GE GE-DS-242-POE User Manual Download Page 113 | Manualshive

Page: 113 / 210

background image

Chapter 4: Web-Based Management

GE-DS-242-PoE Managed Ethernet Switch User Manual

109

802.1X Configuration

802.1x is an IEEE authentication specification which prevents the client from
accessing a wireless access point or wired switch until it provides authority, like the
user name and password that are verified by an authentication server (such as
RADIUS server).

Understanding IEEE 802.1X Port-Based Authentication

The IEEE 802.1X standard defines a client-server-based access control and
authentication protocol that restricts unauthorized clients from connecting to a LAN
through publicly accessible ports. The authentication server authenticates each client
connected to a switch port before making available any services offered by the
switch or the LAN.
Until the client is authenticated, 802.1X access control allows only Extensible
Authentication Protocol over LAN (EAPOL) traffic through the port to which the client
is connected. After authentication is successful, normal traffic can pass through the
port.
This section includes this conceptual information:

•

Device Roles

•

Authentication Initiation and Message Exchange

•

Ports in Authorized and Unauthorized States

•

Device Roles

With 802.1X port-based authentication, the devices in the network have specific roles
as shown below.

Figure 4-63: 802.1x device role

«
...
111
112
113
114
115
...
»

Summary of Contents for GE-DS-242-POE

Page 1: ...GE Security P N 1069174 REV 1 0 ISS 22FEB10 GE DS 242 PoE Managed Ethernet Switch User Manual ...

Page 2: ... latest product information contact your local supplier or visit us online at www gesecurity com FCC compliance This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equ...

Page 3: ...cess Overview 22 Web Management 23 SNMP Based Network Management 25 Administration Console 25 Protocols 27 Management Architecture 28 Chapter 4 Web Based Management 29 About Web based Management 29 System 34 VLAN Configuration 54 Rapid Spanning Tree 69 Trunking 81 Forwarding and Filtering 88 IGMP Snooping 91 QoS Configuration 96 Access Control List 102 MAC Limit 107 802 1X Configuration 109 Power ...

Page 4: ...ation 149 MAC limit 154 Port Mirroring Configuration 155 Quality of Service 156 MAC Address Configuration 159 STP RSTP Commands 162 SNMP 167 IGMP 171 802 1x Protocol 173 Access Control List 177 Binding 182 Power over Ethernet Commands 184 Chapter 7 Switch Operation 191 Chapter 8 Power Over Ethernet Overview 193 What is PoE 193 Chapter 9 Troubleshooting 201 Appendix A RJ 45 Pin Assignment 203 Switc...

Page 5: ...l Form Factor Pluggable interface The GE DS 242 PoE has a high performance switch architecture that is capable of providing non blocking switch fabric and wire speed throughput as high as 8 8Gbps Its two built in GbE uplink ports also offer incredible extensibility flexibility and connectivity to the Core switch or Server The PoE in line power following the standard IEEE 802 3af makes the GE DS 24...

Page 6: ...peed Switching The GE Security GE DS 242 PoE Managed Switch offers 24 Ethernet ports with 2 Gigabit TP SFP combo ports Port 25 26 The type 24 Fast Ethernet ports of GE DS 242 PoE are 10 100Base TX copper RJ 45 These two Gigabit TP SFP combo ports of all models can be either 1000Base T for 10 100 1000Mbps or 1000Base SX LX through SFP Small Form factor Pluggable interface The distance can be extend...

Page 7: ...nd 4 RMON groups How to Use this Manual This User Manual is structured as follows Section Section Content INTRODUCTION Product description with features and specifications INSTALLATION Explains the functions of the Managed Switch and how to physically install the Managed Switch SWITCH MANAGEMENT Contains information about the software function of the Managed Switch WEB CONFIGURATION Explains how t...

Page 8: ...t CRC filtering eliminates erroneous packets to optimize the network bandwidth o 8K MAC Address Table automatic source address learning and ageing o Support VLANs IEEE 802 1Q Tag Based VLAN Up to 255 VLANs groups out of 4096 VLAN IDs Port Based VLAN Q in Q tunneling Double Tag VLAN o Supports Link Aggregation Up to 13 Trunk groups Up to 8 ports per trunk group with 1 6Gbps bandwidth Full Duplex mo...

Page 9: ...nagement to prevent unauthorized intruder o Port Mirroring to monitor incoming or outgoing traffic on a particular port Management o Switch Management Interface Web switch management Telnet Command Line Interface SNMP v1 v2c switch management Console local management o SNMP Trap for alarm notification of events o Four RMON groups 1 2 3 9 history statistics alarms and events o Built in Trivial File...

Page 10: ... Circuit protection prevent power interference between ports o Remote power feeding up to 100m o PoE Management Total PoE power budget control Per port PoE function enable disable PoE Port Power feeding priority Per PoE port power limit PD classification detection PoE Power Supply Over temperature Protection ...

Page 11: ...Bytes Address Table 8K entries Share Data Buffer 512Kbytes Flash 4Mbytes DRAM 16Mbytes Maximum Frame Size 9K Bytes Flow Control Back pressure for Half Duplex IEEE 802 3x Pause Frame for Full Duplex LED Power FAN Alarm Link Activity Green PoE In Use Amber 1000 LNK ACT Green 10 100 LNK ACT Green Dimensions W x D x H 440 x 300 x 44 mm 1U height Weight 4 3kg Power Requirement 100 240V AC 50 60 Hz Powe...

Page 12: ...regation Static Port Trunk IEEE 802 3ad LACP Link Aggregation Control Protocol Supports 13 groups of 8 Port trunk support Quality of Service Traffic classification based on Port Based priority 802 1p priority IP DSCP TOS field in IP Packet IGMP Snooping v1 and v2 256 multicast groups and IGMP query Bandwidth Control Per port ingress egress bandwidth control in steps of128Kbps Port Mirror RX TX Bot...

Page 13: ...LX IEEE 802 3ab Gigabit 1000Base T IEEE 802 3x Flow Control and Back pressure IEEE 802 1d Spanning tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 3af Power over Ethernet Cable Fiber optic cable 50 125µm or 62 5 125µm multi mode fiber cable 100Base FX up to 2km 1000Base SX up to 22...

Page 14: ...Chapter 1 Introduction 10 GE DS 242 PoE Managed Ethernet Switch User Manual ...

Page 15: ...tion of the Managed Switch on the desktop or rack mount For easier management and control of the Managed Switch familiarize yourself with its display indicators and ports Front panel illustrations in this chapter display the unit s LED indicators Read this chapter completely before connecting any network device to the Managed Switch ...

Page 16: ...t 25 Port 26 1000Base SX LX mini GBIC slot SFP Small Form Factor Pluggable transceiver module from 550 meters Multi mode fiber up to 10 30 50 70 120 kilometers Single mode fiber Console Port The console port is a DB9 RS 232 male serial port connector It is an interface for connecting a terminal directly Through the console port it provides rich diagnostic information includes IP Address setting fa...

Page 17: ...ged Switch Until the PWR LED goes out Resets the Managed Switch to Factory Default configuration The Managed Switch will then reboot and load the default settings as below Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 LED Indicators The front panels LEDs indicate instant status of port links data activity and system power They help ...

Page 18: ...erfaces LED Color Function LNK ACT 1000 Green Lit indicates the port is operating at 1000Mbps Off indicates the port is operating at 10Mbps or 100Mbps Blink indicates the Switch is actively sending or receiving data over that port LNK ACT 100 Green Lit indicates the port is operating at 100Mbps Off indicates the port is operating at 10Mbps or 1000Mbps Blink indicates the Switch is actively sending...

Page 19: ...vent data loss or downtime 2 In some areas installing a surge suppression device may also help protect your Managed Switch from being damaged by unregulated power surges or current to either the Switch or the power adapter Switch Installation This text describes how to install the Managed Switch and connect it as necessary Please read the following instructions and perform the procedures in the li...

Page 20: ...Connect one end of a standard network cable to the 10 100 1000 RJ 45 ports on the front of the Managed Switch B Connect the other end of the cable to the network devices printer servers workstations routers etc Step 5 Connect the Managed Switch to supply power A Connect socket end of the power cable to the socket on the Managed Switch rear panel B Connect the power cable plug to a standard wall ou...

Page 21: ...each side of the Managed Switch Use the supplied screws attached to the package Figure 2 5 shows how to attach brackets to one side of the Managed Switch Figure 2 5 Attaching rack mount brackets to the GE DS 242 PoE Step 3 Secure the brackets tightly but do not overtighten screws Step 4 Follow the same steps to attach the second bracket to the opposite side Step 5 After the brackets are attached t...

Page 22: ...down the Managed Switch as shown in Figure 2 7 Figure 2 7 Plugging in the SFP transceiver Approved GE Security SFP Transceivers The Managed Switch supports both single mode and multi mode SFP transceivers The following list of approved GE Security SFP transceivers is correct at the time of publication 1000Base SX LX SFP transceiver SFP1000SX 220 SFP 1000BASE SX SFP transceiver Multi mode 220m SFP1...

Page 23: ...h the duplex LC connector on the network cable into the SFP transceiver 2 Connect the other end of the cable to a device switches with SFP installed fiber NIC on a workstation or a Media Converter 3 Check the LNK ACT LED of the SFP slot on the front of the Switch Ensure that the SFP transceiver is operating correctly 4 Check the Link mode of the SFP port if the link failed Co works with some fiber...

Page 24: ...ser Manual Figure 2 8 Pulling out the SFP transceiver CAUTION Never pull out the module without pulling the handle or the push bolts on the module Pulling out the module with too much force could damage the module and SFP module slot of the Managed Industrial Switch ...

Page 25: ...management applications and the communication and management protocols that deliver data between your management device work station or personal computer and the system It also contains information about port connection options This chapter covers the following topics Requirements Management Access Overview Administration Console Access Web Management Access SNMP Access Standards Protocols and Rel...

Page 26: ... in Serial Port connection Above PC with COM Port DB 9 RS 232 or USB to RS 232 converter NOTE We recommended Internet Explore 6 0 or above to access the Managed Switch Management Access Overview The Managed Switch gives you the flexibility to access and manage it using any or all of the following methods Web browser interface An external SNMP based network management application The Administration...

Page 27: ...xt based Telnet functionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard bro...

Page 28: ...Chapter 3 Switch Management 24 GE DS 242 PoE Managed Ethernet Switch User Manual Figure 3 1 Web management setup Figure 3 2 Web main screen of Managed Switch ...

Page 29: ...g it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default gets and sets community strings for the Managed Switch are public Figure 3 3 SNMP management Administration Console The administration console is an internal character oriented and command line user interface for performing system administration such as displaying statistics or c...

Page 30: ...terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight DB9 RS 232 cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the following parameters 57600 bps 8 data bits No parity 1 stop bit Figure 3 5 Terminal param...

Page 31: ...a management session from a Macintosh a PC or a UNIX workstation Because Telnet runs over TCP IP you must have at least one IP address configured on the Managed Switch before you can establish access to it with a virtual terminal protocol Terminal emulation differs from a virtual terminal protocol in that you must connect a terminal directly to the console serial port NOTE See the Installation She...

Page 32: ...ing Application Programming Interface MAPI By unifying management methods with a single MAPI configuration parameters set using one method console port for example are immediately displayable by the other management methods for example SNMP agent of Web browser The management architecture of the switch adheres to the IEEE open standard This compliance assures customers that the Managed Switch is c...

Page 33: ...IE6 0 or later version does not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 th...

Page 34: ...me environment Plug in It is recommended to use Internet Explorer 6 0 or above to access the GE DS 242 PoE Managed Switch Figure 4 1 Web management setup Logging on to the Switch 1 Use Internet Explorer 6 0 or above Web browser Enter the factory default IP address to access the Web interface The factory default IP Address as following http 192 168 0 100 2 When the following login screen appears pl...

Page 35: ... 4 3 Figure 4 3 Web main page 2 The Switch Menu on the left of the Web page let you access all the commands and statistics the Switch provides Now you can use the Web management interface to continue the switch management or manage the Managed Switch by Web interface The Switch Menu on the left of the web page let you access all the commands and statistics the Managed Switch provides ...

Page 36: ...mands in lowercase letters in the web interface Main Web Page The Managed Switch provides a Web based browser interface for configuring and managing it This interface allows you to access the Managed Switch using the Web browser of your choice This chapter describes how to use the Managed Switch s Web browser interface to configure and manage it Figure 4 4 Main page Panel Display The web agent dis...

Page 37: ...rts Main Menu Using the onboard web agent you can define system parameters manage and control the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can setup the Managed Switch by select the functions those listed in the Main Function The screen in Figure 4 5 appears Figure 4 5 GE DS 242 PoE Managed Switch Main Functions Menu ...

Page 38: ...nt and SNMP Trap Firmware Upgrade Upgrade the firmware via TFTP server or Web Brower file transfer Configuration Backup Save view the Managed Switch configuration to remote host Upload the switch configuration from remote host Factory Default Reset the configuration of the Managed Switch System Reboot Restarts the Managed Switch System Information The System information page has two parts Basic an...

Page 39: ...Switch DESCRIPTION Describes the Managed Switch MAC ADDRESS Displays the unique hardware address assigned by manufacturer default FIRMWARE VERSION Displays the Managed Switch s firmware version HARDWARE VERSION Displays the current hardware version Misc Config Choose Misc Config from System Information of Managed Switch the screen in Figure 4 7 appears Figure 4 7 Switch Misc Config screenshot ...

Page 40: ...e by selected mean can not filter any packets The Broadcast Storm Filter Mode will show OFF The selectable items as below Broadcast Packets IP Multicast Control Packets Flooded Unicast Multicast Packets Collision Retry Forever Provide Collision Retry Forever function Disable or 16 32 48 collision numbers on Managed Switch If this function is disabled when a packet meet a collision the Managed Swit...

Page 41: ...ned by an employee called a Network Administrator or Sys Admin This person assigns IP addresses and is responsible for making sure that IP addresses are not duplicated If this happens one or both machines with a duplicate address will stop working Another possibility is getting your address assigned to you automatically over the net via DHCP protocol Enable DHCP function and reset the machine If y...

Page 42: ...ent IP will lose and user should find the new IP on the DHCP server IP Address Assign the IP address that the network is using If DHCP client function is enabled this switch is configured as a DHCP client The network DHCP server will assign the IP address to the switch and display it in this column The default IP is 192 168 0 100 or the user has to assign an IP address manually when DHCP Client is...

Page 43: ...interface An SNMP managed network consists of four key components Network management stations NMSs SNMP agents Management information base MIB and network management protocol Network management stations NMSs Sometimes called consoles these devices execute management applications that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fas...

Page 44: ...trieve an object instance from the agent Set Allows the NMS to set values for object instances within an agent Trap Used by the agent to asynchronously inform the NMS of some event The SNMPv2 trap message is designed to replace the SNMPv1 trap message SNMP Community An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent ...

Page 45: ... an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Contact The textual identification of the contact person for this managed node together with in...

Page 46: ... object information RW Read write Enables requests accompanied by this community string to display MIB object information and to set MIB objects ADD button Press the button to add the management SNMP community strings on the Managed Switch REMOVE button Press the button to remove the management SNMP community strings that you defined before on the Managed Switch Trap Managers A trap manager is a m...

Page 47: ...des the functions to allow a user to update the Managed Switch firmware from the TFTP server in the network Before updating make sure you have your TFTP server ready and the firmware image is on the TFTP server The screen in Figure 4 13 appears Use this menu to download a file from specified TFTP server to the Managed Switch Figure 4 13 Firmware Upgrade interface This page includes the following f...

Page 48: ... of the main page the Choose file window will appear 4 Select the firmware file then click the Open button to load the file The Firmware upgrade process takes several minutes Please wait a while and then manually refresh the webpage Configuration Backup TFTP Restore Configuration You can restore a previous backup configuration from the TFTP server to recover the settings Before doing that you must...

Page 49: ...er IP Address Type in your TFTP server IP Restore File Name Type in the correct file name for restoring TFTP Backup Configuration You can back up the current configuration from flash ROM to the TFTP server for the purpose of recovering the configuration later It helps you to avoid wasting time on configuring the settings by backing up the configuration Figure 4 16 Configuration Backup interface ...

Page 50: ...udes the following fields OBJECT DESCRIPTION TFTP Server IP Address Type in your TFTP server IP Backup File Name Type in the file name Factory Default Reset Switch to default configuration Click the reset button to restore all configurations to the default value Figure 4 17 Factory Default interface ...

Page 51: ...4 Web Based Management GE DS 242 PoE Managed Ethernet Switch User Manual 47 System Reboot Reboot the Switch with a software reset Click the reboot button to reboot the system Figure 4 18 System Reboot interface ...

Page 52: ...Auto the speed and duplex mode are negotiated automatically When you set it as Force you have to set the speed and duplex mode manually Speed It is available for selecting when the Negotiation column is set as Force When the Negotiation column is set as Auto this column is read only Duplex It is available for selecting when the Negotiation column is set as Force When the Negotiation column is set ...

Page 53: ...d range is 0 8000 The unit is 128K 0 disable rate control 1 8000 valid rate value Security A port in security mode will be locked without permission of address learning Only the incoming packets with SMAC already existing in the address table can be forwarded normally User can disable the port from learning any new MAC addresses then use the static MAC addresses screen to define a list of MAC addr...

Page 54: ... displays current port configurations and operating status it is a ports configurations summary table Via the summary table you can learn the status of each port at a glance like Port Link Up Link Down status negotiation Link Speed Rate Control Duplex mode and Flow Control Figure 4 20 Port Status interface ...

Page 55: ...er Link The status of linking Up or Down State Set by Port Control When the state is disabled the port will not transmit or receive any packet Tx Good Packet The counts of transmitting good packets via this port Tx Bad Packet The counts of transmitting bad packets including undersize less than 64 octets oversize CRC Align errors fragments and jabbers packets via this port Rx Good Packet The counts...

Page 56: ...cast packet Port Sniffer The Port Sniffer mirroring is a method for monitor traffic in switched networks Traffic through a port can be monitored by one specific port That is traffic goes in or out a monitored port will be duplicated into sniffer port Figure 4 22 Port Mirror application Configuring the port mirroring by assigning a source port from which to copy all packets and a destination port w...

Page 57: ...ct Analysis port to LAN analyzer or netxray Monitored Port The port you want to monitor The monitor port traffic will be copied to Analysis port You can select one monitor ports in the switch User can choose which port that they want to monitor in only one sniffer type NOTE 1 When the Mirror Mode set to RX or TX and the Analysis Port be selected the packets to and from the Analysis Port will not b...

Page 58: ...orwarded to only members of the VLAN on which the broadcast was initiated NOTE 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet...

Page 59: ...port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recognize VLAN tags in packet headers The tagging feature allows VLAN to span multiple 802 1Q compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The ...

Page 60: ...other with the VLAN information intact This allows 802 1Q VLAN to span network devices and indeed the entire network if all network devices are 802 1Q compliant Every physical port on a switch has a PVID 802 1Q ports are also assigned a PVID for use within the switch If no VLAN are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assig...

Page 61: ...ved from the default VLAN and Link Aggregation Groups In order to use VLAN segmentation in conjunction with port link aggregation groups you can first set the port link aggregation group s and then you may configure VLAN settings If you wish to change the port link aggregation grouping with VLAN already in place you will not need to reconfigure the VLAN settings after changing the port link aggreg...

Page 62: ...1 tag from packet headers to maintain compatibility with devices that are tag unaware Port Based VLAN Packets can go among only members of the same VLAN group Note all unselected ports are treated as belonging to another single VLAN If the port based VLAN enabled the VLAN tagging is ignored In order for an end station to send packets to different VLANs it itself has to be either capable of tagging...

Page 63: ...group See Figure 4 26 appears 4 Type a name and Group ID for the new VLAN the available range is 2 4094 5 From the Available ports box select ports to add to the Managed Switch and click Add 6 Click Apply 7 You will see the VLAN Group displays 8 If the port based VLAN groups list over one page please click Next Page to view other VLAN groups on other page 9 Use the Delete button to delete unwanted...

Page 64: ...s a Port Based member of a VLAN Member Remove Forbidden ports are not included in the VLAN NOTE All unselected ports are treated as belonging to another single VLAN If the port based VLAN is enabled the VLAN tagging is ignored 802 1Q VLAN Tagged based VLAN is an IEEE 802 1Q specification standard Therefore it is possible to create a VLAN across devices from different switch venders IEEE 802 1Q VLA...

Page 65: ...he network to make packet forwarding decisions Untagged Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into those ports If the packet doesn t have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarded by an untagging port will have no 802 1Q VLAN information Remember that the PVID is only used internally within the Switc...

Page 66: ... 2 Select 802 1Q in the VLAN Operation Mode to enable the 802 1Q VLAN function 3 Click Add to create a new VLAN group or Edit to management exist VLAN groups Then the VLAN Group column appears 4 Input a VLAN group ID and available range is 2 4094 Figure 4 28 VLAN Group Configuration interface 5 Select specific port as member port The screen in Figure 4 29 appears ...

Page 67: ... available range is 2 4094 Port Indicate port 1 to port 26 Untag Packets forwarded by the interface are untagged UnTag Member Tag Defines the interface as a tagged member of a VLAN All packets forwarded by the interface are tagged The packets contain VLAN information 6 After setup completed please press Apply button to take effect 7 Please press Back for return to VLAN configuration screen to add ...

Page 68: ... page is used for configuring the Switch port VLAN The VLAN per Port Configuration page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Configuration page All untagged packets arriving to the device are tagged by the ports PVID This section provides 802 1Q Ingress Filter of each port from the Switch the screen in Figure 4 30 a...

Page 69: ... set one VLAN ID the range is 1 255 default VLAN ID is 1 The VLAN ID must as same as the VLAN ID that the port belong to VLAN group or the untagged traffic will be dropped Ingress Filtering 1 Ingress filtering lets frames belonging to a specific VLAN to be forwarded if the port belongs to that VLAN Enable Forward only packets with VID matching this port s configured VID Disable Disable Ingress fil...

Page 70: ...astructure might be mixed Assigning a unique range of VLAN IDs to each customer would restrict customer configurations require intensive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4096 The Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic from numerous independent customer LANs ...

Page 71: ...gure 4 31 appears Figure 4 31 Q in Q Port Setting interface This page includes the following fields OBJECT DESCRIPTION Enable Sets the Managed Switch to QinQ mode and allows the QinQ tunnel port to be configured Disable The Managed Switch operates in its normal VLAN mode QinQ The default is for the Managed Switch to function in Disable mode QinQ TPID The Tag Protocol Identifier TPID specifies the ...

Page 72: ...ge of VLAN IDs to each customer would restrict customer configurations and could easily exceed the VLAN limit 4096 of the IEEE 802 1Q specification Using the QinQ feature service providers can use a single VLAN to support customers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider network even when they appear to ...

Page 73: ...ween switches that form loops within the network When multiple links between switches are detected a primary link is established Duplicated links are blocked from use and become standby links The protocol allows for the duplicate links to be used in the event of a failure of the primary link Once the Spanning Tree Protocol is configured and enabled primary links are established and duplicated link...

Page 74: ...ology All switches connected to the LAN on which the packet is transmitted will receive the BPDU BPDUs are not directly forwarded by the switch but the receiving switch uses the information in the frame to calculate a BPDU and if the topology changes initiates a BPDU transmission The communication between switches via BPDUs results in the following One switch is elected as the root switch The shor...

Page 75: ...The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Each port on a switch using STP exists is in one of the following five states Blocking the port is blocked from forwarding or receiving packe...

Page 76: ...up If properly configured each port stabilizes to the forwarding or blocking state No packets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one ...

Page 77: ...ing elected as the root bridge 32768 Hello Time The length of time between broadcasts of the hello message by the switch 2 seconds Maximum Age Timer Measures the age of a received BPDU for a port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting f...

Page 78: ...it to switch C and switch C will broadcast it to back to switch A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure In this example STP breaks the loop by blocking the connection between switch B and C The decision to block a particular connection is based on the STP calculation of the most current Bridge and Port settings Now if switch A br...

Page 79: ... Web Based Management GE DS 242 PoE Managed Ethernet Switch User Manual 75 Figure 4 34 Before Applying the STA Rules In this example only the default STP values are used Figure 4 35 After Applying the STA Rules ...

Page 80: ...dundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link default port cost 19 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link RSTP System Configuration This section provides RSTP System Configuration from the Switch the screen in Figure 4 36 appears The us...

Page 81: ...g a reconfiguration Enter a value between 6 through 40 Hello Time 1 10 The time that controls the switch to send out the BPDU packet to check RSTP current status Enter a value between 1 through 10 Forward Delay Time 4 30 The number of seconds a port waits before changing from its Rapid Spanning Tree Protocol learning and listening states to the forwarding state Enter a value between 4 through 30 N...

Page 82: ...ge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Root Port The switch port currently assigned the root port role Maximum Age Path Cost to the Designated Root for the Root Bridge Hello Time Minimum time between transmissions of Configuration BPDUs Forward Delay Derived value of the Root Port Bridge Forward Delay parameter Port Conf...

Page 83: ... concerned can only be connected to exactly another bridge i e it is served by a point to point LAN segment or can be connected to two or more bridges i e it is served by a shared medium LAN segment This function allows the P2P status of the link to be manipulated administratively YES means the port is regarded as a point to point link NO means the port is regarded as a shared link AUTO means the ...

Page 84: ...on each port and configures the path cost according to the values shown below Table 4 1 Recommended STP Path Cost Range Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Table 4 2 Recommended STP Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex...

Page 85: ...eans for exchanging information between Partner Systems on a link to allow their Link Aggregation Control instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs move the link to that Link Aggregation Group and enable its transmission and reception functions in an orderly manner Link aggregation lets you group up to eight consecutive ports into a single...

Page 86: ...nk group LACP Enabled the trunk group is using LACP A port which joins an LACP trunk group has to make an agreement with its member ports first Disabled the trunk group is a static trunk group The advantage of having the LACP disabled is that a port joins the trunk group without any handshaking with its member ports but member ports won t know that they should be aggregated together to form a logi...

Page 87: ... the two switches Aggregator Information When you setup the LACP aggregator you will see relational information here LACP disabled Having set up the aggregator setting with LACP disabled you will see the local static trunk group information on the tab of Aggregator Information Figure 4 41 Assigning 2 ports to a trunk group with LACP disabled Figure 4 42 Static Trunking Group information ...

Page 88: ...ll see the trunking group information between two switches on the tab of Aggregator Information Switch 1 configuration 1 Set System Priority of the trunk group The default is 1 2 Select a trunk group ID by pull down the drop down menu bar 3 Enable LACP 4 Include the member ports by clicking the Add button after selecting the port number and the column field of Work Ports changes automatically Figu...

Page 89: ...wn menu bar 8 Enable LACP 9 Include the member ports by clicking the Add button after selecting the port number and the column field of Work Ports changes automatically Figure 4 44 Switch 2 configuration interface 10 Click on the tab of Aggregator Information to check the trunked group information as the illustration shown above after the two switches have been configured Figure 4 45 Switch 1 Aggr...

Page 90: ...cancel the checkbox beside the state label When you remove the tick mark of the port and click the Apply button the port state activity will change to Passive Figure 4 46 State Activity of Switch 1 This page includes the following fields OBJECT DESCRIPTION Active The port automatically sends LACP protocol packets Passive The port does not automatically send LACP protocol packets and responds only ...

Page 91: ...PoE Managed Ethernet Switch User Manual 87 Figure 4 47 State Activity of Switch 2 NOTE A link having two passive LACP nodes will not perform dynamic LACP trunk because both ports are waiting for an LACP protocol packet from the opposite device ...

Page 92: ...en after a configurable age time Dynamic MAC Table Entries in the MAC Table are shown on this page The Dynamic MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address You can view all of the dynamic MAC addresses learned by the listed port Figure 4 48 Dynamic MAC Address interface MAC Table Entries OBJECT DESCRIPTION NO The index of the MAC address entry MAC The MA...

Page 93: ...d modify delete a static MAC address Add the Static MAC Address You can add a static MAC address in the switch MAC table here Figure 4 49 Static MAC Addresses interface This page includes the following fields OBJECT DESCRIPTION MAC Address Enter the MAC address of the port that should permanently forward traffic regardless of the device network activity Port Num Pull down the selection menu to sel...

Page 94: ...GE DS 242 PoE Managed Ethernet Switch User Manual Figure 4 50 MAC Filtering interface This page includes the following fields OBJECT DESCRIPTION MAC Address Enter the MAC address that you want to filter VLAN ID The VLAN ID for the entry ...

Page 95: ...o inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of...

Page 96: ...Chapter 4 Web Based Management 92 GE DS 242 PoE Managed Ethernet Switch User Manual Figure 4 52 Multicast flooding Figure 4 53 IGMP Snooping multicast stream control ...

Page 97: ...p Membership Query if Group Address is Present 0x16 Membership Report version 2 0x17 Leave a Group version 2 0x12 Membership Report version 1 IGMP packets enable multicast routers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP rep...

Page 98: ... group are shown below Figure 4 54 IGMP State Transitions IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests ...

Page 99: ...CT DESCRIPTION IGMP Protocol Enable or disable the IGMP protocol IGMP Fastleave Enable or disable Fast Leave on the port IGMP Querier Enable or disable the IGMP query function The IGMP query information will be displayed in IGMP status section NOTE Fast Leave The Managed Switch can be configured to immediately delete a member port of a multicast service if a leave packet is received at that port a...

Page 100: ...Assigning priorities to traffic for example to set higher priorities to time critical or business critical applications Applying security policy through traffic filtering Provide predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter Improve performance for specific types of traffic and preserve performance as the amount of tra...

Page 101: ...ce Address VLAN TAG Ethernet Type Data FCS 6 bytes 6 bytes 4 bytes 2 bytes 46 1517 bytes 4 bytes Set up the COS priority level With the drop down selection item of Priority Type above being selected as COS only COS first this control item will then be available to set the queuing policy for each port Priority Queue Service settings QoS settings allow customization of packet priority in order to fa...

Page 102: ... example 8 Highest 4 SecHigh 2 SecLow 1 Lowest means that the switch sends 8 highest priority packets before sending 4 second high priority packet before sending 2 second low priority packet before sending 1 lowest priority packet 802 1p priority 0 7 Set up the COS priority level 0 7 High Middle Low Lowest NOTE 802 1p Priority Priority classifiers of the Switch forward packet COS range is from 0 t...

Page 103: ...rvice Code Point DSCP to 3 bit priority mapping The Type of Service TOS octet in the IPv4 header is divided into three parts Precedence 3 bits TOS 4 bits and MBZ 1 bit The Precedence bits indicate the importance of a packet whereas the TOS bits indicate how the network should make tradeoffs between throughput delay reliability and cost as defined in RFC 1394 The MBZ bit for must be zero is current...

Page 104: ...AN TAG Optional Ethernet Type 0800 Data FCS 6 bytes 6 bytes 4 bytes 2 bytes 2 bytes 46 1517 bytes 4 bytes The DSCP is six bits wide allowing coding for up to 64 different forwarding behaviors The DSCP retains backward compatibility with the three precedence bits so that non DSCP compliant TOS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traff...

Page 105: ... values of the IP DSCP header field within the incoming packet 0 63 Priority Specify which 802 1p priority to map the corresponding IP DSCP The value is 0 7 TOS DSCP Port Configuration Set up IP TOS DSCP mapping to 802 1p priority when receiving IPv4 IPv6 packets the Managed Switch allow to by port configuring the QoS Status This TOS DSCP Port Configuration page is to configure the IP TOS DSCP map...

Page 106: ...ate access rights to a given object depending on certain aspects of the process that is making the request principally the process s user identifier Access Control List ACL is a mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted or denied to access the resource The screen in following screen appears Packets can be forw...

Page 107: ...e following fields IPv4 ACL OBJECT DESCRIPTION DEFAULT VALUE Group ID 1 247 max 247 ACL group Action Permit Deny Permit Permit packet cross switch Deny Drop packet Permit VLAN Any VID Any Any VLAN id VID 1 4094 A certain VLAN id Any Packet Type IPv4 Non IPv4 Binding IPv4 Set Ipv4 packet field Non IPv4 Set non Ipv4 packet field Binding Set binding entry IPv4 ...

Page 108: ...range from 0 to 255 Any IP Fragment Set this field if Packet Type is IPv4 else ignore Uncheck Check Uncheck Not check IP fragment field Check Check IP fragment field Uncheck L4 Protocol Set this field if Packet Type is IPv4 else ignore Any ICMP 1 IGMP 2 TCP 6 UDP 17 Any Protocol Set this field if Packet Type is IPv4 else ignore 0 255 If protocol not find in L4 Protocol field you can direct assign ...

Page 109: ...JECT DESCRIPTION DEFAULT VALUE Group ID 1 247 max 247 ACL group Action Permit Deny Permit Permit packet cross switch Deny Drop packet Permit VLAN Any VID Any Any VLAN ID VID 1 4094 A certain VLAN ID Any Packet Type IPv4 Non IPv4 Binding IPv4 Set Ipv4 packet field Non IPv4 Set non Ipv4 packet field Binding Set binding entry IPv4 Ether Type Set this field if Packet Type is Non IPv4 else ignore Any A...

Page 110: ...elect Binding OBJECT DESCRIPTION DEFAULT VALUE Group ID 1 247 max 247 ACL group Action Permit Deny Permit Permit packet cross switch Deny Drop packet Permit VLAN Any VID Any Any Vlan id VID 1 4094 A certain vlan id Any Packet Type IPv4 Non IPv4 Binding IPv4 Set Ipv4 packet field Non IPv4 Set non Ipv4 packet field Binding Set binding entry IPv4 MAC Address is represent a digit from 0 9 and A F is r...

Page 111: ...ddress table should be blocked MAC Limit Configuration The Layer 2 MAC Limit function can be per port configured for security management purposes When the port is in MAC Limit mode the port will be locked without permission of address learning Only the incoming packets with Source MAC already existing in the address table can be forwarded normally User can disable the port from learning any new MA...

Page 112: ...Limit Port Status This table displays current MAC Limit status of each port Figure 4 62 MAC Limit MAC Limit Port Status This page includes the following fields OBJECT DESCRIPTION Port Number Indicate port 1 to port 26 Limit Display the current MAC Limit configuration and status of each port ...

Page 113: ... connecting to a LAN through publicly accessible ports The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN Until the client is authenticated 802 1X access control allows only Extensible Authentication Protocol over LAN EAPOL traffic through the port to which the client is connected After authentication...

Page 114: ...ion with the authentication server and relaying a response to the client The switch includes the RADIUS client which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol EAP frames and interacting with the authentication server When the switch receives EAPOL frames and relays them to the authentication server the Ethernet header is stripped and the remaining EA...

Page 115: ...c exchange of EAP frames depends on the authentication method being used Figure 4 64 shows a message exchange initiated by the client using the One Time Password OTP authentication method with a RADIUS server Figure 4 64 EAP message exchange Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network The port starts in the...

Page 116: ...er cannot be reached the switch can retransmit the request If no response is received from the server after the specified number of attempts authentication fails and network access is not granted When a client logs off it sends an EAPOL logoff message causing the switch port to transition to the unauthorized state If the link state of a port transitions from up to down or if an EAPOL logoff frame ...

Page 117: ...uthentication requests to the specified RADIUS Server Accounting Port Set the UDP destination port for accounting requests to the specified RADIUS Server Shared Key Set an encryption key for using during authentication sessions with the specified RADIUS server This key must match the encryption key used on the RADIUS Server NAS Identifier Set the identifier for the RADIUS client IEEE 802 1x Protoc...

Page 118: ...d The specified port is required to be held in the unauthorized state FA Force Authorized The specified port is required to be held in the authorized state Authorize The specified port is set to the Authorized or Unauthorized state in accordance with the outcome of an authentication exchange between the Supplicant and the authentication server No The specified port works without complying with 802...

Page 119: ...d the port waits for retransmit next EAPOL PDU during an authentication session Default value is 30 seconds Supplicant Timeout Set the period of time the switch waits for a supplicant response to an EAP request Default value is 30 seconds Server Timeout Set the period of time the switch waits for a server response to an authentication request Default value is 30 seconds Max Requests Set the number...

Page 120: ...Hotel Campus Factory Warehouse can install the Access Point any where with no hesitation 10 12 watts IP Surveillance Enterprise Museum Campus Hospital Bank can install IP Camera without limits of install location no need electrician to install AC sockets 3 12 watts PoE Splitter PoE Splitter split the PoE 48V DC over the Ethernet cable into 5 9 12V DC power output It frees the device deployment fro...

Page 121: ...mum available power ports priority maximum allowable power per port The Over Temperature Protection of the PoE Switch offers a safety and stable PoE operating by limit the output power according to detected temperature to prevent destructive breakdown due to un expected overheating This section provides PoE Power over Ethernet Configuration and PoE output status of PoE Switch screen in Figure 4 69...

Page 122: ...E power management It can choose the port priority value is Critical High Low High priority is Critical Device class Class 0 is the default for PDs However to improve power management at the PSE the PD may opt to provide a signature for Class 1 to 3 The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational ...

Page 123: ...nature for Class 1 to 3 The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes A PD shall return Class 0 to 3 in accordance with the maximum power draw as specified by Table 4 3 Table 4 13 1 Device class Class Usage Range of maximum power used by the PD 0 Default 0 44 to 12 95 Watts 1 Optional 0 44...

Page 124: ...Chapter 4 Web Based Management 120 GE DS 242 PoE Managed Ethernet Switch User Manual ...

Page 125: ...you can connect the console port directly through PC without the need of Null Modem To get more information about how to connect to the console interface of GE DS 242 PoE with HyperTerminal please refer to the GE DS 242 PoE Installation Sheet Once the terminal has connected to the device power on the GE DS 242 PoE the terminal will display that it is running testing procedures Then the following m...

Page 126: ...ual Figure 5 1 GE DS 242 PoE Console Login screen NOTE For security reasons please change and memorize the new username and password after this first setup Username Max 6 Min 1 characters Password Max 6 Min 1 characters Only enter commands in lowercase letters in console interface ...

Page 127: ...ures as follows Show the current IP address 1 On Switch prompt enter configure 2 On Switch config prompt enter show ip 3 The screen displays the current IP address Subnet Mask and Gateway As show in Figure 5 2 Figure 5 2 Show IP information screen Configure IP address 1 On Switch config prompt enter the following commands and press Enter As show in Figure 5 3 Switch config ip address 192 168 1 100...

Page 128: ...OTE If you are not familiar with console command or the related parameter enter help anytime in console to get the help description You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface throug...

Page 129: ... of those available at the privileged level Use this mode to Perform basic tests Display system information Privileged EXEC Enter the enable command while in User EXEC mode switch Enter disable to exit The privileged command is the advanced mode Use this mode to Display advanced function status Save configuration Global Configuration Enter the configure command while in privileged EXEC mode switch...

Page 130: ...Chapter 5 Console Management 126 GE DS 242 PoE Managed Ethernet Switch User Manual ...

Page 131: ... Ethernet Switch User Manual 127 Chapter 6 Command Line Interface Operation Notice To enter the configuration mode you need to be in the privileged mode and then types in the command configure Switch configure Switch config ...

Page 132: ...ursor forward one word Backspace Delete the character before the cursor Del Delete the character at the cursor The following generic function keys provide functions in all of the menus Command Help You may enter at any command mode and the CLI will return possible commands at that point along with some description of the command System Commands Command Description show running config Display the r...

Page 133: ...list specifies the ports to be turn on or off If not entered all ports are turn on or off port nego Description Set port negotiation Syntax port nego force auto nway force port list Parameters port list specifies the ports to be set If not entered all ports are set port speed Description Set port speed in mbps and duplex Syntax port speed 10 100 1000 full half port list Parameters port list specif...

Page 134: ...bles flow control in half duplex mode port list specifies the ports to be set If not entered all ports are set port rate Description Set port effective ingress or egress rate Syntax port rate ingress egress 0 8000 port list Parameters 0 8000 specifies the ingress or egress rate 0 8000 port list specifies the ports to be set If not entered all ports are set port priority Description Set port priori...

Page 135: ...s port list specifies the ports to be set If not entered all ports are set show port status Description Show port status including port State Link Trunking VLAN Negotiation Speed Duplex Flow control Rate control Priority Security BSF control Switch config show port status Port 1 Information State on Link down Trunking none VLAN DEFAULT Priority disable Security off Port 2 Information State on Link...

Page 136: ...how port statistics including TxGoodPkt TxBadPkt RxGoodPkt RxBadPkt TxAbort Collision and DropPkt Parameters port id specifies the port to be shown Switch config show port statistics Port 1 Information TxGoodPkt 0 TxBadPkt 0 RxGoodPkt 0 RxBadPkt 0 TxAbort 0 Collision 0 DropPkt 0 Port 2 Information TxGoodPkt 0 TxBadPkt 0 RxGoodPkt 0 RxBadPkt 0 TxAbort 0 Collision 0 ...

Page 137: ...nformation More show port protection Description Show protected port information Switch config show port protection Port Protected Group 1 off 1 2 off 1 3 off 1 4 off 1 5 off 1 6 off 1 7 off 1 8 off 1 9 off 1 10 off 1 11 off 1 12 off 1 13 off 1 14 off 1 15 off 1 16 off 1 17 off 1 18 off 1 19 off 1 20 off 1 ...

Page 138: ...Chapter 6 Command Line Interface 134 GE DS 242 PoE Managed Ethernet Switch User Manual 21 off 1 22 off 1 25 off 1 26 off 1 Trk1 off 1 ...

Page 139: ... the switch can balance the traffic among the remaining links NOTE The 10 100 Mbps port cannot be trunked with gigabit port port 25 26 All ports in the same trunk group will be treated as a single port If a trunk group exists the ports belonging to that trunk will be replaced by TRUNK in the VLAN configuration screen The following example configures port 25 26 as TRUNK 1 Trunking Commands show tru...

Page 140: ...port list specifies the ports to be set active port list specifies the ports to be set to LACP active no trunk Description Delete an existing trunk group Syntax no trunk trunk id Parameters trunk id specifies the trunk group to be deleted LACP Commands no lacp Description Enable disable LACP lacp system priority Description Set LACP system priority Syntax lacp system priority 1 65535 Parameters 1 ...

Page 141: ...on Show LACP information Switch config show lacp status LACP is enabled LACP system priority 32768 show lacp agg Description Show LACP aggregator information Syntax show lacp agg trunk id Parameters trunk id specifies the trunk group to be shown show lacp port Description Show LACP information by port Syntax show lacp port port id Parameters port id specifies the port to be shown NOTE If VLAN grou...

Page 142: ...nd its associated port You must define the outgoing ports allowed for each port when you use port based VLANs In port based VLANs the packets received from one port can only be sent to the ports which are configured to the same VLAN As shown in the following figure the switch administrator configured port 1 2 as VLAN 1 and port 3 4 as VLAN 2 The packets received from port 1 can only be forwarded t...

Page 143: ...operate a logical VLAN group among switches The GE DS 242 PoE supports both Port based VLAN and Tag based 802 1Q VLAN modes The default configuration is tag based 802 1Q VLAN In the 802 1Q VLAN initially all ports on the switch belong to default VLAN VID is 1 NOTE You cannot delete the default VLAN group in 802 1Q VLAN mode VLAN Mode Port based Packets can go among only members of the same VLAN gr...

Page 144: ...ple below configures the switch to drop the packets not belonging to the same VLAN group and forward the packets not containing VLAN tags show vlan mode Description Display the current VLAN mode vlan mode Description Change VLAN mode Syntax vlan mode disabled port based dot1q Parameters disabled port based dot1q specifies the VLAN mode NOTE Change the VLAN mode for every time user have to restart ...

Page 145: ... not entered all members set to untagged e g switch config vlan add 1 vlan1 cpu port 1 4 This VLAN entry has four members from port1 to port4 and all members are untagged no vlan Description Delete VLAN entry Syntax no vlan 1 4094 Parameters 1 4094 specifies the VLAN id or group id if port based VLAN e g no vlan 1 show vlan Description Show VLAN entry information Syntax show vlan 1 4094 Parameters...

Page 146: ...ntagged Port2 Untagged Port3 Untagged Port4 Untagged Port5 Untagged Port6 Untagged Port7 Untagged Port8 Untagged Port9 Untagged Port10 Untagged Port11 Untagged Port12 Untagged Port13 Untagged Port14 Untagged Port15 Untagged Port16 Untagged More Port17 Untagged Port18 Untagged Port19 Untagged Port20 Untagged Port21 Untagged Port22 Untagged Port25 Untagged Port26 Untagged Trk1 Untagged ...

Page 147: ...Switch User Manual 143 show vlan static Description Show static VLAN entry information show vlan pvid Description Show port default VLAN id Syntax show vlan pvid LIST Parameters LIST specifies the ports to be showed If not entered all port s PVID will be showed e g ...

Page 148: ...tch User Manual Switch config show vlan pvid Port PVID Port1 1 Port2 1 Port3 1 Port4 1 Port5 1 Port6 1 Port7 1 Port8 1 Port9 1 Port10 1 Port11 1 Port12 1 Port13 1 Port14 1 Port15 1 Port16 1 Port17 1 Port18 1 Port19 1 Port20 1 Port21 1 More Port22 1 Port25 1 Port26 1 Trk1 1 ...

Page 149: ...ecifies the non members packet will be forwarded or not If set enable forward only packets with VID matching this port s configured VID enable disable specifies the untagged frame will be dropped or not If set enable drop untagged frame show vlan filter Description Show VLAN filter setting Syntax show vlan filter LIST Parameters LIST specifies the ports to be showed If not entered all ports filter...

Page 150: ... Forward Port5 Drop Forward Port6 Drop Forward Port7 Drop Forward Port8 Drop Forward Port9 Drop Forward Port10 Drop Forward Port11 Drop Forward Port12 Drop Forward Port13 Drop Forward Port14 Drop Forward Port15 Drop Forward Port16 Drop Forward Port17 Drop Forward Port18 Drop Forward Port19 Drop Forward Port20 Drop Forward More Port21 Drop Forward Port22 Drop Forward Port25 Drop Forward Port26 Drop...

Page 151: ...le MAC address age out mac age time 6 1572858 Parameters 6 1572858 specifies the MAC address age out time Must be divisible by 6 Type the number of seconds that an inactive MAC address remains in the switch s address table show mac age time Description Show MAC address age out time broadcast Description Set broadcast storm filter mode to off 1 2 1 4 1 8 1 16 Syntax broadcast mode off 1 2 1 4 1 8 1...

Page 152: ...IP multicast IP multicast packets filter Broadcast Packets Broadcast Packets filter Syntax broadcast select unicast multicast control packet ip multicast broadcast Collision Retry Description Collision Retry setting Syntax Collision Retry off 16 32 48 Parameters 16 32 48 In Half Duplex collision retry maximum is 16 32 48 times and packet will be dropped if collisions still happen Disable In Half D...

Page 153: ...ame name str Parameters name str specifies the switch name If you would like to have spaces within the name use quotes around the name no hostname Reset the switch name to factory default setting no password Description Set or remove username and password for manager or operator Syntax no password manager operator all Parameters The manager username and password is also used by the web UI ...

Page 154: ...y Description Set the default gateway IP address Syntax ip default gateway ip addr show ip Description Show IP address subnet mask and the default gateway show info Description Shows basic information including system info MAC address and versions Switch config show info Model name GE DS 242 PoE Description 24 Port 10 100Mbps 2G TP SFP Combo Managed Switch MAC address 00 30 4F 44 55 66 Firmware ve...

Page 155: ... dhcp client it can get ip from dhcp server NOTE If you set this command the switch will reboot show dhcp Description Show dhcp enable disable Reboot switch boot Description Reboot warm start the switch Reset to Default erase startup config Description Reset configurations to default factory settings at next boot time ...

Page 156: ...to be downloaded from the TFTP server Restore Configure File copy tftp running config flash Description Retrieve configuration from the TFTP server If the remote file is the text file of CLI commands use the keyword running config If the remote file is the configuration flash image of the switch instead use the keyword flash Syntax copy tftp running config flash ip addr remote file Parameters ip a...

Page 157: ...ription Send configuration to the TFTP server If you want to save the configuration in a text file of CLI commands use the keywordrunning config If you want to save the configuration flash image instead use the keyword flash Syntax copy running config flash tftp ip addr remote file Parameters ip addr specifies the IP address of the TFTP server ...

Page 158: ...until it is aged out When an opening is available the switch stored the first new MAC address it sees in that opening All packets from MAC addresses not in the MAC address table should be blocked User can configure the MAC limit setting and fill in the new value mac limit Description Enable MAC limit no mac limit Description Disable MAC limit Mac limit Description Set port MAC limit value 0 to tur...

Page 159: ...fy the direction of the traffic that you want to monitor After properly configured packets with the specified direction from the monitored ports are forwarded to the monitoring port NOTE The default Port Monitoring setting is disabled mirror port Description Set port monitoring information RX only TX only both RX and TX Syntax mirror port rx tx both port id port list Parameters rx specifies monito...

Page 160: ...ity When the received packet is an 802 1p tagged packet the switch will put the packet into a queue according to the 802 1p Priority setting Otherwise the switch will put the packet into a queue according the setting of Static Port Ingress Priority 802 1p Priority the 802 1p packet has a priority tag in its packet header The range of the priority is 7 0 The Managed Switch can specify the mapping b...

Page 161: ... lowest queue qos priority Description Set 802 1p priority Syntax qos priority first come first service all high before low weighted round robin Parameters highest weight sechighweight sec low weight lowest weight e g qos priority weighted round robin 8 4 2 1 qos level Description Set priority levels to highest second high second low and lowest Syntax qos level highest second high second low lowes...

Page 162: ...urations QoS mode weighted round robin Highest weight 8 Second High weight 4 Second Low weight 2 Lowest weight 1 802 1p priority 0 7 Lowest Lowest SecLow SecLow SecHigh SecHigh Highest Highest Per Port Priority port priority Description Set port priority Syntax port priority disable 0 7 port list Parameters port list specifies the ports to be set If not entered all ports are set e g port priority ...

Page 163: ... supplied the last parameter must be port list Otherwise it must be port id Syntax mac address table static mac addr vlan id port id port list no mac address table static mac addr Description Delete static unicast or multicast MAC address table entries Syntax no mac address table static mac addr vlan id show mac address table Description Display MAC address table entries Switch config show mac add...

Page 164: ...ning with 01 00 5E is supplied the last parameter must be port list Otherwise it must be port id Syntax smac address table static mac addr vlan id port id port list show smac address table Description Display secondary MAC address table entries show smac address table multicast Description Display multicast related secondary MAC address table no filter Description Set MAC address filter The packet...

Page 165: ...Chapter 6 Command Line Interface GE DS 242 PoE Managed Ethernet Switch User Manual 161 show filter Description Display filter MAC address table ...

Page 166: ... delay 4 30 Parameters 4 30 specifies the forward delay in seconds Default value is 15 NOTE The parameters must enforce the following relationships 2 hello time 1 maximum age 2 forward delay 1 spanning tree hello time Description Set spanning tree hello time in seconds Syntax spanning tree hello time 1 10 Parameters 1 10 specifies the hello time in seconds Default value is 2 NOTE The parameters mu...

Page 167: ...rce the following relationships 2 hello time 1 maximum age 2 forward delay 1 spanning tree priority Description Set spanning tree bridge priority Syntax spanning tree priority 0 61440 Parameters 0 61440 specifies the bridge priority The value must be in steps of 4096 spanning tree port path cost Description Set spanning tree port path cost Syntax spanning tree port path cost 1 200000000 port list ...

Page 168: ...t specifies the ports to be set Null means all ports show spanning tree Description Show spanning tree information show spanning tree port Description Show spanning tree per port information Syntax show spanning tree port port list Parameters port list specifies the port to be shown Null means all ports The remaining commands in this section are only for system with RSTP rapid spanning tree 802 1w...

Page 169: ...otocol RSTP 802 1w no spanning tree port mcheck Description Force the port to transmit RST BPDUs No format means not force the port to transmit RST BPDUs Syntax no spanning tree port mcheck port list Parameters port list specifies the ports to be set Null means all ports no spanning tree port edge port Description Set the port to be edge connection No format means set the port to be non edge conne...

Page 170: ... point to point connection Syntax spanning tree port point to point mac auto true false port list Parameters auto specifies point to point link auto connection true specifies point to point link true false specifies point to point link false port list specifies the ports to be set Null means all ports show spanning tree Description Show spanning tree information of CIST show spanning tree port Des...

Page 171: ... Protocol SNMP can be management with the switch System Options Snmp no snmp Description Enable or disable SNMP Show snmp status Description Show the enable or disable status of SNMP Snmp system name Description Set agent system name string Syntax snmp system name name str Parameters name str specifies the system name string e g snmp system name SWITCH ...

Page 172: ...stem location location str Parameters location str specifies the location string e g snmp system location office Snmp system contact Description Set agent system contact string Syntax snmp system contact contact str Parameters contact str specifies the contact string e g snmp system contact abc sina com show snmp system Description Show SNMP system information ...

Page 173: ...nfo only read all only read write all community str Parameters community str specifies the community string e g snmp community read all only public no snmp community Description Delete SNMP community string Syntax no snmp community community str Parameters community str specifies the community string e g no snmp community public show snmp community Description Show SNMP community strings ...

Page 174: ...rs ip addr specifies the IP address community str specifies the community string 1 65535 specifies the trap receiver port number e g snmp trap 192 168 200 1 public no snmp trap Description Remove trap receiver IP address and port number Syntax no snmp trap ip addr 1 65535 Parameters ip addr specifies the IP address 1 65535 specifies the trap receiver port number e g no snmp trap 192 168 200 1 show...

Page 175: ...scription Enable disable IGMP snooping Syntax no igmp igmp fastleave Description Enable disable IGMP snooping fast leave If enable switch will fast delete member who send leave report else wait one sec Syntax no igmp fastleave igmp querier Description Enable disable IGMP snooping querier Syntax no igmp querier igmp crossVLAN Description Enable disable IGMP snooping CrossVLAN Syntax no igmp CrossVL...

Page 176: ...ription Show IGMP snooping information Syntax show igmp status router groups table Parameters status specifies IGMP snooping status and statistics information router specifies IGMP snooping router s IP address groups specifies IGMP snooping multicast group list table specifies IGMP snooping IP multicast table entries igmp clear_statistics Description Clear IGMP snooping statistics counters ...

Page 177: ...ius server IP port number and accounting port number Syntax radius server host ip addr 1024 65535 1024 65535 Parameters ip addr specifies server s IP address The first 1024 65535 specifies the server port number The second 1024 65535 specifies the accounting port number radius server key Description Set 802 1x shared key Syntax radius server key key str Parameters key str specifies shared key stri...

Page 178: ...radius server information including radius server IP port number accounting port number shared key NAS identifier dot1x timeout quiet period Description Set 802 1x quiet period default 60 seconds Syntax dot1x timeout quiet period 0 65535 Parameters 0 65535 specifies the quiet period in seconds dot1x timeout tx period Description Set 802 1x Tx period default 15 seconds Syntax dot1x timeout tx perio...

Page 179: ...ription Set radius server timeout default 30 seconds Syntax dot1x timeout radius server 1 300 Parameters 1 300 specifies the radius server timeout in seconds dot1x max req Description Set 802 1x maximum request retries default 2 times Syntax dot1x max req 1 10 Parameters 1 10 specifies the maximum request retries dot1x timeout re authperiod Description Set 802 1x re auth period default 3600 second...

Page 180: ...ver timeout maximum requests and re auth period dot1x port Description Set 802 1x per port information Syntax dot1x port fu fa au no port list Parameters fu specifies forced unauthorized fa specifies forced authorized au specifies authorization no specifies disable authorization port list specifies the ports to be set show dot1x port Description Show 802 1x per port information ...

Page 181: ...witch can be used to block packets by maintaining a table of packet fragments indexed by source and destination IP address protocol and so on Ipv4 ACL commands no acl Description Delete ACL group Syntax no acl 1 220 Parameters 1 220 specifies the group id e g no acl 1 no acl count Description Reset the ACL group count Syntax no acl count GroupId Parameters GroupId 1 220 specifies the group id ...

Page 182: ...ion Syntax show acl 1 220 Parameters 1 220 specifies the group id null means all valid groups e g Switch config show acl 1 Group Id 1 Switch config show acl 1 Group Id 1 Action Permit Rules Vlan ID Any IP Fragement Uncheck Src IP Address Any Dst IP Address Any L4 Protocol Any Port ID Any Hit Octet Count 165074 Hit Packet count 472 ...

Page 183: ...means don t care A B C D specifies the Source IP address 0 0 0 0 means don t care A B C D specifies the Mask 0 0 0 0 means don t care 255 255 255 255 means compare all A B C D specifies the Destination IP Address 0 0 0 0 means don t care A B C D specifies the Mask 0 0 0 0 means don t care 255 255 255 255 means compare all check unCheck specifies the IP Fragment check Check IP fragment field unChec...

Page 184: ...qosvoip specifies the action do qos voip packet adjustment 0 4094 specifies the VLAN id 0 means don t care 0 1F specifies the port ID value 0 1F specifies the port ID mask 0 FF specifies the protocol value 0 FF specifies the protocol mask 0 FFFF specifies the source port value 0 FFFF specifies the source port mask 0 FFFF specifies the destination port value 0 FFFF specifies the destination mask e ...

Page 185: ...t 1 220 permit deny 0 4094 nonipv4 0 65535 Parameters add edit specifies the operation 1 220 specifies the group id permit deny specifies the action permit permit packet cross switch deny drop packet 0 4094 specifies the VLAN id 0 means don t care 0 65535 specifies the Ether Type 0 means don t care e g acl add 1 deny 0 nonipv4 2054 This ACL rule will drop all packets for either type is 0x0806 and ...

Page 186: ... network We can set specific IP address MAC address VLAN id and port id to bind and device can cross switch if all conditions match SIP SMAC binding commands bind Description Enable binding function no bind Description Disable binding function no bind Description Delete Binding group Syntax no bind 1 220 Parameters 1 220 specifies the group id e g no bind 1 ...

Page 187: ... 220 A B C D E F 0 4094 A B C D 1 26 Parameters 1 220 specifies the group id A B C D specifies the MAC address 0 4094 specifies the VLAN id 0 means don t care A B C D specifies the Source IP address 0 0 0 0 means don t care A B C D specifies the IP Address 1 26 specifies the Port id e g Switch config bind add 1 00 11 22 33 44 55 0 192 168 1 1 1 This Binding rule will permit all packet cross switch...

Page 188: ...System PoE power limit mode information poe enable Enabling or disabling the port POE injects function poe priority Set port priority for the power supply management poe maximum power Enabling or disabling per port power output limit Display System PoE status show poe Description Show System Power over Ethernet information Command Level Global Configuration Example Switch config show poe Maximum A...

Page 189: ...iority Power Limit W Current Consumption W Current mA Device Class Port1 Enable on Low 15 4 13 4 279 0 Example 2 Switch config show poe status Port Admin Oper Priority Power Limit W Current Consumption W Current mA Device Class Port1 Enable on Low 15 4 13 4 279 0 Port2 Enable on Low 15 4 11 3 236 0 Port3 Enable on Low 15 4 6 5 135 3 Port4 Enable off Low 15 4 0 0 0 Port5 Enable off Low 15 4 0 0 0 P...

Page 190: ...t change automatically by detected PoE unit temperature Disable Disable PoE power budget change automatically NOTE PoE temperature protection working in Priority mode or Total Limit mode only Configure PoE System poe limit mode Description Configure System PoE power limit mode information Command Level Global Configuration Syntax poe limit mode Port Priority Total Limit no poe limit mode Parameter...

Page 191: ...ig show poe Maximum Available Power System Operation Status PoE Power Consumption Usage Threshold PoE Power limit mode 190Watts on 55 watts 21 Port Priority Switch config no poe limit mode Switch config show poe Maximum Available Power System Operation Status PoE Power Consumption Usage Threshold PoE Power limit mode 190Watts on 55 watts 21 No Limit ...

Page 192: ...port list Parameters port list specifies the ports to be set If not entered all ports are set Example Switch config poe enable 1 Switch config show poe status 1 Port Admin Oper Priority Power Limit W Current Consumption W Current mA Device Class Port1 Enable on High 15 4 13 4 279 0 Switch config no poe enable 1 Switch config show poe status 1 Port Admin Oper Priority Power Limit W Current Consumpt...

Page 193: ... Low port list Parameters Critical High Low Critical Indicates that operating the powered device is high High Indicates that operating the powered device has medium priority Low Indicates that operating the powered device has low priority port list specifies the ports to be set If not entered all ports are set Example Switch config poe priority low 1 Switch config show poe status 1 Port Admin Oper...

Page 194: ...ode is set to Total Limit Command Level Global Configuration Syntax poe maximum power 1 15 4 port list no poe mximum power port list Parameters 1 15 4 port list specifies the ports to be set If not entered all ports are set Example Switch config poe maximum power 10 1 Switch config show poe status 1 Port Admin Oper Priority Power Limit W Current Consumption W Current mA Device Class Port1 Enable o...

Page 195: ...ng When one packet comes from some port of the Ethernet Switching it will also check the destination address besides the source address learning The Ethernet Switching will lookup the address table for the destination address If not found this packet will be forwarded to all the other ports except the port which this packet comes in And these ports will transmit this packet to the network it conne...

Page 196: ...learning function of the Ethernet switching the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is on the same segment as the source address This confines network traffic to its respective domain and reduce the overall load on the network The Switch perf...

Page 197: ...ductivity It minimizes wires that must be used to install the network for offering lower cost and less power failures IEEE802 3af also called Data Terminal equipment DTE power via Media dependent interface MDI is an international standard to define the transmission for power over Ethernet The 802 3af is delivering 48V power over RJ 45 wiring Besides 802 3af also define two types of source equipmen...

Page 198: ...re pairs of standard CAT 5 cabling How Power is Transferred Through the Cable A standard CAT5 Ethernet cable has four twisted pairs but only two of these are used for 10BASE T and 100BASE T The specification allows two options for using these cables for power shown in Figure 8 1 and Figure 8 2 The spare pairs are used Figure 8 1 shows the pair on pins 4 and 5 connected together and forming the pos...

Page 199: ...enarios You re planning to install the latest VoIP Phone system to minimize cabling building costs when your company moves into new offices next month The company staff has been clamoring for a wireless access point in the picnic area behind the building so they can work on their laptops through lunch but the cost of electrical power to the outside is not affordable Management asks for IP Surveill...

Page 200: ...ay choose to perform classification to estimate the amount of power to be consumed by this PD After a time controlled start up the PSE begins supplying the 48 VDC level to the PD till it is physically or electrically disconnected Upon disconnection voltage and power shut down Since the PSE is responsible for the PoE process timing it is the one generating the probing signals prior to operating the...

Page 201: ...that full 15 4 watts should be provided 1 3 indicate various required power levels and 4 is reserved for future use PDs that do not support classification are assigned to class 0 Special care must be employed in the definition of class thresholds as classification may be affected by cable losses Classifying a PD according to its power consumption may assist a PoE system in optimizing its power dis...

Page 202: ... disconnected there is a danger that it will be replaced by a non PoE ready device while power is still on Imagine disconnecting a powered IP phone utilizing 48 VDC then inadvertently plugging the powered Ethernet cable into a non PoE notebook computer What s sure to follow is not a pretty picture The standard defines two means of disconnection DC Disconnect and AC Disconnect both of which provide...

Page 203: ...ow AC signal in addition to the 48 VDC operating voltage The returned AC signal amplitude is monitored by the PSE at the port terminals During normal operation the PD s relatively low impedance lowers the returned AC signal while a sudden disconnection of this PD will cause a surge to the full AC signal level and will indicate PD disconnection ...

Page 204: ...Chapter 8 Power Over Ethernet Overview 200 GE DS 242 PoE Managed Ethernet Switch User Manual ...

Page 205: ...thernet Switch Some stations cannot talk to other stations located on the other port Solution Check the VLAN settings trunk settings or port enabled disabled status Performance is bad Solution Check the full duplex status of the Ethernet Switch If the Ethernet Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of t...

Page 206: ...AC power cord not inserted or faulty 2 Check that the AC power cord is inserted correctly 3 Replace the power cord If the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the switch 4 If that device works refer to the next step 5 If that device does not work check the AC power While IP Address be changed or forgotten admin password T...

Page 207: ...s 1000Mbps 1000Base T Contact MDI MDI X 1 BI_DA BI_DB 2 BI_DA BI_DB 3 BI_DB BI_DA 4 BI_DC BI_DD 5 BI_DC BI_DD 6 BI_DB BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC Implicit implementation of the crossover function within a twisted pair cable or at a wiring panel while not expressly forbidden is beyond the scope of this standard ...

Page 208: ...wing table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment Contact MDI Media Dependant Interface MDI X Media Dependant Interface Cross 1 Tx transmit Rx receive 2 Tx transmit Rx receive 3 Rx receive Tx transmit 4 5 Not used 6 Rx receive Tx transmit 7 8 Not used The standard cable RJ 45 pin assignment 1 2 3 4 5 6 7 8 8 7 6 5 4 3 2 1 T...

Page 209: ... 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE2 SIDE 1 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Please make sure your connected cables are with same...

Page 210: ......

Reviews:

No comments

Related manuals for GE-DS-242-POE

Brand: Wave wifi Pages: 2

Brand: Patton electronics Pages: 51

Brand: Ubiquiti Pages: 50

Brand: M86 Security Pages: 46

Brand: Draytek Pages: 8

Brand: Oracle Pages: 112

Hollywood DV-Bridge

Brand: Dazzle Pages: 63

Brand: Variscite Pages: 18

Brand: UfiSpace Pages: 32

Brand: Cowfish Technologies Pages: 38

Brand: axing Pages: 4

Brand: Wave wifi Pages: 3

Brand: MICRADIGITAL Pages: 2

Brand: Carrier Pages: 18

Brand: Qvis Pages: 233

Brand: Ubiquiti Pages: 32

Passport WDXML1000UE

Brand: Western Digital Pages: 2

Compressor DW-CP04

Brand: Digital Watchdog Pages: 73

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands