Home
/
Intelligent network solutions
/
561112
/
User Manual

Intelligent network solutions 561112, User Manual, Page: 83 / 354

Share

Page: 83 / 354

Intelligent network solutions 561112 User Manual Download Page 83

Chapter

3:

Web

Management

Security

‐

Network

‐

NAS

(Network

Access

Server)

Intelinet

48

‐

Port

Gigabit

Ethernet

PoE+

Managed

Switch

User

Manual

|

83

requests

and

responses

between

the

supplicant

and

the

authentication

server.

Frames

sent

between

the

supplicant

and

the

switch

are

special

802.1X

frames,

known

as

EAPOL

(EAP

Over

LANs)

frames.

EAPOL

frames

encapsulate

EAP

PDUs

(RFC3748).

Frames

sent

between

the

switch

and

the

RADIUS

server

are

RADIUS

packets.

RADIUS

packets

also

encapsulate

EAP

PDUs

together

with

other

attributes

like

the

switch's

IP

address,

name,

and

the

supplicant's

port

number

on

the

switch.

EAP

is

very

flexible,

in

that

it

allows

for

different

authentication

methods,

like

MD5

‐

Challenge,

PEAP,

and

TLS.

The

important

thing

is

that

the

authenticator

(the

switch)

doesn't

need

to

know

which

authentication

method

the

supplicant

and

the

authentication

server

are

using,

or

how

many

information

exchange

frames

are

needed

for

a

particular

method.

The

switch

simply

encapsulates

the

EAP

part

of

the

frame

into

the

relevant

type

(EAPOL

or

RADIUS)

and

forwards

it.

When

authentication

is

complete,

the

RADIUS

server

sends

a

special

packet

containing

a

success

or

failure

indication.

Besides

forwarding

this

decision

to

the

supplicant,

the

switch

uses

it

to

open

up

or

block

traffic

on

the

switch

port

connected

to

the

supplicant.

Note:

Suppose

two

backend

servers

are

enabled

and

that

the

server

timeout

is

configured

to

X

seconds

(using

the

AAA

configuration

page),

and

suppose

that

the

first

server

in

the

list

is

currently

down

(but

not

considered

dead).

Now,

if

the

supplicant

retransmits

EAPOL

Start

frames

at

a

rate

faster

than

X

seconds,

then

it

will

never

get

authenticated,

because

the

switch

will

cancel

on

‐

going

backend

authentication

server

requests

whenever

it

receives

a

new

EAPOL

Start

frame

from

the

supplicant.

And

since

the

server

hasn't

yet

failed

(because

the

X

seconds

haven't

expired),

the

same

server

will

be

contacted

upon

the

next

backend

authentication

server

request

from

the

switch.

This

scenario

will

loop

forever.

Therefore,

the

server

timeout

should

be

smaller

than

the

supplicant's

EAPOL

Start

frame

retransmission

rate.

Single

802.1X

In

port

‐

based

802.1X

authentication,

once

a

supplicant

is

successfully

authenticated

on

a

port,

the

whole

port

is

opened

for

network

traffic.

This

allows

other

clients

connected

to

the

port

(for

instance

through

a

hub)

to

piggy

‐

back

on

the

successfully

authenticated

client

and

get

network

access

even

though

they

really

aren't

authenticated.

To

overcome

this

security

breach,

use

the

Single

802.1X

variant.

Single

802.1X

is

really

not

an

IEEE

standard,

but

features

many

of

the

same

characteristics

as

does

port

‐

based

802.1X.

In

Single

802.1X,

at

most

one

supplicant

can

get

authenticated

on

the

port

at

a

time.

Normal

EAPOL

frames

are

used

in

the

communication

between

the

supplicant

and

the

switch.

If

more

than

one

supplicant

is

connected

to

a

port,

the

one

that

comes

first

when

the

port's

link

comes

up

will

be

the

first

one

considered.

If

that

supplicant

doesn't

provide

valid

credentials

within

a

certain

amount

of

time,

another

supplicant

will

get

a

chance.

Once

a

supplicant

is

successfully

«
...
81
82
83
84
85
...
»

Summary of Contents for 561112

Page 1: ...48 PORT GIGABIT ETHERNET POE LAYER2 MANAGED SWITCH WITH 10 GBE UPLINK USER MANUAL Model 561112...

Page 2: ...ere is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning...

Page 3: ...Web Management Configure 24 3 1 1 Configuration System 26 3 1 1 1 System Information 26 3 1 1 2 System IP 27 3 1 1 3 System NTP 31 3 1 1 4 System Time 32 3 1 1 5 System Log 34 3 1 2 Configuration Gre...

Page 4: ...imit Control 73 3 1 5 10 Security Network NAS Network Access Server 77 3 1 5 11 Security Network ACL 90 3 1 5 11 1 Security Network ACL Ports 90 3 1 5 11 2 Security Network ACL Rate Limiter 92 3 1 5 1...

Page 5: ...1 11 2 2 IPMC MLD Snooping VLAN Configuration 149 3 1 11 2 3 IPMC MLD Snooping Port Group Filtering 151 3 1 12 Configuration LLDP 152 3 1 12 1 LLDP LLDP 152 3 1 12 2 LLDP LLDP MED 155 3 1 13 Configur...

Page 6: ...GVRP Global Config 211 3 1 22 2 GVRP Port Config 212 3 1 23 Configuration sFlow 213 3 2 Web Management Monitor 216 3 2 1 Monitor System 216 3 2 1 1 System Information 216 3 2 1 2 System CPU Load 218 3...

Page 7: ...2 5 3 2 Security AAA RADIUS Details 262 3 2 5 4 Security Switch RMON 266 3 2 5 4 1 Security Switch RMON Statistics 266 3 2 5 4 2 Security Switch RMON History 269 3 2 5 4 3 Security Switch RMON Alarm 2...

Page 8: ...2 11 5 LLDP Port Statistics 309 3 2 12 Monitor PoE 311 3 2 13 Monitor MAC Table 314 3 2 14 Monitor VLANs 317 3 2 14 1 VLANs VLAN Membership 317 3 2 14 2 VLANs VLAN Ports 319 3 2 15 Monitor sFlow 321 3...

Page 9: ...Before You Begin This section contains introductory information which includes Intended Readers Icons for Note Caution and Warning Product Package Contents...

Page 10: ...and terminologies Icons for Note Caution and Warning To install configure use and maintain this product properly please pay attention when you see these icons in this manual A Note icon indicates impo...

Page 11: ...stall this product please check and verify the contents of the product package which should include the following items One Network Switch One Power Cord One User Manual CD One pair Rack mount kit 8 S...

Page 12: ...roduct Overview This section will give you an overview of this product including its feature functions and hardware software specifications Product Brief Description Product Specification Hardware Des...

Page 13: ...etter performance and efficiency 2 10 Gigabit SFP Open Slots The switch equips with 2 10G SFP open slots as the uplink ports the 10G uplink design provides an excellent solution for expanding your net...

Page 14: ...apability on PD PD Alive Check PD Classification Power Management per port Enable Disable PoE Per Port Priority Setting Per Port Power Level Setting Per Port Overloading Protection L2 Features Auto ne...

Page 15: ...2 L3 L4 IP Source Guard RADIUS Authentication Authorization Accounting TACACS HTTP SSL Secure Web SSH v2 0 Secured Telnet Session MAC IP Filter Management Command Line Interface CLI Web Based Manageme...

Page 16: ...802 3af Power over Ethernet PoE IEEE 802 3at Power over Ethernet PoE IEEE 802 3az Energy Efficient Ethernet EEE IEEE 802 3x Flow Control IEEE 802 1Q VLAN IEEE802 1v Protocol VLAN IEEE 802 1p Class of...

Page 17: ...The LED Indicators present real time information of systematic operation status Each of the switch s RJ45 port has two LEDs the green LED indicates RJ45 connection status data link and the amber LED i...

Page 18: ...t Specification Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 18 Rear Panel The rear panel of the Full Management PoE switch contains 2 ventilation fans a power switch and a...

Page 19: ...100 ohm Max 100m 100 Base TX 2 pair UTP STP CAT 5 cable EIA TIA 568 100 ohm Max 100m 1000 Base T 4 pair UTP STP CAT 5 cable EIA TIA 568 100 ohm Max 100m PoE To delivery power properly it is recommende...

Page 20: ...Chapter 2 Preparing for Management In Preparing for Management This section will guide your how to manage this product via management web page Preparation for Web Interface...

Page 21: ...y 1 Verify that the network interface card NIC of your PC is operational and properly installed and that your operating system supports TCP IP protocol 2 Connect your PC with the switch via an RJ45 ca...

Page 22: ...linet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 22 6 The web browser will prompt you to sign in The default username password for the configuration web page is admin 1234 For more...

Page 23: ...face You can make all settings and monitor system status with this management web page Configuration Monitor options included in the management web page can be divided into the following 4 categories...

Page 24: ...here to prevent network loop Spanning Tree Spanning Tree Protocol is a network designed to ensure a loop free network and provide redundant links that serve as automatic backup paths if an active link...

Page 25: ...ty of Service which allows you to control the network priority which packet gets top priority to transmit and which gets low priority via IEEE 802 1p or DSCP Mirroring For purposes such as network dia...

Page 26: ...h By convention this is the switch s fully qualified domain name A domain name is a text string drawn from the alphabet A Z a z digits 0 9 minus sign No space characters are permitted as part of a nam...

Page 27: ...his setting controls the DNS name resolution done by the switch The following modes are supported From any DHCP interfaces The first DNS server offered from a DHCP lease to a DHCP enabled interface wi...

Page 28: ...s obtained Legal values are 0 to 4294967295 seconds IPv4 DHCP Current Lease For DHCP interfaces with an active lease this column show the current interface address as provided by the DHCP server IPv4...

Page 29: ...in number of bits prefix length It defines how much of a network address that must match in order to qualify for this route Valid values are between 0 and 32 bits respectively 128 for IPv6 routes Only...

Page 30: ...ter 3 Web Management Web Management Configure Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 30 Reset Click to undo any changes made locally and revert to previously saved va...

Page 31: ...ess is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be...

Page 32: ...to identify the time zone You can use up to 16 alphanumeric characters and punctuations such as _ and Daylight Saving Time Configuration When enabled the switch will set the clock forward or backward...

Page 33: ...the starting hour Minutes Select the starting minute End time settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes S...

Page 34: ...The system log packet will always send out even if the system log server does not exist Possible modes are Enabled Enable server mode operation Disabled Disable server mode operation Server Address I...

Page 35: ...pushbutton and a 4 high tower of LEDs is placed next to the front Ethernet port LEDs The pushbutton selects between four different port LED modes indicated by the 4 high LED mode tower After 30 secon...

Page 36: ...shall be set to a new intensity If no intensity is specified for the next hour the intensity is set to default intensity Intensity The LEDs intensity 100 Full power 0 LED off Maintenance Maintenance...

Page 37: ...at both the receiving and transmitting device has all circuits powered up when traffic is transmitted The devices can exchange wakeup time information using the LLDP protocol EEE works for ports in au...

Page 38: ...g the power for a port when there is no link The port is power up for short moment in order to determine if cable is inserted PerfectReach Cable length power savings enabled PerfectReach works by dete...

Page 39: ...ration Auto Cu port auto negotiating speed with the link partner and selects the highest speed that is compatible with the link partner 10Mbps HDX Forces the cu port in 10Mbps half duplex mode 10Mbps...

Page 40: ...aximum Frame Size Enter the maximum frame size allowed for the switch port including FCS Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions d...

Page 41: ...ode to enable disable DHCP server per VLAN VLAN Range Indicate the VLAN range in which DHCP server is enabled or disabled The first VLAN ID must be smaller than or equal to the second VLAN ID BUT if t...

Page 42: ...nual 42 Mode Indicate the the operation mode per VLAN Possible modes are Enabled Enable DHCP server per VLAN Disabled Disable DHCP server pre VLAN Buttons Add VLAN Range Click to add a new VLAN range...

Page 43: ...dresses IP Range Define the IP range to be excluded IP addresses The first excluded IP must be smaller than or equal to the second excluded IP BUT if the IP range contains only 1 excluded IP then you...

Page 44: ...configuration page Name Configure the pool name that accepts all printable characters except white space If you want to configure the detail settings you can click the pool name to go into the configu...

Page 45: ...Gigabit Ethernet PoE Layer2 Managed Switch User Manual 45 Lease Time Display lease time of the pool Buttons Add New Pool Click to add a new DHCP pool Save Click to save changes Reset Click to undo any...

Page 46: ...operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration...

Page 47: ...And the DHCP broadcast message won t be flooded for security considerations Disabled Disable DHCP relay mode operation Relay Server Indicates the DHCP relay server IP address Relay Information Mode In...

Page 48: ...relay agent information it will enforce the policy The Replace policy is invalid when relay information mode is disabled Possible policies are Replace Replace the original relay information when a DHC...

Page 49: ...o click on the link to configure user account Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is grant...

Page 50: ...need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5...

Page 51: ...efines these privilege level groups in details System Contact Name Location Timezone Daylight Saving Time Log Security Authentication System Access Management Port contains Dot1x port MAC based and th...

Page 52: ...the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics User Privilege should be same...

Page 53: ...tication is disabled and login is not possible Local use the local user database on the stack for authentication RADIUS use a remote RADIUS server for authentication TACACS use a remote TACACS server...

Page 54: ...Configure SSH on this page Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Save Click to save changes Reset Clic...

Page 55: ...modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation Automatically redirects web browser to an HTTPS conn...

Page 56: ...he start IP address for the access management entry End IP address Indicates the end IP address for the access management entry HTTP HTTPS Indicates that the host can access the switch from HTTP HTTPS...

Page 57: ...Chapter 3 Web Management Security Switch Privilege Level Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 57...

Page 58: ...ion is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2...

Page 59: ...eration Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap support...

Page 60: ...operation Disabled Disable SNMP trap link up and link down mode operation Trap Inform Mode Indicates the SNMP trap inform mode operation Possible modes are Enabled Enable SNMP trap inform mode operat...

Page 61: ...itch User Manual 61 Indicates the SNMP trap security name SNMPv3 traps and informs using USM for authentication and privacy A unique security name is needed when traps and informs are enabled Buttons...

Page 62: ...h is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP...

Page 63: ...erName are the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which thi...

Page 64: ...ssword A string identifying the authentication password phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40...

Page 65: ...usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII character...

Page 66: ...ible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded In general if a view...

Page 67: ...es the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication an...

Page 68: ...te the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switc...

Page 69: ...add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 defau...

Page 70: ...tocol InDiscards The number of inbound packets that are discarded even the packets are normal InErrors The number of inbound packets that contained errors preventing them from being deliverable to a h...

Page 71: ...alarm when the first value is larger than the rising threshold FallingTrigger alarm when the first value is less than the falling threshold RisingOrFallingTrigger alarm when the first value is larger...

Page 72: ...eceived on the interface including framing characters Log The number of uni cast packets delivered to a higher layer protocol snmptrap The number of broad cast and multi cast packets delivered to a hi...

Page 73: ...ber of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module Por...

Page 74: ...forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and...

Page 75: ...Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as s...

Page 76: ...Chapter 3 Web Management Security Network Limit Control Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 76...

Page 77: ...limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software...

Page 78: ...ddresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in...

Page 79: ...r RADIUS assigned QoS Class is enabled on that port When unchecked RADIUS server assigned QoS Class is disabled on all ports RADIUS Assigned VLAN Enabled RADIUS assigned VLAN provides a means to centr...

Page 80: ...Chapter 3 Web Management Security Network NAS Network Access Server Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 80 ports...

Page 81: ...The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received o...

Page 82: ...tication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed networ...

Page 83: ...e that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated...

Page 84: ...nts that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1...

Page 85: ...ginal QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802...

Page 86: ...used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for the first set of these attributes tha...

Page 87: ...Chapter 3 Web Management Security Network NAS Network Access Server Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 87 configuration...

Page 88: ...n the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if...

Page 89: ...d immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the...

Page 90: ...ge header Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Action Select w...

Page 91: ...are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The allowed values...

Page 92: ...1 5 11 2 Security Network ACL Rate Limiter Configure the rate limiter for the ACL of the switch Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The allowed values a...

Page 93: ...ess port Policy Bitmask Indicates the policy number and bitmask of the ACE Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will m...

Page 94: ...e number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits t...

Page 95: ...o all port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the policy number filter for this ACE Any No policy filter is specified policy filt...

Page 96: ...anted permission for the ACE operation Deny The frame that hits this ACE is dropped Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that t...

Page 97: ...ess The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this SMAC value DMAC Filter Specify the destination MAC filte...

Page 98: ...r a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The...

Page 99: ...OP is don t care Request Frame must have ARP Request or RARP Request OP flag set Reply Frame must have ARP Reply or RARP Reply OP flag Sender IP Filter Specify the sender IP filter for this ACE Any No...

Page 100: ...IP mask in dotted decimal notation ARP Sender MAC Match Specify whether frames can hit the action according to their sender hardware address field SHA settings 0 ARP frames where SHA is not equal to...

Page 101: ...HRD settings 0 ARP RARP frames where the HLD is not equal to Ethernet 1 1 ARP RARP frames where the HLD is equal to Ethernet 1 Any Any value is allowed don t care Ethernet Specify whether frames can...

Page 102: ...defining UDP parameters will appear These fields are explained later in this help file TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fiel...

Page 103: ...ecify the source IP address in the SIP Address field that appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields tha...

Page 104: ...t Security Network DHCP Relay Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 104 When Network is selected for the destination IP filter you can enter a specific DIP mask in d...

Page 105: ...c is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP value ICMP Code Filter Specify the ICMP code filter for...

Page 106: ...ific TCP UDP source range value A field for entering a TCP UDP source value appears TCP UDP Source No When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source va...

Page 107: ...ACE matches this TCP UDP destination value TCP FIN Specify the TCP No more data from sender FIN value for this ACE 0 TCP frames where the FIN field is set must not be able to match this entry 1 TCP fr...

Page 108: ...e ACK field is set must not be able to match this entry 1 TCP frames where the ACK field is set must be able to match this entry Any Any value is allowed don t care TCP URG Specify the TCP Urgent Poin...

Page 109: ...care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears Ethernet Type Value When Specific...

Page 110: ...ration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify...

Page 111: ...he entry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings IP Address Allowed Source IP address IP Mask It can be used for calculating...

Page 112: ...on Mode of ARP Inspection Configuration Enable the Global ARP Inspection or disable the Global ARP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Gl...

Page 113: ...ry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed...

Page 114: ...ble by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again T...

Page 115: ...ch the configuration below applies Enabled Enable the RADIUS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Authentication Server IP address is...

Page 116: ...which the configuration below applies Enabled Enable the RADIUS Accounting Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Accounting Server IP address is exp...

Page 117: ...CS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the TACACS Authentication Server IP address is expressed in dotted decimal notation Port The TCP port to...

Page 118: ...t Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address o...

Page 119: ...may consist of up to 16 members Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Me...

Page 120: ...ACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form max 12 LLAGs per switch and 2 GLAGs per stack Key The Key value in...

Page 121: ...Chapter 3 Web Management Aggregation LACP Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 121 Passive will wait for a LACP packet from a partner speak if spoken to...

Page 122: ...will wait for 30 seconds before sending a LACP packet Prio The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this param...

Page 123: ...eral Settings Enable Loop Protection Controls whether loop protections is enabled as a whole Transmission Time The interval between each loop protection PDU sent on each port valid values are 1 to 10...

Page 124: ...enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port...

Page 125: ...y Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identif...

Page 126: ...ol whether a port explicitly configured as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU T...

Page 127: ...cation Configuration Name The name identifying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning...

Page 128: ...can be given as a single xx xx being between 1 and 4094 VLAN or a range xx yy each of which must be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just...

Page 129: ...nfigurations and possibly change them as well MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numeric values have better pr...

Page 130: ...ct the current STP CIST port configurations and possibly change them as well This page contains settings for physical and aggregated ports The aggregation settings are stack global The STP port settin...

Page 131: ...n a port is initialized AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port o...

Page 132: ...A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well Point to Point Controls whether the port connects to a point to point LAN rather t...

Page 133: ...s page allows the user to inspect the current STP MSTI port configurations and possibly change them as well An MSTI port is a virtual port which is instantiated separately for each active CIST physica...

Page 134: ...by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The pa...

Page 135: ...ble the Global IPMC Profile System starts to do filtering based on profile settings only when the global profile mode is enabled Delete Check to delete the entry The designated entry will be deleted d...

Page 136: ...l be shown by clicking the view button You can manage or inspect the rules of the designated profile by using the following buttons Navigate List the rules associated with the designated profile Edit...

Page 137: ...which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Start Address The starting IPv4 IPv6 Multicast Group Address that will be used as an address...

Page 138: ...n a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to...

Page 139: ...the maximum time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership The value is in units of tenths of a seconds The range is from 0 to...

Page 140: ...with management VLAN ports Select the port role by clicking the Role symbol to switch the setting Immediate Leave Enable the fast leave on the port Buttons Add New NVR VLAN Click to add new MVR VLAN...

Page 141: ...annel Name Indicate the name of the Channel of the specific Multicast VLAN Maximum length of the Channel Name string is 32 Channel Name can only contain alphabets or numbers Channel name should contai...

Page 142: ...configuration is related to the currently selected stack unit as reflected by the page header Snooping Enabled Enable the Global IGMP Snooping Unregistered IPMCv4 Flooding Enabled Enable unregistered...

Page 143: ...oin and leave messages to the router side Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP que...

Page 144: ...om that or the next closest VLAN Table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in th...

Page 145: ...he time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in t...

Page 146: ...rt The logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Add New Filtering Group Click Add New Filtering Group button to add a new entry to the Group Filterin...

Page 147: ...D Snooping Unregistered IPMCv6 Flooding Enabled Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled When MLD Snooping is disabled unregister...

Page 148: ...the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leav...

Page 149: ...of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over MLD Snooping VLAN Table Co...

Page 150: ...onse Delay used to calculate the Maximum Response Code inserted into Multicast Address and Source Specific Query messages The allowed range is 0 to 31744 in tenths of seconds default last listener que...

Page 151: ...t The logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Add New Filtering Group Click Add New Filtering Group button to add a new entry to the Group Filtering...

Page 152: ...is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered...

Page 153: ...neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP informa...

Page 154: ...witch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded Port Descr Optional TLV When checked the port descript...

Page 155: ...LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start interaction be...

Page 156: ...ator or South of the equator Longitude Longitude SHOULD be normalized to within 0 180 degrees with a maximum of 4 digits It is possible to specify the direction to either East of the prime meridian or...

Page 157: ...Chapter 3 Web Management LLDP LLDP MED Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 157 water which would use Datum NAD83 MLLW...

Page 158: ...ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City City township shi Ja...

Page 159: ...ple 12345 Additional code Additional code Example 1320300003 Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Emergency Call Service Emergency Call Serv...

Page 160: ...ate network policy for the media types above A large network may support multiple VoIP policies across the entire organization and different policies per application type LLDP MED allows multiple poli...

Page 161: ...ed for use with an untagged VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance 6 Video Conferencing for use by dedicated Video Conferencing equipmen...

Page 162: ...alues 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 Adding a new policy Click Add New Policy to add a new policy Specify the Application type Tag VLAN ID L2...

Page 163: ...ss mode In this mode each port automatically determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Four different port classes exis...

Page 164: ...requests more power than available from the power supply Power Supply Configuration Primary and Backup Power Source Some switches support having two PoE power supplies One is used as primary power sou...

Page 165: ...devices requires more power than the power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the highest port number Maximum Power The Maxi...

Page 166: ...ed aging Configure aging time by entering a value here in seconds The allowed range is 10 to 1000000 seconds Disable the automatic aging of dynamic entries by checking the Disable automatic aging chec...

Page 167: ...n this table The static MAC table can contain 64 entries The maximum of 64 entries is for the whole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address Delete Che...

Page 168: ...select the starting point in the VLAN Table Clicking the Refresh button will update the displayed table starting from that or the closest next VLAN Table match The will use the last entry of the curre...

Page 169: ...VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected stack switch unit when you click on Save The VLAN is thereafter present on the other...

Page 170: ...ing on a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is d...

Page 171: ...ID a VLAN tag with the classified VLAN ID is inserted in the frame Port VLAN ID Configures the VLAN identifier for the port The allowed values are from 1 through 4095 The default value is 1 Note The...

Page 172: ...e currently selected stack unit as reflected by the page header This feature works across the stack Configuration Port Members A check box is provided for each port of a private VLAN When checked port...

Page 173: ...nclude a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding...

Page 174: ...do any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the pa...

Page 175: ...owing text field will vary depending on the new frame type you selected Value Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type select...

Page 176: ...unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 Note special character and underscore _ are not allowed Adding a New Group to V...

Page 177: ...h Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check...

Page 178: ...k Length Indicates the network mask length VLAN ID Indicates the VLAN ID VLAN ID can be changed for the existing entries Port Members A row of check boxes for each port is displayed for each IP subnet...

Page 179: ...r2 Managed Switch User Manual 179 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page...

Page 180: ...e VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disab...

Page 181: ...Web Management Voice VLAN Configuration Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 181 Indicates the Voice VLAN traffic class All traffic on the Voice VLAN will apply th...

Page 182: ...resses in the Voice VLAN will be blocked for 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice VLAN security mode operation Port Discovery Pro...

Page 183: ...leted during the next save Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexad...

Page 184: ...ls the default QoS class All frames are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN a...

Page 185: ...rt is VLAN aware and the frame is tagged then the frame is classified to a DP level that is equal to the DEI value in the tag Otherwise the frame is classified to the default DP level The classified D...

Page 186: ...er the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted...

Page 187: ...s an overview of QoS Egress Port Schedulers for all switch ports The ports belong to the currently selected stack unit as reflected by the page header Port The logical port for the settings contained...

Page 188: ...ueue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbp...

Page 189: ...this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the...

Page 190: ...ueue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbp...

Page 191: ...this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the...

Page 192: ...of QoS Egress Port Shapers for all switch ports The ports belong to the currently selected stack unit as reflected by the page header Port The logical port for the settings contained in the same row C...

Page 193: ...eue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps...

Page 194: ...his switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the U...

Page 195: ...eue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps...

Page 196: ...his switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the U...

Page 197: ...rking for all switch ports The ports belong to the currently selected stack unit as reflected by the page header Port The logical port for the settings contained in the same row Click on the port numb...

Page 198: ...t Tag Remarking for a specific port are configured on this page Mode Controls the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Us...

Page 199: ...to reduce the 2 bit classified DP level to a 1 bit DP level used in the QoS class DP level to PCP DEI mapping process QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS...

Page 200: ...ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress...

Page 201: ...1 Egress Port Egress Rewriting can be one of Disable No Egress rewrite Enable Rewrite enabled without remapping Remap DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Butt...

Page 202: ...DSCP Maximum number of supported DSCP values are 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence...

Page 203: ...e DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate 2 Classify 1 Translate DSCP at Ingres...

Page 204: ...tion This page allows you to configure the mapping of QoS class to DSCP value The settings relate to the currently selected stack unit as reflected by the page header QoS Class Actual QoS class DSCP S...

Page 205: ...ed by the page header Port The port number for which the configuration below applies Enabled Controls whether the storm control is enabled on this switch port Rate Controls the rate for the storm cont...

Page 206: ...ow applies Enable Controls whether RED is enabled for this queue Min Threshold Controls the lower RED threshold If the average queue filling level is below this threshold the drop probability is zero...

Page 207: ...he average queue filling level is 100 Frames marked with Drop Precedence Level 0 are never dropped Min Threshold is the average queue filling level where the queues randomly start dropping frames The...

Page 208: ...s received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Port to mirror to Port to mirror also known as...

Page 209: ...e mirror port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored on the mirror port Note...

Page 210: ...ertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive an SSDP advertisement message from this switch If a contr...

Page 211: ...is a value in the range 1 20 in the units of centi seconds i e in units of one hundredth of a second The default is 20 Leave time is a value in the range 60 300 in the units of centi seconds i e in un...

Page 212: ...Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 212 3 1 22 2 GVRP Port Config This page allows you to enable a port for GVRP Button Save Click to save changes Reset Click to undo any chan...

Page 213: ...ough local management using the Web or CLI interface or through SNMP This read only field shows the owner of the current sFlow configuration and assumes values as follows If sFlow is currently unconfi...

Page 214: ...t to a value that avoids fragmentation of the sFlow datagrams Valid range is 200 to 1468 bytes with default being 1400 bytes Port Configuration Port The port number for which the configuration below a...

Page 215: ...cifies the interval in seconds between counter poller samples Buttons Release See description under Owner Refresh Click to refresh the page Note that unsaved changes will be lost Save Click to save ch...

Page 216: ...act The system contact configured in Configuration System Information System Contact Name The system name configured in Configuration System Information System Name Location The system location config...

Page 217: ...igabit Ethernet PoE Layer2 Managed Switch User Manual 217 Software Date The date when the switch software was produced Buttons Auto refresh Check this box to refresh the page automatically Automatic r...

Page 218: ...onds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult the SVG Wiki for m...

Page 219: ...cache ARP cache status IP Interfaces Interface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Stat...

Page 220: ...net PoE Layer2 Managed Switch User Manual 220 The Link MAC address for which a binding to the IP address given exist Buttons Refresh Click to refresh the page immediately Auto refresh Check this box t...

Page 221: ...l All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 se...

Page 222: ...ere ID The ID 1 of the system log entry Message The detailed message of the system log entry Buttons Refresh Updates the system log entry to the current entry ID Updates the system log entry to the fi...

Page 223: ...hows if EEE is enabled for the port reflects the settings at the Port Power Savings configuration page LP EEE cap Shows if the link partner is EEE capable EEE In power save Shows if the system is curr...

Page 224: ...ts 3 2 3 1 Ports State This page provides an overview of the current switch port states The port states are illustrated as follows Status Disabled Down Link RJ45 ports SFP ports X2 ports Buttons Auto...

Page 225: ...he same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of...

Page 226: ...Chapter 3 Web Management Ports Traffic Overview Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 226...

Page 227: ...urrently selected stack unit as reflected by the page header Port The logical port for the settings contained in the same row Qn There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx T...

Page 228: ...s are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit Receive Total and Transmit Total Rx and Tx Packets The number of re...

Page 229: ...ack of receive buffers or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize Th...

Page 230: ...tch User Manual 230 Buttons Refresh Click to refresh the page immediately Clear Clears the counters for the selected port Auto refresh Check this box to refresh the page automatically Automatic refres...

Page 231: ...splay counters of various databases Pool Number of pools Excluded IP Address Number of excluded IP address ranges Declined IP Address Number of seclined IP addresses Binding Counters Display counters...

Page 232: ...sages received RELEASE Number of DHCP RELEASE messages received INFORM Number of DHCP INFORM messages received DHCP Message Sent Counters Display counters of DHCP messages sent by DHCP server OFFER Nu...

Page 233: ...enerates the binding Server ID Server IP address to service the binding Buttons Refresh Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic re...

Page 234: ...3 DHCP Server Declined IP This page displays declined IP addresses Declined IP Addresses Display IP addresses declined by DHCP clients Declined IP List of IP addresses declined Buttons Auto refresh Ch...

Page 235: ...ddress and VLAN input fields allows the user to select the starting point in the Dynamic DHCP snooping Table Clicking the Refresh button will update the displayed table starting from that or the close...

Page 236: ...is box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the input fields Clear Flushes all dynamic entries Updates the tab...

Page 237: ...number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID option missing Receive Missing Remote ID The number of packet...

Page 238: ...r of packets which were replaced with relay agent information option Keep Agent Option The number of packets whose relay agent information was retained Drop Agent Option The number of packets that wer...

Page 239: ...smitted Rx and Tx Offer The number of offer option 53 with value 2 packets received and transmitted Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted Rx a...

Page 240: ...3 Web Management DHCP Detailed Statistics Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 240 The number of lease unassigned option 53 with value 11 packets received and tran...

Page 241: ...mber of lease active option 53 with value 13 packets received and transmitted Rx Discarded checksum error The number of discard packet that IP UDP checksum is error Rx Discarded from Untrusted The num...

Page 242: ...ost can access the switch Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access...

Page 243: ...ames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set i...

Page 244: ...r modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached...

Page 245: ...ecurity Switch Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 245 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 secon...

Page 246: ...N ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwardin...

Page 247: ...min State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in...

Page 248: ...he field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If...

Page 249: ...lected by the table header Port State Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer t...

Page 250: ...8 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 250 Port Counters EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Fo...

Page 251: ...Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 251 Backend Server Counters These backend RADIUS frame counters are available for the following administrative states Port base...

Page 252: ...port is in one of the following administrative states Multi 802 1X MAC based Auth The table is identical to and is placed next to the Port Counters table and will be empty if no MAC address is curren...

Page 253: ...the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason the client will remain in the unauthenticated state for Hol...

Page 254: ...values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP...

Page 255: ...CE to CPU Counter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to...

Page 256: ...tart from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspection Table Clicking the Refresh button will update the displaye...

Page 257: ...eck this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the input fields Clear Flushes all dynamic entries Updates t...

Page 258: ...e Dynamic IP Source Guard Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields...

Page 259: ...Guard Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 259 Updates the table starting from the first entry in the Dynamic IP Source Guard Table Updates the table starting with...

Page 260: ...us of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled...

Page 261: ...y The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not...

Page 262: ...provides detailed statistics for a particular RADIUS server RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server se...

Page 263: ...Chapter 3 Web Management Security AAA RADIUS Details Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 263...

Page 264: ...tion about the state of the server and the latest round trip time RADIUS Accounting Statistics The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use the server sele...

Page 265: ...e server and the latest round trip time Buttons The server select box determines which server is affected by clicking the buttons Auto refresh Check this box to refresh the page automatically Automati...

Page 266: ...ton will update the displayed table starting from that or the next closest Statistics table match The button will use the last entry of the currently displayed entry as a basis for the next lookup Whe...

Page 267: ...ts received with invalid CRC Jabb The number of frames which size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions on this Ethernet segment 6...

Page 268: ...ns Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Updates the table starting from the first entry...

Page 269: ...losest History table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table...

Page 270: ...18 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jabb The number of frames which size is larger than 64 octets received with invalid CRC Coll The best es...

Page 271: ...ton will update the displayed table starting from that or the next closest Alarm table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is...

Page 272: ...alling Index Falling event index Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Updates th...

Page 273: ...e Clicking the Refresh button will update the displayed table starting from that or the next closest Event table match The will use the last entry of the currently displayed entry as a basis for the n...

Page 274: ...Chapter 3 Web Management Security Switch RMON Events Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 274...

Page 275: ...id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID La...

Page 276: ...he port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate toge...

Page 277: ...Chapter 3 Web Management LACP Port Status Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 277 Refresh Click to refresh the page...

Page 278: ...ts Port The switch port number LACP Received Shows how many LACP frames have been received at each port LACP Transmitted Shows how many LACP frames have been sent from each port Discarded Shows how ma...

Page 279: ...of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection...

Page 280: ...Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root...

Page 281: ...f RSTP BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received...

Page 282: ...er of RSTP BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s recei...

Page 283: ...Queries Transmitted The number of Transmitted Queries for IGMP and MLD respectively IGMPv1 Joins Received The number of Received IGMPv1 Join s IGMPv2 MLDv1 Report s Received The number of Received IG...

Page 284: ...VR Channels Groups Information Table Clicking the Refresh button will update the displayed table starting from that or the closest next MVR Channels Groups Information Table match In addition the two...

Page 285: ...ter 3 Web Management MVR MVR Channel Groups Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 285 Updates the table starting with the entry after the last entry currently displa...

Page 286: ...ning of the MVR SFM Information Table The Start from VLAN and Group Address input fields allow the user to select the starting point in the MVR SFM Information Table Clicking the Refresh button will u...

Page 287: ...Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 IPv6 address could...

Page 288: ...AN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific...

Page 289: ...cast device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configur...

Page 290: ...fresh button will update the displayed table starting from that or the closest next IGMP Group Table match In addition the two input fields will upon a Refresh button click assume the value of the fir...

Page 291: ...Chapter 3 Web Management IPMC IGMP Snooping Groups Information Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 291...

Page 292: ...rmation Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP SFM Information Table Clicking the Refresh button will update the displayed table start...

Page 293: ...Switch Indicates whether data plane destined to the specific group address from the source IPv4 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds R...

Page 294: ...ly Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Queries Transmitted The num...

Page 295: ...router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicate whether s...

Page 296: ...sh button will update the displayed table starting from that or the closest next MLD Group Table match In addition the two input fields will upon a Refresh button click assume the value of the first d...

Page 297: ...irst 20 entries from the beginning of the MLD SFM Information Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD SFM Information Table Clicking the...

Page 298: ...the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv6 address could be handled by chip or not Buttons...

Page 299: ...is ID is the identification of the neighbour s LLDP frames Port ID The Port ID is the identification of the neighbour port Port Description Port Description is the port description advertised by the n...

Page 300: ...Management Address is the neighbour unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbour s IP address Buttons...

Page 301: ...Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TI...

Page 302: ...reaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services defined in this...

Page 303: ...supporting interactive voice services 4 Guest Voice Signaling for use in network topologies that require a different policy for the guest voice Signaling than for the guest voice media 5 Softphone Voi...

Page 304: ...port is used instead Priority Priority is the Layer 2 priority to be used for the specified application type One of the eight priority levels 0 through 7 DSCP DSCP is the DSCP value to be used to pro...

Page 305: ...urce If it is unknown whether the PSE device is using its Primary Power Source or its Backup Power Source it is indicated as Unknown If the device is a PD device it can either run on its local power s...

Page 306: ...d Switch User Manual 306 The maximum allowed value is 102 3 W If the device indicates value higher than 102 3 W it is represented as reserved Buttons Auto refresh Check this box to refresh the page au...

Page 307: ...ime that receiver would like the transmitter to hold off to allow time for the receiver to wake from sleep Fallback Receive Tw The link partner s fallback receive Tw A receiving link partner may infor...

Page 308: ...LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE...

Page 309: ...d since the last change was detected Total Neighbours Entries Added Shows the number of new entries added since switch reboot Total Neighbours Entries Deleted Shows the number of new entries deleted s...

Page 310: ...received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and d...

Page 311: ...a class that defines the maximum power the PD will use The PD Class shows the PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max po...

Page 312: ...Chapter 3 Web Management Monitor PoE Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 312 Current Used The Power Used shows how much current the PD currently is using...

Page 313: ...isabled by user PoE turned OFF Power budget exceeded The total requested or used power by the PDs exceeds the maximum power the Power Supply can deliver and port s with the lowest priority is are powe...

Page 314: ...in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting fro...

Page 315: ...Chapter 3 Web Management Monitor MAC Table Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 315 The VLAN ID of the entry...

Page 316: ...refresh Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Clear Flushes all dynamic entries Updates the tabl...

Page 317: ...the following image will be displayed If a port is in the forbidden port list the following image will be displayed If a port is in the forbidden port list and at the same time attempted included in t...

Page 318: ...rt Gigabit Ethernet PoE Layer2 Managed Switch User Manual 318 Buttons Select VLAN Users from this drop down list Auto refresh Check this box to refresh the page automatically Automatic refresh occurs...

Page 319: ...as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server Voice VLAN Voice VLAN is a VLAN configured specially...

Page 320: ...whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded Tx T...

Page 321: ...ntains Configured through local management If sFlow is currently configured through SNMP Owner contains a string identifying the sFlow receiver IP Address Hostname The IP address or hostname of the sF...

Page 322: ...rt Here flow samples are divided into Rx and Tx flow samples where Rx flow samples contains the number of packets that were sampled upon reception ingress on the port and Tx flow samples contains the...

Page 323: ...uested data space the ICMP header The page refreshes automatically until responses to all packets are received or until a timeout occurs PING server 10 10 132 20 56 bytes of data 64 bytes from 10 10 1...

Page 324: ...eb Management Diagnostics Ping Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 324 Buttons Start Click to start transmitting ICMP packets New Ping Click to re start diagnostic...

Page 325: ...bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2 time 0ms 64 bytes from 10 10 132 20 icmp_seq 3 time 0ms 64 bytes from...

Page 326: ...140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is compl...

Page 327: ...nt Diagnostics VeriPHY Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 327 Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable pair The r...

Page 328: ...maintenance such rebooting the PoE switch reset all settings except Switch s IP address back to default value updating switch firmware or upload download all system settings 3 4 1 Maintenance Restart...

Page 329: ...ately which means that no restart is necessary Buttons Yes Click to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the configuration Note Resto...

Page 330: ...s Choose File Click this button to choose the firmware file Update Click this button to start upload the firmware The system will inform you when the new firmware is uploaded to the switch After updat...

Page 331: ...Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 331 3 4 3 Maintenance Configuration 3 4 3 1 Configuration Save You can save all the current setting values as a file in XML format Buttons...

Page 332: ...ad Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 332 3 4 3 2 Configuration Load Buttons Choose File Click this button to choose the configuration file that you ve saved Uplo...

Page 333: ...n within the product s operating temperature range may cause malfunctions DO NOT install this product in a location near any sources of water or liquid DO NOT stack this product with other network dev...

Page 334: ...l guide you to set the IP address properly in a Microsoft Windows 8 environment Setting IP address in other Microsoft operating system such as Windows Vista or Windows 7 is quite the same and can be r...

Page 335: ...hernet PoE Layer2 Managed Switch User Manual 335 3 An Ethernet Status window will pop up Please click on the Properties button as shown in the figure down below 4 An Ethernet Properties window will po...

Page 336: ...ress and subnet mask as shown in the figure down below By default your product s IP address should be 192 168 2 1 You can set any IP address as long as it s not the same with your product s IP address...

Page 337: ...Appendix B IP Configuration for Your PC Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 337...

Page 338: ...or the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to...

Page 339: ...r ingress port s Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability ARP ARP is an acronym for Ad...

Page 340: ...nd client while the first client s assignment is valid its lease has not expired Therefore IP address pool management is done by the server and not by a human network administrator Dynamic addressing...

Page 341: ...ystem It stores and associates many types of information with domain names Most importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For ex...

Page 342: ...imultaneously This processing applies to IGMP and MLD H HTTP HTTP is an acronym for Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW H...

Page 343: ...out routing difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X IEEE 802 1X is an IEEE standard f...

Page 344: ...ing data across an internet network IP is a best effort system which means that no packet of information sent over is assured to reach its destination in the same condition it was sent Each device con...

Page 345: ...LLDP is an IEEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the s...

Page 346: ...matically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age ti...

Page 347: ...ome TLVs it is configurable if the switch shall include the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLVs is disabled the corresponding information is not included in...

Page 348: ...It could for example be used for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply Policer A...

Page 349: ...e voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS i...

Page 350: ...or Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail me...

Page 351: ...onym for Terminal Acess Controller Access Control System Plus It is a networking protocol which provides access control for routers network access servers and other networked computing devices via one...

Page 352: ...not provide directory service and security features ToS ToS is an acronym for Type of Service It is implemented as the IPv4 ToS priority control It is fully decoded to determine the priority from the...

Page 353: ...ict communication between switch ports VLANs can be used for the following applications VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and memb...

Page 354: ...ed Switch User Manual 354 Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice dat...

Reviews:

No comments