Interlogix IFS NS2503-24P/2C User Manual Download Page 117 | Manualshive

Page: 117 / 206

background image

User’s Manual of NS2503-24P/2C

117

4.11 Access Control List

The

Access Control List (ACL)

is a concept in computer security used to enforce privilege separation. It is a means of

determining the appropriate access rights to a given object depending on certain aspects of the process that is making the
request, principally the process's user identifier.

Access Control List (ACL)

is a mechanism that implements access control for

a system resource by listing the identities of the system entities that are permitted or denied to access the resource. The screen
in following screen appears.

Packets can be forwarded or dropped by ACL rules include Ipv4 or non-Ipv4. The Managed Switch can be used to block
packets by maintaining a table of packet fragments indexed by source and destination IP address, protocol, and so on.

※

Packet Type / Binding§ can be selected to ACL for Ipv4 or Non-Ipv4.

Figure 4-11-1:

Access Control List (ACL) Interface Screenshot

«
...
115
116
117
118
119
...
»

Summary of Contents for IFS NS2503-24P/2C

Page 1: ...P N 1072568 REV 00 04 ISS 10SEP12 IFS NS2503 24P 2C User Manual...

Page 2: ...authorized manufacturing representative UTC Fire Security B V Kelvinstraat 7 6003 DH Weert The Netherlands Certification N4131 FCC compliance This equipment has been tested and found to comply with th...

Page 3: ...nstallation 20 22 2 2 Rack Mounting 21 22 2 3 Installing the SFP transceiver 22 23 SWITCH MANAGEMENT 24 23 1 Requirements 24 23 2 Management Access Overview 25 23 3 Web Management 26 23 4 SNMP Based N...

Page 4: ...Remote Ping 66 24 4 VLAN configuration 67 24 4 1 VLAN Overview 67 24 4 2 Static VLAN Configuration 69 24 4 3 Port based VLAN 70 24 4 4 802 1Q VLAN 72 24 4 5 GVRP VLAN 77 24 4 6 Q in Q VLAN 80 24 5 Tru...

Page 5: ...14 4 Misc Configuration 130 34 15 QoS Configuration 131 34 15 1 Understand QoS 131 34 15 2 QoS Configuration 132 34 15 3 TOS DSCP 135 34 16 Power over Ethernet 138 34 16 1 Power over Ethernet Powered...

Page 6: ...y 167 46 11 MAC Address Configuration 167 46 12 STP MSTP Commands 169 46 13 SNMP 174 46 13 1 System Options 174 46 13 2 Community Strings 174 46 13 3 Trap Managers 175 46 14 IGMP 175 46 15 802 1x Prot...

Page 7: ...ages of powering up a PoE link 200 4Line Detection 200 4Classification 200 4Start up 200 4Operation 200 4Power Disconnection Scenarios 200 49 TROUBLE SHOOTING 202 4APPENDIX A RJ 45 PIN ASSIGNMENT 203...

Page 8: ...page of this user s manual i e NS2503 24P 2C 1 1 Package Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items Check the contents of your packa...

Page 9: ...g Tree Protocol PoE Management Alarm High Performance Wire Speed Switching The Managed Switch is equipped with 24 10 100Mbps Fast Ethernet ports with 2 Gigabit TP SFP combo ports Port 25 26 The two Gi...

Page 10: ...security to the edge Its protection mechanisms comprises of Port based 802 1X user and device authentication Moreover the switch provides MAC filter and Static MAC for enforcing security policies to t...

Page 11: ...interface Section 5 CONSOLE MANAGEMENT The section describes how to use the Console management interface Section 6 COMMAND LINE INTERFACE The section explains how to manage the Managed Switch by Comma...

Page 12: ...de switch control Total PoE power budget control Per port PoE function enable disable PoE Admin mode control PoE Port Power feeding priority PD classification detection Over Temperature Protection fun...

Page 13: ...trol protocol RADIUS users access authentication L3 L4 Access Control List ACL Source IP MAC Port Binding Port Security for Source MAC address entries filtering Management Switch Management Interface...

Page 14: ...Power Requirement 100 240VAC 50 60Hz Auto sensing Power Consumption System 110V 29 Watts 98BTU 220V 31 Watts 105BTU Ethernet Full Loading 110V 34 Watts 116BTU 220V 35 Watts 119BTU PoE Full Loading 11...

Page 15: ...t priority 802 1p priority DSCP TOS field in IP Packet IGMP Snooping IGMP v1 v2 Snooping up to 256 multicast Groups Access Control List IP Based Layer 3 Layer 4 ACL Up to 200 ACL rule entries SNMP MIB...

Page 16: ...erface Port 1 Port 24 10 100Base TX Copper RJ 45 Twist Pair Up to 100 meters Gigabit TP Interface Port 25 Port 26 10 100 1000Base T Copper RJ 45 Twist Pair up to 100 meters Gigabit SFP Slots Port 25 P...

Page 17: ...2 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 2 1 2 LED Indications The front panel LEDs indicates instant status of port links data activity and system power helps monitor and t...

Page 18: ...LNK ACT Green Off If 10 100 LNK ACT LED is light it indicates that the port is operating at 10Mbps or 100Mbps If LNK ACT LED is Off it indicates that the port is link down Illuminates To indicate the...

Page 19: ...S2503 24P 2C Rear Panel Figure 2 3 NS2503 24P 2C Rear Panel Power Notice 1 The device requires a power connection to operate If your networks should active all the time please consider using UPS Unint...

Page 20: ...ding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 in Product Specification Step4 Connect the Managed Switch to network devices A...

Page 21: ...Switch Figure 2 5 Attach brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty S...

Page 22: ...thout a need to shut down the Managed Switch Figure 2 7 Plug in the SFP transceiver Approved IFS SFP Transceivers IFS Managed switches supports both single mode and multi mode SFP transceivers Please...

Page 23: ...P transceiver 2 Connect the other end of the cable to a device switches with SFP installed fiber NIC on a workstation or a Media Converter 3 Check the LNK ACT LED of the SFP slot on the front of the M...

Page 24: ...view Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements The operating system of the workstation running Windows XP 2003 Vista Wind...

Page 25: ...Compatible with all popular browsers Can be accessed from any location user friendly GUI Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on po...

Page 26: ...aged Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch Figure 3 1 Web Management Diagram You can then use your Web browser to list and m...

Page 27: ...ter oriented and command line user interface for performing system administration such as displaying statistics or changing option settings Using this method you can view the administration console fr...

Page 28: ...ou can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiat...

Page 29: ...PC and connect to the Managed Switch The management interface is exactly the same with RS 232 console management 3 6 2 SNMP Protocol Simple Network Management Protocol SNMP is the standard management...

Page 30: ...ion does not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethern...

Page 31: ...Explore 6 0 or above to access Managed Switch 4 1 2 Logging on the Managed Switch 1 Use Internet Explorer 6 0 or above Web browser Enter the factory default IP address to access the Web interface The...

Page 32: ...Switch Menu on the left of the web page let you access all the commands and statistics the Managed Switch provides 1 We recommend using Internet Explore 6 0 or above to access Managed Switch 2 Since...

Page 33: ...ts The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port status is illustrated as fo...

Page 34: ...User s Manual of NS2503 24P 2C 34 Figure 4 1 4 Managed Switch Main Functions Menu Screenshot...

Page 35: ...P address for management access Console Port Info Provide console port connection information SNMP Configuration Configure SNMP agent and SNMP Trap Syslog Setting Configure system log function System...

Page 36: ...inistrator to identify the model name firmware hardware version and MAC address The screen in Figure 4 2 1 appears Figure 4 2 1 Basic System Information Screenshot The page includes the following fiel...

Page 37: ...g off and turning on port for flooding CPU port Default is 0 seconds Broadcast Storm Filter Mode To configure broadcast storm control enable it and set the upper threshold for individual ports The thr...

Page 38: ...ion the Managed Switch will retry 6 times before discard the packets Otherwise the Managed Switch will retry until the packet is successfully sent Default value is 16 Hash Algorithm Provide MAC addres...

Page 39: ...most modern corporate nets are assigned by an employee called a Network Administrator or Sys Admin This person assigns IP addresses and is responsible for making sure that IP addresses are not duplic...

Page 40: ...IP on the DHCP server IP Address Assign the IP address that the network is using If DHCP client function is enabled this switch is configured as a DHCP client The network DHCP server will assign the...

Page 41: ...d the screen in Figure 4 2 4 appears Figure 4 2 4 Console Information Screenshot The page includes the following fields Object Description Barurate bits sec Provide Barurate information Data Bits Prov...

Page 42: ...ast CPUs megapixel color displays substantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elem...

Page 43: ...istratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No spac...

Page 44: ...nly Enables requests accompanied by this community string to display MIB object information RW Read write Enables requests accompanied by this community string to display MIB object information and to...

Page 45: ...y strings and select the SNMP trap version Figure 4 2 8 Trap Managers Interface Screenshot The page includes the following fields Object Description IP Address Enter the IP address of the trap manager...

Page 46: ...e v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1...

Page 47: ...be excluded View Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk View Mask Hexade...

Page 48: ...the security model that this entry should belong to Possible security models are NoAuth No authentication and no privacy Auth Authentication and no privacy Authpriv Authentication and privacy Read Vi...

Page 49: ...e authentication protocol that this entry should belong to Possible authentication protocols are None No authentication protocol MD5 An optional flag to indicate that this user using MD5 authenticatio...

Page 50: ...4 2 13 Syslog Setting Screenshot The page includes the following fields Object Description Syslog Server IP IP address of syslog server Log level None No syslog message sent to the syslog server and...

Page 51: ...stem Log Screenshot The page includes the following fields Object Description System Log Mode Enable or disable the System Log Mode function Log level None No syslog message sent to the syslog server...

Page 52: ...TP server Figure 4 2 15 SNTP Setting Screenshot The page includes the following fields Object Description SNTP Provide Disable or enable SNTP function SNTP server IP Provide input the SNTP server IP a...

Page 53: ...witch firmware from the TFTP server in the network Before updating make sure you have your TFTP server ready and the firmware image is on the TFTP server The screen in Figure 4 2 16 appears Use this m...

Page 54: ...Upgrade screen in Figure 4 2 17 appears Figure 4 2 17 HTTP Firmware Upgrade Interface Screenshot To open Firmware Upgrade screen perform the following 1 Click System Web Firmware Upgrade 2 The Firmwar...

Page 55: ...backup configuration from the TFTP server to recover the settings Before doing that you must locate the image file on the TFTP server first and the Managed Switch will download back the flash image F...

Page 56: ...uring the settings by backing up the configuration Figure 4 2 20 Configuration Backup Interface Screenshot The page includes the following fields Object Description TFTP Server IP Address Type in the...

Page 57: ...efault configuration Click Default to reset all configurations to the default value Figure 4 2 21 Factory Default Interface Screenshot 4 2 11 System Reboot Reboot the switch in software reset Click Re...

Page 58: ...gs of each port to control the connection parameters and the status of each port is listed beneath Figure 4 3 1 Port Control Interface Screenshot The page includes the following fields Object Descript...

Page 59: ...transmission of the sender for a specified period of time When disabled the receiving device will drop the packet if too much to process Security A port in security mode will be locked without permiss...

Page 60: ...ers can set its effective egress rate at 1Mbps and ingress rate at 500Kbps Device will perform flow control or backpressure to confine the ingress rate to meet the specified rate Port Allows user to c...

Page 61: ...mary table you can know status of each port clear at a glance like per port description Port Link Up Link Down status negotiation Link Speed Duplex mode and Flow Control security jumbo frame Figure 4...

Page 62: ...e port will not transmit or receive any packet Link The status of linking Up or Down Tx Good Packet The counts of transmitting good packets via this port Tx Bad Packet The counts of transmitting bad p...

Page 63: ...ks Traffic through a port can be monitored by one specific port That is traffic goes in or out a monitored port will be duplicated into sniffer port Figure 4 3 5 Port Mirror application Configuring th...

Page 64: ...to LAN analyzer or netxray Monitor Port The port you want to monitor The monitor port traffic will be copied to Analysis port You can select one monitor ports in the switch User can choose which port...

Page 65: ...Port Setting Web Interface Screenshot The page includes the following fields Object Description Port ID Identify the Managed Switch interface Protected Enable the Protected function on the selected po...

Page 66: ...wing fields Object Description Remote IP Address Allows user to define the IP address of remote device Ping Size Allows user to define ping packet size Generally the size should be 64 Ping Click Ping...

Page 67: ...ased VLAN limit traffic that flows into and out of switch ports Thus all devices connected to a port are members of the VLAN s the port belongs to whether there is a single computer directly connected...

Page 68: ...r E type Tag Length E type Data New CRC Priority CFI VLAN ID Port VLAN ID Packets that are tagged are carrying the 802 1Q VID information can be transmitted from one 802 1Q compliant network device to...

Page 69: ...VLAN Configuration A Virtual LAN VLAN is a logical network grouping that limits the broadcast domain It allows you to isolate network traffic so only members of the VLAN receive traffic from the same...

Page 70: ...Figure 4 4 2 Port based VLAN Interface Screenshot Create a VLAN and add member ports to it 1 Click the hyperlink VLAN Static VLAN to enter the VLAN configuration interface 2 Select Port Based VLAN at...

Page 71: ...up to 16 alphanumeric characters long including blanks Group ID You can configure the ID number of the VLAN by this item This field is used to add VLANs one at a time The VLAN group ID and available...

Page 72: ...ty and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information inta...

Page 73: ...Screenshot 1 Click the hyperlink VLAN Static VLAN to enter the VLAN configuration interface 2 Select 802 1Q at the VLAN Operation Mode to enable the 802 1Q VLAN function 3 Click Add to create a new V...

Page 74: ...er setup completed please press Apply button to take effect 7 Please press Back for return to VLAN configuration screen to add other VLAN group the screen in Figure 4 33 appears 8 If there are many gr...

Page 75: ...can configure the ID number of the VLAN by this item This field is used to add VLANs one at a time The VLAN group ID and available range is 2 4094 Port Indicate port 1 to port 10 Untag Packets forwar...

Page 76: ...The page includes the following fields Object Description NO Indicate port 1 to port 10 PVID Set the port VLAN ID that will be assigned to untagged traffic on a given port This feature is useful for a...

Page 77: ...configuration 4 4 5 GVRP VLAN GVRP GARP VLAN Registration Protocol or Generic VLAN Registration Protocol is a protocol that facilitates control of virtual local area networks VLANs within a larger ne...

Page 78: ...t GVRP enable Enable Enable port GVRP function select GVRP checkbox for special port Figure 4 4 8 GVRP Configuration Interface Screenshot The page includes the following fields Object Description GVRP...

Page 79: ...GVRP Figure 4 4 9 GVRP Table Interface Screenshot The page includes the following fields Object Description VLAN ID Display the learned VLANs via GVRP protocol on GVRP enabled ports The Managed Switch...

Page 80: ...ags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirement...

Page 81: ...nd the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the V...

Page 82: ...tocol Identifier TPID specifies the ethertype of incoming packets on a tunnel access port 802 1Q Tag 8100 vMAN Tag 88A8 Default 802 1Q Tag Port QinQ Check Sets the Port to QinQ mode Or the port operat...

Page 83: ...ders can use a single VLAN to support customers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider network even when...

Page 84: ...exchanging information between Partner Systems on a link to allow their Link Aggregation Control instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs mo...

Page 85: ...he Managed Switch with the lowest value has the highest priority and is selected as the active LACP peer of the trunk group Group ID There are 13 trunk groups to be selected Assign the Group ID to the...

Page 86: ...nk group non LACP the number of work ports must equal the total number of group member ports Please notice that a trunk group including member ports split between two switches has to enable the LACP f...

Page 87: ...this static trunk group LACP enabled Having set up the aggregator setting with LACP enabled you will see the trunking group information between two switches on the tab of Aggregator Information Switc...

Page 88: ...rmation as the illustration shown above after the two switches configured Switch 2 configuration 6 Set System Priority of the trunk group For example 1 7 Select a trunk group ID by pull down the drop...

Page 89: ...itch 2 Configuration Interface Screenshot 10 Click on the tab of Aggregator Information to check the trunked group information as the illustration shown above after the two switches configured Figure...

Page 90: ...he port state activity will change to Passive Figure 4 5 7 State Activity of Switch 1 Screenshot The page includes the following fields Object Description Active The port automatically sends LACP prot...

Page 91: ...ime 4 6 1 Dynamic MAC Table Entries in the MAC Table are shown on this page The Dynamic MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address You can view all of the...

Page 92: ...active on the network again Via this interface you can add modify delete a static MAC address Add the Static MAC Address You can add static MAC address in the switch MAC table here Figure 4 6 2 Static...

Page 93: ...lter the pre configured MAC address and reduce the un safety You can add and delete filtering MAC address Figure 4 6 3 MAC Filtering Interface Screenshot The page includes the following fields Object...

Page 94: ...rs that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group fo...

Page 95: ...User s Manual of NS2503 24P 2C 95 Figure 4 7 2 Multicast Flooding Figure 4 7 3 IGMP Snooping Multicast Stream Control...

Page 96: ...groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A ho...

Page 97: ...h on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream mu...

Page 98: ...on web management s switch setting advanced page then the IGMP snooping information displays IP multicast addresses range are from 224 0 0 0 through 239 255 255 255 Figure 4 7 5 IGMP Configuration In...

Page 99: ...the port to router port automatically b Static System will be forced to forward IGMP Join or Leave control packet to another switch via an indicate port c Forbidden Allows user to set port as a non r...

Page 100: ...group table regardless of whether the multicast stream has been joined or hasn t been joined The static multicast group will be saved to switch and it will not be released even no one join it or even...

Page 101: ...p Allows multicast streaming to indicate port Remove multicast streaming from indicate port VLAN ID Allows user to input VLAN ID for streaming multicast packet Allows user to add static multicast info...

Page 102: ...into a single Common Spanning Tree CST The IEEE 802 1D Spanning Tree Protocol and IEEE 802 1s Multiple Spanning Tree Protocol allow for the blocking of links between switches that form loops within th...

Page 103: ...d This is the port providing the best path from the switch to the root switch Ports included in the STP are selected Creating a Stable STP Topology It is used to make the root port the fastest link If...

Page 104: ...ther as follows From initialization switch boot to blocking From blocking to listening or to disabled From listening to learning or to disabled From learning to forwarding or to disabled From forwardi...

Page 105: ...here Setting up STP using values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block lo...

Page 106: ...nd the Designated Ports The following are the user configurable STP parameters for the switch level Parameter Description Default Value Bridge Identifier Not user configurable except by setting priori...

Page 107: ...selects the path with the minimum cost as the active path 200 000 100Mbps Fast Ethernet ports 20 000 1000Mbps Gigabit Ethernet ports 0 Auto Default Spanning Tree Configuration Feature Default Value E...

Page 108: ...and is selected as the root If the value is changed the user must reboot the switch The value must be a multiple of 4096 according to the protocol standard rule Max Age 6 40 The number of seconds a sw...

Page 109: ...pts the Hello Time Forward Delay time and Max Age parameters of the root bridge regardless of how it is configured Root Bridge Information This page provides a status overview for all STP bridge insta...

Page 110: ...from the bridge priority and the base MAC address of the bridge Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to th...

Page 111: ...er ports to make certain that there is no loop in the LAN Figure 4 8 6 STP Port Configuration Interface Screenshot The page includes the following fields Object Description Path Cost The cost of the p...

Page 112: ...des the STP mathematic calculation YES is not including STP mathematic calculation NO is including the STP mathematic calculation Path cost 0 is used to indicate auto configuration mode When the short...

Page 113: ...erver can provide IP addresses to clients spanning multiple subnets instead of deploying a DHCP server on every subnet Configuring DHCP Relay Option82 To configure DHCP Option82 1 Enable global option...

Page 114: ...Option 82 Enable global option82 function DHCP Relay Enable global Relay function DHCP Option 82 Router Port Select the Router Port that is used to connect to the DHCP server in the domain DCHP Opt 82...

Page 115: ...also defines how to store and maintain information gathered about the neighboring network nodes it discovers 4 10 1 Port Configuration Use this page to change LLDP parameters the web screen in Figure...

Page 116: ...elds Object Description Port Number Indicate port 1 to port 24 Port Status You can change LLDP port status to Tx_only Rx_only Tx_and_Rx Disable Tx_only LLDP transmit the packet of the port only Rx_onl...

Page 117: ...st ACL is a mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted or denied to access the resource The screen in following...

Page 118: ...esents a digit from 0 9 is range from 0 to 255 Any IP Fragment Set this field if Packet Type is IPv4 else ignore Uncheck Check Uncheck Not check IP fragment field Check Check IP fragment field Uncheck...

Page 119: ...groups Binding Let device that has specific IP address and MAC address can use network We can set specific IP address MAC address VLAN id and port id to bind and device can cross switch if all condit...

Page 120: ...Admin Master Master Viewer IT Admin IT IT Viewer Security Admin Security Security Viewer Refer to Appendix B This web page provide user configuration for switch management access level the web screen...

Page 121: ...Managed Switch the available options are Master Admin Master Viewer IT Admin IT Viewer Security Admin Security Viewer Assign Change Password Assign password for the Managed Switch Reconfirm Password...

Page 122: ...lease press the Reset button in the front panel of the Managed Switch over 10 seconds and then release the current setting includes VLAN will be lost and the Managed Switch will restore to the default...

Page 123: ...for security management purposes When the port is in MAC Limit mode the port will be locked without permission of address learning Only the incoming packets with Source MAC already existing in the add...

Page 124: ...ays current MAC Limit status of each port Figure 4 13 2 MAC Limit MAC Limit Port Status Interface Screenshot The page includes the following fields Object Description Port Number Indicate port 1 to po...

Page 125: ...and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial In User Service RADIUS security system...

Page 126: ...ient is granted access to the network The port starts in the unauthorized state While in this state the port disallows all ingress and egress traffic except for 802 1X protocol packets When a client i...

Page 127: ...to a LAN port that has point to point connection characteristics and of preventing access to that port in cases in which the authentication and authorization process fails To enable 802 1x from Syste...

Page 128: ...ed RADIUS Server Accounting Port Set the UDP destination port for accounting requests to the specified RADIUS Server Shared Key Set an encryption key for using during authentication sessions with the...

Page 129: ...escription FU Force Unauthorized The specified port is required to be held in the unauthorized state FA Force Authorized The specified port is required to be held in the authorized state AU Authorize...

Page 130: ...session Default value is 30 seconds Supplicant Timeout Set the period of time the switch waits for a supplicant response to an EAP request Default value is 30 seconds Server Timeout Set the period of...

Page 131: ...affic for example to set higher priorities to time critical or business critical applications Applying security policy through traffic filtering Provide predictable throughput for multimedia applicati...

Page 132: ...1517 bytes 4 bytes Figure 4 15 1 802 1p Tag Priority Set up the COS priority level With the drop down selection item of Priority Type above being selected as COS only COS first this control item will...

Page 133: ...mple 8 Highest 4 SecHigh 2 SecLow 1 Lowest means that the switch sends 8 highest priority packets before sending 4 second high priority packet before sending 2 second low priority packet before sendin...

Page 134: ...selected as Port based this control item will then be available to set the queuing policy for each port Figure 4 15 3 QoS Configuration Port Based Priority Interface Screenshot The table includes the...

Page 135: ...prioritization bits within an IP header that are encoded by certain applications and or devices to indicate the level of service required by the packet across a network DSCP are defined in RFC2597 for...

Page 136: ...ludes the following fields Object Description TOS DSCP Enable Disable internal traffic class 0 7 to map the corresponding IP DSCP value DSCP The values of the IP DSCP header field within the incoming...

Page 137: ...face Screenshot The table includes the following fields Object Description Port Number Indicate port 1 to port 10 TOS DSCP Status Enable Disable TOS DSCP map to 802 1p priority on specify port Apply P...

Page 138: ...interrupt power system and power control system 6 12 Watts Wireless LAN Access Points Museum Sightseeing Airport Hotel Campus Factory Warehouse can install the Access Point any where with no hesitatio...

Page 139: ...mption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activates additional ports as long as the aggregated power of the system is...

Page 140: ...emperature raised 3 Degree C each time and PoE power budget will going down 60 watts maximum For example 360 watts is default PoE power budget and Temperature Threshold is 50 Degree C PoE temperature...

Page 141: ...can limit the port PoE supply watts Per port maximum value must be less than 15 4 watts total ports values must be less than the Power Reservation value if current PoE mode is 802 3af Per port maximu...

Page 142: ...a signature for Class 1 to 3 The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes A PD shall ret...

Page 143: ...edule offers 4 profiles totally for user to define time table 00 23 Allows system to supply PoE power from 00 00 to 23 00 the unit is hour Sun Sat Allows system to supply PoE power from Sunday to Satu...

Page 144: ...User s Manual of NS2503 24P 2C 144 Figure 4 16 4 PoE Configuration Interface...

Page 145: ...tration Console to get more information about how to connect to the console interface of Managed Switch with HyperTerminal on Microsoft Windows platform Once the terminal has connected to the device p...

Page 146: ...255 255 255 0 To check the current IP address or modify a new IP address for the Switch please use the following procedures Show the current IP address 1 On Switch prompt enter configure 2 On Switch...

Page 147: ...rface of FGSD Managed Switch through the new IP address If you are not familiar with console command or the related parameter enter help anytime in console to get the help description You can change t...

Page 148: ...stem information Privileged EXEC Enter the enable command while in User EXEC mode switch Enter disable to exit The privileged command is the advanced mode Use this mode to Display advanced function st...

Page 149: ...end of the command line Ctrl N Enters the next command line in the command history Ctrl P Enters the previous command line in the command history Ctrl U Deletes from the cursor to the beginning of the...

Page 150: ...ig Description Reset to default factory settings at next boot time clear arp Description ip addr specifies the IP address to be cleared If no IP address is entered the entire ARP cache is cleared show...

Page 151: ...s port list specifies the ports to be set If not entered all ports are set port flow Description Enable or disable port flow control Syntax port flow enable disable enable disable port list Parameters...

Page 152: ...port State Link Trunking VLAN Negotiation Speed Duplex Flow control Rate control Priority Security BSF control Switch config show port status Port 1 Information State on Link down Trunking none VLAN...

Page 153: ...ormation TxGoodPkt 0 TxBadPkt 0 RxGoodPkt 0 RxBadPkt 0 TxAbort 0 Collision 0 DropPkt 0 Port 3 Information More show port protection Description Show protected port information Switch config show port...

Page 154: ...that trunk will be replaced by TRUNK in the VLAN configuration screen The following example configures Port 1 Port 2 as TRUNK 1 6 4 1 Trunking Commands show trunks Description Show trunking informatio...

Page 155: ...ble status and system priority show lacp Description Show LACP information Switch config show lacp status LACP is enabled LACP system priority 32768 show lacp agg Description Show LACP aggregator info...

Page 156: ...s VLAN 1 and port 3 4 as VLAN 2 The packets received from port 1 can only be forwarded to port 2 The packets received from port 2 can only be forwarded to port 1 That means the computer A can send pac...

Page 157: ...mode 6 5 2 VLAN Mode Port based Packets can go among only members of the same VLAN group Note all unselected ports are treated as belonging to another single VLAN If the port based VLAN enabled the V...

Page 158: ...an mode Description Display the current VLAN mode vlan mode Description Change VLAN mode Syntax vlan mode disabled port based dot1q Parameters disabled port based dot1q specifies the VLAN mode Change...

Page 159: ...specifies the VLAN id null means all valid entries e g Switch config show vlan 1 VLAN 1 Type Static Creation Time sec 43 CPU Port Yes Port Member Port1 Untagged Port2 Untagged Port3 Untagged Port4 Unt...

Page 160: ...hing this port s configured VID enable disable specifies the untagged frame will be dropped or not If set enable drop untagged frame show vlan filter Description Show VLAN filter setting Syntax show v...

Page 161: ...rm filter packet type Unicast Multicast Flood unicast multicast filter Control Packets Control packets filter IP multicast IP multicast packets filter Broadcast Packets Broadcast Packets filter Syntax...

Page 162: ...ntax ip address ip addr ip mask ip default gateway Description Set the default gateway IP address Syntax ip default gateway ip addr show ip Description Show IP address subnet mask and the default gate...

Page 163: ...6 7 4 Reset to Default erase startup config Description Reset configurations to default factory settings at next boot time 6 7 5 TFTP Update Firmware copy tftp firmware Description Download firmware...

Page 164: ...keyword flash Syntax copy running config flash tftp ip addr remote file Parameters ip addr specifies the IP address of the TFTP server 6 8 MAC limit MAC limit allows users to set a maximum number of M...

Page 165: ...e traffic that you want to monitor After properly configured packets with the specified direction from the monitored ports are forwarded to the monitoring port The default Port Monitoring setting is d...

Page 166: ...with 802 1p priority 0 1 are put into the queue with lowest priority the packets with 802 1p priority 2 3 are put into queue with second low priority and so on Static Port Ingress Priority each port...

Page 167: ...clear mac address table Description Clear all dynamic MAC address table entries mac address table static Description Set static unicast or multicast MAC address If multicast MAC address address beginn...

Page 168: ...arameter must be port list Otherwise it must be port id Syntax smac address table static mac addr vlan id port id port list show smac address table Description Display secondary MAC address table entr...

Page 169: ...tree hello time 1 10 Parameters 1 10 specifies the hello time in seconds Default value is 2 The parameters must enforce the following relationships 2 hello time 1 maximum age 2 forward delay 1 spannin...

Page 170: ...2 1d mstp specifies the multiple spanning tree protocol MSTP 802 1s spanning tree max hops Description Set spanning tree bridge maximum hops of CIST and all MSTIs Syntax spanning tree max hops 1 40 Pa...

Page 171: ...n edge connection Syntax no spanning tree port edge port port list Parameters port list specifies the ports to be set Null means all ports no spanning tree port non stp Description Disable or enable s...

Page 172: ...ity 0 240 port list Description Set spanning tree port priority of MSTI Syntax spanning tree mst 0 15 port priority 0 240 port list Parameters 0 240 specifies the port priority The value must be in st...

Page 173: ...pecifies the MSTI instance ID show spanning tree mst 0 15 port 1 10 Description Show specific port information of MST instance Syntax show spanning tree mst 0 15 port 1 10 Parameters 0 15 specifies th...

Page 174: ...ring e g snmp system name SWITCH snmp system location Description Set agent location string Syntax snmp system location location str Parameters location str specifies the location string e g snmp syst...

Page 175: ...mber Syntax snmp trap ip addr community str 1 65535 Parameters ip addr specifies the IP address community str specifies the community string 1 65535 specifies the trap receiver port number e g snmp tr...

Page 176: ...snooping CrossVLAN Syntax no igmp CrossVLAN igmp debug Description Enable disable IGMP snooping debugging output Syntax no igmp debug show igmp Description Show IGMP snooping information Syntax show i...

Page 177: ...key key str Parameters key str specifies shared key string radius server nas Description Set 802 1x NAS identifier Syntax radius server nas id str Parameters id str specifies NAS identifier string sho...

Page 178: ...00 Parameters 1 300 specifies the supplicant timeout in seconds dot1x timeout radius server Description Set radius server timeout default 30 seconds Syntax dot1x timeout radius server 1 300 Parameters...

Page 179: ...nds show dot1x Description Show 802 1x information quiet period Tx period supplicant timeout server timeout maximum requests and re auth period dot1x port Description Set 802 1x per port information S...

Page 180: ...nt Syntax no acl count GroupId Parameters GroupId 1 220 specifies the group id show acl Description Show ACL group information Syntax show acl 1 220 Parameters 1 220 specifies the group id null means...

Page 181: ...Ipv4 Syntax acl add edit 1 220 qosvoip 0 4094 0 7 0 1F 0 1F 0 FF 0 FF 0 FFFF 0 FFFF 0 FFFF 0 FFFF Parameters add edit specifies the operation 1 220 specifies the group id qosvoip specifies the action...

Page 182: ...g commands bind Description Enable binding function no bind Description Disable binding function no bind Description Delete Binding group Syntax no bind 1 220 Parameters 1 220 specifies the group id e...

Page 183: ...care A B C D specifies the Source IP address 0 0 0 0 means don t care A B C D specifies the IP Address 1 10 specifies the Port id e g Switch config bind add 1 00 11 22 33 44 55 0 192 168 1 1 1 This Bi...

Page 184: ...y management poe maximum power Enabling or disabling per port power output limit WGSW 2620HP PoE power budget is 360W and support 24 ports PoE This chapter will be described how to configure PoE featu...

Page 185: ...n W Current mA Device Class Port1 Enable on 802 3at Low 30 8 0 0 0 Example 2 Switch config show poe status Port Admin Oper Power mode Priority Power Limit W Current Consumption W Current Ma Device Cla...

Page 186: ...ature protection to enable or disable Command Level Global Configuration Syntax poe temperature protection enable Parameters Enable Enable PoE power budget change automatically by detected PoE unit te...

Page 187: ...ion Deliver PoE power by port priority setting and device PoE power level consumption Detect the real power from the PDs Example Switch config poe limit mode classification Switch config show poe Maxi...

Page 188: ...mption Switch config show poe Maximum Available Power POE Admin mode Temperature Unit1 Temperature Unit2 Over Temperature PoE Power Consumption Temperature Threshold Usage Usage Threshold PoE Power li...

Page 189: ...o poe admin mode Parameters enable Enable POE disable Disable POE Example Switch config poe admin mode enable Switch config show poe Maximum Available Power POE Admin mode Temperature Unit1 Temperatur...

Page 190: ...Switch config show poe Maximum Available Power POE Admin mode Temperature Unit1 Temperature Unit2 Over Temperature PoE Power Consumption Temperature Threshold Usage Usage Threshold PoE Power limit mo...

Page 191: ...0 Parameters thershold Thershold 0 100 Temperature Threshold 0 100 C Example Switch config poe temperature threshold 60 Switch config show poe Maximum Available Power POE Admin mode Temperature Unit1...

Page 192: ...Parameters thershold Thershold 0 100 Usage Threshold 0 100 Example Switch config poe usage threshold 10 Switch config show poe Maximum Available Power POE Admin mode Temperature Unit1 Temperature Uni...

Page 193: ...the ports to be set If not entered all ports are set Example Switch config poe enable 1 Switch config show poe status 1 Port Admin Oper Power mode Priority Power Limit W Current Consumption W Current...

Page 194: ...gh Indicates that operating the powered device has medium priority Low Indicates that operating the powered device has low priority port list specifies the ports to be set If not entered all ports are...

Page 195: ...list e g 3 6 8 Example Switch config poe power mode 802 3at 1 24 Switch config show poe status Port Admin Oper Power mode Priority Power Limit W Current Consumption W Current Ma Device Class Port1 Ena...

Page 196: ...his packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet...

Page 197: ...of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode 1000Base T can be only connected in Full duplex mode If at...

Page 198: ...n End Span device is direct connecting with power device End Span could also tap the wire 1 2 and 3 6 PoE System Architecture The specification of PoE typically requires two devices the Powered Source...

Page 199: ...m PowerDsine Linear Tech http www linear com The PoE Provision Process While adding PoE support to networked devices is relatively painless it should be realized that power cannot simply be transferre...

Page 200: ...lts may reduce total system costs Start up Once line detection and optional classification stages are completed the PSE must switch from low voltage to its full voltage capacity 44 57 Volts over a min...

Page 201: ...ethod is based on the fact that when a valid PD is connected to a port the AC impedance measured on its terminals is significantly lower than in the case of an open port disconnected PD AC Disconnect...

Page 202: ...talled properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 100Base TX port link LED is lit but the traffic is irregular Solution Check that the atta...

Page 203: ...100Base TX When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is required Each port of the Switch supports auto MDI MDI X detection That...

Page 204: ...hite Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8...

Page 205: ...IP Change Not Accessable Change Not Accessable Not Accessable Not Accessable Factory Default Change Not Accessable Not Accessable Not Accessable Not Accessable Not Accessable System System Reboot Cha...

Page 206: ...Change Change View Only Change View Only LLDP PerPort Configuration Change Change Change View Only Change View Only Access Control List Change Change Change View Only Not Accessable Not Accessable Use...

Reviews:

No comments

Related manuals for IFS NS2503-24P/2C

Brand: PaloAlto Networks Pages: 3

Brand: Matrix Switch Corporation Pages: 61

ICS-G7748A Series

Brand: Moxa Technologies Pages: 10

PowerBeam AC Gen2

Brand: Ubiquiti Pages: 22

Brand: Juniper Pages: 825

Brand: Quantum Pages: 7

Brand: Idis Pages: 20

UniFi LED ULED-AT

Brand: Ubiquiti Pages: 16

JetFusion 2100 Series

Brand: Paradyne Pages: 296

NetVanta Serial Dial Backup Interface Module (DIM) none

Brand: ADTRAN Pages: 2

Network Scanning Unit A

Brand: Ricoh Pages: 206

Brand: H3C Pages: 4

Brand: Data-Tronix Pages: 15

Brand: Actisense Pages: 14

Brand: ActionTec Pages: 83

Brand: Billion Pages: 261

Brand: Linksys Pages: 17

Brand: Tripp Lite Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands