manualshive.com logo in svg

ifs NS4702-24P-4X-V2, User Manual, Page: 1 / 396

Share
Download
ifs NS4702-24P-4X-V2 User Manual Download Page 1

 

NS4702-24P-4X-V2 
Managed Switch User 
Manual 

P/N 1073707-EN • REV B • ISS 06OCT22 

 

Summary of Contents for NS4702-24P-4X-V2

Page 1: ...NS4702 24P 4X V2 Managed Switch User Manual P N 1073707 EN REV B ISS 06OCT22...

Page 2: ...rence to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own e...

Page 3: ...Product documentation Please consult the following web link to retrieve the electronic version of the product documentation...

Page 4: ......

Page 5: ...agement 34 SNMP based network management 34 Chapter 4 Web configuration 35 Main web page 37 System 38 DHCP server 64 UDLD 75 Open Shortest Path First OSPF 78 Simple Network Management Protocol SNMP 92...

Page 6: ...eration 370 Address table 370 Learning 370 Forwarding and filtering 370 Store and forward 370 Auto negotiation 371 Chapter 6 PoE overview 372 What is PoE 372 PoE system architecture 372 Chapter 7 Trou...

Page 7: ...Carrier assumes no responsibility for errors or omissions Product warnings YOU UNDERSTAND THAT A PROPERLY INSTALLED AND MAINTAINED ALARM SECURITY SYSTEM MAY ONLY REDUCE THE RISK OF EVENTS SUCH AS BURG...

Page 8: ...Contact your supplier for replacement batteries Warranty disclaimers CARRIER HEREBY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS WHETHER EXPRESS IMPLIED STATUTORY OR OTHERWISE INCLUDING ANY IMPLIED W...

Page 9: ...refer to the data sheet and user documentation For the latest product information contact your local supplier or visit us online at firesecurityproducts com The system should be checked by a qualifie...

Page 10: ...specified the term managed switch mentioned in this user manual refers to the NS4702 24P 4X V2 Package contents Open the box of the managed switch and carefully unpack it The box should contain the fo...

Page 11: ...00 W for different kinds of PoE applications the managed switch provides a quick safe and cost effective PoE network solution for small businesses and enterprises Smart and Intuitive LCD Control The s...

Page 12: ...connected ONVIF devices and permit clients to create floor images maps using the managed switch simplifying the deployment of surveillance and other devices for planning and inspection purposes IP sur...

Page 13: ...or energy saving Under the trend of energy saving worldwide and contributing to environmental protection the managed switch can effectively control the power supply in addition to its capability of pr...

Page 14: ...e of 10Gbps in a cost effective way since the 10GbE interface usually available in a layer 3 switch but layer 3 switch could be too expensive for SMBs Environment friendly variable fan design for sile...

Page 15: ...n be programmed for advanced switch management functions such as dynamic port link aggregation Q in Q VLAN Multiple Spanning Tree Protocol MSTP layer 2 to layer 4 QoS bandwidth control and IGMP MLD sn...

Page 16: ...sed management interface the managed switch offers an easy to use platform independent management and configuration facility The managed switch supports standard Simple Network Management Protocol SNM...

Page 17: ...at PoE that combines up to 30 W of power output per port and a PoE budget of up to 400 W which can deploy up to 24 PoE PD devices It also features a built in robust IPv4 IPv6 layer 3 traffic static ro...

Page 18: ...Multiple Spanning Tree Protocol 802 1s MSTP into the customer s automation network to enhance system reliability and uptime Adopting the IEEE 802 3af 802 3at PoE standard the managed switch can direct...

Page 19: ...interface for basic switch management and setup Power over Ethernet Complies with IEEE 802 3at Power over Ethernet Plus end span PSE Backward compatible with IEEE 802 3af Power over Ethernet Up to 24...

Page 20: ...ates erroneous packets to optimize the network bandwidth Storm control support Broadcast Multicast Unknown Unicast Supports VLAN IEEE 802 1Q tagged VLAN Up to 255 VLANs groups out of 4094 VLAN IDs Pro...

Page 21: ...CoS TOS DSCP IP Precedence of IPv4 IPv6 packets IP TCP UDP port number Typical network application Strict priority and Weighted Round Robin WRR CoS policies Supports QoS and In Out bandwidth control o...

Page 22: ...v1 v2c and v3 switch management SSH SSL secure access 2 4 inch color LCD touch screen User privilege levels control Built in Trivial File Transfer Protocol TFTP client System maintenance Firmware upl...

Page 23: ...ng Throughput 95 23 Mpps 64 bytes Address Table 16K entries automatic source address learning and aging Shared Data Buffer 32M bits Flow Control IEEE 802 3x pause frame for full duplex Back pressure f...

Page 24: ...status auto negotiation status trunk status Port Mirroring TX RX both Many to 1 monitor VLAN 802 1Q tagged based VLAN Q in Q tunneling Private VLAN Edge PVE MAC based VLAN Protocol based VLAN Voice V...

Page 25: ...IBs RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB Standards Conformance Regulation Co...

Page 26: ...T copper RJ45 twisted pair Up to 100 meters 10 gigabit SFP slots 10BASE SR LR mini GBIC slot SFP Small Factor Pluggable transceiver module supports from 300 meters multi mode fiber up to 10 kilometers...

Page 27: ...power System alert LED Color Function PWR Green Lit indicates that the managed switch has power SYS Green Lit indicates that the firmware upgrade is complete Blinking indicates that a firmware upgrad...

Page 28: ...60 Hz Plug the female end of the power cord firmly into the receptacle on the rear panel of the managed switch and the other end of the power cord into an electrical outlet and then power it on Note T...

Page 29: ...rkstations or routers Note Connection to the managed switch requires UTP Category 5 network cabling with RJ45 tips For more information see Appendix A Networking connection on page 375 5 Connect one e...

Page 30: ...ide 5 After the brackets are attached to the managed switch use suitable screws to securely attach the brackets to the rack as shown below 6 Follow steps 4 through 7 under To install the managed switc...

Page 31: ...2 F Fast Ethernet 100Base FX S20 2MLC2 LC 2 Multi mode 2 km 1 2 mi 1310 nm 12 20 14 32 0 to 50 C 32 to 122 F S25 2MLC2 LC 2 Multi mode 2 km 1 2 mi 1310 nm 12 20 14 32 40 to 75 C 40 to 167 F Fast Ether...

Page 32: ...0 LC 2 Single Mode 30 km 18 6 mi 1310 nm 18 2 3 23 0 to 50 C 32 to 122 F S35 2SLC 30 LC 2 Single Mode 30 km 18 6 mi 1310 nm 18 2 3 23 40 to 75 C 40 to 167 F Gigabit Ethernet 1000 Base ZX S30 2SLC 70 L...

Page 33: ...00BASE SX 1000BASE LX to 1000BASE LX 2 Check if the fiber optic cable type matches the SFP transceiver model To connect to 1000BASE SX SFP transceiver use the multi mode fiber cable with one side bein...

Page 34: ...User Manual 4 Pull out the module gently through the lever Note Never pull out the module without making use of the lever or the push bolts on the module Removing the module with force could damage th...

Page 35: ...other platforms compatible with TCP IP protocols Workstations must have an Ethernet NIC Network Interface Card installed Serial Port connection Terminal The workstation must have a COM Port DB9 RS 232...

Page 36: ...th all popular browsers Can be accessed from any location Most visually appealing Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on poor conn...

Page 37: ...he computer After making this connection configure the terminal emulation program to use the following parameters These settings can be changed after log on if required This management method is often...

Page 38: ...the managed switch s console port Web management requires Microsoft Internet Explorer 11 0 or later SNMP based network management Use an external SNMP based application to configure and manage the man...

Page 39: ...ets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The managed switch can be configured through an Ethernet connection when the manager computer is s...

Page 40: ...2 When the following login screen appears type the default username admin with password admin and click Log In 3 Click OK to begin the process of changing the default username and password 4 Type a ne...

Page 41: ...itch s ports The mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page Port status is indicated a...

Page 42: ...tch managed IPv4 IPv6 interface and IP routes on this page IP Status This page displays the status of the IP protocol layer The status is defined by the IP interfaces the IP routes and the neighbour c...

Page 43: ...are Upgrade Upgrade the firmware via TFTP server Save Startup Config This copies running config to startup config thereby ensuring that the currently active configuration will be used at the next rebo...

Page 44: ...btained through the configured NTP server if present System Uptime The period of time the device has been operational Software Version The software version of the managed switch Software Date The date...

Page 45: ...ace Specify from which DHCPv6 enabled interface a provided domain name should be preferred DNS Server This setting controls the DNS name resolution done by the switch There are four servers available...

Page 46: ...or DHCP interfaces with an active lease this column shows the current interface address as provided by the DHCP server IPv4 Address Provides the IP address of this managed switch in dotted decimal not...

Page 47: ...notationor a valid IPv6 notation A default route can use the value 0 0 0 0 or IPv6 notation Mask Length The destination IP network or host mask in number of bits prefix length It defines how much of a...

Page 48: ...pe of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Status The status flags of the interface and or address IP Routes Network The destination IP net...

Page 49: ...e Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e it is granted full control of the device Other values need to refer...

Page 50: ...roup privilege level User privileges should be the same or greater than the group privilege level to have access to that group By default most groups privilege level 5 has read only access and privile...

Page 51: ...t panel of the managed switch for over 10 seconds and then release it The current settings including VLAN will be erased and the managed switch restores to default mode Privilege levels This page prov...

Page 52: ...iagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Ma...

Page 53: ...and the server when they are not on the same subnet domain Disabled Disable NTP mode operation Server Provides the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represente...

Page 54: ...llows the user to input hour value 00 to 23 hours Minute Allows the user to input minute value 0 to 59 minutes Second Allows the user to input second value 0 to 59 seconds Buttons Click Apply to apply...

Page 55: ...for single time configuration Default Disabled Start Time Settings Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minut...

Page 56: ...n the switch sends SSDP messages periodically at the interval one half of the advertising duration minus 30 seconds Valid values are in the range 100 to 86400 IP Address Mode IP addressing mode provid...

Page 57: ...DHCP relay agent s MAC address Configure DHCP relay in the DHCP Relay Configuration page This page includes the following fields Object Description Relay Mode Indicates the DHCP relay mode operation...

Page 58: ...ply to apply changes Click Reset to undo any changes made locally and revert to previously saved values DHCP relay statistics This page provides statistics for DHCP relay Server statistics Object Desc...

Page 59: ...ets received is kept with the relay agent information option Drop Agent Option The number of packets received is dropped with the relay agent information option Buttons Select the Auto refresh check b...

Page 60: ...The ID 1 of the system log entry Level The level of the system log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error...

Page 61: ...last entry currently displayed Click I to update the system log entries ending at the last available entry ID Detailed log The Detailed System Log Information page displays the managed switch system l...

Page 62: ...ort 514 The syslog server will not send acknowledgments back to sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet is always sent out even if the s...

Page 63: ...Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type the sender s email a...

Page 64: ...e software is uploaded to the system successfully the following screen appears The system loads the new software after reboot Note DO NOT Power OFF the managed switch until the update progress is comp...

Page 65: ...olatile startup config The startup configuration for the switch read at boot time default config A read only file with vendor specific configuration This file is read when the system is restored to de...

Page 66: ...les mentioned above plus two other files it is not possible to create new files unless an existing file is overwritten or another is deleted first Configuration activate The Activate Configuration pag...

Page 67: ...images in the device and allows you to revert to the alternate image The web page displays two tables with information about the active and alternate firmware images Note If the active firmware image...

Page 68: ...booted from a remote location After clicking the Yes button to restart log in to the web interface about 60 seconds later Buttons Click Yes to reboot the system Click No to return to the Port State pa...

Page 69: ...nd excluded IPs or both Buttons Click Add IP Range to add an IP range Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved values Pool The DHCP Serv...

Page 70: ...ice more than one DHCP client Host the pool services for a specific DHCP client identified by client identifier or hardware address If appears it means not defined IP Indicates the network number of t...

Page 71: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 67...

Page 72: ...addresses to service more than one DHCP client Host the pool services for a specific DHCP client identified by client identifier or hardware address IP Indicates the specific network number of the DHC...

Page 73: ...erver DHCP option 44 Specifies a list of NBNS name servers listed in order of preference NIS Domain Name DHCP option 40 Specifies the name of the client s NIS domain NIS Server DHCP option 41 Specifie...

Page 74: ...and configuration of a DHCP client The DHCP server delivers the corresponding option 43 specific information to the client that sends the option 60 vendor class identifier Vendor 3 Specific Informatio...

Page 75: ...address to a client host pool type Expired Binding Number of bindings in which the lease time expired or they are cleared from Automatic Manual type bindings Binding counters Displays the counters of...

Page 76: ...received DHCP message sent counters Displays the counters of DHCP messages sent by the DHCP server Object Description Offer Number of DHCP OFFER messages sent Ack Number of DHCP ACK messages sent Nak...

Page 77: ...efresh to refresh the page immediately Click Clear Selected to clear the selected bindings If the selected binding is Automatic or Manual then it is changed to Expired If the selected binding is Expir...

Page 78: ...it gathers a different layer overview The page includes the following fields Object Description RX and TX Discover The number of discover option 53 with value 1 packets received and transmitted RX an...

Page 79: ...ts received and transmitted RX and TX lease Active The number of lease active option 53 with value 13 packets received and transmitted RX Discarded Checksum Error The number of discarded packets where...

Page 80: ...Chapter 4 Web configuration 76 NS4702 24P 4X V2 Managed Switch User Manual The page includes the following fields...

Page 81: ...aggressive mode unidirectional detected ports will get shut down To bring back the ports up disable UDLD on the ports Message Interval Configures the period of time between UDLD probe messages on port...

Page 82: ...of the neighbor device Device ID The current ID of the neighbor device Link Status The current link status of the neighbor port Device Name Name of the neighbor device Buttons Select the Auto refresh...

Page 83: ...calculated automatically based on the routing protocols Specific User specified default metric Static Redistribute Metric Type The OSPF redistributed metric type for the connected interfaces None The...

Page 84: ...ation to the other OSPF routers via those interfaces The page includes the following fields Object Description Network Address IPv4 network address Mask Length IPv4 network mask length Area ID The OSP...

Page 85: ...includes the following fields Object Description Area ID The OSPF area ID No Summary The value is true means the area is a totally stub area Summary LSAs Type 3 except for the default route and AS ext...

Page 86: ...hentication Buttons Click Add New Entry to add a new entry Click Save to save changes Click Reset to undo local changes and revert to previously saved values Area range The OSPF area range configurati...

Page 87: ...ea paths from the address range are not advertised to other areas Auto Specific When Auto is selected the cost value is set to 0 automatically and cannot be configured Cost User specified cost or metr...

Page 88: ...default value is 40 seconds Retransmit Interval The time interval in seconds between link state advertisement LSA retransmissions for adjacencies The allowed range is 1 to 65535 and the default value...

Page 89: ...t value is 5 seconds Auth Type The authentication type Simple Password Plain text authentication A password must be configured but the password can be read by sniffer the packets Message Digest Messag...

Page 90: ...nimum interval in seconds between link state advertisements Min LSA Arrival Maximum arrival time in milliseconds of link state advertisements External LSA Count Number of external link state advertise...

Page 91: ...network LSAs Type 2 of a given type for the particular area Network LSA Checksum The network LSAs Type 2 checksum Summary LSA Count Number of the summary LSAs Type 3 of a given type for the particular...

Page 92: ...ttons Select Auto refresh to refresh the page automatically Automatic refresh occurs every 3 seconds Click Refresh to refresh the page immediately Interface status OSPF interface status information is...

Page 93: ...on this interface after this due time Nbr Count Neighbor count This is the number of OSPF neighbors discovered on this interface Adjacent Nbr Count Adjacent neighbor count This is the number of route...

Page 94: ...ayer 3 Switch A to Switch C 1 Add port 3 as a hybrid port with Allowed VLANs 1 10 20 2 Set the Mode to Router under IP Configuration 3 Add the VLAN interface Address 192 168 20 2 Mask Length 24 4 Set...

Page 95: ...3 Switch C 1 Add port 3 as a hybrid port with Allowed VLANs 1 10 20 2 Set the Mode to Router under IP Configuration 3 Add the VLAN interface Address 192 168 10 2 Mask Length 24 4 Set the OSPF Router M...

Page 96: ...anagement applications that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fast CPUs megapixel color displays substantial memory and ab...

Page 97: ...up An SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are...

Page 98: ...operation Selections include Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Engine ID Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64...

Page 99: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 95 SNMP trap configuration Configure the SNMP trap on the SNMP Trap Configuration page The page includes the following fields...

Page 100: ...SNMP trap packet The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 Trap Destination Address Indicates the SNMP trap destination address It allows a...

Page 101: ...eeded When Trap Probe Security Engine ID is enabled the ID will be probed automatically Otherwise the ID specified in this field is used The string must contain an even number in hexadecimal format wi...

Page 102: ...t not be a minus sign The allowed string length is 0 to 255 System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed cont...

Page 103: ...ds on the trap name type For example the ifIdex is the subset OID of linkUp and linkDown A valid subset OID is one or more digital numbers 0 4294967295 or asterisk which are separated by dots The firs...

Page 104: ...lly and revert to previously saved values SNMPv3 users Configure SNMPv3 users on the SNMPv3 User Configuration page The entry index keys are Engine ID and User Name The page includes the following fie...

Page 105: ...alue of security level cannot be modified if the entry already exists Ensure that the value is set correctly Authentication Password A string identifying the authentication pass phrase For MD5 authent...

Page 106: ...the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name t...

Page 107: ...another view entry in which the view type is included and it s OID subtree overrides the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view The allowed O...

Page 108: ...te View Name The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII character...

Page 109: ...4702 24P 4X V2 Managed Switch User Manual 105 The page includes the following fields The linked image cannot be displayed The file may have been moved renamed or deleted Verify that the link points to...

Page 110: ...d speed setting is selected that is what is used The Current Rx column indicates if pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmi...

Page 111: ...uttons Click Download to download the Port Statistics Overview result as an Excel file Click Refresh to refresh the page immediately Click Clear to clear the counters for all ports Click Print to prin...

Page 112: ...tted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broa...

Page 113: ...port Transmit error counters Object Description Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions...

Page 114: ...matched when the fiber connection fails Distance m Displays the supported distance of the current SFP module Temperature C SFP DDM Module Only Displays the temperature of the current SFP DDM module V...

Page 115: ...a network switch to another port where the packet can be studied It enables the manager to keep close track of switch performance and alter it if necessary To debug network problems selected traffic c...

Page 116: ...ring is disabled In the stacking mode you need to select the switch ID to select the correct device If you shut down a port it cannot be a candidate for a reflector port If you shut down the port whic...

Page 117: ...e Event Notification counters for Tx and Rx respectively A unique Event Notification OAMPDU is indicated as an Event Notification OAMPDU with a Sequence Number field that is distinct from the previous...

Page 118: ...status The displayed fields show the active configuration status for the selected port The page includes the following fields Object Description Mode The mode in which the Link OAM is operating Activ...

Page 119: ...use this field to decide if it needs to be processed an Information TLV that is identical to the previous Information TLV doesn t need to be parsed as nothing in it has changed PDU Permission This fie...

Page 120: ...generated in terms of 100 ms intervals Frame Period Error Event Window This four octet field indicates the duration of period in terms of frames Frame Period Error Event Threshold This four octet fie...

Page 121: ...r than in order for the event to be generated encoded as a 16 bit unsigned integer Error Frame Seconds Summary Errors This two octet field indicates the number of errored frame seconds in the period e...

Page 122: ...eact to the initiation of the Discovery process by the remote DTE This eliminates the possibility of passive to passive links Passive DTE s shall not send Variable Request or Loopback Control OAMPDUs...

Page 123: ...Threshold must be between 0 4294967295 and its default value is 1 Symbol Period Error Event This event is generated if the symbol error count is equal to or greater than the specified threshold for t...

Page 124: ...e Point to point link CE and PE devices permit EFM OAM to monitor First Mile link performance It reports log information to the network management system when fault events occur and uses the remote lo...

Page 125: ...ame speed Aggregated links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated links are treated by the system as a...

Page 126: ...ry Link aggregation permits grouping up to four consecutive ports into a single dedicated connection between any two managed switches or other Layer 2 switches However before making any physical conne...

Page 127: ...e same as the group member ports The aggregation code ensures that frames belonging to the same frame flow for example a TCP connection are always forwarded on the same link aggregation member port Re...

Page 128: ...to calculate the destination port for the frame Select the check box to enable the use of the Destination MAC Address or uncheck it to disable By default the Destination MAC Address is disabled IP Add...

Page 129: ...ggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove t...

Page 130: ...oup Aggregated Ports Aggregated member ports of the aggregation group Aggr ID The aggregation ID associated with this aggregation instance Buttons Click Refresh to refresh the page immediately LACP co...

Page 131: ...atus The Active selection transmits LACP packets each second while the Passive setting waits for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU tr...

Page 132: ...he partner has assigned to this aggregation ID Partner Priority The priority of the aggregation partner Last changed The time since this aggregation changed Local Ports Shows which ports are a part of...

Page 133: ...ccurs its LACP status is disabled Key The key is assigned to this port Only ports with the same key can aggregate together Aggregation ID The aggregation ID assigned to this aggregation group Partner...

Page 134: ...t the network into different broadcast domains so that packets are forwarded only between ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily VLAN can en...

Page 135: ...odes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network...

Page 136: ...s through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a...

Page 137: ...s are also assigned a PVID for use within the switch If no VLANs are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID o...

Page 138: ...want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then this port should be add...

Page 139: ...Q VLAN information remember that the PVID is only used internally within the managed switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant network device...

Page 140: ...related VID for frames entering the MAN When leaving the MAN the tag is stripped and the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to conne...

Page 141: ...ly VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specified with a dash separating the lower and upper boundaries T...

Page 142: ...Chapter 4 Web configuration 138 NS4702 24P 4X V2 Managed Switch User Manual The page includes the following fields...

Page 143: ...d By default all frames but frames classified to the Port VLAN a k a Native VLAN get tagged on egress Frames classified to the Port VLAN do not get C tagged on egress Egress tagging can be changed to...

Page 144: ...ed or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with the custom S tag Ingress Filtering Hybrid ports allow for changing ingress...

Page 145: ...question The syntax is identical to the syntax used in the Enabled VLANs field By default the field is left blank which means that the port may become a member of all possible VLANs Note The port must...

Page 146: ...ynamic VLAN user register VLAN on same Forbidden port then the conflict port appears as a conflict port VLAN Membership The VLAN Membership Status Page shows the current VLAN port members for all VLAN...

Page 147: ...the frame is discarded Frame Type Shows if the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames rece...

Page 148: ...lowing fields Object Description Delete Select this check box to delete a private VLAN entry The entry will be deleted during the next save Private VLAN ID Indicates the ID of this particular private...

Page 149: ...VLAN can be prevented Two application examples are provided in this section Customers connected to an ISP can be members of the same VLAN but they are not allowed to communicate with each other within...

Page 150: ...from the VLAN table This reduces the ports to which forwarding can be done to just the promiscuous ports within the private VLAN The Port Isolation Configuration page is used for enabling or disablin...

Page 151: ...VLANs Each VLAN isolates network traffic so only members of the VLAN receive traffic from the same VLAN members The table below describes the port configuration of the managed switches VLAN Group VID...

Page 152: ...gged packet entering VLAN 3 1 While PC 4 an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will receive the packet through Port 5 and Port 6 2 While the packet le...

Page 153: ...lect Egress Tagging as Tag All and Types 2 in the Allowed VLANs column Change Port 6 Mode as Trunk and select Egress Tagging as Tag All and Types 3 in the allowed VLANs column VLAN trunking between tw...

Page 154: ...teps 1 Add a VLAN group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in the allowed Access VLANs column the 1 3 includes VLAN 1 and 2 and 3 2 Assign VLAN members and PVIDs to each port VLAN 2 Port 1 Port...

Page 155: ...n the VLAN Trunk Port to being the member of each VLAN to be aggregated For example include Port 7 to be VLAN 2 and VLAN 3 member ports 5 Specify Port 7 to be the 802 1Q VLAN trunk port and the trunki...

Page 156: ...computer requires access to the same server AP Printer This section explains how to configure the port for the server so that it can be accessed by each isolated port 1 Assign Port Mode Set Port 1 Por...

Page 157: ...anual 153 MAC based VLAN The MAC based VLAN entries can be configured on the MAC based VLAN Membership Configuration page This page allows for adding and deleting MAC based VLAN entries and assigning...

Page 158: ...for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled when clicking Save A MAC based VLAN...

Page 159: ...Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately IP subnet based VLAN The IP subne...

Page 160: ...sure the box is deselected By default no ports are members and all boxes are deselected Add New Entry Click Add New Entry to add a new IP subnet based VLAN entry An empty row is added to the table and...

Page 161: ...o different sub values a OUI OUI Organizationally Unique Identifier is value in format of xx xx xx where each pair xx in string is a hexadecimal value ranges from 0x00 0xff b PID If the OUI is hexadec...

Page 162: ...e 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 No special character is allowed Whichever group name you try map to a VLAN must be p...

Page 163: ...E 802 1D Spanning Tree Protocol and IEEE 802 1w Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network When multiple links between switches ar...

Page 164: ...eive the BPDU BPDUs are not directly forwarded by the switch but the receiving switch uses the information in the frame to calculate a BPDU and if the topology changes initiates a BPDU transmission Th...

Page 165: ...es a port must transition through to further ensure that a stable network topology is created after a topology change Each port on a switch using STP exists is in one of the following five states Bloc...

Page 166: ...received by STP enabled ports until the forwarding state is enabled for that port STP parameters STP operation levels The managed switch allows for two levels of operation the switch level and the por...

Page 167: ...learning and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Varia...

Page 168: ...the root bridge If the switch has the lowest bridge identifier it will become the root bridge Forward Delay Timer The forward delay can be from 4 to 30 seconds This is the time any port on the switch...

Page 169: ...ry settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the priority setting or influencing S...

Page 170: ...further develop the usefulness of virtual LANs VLANs This Per VLAN MSTP configures a separate spanning tree for each VLAN group and blocks all but one of the possible alternate paths within each spann...

Page 171: ...e BPDUs Edge Port BPDU Guard Controls whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port enters the error disabled state and is removed from the active...

Page 172: ...e switch port currently assigned the root port role Root Cost Root Path Cost For the root bridge this is zero For all other bridges it is the sum of the port path costs on the least cost path to the r...

Page 173: ...NS4702 24P 4X V2 Managed Switch User Manual 169 CIST port configuration This STP CIST Port Configuration page permits the user to inspect and change the current STP CIST port configurations The page i...

Page 174: ...f spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network and influence the spanning tree active topology possibly because those...

Page 175: ...000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Recommended STP path costs Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100...

Page 176: ...ority Lower numerical values have higher priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a bridge identifier Buttons Click Apply...

Page 177: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 173...

Page 178: ...ANs not explicitly mapped VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with a comma and or space A VLAN can only be mapped to one MSTI A unused MSTI should be left em...

Page 179: ...Auto setting sets the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when...

Page 180: ...e one of the following values AlternatePort BackupPort RootPort DesignatedPort Disable CIST State The current STP port state of the CIST port The port state can be one of the following values Disabled...

Page 181: ...ree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Select the Auto refresh check box to refresh the p...

Page 182: ...longer active In the case where there is more than one multicast router on a sub network one router is elected as queried This router then keeps track of the membership of the multicast groups that ha...

Page 183: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 179 Multicast flooding IGMP snooping multicast stream control...

Page 184: ...mbership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report...

Page 185: ...bers It then propagates the service requests to any upstream multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along...

Page 186: ...rt of description Use _ or to separate the description sentence Rule When the profile is created click the edit button to enter the rule setting page of the designated profile Summary about the design...

Page 187: ...be used as an address range End Address The ending IPv4 IPv6 multicast group address that will be used as an address range Buttons Click Add New Address Range Entry to add a new address range Specify...

Page 188: ...the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier The switch forwards IGMP join or leave packets to an IGMP router port Selections are as follows Auto The managed sw...

Page 189: ...from the VLAN table default is 20 entries per page The range of entries per page can be typed into the Start from VLAN and entries per page fields When initially accessing the page it shows the first...

Page 190: ...values can be used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest The default interface priority value is 0 RV Robustness Variable The RV permits tuning fo...

Page 191: ...specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a port can join The IGMP Snooping Port Group Filtering Configuration page permits a...

Page 192: ...Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click Apply to apply...

Page 193: ...e specific port is configured to be a router port Dynamic denotes the specific port is learned to be a router port Both denote the specific port is configured or learned to be a router port Port Switc...

Page 194: ...hown IGMPv3 information Entries in the IGMP SFM Source Filtered Multicast information table are shown on the IGMP SFM Information page The table also contains SSM Source Specific Multicast information...

Page 195: ...es for filtering to 128 Type Indicates the type It can be either Allow or Deny Hardware Filter Switch Indicates if the data plane destined to the specific group address from the source IPv4 address ca...

Page 196: ...essages to the router side Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggre...

Page 197: ...iable value is 2 QI Query Interval The QI is the interval between general queries sent by the querier The allowed range is 1 to 31744 seconds The default query interval is 125 seconds QRI Query Respon...

Page 198: ...icast groups a port can join The MLD Snooping Port Filtering Profile Configuration page permits assigning a profile to a switch port that specifies multicast groups that are permitted or denied on the...

Page 199: ...settings Filtering Group Select the IPMC Profile as the filtering condition for the specific port Click the View button to view a summary of the designated profile Buttons Click Apply to apply change...

Page 200: ...s the specific port is configured to be a router port Dynamic denotes the specific port is learned to be a router port Both denote the specific port is configured or learned to be a router port Port S...

Page 201: ...ently shown MLDv2 information Entries in the MLD SFM Source Filtered Multicast information table are shown on the IGMP SFM Information page The table also contains SSM Source Specific Multicast inform...

Page 202: ...ting from the input fields Click I to update the table starting from the first entry in the MLD SFM information table Click to update the table starting with the entry after the last entry currently s...

Page 203: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 199 The MVR Configurations page provides MVR related configuration information...

Page 204: ...Chapter 4 Web configuration 200 NS4702 24P 4X V2 Managed Switch User Manual The page includes the following fields...

Page 205: ...his VLAN When the IPv4 management address is not set the system uses the first available IPv4 management address Otherwise the system uses a pre defined value By default this value is 192 0 2 1 Mode S...

Page 206: ...cast data It does not receive data unless it becomes a member of the multicast group by issuing IGMP MLD messages Caution We do not recommend overlapping MVR source ports with management VLAN ports Se...

Page 207: ...ived The number of received IGMPv2 leaves and MLDv1 dones respectively Buttons Click Refresh to refresh the page immediately Click Clear to clear all statistics counters Select Auto refresh to automat...

Page 208: ...SFM information Entries in the MVR SFM Source Filtered Multicast information table are shown on the MLD SFM Information page The table also contains SSM Source Specific Multicast information The table...

Page 209: ...ng from the first entry in the MVR SFM information table Click to update the table starting with the entry after the last entry currently shown Quality of Service QoS Understanding QoS Quality of Serv...

Page 210: ...network Service Level Defines the priority given to a set of classified traffic You can create and modify service levels Policy Comprises a set of rules that are applied to a network so that a network...

Page 211: ...kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow...

Page 212: ...Chapter 4 Web configuration 208 NS4702 24P 4X V2 Managed Switch User Manual The page includes the following fields...

Page 213: ...in the tag Otherwise the frame is classified to the default DPL The classified DPL can be overruled by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the p...

Page 214: ...Chapter 4 Web configuration 210 NS4702 24P 4X V2 Managed Switch User Manual Queue policing Configure the queue policer settings for all switch ports in the QoS Ingress Queue Policers page...

Page 215: ...cers are enabled Unit Controls the unit of measure for the queue policer rate as kbps or Mbps This field is only shown if at least one of the queue policers are enabled Buttons Click Apply to apply ch...

Page 216: ...ion Port The logical port for the settings contained in the same row Click on the port number to configure the shapers For more details refer to Understanding QoS on page 205 Q0 Q7 Shows disabled or a...

Page 217: ...The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth Queue Scheduler Weight Controls the weight for this queue The default value is 17 This valu...

Page 218: ...ll switch ports The page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number to configure tag remarking For furth...

Page 219: ...nd DP level PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS class DP...

Page 220: ...ndow for the specific DSCP All Classify all DSCP Egress Selections for Rewrite are as follows Disable No egress rewrite Enable Rewrite enabled without remapping Remap DP Unaware DSCP from the analyzer...

Page 221: ...Maximum number of supported DSCP values is 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level...

Page 222: ...owing fields Object Description DSCP The maximum number of supported DSCP values is 64 and valid DSCP values range from 0 to 63 Ingress The Ingress side of DSCP can be first translated to new DSCP bef...

Page 223: ...vert to previously saved values DSCP classification The DSCP Classification page permits mapping a DSCP value to a QoS Class and DPL value The page includes the following fields Object Description QoS...

Page 224: ...s the OUI field of Source MAC address i e the first three octets in bytes of the MAC address Tag Type Indicates tag type Selections include Any Match tagged and untagged frames Default value Untagged...

Page 225: ...ified DSCP value Modification Buttons Modify each QCE in the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down the l...

Page 226: ...Chapter 4 Web configuration 222 NS4702 24P 4X V2 Managed Switch User Manual The page includes the following fields...

Page 227: ...are 0x00 to 0xFF or Any default value Control Address Control Address selections are 0x00 to 0xFF or Any default value SNAP PID PID a k a Ethernet type elections are 0x00 to 0xFFFF or Any default valu...

Page 228: ...Control List Status page shows the QCL status by different QCL users Each row describes the QCE that is defined A conflict occurs if a specific QCE is not applied to the hardware due to hardware limit...

Page 229: ...it shows conflict status as Yes otherwise it is always No Conflict can be resolved by releasing the hardware resources required to add the QCL entry by clicking the Resolve Conflict button Buttons Sel...

Page 230: ...3200 when the Unit is Mbps or kfps Unit Controls the unit of measure for the storm control rate as kbps Mbps fps or kfps The default value is kbps Buttons Click Apply to apply changes Click Reset to u...

Page 231: ...for frames marked with Drop Precedence Level 2 when the average queue filling level is 100 This value is restricted to 0 100 Max DP3 Controls the drop probability for frames marked with Drop Precedenc...

Page 232: ...Q7 There are eight QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Buttons Click Refresh to refresh the page Click Clear to clear th...

Page 233: ...ID in the system and cannot equal each port PVID A configuration conflict occurs if the value equals management VID MVR VID PVID etc The permitted range is 1 to 4095 Aging Time Indicates the Voice VLA...

Page 234: ...scovery protocol to OUI or LLDP restarts the auto detect process Selections include OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP Voice VLAN OU...

Page 235: ...rioritized for various situations In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or d...

Page 236: ...nd learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is shown the rate limiter operation is disabled...

Page 237: ...ased ACE will not get matched by IP and ARP frames ARP The ACE matches ARP RARP frames IPv4 The ACE matches all IPv4 frames IPv4 ICMP The ACE matches IPv4 frames with ICMP protocol IPv4 UDP The ACE ma...

Page 238: ...ick Clear to clear the counters Click Remove All to remove all ACEs ACE configuration Configure an ACE Access Control Entry on the ACE Configuration page An ACE consists of several parameters that var...

Page 239: ...r is specified policy filter status is don t care Specific If you want to filter a specific policy with this ACE choose this value Two fields for entering a policy value and bitmask appear Policy Valu...

Page 240: ...s ACE is dropped Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled Port Redirect Frames that hit...

Page 241: ...want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears DMAC Value When Specific is selected for the DMAC filter you can enter a spe...

Page 242: ...sk When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation Target IP Filter Specify the target IP filter for this specific ACE Any No targe...

Page 243: ...Any Any value is allowed don t care IP Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1...

Page 244: ...e IP Fragment Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offset FRAG OFFSET field for an IPv4 frame No IPv4 frames wher...

Page 245: ...elect TCP to filter IPv6 TCP protocol frames Extra fields for defining TCP parameters appear Next Header Value When Specific is selected for the IPv6 next header value you can enter a specific value T...

Page 246: ...filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP value ICMP Code Filter Specify the ICMP code filter for this ACE Any No ICMP code...

Page 247: ...ion value A field for entering a TCP UDP destination value appears Range To filter a specific range TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination range value A...

Page 248: ...care Ethernet type parameters Ethernet Type parameters can be configured when Ethernet Type is selected as the Frame Type Object Description EtherType Filter Specify the Ethernet type filter for this...

Page 249: ...when action is permitted Logging Specify the logging operation of this port Selections include Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port ar...

Page 250: ...e Click Clear to clear the counters ACL rate limiter configuration Configure the rate limiter for the ACL of the managed switch on the ACL Rate Limiter Configuration page The page includes the followi...

Page 251: ...he authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or R...

Page 252: ...e following options Remote Authentication Dial in User Service RADIUS Terminal Access Controller Access Control System Plus TACACS Local user name and privilege level control RADIUS and TACACS are log...

Page 253: ...ent server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device Controls the physical access to the network based...

Page 254: ...entity Note If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three att...

Page 255: ...egins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an accept frame from the authentication server the port state changes to authorized...

Page 256: ...pply to apply changes Click Reset to undo any changes made locally and revert to previously saved values Network access server configuration Configure the IEEE 802 1X and MAC based authentication syst...

Page 257: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 253...

Page 258: ...Chapter 4 Web configuration 254 NS4702 24P 4X V2 Managed Switch User Manual The page includes the following fields System configuration...

Page 259: ...the NAS module uses the port security module to secure MAC addresses the port security module needs to check for activity on the MAC address in question at regular intervals and free resources if no a...

Page 260: ...ial VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the G...

Page 261: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 257 Port configuration The table has one row for each port on the selected switch and a number of columns which are...

Page 262: ...Chapter 4 Web configuration 258 NS4702 24P 4X V2 Managed Switch User Manual Object Description Port The port number for which the configuration below applies...

Page 263: ...g a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two back...

Page 264: ...best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent...

Page 265: ...when a supplicant is successfully authenticated If present and valid the port s Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the port will be fo...

Page 266: ...transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the p...

Page 267: ...e The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID Th...

Page 268: ...ails to be displayed The page includes the following fields Port state Object Description Admin State The port s current administrative state Refer to NAS Admin State for a description of possible val...

Page 269: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 265 Port counters...

Page 270: ...han Response Identity frames that have been received by the switch Rx Start dot1xAuthEapolStartFr amesRx The number of EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapol...

Page 271: ...nfiguration NS4702 24P 4X V2 Managed Switch User Manual 267 Tx Requests dot1xAuthEapolReqFr amesTx The number of valid EAPOL Request frames other than Request Identity frames that have been transmitte...

Page 272: ...eceived from the back end server for this port left most table or client right most table Rx Other Requests dot1xAuthBack endOtherRequestsTo Supplicant 802 1X based Counts the number of times that the...

Page 273: ...counted Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states Port based 802 1X...

Page 274: ...AC address of the attached client Clicking the link causes the client s back end server counters to be shown in the Selected Counters table If no clients are attached it shows no clients attached VLAN...

Page 275: ...nt s counters Performing this action will not clear Last Client This button is available in the following modes Multi 802 1X MAC based Auth X Click Clear This to clear only the currently selected clie...

Page 276: ...r and the switch NAS IP Address The IPv4 address to be used as attribute 4 in RADIUS Access Request packets If this field is left blank the IP address of the outgoing interface is used NAS IPv6 Addres...

Page 277: ...ed to the table and the RADIUS server can be configured as needed Up to five servers are supported Click Delete to undo the addition of the new server Click Apply to apply changes Click Reset to undo...

Page 278: ...itch Server configuration The table has one row for each TACACS server and a number of columns which are Object Description Delete To delete a TACACS server entry select this check box The entry will...

Page 279: ...is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access or accounting attempts Dead X s...

Page 280: ...Server overview page provides detailed statistics for a particular RADIUS server The page includes the following fields RADIUS authentication statistics The statistics map closely to those specified i...

Page 281: ...f malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are...

Page 282: ...uration 278 NS4702 24P 4X V2 Managed Switch User Manual Tx Access Retransmissi ons radiusAuthClientEx tAccessRetransmis sions The number of RADIUS Access Request packets retransmitted to the RADIUS au...

Page 283: ...entEx tPendingRequests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sen...

Page 284: ...tTimeouts The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a...

Page 285: ...server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is d...

Page 286: ...ining invalid authenticators received from the server Rx Unknown Types radiusAccClientEx tUnknownTypes The number of RADIUS packets of unknown types that were received from the server on the accountin...

Page 287: ...t yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to th...

Page 288: ...uration Set up the RADIUS server and assign the client IP address to the managed switch in this case the field in the default IP address of the managed switch with 192 168 0 100 Ensure that the shared...

Page 289: ...et key should be as same as the key configured on the managed switch 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration 6 Create user data The establishment of the user data n...

Page 290: ...Chapter 4 Web configuration 286 NS4702 24P 4X V2 Managed Switch User Manual 7 Right click a user that you created and then type in properties and configure settings...

Page 291: ...ws XP has native support for 802 1X The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wirele...

Page 292: ...Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type 7 Click OK 8 When the client has associated wit...

Page 293: ...ain that your account belongs to 10 Click OK to complete the validation process Security This section describes how to control access to the managed switch including user access and management control...

Page 294: ...er of users on a given port A user is identified by a MAC address and VLAN ID If limit control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceed...

Page 295: ...e shorter requested aging period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be required consider th...

Page 296: ...p If Limit 1 MAC addresses are seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent every time the limit is exceed...

Page 297: ...button causes the page to be refreshed resulting in the loss of non committed changes Buttons Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved v...

Page 298: ...dress Indicates the end IP address for the access management entry HTTP HTTPS Indicates the host can access the switch from the HTTP HTTPS interface and that the host IP address matched the entry SNMP...

Page 299: ...cess management mode is enabled Allow Packets The allowed packets number from the interface under access management mode is enabled Discard Packets The discarded packets number from the interface unde...

Page 300: ...d Disable HTTPS redirect mode operation Buttons Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved values SSH Configure SSH on the SSH Configurati...

Page 301: ...configuration Configuration comes indirectly from other user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unk...

Page 302: ...that may request Port Security services Object Description User Module Name The full name of a module that may request port security services Abbr A one letter abbreviation of the user module This is...

Page 303: ...ratively re opened on the Limit Control configuration web page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maxi...

Page 304: ...ecided to block this MAC address it will stay in the blocked state until the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is en...

Page 305: ...Chapter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 301 Configure DHCP Snooping on the DHCP Snooping Configuration page...

Page 306: ...changes made locally and revert to previously saved values Snooping table The Dynamic DHCP Snooping Table page displays the dynamic IP assigned information after DHCP Snooping mode is disabled All DHC...

Page 307: ...obal Mode and Port Mode on a given port are enabled will IP Source Guard be enabled on this port Max Dynamic Clients Specify the maximum number of dynamic clients that can be learned on given ports Th...

Page 308: ...e Guard table Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved values Dynamic IP source guard table Entries in the Dynamic IP Source Guard Table...

Page 309: ...Description Port The port number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entr...

Page 310: ...er Check VLAN The default setting of Check VLAN is disabled When Check VLAN is set to Disabled the log type of ARP Inspection refers to the port setting When Check VLAN is set to Enabled the log type...

Page 311: ...for the settings VLAN ID The VLAN ID for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Buttons Click Add New En...

Page 312: ...next lookup When the end is reached the text no more entries is shown in the displayed table Use the I button to start over The page includes the following fields Object Description Port The port numb...

Page 313: ...MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time MAC table configuration The MAC Address Table is configured on the MAC Address Table Configurati...

Page 314: ...al interface Static MAC table configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The MAC table is sorted first by VLAN ID and then by...

Page 315: ...two input fields will after clicking the Refresh button assume the value of the first displayed entry allowing for continuous refresh with the same start address The button uses the last entry of the...

Page 316: ...TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information...

Page 317: ...tted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 second...

Page 318: ...r capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighbors table If all ports have CDP awareness disabled the switch forwards CDP frames received from ne...

Page 319: ...er to achieve these related properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capable Net...

Page 320: ...ting altitude in a form more relevant in buildings which have different floor to floor dimensions An altitude of 0 0 is meaningful even outside a building and represents ground level at the given lati...

Page 321: ...t 42 Floor Floor Example 4 Room no Room number Example 450F Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O BOX Example 1234...

Page 322: ...identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between network connectivity devices and endpoints and therefore does not need to advertise...

Page 323: ...n the video conferencing application policy Tag Tag indicates if the specified application type is using a tagged or an untagged VLAN Untagged indicates that the device is using an untagged frame form...

Page 324: ...cies Buttons Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved values LLDP MED neighbor The LLDP MED Neighbor Information page provides a status...

Page 325: ...ase LLDP discovery services defined in TIA 1057 but do not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers o...

Page 326: ...ve voice services Guest Voice Signaling For use in network topologies that require a different policy for the guest voice signaling than for the guest voice media Softphone Voice For use by softphone...

Page 327: ...HY auto negotiation is supported by the link partner Auto negotiation status Auto negotiation status identifies if auto negotiation is currently enabled at the link partner If Auto negotiation is supp...

Page 328: ...t Address The neighbor unit s address that is used for higher layer entities to assist the discovery by the network management This could for instance hold the neighbor s IP address Buttons Click Auto...

Page 329: ...scarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard L...

Page 330: ...ts on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling The...

Page 331: ...tch otherwise the correct gateway IP address must be set up Buttons Click Start to transmit ICMP packets Click New Ping to re start diagnostics with ping IPv6 ping The ICMPv6 Ping page allows you to i...

Page 332: ...he best match interface for destination Do not specify an egress interface for loopback addresses Do specify an egress interface for link local or multicast addresses Buttons Click Start to transmit I...

Page 333: ...Cable Diagnostics page is used for running cable diagnostics Click Start to run the diagnostics This will take approximately five seconds If all ports are selected this can take approximately 15 seco...

Page 334: ...pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair cou...

Page 335: ...kept disabled in the event that a loop is detected and the port action shuts down the port Valid values are 0 to 604800 seconds seven days A value of zero keeps a port disabled until the next device...

Page 336: ...tection status of the port Loop Indicates if a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Click Auto refresh to refresh the page automati...

Page 337: ...save ID Indicates the index of the entry The range is from 1 to 65535 Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold The range is from 1 to 2 31...

Page 338: ...first value is larger than the rising threshold Falling Triggers alarm when the first value is less than the falling threshold RisingOrFalling Triggers alarm when the first value is larger than the ri...

Page 339: ...period Startup Alarm The alarm that may be sent when this entry is first set to valid Rising Threshold Rising threshold value Rising Index Rising event index Falling Threshold Falling threshold value...

Page 340: ...ound packets that are discarded when the packets are normal Community Specify the community when trap is sent The string length is from 0 to 127 default is public Event Last Time Indicates the value o...

Page 341: ...nt description Buttons Click Refresh to refresh the page immediately Click the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click I to update t...

Page 342: ...ociated with this history control entry stored in RMON The range is from 1 to 3600 default value is 50 Buckets Granted The number of data to be saved in the RMON Buttons Click Add New Entry to add a n...

Page 343: ...kets received that were less than 64 octets Oversize The total number of packets received that were longer than 1518 octets Frag The number of frames with a size less than 64 octets received with inva...

Page 344: ...e shows up to 99 entries from the Statistics table default is 20 entries per page The range of entries per page can be typed into the Start from Control Index and entries per page fields When initiall...

Page 345: ...were between 128 to 255 octets in length 256 511 The total number of packets including bad packets received that were between 256 to 511 octets in length 512 1023 The total number of packets includin...

Page 346: ...our switch has one port the neighbor port that would be blocked The neighbor port is connected to the owner port directly and this link is called the Ring Protection Link RPL Each switch sends an ETH...

Page 347: ...age The page includes the following fields Object Description Delete Select this check box to mark an MEP for deletion in the next save operation Instance The ID of the MEP Click on the ID of an MEP t...

Page 348: ...Level The MEG level of this MEP Flow Instance The MEP is related to this flow See Domain Tagged VID Port MEP An outer C S tag depending on VLAN port type is added with this VID Entering 0 means no TA...

Page 349: ...racters ICC Domain Name This is either ITU ICC MEG ID value 1 6 or IEEE Maintenance Domain Name depending on Format See Format MEG Id This is either ITU UMC MEG ID value 7 13 or IEEE Short MA Name dep...

Page 350: ...ontinuity check based on transmitting receiving CCM PDU that can be enabled disabled The CCM PDU is always transmitted as Multicast Class 1 Priority The priority to be inserted as PCP bits in a TAG if...

Page 351: ...other values is for further study Buttons Click Fault Management to go to the Fault Management page Click Performance Monitoring to go to the Performance Monitor page Click Refresh to refresh the page...

Page 352: ...instances 0 in this field indicates that no Port 1 APS MEP is associated with this instance Ring Type Type of protecting ring It can be either major ring or sub ring Major Ring ID Major ring group ID...

Page 353: ...e wait to restore timing value to be used in revertive switching The period of the WTR time can be configured by the operator in 1 minute steps between 5 and 12 minutes with a default value of 5 minut...

Page 354: ...ved APS on Port 1 according to the state transition tables in G 8032 WTR Remaining Remaining WTR timeout in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is...

Page 355: ...ion All Switch Numbers Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 Number ID The switch where you are requesting ERPS Port Configures the port number...

Page 356: ...AN Group Switch 1 Port 1 1 None 3001 Port 2 2 Owner 3001 Switch 2 Port 1 4 None 3001 Port 2 3 Neighbor 3001 Switch 3 Port 1 6 None 3001 Port 2 5 None 3001 The scenario is described as follows 1 Disabl...

Page 357: ...1 Connect a PC directly to switch 2 Do not connect to port 1 or 2 2 Log in to switch 2 and select Ring Ring Wizard 3 Set All Switch Number 3 and Number ID 2 Click Next to set the ERPS configuration fo...

Page 358: ...ystem IP camera system and Access Point AP group for the enterprise For example 24 cameras APs can be installed for company surveillance demands or to build a wireless roaming environment in the offic...

Page 359: ...ower source PSU power supply unit over the LAN infrastructure to powered devices PDs which are connected to ports Under some conditions the total output power required by PDs can exceed the maximum av...

Page 360: ...AF mode and 30 8 W by AT mode under classification power limit mode It is hardware limited Allocation mode In this mode the user allocates the amount of power that each port may reserve The allocated...

Page 361: ...PoE power to the PD according to LLDP configuration Power Supply Budget W Sets the limit value of the total PoE port provided power to the PDs The managed switch available maximum value is 440 Tempera...

Page 362: ...tart up one by one Note The PoE port will start up after the system program has completely finished running The page includes the following fields Object Description Sequential Power up Option Enables...

Page 363: ...dule Indicates the schedule profile mode Possible profiles are Profile1 Profile2 Profile3 Profile4 AF AT Mode Permits the user to select 802 3at or 802 3af compatibility mode The default vaule is 802...

Page 364: ...this case the port with the lowest priority is turned off and power is provided to the port with higher priority Power Allocation Limits the port PoE supply Watts The per port maximum value must less...

Page 365: ...apter 4 Web configuration NS4702 24P 4X V2 Managed Switch User Manual 361 PoE status Inspect the total power consumption total power reserved and current status for all PoE ports on the PoE Status pag...

Page 366: ...hed to the port as established by the classification process Class 0 is the default for PDs The PD is powered based on PoE class level if the system is working in classification mode A PD will return...

Page 367: ...specified time intervals and is a powerful function to help SMB or Enterprises save power and reduce cost Scheduled power recycling The managed switch allows each of the connected PoE IP cameras to r...

Page 368: ...Set the schedule profile mode Possible profiles are Profile1 Profile2 Profile3 Profile4 Week Day Set the weekday for enabling the PoE function Start Hour Set the hour for enabling the PoE function Sta...

Page 369: ...to apply changes Click Delete to delete the entry LLDP PoE neighbors The LLDP Neighbor PoE Information page provides a status overview for all LLDP PoE neighbors The displayed table contains a row fo...

Page 370: ...scription Mode Enables disables the per port PD alive check function All ports are disabled by default Ping PD IP Address Set the PoE device IP address in this field The PD s IP address must be set to...

Page 371: ...d issues an alarm message via syslog SMTP Alarm The system issues an alarm message via syslog SMTP Reboot Time 30 180s Set the PoE device rebooting time This is useful due to the different rebooting t...

Page 372: ...2 Managed Switch User Manual Port identification Configure each port response time for TruVision Navigator in the port identification Configuration page LCD LCD management The LCD Management page prov...

Page 373: ...LCD panel Disable Disables the read only mode feature Default Screen Choose the screen to display on the LCD after the system has booted up Saving a configuration will result in the new screen appear...

Page 374: ...stination address as well as the source address learning The managed switch will look up the address table for the destination address If not found this packet will be forwarded to all the other ports...

Page 375: ...e learning function of the managed switch the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to f...

Page 376: ...in the cable The updated IEEE 802 3at 2009 PoE standard also known as PoE or PoE plus provides up to 25 5 W of power The 2009 standard prohibits a powered device from using all four pairs for power Th...

Page 377: ...ansferred through the cable A standard CAT5 Ethernet cable has four twisted pairs but only two of these are used for 10BASE T and 100BASE TX The specification allows two options for using these cables...

Page 378: ...he in out rate of the port The managed switch doesn t connect to the network 1 Check the LNK ACT LED on the managed switch 2 Try another port on the managed switch 3 Make sure the cable is installed p...

Page 379: ...in a twisted pair cable or at a wiring panel while not expressly forbidden is beyond the scope of this standard 10 100Mbps 10 100BASE TX When connecting the managed switch to another Fast Ethernet swi...

Page 380: ...cable connection Straight Cable SIDE 1 SIDE 2 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6...

Page 381: ...ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains a...

Page 382: ...for each specific port property ACL Rate Limiters This page can be used to configure the rate limiters There can be 15 different rate limiters each ranging from 1 1024K packets per second The Ports a...

Page 383: ...d decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The...

Page 384: ...mote ID is 6 bytes in length and the value is equal to the DHCP relay agent s MAC address DHCP Snooping DHCP snooping is used to block an intruder on the untrusted ports of the switch device when it t...

Page 385: ...icast groups are in use simultaneously H HTTP Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted...

Page 386: ...ails With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the networ...

Page 387: ...s prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host L LACP LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling s...

Page 388: ...fined in RFC 1321 The MD5 Message Digest Algorithm Mirroring For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a...

Page 389: ...s of computer systems NTP uses UDP datagrams as the transport layer O OAM Operation Administration and Maintenance It is a protocol described in ITU T Y 1731 used to implement carrier Ethernet functio...

Page 390: ...is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining email on the server and for organizing it in folders on the server IMAP can be thought of as a rem...

Page 391: ...ueuing scheduling and congestion control guarantees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS c...

Page 392: ...t is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notific...

Page 393: ...clock synchronized IEEE 1588 T TACACS Terminal Acess Controller Access Control System Plus It is a networking protocol that provides access control for routers network access servers and other network...

Page 394: ...ultiple pieces of information Each of these pieces of information is known as a TLV TKIP Temporal Key Integrity Protocol It is used in WPA to replace WEP with a new encryption algorithm TKIP comprises...

Page 395: ...switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs...

Page 396: ...A is based on a Draft 3 of the IEEE 802 11i standard WPA Radius Wi Fi Protected Access Radius 802 1X authentication server WPA was designed to enhance the security of wireless networks There are two f...

Reviews:

No comments