Home
/
Huawei
/
S1700 Series
/
Web User Manual

Huawei S1700 Series, Web User Manual, Page: 133 / 228

Share

Page: 133 / 228

Huawei S1700 Series Web User Manual Download Page 133

S1700 Managed Series Ethernet Switches
Web User Manual

9 Security

Issue 05 (2012-10-25)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

123

Item

Description

Interface Name

Display the interface number accessed by online user through
switch.

Authentication
Method

Display the authentication method of online user.

Access Type

Display the access type of online user.

Acct-Session-ID

The one and only accounting ID number for online users to identify
online user session. It exists in RADIUS accounting messages and
its value is the only constant throughout the RADIUS accounting
period.

Authorized Filter-ID

Online users bind the ACL number with RADIUS standard
attribute Filter-ID (11). The details can be found in ACL > ACL
Profile.

Authorized
Data-Filter

Online users bind the ACL rules with Huawei private RADIUS
attribute Data-Filter (82). Click the Query button to expand the
details of ACL rules.

9.2 802.1X

Switch can provide easy and open access to network resources for the connecting PC.
Although automatic configuration and access is a desirable feature, it also leads unauthorized
user to intrude and access to sensitive network data.

The IEEE 802.1X (dot1X) standard defines a port-based access control procedure that
prevents unauthorized user accessing the network by requiring users to first submit the
authenticated message to authentication server. Access to all switch interfaces in a network
can be centrally controlled from a server, which means that authorized users can use the same
authenticated message for authentication from any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange
authentication messages between the client and RADIUS authentication server to verify user
identity and access rights. When a client (i.e., Supplicant) connects to a switch interface, the
switch (i.e., Authenticator) responds to an EAPOL identity request. The client provides its
identity (such as a user name) in an EAPOL response to the switch, which forwards to the
RADIUS server. The RADIUS server verifies the client identity and sends an allowed or
rejected message. The client can reject the authentication method and request another,
depending on the settings of client and RADIUS.

The RADIUS sends an accepted or a rejected message after verifying the content. If
authentication is successful, the switch allows the client to access the network. Otherwise,
non-EAP traffic on the interface will be blocked.

Port-based Access Control

Under Port-based access control, once the connected device passes the authentication
successfully, the interface turns to authorized status, and then all the traffic on this interface
will not be limited to the access control until the interface becomes unauthorized. Therefore,
if the network segment connected to the interface is a shared one in which multi network

«
...
131
132
133
134
135
...
»

Summary of Contents for S1700 Series

Page 1: ...S1700 Managed Series Ethernet Switches V100R007C00 Web User Manual Issue 05 Date 2012 10 25 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ... services and features described in this document may not be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort...

Page 3: ...ork monitoring engineers System maintain engineers Conventions The symbols that may be found in this document are defined as follows Symbol Description Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury Indicates a hazard with a medium or low level of risk which if not avoided could result in minor or moderate injury Indicates a potentially haz...

Page 4: ...evious issues Issue 05 2012 10 25 Compare to Issue 04 2012 07 25 Optimize the content of version 04 Issue 04 2012 07 25 Compare to Issue 03 2012 05 24 S1700 factory default username is admin and password is Admin 123 Specify the user password in range of 6 16 characters The system Issue 03 2012 05 24 Compare to Issue 02 2012 04 26 Enter the contact person or organization of the management switch I...

Page 5: ...nents 2 1 2 2 Navigation Tree 3 1 2 3 Common Buttons 6 1 2 4 Common Interface Elements 7 1 3 User Timeout Processing 7 1 4 Configuration Saving 8 1 5 Logout Web Network Management Client 8 2 Device Summary 9 2 1 Device Panel 9 2 2 Device Information 10 2 3 Device Status 10 3 System Management 11 3 1 Reset Factory 11 3 2 Reboot 12 3 3 Software Upgrade 13 3 4 File System Management 14 3 5 System Con...

Page 6: ...nt 36 5 1 VLAN 36 5 1 1 VLAN 36 5 1 2 Interface 38 5 2 MAC VLAN 40 5 2 1 MAC VLAN 41 5 2 2 Interface 42 5 3 Voice VLAN 43 5 3 1 Global Parameter Configuration 44 5 3 2 Interface 45 5 3 3 Voice VLAN OUI 46 5 3 4 Voice VLAN Device 47 5 3 5 LLDP MED Voice Device 48 5 3 6 Legacy Device 49 5 4 MAC 49 5 4 1 MAC Address Table 49 5 4 2 MAC Aging Time 50 5 4 3 Static MAC Table 51 5 4 4 Blackhole MAC Table ...

Page 7: ...ping 100 7 3 DSCP Mapping 100 7 4 IP Precedence Mapping 101 7 5 Service Level Mapping 102 7 6 QoS Scheduler 102 7 7 Simple Random Early Detection 103 7 7 1 SERD Profile 103 7 7 2 SRED Information 105 7 7 3 SRED Drop Counter 106 7 8 Traffic Management 107 7 8 1 Traffic Classifier 107 7 8 2 Traffic Behavior 109 7 8 3 Traffic Policy 111 7 8 4 Apply Traffic Policy 112 7 9 Traffic Shaping 113 8 IP Rout...

Page 8: ... 5 3 Address Table Import and Export 142 9 6 MAC based Access Control 143 9 6 1 Global 143 9 6 2 Interface 144 9 6 3 MAC based Access Control Auth info 145 9 6 4 MAC Format Configure 146 9 7 Attack Prevent 147 9 7 1 Worm Prevent 147 9 7 2 DoS Attack Prevent 148 9 8 DHCP Snooping 148 9 8 1 Global 149 9 8 2 Interface State Settings 149 9 8 3 Interface Trust Settings 150 9 8 4 Interface Parameter Set...

Page 9: ... SSL Settings 173 10 Network 175 10 1 SNMP 175 10 1 1 SNMP Global Settings 176 10 1 2 View 177 10 1 3 SNMP Community 178 10 1 4 SNMP Host 179 10 1 5 SNMP Group 181 10 1 6 SNMP User 183 10 1 7 SNMP Trap Settings 185 10 2 RMON 186 10 2 1 Statistic 187 10 2 2 History 188 10 2 3 Alarm 190 10 2 4 Event 192 10 3 LLDP 193 10 3 1 Global 193 10 3 2 Port Settings 194 10 3 3 Address Management 196 10 3 4 The...

Page 10: ...rd Status 207 11 1 2 E label 208 11 2 Device Diagnostics 208 11 2 1 Interface Loopback Test 208 11 2 2 VCT Cable Diagnostics 209 11 3 DDM 210 11 4 Information Center 210 11 4 1 Parameter Settings 210 11 4 2 Log Information 212 11 5 Power Saving Management 213 11 6 Interface Mirror 213 11 7 Tools 215 11 7 1 Ping Test 215 11 7 2 Tracert 216 11 7 3 One Key Information 217 12 Save Running config 218 ...

Page 11: ...t 1 2 Know About Client Interface 1 3 User Timeout Processing 1 4 Configuration Saving 1 5 Logout Web Network Management Client 1 1 Logon Web Network Management Client A logon is necessary for user to perform corresponding configuration of switch 1 1 1 Background Information Web network management client can access switch by HTTP Web network management client should support browsers after the vers...

Page 12: ...an modify the password Please refer to the description in Security User Management Step 4 After successful logon of Web network management system home page of system appears Please refer to Figure 1 2 for introduction of home page End 1 2 Know About Client Interface Knowing about the client interface is helpful to quickly find operator site thus improve operating efficiency 1 2 1 Client Interface ...

Page 13: ...curity Network Device Management and Save Running config Each item comprises submenu as shown in Figure 1 2 Table 1 2 Description of Web Network Management Menu Items Menu Sub Menu Description Device Summary Device Summary Show front panel mimetic diagram information and status of device System Management Reset Factory Reset setting of switch to factory default Reboot Reboot switch with specified ...

Page 14: ...ement VLAN Create delete and edit VLAN edit display members based on VLAN and edit members according to interface interface range MAC VLAN Create and delete MAC VLAN display MAC VLAN list based on VLAN or MAC address and enable disable MAC VLAN according to interface interface range Voice VLAN Perform Voice VLAN relevant configuration MAC MAC address list information display clear dynamic MAC addr...

Page 15: ...ent classes of flows to control network traffic Traffic Shaping Control the maximal transmission rate of interface and limit the output traffic of network IP Routing IPv4 Route Add and check static IPv4 routing IPv6 Route Add and check static IPv6 routing Security User Management Perform user account relevant configuration 802 1X Perform 802 1X relevant configuration Guest VLAN Configure Guest VLA...

Page 16: ...Device Diagnostics Interface loopback diagnostics perform loopback diagnostics to specified interface VCT cable diagnostics perform diagnostics to specified cable to detect cable faults DDM Check parameters of optical interface Information Center Perform configuration management of system log Power Saving Management Enable or disable power saving management and EEE functions Interface Mirror Add m...

Page 17: ...ick to refresh statistic data on webpage 1 2 4 Common Interface Elements Common interface elements of Web network management client are introduced Common interface elements are shown as follows Table 1 4 Description of Common Interface Elements Name Interface Elements Button Page Selection Button Radio Button Check Box Textbox Pull down Menu Help Edit 1 3 User Timeout Processing If the Web network...

Page 18: ... of webpage are completed configuration must be saved If not parameters will be lost when webpage changes or is refreshed When saving the configuration if this size of surplus memory is less than the current configuration size the saving process will fail Please delete the needless file via File System Management then execute configuration saving 1 5 Logout Web Network Management Client To ensure ...

Page 19: ...This panel Display its main information as shown in Figure 2 1 Clicking Device Summary menu under navigation bar user can view Device Panel page the configuration page is shown as follows Figure 2 1 Device Panel Webpage Based on type of the switch connected the display area of Web network management panel can intuitively display information of the various interfaces of this switch the contents dis...

Page 20: ...s system software version power and uptime of switch Click Device Summary menu under navigation bar and view the page of Device Information configuration page is shown as follows Figure 2 2 Device Information Page 2 3 Device Status It shows current CPU usage factor and temperature information of switch Click Device Summary menu under navigation bar and view the page of Device Status configuration ...

Page 21: ...his Chapter Basic management and configuration functions of switch are introduced 3 1 Reset Factory 3 2 Reboot 3 3 Software Upgrade 3 4 File System Management 3 5 System Configuration 3 6 SNTP 3 7 IP Management 3 8 ARP 3 9 IPv6 Neighbor 3 1 Reset Factory Clicking System Management Reset Factory user can reset device to factory default configuration through this webpage The configuration page is sh...

Page 22: ...k System Management Reset Factory Step 2 Click Reset Factory Step 3 Click Apply button to apply all the changes made End 3 2 Reboot Click System Management Reboot to bounce a device reboot webpage Select System Software and Configuration File options under the Next Startup File to set this switch to start next time the configuration page is as shown in Figure 3 2 Figure 3 2 Set Startup File Table ...

Page 23: ... software of the switch the configuration page is as shown in Fig 3 3 Figure 3 3 Software Upgrade Table 3 3 Parameters of Software Upgrade Item Description HTTP Click Browse to choose firmware files to be upgraded which is stored in computer with a suffix of cc such as S1700V100R007B39 cc FTP IPv4 address enter IPv4 address of FTP download server IPv6 address or enter IPv6 address of FTP download ...

Page 24: ... End 3 4 File System Management Click System Management File System Management to download or delete system and configuration files of switch or upload files to switch the configuration page is as shown in Figure 3 4 Figure 3 4 File System Management Table 3 4 Parameters of File System Management Item Description File List File list shows all files saved on current switch Filename system filename ...

Page 25: ...anagement File Management the webpage as shown in Fig 3 4 appears Step 2 Choose system files to be deleted from list Step 3 Click Delete button End 3 5 System Configuration Click System Management System Configuration to set device name and HTTP connection timeout duration of switch the configuration page is as shown in Fig 3 5 Figure 3 5 System Configuration Table 3 5 Parameters of System Configu...

Page 26: ...lity of event can be detected based on the time of log entry SNTP simple network time protocol is mainly applied to synchronizing clocks of computers in the network Click System Management SNTP to configure the system time the configuration page is shown as follows Figure 3 6 SNTP Configuration Table 3 6 Parameters of SNTP Configuration Item Description SNTP Global Choose to enable disable the SNT...

Page 27: ... Click System Management SNTP to bounce the webpage as shown in Fig 3 6 Step 2 Choose Enable from SNTP Global Step 3 Enter a SNTP server address in Server List field for example 192 168 22 44 Step 4 Click Apply button of SNTP Server Configuration to apply all changes made End 3 7 IP Management S1700 series switch has only two VLAN corresponding interface anytime to configure IP address and this VL...

Page 28: ...is 1 CAUTION Default management VLAN name of switch is Default 3 7 2 IPv4 Click System Management IP Management IPv4 to configure an IPv4 address for the switch the configuration is as shown as follows Figure 3 8 IPv4 Address Table 3 8 Parameters of IPv4Address Item Description List Display the IP address of switch management VLAN Click the Edit icon in the right hand column to modify the VLAN IP ...

Page 29: ...gs Item Description Management mode There are two ways to obtain IP address manual configuration and DHCP Default manual configuration VLAN ID Select management VLAN ID from the drop down menu Status Choose to enable disable this management interface IP Address The fixed IP management address that user can manually configure when IP address method is selected manual Valid IP addresses consist of f...

Page 30: ...on page is shown as follows Figure 3 10 IPv6Address Table 3 10 Parameters of IPv6Address Item Description List Display the relevant IP address information of the management VLAN CAUTION Default management VLAN of switch does not enable IPv6 Address IPv6 Address Settings Step 1 Click System Management IP Management IPv6 to bounce the configuration page as shown in Fig 3 10 Step 2 Click New to add a...

Page 31: ...en sending an IP frame the switch firstly inquires MAC address related to objective IP address from ARP table If address is found the switch will write in this MAC address at the specified position of frame head and send the frame to the objective If corresponding MAC address is not found from ARP table the switch will broadcast an ARP request message to all devices of network When receiving this ...

Page 32: ...ption Aging Time Set the aging time for dynamic entries in the ARP table Range 0 65535 minutes Default 20 minutes The ARP aging timeout can only be set globally for all VLANs Interface Name Name of the interface IP Address Dynamically detected IP address MAC Address Dynamically detected MAC address Dynamic ARP Aging Time Configuration Step 1 Click System Management ARP Dynamic ARP Step 2 Set aging...

Page 33: ...the interface Status Display the status of IPv6 neighbor address Static Neighbor Table Configuration Step 1 Click System Management IPv6 Neighbor Static Neighbor Step 2 Click New button to add new static neighborhood information as shown in following figure Figure 3 15 Edit Static Neighbor Step 3 Enter relevant static neighborhood information Step 4 Click Apply to apply all the changes made End 3 ...

Page 34: ...ment is attached Neighbor Request Interval Display the neighbor request interval of the router advertisement in millisecond Reachable Time Display the neighbor reachable time of the router advertisement in millisecond and 1200000 milliseconds is the default value Min RA Interval Display the minimum interval of the router advertisement in second and 198 seconds is the default value Max RA Interval ...

Page 35: ...wei Technologies Co Ltd 25 Item Description Managed Config Flag Choose to enable disable managed config flag Other Managed Flag Choose to enable disable other managed flag Prohibit Transmission of Router Advertisement Step 1 Click System Management IPv6 Neighbor Router Advertise Step 2 Select Enable in the pull down menu of RA Halt Step 3 Click Apply to halt router advertisement End ...

Page 36: ...4 1 Ethernet Interface This section mainly describes how to configure and view interface connection 4 1 1 Basic Attributes Click Interface Management Ethernet Interface Basic Attributes page to check each interface status on switch the configuration page is shown as the figure below Figure 4 1 BasicAttributes Table 4 1 Parameters of Basic Attributes Item Description Query Search the basic attribut...

Page 37: ...on on the interface Negotiation Display if the automatic negotiation is enabled or disabled Input Rate Limit Input rate limit on interface Output Rate Limit Output rate limit on interface Jumbo Frame Size of Jumbo frame on interface Description Description about the interface Interface Attribute Configuration Step 1 Click Interface Management Ethernet Interface Basic Attributes Step 2 Choose the c...

Page 38: ...ce Flow Control Enable Disable flow control function of interface Negotiation Enable Disable automatic negotiation of interface Duplex Configure duplex mode of interface Speed Configure operation speed of interface Input Rate Limit Configure input speed limit of interface Output Rate Limit Configure output speed limit of interface Jumbo Frame Specify the size of Jumbo frame on interface Descriptio...

Page 39: ...s interface Broadcast Packets Total broadcast packets received on this interface Multicast Packets Total multicast packets received on this interface Received Error Packets Total error packets received on this interface Runts Error Packets Total runts error packets received on this interface CRC Error Packets Total CRC error packets received on this interface Frame Error Packets Total Frame error ...

Page 40: ...s data of designated interface the configuration page is shown as the figure below Figure 4 4 Details of Statistics on Interface Step 3 Click Close to return to the configuration page of Statistics on Interface End 4 2 Eth Trunk This section describes a method to configure Eth Trunk User is allowed to set up multiple links among multiple switches Link Aggregation is a method of binding a group of ...

Page 41: ...can be set up on one switch each of them including up to 8 interfaces Interfaces of connecting two ends must be configured as Trunk member interfaces When manual Trunks are configured on different types of switches the switches must be compatible with Cisco EtherChannel standard Trunk members must be configured in the same mode including communication mode e g flow control and interface negotiatio...

Page 42: ...Description Trunk ID Configured trunk number Range 1 12 Types Manual Trunk or Static LACP mode supports 12 Trunks up to eight member interfaces in each group Min Active Links The minimum active interfaces in the group Max Active Links The maximum active interfaces in the group Preempt Delay State The active port with lower priority in LACP aggregation group can be replaced by the backup port with ...

Page 43: ...on page Step 4 Click Apply to apply all the changes made End Display Delete Trunk group Step 1 Click Interface Management Eth Trunk to display a page as shown in Figure 4 8 the list shows all Trunks created on switch Figure 4 8 Display Trunk List Step 2 Choose the check box in the left hand column of Trunk to be deleted then click Delete button to delete Trunk End Configure Trunk Attribute List St...

Page 44: ... Member Patner Information as shown in following figure Figure 4 9 Display Trunk Member List End Configure LACP Member Step 1 Click Interface Management Eth Trunk to display a page as shown in Figure 4 8 Step 2 Click the LACP entries to be viewed in Trunk list the detailed member information of the chosen Trunk will be displayed in Trunk ID Member list as shown in following figure Figure 4 10 Conf...

Page 45: ...rAttributes Item Description Interface Name Interface number LACP Timeout Specify LACP message timeout selecting Short means three seconds selecting Long means ninety seconds Working Mode Specify LACP operation mode of interface LACP Priority Specify LACP priority of interface Range 0 65535 Default 32768 Step 4 Configure the parameters needed Step 5 Click Apply button to apply all the changes made...

Page 46: ...d each subset will form its own broadcast domain In short VLAN is a telecommunication technology dividing a physical LAN into many broadcast domains The hosts in VLAN can directly communicate with each other while VLANs can not directly intercommunicate Therefore the broadcast message is limited in a VLAN The network security is improved You can create edit or delete VLAN in Service Management VLA...

Page 47: ...information through VLAN ID VLAN ID VLAN ID numbers Up to 4094 VLAN groups can be defined VLAN 1 is the default untagged VLAN VLAN Name Name of the VLAN Add a Static VLAN Step 1 Click Service Management VLAN VLAN the configuration page is as shown in Fig 5 1 Step 2 Click New button to add VLAN the configuration page is as shown in following figure Figure 5 2 Add VLAN Step 3 Enter VLAN ID and VLAN ...

Page 48: ...n of VLAN entries to be deleted the member information of the VLAN is displayed in VLAN ID Member list Step 3 Click Delete button to delete static VLAN End CAUTION VLAN 1 cannot be deleted Modify VLAN Step 1 Click Service Management VLAN VLAN to modify the basic information of VLAN the configuration page is as shown in Fig 5 1 Step 2 Choose the Edit button in the right hand column of VLAN entries ...

Page 49: ...will be flooded to all other ports within this VLAN If ingress filtering is enabled and the interface receives a tagged frame which is not included in this VLAN then the frame will be dropped Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN associated BPDU frames such as GMRP Access VLAN If the displayed link type is Access the VLAN ID ...

Page 50: ...terface to open a page as shown in Fig 5 3 Step 2 Choose the check box in the left hand column of the interface to be edited and then click Configure button to modify the VLAN attribute of interface The configuration page is shown as the figure below Figure 5 4 Edit VLAN MemberAttribute Step 3 Modify corresponding configuration item the parameters are as shown in Fig 5 2 Step 4 After configuration...

Page 51: ... VLAN configured on the switch the configuration page is shown as the figure below Figure 5 5 MAC VLAN Table 5 3 Parameters of MAC VLAN Item Description Query Search the designated MAC VLAN information through MAC address and VLAN ID MAC Address MAC address of the computer the format is H H H VLAN ID The VLAN ID for this MAC address Priority Priority value is 0 7 Type The manually established type...

Page 52: ...l the changes made End View Delete MAC VLAN Step 1 Click Service Management MAC VLAN MAC VLAN to view the settings of MAC VLAN as shown in Fig 5 5 Step 2 Choose the check box in the left hand column of the VLAN entry needed to be deleted Step 3 Click Delete button to delete MAC VLAN End 5 2 2 Interface Click Service Management MAC VLAN Interface page to open the configuration page as shown below w...

Page 53: ...nk the interface will be not displayed in MAC VLAN interface list 3 If removed from Eth Trunk the MAC VLAN attribute of original interface will recover 5 3 Voice VLAN It is recommended that the VoIP network traffic should be separated from other data traffics when deploying IP technology in enterprise network Flow separation can prevent data packet delay packet loss and the blocking effect of voic...

Page 54: ... Settings Item Description Global State Enable automatic VoIP flow detection on the interface of switch the default is disable VLAN ID Set VLAN ID of enabled Voice VLAN Voice VLAN is only enabled on one VLAN VLAN Name Set VLAN name of enabled Voice VLAN Voice VLAN is only enabled on one VLAN Priority Define CoS priority of interface in Voice VLAN When Voice VLAN is opened the interface will forwar...

Page 55: ...ce Working Mode Specify if the interface will be added to the Voice VLAN when VoIP traffic is detected Auto the interface will be added as a tagged member to the Voice VLAN after traffic is detected Manual the interface will be manually added to the Voice VLAN after the Voice VLAN feature is enabled Security Mode Enable security filtering to ensure that only the VoIP traffic can be forwarded on Vo...

Page 56: ... Eth Trunk is created the Voice VLAN attribute of Eth Trunk interface is set as default value 2 If added to Eth Trunk the interface will be not displayed in Voice VLAN interface list 3 If removed from Eth Trunk the Voice VLAN attribute of original interface will recover 5 3 3 Voice VLAN OUI VoIP device connected to the switch can be identified by Organizational Unique Identifier OUI of manufacture...

Page 57: ...asks restrict the MAC address range Selecting FFFF FFFF FFFF specifies a single MAC address Description User defined text indicates the name of Voice VLAN device Add Voice VLAN OUI Step 1 Click Service Management Voice VLAN Voice VLAN OUI Step 2 Click New button to add Voice VLAN OUI to open the page as shown in following figure Figure 5 13 Add Voice VLAN OUI Step 3 Specify OUI MAC address for VoI...

Page 58: ...rvice Management Voice VLAN LLDP MED Voice Device page to view voice device connected to switch through LLDP MED protocol the configuration page is shown as the figure below Figure 5 15 LLDP MED Voice Device Table 5 8 Parameters of LLDP MED Voice Device Item Description ID LLDP MED device list Local Interface Interface number connected to LLDP MED device Chassis ID Subtype Chassis subtypes of LLDP...

Page 59: ...s received from legacy device Remain Time The remaining time that legacy device exists on switch 5 4 MAC Ethernet switch uses information of MAC address list to address and forward the message quickly in link data layer This article describes the configuring methods of MAC address 5 4 1 MAC Address Table MAC Address Table allows checking MAC address forwarding table of switch If switch learns a MA...

Page 60: ...hich includes Dynamic Self Blackhole or Static Aging Time Display the aging time of dynamic MAC address entry Add to Static Table Select the checkbox from the left side of dynamic MAC address table and click this button then you can add the dynamic MAC address to static address table Clear Click this button and it will delete the learned dynamic MAC address entry that meets query conditions Clear ...

Page 61: ... not be aging in the address table If the address is discoverd by another interface it will be neglected and not be written into address table The address will not be learned by other interfaces unless the static address is deleted manually from address table Click Service Management MAC Static MAC Table page to open the page as shown in following figure which displays the information of static ad...

Page 62: ... is selected from the address table Delete All Click this button to delete all the static MAC addresses from address table Add a Static MAC Address Step 1 Click New button to add a static MAC address the configuration page is shown as the figure below Figure 5 20 Add Static MAC Address Step 2 Enter the static MAC address information to be added in configuration page Step 3 Click Apply button to ap...

Page 63: ... in address table VLAN ID VLAN ID relevant to the above MAC address New Click this button to add a blackhole MAC address Delete Click this button to delete Blackhole MAC address which is selected Delete All Click this button to delete all the Blackhole MAC addresses in address table Add a Blackhole MAC Address Step 1 Click New button to add a Blackhole MAC address the configuration page is as show...

Page 64: ...MAC filter status information of all the interfaces Figure 5 23 MAC Filter MAC Filter Configuration Step 1 Choose the check box in the left hand column of the interface list to be edited and then click Configure button to modify the MAC filter function for interface the configuration page is shown as the figure below Figure 5 24 MAC Filter Configuration Step 2 Click Enable button to enable MAC fil...

Page 65: ...erface Name The interface number from which the MAC address migrates New Interface Name The interface number to which the MAC address migrates 5 5 STP Spanning Tree Protocol STP is used to decrease link failure in network and provides protection for network by preventing loop circuit It is easy to generate unconscious loop broadcast storm in complex network construction It is disabled by default T...

Page 66: ...th cost CIST RegRoot IRPC CIST RegRoot internal root path cost CIST Root Port ID Interface number of CIST root BPDU Protection When BPDU Protection is enabled the switch will close these ports and notify the network management system at the same time if the edge port receives a BPDU The shut down port can only be restored manually by network manager Time Since Last TC The durative period after the...

Page 67: ...tion on the switch the status of root ports and other blocked ports are relying on the continuous BPDUs received from the upstream switch The switch will reselect root port when the BPDU from the upper switch cannot be received because of network congestion or unidirectional link failure If the original root port becomes a designated port and the original blocked port moves to the forwarding state...

Page 68: ...es needed to configure Root Type The options for root type Not set Primary and Secondary Instance Select instance number for priority value needed to configure Priority Bridge priority is used in selecting the root device The device with the highest priority the smaller value the higher priority becomes the STP root device However if all devices have the same priority the device with the lowest MA...

Page 69: ...packet will be time out Value ranges from 6 to 40 default is 20 Pathcost Standard Choose the standard of path cost calculation The options are as follow dot1t dot1d 1998 and legacy BPDU Protection Under normal circumstances the edge interface will not receive a BPDU If someone attacks device maliciously with fake BPDU the switch will automatically set the edge interface to non edge interface and r...

Page 70: ...er switches to ask for becoming the root bridge If the switch has the minimal bridge identifier it will become root bridge User can set the value from 6 40 seconds the default is 20 seconds 5 5 3 STP Interface Click the Service Management STP STP Interface page to configure attributes for specific interfaces including port priority path cost protection type and edge port You may use a different pr...

Page 71: ...he loop protection started if the root port can not receive a BPDU from upstream it will be set in blocked state and the blocked ports will remain in blocking state and does not forward packets to the network to ensure that no loop can be formed TC Protection the switch will delete MAC address table and ARP table entry if TC BPDU is received The frequent deletion of table entry for receiving a lar...

Page 72: ...ce Table 5 18 Parameters of STP Settings Based on Interface Item Description Instance Select instance number on interface Port Priority Definition of this interface s priority in spanning tree A higher priority will specify firstly interface to forwarding packet The lower number indicates the higher priority If all interfaces path cost is the same on this switch the higher priority interface will ...

Page 73: ...receive BPDU from upstream while the blocking ports will remain blocking status forwarding no message and thus causing no loop circuit in network TC protection when switch receiving TC BPDU it will implement delete operation of MAC address table and APR table If receiving frequently TC BPDU to conduct table delete action it will be overburdened for the device After configuring topology change prot...

Page 74: ... and click Detail Info button displaying the specified interface details of STP configuration information the configuration page is shown as the figure below End Figure 5 30 Display STP Interface Details Table 5 19 Parameters STP Interface Details Item Description Instance Instance number Internal Path Cost This interface s internal path cost Priority This interface s priority Instance Port Protoc...

Page 75: ...k s topology oscillation Point to Point Force true it represents point to point sharing link Point to point port is similar to edge port but point to point mode must be full duplex mode As the edge port point to point port can quickly turn into forwarding status to obtain RSTP advantages Force false it represents this interface does not own point to point status auto it represents that interface w...

Page 76: ... specified ports and previous congestion ports will shift to forwarding status thus causing loop circuit in exchanging network Loop circuit protection function will restrain such occurrence When enabling loop circuit protection function the root ports will be set to blocking status if these ports can not receive BPDU from upstream while the blocking ports will remain blocking status forwarding no ...

Page 77: ...will be displayed Revision Level This value and domain name altogether identifies the MSTP protocol configured on switch The value range is 0 65535 default is 0 Instance Display the MST instance ID currently configured on switch The default CIST is common and internal spanning tree of MSTI Mapped VLANs Display VLAN ID mapped to specified MST instance Add MSTP Instance Step 1 Click Service Manageme...

Page 78: ...ment and control mechanism working on 2 layer Ethernet switch After IGMP Snooping is enabled switch establishes mapping relationship for switch s interface and multicast address through snooping IGMP message received on the interface forwarding multicast data stream according to the established mapping relationship The multicast data stream received on the switch will be flooding in VLAN when IGMP...

Page 79: ...ime The maximum amount of time before sending IGMP response message when the host receives general query packet The range is 1 25 seconds and the default is 10 seconds Specific Query Max Response Time The maximum amount of time before sending IGMP response message when the host receives specific query packet The range of permissible time is 1 5 seconds and the default is 2 seconds Drop Unknown Sta...

Page 80: ...on of VLAN the configuration page is shown as the figure below Figure 5 35 IGMP Snooping VLAN Table 5 22 Parameters of IGMP Snooping VLAN Item Description VLAN Used to identify the VLAN configuration to IGMP Snooping function Status Whether to enable IGMP Snooping function Querier Version The version is compatible with other devices on Internet The switch uses this IGMP version to send IGMP common...

Page 81: ...e default is 10 seconds 0 indicates maximum response time of general group with global settings Specific Query Max Response Time The maximum permissible time of the host sending IGMP response message after receives specific group query The range of permissible time is 1 5 seconds 0 indicates maximum response time of specified group with global settings Check Router Alert Check the Router Alert opt...

Page 82: ...ion Interval In a period IGMP Snooping suppression to the messages of the same content supporting the suppression for IGMPv1 member message IGMPv2 member message and IGMPv2 Leave message 0 indicates the function of disable message suppression Dynamic Mrouter Aging Time The aging time for configuring dynamic route 0 represent the aging time of dynamic route with global configuration General Query M...

Page 83: ...value range is 2 5 the default is 2 Query Interval This value is used to set the time interval for transmitting IGMP query The range is 1 31744 second s the default is 125 seconds Step 3 Adjust the needed IGMP settings Step 4 Click Apply button to apply all the changes made End 5 6 3 Group Deny Click Service Management IGMP Snooping Group Deny to view interface s IGMP Snooping learning status show...

Page 84: ...vice Interface Select interface Eth Trunk List Select Trunk Group Deny Enable or disable interface s learning function Step 3 Configure the needed parameters Step 4 Click Apply button to apply all the changes made End 5 6 4 Group Policy Click Service Management IGMP Snooping Group Policy to check information of multicast policy on the switch shown as the figure below Figure 5 39 IGMP Group Policy ...

Page 85: ... page shown as the figure below Figure 5 40 Add Group Policy Table 5 27 Parameters of IGMP Snooping Group Policy Item Description VLAN Specify VLAN for transmitting multicast service if no specified interface or Eth Trunk this configuration is multicast policy based on VLAN otherwise the multicast policy based on interface Interface Select Interface Eth Trunk List Select Trunk ACL ID When applying...

Page 86: ...Groups Table 5 28 Parameters of IGMP Snooping Static Groups Item Description VLAN ID Name VLAN ID number VLAN name Group Address IP address for static multicast group Add IGMP Snooping Static Group Step 1 Click Service Management IGMP Snooping Static Groups Step 2 Click New button opening the configuration page shown as the figure below Figure 5 42 Add IGMP Snooping Static Group Table 5 29 Paramet...

Page 87: ...GMP Snooping Static Groups Step 2 Click Batch Create button opening the configuration page shown as the figure below Figure 5 43 Batch Create Static Groups Table 5 30 Parameters of IGMP Snooping Static Groups Item Description VLAN Specify VLAN for transmitting multicast service Start Group Address Batch creation of start IP address for new static multicast group End Group Address Batch creation of...

Page 88: ...ess of multicast group Source Address The source IP address of multicast group FM Multicast group filter mode Include refers to the multicast data stream forwarded from the corresponding interface Exclude means that if the source address is multicast data stream will be forwarded from the corresponding interface if it is not multicast data stream will not be forwarded from the corresponding interf...

Page 89: ...Time sec Timeout period of Querier and indicates that switch itself works as a querier 5 6 8 Mrouter Click Service Management IGMP Snooping Mrouter to check information of route interface on switch the configuration page is shown as the figure below Figure 5 46 IGMP Snooping Mrouter Table 5 33 Parameters of IGMP Snooping Mrouter Item Description VLAN The VLAN for transmitting multicast service Sta...

Page 90: ...ace Specify interface to connect multicast router Eth Trunk List Specify Trunk to connect multicast router Step 3 Configure the needed parameter Step 4 Click Apply button to apply all the changes made End 5 6 9 Forwarding Table Click Service Management IGMP Snooping Forwarding Table to check forwarding information on switch shown as the figure below Figure 5 48 IGMP Snooping Forwarding Table Table...

Page 91: ...ght Huawei Technologies Co Ltd 81 Item Description Group Source IP Multicast server address that sends data stream to specified multicast Interface Name The downlink interfaces or interface aggregation of the specified multicast group that receives data stream which includes multicast router interface with dynamic or static configuration ...

Page 92: ...ded into 3 steps Step 1 configure the effective period of ACL rule in the effective period Step 2 configure matched object of ACL rules in ACL profile Step 3 apply the formed ACL rules to specified interface or VLAN 6 1 Effective Period 6 2 ACL Profile 6 3 ACLApplication 6 4 HTTP ACL 6 1 Effective Period Effective Period configures the effective time of applying ACL rule Click ACL Effective Period...

Page 93: ... an new effective period to open the configuration page shown as the figure below Figure 6 2 Edit Effective Period Table 6 2 Parameters of Editing Effective Period Item Description Time Range Name Enter a name for effective period rule Periodic Time Range Week Select the day of the week to apply ACL rule Start Time Select the start time to apply ACL rule End Time Select the end time to apply ACL r...

Page 94: ...IP indicate switch to detect source IP address for each packet s header Only can detect IPv4 Ether Type is 0x0800 Extended IP indicate switch to detect protocol type source destination IP address source destination interface member IP TOS priority or TCP mark for each packet header Only can detect IPv4 packet Ether Type is 0x0800 Extended IPv6 indicate switch detects protocol type source destinati...

Page 95: ...le Rule Display the field viewed by the rule Time Range Name Display effective time of the ACL rule if no effective time is specified and then it takes effect with a rule and applies it to interface or VLAN time range Create an ACL Entry Step 1 Click ACL ACL Profile Step 2 Click New button to add a new ACL entry opening the configuration page shown as the figure below Figure 6 4 Edit ACL Profile T...

Page 96: ...created by the system Offset Chunk 1 4 Create segments Chunk needed for user defined ACL and specify offset Offset in bytes See chapter Create a New User Defined Rules Step The starting number and distribution interval of automatically assigning rule number ACL Description Enter the description of ACL entry function Step 3 Configure the needed parameter Step 4 Click Apply button to apply all the c...

Page 97: ... IP Address All Source IP specify this rule to be applied to all IP data packages Specify Source IP Mask specify this rule to be applied to the IP data package of specified IP mask The IP address will match the whole field if no mask entered Time Range Name Click Please Select button to specify effective time for the rule Step 3 Configure the needed parameter Step 4 Click Apply button to apply all...

Page 98: ...P specify this rule to be applied to all IP data packages Specify Destination IP Mask specify this rule to be applied to the IP data package of specified IP address mask The IP address will match the whole field if no mask entered Match Port Specify the TCP UDP source port and destination port for data to be matched Match Priority Specify the IP priority and TOS fields for data to be matched TCP F...

Page 99: ...ages Specify Source IP Prefix Length specify this rule to be applied to the IP data package of specified IP address prefix length The IP address will match the whole field if no mask entered Destination IPv6 address All Destination IPv6 specify this rule to be applied to all IP data packages Specify Destination IP Prefix Length specify this rule to be applied to the IP data package of specified IP...

Page 100: ...End Create a Rule for Extension MAC Step 1 Click ACL ACL Profile Step 2 Click a created extending MAC rule in ACL list and click New button in the list box of ACL Rule to add a new rule opening the configuration shown page as below Figure 6 8 New Extension of MAC Rules Table 6 8 Parameters of Extending MAC Rule Item Description ACL ID ACL entry number that rule belongs to Rule ID Enter rule number...

Page 101: ...t value of 0 corresponding to the MAC address bit is Independent Bit could be 0 or 1 mask bit value of 1 corresponding to the MAC address bit is Matching Bit must exactly match the destination MAC address The MAC address will match the whole field if no mask entered Match Ethernet Type Select or enter the message type to identify the protocol type used by link layer Its range will be hex 0x0600 0x...

Page 102: ...that mask with value of 0 corresponds to is difference then it can be 0 or 1 the location that mask with value 1 corresponds to is matching location then it should be matched accurately The content will match the whole field if no mask entered If ACL doesn t select this segment it can not be set Chunk 3 Specify the user defined content of the third passage to be matched Content the data needed to ...

Page 103: ... can not be modified but create again after deleting it 3 Segment specified in the rule cannot exceed the range specified by ACL 4 Only 1 user define ACL can be created Figure 6 10 Definition of User Defined ACLOffset Step 5 Configure the needed parameter Step 6 Click Apply button to apply all the changes made End 6 3 ACL Application ACL application will apply the rules created in ACL Profile to t...

Page 104: ...d interface application opening the configuration page shown as the figure below Figure 6 12 Edit Interface Application Table 6 11 Parameters of Editing InterfaceApplication Item Description Interface Name Displays the interface name of switch Interface Type Display the ACL data direction applied by interface Here is the Ingress ACL Type Select ACL type applied by interface ACL List Select specifi...

Page 105: ... ACL list that has been applied to VLAN Create a VLAN Application Name Step 1 Click ACL ACL Application VLAN Application Step 2 Click New button to create a application entry of VLAN rule opening the configuration page shown as the figure below End Figure 6 14 New VLAN Application Table 6 13 Parameters of New VLAN Application Item Description VLAN Application Name Specify name applied by VLAN Bind...

Page 106: ...cription VLAN Application Nam Display name applied by VLAN Bind VLAN Add or delete the VLAN ID of the applied rules Bind IP ACL Select to add or delete IP ACL list that has been applied to VLAN maximum support 8 IP ACL Bind MAC ACL Select to add or delete MAC ACL list that has been applied to VLAN maximum support 8 IP ACL Step 5 Click corresponding Apply or Delete button to complete operation End ...

Page 107: ...l Copyright Huawei Technologies Co Ltd 97 Table 6 15 Parameters of HTTPACLConfiguration Item Description ACL ID Click Please Select button to select ACL number that has been applied to HTTP protocol data and then click Apply button to implement configuration HTTP ACL only supports standard IP ACL not supporting other types of ACL ...

Page 108: ...rver application or video session This function can not only reserve bandwidth but also limit other unimportant communication traffic On the switch each physical interface has 8 hardware queues which map different application packet and successively distinguish priority level 7 1 QoS Interface 7 2 CoS Mapping 7 3 DSCP Mapping 7 4 IP Precedence Mapping 7 5 Service Level Mapping 7 6 QoS Scheduler 7 ...

Page 109: ...ap The details are described in 7 4 IP Precedence Mapping CFI Mapping When CFI mapping function on inbound port is enabled and the trust mode is COS it will be mapped to different internal colors according to CFI value in tag message That is CFI0 mapping is green CFI 1 mapping is yellow When CFI mapping function on outbound port enabled the message will be sent through this port and the CFI value ...

Page 110: ...to apply all the changes made End 7 2 CoS Mapping Click QoS Cos Mapping to configure the mapping relationship of CoS and service level the configuration page is shown as the figure below Figure 7 3 Cos Mapping Table 7 2 Parameters of Cos Mapping Item Description Service Level Select service level mapped by this CoS 7 3 DSCP Mapping Click QoS DSCP Mapping to configure the mapping relationship betwe...

Page 111: ...of DHCP Mapping Item Description Service Level Select service level mapped by this DSCP 7 4 IP Precedence Mapping Click QoS IP Precedence Mapping to configure mapping relationship of IP Precedence and service level the configuration page is shown as below Figure 7 5 IP Precedence Mapping Table 7 4 Parameters of IP Precedence Mapping Item Description Service Level Select the service level mapped by...

Page 112: ... and switch s hardware queues the configuration page is shown as the figure below Figure 7 6 Service Level Mapping Table 7 5 Parameters of Service Level Mapping Item Description Queue Select priority of hardware queue of switch mapped by this service level There are eight hardware priority queues for each port 7 6 QoS Scheduler Click QoS QoS Scheduler to configure the scheduler mode of hardware qu...

Page 113: ...queue per time is decided by the set weight WRR Weight When schedule WRR range of this hardware queue weight is 0 127 Queue weight of 0 is scheduled with SP mode 7 7 Simple Random Early Detection SRED Simple Random Early Detection is a simple mechanism for avoiding congestion which randomly discards some specified color of message to actively manage queue to keep the queue size in a reasonable lev...

Page 114: ...configuration information of profile number specified in Profile Profile SRED profile number Drop Mode Specify the SRED drop mode and the options are Not Drop Green and Drop Green Low Threshold When drop mode is Drop Green reaching this threshold it will begin to drop Yellow and Red message When drop mode is Not Drop Green it only drop Red message Low Drop Rate Specify drop rate of low threshold T...

Page 115: ...is 0 7 0 100 1 6 25 2 3 125 3 1 5625 4 0 78125 5 0 390625 6 0 1953125 7 0 09765625 End 7 7 2 SRED Information Click QoS SRED SRED Information to configure SRED Profile applied to interface on switch the configuration page is shown as the figure below Figure 7 10 RED Information Set SRED Information Step 1 Click QoS SRED and then click SRED Information in Tab Step 2 Click the SRED information neede...

Page 116: ... all the changes made The finished SRED information will be displayed in SRED information list Table 7 8 Parameters of SRED Information Item Description Interface Name Interface number of profile applying SRED SRED Status Enable or disable SRED function on the specified queue of interface Profile Profile ID for specified queue End 7 7 3 SRED Drop Counter Click QoS SRED SRED Drop Counter to view SR...

Page 117: ...ion profile and specify matching objects for traffic classification Step2 Create traffic behavior profile and configure action specified by matching traffic Step3 Create traffic strategy profile and binding the specified traffic classification profile and the corresponding traffic action profile Step4 Apply the configured traffic strategy to the specified objects including interface and VLAN 7 8 1...

Page 118: ...in Traffic Classifier Name bar Step 4 Click Apply button to apply all the changes made The successfully created traffic classifier will be displayed in list of traffic classifier End Add a Rule for Traffic Classifier Step 1 Click QoS Traffic Management Traffic Classifier Step 2 In list of traffic classifier click the traffic classifier to be added rule and click New button in rule list box opening...

Page 119: ... Match ACL Match messages specified in ACL number ACL name Step 3 Select the mode matched by traffic classifier to message Step 4 Click Apply button to apply all the changes made End 7 8 2 Traffic Behavior Click QoS Traffic Management Traffic Behavior to view traffic behavior configured on switch the configuration figure is shown as below Figure 7 16 Traffic Behavior Table 7 12 Parameters of Traff...

Page 120: ...c policy to display statistics Configure Traffic Policing Measure the matched traffic and color the classified traffic according to the specified Mode and corresponding parameters There are three modes Rate srTCM and trTCM Configure Re mark Action Remark the matched messages 802 1p priority Mark priority for message and make queue strategy according to this priority Local priority Specify local qu...

Page 121: ...is policy profile Behavior Name Bind to behavior profile of classifier profile designated by classifier name of this policy profile Add a Traffic Strategy Step 1 Click QoS Traffic Management Traffic Policy Step 2 Click New button to add a stream policy opening the configuration shown as the figure below Figure 7 19 New Traffic Policy Step 3 Enter a name in Traffic Policy Name bar Step 4 Click Appl...

Page 122: ...ply Traffic Policy Table 7 15 Parameters ofApplying Traffic Policy Item Description Query Query configuration information of traffic policy according to interface name VLAN ID Interface or VID Interface ID VLAN ID which applies policy Policy Name The applied policy name of interface Direction The data direction of the applied policy name only supports ingress Add a Traffic Application Step 1 Click...

Page 123: ...y application entry will be displayed in list box of traffic policy application End 7 9 Traffic Shaping Traffic shaping allows network administrators to allocate the minimum guaranteed bandwidth and maximum limited bandwidth for each queue to achieve the purpose of improving network service quality based on rational allocation of resources Click QoS Traffic Shaping to view the traffic shaping data...

Page 124: ... QoS Traffic Shaping Step 2 Click the checkbox on the left of the interface to be configured traffic shaping and click Configure button opening the configuration page shown as the figure below Figure 7 23 Traffic Shaping Configuration Step 3 Cancel checkbox of Unlimited on the right of queue and enter the speed rate range of queue in Minimum Rate Maximum Rate bar Step 4 Click Apply button to apply...

Page 125: ...y to routing table when it forwarding data 8 1 IPv4 Route 8 2 IPv6 Route 8 1 IPv4 Route 8 1 1 IPv4 Route Table Click IP Routing IPv4 Route IPv4 Route table the configuration page is shown as the figure below Figure 8 1 IPv4 Route Table Table 8 1 Parameters of IPv4 Route Table Item Description Query Search IPv4 Route Table according to IP address IP Address Mask The IP address mask of destination n...

Page 126: ...ure below Figure 8 2 IPv4 Routing Table 8 2 Parameters of Configuring IPv4 Routing Item Description IP Address Mask The IP address mask of destination network segment of routing Gateway Gateway IP address The address of next hop Protocol Type Routing type Backup State Primary or secondary routing Status The routing is effective or not which means it can be used to conduct routing forwarding or not...

Page 127: ...the configuration page is shown as the figure below Figure 8 4 IPv6 Route Table Table 8 3 Parameters of IPv6 Route Table Item Description Query Search IPv6 Route Table according to IPv6 address prefix length IPv6 Prefix Prefix of destination IPv6 Protocol Type Routing type Next Hop IPv6 address of the next hop gateway Interface Name VLAN number of static routing entry 8 2 2 IPv6 Static Default Rou...

Page 128: ...xt hop gateway Interface Name VLAN number of static routing entry Backup State Primary of secondary routing Status The routing is effective or not which means it can be used to conduct routing forwarding or not Create an IPv6 Routing Step 1 Click IP Routing IPv6 Route IPv6 Static Default Route Configure in tab bar Step 2 Click New button opening the configuration page shown as the figure below Fig...

Page 129: ...ontrol 9 7 Attack Prevent 9 8 DHCP Snooping 9 9 IPSG 9 10 DAI 9 11 MAC Attack 9 12 Interface Isolation 9 13 AAA 9 14 RADIUS 9 15 SSL Settings 9 1 User Management Through the user management function you can create modify and delete the users on switch and view the current online users 9 1 1 User Management Click Security User Management page and then click User Management in Tab to configure the u...

Page 130: ...ccess type of user CAUTION The default administrator name is admin password Admin 123 Guests own read authority of most of the configurable parameters Administrators own all write authority of all parameters User should distribute a new administrator admin as quickly as possible after enabling the device and save it in a safe place Create a User Account Step 1 Click Security User Management Step 2...

Page 131: ...nd space Password cannot be user name or user name in reverse order Confirm Password Enter the password again The value ranges from 6 to 64 characters Password Type Simple text display the entered password in the form of simple text within password field Cipher text display the entered password in the form of asterisk within password field User Level Specify the level of user 0 Normal 15 Privilege...

Page 132: ...ty User Management page and then click Online User in Tab to check the current online user details on switch the configuration page is shown as the figure below Figure 9 4 Online User Table 9 3 Parameters of Online User Item Description Query Query the current online users by one of the following four options as required name IP address port name and MAC address ID Display the online user ID User ...

Page 133: ...uthenticated message to authentication server Access to all switch interfaces in a network can be centrally controlled from a server which means that authorized users can use the same authenticated message for authentication from any point within the network This switch uses the Extensible Authentication Protocol over LANs EAPOL to exchange authentication messages between the client and RADIUS aut...

Page 134: ...each interface must be solely authenticated and authorized by the authentication server The switch learns MAC address of each connected device and creates a logical interface so that the connected device can communicate with the switch through the logical interface 9 2 1 Global Click Security 802 1X Global to configure global authentication parameters of IEEE802 1X the configuration page is shown ...

Page 135: ...s can obtain the privilege of accessing the network Similarly if one host fails the authentication or sends EAPOL exiting message all the other hosts cannot pass through the interface Host based In this mode the host passing through this interface must be authenticated respectively Configure Interface Authentication Mode Step 1 Click Security 802 1X Step 2 Click Mode in tab Step 3 Click checkbox o...

Page 136: ...one of the following options Auto Enables 802 1X and allows the interface in unauthorized status and only allows sending EAPOL frame and receiving the corresponding response frame When the link status of the interface is changed from Disable to Enable or when receives EAPOL start frame authentication process starts then the switch requires the identity of the authentication client and relays the a...

Page 137: ...e is used to enable or disable authentication Authenticator indicates enabling the authentication function on the interface At this time only the user who passes the authentication process can access the network None indicates disabling 802 1X on the interface Note if enabling 802 1X on an interface with MAC based VLAN disabled VLAN assignment works abnormally under host based mode Handshake Perio...

Page 138: ... Step 5 Click Apply button to apply all the changes made End CAUTION 1 802 1X Authentication can not be enabled on the port with MAC authentication enabled 2 802 1X Authentication can not be enabled on port with port security enabled 3 802 1X Authentication can not be enabled on link aggregation port 9 2 4 Authorized Status Click Security 802 1X Authorized Status to display 802 1X Authorized Statu...

Page 139: ...connected Connecting Authenticating Authenticated Aborting Held ForceAuth or ForceUnauth Backend State Display one of the following options of backend status Request Response Success Fail Timeout Idle or Initialize Authorized Status Display the status of the control interface as Authorized or Unauthorized Authorized VLAN The assigned VLAN after successfully authenticated Check 801 X Authorized Sta...

Page 140: ...Logoff frames that have been received by Authenticator Req TX The total number of EAP Response frames other than Rq Id frames that have been transmitted by Authenticator Respld RX The total number of EAP Resp Id frames that have been received by Authenticator Resp Rx The total number of valid EAP Response frames other than Resp Id frames that have been received by Authenticator Invalid Rx The tota...

Page 141: ... interface Frames TX The number of frames that have been transmitted on the interface ID ID of the session Authentic Method The used authentication method Time The time that the session starts from passing 802 1X authentication to now in second TerminateCause The cause that the authenticated session terminates User Name The name of user who starts the authentication 9 2 7 Diagnostics Click Securit...

Page 142: ... AUTHENTICATING EapLogoffWhileAuthenticating Times of receiving message EAPOL Logoff of 802 1X status machine in AUTHENTICATING ReauthsWhileAuthenticated Times of receiving re authentication of 802 1X status machine in AUTHENTICATING EapStartsWhileAuthenticated Times of receiving message EAPOL Start of 802 1X status machine in AUTHENTICATING EapLogoffWhileAuthenticated Times of receiving message E...

Page 143: ...ybrid port and Access port joining VLAN with untagged method while it is not effective on other types of interface 3 All the users on the port will offline for authentication port property changed when a user configuring Guest VLAN For 802 1X authentication Only when the interface control mode is auto mode the Guest VLAN can take effect Click Security Guest VLAN the configuration page is displayed...

Page 144: ...isplay in Guest VLAN list End 9 4 Storm Suppression 9 4 1 Storm Control Use Storm Control page to configure multicast broadcast and unicast traffic control threshold Click Security Strom Suppression Storm Control the configuration page is displayed as follows Figure 9 16 Storm Control Table 9 12 Parameters of Storm Control Item Description Query Interval The query interval sets the time that the u...

Page 145: ...None No action Note The above three actions will be recorded in the log Upper Enter an upper limit threshold value when the specified data per second exceeds the value the storm control will be triggered the value ranges from 0 to 1488100 pps Lower Enter a lower limit threshold value when the data per second is lower than the value the storm control will be stopped the value ranges from 0 to 14881...

Page 146: ...unicast traffic control threshold The user can suppress the traffic storm by setting Drop Threshold Value and any packet exceeding the specified threshold will be dropped Click Security Storm Suppression Storm Suppression the configuration page is displayed as follows Figure 9 18 Storm Suppression Table 9 13 Parameters of Storm Suppression Item Description Interface Name Display interface number T...

Page 147: ...figure that switch drops the packet of exceeding the threshold value in Drop field Step 7 Click Apply button to apply all the changes made End CAUTION Storm Suppression cannot be enabled on link aggregation member port 9 5 Port Security Port security is a kind of security protection mechanism used to control the network access Port security can remember the Ethernet MAC address connected to the in...

Page 148: ...arn CurrentAddr MAC address that the interface learns currently Security Action Protect When the number of learned MAC address reaches the limitation number of interface the interface will drop the message whose source address is not included in MAC table Restrict When the number of the learned MAC address reaches the limitation number of interface the interface will drop the message whose source ...

Page 149: ...limitation number of interface the interface will drop the message whose source address is not included in MAC table and record it in the system log Shutdown When the number of the learned MAC address reaches the limitation number of interface the interface will execute Shutdown operation and record it in the system log Static Address Aging Enable or Disable static address aging Sticky Learning St...

Page 150: ...leted and become the untrusted address at once Aging Time Set the aging time of MAC address The value ranges from 1 to 1440 minutes The default is 0 which means always effective MaxsecureAddr Maximum number of MAC address that the interface can learn the value ranges from 1 to 1024 and the default is 128 Step 4 Enable or disable port security in Port Security Step 5 Click Apply button to apply all...

Page 151: ...he aging time is not configured secondly the aging time is configured and the type of aging time is absolute thirdly the aging time is configured and the type of aging time is inactivity and there is traffic of the security address If the aging time is not configured the security address will never be automatically deleted Create a Security Address Entry Step 1 Click Security Port Security Step 2 ...

Page 152: ...ty Address Table Import and Export to Import and Export security address information from switch the configuration page is displayed as follows Figure 9 24 Import and ExportAddress Table Import Security Address Step 1 Click Security Port Security Step 2 Click Address Table Import and Export in Tab Step 3 Click Browse button to select profile of security address table information that will store in...

Page 153: ...s Item Description Status Configure the global function of MAC address authentication Password Configure the password used to authenticate MAC address ranging from 1 to 16 characters User Name Configure the user name used to configure MAC address authentication using MAC address as user name is default ranging from 1 to 64 characters Max User When the number of access user reaches the configured l...

Page 154: ...ation on interface NOTE if enabling 802 1X on an interface with MAC based VLAN disabled VLAN assignment works abnormally under host based mode Aging Time During the specified period the user who passes the authentication will always remain the authentication passed status and the authenticator will return to authentication failed status after a designated time The value ranges from 1 to 1440 and t...

Page 155: ...based Aceess Control Step 2 Click Interface in Tab Step 3 Click the checkbox on the left side of interface with MAC authentication to be configured and then click Configure button the configuration page is displayed as follows Figure 9 27 Configure MAC Authentication for Interface Step 4 Enable MAC authentication in Status field Step 5 Click Apply button to apply all the changes made End 9 6 3 MAC...

Page 156: ...ked Authorized VLAN The MAC address is assigned VLAN after it is authenticated Aging Time Block Time Aging Time The time that the user who passes the authentication remaining authentication status Block Time The time that the user who fails the authentication requiring the authentication again 9 6 4 MAC Format Configure Click Security MAC based Aceess Control MAC Format Configure to configure the ...

Page 157: ...ers of Worm Prevent Item Description Enable Select whether to enable the worm prevent or not Virus Name The name of Virus Protocol Type The Protocol used by virus Destination Port The adopted destination port number when virus attack occurs Attack Statistics Display this virus attack statistics detected by the switch Operation Edit or delete the virus prevent option or clear the attacking statisti...

Page 158: ... Prevent DoS Attack Prevent the configuration page is displayed as follows Figure 9 32 DoSAttack Prevent Enable DoS Attack Prevent Step 1 Click Security Attack Prevent Configure Step 2 Click DoS Attack Prevent in Tab Step 3 To enable specific DoS Attack Prevent Click Enable check box on the left of the entry then click Apply button Enabled switch will prevent specific type of DoS attack End 9 8 DH...

Page 159: ...IP address from a legitimate DHCP server when DHCP Snooping is enabled on the switch user must set the state of the Ethernet interface that connects to DHCP server as trusted state And the trusted interface must in the same VLAN with the interface connected to DHCP client 9 8 2 Interface State Settings Click Security DHCP Snooping Interface State Settings the configuration page is displayed as fol...

Page 160: ...ws Figure 9 35 Interface State Settings Step 4 Select Enable in Status bar Step 5 Click Apply to apply the changes made End 9 8 3 Interface Trust Settings Click Security DHCP Snooping Interface Trust Settings the configuration page is displayed as follows Figure 9 36 Interface Trust Settings Table 9 25 Parameters of Interface Trust Settings Item Description Query Search the state settings of speci...

Page 161: ...e to be configured and then click Configure button the configuration page is displayed as follows Figure 9 37 Configure Interface Trust Settings Step 4 Select Trust Interface from Status field to configure switch trust DHCP Server message from the interface Step 5 Click Apply button to apply the changes made End CAUTION Interface with IPSG enabled can not be set to DHCP Snooping trusted 9 8 4 Inte...

Page 162: ...Give an alarm when the received DHCP renewal message exceeds alarm threshold Alarm Threshold The maximum threshold value of received renewal packets Chaddr Check Avoid attacking DHCP Server by changing the CHADDR value Chaddr Alarm Give an alarm when the received CHADDR value exceeds alarm threshold value Alarm Threshold The maximum threshold value where the message can be changed by received CHAD...

Page 163: ...he binding information on switch the configuration page is displayed as follows Figure 9 40 Binding Table Information Table 9 27 Parameters of Binding Table Information Item Description Interface Name Interface number belongs to host VLAN ID VLAN ID belongs to host IP Address Host IP address MAC Address Host MAC address Lease Time Host IP address lease time Import binding table Step 1 Click Securi...

Page 164: ...lete button on the lower right of the page choose the delete mode and input the specific parameter click the Delete button to apply End 9 9 IPSG IPSG IP Source Guard is a filtering technology based on IP MAC VLAN interface traffic which can prevent the LAN IP address from spoofing attacks The switch has an internal IP source binding table which sets as the testing standard for the received packets...

Page 165: ... address only MAC Match MAC address only VLAN MatchVLAN ID only IP MAC Match IP and MAC address IP VLAN Match IP and VLAN ID MAC VLAN Match MAC address and VLAN ID IP MAC VLAN Match IP address MAC address and VLAN ID CAUTION After IPSG enabled if the interfaces do not configure any binding table interface will prevent all IP packets IPSG don t support DHCP snooping trust port If DHCP snooping port...

Page 166: ...Matching Options Step 5 Click Apply button to apply the changes made End 9 9 2 Static Binding Table Click Security IPSG Static Binding Table to add IPSG binding table manually the configuration page is displayed as follows Figure 9 43 Static Binding Table Table 9 29 Parameters of Static Binding Table Item Description Query Search the static binding table information on the specified interface in I...

Page 167: ...ation of static binding table in the page Step 5 Click Apply button to apply the changes made End 9 9 3 One Key Bind One Key Bind is used to add IPSG binding entry in ARP table on switch Click Security IPSG One Key Bind the configuration page is displayed as follows Figure 9 45 One Key Bind Table 9 30 Parameters of One Key Bind Item Description Interface Name Interface Number VLAN ID Host VLAN ID ...

Page 168: ... Inspection is used to check the legality of received packet by using the DHCP snooping table and IPSG static ARP table The illegal ARP messages will be discarded Functions are as follows 1 Use DHCP snooping table and IPSG static table to create a credible real and safe ARP cache library for resisting ARP spoofing 2 The non trusted interface ARP responses will be blocked and matched to check if th...

Page 169: ...conds Manual Recovery Click Apply button to restore the closed interface manually Query Search DAI status information of specified VLAN in VLAN ID VLAN ID VLAN ID number Status DAI configuration status on VLAN Enable DAI of VLAN Step 1 Click Security DAI Step 2 Click Global Parameter in Tab Step 3 Click the checkbox on the left side of VLAN of DAI function to be enabled and then click Configure bu...

Page 170: ...mited Speed Status Whether to restrict the DHCP ARP message of distrusted interface Rate Conduct rate limits for ARP message If received ARP packets exceed this rate the switch will consider this interface is over speed i e attack At this point the switch will close the interface and no longer receive any messages to avoid it having the state of paralysis because of a large number of attacking pac...

Page 171: ...ttings the configuration page is displayed as follows Figure 9 50 Illegal Packet Settings Table 9 33 Parameters of Illegal Packet Settings Item Description Illegal Packet Discarded Enable Disable Illegal packet Discard If the switch receives message s source or destination MAC address with all illegal 0 it can perform this command and drop the illegal message Warning Illegal Packets Dropped Click ...

Page 172: ...Isolation cannot communicate directly other communications will not be affected Click Security Interface Isolation Two way Isolation the configuration page is displayed as follows Figure 9 51 Two way Isolation Table 9 34 Parameters of Two way Isolation Item Description Query Search the two way Isolation settings of specified interface in Interface Name Interface Name Interface number Status Enable...

Page 173: ...played as follows Figure 9 53 One way Isolation Table 9 35 Parameters of One way Isolation Item Description Query Search the one way Isolation settings of specified interface in Interface Name Interface Name Interface number Isolated Interface List Isolated or not isolated target interface Deny or allow the specified interface to send data packets to the target interface Set the parameters of One ...

Page 174: ... Certification to identify the user who requests to access the network Authorization to identify whether the client can access a particular service access Accounting to account the network data accessed by users AAA service needs RADIUS settings in network To configure AAA service on switch the user must follow the following general steps Configure the access parameters of RADIUS server Please ref...

Page 175: ...rotocol If using remote authentication server the user must set the related parameters for the authentication methods of RADIUS and group if there are multiple RADIUS servers the authentication order depends on the time of configuring server It will go to the next authentication server only when the current authentication server fails Users can choose from four methods of authentication none local...

Page 176: ...ethod only when the present authentication invalids The authentication options are as follow none access network without authentication local local authenticated by switch RADIUS authenticated by RADIUS server AAA Authentication Login Name Enter the name of access method list for switch access authentication Method 1 method 2 Method 3 Method 4 You can choose a variety of authentication methods but...

Page 177: ...ick Security AAA Step 2 Click Authentication Settings in Tab Step 3 Set the parameters in AAA Authentication Login section Step 4 Click Apply button to apply all the changes made Step 5 Click the check box of AAA Authentication Login list on left side and then click Active button to activate the authentication End 9 13 3 Accounting Settings Click Security AAA Accounting Settings the configuration ...

Page 178: ...ounting options are as follow none not necessary to account the data accessed by users group the switch will send accounting message to RADIUS server which is used to account the data accessed by users RADIUS the switch will send accounting packets to the RADIUS server which is used to account the data accessed by users Active Inactive Select a method list entry in switch access accounting list an...

Page 179: ...ues range from 1 to 16 NAS Port ID Format NAS Port ID format is extended attributes within Huawei and is used among Huawei devices for interoperability and business cooperation NAS Port ID has the new and old in two forms Depending on different configuration format there will be different forms of physical port where accessed user exists New Format slot XX subslot XX port XXX VLANID XXXX Slot rang...

Page 180: ...switch when there is no response in authentication server If setting the sever parameter as Re sent switch will take the re sent parameters in global configuration as server default configuration Values range from 1 to 5 Timeout Enter the time in seconds for which The switch will wait the server host to response certificate request If setting the sever parameter as Time out switch will take the re...

Page 181: ...ettings Item Description Group Server Name The RADIUS server group name IP Address RADIUS server IP address on server groups CAUTION All the RADIUS servers are default as RADIUS group the order of the server group is based on the creating time Add the RADIUS Group Server Step 1 Click Security RADIUS Step 2 Click RADIUS Group Server Settings in Tab Step 3 Enter the name to be added in Group Server ...

Page 182: ...ice authorization when user selecting dynamic service Click Security RADIUS RADIUS server Authorization Settings to set the prameters of RADIUS authorization sever Figure 9 62 RADIUS serverAuthorization Settings Table 9 42 Parameters of RADIUS serverAuthorization Settings Item Description IP address IP address of RADIUS authorization server Ack Reserved Interval Enter the response duration of ack ...

Page 183: ...DIUS server Acct port The accounting port number of RADIUS severs Parameter Round Trip Time Access Requests Access Rejects Access Challenges Acct Request Acct Response Retransmissions Malformed Response Bad Authenticators Pending Requests Timeouts Unknown Types Packets Dropped 9 15 SSL Settings Secure Sockets Layer SSL uses authentication digital signature and encryption to provide secure communic...

Page 184: ... Settings Select from the drop down menu to apply or remove the SSL certificate Select the None from drop down menu will remove the application of certificate file CAUTION Files download tips Note the order of downloading files The certificate file must be downloaded firstly and then the key file The subsequent certificate file cannot continue download after the first certificate file downloaded a...

Page 185: ... SNMP agent and used to manage the device These objects are defined in a Management Information Base MIB which provides a standard presentation of the information controlled by the on board SNMP agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network This switch supports the SNMP versions 1 2c and 3 The three versions of SNMP v...

Page 186: ...tally turned OFF the Switch or less serious like a port status change The Switch generates traps and sends them to the trap recipient or network manager Typical traps include trap messages for Authentication Failure Topology Change and Broadcast Multicast Storm MIB The Switch in the Management Information Base MIB stores management and counter information The Switch uses the standard MIB II Manage...

Page 187: ...tep 3 Select the Enable in SNMP Status field to enable SNMP Global Settings Step 4 Click Apply button to apply all the changes made End 10 1 2 View Click Network SNMP View to set the SNMP view information the configuration page is displayed as follows Figure 10 2 View Table 10 2 Parameters of View Item Description View Name Up to 32 characters used to define a SNMP view Subtree The object identifi...

Page 188: ...p 5 Select Included from View Type list Step 6 Click Apply button to apply all the changes made End 10 1 3 SNMP Community In this configuration page you can create a SNMP community string to define the relationship between SNMP manager and agent Community string acts as a password used to access the proxy of switch Click Network SNMP SNMP Community the configuration page is displayed as follows Fi...

Page 189: ... ID If it is not specified which means it is not controlled by ACL Create a SNMP Community Step 1 Click Network SNMP Step 2 Click SNMP Community in Tab and click New button to add a SNMP community the configuration page is displayed as follows Figure 10 5 Create a SNMP Community Step 3 Enter a user defined community name in Community Name field such as comaccess Step 4 Enter the view name created ...

Page 190: ...e used SNMPv3 provides secure access for equipment by authenticating and encrypting the packets on the network Security Level NoAuthNoPriv Specify NoAuthNoPriv security level which means the authentication and the encryption is not required by the packet between the specified switch and the remote SNMP manager AuthNoPriv Specify AuthNoPriv security level which means only the authentication is requ...

Page 191: ...encryption from Security Level list Step 6 Enter group name in Community String SNMPv3 User Name field Step 7 Click Apply button to apply all the changes made End 10 1 5 SNMP Group Create a SNMP group and user belong to SNMP group to create in the SNMP users table you can view or set the specified view These views must be created in SNMP View Click Network SNMP SNMP Group the configuration page is...

Page 192: ...ot required by the packet between the specified switch and the remote SNMP manager AuthNoPriv specify AuthNoPriv security level which means only the authentication is required by the packet between the specified switch and the remote SNMP manager AuthPriv specify AuthPriv security level which means the authentication and the encryption are both required by the packet between the specified switch a...

Page 193: ...NMP User the configuration page is displayed as follows Figure 10 10 SNMP User Table 10 6 Parameters of SNMP User Item Description User name User name up to 32 characters is used to identify the SNMP user Engine ID SNMP engine ID is the unique identifier to identify SNMP V3 and it is used to identify the SNMP entity of switch on network Group Name The SNMP group name that the user belongs to Secur...

Page 194: ...ng a SNMP User Item Description User Name User name up to 32 characters is used to identify the SNMP user Group Name The SNMP group name that the user belongs to SNMP Version Specify SNMPv3 that will be used SNMP V3 Encryption None Indicates do not use the authentication protocol Password Usie password for authentication and encryption Password Authentication algorithm Select the authentication pr...

Page 195: ...ed as follows Figure 10 12 SNMP Trap Settings Table 10 8 Parameters of SNMP Trap Settings Item Description SNMP Trap Enable disable the global SNMP Trap function SNMP Authentication Trap The system sends SNMP notification while t detects SNMP Authentication Trap SNMP Link Change Trap The system sends SNMP notification while detects link changing SNMP Warm Start Trap The system sends SNMP notificat...

Page 196: ...s follows Figure 10 13 Configure SNMP Link Change Trap Step 5 Select Enable from Status list Step 6 Click Apply button to apply all the changes made End 10 2 RMON RMON Remote Monitoring is the monitoring specification of IETF Internet Engineering Task Force Internet Engineering Task Force standard which allows various network monitors and console systems to exchange network monitoring data RMON pr...

Page 197: ...on includes the count of conflicts CRC checksum error packets too small or large data packets broadcast multicast packets number of bytes received and packets received Use Network RMON Statistics to view the statistics information of ROMN group configured on the switch the configuration page is displayed as follows Figure 10 14 Statistic Table 10 9 Parameters of Statistic Item Description Data Sou...

Page 198: ...click Detail Info button to view the detail information the configuration page is displayed as follows Figure 10 16 Details of Statistic End 10 2 2 History History group provides periodic statistics for different traffic information across the interface and store the statistics in the history table in order to be viewed by management equipment at any time Statistics include bandwidth utilization e...

Page 199: ...ecify the maximum entry count of history for storing sampled data each time If the history is full the new sampled data will replace the oldest one The range of this value is 1 8 and default value is 8 Interval Specify sampling interval in seconds within 1 3600 seconds The default value is 1800 seconds Create a RMON History Group Step 1 Click Network RMON Step 2 Click History in Tab and click New ...

Page 200: ...ory list and click Detail Info button to view the information the configuration page is displayed as follows Figure 10 19 Details of History End 10 2 3 Alarm RMON alarm management specifies alarm variables such as the total number of packets received by the interface for monitoring When user defines alarm entry the system will follow the defined period to obtain the value of the monitored alarm va...

Page 201: ...t Absolute Test the actual MIB values Startup Alarm Alarm state Rising Threshold Rising threshold generated by alarm events Value ranges from 0 2147483647 Rising Event Index Specify the entries that defined in the event group Falling Threshold Falling threshold generated by alarm events Value ranges from 0 2147483647 Falling Event Index Specify the entries defined in the event group Owner Create t...

Page 202: ...12 Parameters of Event Item Description Entry Number of event group entries Description Description of event group Event Type None do not choose the event type Log Records the event information the time and the contents of event etc into the device event log table in RMON MIB in order to be viewed by the management device through SNMP GET operation Trap Sends a Trap message to network management s...

Page 203: ...within the local broadcast domain LLDP is a layer 2 protocol that to send device information by periodic broadcast announcement Notice information records events in the format of length value TLV in IEEE 802 1ab standard including device identification load capacity configuration information and other details LLDP also defines how to collect the maintain information of the found neighbor node 10 3...

Page 204: ...ue Configure the delay time from the LLDP interface disconnected to shut down or before re initialize the link the value range is 1 10 seconds the default is 2 seconds When a LLDP interface is re initializing the remote system LLDP MIB associated with this interface will be deleted Transmission Delay Configure the interval between the continuous sending notices which is caused by the change of LLD...

Page 205: ...tification Whether the interface will send SNMP Trap information Admin Status Configure the Send and Receive mode of LLDP protocol data unit The options are send only receive only send and receive and disable IPv4 IPv6 Address Management address of interface Configure the basic parameters of the interface Step 1 Click Network LLDP Step 2 Click Port Settings in Tab Step 3 Select the check box at th...

Page 206: ...ddress Management Table 10 15 Parameters ofAddress Management Item Description Query Search the address management settings based on specified conditions Subtype Management addresses type IPv4 or IPv6 address Address Management addresses IF Type The corresponding type for this interface OID The corresponding OID of address Notification port List Specify the notification port list 10 3 4 The Basis ...

Page 207: ...ription of distribution system System descriptions include the hardware type of system operating system version information of network software and full name System Capabilities Whether to publish system capabilities System capabilities include main function of system and enabled items Configure parameters of basic TLVs for interface Step 1 Click Network LLDP Step 2 Click the Basis of TLVs in tab ...

Page 208: ...face Port VLAN ID VLAN Name State Whether to publish the VLAN name on interface VID VLAN ID of the interface Protocol Identity State Whether to publish the protocol identifier state of interface Protocol Identity The protocol accessed through this interface Configure parameters of Dot1 TLVs for interface Step 1 Click Network LLDP Step 2 Click Dot1 TLVs in tab Step 3 Click the check box on the left...

Page 209: ...ation status of interface MAC PHY configuration status is the speed and duplex state that supported by interfaces whether to support the interface speed auto negotiation whether to enable auto negotiation and the current speed and duplex status POE Whether to publish the interface POE POE refers to the power supply through interface Link Aggregation Whether to publish the link aggregation interfac...

Page 210: ...m Statistics Click Network LLDP System Statistics to display LLDP information receiving and sending from local interface the configuration page is displayed as follows Figure 10 34 System Statistic Table 10 19 Parameters of System Statistic Item Description Query Search the system statistics of specified interface in Interface Name Interface Name Interface number Total Transmission Frame Total num...

Page 211: ...er of times that the neighbor information belonging to the MIB of the LLDP remote system is deleted The deletion action is triggered by the remote TTL time out Clear Count Click this button to clear statistics 10 3 8 Local Click Network LLDP Local to display Local information of switch the configuration page is displayed as follows Figure 10 35 LLDP Local Interface Table 10 20 Parameter of LLDP Lo...

Page 212: ...ocal Interface End 10 3 9 Remote Click Network LLDP Remote to display LLDP advertisement of the device which connecting to an interface of switch or the basic information of the device which supports LLDP the configuration page is displayed as follows Figure 10 37 Remote Table 10 21 Parameters of Remote Item Description Query Search the remote information of specified interface in Interface Name E...

Page 213: ...Global Configuration the configuration page is displayed as follows Figure 10 38 Global Configuration Table 10 22 Parameters of Global Configuration Item Description LLDP MED Log State Enable Disable LLDP MED log state Fast Start Repeat Count Times of Fast Start Repeat LLDP MED System Information Device Class Device type of the switch Hardware Revision Switch hardware version Firmware Revision Fir...

Page 214: ...n Interface Name Interface Name Interface number Topology Change Notification Status Whether to change the topology of notification interface LLDP MED Capability TLV LLDP MED TLV type that supported by switch LLDP MED Network Policy TLV The VLAN type VLAN ID and the priority that associated with L2 and L3 applications of the switch interface LLDP MED Inventory TLV The switch inventory information ...

Page 215: ... button to apply all the changes made End 10 4 3 Local Click Network LLDP MED Local the configuration page is displayed as follows Figure 10 41 Local Table 10 24 Parameters of Local Item Description Query Search the local information of specified interface in Interface Name LLDP MED Capabilities Support Capabilities The LLDP MED TLV type supported by switch Network Policy The VLAN type VLAN ID and...

Page 216: ...L3 applications of the switch interface 10 4 4 Remote Interface Information Click Network LLDP MED Remote Interface Information the configuration page is displayed as follows Figure 10 42 Remote Interface Information Table 10 25 Parameters of Remote Interface Information Item Description Query Search the remote information of specified interface in Interface Name Entry ID LLDP MED information entr...

Page 217: ...on of system to user to realize the maintenance and management of physical device status and communicating state Device management provides the following functions 11 1 Device Management 11 2 Device Diagnostics 11 3 DDM 11 4 Information Center 11 5 Power Saving Management 11 6 Interface Mirror 11 7 Tools 11 1 Device Management 11 1 1 Board Status Click Device Management Device Management Board Sta...

Page 218: ...n of switch the configuration page is displayed as Figure 11 2 Figure 11 2 E label 11 2 Device Diagnostics Use Device Diagnostics to test the interfaces and cables of the switch 11 2 1 Interface Loopback Test Interface Loop back Test is a very normal test If the interface receives a message which is sent by itself it means that there is loop back on the interface This test is used to diagnose and ...

Page 219: ...gnostics Table 11 2 Parameters of VCT Cable Diagnostics Item Description Interface Name Name of Ethernet port Type Display the Ethernet connection type on interface Connect Status Display connection status on interface Diagnostic Result Display VCT diagnosis result on Interface Diagnose Status Display whether the interface will implement VCT diagnosis NOTE 1 The cable diagnosis results relate to c...

Page 220: ...mation Center The information center is an information hub of the system which can classify and manage all the systematic information The information center provides network manager and developer the ability of monitoring work conditions of network and diagnosing network failure through the combination with debug program debugging commands 11 4 1 Parameter Settings User can configure classificatio...

Page 221: ...ller the value level of system information the higher the degree of urgency should be For the detailed severity level please refer to 11 4 Severity Level List Device Select a device that sends out the system information Source IP Interface Select source IP interface of device used to send system information Log File Write Delay Refers to the interval used to save FLASH If the interval is 0 means u...

Page 222: ...mation 2 Set 7 as the value of severity level the system will output all the information 11 4 2 Log Information View the system log in Log Information page according to the requirements Click Device Management Information Center Log Information the configuration page is displayed as follows Figure 11 7 Log Information Table 11 5 Parameters of Log Information Item Description Query Search the quali...

Page 223: ...le 11 6 Parameters of Power Saving Management Item Description Power Saving Select Enable to enable the function of power saving The default setting is Disable EEE The switch supports power saving standard of IEEE 802 3az Select Enable to enable the power saving function of EEE The default setting is Disable CAUTION S1700 28FR 2T2P AC S1700 52FR 2T2P AC does not support EEE function so there is no...

Page 224: ...interface to be imaged from the interface list Press Ctrl or Shift to select multiple source interfaces the destination interface can only be one all the source and destination interfaces can support Eth Trunk Click Add or Apply button after finished Interface mirror can support Eth Trunk but the trunk member cannot be configured independently The interface will recover original attribute after it...

Page 225: ...tion page is displayed as follows Figure 11 10 Ping Test Table 11 8 Parameters of IPv4 Ping Test Item Description Target IP Address Enter IP address which needs to do Ping test Ping Times Select times of Ping test the default is Infinite Timeout Enter the timeout of ping test If the target IP does not respond to Ping test after the designated time the test will be canceled and will send the next t...

Page 226: ...ss which needs to do Tracert test TTL Enter the lifetime of IP packets Tracert determines the route by incrementing the TTL value by 1 on each subsequent transmission until the target responds or reaches the maximum TTL value Timeout Enter the maximum response time of Tracert test The test ignores the responding from the target if the value is exceeded then sends out the next testing message Probe...

Page 227: ... Confidential Copyright Huawei Technologies Co Ltd 217 11 7 3 One Key Information Download Config Log and Error message of system in text file to local hard disk on One Key Information page Click Device Management Tools One Key Information the configuration page is displayed as follows Figure 11 12 One Key Information ...

Page 228: ...r Manual 12 Save Running config Issue 05 2012 10 25 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 218 12 Save Running config Click Save Running config menu to save the current configuration of switch in configuration file ...

Reviews:

No comments