Home
/
i3 International
/
Cortex S243
/
User Manual

i3 International Cortex S243, User Manual

Share

Page: 34 / 204

i3 International Cortex S243 User Manual Download Page 34

33

Security Privilege Level

The page provides an overview of the privilege levels. The switch provides user set Account, Aggregation,  Diagnostics,
EEE,  GARP,  GVRP, IP,  IPMC,  Snooping,  LACP,  LLDP,  LLDP  MED,  MAC Table,  MRP, MVR,  MVRP, Maintenance,  Mirroring,  POE,
Ports,  Private VLANs,  QoS,  SMTP,  SNMP,  Security,  Spanning Tree,  System Trap,  Event, VCL, VLANs, Voice, and  VLAN
Privilege levels  from 1 to 15.
To configure Security User Privilege Level in the web interface:



Click Configuration / Security / Switch / Privilege Levels.



Select the Privilege parameter.



Click Apply and click the Save icon in the upper right cornerto save the settings or click Reset to cancel. The Form
will return to the previously saved settings.

Security Privilege Level Parameters:

Items

Description

Group Name

The name identifying the privilege group. In most cases, a privilege level group  consists of
a single module (e.g. LACP, RSTP or QoS), but they may contain more than one. The following
description defines these privilege level groups in  detail:
System: Contact, Name, Location, Timezone, Daylight Saving Time, Log.
Security: Authentication, System Access Management, Port (contains Dot1x port, MAC based
and the MAC Address Limit), ACL, HTTPS,  SSH, ARP Inspection, IP  source guard.
IP: Everything except 'ping'.
Port: Everything except 'VeriPHY'.
Diagnostics: 'ping' and 'VeriPHY'.
Maintenance: CLI-  System Reboot,  System  Restore Default, System Password,
Configuration Save, Configuration Load and Firmware Load, Web- Users, Privilege  Levels and
everything in Maintenance.
Debug: Only present in CLI.

Privilege Levels

Every group has an authorization Privilege  level  for  the  following  sub  groups:
configuration read-only, configuration/execute read-write, status/statistics  read-only,  and
status/statistics  read-write  (e.g.  for  clearing  of  statistics).  User Privilege should be same or
greater than the authorization Privilege level to have the access to that group.

«
...
32
33
34
35
36
...
»

Summary of Contents for Cortex S243

Page 1: ...com 1 866 840 0004 CANADA 780 Birchmount Road Unit 16 Scarborough ON M1K5H4 U S A 4450 Witmer Industrial Estates Unit 4 Niagara Falls NY 14305 Rev 170215 S243 USER MANUAL PoE Managed Switch for video surveillance networks ...

Page 2: ...been tested and found to comply with limits for a Class A digital device pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates and radiates radio frequency energy and if not installed and used in accordance with the user s manual it may cause interf...

Page 3: ...r 13 Making Network Connections 14 1000BASE T Cable Requirements 14 Cable labelling and Connection Records 15 Troubleshooting 15 Troubleshooting Chart 16 Power and cooling problems 16 In Band Access 16 Chapter 3 WEB MANAGEMENT 17 Switch Configuration 17 System Configuration 18 System Information 18 IP ADDRESS 19 Network Time Protocol NTP 21 Time 21 Log 23 Green Ethernet 24 Ports Configuration 25 T...

Page 4: ...54 ACL Ports 54 ACL Rate Limiters 55 Access Control List 56 IP Source Guard Configuration 58 Static Table 59 ARP Inspection 59 VLAN Configuration 61 Static ARP Inspection Table 61 Dynamic ARP Inspection Table 62 Authentication Authorization and Accounting AAA 63 RADIUS 63 AAA TACACS 65 AGGREGATION 66 Static Trucking 66 LACP 67 Loop Protection 68 Spanning Tree 69 Bridge Setting 70 Spanning Tree MST...

Page 5: ...e VLAN Port Isolation 102 MAC Based VLAN VCL 103 Protocol based VLAN 104 Protocol to Group 104 Group to VLAN 105 IP Subnet based VLAN 106 VOICE VLAN 107 OUI 108 QoS 109 QoS Port Classification 109 QoS Port Policing 110 Qos Port Schedulers 111 QoS Port Shaping 113 QoS Port Tag Remarking 115 QoS Port DSCP 117 DSCP Based QoS 118 QoS DSCP Translation 118 QoS DSCP Classification 119 QoS Control List Co...

Page 6: ...ormation 140 DHCP 141 DHCP Server 141 DHCP Statistics 141 DHCP Server Binding IP 142 DHCP Server Declined IP 143 Dynamic DHCP Snooping Table 143 DHCP Relay Statistics 143 DHCP Detailed Statistics 145 Security 146 Access management Statistics 146 Network Port Security Switch 146 Port Security 148 NAS Switch Status 149 NAS Port Status 149 ACL Status 150 ARP Inspection 151 IP Source Guard 152 AAA RAD...

Page 7: ...169 MLD Snooping 170 MLD Snooping Group Information 171 IPv6 SFM Information 172 LLDP 173 Neighbor 173 LLDP MED Neighbor 174 LLDP PoE 176 LLDP EEE 176 LLDP Port Statistics 177 LLDP PoE Statistics 179 MAC Table 180 VLANS 181 VLAN Membership 181 VLAN PORT Status 182 VCL 183 MAC based VLAN 183 Protocol based VLAN Protocol to Group 184 Group to VLAN 185 IP Subnet based VLAN 185 sFlow 186 Chapter 5 Dia...

Page 8: ...er Report 195 Chapter 7 Device Management System DMS 196 Management Error Bookmark not defined DMS Mode Error Bookmark not defined Management Device List 197 DMS Graphic Monitoring 198 Topology View 198 Floor View 199 Map View 200 DMS Maintenance 201 Floor Image 201 Diagnostics Trouble Shooting 202 Traffic Monitor 203 ...

Page 9: ...ure 0 to 45 32 to 113 F Storage Temperature 20 to 70 C 4 to 158 F Humidity 10 to 90 RH non condensing Mechanism Dimensions 442 x 211x 44 mm L x W x H 17 x 8 x 1 inches Weight 3 3 Kg 7 3 lbs Power Supply AC input 100 240VAC 50 60Hz Maximum Power Consumption 521 Watts PoE power included Certifications CE FCC Part 15 Class A UL Layer 2 Management Features Spanning Tree Protocol STP Standard Spanning ...

Page 10: ...ent GUI in the switch IEEE 802 1X IEEE802 1X RADIUS authentication authorization and accounting MD5 hash guest VLAN single multiple host mode and single multiple sessions Supports IGMP RADIUS based 802 1X Dynamic VLAN assignment Layer 2 Isolation Private VLAN Edge PVE also known as protected ports provides L2 isolation between clients in the same VLAN Supports multiple uplinks Port Security Locks ...

Page 11: ...ry standard for monitoring high speed switched networks It gives complete visibility into the use of networks enabling performance optimization accounting billing for usage and defense against security threats IEEE 802 1ab LLDP Used by network devices for advertising their identities capabilities and neighbors on an IEEE 802ab local area network Support LLDP MED extensions Web GUI Interface Built ...

Page 12: ...stalation please verify that your package contains the following items 24 port S243 PoE Switch One AC Power Cord One User s Manual CD disk One QSG Quick Start Guide hard copy Mounting Ear Brackets for 19 Rack Shelf 2 Rubber Feet 4 DB 9 Cable ...

Page 13: ...n Link ACT Speed Green Blink Connection is 1Gbps Amber Blink Connection is 10 100Mbps PoE Solid Green PoE ON Rear Panel The 3 pronged power plug is placed at the rear panel of the PoE Web Smart Switch right side as shown below Connecting Power The AC power cord shipped with the device connects the device to earth ground when plugged into an AC grounding type power outlet The device must be connect...

Page 14: ...ransceiver Types SFP LC 1000Base SX GE SFP Fiber Module LC Multi Mode 850nm SFP LCM2 1000Base SX GE SFP Fiber Module LC Multi Mode 1310nm 2km SFP LC S10 1000Base SX GE SFP Fiber Module LC Single Mode 10km SFP LC S30 1000Base SX GE SFP Fiber Module LC Single Mode 30km SFP LC S50 1000Base SX GE SFP Fiber Module LC Single Mode 50km SFP L5 S50 1000Base SX GE SFP Fiber Module LC Single Mode 50km SFP BL...

Page 15: ...green 1000 Mbps or amber 100Mbps to indicate that the connection is valid The punch down block is an integral part of many of the newer equipment racks It is actually part of the patch panel Instructions for making connections in the wiring closet with this type of equipment follows Attach one end of a patch cable to an available port on the switch and the other end to the patch panel If not alrea...

Page 16: ...maximum cable length supported by the switch ports For ease of understanding use a location based key when assigning prefixes to your cable labeling Use sequential numbers for cables that originate from the same device Differentiate between racks by naming accordingly Label each separate piece of equipment Display a copy of your equipment map including keys to all abbreviations at each equipment r...

Page 17: ...s length does not exceed specified limits Check the adapter on the attacked device and cable connections for possible defects Replace the defective adapter or cable if necessary Slow file transfer or there is performance degradation Make sure that the attached device is set to auto negotiate Both the port and the device must be on the same setting Auto Half or Full Duplex Power and cooling problem...

Page 18: ...h is easily configured and monitoed through any one port Start up by the following steps 1 Place the switch close to your PC Laptop that you intend to use for configuration It will help you to check the status of the switch by LED in front panel while working on your PC Laptop 2 Connect the Ethernet port of your PC Laptop to any port on the front panel of the switch Turn the switch on and make sur...

Page 19: ...Information Configuration Parameters Items Description System Contact The textual identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 to 128 and the allowed content is the ASCII characters from 32 to 126 System Name An administratively assigned name for this managed node By convention this is the node s f...

Page 20: ...re the switch managed IP information on this page Configure IP basic settings control IP interfaces and IP routes The maximum number of interfaces supported is 8 and the maximum number of routes is 32 To configure an IP address in the web interface Click Configuration System IP Click Add Interface then create new interface on the switch Click Add Route then you can create new Route on the switch C...

Page 21: ...the interface in dotted decimal notation If DHCP is enabled this field is not used The field may also be left blank if IPv4 operation on the interface is not desired IPv4 mask The IPv4 network mask in number of bits prefix length Valid values are between 0 and 30 bits for an IPv4 address If DHCP is enabled this field is not used The field may also be left blank if IPv4 operation on the interface i...

Page 22: ...e the settings or click Reset to cancel The Form will return to the previously saved settings NTP Configuration Parameters Items Description Mode Indicates the NTP mode operation Possible modes are Enabled Enable NTP client mode operation Disabled Disable NTP client mode operation Server 1 to 5 Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit represented as eight fiel...

Page 23: ...re are two modes for configuring the Clock Source Select Use Local Settings The Clock Source from Local Time Select Use NTP Server The Clock will Source from NTP Server System Date Show the current time of the system The year of system date limits between 2011 and 2037 ...

Page 24: ...e number of minutes to add during Daylight SavingTime Range 1 to 1440 Log The Log collects and stores the program messages It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them It can be used as an effective tool for system analysis and debugging It is supported by a wide variety of devices and receivers across...

Page 25: ...nable EEE When a port is powered down for saving power outgoing traffic is stored in a buffer until the port is powered up again Because there is some overhead in powering the port up and down more power can be saved if the traffic can be buffered until a large burst of traffic can be transmitted Buffering traffic will give some latency in the traffic To Configure a Port Power Saving in the web in...

Page 26: ...ion describes how to configure the Port detail parameters of the switch This includes enabling and disabling the ports of the switch as well as monitoring the ports content and status The Ports This page displays the current port configurations as well as allowing management of those configurations To configure the Current Port configuration in the web interface Click Configuration Ports Configura...

Page 27: ...s the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx andTx settings are determined by the result of the last Auto Negotiation Maximum Frame Size Enter the m...

Page 28: ...ir own DHCP servers to the network DHCP Server Mode This page configures global mode and VLAN mode to enable disable DHCP server per system and per VLAN To configure DHCP server mode in the web interface Click Configuration DHCP Server Mode Select Enabled in the Global Mode of DHCP Server Mode Configuration Click Add VLAN range click to enable then enter the VLAN Range Click Apply and click the Sa...

Page 29: ...onfiguration page Mode Configure the operation mode per VLAN Possible modes are Enabled Enable DHCP server per VLAN Disabled Disable DHCP server per VLAN DHCP Server Excluded IP This page configures excluded IP addresses The DHCP server will not allocate these excluded IP addresses to DHCP clients To configure the DHCP Server Excluded IP in the web interface Click Configuration DHCP Server Exclude...

Page 30: ...ew pool with default configuration If you want to configure all settings including type IP subnet mask and lease time you can click the pool name to go into the configuration page Name Configure the pool name that accepts all printable characters except white space Click the pool name to configure the detail settings of the pool Type Display which type the pool is Network The pool defines a pool o...

Page 31: ...e forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted source of the DHCP messages Untrusted Configures the port as untrusted source of the DHCP messages DHCP Relay A DHCP relay agent is used to forward and ...

Page 32: ...sible modes are Enabled Enable DHCP relay information mode operation When DHCP relay information mode operation is enabled the agent inserts specific information option 82 into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client It only works when DHCP relay operation mode is enabled Disabled Disable DHCP relay information mode operatio...

Page 33: ...assword The allowed string length is 0 to 255 and the allowed content are the ASCII characters Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But other values need to refer to each group privilege level User s privilege should be same or greater than the gro...

Page 34: ...oup consists of a single module e g LACP RSTP or QoS but they may contain more than one The following description defines these privilege level groups in detail System Contact Name Location Timezone Daylight Saving Time Log Security Authentication SystemAccess Management Port containsDot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection IP source guard IP Everything except pi...

Page 35: ...ication Methods that involve remote servers are timed out if the remote servers are offline In this case the next method is tried Each method is tried from left to right and continues until a method either approves or rejects a user If a remote server is used for primary authentication it is recommended to configure secondary authentication as local This will enable the management client to login ...

Page 36: ...the transfer of information between SNMP manager and agent and traverses the Object Identity OID of the management Information Base MIB described in the form of SMI syntax An SNMP agent is running on the switch to respond to the request issued by SNMP manager Basically it is passive except issuing the trap information The switch supports a switch to turn on or off the SNMP agent If you set the fie...

Page 37: ...on is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a particular range of source addresses can be used to restrict source subnet Engine ID Indicates the SNMPv3 engine ID The string must contain an even ...

Page 38: ...re not allowed the first character must be an alpha character and the first and last characters must not be a dot or a dash Indicates the SNMP trap destination IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shortha...

Page 39: ... upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings SNMP TRAP Configuration Parameters Items Description Delete Check to delete the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII cha...

Page 40: ...ing length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exists That means it is...

Page 41: ...the Delete check box to delete a group Click Add New Entry to open the SNMP Group Configuration page to create a new Group Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings SNMP Groups Configuration Parameters Items Description Delete Check to delete the entry It will be deleted during t...

Page 42: ...s the view type that this entry should belong to Possible view types are Included An optional flag to indicate that this view subtree should be included Excluded An optional flag to indicate that this view subtree should be excluded In general if a view entry s view type is excluded there should be another view entry existing with view type as included and its OID subtree should overstep the exclu...

Page 43: ...eserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View name The name of the MIB view defining the MIB objects for which this request may request the current va...

Page 44: ...ges 1 Warning Warning conditions 2 Error Error conditions Syslog Enable Select this Group Name in Syslog Trap Enable Select this Group Name in Trap SMTP Enable Select this Group name in SMTP RMON An RMON implementation typically operates in a client server model monitoring devices that contain RMON software agents that collect information and analyze packets These probes act as servers and the Net...

Page 45: ...ta The range is from 1 to 3600 default value is 1800 seconds Buckets Indicates the maximum data entries associated this History control entry stored in RMON The range is from 1 to 3600 default value is 50 Buckets Granted The number of data shall be saved in the RMON RMON History Configure RMON History table on this page The entry index key is ID To display the RMON History Configuration in the web...

Page 46: ...elete Click to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold The range is from 1 to 2 31 1 Variable Indicates the particular variable to be sampled the possible variables are InOctets The total number of octets received o...

Page 47: ...ck Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings RMON Event Configuration Parameters Items Description Delete Click to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is fr...

Page 48: ...addresses are subject to aging as discussed underAging Period Aging Period If Aging Enabled is checked then the aging period is controlled with this input If other modules are using the underlying port security for securing MAC addresses they may have other requirements to the aging period The underlying port security will use the shorter requested aging period of all modules that use the function...

Page 49: ...shut down There are three ways to re open port 1 Boot the switch 2 Disable and re enable Limit Control on the Port or the switch 3 Click the reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes ...

Page 50: ...ant is no longer attached For MAC based ports re authentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port seeAging Period below Re Authenication Period Determines the period in seconds after which a connected client must be Re Authenticated Th...

Page 51: ...ich traffic coming from a successfully authenticated supplicant is assigned on the switch The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned QoS Enabled below for a detailed description The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned QoS Class functionality ...

Page 52: ...henticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a s...

Page 53: ...supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames in...

Page 54: ... set to VLAN ordinal 13 Value of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 Guest VLAN Enabled When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN acco...

Page 55: ...nd thereby a re authentication immediately The clients will transfer to the unauthorized state while the re authentication is in progress Access Control List ACL The S243 switch access control list ACL is probably the most commonly used object in the IOS It is used for packet filtering but also for selecting types of traffic to be analyzed forwarded or influenced in some way The ACLs are divided i...

Page 56: ...t logged Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The allowed values are Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disabled To close ...

Page 57: ...utting down a port This page shows the Access Control List ACL which is made up of the ACEs defined on this switch Each row describes the ACE that is defined The maximum number of ACEs is 256 on each switch Click on the lowest plus sign to add a new ACE to the list The reserved ACEs used for internal protocol cannot be edited or deleted the order sequence cannot be changed the priority is highest ...

Page 58: ...tion of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port copy operation is disabled Logging Indicates the logging operation of the ACE Possible values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Shutdown Indicates the port s...

Page 59: ...ed in the Mode field Select Enabled for the specific port number Select the Maximum Dynamic Clients 0 1 2 unlimited for the specific port number Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings Access Control List Configuration Parameters Items Description Mode of IP Source Guard Config...

Page 60: ...ll be deleted during the next save Port The logical port for the settings VLAN ID The VLAN id for the settings IP address Allowed Source MAC address Mac Address Allowed Source MAC address Adding new entry Click to add a new entry to the Static IP Source Guard table Specify the Port VLAN ID IP address and IP Mask for the new entry Click Save ARP Inspection This section describes how to configure th...

Page 61: ... setting of Check VLAN The default setting of Check VLAN is disabled When the setting of Check VLAN is disabled the log type ofARP Inspection will refer to the port setting And the setting of Check VLAN is enabled the log type ofARP Inspection will refer to the VLAN setting Possible setting of Check VLAN are Enabled Enable check VLAN operation Disabled Disable check VLAN operation Only the Global ...

Page 62: ...meters Items Description VLAN Mode Configuration First the VLANS must have ARP Inspection enabled on the ARP inspection Only when both Global Mode and Port Mode on a given port are enable on the ARP page is ARP Inspection is enabled on this given port Then you can specify which VLAN will be inspected on VLAN mode configuration web page The log type also can be configured on per VLAN setting Possib...

Page 63: ...per page input field The Start from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the DynamicARP Inspection Table Clicking the button will update the displayed table starting from that or the closest next DynamicARP Inspection Table match In addition the two input fields will upon a button click assume the value of the first displayed entr...

Page 64: ...entication Authorization and Accounting server to provide access control to your network The AAA server can be a TACACS or RADIUS server to create and manage objects that contain settings for usingAAA servers RADIUS To configure a common AAA Radius in the web interface Click Configuration Security AAA Radius Enter the desired Global Configuration parameters Click Add New Server to Create a new ser...

Page 65: ...t This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Deadtime to a value greater than 0 zero will enable this feature but only if more than one server has been configured Key The secret key up to 63 characters long shared between the RADIUS server and the switch NAS IP Addess attribute 4 The IPv4 address to be used as attribute ...

Page 66: ...retransmit value Leaving it blank will use the global retransmit value Key This optional setting overrides the global key Leaving it blank will use the global key Adding a new server Click to add a new RADIUS server An empty row is added to the table and the RADIUS server can be configured as needed Up to 5 servers are supported The button can be used to undo the addition of the new server AAA TAC...

Page 67: ...ck to add a new TACACS server An empty row is added to the table and the TACACS server can be configured as needed Up to 5 servers are supported The button can be used to undo the addition of the new server AGGREGATION The Aggregation is used to configure the settings of Link Aggregation More than one port can be bundled with the same speed full duplex and the same MAC to be a single logical port ...

Page 68: ... Configuration Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Memebers Each switch port is listed for eachgroup ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregat...

Page 69: ... seconds before sending a LACP packet Prio The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower number means greater priority Loop Protection The loop Protection is used to detect the presence of traffic When the switch r...

Page 70: ...s whether the port is actively generating loop protection PDU s or whether it is just passively looking for looped PDU s Spanning Tree The Spanning Tree Protocol STP can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STP compliant switch bridge or router in the net...

Page 71: ...e bridge assumes that the link to the Root Bridge is down This bridge will then initiate negotiations with other bridges to reconfigure the network to reestablish a valid network topology Bridge Setting This section describes how to configure the Spanning Tree Bridge and STP System settings It allows configuration of STP System settings that are used by all STP Bridge instances on the switch To co...

Page 72: ... range 1 to 10 BPDus per second Advanced Settings Edge Port BPDU Filtering Control whether a port explicitly configured as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port error Recovery Timeout The...

Page 73: ... with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just be left empty not having anyVLANs mapped to it Example 2 5 20 40 Spanning Tree MSTI Priorities When implementing a Spanning Tree protocol on the switch the CIST is the default instance which is always active This is because it controls the bridge priority Lower numeric values have higher priority The bridge p...

Page 74: ...en you implement a Spanning Tree protocol on the switch it is necessary to configure the CIST Ports This section describes how to inspect the current STP CIST port configurations and to configure them To configure the CIST Ports in the web interface Click Configuration Spanning Tree CIST Ports Set all parameters of CIST Aggregated Port Configuration Enable or disable the STP then set all parameter...

Page 75: ... been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to preventbridgesexternalto acoreregion ofthe network influencethespanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also known as Root Guard Restricted TCN If enabled causes the port not to propagate received t...

Page 76: ...f the MSTI Port Configuration Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings Spanning Tree CIST Port Configuration Parameters Items Description Port The switch port number of the corresponding STP CIST and MSTI port Path Cost Controls the path cost incurred by the port TheAuto setting...

Page 77: ...a maximum of 128 corresponding rules for each To configure the IPMC Profile in the web interface Click Configuration IPMC Profile Profile Table Enable or disable the Global Profile Mode Click Add new IPMC Profile to create a new IPMC Profile Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved setti...

Page 78: ...d is not editable and will be adjusted automatically according to the selected profile entry Action Indicates the learning action upon receiving the Join Report frame that has the group address that matches the address range of the rule Permit Group addresses that match the range specified in the rule will be learned Deny Group addresses that match the range specified in the rule will be dropped L...

Page 79: ...ding on the Multicast VLAN In a multicast television application a PC or a television with a set top box can receive the multicast stream Multiple set top boxes or PCs can be connected to one subscriber port which is a switch port configured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP join message to Switch A to join the appropriate multicast Upl...

Page 80: ...nt address of the IP interface associated with this VLAN When the IPv4 management address is not set the system uses the first available IPv4 management address Otherwise the system uses a pre defined value By default this value will be 192 0 2 1 Mode Specify the MVR mode of operation In Dynamic mode MVR allows dynamic MVR membership reports on source ports In Compatible mode MVR membership report...

Page 81: ...m all as the broadcast packet Without IGMP Snooping the multicast packet forwarding function is plain and identical from the broadcast packet A switch supported by IGMP Snooping with the functions of query and reporting can update the information of the Multicast table when a member port joins or leaves an IP Multicast Destination Address With this function once a switch receives an IP multicast p...

Page 82: ...nable fast leave on the port Throttling Enable to limit the number of multicast groups to which a switch port can belong IGMP Snooping VLAN Configuration This section describes the VLAN configuration setting process integrated with IGMP Snooping function For each setting the page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field The first...

Page 83: ...rol frame priority level generated by the system These values can be used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest default interface priority value is 0 RV Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a network The allowed range is 1 to 255 default robustness variable value is 2 QI Query Interval The Que...

Page 84: ...er right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings IGMP Snooping Port Filtering Configuration Parameters Items Description Port The logical port number for the settings Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view but...

Page 85: ...n Enable or Disable the Global configuration parameters Select the port to join Router Port and fast Leave Select the Throttling mode with Unlimited 1 to 10 Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings ...

Page 86: ...tined for a given multicast address it forwards that traffic only to ports on the VLAN that have MLD hosts for that address It drops that traffic for ports on the VLAN that have no MLD hosts The system will use the last entry of the currently displayed entries as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table To configure the MLD Snoopi...

Page 87: ...mber Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The al...

Page 88: ...scovery specified in standards document IEEE 802 1AB To Configure LLDP in the web interface Click Configuration LLDP LLDP Modify LLDP timing parameters Set the required mode for transmitting or receiving LDP messages Specify the information to include in the TLV field of advertised messages Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel ...

Page 89: ...oming CDP frames The switch doesn t transmit CDP frames CDP frames are only decoded if LLDP on the port is enabled Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics CDP TLVs are mapped onto LLDP neighbors table as shown below CDP TLV Devic...

Page 90: ...g network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions and serial or asset number This page allows configuration of the LLDP MED This function applies to VoIP devices which support LLDP MED To Configure the LLDP MED in the web interface Click Configuration LLDP LLDP MED Modify Fast start repeat count parameter default...

Page 91: ...in a second when a new LLDP MED neighbor has been detected in order share LLDP MED information as fast as possible to new neighbors Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended to repeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frame With Fast start repeat count it is po...

Page 92: ... on water sea ocean Civic Address Location IETF Geopriv CivicAddress based Location Configuration Information CivicAddress LCI Country Code The two letter ISO 3166 country code in capital ASCII letters Example US CA UK State National subdivisions State province canton region County Country Parish Gun Japan City City or Township Example Toronto City District City division borough ward Block Neighbo...

Page 93: ...n aggregated link interior to the LAN Delete Check to delete the policy It will be deleted during the next save Policy ID ID for the policy This is auto generated and shall be used when selecting the policies that shall be mapped to the specific ports Application Type Intended use of the application types 1 Voice For use by dedicated IP Telephony handsets and other similar appliances supporting in...

Page 94: ...esents use of the default priority as defined in IEEE 802 1D 2004 DSCP DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 Adding a new policy Click to add a new policy Specify theApplication type T...

Page 95: ...tings or click Reset to cancel The Form will return to the previously saved settings PoE Configuration Parameters Items Description Power Supply Configuration Reserved Power determined by There are three modes for configuring how the ports PDs may reserve power 1 Allocated mode in this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port...

Page 96: ...will be shown In case that the primary power source fails the backup power source will take over For being able to determine the amount of power the PD may use it must be defined what amount of power the primary and backup power sources can deliver Valid values are in the range 0 to 2000 Watts Port This is the logical port number for this row Ports that are not PoE capable are grayed out and thus ...

Page 97: ...ill start to provide power to the PD when it out of delay time Default 0 range 0 300 sec PoE Scheduling This page allows the user to make a perfect schedule of PoE power supply PoE Scheduling not only makes PoE management easier but it also saves energy To display Power over Ethernet Scheduling in the web interface Click Configuration PoE Scheduling Select the local port and enable it Select time ...

Page 98: ...nnect it will reboot the powered device automatically To display Power over Ethernet Auto Checking in the web interface Click Configuration PoE Auto Checking Enable the Ping Check function Specify the Powered Device s IP address checking interval retry time failure action and reboot time Click Apply and click the Save icon in the upper right corner to save the settings PoE Auto Checking Configurat...

Page 99: ...ts to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen ...

Page 100: ... 64 entries is for the whole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address Delete Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID of the entry MAC Address The MAC Address of the entry Port Memebers Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Adding a New Sta...

Page 101: ... show the value that the port will get when the mode is applied Access Access ports are normally used to connect to end stations Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged frames and C tagged frames Discards all frames th...

Page 102: ...assified to the Port VLAN If frames must be tagged on egress they will be tagged with the custom S tag Ingress Filtering Hybrid ports allow for changing ingress filtering Access and Trunk ports always have ingress filtering enabled If ingress filtering is enabled checkbox is checked frames classified to a VLAN that the port is not a member of get discarded If ingress filtering is disabled frames c...

Page 103: ...d stack switch unit when you click on Save The VLAN is thereafter present on the other stack switch units but with no port members The check box is greyed out when VLAN is displayed on other stacked switches but user can add member ports to it AVLAN without any port members on any stack unit will be deleted when you click Save The button can be used to undo the addition of new VLANs Private VLAN P...

Page 104: ...this time but through Port B the next time If Port A and Port B belong to different VLANs the device will be assigned to a different VLAN the next time it accesses the network As a result it will not be able to use the resources in the old VLAN On the other hand if Port A and Port B belong to the same VLAN after terminal devices access the network through Port B they will have access to the same r...

Page 105: ...ocol layer is the upper sub layer of the Data Link Layer which is itself layer 2 just above the physical layer in the seven layer OSI reference model It provides multiplexing mechanisms that make it possible for several network protocols IP IPX Decent and Appletalk to coexist within a multipoint network and to be transported over the same network media and can also provide flow control and automat...

Page 106: ...D If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is o...

Page 107: ... page allows for adding updating and deleting IP subnet based VLAN entries and assigning the entries to different ports This page shows only static entries To configure IP subnet based VLAN memberships in the web interface Click Configure VCL IP Subnet based VLAN Specify the VCE ID IP Address Mask Length VLAN ID ad select Port Members Click Add New Entry to create a new IP Subnet based VLAN Member...

Page 108: ...lated configuration for voice data can be configured ensuring the transmission priority of voice traffic and voice quality The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should ...

Page 109: ...e Voice VLAN members automatically Forced Force join to Voice VLAN Port Security Enable or Disable the Voice VLAN port security mode When the function is enabled all non telephonic MAC addresses in the Voice VLAN will be blocked for 10 second Prot Discovery Protocol Indicates the Voice VLAN port discovery protocol It will only work when auto detect mode is enabled We should enable LLDP feature bef...

Page 110: ...to the frame according to what was configured for that specific QoS class The switch supports advanced memory control mechanisms providing excellent performance of all QoS classes under any traffic scenario including jumbo frame An ingress super priority queue with dedicated memory and strict highest priority in the arbitration allows traffic recognized as CPU traffic to be received and queued for...

Page 111: ...ue in the tag Otherwise the frame is classified to the default DEI value Tag Class Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode in order to configure the mode and or mapping NOTE This setting has no effect if the port is VLAN unaware Tagged fr...

Page 112: ...Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames Qos Port Schedulers This section provides an overview of QoS Egress Port Schedulers for all switch ports The ports belong to the currently selected stack unit as reflected by the page header To configure the QoS Port Schedulers in the web interface Click Configuration QoS...

Page 113: ...112 NOTE the Scheduler Mode is set with Weighted then the screen will change as the figure displays ...

Page 114: ...tricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted Queue Sheduler Percent Shows the weight in percent for this queue This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restric...

Page 115: ...is value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth Queue Shaper Weight Controls the weight for this queue The default value is 17 This value...

Page 116: ... unit as reflected by the page header To configure the QoS Port Tag Remarking in the web interface Click Configuration QoS Port Tag Remarking Click the Port Index number to set the QoS Port Tag Remarking Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings ...

Page 117: ...d PCP DEI values Default Use default PCP DEI values Mapped Use mapped version of QoS class and DP level PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default QoS Class DP Level to PCP DEI Mapping Controls the mapping of the classified QoS class DP level to PCP DEI values when the mode is set to Mapped ...

Page 118: ...ion Parameters Items Description Port The Port column shows the list of ports for which you can configure DSCP ingress and egress settings Ingress Change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress Translate To enable the Ingress Translation click the checkbox Classify Classification for a port includes 4 differen...

Page 119: ...n Configuration Parameters Items Description DSCP Maximum number of supported DSCP values are 64 Trust Click to check if the DSCP value is trusted QoS Class QoS Class value can be any of 0 7 DPL Drop Precedence Level 0 3 QoS DSCP Translation This section describes how to configure the basic QoS DSCP Translation settings for the switch DSCP translation can be done for both Ingress and Egress To con...

Page 120: ...Remap DP0 Select the DSCP value from the select menu to which you want to remap DSCP value ranges from 0 63 Remap DP1 Select the DSCP value from the select menu to which you want to remap DSCP value ranges from 0 63 QoS DSCP Classification This section describes how to configure and map DSCP values to a QoS Class and DSCP value The settings relate to the currently selected stack unit as reflected ...

Page 121: ...ers Items Description Qos Class Available QoS Class value ranges from 0 to 7 DPL Drop Precedence level 0 1 can be configured for all available QoS Classes DSCP Select DSCP value 0 63 from DSCP menu to map DSCP to corresponding QoS Class and DPL value ...

Page 122: ...the button to add a new QoS Control List Scroll all parameters and set the Port Member to join the QCE rules Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings QoS Control List Configuration Parameters Items Description QCE Indicates the index of QCE Port Indicates the list of ports confi...

Page 123: ...frame s content There are three action fields Class Classified QoS Class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Each QCE can be modified using the following buttons Ins...

Page 124: ...otocol IP protocol number 0 255 TCP or UDP or Any Source IP IPv6 source address a b c d or Any 32 LS bits DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF orAF11 AF43 Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or ...

Page 125: ...sis It can then be attached to a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner Mirror Configuration is to monitor the traffic of the network For example assume that Port A and Port B are Monitoring Port and Monitored Port respectively thus the traffic received by Port B will be copied to PortA for monitoring To con...

Page 126: ...e Click Configuration UPnP Scroll to select the mode to enable or disable Specify the parameters in the TTL and Advertising Duration fields Click Apply and click the Save icon in the upper right corner to save the settings or click Reset to cancel The Form will return to the previously saved settings UPnP Configuration Parameters Items Description Mode Indicates the UPnP operation mode Possible mo...

Page 127: ...ystem files Running config A virtual file that represents the currently active configuration on the switch This file is volatile Startup config the startup configuration for the switch to read at boot time Default config A read only file with vendor specific configuration This file is read when the system is restored to default settings It is also possible to store up to two other files and apply ...

Page 128: ...lly sFLOW The sFlow Collector configuration for the switch can be monitored and modified here The configuration is divided into two parts Configuration of the sFlow receiver sFlow collector and configuration of per port flow and counter samplers sFlow configuration is not persisted to non volatile memory which means that a reboot or master change will disable sFlow sampling To configure sFlow Agen...

Page 129: ...ems Description Agent Configuration IP Address This IP address is used as Agent IP address in sFlow datagrams It serves as a unique key that will identify this agent over extended periods of time Both IPv4 and IPv6 addresses are supported ...

Page 130: ...r settings Max Datagram Size The maximum number of data bytes that can be sent in a single sample datagram This should be set to a value that avoids fragmentation of the sFlow datagrams Valid range is 200 to 1488 bytes with default being 1400 bytes Port Configuration Port The port nmber for which the configuration below applies Flow Sampler Sampling Rate The statistical sampling rate for packet sa...

Page 131: ...ce that sends out the mail for you User Name Specify the username on the mail server Password Specify the password on the mail server Sender Specify the sender name of the alarm email Return Path Specify the sender email address of the alarm mail This address will be the from address on the email message Email Address 1 6 Email address that would like to receive the alarm message ...

Page 132: ...tion in the web interface Click Monitor System Information Check the contact information for the system administrator as well as the name and location of the switch Also indicate the local time zone by configuring the appropriate offset Click Apply to see any changes System Information Parameters Items Description Model Name Displays the factory defined model name for identification purposes Syste...

Page 133: ...m IP Status This page displays the status of the IP protocol layer The status is defined by the IP interfaces the IP routes and the neighbor cache ARP cache status To display the IP Status in the web interface Click Monitor System IP Status Display the IP address information Click Auto Refresh Auto refresh will refresh the page every 3 seconds System IP Interfaces Parameters Items Description Inte...

Page 134: ...mation System Log Parameters Items Description Level Level of the system log entry There are 3 options All Display all log entries Warning Warning level of the system log Error Error level of the system log All All levels ID ID 1 of the system log entry Time It will display the log record by device time The time of the system log entry Message It will display the log detail message The message of ...

Page 135: ... ID 1 of the system log entry Message The detailed message of the system log entry Including the Level Time and Message of the entry Buttons Refresh Updates the system log entries starting from the current entry ID Updates the system log entries to the first available entry ID Updates the system log entry to the previous available entry ID Updates the system log entry to the next available entry I...

Page 136: ...isplays the Subnet Mask of the Switch Gateway Displays the Gateway of the Switch Primary DNS Displays the Primary DNS of the Switch Green Ethernet Port Power Savings This page provides the current status for EEE To display the Power Saving in the web interface Click Monitor Green Ethernet Port Power Savings Displays the Port Power Savings Status Click the Auto Refresh to auto refresh the page It w...

Page 137: ...efresh the Port Statistics Click Clear to clear all information Port Statistic Overview Parameters Items Description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and tranmitted bytes per port Errors The number of frames received in error and the numbe rof incomplete transmisseions per p...

Page 138: ... Ports QoS Control List QCL Status QoS control list displays the QCL status by different QCL users Each row displays the QCE that is defined There will be conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch To display the QoS Control List Status in the web interface Click Monitor Ports QCL Status Check the Auto refr...

Page 139: ...hat resources required to add a QCE may not be available In that case it shows conflict status as YES otherwise it is always NO Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on pressing Resolve Conflict button Buttons Auto refresh Check this box to refresh the page automatically It will do so every 3 seconds Refresh Click to refresh the page Res...

Page 140: ...l Rx and Tx Packets The number of received and trasmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx Tx Multicast The number of received and transmitted good and bad multicast packets ...

Page 141: ...id CRC Rx Fragments The number of short 1 frames received with invalid CRC Rx Jabber The number of long 2 Frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes Long frames are frames that are longer than the configured maximum frame length for this port Transmit Error Counters Tx Drops Th...

Page 142: ...working DC voltage of the SFP module Mon1 Bias Displays the current Bias of the SFP module Mon2 TX PWR Displays the transmit power of the SFP module Mon3 RX PWR Displays the receiver power of the SFP module DHCP DHCP Server A DHCP Server is used to allocate network addresses and deliver configuration parameters to dynamically configured hosts called a DHCP client DHCP Statistics This page displays...

Page 143: ...resh the page Clear Clears the counters DHCP Server Binding IP This page displays the bindings generated for DHCP clients To Display DHCP Server binding IP in the web interface Click Monitor DHCP Server Binding Check the Auto Refresh check box to have the page automatically refresh every 3 seconds DHCP Server Binding IP Parameters Items Description IP The IP Address allocated to the DHCP client Ty...

Page 144: ...HCP Snooping Table in the web interface Click Monitor DHCP Snooping Table Check the Auto Refresh check box to have the page automatically refresh every 3 seconds Dynamic DHCP Snooping Table Parameters Items Description Start From MAC Address Select the starting MAC Address VLAN VLAN number Entries per page Set how many entries will be displayed per page MAC Address User MAC Address of the entry VL...

Page 145: ...t ID Receive Bad Remote ID The number of packets whose Remote ID option did not match known Remote ID Client Statistics Transmit to Client The number of relayed packets from server to the client Transmit Error The number of packets that resulted in error while being sent to the servers Receive from Client The number of received packets from the server Receive Agent Option The number of received pa...

Page 146: ... and transmitted Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted Rx and Tx ACK The number ofACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform...

Page 147: ...fresh Check this box to refresh the page automatically It will do so every 3 seconds Refresh Click to refresh the page Clear Clears the counters Network Port Security Switch This section shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from the user modules When a user module has enabled port security on a port the port is set up ...

Page 148: ...he corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security State Displays the current state of the port It can take one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from u...

Page 149: ... display a Port Security Switch Status Configuration in the web interface Click Monitor Security Network Port Security Port Scroll to select the Port Number of the port to be displayed Check the Auto Refresh check box to have the page automatically refresh every 3 seconds Port Security Statistics Parameters Items Description Mac Address and VLAN ID The MAC address and VLAN ID that is seen on this ...

Page 150: ...in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication QoS Class QoS Class assigned to the port by the RADIUS server if enabled Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the...

Page 151: ...ACEs is 512 on each switch To Display the ACL status in the web interface Click Monitor Security Network ACL Status Check the Auto Refresh check box to have the page automatically refresh every 3 seconds ACL Status Parameters Items Description User Indicates the ACL user Ingress Port Indicates the ingress port of the ACE Possible values are All The ACE will match any ingress port Port The ACE will...

Page 152: ...able parameters of the switch The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address To Display the Dynamic ARP Inspection Table Configuration in the web interface Click Monitor Security Network ARP Inspection Specify the Start from port VLAN ID MAC Address IP Address and entries per page Check the Auto Re...

Page 153: ...k box to have the page automatically refresh every 3 seconds Dynamic IP Source Guard Table Parameters Items Description Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the IP traffic is permitted IP Address User IP Address of the entry MAC Address Source MAC address Buttons Auto refresh Check this box to refresh the page automatically It will do so every 3 seco...

Page 154: ...s ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled AAA Radius Details Thi...

Page 155: ...Client MIB Use the server select box to switch between the backend servers to show details for Packet Counters RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Rx Access Accepts radiusAuthClientExtAccessAccepts The number of RADIUSAccess Accept packets valid or invalid received from the server ...

Page 156: ...s Request packets retransmitted to the RADIUS authentication server Tx Pending Requests radiusAuthClientExtPendingRequests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retra...

Page 157: ...ownTyp es The number of RADIUS packets of unknown types that were received from the server on the accounting port Rx Packets Dropped radiusAccClientExtPacketsDrop ped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Tx Requests radiusAccClientExtRequests The number of RADIUS packets sent to the server This does not include ret...

Page 158: ...uto refresh Check this box to refresh the page automatically It will do so every 3 seconds Refresh Click to refresh the page Clear Clears the counters Switch RMON Statistics This page provides an overview of RMON Statistics entries Each page shows up to 99 entries from the Statistics table default being 20 selected trough the entries per page input field When first visited the web page will show t...

Page 159: ...packets received that were between 128 and 255 octets in length 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length 512 1023 The total number of packets including bad packets received that were between 512 and 1023 octets in length 1024 1588 The total number of packets including bad packets received that were between 1024 and 1588 octet...

Page 160: ...Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Updates the table starting from the first entry in the History table i e the entry with the...

Page 161: ...nt This page provides an overview of RMON Event table entries Each page shows up to 99 entries from the Event table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Event table The first displayed will be the one with the lowest Event Index and Log Index found in the Event table The Start fro...

Page 162: ...conds LACP System Status Overview Parameters Items Description Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local...

Page 163: ...r ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GLAGs while IDs 3 14 are LLAGs Partner System ID The partner System ID MAC address Partner Port The partner port number connected to this port Partner Prio The partner port priority Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the pag...

Page 164: ...arameters Items Description Port The switch port number of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Auto...

Page 165: ...The time since last Topology Change occurred Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page Spanning Tree Port Status This page will display the STP CIST port status for the physical ports of the currently selected switch To display the STP Bridge status in the web interface Click Monitor Spanning Tre...

Page 166: ...of the logical STP port MSTP The number of MSTP Configuration BPDU s received transmitted on the port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spa...

Page 167: ... Refresh check box to have the page automatically refresh every 3 seconds MVR Channel Groups Overview Parameters Items Description Navigating the MVR Channels Groups Information Table Each page shows up to 99 entries from the MVR Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MV...

Page 168: ...splayed table starting from that or the closest next MVR SFM Information Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The form will use the last entry of the currently displayed table as the basis for the next lookup When the end is reached the text NO more entries is ...

Page 169: ...ies Transmitted The number of Transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Router Port Display which ports act as router ports A router port is a port on the Ether...

Page 170: ...Table Clicking the button will update the displayed table starting from that or the closest next IGMP Group Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The form will use the last entry of the currently displayed table as a basis for the next lookup IGMP Group Table Co...

Page 171: ...layed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID Port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined t...

Page 172: ...e Layer 3 multicast device or MLD querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured to be a router port Port The Switch port number Status Indicates whether specific port is a router port or not Buttons Auto refresh Check this box to refresh the page automatically It...

Page 173: ...ered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by port Different source addresses belonging to the same group are treated as a single entry To display the MLDv2 IPv6 SSM Information in the web interface Click Monitor IPMC MLD Snooping IPv6 SFM Information Use the arrow buttons to move to the ...

Page 174: ... refresh every 3 seconds LLDP Neighbor Information Parameters Items Description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Port ID The Remote Port ID is the identification of the neighbor port Port Description Port Description is the port description advertised by the Neighbor unit System Name System Name i...

Page 175: ...iance as a Media Endpoint Class II will also support all aspects of TIA 1057 applicable to Generic Endpoints Class I and any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of TIA 1057 applicable to both Media Endpoints Class II and Generic Endpoints Class I LLDP MED Media Endpoint Class I Class I The LLDP MED Generic Endpoint Class I ...

Page 176: ...ulticast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling for use in network topologies that require a separate policy for the video signaling than for the video media Policy Policy i...

Page 177: ...is unknown what power supply the PD device is using it is indicated as Unknown Power Priority Power Priority represents the priority of the PD device or the power priority associated with the PSE type device s port that is sourcing the power There are three levels of power priority The three levels are Critical High and Low If the power priority is unknown it is indicated as Unknown Maximum Power ...

Page 178: ...k partner has received registered and processed its most recent values For example if the local link partner receives echoed parameters that do not match the values in its local MIB then the local link partner infers that the remote link partners request was based on stale information Echo Rx Tw The link partner s Echo Rx Tw value Resolved Tx Tw The resolved Tx Tw for this link This is not the lin...

Page 179: ...ed Tx Frames The number of LLDP frames transmitted on the port Rx Frames The number of LLDP frames received on the port Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standa...

Page 180: ...matically refresh every 3 seconds LLDP PoE Statistics Parameters Items Description Local Port This is the logical port number for this row PD Class Each PD is classified according to a class that defines the maximum power the PD will use The PD Class shows the PDs class Five classes are defined Class 0 Max Power 15 4 W Class 1 Max Power 4 0 W Class 2 Max Power 7 0 W Class 3 Max Power 15 4W Class 4...

Page 181: ... page fields Check the Auto Refresh check box to have the page automatically refresh every 3 seconds MAC Table Statistics Parameters Items Description Navigating the MAC Table Each page shows up to 99 entries from the MAC table default being 20 selected from the entries per page input field The page will show 20 entries from the beginning of the MAC Table The first displayed will be the one with t...

Page 182: ...ow the user to select the starting point in the VLAN Table Clicking the Refresh button will update the displayed table starting from that or the closest next VLAN Table match The will use the last entry of the currently displayed VLAN entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table VLAN USER VLAN User module uses services of the...

Page 183: ...e first available entry ID Updates the system log entry to the next available entry ID VLAN PORT Status The Port Status gathers the information of all VLAN statuses and displays them in the order of Static NAS MVRP MVP Voice VLAN MSTP GVRP and Combined To Display the VLAN Port Status in the web interface Click Monitor VLAN Ports Scroll the drop down menu to Specify Static NAS MVRP VOICE VLAN MSTP ...

Page 184: ...ded Port VLAN ID Shows the Port VLAN ID PVID that a given user wants the port to have The field is empty if not overridden by the selected user Tx Tag Shows egress filtering frame status whether tagged or untagged UVID Shows UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side Conflicts Shows status of Conflicts whether exists or not When a Volatile VLAN User reque...

Page 185: ... the text field when Ethernet is selected as a Frame Type is called etype Valid values for etype range from 0x0600 0xffff For LLC Valid value in this case is comprised of two different sub values DSAP 1 byte long string 0x00 0xff SSAP 1 byte long string 0x00 0xff For SNAP Valid value in this case also is comprised of two different sub values OUI OUI Organizationally Unique Identifier is value in f...

Page 186: ...D mapping To include a port in a mapping check the box To remove or exclude the port from the mapping uncheck the box By default no ports are members and all boxes are unchecked Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to manually refresh the page IP Subnet based VLAN This page shows static IP subnet based VLAN ent...

Page 187: ...eck the box By default all boxes are unchecked Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to manually refresh the page sFlow This page displays receiver and per port sFlow statistics To display the sFlow statistics in the web interface Click Monitor sFlow Check the Auto Refresh check box to have the page automaticall...

Page 188: ...s sent to the sFlow receiver Counter Samples The total number of counter samples sent to the sFlow receiver Port Statistics Port The port number for which the following statistics applies Rx and Tx Flow Samples The number of flow samples sent to the sFlow receiver originating from this port Here flow samples are divided into RX and TX flow samples where RX flow samples contains the number of packe...

Page 189: ...t Values range from 2 bytes to 1452 bytes Ping Count The count of the ICMP packet Values range from 1 time to 60 times Ping Interval The interval of the ICMP packet Values range from 0 seconds to 30 seconds Start Click the Start button then the switch will begin to ping the device using ICMP packet size as set above The switch will transmit the number of packets as set above in the Ping Count fiel...

Page 190: ...size as set above The switch will transmit the number of packets as set above in the Ping Count field and the sequence number and roundtrip times are displayed upon reception of a replay from the target device The page refreshes automatically until responses to all transmitted packets are received or until a timeout occurs Cable Diagnostics This section is used for running the Cable Diagnostics Pr...

Page 191: ...col to use ICMP TCP or UDP Specify the traceroute IP Address of the target device Set the Wait Time Max TTL and Probe Count Fields Click Start to begin the test Traceroute Diagnostics Parameters Items Description Protocol The type of protocol to use for the test Three options are available ICMP TCP UDP IP Address The IP Address of the target device Wait Time Set the time in seconds to wait for a r...

Page 192: ... be available after the restart To perform a Restart of the device from the web interface Click Maintenance Restart Device Select the check box Force Cool Restart to force a cool restart Click Yes to perform the restart or No to cancel the restart Reboot Schedule The Switch can be scheduled for regular reboot for maintenance reasons Once Enabled is selected from the Mode drop down box the schedule...

Page 193: ...olumn note it is a 24 hour list 0 23 and set the Minute in the MM column Displayed in 5 minute increments Factory Defaults The Switch can be returned to the factory default settings Any configurations set or software changes that have been made to the switch will be lost and replaced with the original configuration settings from the manufacturer To reset the switch to factory default settings in t...

Page 194: ...nfiguration The running configuration will be written to flash memory for the system boot up to load this startup configuration file Download It is possible to export the switch configuration for maintenance needs Any current configuration files will be exported as text format It is possible to download a file through the web browser to for any of the configuration files except default config whic...

Page 195: ...latile Startup config The startup configuration for the swtich read at boot time Default config A read only file with vendor specific configuration This file is read when the system is restored to default settings Activate It is possible to activate any of the configuration files present on the switch except for running config which represents the currently active configuration Select the file to ...

Page 196: ... selected config file will be deleted from the switch If that file was the startup config file then the switch will effectively be reset to the default factory boot up settings Server Report Server Report creates a complete txt format report of the configuration of the switch This information can be very helpful for technicians when they require data to troubleshoot problems on the network To crea...

Page 197: ...he DMS mode and set the switch to the Master setting over other DMS enabled switches Note If there are additional i3 switches on the network setting one switch to Enabled or High Priority will set that switch as the primary DMS feature switch and will change Trunk Access ports on the secondary i3 switches to Hybrid This may cause comunication to fail between secondary i3 switches and any 3rd party...

Page 198: ...ement Device List Parameters Items Description Remove Check this box to remove off Line devices from the switch Status Displays the Device link status Online or Offline Model Name Displays the model name of the device Device name Displays the Device name This is editable by clicking the button MAC Displays the MAC Address of the device IP Address Displays the IP Address of the device Version Displ...

Page 199: ...ws administrators to quickly and easily find the Switch in their cabinet Reboot Device Reboots the PD device Device Type Select Device Type Options include IP Camera PC IP Phone AP or other device Buttons Refresh the Topology View Click to rescan the Topology View Use the directional pad to scroll up down left or right Use the slider to zoom in or out Alternatively the mouse can be used to navigat...

Page 200: ... Maintenance Floor Image To configure DMS Floor View in the web interface Click DMS Graphical Monitoring Floor View Floor View List Parameters Items Description Use the directional pad to scroll up down left or right Save the whole View Save the whole View to SVG PNG or PDF Select the device category to filter the view to see only desired devices Search for a specific device by entering the IP MAC...

Page 201: ...MS Map View in the web interface Click DMS Graphic Monitoring Map View DMS Management Device List Parameters Items Description Use the directional pad to scroll up down left or right Save the whole View Select the device category to filter the view to see only desired devices Search for a specific device by entering the IP MAC address or Model Device name ...

Page 202: ...owse to select the image for upload DMS Maintenance Floor Image Parameters Items Description Note The system can hold up to 10 floor map images To delete out of date maps select them from the provided list by checking the corresponding check box and clicking the Delete button Add Floor Image Click the Choose File to open Windows File Manager to select a Floor Map Image to upload to the switch Clic...

Page 203: ...to be saved for this function to work properly To configure the DMS Diagnostics Trouble shooting in the web interface Click DMS Maintenance Diagnostics Select the checkbox of the Device that requires attention This will display the available information DMS Maintenance Diagnostics Trouble Shooting Parameters Items Description Show Entries Enter the number of entries to be displayed per page Search...

Page 204: ...on Traffic by Port This graph displays the traffic handled by the swich by port and volume The graph can be be customized to display Total traffic only the RX traffic or only the TX traffic by selecting the radio buttons to the right of the each choice The graph can be further customized to display a specific day by using the right and left arrow buttons or the traffic of an entire week can be dis...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands