29
30
Configuration
guide
:
Enable RSTP function to avoid broadcast storm caused by looped network
structure among
switch
A
,
switch
B and
switch
C
1
-
10
port
.
The meaning of main parameters of the pages as below. .
Table
4-9 Parameters
Configuration Guidelines
:
For example, when binding the port 10 of switch A with switch B, port 1 belongs
to VLAN20
.
Parameters
Description
MAC Address
Static MAC address differs from the general dynamic MAC
address. Once a static address is
added, the address will
remain in effect until be deleted and free the maximum aging
time limited.
VLAN ID
Port-corresponding VLAN ID number
Port
Select a static MAC address to forward port, you can only
specify one forwarding port.
On [
/
Port
security Stastic address lock] page displays
statics
address
latch
,
as
shown in figure 4-7
:
switch
information
of
Figure 4
-
7
Port security
After
setting
RSTP
,
click
“
RSTP
information
”
to
check root bridge and
port information. The port recover
time is around
10s by default
,
click
right
key to refresh
current
status
。
4.5 Port Security
4.5.1 Statics Address Latch
Statics
MAC
address
is to
limit
computer
operation
,
the
computer
with
binding
computer
MAC
and
ports
can
not
communicate
with
other
ports
,
while other
computer
can
do that.
Instruction
Enable
Enter 1-10 within the Port
range
(
or
click
box
front
of
port
)
Equipment
priority
,
cycle
of
sending
message
,
maximum
lifetime
of
information
,
default
port
status
migration
delay
;
Path cost, enter "0" is automatically detected;
Port
priority,
choose “128”;
Point
to
point,
choose“yes”;
Edge
port,
choose “No”;
Click
save
,
operation
.
switch
A
,
B
,
C
RSTP
function;
finished
Enable static address latch function of switch B;
Enter
the
MAC address of switch B;
Enter VLAN
ID with 20;
Enter port with 20;
Click Save;
Operation
.
finished
This feature is a security mechanism which requires high attention to the
settings
;
Do not use a multicast address as a enter address;
Do not enter the reserved MAC address, such as local MAC address;
For port which has already been added to an aggregation group, it is not
allowed to set binding function between port and MAC address.
Caution
4.5.2
802.1X certificates
IEEE 802.1X certification system adopted the "controllable port" and
"uncontrolled ports" logic functions. It can realize the separation of business
and certification. After passing certification, the business flow and the
certification flow separation, it has no special requirement for the following
subsequent packets. Business can be flexible, especially in develop broadband
multicast business, it has a lot of advantages. All the business are not
restricted by authentication.
802.1X Three Main Parts
:
(
1
)
Application supplicant
:
User
and
Client
which
want
to
get
the
certification
;
(
2
)
authentication server
:
A typical example for the RADIUS server
;
(
3
)
Certification
System authenticator
:
Between the end devices, such as
wireless access points, switches, etc We can play at the same time equipment
system and authentication server two characters, you can also use the
additional authentication server, at the same time support the billing system.