manualshive.com logo in svg

GE MultiLink ML810, Instruction Manual

The GE MultiLink ML810, a versatile and high-performance device, comes with a comprehensive Instruction Manual that allows users to harness its full potential. Download this manual for free from manualshive.com, to easily navigate through its features, ensuring a seamless and enjoyable experience with your ML810.

Share
Download
background image

7–4

MULTILINK ML810 MANAGED EDGE SWITCH – INSTRUCTION MANUAL

CONFIGURING 802.1X THROUGH THE COMMAND LINE INTERFACE

CHAPTER 7: ACCESS USING RADIUS

7.2

Configuring 802.1x through the Command Line 

Interface

7.2.1

Commands

On enabling 802.1x ports, make sure the port which connects to the RADIUS servers needs 
to be manually authenticated. To authenticate the port, use the 

setport

 command. The 

CLI commands to configure and perform authentication with a RADIUS server are 
described below.
The 

auth

 command enters the configuration mode to configure the 802.1x parameters.

auth

The 

show auth

 command displays the 802.1x configuration or port status.

show auth

 <config|ports>

The 

authserver

 command define the RADIUS server. Use the UDP socket number if the 

RADIUS authentication is on a port other than 1812.

authserver

 [ip=<ip-addr>] [udp=<num>] [secret=<string>]

The 

auth enable

 and 

auth disable

 commands enable or disable the 802.1x 

authenticator function on the MultiLink ML810 Managed Edge Switch.

auth

 <enable|disable>

The 

setport

 command configures the port characteristics for an 802.1x network.

setport

 port=<num|list|range> [status=<enable|disable>] 

[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>]

The 

backend port

 command configure the parameters for EAP over RADIUS.

backend

 port=<num|list|range>

[supptimeout=<1-240>]
[servertimeout=<1-240] [maxreq=<1-10>]

The 

port

 argument is mandatory and represents the port(s) to be configured. The 

supptimeout

 argument is optional and represents the timeout in seconds the 

authenticator waits for the supplicant to respond back. The default value is 30 seconds 
and values can range from 1 to 240 seconds. The 

servertimeout

 argument is optional 

and represents the timeout in seconds the authenticator waits for the back-end RADIUS 
server to respond. The default value is 30 seconds and can range from 1 to 240 seconds. 
The 

maxreq

 argument is optional and represents the maximum number of times the 

authenticator will retransmit an EAP request packet to the Supplicant before it times out 
the authentication session. Its default value is 2 and can be set to any integer value from 1 
to 10.
The 

portaccess

 command sets port access parameters for authenticating PCs or 

supplicants.

portaccess

 port=<num|list|range>

[quiet=<0-65535>] [maxreauth=<0-10>] [transmit=<1-65535>]

The 

port

 argument is mandatory and identifies the ports to be configured. The 

quiet

 

argument is optional and represents the quiet period – the amount of time, in seconds, the 
supplicant is held after an authentication failure before the authenticator retries the 
supplicant for connection. The default value is 60 seconds and values can range from 0 to 
65535 seconds. The 

maxreauth

 argument is optional and represents the number of re-

authentication attempts permitted before the port is unauthorized. The default value is 2 
and integer values can range from 0 to 10. The 

transmit

 argument is optional and 

represents the transmit period. This is the time in seconds the authenticator waits to 
transmit another request for identification from the supplicant. The default value is 30 and 
values range from 1 to 65535 seconds

Summary of Contents for MultiLink ML810

Page 1: ...ERE D GE Digital Energy s Quality Management System is registered to ISO9001 2000 QMI 005094 UL A3775 GE Digital Energy Instruction Manual Firmware Revision 5 x Manual P N 1601 0123 A3 GE publication code GEK 113604B Multilink ML810 Managed Edge Switch ...

Page 2: ...ilin The manual is for informational use only and is subject to change without notice Part number 1601 0123 A3 November 2015 For further assistance For product support contact the information and call center as follows GE Digital Energy 650 Markland Street Markham Ontario Canada L6C 0M1 Worldwide telephone 1 905 927 7070 Europe Middle East Africa telephone 34 94 485 88 54 North America toll free 1...

Page 3: ... against such interference when operated in a commercial environment Operation of this equipment in a residential area is likely to cause interference in which case the user at their own expense will be required to take whatever measures may be required to correct the interference Canadian Emissions Statement This Class A digital apparatus meets all requirements of the Canadian Interference Causin...

Page 4: ...icates a hazardous situation which if not avoided could result in death or serious injury Note Indicates a hazardous situation which if not avoided could result in minor or moderate injury Note Indicates significant issues and practices that are not related to personal injury NOTE Note Indicates general information and practices including operational information and practices that are not related ...

Page 5: ...E 1 22 SELECTING THE PROPER VERSION 1 22 UPDATING THROUGH THE COMMAND LINE 1 22 UPDATING THROUGH THE ENERVISTA SOFTWARE 1 23 2 INTRODUCTION INSPECTING THE PACKAGE AND PRODUCT 2 1 PRODUCT DESCRIPTION 2 2 PACKET PRIORITIZATION 802 1P QOS 2 3 FRAME BUFFERING AND FLOW CONTROL 2 3 FEATURES AND BENEFITS 2 4 APPLICATIONS 2 6 3 INSTALLATION LOCATING MULTILINK ML810 SWITCHES 3 2 CONNECTING ETHERNET MEDIA 3...

Page 6: ...10 EL 2 X 10 FL 2 X 100 FX ST 2 KM SLOT C 4 11 ML810 E5 ML810 E7 SLOT C 4 11 ML810 C6 ML810 C8 SLOT C 4 12 ML810 C7 SLOT C 4 12 ML810 EJ ML810 EH SLOT C 4 12 ML810 EK SLOT C 4 13 ML810 CD 1 X LC MULTIMODE 3 X RJ45 SLOT C 4 13 ML810 CF ML8104 CH SLOT C 4 13 ML810 CB 1 X MTRJ MULTIMODE 3 X RJ45 SLOT C 4 13 ML810 EB EC ED 1 X LC SLOT C 4 14 ML810 EA 1 X MTRJ MULTIMODE SLOT C 4 14 ML810 C2 4 X POE RJ4...

Page 7: ...RT SECURITY WITH ENERVISTA SOFTWARE 6 12 COMMANDS 6 12 LOGS 6 15 AUTHORIZED MANAGERS 6 16 7 ACCESS USING RADIUS INTRODUCTION TO 802 1X 7 1 DESCRIPTION 7 1 802 1X PROTOCOL 7 1 CONFIGURING 802 1X THROUGH THE COMMAND LINE INTERFACE 7 4 COMMANDS 7 4 EXAMPLE 7 6 CONFIGURING 802 1X WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE 7 9 COMMANDS 7 9 8 ACCESS USING TACACS INTRODUCTION TO TACACS 8 1 OVERVIEW 8 ...

Page 8: ...ANAGEMENT SOFTWARE 10 19 DESCRIPTION 10 19 11 VLAN REGISTRATION OVER GARP OVERVIEW 11 1 DESCRIPTION 11 1 GVRP CONCEPTS 11 1 GVRP OPERATIONS 11 2 CONFIGURING GVRP THROUGH THE COMMAND LINE INTERFACE 11 6 COMMANDS 11 6 GVRP OPERATION NOTES 11 6 CONFIGURING GVRP WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE 11 8 EXAMPLE 11 8 12 SPANNING TREE PROTOCOL STP OVERVIEW 12 1 DESCRIPTION 12 1 FEATURES AND OPE...

Page 9: ... 15 5 CONFIGURING IGMP THROUGH THE COMMAND LINE INTERFACE 15 6 COMMANDS 15 6 EXAMPLE 15 8 CONFIGURING IGMP WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE 15 11 EXAMPLE 15 11 16 SNMP OVERVIEW 16 1 DESCRIPTION 16 1 SNMP CONCEPTS 16 1 TRAPS 16 3 STANDARDS 16 3 CONFIGURING SNMP THROUGH THE COMMAND LINE INTERFACE 16 5 COMMANDS 16 5 EXAMPLE 16 6 CONFIGURING SNMP WITH ENERVISTA SECURE WEB MANAGEMENT SOFTW...

Page 10: ...D WARRANTY REVISION HISTORY A 1 CHANGE NOTES A 1 CHANGES TO THE MANUAL A 1 GE DIGITAL ENERGY WARRANTY INFORMATION A 2 B DC POWER INPUT SPECIFICATIONS FOR MULTILINK ML810 SWITCHES DC POWER AT 12 24 48 125 AND 250 VDC POWER INPUT B 1 12 24 48 125 AND 250VDC POWER THEORY OF OPERATION B 3 APPLICATIONS FOR DC POWERED ETHERNET SWITCHES B 4 ML810 12 24 48 125 AND 250VDC INSTALLATION B 5 UL REQUIREMENTS F...

Page 11: ...node self learning with address aging Packet buffer size 128 KB total Latency 6μs packet time max TX TX TX FX FX FX TX G G G Throughput with 8 10 100 and 2Glink max 4 17M pps Transmit Back plane 2 66Gb s per slot NETWORK STANDARDS AND COMPLIANCE HARDWARE Ethernet V1 0 V2 0 IEEE 802 3 10BASE T IEEE 802 3u 100Base TX 100BASE FX IEEE 802 3z 1000BASE X Ethernet Auto negotiation IEEE 802 3ab 1000BASE X...

Page 12: ...full duplex multi mode 50 62 5μm cable 550m 1000BASE LX full duplex single mode 9μm cable 5km 1000BASE ZX full duplex single mode 9μm cable 70km FIBER MULTI MODE CONNECTOR TYPES SUPPORTED Fiber Port MTRJ type plug in SFF Fiber multi mode 100BASE FX Fiber Port LC type plug in SFF Fiber multi mode 100BASE FX Fiber Port SC type plug in multi mode 100BASE FX Fiber Port ST type twist lock multi mode 10...

Page 13: ...range 160 to 300VDC AC POWER SUPPLY INTERNAL AC Power Connector IEC 320 type male recessed 100 240VAC Power Input 47 to 63 Hz auto ranging POWER CONSUMPTION 15 watts Max for a fully loaded fiber model with 2Gb 10 watts Max for 8 port copper and 100Mb fiber model DUAL DC POWER INPUT OPTIONAL A Dual Source option is available for the 12VDC 24VDC 48VDC and 125VDC and 250VDC models This provides for c...

Page 14: ...n USA Ringwave Surge IEC61000 4 12 Level 4 Conducted RF Immunity 0 to 150 kHz IEC61000 4 16 Level 3 Radiated Conducted EmissionsCISPR22 Class A Radiated Conducted EmissionsFCC Part 15 Subpart B Class A B Safety EN60950 1 standard High Relative Humidity Temperature and High I P Voltage NEMA TS2 2 2 7 5 74 C 85 RH low voltage Low Relative Humidity Temperature and High I P Voltage NEMA TS2 2 2 7 6 74...

Page 15: ...45 fixed copper C1 4 x 10 100 RJ 45 C2 4 x 10 100 RJ 45 PoE enabled ports only with ML810 48PD models C3 2 x10 100 RJ 45 2x 100bit MTRJ mm Fiber C4 2x 10 100 RJ 45 2x 100bit LC mm Fiber C5 2x 10 100 RJ 45 2x 100bit LC sm Fiber 15km C6 2x 10 100 RJ 45 2x 100bit SC mm Fiber C7 2x 10 100 RJ 45 2x 100bit SC sm Fiber 20km C8 2x 10 100 RJ 45 2x 100bit ST mm Fiber CB 3x 10 100 RJ45 1x 100bit mm MTRJ Fibe...

Page 16: ...ws or any other operating system based workstation computer personal computer laptop notebook or any other computing device Most of the manual uses Windows XP based examples While effort has been made to indicate other operating system interactions it is best to use a Windows XP based machine when in doubt The documentation reflects features of MultiLink Switch Software version 1 7 x or later If y...

Page 17: ...has no IP Internet Protocol address and subnet mask For first time use the IP address has to be assigned This can only be done by using the console interface provided The same procedure can also be used for other configuration changes or updates for example changing the IP address VLAN assignments and more Once the IP address is assigned and a PC is networked to the switch the switch s command lin...

Page 18: ... is also accessible using telnet as well as the serial port Access to the switch can be either through the console interface or remotely over the network Simultaneous access that is through the console port as well as through the network to the MultiLink switch is not permitted The Command Line Interface CLI enables local or remote unit installation and maintenance The MultiLink family of switches...

Page 19: ...the IP address as well as change user passwords or create new users 1 4 5 Automatic IP Address Configuration The ML810 is operational immediately after it is powered up The advanced management and configuration capabilities of the ML810 allows you to easily configure manage and secure your devices and network Before starting ensure you have the following items RJ45 Ethernet cable PC with an Ethern...

Page 20: ...in prompt The default login is Username manager Password manager 1 4 6 Setting the IP Parameters To setup the switch the IP address and other relevant TCP IP parameters have to be specified The IP address on the MultiLink switch is set to 192 168 1 2 from the factory The switch is fully operational as a Layer 2 switch as a default Setting a default IP address can potentially cause duplicate IP add...

Page 21: ...Proceed on rebooting the switch Y or N Y Do you wish to save current configuration Y or N Y ML810 The ML810 forces an answer by prompting with a Y or a N to prevent accidental keystroke errors and loss of work The parameters can be viewed at any time by using the show command The show command will be covered in more detail later in various sections throughout the document The example below illustr...

Page 22: ...itching from an operator level to manager level using the enable command is shown below ML810 enable manager Password ML810 Note the prompt changes with the new privilege level Operator privileges allow views of the current configurations but do not allow changes to the configuration A character delimits the operator level prompt Manager privileges allow configuration changes The changes can be do...

Page 23: ...or privileges ML810 user chlevel user peter level 1 Access Permission Modified ML810 user The syntax to set the access privileges for telnet and Web services is shown below useraccess user name service telnet web enable disable The following example sets the access privileges for telnet and Web services ML810 user useraccess user peter service telnet disable Telnet Access Disabled 1 4 9 Help Typin...

Page 24: ...w Enter Usage show active stp show active snmp show active vlan show address table show age show alarm show arp show auth config ports show backpressure show bootmode more Other ways to display help specifically with reference to a command or a set of commands use the TAB key The following syntax applies TAB Command string TAB First character of the command TAB For example following the syntax lis...

Page 25: ...password timeout vlan ML810 set 1 4 10 Exiting To exit from the CLI interface and terminate the console session use the logout command This command prompts to ensure that the logout was not mistakenly typed The following syntax applies logout The following example illustrates logging out from a session ML810 logout Logging out from the current session Y or N Y Connection to the host lost ...

Page 26: ...site will issue the certificate check shown below FIGURE 1 2 Security certificate Once you click Yes on the security certificate the browser will prompt you to login For the first time Login with the name manager and password manager Click on Login After a successful login the welcome screen is shown Note the different information provided on the screen and different areas The menus are used to co...

Page 27: ...re than one manager account subject to the maximum number of users on the switch being restricted to five Select the Administration User Mgmt User Accounts menu item To add a user use the add button The username must be a unique name The password is recommended to be at least 8 characters long with a mix of upper case lower case numbers and special characters In the following example below the use...

Page 28: ...ULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL ENERVISTA SECURE WEB MANAGEMENT CHAPTER 1 SPECIFICATIONS After successfully adding a user the added user is displayed in the list of users as shown below ...

Page 29: ...CIFICATIONS ENERVISTA SECURE WEB MANAGEMENT MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 1 19 To delete a user click on the delete icon as shown below The firmware will prompt to verify the delete command ...

Page 30: ...ICATIONS To modify the password view the users as described above and click on the edit icon After clicking on the edit icon the screen opens up for modifying the password In this example the user ID peter was selected for modification The password for peter will be modified after the new password is entered ...

Page 31: ...ure Web Management SWM firmware This can only be done through the CLI interface or alternately by deleting the user and adding the same user with the proper privilege level 1 5 5 Help Help for the EnerVista Secure Web Management software can be obtained by clicking on the Help icon as shown below 1 5 6 Exiting To exit or logout click on the logout button Confirm the logout by selecting OK in the p...

Page 32: ...k space 5 Manager level account name and password of the switch being upgraded 6 An internet connection Ensure the connection does not block ftp file transfers 1 6 2 Selecting the Proper Version Ensure that the proper version of the MultiLink Switch Software is installed The latest version of the firmware is available at http www GEmultilin com Connect to the ML810 and login as manager Enter the s...

Page 33: ... Return to the HyperTerminal window used in step 5 Select the Transfer Send File menu item As shown below enter the location of the new firmware file Select the Xmodem protocol Select the Send button and to begin the file transfer Once the file transfer is completed reboot the switch with the reboot command or by cycling power Login to the switch and use the show version command to verify and uplo...

Page 34: ...dress of the switch If using FTP save the configuration before proceeding GE Multilin recommends a two step update first save the configuration to the ftp server then load the new image and restart the switch refer to Saving Configuration on page 5 20 for details on saving the configuration Load the new firmware as shown below As the file is being loaded the firmware will display the transfer in p...

Page 35: ... image and restart the switch refer to Saving Configuration on page 5 20 for details on saving the configuration Load the new firmware as shown below As the file is being loaded the firmware will display the transfer in progress window Reboot the switch when the transfer is complete After reboot the firmware is ready for use ...

Page 36: ...1 26 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL ML810 FIRMWARE UPDATES CHAPTER 1 SPECIFICATIONS ...

Page 37: ...of damage and ensure that the items listed below are included This package should contain 1 Multilink ML810 Managed Edge Switch base unit configured with user selected port module options installed 2 Set of two metal vertical mounting brackets with screws to the case 1 ML810 Installation and User Guide this manual Remove the items from the shipping container Be sure to keep the shipping container ...

Page 38: ... hardened Multilink ML810 is a multi purpose Industrial Ethernet Switch The ML810 managed switches also provides a PoE option via power inside PoE base unit ML810P 48VDC on Slot A and allows the users to utilize up to 4 ports of PoE to support 802 3af Powered devices See details for PoE base unit in sec 5 1 11 The Power Sourcing Equipment PSE is fully compatible with Powered Devices PD e g wireles...

Page 39: ... cut through or express impose minimal frame latency they will also permit bad frames to propagate out to the Ethernet segments connected The cut through technique permits collision fragment frames which are a result of late collisions to be forwarded which add to the network traffic Since there is no way to filter frames with a bad CRC the entire frame must be present in order for CRC to be calcu...

Page 40: ...n S Ring fault condition Vertical mounting for efficient convection cooling no fans extended temperature Mounting brackets for vertical mounting are included DIN Rail mounting hardware is optional All types of power input 12 24 48 125 250VDC and AC The ML810 can be configured with the user s choice of DC power supplies 12V and 24V for factory floor 48V for tariffed carrier field facilities and for...

Page 41: ...WITCH INSTRUCTION MANUAL 2 5 RSTP 2004 provides reliable fast recovery from a fault in a redundant LAN which may include Multilink switches and routers as well as other vendors industry standard RSTP products Redundant topologies may include rings dual rings and complex meshes ...

Page 42: ...g Ethernet LAN network cabling must be accommodated The fiber built in media capability is ideal for integrating future proof fiber cabling into the LAN structure Figure 2 1 Multilink ML810 or ML1600 Switch for an Industrial Application Equipped with lots of useful features including hardened enclosures a wide spread of DC power supply options and extended temperature ratings qualifies the Multili...

Page 43: ...network Example 2 A managed network is needed to provide a redundant ring topology for maximum redundancy In a network where any faulty cable cable disconnection or power failure can bring the whole thing down a ring switch can be reconfigured and up and running in milliseconds The ring topology of the network consists of high speed LAN segments supported by 100Mbps full duplex future proof fiber ...

Page 44: ...olution for the video vignette environment The security features e g port security VLANs SNMPv3 secure telnet etc also boost the Multilink managed switches to provide a very effective and reliable solution The modularity feature to support both copper and fiber at either 10 100 1000Mb speeds easily meets the various speeds of legacy and future broadband requirements In a fast growing secure video ...

Page 45: ...ltiple rack assembly adequate airflow must be maintained for proper and safe operation If the equipment is mounted in an enclosed or multiple rack system placement of the equipment must not overload or load unevenly the rack system If the equipment is mounted in an enclosed or multiple rack assembly verify the equipment s power requirements to prevent overloading of the building s electrical circu...

Page 46: ...pendix B For Dual Source see Appendix C The rugged metal case of the Multilink ML810 will normally protect it from accidental damage in a lab or workplace setting Maintain an open view of the front to visually monitor the status LEDs Keep an open area around the unit so that cooling can occur from convection while the unit is in operation The ML810 has no fans so it is silent when in operation Int...

Page 47: ...ng is 100 meters 328 ft NOTE Note It is recommended that high quality CAT 5 cable be used whenever possible in order to provide flexibility in a mixed speed network since 10 100 copper switched ports are auto sensing for either 10 and 100Mb s The following procedure describes how to connect a 10BASE T or 100BASE TX twisted pair segment to the RJ 45 port The procedure is the same for both unshielde...

Page 48: ... that even though the connector is shielded either unshielded or shielded cables and wiring may be used 2 Connect the other end of the cable to the corresponding device 3 Use the LINK LED to ensure proper connectivity by noting that the LED will be illuminated when the unit is powered and proper connection is established 3 2 3 Connecting Single Mode Fiber Optic When using single mode fiber cable b...

Page 49: ... duplex fiber optic cable is coded using color bands at regular intervals you must use the color coded strand on the associated ports at each end of the fiber optic segment 3 Find the Transmit TX and Receive RX markings on the SFP transceiver to verify the top side of it Some of the transceiver marks arrow sign for up 4 Position the SFP transceiver correctly before insertion and then insert the SF...

Page 50: ...sition The DIN Rail bracket is heavy duty and will hold the ML810 securely in position even with cabling attached to the unit To release the ML810 from the DIN Rail mounting simply lift up on the bottom of the unit disengaging the DIN rail bracket from the DIN rail Once the bottom of the ML810 is rotated out the DIN Rail bracket is not engaged and the ML810 can be moved up and out free of the DIN ...

Page 51: ...ANAGED EDGE SWITCH INSTRUCTION MANUAL 3 7 Since the ML810 has special internal thermal techniques to move the heat generated by the electronic components inside into the case the case may be quite warm to the touch during normal operation Figure 3 1 Panel Wall Mounting Position 1 ...

Page 52: ...LINK ML810 CHAPTER 3 INSTALLATION The unit is mounted using the brackets as shown in the illustration above The spacing for the mounting screws into the supporting wall or panel is a rectangle 4 00 x 8 58 inches 10 20 x 21 79 cm center to center Figure 3 2 Panel Wall Mounting position 2 ...

Page 53: ...UCTION MANUAL 3 9 The unit is mounted using the brackets as shown in the illustration above The spacing for the mounting screws into the supporting wall or panel is a rectangle 2 81 x 8 58 inches 7 14 x 21 79 cm center to center Figure 3 3 Typical Panel Wall mounting of the ML810 Switch position 2 shown ...

Page 54: ...the port quantity and types in the configuration When connecting the Ethernet cabling there is no need to power down the unit Individual cable segments can be connected or disconnected without concern for power related problems or damage to the unit Power input options are available to suit the ML810 Switches to special high availability communications and or heavy industrial grade applications in...

Page 55: ...ap or a Software Security violation or an S Ring Fault causes the contact to open and thus triggers an alarm in the user s monitoring system The second NC Alarm Contact is held closed when there is power on the main board inside of the Switch This provides a Hardware Alarm labeled H W because the NC contacts will open when internal power is lost either from an external power down condition or by t...

Page 56: ...itch NOTE Note To use the Console port to configure the managed switch a serial Null modem male to male cable is required to communicate properly The Null Modem RJ45 cable is optional and can be ordered from the factory along with the unit as CONSOLE CBLQD for serial port CONSOLE CBLQU for USB port NOTE Note For Power Substations In support of the IEEE 1613 Class 2 standard GCI advises that for su...

Page 57: ...nd Forwarding Each time a packet arrives on one of the switched ports the decision is taken to either filter or to forward the packet Packets whose source and destination addresses are on the same port segment will be filtered constraining them to that one port and relieving the rest of the network from having to process them A packet whose destination address is on another port segment will be fo...

Page 58: ...ort to which they are connected be at the 100Mb fixed speed Attachments to a 10 100 auto negotiation port typically will not work properly The ML810 Switch s RJ 45 ports handle this situation by configuring the ports as per desired through MNS software port settings and can check the port status of each port after the change When Multilink ML810 RJ 45 copper ports are set for auto negotiation and ...

Page 59: ... 4 3 When operating in 100Mb half duplex mode cable distances and hop counts may be limited within that collision domain The Path Delay Value PDV bit times must account for all devices and cable lengths within that domain For Multilink ML810 Fast Ethernet switched ports operating at 100Mb half duplex the bit time delay is 50BT ...

Page 60: ...rovides for a PAUSE packet to be transmitted to the sender when the packet buffer is nearly filled and there is danger of lost packets The transmitting device is commanded to stop transmitting into the ML810 Switch port for sufficient time to let the Switch reduce the buffer space used When the available free buffer queue increases the Switch will send a RESUME packet to tell the transmitter to st...

Page 61: ...e Loss in dBm Km where the Cable Loss for 62 5 125 and 50 125μm M m is 2 8 dBm km and the Cable Loss for 100 140 Multi mode 850 nm is 3 3 dBm km and the Cable Loss for 9 125 Single mode 1310 nm is 0 5 dBm km a worst case industry number and the Cable Loss for 9 125 Single mode 1310 nm is 0 4 dBm km H4 and the Cable Loss for 9 125 Single mode 1550 nm is 0 25 dBm km H5 and the Cable Loss for 9 125 S...

Page 62: ... to two Port Modules to provide the user with up to 6 additional ports 10 total providing a wide selection of Ethernet copper and fiber media connections with 10 100 and 1000Mbps capability and up to 70km Each ML810 Port Module PM is individually described in the following sections 4 5 1 ML810 Module LED designations PWR LED ON when Power is being supplied to the unit RJ45 Standard 1 ON 100Mb OFF ...

Page 63: ...y MTRJ Fiber 1 ON Link BLINKING Activity 2 ON Full Duplex OFF Half Duplex LC Fiber 1 ON Link BLINKING Activity 2 ON Full Duplex OFF Half Duplex SC Fiber 1 ON Link BLINKING Activity 2 ON Full Duplex OFF Half Duplex ST Fiber 1 ON Link BLINKING Activity 2 ON Full Duplex OFF Half Duplex SFP Gigabit Port Fiber Copper 1 ON Link BLINKING Activity ...

Page 64: ...isted pair cable must be connected into an RJ 45 port and the Link LK indicator for that port must be ON indicating there is a powered up device at the other end of the cable in order for a LK LED to provide valid indications of operating conditions on that port Using the MultiLink ML810 Managed Edge Switch firmware the user may disable auto negotiation and fix the desired operation of each RJ 45 ...

Page 65: ... Singlemode LC Long Reach Fiber ports supporting distances up to 40km This module provides the same functions as the Multimode version see Section 5 1 3 for more details 4 5 5 ML810 C4 2 x Multimode LC 2 x RJ45 Slot C The ML810 C4 4 port Fiber Copper module provides two 100Mb Multimode LC Fiber ports and two 10 100Mb switched RJ 45 ports The Multimode LC ports support fiber optic cable distances u...

Page 66: ...n connector with both fiber strands terminated in one housing that cannot be improperly inserted Each port has a Link Activity L A LED indicating proper connectivity Link with the remote device when lit and blinking Activity indicating packets being received 4 5 8 ML810 C3 2 x Multimode MTRJ 2 x RJ45 Slot C The ML810 C3 4 port Fiber Copper module provides two 100Mb Multimode MTRJ Fiber ports and t...

Page 67: ... the Multilink ML810 Series switch It supports distances according to the 10Base FL standard up to 2km for Multimode fiber The ML810 EL 4 port Fiber module provides two 100Mb Multimode ST Fiber ports and two 10Mb Multimode ST Fiber ports This option utilizes a ST type twist lock fiber optic connection Port 1 is marked TX transmit and RX receive for clarity All other fiber ports follow this same co...

Page 68: ...full half duplex auto negotiating capability on each port The RJ 45 connector is shielded to minimize emissions and will allow both unshielded twisted pair UTP and shielded twisted pair STP cable connections When installed in a Multilink ML810 Series Managed Switch the copper ports support the standard distance of 100m on each port See Sections 5 1 2 and 5 1 9 for more details 4 5 12 ML810 C7 Slot...

Page 69: ...sions and will allow both unshielded twisted pair UTP and shielded twisted pair STP cable connections When installed in a Multilink ML810 Series Managed Switch the copper ports support the standard distance of 100m on each port 4 5 15 ML810 CD 1 x LC Multimode 3 x RJ45 Slot C The ML810 CD 4 port Fiber Copper module provides one 100Mb Multimode LC Fiber port supporting distances up to 2km and three...

Page 70: ...g power on each port to power up attached PD devices per the IEEE802 3af PoE standard The power pass through PoE ports are dependent upon the 48VDC input power to supply the PD power for these RJ45 10 100 ports Each port supplies up to 15watts to power attached PoE PD devices The LEDs on the PoE ports are slightly different compared to regular non PoE RJ45 ports When the PoE port is in use the PoE...

Page 71: ...l the PoE port LEDs are ON simultaneously to indicate a trouble condition The ports will still operate properly for data traffic to non PoE devices 4 5 21 ML810 H7 2 x Gigabit RJ45 Slot B The ML810 H7 2 port Copper Gigabit module provides two fixed 10 100 1000Mb RJ45 ports in slot B There are two LEDs provided for each Gigabit port Each Copper Gigabit port has LEDs that indicate L A Link Activity ...

Page 72: ...onnected and the cables wires have not been crimped or in some way impaired during installation About 90 of network downtime can be attributed to wiring and connector problems 3 Make sure that power is properly attached to each Multilink ML810 Switch unit Use the PWR LEDs to verify each unit is receiving power 4 If the problem is isolated to a network device other than the Multilink ML810 Switch p...

Page 73: ...K ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 4 17 4 A record of changes that have been made to your network configuration prior to the occurrence of the problem Any changes to system administration procedures should all be noted in this record ...

Page 74: ...4 18 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL TROUBLESHOOTING CHAPTER 4 OPERATION ...

Page 75: ... server to synchronize the time on the switch Use TFTP or FTP to download the configurations or upload software updates Run ping tests to test connectivity To set the IP address please refer to section 1 5 6 Setting the IP Parameters Once the IP address is set the CLI can be accessed via telnet as well as the console interface From now on all commands discussed are accessible from the command line...

Page 76: ... MANUAL IP ADDRESS AND SYSTEM INFORMATION CHAPTER 5 IP ADDRESSING Edit the IP address information Besides manually assigning IP addresses there are other means to assign an IP address automatically The two most common procedures are using DHCP and bootp ...

Page 77: ... by which the bootp software will look up the database and update the IP address and subnet mask of the switch would be as follows ML810 ht ether ha 002006250065 ip 3 94 247 41 sm 255 255 252 0 gw 3 94 244 1 hn vm rfc1048 where ML810 is a user defined symbolic name for the switch ht is the hardware type For the MultiLink family of switches set this to ether for Ethernet This tag must precede the h...

Page 78: ...ized bootp server The following example changes the boot mode of the switch ML810 set bootmode type bootp bootimg enable bootcfg disable Network application image download is enabled Network application config download is disabled Save Configuration and Restart System ML810 Alternatively the DHCP bootp manual can be enabled through the EnerVista Secure Web Management software as shown below Select...

Page 79: ...lnet client can be disabled through the command line interface by using the telnet disable command with the following syntax telnet enable disable Telnet can also be disabled for specific users with the useraccess command Refer to section 1 5 8 User Management for details Multiple telnet sessions started from the CLI interface or the command line are serviced by the ML810 in a round robin fashion ...

Page 80: ...Interval sec 3 Baud Rate 38400 Flow Control None Session Inactivity Time min 10 ML810 Users can telnet to a remote host from the MultiLink family of switches using the following syntax telnet ipaddress port port number The default port for telnet is 23 To start a telnet session through the EnerVista Secure Web Management software Select the Administration Telnet menu item The default port for teln...

Page 81: ...switch This is shown using the show session command The user operator session is then terminated using the kill session command NOTE Note A maximum of four simultaneous telnet sessions are allowed at any time on the switch The commands in these telnet windows are executed in a round robin fashion that is if one window takes a long time to finish a command the other windows may encounter a delay be...

Page 82: ...ese parameters through the serial port will cause loss of connectivity The terminal software parameters e g HyperTerminal will also have to be changed to match the new settings To see the current settings of the serial port use the show serial command to query the serial port settings as illustrated below ML810 show serial Baud Rate 38400 Data 8 Parity No Parity Stop 1 Flow Control None 5 3 2 Syst...

Page 83: ...6 Secs ML810 System variables can be changed Below is a list of system variables which GE recommends changing System Name Using a unique name helps you to identify individual devices in a network System Contact and System Information This is helpful for identifying the administrator responsible for the switch and for identifying the locations of individual switches To set these variables change th...

Page 84: ...ime 8 10 04 ML810 show timezone Timezone GMT 05hours 00minutes ML810 set date year 2005 month 5 day 11 Success in setting device date ML810 show date System Date Wednesday 15 11 2005 in mm dd yyyy format ML810 The syntax for other date and time commands are set timeformat format 12 24 set daylight country country name The following command sequence sets the daylight location ML810 set daylight cou...

Page 85: ...nc hour 0 24 min 0 59 default 24 hours sntp enable disable To set the SNTP server to be 3 94 210 5 with a time out of 3 seconds and a number of retries set to 3 times allowing the synchronization to be ever 5 hours the following sequence of commands are used ML810 sntp ML810 sntp setsntp server 3 94 210 5 timeout 3 retry 3 SNTP server is added to SNTP server database ML810 sntp sync hour 5 ML810 s...

Page 86: ...es made To add an SNTP server click the add button on the Configuration SNTP menu The menu prompts you to add IP address of an SNTP server the time out in seconds and the number of retries before the time synchronization effort is aborted The Sync Now button allows synchronization as soon as the server information is added NOTE Note If your site has internet access there are several SNTP servers a...

Page 87: ...TRUCTION MANUAL 5 13 The Time Out value is in seconds Note the time server can be a NTP server available on the Internet Ensure the IP parameters are configured for the switch and the device can be pinged by the switch Once the server is added it is listed with the other SNTP servers ...

Page 88: ...name must be a unique since overwriting files is not permitted by most ftp and tftp servers or services Only alphanumeric characters are allowed in the filename The following example illustrated how to save the configuration on a tftp server ML810 saveconf mode tftp 3 94 240 9 file ML810set Do you wish to upload the configuration Y or N Y The saveconf and loadconf commands are often used to update...

Page 89: ...al Energy Inc recommends that modifications of this file and the commands should be verified by the User in a test environment prior to use in a live production network All modifications are made at the User s own risk and are subject to the limitations of the GE MultiLink software End User License Agreement EULA Incorrect usage may result in network shutdown GE Digital Energy Inc is not liable fo...

Page 90: ... Should you want to edit edit the System portion of the file only GE Digital Energy Inc recommends editing the script file see below 2 File names cannot have special characters such as space and control characters SYSTEM Edit below this line only system_name ML810 system_contact support gemultilin com system_location Markham Ontario boot_mode manual system_ip 192 168 5 5 system_subnet 0 0 0 0 syst...

Page 91: ...ration or to view specific modules configured the show config command is used as described below Syntax show config module module name Where module name can be If the module name is not specified the whole configuration is displayed Name Areas affected system IP Configuration Boot mode Users settings e g login names passwords event Event Log and Alarm settings port Port settings Broadcast Protecti...

Page 92: ...System Manager This area configures System related information SYSTEM Edit below this line only system_name Main system_contact someone joe com system_location Markham Ontario boot_mode manual system_ip 192 168 1 15 system_subnet 0 0 0 0 system_gateway 192 168 1 11 idle_timeout 10 telnet_access enable snmp_access enable web_access enable more ...

Page 93: ... config command ML810 show config module snmp HARDWARE type ML810 slotB 8 Port TP Module Network Management This area configures the SNMPv3 agent SNMP engineid LE_v3Engine defreadcomm public defwritecomm private deftrapcomm public authtrap disable com2sec_count 0 group_count 0 view_count 1 view1_name all view1_type included view1_subtree 1 view1_mask ff more ...

Page 94: ...iguration Without a reboot the ML810 used the previous configuration When reboot is selected the user is prompted as follows Reboot Y or N Select Y The ML810 will prompt Save Current Configuration Select N ML810 show config module snmp system HARDWARE type ML810 slotB 8 Port TP Module System Manager This area configures System related information SYSTEM Edit below this line only system_name Main s...

Page 95: ...format and new v3 format The v3 format must be used to utilize the ASCII and CLI Script capability save format v2 v3 NOTE Note With release 1 7 and higher the configuration can be saved in the older format binary object or in a new format as an ASCII file The new format is recommended by GE Digital Energy Use the old format only if there are multiple MultiLink switches on the network running diffe...

Page 96: ...lication or disclosure is subject to U S Government restrictions as set forth in Sub division b 3 ii of the rights in Technical Data and Computer Software clause at 52 227 7013 This file is provided as a sample template to create a backup of GE MultiLink switches configurations As such this script provides insights into the configuration of GE MultiLink switch s settings GE Digital Energy Inc reco...

Page 97: ... address on the receiving Switch before connecting to the network After configuration changes are made all the changes are automatically saved It is a good practice to save the configuration on another server on the network using the tftp or ftp protocols Once the configuration is saved the saved configuration can be reloaded to restore the settings At this time the saved or loaded configuration p...

Page 98: ...tch 2 Config Download or Config Upload Save the configuration of the switch on the server or load the saved configuration from the server to the switch This option is used to save a backup of the ML810 configuration or restore the configuration in case of a disaster 3 Script Download or Script Upload Save the necessary CLI commands used for configuration of the switch or upload the necessary CLI c...

Page 99: ...te saving changes made after adding an SNTP server This is done by clicking on the Save icon to save current configuration 5 4 7 Host Names Instead of typing in IP addresses of commonly reached hosts the ML810 allows hosts to be created with the necessary host names IP addresses user names and passwords Use the Configuration Access Host menu to create host entries as shown below ...

Page 100: ...26 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL SYSTEM CONFIGURATION CHAPTER 5 IP ADDRESSING To add a host click the Add button Fill in all the fields below to create the necessary host entries ...

Page 101: ...shown above 5 4 8 Erasing Configuration Kill Config option using SWM To erase the configuration and reset the configurations to factory defaults you can use the kill config option from Administration tab by selecting kill config NOTE Note User also has the option to save one module from defaulting back to factory defaults by checking the module box before issuing kill Config command ...

Page 102: ...s issued by pressing the OK button the Switch will perform a factory dump restoring all the Switch settings back to factory defaults except for the System settings which will be retained When the OK button is pressed the Switch will issue the following warning messages and reboot the switch for it to revert back to the factory default settings with the exceptions of modules opted not to be default...

Page 103: ...save module command The kill Config command will default all the Switch settings back to factory defaults while the kill config save module will default all with the exception of module selected Available modules are system user acces port vlan ps mirror lacp slp and igmp Name Areas affected System IP Configuration Boot mode User Users settings e g login names passwords Port Port settings Broadcas...

Page 104: ...configuration using the kill config command and the second example illustrates how to erase all the Switch s configuration with the exception of system configuration ML810 kill config Do you want to erase the configuration Y or N Y Successfully erased configuration Please reboot ML810 kill config save system Do you want to erase the configuration Y or N Y Successfully erased configuration Please r...

Page 105: ...ernet OC 12 ATM etc and at the same time still be efficient on low bandwidth networks e g wireless In addition it provides a platform for the new level of internet functionality that will be required in the near future IPv6 includes a transition mechanism designed to allow users to adopt and deploy it in a highly diffuse fashion and to provide direct interoperability between IPv4 and IPv6 hosts Th...

Page 106: ...for the node A single interface may be assigned multiple IPv6 addresses of any type There are three types of IPv6 addresses These are unicast anycast and multicast Unicast addresses identify a single interface Anycast addresses identify a set of interfaces such that a packet sent to an anycast address will be delivered to one member of the set Multicast addresses identify a group of interfaces suc...

Page 107: ...IPv6 station Example telnet fe80 220 6ff fe25 ed80 Besides if the end station supports IPv6 addressing as most Linux and Windows systems do one can access the switch using the IPv6 addressing as shown in the example below http fe80 220 6ff fe25 ed80 ML810 ipconfig ipconfig Configures the system IP address subnet mask and gateway Usage ipconfig ip ipaddress mask subnet mask dgw gateway ML810 ipconf...

Page 108: ...y add del configure an IPv6 address The add delete option can be used to add or delete IPv4 IPv6 addresses Syntax show ipconfig display the IP configuration information including IPv6 address Syntax ping6 IPv6 address pings an IPv6 station Syntax show ipv6 displays the IPv6 information Syntax ftp IPv6 address ftp to an IPv6 station Syntax telnet IPv6 address telnet to an IPv6 station ...

Page 109: ...enticating against an allowed MAC address as well as IP address 6 1 2 Set Passwords The MultiLink ML810 Managed Edge Switch has a factory default password for the manager as well as the operator account Passwords can be changed from the user ID by using the set password command For example ML810 set password Enter Current Password Enter New Password Confirm New Password Password has been modified ...

Page 110: ...nauthorized packets are dropped preventing access to the network NOTE Note Network security hinges on the ability to allow or deny access to network resources This aspect of secure network services involves allowing or disallowing traffic based on information contained in packets such as the IP address or MAC address Planning for access is a key architecture and design consideration For example wh...

Page 111: ...can be configured to 1 Auto learn the MAC addresses 2 Specify individual MAC addresses to allow access to the network 3 Validate or change the settings The command syntax for the above actions are allow mac address list range port num list range learn port number list enable disable show port security action port num list range none disable drop signal port num list range none log trap logandtrap ...

Page 112: ...the MAC addresses Note that a maximum of 200 MAC addresses can be learned per port to a maximum of 500 per switch Also the action on the port must be set to none before the port learns the MAC address information ML810 port security action port 1 2 none ML810 port security learn port 1 2 enable The following command sequence enables and disables port security ML810 port security ps enable Port Sec...

Page 113: ...NE ENABLE 6 00 e0 29 2a f1 bd 00 01 03 e2 27 89 00 07 50 ef 31 40 00 e0 29 22 15 85 00 03 47 ca ac 45 00 30 48 70 71 23 2 ENABLE NONE NONE DISABLE 0 Not Configured 3 ENABLE NONE NONE DISABLE 0 Not Configured 4 ENABLE NONE NONE DISABLE 0 Not Configured 5 ENABLE NONE NONE DISABLE 0 Not Configured 6 ENABLE NONE NONE DISABLE 0 Not Configured ML810 port security Example 6 2 Enabling learning on a port ...

Page 114: ... software to allow port security commands use the port security command Enable port security use the enable ps command Enable learning on the required ports for example use the learn port 3 enable command for port 3 Verify learning is enables and MAC addresses are being learnt on required ports use the show port security port 3 command Save the port security configuration use the save command Exam...

Page 115: ...eeded to allow designated devices to access the network use the add mac 00 c1 00 7f ec 00 port 3 5 command Disable access to the network for unauthorized devices Use action port 3 diable drop depending on whether the port should be disabled or the packed dropped Follow that with a show port security command to verify the setting Optional step Set the notification to notify the management station o...

Page 116: ...nabled ML810 port security learn port 3 enable Port Learning Enabled on selected port s ML810 port security show port security PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS 1 ENABLE LOG NONE ENABLE 6 00 e0 29 2a f1 bd 00 01 03 e2 27 89 00 07 50 ef 31 40 00 e0 29 22 15 85 00 03 47 ca ac 45 00 30 48 70 71 23 2 ENABLE NONE NONE DISABLE 0 Not Configured 3 ENABLE NONE NONE ENABLE 0 00 c1 00 7f ec 00...

Page 117: ... size is 50 rows To change the log size use the set logsize command When the switch detects an intrusion attempt on a port it records the date and time stamp the MAC address the port on which the access was attempted and the action taken by ML810 software The event log lists the most recently detected security violation attempts This provides a chronological entry of all intrusions attempted on a ...

Page 118: ...behaved unexpectedly 6 2 4 Authorized Managers Just as port security allows and disallows specific MAC addresses from accessing a network the ML810 software can allow or block specific IP addresses or a range of IP addresses to access the switch The access command allows access to configuration mode access The allow ip command allows specified services for specified IP addresses IP addresses can b...

Page 119: ...et mask is used An older station with IP address 3 94 245 15 is removed Example 6 7 Allowing blocking specific IP addresses ML810 access ML810 access allow ip 3 94 245 10 mask 255 255 255 0 service tel Service s allowed for specified address ML810 access allow ip 3 94 245 25 mask 255 255 255 255 service t Service s allowed for specified address ML810 access remove ip 3 94 245 15 mask 255 255 255 2...

Page 120: ...ling the EnerVista Secure Web Management software Select the Configuration Port Security menu item to configure port security as shown below From the menu shown above each individual port can be configured for the proper action on the port auto learn MAC addresses and specify individual MAC addresses To edit each port click on the edit icon To enable or disable port security use the Status drop do...

Page 121: ... 1 The port can be specified to create a log entry or send a trap do both or do nothing This is done through the Signal Status drop down menu 2 The port can be specified to drop the connection disable the port or do nothing This is indicated by the Action Status drop down menu 3 The port can be put in the learn mode or the learning can be disabled This is indicated by the Learn Status drop down me...

Page 122: ...C addresses per port and 500 MAC addresses per switch for port security After clicking on the Add button the following screen appears allowing the entry of a specific MAC address Once port security is setup it is important to manage the log and review it often If the signals are sent to the trap receiver the traps should also be reviewed for intrusion and other infractions ...

Page 123: ...tects an intrusion on a port it sets an alert flag for that port and makes the intrusion information available NOTE Note The default log size is 50 rows To change the log size select the Configuration Statistics Log Statistics menu item When the switch detects an intrusion attempt on a port it records the date and time stamp the MAC address the port on which the access was attempted and the action...

Page 124: ...ista Secure Web Management software can allow or block specific IP addresses or a range of IP addresses to access the switch Access this functionality via the Configuration Access IP Access menu item The window above show the authorized access list for managing the switch Note specific services can be authorized Also note that individual stations or a group of stations with IP addresses can be aut...

Page 125: ...CHAPTER 6 ACCESS CONSIDERATIONS CONFIGURING PORT SECURITY WITH ENERVISTA SOFTWARE MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 6 17 ...

Page 126: ...6 18 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL CONFIGURING PORT SECURITY WITH ENERVISTA SOFTWARE CHAPTER 6 ACCESS CONSIDERATIONS ...

Page 127: ...should be allowed access or not provides the same issues as to whether or not a dial in user should be allowed access into the network or not A user has to provide a user name and password for authenticated access A RADIUS server is well suited for controlling access into a network by managing the users who can access the network on a RADIUS server Interacting with the server and taking corrective...

Page 128: ...hese services starts with an EAPOL Start frame 2 The authenticator MultiLink ML810 Managed Edge Switch upon receiving an EAPOL start frame sends a response with an EAP Request Identity frame back to the supplicant This will inform the supplicant to provide its identity 3 The supplicant then sends back its own identification using an EAP Response Identity frame to the authenticator MultiLink ML810 ...

Page 129: ... supports both EAPOL and EAP over RADIUS to communicate to a standard 802 1x supplicant and RADIUS authentication server The ML810 software authenticator has the following characteristics Allows control on ports using STP based hardware functions EAPOL frames are Spanning Tree Protocol STP link Bridge PDUs BPDU with its own bridge multicast address Relays MD5 challenge although not limited to auth...

Page 130: ...ptional and represents the timeout in seconds the authenticator waits for the supplicant to respond back The default value is 30 seconds and values can range from 1 to 240 seconds The servertimeout argument is optional and represents the timeout in seconds the authenticator waits for the back end RADIUS server to respond The default value is 30 seconds and can range from 1 to 240 seconds The maxre...

Page 131: ...nd sets the ports to be configured The status argument is optional and enables disables re authentication The period argument is optional and represents the re authentication period This is the time in seconds the authenticator waits before a re authentication process will be performed again to the supplicant The default value is 3600 seconds 1 hour and values range from 10 to 86400 seconds The sh...

Page 132: ...enticator is enabled ML810 auth show auth ports Port Status Control Initialize Current State 1 Enabled Auto Deasserted Authorized 2 Enabled ForcedAuth Asserted Unauthorized 3 Enabled Auto Deasserted Authorized 4 Enabled Auto Deasserted Unauthorized 5 Enabled Auto Deasserted Unauthorized 6 Enabled Auto Deasserted Unauthorized Port not available ML810 auth show auth config 802 1X Authenticator Confi...

Page 133: ... 60 2 30 continued on following page This command sets timeout characteristics and the number of requests before access is denied The authenticator waits for the supplicant to respond back for 45 seconds the authenticator waits for 60 seconds for the back end RADIUS server to respond back and the authenticator will retransmit an EAP request packet 5 times to the Supplicant before it times out the ...

Page 134: ...ticating 3 authAuthSuccessesWhileAuthenticating 2 authAuthTimeoutsWhileAuthenticating 0 authAuthFailWhileAuthenticating 0 authAuthReauthsWhileAuthenticating 0 authAuthEapStartsWhileAuthenticating 1 authAuthEapLogoffWhileAuthenticating 0 authAuthReauthsWhileAuthenticated 0 authAuthEapStartsWhileAuthenticated 0 authAuthEapLogoffWhileAuthenticated 0 backendResponses 5 backendAccessChallenges 2 backen...

Page 135: ... menu item First select the server Do not enable RADIUS capabilities until you have ensured that the ports are configured properly After the ports are configured enable RADIUS Also ensure that the port connected to the RADIUS server or the network where the RADIUS server is connected to is not an authenticated port The following window shows the configuration of a RADIUS Server Initially the RADIU...

Page 136: ...can be left blank and the default port 1812 is used After configuring the server information specific port information is configured Select the Configuration Radius Port Set menu item to configure the RADIUS characteristics of each port To edit the port settings click on the edit icon Ensure that the port which has the RADIUS server is force authorized and asserted For other ports user ports it is...

Page 137: ...the Configuration Radius Port Access menu item The Quiet Period column represents the time in seconds the supplicant is held after an authentication failure before the authenticator retries the supplicant for connection The value ranges from 0 to 65535 seconds with a default of 60 The Max Reauth column shows the permitted reauthentication attempts before the port becomes unauthorized Values are in...

Page 138: ...he ML810 and the RADIUS Server are defined through the Configuration Radius Port Access Backend menu item The Supp Timeout column represents the timeout the authenticator waits for the supplicant to respond The values range from 1 to 240 seconds with a default of 30 The Server Timeout column represents the timeout the authenticator waits for the backend RADIUS server to respond The values range fr...

Page 139: ...itch does the re authentication with the supplicant or PC These are defined through the Configuration Radius Port Access Reauth menu item The Reauth Period represents the time the authenticator waits before a re authentication process will be done again to the supplicant Values range from 10 to 86400 seconds with a default of 3600 1 hour The Configuration Radius Port Stats menu item illustrates th...

Page 140: ...ONFIGURING 802 1X WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE CHAPTER 7 ACCESS USING RADIUS After all the port characteristics are enabled Do not forget to save the configuration using the save icon and enabling RADIUS from the Configuration Radius Server menu ...

Page 141: ...ontrol protocol originally developed by BBN for the MILNET Military Network XTACACS is now replaced by TACACS TACACS is a TCP based access control protocol TCP offers a reliable connection oriented transport while UDP offers best effort delivery TACACS improves on TACACS and XTACACS by separating the functions of authentication authorization and accounting and by encrypting all traffic between the...

Page 142: ...user has operator access or manager privileges 8 1 3 TACACS Packet Packet encryption is a supported and is a configurable option for the ML810 software When encrypted all authentication and authorization TACACS packets are encrypted and are not readable by protocol capture and sniffing devices such as EtherReal or others Packet data is hashed and shared using MD5 and secret string defined between ...

Page 143: ...mpatibility Packet type Possible values are TAC_PLUS_AUTHEN 0x01 authentication TAC_PLUS_AUTHOR 0x02 authorization TAC_PLUS_ACCT 0x03 accounting Sequence number The sequence number of the current packet for the current session Flags This field contains various flags in the form of bitmaps The flag values signify whether the packet is encrypted Session ID The ID for this TACACS session Length The t...

Page 144: ...five TACACS servers tacserver add delete id num ip ip addr port tcp port encrypt enable disable key string The add delete argument is mandatory and specifies whether to add or delete a TACACS server The id argument is mandatory and sets the order to poll the TACACS servers for authentication The ip argument is mandatory for adding and defines the IP address of the TACACS server The port argument i...

Page 145: ... tacplus status TACACS Status Disabled ML810 user tacplus enable TACACS Tunneling is enabled ML810 user tacserver add id 2 ip 10 21 1 123 encrypt enable key TACACS server is added ML810 user show tacplus servers ID TACACS Server Port Encrypt Key 1 10 21 1 170 1 Enabled secret 2 10 21 1 123 1 Enabled some 3 4 5 ML810 user tacserver delete id 2 TACACS server is deleted ML810 user show tacplus server...

Page 146: ... WEB MANAGEMENT SOFTWARE CHAPTER 8 ACCESS USING TACACS 8 3 Configuring TACACS with EnerVista Secure Web Management software To access the TACACS servers select the Administration User Mgmt TACACS menu item By default no TACACS servers are defined To add a server click on the Add button as shown below ...

Page 147: ...MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 8 7 Note that the TCP port field can be left blank port 49 is used as a default port Up to five TACACS servers can be defined After the configuration is completed Save the settings Enable the TACACS services by using the Status drop down menu ...

Page 148: ...8 8 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL CONFIGURING TACACS WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE CHAPTER 8 ACCESS USING TACACS ...

Page 149: ...n thresholds An Ethernet switch sends traffic from one port to another port Unlike a switch a hub or a shared network device the traffic is broadcast on each and every port Capturing traffic for protocol analysis or intrusion analysis can be impossible on a switch unless all the traffic from a specific port is reflected on another port typically a monitoring port The MultiLink ML810 Managed Edge S...

Page 150: ...s and disables port mirroring prtmr enable disable The sequence below illustrates how port 1 is mirrored on port 2 Any traffic on port 1 is also sent on port 2 ML810 show port mirror Sniffer Port 0 Monitor Port 0 Mirroring State disabled ML810 port mirror ML810 port mirror setport monitor 1 sniffer 2 Port 1 set as Monitor Port Port 2 set as Sniffer Port ML810 port mirror prtmr enable Port Mirrorin...

Page 151: ...able lla enable disable The arguments for the setport command are defined as follows The device argument sets up the MultiLink ML810 Managed Edge Switch in the device configuration mode The name argument assigns a specific name to the port This name is a designated name for the port and can be a server name user name or any other name The speed argument sets the speed to be 10 or 100 Mbps This wor...

Page 152: ...et to match the port configuration on the other device Possible port setting combinations for copper ports are 10HDx 10 Mbps half duplex 10FDx 10 Mbps full duplex 100HDx 100 Mbps half duplex 100FDx 100 Mbps full duplex Possible port settings for 100FX fiber ports are 100FDx default 100 Mbps full duplex 100HDx 100 Mbps half duplex NOTE Note To change the port speed on a transceiver port it is requi...

Page 153: ...ed flow control mechanisms The default state is disabled When enabled the port uses 802 3 Layer 2 back off algorithms Back pressure based congestion control is possible only on half duplex 10 Mbps Ethernet ports Other technologies are not supported on the MultiLink ML810 Managed Edge Switch backpressure rxthreshold value where the rxthreshold value can be from 4 to 30 default is 28 Back pressure a...

Page 154: ...uto VlanID GVRP STP 1 B1 E H 10Tx UP 10 No E 1 2 B2 E H 10Tx DOWN 10 No E 1 3 JohnDoe E H 10Tx DOWN 10 No E 1 4 JaneDoe E H 10Tx DOWN 10 No E 1 5 B5 E F 100Tx UP 100 No E 1 6 B6 E H 10Tx DOWN 10 No E 1 ML810 device show port 11 Configuration details of port 11 Port Name JohnDoe Port Link State DOWN Port Type TP Port Port Admin State Enable Port VLAN ID 1 Port Speed 10Mbps Port Duplex Mode half dup...

Page 155: ...rface will be dropped until the storm is determined to be over The storm is determined to be over when a one second period elapses with no broadcast packets received Back pressure and flow control continued ML810 device show port Keys E Enable D Disable H Half Duplex F Full Duplex M Multiple VLAN s NA Not Applicable LI Listening LE Learning F Forwarding B Blocking Port Name Control Dplx Media Link...

Page 156: ...s broadcast protect enable disable The rate threshold command set the rate limit in frames per second rate threshold port port list range rate frames sec The show broadcast protect command displays the broadcast storm protection settings show broadcast protect In Example 9 3 the broadcast protection is turned on The threshold for port 11 is then set to a lower value of 3500 broadcast frames second...

Page 157: ...9 3 Preventing broadcast storms ML810 device ML810 device show broadcast protect PORT STATUS THRESHOLD frms sec CURR RATE frms sec ACTIVE 1 Disabled 19531 0 NO 2 Disabled 19531 0 NO 3 Disabled 19531 0 NO 4 Disabled 19531 0 NO 5 Disabled 19531 0 NO 6 Disabled 19531 0 NO ML810 device broadcast protect enable Broadcast Storm Protection enabled ML810 device show broadcast protect PORT STATUS THRESHOLD...

Page 158: ...ort port 3 lla disable ML810 device show port 3 Configuration details of port 3 Port Name JohnDoe Port Link State DOWN Port Type TP Port Port Admin State Enable Port VLAN ID 1 Port Speed 100Mbps Port Duplex Mode half duplex Port Auto negotiation State Enable Port STP State NO STP Port GVRP State No GVRP Port Priority Type None Port Security Enable Port Flow Control Enable Port Back Pressure Enable...

Page 159: ...ista Secure Web Management software 9 4 1 Commands Monitoring a specific port can be done by port mirroring Mirroring traffic from one port to another port allows analysis of the traffic on that port To enable port mirroring as well as setting up the ports to be sniffed Select the Configuration Port Mirroring menu item Set the sniffer port and the port on which the traffic is reflected ...

Page 160: ...gy recommends that the port mirroring be disabled using the Edit button and setting the Mirror Status to off once port monitoring is completed Note that 1 Only one port can be set to port mirror at a time 2 Both the ports monitored port and mirrored port have to belong to the same VLAN 3 The mirrored port shows both incoming as well as outgoing traffic 9 4 2 Port Setup With the ML810 the specific ...

Page 161: ...AGEMENT SOFTWARE MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 9 13 Select a specific port by using the edit icon in the Configuration Port Settings menu Click the edit icon to open the following window In these windows Port Number represents the port number on the switch ...

Page 162: ...w Priority displays the priority set for the port This value cannot be edited in this window The VLAN ID displays the VLAN set for the port This value cannot be edited in this window The STP State displays the STP settings for the port This value cannot be edited in this window The Tagged State displays the Tag settings on the port This value cannot be edited in this window The GVRP State displays...

Page 163: ... used Storms can reduce network performance and cause bridges routers workstations servers and PCs to slow down or even crash The ML810 is capable of detecting and limiting storms on each port A network administrator can also set the maximum rate of broadcast packets frames that are permitted from a particular interface If the maximum number is exceeded a storm condition is declared Once it is det...

Page 164: ...URE WEB MANAGEMENT SOFTWARE CHAPTER 9 PORT MIRRORING AND SETUP See details in Broadcast Storms on page 9 7 to determine the threshold level After changes are made do not forget to save the changes using the save icon If the switch is rebooted before the changes are made the changes will be lost ...

Page 165: ... 802 1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames VLANs provide the capability of having two or more Ethernet segments co exist on common hardware The reason for creating multiple segments in Ethernet is to isolate broadcast domains VLANs can isolate groups of users or divide up traffic for security bandwidth management etc VLANs are...

Page 166: ... VLANs As shown below ports can belong to multiple VLANs In this figure a simplistic view is presented where some ports belong to VLANs 1 2 and other ports belong to VLANs 2 3 Ports can belong to VLANs 1 2 and 3 This is not shown in the figure FIGURE 10 2 Ports assigned to multiple VLANs By default on the MultiLink ML810 Managed Edge Switch VLAN support is enabled and all ports on the switch belon...

Page 167: ... switches allowing VLAN information to span multiple switches As described earlier VLAN is an administratively configured LAN or broadcast domain Instead of going to the wiring closet to move a cable to a different LAN segment the same task can be accomplished remotely by configuring a port on an 802 1Q compliant switch to belong to a different VLAN The ability to move end stations to different br...

Page 168: ...ant If they receive a tagged frame they will not understand the VLAN tag and will drop the frame In situations like these its best to use port based VLANs for connecting to these devices Sometimes a port may want to listen to broadcasts across different VLANs or propagate the VLAN information on to other ports This port must thus belong to multiple VLANs so that the broadcast information reaches t...

Page 169: ...will result from configuring VLANs Include consideration for the interaction between VLANs 2 Configure at least one VLAN in addition to the default VLAN 3 Assign the desired ports to the VLANs 4 Decide on trunking strategy how will the VLAN information be propagated from one switch to another and also what VLAN information will be propagated across 5 Layer 3 consideration check to see if the routi...

Page 170: ...following command sequence shows how to configure VLANs on a MultiLink ML810 Managed Edge Switch ML810 vlan type port ML810 port vlan add id 2 name test port 1 7 ML810 port vlan start vlan all ML810 port vlan save Saving current configuration Configuration saved To move Management Control on any VLAN add id vlan Id name vlan name port number list range Forbid number list range mgt nomgt To enable ...

Page 171: ...cal topology that will result from configuring VLANs Include consideration for the interaction between VLANs 2 Configure at least one VLAN in addition to the default VLAN 3 Assign the desired ports to the VLANs 4 Decide on trunking strategy how will the VLAN information be propagated from one switch to another and also what VLAN information will be propagated across 5 Layer 3 consideration check t...

Page 172: ...ED EDGE SWITCH INSTRUCTION MANUAL CONFIGURING PORT VLANS WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE CHAPTER 10 VLAN The currently assigned Port VLANs are displayed as follows Select the Configuration VLAN Port Based menu item ...

Page 173: ...RE WEB MANAGEMENT SOFTWARE MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 10 9 As discussed above ports 1 2 3 5 6 7 and 8 still belong to default VLAN We will now add another VLAN with VID 40 and VLAN name Support Add the ports Define the VLAN Click OK ...

Page 174: ...ANAGEMENT SOFTWARE CHAPTER 10 VLAN After adding the VLAN the VLAN is not active Activating the VLAN has to be done manually To activate the VLAN click on the Status button Select VLAN ID Select VLAN Status Start A specific VLAN can be activated or all VLANs can be activated or disabled Click OK to activate VLAN ...

Page 175: ...ILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 10 11 After activation note that ports 1 to 3 belong to the new VLAN The VLAN membership of the ports assigned to VLAN 40 now indicates that they are only members of VLAN 40 The default VLAN membership has been terminated on VLAN activation ...

Page 176: ...ort port number list range filter status enable disable The tagging id and status parameters define whether the outgoing packets from a port will be tagged or untagged This definition is on a per VLAN basis For example the command set port port 1 tagging id 10 status tagged will instruct the switch to tag all packets going out of port 1 to belong to VLAN 10 set port port number list range tagging ...

Page 177: ...ord of caution when Tag VLAN filtering is enabled there can be serious connectivity repercussions the only way to recover from that it is to reload the switch without saving the configuration or by modifying the configuration from the console serial port 2 There can be either Tag VLAN or Port VLAN Both VLANs cannot co exit at the same time 3 There can only be one default VLAN for the switch The de...

Page 178: ...OWN VLAN ID 20 Name sales Status Active PORT STATUS 2 DOWN VLAN ID 30 Name marketing Status Active PORT STATUS 3 DOWN VLAN ID 40 Name Support Status Active PORT STATUS 4 UP ML810 port vlan stop vlan all All active VLAN s stopped ML810 port vlan exit ML810 set vlan type tag VLAN set to Tag based ML810 show active vlan Tag VLAN is currently active ML810 show vlan type tag To switch to Tag VLAN the p...

Page 179: ...lan edit id 10 name engineering port 3 5 Tag based vlan edited Successfully Vlan id 10 Vlan name engineering Ports 3 5 ML810 tag vlan add id 20 name sales port 3 5 Tag based vlan Added Successfully Vlan id 20 Vlan name sales Ports 3 5 ML810 tag vlan add id 20 name marketing port 3 5 ERROR Duplicate Vlan Id ML810 tag vlan add id 30 name marketing port 3 5 Tag based vlan Added Successfully Vlan id 3...

Page 180: ...gineering Status Pending PORT MODE STATUS 3 UNTAGGED DOWN 4 UNTAGGED DOWN 5 UNTAGGED DOWN VLAN ID 20 Name sales Status Pending PORT MODE STATUS 3 UNTAGGED DOWN 4 UNTAGGED DOWN 5 UNTAGGED DOWN VLAN ID 30 Name marketing Status Pending PORT MODE STATUS 3 UNTAGGED DOWN 4 UNTAGGED DOWN 5 UNTAGGED DOWN ML810 tag vlan start vlan all All pending VLAN s started ML810 tag vlan set port port 3 5 filter statu...

Page 181: ...LAN ID 30 Name marketing Status Active PORT MODE STATUS 3 UNTAGGED DOWN 4 UNTAGGED DOWN 5 UNTAGGED DOWN ML810 tag vlan set port port 3 5 tagging id 10 status tagged Port tagging enabled ML810 tag vlan set port port 3 5 tagging id 20 status tagged Port tagging enabled ML810 tag vlan set port port 3 5 tagging id 30 status tagged Port tagging enabled ML810 tag vlan show vlan type tag VLAN ID 1 Name D...

Page 182: ...ued PORT MODE STATUS 1 UNTAGGED UP 2 UNTAGGED DOWN 6 UNTAGGED DOWN 7 UNTAGGED UP VLAN ID 10 Name engineering Status Active PORT MODE STATUS 3 TAGGED DOWN 4 TAGGED DOWN 5 TAGGED DOWN VLAN ID 20 Name sales Status Active PORT MODE STATUS 3 TAGGED DOWN 4 TAGGED DOWN 5 TAGGED DOWN VLAN ID 30 Name marketing Status Active PORT MODE STATUS 3 TAGGED DOWN 4 TAGGED DOWN 5 TAGGED DOWN ...

Page 183: ...CAUTION There can be serious connectivity repercussions when Tag VLAN filtering is enabled The only way to recover from this it is to reload the switch without saving the configuration or by modifying the configuration from the console serial port The ML810 can be configured for either Tag VLAN or Port VLAN Both VLANs cannot co exit at the same time There can only be one default VLAN for the switc...

Page 184: ...APTER 10 VLAN Click on the Add button Now add the necessary VLANs In the example below add the VLANs in the following manner VLAN 1 All ports default VLAN VLAN 10 Engineering VLAN ports 2 3 4 VLAN 20 Support VLAN ports 4 5 note that port 4 belongs to VLAN 10 20 VLAN 30 Marketing VLAN ports 5 6 note that port 5 belongs to VLAN 20 30 ...

Page 185: ...d defining the VLAN click OK Click on Port Settings in the Configuration VLAN Tag Based menu and enable the tagging for each port Repeat the last two steps for each of the ports and each of the VLANs click on port settings and enable the tag on the port After all the ports are tagged the tagged column should change to Yes for all VLANs To check the status of the tagging ...

Page 186: ... MANUAL CONFIGURING TAG VLANS WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE CHAPTER 10 VLAN Select the Configuration VLAN Tag Based Tagging menu To activate the VLAN Click on the Status button under the Configuration VLAN Tag Based Settings menu Click OK ...

Page 187: ...s can be viewed from the Configuration VLAN Tag Based Tagging menu To add or delete specific ports from a VLAN Click on Join Leave button from the Configuration VLAN Tag Based Settings menu and specify the action In the example below we will take port 2 and assign it to leave VLAN 10 After the action is completed note that port 2 will belong to VLAN 1 only ...

Page 188: ...AG VLANS WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE CHAPTER 10 VLAN To enable the filter capability for each port use the Configuration VLAN Tag Based Settings menu as shown below Use the Configuration VLAN Tag Based Filter menu to view the filter information for the ports ...

Page 189: ...ith GVRP this process can be automated It is critical that all switches share a common VLAN This VLAN typically is the default VLAN VID 1 on most switches and other devices GVRP uses GVRP Bridge Protocol Data Units GVRP BPDUs to advertise static VLANs We refer to GVRP BPDU is as an advertisement GVRP enables the MultiLink ML810 Managed Edge Switch to dynamically create 802 1q compliant VLANs on li...

Page 190: ...RE 11 1 GVRP operation Switch 1 with static VLANs VID 1 2 and 3 Port 2 is a member of VIDs 1 2 and 3 1 Port 2 advertises VIDs 1 2 and 3 2 On Switch 2 Port 1 receives advertisement of VIDs 1 2 and 3 AND becomes a member of VIDs 1 2 and 3 3 As discussed above a GVRP enabled port can forward advertisement for a VLAN it learnt about So port 3 advertises VIDs 1 2 and 3 but port 3 is NOT a member of VID...

Page 191: ... packets to pass through A GVRP aware port receiving advertisements has these options If there is no static VLAN with the advertised VID on the receiving port then dynamically create a VLAN with the same VID as in the advertisement and allow that VLAN s traffic If the switch already has a static VLAN with the same VID as in the advertisement and the port is configured to learn for that VLAN then t...

Page 192: ...ward the advertisement it receives Block Prevents the port from dynamically joining a VLAN that is not statically configured on the switch The port will still forward advertisements that were received by the switch on other ports Block should typically be used on ports in insecure networks where there is exposure to attack such as ports where intruders can connect Disable Causes the port to ignore...

Page 193: ... for as long as the port continues to receive advertisements of that VLAN from another device connected to that port or until you Convert the VLAN to a static VLAN Reconfigure the port to Block or Disable Disable GVRP Reboot the switch The time to live for dynamic VLANs is 10 seconds That is if a port has not received an advertisement for an existing dynamic VLAN during the last 10 seconds the por...

Page 194: ...amic VLAN must be converted to a static VLAN before it can have an IP address After converting a dynamic VLAN to a static VLAN use the save command to save the changes made on a reboot the changes can be lost without the save command Within the same broadcast domain a dynamic VLAN can pass through a device that is not GVRP aware This is because a hub or a switch that is not GVRP aware will flood t...

Page 195: ...ML810 gvrp gvrp disable GVRP is now disabled ML810 gvrp gvrp enable GVRP enabled ML810 gvrp show vlan VLAN ID NAME VLAN STATUS 1 Default VLAN Static Active 2 Blue Static Active 6 dyn6 Dynamic Active ML810 gvrp static vlan 10 ML810 gvrp show vlan VLAN ID NAME VLAN STATUS 1 Default VLAN Static Active 2 Blue Static Active 6 dyn6 Static Active ML810 gvrp set forbid vlan 2 forbid 3 5 ML810 gvrp show fo...

Page 196: ...red in the VLAN context Since dynamic VLANs operate as tagged VLANs and it is possible that a tagged port on one device may not communicate with an untagged port on another device GE Digital Energy recommends that you use tagged VLANs for the static VLANs A dynamic VLAN continues to exist on a port for as long as the port continues to receive advertisements of that VLAN from another device connect...

Page 197: ...dant paths Enabling STP is necessary to avoid loops and duplicate messages This duplication leads to a broadcast storm or other erratic behavior that can bring down the network As recommended in the IEEE 802 1Q VLAN standard the MultiLink ML810 Managed Edge Switch uses single instance STP This means a single spanning tree is created to make sure there are no network loops associated with any of th...

Page 198: ...ation on the variables By default STP is disabled To use STP it has to be manually enabled Table 12 1 STP default values Variable or attribute Default value STP capabilities Disabled Reconfiguring general operation priority 32768 Bridge maximum age 20 seconds Hello time 2 seconds Forward delay 15 seconds Reconfiguring per port STP path cost 0 Priority 32768 Mode Normal Monitoring of STP Not availa...

Page 199: ...m listening to learning states and from learning to forwarding states The value ranges from 4 to 30 seconds with a default of 15 Bridge Hello Time When the switch is the root device this is the time between messages being transmitted The value is from 1 to 10 seconds with a default of 2 Bridge Max Age This is the maximum time a message with STP information is allowed by the switch before the switc...

Page 200: ...ted in this example are defined as follows Port indicates the port number Value ranges from 01 to max number of ports in the switch Type indicates the type of port TP indicates Twisted Pair Example 12 1 Viewing STP configuration ML810 show stp config RSTP CONFIGURATION Rapid STP STP Enabled Global NO RSTP STP Enabled Ports 1 2 3 4 5 6 7 Protocol Normal RSTP Bridge ID 80 00 00 00 00 00 00 00 Bridge...

Page 201: ...p command and use the stp enable or stp disable command To stp command enters STP configuration mode stp The enable and disable parameters start enable or stop disable STP stp enable disable The stp and rstp parameters set the spanning tree protocol to be IEEE 802 1d or 802 1w Rapid Spanning Tree Protocol set stp type stp rstp The show active stp command display which version of STP is currently a...

Page 202: ...ML810 stp ERROR Invalid Command ML810 set stp type stp STP Mode set to STP ML810 stp ML810 stp stp enable Successfully set the STP status ML810 stp show stp config STP CONFIGURATION Spanning Tree Enabled Global YES Spanning Tree Enabled Ports YES 1 2 3 4 5 6 7 Protocol Normal STP Bridge ID 80 00 00 20 06 2b e1 54 Bridge Priority 32768 Bridge Forward Delay 15 Bridge Hello Time 2 Bridge Max Age 20 R...

Page 203: ...68 cost port number list range value 0 65535 The port command assigns ports to STP If you are unsure let the software make the decisions The status parameter enables or disables a port from participating in STP discovery Its best to only allow trunk ports to participate in STP End stations need not participate in STP process port port number list range status enable disable The timers command chan...

Page 204: ...abled Ports YES 1 2 3 4 5 6 7 Protocol Normal STP Bridge ID 80 00 00 20 06 2b e1 54 Bridge Priority 32768 Bridge Forward Delay 15 Bridge Hello Time 2 Bridge Max Age 20 Root Port 0 Root Path Cost 0 Designated Root 80 00 00 20 06 2b e1 54 Designated Root Priority 32768 Root Bridge Forward Delay 15 Root Bridge Hello Time 2 Root Bridge Max Age 20 ML810 stp show stp ports STP Port Configuration Port Ty...

Page 205: ...0 05 06 100MB Fiber 128 100 Disabled 80 00 00 20 06 2b e1 54 80 06 07 TP 10 100 128 100 Disabled 80 00 00 20 06 2b e1 54 80 07 ML810 stp priority value 15535 Successfully set the bridge priority ML810 stp show stp config STP CONFIGURATION Spanning Tree Enabled Global YES Spanning Tree Enabled Ports YES 1 2 3 4 5 6 7 Protocol Normal STP Bridge ID 3c af 00 20 06 2b e1 54 Bridge Priority 15535 Bridge...

Page 206: ...06 100MB Fiber 128 100 Disabled 80 00 00 20 06 2b e1 54 80 06 07 TP 10 100 128 100 Disabled 80 00 00 20 06 2b e1 54 80 07 ML810 stp port port 1 status disable Successfully set the STP status for port 1 ML810 stp show stp ports STP Port Configuration Port Type Priority Path Cost State Des Bridge Des Port 01 TP 10 100 128 100 Forwarding 80 00 00 20 06 2b e1 54 80 01 02 TP 10 100 20 20 Forwarding 80 ...

Page 207: ...80 03 04 100MB Fiber 128 100 Disabled 80 00 00 20 06 2b e1 54 80 04 05 100MB Fiber 128 100 Disabled 80 00 00 20 06 2b e1 54 80 05 06 100MB Fiber 128 100 Disabled 80 00 00 20 06 2b e1 54 80 06 07 TP 10 100 128 100 Disabled 80 00 00 20 06 2b e1 54 80 07 ML810 stp show stp config STP CONFIGURATION Spanning Tree Enabled Global YES Spanning Tree Enabled Ports YES 1 2 3 4 5 6 7 Protocol Normal STP Bridg...

Page 208: ...s continued ML810 stp show stp config STP CONFIGURATION Spanning Tree Enabled Global YES Spanning Tree Enabled Ports YES 1 2 3 4 5 6 7 Protocol Normal STP Bridge ID 80 00 00 20 06 2b e1 54 Bridge Priority 15535 Bridge Forward Delay 20 Bridge Hello Time 5 Bridge Max Age 30 Root Port 0 Root Path Cost 0 Designated Root 80 00 00 20 06 2b e1 54 ...

Page 209: ... recommended values this period lasts 30 seconds The Rapid Spanning Tree Protocol IEEE 802 1w is a further evolution of the 802 1d Spanning Tree Protocol It replaces the settling period with an active handshake between switches bridges that guarantees topology information to be rapidly propagated through the network RSTP converges in less than one second RSTP also offers a number of other signific...

Page 210: ...2 1w Rapid reconfiguration of Spanning Tree significantly reduces the amount of time it takes to establish the network path The result is reduced network downtime and improved network robustness In addition to faster network reconfiguration RSTP also implements greater ranges for port path costs to accommodate the higher connection speeds that are being implemented Proper implementations of RSTP b...

Page 211: ...ntation of a larger range of port path costs that accommodates higher network speeds New default values have been implemented for path costs associated with the different network speeds This may create incompatibility between devices running the older implementations of STP a switch running RSTP 3 At any given time the software can support either STP or RSTP but not both ...

Page 212: ...rt number list range status enable disable migration enable edge enable disable p2p on off auto The p2p parameter sets the point to point value to off on all ports connected to shared LAN segments i e connections to hubs The default value is auto P2P ports would typically be end stations or computers on the network The edge parameter enables disables all ports connected to other hubs bridges and s...

Page 213: ...e switch will wait from listening to learning states and from learning to forwarding states The value ranges from 4 to 30 seconds with a default of 15 Bridge Hello Time When the switch is the root device this is the time between messages being transmitted The value is from 1 to 10 seconds with a default of 2 Bridge Max Age This is the maximum time a message with STP information is allowed by the s...

Page 214: ...e Indicates the designated root bridge s maximum age after which it discards the information as being old and receives new updates Topology Change Count Since the last reboot the number of times the topology has changed Use this in conjunction with show uptime to find the frequency of the topology changes Time Since topology Change The number of seconds since the last topology change The variables...

Page 215: ...and 7 are also connected to other switches From the state column it indicates that port 7 is in a standby state as that port is discarding all traffic More CLI commands associated with RSTP in the RSTP configuration mode are shown below The forceversion command sets the STP or RSTP compatibility mode forceversion stp rstp The show forceversion command displays the current forced version show force...

Page 216: ...TP Note that specific ports may not need to participate in RSTP process These ports typically would be end stations If unsure it is best to let the software make the decisions port port number list range status enable disable The status parameter enables or disables a port from participating in RSTP discovery Its best to only allow trunk ports to participate in RSTP end stations need not participa...

Page 217: ...idge Forward Delay 15 Bridge Hello Time 02 Bridge Max Age 20 Root Port 0 Root Path Cost 0 Designated Root 80 00 00 20 06 2b e1 55 Designated Root Priority 32768 Root Bridge Forward Delay 15 Root Bridge Hello Time 02 Root Bridge Max Age 20 Topology Change count 0 Time Since topology Chg 935 ML810 rstp show active stp Current Active Mode RSTP RSTP is Disabled ML810 rstp rstp enable Successfully set ...

Page 218: ... 07 TP 10 100 128 2000000 Disabled 00 07 ML810 rstp forceversion rstp Error Force Version already set to Normal RSTP ML810 rstp forceversion stp ML810 rstp show forceversion Force Version Force to STP only ML810 rstp show stp config RSTP CONFIGURATION Rapid STP STP Enabled Global YES RSTP STP Enabled Ports 1 2 3 4 5 6 7 Protocol Force to STP only Bridge ID 80 00 00 20 06 2b e1 55 Bridge Priority 3...

Page 219: ...00 20 06 2b e1 55 Designated Root Priority 32768 Root Bridge Forward Delay 15 Root Bridge Hello Time 02 Root Bridge Max Age 20 Topology Change count 0 Time Since topology Chg 1371 ML810 rstp show timers Forward Delay Timer 15 sec Hello Timer 2 sec Max Age 20 sec ML810 rstp show stp ports RSTP Port Configuration Port Type Priority Path Cost State Des Bridge Des Port 01 TP 10 100 128 2000000 Forward...

Page 220: ...B Fiber 128 200000 Disabled 00 05 06 100MB Fiber 128 200000 Disabled 00 06 07 TP 10 100 128 2000000 Disabled 00 07 ML810 rstp port port 1 status disable ML810 rstp show stp ports RSTP Port Configuration Port Type Priority Path Cost State Des Bridge Des Port 01 TP 10 100 128 2000000 NO STP 00 01 02 TP 10 100 100 250000 Forwarding 80 00 00 20 06 2b e1 55 00 02 03 100MB Fiber 128 200000 Disabled 00 0...

Page 221: ...ure can demonstrate fast recovery times typically faster than what RSTP can recover from a single fault In many situations RSTP will recover in seconds whereas smart RSTP ring only mode will recover in milliseconds To configure Ring Only mode ensure the first three of the four situations described above are met RSTP mode has to be enabled before any configuration to the ring only mode The RSTP com...

Page 222: ...ence of commands for enabling ring only mode is shown in the following example Example 13 5 Configuring smart RSTP ring only mode ML810 rstp ML810 rstp rstp enable Successfully set the RSTP status ML810 rstp romode show RO MODE status Disabled RO MODE set on ports NONE ML810 rstp romode add port 1 2 Added Ports 1 2 ML810 rstp romode enable RSTP Ring Only Mode Enabled ML810 rstp romode show RO MODE...

Page 223: ...P is not enabled the switch designates itself as the root switch Root Path Cost A path cost is assigned to individual ports for the switch to determine which ports are the forwarding points A higher cost means more loops a lower cost fewer loops More loops equal more traffic and a tree which takes a long time to converge resulting in a slower system Root Port Indicates the port number which is ele...

Page 224: ... again The value ranges from 6 to 40 seconds with a default 20 Hold Time This is the minimum time period to elapse between the transmissions of configuration BPDUs through a given LAN Port At most one configuration BPDU shall be transmitted in any hold time period This parameter is a fixed parameter with values as specified in RSTP standard 3 seconds Topology Change A counter indicating the number...

Page 225: ... MANAGED EDGE SWITCH INSTRUCTION MANUAL 13 17 Once again if you are not familiar with the STP or RSTP parameter settings is best to use the default values Simply enable RSTP or STP and let the system default values prevail After RSTP is enabled the fields are updated Note the Status Time since TC and Designated Root values ...

Page 226: ...lugged or turned off Values can be Listening Learning Forwarding Blocking and Disabled Path Cost This is the assigned port cost value used for the switch to determine the forwarding points Values range from 1 to 2000000 The lower the value the lower the cost and hence the preferred route The costs for different Ethernet speeds are shown below The STP path cost is compared to the RSTP path cost Pri...

Page 227: ...n cases the Status can be set to disabled to turn off RSTP or STP on that port 13 3 2 Smart RSTP Ring Only Mode with EnerVista Secure Web Management Software A ring is a special case mesh structure In many networks network managers prefer to create a ring structure for topological redundancy and simplicity In a ring structure 1 All switches in the network are GE Digital Energy switches 2 RSTP is e...

Page 228: ...CURE WEB MANAGEMENT SOFTWARE CHAPTER 13 RAPID SPANNING TREE PROTOCOL Enable RSTP by setting the STP Type to RSTP in the Administration Set STP Type menu Select the Configuration RSTP Bridge RSTP menu as shown below Click the Edit button to configure RSTP Once in Edit mode change the Status to Enable ...

Page 229: ...UCTION MANUAL 13 21 Save Configuration To reset RSTP back to normal mode select Normal RSTP for the Protocol setting Save the configuration by clicking on the icon Select the Configuration RSTP RO Mode menu as shown below Click the Edit button to configure RO Mode Select the desired ports as shown below then click OK to exit ENABLE STATUS THEN SAVE ...

Page 230: ...URING STP RSTP WITH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE CHAPTER 13 RAPID SPANNING TREE PROTOCOL NOTE Note Only 2 ports can be selected to Ring Only Mode Select the Enabled option for the Status setting as shown below Save the configuration by clicking on the icon ...

Page 231: ...here are time critical applications such as voice transmission or video conferencing which can be adversely effected by packet transfer delays or other latency in a network Most switches today implement buffers to queue incoming packets as well as outgoing packets In a queue mechanism normally the packet which comes in first leaves first FIFO and all the packets are serviced accordingly Imagine if...

Page 232: ... the LAN MAN and WAN DiffServ works by tagging each packet at the originating device or an intermediate switch for the requested level of service it requires across the network FIGURE 14 1 ToS and DSCP DiffServ inserts a 6 bit DiffServ code point DSCP in the Type of Service ToS field of the IP header as shown in the picture above Information in the DSCP allows nodes to determine the Per Hop Behavi...

Page 233: ...acket allows each queue to have different service levels MultiLink ML810 Managed Edge Switch QoS implementations provide mapping of ToS or IP precedence to Class of Service CoS A CoS setting in an Ethernet Frame is mapped to the ToS byte of the IP packet and vice versa A ToS level of 1 equals a CoS level of 1 This provides end to end priority for the traffic flow when MultiLink ML810 Managed Edge ...

Page 234: ...ght is a number calculated from the IP precedence setting for a packet This weight is used in an algorithm to determine when the packet will be serviced The show portweight command displays the weight settings on a port show portweight As mentioned previously the switch is capable of detecting higher priority packets marked with precedence by the IP forwarder and can schedule them faster providing...

Page 235: ...ckets to be transmitted as tagged from the priority queue set untag port port list range priority high low tag 0 7 Table 14 1 Port weight settings Value Hardware traffic queue behavior 0 No priority traffic is sent alternately from each queue and packets are queued alternately in each queue 1 Two packets are sent from the HIGH priority queue and one packet from LOW priority queue 2 Four packets ar...

Page 236: ...eed Part Auto VlanID GVRP STP 1 A1 E H 10Tx DOWN No 10 No E 1 2 A2 E H 10Tx DOWN No 10 No E 1 3 A3 E F 100Fx DOWN No 100 No D 1 4 A4 E F 100Fx DOWN No 100 No D 1 5 A5 E F 100Fx DOWN No 100 No D 1 6 A6 E F 100Fx DOWN No 100 No D 1 7 A7 E H 10Tx DOWN No 10 No E 1 ML810 qos ML810 qos setqos type port port 1 priority high Successfully set QOS ML810 qos show qos PORT QOS STATUS 1 Port DOWN 2 None DOWN ...

Page 237: ... DOWN 3 None DOWN 4 None DOWN 5 None DOWN 6 None DOWN 7 None DOWN ML810 qos show qos type tag PORT Tag STATUS 1 DOWN 2 6 DOWN 3 DOWN 4 DOWN 5 DOWN 6 DOWN 7 DOWN ML810 qos setqos port 3 priority high type tag tag 5 Successfully set QOS ML810 qos show qos type tag PORT Tag STATUS 1 DOWN 2 6 DOWN 3 5 DOWN 4 DOWN 5 DOWN 6 DOWN The queue behavior is set so that 8 high priority packets and 1 low priorit...

Page 238: ...TER 14 QUALITY OF SERVICE Configuring QoS continued Port priority Weight set to 1 High 1 Low ML810 qos set weight weight 4 ML810 qos show portweight Port priority Weight set to 8 High 1 Low ML810 qos show qos PORT QOS STATUS 1 Port DOWN 2 Tag DOWN 3 Tag DOWN 4 None DOWN 5 None DOWN 6 None DOWN 7 None DOWN ML810 qos ...

Page 239: ...H ENERVISTA SECURE WEB MANAGEMENT SOFTWARE MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 14 9 14 3 Configuring QoS with EnerVista Secure Web Management software 14 3 1 Description To access QoS settings Select the Configuration QoS menu items ...

Page 240: ...CE Select the Port and the type of QoS ToS settings The following window illustrates the setting of port 1 for port based QoS with a high priority Note the sections on Tag and TOS are ignored for Port settings After the port QoS settings are completed the changes are reflected on the QoS menu screen The port 1 QoS settings indicate high priority set ...

Page 241: ...MANAGEMENT SOFTWARE MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 14 11 Next a tag based QoS is enabled on port 3 Note that only the menu area for the tag setting is relevant After the Tag QoS settings are completed the changes are reflected on the QoS menu screen ...

Page 242: ...ER 14 QUALITY OF SERVICE In the following window a ToS is enabled on Port 5 As before only the ToS level settings are relevant Note that the different settings are clear from the window below Port 1 has port based QoS port 3 has tag based QoS and port 5 is using ToS After all changes are made save the changes using the save icon ...

Page 243: ...tion address A multicast datagram is delivered to all members of its destination host group with the same best efforts reliability as regular unicast IP datagrams i e the datagram is not guaranteed to arrive at all members of the destination group or in the same order relative to other datagrams The membership of a host group is dynamic that is hosts may join and leave groups at any time There is ...

Page 244: ...ommunicate Query A message sent from the querier multicast router or switch asking for a response from each host belonging to the multicast group If a multicast router supporting IGMP is not present then the switch must assume this function in order to elicit group membership information from the hosts on the network if you need to disable the querier feature you can do so using the IGMP configura...

Page 245: ... non members Thus sends large amounts of unwanted multicast traffic to PCs 2 and 3 Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP multicast group receiving multicast data from the video server PC X Switch 2 then sends the multicast data only to PC 4 thus avoiding unwanted multicast traffic on the ports for PCs 5 and 6 The next figure below shows a network running IP multica...

Page 246: ...ers IP multicast addresses occur in the range from 224 0 0 0 through 239 255 255 255 which corresponds to the Ethernet multicast address range of 01005e 000000 through 01005e 7fffff in hexadecimal Devices such as the MultiLink ML810 Managed Edge Switch having static Traffic Security filters configured with a Multicast filter type and a Multicast Address in this range will continue in effect unless...

Page 247: ...on 2 is that version 1 does not have a Leave mechanism for the host The MultiLink ML810 Managed Edge Switch does pruning when there is a leave message or a time expires on a port we prune the multicast group membership on that port 1 The MultiLink ML810 Managed Edge Switch supports only the default VLAN It can be enabled within a port VLAN tagged VLAN or no VLAN It can snoop up to 256 multi cast G...

Page 248: ...is disabled ML810 igmp show igmp IGMP State Disabled ImmediateLeave Disabled Querier Enabled Querier Interval 125 Querier Response Interval 10 Multicasting Unknown Streams Enable ML810 igmp The output of the show igmp command provides the following useful information IGMP State shows if IGMP is turned on Enable or off Disable Immediate Leave provides a mechanism for a particular host that wants to...

Page 249: ...erent IGMP modes auto block and forward Auto lets IGMP control whether the port should or should not participate sending multicast traffic Block manually configures the port to always block multicast traffic Forward manually configures the port to always forward multicast traffic To set the port characteristics use the set port command in the IGMP configuration mode set port port port list range m...

Page 250: ... range can be from 2 to 270 seconds with a default of 10 Restrictions apply to the maximum value because of an internal calculation that is dependent on the value of the query interval set qri interval value 15 2 2 Example The following example shows how to configure IGMP Example 15 1 Configuring IGMP ML810 igmp set port port 2 4 mode forward Port mode is set ML810 igmp show port Port Mode 1 Auto ...

Page 251: ...nse Interval 10 Multicasting Unknown Streams Enabled ML810 igmp set querier enable IGMP querier status is enabled ML810 igmp show igmp IGMP State Enabled ImmediateLeave Disabled Querier Enabled Querier Interval 125 Querier Response Interval 10 Multicasting Unknown Streams Enabled ML810 igmp set querier disable IGMP querier status is disabled ML810 igmp show igmp IGMP State Enabled ImmediateLeave D...

Page 252: ...uerier Interval 127 Querier Response Interval 11 Multicasting Unknown Streams Enabled ML810 igmp mcast disable MCAST is disabled ML810 igmp show igmp IGMP State Enabled ImmediateLeave Disabled Querier Disabled Querier Interval 127 Querier Response Interval 11 Multicasting Unknown Streams Disabled ML810 igmp mcast enable MCAST is enabled ML810 igmp show igmp IGMP State Enabled ImmediateLeave Disabl...

Page 253: ...IGMP with EnerVista Secure Web Management software 15 3 1 Example For configuring IGMP Select the Configuration IGMP menu item The menu allows the IGMP parameters to be set and provides information on IGMP groups and routers The menu allows the IGMP parameters described earlier to be set It also provides the necessary information of IGMP groups and routers ...

Page 254: ...RE CHAPTER 15 IGMP Click on the Edit button to edit the IGMP parameters This screen also enables and disables IGMP Changes are reflected on the Configuration IGMP Information screen The groups and routers screen displays the IGMP Groups and IGMP Routers information All edits to IGMP are done through the Information screen ...

Page 255: ...or SNMP are SNMP v1 the original version of SNMP SNMP v2 and finally SNMP v3 SNMP is a poll based mechanism SNMP manager polls the managed device for information and display the information retrieved in text or graphical manner Some definitions related to SNMP are Authentication The process of ensuring message integrity and protection against message replays It includes both data integrity and dat...

Page 256: ...uth and priv noauth authenticates a packet by a string match of the user name auth authenticates a packet by using either the HMAC MD5 algorithms priv authenticates a packet by using either the HMAC MD5 algorithms and encrypts the packet using the CBC DES DES 56 algorithm Security model The security strategy used by the SNMP agent Currently ML810 supports three security models SNMPv1 SNMPv2c and S...

Page 257: ...ntroduction to Community Based SNMPv2 SNMPv2 Working Group RFC 1902 Structure of Management Information for Version 2 of the Simple Network Management Protocol SNMPv2 SNMPv2 Working Group RFC 1903 Textual Conventions for Version 2 of the Simple Network Management Protocol SNMPv2 SNMPv2 Working Group RFC 1904 Conformance Statements for Version 2 of the Simple Network Management Protocol SNMPv2 SNMP...

Page 258: ...H INSTRUCTION MANUAL OVERVIEW CHAPTER 16 SNMP RFC 2274 User Based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 RFC 2275 View Based Access Control Model VACM for the Simple Network Management Protocol SNMP ...

Page 259: ... automatically configures a default VACM view based access control model This allows any manager station to access the ML810 either via SNMP v1 v2c or v3 The community name is public This command is only intended for first time users and values can be changed by administrators who want more strict access quickcfg The engineid command allows the user to change the engine ID Every agent has to have ...

Page 260: ...id argument is optional and is the number corresponding to the group entry number in the table show group id id The view command defines a manager or group or manager stations what it can access inside the MIB object tree Up to 10 entries can be specified This part of the View based Access Control Model VACM as defined in RFC 2275 view add delete id id viewname name type included excluded subtree ...

Page 261: ...ow snmp SNMP v3 Configuration Information System Name ML810 System Location Markham ON System Contact multilin tech ge com Authentication Trap Disabled Default Trap Comm public V3 Engine ID Multi_Switch_Engine ML810 snmpv3 ML810 snmpv3 setvar sysname ML810 syscontact admin syslocation ML810 snmpv3 quickcfg This will enable default VACM Do you wish to proceed Y or N Y Quick configuration done defau...

Page 262: ...07 Community Auth Type ML810 snmpv3 com2sec add id 1 secname public source default com Entry is added successfully ML810 snmpv3 com2sec add id 2 ERROR secname parameter is required for add directive ML810 snmpv3 com2sec add id 2 secname BCM Entry is added successfully ML810 snmpv3 show com2sec ID Sec Name Source Community 1 public default public 2 BCM default public 3 4 5 6 7 8 9 10 ML810 snmpv3 s...

Page 263: ...nmpv3 show group id 1 Group ID 1 Group Name v1 Model v1 Com2Sec ID 1 ML810 snmpv3 view add id 1 viewname all type included subtree 1 Entry is added successfully ML810 snmpv3 show view ID View Name Type Subtree Mask 1 all included 1 ff 2 3 4 5 6 7 8 9 10 ML810 snmpv3 show view id 1 View ID 1 View Name all Type included Subtree 1 Mask ff ML810 snmpv3 access add id 1 accessname v1 model v1 level noau...

Page 264: ...ec Model v1 Sec Level noauth Read View ID 1 Write View ID none Notify View ID none Context Prefix exact ML810 snmpv3 user add id 1 username jsmith usertype readwrite authpass something Entry is added successfully ML810 snmpv3 show user ID User Name UType AuthPass PrivPass AType Level Subtree 1 jsmith RW something MD5 auth 2 3 4 5 ML810 snmpv3 show user id 2 ERROR Entry is not active ML810 snmpv3 s...

Page 265: ... set using the EnerVista Secure Web Management software For SNMP v2 and v3 parameters please refer to Configuring SNMP through the Command Line Interface on page 16 5 SNMP variables are used in conjunction with Alert definitions Alert Definitions are covered in the next chapter To configure SNMP Select the Configuration SNMP menu item Use the Edit button to change the SNMP community parameters Use...

Page 266: ...nity parameters It is recommended to change the community strings from the default values of public and private to other values When done changing the community strings click OK Multiple managers can be added as shown below When adding SNMP manager stations click on the Add button on the SNMP menu screen Make sure that each station can be pinged from the switch by using the Configuration Ping menu...

Page 267: ...e adding stations click OK When adding SNMP trap receivers click on the Add button on the SNMP menu screen Make sure that each station can be pinged from the switch by using the Administration Ping menu Determine which sorts of traps each station will receive as shown above If not sure select all three types When done adding trap receivers click OK ...

Page 268: ...ANAGEMENT SOFTWARE CHAPTER 16 SNMP Note the different types of trap receivers added Stations can be deleted using the delete icon To change the stations characteristics or IP addresses it is recommended to delete the station and add a new one After all changes are made save the changes using the save icon ...

Page 269: ...y MIB variable Log and event group allows a network administrator to define actions based on alarms SNMP traps are generated when RMON alarms are triggered 16 4 2 Commands The following RMON communities when defined enable the specific RMON group as show above The rmon command enter the RMON configuration mode to setup RMON groups and communities rmon The history command defines the RMON history g...

Page 270: ...ommand sequence illustrates how to configure RMON groups ML810 rmon rmon ML810 rmon event def owner test def comm somestring RMON Event Default Owner is set RMON Event Default Community is set ML810 rmon show rmon event RMON Event Default Owner test RMON Event Default Community somestring ML810 rmon exit ML810 ...

Page 271: ...iving e mails it is extremely beneficial for a network administrator to receive e mails in case of faults and alerts The MultiLink ML810 Managed Edge Switch can be setup to send and e mail alert when a trap is generated If this capability is used please ensure that SPAM filters and other filters are not set to delete these e mails GE Digital Energy recommends that a rule be setup on the mail serve...

Page 272: ...il parameter is the e mail address of the recipient The optional traps parameter represents the trap filter If value is all all traps of any type will be sent to this recipient If value is none no traps are sent to this recipient Value can also be a combination of S SNMP R RMON and E enterprise For example trap SR means that SNMP and RMON traps will be sent via e mail to the recipient If this opti...

Page 273: ...SMTP server settings server ip ip addr port 1 65535 retry 0 3 domain domain For this command ip represents the SMTP server IP address port the TCP port to be used for SMTP communications default is 25 and retry specifies how many times to retry if an error occurs when sending e mail from 0 to 3 with default of 0 The optional domain parameter specifies the domain name of the SMTP server 17 1 3 Exam...

Page 274: ... 25 Retry Count 3 ML810 smtp add id 1 email jsmith ge com traps s events CF Recipient successfully added ML810 smtp add id 2 email xyz abc com traps all events all ip 3 30 154 28 port 25 domain abc com Recipient successfully added ML810 smtp show smtp recipients ID E mail Address SMTP Server From Domain Port Traps Events 1 jsmith ge com 3 94 210 25 ge com 25 S FC 2 xyz abc com 3 30 154 28 abc com ...

Page 275: ...EnerVista Secure Web Management software allows for the display of several statistics in a graphical format These are described below To view statistics Select the Configuration Statistics menu item To view port specific statistics Select the Configuration Statistics Port Statistics menu item Each port can be viewed by clicking on the back or forward buttons Each group represents different statist...

Page 276: ...K ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL STATISTICS CHAPTER 17 MISCELLANEOUS COMMANDS The following figure displays the port statistics for group 2 The following figure displays the port statistics for group 3 ...

Page 277: ...in the MultiLink ML810 Managed Edge Switch is not overrun The important parameters to set for any serial connectivity software is to set the line delay to be 500 ms and the character delay to be 50 ms For example using HyperTerminal this can be set under File Properties When the Properties window is open click on the ASCII Setup button and in the Line Delay entry box enter in 500 and in the Charac...

Page 278: ...the last command The 1 2 n commands repeat the nth command as indicated by a show history n The show history command displays the last 25 executed commands If less than 25 commands were executed only those commands executed are shown show history The history is cleared if the user logs out or if the switch times out The history count restarts when the user logs in The show version command displays...

Page 279: ...time 20ms 3 94 248 61 is alive count 2 time 20ms 3 94 248 61 is alive count 3 time 40ms ML810 Many devices do not respond to ping or block ping commands Make sure that the target device responds or the network allows the ping packets to propagate 17 5 2 Ping through EnerVista Secure Web Management software The ping command can be used from EnerVista Secure Web Management software to test connectiv...

Page 280: ...to set the prompt These are n system name c system contact l system location i system IP address m system MAC address v version the dollar sign character r new line b space A few examples on how the system prompt can be setup are shown below ML810 snmp ML810 snmp setvar sysname Core System variable s set successfully ML810 snmp exit ML810 set prompt n Core set prompt n b i Core 192 168 5 5 set pro...

Page 281: ...e event message Once the log has received 1000 entries it discards the current oldest line with information level severity only each time a new line is received The event log window contains 22 log entry lines and can be positioned to any location in the log 17 7 2 Command Line Interface Example The following example illustrates a typical event log Example 17 2 Typical system event log ML810 show ...

Page 282: ...example html for an HTML file ML810 exportlog mode tftp 192 168 5 2 file eventlog doctype html Do you wish to export the event logs Y or N Y Successfully uploaded the event log file ML810 exportlog mode tftp 192 168 5 2 file eventlog txt doctype raw Do you wish to export the event logs Y or N Y Successfully uploaded the event log file 17 7 3 EnerVista Example The EnerVista Secure Web Management so...

Page 283: ...f log can be viewed by using the drop down menu as shown below In this example only informational logs are displayed The Clear button clears all the logs To prevent accidental erasures you will be prompted again if the logs should be deleted The Event Log records operating events as single line entries listed in chronological order For details on event log records refer to Description on page 17 1...

Page 284: ... the configured daylight savings settings show gateway displays the gateway of the system show gvrp displays the GVRP parameters show host displays the host table for FTP users show igmp displays the IGMP parameters show interfaces display the interface information show ip displays the system IP address show ip access displays the IP address access list show ipconfig displays the IP configuration ...

Page 285: ... timeout displays the system inactivity time out show timezone displays the configured time zone of the device show uptime displays up time of the system show users displays all configured users show version displays current version of the software show vlan displays the VLAN parameters of a specified type show web The set commands are listed below set bootmode set date year set daylight country s...

Page 286: ...ts tftp telnet connects to the remote system through telnet terminal to set the terminal size xmodem 17 8 2 Configuration commands The access commands are shown below allow allows the IP address deny denies the IP address dhcp enables or disables the DHCP modbus enables or disables access to Modbus map remove removeall snmp enables or disables SNMP ssl telnet web The alarm commands are shown below...

Page 287: ...ts for a tag based VLAN show ports show ports current GVRP state show forbid show forbidden ports for tag based VLAN set ports set GVRP port state usage show vlan shows dynamic static tag based VLANs static convert dynamic VLAN to static VLAN The IGMP commands are shown below Refer to Chapter 15 IGMP for additional details mcast set leave enables or disables IGMP immediate leave status set port se...

Page 288: ...how portweight displays the current port weight priority The remote monitoring RMON commands are shown below Refer to Chapter 16 Configuring RMON for additional details alarm sets the owner for the alarm group event sets the owner for the event group help rmon history sets the owner for the history group statistics sets the owner for the statistics group The Rapid Spanning Tree Protocol RSTP comma...

Page 289: ...r The Simple Network Time Protocol SNTP commands are shown below Refer to Chapter 5 Network Time for additional details delete deletes the SNTP server from SNTP server database help sntp setsntp adds SNTP server into the SNTP server database sntp configures parameters for SNTP system sync sets the interval for synchronization time with an NTP server The Spanning Tree Protocol STP commands are show...

Page 290: ... 20 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL COMMAND REFERENCE CHAPTER 17 MISCELLANEOUS COMMANDS edit save set egress set ingress set port show egress show ingress show port start stop vlan ...

Page 291: ... of the OSI 7 layer stack Additional information on Modbus can be found at http www modbus org and other related sites RFC 1122 Requirements for Internet Hosts Communication Layers defines how Modbus packets can be carried over a TCP IP transport and how Modicon controllers or other PLC devices can communicate over a TCP IP network To facilitate this communications the MultiLink ML810 Managed Edge...

Page 292: ...us is Using Device 5 ML810 access ML810 access modbus enable Enabling Access to Modbus ML810 access show modbus Access to Modbus enabled Modbus is Using Port 502 Modbus is Using Device 5 ML810 access modbus port 602 Modbus Port is set ML810 access show modbus Access to Modbus enabled Modbus is Using Port 602 Modbus is Using Device 5 ML810 access modbus port default Modbus Port Set to Default ML810...

Page 293: ...BUS CONFIGURATION MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL 18 3 18 1 3 EnerVista Settings To modify the Modbus settings through EnerVista Secure Web Management software Select the Configuration Access Modbus menu item ...

Page 294: ...0 Netmask byte 2 1 to 254 1 F1 0 0031 Netmask byte 3 1 to 254 1 F1 0 0032 Gateway byte 0 1 to 254 1 F1 0 0033 Gateway byte 1 1 to 254 1 F1 0 0034 Gateway byte 2 1 to 254 1 F1 0 0035 Gateway byte 3 1 to 254 1 F1 0 0036 MAC address 3 registers String Varies 0039 Order code 16 registers String Varies 0049 Power alarm 1 0 to 1 1 F2 0 004A Power alarm 2 0 to 1 1 F2 0 004B Stp State 0 to 1 1 F3 0 004C N...

Page 295: ... to 1 1 F3 0 0077 Port 2 link status 0 to 1 1 F3 0 0078 Port 3 link status 0 to 1 1 F3 0 0079 Port 4 link status 0 to 1 1 F3 0 007A Port 5 link status 0 to 1 1 F3 0 007B Port 6 link status 0 to 1 1 F3 0 007C Port 7 link status 0 to 1 1 F3 0 007D Port 8 link status 0 to 1 1 F3 0 007E Port 9 link status 0 to 1 1 F3 0 007F Port 10 link status 0 to 1 1 F3 0 0080 Port 11 link status 0 to 1 1 F3 0 0081 ...

Page 296: ... F3 0 00A4 Port 15 STP state 0 to 1 1 F3 0 00A5 Port 16 STP state 0 to 1 1 F3 0 00A6 Port 17 STP state 0 to 1 1 F3 0 00A7 Port 18 STP state 0 to 1 1 F3 0 00A8 Port 19 STP state 0 to 1 1 F3 0 00A9 Port 20 STP state 0 to 1 1 F3 0 00AA Port 21 STP state 0 to 1 1 F3 0 00AB Port 22 STP state 0 to 1 1 F3 0 00AC Port 23 STP state 0 to 1 1 F3 0 00AD Port 24 STP state 0 to 1 1 F3 0 00AE Port 25 STP state 0...

Page 297: ... to 1 1 F3 0 00D3 Port 30 activity 0 to 1 1 F3 0 00D4 Port 31 activity 0 to 1 1 F3 0 00D5 Port 32 activity 0 to 1 1 F3 0 00D6 Port 1 Number of bytes received 0 to 4294967295 1 F9 0 00D8 Port 1 Number of bytes sent 0 to 4294967295 1 F9 0 00DA Port 1 Number of frames received 0 to 4294967295 1 F9 0 00DC Port 1 Number of frames sent 0 to 4294967295 1 F9 0 00DE Port 1 Total bytes received 0 to 4294967...

Page 298: ... CRC 0 to 4294967295 1 F9 0 0108 Port 2 Number of bytes received 0 to 4294967295 1 F9 0 010A Port 2 Number of bytes sent 0 to 4294967295 1 F9 0 010C Port 2 Number of frames received 0 to 4294967295 1 F9 0 010E Port 2 Number of frames sent 0 to 4294967295 1 F9 0 0110 Port 2 Total bytes received 0 to 4294967295 1 F9 0 0112 Port 2 Total frames received 0 to 4294967295 1 F9 0 0114 Port 2 Number of bro...

Page 299: ...nt 0 to 4294967295 1 F9 0 0142 Port 3 Total bytes received 0 to 4294967295 1 F9 0 0144 Port 3 Total frames received 0 to 4294967295 1 F9 0 0146 Port 3 Number of broadcast frames received 0 to 4294967295 1 F9 0 0148 Port 3 Number of multicast frames received 0 to 4294967295 1 F9 0 014A Port 3 Number of frames with CRC error 0 to 4294967295 1 F9 0 014C Port 3 Number of oversized frames received 0 to...

Page 300: ...ulticast frames received 0 to 4294967295 1 F9 0 017C Port 4 Number of frames with CRC error 0 to 4294967295 1 F9 0 017E Port 4 Number of oversized frames received 0 to 4294967295 1 F9 0 0180 Port 4 Number of bad fragments received 64 bytes 0 to 4294967295 1 F9 0 0182 Port 4 Number of jabber frames received 0 to 4294967295 1 F9 0 0184 Port 4 Number of collisions occurred 0 to 4294967295 1 F9 0 0186...

Page 301: ...gments received 64 bytes 0 to 4294967295 1 F9 0 01B4 Port 5 Number of jabber frames received 0 to 4294967295 1 F9 0 01B6 Port 5 Number of collisions occurred 0 to 4294967295 1 F9 0 01B8 Port 5 Number of late collisions occurred 0 to 4294967295 1 F9 0 01BA Port 5 Number of 64 byte frames received sent 0 to 4294967295 1 F9 0 01BC Port 5 Number of 65 to 127 byte frames received sent 0 to 4294967295 1...

Page 302: ...umber of late collisions occurred 0 to 4294967295 1 F9 0 01EC Port 6 Number of 64 byte frames received sent 0 to 4294967295 1 F9 0 01EE Port 6 Number of 65 to 127 byte frames received sent 0 to 4294967295 1 F9 0 01F0 Port 6 Number of 128 to 255 byte frames received sent 0 to 4294967295 1 F9 0 01F2 Port 6 Number of 256 to 511 byte frames received sent 0 to 4294967295 1 F9 0 01F4 Port 6 Number of 51...

Page 303: ... received sent 0 to 4294967295 1 F9 0 0222 Port 7 Number of 128 to 255 byte frames received sent 0 to 4294967295 1 F9 0 0224 Port 7 Number of 256 to 511 byte frames received sent 0 to 4294967295 1 F9 0 0226 Port 7 Number of 512 to 1023 byte frames received sent 0 to 4294967295 1 F9 0 0228 Port 7 Number of 1023 to maximum byte frames received sent 0 to 4294967295 1 F9 0 022A Port 7 Number of MAC er...

Page 304: ...7295 1 F9 0 0258 Port 8 Number of 512 to 1023 byte frames received sent 0 to 4294967295 1 F9 0 025A Port 8 Number of 1023 to maximum byte frames received sent 0 to 4294967295 1 F9 0 025C Port 8 Number of MAC error packets 0 to 4294967295 1 F9 0 025E Port 8 Number of dropped received packets 0 to 4294967295 1 F9 0 0260 Port 8 Number of multicast frames sent 0 to 4294967295 1 F9 0 0262 Port 8 Number...

Page 305: ...ets 0 to 4294967295 1 F9 0 0290 Port 9 Number of dropped received packets 0 to 4294967295 1 F9 0 0292 Port 9 Number of multicast frames sent 0 to 4294967295 1 F9 0 0294 Port 9 Number of broadcast frames sent 0 to 4294967295 1 F9 0 0296 Port 9 Number of 64 byte fragments with good CRC 0 to 4294967295 1 F9 0 0298 Port 10 Number of bytes received 0 to 4294967295 1 F9 0 029A Port 10 Number of bytes se...

Page 306: ... to 4294967295 1 F9 0 02C8 Port 10 Number of 64 byte fragments with good CRC 0 to 4294967295 1 F9 0 02CA Port 11 Number of bytes received 0 to 4294967295 1 F9 0 02CC Port 11 Number of bytes sent 0 to 4294967295 1 F9 0 02CE Port 11 Number of frames received 0 to 4294967295 1 F9 0 02D0 Port 11 Number of frames sent 0 to 4294967295 1 F9 0 02D2 Port 11 Total bytes received 0 to 4294967295 1 F9 0 02D4 ...

Page 307: ... Number of frames received 0 to 4294967295 1 F9 0 0302 Port 12 Number of frames sent 0 to 4294967295 1 F9 0 0304 Port 12 Total bytes received 0 to 4294967295 1 F9 0 0306 Port 12 Total frames received 0 to 4294967295 1 F9 0 0308 Port 12 Number of broadcast frames received 0 to 4294967295 1 F9 0 030A Port 12 Number of multicast frames received 0 to 4294967295 1 F9 0 030C Port 12 Number of frames wit...

Page 308: ... of broadcast frames received 0 to 4294967295 1 F9 0 033C Port 13 Number of multicast frames received 0 to 4294967295 1 F9 0 033E Port 13 Number of frames with CRC error 0 to 4294967295 1 F9 0 0340 Port 13 Number of oversized frames received 0 to 4294967295 1 F9 0 0342 Port 13 Number of bad fragments received 64 bytes 0 to 4294967295 1 F9 0 0344 Port 13 Number of jabber frames received 0 to 429496...

Page 309: ...ized frames received 0 to 4294967295 1 F9 0 0374 Port 14 Number of bad fragments received 64 bytes 0 to 4294967295 1 F9 0 0376 Port 14 Number of jabber frames received 0 to 4294967295 1 F9 0 0378 Port 14 Number of collisions occurred 0 to 4294967295 1 F9 0 037A Port 14 Number of late collisions occurred 0 to 4294967295 1 F9 0 037C Port 14 Number of 64 byte frames received sent 0 to 4294967295 1 F9...

Page 310: ...5 Number of collisions occurred 0 to 4294967295 1 F9 0 03AC Port 15 Number of late collisions occurred 0 to 4294967295 1 F9 0 03AE Port 15 Number of 64 byte frames received sent 0 to 4294967295 1 F9 0 03B0 Port 15 Number of 65 to 127 byte frames received sent 0 to 4294967295 1 F9 0 03B2 Port 15 Number of 128 to 255 byte frames received sent 0 to 4294967295 1 F9 0 03B4 Port 15 Number of 256 to 511 ...

Page 311: ...4967295 1 F9 0 03E2 Port 16 Number of 65 to 127 byte frames received sent 0 to 4294967295 1 F9 0 03E4 Port 16 Number of 128 to 255 byte frames received sent 0 to 4294967295 1 F9 0 03E6 Port 16 Number of 256 to 511 byte frames received sent 0 to 4294967295 1 F9 0 03E8 Port 16 Number of 512 to 1023 byte frames received sent 0 to 4294967295 1 F9 0 03EA Port 16 Number of 1023 to maximum byte frames re...

Page 312: ...17 Number of 256 to 511 byte frames received sent 0 to 4294967295 1 F9 0 041A Port 17 Number of 512 to 1023 byte frames received sent 0 to 4294967295 1 F9 0 041C Port 17 Number of 1023 to maximum byte frames received sent 0 to 4294967295 1 F9 0 041E Port 17 Number of MAC error packets 0 to 4294967295 1 F9 0 0420 Port 17 Number of dropped received packets 0 to 4294967295 1 F9 0 0422 Port 17 Number ...

Page 313: ...ceived sent 0 to 4294967295 1 F9 0 0450 Port 18 Number of MAC error packets 0 to 4294967295 1 F9 0 0452 Port 18 Number of dropped received packets 0 to 4294967295 1 F9 0 0454 Port 18 Number of multicast frames sent 0 to 4294967295 1 F9 0 0456 Port 18 Number of broadcast frames sent 0 to 4294967295 1 F9 0 0458 Port 18 Number of 64 byte fragments with good CRC 0 to 4294967295 1 F9 0 045A Port 19 Num...

Page 314: ...nt 0 to 4294967295 1 F9 0 0488 Port 19 Number of broadcast frames sent 0 to 4294967295 1 F9 0 048A Port 19 Number of 64 byte fragments with good CRC 0 to 4294967295 1 F9 0 048C Port 20 Number of bytes received 0 to 4294967295 1 F9 0 048E Port 20 Number of bytes sent 0 to 4294967295 1 F9 0 0490 Port 20 Number of frames received 0 to 4294967295 1 F9 0 0492 Port 20 Number of frames sent 0 to 42949672...

Page 315: ...95 1 F9 0 04C0 Port 21 Number of bytes sent 0 to 4294967295 1 F9 0 04C2 Port 21 Number of frames received 0 to 4294967295 1 F9 0 04C4 Port 21 Number of frames sent 0 to 4294967295 1 F9 0 04C6 Port 21 Total bytes received 0 to 4294967295 1 F9 0 04C8 Port 21 Total frames received 0 to 4294967295 1 F9 0 04CA Port 21 Number of broadcast frames received 0 to 4294967295 1 F9 0 04CC Port 21 Number of mul...

Page 316: ...A Port 22 Total frames received 0 to 4294967295 1 F9 0 04FC Port 22 Number of broadcast frames received 0 to 4294967295 1 F9 0 04FE Port 22 Number of multicast frames received 0 to 4294967295 1 F9 0 0500 Port 22 Number of frames with CRC error 0 to 4294967295 1 F9 0 0502 Port 22 Number of oversized frames received 0 to 4294967295 1 F9 0 0504 Port 22 Number of bad fragments received 64 bytes 0 to 4...

Page 317: ...with CRC error 0 to 4294967295 1 F9 0 0534 Port 23 Number of oversized frames received 0 to 4294967295 1 F9 0 0536 Port 23 Number of bad fragments received 64 bytes 0 to 4294967295 1 F9 0 0538 Port 23 Number of jabber frames received 0 to 4294967295 1 F9 0 053A Port 23 Number of collisions occurred 0 to 4294967295 1 F9 0 053C Port 23 Number of late collisions occurred 0 to 4294967295 1 F9 0 053E P...

Page 318: ...er of jabber frames received 0 to 4294967295 1 F9 0 056C Port 24 Number of collisions occurred 0 to 4294967295 1 F9 0 056E Port 24 Number of late collisions occurred 0 to 4294967295 1 F9 0 0570 Port 24 Number of 64 byte frames received sent 0 to 4294967295 1 F9 0 0572 Port 24 Number of 65 to 127 byte frames received sent 0 to 4294967295 1 F9 0 0574 Port 24 Number of 128 to 255 byte frames received...

Page 319: ...2 Port 25 Number of 64 byte frames received sent 0 to 4294967295 1 F9 0 05A4 Port 25 Number of 65 to 127 byte frames received sent 0 to 4294967295 1 F9 0 05A6 Port 25 Number of 128 to 255 byte frames received sent 0 to 4294967295 1 F9 0 05A8 Port 25 Number of 256 to 511 byte frames received sent 0 to 4294967295 1 F9 0 05AA Port 25 Number of 512 to 1023 byte frames received sent 0 to 4294967295 1 F...

Page 320: ...o 255 byte frames received sent 0 to 4294967295 1 F9 0 05DA Port 26 Number of 256 to 511 byte frames received sent 0 to 4294967295 1 F9 0 05DC Port 26 Number of 512 to 1023 byte frames received sent 0 to 4294967295 1 F9 0 05DE Port 26 Number of 1023 to maximum byte frames received sent 0 to 4294967295 1 F9 0 05E0 Port 26 Number of MAC error packets 0 to 4294967295 1 F9 0 05E2 Port 26 Number of dro...

Page 321: ... to 4294967295 1 F9 0 0610 Port 27 Number of 1023 to maximum byte frames received sent 0 to 4294967295 1 F9 0 0612 Port 27 Number of MAC error packets 0 to 4294967295 1 F9 0 0614 Port 27 Number of dropped received packets 0 to 4294967295 1 F9 0 0616 Port 27 Number of multicast frames sent 0 to 4294967295 1 F9 0 0618 Port 27 Number of broadcast frames sent 0 to 4294967295 1 F9 0 061A Port 27 Number...

Page 322: ...d packets 0 to 4294967295 1 F9 0 0648 Port 28 Number of multicast frames sent 0 to 4294967295 1 F9 0 064A Port 28 Number of broadcast frames sent 0 to 4294967295 1 F9 0 064C Port 28 Number of 64 byte fragments with good CRC 0 to 4294967295 1 F9 0 064E Port 29 Number of bytes received 0 to 4294967295 1 F9 0 0650 Port 29 Number of bytes sent 0 to 4294967295 1 F9 0 0652 Port 29 Number of frames recei...

Page 323: ...RC 0 to 4294967295 1 F9 0 0680 Port 30 Number of bytes received 0 to 4294967295 1 F9 0 0682 Port 30 Number of bytes sent 0 to 4294967295 1 F9 0 0684 Port 30 Number of frames received 0 to 4294967295 1 F9 0 0686 Port 30 Number of frames sent 0 to 4294967295 1 F9 0 0688 Port 30 Total bytes received 0 to 4294967295 1 F9 0 068A Port 30 Total frames received 0 to 4294967295 1 F9 0 068C Port 30 Number o...

Page 324: ...t 0 to 4294967295 1 F9 0 06BA Port 31 Total bytes received 0 to 4294967295 1 F9 0 06BC Port 31 Total frames received 0 to 4294967295 1 F9 0 06BE Port 31 Number of broadcast frames received 0 to 4294967295 1 F9 0 06C0 Port 31 Number of multicast frames received 0 to 4294967295 1 F9 0 06C2 Port 31 Number of frames with CRC error 0 to 4294967295 1 F9 0 06C4 Port 31 Number of oversized frames received...

Page 325: ...ulticast frames received 0 to 4294967295 1 F9 0 06F4 Port 32 Number of frames with CRC error 0 to 4294967295 1 F9 0 06F6 Port 32 Number of oversized frames received 0 to 4294967295 1 F9 0 06F8 Port 32 Number of bad fragments received 64 bytes 0 to 4294967295 1 F9 0 06FA Port 32 Number of jabber frames received 0 to 4294967295 1 F9 0 06FC Port 32 Number of collisions occurred 0 to 4294967295 1 F9 0...

Page 326: ...ber of multicast frames sent 0 to 4294967295 1 F9 0 0712 Port 32 Number of broadcast frames sent 0 to 4294967295 1 F9 0 0714 Port 32 Number of 64 byte fragments with good CRC 0 to 4294967295 1 F9 0 0716 Serial Number String Varies Table 18 1 Modbus memory map Sheet 33 of 33 Address Description Range Step Format Default ...

Page 327: ...s Encoded in big endian F1 16 bit unsigned integer F2 Enumeration power alarm 0 power supply good 1 power supply fail F3 Enumeration OFF ON 0 Off 1 On F4 Enumeration port type 0 Giga GBIC 1 Copper TP 2 Fiber 10 3 Fiber 100 4 Giga 10 100 1000 triple speed 5 Giga Copper 1000 TP 6 Giga SFP F9 32 bit unsigned long String A sequence of octets packed 2 to one register in sequence ...

Page 328: ...18 38 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL MEMORY MAPPING CHAPTER 18 MODBUS PROTOCOL ...

Page 329: ...sion History A 1 1 Change Notes A 1 2 Changes to the Manual Table A 1 Revision history Part Number Revision Release Date 1601 0123 A1 July 2011 1601 0123 A2 February 2012 1601 0123 A3 November 2015 Table A 2 Updates for Manual Revision A3 Section Description 1 3 to 1 6 Added 3 4 Updated Table A 3 Updates for Manual Revision A1 Section Description General New Manual A1 ...

Page 330: ... that it is defective and it is returned with all transportation charges prepaid to an authorized service centre or the factory Repairs or replacement under warranty will be made without charge Warranty shall not apply to any relay which has been subject to misuse negligence accident incorrect installation or use not in accordance with instructions nor any unit that has been altered outside a GE D...

Page 331: ... wide range of DC power input types qualifies this product for use in 12 24 48 125 and 250 V DC applications in different industries DC Power Terminals are internally floating so that user may ground either Figure B 1 Location of chassis ground Power Consumption 15 watts typical for a fully loaded fiber model with 2Gb 10 watts typical for 8 ports copper and 100Mb fiber 12VDC Power Input nominal ra...

Page 332: ... SWITCHES DC POWER AT 12 24 48 125 AND 250 VDC POWER INPUTCHAPTER B DC POWER INPUT 125VDC Power Input nominal range 88 to 150VDC 250VDC Power Input nominal range 160 to 300VDC Standard ML810 DC Power Input Terminal Block GND See also Section 1 0 Technical Specifications for the ML810 base unit ...

Page 333: ...ide on each DC power input line behind the two external power connection terminals so that the power from an external source can only flow into the hub This allows the Switch to operate only whenever DC power is correctly applied to the two inputs It protects the Switch from incorrect DC input connections An incorrect polarity connection for example will neither affect the Switch its internal powe...

Page 334: ...ar and wireless telephone service providers Internet Service Providers ISPs and other communication companies In addition many high availability equipment services such as broadcasters publishers newspaper operations brokerage firms and other facilities often use a battery backup system to maintain operations in the event of a power failure It is also frequently used for computer system backup man...

Page 335: ...gure B 2 Connections for 125 and 250VDC power input NOTE Note Always use a voltmeter to measure the voltage of the incoming power supply and figure out the ve potential lead or ve potential lead The more ve potential lead will connect to the post labeled ve and the rest to the ve The GND can be hooked up at the last When power is applied the green PWR LED will illuminate NOTE Note The GND should b...

Page 336: ...able to the rack at least 4 inches apart with the first one located within 6 inches of the terminal block 7 Internal fuses are NOT user replaceable please contact GE Service 8 This product is to be installed ONLY in Restricted Access Areas dedicated equipment rooms electrical closets etc 9 The external power supply for DC units shall be a listed Direct Plug In power unit marked Class 2 or listed I...

Page 337: ...ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL B 7 B 5 Operation Operation of Multilink ML810 Switches with the optional 48VDC 12VDC 24VDC 125VDC or 250 VDC dual source power input is identical to that of the standard single source DC powered models ...

Page 338: ...B 8 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL TROUBLESHOOTING CHAPTER B DC POWER INPUT B 6 Troubleshooting Please refer to Section 6 0 for troubleshooting ...

Page 339: ...e B B GND ground wire connection to the hub chassis screw Input Two separate sources each at 10 15 VDC Power Supply Internal 24VDC Dual Source model Dual Src 24V DC Power Connector First Source A A 2nd Source B B GND ground wire connection to the hub chassis screw Input Two separate sources each at 18 36 VDC Power Supply Internal 125VDC Dual Source model Dual Src 125V DC Power Connector First Sour...

Page 340: ...h the exception of the dual DC input power connections and the power supply all specifications and configuration options for the Multilink ML810 48VDC 12VDC 24VDC 125VDC and 250VDC models with this Dual Source option are identical to those listed in the Multilink ML810 Edge Switches Installation and User Guide including Appendix B Internal DC Power Supply Option ...

Page 341: ...al Source power supply are designed for installations where a battery plant is the power source and where two separate power sources are utilized in order to increase operational uptime and to simplify maintenance The functionality of the Multilink ML810 Switch 48VDC 12VDC 24VDC 125VDC and 250VDC Dual Source Option units are identical to the AC powered models Refer to the main sections of this Ins...

Page 342: ...RATION The Dual Source DC power option is designed using diodes inside of the chassis on each DC power input line A diode is placed in each of the four input lines behind the four external power connection terminals so that power from an external source can only flow into the unit This allows the unit to operate whenever DC power is correctly applied to either or both of the two inputs ...

Page 343: ...en one correct DC input is present the Switch will receive power if the other DC input is absent or even if it is connected with reverse polarity or shorted or grounded Reverse polarity connections if they should accidentally occur on either input will not damage the Switch or power supply internally nor will it blow the fuse in the internal power supply because of the blocking action of the diode...

Page 344: ...round GND The connections for 125 and 250VDC are made by a fixed cord exiting the ML810 unit see Sec B4 0 for details NOTE Note The GND should be hooked up first The ML810 unit has a floating ground so the user may elect to Ground either or terminal to suit the customer s use Before connecting live power lines to the terminal block always use a digital voltmeter to measure the output voltage of th...

Page 345: ... POWER MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL C 7 C 6 Ordering Information For Dual Source Power To order the optional Dual Source power supply factory installed add Dual Src xxxV as a separate line item following the product model Example Multilink ML810 48VDC Dual SRC 48V ...

Page 346: ...C 8 MULTILINK ML810 MANAGED EDGE SWITCH INSTRUCTION MANUAL ORDERING INFORMATION FOR DUAL SOURCE POWER CHAPTER C INTERNAL DC DUAL SOURCE POWER INPUT OPTION ...

Page 347: ...t modules which like most electronic sub assemblies are sensitive and subject to damage by static electricity Tools Required 1 Phillips head screwdriver 1 4 Nut Driver ESD Wrist strap or equivalent ML810x Module Kit A Multilink ML810 Series Port Module kit comes in an anti static bag containing ML810x module board 1 Matching module faceplate panel 1 5 8 standoffs 4 or 6 for 5 5 PCB4 4 40 x 3 16 Fl...

Page 348: ...p the module and guide it from the interior into the Slot C panel at a slight angle to avoid damaging the module connector and the main PCB module connector b Align the module connector and the Main PCB connector Connectors are multi pin beige in color After alignment is made push the module carefully with minimal force down to fully mate with the main PCB c Install qty 4 qty 6 for 5 5 PCB screws ...

Reviews:

No comments

Related manuals for MultiLink ML810

Hama 11800 Operating Instruction preview
11800
Brand: Hama Pages: 5
3Com SuperStack 3 4900 Datasheet preview
SuperStack 3 4900
Brand: 3Com Pages: 2
SAL PIXIE Smart Switch G3 Quick Start Manual preview
PIXIE Smart Switch G3
Brand: SAL Pages: 2
WoMaster DS105 Quick Installation Manual preview
DS105
Brand: WoMaster Pages: 2
Aethra MTX200 Connection Manual preview
MTX200
Brand: Aethra Pages: 1
E-LINK LNK-IMC208P-SFP Quick Start Manual preview
LNK-IMC208P-SFP
Brand: E-LINK Pages: 6
steute Ex 355 Mounting And Wiring Instructions preview
Ex 355
Brand: steute Pages: 20
Lantech TPGS-L6208XT User Manual preview
TPGS-L6208XT
Brand: Lantech Pages: 24
Advantech EKI-7659CPI User Manual preview
EKI-7659CPI
Brand: Advantech Pages: 101
S&S Northern Merlin CS1 User Manual preview
Merlin CS1
Brand: S&S Northern Pages: 8
Lancom GS-1224P Manual preview
GS-1224P
Brand: Lancom Pages: 71
Eaton Moeller IZM Series Quick Start Manual preview
Moeller IZM Series
Brand: Eaton Pages: 4
Samson 3768 Mounting And Operating Instructions preview
3768
Brand: Samson Pages: 48
Gefen GEF-UHD-89-HBT2 User Manual preview
GEF-UHD-89-HBT2
Brand: Gefen Pages: 232
Copal 102R Instruction Manual preview
102R
Brand: Copal Pages: 9
Avenview SW-HBT-C6POE-16X16E Manual preview
SW-HBT-C6POE-16X16E
Brand: Avenview Pages: 19
Kramer Sierra Video 3264V5Sxl Specifications preview
Sierra Video 3264V5Sxl
Brand: Kramer Pages: 1
UniFi USW-24-POE Quick Start Manual preview
USW-24-POE
Brand: UniFi Pages: 13

Brands by name

Popular brands

Load more brands