manualshive.com logo in svg

Interlogix GE-DSSG-244, User Manual

The Interlogix GE-DSSG-244 User Manual is a vital resource for setting up and operating your device. This comprehensive manual covers every aspect of the product, and you can conveniently download it for free from manualshive.com. With step-by-step instructions, troubleshooting tips, and important safety information, it ensures a smooth user experience.

Share
Download
background image

 

P/N 1072570 • REV 00.10 • ISS 13JUN13 

 
 
 
 
IFS NS3601-24P/4S 
GE-DSSG-244 
GE-DSSG-244-POE  
User Manual

 

 

 

Summary of Contents for GE-DSSG-244

Page 1: ...P N 1072570 REV 00 10 ISS 13JUN13 IFS NS3601 24P 4S GE DSSG 244 GE DSSG 244 POE User Manual ...

Page 2: ... This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications You are cautioned that any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment ACMA compliance Notice This is ...

Page 3: ...tion 18 5Switch Front Panel 18 5LED Indications 20 5Switch Rear Panel 22 5Install the Switch 23 5Desktop Installation 23 5Rack Mounting 25 5Installing the SFP transceiver 26 5Stack Installation 28 5Connecting Stacking cable 29 5Management Stacking 30 5SWITCH MANAGEMENT 32 5Requirements 32 5Management Access Overview 33 5Administration Console 33 5SNMP Based Network Management 35 5WEB CONFIGURATION...

Page 4: ...Simple Network Management Protocol 67 6SNMP Overview 67 6SNMP System Configuration 68 6SNMP System Information Configuration 69 6SNMP Trap Configuration 69 6SNMPv3 Configuration 71 6Port Management 75 6Port Configuration 75 6Port Statistics Overview 77 6Port Statistics Detail 79 6SFP Module Information 80 6Port Mirroring Configuration 82 6Link Aggregation 84 6Static Aggregation Configuration 86 6L...

Page 5: ...guration 125 6Port Status 127 6Port Statistics 128 6Multicast 129 6IGMP Snooping 129 6IGMP Snooping Configuration 133 6IGMP Port Related Configuration 133 6VLAN Configuration 135 6Port Group Filtering 136 6IGMP Snooping Status 137 6MVR Configuration 139 6MVR Status 141 6Quality of Service 142 7Understand QOS 142 7QCL Configuration Wizard 142 7QoS Control List Configuration 149 7Port QoS Configurat...

Page 6: ...t Configuration 203 7Security 205 7Port Limit Control 205 7Access Management 208 7Access Management Statistics 209 7HTTPs 210 7SSH 210 7Port Security Status 211 7Port Security Detail 213 7DHCP Snooping 213 7DHCP Snooping Statistics 215 7IP Source Guard Configuration 217 7IP Source Guard Static Table 218 7ARP Inspection 219 7ARP Inspection Static Table 220 7Address Table 221 7MAC Address Table Conf...

Page 7: ...53 8Stack Configuration 255 8Stack Information 257 8Stack Port State Overview 258 8Stack Example 259 8COMMAND LINE INTERFACE 263 8Accessing the CLI 263 8Telnet Login 265 8COMMAND LINE MODE 266 8System Command 267 8Stack 270 8IP Command 272 8Port Management Command 277 8MAC Address Table Command 281 8VLAN Configuration Command 285 8Private VLAN Configuration Command 290 8Security Command 292 8Spann...

Page 8: ...385 9Learning 385 9Forwarding Filtering 385 9Store and Forward 385 9Auto Negotiation 385 9POWER OVER ETHERNET OVERVIEW 387 9What is PoE 387 9The PoE Provision Process 388 9Stages of powering up a PoE link 389 9Line Detection 389 9Classification 389 9Start up 389 9Operation 389 9Power Disconnection Scenarios 389 9TROUBLE SHOOTING 391 9APPENDEX A 392 9Switch s RJ 45 Pin Assignments 392 910 100Mbps 1...

Page 9: ...se T PoE Managed Stackable Switch 220W IEEE 802 3af Terms of Managed Switch refers to the switches listed above Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items Check the contents of your package for following parts The Managed Switch x1 User s manual CD x1 Quick installation guide x1 19 Rack mount accessory kit x1 Power cord x1 ...

Page 10: ......

Page 11: ...e it to meets the needs of effective data traffic control for both Campus and Enterprise such VoIP video streaming and multicast application High Performance The Managed Switch provides 24 10 100 1000Mbps or 100 1000Mbps for GE DSSG 244 fiber switch Gigabit Ethernet ports with 4 shared Gigabit SFP slots It has a high performance switch architecture that is capable of providing non blocking switch ...

Page 12: ...hat helps network managers to easily configure switches via one single IP address instead of connecting and setting each unit one by one Through its high bandwidth tunnel and stacking technology it gives enterprise service provider and telcom flexible control over port density uplinks and switch stack performance Up to 384 Gigabit Ethernet ports can be managed by a stacking group and you can add p...

Page 13: ...aged Switch by Web interface Section 5 COMMAND LINE INTERFACE The section describes how to use the Command Line interface CLI Section 6 CLI CONFIGURATION The section explains how to manage the Managed Switch by Command Line interface Section 7 SWITCH OPERATION The chapter explains how to does the switch operation of the Managed Switch Section 8 POWER OVER ETHERNET OVERVIEW The chapter introduce th...

Page 14: ...AN IEEE 802 1Q Tagged VLAN Up to 255 VLANs groups out of 4094 VLAN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Edge PVE Voice VLAN Support Spanning Tree Protocol STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Support Link Aggregation 802 3ad Link Aggregati...

Page 15: ...ss NTP DNS management Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment Firmware upload download via HTTP TFTP DHCP Relay User Privilege levels control NTP Network Time Protocol Link Layer Discovery Protocol LLDP Protocol Cable Diagnostic technology provides the mechanism to detect and report potential cabling issues Reset button for system reboot or rese...

Page 16: ...nt DC Stacking Numbers 16 Stacking Bandwidth 10Gbps Full Duplex Stack ID Display 7 Segment LED Display 1 9 A F 0 ESD Protection 6KV DC Layer 2 Function Basic Management Interfaces Console Telnet Web Browser SNMPv1 v2c and v3 Secure Management Interface SSH SSL SNMP v3 Port configuration Port disable enable Auto negotiation 10 100 1000Mbps full and half duplex mode selection Flow Control disable en...

Page 17: ...trol IEEE 802 1ab Link Layer Discovery Protocol LLDP IFS Stackable PoE models Product GE DSSG 244 POE NS3601 24P 4S Hardware Specification Copper Ports 24 10 100 1000Base T RJ 45 Auto MDI MDI X ports SFP mini GBIC Slots 4 SFP interfaces shared with Port 21 to Port 24 Console Port 1 x RS 232 DB9 serial port 115200 8 N 1 Stacking Ports 2 5GbE Cross HDMI interface Switch Fabric 68Gbps non blocking Ad...

Page 18: ... negotiation status trunk status VLAN 802 1Q Tagged Based VLAN up to 255 VLAN groups Q in Q Private VLAN Voice VLAN Port trunking IEEE 802 3ad LACP Static Trunk Support maximum of 12 trunk groups up to 16 ports per trunk group QoS Traffic classification based Strict priority and WRR 4 level priority queues on all switch ports Low Normal Medium High Different action on QCL Configuration Set up Port...

Page 19: ... tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 IEEE 802 3af Power over Ethernet Note The PoE...

Page 20: ...nel IFS NS3601 24P 4S GE DSSG 244 POE Front Panel Figure 2 2 IFS NS3601 24P 4S GE DSSG 244 POE front panel Gigabit TP interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters Gigabit SFP slots 1000Base SX LX mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meters Multi mode fiber up to 10 30 5060 70 kilometers Single mode fiber Console Port The console port is a DB...

Page 21: ...ot and load the default settings as below Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 Stack ID Each IFS Managed Stackable Switch on a stack must have a unique Stack ID There are 16 degrees 0 9 A F in the rotary switch The Stack ID is configured via Web or CLI management interface Use the Stack ID to identify...

Page 22: ...e system is on Alert LED Color Function PWR Alert Green Illuminates to indicate that the PoE power supply has failed FAN1 Green Illuminates to indicate that the FAN1 has failed FAN2 Green Illuminates to indicate that the FAN2 has failed FAN3 Green Illuminates to indicate that the FAN3 has failed Per 10 100Mbps port PoE interfaces Port 1 to Por 24 LED Color Function Illuminates To indicate the link...

Page 23: ...e port is operating at 1000Mbps If 1000 LNK ACT LED is Off it indicates that the port is link down 1 Press the RESET button for 5 seconds The Managed Switch will reboot automatically 2 Press the RESET button for 10 seconds The Managed Switch will restore back to the factory default mode the entire configuration will be erased 3 The 2 Gigabit TP SFP combo ports are shared with port 25 26 of Managed...

Page 24: ...lished with speed 1000Mbps 1000 LNK Green Off To indicate that the SFP port is link down Illuminates To indicate the link through that port is successfully established with speed 100Mbps Blink To indicate that the switch is actively sending or receiving data over that port 100 LNK ACT Orange Off If 1000 LNK ACT LED light indicate that the port is operating at 1000Mbps If 1000 LNK ACT LED Off indic...

Page 25: ...sing UPS Uninterrupted Power Supply for your device It will prevent you from network data loss or network downtime 2 For additional protection against unregulated voltage or current surges you may also want to consider surge suppression as part of your installation Install the Switch This section describes how to install your Managed Switch and make connections to the Managed Switch Please read th...

Page 26: ...ssed in Chapter 1 Section 5 Product Specification Step4 Connect the Managed Switch to network devices Connect one end of a standard network cable to the 10 100 1000 RJ 45 ports on the front of the Managed Switch Connect the other end of the cable to the network devices such as printer servers workstations or routers etc Connection to the Managed Switch requires UTP Category 5 network cabling with ...

Page 27: ...front panel positioned towards the front side Step2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 8 shows how to attach brackets to one side of the Managed Switch Figure 2 8 Attach brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws wo...

Page 28: ...iver The sections describe how to plug in an SFP transceiver into an SFP slot The SFP transceivers are hot swappable You can plug in and out the transceiver to from any SFP port without a need to power down the Managed Switch As the Figure 2 9 Figure 2 9 Plug in the SFP transceiver Approved IFS SFP Transceivers IFS Managed switches supports both single mode and multi mode SFP transceivers Please r...

Page 29: ...the Single mode fiber cable with one side must be male duplex LC connector type Connect the fiber cable 1 Attach the duplex LC connector on the network cable into the SFP transceiver 2 Connect the other end of the cable to a device switches with SFP installed fiber NIC on a workstation or a Media Converter 3 Check the LNK ACT LED of the SFP slot on the front of the Managed Switch Ensure that the S...

Page 30: ...ing function to manage up to 16 switches using a single IP address And up to 384 Gigabit Ethernet ports can be managed by a stacking group and you can add ports and functionality as needed You can add IFS NS3601 24P 4S and GE DSSG 244 series switches as needed to support more network clients knowing that your switching fabric will scale to meet increasing traffic demands Two types of stack topolog...

Page 31: ... There are two high performance HDMI like Stack ports on the rear panel for proprietary management stack Only these IFS stacking cables can be used for proper functionality STEP 1 Plug one end of the cable in the STX1 Cascade Down port and the other end to the STX2 Cascade UP port of next device STEP 2 Repeat the step for every device in the stack cluster then ending at last switch Figure 2 13 Sta...

Page 32: ...on the front panel As the Figure 2 14 Figure 2 14 Stack Master with Master LED lit STEP 6 When an IFS Switch is added to the stack a Switch ID is automatically assigned to the new IFS Switch The automatic SID assignment can be modified by choosing a different Switch ID on the Stack Configuration page This method allows Switch IDs to be assigned so that it is easier for the user to remember the ID ...

Page 33: ...tack of up to 16 IFS Switches If there is the space limitation or power issue and you wish to stack all the switches in different racks use long stack cables NS CBL 200 to connect two stacks Figure 2 15 Separated Stack connection 2m stack cable NS CBL 200 2m stack cable NS CBL 200 ...

Page 34: ...ement Access Overview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading Requirements Workstations of subscribers running Windows 98 ME NT4 0 2000 XP MAC OS9 or later Linux UNIX or other platform compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Serial Port connection Terminal Above PC with COM Port ...

Page 35: ...Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need only know the community name Table 3 1 Management Methods Comparison Administration Console The administration console is an internal character oriented and command line user interface for performing system administration s...

Page 36: ... can use an emulator such as TIP Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address o...

Page 37: ...ement method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it c...

Page 38: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 36 ...

Page 39: ... not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the IFS Managed Switch is 192 168 0 100 then the manager PC shoul...

Page 40: ... as following http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen is shown Figure 4 1 2 Figure 4 1 2 Login screen Default User name admin Default Password admin After entering the username and password the main screen...

Page 41: ... access all the commands and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch 2 Since the changed IP address take effect immediately after you click on the Save button you need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this first setup 4 The Sw...

Page 42: ... set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ 45 Ports SFP Ports Stack Ports Main Menu Using the onboard web agent you can define system parameters manage and control the Managed Switch and all its ports or monitor network condit...

Page 43: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 41 Figure 4 1 5 IFS Managed Switch Main Functions Menu ...

Page 44: ...is page DHCP Relay Configure DHCP Relay on this page DHCP Relay Statistics This page provides statistics for DHCP relay CPU Load This page displays the CPU load using a SVG graph System Log The switch system log information is provided here Detailed Log The switch system detailed log information is provided here Remote Syslog Configure remote syslog on this page SMTP Configure Configure SMTP on th...

Page 45: ... Contact Name The system name configured in Configuration System Information System Name Location The system location configured in Configuration System Information System Location MAC Address The MAC Address of this switch Power Status Indicate AC DC power supply input of this switch Temperature Indicate main chipset temperature System Date The current GMT system time and date The system time is ...

Page 46: ... and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Provide the IP address of this switch in dotted decimal notation IP Mask Provide the IP mask of this switch dotted decimal notation IP Router Provide the IP address of the router in dotted decimal...

Page 47: ...it groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Prefix Provide the IPv6 Prefix of this switch The allowed range is 1 through 128 Router Provide the IPv6 gateway address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For exa...

Page 48: ...in 3 groups for local user management Group Privilege Security Level Access Master Admin Master Master Viewer IT Admin IT IT Viewer Security Admin Security Security Viewer Refer to Appendix C Currently the only way to login as another user on the web server is to close and reopen the browser After setup completed please press Save button to take effect Please login web interface with new user name...

Page 49: ...ser Privilege Level Specifies the privilege level for the user Options Master Admin Master Viewer IT Admin IT Viewer Security Admin Security Viewer Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values Click to undo any changes made locally and return to the Users Delete the current user This button is not available for new configurations Add ne...

Page 50: ...ion page screenshot After change the default password if you forget the password press the Reset button in the front panel of the Managed Switch over 10 seconds and then release The current settings includeing the VLAN will be lost and the Managed Switch will restore to factory default ...

Page 51: ...h allowed to use a remote access authentication server based on RADIUS or TACACS protocols This page provides an overview of the privilege levels for remote user account After setup completed please press Save button to take effect Please login web interface with new user name and password the screen is shown Figure 4 2 7 Figure 4 2 7 Privilege Levels Configuration page screenshot ...

Page 52: ... and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Privilege Level Every privilege level group has an autho...

Page 53: ...ccording to current location of switch Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can...

Page 54: ...ent messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in th...

Page 55: ...ormation to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit I...

Page 56: ...DHCP relay information mode operation When enable DHCP relay information mode operation the agent insert specific information option 82 into a DHCP message when forwarding to DHCP server and remove it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Disabled Disable DHCP relay information mode operation Relay Information Policy Indicates th...

Page 57: ...ID The packets number that received packets which Remote ID option was missing Receive Bad Circuit ID The packets number that the Circuit ID option did not match known circuit ID Receive Bad Remote ID The packets number that the Remote ID option did not match known Remote ID Client Statistics Object Description Transmit to Client The number of packets relayed from server to client Transmit Error T...

Page 58: ... are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen is shown Figure 4 2 13 Figure 4 2 13 CPU Load page screenshot Bu...

Page 59: ...Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page any changes made locally will be undone Clear all statistics Hide the statistics Download the statistics Updates the system log entries start...

Page 60: ...em log entry Buttons Download the statistics Click to refresh the page any changes made locally will be undone Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entry currently displayed Updates the system log entries starting from the last entry currently displayed Updates the system log entries ending at the last available...

Page 61: ...bject Description Mode Indicates the remote syslog mode operation Possible modes are Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation Syslog Server IP Fill in your remote syslog server IP address Buttons Click to save changes Click to undo any changes made locally and revert to previously saved value ...

Page 62: ...or the IP address of the SMTP server SMTP Port Set port number of SMTP service SMTP Authentication Controls whether SMTP authentication is enabled If authentication is required when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type t...

Page 63: ... 2 The Firmware Upgrade screen is displayed as in Figure 4 2 18 3 Click the button of the main page the system would pop up the file selection menu to choose firmware 4 Select the firmware file and then click the Software Upload Progress would show the file upload status 5 Once the software is loaded to the system successfully the following screen The system will load the new software after reboot...

Page 64: ...ware DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without press the OK button after the image be loaded Or the system won t apply the new firmware User has to repeat the firmware upgrade processes again Configuration Backup This function allows backup and reload the current configuration of the Managed Switch to the local managemen...

Page 65: ...y tag is used for table entries Configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including syntax descriptions is included in the file The file may then be modified using an editor and loaded to a switch The examples below shows a small configuration file only including configuration of the MAC address age time and ...

Page 66: ...kup and reload the current configuration of the Managed Switch to the local management station The Configuration Upload screen is shown Figure 4 2 24 Figure 4 2 24 Configuration Upload page screenshot Configuration Upload 1 Click the button of the main page the system would pop up the file selection menu to choose saved configuration ...

Page 67: ... User Manual 65 Figure 4 2 25 Windows file selection menu popup 2 Select on the configuration file then click the bottom of the browser shows the upload status 3 After the upload process is complete the main screen displays Transfer Completed ...

Page 68: ...efaults Click to return to the Port State page without resetting the configuration After the Reset button is pressed and the device is rebooted the system will load the default IP settings as following Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 The other setting value is back to disable or none To reset the Managed Switch to the Factory default setting...

Page 69: ...ch managed environment Agents Agents are software modules that reside in network elements They collect and store management information such as the number of error packets received by a network element Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules Network ma...

Page 70: ...ion 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 Read Community Indicates the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMPv1 and SNMPv2c SNMPv3 is using USM for authentication and privacy and the community string will asso...

Page 71: ...nistratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Locat...

Page 72: ...xadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Trap Authentication Failure Indicates the SNMP entity is permitted to generate authenticat...

Page 73: ...ties Configuration page screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Source IP Indicates the SNMP access source address So...

Page 74: ...hat means must first ensure that the value is set correctly Authentication Protocol Indicates the authentication protocol that this entry should belong to Possible authentication protocol are None None authentication protocol MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value ...

Page 75: ... SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 3...

Page 76: ...digital number or asterisk Buttons Click to add a new view entry Click to save changes Click to undo any changes made locally and revert to previously saved values SNMPv3 Accesses Configuration Configure SNMPv3 accesses table on this page The entry index key are Group Name Security Model and Security Level The SNMPv3 Accesses Configuration screen is shown Figure 4 3 8 Figure 4 3 8 SNMPv3 Accesses ...

Page 77: ...lick to save changes Click to undo any changes made locally and revert to previously saved values Port Management Use the Port Menu to display or configure the Managed Switch s ports This section has the following items Port Configuration Configures port connection settings Port Statistics Overview Port Statistics Detail Lists Ethernet and RMON port statistics SFP Module Information Display SFP in...

Page 78: ...ndicates the link is up and red that it is down Current Link Speed Indicates the current link speed of the port Configured Link Speed Select any available link speed for the given switch port Draw the menu bar to select the mode Auto Speed Setup Auto negotiation 10 Half Force sets 10Mbps Half Duplex mode 10 Full Force sets 10Mbps Full Duplex mode 100 Half Force sets 100Mbps Half Duplex mode 100 Fu...

Page 79: ...Discard Discard frame after 16 collisions default Restart Restart back off algorithm after 16 collisions Power Control The Usage column shows the current percentage of the power consumption per port The Configured column allows for changing the power savings mode parameters per port Disabled All power savings mechanisms disabled ActiPHY Link down power savings enabled Dynamic Link up power savings...

Page 80: ...s contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process ...

Page 81: ...nd transmit and the error counters for receive and transmit The Detailed Port Statistics screen is shown Figure 4 4 3 Figure 4 4 3 Detailed Port Statistics Port 1 page screenshot The page includes the following fields Receive Total and Transmit Total Object Description Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmit...

Page 82: ...ed The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes Long frames are frames that are longer than the configured maximum frame length for this port Transmit Error Counters Object Description Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late...

Page 83: ...et from the SFP module Different vendors SFP modules might shows different speed information Wave Length nm Display the wavelength of current SFP module the wavelength value is get from the SFP module Use this column to check if the wavelength values of two nodes are the matched while the fiber connection is failed Distance m Display the supports distance of current SFP module the distance value i...

Page 84: ...etwork problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Figure 4 4 5 Port Mirror application The traffic...

Page 85: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 83 Mirror Port Configuration The Port Mirror Configuration screen is shown Figure 4 4 6 Figure 4 4 6 Port Mirror Configuration page screenshot ...

Page 86: ...es Link Aggregation Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Groups LAGs Port Aggregation multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Each LAG is composed of ports of the same speed set to full duplex operations Ports in a LAG can be of different media types UTP Fiber or diff...

Page 87: ...ne link aggregation The ports at both ends of a connection must be configured as link aggregation ports None of the ports in a link aggregation can be configured as a mirror source port or a mirror target port All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation...

Page 88: ...nfiguration screen is shown Figure 4 5 2 Figure 4 5 2 Aggregation Mode Configuration page screenshot The page includes the following fields Object Description Source MAC Address The Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address Th...

Page 89: ...bers Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values LACP Configuration Link Aggregation Control Protocol LACP LACP LAG ...

Page 90: ...s whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form max 12 LLAGs per switch and 2 GLAGs per stack Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be ente...

Page 91: ... screen is shown Figure 4 5 5 Figure 4 5 5 LACP System Status page screenshot The page includes the following fields Object Description Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this ...

Page 92: ...t join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GLAGs while IDs 3 14 are LLAGs Partner System ID The partners System ID MAC address Partner Port The partners port number connected t...

Page 93: ...lowing fields Object Description Port The switch port number LACP Transmitted Shows how many LACP frames have been sent from each port LACP Received Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Cli...

Page 94: ...AN group IEEE 802 1Q Tunneling Enables 802 1Q QinQ Tunneling Private VLAN Creates removes primary or community VLANs IEEE 802 1Q VLAN In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This Managed Switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadc...

Page 95: ...ome relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header 802 1Q VLAN Tags The figure below shows the 802 1Q VLAN tag There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the Ether Type field When a packet s Et...

Page 96: ...member ports are removed from the default Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of th...

Page 97: ...he VLAN Port Configuration page All untagged packets arriving to the device are tagged by the ports PVID Understand nomenclature of the Switch IEEE 802 1Q Tagged and Untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into thos...

Page 98: ...d Assigning a unique range of VLAN IDs to each customer would restrict customer configurations require intensive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4096 The Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic from numerous independent customer LANs into the MAN Metro Acces...

Page 99: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 97 VLAN Port Configuration The VLAN Port Configuration screen is shown Figure 4 6 2 Figure 4 6 2 VLAN Port Configuration page screenshot ...

Page 100: ...lt the field is set to All Link Type Allow 802 1Q Untagged or Tagged VLAN for selected port When adding a VLAN to selected port it tells the switch whether to keep or remove the tag from a frame on egress Untag outgoing frames without VLAN Tagged Tagged outgoing frames with VLAN Tagged Q in Q Mode Sets the Managed Switch to QinQ mode and allows the QinQ tunnel port to be configured The default is ...

Page 101: ...icates the ID of this particular VLAN Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding a New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configu...

Page 102: ...ified to the VLAN ID to be forwarded to the respective VLAN member ports VLAN User A VLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID UVID Currently we support following VLAN CLI Web SNMP This are reffered as static NAS NAS provides port based authentication which involves communications between a S...

Page 103: ...ss is enabled the tag is removed from tagged frames received on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a m...

Page 104: ... IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Butto...

Page 105: ... promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the...

Page 106: ... VLAN port types Isolated A single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting Buttons Click to save changes Click to undo any changes made locally and...

Page 107: ...includes the following fields Object Description Delete To delete a VLAN entry check this box The entry will be deleted on all stack switch units during the next Save VLAN ID Indicates the ID of this particular VLAN Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is...

Page 108: ...A VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 Port 5 Port 6 Table 4 1 VLAN and Port Configuration The scenario described as follow Untagged packet entering VLAN 2 1 While PC 1 transmit an untagged packet enters Port 1 the Managed Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the pa...

Page 109: ...N 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 3 Remove VLAN Member for VLAN 1 Remember to remove the Port 1 Port 6 from VLAN 1 membership since the Port 1 Port 6 had be assigned to VLAN 2 and VLAN 3 Figure 4 6 9 Add new VLAN group assign VLAN members for VLAN ...

Page 110: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 108 The Per Port VLAN configuration in Figure 4 6 10 Figure 4 6 10 Port 1 Port 6 VLAN Configuration ...

Page 111: ...N ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 About the VLAN ports connect to the hosts please refer to 4 6 10 1 examples The following steps will focus on the VLAN Trunk port configuration 1 Specify Port 8 to be the 802 1Q VLAN Trunk p...

Page 112: ...at is although the VLAN 2 members Port 1 to Port 3 and VLAN 3 members Port 4 to Port 6 also belongs to VLAN 1 But with different PVID settings packets form VLAN 2 or VLAN 3 is not able to access to the other VLAN 7 Repeat Step 1 to 5 setup the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk repeat Step 1 to 3 to assign the Trunk port to the VLANs Port Isolate The di...

Page 113: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 111 Setup steps 1 Assign Port Mode Set Port 1 Port 4 in Isolate port Set Port 5 and Port 6 in Promiscuous port The screen is shown Figure 4 6 15 ...

Page 114: ... POE User Manual 112 Figure 4 6 15 The configuration of Isolate and Promiscuous port 2 Assign VLAN Member VLAN 1 Port 1 Port 2 Port 5 and Port 6 VLAN 2 Port 3 Port 6 The screen is shown Figure 4 6 16 Figure 4 6 16 Private VLAN port setting ...

Page 115: ...rrive at a stable network topology the following information is used The unique switch identifier The path cost to the root associated with each switch port The port identifier STP communicates between switches on the network using Bridge Protocol Data Units BPDUs Each BPDU contains the following information The unique identifier of the switch that the transmitting switch currently believes is the...

Page 116: ...isabled the port only responds to network management messages and must return to the blocking state first A port transitions from one state to another as follows From initialization switch boot to blocking From blocking to listening or to disabled From listening to learning or to disabled From learning to forwarding or to disabled From forwarding to disabled From disabled to blocking Figure 4 7 1 ...

Page 117: ...imum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Default Value Port Priority A relative priority for each port lower numbers give a higher priority ...

Page 118: ...rt will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in the below diagram In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The ...

Page 119: ...gure 4 7 5 Before Applying the STA Rules In this example only the default STP values are used Figure 4 7 6 After Applying the STA Rules The switch with the lowest Bridge ID switch C was elected the root bridge and the ports were selected to give a high port cost ...

Page 120: ...ing and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree convergence without creating forwarding loops Extension Multiple Spanning Tree Protocol MSTP Defines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures a separate Spanning Tree ...

Page 121: ...a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time th...

Page 122: ...sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Last The time since last Topology Change occurred CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations and possibly change them as well This page contain settings for aggregations a...

Page 123: ...er Manual 121 Figure 4 7 9 STP CIST Port Configuration page screenshot The page includes the following fields Object Description Port The switch port number of the logical STP port STP Enabled Controls whether RSTP is enabled on this switch port ...

Page 124: ...his feature is also know as Root Guard Restricted TCN If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning trees active topology as a result of persistent incorrectly learned station location information It is set by a network administrator to prevent bri...

Page 125: ...Trunk 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 10 000 5 000 Table 4 7 3 Default STP Path Costs MSTI Priorities This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Priority screen is shown Figure 4 7 10 Figure 4 7 10 MSTI Priority page screenshot The page includes the following fields Object Des...

Page 126: ...s and possibly change them as well The MSTI Configuration screen is shown Figure 4 7 11 Figure 4 7 11 MSTI Configuration page screenshot The page includes the following fields Configuration Identification Object Description Configuration Name The name identifiying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order ...

Page 127: ...and revert to previously saved values MSTI Ports Configuration This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI p...

Page 128: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 126 Figure 4 7 13 MST1 MSTI Port Configuration page screenshot ...

Page 129: ... establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Buttons Click to set MSTx configuration Click to refresh the page immediately Auto refresh Check th...

Page 130: ...ort state of the CIST port The port state can be one of the following values Disabled Blocking Learning Forwarding Non STP Uptime The time since the bridge port was last initialized Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Port Statistics This page displays the STP port statistics counters for port phy...

Page 131: ...that monitors the exchange of IGMP messages and copies them to the CPU for feature processing The overall purpose of IGMP Snooping is to limit the forwarding of multicast frames to only ports that are a member of the multicast group About the Internet Group Management Protocol IGMP Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers tha...

Page 132: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 130 Figure 4 8 1 Multicast Service ...

Page 133: ...has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 0x11 Specific Group Membership Query if Group Address is Present 0x16 Membership Report version 2 0x17 L...

Page 134: ...to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN an explicit leave message and query messages that are specific to a given group The states a computer will go through to join or to leave a multicast group are shown below Figure 4 8 4 IGMP State Transitions IGMP Querier A router or multicast enabled switch can periodically ...

Page 135: ...Leave Proxy Enable Enable the leave proxy VLAN ID The VLAN ID of the entry Snooping Enabled Enable the per VLAN IGMP Snooping IGMP Querier Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each Querier s interval is 125 second and it will stop act as an IGMP Querier if received any Querier from other devices Buttons Click...

Page 136: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 134 Figure 4 8 6 IGMP Port Related Configuration page screenshot ...

Page 137: ...uter being connected to this port Use this mode when you connect other IGMP multicast servers directly on the non querier Managed Switch and don t want the multicast stream be flood to uplink switch through the port that connected to the IGMP querier Fast Leave Enable the Fast Leave on the port Throttling Enable to limit the number of multicast groups to which a switch port can belong Buttons Clic...

Page 138: ...mple an IP TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on t...

Page 139: ...ogical port for the settings Filtering Group The IP Multicast Group that will be filtered Buttons Check to delete the entry Click to add a new entry to the Group Filtering table Click to save changes Click to undo any changes made locally and revert to previously saved values IGMP Snooping Status This page provides IGMP Snooping status The status relate to the currently selected stack unit as refl...

Page 140: ...groups for each VLAN Port Members The ports that are members of the entry Querier Status Show the Querier status is ACTIVE or IDLE Querier Transmit The number of Transmitted Querier Querier Receive The number of Received Querier V1 Reports Receive The number of Received V1 Reports V2 Reports Receive The number of Received V2 Reports V3 Reports Receive The number of Received V3 Reports V2 Leave Rec...

Page 141: ... in different subnets even if they are on the same physical network Multicast VLAN Registration MVR routes packets received in a multicast source VLAN to one or more receive VLANs Clients are in the receive VLANs and the multicast server is in the source VLAN Multicast routing has to be disabled when MVR is enabled Refer to the configuration guide at Understanding Multicast VLAN Registration for m...

Page 142: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 140 Figure 4 8 10 MVR Configuration page screenshot ...

Page 143: ...made locally and revert to previously saved values MVR Status This page provides MVR status The MVR Status screen is shown Figure 4 8 11 Figure 4 8 11 MVR Status page screenshot The page includes the following fields Object Description Group The present multicast groups Max are 128 groups in the multicast VLAN Port Members The ports that are members of the entry V1 Reports Receive The number of Re...

Page 144: ...estion QoS Terminology Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP header that are en...

Page 145: ...pical network application quality control Set up ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets Set up VLAN Tag Priority Mapping Set up the traffic class mapping to the User Priority value 3 bits when receiving VLAN tagged packets Buttons Click to continue the wizard Set up Policy Rules Group ports into several types ac...

Page 146: ... QCL ID Frames that hit this QCE are set to match this specific QCL Port Members A row of radio buttons for each port is displayed for each QCL ID To include a port in a QCL member click the radio button Buttons Click to start the wizard again Click to get more information Click to continue the wizard Once the QCL configuration wizard is finished the below screen ...

Page 147: ...ifferent typical network application quality control by selecting the network application type for your rule The Set up Typical Network Application Rules screen is shown Figure 4 9 3 Figure 4 9 3 Set up Typical Network Application Rules page screenshot The page includes the following fields Object Description Audio and Video Indicates the common servers that apply to the specific QCE The common se...

Page 148: ...r for this QCE The allowed range is 0 to 63 Buttons Click to cancel the wizard Click to go back to the previous wizard step Click to continue the wizard STEP 2 According to your selection on the previous page this wizard will create specific QCEs QoS Control Entries automatically First select the QCL ID for these QCEs and then select the traffic class Different parameter options are displayed depe...

Page 149: ... up ToS Precedence Mapping screen is shown Figure 4 9 5 Figure 4 9 5 Set up ToS Precedence Mapping page screenshot The page includes the following fields Object Description QCL ID Select the QCL ID to which this QCE applies ToS Precedence Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Click to cancel the wizard Click to go back to the previous wizard step Cli...

Page 150: ... 6 Figure 4 9 6 Set up VLAN Tag Priority Mapping page screenshot The page includes the following fields Object Description QCL ID Select the QCL ID to which this QCE applies VLAN Priority Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Click to cancel the wizard Click to go back to the previous wizard step Click to continue the wizard The QCL configuration wiz...

Page 151: ...e 4 9 7 QoS Control List Configuration page screenshot The page includes the following fields Object Description QCL Select a QCL to display a table that lists all the QCEs for that particular QCL QCE Type Specifies which frame field the QCE processes to determine the QoS class of the frame The following QCE types are supported Ethernet Type The Ethernet Type field If frame is tagged this is the E...

Page 152: ... port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS Class for the port The QCE Configuration screen is shown Figure 4 9 8 Figure 4 9 8 QCE Configuration page screenshot The page includes the following fields Object Description QCE Type Select the available type for the specific QCE Ethernet Type Matches the received frame s EtherType against t...

Page 153: ...e previous page Port QoS Configuration This page allows you to configure QoS settings for each port Frames can be classified by 4 different QoS classes Low Normal Medium and High The classification is controlled by a QCL that is assigned to each port A QCL consists of an ordered list of up to 12 QCEs Each QCE can be used to classify certain frames to a specific QoS class This classification can be...

Page 154: ...re 4 9 9 Port QoS Configuration page screenshot The page includes the following fields Object Description Number of Classes Configure the number of traffic classes as 1 2 or 4 The default value is 4 Port The logical port for the settings contained in the same row ...

Page 155: ...Tag to the untagged frames Queuing Mode Select which Queuing mode for this port Queue Weighted Setting Queue weighted Low Normal Medium High if the Queuing Mode is Weighted Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values Bandwidth Control Configure the switch port rate limit for Polices and Shapers on this page The settings relate to the c...

Page 156: ...ed in the same row Policer Enabled Enable or disable the port policer The default value is Disabled Policer Rate Configure the rate for the port policer The default value is 500 This value is restricted to 500 1000000 when the Policer Unit is kbps and it is restricted to 1 1000 when the Policer Unit is Mbps Policer Unit Configure the unit of measure for the port policer rate as kbps or Mbps The de...

Page 157: ...kets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen is shown Figure 4 9 11 Figure 4 9 11 Storm Control Configuration page screenshot The page includes the following fields Object Description Frame Type The settings in a particular row apply to the frame type listed here unicast mul...

Page 158: ...trict or weighted queuing scheduling This is the lowest priority queue Normal Queue This is the normal priority queue of the 4 QoS queues It has higher priority than the Low Queue Medium Queue This is the medium priority queue of the 4 QoS queues It has higher priority than the Normal Queue High Queue This is the highest priority queue of the 4 QoS queues Receive Transmit The number of received an...

Page 159: ... for each port Frames can be classified by 4 different QoS classes Low Normal Medium and High The classification can be controlled by Port QoS configuration page And this page is used to configure DSCP remarking The DSCP value of incoming frames will be changed according to its mapping queue once this packet is transmitted by the egress port The DSCP Remarking Configuration screen is shown Figure ...

Page 160: ...specified in RCF2474 Best Effort DSCP 0 CS1 DSCP 8 CS2 DSCP 16 CS3 DSCP 24 CS4 DSCP 32 CS5 DSCP 40 CS6 DSCP 48 CS7 DSCP 56 Expedite Forward DSCP 46 Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values Voice VLAN Configuration The Voice VLAN feature enables the voice traffic forwarding on the Voice VLAN then the switch can classifying and schedu...

Page 161: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 159 Figure 4 9 14 Voice VLAN Configuration page screenshot ...

Page 162: ...e time The actual age time will be situated in the age_time 2 age_time interval Traffic Class Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply this class Port Mode Indicates the Voice VLAN port mode When the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible port modes are Disabled Disjoi...

Page 163: ... to 32 Buttons Click to add a new access management entry Click to save changes Click to undo any changes made locally and revert to previously saved values Access Control Lists ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a progra...

Page 164: ...es ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP Action Indicates the forwarding action of the ACE Permit Frames matching ...

Page 165: ...ith TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 15 When Disabled is displayed the rate limiter operation is disabled Port Copy ...

Page 166: ... frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type that you selected The ACE Configuration screen is shown Figure 4 10 3 Figure 4 10 3 ACE Configuration page screenshot The page includes the following fields Object Description Ingress Port Select the ingress port for which this A...

Page 167: ... or ARP Specify the source MAC filter for this ACE Any No SMAC filter is specified SMAC filter status is don t care Specific If you want to filter a specific source MAC address with this ACE choose this value A field for entering an SMAC value SMAC Value When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is xx xx xx xx xx xx A frame that hits...

Page 168: ...address and target IP mask in the Target IP Address and Target IP Mask fields that appear Target IP Address When Host or Network is selected for the target IP filter you can enter a specific target IP address in dotted decimal notation Target IP Mask When Network is selected for the target IP filter you can enter a specific target IP mask in dotted decimal notation ARP SMAC Match Specify whether f...

Page 169: ...r an IPv4 frame No IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry Yes IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any Any value is allowed don t care IP Option Specify the options flag setting for this ACE No IPv4 frames where the options flag is set must n...

Page 170: ... value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Destination Filter Specify the TCP UDP destination filter for this ACE An...

Page 171: ...rs The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected Object Description EtherType Filter Specify the Ethernet type filter for this ACE Any No EtherType filter is specified EtherType filter status is don t care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType valu...

Page 172: ...g is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply to this port The allowed values are Disabled or the values 1 through 15 The default value is Disabled Port Copy Select which port frames are copied to The allowed values are Disabled or a specific port number The default value is Disabled Logging Specify the logging operation of this...

Page 173: ... locally and revert to previously saved values Click to refresh the page any changes made locally will be undone Click to clear the counters ACL Rate Limiter Configuration Configure the rate limiter for the ACL of the switch The ACL Rate Limiter Configuration screen is shown Figure 4 10 5 Figure 4 10 5 ACL Rate Limiter Configuration page screenshot The page includes the following fields Object Des...

Page 174: ...f of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch onl...

Page 175: ...4 11 1 z Client the device workstation that requests access to the LAN and switch services and responds to requests from the switch The workstation must be running 802 1X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicant in the IEEE 802 1X specification z Authentication server performs the actual authentication of the client Th...

Page 176: ... requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the netw...

Page 177: ...nd network access is not granted When a client logs off it sends an EAPOL logoff message causing the switch port to transition to the unauthorized state If the link state of a port transitions from up to down or if an EAPOL logoff frame is received the port returns to the unauthorized state Authentication Configuration This page allows you to configure how an administrator is authenticated when he...

Page 178: ...re configured on the Configuration Security AAA page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user ...

Page 179: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 177 Figure 4 11 4 Network Access Server Configuration page screenshot ...

Page 180: ...his period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in a 802 1X based mode this is not so criticial since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthentication is not enabled the only way to free resources is by aging the entries For ports in MAC bas...

Page 181: ...geable if the Guest VLAN option is globally enabled Valid values are in the range 1 4095 Max Reauth Count The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 Allow Guest VLA...

Page 182: ...be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really...

Page 183: ... 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients don t need special supplicant software to authenticate The disadvantage is that MAC...

Page 184: ...unnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 Guest VLAN Ena...

Page 185: ...sfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Restart Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page...

Page 186: ...urrent administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication La...

Page 187: ...ication Server statistics only Use the port select box to select which port details to be displayed The Network Access Statistics screen is shown Figure 4 11 6 Figure 4 11 6 Network Access Statistics page screenshot The page includes the following fields Port State Object Description Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values P...

Page 188: ...tFra mesRx The number of EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoffFr amesRx The number of valid EAPOL Logoff frames that have been received by the switch Rx Invalid Type dot1xAuthInvalidEapolF ramesRx The number of EAPOL frames that have been received by the switch in which the frame type is not recognized Rx Invalid Length dot1xAuthEapLengthErr orFram...

Page 189: ...equest packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAuth Successes 802 1X and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Rx Auth Failures dot1xAuthBackendAut...

Page 190: ... The table is identical to and is placed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Port Counters Object Description Identity Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backe...

Page 191: ...efresh of the page at regular intervals Click to refresh the page immediately This button is available in the following modes Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Click to clear the counters for the selected port This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counter...

Page 192: ...er Manual 190 Authentication Server Configuration This page allows you to configure the Authentication Servers The Authentication Server Configuration screen is shown Figure 4 11 7 Figure 4 11 7 Authentication Server Configuration page screenshot ...

Page 193: ...f more than one server has been configured RADIUS Authentication Server Configuration The table has one row for each RADIUS Authentication Server and a number of columns which are Object Description The RADIUS Authentication Server number for which the configuration below applies Enabled Enable the RADIUS Authentication Server by checking this box IP Address Hostname The IP address or hostname of ...

Page 194: ...rt The TCP port to use on the TACACS Authentication Server If the port is set to 0 zero the default port 49 is used on the TACACS Authentication Server Secret The secret up to 29 characters long shared between the TACACS Authentication Server and the switch Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values RADIUS Overview This page provides ...

Page 195: ...ate is only reachable when more than one server is enabled RADIUS Accounting Servers Object Description The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of this server State The current state of the server This field takes one of the following values Disabled The server is disabled Not Re...

Page 196: ...s map follows details specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for Object Description RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Rx Access Accepts radiusAuthClientExtA ccessAccepts The number of RADIUS Access Accept...

Page 197: ... dropped for some other reason Rx Packets Dropped radiusAuthClientExtP acketsDropped The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason Tx Access Requests radiusAuthClientExtA ccessRequests The number of RADIUS Access Request packets sent to the server This does not include retransmissions Tx Access Retransmissio ns radiusAu...

Page 198: ...Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Servers The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use the server select box to switch betwe...

Page 199: ... a timeout A send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and runni...

Page 200: ...e field in the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at the Managed Switch s 802 1x system configuration 12345678 at this case 1 Configure the IP Address of remote RADIUS server and secret key Figure 4 11 10 RADIUS Server Configuration screenshot 2 Add New RADIUS Cleint on the Windows 2003 server ...

Page 201: ... 24P 4S GE DSSG 244 and 244 POE User Manual 199 Figure 4 11 11 Windows Server add new RADIUS client setting 3 Assign the client IP address to the Managed switch Figure 4 11 12 Windows Server RADIUS Server setting ...

Page 202: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 200 4 The shared secret key should be as same as the key configured on the Managed Switch Figure 4 11 13 Windows Server RADIUS Server setting ...

Page 203: ...1X the same as 802 1X Port Configuration Figure 4 11 14 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then Figure 4 11 15 Windows 2003 AD server setting path ...

Page 204: ...anual 202 5 Enter Active Directory Users and Computers create legal user data the next right click a user what you created to enter properties and what to be noticed Figure 4 11 16 Add User Properties screen Figure 4 11 17 Add User Properties screen ...

Page 205: ...ow how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go to Start Control Panel double click on Network Connections 2 R...

Page 206: ...POE User Manual 204 Figure 4 11 19 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue Figure 4 11 20 Windows client popup login request message ...

Page 207: ...s you to configure the Port Security Limit Control system and port settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of four different as described below T...

Page 208: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 206 Figure 4 12 1 Port Limit Control Configuration Overview page screenshot ...

Page 209: ...s are freed on the switch Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description Port The port number for which the configuration below applies Mode Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Enabled for Limit Control to be in effect Notice that other mo...

Page 210: ...n button causes the page to be refreshed so non committed changes will be lost Buttons Click to refresh the page Note that non committed changes will be lost Click to save changes Click to undo any changes made locally and revert to previously saved values Access Management Configure access management table on this page The maximum entry number is 16 If the application s type match any one of acce...

Page 211: ...e Access Management Statistics screen is shown Figure 4 12 3 Figure 4 12 3 Access Management Statistics Overview page screenshot The page includes the following fields Object Description Interface The interface that allowed remote host can access the switch Receive Packets The received packets number from the interface under access management mode is enabled Allow Packets The allowed packets numbe...

Page 212: ... a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a ...

Page 213: ...this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module deci...

Page 214: ... values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken ...

Page 215: ... displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Adding Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blocked state until the hold time measured in second...

Page 216: ...IFS NS3601 24P 4S GE DSSG 244 and 244 POE User Manual 214 Figure 4 12 8 DHCP Snooping Configuration screen page screenshot ...

Page 217: ...CP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values DHCP Snooping Statistics This page provides statistics for DHCP snooping The statistics only counter packet u...

Page 218: ...6 packets received and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform The number of inform option 53 with value 8 packets received and transmitted Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Unassigned The number of lease unassigned option 53 wi...

Page 219: ...y filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host This page provides IP Source Guard related configuration The IP Source Guard Configuration screen is shown Figure 4 12 10 Figure 4 12 10 IP Source Guard Configuration screen page screenshot ...

Page 220: ...equal 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values IP Source Guard Static Table This page provides Static IP Source Guard Table The Static IP Source Guard Table screen is shown Figure 4 12 11 Figure 4 12 11 Static IP Source Guard Tabl...

Page 221: ...host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page provides ARP Inspection related configuration The ARP Inspection Configuration screen is shown Figure 4 12 12 Figure 4 12 12 ARP Inspection Configuration screen page screenshot ...

Page 222: ... undo any changes made locally and revert to previously saved values ARP Inspection Static Table This page provides Static ARP Inspection Table The Static ARP Inspection Table screen is shown Figure 4 12 13 Figure 4 12 13 Static ARP Inspection Table screen page screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next s...

Page 223: ...ng SMAC address have been seen after a configurable age time MAC Address Table Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here The MAC Address Table Configuration screen is shown Figure 4 13 1 Figure 4 13 1 MAC Address Table Configuration page screenshot The page includes the following fields O...

Page 224: ...heck to delete the entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Buttons Click to add new entry Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 225: ... Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup Whe...

Page 226: ...th source addresses already stored in the dynamic or static address table will be authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message source MAC address VLAN pair for frames received on the port Note...

Page 227: ...sh button will update the displayed table starting from that or the closest next Dynamic ARP Inspection Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached th...

Page 228: ...osest next Dynamic IP Source Guard Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button...

Page 229: ...ines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP M...

Page 230: ...wn frame is transmitted to the neighboring units signaling that the LLDP information isn t valid anymore Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds LLDP Port Configuration The LLDP port settings relate to the currently selected stack unit as reflected by the page header Object Description Port The sw...

Page 231: ... checked the system description is included in LLDP information transmitted Sys Capa Optional TLV When checked the system capability is included in LLDP information transmitted The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Mgmt Addr Optional TLV When ...

Page 232: ...r an LLDP MED Endpoint Device is detected will an LLDP MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbor has been detected in order share LLDP MED information as fast as possible to new neighbors Be...

Page 233: ...s Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is the North American Vertical Datum of 1988 NAVD88 This datum pair is to be used when referencing locations on land not near tidal water which would use Datum NAD83 MLLW NAD83 MLLW Nor...

Page 234: ... Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies a...

Page 235: ... all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with an untagged VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance Video Conferencing Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting...

Page 236: ...following fields Fast start repeat count Object Description Port The port on which the LLDP frame was received Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for...

Page 237: ...related to end user devices Example product categories expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support ...

Page 238: ...ity is the Layer 2 priority to be used for the specified application type One of eight priority levels 0 through 7 DSCP DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 Contain one of 64 code point values 0 through 63 Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic ref...

Page 239: ...entities to assist the discovery by the network management This could for instance hold the neighbor s IP address Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Port Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the wh...

Page 240: ...g some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a give...

Page 241: ...common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as follow If the link is established on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer If the link is established in 100Base TX or 10Base T the Cable Diagnostics cause the link to drop while the diagnostics are running After t...

Page 242: ...s Start 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMPv6 Ping screen is shown Figure 4 15 2 Figure 4 15 2 ICMPv6 Ping page screenshot The page includes the following fields Object Description IPv6 Address The destinatio...

Page 243: ...ty issues on special port After you press Test 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen is shown Figure 4 15 3 Figure 4 15 3 Remote IP Ping Test page screenshot ...

Page 244: ...ts are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnastic on a 10 or 100 Mbps management port w...

Page 245: ...Print out the cable diagnostics information Power over Ethernet GE DSSG 244 POE NS3601 24P 4S Providing up to 24 PoE in line power interface the PoE Switch can easily build a power central controlled IP phone system IP Camera system AP group for the enterprise For instance 24 camera AP can be easily installed around the corner in the company for surveillance demands or build a wireless roaming env...

Page 246: ...less power than the total potential power consumption of all the PoE ports in the system In order to maintain the majority of ports active power management is implemented The PSU input power consumption is monitored by measuring voltage and current The input power consumption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activa...

Page 247: ...total PoE power consumption request is over the allowed power supply limitation the system shut down PoE ports by port priority setting Ethernet Port Configuration This section allows the user to inspect and configure the current PoE port settings screen is shown Figure 4 16 2 Figure 4 16 2 PoE Configuration screenshot The page includes the following fields Object Description System PoE Admin Mode...

Page 248: ...peration Class 0 is the default for PDs However to improve power management at the PSE the PD may opt to provide a signature for Class 1 to 4 The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes A PD shall return Class 0 to 4 in accordance with the maximum power draw as specified by Table 4 16 1 ...

Page 249: ... priority There are three levels of power priority named Low High and Critical The priority is used in the case where the remote devices requires uses more power than power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the lowest port number Maximum Power The Maximum Power contains a numerical value that indicates the maximum power i...

Page 250: ...ert to previously saved values PoE Status This page allows the user to inspect the total power consumption total power reserved and current status for all PoE ports The screen is shown Figure 4 16 4 Figure 4 16 4 PoE Status screenshot The page includes the following fields Object Description Current Power Consumption Show the total watts usage of PoE Switch Total Power Reserved Shows how much the ...

Page 251: ...and operational modes A PD shall return Class 0 to 3 in accordance with the maximum power draw as specified by Table 4 16 1 Power Used W The Power Used shows how much power the PD currently is using Current Used mA The Power Used shows how much current the PD currently is using Priority The Priority shows the port s priority configured by the user Port Status The Port Status shows the port s statu...

Page 252: ...port enable and feed PoE power Start Min Allow choosing specific minutes for PoE port enable and feed PoE power End Hour Allow choosing specific hour for PoE port disable and stop feed PoE power End Min Allow choosing specific minutes for PoE port disable andn stop feed PoE power Reboot Enable Allow enabling or disable Reboot Enable function this function provides choose specific hour minutes for ...

Page 253: ...ing its Primary Power Source or its Backup Power Source it is indicated as Unknown If the device is a PD device it can either run on its local power supply or it can use the PSE as power source It can also use both its local power supply and the PSE If it is unknown what power supply the PD device is using it is indicated as Unknown Priority Power Priority represents the priority of the PD device ...

Page 254: ...atures are Hardware controlled stack wide learning and continuous automatic MAC table synchronization Shortest path forwarding providing low latency and optimal use of stacking link bandwidth QoS consistency across stack Single point of management for simple stack administration Low Cost and Flexible HDMI like Stacking cables Real Plug and Play connectivity The following figure shows an example wi...

Page 255: ...onfiguration page If the configuration of the switch is not to be transferred to another switch then the configuration may be deleted by choosing Delete followed by Save Replacing a Switch If a switch is to be replaced with another switch for example replacing failing hardware the following procedure must be used to assign the configuration of the failing switch to the new hardware 1 Remove the fa...

Page 256: ... with the smallest MAC address The above algorithm ensures that once a master has been elected and has been master for more than 30 seconds it will remain master However in some cases the user may want to enforce a new master election 4 17 1 3 Stack Redundancy In the unlikely event that a IFS Switch fails in a stack stack integrity is maintained if the redundant cable is connected to the stack The...

Page 257: ...ology Stack Configuration This page is used for configure the stack include assign Switch ID master priority and display the current stack member information The screen is shown Figure 4 17 6appears Figure 4 17 6 Stack Configuration page screenshot The page includes the following fields ...

Page 258: ... For example assume that the failing switch had Switch ID 3 2 Insert the new switch into the stack The new switch is assigned an unused Switch ID 3 To remove the automatic switch ID assignment choose Delete followed by Save The new switch is then shown with Switch ID set to 4 To assign the configuration of Switch ID 3 to the new hardware simply choose 3 in the Switch ID column and click Save 5 The...

Page 259: ...0 seconds it will remain master However in some cases the user may want to enforce a new master election This is done by clicking Start Master Election followed by Save This causes the first two criteria to be ignored thereby basing master election only on master priority and MAC address When master election is enforced the first two criteria are ignored for a period of 10 15 seconds On the Stack ...

Page 260: ... For details about the master election algorithm see Stack Configuration The Stack List screen is shown Figure 4 17 8 Figure 4 17 8 Stack Information page screenshot Stack List Master Forwarding Table As the heading suggests the information in the table is as seen from the master view For each switch in the stack the following information is shown The MAC address switch ID distance information and...

Page 261: ...ing Switch ID for each management purpose Step 1 linking the switches by CB STX50 stack cable Step 2 Check the Master LED of each IFS switch to find out the Master Switch that is elected automatically by the stack operation Step 3 Use the Web browser such as IE 7 0 to login the Master Switch the default IP address is 192 168 0 100 Or you can use the IFS Smart Discovery Utility to find out the IP a...

Page 262: ...c b2 Switch ID 2 to become the Stack Master and swap the Switch ID to 1 Select the switch with ID 1 and assign a new ID for this unit for example ID 4 Figure 4 17 13 Assing new ID for current master Select the target switch and set up with lower priority 1 also re assing the Switch ID 1 for it After click Save click Start Master Election and save again ...

Page 263: ...with MAC address 00 30 4f 7b 9e b2 become the stack master now Figure 4 17 15 The result after master election Step 6 After the Stack Master and Members have been configured any switch in the stack can be managed from the web agent by choosing the desired Member ID from the Switch drop down menu To connect to a Member switch through the CLI use the rcommand ...

Page 264: ...mporarily The slave IP address can be the same as Master IP address Thus if master switch is malfunction you can still access the other switch by same IP address If you have difficulty on selecting another switch you may be connecting to the slave switch s web please close the browser window use the arp d DOS command to clear the ARP table and then reopen the web ...

Page 265: ...system This chapter describes how to use the Command Line Interface CLI Logon to the Console Once the terminal has connected to the device power on the IFS Managed Switch the terminal will display that it is running testing procedures Then the following message asks the login username password The factory default password as following and the login screen is shown Figure 5 1 Username admin Passwor...

Page 266: ...ow Show the current IP address 1 On Switch prompt enter ip configuration 2 The screen displays the current IP address Subnet Mask and Gateway As show in Figure 5 2 Figure 5 2 Show IP information screen Configure IP address 3 On Switch prompt enter the following command and press Enter As show in Figure 5 3 Switch ip setup 192 168 0 101 255 255 255 0 192 168 0 253 1 The previous command would apply...

Page 267: ...n change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the term...

Page 268: ...MAC address table VLAN Virtual LAN PVLAN Private VLAN Security Security management STP Spanning Tree Protocol IGMP Internet Group Management Protocol snooping Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media PoE Power Over Ethernet QoS Quality of Service Mirror Port mirroring Config Load Save of configuratio...

Page 269: ... 5 C 121 1 F System Time 1970 01 01 Thu 00 08 08 0000 System Uptime 00 08 08 Software Version 1 5b100623 Software Date 2010 06 23 15 43 02 0800 Previous Restart Cold SID Software Version 1 1 5b100623 SWITCH System Name Description Set or show the system name Syntax System Name name Parameters name System name or clear to clear System name is a text string drawn from the alphabet A Za z digits 0 9 ...

Page 270: ... Parameters location System location string Use clear or to clear the string In CLI no blank or space characters are permitted as part of a contact Default Setting empty Example To set device location Switch System location 9F LAB System Timezone Description Set or show the system timezone offset Syntax System Timezone offset Parameters offset Time zone offset in minutes 720 to 720 relative to UTC...

Page 271: ...actory default configuration Syntax System Restore Default keep_ip Parameters keep_ip Keep IP configuration default Restore full configuration Example To restore default value but not reset IP address Switch system restore default keep_ip System Load Description Show current CPU load 100ms 1s and 10s running average in percent zero is idle Syntax System Load Example To show current CPU load Switch...

Page 272: ... Stack List Description Show the list of switches in stack Syntax Stack List detailed productinfo Parameters detailed productinfo Show product information Example Show the stack list Switch stack list Distance Master Stack Member SID Type Port 25 Port 26 Prio Time Reelect 00 30 4f 76 27 10 1 Mgd 0 0 3 00 17 57 0 SWITCH Stack Master Priority Description Set the master election priority Syntax Stack...

Page 273: ...ID Syntax Stack Select sid all Parameters sid all Switch ID 1 16 or all switch Default Setting Switch ID All Example Select the switch ID Switch stack select 1 SWITCH Switch_1 Stack SID Swap Description Swap SID values used to identify two switches Syntax Stack SID Swap sid sid Parameters sid Switch ID 1 16 default Show SID Example Change stack SID value Switch stack sid swap 1 2 Switch Stack SID ...

Page 274: ... ID 1 16 mac_addr MAC address xx xx xx xx xx xx Example Assign SID 10 for 00 30 4f 24 04 0a Switch stack sid assign 10 00 30 4f 24 04 0a Switch IP Command IP Configuration Description Show IP configuration Syntax IP Configuration Example Show IP configuration Switch ip configuration IP Configuration DHCP Client Disabled IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Serve...

Page 275: ...P address a b c d default Show IP address ip_mask IP subnet mask a b c d default Show IP mask ip_router IP router a b c d default Show IP router vid VLAN ID 1 4095 default Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 Example Set IP address SWITCH ip setup 192 168 0 100 255 255 255 0 IP Ping Description Ping IP addres...

Page 276: ...w the DNS server address Syntax IP DNS ip_addr Parameters ip_addr IP address a b c d default Show IP address Default Setting 0 0 0 0 Example Set DNS IP address SWITCH ip dns 168 95 1 1 IP DNS Proxy Description Set or show the IP DNS Proxy mode Syntax IP DNS_Proxy enable disable Parameters enable Enable DNS Proxy disable Disable DNS Proxy Default Setting disable Example Enable DNS proxy function SW...

Page 277: ...ple fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 vid VLAN ID 1 4095 default Show VLAN ID Default Setting IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 230 4fff fe24 4d1 IPv6 Address 192...

Page 278: ...Description Show NTP configuration Syntax IP NTP Configuration Default Setting IP NTP Configuration NTP Mode Disabled Idx Server IP host address a b c d or a host name string 1 pool ntp org 2 europe pool ntp org 3 north america pool ntp org 4 asia pool ntp org 5 oceania pool ntp org IP NTP Mode Description Set or show the NTP mode Syntax IP NTP Mode enable disable Parameters enable Enable NTP mode...

Page 279: ...s of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example To add IPv6 NTP server SWITCH ip ntp server ipv6 add 1 2001 7b8 ...

Page 280: ...n Set or show the port speed and duplex mode Syntax Port Mode port_list 10hdx 10fdx 100hdx 100fdx 1000fdx auto Parameters port_list Port list or all default All ports 10hdx 10 Mbps half duplex 10fdx 10 Mbps full duplex 100hdx 100 Mbps half duplex 100fdx 100 Mbps full duplex 1000fdx 1 Gbps full duplex auto Auto negotiation of speed and duplex default Show configured and current mode Default Setting...

Page 281: ...e Disable port1 SWITCH port state 1 disable Port Maximum Frame Description Set or show the port maximum frame size Syntax Port MaxFrame port_list max_frame Parameters port_list Port list or all default All ports max_frame Port maximum frame size 1518 9600 default Show maximum frame size Default Setting 9600 Example Set 2048 frame size for port1 SWITCH port maxframe 1 2048 Port Power Description Se...

Page 282: ...ort21 24 SWITCH port sfp Port Type Speed Wave Length nm Distance m 21 1000Base LX 1000 Base 1310 10000 22 1000Base LX 1000 Base 1310 10000 23 24 Port Excessive Description Set or show the port excessive collision mode Syntax Port Excessive port_list discard restart Parameters port_list Port list or all default All ports discard Discard frame after 16 collisions restart Restart backoff algorithm af...

Page 283: ...tistics high Show high priority statistics default Show all port statistics up Show ports which are up down Show ports which are down default Show all ports Port VeriPHY Description Run cable diagnostics Syntax Port VeriPHY port_list Parameters port_list Port list or all default All ports MAC Address Table Command MAC Configuration Description Show MAC address table configuration Syntax MAC Config...

Page 284: ...ss xx xx xx xx xx xx port_list Port list or all or none vid VLAN ID 1 4095 default 1 Example Add Mac address 00 30 4F 01 01 02 in port1 and vid1 SWITCH mac add 00 30 4f 01 01 02 1 1 MAC Delete Description Delete MAC address entry Syntax MAC Delete mac_addr vid Parameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 default 1 Example Delete Mac address 00 30 4F 01 01 02 in vid1 SWITCH ...

Page 285: ...0 1000000 0 disable default Show age time Default Setting 300 Example Set agetime value in 30 SWITCH mac agetime 30 MAC Learning Description Set or show the port learn mode Syntax MAC Learning port_list auto disable secure Parameters port_list Port list or all default All ports auto Automatic learning disable Disable learning secure Secure learning default Show learn mode Default Setting Auto Exam...

Page 286: ... 1 00 30 4f 24 04 d1 None CPU Static 1 33 33 ff 24 04 d1 None CPU Static 1 33 33 ff a8 00 64 None CPU Dynamic 1 40 61 86 04 18 69 10 Static 1 ff ff ff ff ff ff 1 24 CPU MAC Statistics Description Show MAC address table statistics Syntax MAC Statistics port_list Parameters port_list Port list or all default All ports Example Set all of MAC statistics SWITCH mac statistics Port Dynamic Addresses 1 0...

Page 287: ... ports Example Show VLAN status of port1 SWITCH vlan configuration 1 VLAN Configuration Mode IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type 1 1 Disabled All UnTag Disable N A VID Ports 1 1 24 VLAV PVID Description Set or show the port VLAN ID Syntax VLAN PVID port_list vid none Parameters port_list Port list or all default All ports vid none Port VLAN ID 1 4095 or none de...

Page 288: ...AN Ingress Filter Description Set or show the port VLAN ingress filter Syntax VLAN IngressFilter port_list enable disable Parameters port_list Port list or all default All ports enable Enable VLAN ingress filtering disable Disable VLAN ingress filtering default Show VLAN ingress filtering Default Setting Disable Example Enable VLAN ingress filtering for port20 SWITCH vlan ingressfilter 20 enable V...

Page 289: ...on Set or show the port Q in Q mode Syntax VLAN Qinqmode port_list disable man customer Parameters port_list Port list or all default All ports disable Disable Q in Q VLAN Mode man Q in Q MAN Port Mode customer Q in Q Customer Port Mode default Show VLAN QinQ Mode Example Set port2 in man port SWITCH vlan qinq 2 man VLAN Ethernet Type Description Set or show out layer VLAN tag ether type in Q in Q...

Page 290: ...17 24 VLAN Delete Description Delete VLAN entry Syntax VLAN Delete vid Parameters vid VLAN ID 1 4095 Example Delete port17 to port24 in VLAN10 SWITCH vlan delete 10 VLAN Lookup Description Lookup VLAN entry Syntax VLAN Lookup vid combined static nas mvr voice_vlan all Parameters vid VLAN ID 1 4095 default Show all VLANs combined Shows All the Combined VLAN database static Shows the VLAN entries co...

Page 291: ... VLAN Users configuration static static port configuration nas NAS port configuration mvr MVR port configuration voice_vlan Voice VLAN port configuration mstp MSTP port configuration all All VLAN Users configuration default combined VLAN Users configuration Default Setting Promiscous Example Show VLAN configuration of port10 SWITCH status 1 Port VLAN User Aware PVID Frame Type Ing Filter Tx Tag UV...

Page 292: ...N Configuration Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled 21 Disabled 22 Disabled 23 Disabled 24 Disabled PVLAN ID Ports 1 1 24 PVLAN Add Description Add or modify Private VLAN entry Syntax PVLAN ...

Page 293: ...okup Private VLAN entry Syntax PVLAN Lookup pvlan_id Parameters pvlan_id Private VLAN ID Example Lookup PVLAN SWITCH lookup PVLAN ID Ports 1 1 24 PVLAN Isolate Description Set or show the port isolation mode Syntax PVLAN Isolate port_list enable disable Parameters port_list Port list or all default All ports enable Enable port isolation disable Disable port isolation default Show port isolation po...

Page 294: ...dify users entry Syntax Security Switch Users Add user_name password privilege_level Parameters user_name A string identifying the user name that this entry should belong to password The password for this user name Use clear or as null string privilege_level User privilege level 1 15 Example Add new user username test password test privilege 10 SWITCH security switch users add test test 10 Securit...

Page 295: ...10 5 10 MVR 5 10 5 10 Maintenance 15 15 15 15 Mirroring 5 10 5 10 Port_Security 5 10 5 10 Ports 5 10 1 10 Private_VLANs 5 10 5 10 QoS 5 10 5 10 SNMP 5 10 5 10 Security 5 10 5 10 Spanning_Tree 5 10 5 10 System 5 10 1 10 UPnP 5 10 5 10 VLANs 5 10 5 10 Voice_VLAN 5 10 5 10 Security Switch Privilege Level Group Description Configure a privilege level group Syntax Security Switch Privilege Level Group ...

Page 296: ...od Local Authentication Fallback console local Disabled telnet local Disabled ssh local Disabled web local Disabled Security Switch Auth Method Description Set or show Auth method Syntax Security Switch Auth Method console telnet ssh web none local radius tacacs enable disable Parameters console Settings for console telnet Settings for telnet ssh Settings for ssh web Settings for web none Authenti...

Page 297: ...SH configuration SWITCH security switch ssh configuration SSH Configuration SSH Mode Disabled Security Switch SSH Mode Description Set or show the SSH mode Syntax Security Switch SSH Mode enable disable Parameters enable Enable SSH disable Disable SSH default Show SSH mode Default Setting disable Example Enable SSH function SWITCH security switch ssh mode enable Security Switch HTTPs Configuration...

Page 298: ...rity switch https mode enable Security Switch HTTPs Redirect Description et or show the HTTPS redirect mode Automatic redirect web browser to HTTPS during HTTPS mode enabled Syntax Security Switch HTTPS Redirect enable disable Parameters enable Enable HTTPs redirect disable Disable HTTPs redirect default Show HTTPs redirect mode Default Setting disable Example Enable HTTPs redirect function SWITCH...

Page 299: ...d Description Add access management entry Syntax Security Switch Access Add access_id start_ip_addr end_ip_addr web snmp telnet Parameters access_id entry index 1 16 start_ip_addr Start IP address a b c d end_ip_addr End IP address a b c d web WEB HTTPS interface snmp SNMP interface telnet TELNET SSH interface default Show configured and current mode Example Add access management list from 192 168...

Page 300: ...uous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 web WEB HTTPS interface snmp SNMP interface telnet TELNET SSH interface default Show configured and current mode Example Add access management list from 2001 0001 to 2001 0100 via web interface SWITCH security switch access add 2001 0001 2001 0100 web Security Switch Access Delete Descriptio...

Page 301: ...eive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Receive 0 Allow 0 Discard 0 Security Switch SNMP Configuration Description Show SNMP configuration Syntax Security Switch SNMP Configuration Example Show SNMP configuration SWITCH security switch snmp configuration SNMP Configuration SNMP Mode Enabled SNMP Version 2c Read Community public Write Community private Trap Mode Disabled Tra...

Page 302: ..._group 3 v2c public default_ro_group 4 v2c private default_rw_group 5 usm default_user default_rw_group Number of entries 5 SNMPv3 Views Table Idx View Name View Type OID Subtree 1 default_view included 1 Number of entries 1 SNMPv3 Accesses Table Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of entries 2 Security Switch SNMP Mode Descri...

Page 303: ... Security Switch SNMP Read Community community Parameters community Community string Use clear or to clear the string default Show SNMP read community Default Setting public Example Set SNMP read community private SWITCH security switch snmp read community private Security Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax Security Switch SNMP Wri...

Page 304: ...col version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP trap version in version 2c SWITCH security switch snmp trap version 2c Security Switch SNMP Trap Community Description Set or show the community string for SNMP traps Syntax Security Switch SNMP Trap Community ...

Page 305: ...ch field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example Set SNMP trap IPv6 destination address for 2001 0001 SWITCH security switch snmp trap ipv6 destination 2001 0001 Security Sw...

Page 306: ...e disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting enable Example Disable SNMP trap inform mode SWITCH security switch snmp trap inform mode disable Security Switch SNMP Trap Inform Timeout Description Set or show the SNMP trap inform timeout usecs Syntax Security Switch SNMP Trap Inform Timeout timeout Parameters time...

Page 307: ...obe default Show SNMP trap security engine ID probe mode Default Setting enable Example Disable SNMP trap probe security engine ID SWITCH security switch snmp trap probe security engine id disable Security Switch SNMP Trap Security Engine ID Description Set or show SNMP trap security engine ID Syntax Security Switch SNMP Trap Security Engine ID engineid Parameters engineid Engine ID the format may...

Page 308: ...itch snmp engine id 800007e5017f000002 Security Switch SNMP Community Add Description Add or modify SNMPv3 community entry The entry index key is community Syntax Security Switch SNMP Community Add community ip_addr ip_mask Parameters community Community string ip_addr IP address a b c d default Show IP address ip_mask IP subnet mask a b c d default Show IP mask Example Add SNMPv3 community entry ...

Page 309: ...t be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to md5 An optional flag to indicate that this user using MD5 authentication protocol sha An optional flag to indicate that this user using SHA authentication protocol auth_password A string identifying the authentication pass phrase des An optional flag to in...

Page 310: ...ookup Description Lookup SNMPv3 user entry Syntax Security Switch SNMP User Lookup index Parameters index entry index 1 64 Example Lookup SNMPv3 user entry SWITCH security switch snmp user lookup Idx Engine ID User Name Level Auth Priv 1 Remote admin_snmpv3 Auth Priv MD5 DES Number of entries 1 Security Switch SNMP Group Add Description Add or modify SNMPv3 group entry The entry index key are secu...

Page 311: ...2c public default_ro_group 4 v2c private default_rw_group 5 usm default_user default_rw_group Number of entries 4 Security Switch SNMP View Add Description Add or modify SNMPv3 view entry The entry index key are view_name and oid_subtree Syntax Security Switch SNMP View Add view_name included excluded oid_subtree Parameters view_name A string identifying the view name that this entry should belong...

Page 312: ...ty_model and security_level Syntax Security Switch SNMP Access Add group_name security_model security_level read_view_name write_view_name Parameters group_name A string identifying the group name that this entry should belong to security_model any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM security_level noAuthNoPriv No...

Page 313: ...ndex Parameters index entry index 1 64 Example Lookup SNMPv3 access entry SWITCH security switch snmp access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of entries 2 Security Network Psec Switch Description Show Port Security status Syntax Security Network Psec Switch port_list Parameters port_list Port list or all default All ...

Page 314: ...iption Show MAC Addresses learned by Port Security Syntax Security Network Psec Port port_list Parameters port_list Port list or all default All ports Example Show MAC address learned on port 1 SWITCH security network psec port 1 Port 1 MAC Address VID State Added Age Hold Time none Security Network Limit Configuration Description Show Limit Control configuration Syntax Security Network Limit Conf...

Page 315: ...e 19 Disabled 4 None 20 Disabled 4 None 21 Disabled 4 None 22 Disabled 4 None 23 Disabled 4 None 24 Disabled 4 None Security Network Limit Mode Description Set or show global enabledness Syntax Security Network Limit Mode enable disable Parameters enable Globally enable port security disable Globally disable port security default Show current global enabledness of port security limit control Defau...

Page 316: ...0 Example Set age time in 100sec SWITCH security network limit agetime 100 Security Network Limit Port Description Set or show per port enabledness Syntax Security Network Limit Port port_list enable disable Parameters port_list Port list or all default All ports enable Enable port security on this port disable Disable port security on this port default Show current port enabledness of port securi...

Page 317: ...ken in case the number of MAC addresses exceeds the limit none Don t do anything trap Send an SNMP trap shut Shutdown the port trap_shut Send an SNMP trap and shutdown the port default Show current action Default Setting none Example Set trap mode for limit action for port 1 SWITCH security network limit action 1 trap Security Network Limit Reopen Description Reopen one or more ports whose limit i...

Page 318: ... show the global NAS enabledness Syntax Security Network NAS Mode enable disable Parameters enable Globally enable 802 1X disable Globally disable 802 1X default Show current 802 1X global enabledness Default Setting disable Example Enable IEEE802 1X function SWITCH security network nas mode enable Security Network NAS State Description Set or show the port security state Syntax Security Network N...

Page 319: ... current reauthentication mode Default Setting disable Example Enable reauthentication function SWITCH security network nas reauthentication enable Security Network NAS ReauthPeriod Description Set or show the period between reauthentications Syntax Security Network NAS ReauthPeriod reauth_period Parameters reauth_period Period between reauthentications 1 3600 seconds default Show current reauthen...

Page 320: ...ge time Default Setting 300 Example Set NAS age time in 1000sec SWITCH security network nas agetime 1000 Security Network NAS Holdtime Description Time in seconds before a MAC address that failed authentication gets a new authentication chance Syntax Security Network NAS Holdtime hold_time Parameters hold_time Hold time before MAC addresses that failed authentication expire default Show current ho...

Page 321: ...work nas radius_vlan enable Security Network NAS Guest_VLAN Description Set or show either global enabledness and parameters use the global keyword or per port enabledness of Guest VLAN Unless the global keyword is used the reauth_max and allow_if_eapol_seen parameters will not be unused Syntax Security Network NAS Guest_VLAN global port_list enable disable vid reauth_max allow_if_eapol_seen Param...

Page 322: ...now for port 1 SWITCH security network nas authenticate 1 now Security Network NAS Statistics Description Show or clear 802 1X statistics Syntax Security Network NAS Statistics port_list clear eapol radius Parameters port_list Port list or all default All ports clear Clear statistics eapol Show EAPOL statistics radius Show Backend Server statistics default Show all statistics Example Show 802 1X s...

Page 323: ...abled Disabled Disabled Disabled 0 9 1 Permit Disabled Disabled Disabled Disabled 0 10 1 Permit Disabled Disabled Disabled Disabled 0 11 1 Permit Disabled Disabled Disabled Disabled 0 12 1 Permit Disabled Disabled Disabled Disabled 0 13 1 Permit Disabled Disabled Disabled Disabled 0 14 1 Permit Disabled Disabled Disabled Disabled 0 15 1 Permit Disabled Disabled Disabled Disabled 0 16 1 Permit Disa...

Page 324: ...xample Show ACL action in port 1 SWITCH security network acl action 1 Port Action Rate Limiter Port Copy Logging Shutdown Counter 1 Permit Disabled Disabled Disabled Disabled 0 Security Network ACL Policy Description Set or show the ACL port policy Syntax Security Network ACL Policy port_list policy Parameters port_list Port list or all default All ports policy Policy number 1 8 Default Setting 1 ...

Page 325: ...ort dport ip_flags tcp_flags permit deny rate_limiter port_copy logging shutdown Parameters ace_id ACE ID 1 128 default Next available ID ace_id_next Next ACE ID 1 128 default Add ACE last switch Switch ACE keyword port Port ACE keyword port Port number policy Policy ACE keyword policy Policy number 1 8 vid VLAN ID 1 4095 or any tag_prio VLAN tag priority 0 7 or any dmac_type DMAC type any unicast...

Page 326: ...H security network acl lookup 1 Security Network ACL Clear Description Clear all ACL counters Syntax Security Network ACL Clear Example Clear all ACL counters SWITCH security network acl clear Security Network ACL Status Description Show ACL status Syntax Security Network ACL Status combined static dhcp upnp arp_inspection ip_source_guard conflicts Parameters combined Shows the combined status sta...

Page 327: ...rity Network DHCP Relay Mode Description Set or show the DHCP relay mode Syntax Security Network DHCP Relay Mode enable disable Parameters enable Enable DHCP relaly mode When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for security considere...

Page 328: ...on mode Default Setting disable Example Enable DHCP relay agent information option mode SWITCH security network dhcp relay information mode enable Security Network DHCP Relay Information Policy Description Set or show the DHCP relay mode When enable DHCP relay information mode operation if agent receive a DHCP message that already contains relay agent information It will enforce the policy Syntax ...

Page 329: ...ax Security Network DHCP Snooping Configuration Example Set NAS age time in 1000sec SWITCH security network dhcp snooping configuration DHCP Snooping Configuration DHCP Snooping Mode Disabled Port Port Mode 1 trusted 2 trusted 3 trusted 4 trusted 5 trusted 6 trusted 7 trusted 8 trusted 9 trusted 10 trusted 11 trusted 12 trusted 13 trusted 14 trusted 15 trusted 16 trusted 17 trusted 18 trusted 19 t...

Page 330: ...All ports trusted Configures the port as trusted sources of the DHCP message untrusted Configures the port as untrusted sources of the DHCP message default Show flow DHCP snooping port mode Default Setting trusted Example Set untrusted DHCP snooping port mode in port 1 SWITCH security network dhcp snooping port mode 1 untrusted Security Network DHCP Snooping Statistics Description Show or clear DH...

Page 331: ... 1 Disabled unlimited 2 Disabled unlimited 3 Disabled unlimited 4 Disabled unlimited 5 Disabled unlimited 6 Disabled unlimited 7 Disabled unlimited 8 Disabled unlimited 9 Disabled unlimited 10 Disabled unlimited 11 Disabled unlimited 12 Disabled unlimited 13 Disabled unlimited 14 Disabled unlimited 15 Disabled unlimited 16 Disabled unlimited 17 Disabled unlimited 18 Disabled unlimited 19 Disabled ...

Page 332: ...ult Setting disable Example Enable IP source guard port mode for port1 4 SWITCH security network ip source guard port mode 1 4 enable Security Network IP Source Guard Limit Description Set or show the IP Source Guard port limitation for dynamic entries Syntax Security Network IP Source Guard limit port_list dynamic_entry_limit unlimited Parameters port_list Port list or all default All ports dynam...

Page 333: ...curity Network IP Source Guard Status port_list Parameters port_list Port list or all default All ports Example Show IP source guard static and dynamic entries SWITCH security network ip source guard status Security Network ARP Inspection Configuration Description Show ARP inspection configuration Syntax Security Network ARP Inspection Configuration Example Show ARP inspection configuration SWITCH...

Page 334: ...y port_list add delete vid allowed_mac allowed_ip Parameters port_list Port list or all default All ports add Add new port ARP inspection static entry delete Delete existing port ARP inspection static entry vid VLAN ID 1 4095 allowed_mac MAC address xx xx xx xx xx xx MAC address allowed for doing ARP request allowed_ip IP address a b c d IP address allowed for doing ARP request Default Setting 300...

Page 335: ...isabled 1812 3 Disabled 1812 4 Disabled 1812 5 Disabled 1812 RADIUS Accounting Server Configuration Server Mode IP Address Secret Port 1 Disabled 1813 2 Disabled 1813 3 Disabled 1813 4 Disabled 1813 5 Disabled 1813 TACACS Authentication Server Configuration Server Mode IP Address Secret Port 1 Disabled 49 2 Disabled 49 3 Disabled 49 4 Disabled 49 5 Disabled 49 Security AAA Timeout Description Set ...

Page 336: ...port Parameters The server index 1 5 default Show RADIUS authentication server configuration enable Enable RADIUS authentication server disable Disable RADIUS authentication server default Show RADIUS server mode ip_addr_string IP host address a b c d or a host name string secret Secret shared with external authentication server To set an empty secret use two quotes To use spaces in secret enquote...

Page 337: ...y AAA TACACS server_index enable disable ip_addr_string secret server_port Parameters The server index 1 5 default Show TACACS authentication server configuration enable Enable TACACS authentication server disable Disable TACACS authentication server default Show TACACS server mode ip_addr_string IP host address a b c d or a host name string secret Secret shared with external authentication server...

Page 338: ...ld Count 6 Max Hop Count 20 STP Version Description Set or show the STP Bridge protocol version Syntax STP Version stp_version Parameters stp_version mstp rstp stp Default Setting MSTP Example Set the STP Bridge protocol version SWITCH stp version rstp STP Tx Hold Description Set or show the STP Bridge Transmit Hold Count parameter Syntax STP Txhold holdcount Parameters holdcount STP Transmit Hold...

Page 339: ...x STP MaxAge max_age Parameters max_age STP maximum age time 6 40 and max_age forward_delay 1 2 Default Setting 20 Example Set STP maximum age time in 10 SWITCH stp maxage 10 STP FwdDelay Description Set or show the CIST MSTI bridge forward delay Syntax STP FwdDelay delay Parameters delay MSTP forward delay 4 30 and max_age forward_delay 1 2 Default Setting 15 Example Set STP forward delay value i...

Page 340: ...port BPDU Filtering Syntax STP bpduFilter enable disable Parameters enable disable enable or disable BPDU Filtering for Edge ports Default Setting Disable Example Set edge port BPDU filtering SWITCH stp bpdufilter enable STP BPDU Guard Description Set or show edge port BPDU Guard Syntax STP bpduGuard enable disable Parameters enable disable enable or disable BPDU Guard for Edge ports Default Setti...

Page 341: ...xample Show STP Bridge status SWITCH stp status CIST Bridge STP Status Bridge ID 80 00 00 30 4F 24 04 D1 Root ID 80 00 00 30 4F 24 04 D1 Root Port Root PathCost 0 Regional Root 80 00 00 30 4F 24 04 D1 Int PathCost 0 Max Hops 20 TC Flag Steady TC Count 0 TC Last Port Port Role State Pri PathCost Edge P2P Uptime 14 DesignatedPort Forwarding 128 20000 Yes Yes 0d 00 10 32 STP MSTI Priority Description...

Page 342: ... stp msti priority 1 48 STP MSTI Add Description Add a VLAN to a MSTI Syntax STP Msti Add msti vid Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 vid VLAN ID 1 4095 Example Add MST1 in vlan1 SWITCH stp msti add 1 1 STP Port Configuration Description Show STP Port configuration Syntax STP Port Configuration port_list Parameters port_list Port list or all Port zero means aggregations Exam...

Page 343: ...he STP adminEdge port parameter Syntax STP Port Edge port_list enable disable Parameters port_list Port list or all default All ports Enable Configure MSTP adminEdge to Edge Disable Configure MSTP adminEdge to Non edge Default Enable Example Disable STP edge function on port1 SWITCH stp port edge 1 disable STP Port AutoEdge Description Set or show the STP autoEdge port parameter Syntax STP Port Au...

Page 344: ... Port RestrictedRole Description Set or show the MSTP restrictedRole port parameter Syntax STP Port RestrictedRole port_list enable disable Parameters port_list Port list or all default All ports enable Enable MSTP restricted role disable Disable MSTP restricted role Default disable Example Eisable STP restricted role on port1 SWITCH stp port restrictedrole 1 enable STP Port RestrictedTcn Descript...

Page 345: ... port1 SWITCH stp port bpduguard 1 enable STP Port Statistic Description Show STP port statistics Syntax STP Port Statistics port_list Parameters port_list Port list or all default All ports Example Show STP port statistics SWITCH stp port statistics Port Rx MSTP Tx MSTP Rx RSTP Tx RSTP Rx STP Tx STP Rx TCN Tx TCN Rx Ill Rx Unk 14 0 579 0 0 0 0 0 0 0 0 STP Port Mcheck Description Set the STP mChec...

Page 346: ...I Port Cost Description Set or show the STP CIST MSTI port path cost Syntax STP Msti Port Cost msti port_list path_cost Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port zero means aggregations path_cost STP port path cost 1 200000000 or auto Default auto Example Set MSTI7 in port1 SWITCH stp msti port cost 7 1 MSTI Port Path Cost MST7 1 Auto STP MSTI Port P...

Page 347: ...IGMP Mode Description Set or show the IGMP snooping mode Syntax IGMP Mode enable disable Parameters enable Enable IGMP snooping disable Disable IGMP snooping default Show IGMP snooping mode Default Setting Disabled Example Enable IGMP mode SWITCH igmp mode enable IGMP Leave Proxy Description Set or show the mode of IGMP Leave Proxy Syntax IGMP Leave Proxy enable disable Parameters enable Enable IG...

Page 348: ...iption Set or show the IGMP snooping querier mode for VLAN Syntax IGMP Querier vid enable disable Parameters vid VLAN ID 1 4095 default Show all VLANs enable Enable IGMP querier disable Disable IGMP querier default Show IGMP querier mode Default Setting disable Example Enable the IGMP snooping querier mode for VLAN SWITCH igmp querier 1 enable IGMP Fastleave Description Set or show the IGMP snoopi...

Page 349: ...SWITCH igmp throttling 1 10 IGMP Filtering Description Set or show the IGMP port group filtering list Syntax IGMP Filtering port_list add del group_addr Parameters port_list Port list or all default All ports add Add new port group filtering entry del Del existing port group filtering entry default Show IGMP port group filtering list IP multicast group address a b c d Default Setting No filtering ...

Page 350: ... the IGMP snooping unregistered flood operation Syntax IGMP Flooding enable disable Parameters enable Enable IGMP flooding disable Disable IGMP flooding default Show IGMP flood mode Default Setting disable Example Enable IGMP flooding function SWITCH igmp flooding enable IGMP Groups Description Show IGMP groups Syntax IGMP Groups vid Parameters vid VLAN ID 1 4095 IGMP Status Description Show IGMP ...

Page 351: ...on Add Description Add or modify link aggregation Syntax Aggr Add port_list aggr_id Parameters port_list Port list aggr_id Aggregation ID global 1 2 local 3 14 Default Setting disable Example Add port 1 4 in Group1 SWITCH aggr add 1 4 1 Aggregation Delete Description Delete link aggregation Syntax Aggr Delete aggr_id Parameters aggr_id Aggregation ID global 1 2 local 3 14 Example Delete Group2 SWI...

Page 352: ...s dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribution Default Setting SMAC Enabled DMAC Disabled IP Enabled Port Enabled Example Disable SMAC mode SWITCH Aggr mode smac disable Link Aggregation Control Protocol Command LACP Configuration Description Show ...

Page 353: ... Auto Active 19 Disabled Auto Active 20 Disabled Auto Active 21 Disabled Auto Active 22 Disabled Auto Active 23 Disabled Auto Active 24 Disabled Auto Active LACP Mode Description Set or show LACP mode Syntax LACP Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable LACP protocol disable Disable LACP protocol default Show LACP mode Default Setting disa...

Page 354: ...et passive for port1 4 SWITCH lacp role 1 4 passive LACP Status Description Show LACP Status Syntax LACP Status port_list Parameters port_list Port list or all default All ports Example Show LACP status of port1 4 SWITCH lacp status 1 4 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 1 2 Disabled 1 3 Disabled 1 4 Disabled 1 LACP Statistics Description Show LACP Statistics Syntax LA...

Page 355: ...ort Descr System Name System Descr System Capa Mgmt Addr CDP awareness 1 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 2 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 3 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 4 Enabled Enabled Enabled Enabled Enabled Enabled Disabled LLDP Mode Description Set or show LLDP mode Syntax LLDP Mode port_list enable disable rx tx P...

Page 356: ...ional TLV s configuration enable Enables TLV disable Disable TLV default Show optional TLV s configuration Default Setting Description of the port Enable System name Enable Description of the system Enable System capabilities Enable Master s IP address Enable Example Disable description of the port for port1 SWITCH lldp optional_tlv 1 port_descr disable LLDP Interval Description Set or show LLDP T...

Page 357: ...lay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 SWITCH lldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syntax LLDP Reinit reinit Parameters reinit LLDP reinit delay 1 10 Default Setting 2 Example Set LLDP reinit delay value in 3 SWITCH lldp reinit 3 LLDP Statistics Description Show LLDP Statistics Syntax LLDP Statistics port_list clear Parameters port_list Port li...

Page 358: ...LDP Info port_list Parameters port_list Port list or all default All ports LLDP CDP Aware Description Set or show if discovery information from received CDP Cisco Discovery Protocol frames is added to the LLDP neighbor table Syntax LLDP cdp_aware port_list enable disable Parameters port_list Port list or all default All ports enable Enable CDP awareness CDP discovery information is added to the LL...

Page 359: ...ional_code civic_value Parameters country Country state National subdivisions state caton region province prefecture county County parish gun JP district IN city City townchip shi JP district City division borough city district ward chou JP block Neighborhood block street Street leading_street_direction Leading street direction trailing_street_suffix Trailing street suffix str_suf Street Suffix ho...

Page 360: ... their own IP Telephony handsets and other similar appliances supporting interactive voice services guest_voice_signaling Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media softphone_voice Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops ...

Page 361: ... with max 4 digits Positive numbers are north of the equator and negative numbers are south of the equator longitude Longitude 0 to 180 degress with max 4 digits Positive values are East of the prime meridian and negative numbers are West of the prime meridian altitude Altitude Meters or floors with max 4 digits default Show coordinate location configuration north south west east meters floor Nort...

Page 362: ...e Parameters port_list Port list or all default All ports enable Enable Set medTansmitEnable variable to true disable Disable Set medTansmitEnable variable to false default Show medTansmitEnable variable value Power over Ethernet Command PoE Configuration Description Show PoE configuration Syntax PoE Configuration Parameters port_list Port list or all default All ports Example Show PoE configurati...

Page 363: ...w the PoE mode Syntax PoE Mode port_list enable disable af at Parameters port_list Port list or all default All ports enable Enables PoE disable Disable PoE default Show PoE s mode af PoE to af mode Default Setting enable Example Disable PoE function of port1 4 SWITCH poe mode1 4 disable PoE Priority Description Show Set PoE Priority Syntax PoE Priority port_list low high critical Parameters port_...

Page 364: ...e for PoE function SWITCH poe mgmt_mode mgt_priority PoE Maximum Power Description Set or show PoE maximum power per port 0 15 4 with one digit Syntax PoE Maximum_Power port_list port_power Parameters port_list Port list or all default All ports port_power PoE maiximum power for the port 0 15 4 Default Setting 15 4 Example Set maximum power in 10 watts for port1 4 SWITCH poe maximum_power 1 4 10 P...

Page 365: ...nd QoS Configuration Description Show QoS Configuration Syntax QoS Configuration port_list Parameters port_list Port list or all default All ports Example Show QoS Configuration of port 1 4 SWITCH qos configuration 1 4 QoS Configuration Traffic Classes 4 Storm Multicast Disabled 1 pps Storm Broadcast Disabled 1 pps Storm Unicast Disabled 1 pps Port Default Tag Priority QCL ID Rate Limiter Shaper M...

Page 366: ... priority Syntax QoS Default port_list class Parameters port_list Port list or all default All ports class Traffic class low normal medium high or 1 2 3 4 Default Setting Low Example Set high priority for port5 SWITCH qos default 5 high QoS Tag Priority Description Set or show the port VLAN tag priority Syntax QoS Tagprio port_list tag_prio Parameters port_list Port list or all default All ports t...

Page 367: ... be placed before this QCE in the list If the next QCE ID is not specified the QCE will be placed last in the list Syntax QoS QCL Add qcl_id qce_id qce_id_next etype etype vid vid port udp_tcp_port dscp dscp tos tos_list tag_prio tag_prio_list class Parameters qcl_id QCL ID qce_id QCE ID 1 24 qce_id_next Next QCE ID 1 24 etype Ethernet Type keyword etype Ethernet Type vid VLAN ID keyword vid VLAN ...

Page 368: ...ode for port15 SWITCH qos mode 15 weighted QoS Weight Description Set or show the port egress scheduler weight Syntax QoS Weight port_list class weight Parameters port_list Port list or all default All ports class Traffic class low normal medium high or 1 2 3 4 weight Traffic class weight 1 2 4 8 QoS Rate Limiter Description Set or show the port rate limiter Syntax QoS Rate Limiter port_list enabl...

Page 369: ... for port 9 16 SWITCH qos shaper 9 16 enable 1000 QoS Storm Unicast Description Set or show the unicast storm rate limiter Syntax QoS Storm Unicast enable disable packet_rate Parameters enable Enable unicast storm control disable Disable unicast storm control packet_rate Rate in pps 1 2 4 512 1k 2k 4k 1024k Default Setting Disabled 1pps Example Enable unicast storm rate limiter in 1kpps SWITCH qos...

Page 370: ... Disabled 1pps Example Enable broadcast storm rate limiter in 1kpps SWITCH qos storm broadcast enable 1k QoS DSCP Remarking Description Set or show the status of QoS DSCP Remarking Syntax QoS DSCP Remarking port_list enable disable Parameters port_list Port list or all default All ports enable Enable QoS Remarking disable Disable QoS Remarking Default Setting Disabled Example Enable the status of ...

Page 371: ...fault All ports Default Setting disable Example Show mirror configuration SWITCH mirror configuration Mirror Port Description Set or show the mirror port Syntax Mirror Port port disable Parameters port disable Mirror port or disable default Show port Default Setting Mirror Port 1 Example Set port 2 for the mirror port SWITCH mirror port 2 Mirror SID Description Set or show the mirror switch ID Syn...

Page 372: ...tting disable Example Enable the mirror mode for port 1 4 SWITCH mirror mode 1 4 enable Configuration Command Configuration Save Description Save configuration to TFTP server Syntax Config Save ip_server file_name Parameters ip_server TFTP server IP address a b c d file_name Configuration file name Configuration Load Description Load configuration from TFTP server Syntax Config Load ip_server file...

Page 373: ...Pv6 Load Description Load new firmware from IPv6 TFTP server Syntax Firmware IPv6 Load ipv6_server file_name Parameters ipv6_server TFTP server IPv6 address UPnP Command UPnP Configuration Description Show UPnP configuration Syntax UPnP Configuration Example Show UPnP configuration SWITCH upnp configuration UPnP Configuration UPnP Mode Disabled UPnP TTL 4 UPnP Advertising Duration 100 UPnP Mode De...

Page 374: ...Show UPnP TTL Default Setting 4 Example Set the value 10 for TTL value of the IP header in SSDP messages SWITCH upnp ttl 10 UPnP Advertising Duration Description Set or show UPnP Advertising Duration Syntax UPnP Advertising Duration duration Parameters duration duration range 100 86400 default Show UPnP duration range Default Setting 100 Example Set value 1000 for UPnP Advertising Duration SWITCH ...

Page 375: ...sabled Receive Disabled 11 Disabled Receive Disabled 12 Disabled Receive Disabled 13 Disabled Receive Disabled 14 Disabled Receive Disabled 15 Disabled Receive Disabled 16 Disabled Receive Disabled 17 Disabled Receive Disabled 18 Disabled Receive Disabled 19 Disabled Receive Disabled 20 Disabled Receive Disabled 21 Disabled Receive Disabled 22 Disabled Receive Disabled 23 Disabled Receive Disabled...

Page 376: ...MVR mode disable Disable MVR mode default Show MVR mode Default Setting disable Example Enable the MVR port mode for port 1 4 SWITCH mvr port mode 1 4 enable MVR Multicast VLAN Description Set or show MVR multicast VLAN ID Syntax MVR Multicast VLAN vid Parameters vid VLAN ID 1 4095 default Show current MVR multicast VLAN ID Default Setting 100 Example Set VLAN 1000 for MVR multicast VLAN ID SWITCH...

Page 377: ...ll default All ports enable Enable Immediate leave mode disable Disable Immediate leave mode default Show MVR Immediate leave mode Default Setting disable Example Enable MVR port state about immediate leave for port 1 SWITCH mvr immediate leave 1 enable Voice VLAN Command Voice VLAN Configuration Description Show Voice VLAN configuration Syntax Voice VLAN Configuration Example Show Voice VLAN conf...

Page 378: ...1 Disabled Disabled 12 Disabled Disabled 13 Disabled Disabled 14 Disabled Disabled 15 Disabled Disabled 16 Disabled Disabled 17 Disabled Disabled 18 Disabled Disabled 19 Disabled Disabled 20 Disabled Disabled 21 Disabled Disabled 22 Disabled Disabled 23 Disabled Disabled 24 Disabled Disabled Voice VLAN Mode Description Set or show the Voice VLAN mode We must disable MSTP feature before we enable V...

Page 379: ...ime age_time Parameters age_time MAC address age time 10 10000000 default Show age time Default Setting 86400sec Example Set Voice VLAN age time in 100sec SWITCH voice valn agetime 100 Voice VLAN Traffic Class Description Set or show Voice VLAN ID Syntax Voice VLAN Traffic Class class Parameters class Traffic class low normal medium high or 1 2 3 4 Default Setting high Example Set medium traffic c...

Page 380: ...UI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Delete oui_addr Parameters oui_addr OUI address xx xx xx Example Delete Voice VLAN OUI entry SWITCH voice vlan oui delete 00 11 22 Voice VLAN OUI Clear Description Clear Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Clear Example Clear Voice VLAN OUI entry SWITCH ...

Page 381: ...Voice VLAN port mode Default Setting disable Example Set auto mode for port 1 4 of Voice VLAN port mode SWITCH voice vlan port mode 1 4 auto Voice VLAN Security Description Set or show the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Syntax Voice VLAN Security port_list enable disable Parameters port_list Port lis...

Page 382: ...ort Parameters server SMTP server address port SMTP server port Default Setting disable SMTP Auth Description Enable or disable SMTP authentication configure Syntax SMTP Auth enable disable Parameters enable Enable SMTP Authentication disable Disable SMTP Authentication default Show SMTP Authentication Default Setting disable SMTP Auth_user Description Set or show SMTP authentication user name con...

Page 383: ...m_text Parameters mailfrom_text SMTP E mail From address Default Setting disable SMTP Mailsubject Description Set or show SMTP e mail subject configure Syntax SMTP Mailsubject mailsubject_text Parameters mailsubject_text SMTP E mail Subject Default Setting disable SMTP Mailto1 Description Set or show SMTP e mail 1 to configure Syntax SMTP Mailto1 mailto1_text Parameters mailto1_text SMTP e mail 1 ...

Page 384: ... Link Aggregation Configuration Description Show link aggregation configuration Syntax Show aggr Show IGMP Configuration Description Show IGMP snooping configuration Syntax Show igmp Show IP Configuration Description Show IP configuration Syntax Show ip Show LACP Configuration Description Show LACP configuration Syntax Show lacp Show LLDP Configuration Description Show LLDP configuration Syntax Sh...

Page 385: ...cription Show PoE configuration Syntax Show PoE Show Port Configuration Description Show port configuration Syntax Show port Show Private VLAN Configuration Description Show Private VLAN configuration Syntax Show pvlan Show QoS Configuration Description Show QoS Configuration Syntax Show QoS Show SNMP Configuration Description Show SNMP configuration Syntax Show SNMP Show Stack Configuration Descr...

Page 386: ... Show stack Show System Configuration Description Show system configuration Syntax Show system Show VLAN Configuration Description Show VLAN configuration Syntax Show vlan Show STP Configuration Description Show STP Port configuration Syntax Show STP ...

Page 387: ...rence it is the best choice when a network needs efficiency and stability The Ethernet Switch scans the destination address from the packet header searches the routing table pro vided for the incoming port and forwards the packet only if required The fast forwarding makes the switch attractive for connecting servers directly to the network thereby increasing throughput and availability How ever th...

Page 388: ...User s Manual of NS3601 24P 4S Series 386 ...

Page 389: ...Span End Span device is direct connecting with power device End Span could also tap the wire 1 2 and 3 6 PoE System Architecture The specification of PoE typically requires two devices the Powered Source Equipment PSE and the Powered Device PD The PSE is either an End Span or a Mid Span while the PD is a PoE enabled terminal such as IP Phones Wireless LAN etc Power can be delivered over data pairs...

Page 390: ...emi com PowerDsine Linear Tech http www linear com The PoE Provision Process While adding PoE support to networked devices is relatively painless it should be realized that power cannot simply be transferred over existing CAT 5 cables Without proper preparation doing so may result in damage to devices that are not designed to support provision of power over their network interfaces The PSE is the ...

Page 391: ...ts may reduce total system costs Start up Once line detection and optional classification stages are completed the PSE must switch from low voltage to its full voltage capacity 44 57 Volts over a minimal amount of time above 15 microseconds A gradual startup is required as a sudden rise in voltage reaching high frequencies would introduce noise on the data lines Once provision of power is initiate...

Page 392: ...hod is based on the fact that when a valid PD is connected to a port the AC impedance measured on its terminals is significantly lower than in the case of an open port disconnected PD AC Disconnect detection involves the induction of low AC signal in addition to the 48 VDC operating voltage The returned AC signal amplitude is monitored by the PSE at the port terminals During normal operation the P...

Page 393: ... installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 100Base TX port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting Switch does...

Page 394: ...t Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment Contact MDI Medi...

Page 395: ...een 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Figure A 1 Straight Through and Cro...

Page 396: ...y 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the Web page help text to get further information for each of them The maximum number of ACEs is 64 ACL Ports The ACL Ports configuration is used to assign a Policy ...

Page 397: ... a OAM frame transmitted from a MEP to it s peer MEP and used to implement CC functionality CDP CDP is an acronym for Cisco Discovery Protocol D DEI DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering b...

Page 398: ...nts MAC address DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server DNS DNS is an acronym for Domain Name System It stores and associates many types of information with domain names Most importantly DNS translates human frie...

Page 399: ...s used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 instead of HTTP port 80 in...

Page 400: ... of webmasters taking addresses in large blocks the bulk of which remain unused There is a rather substantial movement to adopt a new version of the Internet Protocol IPv6 which would have 128 bits Internet Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet IPMC IPMC is an acron...

Page 401: ...s SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time MEP MEP is an acronym for Maintenance Entity Endpoint and is an endpoint...

Page 402: ...or to store resources in a central location on the network providing authorized users continuous access to them which means NFS supports sharing of files printers and other resources as persistent storage over a computer network NTP NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP datagrams as transport layer O OAM OAM is ...

Page 403: ... email messages from a mail server POP3 is designed to delete mail on the server as soon as the user has downloaded it However some implementations allow users or an administrator to specify that mail be saved for some period of time POP can be thought of as a store and forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities fo...

Page 404: ...predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS is the set of techniques to manage network resources R RARP RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is ...

Page 405: ...ocol for network management SNMP allow diverse network objects to participate in a network management architecture It enables network management systems to learn network problems by receiving traps or change notices from network devices implementing SNMP SNTP SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagr...

Page 406: ...is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP TELNET TELNET is an acronym for TELetype NETwork It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connectio...

Page 407: ...een switch ports VLANs can be used for the following applications VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and members of VLAN 1 This means that MAC addresses are learned in VLAN 1 and the switch does not remove or insert VLAN tags VLAN aware switching This is based on the IEEE 802 1Q standard All ports are VLAN aware Ports connected t...

Page 408: ...ributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPA Radius WPA Radius is an acronym for Wi Fi Protected Access Radius 802 1X authentication ...

Page 409: ...iew Only View Only View Only Web Firmware Upgrade Change Not Accessable Not Accessable Not Accessable Not Accessable Not Accessable TFTP Firmware Upgrade Change Not Accessable Not Accessable Not Accessable Not Accessable Not Accessable Configuration Backup Change Not Accessable Not Accessable Not Accessable Not Accessable Not Accessable Configuration Backup except IP Change Not Accessable Change N...

Page 410: ...sable Not Accessable System Configuration Change Change Change View Only Not Accessable Not Accessable Bridge Status Change Change Change View Only Change Not Accessable CIST Ports Configuration Change Change Change View Only Not Accessable Not Accessable MSTI Priorities Change Change Change View Only Not Accessable Not Accessable MSTI Configuration Change Change Change View Only Not Accessable No...

Page 411: ...s Change Change Change View Only Not Accessable Not Accessable Port Limit Control Change Change Change View Only Not Accessable Not Accessable Access Management Change Change Change View Only Not Accessable Not Accessable Access Management Statistics Change Change Change View Only Not Accessable Not Accessable HTTPS Change Change Change View Only Not Accessable Not Accessable SSH Change Change Cha...

Page 412: ...stics Cable Diagnostics Change Change Change View Only Change View Only System Configuration Change Change View only View Only View Only View Only Port Configuration Change Change View only View Only View Only View Only Status Change Change View only View Only View Only View Only Schedule Change Change View only View Only View Only View Only PoE LLDP PoE Neighbors Change Change Change View Only Ch...

Reviews:

No comments

Related manuals for GE-DSSG-244

N-Tron 700 Series User Manual & Installation Manual preview
700 Series
Brand: N-Tron Pages: 101
IBM 2210 Installation And Initial Configuration Manual preview
2210
Brand: IBM Pages: 72
D-Link Express Ethernetwork DI-704P Datasheet preview
Express Ethernetwork DI-704P
Brand: D-Link Pages: 2
D-Link Express Ethernetwork DI-704P Quick Install Manual preview
Express Ethernetwork DI-704P
Brand: D-Link Pages: 17
D-Link DSL-2750U Quick Start Manual preview
DSL-2750U
Brand: D-Link Pages: 2
D-Link DVG-7022S Quick Installation Manual preview
DVG-7022S
Brand: D-Link Pages: 7
D-Link DIR-878 Quick Installation Manual preview
DIR-878
Brand: D-Link Pages: 41
D-Link DES-1228/ME User Manual preview
DES-1228/ME
Brand: D-Link Pages: 267
D-Link Air DCS-1000W Setting-Up Manual preview
Air DCS-1000W
Brand: D-Link Pages: 13
Watchguard AP200 Setup Manual preview
AP200
Brand: Watchguard Pages: 40
D-Link AirPlus DWL-810 Owner'S Manual preview
AirPlus DWL-810
Brand: D-Link Pages: 25
D-Link AirPlus DWL-810 Quick Installation Manual preview
AirPlus DWL-810
Brand: D-Link Pages: 8
D-Link DSL-500 Quick Start Manual preview
DSL-500
Brand: D-Link Pages: 11
D-Link DHP-601AV Quick Installation Manual preview
DHP-601AV
Brand: D-Link Pages: 84
D-Link Verizon DSL-2750B Connection Instructions preview
Verizon DSL-2750B
Brand: D-Link Pages: 2
D-Link DVA-2800 Quick Start Manual preview
DVA-2800
Brand: D-Link Pages: 4
D-Link AirPlus G DWL-G710 Troubleshooting preview
AirPlus G DWL-G710
Brand: D-Link Pages: 5
D-Link AC750 Quick Install Manual preview
AC750
Brand: D-Link Pages: 12

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands