices can exchange VLAN information with each other by using Generic VLAN Registration Protocol GVRP GVRP is based on the Generic Attribute Registration Protocol GARP and propagates VLAN information throughout a bridged network MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for a...

Page 93: ...ntagged Untagged VLAN ID If Tx Tag is overridden by the selected user and is set to Tag or Untag UVID then this field will show the VLAN ID the user wants to tag or untag on egress The field is empty if not overridden by the selected user Conflicts Two users may have conflicting requirements to a port s configuration For instance one user may require all frames to be tagged on egress while another...

Page 94: ... VLAN and Configuration 2 Click Add New Entry 3 Specify the MAC address and VLAN ID 4 Click Apply Figure 5 4 1 The MAC based VLAN Configuration Parameter description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members A row of check boxes for each port is displayed for each MAC to VLAN ID mapping entry To include a port in the mapping check the box To remove or exclude...

Page 95: ...LAN entry check this box and press apply The entry will be deleted on the selected switch in the stack Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Figure 5 4 1 The MAC based VLAN Configuration buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the ...

Page 96: ...efresh 3 Click Refresh to refresh the MAC based VLAN Membership Status Figure 5 4 2 The MAC based VLAN Status Parameter description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Buttons Figure 5 4 2 The MAC based VLAN Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs ever...

Page 97: ...tiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the 8 bit 802 2 Service Access Point SAP fields SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier spaces It is used with IEEE 802 3 IEEE 802 4 IEEE 802 5 IEEE 802 11 and other IEEE 802 physical network layers as well as with non IEEE 802 physica...

Page 98: ...thernet is selected as a Frame Type is called etype Valid values for etype ranges from 0x0600 0xffff 2 For LLC Valid value in this case is comprised of two different sub values a DSAP 1 byte long string 0x00 0xff b SSAP 1 byte long string 0x00 0xff 3 For SNAP Valid value in this case also is comprised of two different sub values a OUI OUI Organizationally Unique Identifier is value in format of xx...

Page 99: ... Name can be configured as needed The button can be used to undo the addition of new entry Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 5 2 Group to VLAN This section allows you to map an already configured Group Name to a VLAN for the selected stack switch unit switch Web Interface To configure Group Name to VLAN mapping table co...

Page 100: ...re unchecked Buttons Delete To delete a Group Name to VLAN map entry check this box The entry will be deleted on the switch during the next Save Add New Entry Click to add a new entry in mapping table An empty row is added to the table the Group Name VLAN ID and port members can be configured as needed Legal values for a VLAN ID are 1 through 4095 The button can be used to undo the addition of new...

Page 101: ...uration Parameter description IP Address Indicates the IP address Mask Length Indicates the network mask length VLAN ID Indicates the VLAN ID VLAN ID can be changed for the existing entries Port Members A row of check boxes for each port is displayed for each IP subnet to VLAN ID mapping entry To include a port in a mapping simply check the box To remove or exclude the port from the mapping make s...

Page 102: ...bnet based VLAN entry Legal values for a VLAN ID are 1 through 4095 The IP subnet based VLAN entry is enabled on the selected stack switch unit when you click on Save The Delete button can be used to undo the addition of new IP subnet based VLANs The maximum possible IP subnet based VLAN entries are limited to 128 Apply Click to save changes Reset Click to undo any changes made locally and revert ...

Page 103: ...eclaration GID component associated with each port or the switch The propagation of information between GARP participants for the same application in a bridge is carried out by the GARP Information Propagation GIP component Protocol exchanges take place between GARP participants by means of LLC Type 1 services using the group MAC address and PDU format defined for the GARP application concerned We...

Page 104: ...5000 in the units of centi seconds i e in units of one hundredth of a second The default is 1000 Max VLANs When GVRP is enabled a maximum number of VLANs supported by GVRP is specified By default this number is 20 This number can only be changed when GVRP is turned off Port The Port column shows the list of ports Mode This configuration is to enable disable GVRP Mode on particular port locally Dis...

Page 105: ...nd Private VLAN 2 Configure the Private VLAN membership configurations for the switch 3 Click Apply Figure 5 8 The Private VLAN Configuration Parameter description Delete To delete a private VLAN entry check this box The entry will be deleted during the next apply Private VLAN ID Indicates the ID of this particular private VLAN Port Members A row of check boxes for each port is displayed for each ...

Page 106: ...N is enabled when you click Apply The button can be used to undo the addition of new Private VLANs Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 107: ...pon the destination address on the data packet The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or non protected port This page is used for enabling or disabling port isolation on ports in a Private VLAN A port member of a VLAN can be isolated to other isolated ports on the same VLAN an...

Page 108: ...figured through its own GUI Web Interface To configure Voice VLAN in the web interface 1 Click VLAN Management Voice VLAN and Configuration 2 Select on in the Voice VLAN Configuration 3 Specify VLAN ID Aging Time and Traffic Class 4 Select Port Members in the Voice VLAN Configuration 5 Specify Mode Security Discovery Protocol in the Port Configuration 6 Click the Apply to save the setting 7 If you...

Page 109: ...ic port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN This field will be read only if STP feature is enabled And the STP port mode will be readonly if this field be set to the mode other than Disabled Port Security Indicates the Voice VLAN port security mode When the function is enabled all non telephonic MAC addresses in the Voice VLAN will be blocked for 10 ...

Page 110: ...VLAN OUI Table Parameter description Delete Check to delete the entry It will be deleted during the next save Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which vendor telephony device it belong...

Page 111: ...Click to undo any changes made locally and revert to previously saved values ...

Page 112: ...port advanced memory control mechanisms providing excellent performance of all QoS classes under any traffic scenario including jumbo frame A super priority queue with dedicated memory and strict highest priority in the arbitration The ingress super priority queue allows traffic recognized as CPU traffic to be received and queued for transmission to the CPU even when all the QoS class queues are c...

Page 113: ...then the frame is classified to a DPL that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default DPL The classified DPL can be overruled by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag Otherwise the frame is...

Page 114: ...ification Controls the classification mode for tagged frames on this port Disabled Use default CoS and DPL for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames PCP DEI to Queue Priority DPL level Mapping Controls the mapping of the classified PCP DEI to Queue Priority DPL level values when Tag Classification is set to Enabled Buttons Apply Click to save changes Reset Clic...

Page 115: ...e and Unit 4 Click Apply to save the configuration 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 6 2 The QoS Ingress Port Policers Configuration Parameter description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers Enabled To evoke which Port...

Page 116: ...Click to undo any changes made locally and revert to previously saved values ...

Page 117: ... and specify the Queue Shaper parameter 4 Click the Apply to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 6 3 The QoS Egress Port Shaper Parameter description Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers Shapers Qn Shows dis...

Page 118: ...This parameter is only shown if Scheduler Mode is set to Weighted Queue Scheduler Percent Shows the weight in percent for this queue This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper This value is restricted to 100 13107100 when Unit is kbps and...

Page 119: ... to enable storm control 3 Scroll to set the Rate Parameters and Unit 4 Click which port need to enable and configure the Rate limit condition 5 Click the Apply to save the setting 6 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 6 4 The Storm Control Configuration Parameter description Global Storm Policer Configuration G...

Page 120: ...own unicast frames known and unknown broadcast frames and unknown flooded unicast multicast and broadcast frames Port The port number for which the configuration below applies Enable Enable or disable the storm policer for this switch port Rate Controls the rate for the port storm policer This value is restricted to 10 13128147 when Unit is fps or kbps and 1 13128 when Unit is kfps or Mbps The rat...

Page 121: ...t button It will revert to previously saved values Figure 6 5 The QoS Egress Port Schedules Parameter description Port The logical port for the settings contained in the same row Mode Shows the scheduling mode for this port Qn Shows the weight for this queue and port Scheduler Mode Controls how many of the queues are scheduled as strict and how many are scheduled as weighted on this switch port Qu...

Page 122: ...Mode is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper This value is restricted to 100 13107100 when Unit is kbps and 1 13107 when Unit is Mbps The rate is internally rounded up to the nearest value supported by the port shaper Port Shaper Unit Controls the unit of measure for the port shape...

Page 123: ...Web Interface To configure the QoS Port PCP Remarking in the web interface 1 Click Quality of Service and Port PCP Remarking 2 Click the Port and display the QoS Port PCP Remarking 3 Scroll the Port and PCP Remarking Mode and specify the Queue Shaper parameter 4 Click the Apply to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previou...

Page 124: ...P DEI values Specific Use default PCP DEI values Mapped Use mapped versions of CoS and DPL PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS class DP level to PCP DEI values when the mode is set to Mapped Buttons Apply Click to save changes Reset Click to undo any chang...

Page 125: ...then you need to click the Reset button It will revert to previously saved values Figure 6 7 1 The QoS Port DSCP Configuration Parameter description Port The Port column shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration param...

Page 126: ... settings for all switches DSCP translation can be done in Ingress or Egress Web Interface To configure the DSCP Translation parameters in the web interface 1 Click Quality of Service DSCP and DSCP Translation 2 Scroll to set the Ingress Translate and Egress Remap Parameters 3 Evoke to enable or disable Classify 4 Click the apply to save the setting 5 If you want to cancel the setting then you nee...

Page 127: ...hanges made locally and revert to previously saved values 6 7 3 DSCP Classification The section describes to teach user to configure and allows you to map DSCP value to a QoS Class and DPL value Others the settings relate to the currently selected stack unit as reflected by the page header Web Interface To configure the DSCP Classification parameters in the web interface 1 Click Quality of Service...

Page 128: ...d revert to previously saved values 6 7 4 DSCP Based QoS The section will teach user to configure the DSCP Based QoS mode that This page allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches Web Interface To configure the DSCP Based QoS Ingress Classification parameters in the web interface 1 Click Quality of Service DSCP and DSCP Based QoS 2 Evoke t...

Page 129: ... of support ed DSCP values are 64 Trust Click to check if the DSCP value is trusted Queue Priority Queue Priority value can be any between 0 and 7 7 is the highest DPL Drop Precedence Level 0 3 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 130: ... add a new QCE to the list Web Interface To configure the QoS Control List parameters in the web interface 1 Click Quality of Service QoS Contol List and Configuration 2 Click the to add a new QoS Control List 3 Scroll all parameters and evoke the Port Member to join the QCE rules 4 Click the apply to save the setting 5 If you want to cancel the setting then you need to click the Reset button It w...

Page 131: ...is Any SMAC Match specific source MAC address or Any If a port is configured to match on DMAC DIP this field indicates the DMAC Tag Type Indicates tag type Possible values are Any Match tagged and untagged frames Untagged Match untagged frames Tagged Match tagged frames C Tagged Match C tagged frames S Tagged Match S tagged frames The default value is Any VID Indicates VLAN ID either a specific VI...

Page 132: ...tons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down the list Deletes the QCE The lowest plus sign adds a new entry at the bottom of the QCE listings Port Members Check the checkbox button to include the port in the QCL entry By default all ports are included Key Parameters Key configuration is described as below DMAC Destination MAC address Poss...

Page 133: ... and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero Destination IP Specific Destination IP address in value mask format or Any IP Fragment IPv4 frame fragmented option Yes No or Any DSCP Diffserv Code Point value DSCP It can be a specific value range of values or Any DSCP values are in the range 0 63 including BE...

Page 134: ...ion change 6 8 2 Status The section will let you know how to configure and shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch Web Interface To display the QoS Control List Status in the web interface 1 Click Quality of Se...

Page 135: ...sify Ingress Map ID Conflict Displays Conflict status of QCL entries It may happen that resources required to add a QCE may not available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on pressing Resolve Conflict button Buttons Figure 6 8 2 The QoS Control List Status buttons...

Page 136: ...e number There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Buttons Figure 6 9 The Queuing Counters buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page Clear Click to clear the page 6 10 WRED This page allows you to configure the R...

Page 137: ...guration below applies DPL The Drop Precedence Level for which the configuration below applies Enable Controls whether RED is enabled for this entry Min Controls the lower RED fill level threshold If the queue filling level is below this threshold the drop probability is zero This value is restricted to 0 100 Max Controls the upper RED drop probability or fill level threshold for frames marked wit...

Page 138: ...el where drop probability reaches 100 This configuration makes it possible to reserve a portion of the queue exclusively for frames marked with Drop Precedence Level 0 green frames The reserved portion is calculated as 100 Max Frames marked with Drop Precedence Level 0 green frames are never dropped The drop probability for frames increases linearly from zero at Min average queue filling level to ...

Page 139: ...g the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Figure 7 The Spanning Tree Protocol Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from t...

Page 140: ...instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority of the STP RSTP Bridge Hello Time The interval between sending STP BPDU s Valid values are in the range 1 to 10 seconds default is 2 seconds Note Changing this parameter from the default value is not recommended and may ...

Page 141: ...t BPDU Filtering Control whether a port explicitly configured as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatically will...

Page 142: ...ribes it allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well Web Interface To configure the Spanning Tree MSTI in the web interface 1 Click Spanning Tree and MSTI Configuration 2 Specify the configuration identification parameters in the field Specify the VLANs Mapped blank field 3 Click the Apply to save the setting 4 If you wan...

Page 143: ...The list of VLANs mapped to the MSTI The VLANs can be given as a single xx xx being between 1 and 4094 VLAN or a range xx yy each of which must be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just be left empty I e not having any VLANs mapped to it Example 2 5 20 40 MSTI Priority Controls the bridge priority Lower numeric values have better priority...

Page 144: ...on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not Restricted Role If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivi...

Page 145: ...to the bridge Port Error Recovery setting as well Point to Point Controls whether the port connects to a point to point LAN rather than to a shared medium This can be automatically determined or forced either true or false Transition to the forwarding state is faster for point to point LANs than for shared media Buttons Apply Click to save changes Reset Click to undo any changes made locally and r...

Page 146: ...Bridges status in the web interface Click Spanning Tree and STP Status If you want to auto refresh the information then you need to evoke the Auto refresh Click Refresh to refresh the STP Bridges 1 Click CIST to next page STP Detailed Bridge Status Figure 7 3 The STP status Parameter description MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID ...

Page 147: ...t state can be one of the following values Blocking Learning Forwarding Uptime The time since the bridge port was last initialized CIST Click to next page STP Detailed Bridge Status STP Bridge Status Bridge Instance The Bridge instance CIST MST1 Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned th...

Page 148: ...ardingLearning Forwarding Path Cost The current STP port path cost This will either be a value computed from the Auto setting or any explicitly configured value Edge The current STP port operational Edge Flag An Edge Port is a switch port to which no Bridges are attached The flag may be automatically computed or explicitly configured Each Edge Port transits directly to the Forwarding Port State si...

Page 149: ...MSTP Configuration BPDU s received transmitted on the port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on...

Page 150: ...Click to refresh the page immediately ...

Page 151: ...ment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time Web Interface To configure MAC Address Table in the web interface 1 Click MAC Address Tables and Configuration 2 Specify the Di...

Page 152: ...by using another non secure port or by connecting to the switch via the serial interface VLAN Learning Configuration Learning disabled VLANS This field shows the Learning disabled VLANs When a NEW MAC arrives into a learning disabled VLAN the MAC won t be learnt By the default the field is empty More VLANs may be created by using a list syntax where the individual elements are separated by commas ...

Page 153: ... for the new entry Click Apply Delete Check to delete the entry It will be deleted during the next save Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 154: ...page shows up to 999 entries from the MAC table default being 10 selected through the entries per page input field When first visited the web page will show the first 10 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table Type Indicates whether the entry is a static or a dynamic entry 802 1x DMS V...

Page 155: ...C7 73 01 29 your switch MAC address for IPv4 33 33 00 00 00 01 Destination MAC for IPv6 Router Advertisement reference IPv6 RA JPG 33 33 00 00 00 02 Destination MAC for IPv6 Router Solicitation reference IPv6 RS JPG 33 33 FF 73 01 29 Destination MAC for IPv6 Neighbor Solicitation reference IPv6 DAD JPG 33 33 FF A8 01 01 your switch MAC address for IPv6 global IP FF FF FF FF FF FF for Broadcast ...

Page 156: ... group before The packets will be discarded by the IGMP Snooping if the user transmits multicast packets to the multicast group that had not been built up in advance IGMP mode enables the switch to issue IGMP function that you enable IGMP proxy or snooping on the switch which connects to a router closer to the root of the tree This interface is the upstream interface The router on the upstream int...

Page 157: ...rmat IP address sub mask Leave Proxy Enabled Enable IGMP Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enabled Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Port Related Configuration Port It shows the physical Port index of switch Router Port Specify which ports a...

Page 158: ...the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table Clicking the button will update the displayed table starting from that or the next closest VLAN Table match Web Interface To configure the IGMP Snooping VLAN Configuration in the web interface 1 Click Multicast IGMP S...

Page 159: ...val is 125 seconds QRI 0 1 sec Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds LLQI 0 1 sec Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Quer...

Page 160: ... the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Queries Transmitted The number of Transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Re...

Page 161: ...lear the page 9 1 4 Group Information After you complete to set the IGMP Snooping function then you could let the switch to display the IGMP Snooping Group Information Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group This will use the last entry of the currently displayed table as a basis for the next lookup When the end is re...

Page 162: ...s for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the First Page button to start over Show entries You can choose how many items you want to show up VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Buttons Figure 9 1 4 The IGMP Snooping Groups Information buttons Auto refresh Check ...

Page 163: ...in the IGMP SFM Information Table Clicking the Refresh button will update the displayed table starting from that or the closest next IGMP SFM Information Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The Next Page will use the last entry of the currently display...

Page 164: ...uld be handled by chip or not Buttons Figure 9 1 5 The IGMP Snooping Groups Information buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Page Updates the system log entries turn to the first page Next Page Updates the group information entries turn to the next page ...

Page 165: ...termine what multicast address to use Note that this is a function of the application software not of MLD When MLD snooping is enabled on a VLAN the switch acts to minimize unnecessary multicast traffic If the switch receives multicast traffic destined for a given multicast address it forwards that traffic only to ports on the VLAN that have MLD hosts for that address It drops that traffic for por...

Page 166: ...ast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address Using IPv6 Address range Leave Proxy Enabled Enable MLD Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enabled Enable MLD Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Port ...

Page 167: ...hat have no MLD hosts The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Web Interface To configure the MLD Snooping VLAN Configuration in the web interface 1 Click Multicast MLD Snooping and VLAN Configuration 2 Click Add New MLD VLAN 3 Specify the...

Page 168: ...er Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second URI sec Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial repor...

Page 169: ... V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V1 Leaves Received The number of Received V1 Leaves Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier Static denotes the specific port is configured to be a router port Dynamic de...

Page 170: ...to refresh an entry of the MLD Snooping Group Information 4 Click First Next Page to change page Figure 9 2 4 The MLD Snooping Groups Information Parameter description Navigating the MLD Group Table Each page shows up to 99 entries from the MLD Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the begi...

Page 171: ...ely First Page Updates the system log entries turn to the first page Next Page Updates the group information entries turn to the next page 9 2 5 MLD SFM Information Entries in the MLD SFM Information Table are shown on this page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and...

Page 172: ... displayed entry allowing for continuous refresh with the same start address The Next Page will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the First Page button to start over VLAN ID VLAN ID of the group Group IP Multicast Group address Port Switch port number Mode Indicates...

Page 173: ...he page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Page Updates the system log entries turn to the first page Next Page Updates the group information entries turn to the next page ...

Page 174: ...onfigure the MVR Configuration in the web interface 1 Click Multicast MVR and Basic Configuration 2 Scroll the MVR mode to enable or disable and Scroll to set all parameters 3 Click Add New MVR VLAN 4 Specify MVR VID MVR Name IGMP Address Mode Tagging Priority LLQI Interface Channel Profile 5 Select which port to Click Immediate Leave 6 Click the apply to save the setting 7 If you want to cancel t...

Page 175: ...h MVR VID The default is tagged Priority Specify how the traversed IGMP MLD control frames will be sent in prioritized manner The default Priority is 0 LLQI Define the maximum time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership The value is in units of tenths of a seconds The range is from 0 to 31744 The default LLQI is 5 tenths ...

Page 176: ... will display the MVR detail Statistics after you had configured MVR on the switch It provides the detail MVR Statistics Information Web Interface To display the MVR Statistics Information in the web interface 1 Click Multicast MVR and Statistics 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 To click the Refresh to refresh an entry of the MVR Statistics In...

Page 177: ...ail information on the switch Entries in the MVR Group Table are shown on this page The MVR Group Table is sorted first by VLAN ID and then by group Web Interface To display the MVR Groups Information in the web interface 1 Click Multicast MVR and Groups Information 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 To click the Refresh to refresh an entry of t...

Page 178: ... Groups Group ID of the group displayed Port Members Ports under this group Buttons Figure 9 3 3 The MVR Groups Information buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Page Updates the system log entries turn to the first page Next Page Updates the group information entries turn t...

Page 179: ...ss The Next Page will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the First Page button to start over MVR SFM Information Table Columns Show entries You can choose how many items you want to show up VLAN ID VLAN ID of the group Group IP Multicast Group address Port Switch por...

Page 180: ... this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Page Updates the system log entries turn to the first page Next Page Updates the group information entries turn to the next page ...

Page 181: ...ponding rules for each Web Interface To configure the IPMC Profile Configuration in the web interface 1 Click Multicast Multicast Filtering Profile and Filtering Profile Table 2 Scroll the Multicast Filtering Profile mode to enable or disable 3 Click Add New Filtering Profile 4 Specify Profile Name Profile Description and Rule 5 Click the apply to save the setting 6 If you want to cancel the setti...

Page 182: ...e Summary about the designated profile will be shown by clicking the view button You can manage or inspect the rules of the designated profile by using the following buttons Preview Preview the rules associated with the designated profile Edit Adjust the rules associated with the designated profile Profile Name Index The name of the designated profile to be associated This field is not editable En...

Page 183: ...t Buttons Add New Filtering Profile Click to add new IPMC profile Specify the name and configure the new entry Click Save Delete Check to delete the entry The designated entry will be deleted during the next save Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Add Last Rule Click to add a new rule in the end of the specific profile s r...

Page 184: ...ame which is composed of at maximum 16 alphabetic and numeric characters Start Address The starting IPv4 IPv6 Multicast Group Address that will be used as an address range End Address The ending IPv4 IPv6 Multicast Group Address that will be used as an address range Buttons Add New Address Range Entry Click to add new address range Specify the name and configure the addresses Click Apply Delete Ch...

Page 185: ...Updates the table starting from the first entry in the IPMC Profile Address Configuration Next Entry Updates the table starting with the entry after the last entry currently displayed ...

Page 186: ...itch The DHCP Snooping can prevent attackers from adding their own DHCP servers to the network Web Interface To configure DHCP snooping in the web interface 1 Click DHCP Snooping and Configuration 2 Select on in the Mode of DHCP Snooping Configuration 3 Select Trusted of the specific port in the Mode of Port Mode Configuration 4 Click Apply Figure 10 1 1 The DHCP Snooping Configuration Parameter d...

Page 187: ...P clients obtained the dynamic IP address from the DHCP server will be listed in this table except for local VLAN interface IP addresses Entries in the Dynamic DHCP snooping Table are shown on this page Web Interface To monitor a DHCP in the web interface 1 Click DHCP Snooping and Snooping table 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 To click the Re...

Page 188: ... 3 Detailed Statistics This page provides statistics for DHCP snooping Notice that the normal forward per port TX statistics isn t increased if the incoming DHCP packet is done by L3 forwarding mechanism And clear the statistics on specific port may not take effect on global statistics since it gathers the different layer overview Web Interface To display a DHCP Relay statistics in the web interfa...

Page 189: ...tion 53 with value 6 packets received and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform The number of inform option 53 with value 8 packets received and transmitted Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Unassigned The number of lease unas...

Page 190: ...ted port Buttons Figure 10 1 3 The DHCP Detailed Statistics buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Port 1 Select port that you want to display the DHCP Detailed Statistics ...

Page 191: ...10 2 1 The DHCP Relay Configuration Parameter description Relay Mode Indicates the DHCP relay mode operation Possible modes are on Enable DHCP relay mode operation When DHCP relay mode operation is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain And the DHCP broadcast message won t be flooded for security conside...

Page 192: ...ady contains relay agent information it will enforce the policy The Replace policy is invalid when relay information mode is disabled Possible policies are Replace Replace the original relay information when a DHCP message that already contains it is received Keep Keep the original relay information when a DHCP message that already contains it is received Drop Drop the package when a DHCP message ...

Page 193: ... Circuit ID The number of packets whose Circuit ID option did not match known circuit ID Receive Bad Remote ID The number of packets whose Remote ID option did not match known Remote ID Client Statistics Transmit to Client The number of relayed packets from server to client Transmit Error The number of packets that resulted in error while being sent to servers Receive from Client The number of rec...

Page 194: ...10 2 2 The DHCP relay statistics buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear Clear all statistics ...

Page 195: ...ly Figure 10 3 1 The DHCP server configuration Parameter description VLAN Configure the VLAN in which DHCP server is enabled or disabled Allowed VLAN are in the range 1 through 4095 Mode Indicate the operation mode per VLAN Possible modes are Enable Enable DHCP server per VLAN Disable Disable DHCP server pre VLAN Start IP and End IP Define the IP range The Start IP must be smaller than or equal to...

Page 196: ...ation then you need to evoke the Auto refresh 3 To click the Refresh to refresh an entry of the DHCP server status Figure 10 3 2 The DHCP server status Parameter description VLAN The VLAN ID of the entry Type Indicate the operation type per VLAN Possible types are Static and DMS Start IP and End IP Display the Start IP and the End IP Lease Time Display lease time of the pool Subnet Mask Display su...

Page 197: ...Figure 10 3 2 The DHCP server status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately ...

Page 198: ...ew of the current users Currently the only way to login as another user on the web server is to close and reopen the browser Web Interface To configure User in the web interface 1 Click Security Management and Account 2 Click Add new user 3 Specify the User Name parameter 4 Click Apply Figure 11 1 1 The Account configuration Parameter description User Name The name identifying the user The field c...

Page 199: ...el 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Click to undo any changes made locally and return to the Users Delete User Delete the current user This button is not available for new co...

Page 200: ...er Privilege should be same or greater than the authorization Privilege level to have the access to that group Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 11 1 3 Auth Method This page shows how to configure a user with auth method when he logs into the switch via one of the management client interfaces Web Interface To conf...

Page 201: ...f the remote servers are offline In this case the next method is tried Each method is tried from left to right and continues until a method either approves or rejects a user If a remote server is used for primary authentication it is recommended to configure secondary authentication as local This will enable the management client to login via the local user database if none of the configured authe...

Page 202: ...gin is not possible tacacs use a remote TACACS server for accounting Cmd Lvl Runs accounting for all commands at the specified privilege level Specific command level that should be authorized Valid entries are 0 through 15 Exec Runs accounting to determine if the user is allowed to run an EXEC shell This facility might return user profile information such as auto command information Buttons Apply ...

Page 203: ...g the next save Start IP address Indicates the start IP unicast address for the access management entry End IP address Indicates the end IP unicast address for the access management entry HTTP HTTPS Indicates that the host can access the switch from HTTP HTTPS interface if the host IP address matches the IP address range provided in the entry SNMP Indicates that the host can access the switch from...

Page 204: ...e pass phrase in this field if your uploading certificate is protected by a specific passphrase Certificate Upload Upload a certificate PEM file into the switch The file should contain the certificate and private key together If you have two separated files for saving certificate and private key Use the Linux cat command to combine them into a single PEM file For example cat my cert my key my pem ...

Page 205: ... Status Display the current status of certificate on the switch Possible statuses are Switch secure HTTP certificate is presented Switch secure HTTP certificate is not presented Switch secure HTTP certificate is generating Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 206: ...02 1X Configuration 3 Checked Reauthentication Enabled 4 Set Reauthentication Period Default is 3600 seconds 5 Set EAPOL Timeout Default is 30 seconds 6 Set Aging Period Default is 300 seconds 7 Set Hold Time Default is 10 seconds 8 Checked RADIUS Assigned QoS Enabled 9 Checked RADIUS Assigned VLAN Enabled 10 Checked Guest VLAN Enabled 11 Specify Guest VLAN ID 12 Specify Max Reauth Count 13 Checke...

Page 207: ... This has no effect for MAC based ports Aging Period This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free r...

Page 208: ... server assigned VLAN functionality When checked the individual ports ditto setting determine whether RADIUS assigned VLAN is enabled on that port When unchecked RADIUS server assigned VLAN is disabled on all ports Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The swit...

Page 209: ...entication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it W...

Page 210: ...nticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL frames sent from the switch towards the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address wh...

Page 211: ...oS Class in an Access Accept packet Only the first occurrence of the attribute in the packet will be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 7 which translates into the desired QoS Class in the range 0 7 RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled a...

Page 212: ...ow be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleared if the port link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the ra...

Page 213: ... while the re authentication is in progress Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 11 2 2 Status The section describes to show the each port 802 1X status information of the switch The status includes Admin State Port State Last Source Last ID and Port VLAN ID Web Interface To displays 802 1X Status in the web interfac...

Page 214: ...AN ID that 802 1X has put the port in The field is blank if the Port VLAN ID is not overridden by 802 1X If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Buttons Figure 11 2 2 The IEEE 802 1X Status buttons Aut...

Page 215: ... 1X Port State for a description of the individual states Buttons Figure 11 2 2 The IEEE 802 1X Statistics Port buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page ...

Page 216: ...imited of the specific port in the Mode of Port Mode Configuration Click Apply Figure 11 3 1 The IP Source Guard Configuration Parameter description Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard All configured ACEs will be lost when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when...

Page 217: ...on in the web interface Click Security IP Source Guard and Static Table Click Add New Entry Specify the Port VLAN ID IP Address and MAC address in the entry Click Apply Figure 11 3 2 The Static IP Source Guard Table Parameter description Port The logical port for the settings VLAN ID The vlan id for the settings IP Address Allowed Source IP address MAC address Allowed Source MAC address Buttons Ad...

Page 218: ...fault being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic IP Source Guard Table The Start from port address VLAN and IP address input fields allow the user to select the starting point in the Dynamic IP Source Guard Table Clicking Refresh the button will update the displayed table starting from ...

Page 219: ...ynamic IP Source Guard Table buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Page Updates the system log entries turn to the first page Next Page Updates the group information entries turn to the next page ...

Page 220: ...lobal ARP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Possible modes are Enabled Enable ARP Inspection operation Disabled Disable ARP Inspection operation If you want to inspect the VLAN configuration you have to enable the setting of Check VLAN ...

Page 221: ...ly the Global Mode and Port Mode on a given port are enabled and the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting There are four log types and possible types are None Log nothing Deny Log denied entries Permit Log permitted entries ALL Log all entries Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to pr...

Page 222: ...try will use the next entry of the currently displayed VLAN entry as a basis for the next lookup When the end is reached the warning message is shown in the displayed table Use the First Entry button to start over VLAN Mode Configuration Specify ARP Inspection is enabled on which VLANs First you have to enable the port setting on Port mode configuration web page Only when both Global Mode and Port...

Page 223: ...e page immediately 11 4 3 Static Table The section describes to configure the Static ARP Inspection Table parameters of the switch You could use the Static ARP Inspection Table configure to manage the ARP entries Web Interface To configure a Static ARP Inspection Table Configuration in the web interface Click Security ARP Inspection and Static Table Click Add new entry Specify the Port VLAN ID IP ...

Page 224: ...e first 20 entries from the beginning of the Dynamic ARP Inspection Table The Start from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspection Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic ARP Inspection Table match In addition the two input fields will u...

Page 225: ...ry IP Address User IP address of the entry Show entries You can choose how many items you want to show up Buttons Figure 11 4 4 The Dynamic ARP Inspection Table buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Page Updates the system log entries turn to the first page Next Page Updates...

Page 226: ... If Aging Enabled is checked then the aging period is controlled with this input If other modules are using the underlying functionality for securing MAC addresses they may have other requirements to the aging period The underlying functionality will use the shorter requested aging period of all modules that have aging enabled The Aging Period can be set to a number between 10 and 10000000seconds ...

Page 227: ...all ports draw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining ports have already used all available MAC addresses Violation Mode If Limit is reached the switch can take one of the following actions Protect Do not allow more than Limit MAC addresses on the port but ...

Page 228: ...d on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sec...

Page 229: ...he limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count Current Violating Limit The three columns indicate the number of currently learned MAC addresses forwarding as well as blocked the number of violating MAC address only counting in Restrict mode and the maximum number of MAC addresses that can...

Page 230: ...d the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown Buttons Figure 11 5 2 The Port S...

Page 231: ...ess NAS Identifier 3 Click Add New Entry 4 Set Hostname Auth Port Acct Port Timeout Retransmit Key 5 Click the Apply to save the setting 6 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 11 6 1 The RADIUS Configuration Parameter description Global Configuration These setting are common for all of the RADIUS servers Timeout ...

Page 232: ...as attribute 4 in RADIUS Access Request packets If this field is left blank the IP address of the outgoing interface is used NAS IPv6 Address The IPv6 address to be used as attribute 95 in RADIUS Access Request packets If this field is left blank the IP address of the outgoing interface is used NAS Identifier The identifier up to 255 characters long to be used as attribute 32 in RADIUS Access Requ...

Page 233: ...2 Status This section shows you an overview detail of the RADIUS Authentication and Accounting servers status to ensure the function is workable Web Interface To display a RADIUS Status in the web interface 1 Click Security RADIUS and Status 2 Select server to display the detail statistics for a particular RADIUS Figure 11 6 2 The RADIUS Server Status Overview Parameter description The RADIUS serv...

Page 234: ...tatus The current status of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply wit...

Page 235: ...DIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Bad Authenticators The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server Unknown Typ...

Page 236: ...server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip Time The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS auth...

Page 237: ...and UDP port for the accounting server in question State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting a...

Page 238: ... the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear Clears the counters for the selected server The Pending Requests counter will not be cleared by this operation ...

Page 239: ...e web interface 1 Click Security and TACACS 2 Click Add New Entry 3 Specify the Timeout Deadtime Key 4 Specify the Hostname Port Timeout and Key in the server 5 Click Apply Figure 11 7 The TACACS Server Configuration Parameter description Global Configuration These setting are common for all of the TACACS servers Timeout ...

Page 240: ...nfiguration The table has one row for each TACACS server and a number of columns which are Delete To delete a TACACS server entry check this box The entry will be deleted during the next Save Hostname The IP address or hostname of the TACACS server Port The TCP port to use on the TACACS server for authentication Timeout This optional setting overrides the global timeout value Leaving it blank will...

Page 241: ...rrect value for port ACL setting 3 Click the apply to save the setting 4 If you want to cancel the setting then you need to click the reset button It will revert to previously saved values 5 After you configure complete then you could see the Counter of the port Then you could click refresh to update the counter or Clear the information Figure 12 1 The ACL Ports Configuration Parameter description...

Page 242: ... are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled...

Page 243: ...ou want to cancel the setting then you need to click the reset button It will revert to previously saved values Figure 12 2 The ACL Rate Limiter Configuration Parameter description Rate Limiter ID The rate limiter ID for the settings contained in the same row and its range is 1 to 16 Rate The valid rate is 0 10 20 30 5000000 in pps or 0 25 50 75 10000000 in kbps Unit Specify the rate unit The allo...

Page 244: ...ick the button to add a new ACL or use the other ACL modification buttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 To specific the parameter of the ACE 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the reset button It will revert to previously saved values 6 When editing an entry on the AC...

Page 245: ... with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Filter Frames matching the ACE are filtered Rate Limiter Indicates the rate limiter number of the ACE The allowe...

Page 246: ...ific policy with this ACE choose this value Two field for entering an policy value and bitmask appears Policy Value When Specific is selected for the policy filter you can enter a specific policy value The allowed range is 0 to 255 Policy Bitmask When Specific is selected for the policy filter you can enter a specific policy bitmask The allowed range is 0x0 to 0xff Notice the usage of bitmask if t...

Page 247: ...eceived on the port are not mirrored The default value is Disabled Logging Specify the logging operation of the ACE Notice that the logging message doesn t include the 4 bytes CRC information The allowed values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Note The logging feature only works when the packet length is less than 1518...

Page 248: ... 1Q tagged The allowed values are Any Any value is allowed don t care Enabled Tagged frame only Disabled Untagged frame only The default value is Any VLAN ID Filter Specify the VLAN ID filter for this ACE Any No VLAN ID filter is specified VLAN ID filter status is don t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appe...

Page 249: ...ify the target IP filter for this specific ACE Any No target IP filter is specified Target IP filter is don t care Host Target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear Target IP Address W...

Page 250: ...hen Frame Type IPv4 is selected IP Protocol Filter Specify the IP protocol filter for this ACE Any No IP protocol filter is specified don t care Specific If you want to filter a specific IP protocol filter with this ACE choose this value A field for entering an IP protocol filter appears ICMP Select ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear Thes...

Page 251: ...appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation SIP Mask When Network is selected for the source IP filter you can enter a specific SIP mask in dotted decimal nota...

Page 252: ...rce IPv6 mask in the SIP Address fields that appear SIP Address When Specific is selected for the source IPv6 filter you can enter a specific SIPv6 address The field only supported last 32 bits for IPv6 address SIP BitMask When Specific is selected for the source IPv6 filter you can enter a specific SIPv6 mask The field only supported last 32 bits for IPv6 address Notice the usage of bitmask if th...

Page 253: ...er a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Destination Filter Specify the TCP UDP destin...

Page 254: ...H field is set must be able to match this entry Any Any value is allowed don t care TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE 0 TCP frames where the ACK field is set must not be able to match this entry 1 TCP frames where the ACK field is set must be able to match this entry Any Any value is allowed don t care TCP URG Specify the TCP Urgent Pointer field signi...

Page 255: ...changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh To evoke the auto refresh to refresh the information automatically Refresh clear Remove All You can click them for refresh the ACL configuration or clear them by manual Others remove all to clean up all ACL configurations on the table Cancel Return to the previous page ...

Page 256: ... switch Ingress Port Indicates the ingress port of the ACE Possible values are All The ACE will match all ingress port Port The ACE will match a specific ingress port Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP...

Page 257: ...t redirect operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled CPU Forward packet that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU Counter The counter indicates the numbe...

Page 258: ...d SNMP is set Disable SNMP agent will be de activated the related Community Name Trap Host IP Address Trap and all MIB counters will be ignored 13 1 Configuration This section describes how to configure SNMP System on the switch This function is used to configure SNMP settings community name trap host and public traps as well as the throttle of SNMP A SNMP manager must pass the authentication by i...

Page 259: ...e used to restrict source subnet Write Community Indicates the community write access string to permit access to SNMP agent The allowed string length is 1 to 31 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides ...

Page 260: ... Parameter description Community Indicates the security name to map the community to the SNMP Groups configuration The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Source IP Indicates the SNMP access source address A particular range of source addresses can be used to restrict source subnet when combined with source mask Source IP Prefix Indicates the...

Page 261: ...ine ID that this entry should belong to The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Model VACM for access control For the USM entry the usmUserEngineID and usmUserName are the entry s...

Page 262: ...hentication password phrase For MD5 authentication protocol the allowed string length is 8 to 39 For SHA authentication protocol the allowed string length is 8 to 39 The allowed content is ASCII characters from 33 to 126 Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols are DES An optional flag to indicate that this user uses DES authentica...

Page 263: ...the security model that this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 31 and the allowed content is ASCII characters from 33 to 126 Group Name A string identifying the group name that thi...

Page 264: ...ndex keys are OID Subtree and View Name To create a new view account please check Add new view button and enter the view information then click Apply Max Group Number 12 Configure SNMPv3 view table on this page The entry index keys are View Name and OID Subtree Web Interface To configure SNMP views in the web interface 1 Click SNMP SNMPv3 and Views 2 Click Add new entry 3 Specify the SNMP View par...

Page 265: ...allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Buttons Add New Entry Click to add new entry Specify the name and configure the new entry Click Apply Delete Check to delete the entry It will be deleted during the next save Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 13 2 5 Access The function...

Page 266: ...SM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 31 and the a...

Page 267: ...Specify the name and configure the new entry Click Apply Delete Check to delete the entry It will be deleted during the next save Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 268: ...r description These parameters are displayed on the RMON Statistics Configuration page ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Buttons Delete Check to delete the entry It will be deleted during ...

Page 269: ... displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the First Entry button to start over Web Interface To display a RMON Statistics Status in the web interface 1 Click Security RMON Statistics and Status 2 Specify Port which want to check 3 Checked Auto refresh 4 Click Refresh to refresh the port detailed statistics F...

Page 270: ...ber of frames which size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions on this Ethernet segment 64 Bytes The total number of packets including bad packets received that were 64 octets in length 65 127 The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 The total number of packe...

Page 271: ...h Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Next Updates the system log entries turn to the next page Previous Updates the system log entries turn to the previous page ...

Page 272: ...iguration page ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 secon...

Page 273: ... Sample Index found in the History table The Start from History Index and Sample Index allows the user to select the starting point in the History table Clicking the Refresh button will update the displayed table starting from that or the next closest History table match The Next Entry will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached t...

Page 274: ... The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Under size The total number of packets received that were less than 64 octets Over size The total nu...

Page 275: ...automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Entry Updates the table starting from the first entry in the IPMC Profile Address Configuration Next Entry Updates the table starting with the entry after the last entry currently displayed ...

Page 276: ...he index of the entry The range is from 1 to 65535 Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold The range is from 1 to 2 31 1 Variable Indicates the particular variable to be sampled the possible variables are InOctets The total number of octets received on the interface including framing characters InUcastPkts The number of uni cast packet...

Page 277: ...cted variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the sample directly Delta Calculate the difference between samples default Value The value of the statistic during the last sampling period Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample type...

Page 278: ... in the Alarm table Clicking the Refresh button will update the displayed table starting from that or the next closest Alarm table match The Next Entry will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the First Entry button to start over Web Interface To display a RMON Alarm ...

Page 279: ...g Index Rising event index Falling Threshold Falling threshold value Falling Index Falling event index Show entries You can choose how many items you want to show off Buttons Figure 13 5 2 RMON Alarm Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Entry Updates the table starti...

Page 280: ...History Configuration page ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Indicates the notification of the event the possible types are None No SNMP log is created no SNMP trap is sent Log Create SNMP log entry when the event is triggered Snmp trap Send SNMP trap when the event is triggere...

Page 281: ...st Event Index and Log Index found in the Event table The Start from Event Index and Log Index allows the user to select the starting point in the Event table Clicking the Refresh button will update the displayed table starting from that or the next closest Event table match The Next Entry will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reach...

Page 282: ... items you want to show Buttons Figure 13 6 2 RMON Event Status buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately First Entry Updates the table starting from the first entry in the IPMC Profile Address Configuration Next Entry Updates the table starting with the entry after the last entry cur...

Page 283: ...f a MEP to enter the configuration page The range is from 1through 3124 Domain Port This is a MEP in the Port Domain VLAN This is a MEP in the VLAN Domain Flow Instance is a VLAN In case of Up MEP the VLAN must be created Mode MEP This is a Maintenance Entity End Point MIP This is a Maintenance Entity Intermediate Point Direction Down This is a Down MEP monitoring ingress OAM and traffic on Reside...

Page 284: ... not used VLAN MEP This is not used EVC MIP On Serval this is the Subscriber VID that identify the subscriber flow in this EVC where the MIP is active This MAC The MAC of this MEP can be used by other MEP when unicast is selected Info only Alarm There is an active alarm on the MEP or operational state is not Up Buttons Add New MEP Click to add a new MEP entry Apply Click to save changes Reset Clic...

Page 285: ...ated are 64 Click on the ID of an Protection group to enter the configuration page Port 0 This will create a Port 0 of the switch in the ring Port 1 This will create Port 1 of the switch in the Ring As interconnected sub ring will have only one ring port Port 1 is configured as 0 for interconnected sub ring 0 in this field indicates that no Port 1 is associated with this instance Port 0 SF MEP The...

Page 286: ...channel or not on the interconnected node This is configured using Virtual Channel checkbox Yes indicates it is a sub ring with virtual channel No indicates sub ring doesn t have virtual channel Major Ring ID Major ring group ID for the interconnected sub ring It is used to send topology change updates on major ring If ring is major this value is same as the protection group ID of this ring Alarm ...

Page 287: ...ncel the setting then you need to click the Reset button It will revert to previously saved values Figure 16 1 The PTP configuration Parameter description PTP External Clock Configuration One_PPS_Mode This Selection box will allow you to select the One_pps_mode configuration The following values are possible 1 Output Enable the 1 pps clock output 2 Input Enable the 1 pps clock input 3 Disable Disa...

Page 288: ...z PTP Clock Configuration Delete Check this box and click on Save to delete the clock instance Clock Instance Indicates the instance number of a particular Clock Instance 0 3 Click on the Clock Instance number to edit the Clock details HW Domain Indicates the HW clock domain used by the clock Device Type Indicates the Type of the Clock Instance There are five Device Types 1 Ord Bound clock s Devic...

Page 289: ...clock output Input Enable the 1 pps clock input Disable Disable the 1 pps clock in out put External Enable Shows the current External clock output configuration True Enable the external clock output False Disable the external clock output Adjust Method Shows the current Frequency adjustment configuration LTC Use Local Time Counter LTC frequency control Single Use SyncE DPLL frequency control if al...

Page 290: ... the Clock Instance There are five Device Types Ord Bound Clock s Device Type is Ordinary Boundary Clock P2p Transp Clock s Device Type is Peer to Peer Transparent Clock E2e Transp Clock s Device Type is End to End Transparent Clock Master Only Clock s Device Type is Master Only Slave Only Clock s Device Type is Slave Only Port List Shows the ports configured for that Clock Instance Buttons Figure...

Page 291: ...ace 1 Click Event Notification and SNMP Trap 2 Click Add New Entry then you can create new SNMP Trap on the switch 3 Specify SNMP Trap parameter 4 Click Apply Figure 17 1 The SNMP Trap Configuration Parameter description Trap Destination Configurations Name Indicates the trap Configuration s name Indicates the trap destination s name Enable ...

Page 292: ... valid IPv4 address For example 192 1 2 34 Destination port Indicates the SNMP trap destination port SNMP Agent will send SNMP message via this port the port range is 1 65535 SNMP Trap Configuration Trap Config Name Indicates which trap Configuration s name for configuring The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Trap Mode Indicates the SNMP m...

Page 293: ...ine ID SNMPv3 sends traps and informs using USM for authentication and privacy A unique engine ID for these traps and informs is needed When Trap Probe Security Engine ID is enabled the ID will be probed automatically Otherwise the ID specified in this field is used The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are no...

Page 294: ...fy SMTP Configuration parameter 3 Click Apply Figure 17 2 The SMTP Configuration Parameter description Mail Server The IP address or hostname of the mail server IP address is expressed in dotted decimal notation This will be the device that sends out the mail for you User Name Specify the username on the mail server Password Specify the password of the user on the mail server Sender Specify the se...

Page 295: ...Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 296: ...k Apply Figure 17 3 1 The System Log configuration Parameter description Server Mode Indicates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does ...

Page 297: ...ck Event Notification Log and View Log 2 Display the log information Figure 17 3 2 The System Log Information Parameter description ID ID 1 of the system log entry Level level of the system log entry The following level types are supported Debug debug level message Info informational message Notice normal but significant condition Warning warning condition Error error condition Crit critical condi...

Page 298: ...t to see Show entries You can choose how many items you want to show Buttons Figure 14 3 2 View Log buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Updates the system log entries starting from the current entry ID Clear Clear all the system log entries Next Updates the system log entries turn to the next page Previous Updates t...

Page 299: ...ct the DI DO Mode 3 Click the Apply to save the setting Figure 17 4 The Digital I O Configuration Parameter description Group Name The name identifying the severity group DI Normal Mode Set the normal mode of the digital input DI You can set it to High or Low DO Normal Mode Set the normal mode of the digital output DO You can set it to Open or Close Buttons Apply Click to save changes ...

Page 300: ...t button It will revert to previously saved values Figure 17 5 The Event Severity Configuration Parameter description Group Name The name identifying the severity group Severity Level Every group has an severity level The following level types are supported 0 Emergency System is unusable 1 Alert Action must be taken immediately 2 Critical Critical conditions 3 Error Error conditions 4 Warning Warn...

Page 301: ...Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 302: ...r 18 1 Ping This section allows you to issue ICMP Echo packets to troubleshoot Ipv4 6 connectivity issues Web Interface To configure a PING in the web interface 1 Click Diagnostics and Ping 2 Specify IP Address Ping Length Ping Count Ping Interval and Egress Interface 3 Click Start Figure 18 1 The ICMP Ping Parameter description IP Address ...

Page 303: ...be effective only when the corresponding IPv6 interface is valid When the egress interface is not given PING6 finds the best match interface for destination Do not specify egress interface for loopback address Do specify egress interface for link local or multicast address Buttons Start Click the Start button to start to ping the target IP Address New Ping Back to ICMP Ping page 18 2 Traceroute Th...

Page 304: ...e traceroute will probe Values range from 1 to 255 The default is 30 Probe Count Sets the number of probe packets per hop Values range from 1 to 10 The default is 3 Buttons Start Click the Start button to start to traceroute the target IP Address New Ping Back to Traceroute page 18 3 Cable Diagnostics This section shows how to run Cable Diagnostics for copper ports Web Interface To configure a Cab...

Page 305: ...ink Down Link down or cable is not correct Test Result Test Result of the cable OK Correctly terminated pair Abnormal Incorrectly terminated pair or link down Length The length in meters of the cable pair The resolution is 3 meters When Link Status is shown as follow the length has different definition 1G The length is the minimum value of 4 pair 10M 100M The length is the minimum value of 2 pair ...

Page 306: ...Select the Monitor Destination Port Mirror Port 3 Select mode disabled enable TX Only and RX only for each monitored port 4 Click the Apply button to save the setting 5 If you want to cancel the setting then you need to click the Reset button to revert to previously saved values Figure 18 4 The Mirror Configuration Parameter description Monitor Destination Port Port to output the mirrored traffic ...

Page 307: ...es received are not mirrored Disabled neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored on the mirror port Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 308: ...y which means that a reboot or master change will disable sFlow sampling Web Interface To configure the sFlow in the web interface 1 Click Diagnostics sFlow and Configuration 2 Set the sFlow parameters 3 Click apply to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 18 5 1 The sFlow Configuration Paramete...

Page 309: ...DP port on which the sFlow receiver listens to sFlow datagrams If set to 0 zero the default port 6343 is used Timeout The number of seconds remaining before sampling stops and the current sFlow owner is released While active the current time left can be updated with a click on the Refresh button If locally managed the timeout can be changed on the fly without affecting any other settings Max Datag...

Page 310: ...tween counter poller samples Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Release See description under Owner Refresh Click to refresh the page Note that unsaved changes will be lost 18 5 2 Statistics This session shows receiver and per port sFlow statistics Web Interface To Display port sFlow statistics in the web interface...

Page 311: ...tagrams that has failed transmission The most common source of errors is invalid sFlow receiver IP hostname configuration To diagnose paste the receiver s IP address hostname into the Ping Web page Diagnostics Ping Ping6 Flow Samples The total number of flow samples sent to the sFlow receiver Counter Samples The total number of counter samples sent to the sFlow receiver Port Statistics Port The po...

Page 312: ...ns Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear Receiver Clears the sFlow receiver counters Clear Ports Clears the per port counters ...

Page 313: ... currently active configuration on the switch This file is volatile startup config The startup configuration for the switch read at boot time default config A read only file with vendor specific configuration This file is read when the system is restored to default settings 19 1 1 Save startup config This copy running config to startup config thereby ensuring that the current active configuration ...

Page 314: ...is possible to transfer any of the files on the switch to the web browser Select the running config may take a little while to complete as the file must be prepared before backup Web Interface To backup configuration in the web interface 1 Click Maintenance Configuration and Backup 2 Click Backup Figure 19 1 2 Backup Parameter description running config A virtual file that represents the currently...

Page 315: ...ch configuration This can be done in two ways Replace mode The current configuration is fully replaced with the configuration specified in the source file Merge mode The source file configuration is merged into running config Web Interface To restore configuration in the web interface 1 Click Maintenance Configuration and Restore 2 Click Restore Figure 19 1 3 Restore Config Parameter description r...

Page 316: ... the configuration files present on the switch except for running config which represents the currently active configuration Select the file to activate and click This will initiate the process of completely replacing the existing configuration with that of the selected file Web Interface To activate configuration in the web interface 1 Click Maintenance Configuration and Activate 2 Click Activate...

Page 317: ...e operation this effectively resets the switch to default configuration Web Interface To delete configuration in the web interface 1 Click Maintenance Configuration and Delete 2 Click Delete Select Figure 19 1 5 Delete Configuration Parameter description Buttons Delete Configuration File Click the Delete Configuration File button then the selected file will be deleted ...

Page 318: ...still be available afterwards Web Interface To Restart Device in the web interface 1 Click Maintenance and Restart Device 2 Click Yes Figure 19 2 Restart Device Parameter description Restart Device You can restart the switch on this page After restart the switch will boot normally Buttons Yes Click to Yes then the device will restart No Click to cancel the opeation ...

Page 319: ...nterface 1 Click Maintenance and Factory Defaults 2 You can choose if you want to keep ip configuration or not 3 Click Yes Figure 19 3 The Factory Defaults Parameter description Buttons Keep IP Configuration Choose if you want to keep ip configuration or not Yes Click to Yes button to reset the configuration to Factory Defaults No Click to cancel the operation ...

Page 320: ...eter description Browse Click the Browse button to search the Firmware URL and filename 19 4 2 Firmware Selection This page provides information about the active and alternate backup firmware images in the device and allows you to activate the alternate image The web page displays two tables with information about the active and alternate firmware images Web Interface To show the Firmware informat...

Page 321: ...mage was last updated Version The version of the firmware image Date The date where the firmware was produced Buttons Activate Alternate Image Click to use the Activate Alternate Image This button may be disabled depending on system state Cancel Cancel activating the alternate image Navigates away from this page ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands