manualshive.com logo in svg

Interlogix IFS NS3502-8P-2S, User Manual

The Interlogix IFS NS3502-8P-2S is a cutting-edge networking switch that offers fast and reliable connectivity. As an essential tool for any tech enthusiast, the user manual provides detailed instructions and troubleshooting tips. Download the free manual from our website to optimize your experience with this exceptional product.

Share
Download
background image

 

IFS NS3502-8P-2S User 
Manual 

 

 

 

P/N 1072687 • REV A • ISS 23OCT13 

 

Summary of Contents for IFS NS3502-8P-2S

Page 1: ...IFS NS3502 8P 2S User Manual P N 1072687 REV A ISS 23OCT13 ...

Page 2: ...15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications You are cautioned that any changes or...

Page 3: ...el 29 2 1 2 LED Indications 30 2 1 3 Switch Rear Panel 31 2 2 Install the Switch 33 2 2 1 Desktop Installation 33 2 2 2 Rack Mounting 34 2 2 3 Installing the SFP transceiver 35 3 SWITCH MANAGEMENT 39 3 1 Requirements 39 3 2 Management Access Overview 40 3 3 Administration Console 41 3 4 Web Management 42 4 WEB CONFIGURATION 45 4 1 Main Web Page 48 4 2 System 50 4 2 1 System Information 51 4 2 2 IP...

Page 4: ...Default 80 4 2 23 System Reboot 81 4 3 Simple Network Management Protocol 82 4 3 1 SNMP Overview 82 4 3 2 SNMP System Configuration 83 4 3 3 SNMP System Information 86 4 3 4 SNMPv3 Configuration 87 4 3 4 1 SNMPv3 Communities 87 4 3 4 2 SNMPv3 Users 88 4 3 4 3 SNMPv3 Groups 90 4 3 4 4 SNMPv3 Views 91 4 3 4 5 SNMPv3 Access 92 4 4 Port Management 94 4 4 1 Port Configuration 94 4 4 2 Port Statistics O...

Page 5: ...38 4 6 13 Protocol based VLAN 139 4 6 14 Protocol based VLAN Membership 140 4 7 Spanning Tree Protocol 142 4 7 1 Theory 142 4 7 2 STP System Configuration 149 4 7 3 Bridge Status 151 4 7 4 CIST Port Configuration 152 4 7 5 MSTI Priorities 156 4 7 6 MSTI Configuration 157 4 7 7 MSTI Ports Configuration 158 4 7 8 Port Status 160 4 7 9 Port Statistics 161 4 8 Multicast 163 4 8 1 IGMP Snooping 163 4 8...

Page 6: ...ation 197 4 9 10 DSCP Classification 200 4 9 11 QoS Control List 201 4 9 11 1 QoS Control Entry Configuration 202 4 9 12 QoS Status 205 4 9 13 Storm Control Configuration 206 4 9 14 QoS Statistics 207 4 9 15 Voice VLAN Configuration 208 4 9 16 Voice VLAN OUI Table 210 4 10 Access Control Lists 211 4 10 1 Access Control List Status 212 4 10 2 Access Control List Configuration 213 4 10 3 ACE Configu...

Page 7: ...c Table 290 4 12 12 ARP Inspection 290 4 12 13 ARP Inspection Static Table 292 4 13 Address Table 293 4 13 1 MAC Address Table Configuration 293 4 13 2 MAC Address Table Status 295 4 13 3 Dynamic ARP Inspection Table 296 4 13 4 Dynamic IP Source Guard Table 298 4 14 LLDP 300 4 14 1 Link Layer Discovery Protocol 300 4 14 2 LLDP Configuration 300 4 14 3 LLDPMED Configuration 303 4 14 4 LLDP MED Neig...

Page 8: ...1 6 1 System Command 341 System Configuration 341 System Log Configuration 342 System Version 343 System Log Server Mode 343 System Name 344 System Contact 344 System Log Server Address 345 System Location 345 System Log Level 346 System Timezone 346 System Log Lookup 347 System Reboot 348 System Restore Default 348 System Load 348 6 2 IP Command 349 IP Configuration 349 IP DHCP 349 IP Setup 350 I...

Page 9: ...riPHY 361 Port SFP 362 6 4 MAC Address Table Command 363 MAC Configuration 363 MAC Add 363 MAC Delete 364 MAC Lookup 364 MAC Age Time 365 MAC Learning 365 MAC Dump 366 MAC Statistics 366 MAC Flush 367 6 5 VLAN Configuration Command 367 VLAN Configuration 367 VLAV PVID 368 VLAN Frame Type 369 VLAN Ingress Filter 369 VLAN Mode 370 VLAN Link Type 370 VLAN Q in Q Mode 371 VLAN Ethernet Type 371 VLAN A...

Page 10: ...Auth Method 384 Security Switch SSH Configuration 385 Security Switch SSH Mode 386 Security Switch HTTPs Configuration 386 Security Switch HTTPs Mode 387 Security Switch HTTPs Redirect 387 Security Switch Access Configuration 388 Security Switch Access Mode 388 Security Switch Access Configuration 389 Security Switch Access Mode 389 Security Switch Access Add 390 Security Switch Access IPv6 Add 39...

Page 11: ...SNMP Community Lookup 403 Security Switch SNMP User Add 404 Security Switch SNMP User Delete 405 Security Switch SNMP User Changekey 405 Security Switch SNMP User Lookup 406 Security Switch SNMP Group Add 407 Security Switch SNMP Group Delete 407 Security Switch SNMP Group Lookup 408 Security Switch SNMP View Add 408 Security Switch SNMP View Delete 409 Security Switch SNMP View Lookup 409 Securit...

Page 12: ...y Network DHCP Relay Configuration 432 Security Network DHCP Relay Mode 432 Security Network DHCP Relay Server 433 Security Network DHCP Relay Information Mode 433 Security Network DHCP Relay Information Policy 434 Security Network DHCP Relay Statistics 434 Security Network DHCP Snooping Configuration 435 Security Network DHCP Snooping Mode 435 Security Network DHCP Snooping Port Mode 436 Security...

Page 13: ...ame 451 STP BPDU Filter 451 STP BPDU Guard 452 STP Recovery 452 STP Status 453 STP MSTI Priority 454 STP MSTI Map 454 STP MSTI Add 454 STP Port Configuration 455 STP Port Mode 455 STP Port Edge 456 STP Port AutoEdge 456 STP Port P2P 457 STP Port RestrictedRole 458 STP Port RestrictedTcn 458 STP Port bpduGuard 459 STP Port Statistic 459 STP Port Check 460 STP MSTI Port Configuration 460 STP MSTI Po...

Page 14: ...ld 470 LLDP Delay 471 LLDP Reinit 471 LLDP Statistics 472 LLDP Info 473 6 12 LLDPMED Command 473 LLDPMED Configuration 473 LLDPMED Civic 474 LLDPMED ECS 475 LLDPMED Policy Delete 475 LLDPMED Policy Add 475 LLDPMED Port Policy 477 LLDPMED Coordinates 477 LLDPMED Datum 478 LLDPMED Fast 478 LLDPMED Info 478 6 13 EEE Command 479 EEE Configuration 479 EEE Mode 479 EEE Urgent Queues 480 6 14 Power over ...

Page 15: ...lassification DPL 489 QoS Port Classification PCP 490 QoS Port Classification DEI 490 QoS Port Classification Tag 491 QoS Port Classification Map 491 QoS Port Classification DSCP 492 QoS Port Policer Mode 492 QoS Port Policer Rate 493 QoS Port Policer Unit 493 QoS Port Scheduler Mode 494 QoS Port Scheduler Weight 494 QoS Port QueueShaper Mode 495 QoS Port QueueShaper Rate 495 QoS Port QueueShaper ...

Page 16: ... Mirror Configuration 508 Mirror Port 508 Mirror Mode 509 6 19 Configuration Command 510 Configuration Save 510 Configuration Load 510 6 20 Firmware Command 511 Firmware Load 511 Firmware IPv6 Load 511 Firmware Information 511 Firmware Swap 511 6 21 UPnP Command 512 UPnP Configuration 512 UPnP Mode 512 UPnP TTL 513 UPnP Advertising Duration 513 6 22 MVR Command 513 MVR Configuration 513 MVR Group ...

Page 17: ... IPMC Mode 524 IPMC Flooding 524 IPMC Leave Proxy 525 IPMC Proxy 525 IPMC State 526 IPMC Querier 527 IPMC Fastleave 527 IPMC Throttling 528 IPMC Filtering 528 IPMC Router 529 IPMC Status 529 IPMC Group 530 IPMC Version 530 IPMC SSM 531 IPMC Parameter RV 531 IPMC Parameter QI 532 IPMC Parameter QRI 532 IPMC Parameter LLQI 533 IPMC Parameter URI 533 6 25 VLAN Control List Command 534 VCL MAC based V...

Page 18: ...iguration 537 7 SWITCH OPERATION 538 7 1 Address Table 538 7 2 Learning 538 7 3 Forwarding Filtering 538 7 4 Store and Forward 538 7 5 Auto Negotiation 539 8 POWER OVER ETHERNET OVERVIEW 540 What is PoE 540 The PoE Provision Process 542 Stages of powering up a PoE link 542 Line Detection 543 Classification 543 Start up 543 Operation 543 Power Disconnection Scenarios 544 9 TROUBLE SHOOTING 545 A 1 ...

Page 19: ...tact your dealer immediately if possible retain the carton including the original packing material and use them against to repack the product in case there is a need to return it to us for repair 1 2 Product Description Cost effective IPv6 Managed Gigabit Switch solution for SMB Nowadays lots of electronic products or mobile devices can browse the Internet which means the need of IP Address increa...

Page 20: ...VLAN and the VLAN groups allowed will be maximally up to 255 Via aggregation of supporting ports the NS3502 8P 2S allows the operation of a high speed trunk combining multiple ports It enables maximum up to 5 groups of 10 ports for trunking and supports fail over as well Excellent Traffic Control The NS3502 8P 2S is loaded with powerful traffic management and QoS features to enhance services offer...

Page 21: ...ptic modules that means the administrator now can flexibly choose the suitable SFP transceiver according to not only the transmission distance but also the transmission speed required The distance can be extended from 550 meters Multi Mode fiber up to above 10 50 70 120 kilometers Single Mode fiber or WDM fiber They are well suited for applications within the enterprise data centers and distributi...

Page 22: ... by Web interface Section 5 COMMAND LINE INTERFACE The section describes how to use the Command Line interface CLI Section 6 CLI CONFIGURATION The section explains how to manage the Managed Switch by Command Line interface Section 7 SWITCH OPERATION The chapter explains how to does the switch operation of the Managed Switch Section 8 POWER OVER ETHERNET OVERVIEW The chapter introduce the IEEE 802 ...

Page 23: ...o 255 VLANs groups out of 4094 VLAN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Edge PVE Protocol based VLAN MAC based VLAN Voice VLAN Support Spanning Tree Protocol STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Support Link Aggregation 802 3ad Link Aggre...

Page 24: ... RADIUS servers TACACS login users access authentication RADIUS TACACS users access authentication IP Based Access Control List ACL MAC Based Access Control List Source MAC IP address binding DHCP Snooping to filter un trusted DHCP messages Dynamic ARP Inspection discards ARP packets with invalid MAC address to IP address binding IP Source Guard prevents IP spoofing attacks Auto DoS rule to defend...

Page 25: ... management ICMPv6 Power over Ethernet Complies with IEEE 802 3af Power over Ethernet End Span PSE Complies with IEEE 802 3at high power Power over Ethernet End Span PSE Up to 8 ports for IEEE 802 3af at devices powered Support PoE Power up to 30 8 watts for each PoE ports Auto detect powered device PD Circuit protection prevent power interference between ports Remote power feeding up to 100m PoE ...

Page 26: ... Pause Frame for Full Duplex Back pressure for Half Duplex Jumbo Frame 9Kbytes Reset Button 5 seconds System reboot 10 seconds Factory Default Dimension W x D x H 330 x 155 x 43 5 mm 1U high Weight 1 8kg LED Power FAN Alert Link Act per Gigabit port PoE In Use for port 1 8 Power Consumption Max 172 9 watts 589 6 BTU Power Requirement AC AC 100 240V 50 60Hz Operating Temperature 0 to 50 C 32 to 122...

Page 27: ...N groups Q in Q tunneling Private VLAN Edge PVE MAC based VLAN Protocol based VLAN Voice VLAN MVR Multicast VLAN Registration Up to 256 VLAN groups out of 4096 VLAN IDs Link Aggregation IEEE 802 3ad LACP Static Trunk Support 5 groups of 10 Port trunk support QoS Traffic classification based Strict priority and WRR 8 level priority for switching Port Number 802 1p priority 802 1Q VLAN tag DSCP TOS ...

Page 28: ... IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1d Spanning tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP IEEE 802 3af Power over Ether...

Page 29: ...ription 2 1 1 Switch Front Panel The unit front panel provides a simple interface monitoring the switch Figure 2 1 shows the front panel of the Managed Switch NS3502 8P 2S Front Panel Figure 2 1 NS3502 8P 2S front panel Gigabit TP interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters SFP slots 100 1000Base X mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meter...

Page 30: ...rd admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 2 1 2 LED Indications The front panel LEDs indicates instant status of port links data activity and system power helps monitor and troubleshoot when needed Figure 2 2 shows the LED indications of these Managed Switches NS3502 8P 2S LED indication Figure 2 2 NS3502 8P 2S LED panel System LED Color Func...

Page 31: ...established Blink indicate that the switch is actively sending or receiving data over that port 100 Green Lights to indicate the link through that port is successfully established Blink indicate that the switch is actively sending or receiving data over that port 2 1 3 Switch Rear Panel The rear panel of the Managed Switch indicates an AC inlet power socket which accepts input power from 100 to 24...

Page 32: ...maged by unregulated surge or current to the Switch or the power adapter Console Port The console port is a DB9 RS 232 male serial port connector It is an interface for connecting a terminal directly Through the console port it provides rich diagnostic information includes IP Address setting factory reset port management link status and system setting Users can use the attached RS 232 cable in the...

Page 33: ...sktop or the shelf near an AC power source as shown in Figure 2 4 Figure 2 4 Place the Managed Switch on the desktop Step3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and Specification Step4 Connect the Managed Switch to network devices Connect one e...

Page 34: ...l positioned towards the front side Step2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 5 shows how to attach brackets to one side of the Managed Switch Figure 2 5 Attach brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invali...

Page 35: ...cribe how to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Managed Switch As the Figure 2 7 appears Figure 2 7 Plug in the SFP transceiver Approved IFS SFP Transceivers IFS Managed Switch supports both Single mode and Multi mode SFP transceiver The fol...

Page 36: ... S30 2MLC SFP LC Connector Multi Mode Gigabit 2 fiber 850nm 850nm 550m S30 2MLC 2 SFP LC Connector Multi Mode Gigabit 2 fiber 1310nm 1310nm 2km S30 2SLC 10 SFP LC Connector Single Mode Gigabit 2 fiber 1310nm 1310nm 10km S30 2SLC 30 SFP LC Connector Single Mode Gigabit 2 fiber 1310nm 1310nm 30km S30 2SLC 70 SFP LC Connector Single Mode Gigabit 2 fiber 1550nm 1550nm 70km S30 RJ SFP RJ 45 Gigabit 100...

Page 37: ...onnector type Connect the fiber cable 1 Attach the duplex LC connector on the network cable into the SFP transceiver 2 Connect the other end of the cable to a device switches with SFP installed fiber NIC on a workstation or a Media Converter 3 Check the LNK ACT LED of the SFP slot on the front of the Managed Switch Ensure that the SFP transceiver is operating correctly 4 Check the Link mode of the...

Page 38: ...38 Figure 2 8 Pull out the SFP transceiver Never pull out the module without pull the handle or the push bolts on the module Direct pull out the module with violent could damage the module and SFP module slot of the Managed Switch ...

Page 39: ...verview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations of subscribers running Windows 2000 XP 2003 Vista 7 2008 MAC OS9 or later Linux UNIX or other platform compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Serial Port connect Terminal Above PC with COM Port DB9 RS ...

Page 40: ...t functionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be comprom...

Page 41: ... port access The following sections describe these methods For more information about using the console refer to Chapter 5 Command Line Interface Console Management Figure 3 1 Console management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch consol...

Page 42: ...ntosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 3 4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP...

Page 43: ...ased application to configure and manage the Managed Switch such as SNMP Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the ...

Page 44: ...IFS NS3502 8P 2S User Manual 44 Figure 3 5 SNMP management ...

Page 45: ...ava Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the IFS Managed Switch is 192 168 0 100 then the manager PC should be set at ...

Page 46: ... http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login screen Default User name admin Default Password admin After entering the username and password the main screen appears as...

Page 47: ...ccess all the commands and statistics the Managed Switch provides 1 It is recommended to use Internet Explorer 7 0 or above to access Managed Switch 2 The changed IP address take effect immediately after click on the Save button you need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this first setup 4 Only accept comma...

Page 48: ...Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ 45 Ports SFP Ports Main Menu Using the onboard web agent you can define system parameters manage a...

Page 49: ...IFS NS3502 8P 2S User Manual 49 can setup the Managed Switch by select the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Managed Switch Main Functions Menu ...

Page 50: ...age displays the CPU load using a SVG graph System Log The switch system log information is provided here Detailed Log The switch system detailed log information is provided here Remote Syslog Configure remote syslog on this page LED Power Reduction Configuration LED power reduction on this page EEE Power Reduction Configuration energy efficient ethernet power reduction on this page Thermal Protec...

Page 51: ...tact The system contact configured in Configuration System Information System Contact Name The system name configured in Configuration System Information System Name Location The system location configured in Configuration System Information System Location MAC Address The MAC Address of this switch System Date The current GMT system time and date The system time is obtained through the configured...

Page 52: ...t The Current column is used to show the active IP configuration Object Description DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provi...

Page 53: ... saved values 4 2 3 IPv6 Configuration Configure the switch managed IPv6 information on this page The Configured column is used to view or change the IPv6 configuration The Current column is used to show the active IPv6 configuration The screen in Figure 4 2 3 appears Figure 4 2 3 IPv6 Configuration page screenshot The page includes the following fields Object Description Auto Configuration Enable...

Page 54: ...ups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Provide the IPv6 SNTP Server address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fae0 013 4fefe dea4 34d4 The symbol is a special syntax that can be used as a shorthan...

Page 55: ...r Privilege Level The privilege level for the user Buttons Click to add a new user Add Edit User This page configures a user add edit or delete user Figure 4 2 5 Add Edit User Configuration page screenshot The page includes the following fields Object Description Username The name identifying the user Password The password of the user Privilege Level The privilege level for the user Buttons Click ...

Page 56: ...w configurations Add new user Once the new user is added the new user entry is shown in the Users Configuration page Figure 4 2 6 User Configuration page screenshot After change the default password if you forget the password Please press the Reset button in the front panel of the Managed Switch over 10 seconds and then release the current setting includes VLAN will be lost and the Managed Switch ...

Page 57: ...ge provides an overview of the privilege levels After setup completed please press Save button to take effect Please login web interface with new user name and password the screen in Figure 4 2 7 appears Figure 4 2 7 Privilege Levels Configuration page screenshot ...

Page 58: ...ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every privilege level group has an author...

Page 59: ... operation When enable NTP mode operation the agent forward and to transfer NTP messages between the clients and the server when they are not on the same subnet domain Disabled Disable NTP mode operation Timezone Allow select the time zone according to current location of switch Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight field...

Page 60: ...an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components The UPnP Configuration screen in Figure 4 2 9 appears Figure 4 2 9 UPnP Configuration page screenshot ...

Page 61: ...range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that suc...

Page 62: ...lients and the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP addr...

Page 63: ...tion screen in Figure 4 2 11 appears Figure 4 2 11 DHCP Relay Configuration page screenshot The page includes the following fields Object Description Relay Mode Indicates the DHCP relay mode operation Possible modes are Enabled Enable DHCP relay mode operation When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not ...

Page 64: ...ly works under DHCP relay information operation mode enabled Possible policies are Replace Replace the original relay information when receive a DHCP message that already contains it Keep Keep the original relay information when receive a DHCP message that already contains it Drop Drop the package when receive a DHCP message that already contains relay information Buttons Click to save changes Cli...

Page 65: ...t the Remote ID option did not match known Remote ID Client Statistics Object Description Transmit to Client The packets number that relayed packets from server to client Transmit Error The packets number that error sending packets to servers Receive form Client The packets number that received packets from server Receive Agent Option The packets number that received packets with relay agent infor...

Page 66: ...wser must support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 13 appears Figure 4 2 13 CPU Load page screenshot Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals If you...

Page 67: ...ntry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page any changes mad...

Page 68: ...e 4 2 15 appears Figure 4 2 15 Detailed Log page screenshot The page includes the following fields Object Description ID The ID 1 of the system log entry Message The message of the system log entry Buttons Click to refresh the page any changes made locally will be undone Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entr...

Page 69: ...s back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation Syslog Server IP Indicates the IPv4 host address of syslog server If the switch provide DNS feature it also can be a h...

Page 70: ... remember to input DNS server IP address at IP configuration page SMTP Port It is for you to input the SMTP server port number As default is 25 SMTP Authentication Enabled As usual SMTP server is denied to relay a mail from a different domain so you have to enable this option and input your mail account and password for SMTP sever authorizing to forward a mail from different domain For example you...

Page 71: ...s Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 15 LED Power Reduction The LEDs power consumption can be reduced by lowering the LEDs intensity LEDs intensity could for example be lowered during night time or they could be turn completely off It is possible to configure 24 different hours of the day at where the LEDs intensity should be set ...

Page 72: ...wering down circuits when there is no traffic When a port gets data to be transmitted all circuits are powered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 us for 1Gbit links and 30 us for other link speeds EEE devices must agree upon the value of the wakeup time in order to make sure that both the receiving and transmitting device has all circui...

Page 73: ...ady to be transmitted Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 17 Thermal Protection This page allows the user to inspect and configure the current setting for controlling thermal protection Thermal protection is used to protect the chip from getting overheated When the temperature exceeds the configured thermal protection tempe...

Page 74: ...emperature settings for priority groups The temperature at which the ports with the corresponding priority will be turned off Temperatures between 0 and 255 C are supported Port priorities The priority the port belongs to 4 priorities are supported Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 75: ...e the system would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file upload status 5 Once the software is loaded to the system successfully The following screen appears The system will load the new software after reboot Figure 4 2 22 Software successfully loaded notice screen DO NOT Power OFF the Managed Switch un...

Page 76: ...ds Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmware DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without press the OK button after the image is loaded Or the system won t apply the new firmware User has ...

Page 77: ...nfiguration Group tags port_table vlan_table etc These tags identify a group of parameters typically a table Parameter tags mode entry etc These tags identify parameters for the specific section module and group The entry tag is used for table entries Configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including syntax...

Page 78: ...IFS NS3502 8P 2S User Manual 78 Figure 4 2 25 File Download screen 2 Chose the file save path in management workstation Figure 4 2 26 File save screen ...

Page 79: ... in Figure 4 2 27 appears Figure 4 2 27 Configuration Upload page screenshot Configuration Upload 1 Click the button of the main page the system would pop up the file selection menu to choose saved configuration Figure 4 2 28 Windows file selection menu popup 2 Select on the configuration file then click the bottom of the browser shows the upload status 3 After down the main screen appears Transfe...

Page 80: ... Defaults Click to return to the Port State page without resetting the configuration After the Factory button be pressed and rebooted the system will load the default IP settings as following Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 The other setting value is back to disable or none To reset the Managed Switch to the Factory default setting you can a...

Page 81: ... a remote location Once the Reboot button is pressed user have to re login the WEB interface about 60 seconds later the System Reboot screen in Figure 4 2 30 appears Figure 4 2 30 System Reboot page screenshot Buttons Click to reboot the system Click to return to the Port State page without reboot the system ...

Page 82: ...ment information such as the number of error packets received by a network element Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the In...

Page 83: ... SNMPv3 accesses table on this page 4 3 2 SNMP System Configuration Configure SNMP on this page The SNMP System Configuration screen in Figure 4 3 1 appears Figure 4 3 1 SNMP System Configuration page screenshot The page includes the following fields Object Description Mode Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation ...

Page 84: ...munity string will associated with SNMPv3 communities table Engine ID Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users Configure SNMP trap on this page The SNMP Trap Configuration screen in Figure 4 3 2 appears Figure 4 3 2 SNMP Trap Config...

Page 85: ...following legally IPv4 address For example 192 1 2 34 Trap Authentication Failure Indicates the SNMP entity is permitted to generate authentication failure traps Possible modes are Enabled Enable SNMP trap authentication failure Disabled Disable SNMP trap authentication failure Trap Link up and Link down Indicates the SNMP trap link up and link down mode operation Possible modes are Enabled Enable...

Page 86: ...rs from 32 to 126 System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed s...

Page 87: ...Object Description Delete Check to delete the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Source IP Indicates the SNMP access source address Source Mask Indicates the SNMP access source address mask Buttons Click to a...

Page 88: ...2 and the allowed content is the ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exists That means must first ensu...

Page 89: ...y Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol DES An optional flag to indicate that this user using DES authentication protocol Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a n...

Page 90: ...this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belon...

Page 91: ...rs from 33 to 126 View Type Indicates the view type that this entry should belong to Possible view type are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded General if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID subtr...

Page 92: ...should belong to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and...

Page 93: ...IFS NS3502 8P 2S User Manual 93 Buttons Click to add a new access entry Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 94: ...tistics SFP Module Information Display SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Figure 4 4 1 Port Configuration page screenshot The page includes the following fields Object Description Port This is the log...

Page 95: ...y the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 bytes Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions...

Page 96: ... port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the f...

Page 97: ...ogical port Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 4 4 Port Statistics Detail This page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The selected port belongs to the currently selected stack unit as reflected ...

Page 98: ...aming bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAU...

Page 99: ...frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes Long frames are frames that are longer than the configured maximum frame length for this port 1 Short frame are frames that are smaller than 64 bytes 2 Long frames are frames that are longer than the configured maximum frame length for...

Page 100: ...ct Description Type Display the type of current SFP module the possible types are 1000Base SX 1000Base LX 100Base FX Speed Display the speed of current SFP module the speed value or description is get from the SFP module Different vendors SFP modules might shows different speed information Wave Length nm Display the wavelength of current SFP module the wavelength value is get from the SFP module U...

Page 101: ...lected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Figure 4 4 6 Port Mirror application The traffic to be copied to t...

Page 102: ...ained in the same row Mode Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transmitted or frames received are mirrored Enabled Frames received and frames transmitted are mirrored to the m...

Page 103: ...IFS NS3502 8P 2S User Manual 103 Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 104: ...an be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supports the following Aggregation links Static LAGs Port ...

Page 105: ...ce port or a mirror target port All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole Enable the link aggregation prior to connecting any cable between the switches to avoid creating a data loop Disconnect all link aggregation port cables or disable th...

Page 106: ...ber ports Any quantity of link aggregation s may be configured for the device only limited by the quantity of ports on the device To configure a proper traffic distribution the ports within a link aggregation must use the same link speed ...

Page 107: ...ource MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the fra...

Page 108: ... Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons Click to save changes Click to undo any changes made locally and revert...

Page 109: ...t as reflected by the page header The LACP Configuration screen in Figure 4 5 4 appears Figure 4 5 4 LACP Port Configuration page screenshot The page includes the following fields Object Description Port The switch port number LACP Enabled Controls whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form max 12 L...

Page 110: ...tances The LACP Status page display the current LACP aggregation Groups and LACP Port status The LACP System Status screen in Figure 4 5 5 appears Figure 4 5 5 LACP System Status page screenshot The page includes the following fields Object Description Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner Syst...

Page 111: ...ion Port The switch port number LACP Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile its LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregati...

Page 112: ...5 7 LACP Statistics page screenshot The page includes the following fields Object Description Port The switch port number LACP Received Shows how many LACP frames have been sent from each port LACP Transmitted Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Check this box to ena...

Page 113: ...are forwarded to only members of the VLAN on which the broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet...

Page 114: ...Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP addresses or IP subnets VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link...

Page 115: ...d is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is ...

Page 116: ...aware switches must keep a table to relate PVID within the switch to VID on the network The switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet If the two VID are different the switch will drop the packet Because of the existence of the PVID for untagged packets and the VID for tagged packets tag aware and tag unaware network devices can ...

Page 117: ... VLAN Classification When the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns the frame to an associated VLAN based on the default VLAN ID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame Port Overlapping Port overlapping can be used to allow access t...

Page 118: ...the current number of VLANs VLAN Learning Display the VLAN learning mode The Managed Switch supports IVL IVL Independent vlan learning Configurable PVID Tagging Indicates whether or not configurable PVID tagging is implemented 4 6 4 VLAN Port Configuration This page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration page contains fields for managing ports that are...

Page 119: ...ame is tagged Income Frame is untagged Leave port is tagged Frame remains tagged Tag is inserted Leave port is untagged Tag is removed Frame remain untagged Table 4 6 1 Ingress Egress port with VLAN VID Tag Untag table IEEE 802 1Q Tunneling Q in Q IEEE 802 1Q Tunneling QinQ is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used to mai...

Page 120: ...VID for frames entering the MAN When leaving the MAN the tag is stripped and the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service provid...

Page 121: ... Ingress Filtering Enable ingress filtering for a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded By default ingress filtering is disabled no checkmark Accept Frame Type Determines whether the port accepts all frames or only tagged frames This para...

Page 122: ...for an uplink port to another device within the service provider network Customer Port Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network Set Out layer VLAN tag ether type The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel access port 802 1Q Tag 8100 vMAN ...

Page 123: ...uring the next Save VLAN ID Indicates the ID of this particular VLAN VLAN Name Indicates the name of the VLAN Maximum length of the VLAN Name String is 32 VLAN Name can only contain alphabets or numbers VLAN name should contain at least one alphabet VLAN name can be edited for the existing VLAN entries or it can be added to the new entries Port Members A row of check boxes for each port is display...

Page 124: ...starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID Updates the table starting with the entry after the last entry currently displayed 4 6 6 VLAN Membership Status This page provides an overview of membership status for VLAN users The VLAN Membership Status screen in Figure 4 6 4 appears Figure 4 6 4 VLAN Membership Status for Static User page screenshot The page ...

Page 125: ...n Server Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network...

Page 126: ...ceived on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is...

Page 127: ...an Authentication Server Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning tr...

Page 128: ...s Figure 4 6 6 Private VLAN Membership Configuration page screenshot The page includes the following fields Object Description Delete To delete a private VLAN entry check this box The entry will be deleted during the next save Private VLAN ID Indicates the ID of this particular private VLAN Port Members A row of check boxes for each port is displayed for each private VLAN ID To include a port in a...

Page 129: ...nfigured for standard VLAN operation when this is in place one or more of the configured VLANs can be configured as private VLANs Ports in a private VLAN fall into one of these two groups Promiscuous ports Ports from which traffic can be forwarded to all ports in the private VLAN Ports which can receive traffic from all ports in the private VLAN Isolated ports Ports from which traffic can only be ...

Page 130: ...he following fields Object Description Port Members A check box is provided for each port of a private VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 6 10 VLAN setting example...

Page 131: ...packet entering VLAN 2 1 While PC 1 transmit an untagged packet enters Port 1 the Managed Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away on tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep it as a tagged packet with VL...

Page 132: ...oup Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 3 Remove VLAN Member for VLAN 1 Remember to remove the Port 1 Port 6 from VLAN 1 membership since the Port 1 Port 6 had been assigned to VLAN 2 ...

Page 133: ... 6 VLAN 3 The Per Port VLAN configuration in Figure 4 6 10 appears Figure 4 6 10 Port 1 Port 6 VLAN Configurations 4 6 10 2 VLAN Trunking between two 802 1Q aware switch In VLAN Trunking below it uses the Uplink to connect to other switches VLANs are separated at different switches but they need to access with other switches within the same VLAN group The screen in Figure 4 6 11 appears ...

Page 134: ...rt 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 About the VLAN ports connect to the hosts please refer to 4 6 10 1 examples The following steps will focus on the VLAN Trunk port configuration 1 Specify Port 8 to be the 802 1Q VLAN Trunk port 2 Assign Port 8 to both VLAN 2 and VLAN 3 at the VLAN Member configuration page 3 Define a VLAN 1 as a Public Area that overlapping...

Page 135: ...LAN 2 members Port 1 to Port 3 and VLAN 3 members Port 4 to Port 6 also belongs to VLAN 1 But with different PVID settings packets form VLAN 2 or VLAN 3 is not able to access to the other VLAN 6 Repeat Step 1 to 5 setup the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk repeat Step 1 to 3 to assign the Trunk port to the VLANs 4 6 10 3 Port Isolate The diagram shows...

Page 136: ...rt 4 in Isolate port Set Port5 and Port 6 in Promiscuous port The screen in Figure 4 6 15 appears Figure 4 6 15 The configuration of Isolate and Promiscuous port 2 Assign VLAN Member VLAN 1 Port 1 Port 2 Port 5 and Port 3 VLAN 2 Port 3 Port 6 The screen in Figure 4 6 16 appears ...

Page 137: ...ing fields Object Description Delete To delete a MAC based VLAN entry check this box and press save The entry will be deleted in the stack MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members A row of check boxes for each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based V...

Page 138: ...Figure 4 6 18 MAC based VLAN Membership Configuration for User Static page screenshot The page includes the following fields Object Description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page immediat...

Page 139: ...during the next Save Frame Type Frame Type can have one of the following values 1 Ethernet 2 LLC 3 SNAP Note On changing the Frame type field valid value of the following text field will vary depending on the new frame type you selected Value Valid value that can be entered in this text field depends on the option selected from the preceding Frame Type selection menu Below is the criteria for thre...

Page 140: ... other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to 0xffff Group Name A valid Group Name is a unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 Note special character and underscore _ are ...

Page 141: ...Whichever Group name you try map to a VLAN must be present in Protocol to Group mapping table and must not be preused by any other existing mapping entry on this page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check t...

Page 142: ...e blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the per...

Page 143: ...d to select the best switch as the root switch When STP is enabled using the default parameters the path between source and destination stations in a switched network might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagat...

Page 144: ...ng or to disabled From forwarding to disabled From disabled to blocking Figure 4 7 1 STP Port State Transitions You can modify each port state by using management software When you enable STP every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up If properly configured each port stabilizes to the forwa...

Page 145: ...iption Default Value Bridge Identifier Not user configurable except by setting priority below A combination of the User set priority and the switch s MAC address The Bridge Identifier consists of two parts a 16 bit priority and a 48 bit Ethernet MAC address 32768 MAC 32768 MAC Priority A relative priority for each switch lower numbers give a higher priority and a greater chance of a given switch b...

Page 146: ... keep the default settings as set at the factory unless it is absolutely necessary The user changeable parameters in the Switch are as follows Priority A Priority for the switch can be set from 0 to 65535 0 is equal to the highest Priority Hello Time The Hello Time can be from 1 to 10 seconds This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other S...

Page 147: ...ssistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure In this example STP breaks the loop by blocking the connection between switch B and C The decision to block a particular connection is...

Page 148: ...IFS NS3502 8P 2S User Manual 148 Figure 4 7 5 Before Applying the STA Rules In this example only the default STP values are used Figure 4 7 6 After Applying the STA Rules ...

Page 149: ... STP system settings The settings are used by all STP Bridge instances in the Switch or switch Stack The Managed Switch support the following Spanning Tree protocols Compatiable Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree conver...

Page 150: ...e maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root...

Page 151: ...tch implement the Rapid Spanning Protocol as the default spanning tree protocol While select Compatibles mode the system use the RSTP 802 1w to compatible and co work with another STP 802 1d s BPDU control packets Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 3 Bridge Status This page provides a status overview for all STP bridge ins...

Page 152: ...path to the Root Bridge Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Last The time since last Topology Change occurred 4 7 4 CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations and possibly change them as well The CIST Port Configuration screen in Figure 4 7 9 appears Figure 4 7 9 STP CIST Por...

Page 153: ...being set or cleared The initial operEdge state when a port is initialized AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not Restricted Role If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree prior...

Page 154: ...y changes made locally and revert to previously saved values By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the de...

Page 155: ... Link Type IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 2 000 000 1 000 000 500 000 Fast Ethernet Half Duplex Full Duplex Trunk 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 10 000 5 000 Table 4 7 3 Default STP Path Costs ...

Page 156: ... screenshot The page includes the following fields Object Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Click to save changes Click ...

Page 157: ...s and possibly change them as well The MSTI Configuration screen in Figure 4 7 11 appears Figure 4 7 11 MSTI Configuration page screenshot The page includes the following fields Configuration Identification Object Description Configuration Name The name identifying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the ...

Page 158: ...e not having any VLANs mapped to it Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 7 MSTI Ports Configuration This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI ins...

Page 159: ...ject Description Port The switch port number of the corresponding STP CIST and MSTI port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network L...

Page 160: ...tomatic refresh of the page at regular intervals 4 7 8 Port Status This page displays the STP CIST port status for port physical ports in the currently selected switch The STP Port Status screen in Figure 4 7 14 appears Figure 4 7 14 STP Port Status page screenshot The page includes the following fields Object Description Port The switch port number of the logical STP port CIST Role The current ST...

Page 161: ...port statistics counters for port physical ports in the currently selected switch The STP Port Statistics screen in Figure 4 7 15 appears Figure 4 7 15 STP Statistics page screenshot The page includes the following fields Object Description Port The switch port number of the logical RSTP port MSTP The number of MSTP Configuration BPDU s received transmitted on the port RSTP The number of RSTP Conf...

Page 162: ... and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to clear the information immediately ...

Page 163: ...form nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the...

Page 164: ...IFS NS3502 8P 2S User Manual 164 Figure 4 8 1 Multicast Service Figure 4 8 2 Multicast flooding ...

Page 165: ...up Membership Query if Group Address is Present 0x16 Membership Report version 2 0x17 Leave a Group version 2 0x12 Membership Report version 1 IGMP packets enable multicast routers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP re...

Page 166: ...igure 4 8 4 IGMP State Transitions IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream mult...

Page 167: ...ered IPMC Flooding enabled Enable unregistered IPMC traffic flooding Leave Proxy Enable Enable IGMP Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enable Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Router Port Specify which ports act as router ports A router port ...

Page 168: ...how the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table The IGMP Snooping VLAN Configuration screen in Figure 4 8 6 appears Figure 4 8 6 IGMP Snooping VLAN Configuration page screenshot The page includes the following fields O...

Page 169: ...val is 1 second Buttons Refreshes the displayed table starting from the VLAN input fields Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID Updates the table starting with the entry after the last entry currently displayed Click to save changes Click to undo any changes made locally and revert to previously saved values 4 8 4 IGMP Snooping Port...

Page 170: ...aces it with the new multicast group The IGMP Snooping Port Group Filtering Configuration screen in Figure 4 8 7 appears Figure 4 8 7 IGMP Snooping Port Group Filtering Configuration page screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings Filtering Group The IP Multicas...

Page 171: ... status is ACTIVE or IDLE Querier Transmit The number of Transmitted Querier Querier Receive The number of Received Querier V1 Reports Receive The number of Received V1 Reports V2 Reports Receive The number of Received V2 Reports V3 Reports Receive The number of Received V3 Reports V2 Leave Receive The number of Received V2 Leave Buttons Click to refresh the page immediately Clears all Statistics ...

Page 172: ...ields allow the user to select the starting point in the IGMP Group Table The IGMP Groups Information screen in Figure 4 8 9 appears Figure 4 8 9 IGMP Snooping Groups Information page screenshot The page includes the following fields Object Description VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Buttons Auto refresh Check this box to...

Page 173: ...Information Table The IGMPv3 Information screen in Figure 4 8 10 appears Figure 4 8 10 IGMP SSM Information page screenshot The page includes the following fields Object Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclu...

Page 174: ...n Snooping Enabled Enable the Global MLD Snooping Unregistered IPMC Flooding enabled Enable unregistered IPMCv6 traffic flooding Please note that disabling unregistered IPMCv6 traffic flooding may lead to failure of Neighbor Discovery Leave Proxy Enable Enable MLD Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enable Enable MLD Proxy Th...

Page 175: ...lues 4 8 9 MLD Snooping VLAN Configuration Each page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the st...

Page 176: ...the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address and Source Specific Query messages The allowed range is 0 to 31744 in tenths of seconds default last listener query interval is 10 in tenths of seco...

Page 177: ...he MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join reports will be dropped If t...

Page 178: ...e VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Show the Querier status is ACTIVE or IDLE Querier Transmit The number of Transmitted Querier Querier Receive The number of Received Querier V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V1 Leave Received Th...

Page 179: ...of the MLD Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD Group Table The MLD Groups Information screen in Figure 4 8 15 appears Figure 4 8 15 MLD Snooping Groups Information page screenshot The page includes the following fields Object Description VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Po...

Page 180: ...formation Table The MLDv2 Information screen in Figure 4 8 16 appears Figure 4 8 16 MLD SSM Information page screenshot The page includes the following fields Object Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude S...

Page 181: ...he multicast server is in the source VLAN Multicast routing has to be disabled when MVR is enabled Refer to the configuration guide at Understanding Multicast VLAN Registration for more information on MVR MVR is typically used for IPTV like services and is therefore usually only available on enterprise level switches Many manufacturers provide support for MVR on their high end switches The main re...

Page 182: ...18 MVR Status page screenshot The page includes the following fields Object Description Group The Multicast VLAN ID V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leave Received The number of Received V2 Leaves Buttons Click to refresh the page immediately Clears all Statistics cou...

Page 183: ...input fields allow the user to select the starting point in the MVR Group Table The MVR Groups Information screen in Figure 4 8 19 appears Figure 4 8 19 MVR Groups Information page screenshot The page includes the following fields Object Description VLAN VLAN ID of the group Groups Group ID of the group displayed Port Members Ports under this group Buttons Auto refresh Check this box to enable an ...

Page 184: ...r specific types of traffic and preserve performance as the amount of traffic grows Reduce the need to constantly add bandwidth to the network Manage network congestion QoS Terminology Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classifie...

Page 185: ...gure the Policer settings for all switch ports The Port Policing screen in Figure 4 9 1 appears Figure 4 9 1 QoS Ingress Port Policers page screenshot The page includes the following fields Object Description Port The port number for which the configuration below applies Enable Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 5...

Page 186: ...ber for which the configuration below applies QoS Class Controls the default QoS class i e the QoS class for frames not classified in any other way There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority DP Level Controls the default DP level i e the DP level for frames not classified in any other way PCP Controls the default PCP for untagge...

Page 187: ...SCP Based Click to Enable DSCP Based QoS Ingress Port Classification Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 3 1 QoS Ingress Port Tag Classification The classification mode for tagged frames is configured on this page The QoS Ingress Port Tag Classification screen in Figure 4 9 3 appears ...

Page 188: ...n Controls the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames PCP DEI to QoS class DP level Mapping Controls the mapping of the classified PCP DEI to QoS class DP level values when Tag Classification is set to Enabled Buttons Click to save changes ...

Page 189: ... Egress Port Schedule page screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1 Mode Shows the scheduling mode for this port Q0 Q5 Shows the weight for this queue and port 4 9 5 Port Shaping This page provides...

Page 190: ...on the port number in order to configure the shapers For more detail please refer to chapter 4 9 5 1 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps 4 9 5 1 QoS Egress Port Schedule and Shapers The Port Scheduler and Shapers for a specific port are configured on this page The QoS Egress Port Schedule and Shaper screen in Fig...

Page 191: ...stricted to 1 3300 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth Queue Scheduler Weight Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter is only shown if Scheduler Mode...

Page 192: ...page 4 9 6 Port Tag Remarking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports The Port Tag Remarking screen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarking page screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure ta...

Page 193: ...P DEI values Mapped Use mapped versions of QoS class and DP level PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS class DP level to PCP DEI values when the mode is set to Mapped Buttons Click to save changes Click to undo any changes made locally and revert to previou...

Page 194: ...ion parameters available in Ingress Translate Classify Translate To Enable the Ingress Translation click the checkbox Classify Classification for a port has 4 different values Disable No Ingress DSCP Classification DSCP 0 Classify if incoming or translated if enabled DSCP is 0 Selected Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the s...

Page 195: ...ert to previously saved values Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page immediately 4 9 8 DSCP Based QoS This page allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches The DSCP Based QoS screen in Figure 4 9 10 appears ...

Page 196: ...IFS NS3502 8P 2S User Manual 196 Figure 4 9 10 DSCP Based QoS Ingress Classification page screenshot The page includes the following fields ...

Page 197: ...alue can be any of 0 7 DPL Drop Precedence Level 0 1 Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 9 DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches DSCP translation can be done in Ingress or Egress The DSCP Translation screen in Figure 4 9 11 appears ...

Page 198: ...IFS NS3502 8P 2S User Manual 198 ...

Page 199: ...lated to any of 0 63 DSCP values Classify Click to enable Classification at Ingress side Egress There are following configurable parameters for Egress side Remap DP0 Remap DP1 There is following configurable parameter for Egress side Remap Remap DP0 Select the DSCP value from select menu to which you want to remap DSCP value ranges from 0 to 63 Remap DP1 Select the DSCP value from select menu to w...

Page 200: ...page includes the following fields Object Description QoS Class Available QoS Class value ranges from 0 to 7 QoS Class 0 7 can be mapped to followed parameters DPL Drop Precedence Level 0 1 can be configured for all available QoS Classes DSCP Select DSCP value 0 63 from DSCP menu to map DSCP to corresponding QoS Class and DPL value Buttons Click to save changes Click to undo any changes made local...

Page 201: ...frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames SMAC Displays the OUI field of Source MAC address i e first three octet byte of MAC address DMAC Specify the ty...

Page 202: ...the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Modification Buttons You can modify each QCE in the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves t...

Page 203: ...y Untag or Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any SMAC Source MAC address 24 MS bits OUI or Any DMAC Type Dest...

Page 204: ...where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IP Fragment IPv4 frame fragmented option yes no any Sport Sou...

Page 205: ... status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch The QoS Control List Status screen in Figure 4 9 15 appears Figure 4 9 15 QoS Control List Status page screenshot The page includes the following fields Object Description User Indica...

Page 206: ... not available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the resource required by the QCE and pressing Refresh button Buttons Select the QCL status from this drop down list Auto refresh Check this box to refresh the page automatically Automatic refresh occurs at regular intervals Click to refresh the page any chang...

Page 207: ...he storm control status for the given frame type Rate The rate unit is packets per second pps Valid values are 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1024K 2048K 4096K 8192K 16384K or 32768K Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 14 QoS Statistics This page provides statistics for the different que...

Page 208: ...ly Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 9 15 Voice VLAN Configuration The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP dev...

Page 209: ...ion Disabled Disable Voice VLAN mode operation VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR VID PVID etc The allowed range is 1 to 4095 Age Time Indicates the Voice VLAN secure learning age time The allowed range is 10 to 10000000 seconds It used when security mode ...

Page 210: ...ked 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice VLAN security mode operation Port Discovery Protocol Indicates the Voice VLAN port discovery protocol It will only work when auto detect mode is enabled We should enable LLDP feature before configuring discovery protocol to LLDP or Both Changing the discovery protocol to OUI or LLDP will...

Page 211: ...s xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it descripts which vendor telephony device The allowed string length is 0 to 32 Buttons Click to add a new access management entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 10 Access Control Lists ACL is an acronym for Access Control List It is the list...

Page 212: ... contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations The maximum number of ACEs is 256 on each switch The Voice VLAN OUI Table scr...

Page 213: ... port number When Disabled is displayed the port copy operation is disabled CPU Forward packet that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU Counter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware l...

Page 214: ...Pv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learn...

Page 215: ...list Moves the ACE down the list Deletes the ACE The lowest plus sign adds a new entry at the bottom of the ACE listings Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs at regular intervals Click to refresh the page any changes made locally will be undone Click to clear the counters Click to remove all ACEs 4 10 3 ACE Configuration Configure an ACE Ac...

Page 216: ...rough 8 Frame Type Select the frame type for this ACE These frame types are mutually exclusive Any Any frame can match this ACE Ethernet Type Only Ethernet Type frames can match this ACE The IEEE 802 3 describes the value of Length Type Field specifications to be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP Only ARP frames can match this ACE Notice the ARP frames won t match...

Page 217: ...ored in the System Log Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of the ACE The allowed values are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE Counter The counter indicates the number of times the ACE wa...

Page 218: ...t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value Tag Priority Specify the tag priority for this ACE A frame that hits this ACE match...

Page 219: ...rget IP filter is set to Host Specify the target IP address in the Target IP Address field that appears Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear Target IP Address When Host or Network is selected for the target IP filter you can enter a specific target IP address in dotted decimal nota...

Page 220: ... Description IP Protocol Filter Specify the IP protocol filter for this ACE Any No IP protocol filter is specified don t care Specific If you want to filter a specific IP protocol filter with this ACE choose this value A field for entering an IP protocol filter appears ICMP Select ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear These fields are explai...

Page 221: ...ecified Source IP filter is don t care Host Source IP filter is set to Host Specify the source IP address in the SIP Address field that appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dot...

Page 222: ...lue A field for entering an ICMP code value appears ICMP Code Value When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value TCP UDP Parameters Object Description TCP UDP Source Filter Specify the TCP UDP source filter for this ACE Any No TCP UDP source filter is specified TCP U...

Page 223: ...can enter a specific TCP UDP destination value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP UDP Destination Range When Range is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP FIN Specify ...

Page 224: ...ere the URG field is set must not be able to match this entry 1 TCP frames where the URG field is set must be able to match this entry Any Any value is allowed don t care Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected Object Description EtherType Filter Specify the Ethernet type filter for this ACE Any No EtherType filter is specif...

Page 225: ...ption Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 1 through 8 The default value is 1 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply to this port The allowed values are Disabled or the values 1 through 15 Th...

Page 226: ...pecify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled Counter Counts the number of frames that match this ACE Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values Click to refresh the page any ...

Page 227: ...te Limiter ID The rate limiter ID for the settings contained in the same row Rate The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Unit Specify the rate unit The allowed values are pps packets per second Kbps Kbits per second Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 228: ...nformation exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switc...

Page 229: ...RADIUS Terminal Access Controller Access Control System Plus TACACS Local user name and Privilege Level control RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels f...

Page 230: ...identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial In User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only supported authentication serv...

Page 231: ...ansitions from down to up It then sends an EAP request identity frame to the client to request its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during boot up the client does not receive an EAP request identity frame f...

Page 232: ...col the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes...

Page 233: ...ethod Authentication Method can be set to one of the following values None authentication is disabled and login is not possible Local use the local user database on the switch stack for authentication Radius use a remote RADIUS server for authentication TACACSt use a remote TACACS server for authentication Fallback Enable fallback to local authentication by checking this box If none of the configu...

Page 234: ...ed on the Configuration Security AAA page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC addre...

Page 235: ...witch If globally disabled all ports are allowed forwarding of frames Reauthentication Enabled If checked successfully authenticated supplicants clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached For MAC based po...

Page 236: ...the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in an 802 1X based mode this is not so critical since supplicants that are...

Page 237: ... setting determines whether RADIUS assigned QoS Class is enabled for that port When unchecked RADIUS server assigned QoS Class is disabled for all ports RADIUS Assigned VLAN Enabled RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming traffic will be classified to and switched on the RADIUS assigned VL...

Page 238: ...rame has been received on the port for the life time of the port Once the switch considers whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life time of the port If enabled checked the switch will consider entering the Guest VL...

Page 239: ...S The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server ...

Page 240: ...port s link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC addres...

Page 241: ...nd the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the ...

Page 242: ...otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X RADIUS attributes used in identifying a QoS Class Refer to the written documentation for a description...

Page 243: ...rarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ID in an Access Accept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks fo...

Page 244: ...he switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleared if the port link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest ...

Page 245: ... State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules a reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the po...

Page 246: ... the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL bas...

Page 247: ...ckend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed The Network Access Statistics screen in Figure 4 11 6 appears Figure 4 11 6 Network Access Statistics page screenshot The page includes the following fields Port State Object Description Admin State The port s current administrative state Refer to NAS Admin State for a des...

Page 248: ...orized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X Directio n Name IEEE Name Description Rx Total dot1xAuthEapolFra mesRx The number of valid EAPOL frames of any type that has been received by the switch Rx Response I D dot1xAuthEapolRes pIdFramesRx The number of valid EAPOL Response Identity frames that have been received by the switch Rx Responses dot1xAuthEapolRes pFramesRx ...

Page 249: ...by the switch in which the Packet Body Length field is invalid Tx Total dot1xAuthEapolFra mesTx The number of EAPOL frames of any type that has been transmitted by the switch Tx Request ID dot1xAuthEapolRe qIdFramesTx The number of EAPOL Request Identity frames that have been transmitted by the switch Tx Requests dot1xAuthEapolRe qFramesTx The number of valid EAPOL Request frames other than Reques...

Page 250: ...ation with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Rx Other Requests dot1xAuthBackend OtherRequestsToSu pplicant 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based N...

Page 251: ...ot authenticated to the backend server Tx Response s dot1xAuthBackend Responses 802 1X based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards t...

Page 252: ...AuthLastEa polFrameVersion 802 1X based The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable Identity 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable Selected Counters Object Description Selected Counters The Selected Counters table is visible when the port ...

Page 253: ...ts attached VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module State The client can either be authenticated or unauthenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the client it is una...

Page 254: ...the following modes Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear only the currently selected client s counters ...

Page 255: ... Configuration This page allows you to configure the Authentication Servers The Authentication Server Configuration screen in Figure 4 11 7 appears Figure 4 11 7 Authentication Server Configuration page screenshot The page includes the following fields Port State ...

Page 256: ...the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured RADIUS Authentication Server Configur...

Page 257: ... Accounting Server Secret The secret up to 29 characters long shared between the RADIUS Accounting Server and the switch TACACS Authentication Server Configuration The table has one row for each TACACS Authentication Server and a number of columns which are Object Description The TACACS Authentication Server number for which the configuration below applies Enabled Enable the TACACS Authentication ...

Page 258: ...ntication Accounting Server Overview screen in Figure 4 11 8 appears Figure 4 11 8 RADIUS Authentication Accounting Server Overview page screenshot The page includes the following fields RADIUS Authentication Servers Object Description The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of t...

Page 259: ...ics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of this server State The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready...

Page 260: ... Authentication Accounting for Server Overview page screenshot The page includes the following fields RADIUS Authentication Servers The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for Object Description Packet Counters RADIUS authentication server packet counter There are seven...

Page 261: ...received from the server Rx Malformed Access Responses radiusAuthClient ExtMalformedAc cessResponses The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authenticato rs radiusAuthClient Ext...

Page 262: ... Tx Access Retransmissi ons radiusAuthClient ExtAccessRetrans missions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server Tx Pending Requests radiusAuthClient ExtPendingReque sts The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent...

Page 263: ...ady The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This...

Page 264: ...usAccClient ExtResponses The number of RADIUS packets valid or invalid received from the server Rx Malformed Responses radiusAccClient ExtMalformedR esponses The number of malformed RADIUS packets received from the server Malformed packets include packets with an invalid length Bad authenticators or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAcctClien ...

Page 265: ...ted to the RADIUS accounting server Tx Pending Requests radiusAccClient ExtPendingReq uests The number of RADIUS packets destined for the server that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission Tx Timeouts radiusAccClient ExtTimeouts The number of accounting timeouts to the ...

Page 266: ...ts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Tri p Time radiusAccClientEx tRoundTripTime The time interval measured in milliseco...

Page 267: ...and assign the client IP address to the Managed switch In this case field in the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at the Managed Switch s 802 1x system configuration 12345678 at this case 1 Configure the IP Address of remote RADIUS server and secret key Figure 4 11 10 RADIUS Server Configuration s...

Page 268: ...IFS NS3502 8P 2S User Manual 268 Figure 4 11 11 Windows Server add new RADIUS client setting 3 Assign the client IP address to the Managed switch Figure 4 11 12 Windows Server RADIUS Server setting ...

Page 269: ...IFS NS3502 8P 2S User Manual 269 4 The shared secret key should be as same as the key configured on the Managed Switch Figure 4 11 13 Windows Server RADIUS Server setting ...

Page 270: ...s 802 1X Port Configuration Figure 4 11 14 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then Figure 4 11 15 Windows 2003 AD server setting path ...

Page 271: ...to enter properties and what to be noticed Figure 4 11 16 Add User Properties screen Figure 4 11 17 Add User Properties screen Set the Ports Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is an uplink port that is connected to another switch Or once the 802 1X stat to work the switch might not be ...

Page 272: ...hange the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go to Start Control Panel double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties s...

Page 273: ...rom the drop down list box for EAP type Figure 4 11 19 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue Figure 4 11 20 Windows client popup login request message ...

Page 274: ...IFS NS3502 8P 2S User Manual 274 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 21 ...

Page 275: ... settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module ...

Page 276: ...l use the underlying functionality but limit checks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period Aging Period If Aging Enabled is checked then the aging period is controlled with this input If other modules are using the underlying port security for securing MAC addresses they may have other requirements ...

Page 277: ...assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description Port The port number for which the configuration below applies Mode Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Enabl...

Page 278: ...t or the stack switch 3 Click the Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The lim...

Page 279: ...t The page includes the following fields Object Description Mode Indicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable access management mode operation Delete Check to delete the entry It will be deleted during the next save Start IP address Indicates the start IP address for the access management entry End IP address Ind...

Page 280: ...istics Overview page screenshot The page includes the following fields Object Description Interface The interface that allowed remote host can access the switch Receive Packets The received packets number from the interface under access management mode is enabled Allow Packets The allowed packets number from the interface under access management mode is enabled Discard Packets The discarded packet...

Page 281: ...tons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 5 SSH Configure SSH on this page This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based le...

Page 282: ...tus Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forwar...

Page 283: ...User Module Name The full name of a module that may request Port Security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status The table has one row for each port on the selected switch in the switch and a number of columns which are Object Description Port The port number for which the status applies Click the port number...

Page 284: ...esses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a ...

Page 285: ...ked state it will not be allowed to transmit or receive traffic Time of Adding Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blocked state until the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled ...

Page 286: ... 8 DHCP Snooping Configuration screen page screenshot The page includes the following fields Object Description Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable...

Page 287: ...enabled and relay mode is disabled And it doesn t count the DHCP packets for system DHCP client The DHCP Snooping Port Statistics screen in Figure 4 12 9 appears Figure 4 12 9 DHCP Snooping Port Statistics screen page screenshot The page includes the following fields Object Description Rx and Tx Discover The number of discover option 53 with value 1 packets received and transmitted Rx and Tx Offer...

Page 288: ...lue 11 packets received and transmitted Rx and Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx and Tx Lease Active The number of lease active option 53 with value 13 packets received and transmitted Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page immediately Clears...

Page 289: ...Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on given ports This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max dynamic client is equal 0 it...

Page 290: ...al port for the settings VLAN ID The VLAN ID for the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Buttons Click to add a new entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 12 ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices conne...

Page 291: ...on Configuration Enable the Global ARP Inspection or disable the Global ARP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 292: ...ge includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Buttons Click to add a new entry Click to save changes Click to undo any chan...

Page 293: ...rames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age time 4 13 1 MAC Address Table Configuration The...

Page 294: ...entication under 802 1X Object Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and...

Page 295: ... MAC Address Table Status Dynamic MAC Table Entries in the MAC Table are shown on this page The MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address The MAC Address Table screen in Figure 4 13 2 appears Figure 4 13 2 MAC Address Table Status Navigating the MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entrie...

Page 296: ...over The page includes the following fields Object Description Type Indicates whether the entry is a static or dynamic entry VLAN The VLAN ID of the entry MAC address The MAC address of the entry Port Members The ports that are members of the entry Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refreshes the displayed table starting from the Sta...

Page 297: ...d entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over The page includes the following fields Object Description Port The port number for which the status applies Click the port number to see...

Page 298: ... address and IP mask input fields allow the user to select the starting point in the Dynamic IP Source Guard Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with t...

Page 299: ...rvals Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address Updates the table starting with the entry after the last entry currently displayed ...

Page 300: ... store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED informat...

Page 301: ...n seconds is based on the following rule Transmission Interval Holdtime Multiplier 65536 Therefore the default TTL is 4 30 120 seconds Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are rest...

Page 302: ...tion is included in LLDP information transmitted Sys Capa Optional TLV When checked the system capability is included in LLDP information transmitted The system capabilities identify the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Mgmt Addr Optional TLV When checked the management addres...

Page 303: ...itically important aspect of VoIP systems in general In addition it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types for example only advertise the voice network policy to permitted voice capable devices both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with inappropri...

Page 304: ...ue is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including between Net...

Page 305: ...ed when referencing locations on land not near tidal water which would use Datum NAD83 MLLW NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on water sea ocean Civic Address Location IETF Geopriv Civic Address based Location Configuration Information C...

Page 306: ...5 Additional code Additional code Example 1320300003 Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Object Description Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerica...

Page 307: ...ifferent sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description Delete Check to delete the p...

Page 308: ... that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network policies apply as those advertised in th...

Page 309: ...es or different attributes for the same network policies based on the authenticated user identity or port configuration Object Description Port The port number for which the configuration applies Policy ID The set of policies that shall apply for a given port The set of policies is selected by check marking the checkboxes that corresponds to the policies Buttons click to add new policy Click to sa...

Page 310: ...onnectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint Device Definition Within the LLDP MED E...

Page 311: ...r may or may not be associated with a particular end user Capabilities include all of the capabilities defined for the previous Generic Endpoint Class Class I and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services de...

Page 312: ...rent policy for the voice signaling than for the voice media Guest Voice to support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Signaling for use in network topologies that require a different policy for the guest voice signaling than for the guest voice...

Page 313: ...efined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead Priority Priority is the Layer 2 priority to be used for the specified application type One of eight priority levels 0 through 7 DSCP DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in I...

Page 314: ...s describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address Management Address is the neighbor unit s address that is used for hig...

Page 315: ...r entries were last changed on It also shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LL...

Page 316: ... pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Age Outs Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is receiv...

Page 317: ...ink partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discrete levels for savings this provides the transmitter with additional information that it may use for a more efficient allocation Systems that do not implement this option default the value to be the same as that of the Receive Tw_sys_tx Echo Tx Tw The link partner s Echo T...

Page 318: ...link based on EEE information exchanged via LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals ...

Page 319: ...copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as follow If the link is established on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer If the lin...

Page 320: ...p the correct gateway IP address Buttons Click to transmit ICMP packets 4 15 2 IPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Start 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or un...

Page 321: ...IP connectivity issues on special port After you press Test 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Figure 4 15 3 Remote IP Ping Test page screenshot The page includes the follo...

Page 322: ...cs results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnostic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete The ports belong to the currently selected stack unit as reflected by the...

Page 323: ...IFS NS3502 8P 2S User Manual 323 Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair Buttons Click to run the diagnostics ...

Page 324: ...installation of cameras or WLAN AP more easily and efficiently Figure 4 16 1 Power over Ethernet Status 4 16 1 Power over Ethernet Powered Device 3 5 watts Voice over IP phones Enterprise can install POE VoIP Phone ATA and other Ethernet non Ethernet end devices to the central where UPS is installed for un interrupt power system and power control system 6 12 watts Wireless LAN Access Points Museum...

Page 325: ...on of all the PoE ports in the system In order to maintain the majority of ports active power management is implemented The PSU input power consumption is monitored by measuring voltage and current The input power consumption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activates additional ports as long as the aggregated powe...

Page 326: ...power that the power supply can deliver In this mode the port power is not turned on if the PD requests more power the available Consumption mode In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port The ports are ...

Page 327: ...02 8P 2S User Manual 327 Ethernet Port Configuration This section allows the user to inspect and configure the current PoE port setting screen in Figure 4 16 2 appears Figure 4 16 2 PoE Configuration screenshot ...

Page 328: ...on mode Power Supply Budget W Set limit value of the total PoE port provided power to the PDs For NS3502 8P 2S the available max Value is 150 Temperature Threshold Allows setting over temperature protection threshold value It system temperature was over it then system lower total PoE power budget automatically PoE Usage Threshold Allows setting how much PoE power budget could be limited Buttons Cl...

Page 329: ...al 3 84 to 6 49 Watts Low power 3 Optional 6 49 to 12 95 Watts or to 15 4Watts Mid power 4 Optional 12 95 to 25 50 Watts or to 30 8Watts High power Table 4 16 1 Device class 4 16 3 Port Configuration This section allows the user to inspect and configure the current PoE port settings screen in Figure 4 16 3 appears Figure 4 16 3 Power over Ethernet Configuration screenshot The page includes the fol...

Page 330: ...In this case the port with the lowest priority will be turn off and offer power for the port of higher priority Maximum Power The Maximum Power value contains a numerical value that indicates the maximum power in watts that can be delivered to a remote device Per port maximum value must less than 30 8 watts total ports values must less than the Power Reservation value Once power overload detected ...

Page 331: ...be reserved for all PDs Temperature Display the current operating temperature of PoE chip unit Local Port This is the logical port number for this row PD Class Display the class of the PD attached to the port as established by the classification process Class 0 is the default for PDs The PD is powered based on PoE Class level if system working on Classification mode A PD shall return Class 0 to 4 ...

Page 332: ... at regular intervals Click to refresh the page immediately 4 16 5 PoE Schedule This page allows the user to define PoE schedule The screen in Figure 4 16 5 appears Figure 4 16 5 PoE Schedule screenshot Please press Add New Rule button to start set PoE Schedule function You have to set PoE schedule to profile then go back to PoE Port Configuration and select Schedule mode from per port PoE Mode op...

Page 333: ...t by PoE reboot schedule Please be noticed that if you want to PoE schedule and PoE reboot schedule work at the same time please use this function and don t use Reboot Only function This function offers administrator to reboot PoE device at indicate time if administrator has this kind of requirement Reboot Only Allows user to reboot PoE function by PoE reboot schedule Please notice that if adminis...

Page 334: ...een in Figure 4 16 6 appears Figure 4 16 6 LLDP PoE Neighbor screenshot Please be noticed that administrator has to enable LLDP port from LLDP configuration please refer to following example The screen in Figure 4 16 7 appears we enabled LLDP function from port1 to port3 administrator has to plug a PD that supports PoE LLDP function and then the administrator is going to see the PoE information of...

Page 335: ...ports are disabled Ping PD IP Address This column allows user to set PoE device IP address here for system making ping to the PoE device Please be noticed that the PD s IP address must be set to the same network segment with NS3502 8P 2S Interval Time 10 300s This column allows user to set how long system should be issue a ping request to PD for detecting PD is alive or dead Interval time range is...

Page 336: ... market and they have different rebooting time The PD Alive check is not a defining standard so the PoE device on the market doesn t report reboots done information to NS3502 8P 2S so user has to make sure how long the PD will be finished to boot and then set the time value to this column System is going to check the PD again according to the reboot time If you cannot make sure precisely booting t...

Page 337: ... This chapter describes how to use the Command Line Interface CLI Logon to the Console Once the terminal has connected to the device power on the Managed Switch the terminal will display that it is running testing procedures Then the following message asks the login username password The factory default password as following and the login screen in Figure 5 1 appears Username admin Password admin ...

Page 338: ... address 1 On NS3502 8P 2S prompt enter ip configuration 2 The screen displays the current IP address Subnet Mask and Gateway As show in Figure 5 2 Figure 5 2 Show IP information screen Configure IP address 3 On NS3502 8P 2S prompt enter the following command and press Enter As show in Figure 5 3 NS3502 8P 2S ip setup 192 168 0 101 255 255 255 0 192 168 0 253 1 The previous command would apply the...

Page 339: ...elated parameter enter help anytime in console to get the help description You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh o...

Page 340: ... 2S User Manual 340 5 2 Telnet Login The Managed Switch also supports telnet for remote management The switch asks for user name and password for remote login when using telnet please use admin for username password ...

Page 341: ... management STP Spanning Tree Protocol Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media EEE Energy Efficient Ethernet PoE Power Over Ethernet Thermal Thermal Protection Led_power LED power reduction QoS Quality of Service Mirror Port mirroring Config Load Save of configuration via TFTP Firmware Download of f...

Page 342: ... System Contact System Name NS3502 8P 2S System Location Timezone Offset 0 MAC Address 00 30 4f a6 34 9d System Time 1970 01 01T00 10 55 00 00 System Uptime 00 10 55 Software Version Beta1109061425 Software Date 2011 09 06 14 27 40 0800 Previous Restart Cold NS3502 8P 2S System Log Configuration Description Show system log configuration Syntax System Log Configuration Example To display system log...

Page 343: ...System version Version Beta1109061425 Build Date 2011 09 06 14 27 40 0800 NS3502 8P 2S System Log Server Mode Description Show or set the system log server mode Syntax System Log Server Mode enable disable Parameters enable Enable system log server mode disable Disable system log server mode default Show system Log server mode Default Setting disable Example To show the log server mode NS3502 8P 2...

Page 344: ...aracters are permitted as part of a name The first character must be an alpha character and the first or last character must not be a minus sign clear Clear system name Example To set device title NS3502 8P 2S System name NS3502 8P 2S LAB System Contact Description Set or show the system contact Syntax System Contact contact clear Parameters contact System contact string 1 255 Use clear or to clea...

Page 345: ...ddr_string IP host address a b c d or a host name string Default Setting empty Example To set log server address NS3502 8P 2S log server address 192 168 0 21 System Location Description Set or show the system location Syntax System Location location clear Parameters location System location string 1 255 Use clear or to clear the string In CLI no blank or space characters are permitted as part of a...

Page 346: ... send to syslog server Syntax System Log Level info warning error Parameters info Send information warnings and errors warning Send warnings and errors error Send errors Default Setting info Example To set log level NS3502 8P 2S log level warning System Timezone Description Set or show the system timezone offset Syntax System Timezone offset Parameters offset Time zone offset in minutes 720 to 720...

Page 347: ...ing error clear Parameters log_id System log ID or range default All entries all Show all levels default info Show information warning Show warnings error Show errors clear Clear log Example To show system log NS3502 8P 2S system log lookup Number of entries Info 2 Warning 0 Error 0 All 2 ID Level Time Message 1 Info Switch just made a cold boot 2 Info 1970 01 01T00 00 05 00 00 Link up on port 8 N...

Page 348: ...lt configuration Syntax System Restore Default keep_ip Parameters keep_ip Keep IP configuration default Restore full configuration Example To restore default value but not reset IP address NS3502 8P 2S system restore default keep_ip System Load Description Show current CPU load 100ms 1s and 10s running average in percent zero is idle Syntax System Load Example To show current CPU load NS3502 8P 2S...

Page 349: ...ration IP Configuration DHCP Client Disabled IP Address 192 168 0 101 IP Mask 255 255 255 0 IP Router 192 168 0 253 DNS Server 0 0 0 0 VLAN ID 1 DNS Proxy Disabled IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe00 030 4fff cda6 349d IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router IP DHCP Description Set or show the DHCP client mode Syntax IP DHCP enable disable ...

Page 350: ...yntax IP Setup ip_addr ip_mask ip_router vid Parameters ip_addr IP address a b c d default Show IP address ip_mask IP subnet mask a b c d default Show IP mask ip_router IP router a b c d default Show IP router vid VLAN ID 1 4095 default Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 Example Set IP address NS3502 8P 2S ...

Page 351: ...erver 192 168 0 21 60 bytes from 192 168 0 21 icmp_seq 0 time 0ms 60 bytes from 192 168 0 21 icmp_seq 1 time 0ms 60 bytes from 192 168 0 21 icmp_seq 2 time 0ms 60 bytes from 192 168 0 21 icmp_seq 3 time 10ms 60 bytes from 192 168 0 21 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad IP DNS Description Set or show the DNS server address Syntax IP DNS ip_addr Parameters ip_addr IP address a b ...

Page 352: ...oxy Default Setting disable Example Enable DNS proxy function NS3502 8P 2S ip dns_proxy enable IPv6 AUTOCINFIG Description Set or show the IPv6 AUTOCONFIG mode Syntax IP IPv6 AUTOCONFIG enable disable Parameters enable Enable IPv6 AUTOCONFIG mode disable Disable IPv6 AUTOCONFIG mode Default Setting disable Example Enable IPv6 autoconfig function NS3502 8P 2S ip ipv6 autoconfig enable ...

Page 353: ...ess For example 192 1 2 34 ipv6_prefix IPv6 subnet mask default Show IPv6 prefix ipv6_router IPv6 router default Show IPv6 router IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe00 030 4fff cda6 349d The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups...

Page 354: ...eros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 ping_length Ping data length 8 1400 excluding MAC IP and ICMP headers Example NS3502 8P 2S ip ipv6 ping 2001 0002 PING6 server 2001 2 68 bytes from 2001 2 icmp_seq 0 time 0ms 68 bytes from 2001 2 icmp_seq 1 time 0ms 68 bytes from 2001 2 icmp_seq 2 time 0ms 68 bytes from 2001 2 icmp_seq 3 time 0ms ...

Page 355: ...NTP Mode enable disable Parameters enable Enable NTP mode disable Disable NTP mode default Show NTP mode Default Setting disable Example Enable NTP mode NS3502 8P 2S ip ntp mode enable IP NTP Server Add Description Add NTP server entry Syntax IP NTP Server Add server_index ip_addr_string Parameters server_index The server index 1 5 ip_addr_string IP host address a b c d or a host name string Examp...

Page 356: ...s with a colon separate each field For example fe00 030 4fff cda6 349d The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example To add IPv6 NTP server NS3502 8P 2S ip ntp server ipv6 add 1 2001 8b7 3 2c 132 IP NTP Server Delet...

Page 357: ...orts which are down default Show all ports Example Display port1 4 status NS3502 8P 2S port configuration 1 4 Port Configuration Port State Mode Flow Control MaxFrame Power Excessive Link 1 Enabled Auto Disabled 9600 Disabled Discard Down 2 Enabled Auto Disabled 9600 Disabled Discard Down 3 Enabled Auto Disabled 9600 Disabled Discard Down 4 Enabled Auto Disabled 9600 Disabled Discard Down Port Mod...

Page 358: ...lex 1000fdx 1 Gbps full duplex default Show configured and current mode Default Setting Auto Example Set 10Mbps half duplex speed for port1 NS3502 8P 2S port mode 1 10hdx Port Flow Control Description Set or show the port flow control mode Syntax Port Flow Control port_list enable disable Parameters port_list Port list or all default All ports enable Enable flow control disable Disable flow contro...

Page 359: ...nable port disable Disable port default Show administrative mode Default Setting Enable Example Disable port1 NS3502 8P 2S port state 1 disable Port Maximum Frame Description Set or show the port maximum frame size Syntax Port MaxFrame port_list max_frame Parameters port_list Port list or all default All ports max_frame Port maximum frame size 1518 9600 default Show maximum frame size Default Sett...

Page 360: ...ontrol actiphy Enable ActiPHY power control dynamic Enable Dynamic power control Default Setting disable Example Disable port power function for port1 4 NS3502 8P 2S port power 1 4 enable Port Excessive Description Set or show the port excessive collision mode Syntax Port Excessive port_list discard restart Parameters port_list Port list or all default All ports discard Discard frame after 16 coll...

Page 361: ...following values clear Clear port statistics packets Show packet statistics bytes Show byte statistics errors Show error statistics discards Show discard statistics filtered Show filtered statistics 0 7 Show priority statistics default Show all port statistics up Show ports which are up down Show ports which are down default Show all ports Port VeriPHY Description Run cable diagnostics Syntax Port...

Page 362: ...nformation Syntax Port SFP port_list Parameters port_list Port list or all default All ports Example Show SFP information for port21 24 NS3502 8P 2S port sfp Port Type Speed Wave Length nm Distance m 9 1000Base LX 1000 Base 1310 10000 10 1000Base LX 1000 Base 1310 10000 ...

Page 363: ...C Configuration port_list Parameters port_list Port list or all default All ports Example Show Mac address state NS3502 8P 2S mac configuration MAC Configuration MAC Address 00 30 4f a6 34 9d MAC Age Time 300 Port Learning 1 Auto 2 Auto 3 Auto 4 Auto 5 Auto 6 Auto 7 Auto 8 Auto 9 Auto 10 Auto MAC Add Description Add MAC address table entry ...

Page 364: ... and vid1 NS3502 8P 2S mac add 00 30 4f 01 01 02 1 1 MAC Delete Description Delete MAC address entry Syntax MAC Delete mac_addr vid Parameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 default 1 Example Delete Mac address 00 30 4f a6 34 9d in vid1 NS3502 8P 2S mac delete 00 30 4f a6 34 9d 1 MAC Lookup Description Lookup MAC address entry Syntax MAC Lookup mac_addr vid Parameters ma...

Page 365: ...tax MAC Agetime age_time Parameters age_time MAC address age time 0 10 1000000 0 disable default Show age time Default Setting 300 Example Set agetime value in 30 NS3502 8P 2S mac agetime 30 MAC Learning Description Set or show the port learn mode Syntax MAC Learning port_list auto disable secure Parameters port_list Port list or all default All ports auto Automatic learning disable Disable learni...

Page 366: ...C addresses 1 8192 default Show all addresses mac_addr First MAC address xx xx xx xx xx xx default MAC address zero vid First VLAN ID 1 4095 default 1 Example Show all of MAC table NS3502 8P 2S mac dump Type VID MAC Address Ports Static 1 00 30 4f a6 22 55 1 Static 1 00 30 4f 24 a8 d1 None CPU Static 1 33 31 ff 24 04 d1 None CPU Static 1 33 34 ff a8 00 64 None CPU Dynamic 1 40 61 84 04 18 59 10 St...

Page 367: ...All ports Example Set all of MAC statistics NS3502 8P 2S mac statistics Port Dynamic Addresses 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 Total Dynamic Addresses 0 Total Static Addresses 4 MAC Flush Description Flush all learned entries Syntax MAC Flush 6 5 VLAN Configuration Command VLAN Configuration Description ...

Page 368: ...02 8P 2S vlan configuration 1 VLAN Configuration Mode IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type 1 1 Disabled All UnTag Disable N A VID VLAN Name Ports 1 default 1 10 VID VLAN Name Ports VLAN forbidden table is empty VLAV PVID Description Set or show the port VLAN ID Syntax VLAN PVID port_list vid none Parameters port_list Port list or all default All ports ...

Page 369: ...pe Syntax VLAN FrameType port_list all tagged Parameters port_list Port list or all default All ports all Allow tagged and untagged frames tagged Allow tagged frames only default Show accepted frame types Default Setting All Example Set port10 that allow tagged frames only NS3502 8P 2S vlan frametype 10 tagged VLAN Ingress Filter Description Set or show the port VLAN ingress filter Syntax VLAN Ing...

Page 370: ...ble Example Enable VLAN ingress filtering for port10 NS3502 8P 2S vlan ingressfilter 10 enable VLAN Mode Description Set or show the VLAN Mode Syntax VLAN Mode portbased dot1q Parameters portbased Port Based VLAN Mode dot1q 802 1Q VLAN Mode default Show VLAN Mode Default Setting IEEE 802 1Q Example Set VLAN mode in port base NS3502 8P 2S vlan mode portbased VLAN Link Type Description Set or show t...

Page 371: ...d Example Enable tagged frame for port2 NS3502 8P 2S vlan linktype 2 tagged VLAN Q in Q Mode Description Set or show the port Q in Q mode Syntax VLAN QinQ port_list disable man customer Parameters port_list Port list or all default All ports disable Disable Q in Q VLAN Mode man Q in Q MAN Port Mode customer Q in Q Customer Port Mode default Show VLAN QinQ Mode Example Set port2 in man port NS3502 ...

Page 372: ... tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Default Setting N A Example Set out layer VLAN tag Ethernet type for port 10 in man Ethernet type NS3502 8P 2S vlan ethtype 10 man VLAN Add Description Add or modify VLAN entry Syntax VLAN Add vid name port_list Parameters vid name VLAN ID 1 4095 or VLAN Name port_list Port list or all default All ports Default Setting 1 Exampl...

Page 373: ...ist or all default All ports Example Forbidden add port1 to port4 in VLAN10 NS3502 8P 2S vlan forbidden add 10 1 4 VLAN Delete Description Delete VLAN entry Syntax VLAN Delete vid name Parameters vid name VLAN ID 1 4095 or VLAN Name Example Delete VLAN10 NS3502 8P 2S vlan delete 10 VLAN Forbidden Delete Description Delete VLAN entry Syntax LAN Forbidden Delete vid name Parameters vid name VLAN ID ...

Page 374: ...ld contain at least one alphabet VLAN Lookup Description Lookup VLAN entry Syntax VLAN Lookup vid name name combined static nas mvr voice_vlan all Parameters vid VLAN ID 1 4095 default Show all VLANs name VLAN name string name VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet combined Shows All the Combined VLAN databas...

Page 375: ...escription Add VLAN Name to a VLAN ID Mapping Syntax VLAN Name Add name vid Parameters name VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet vid VLAN ID 1 4095 Example Add VLAN name for VLAN 1 NS3502 8P 2S vlan name add test 1 VLAN Name Delete Description Delete VLAN Name to VLAN ID Mapping Syntax VLAN Name Delete name...

Page 376: ...e Lookup Description Show VLAN Name table Syntax VLAN Name Lookup name Parameters name VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet Example To show VLAN Name table NS3502 8P 2S vlan name lookup VLAN NAME vid test 1 VLAN Status Description VLAN Port Configuration Status Syntax VLAN Status port_list combined static n...

Page 377: ...ation all All VLAN Users configuration default combined VLAN Users configuration Default Setting Promiscuous Example Show VLAN configuration of port10 NS3502 8P 2S status 1 Port VLAN User PortType PVID Frame Type Ing Filter Tx Tag UVID Conflicts 1 Static Unaware 1 All Disabled Untag This 1 NAS No MVR No Voice VLAN No MSTP No Combined Unaware 1 All Disabled Untag This 1 No 6 6 Private VLAN Configur...

Page 378: ...rivate VLAN configuration NS3502 8P 2S pvlan configuration Private VLAN Configuration Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled PVLAN ID Ports 1 1 10 PVLAN Add Description Add or modify Private VLAN entry Syntax PVLAN Add pvlan_id port_list Parameters ...

Page 379: ...tion Delete Private VLAN entry Syntax PVLAN Delete pvlan_id Parameters pvlan_id Private VLAN ID The allowed range for a Private VLAN ID is the same as the switch port number range Example Delete PVLAN10 NS3502 8P 2S pvlan delete 10 PVLAN Lookup Description Lookup Private VLAN entry Syntax PVLAN Lookup pvlan_id Parameters pvlan_id Private VLAN ID default Show all PVLANs The allowed range for a Priv...

Page 380: ...le Parameters port_list Port list or all default All ports enable Enable port isolation disable Disable port isolation default Show port isolation port list Default Setting disable Example Enable isolate for port10 NS3502 8P 2S pvlan isolate 10 enable 6 7 Security Command Security Switch User Configuration Description Show users configuration Syntax Security Switch Users Configuration ...

Page 381: ...ame password privilege_level Parameters user_name A string identifying the user name that this entry should belong to The allowed string length is 1 32 The valid user name is a combination of letters numbers and underscores password The password for this user name The allowed string length is 0 32 Use clear or as null string privilege_level User privilege level 1 15 Example Add new user username t...

Page 382: ... Delete test account NS3502 8P 2S security switch users delete user Security Switch Privilege Level Configuration Description Show privilege configuration Syntax Security Switch Privilege Level Configuration Example Show privilege level NS3502 8P 2S security switch privilege level configuration Privilege Level Configuration Privilege Current Level 15 Group Name Privilege Level CRO CRW SRO SRW Aggr...

Page 383: ...ng_Tree 5 10 5 10 System 5 10 1 10 UPnP 5 10 5 10 VLANs 5 10 5 10 Voice_VLAN 5 10 5 10 Security Switch Privilege Level Group Description Configure a privilege level group Syntax Security Switch Privilege Level Group group_name cro crw sro srw Parameters group_name Privilege group name cro Configuration read only privilege level 1 15 crw Configuration Execute read write privilege level 1 15 sro Sta...

Page 384: ...rrent Default Setting 15 Security Switch Auth Configuration Description Show Auth configuration Syntax Security Switch Auth Configuration Example Show authentication configuration NS3502 8P 2S security switch auth configuration Auth Configuration Client Authentication Method Local Authentication Fallback console local Disabled telnet local Disabled ssh local Disabled web local Disabled Security Sw...

Page 385: ... Use remote RADIUS authentication tacacs Use remote TACACS authentication default Show client authentication method enable Enable local authentication if remote authentication fails disable Disable local authentication if remote authentication fails The parameter is effective when it is typed Default Setting disable Example Use RADIUS authentication method for telnet NS3502 8P 2S security switch a...

Page 386: ...isable Parameters enable Enable SSH disable Disable SSH default Show SSH mode Default Setting enable Example Enable SSH function NS3502 8P 2S security switch ssh mode enable Security Switch HTTPs Configuration Description Show HTTPS configuration Syntax Security Switch HTTPS Configuration Example Show HTTPs configuration NS3502 8P 2S security switch https configuration ...

Page 387: ...ble Enable HTTPs disable Disable HTTPs default Show HTTPs mode Default Setting enable Example Enable HTTPs function NS3502 8P 2S security switch https mode enable Security Switch HTTPs Redirect Description Set or show the HTTPS redirect mode Automatic redirect web browser to HTTPS during HTTPS mode enabled Syntax Security Switch HTTPS Redirect enable disable Parameters enable Enable HTTPs redirect...

Page 388: ...ent configuration Syntax Security Switch Access Configuration Example Show access management configuration NS3502 8P 2S security switch access configuration Access Mgmt Configuration System Access Mode Disabled System Access number of entries 0 Security Switch Access Mode Description Set or show the access management mode Syntax Security Switch Access Mode enable disable Parameters enable Enable a...

Page 389: ...Configuration Description Show access management configuration Syntax Security Switch Access Configuration Example Show access management configuration NS3502 8P 2S security switch access configuration Access Mgmt Configuration System Access Mode Disabled W WEB HTTPS S SNMP T TELNET SSH Idx Start IP Address End IP Address W S T Security Switch Access Mode Description Set or show the access managem...

Page 390: ...cols Syntax Security Switch Access Add access_id start_ip_addr end_ip_addr web snmp telnet Parameters access_id entry index 1 16 start_ip_addr Start IP address a b c d end_ip_addr End IP address a b c d web Indicates that the host can access the switch from HTTP HTTPS snmp Indicates that the host can access the switch from SNMP telnet Indicates that the host can access the switch from TELNET SSH E...

Page 391: ...s IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe00 030 4fff cda6 349d The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 web Indica...

Page 392: ...ameters access_id entry index 1 16 Example Lookup access management entry NS3502 8P 2S security switch access lookup 1 Security Switch Access Clear Description Clear access management entry Syntax Security Switch Access Clear Example Clear access management entry NS3502 8P 2S security switch access clear Security Switch Access Statistics Description Show or clear access management statistics Synta...

Page 393: ...eive 0 Allow 0 Discard 0 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Receive 0 Allow 0 Discard 0 Security Switch SNMP Configuration Description Show SNMP configuration Syntax Security Switch SNMP Configuration Security Switch SNMP Mode Description Set or show the SNMP mode Syntax Security Switch SNMP Mode enable disable Parameters enabl...

Page 394: ...et or show the SNMP protocol version Syntax Security Switch SNMP Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP version Default Setting 2c Example Set SNMP in version 3 NS3502 8P 2S security switch snmp version 3 Security Switch SNMP Read Community Description Set or show the community string for SNMP read access Syntax Security Switch SNMP Read Co...

Page 395: ...y Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax Security Switch SNMP Write Community community Parameters community Community string Use clear or to clear the string default Show SNMP write community Default Setting private Example Set public value in SNMP write community NS3502 8P 2S security switch snmp write community public Security Switc...

Page 396: ...p trap mode enable Security Switch SNMP Trap Version Description Set or show the SNMP trap protocol version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP trap version in version 2c NS3502 8P 2S security switch snmp trap version 2c Security Switch SNMP Trap Community D...

Page 397: ...te Security Switch SNMP Trap Destination Description Set or Show the SNMP trap destination address Syntax Security Switch SNMP Trap Destination ip_addr_string Parameters ip_addr_string IP host address a b c d or a host name string Example Set SNMP trap destination address for 192 168 0 20 NS3502 8P 2S security switch snmp trap destination 192 168 0 20 Security Switch SNMP Trap IPv6 Destination Des...

Page 398: ... Example Set SNMP trap IPv6 destination address for 2001 0001 NS3502 8P 2S security switch snmp trap ipv6 destination 2001 0001 Security Switch SNMP Trap Authentication Failure Description Set or show the SNMP authentication failure trap mode Syntax Security Switch SNMP Trap Authentication Failure enable disable Parameters enable Enable SNMP trap authentication failure disable Disable SNMP trap au...

Page 399: ...ble Example Disable SNMP trap link up NS3502 8P 2S security switch snmp trap link up disable Security Switch SNMP Trap Inform Mode Description Set or show the SNMP trap inform mode Syntax Security Switch SNMP Trap Inform Mode enable disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting enable Example Disable SNMP trap infor...

Page 400: ...ing 1 Example Set SNMP trap inform timeout in 20sec NS3502 8P 2S security switch snmp trap inform timeout 20 Security Switch SNMP Trap Inform Retry Times Description Set or show the SNMP trap inform retry times Syntax Security Switch SNMP Trap Inform Retry Times retries Parameters retries SNMP trap inform retransmitted times 0 255 default Show SNMP trap inform retry times Default Setting 5 Example...

Page 401: ...ngine ID probe mode Default Setting enable Example Disable SNMP trap probe security engine ID NS3502 8P 2S security switch snmp trap probe security engine id disable Security Switch SNMP Trap Security Engine ID Description Set or show SNMP trap security engine ID Syntax Security Switch SNMP Trap Security Engine ID engineid Parameters engineid Engine ID the format may not be all zeros or all ff H a...

Page 402: ...characters from 33 to 126 Example Set the SNMP trap security name NS3502 8P 2S security switch snmp trap security name 12345678 Security Switch SNMP Engine ID Description Set or show SNMPv3 local engine ID Syntax Security Switch SNMP Engine ID engineid Parameters engineid Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string Default Setting 800007e5017f000001...

Page 403: ...b c d default Show IP mask Example Add SNMPv3 community entry NS3502 8P 2S security switch snmp community add public 192 168 0 20 255 255 255 0 Security Switch SNMP Community Delete Description Delete SNMPv3 community entry Syntax Security Switch SNMP Community Delete index Parameters index entry index 1 64 Example Delete SNMPv3 community entry NS3502 8P 2S security switch snmp community delete 3 ...

Page 404: ...d DES priv_password Parameters engineid Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 md5 An optional flag to indicate that this user using MD5 authentic...

Page 405: ...haracters from 33 to 126 Example Add SNMPv3 user entry NS3502 8P 2S security switch snmp user add 800007e5017f000003 admin_snmpv3 md5 12345678 des abcdefgh Security Switch SNMP User Delete Description Delete SNMPv3 user entry Syntax Security Switch SNMP User Delete index Parameters index entry index 1 64 Example Delete SNMPv3 user entry NS3502 8P 2S security switch snmp user delete 1 Security Swit...

Page 406: ...password A string identifying the privacy pass phrase The allowed string length is 8 40 and the allowed content is ASCII characters from 33 to 126 Example Delete SNMPv3 user entry NS3502 8P 2S security switch snmp user changekey 800007e5017f000003 admin_snmpv3 87654321 12345678 Security Switch SNMP User Lookup Description Lookup SNMPv3 user entry Syntax Security Switch SNMP User Lookup index Param...

Page 407: ...should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 group_name A string identifying the group name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 Example Add SNMPv3 group entry NS3502 8P 2S security switch snmp group add usm admin_snmpv3 group_snmpv3 Security Swi...

Page 408: ...efault_rw_group 5 usm default_user default_rw_group Number of entries 5 Security Switch SNMP View Add Description Add or modify SNMPv3 view entry The entry index key are view_name and oid_subtree Syntax Security Switch SNMP View Add view_name included excluded oid_subtree Parameters view_name A string identifying the view name that this entry should belong to The allowed string length is 1 32 and ...

Page 409: ... Delete SNMPv3 view entry Syntax Security Switch SNMP View Delete index Parameters index entry index 1 64 Example Delete SNMPv3 view entry NS3502 8P 2S security switch snmp view delete 3 Security Switch SNMP View Lookup Description Lookup SNMPv3 view entry Syntax Security Switch SNMP View Lookup index Parameters index entry index 1 64 Example Lookup SNMPv3 view entry NS3502 8P 2S security switch s...

Page 410: ...ed for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM security_level noAuthNoPriv None authentication and none privacy AuthNoPriv Authentication and none privacy AuthPriv Authentication and privacy read_view_name The name of the MIB view defining the MIB objects for which this request may request the current values The name of None is reserved The allowed string length is 1 32 a...

Page 411: ...s entry NS3502 8P 2S security switch snmp access delete 3 Security Switch SNMP Access Lookup Description Lookup SNMPv3 access entry Syntax Security Switch SNMP Access Lookup index Parameters index entry index 1 64 Example Lookup SNMPv3 access entry NS3502 8P 2S security switch snmp access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Nu...

Page 412: ... Show port security status NS3502 8P 2S security network psec switch Users L Limit Control 8 802 1X D DHCP Snooping V Voice VLAN Port Users State MAC Cnt 1 No users 0 2 No users 0 3 No users 0 4 No users 0 5 No users 0 6 No users 0 7 No users 0 8 No users 0 9 No users 0 10 No users 0 Security Network Psec Port Description Show MAC Addresses learned by Port Security Syntax Security Network Psec Por...

Page 413: ...tate Added Age Hold Time none Security Network Limit Configuration Description Show Limit Control configuration Syntax Security Network Limit Configuration port_list Parameters port_list Port list or all default All ports Example Show Limit Control configuration NS3502 8P 2S security network limit configuration Port Security Limit Control Configuration Mode Disabled Aging Disabled Age Period 3600 ...

Page 414: ... Security Network Limit Mode Description Set or show global enable Syntax Security Network Limit Mode enable disable Parameters enable Globally enable port security disable Globally disable port security default Show current global enable of port security limit control Default Setting disable Example Enable the limit mode NS3502 8P 2S security network limit mode enable Security Network Limit Aging...

Page 415: ...ng enable Security Network Limit Agetime Description Time in seconds between check for activity on learned MAC addresses Syntax Security Network Limit Agetime age_time Parameters age_time Time in seconds between checks for activity on a MAC address 10 10000000 seconds default Show current age time Default Setting 3600 Example Set age time in 100sec NS3502 8P 2S security network limit agetime 100 S...

Page 416: ...rol Default Setting disable Example Enable port limit for port 1 NS3502 8P 2S security network limit port 1 enable Security Network Limit Description Set or show the max number of MAC addresses that can be learned on this set of ports Syntax Security Network Limit port_list limit Parameters port_list Port list or all default All ports limit Max number of MAC addresses on this port default Show cur...

Page 417: ...he limit none Don t do anything trap Send an SNMP trap shut Shutdown the port trap_shut Send an SNMP trap and shutdown the port default Show current action Default Setting none Example Set trap mode for limit action for port 1 NS3502 8P 2S security network limit action 1 trap Security Network Limit Reopen Description Reopen one or more ports whose limit is exceeded and shut down Syntax Security Ne...

Page 418: ...ow 802 1X configuration of port 1 NS3502 8P 2S security network nas configuration 1 802 1X Configuration Mode Disabled Reauth Disabled Reauth Period 3600 EAPOL Timeout 30 Age Period 300 Hold Time 10 RADIUS QoS Disabled RADIUS VLAN Disabled Guest VLAN Disabled Guest VLAN ID 1 Max Reauth Count 2 Allow Guest VLAN if EAPOL Frame Seen Disabled Port Admin State Port State Last Source Last ID 1 Force Aut...

Page 419: ...rity network nas mode enable Security Network NAS State Description Set or show the port security state Syntax Security Network NAS State port_list auto authorized unauthorized single multi macbased Parameters port_list Port list or all default All ports auto Port based 802 1X Authentication authorized Port access is allowed unauthorized Port access is not allowed single Single Host 802 1X Authent...

Page 420: ...twork NAS Reauthentication enable disable Parameters enable Enable reauthentication disable Disable reauthentication default Show current reauthentication mode Default Setting disable Example Enable reauthentication function NS3502 8P 2S security network nas reauthentication enable Security Network NAS ReauthPeriod Description Set or show either global enabledness use the global keyword or per por...

Page 421: ...ADIUS assigned VLAN enabledness Default Setting disable Example Enable RADIUS assigned VLAN NS3502 8P 2S security network nas radius_vlan enable Security Network NAS EapolTimeout Description Set or show the time between EAPOL retransmissions Syntax Security Network NAS EapolTimeout eapol_timeout Parameters eapol_timeout Time between EAPOL retransmissions 1 65535 seconds default Show current EAPOL ...

Page 422: ... Set NAS age time in 1000sec NS3502 8P 2S security network nas agetime 1000 Security Network NAS Holdtime Description Time in seconds before a MAC address that failed authentication gets a new authentication chance Syntax Security Network NAS Holdtime hold_time Parameters hold_time Hold time before MAC addresses that failed authentication expire default Show current hold time Default Setting 10 Ex...

Page 423: ... assigned QoS enabledness Default Setting disable Example Enable NAS RADIUS QoS NS3502 8P 2S security network nas radius_qos enable Security Network NAS RADIUS_VLAN Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned VLAN Syntax Security Network NAS RADIUS_VLAN global port_list enable disable Parameters global Select the global RADIUS...

Page 424: ... more ports disable Disable Guest VLAN either globally or on one or more ports default Show current Guest VLAN enabledness vid Guest VLAN ID used when entering the Guest VLAN Use the global keyword to change it default Show current Guest VLAN ID reauth_max The value can only be set if you use the global keyword in the beginning of the command The number of times a Request Identity EAPOL frame is s...

Page 425: ...mmediately Example Start NAS authentication now for port 1 NS3502 8P 2S security network nas authenticate 1 now Security Network NAS Statistics Description Show or clear 802 1X statistics Syntax Security Network NAS Statistics port_list clear eapol radius Parameters port_list Port list or all default All ports clear Clear statistics eapol Show EAPOL statistics radius Show Backend Server statistics...

Page 426: ... 0 Tx Responses 0 Rx Other Requests 0 Rx Auth Successes 0 Rx Auth Failures 0 Security Network ACL Configuration Description Show ACL Configuration Syntax Security Network ACL Configuration port_list Parameters port_list Port list or all default All ports Security Network ACL Action Description Set or show the ACL port default action Syntax Security Network ACL Action port_list permit deny rate_lim...

Page 427: ...isable shutdown Shut down ingress port shut shut_disable Example Show ACL action in port 1 NS3502 8P 2S security network acl action 1 Port Action Rate Limiter Port Copy Mirror Logging Shutdown Counter 1 Permit Disabled Disabled Disabled Disabled Disabled 0 Security Network ACL Policy Description Set or show the ACL port policy Syntax Security Network ACL Policy port_list policy Parameters port_lis...

Page 428: ...ing 1 Example Set rate limit value in 100 for port 1 NS3502 8P 2S security network acl rate 1 100 Security Network ACL Add Description Add or modify Access Control Entry ACE If the ACE ID parameter ace_id is specified and an entry with this ACE ID already exists the ACE will be modified Otherwise a new ACE will be added If the ACE ID is not specified the next available ACE ID will be used If the n...

Page 429: ...E last switch Switch ACE keyword port Port ACE keyword port_list Port list or all default All ports policy Policy ACE keyword policy Policy number 1 8 tagged Tagged of frames any enable disable vid VLAN ID 1 4095 or any tag_prio VLAN tag priority 0 7 or any dmac_type DMAC type any unicast multicast broadcast Etype Ethernet Type keyword Etype Ethernet Type 0x600 0xFFFF or any but excluding 0x800 IP...

Page 430: ...le port_copy Port list for copy of frames or disable mirror Mirror of frames enable disable logging System logging of frames log log_disable shutdown Shut down ingress port shut shut_disable Security Network ACL Delete Description Delete ACE Syntax Security Network ACL Delete ace_id Parameters ace_id ACE ID 1 256 Example Delete ACE 1 NS3502 8P 2S security network acl delete 1 Security Network ACL ...

Page 431: ...w ACL status Syntax Security Network ACL Status combined static dhcp upnp arp_inspection ipmc ip_source_guard conflicts Parameters combined Shows the combined status static Shows the static user configured status dhcp Shows the status by DHCP upnp Shows the status by UPnP arp_inspection Shows the status by ARP Inspection ip_source_guard Shows the status by IP Source Guard conflicts Shows all confl...

Page 432: ...ion Mode Disabled DHCP Relay Information Policy replace Security Network DHCP Relay Mode Description Set or show the DHCP relay mode Syntax Security Network DHCP Relay Mode enable disable Parameters enable Enable DHCP relaly mode When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And t...

Page 433: ... 0 20 Security Network DHCP Relay Information Mode Description Set or show DHCP relay agent information option mode When enable DHCP relay information mode operation the agent insert specific information option 82 into a DHCP message when forwarding to DHCP server and remote it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Syntax Securit...

Page 434: ... Relay Information Policy replace keep drop Parameters replace Replace the original relay information when receive a DHCP message that already contains it keep Keep the original relay information when receive a DHCP message that already contains it drop Drop the package when receive a DHCP message that already contains relay information default Show DHCP relay information policy Default Setting re...

Page 435: ...x Security Network DHCP Snooping Configuration Security Network DHCP Snooping Mode Description Set or show the DHCP snooping mode Syntax Security Network DHCP Snooping Mode enable disable Parameters enable Enable DHCP snooping mode When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports disable Disable ...

Page 436: ...ures the port as untrusted sources of the DHCP message default Show flow DHCP snooping port mode Default Setting trusted Example Set untrusted DHCP snooping port mode in port 1 NS3502 8P 2S security network dhcp snooping port mode 1 untrusted Security Network DHCP Snooping Statistics Description Show or clear DHCP snooping statistics Syntax Security Network DHCP Snooping Statistics port_list clear...

Page 437: ...se 0 Rx Inform 0 Tx Inform 0 Rx Lease Query 0 Tx Lease Query 0 Rx Lease Unassigned 0 Tx Lease Unassigned 0 Rx Lease Unknown 0 Tx Lease Unknown 0 Rx Lease Active 0 Tx Lease Active 0 Security Network IP Source Guard Configuration Description Show IP source guard configuration Syntax Security Network IP Source Guard Configuration Security Network IP Source Guard Mode Description Set or show IP source...

Page 438: ...e Security Network IP Source Guard Port Mode Description Set or show the IP Source Guard port mode Syntax Security Network IP Source Guard Port Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable IP Source Guard port disable Disable IP Source Guard port default Show IP Source Guard port mode Default Setting disable Example Enable IP source guard port...

Page 439: ...urce guard 1 1 Security Network IP Source Guard Entry Description Add or delete IP source guard static entry Syntax Security Network IP Source Guard Entry port_list add delete vid allowed_ip allowed_mac Parameters port_list Port list or all default All ports add Add new port IP source guard static entry delete Delete existing port IP source guard static entry vid VLAN ID 1 4095 allowed_ip IP addre...

Page 440: ...502 8P 2S security network ip source guard status Security Network ARP Inspection Configuration Description Show ARP inspection configuration Syntax Security Network ARP Inspection Configuration Example Show ARP inspection configuration NS3502 8P 2S security network arp inspection configuration Security Network ARP Inspection Mode Description Set or show ARP inspection mode Syntax Security Network...

Page 441: ..._list enable disable Parameters port_list Port list or all default All ports enable Enable ARP Inspection port disable Disable ARP Inspection port default Show ARP Inspection port mode Default Setting Disable Example Enable the ARP inspection mode of port 1 NS3502 8P 2S security network arp inspection port mode 1 Security Network ARP Inspection Entry Description Add or delete ARP inspection static...

Page 442: ...le Add ARP inspection static entry NS3502 8P 2S security network arp inspection entry 1 add 1 00 30 4f 00 00 11 192 168 0 11 Security Network ARP Inspection Status Description Show ARP inspection static and dynamic entries Syntax Security Network ARP Inspection Status port_list Parameters port_list Port list or all default All ports Example Show ARP inspection static and dynamic entries NS3502 8P ...

Page 443: ...ver Dead Time 300 seconds RADIUS Authentication Server Configuration Server Mode IP Address Secret Port 1 Disabled 1812 2 Disabled 1812 3 Disabled 1812 4 Disabled 1812 5 Disabled 1812 RADIUS Accounting Server Configuration Server Mode IP Address Secret Port 1 Disabled 1813 2 Disabled 1813 3 Disabled 1813 4 Disabled 1813 ...

Page 444: ... Disabled 49 3 Disabled 49 4 Disabled 49 5 Disabled 49 Security AAA Timeout Description Set or show server timeout Syntax Security AAA Timeout timeout Parameters timeout Server response timeout 3 3600 seconds default Show server timeout configuration Default Setting 15 Example Set 30sec for server timeout NS3502 8P 2S security aaa timeout 30 ...

Page 445: ... 1000 Security AAA RADIUS Description Set or show RADIUS authentication server setup Syntax Security AAA RADIUS server_index enable disable ip_addr_string secret server_port Parameters The server index 1 5 default Show RADIUS authentication server configuration enable Enable RADIUS authentication server disable Disable RADIUS authentication server default Show RADIUS server mode ip_addr_string IP ...

Page 446: ... 5 default Show RADIUS accounting server configuration enable Enable RADIUS accounting server disable Disable RADIUS accounting server default Show RADIUS server mode ip_addr_string IP host address a b c d or a host name string secret Secret shared with external accounting server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed s...

Page 447: ...Secret shared with external authentication server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed server_port Server TCP port Use 0 to use the default TACACS port 49 Example Set TACACS authentication server configuration NS3502 8P 2S security aaa tacacs 1 enable 192 168 0 20 12345678 49 Security AAA Statistics Description Show R...

Page 448: ...nfiguration NS3502 8P 2S stp cofiguration STP Configuration Protocol Version MSTP Max Age 20 Forward Delay 15 Tx Hold Count 6 Max Hop Count 20 BPDU Filtering Disabled BPDU Guard Disabled Error Recovery Disabled STP Version Description Set or show the STP Bridge protocol version Syntax STP Version stp_version Parameters stp_version mstp rstp stp Default Setting MSTP ...

Page 449: ...Bridge Transmit Hold Count parameter Syntax STP Txhold holdcount Parameters holdcount STP Transmit Hold Count 1 10 Default Setting 6 Example Set STP Tx hold in 10 NS3502 8P 2S stp txhold 10 STP MaxHops Description Set or show the MSTP Bridge Max Hop Count parameter Syntax STP MaxHops maxhops Parameters maxhops STP BPDU MaxHops 6 40 Default Setting 20 ...

Page 450: ... Parameters max_age STP maximum age time 6 40 and max_age forward_delay 1 2 Default Setting 20 Example Set STP maximum age time in 10 NS3502 8P 2S stp maxage 10 STP FwdDelay Description Set or show the CIST MSTI bridge forward delay Syntax STP FwdDelay delay Parameters delay MSTP forward delay 4 30 and max_age forward_delay 1 2 Default Setting 15 Example Set STP forward delay value in 25 ...

Page 451: ...long Use quotes to embed spaces in name integer Integer value Default Setting Configuration name MAC address Configuration rev 0 Example Set MSTP configuration name and revision NS3502 8P 2S stp cname 9f_WGSD 10020 1 STP BPDU Filter Description Set or show edge port BPDU Filtering Syntax STP bpduFilter enable disable Parameters enable disable enable or disable BPDU Filtering for Edge ports Default...

Page 452: ...for Edge ports Default Setting Disable Example Set edge port BPDU guard NS3502 8P 2S stp bpduguard enable STP Recovery Description Set or show edge port error recovery timeout Syntax STP recovery timeout Parameters timeout Time before error disabled ports are reenabled 30 86400 seconds 0 disables default Show recovery timeout Default Setting Disable Example Set STP recovery value in 30 sec NS3502 ...

Page 453: ...l ports Default Setting Disable Example Show STP Bridge status NS3502 8P 2S stp status CIST Bridge STP Status Bridge ID 80 00 00 30 4F 24 04 D1 Root ID 80 00 00 30 4F 24 04 D1 Root Port Root PathCost 0 Regional Root 80 00 00 30 4F 24 04 D1 Int PathCost 0 Max Hops 20 TC Flag Steady TC Count 0 TC Last Port Port Role State Pri PathCost Edge P2P Uptime 10 DesignatedPort Forwarding 128 20000 Yes Yes 0d...

Page 454: ...rity 0 16 32 48 224 240 Default 128 Example Set MST1 priority value in 48 NS3502 8P 2S stp msti priority 1 48 STP MSTI Map Description Show or clear MSTP MSTI VLAN mapping configuration Syntax STP Msti Map msti clear Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 Clear Clear VID to MSTI mapping Example Add MST1 priority value in 48 NS3502 8P 2S stp msti priority 1 48 STP MSTI Add Descri...

Page 455: ...n Show STP Port configuration Syntax STP Port Configuration port_list Parameters port_list Port list or all Port zero means aggregations Example Show STP status of Port1 NS3502 8P 2S stp port configuration 1 Port Mode AdminEdge AutoEdge restrRole restrTcn Point2point 1 Disabled Disabled Enabled Disabled Disabled Auto STP Port Mode Description Set or show the STP enabling for a port Syntax STP Port...

Page 456: ...de 1 enable STP Port Edge Description Set or show the STP adminEdge port parameter Syntax STP Port Edge port_list enable disable Parameters port_list Port list or all default All ports Enable Configure MSTP adminEdge to Edge Disable Configure MSTP adminEdge to Non edge Default disable Example Enable STP edge function on port1 NS3502 8P 2S stp port edge 1 enable STP Port AutoEdge Description Set or...

Page 457: ...ge function on port1 NS3502 8P 2S stp port autoedge 1 disable STP Port P2P Description Set or show the STP point2point port parameter Syntax STP Port P2P port_list enable disable auto Parameters port_list Port list or all default All ports enable Enable MSTP point2point disable Disable MSTP point2point auto Automatic MSTP point2point detection Default auto Example Disable STP P2P function on port1...

Page 458: ...estricted role Default Disable Example Enable STP restricted role on port1 NS3502 8P 2S stp port restrictedrole 1 enable STP Port RestrictedTcn Description Set or show the MSTP restrictedTcn port parameter Syntax STP Port RestrictedTcn port_list enable disable Parameters port_list Port list or all default All ports enable Enable MSTP restricted TCN disable Disable MSTP restricted TCN Default Disab...

Page 459: ...able port BPDU Guard Default Disable Example Eisable BPDU guard on port1 NS3502 8P 2S stp port bpduguard 1 enable STP Port Statistic Description Show STP port statistics Syntax STP Port Statistics port_list clear Parameters port_list Port list or all default All ports Clear Clear the selected port statistics Example Show STP port statistics NS3502 8P 2S stp port statistics Port Rx MSTP Tx MSTP Rx ...

Page 460: ...ation Check variable for port 1 NS3502 8P 2S stp port check 1 STP MSTI Port Configuration Description Show the STP port instance configuration Syntax STP Msti Port Configuration msti port_list Parameters Msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all default All ports Default Auto STP MSTI Port Cost Description Set or show the STP port instance path cost Syntax STP Msti ...

Page 461: ...ort cost 7 1 MSTI Port Path Cost MST7 1 Auto STP MSTI Port Priority Description Set or show the STP port instance priority Syntax STP Msti Port CPriority msti port_list cPriority Parameters Msti STP bridge instance no 0 7 CIST 0 MSTI1 1 Port_list Port list or all Port zero means aggregations Priority STP port priority 0 16 32 48 224 240 Default 128 6 9 Link Aggregation Command Aggregation Configur...

Page 462: ... port_list Port list or all default All ports aggr_id Aggregation ID Example Add port 1 4 in Group1 NS3502 8P 2S aggr add 1 4 1 Aggregation Delete Description Delete link aggregation Syntax Aggr Delete aggr_id Parameters aggr_id Aggregation ID Example Delete Group2 NS3502 8P 2S aggr delete 2 Aggregation Lookup Description Lookup link aggregation Syntax ...

Page 463: ...urce MAC address dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribution Default Setting SMAC Enabled DMAC Disabled IP Enabled Port Enabled Example Disable SMAC mode NS3502 8P 2S Aggr mode smac disable 6 10 Link Aggregation Control Protocol Command LACP Confi...

Page 464: ...Auto Active 3 Disabled Auto Active 4 Disabled Auto Active 5 Disabled Auto Active 6 Disabled Auto Active 7 Disabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active LACP Mode Description Set or show LACP mode Syntax LACP Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable LACP protocol disable Disable LACP protocol def...

Page 465: ... port_list Port list or all default All ports key LACP key 1 65535 or auto Default Setting auto Example Set key1 for port1 4 NS3502 8P 2S lacp key 1 4 1 LACP Role Description Set or show the LACP role Syntax LACP Role port_list active passive Parameters port_list Port list or all default All ports active Initiate LACP negotiation passive Listen for LACP packets default Show LACP role ...

Page 466: ...tatus Syntax LACP Status port_list Parameters port_list Port list or all default All ports Example Show LACP status of port1 4 NS3502 8P 2S lacp status 1 4 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 1 2 Disabled 1 3 Disabled 1 4 Disabled 1 LACP Statistics Description Show LACP Statistics Syntax LACP Statistics port_list clear Parameters ...

Page 467: ... port_list Port list or all default All ports clear Clear LACP statistics Example Show LACP statistics of port1 4 NS3502 8P 2S lacp statistics 1 4 Port Rx Frames Tx Frames Rx Unknown Rx Illegal 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 ...

Page 468: ...n of port1 4 NS3502 8P 2S lldp configuration 1 4 LLDP Configuration Interval 30 Hold 3 Tx Delay 2 Reinit Delay 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness 1 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 2 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 3 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 4 Enabled Enabled Enabled En...

Page 469: ...DP mode Default Setting disable Example Enable port1 LLDP function NS3502 8P 2S lldp mode 1 enable LLDP Optional TLV Description Show or Set LLDP Optional TLVs Syntax LLDP Optional_TLV port_list port_descr sys_name sys_descr sys_capa mgmt_addr enable disable Parameters port_list Port list or all default All ports port_descr Description of the port sysm_name System name sys_descr Description of the...

Page 470: ...r s IP address Enable Example Disable description of the port for port1 NS3502 8P 2S lldp optional_tlv 1 port_descr disable LLDP Interval Description Set or show LLDP Tx interval Syntax LLDP Interval interval Parameters interval LLDP transmission interval 5 32768 Default Setting 30 Example Set transmission interval in 10 NS3502 8P 2S lldp interval 10 LLDP Hold Description Set or show LLDP Tx hold ...

Page 471: ...ld 10 LLDP Delay Description Set or show LLDP Tx delay Syntax LLDP Delay delay Parameters delay LLDP transmission delay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 NS3502 8P 2S lldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syntax LLDP Reinit reinit Parameters reinit LLDP reinit delay 1 10 Default Setting 2 ...

Page 472: ...orts clear Clear LLDP statistics Example Show LLDP Statistics of port 1 NS3502 8P 2S lldp statistics 1 LLDP global counters Neighbor entries was last changed at 18819 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP local counters Rx Tx Rx Rx Rx TLV Rx TLV Rx TLV Port Frames Frames Errors Discards Er...

Page 473: ...ion Description Show LLDP MED configuration Syntax LLDPMED Configuration port_list Parameters port_list Port list or all default All ports Example Show LLDP MED configuration of port1 4 NS3502 8P 2S lldpmed configuration 1 4 LLDP MED Configuration Fast Start Repeast Count 4 Location Coordinates Latitude 0 0000 North Longitude 0 0000 East Altitude 0 0000 meter s Map datum WGS84 Civic Address Locati...

Page 474: ...tate caton region province prefecture county County parish gun JP district IN city City townchip shi JP district City division borough city district ward chou JP block Neighborhood block street Street leading_street_direction Leading street direction trailing_street_suffix Trailing street suffix str_suf Street Suffix house_no House Number house_no_suffix House number suffix landmark Landmark or va...

Page 475: ...n Set or show LLDP MED Emergency Call Service Syntax LLDPMED ecs ecs_value Parameters ecs_value lldpmed The value for the Emergency Call Service LLDPMED Policy Delete Description Delete the selected policy Syntax LLDPMED policy delete policy_list Parameters policy_list List of policies to delete Example Delete the policy 1 NS3502 8P 2S lldpmed policy delete 1 LLDPMED Policy Add Description Adds a ...

Page 476: ...as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN video_conferencing Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services streaming_video Streaming Video for use by ...

Page 477: ...egress with max 4 digits Positive numbers are north of the equator and negative numbers are south of the equator longitude Longitude 0 to 180 degress with max 4 digits Positive values are East of the prime meridian and negative numbers are West of the prime meridian altitude Altitude Meters or floors with max 4 digits default Show coordinate location configuration north south west east meters floo...

Page 478: ..._mllw NAD83_MLLW lldpmed Coordinate datum LLDPMED Fast Description Set or show LLDP MED Fast Start Repeat Count Syntax LLDPMED Fast count Parameters count The number of times the fast start LLDPDU are being sent during the activation of the fast start mechanism defined by LLDP MED 1 10 LLDPMED Info Description Show LLDP MED neighbor device information Syntax LLDPMED Info port_list Parameters port_...

Page 479: ...orts Example Show EEE configuration of port1 4 NS3502 8P 2S eee configuration 1 4 EEE Configuration Port Mode Urgent queues 1 Disabled none 2 Disabled none 3 Disabled none 4 Disabled none EEE Mode Description Set or show the eee mode Syntax EEE Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable EEE disable Disable EEE default Show eee mode ...

Page 480: ...rt1 4 NS3502 8P 2S eee mode enable 1 4 EEE Urgent Queues Description Set or show EEE Urgent queues Syntax EEE Urgent_queues port_list queue_list Parameters port_list Port list or all default All ports queue_list List of queues to configure as urgent queues 1 8 or none Default Setting none ...

Page 481: ... 802 3at High 30 8 30 8 2 Enabled 802 3at High 30 8 30 8 3 Enabled 802 3at High 30 8 30 8 4 Enabled 802 3at High 30 8 30 8 5 Enabled 802 3at High 30 8 30 8 6 Enabled 802 3at High 30 8 30 8 7 Enabled 802 3at High 30 8 30 8 8 Enabled 802 3at High 30 8 30 8 9 Disabled 802 3at Low 0 0 0 0 10 Disabled 802 3at Low 0 0 0 0 Power management mode Power management mode consumption PoE Mode Description Set o...

Page 482: ... set up 802 3af type1 or 802 3at type2 mode to per port Syntax PoE mode port_list af at Parameters port_list Port list or all default All ports af IEEE 802 3af mode at IEEE 802 3at mode PoE Priority Description Show Set PoE Priority Syntax PoE Priority port_list low high critical Parameters port_list Port list or all default All ports low Set priority to low high Set priority to high critical Set ...

Page 483: ...r show PoE maximum power per port 0 30 8 with one digit Syntax PoE Maximum_Power port_list port_power Parameters port_list Port list or all default All ports port_power PoE maximum power for the port 0 30 8 Default Setting 30 8 Example Set maximum power in 10 watts for port1 4 NS3502 8P 2S poe maximum_power 1 4 10 PoE Allocated Power Description Set or show PoE maximum power allocated per port 0 3...

Page 484: ...Set PoE maximum power allocated in 10 watts for port1 4 NS3502 8P 2S poe alloc_power 1 4 10 PoE Power Supply Description Set or show the value of the power supply Syntax PoE Power_Supply supply_power Parameters supply_power PoE power for a power supply Example Set 100 watts of power supply NS3502 8P 2S poe power_supply 100 PoE Status Description Show PoE status Syntax PoE Status ...

Page 485: ... prio_list List of priorities 0 3 shut_down_temp Temperature at which ports shall be shut down 0 255 degree C Example Show thermal priority temperature NS3502 8P 2S Thermal prio_temp Priority Temp 0 255 C 1 255 C 2 255 C 3 255 C Thermal Port Priority Description Set or show the ports priority Syntax Thermal port_prio port_list prio Parameters port_list Port list or all default All ports prio Prior...

Page 486: ... Status Description Shows the chip temperature Syntax Thermal status Example Shows the chip temperature NS3502 8P 2S Thermal status Port Chip Temp 1 47 C 2 47 C 3 47 C 4 47 C 5 47 C 6 47 C 7 47 C 8 47 C 9 47 C 10 47 C Thermal Configuration Description Show thermal_protect configuration Syntax Thermal configuration ...

Page 487: ...y intensity The LED intensity in 0 100 Example Show the time and intensity for the LEDs NS3502 8P 2S led_power timer Time Intensity 00 00 20 LED Power Delete Timer Description Deletes a timer Syntax led_power delete_timer hour Parameters hour The hour 0 24 at which to change LEDs intensity LED Power Maintenance Description Set or show the maintenance settings Syntax led_power maintenance maintenan...

Page 488: ...rrors leave_at_errors on_at_error if LEDs shall be turned on if any errors has been detected leave_at_errors if no LED change shall happen when errors have been detected LED Power Configuration Description Show Led Power Reduction configuration Syntax led_power configuration 6 17 Quality of Service Command QoS Configuration Description Show QoS Configuration ...

Page 489: ...port_list class Parameters port_list Port list or all default All ports class QoS class 0 7 Default Setting 0 Example Set default QoS class in 1 for port 1 NS3502 8P 2S qos Port Classification Class 1 1 QoS Port Classification DPL Description Set or show the default Drop Precedence Level Syntax QoS Port Classification DPL port_list dpl Parameters port_list Port list or all default All ports dpl Dr...

Page 490: ...port_list pcp Parameters port_list Port list or all default All ports pcp Priority Code Point 0 7 Default Setting 0 Example Set the default PCP for an untagged frame in 1 for port1 NS3502 8P 2S qos Port Classification pcp 1 1 QoS Port Classification DEI Description Set or show the default DEI for an untagged frame Syntax QoS Port Classification DEI port_list dei Parameters port_list Port list or a...

Page 491: ..._list Port list or all default All ports enable Enable tag classification disable Disable tag classification default Show tag classification mode Default Setting disable Example Enable QoS port classification Tag NS3502 8P 2S qos Port Classification tag 1 10 enable QoS Port Classification Map Description Set or show the port classification map This map is used when port classification tag is enabl...

Page 492: ... the classification is based on DSCP value in IP frames Syntax QoS Port Classification DSCP port_list enable disable Parameters port_list Port list or all default All ports enable Enable DSCP based classification disable Disable DSCP based classification default Show DSCP based classification mode Default Setting disable Example Enable QoS port classification DSCP NS3502 8P 2S qos Port Classificat...

Page 493: ...cer Mode 1 10 enable QoS Port Policer Rate Description Set or show the port policer rate Syntax QoS Port Policer Rate port_list rate Parameters port_list Port list or all default All ports rate Rate in kbps or fps 100 15000000 Default Setting 500 Example Set the port policer rate in 1000 NS3502 8P 2S qos Port Policer Rate 1 10 1000 QoS Port Policer Unit Description Set or show the port policer uni...

Page 494: ...2S qos Port Policer unit 1 10 fps QoS Port Scheduler Mode Description Set or show the port scheduler mode Syntax QoS Port Scheduler Mode port_list strict weighted Parameters port_list Port list or all default All ports strict Strict mode weighted Weighted mode default Show port scheduler mode Default Setting strict Example Set the port schedule mode in weighted mode NS3502 8P 2S qos Port Scheduler...

Page 495: ...per mode Syntax QoS Port QueueShaper Mode port_list queue_list enable disable Parameters port_list Port list or all default All ports queue_list Queue list or all default All queues 0 7 enable Enable port queue shaper disable Disable port queue shaper default Show port queue shaper mode Default Setting disable Example Enable port queue shaper for all port queue NS3502 8P 2S qos Port QueueShaper Mo...

Page 496: ... Excess Description Set or show the port queue excess bandwidth mode Syntax QoS Port QueueShaper Excess port_list queue_list enable disable Parameters port_list Port list or all default All ports queue_list Queue list or all default All queues 0 7 enable Enable use of excess bandwidth disable Disable use of excess bandwidth default Show port queue excess bandwidth mode Default Setting disable Exam...

Page 497: ...ort shaper mode Default Setting Enable Example Enable port shaper mode NS3502 8P 2S qos Port Shaper Mode 1 10 enable QoS Port Shaper Rate Description Set or show the port shaper rate Syntax QoS Port Shaper Rate port_list bit_rate Parameters port_list Port list or all default All ports bit_rate Rate in kilo bits per second 100 3300000 Default Setting 500kbps Example Set the port shaper rate in 1000...

Page 498: ...oS class and DP level default Show port tag remarking mode Default Setting classified Example Set the port tag remarking mode in mapped NS3502 8P 2S qos Port TagRemarking Mode 1 10 mapped QoS Port TagRemarking PCP Description Set or show the default PCP This value is used when port tag remarking mode is set to default Syntax QoS Port TagRemarking PCP port_list pcp Parameters port_list Port list or...

Page 499: ...s Port TagRemarking EDI 1 10 1 QoS Port TagRemarking Map Description Set or show the port tag remarking map This map is used when port tag remarking mode is set to mapped and the purpose is to translate the classified QoS class 0 7 and DP level 0 1 to PCP and DEI Syntax QoS Port TagRemarking Map port_list class_list dpl_list pcp dei Parameters port_list Port list or all default All ports class_lis...

Page 500: ...ss translation mode Default Setting disable Example Enable DSCP ingress translation on all port NS3502 8P 2S qos Port DSCP Translation 1 10 enable QoS Port DSCP Classification Description Set or show DSCP classification based on QoS class and DP level This enables per port to map new DSCP value based on QoS class and DP level Syntax QoS Port DSCP Classification port_list none zero selected all Par...

Page 501: ...rts disable Disable DSCP egress rewrite enable Enable DSCP egress rewrite with the value received from analyzer remap_dp_unaware Rewrite DSCP in egress frame with remapped DSCP where remap is DP unaware or DP 0 remap_dp_aware Rewrite DSCP in egress frame with remapped DSCP where remap is DP aware and DP 1 default Show port DSCP egress remarking mode Default Setting disable Example Enable DSCP egre...

Page 502: ...lated value is used to map QoS class and DP level Syntax QoS DSCP Translation dscp_list trans_dscp Parameters dscp_list DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all default Show DSCP translation table trans_dscp Translated DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 QoS DSCP Trust Description Set or show trusted DSCP value which is used for QoS classification The DSCP value to be checked for trust is...

Page 503: ...st enable disable Parameters dscp_list DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all enable Enable DSCP ingress classification disable Disable DSCP ingress classification default Show DSCP classification mode Default Setting disable QoS DSCP EgressRemap Description Set or show DSCP egress remap table This table is used if the port egress remarking mode is remap and the purpose is to map the DSC...

Page 504: ... 4 512 1k 2k 4k 32768k Default Setting disable Example Enable unicast storm control in 2fps NS3502 8P 2S QoS Storm Unicast enable 2 QoS Storm Multicast Description Set or show the multicast storm rate limiter Syntax QoS Storm Multicast enable disable packet_rate Parameters enable Enable multicast storm control disable Disable multicast storm control packet_rate Rate in fps 1 2 4 512 1k 2k 4k 32768...

Page 505: ...t port_list tag vid pcp dei smac dmac_type etype etype LLC DSAP SSAP control SNAP PID ipv4 protocol sip dscp fragment sport dport ipv6 protocol sip_v6 dscp sport dport class dp classified_dscp Parameters qce_id QCE ID 1 256 default Next available ID qce_id_next Next QCE ID next_id 1 256 or last port_list Port List port port_list or all default All ports tag Frame tag untag tag any vid VID 1 4095 o...

Page 506: ...pv6 IPv6 keyowrd sip_v6 IPv6 source address a b c d n or any 32 LS bits class QoS Class class 0 7 default basic classification dp DP Level dp 0 1 default basic classification classified_dscp DSCP dscp 0 63 BE CS1 CS7 EF or AF11 AF43 QoS QCL Delete Description Delete QCE entry from QoS Control list Syntax QoS QCL Delete qce_id Parameters qce_id QCE ID 1 256 default Next available ID Default Setting...

Page 507: ...Shows the combined status static Shows the static user configured status voice_vlan Shows the status by Voice VLAN conflicts Shows all conflict status default Shows the combined status QoS QCL Refresh Description Resolve QCE conflict status Same H W resource is shared by multiple applications and it may not be available even before MAX QCE entry So user can release the resource in use by other app...

Page 508: ...2 6 18 Mirror Command Mirror Configuration Description Show mirror configuration Syntax Mirror Configuration port_list Parameters port_list Port list or all default All ports Example Show mirror configuration NS3502 8P 2S mirror configuration Mirror Port Description Set or show the mirror port Syntax Mirror Port port disable Parameters port disable Mirror port or disable default Show port Default ...

Page 509: ... mode Syntax Mirror Mode port_list enable disable rx tx Parameters port_list Port list or all default All ports enable Enable Rx and Tx mirroring disable Disable Mirroring rx Enable Rx mirroring tx Enable Tx mirroring default Show mirror mode Default Setting disable Example Enable the mirror mode for port 1 4 NS3502 8P 2S mirror mode 1 4 enable ...

Page 510: ...ile_name Parameters ip_server TFTP server IP address a b c d file_name Configuration file name Configuration Load Description Load configuration from TFTP server Syntax Config Load ip_server file_name check Parameters ip_server TFTP server IP address a b c d file_name Configuration file name check Check configuration file only default Check and apply file ...

Page 511: ... file_name Firmware file name Firmware IPv6 Load Description Load new firmware from IPv6 TFTP server Syntax Firmware IPv6 Load ipv6_server file_name Parameters ipv6_server TFTP server IPv6 address file_name Firmware file name Firmware Information Description Display information about active and alternate firmware images Syntax Firmware Information Firmware Swap Description Activate the alternate f...

Page 512: ...guration NS3502 8P 2S upnp configuration UPnP Configuration UPnP Mode Disabled UPnP TTL 4 UPnP Advertising Duration 100 UPnP Mode Description Set or show the UPnP mode Syntax UPnP Mode enable disable Parameters enable Enable UPnP disable Disable UPnP default Show UPnP mode Default Setting disable Example Enable the UPnP mode NS3502 8P 2S upnp mode enable ...

Page 513: ...of the IP header in SSDP messages NS3502 8P 2S upnp ttl 10 UPnP Advertising Duration Description Set or show UPnP Advertising Duration Syntax UPnP Advertising Duration duration Parameters duration duration range 100 86400 default Show UPnP duration range Default Setting 100 Example Set value 1000 for UPnP Advertising Duration NS3502 8P 2S upnp advertising duration 1000 6 22 MVR Command MVR Configu...

Page 514: ...diate Leave 1 Disabled Receive Disabled 2 Disabled Receive Disabled 3 Disabled Receive Disabled 4 Disabled Receive Disabled 5 Disabled Receive Disabled 6 Disabled Receive Disabled 7 Disabled Receive Disabled 8 Disabled Receive Disabled 9 Disabled Receive Disabled 10 Disabled Receive Disabled MVR Group Description Show the MVR group Syntax MVR Group MVR Status Description Show the MVR status Syntax...

Page 515: ...tting disable Example Enable MVR mode NS3502 8P 2S mvr mode enable MVR Port Mode Description Set or show the MVR port mode Syntax MVR Port Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable MVR mode disable Disable MVR mode default Show MVR mode Default Setting disable Example Enable the MVR port mode for port 1 4 NS3502 8P 2S mvr port mode 1 4 enab...

Page 516: ...e Set VLAN 1000 for MVR multicast VLAN ID NS3502 8P 2S mvr multicast vlan 1000 MVR Port Type Description Set or show MVR port type Syntax MVR Port Type port_list source receiver Parameters port_list Port list or all default All ports source Enable source mode receiver Disable receiver mode default Show MVR port type Default Setting receive Example Set source type for MVR port type of port 1 NS3502...

Page 517: ...e Disable Immediate leave mode default Show MVR Immediate leave mode Default Setting disable Example Enable MVR port state about immediate leave for port 1 NS3502 8P 2S mvr immediate leave 1 enable 6 23 Voice VLAN Command Voice VLAN Configuration Description Show Voice VLAN configuration Syntax Voice VLAN Configuration Example Show Voice VLAN configuration NS3502 8P 2S voice vlan configuration Voi...

Page 518: ...1 E3 Siemens AG phones Voice VLAN Port Configuration Port Mode Security Discovery Protocol 1 Disabled Disabled OUI 2 Disabled Disabled OUI 3 Disabled Disabled OUI 4 Disabled Disabled OUI 5 Disabled Disabled OUI 6 Disabled Disabled OUI 7 Disabled Disabled OUI 8 Disabled Disabled OUI 9 Disabled Disabled OUI 10 Disabled Disabled OUI Voice VLAN Mode Description Set or show the Voice VLAN mode We must ...

Page 519: ...oice VLAN mode Default Setting disable Example Enable the Voice VLAN mode NS3502 8P 2S voice vlan mode enable Voice VLAN ID Description Set or show Voice VLAN ID Syntax Voice VLAN ID vid Parameters vid VLAN ID 1 4095 Default Setting 1000 Example Set ID 2 for Voice VLAN ID NS3502 8P 2S voice vlan id 2 Voice VLAN Agetime Description Set or show Voice VLAN age time ...

Page 520: ...02 8P 2S voice valn agetime 100 Voice VLAN Traffic Class Description Set or show Voice VLAN ID Syntax Voice VLAN Traffic Class class Parameters class Traffic class 0 7 Default Setting 7 Example Set 4 traffic class for voice VLAN NS3502 8P 2S voice vlan traffic class4 Voice VLAN OUI Add Description Add Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process The maximum entry numb...

Page 521: ...2 8P 2S voice vlan oui add 00 11 22 test Voice VLAN OUI Delete Description Delete Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Delete oui_addr Parameters oui_addr OUI address xx xx xx The null OUI address isn t allowed Example Delete Voice VLAN OUI entry NS3502 8P 2S voice vlan oui delete 00 11 22 Voice VLAN OUI Clear Description Clear Voice VLAN...

Page 522: ...we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Port Mode port_list disable auto force Parameters port_list Port list or all default All ports disable Disjoin from Voice VLAN auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VLAN members automatically force...

Page 523: ...rt_list Port list or all default All ports enable Enable Voice VLAN security mode disable Disable Voice VLAN security mode default Show flow Voice VLAN security mode Default Setting disable Example Enable the Voice VLAN port security mode for port 1 4 NS3502 8P 2S voice vlan security 1 4 enable 6 24 IPMC Command IPMC Configuration Description Show IPMC snooping configuration Syntax IPMC Configurat...

Page 524: ...ping default Show global IPMC snooping mode Default Setting disable Example Enable IGMP snooping NS3502 8P 2S ipmc mode igmp enable IPMC Flooding Description Set or show the IPMC unregistered addresses flooding operation Syntax IPMC Flooding mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC flooding disable Disable IPMC flooding default Sh...

Page 525: ... enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC Leave Proxy disable Disable IPMC Leave Proxy default Show global IPMC Leave Proxy mode Default Setting disable Example Enable IGMP Leave Proxy NS3502 8P 2S ipmc leave proxy igmp enable IPMC Proxy Description Set or show the mode of IPMC Proxy Syntax IPMC Proxy mld igmp enable disable Parameters mld...

Page 526: ...2 8P 2S ipmc proxy igmp enable IPMC State Description Set or show the IPMC snooping state for VLAN Syntax IPMC State mld igmp vid enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs enable Enable MLD snooping disable Disable MLD snooping Default Setting disable Example Enable IGMP snooping state for VLAN 1 NS3502 8P 2S i...

Page 527: ...ier disable Disable MLD querier Default Setting disable Example Enable IGMP querier for VLAN 1 NS3502 8P 2S ipmc querier igmp 1 enable IPMC Fastleave Description Set or show the IPMC snooping fast leave port mode Syntax IPMC Fastleave mld igmp port_list enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports enable Enable MLD fa...

Page 528: ...r Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports 0 No limit 1 10 Group learn limit default Show IPMC Port Throttling Default Setting Unlimited Example Set the max learn 10 groups for ICMP port throttling NS3502 8P 2S ipmc throttling igmp 1 10 10 IPMC Filtering Description Set or show the IPMC port group filtering list Syntax IPMC Filt...

Page 529: ...iption Set or show the IPMC snooping router port mode Syntax IPMC Router mld igmp port_list enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports enable Enable IPMC router port disable Disable IPMC router port default Show IPMC router port mode Example Enable port 1 in IPMC router port NS3502 8P 2S ipmc router igmp 1 enable IP...

Page 530: ...ccordingly Syntax IPMC Groups mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs Example Show VLAN 1 IPMC group addresses accordingly NS3502 8P 2S ipmc groups igmp 1 IPMC Version Description Show IPMC Versions Syntax IPMC Version mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 ...

Page 531: ...Show all VLANs port_list Port list or all default All ports Example Show VLAN 1 port 1 10 SSM related information for IPMC NS3502 8P 2S ipmcssm igmp 1 1 10 IPMC Parameter RV Description Set or show the IPMC Robustness Variable Syntax IPMC Parameter RV mld igmp vid ipmc_param_rv Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs ipmc_p...

Page 532: ...1 Default Value 125 1 31744 Query Interval in seconds default Show IPMC Interface Query Interval IPMC Parameter QRI Description Set or show the IPMC Query Response Interval Syntax IPMC Parameter QRI mld igmp vid ipmc_param_qri Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs ipmc_param_qri 1 Default Value 100 0 31744 Query Response ...

Page 533: ...lt Value 10 0 31744 Last Listener Query Interval in tenths of seconds default Show IPMC Interface Last Listener Query Interval IPMC Parameter URI Description Set or show the IPMC Unsolicited Report Interval Syntax IPMC Parameter URI mld igmp vid ipmc_param_uri Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs ipmc_param_uri 1 Default...

Page 534: ...sed VLAN entry Syntax VCL Macvlan Add mac_addr vid port_list Parameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 port_list Port list or all default All ports Example Add 00 11 22 33 44 55 66 in VLAN 20 for all port NS3502 8P 2S vcl macvlan add 00 11 22 33 44 55 66 20 1 10 VCL MAC based VLAN Delete Description Delete VCL MAC based VLAN entry Syntax VCL Macvlan Del mac_addr Paramete...

Page 535: ...LAN Add Ethernet II Description Add VCL protocol based VLAN Ethernet II protocol to group mapping Syntax VCL ProtoVlan Protocol Add Eth2 ether_type arp ip ipx at group_id Parameters ether_type arp ip ipx at Ether Type 0x0600 0xFFFF group_id Protocol group ID VCL Protocol based VLAN Add SNAP Description Add VCL protocol based VLAN SNAP protocol to group mapping Syntax VCL ProtoVlan Protocol Add Sna...

Page 536: ... VCL Protocol based VLAN Delete Ethernet II Description Delete VCL protocol based VLAN Ethernet II protocol to group mapping Syntax VCL ProtoVlan Protocol Delete Eth2 ether_type arp ip ipx at Parameters ether_type arp ip ipx at Ether Type 0x0600 0xFFFF VCL Protocol based VLAN Delete SNAP Description Delete VCL protocol based VLAN SNAP protocol to group mapping Syntax VCL ProtoVlan Protocol Delete ...

Page 537: ...N group to VLAN mapping Syntax VCL ProtoVlan Vlan Add port_list group_id vid Parameters port_list Port list or all default All ports group_id Protocol group ID vid VLAN ID 1 4095 VCL Protocol based VLAN Delete Description Delete VCL protocol based VLAN group to VLAN mapping Syntax VCL ProtoVlan Vlan Delete port_list group_id Parameters port_list Port list or all default All ports group_id Protocol...

Page 538: ...this packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network needs efficienc...

Page 539: ...On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode If attached device is 100Base TX port will set to 10Mbps no auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10Base T Full Duplex 100Mbps no auto negotiation 100Mbps 100Mbps w...

Page 540: ...pan device is placed between legacy switch and the powered device Mid Span is tap the unused wire pairs 4 5 and 7 8 to carry power the other four is for data transmit End Span End Span device is direct connecting with power device End Span could also tap the wire 1 2 and 3 6 PoE System Architecture The specification of PoE typically requires two devices the Powered Source Equipment PSE and the Pow...

Page 541: ...er Supplied over the Data Pins When to install PoE Consider the following scenarios You re planning to install the latest VoIP Phone system to minimize cabling building costs when your company moves into new offices next month The company staff has been clamoring for a wireless access point in the picnic area behind the building so they can work on their laptops through lunch but the cost of elect...

Page 542: ...PD is detected during the Detection period The PSE may choose to perform classification to estimate the amount of power to be consumed by this PD After a time controlled start up the PSE begins supplying the 48 VDC level to the PD till it is physically or electrically disconnected Upon disconnection voltage and power shut down Since the PSE is responsible for the PoE process timing it is the one g...

Page 543: ...ng to its power consumption may assist a PoE system in optimizing its power distribution Such a system typically suffers from lack of power resources so that efficient power management based on classification results may reduce total system costs Start up Once line detection and optional classification stages are completed the PSE must switch from low voltage to its full voltage capacity 44 57 Vol...

Page 544: ...hysical human limit for disconnecting one PD and reconnecting another DC Disconnect DC Disconnect detection involves measurement of current Naturally a disconnected PD stops consuming current which can be inspected by the PSE The PSE must therefore disconnect power within 300 to 400 ms from the current flow stop The lower time boundary is important to prevent shutdown due to random fluctuations AC...

Page 545: ...itch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on po...

Page 546: ...efer to the next step 5 If that device does not work check the AC power While IP Address be changed or forgotten admin password To reset the IP address to the default IP Address 192 168 0 100 or reset the password to default value Press the hardware reset button at the front panel about 10 seconds After the device is rebooted you can login the management WEB interface within the same subnet of 192...

Page 547: ...r 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignm...

Page 548: ...lue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 2 Crossover Cable SIDE 1 SIDE2 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown SIDE 2 Figure A 1 Straight ...

Page 549: ...rs permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even ...

Page 550: ...at switching is done bidirectional in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a...

Page 551: ...ting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP DHCP is an acronym for Dynamic Host Configuration Protocol It i...

Page 552: ...Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parame...

Page 553: ...iation for Energy Efficient Ethernet defined in IEEE 802 3az EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame F FTP FTP is an acronym for File Transfer Protocol ...

Page 554: ...icular port on a remote host port 80 by default An HTTP server listening on that port waits for the client to send a request message HTTPS HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication s...

Page 555: ... protocol that IMAP clients use to communicate with the servers and SMTP is the protocol used to transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves your email messages on the server rather than downloading them...

Page 556: ...EEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identi...

Page 557: ... Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 MD5 MD5 is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm Mirroring For debugging network problems or monitoring...

Page 558: ...separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and transport services described in the Open Systems Interconnection OSI model NFS NFS is an acronym for Network File System It allows ho...

Page 559: ...y Code Point It is a 3 bit field storing the priority level for the 802 1Q frame It is also known as User Priority PD PD is an acronym for Powered Device In a PoE system the power is delivered from a PSE power sourcing equipment to a remote device The remote device is called a PD PHY PHY is an abbreviation for Physical Interface Transceiver and is the device that implements the Ethernet physical l...

Page 560: ...the user with more capabilities for retaining e mail on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of e mail and are not to be confused with the Simple Mail Transfer Protocol SMTP You send e mail with SMTP and a mail handler receives it on your recipient s behalf Then the mail is read using POP or IM...

Page 561: ... port QoS QoS is an acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the ...

Page 562: ...d Common Internet File System CIFS which is the underlying protocol used in Microsoft Windows networking Samba can be installed on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the master browser on the network so that it would appear in the listing of hosts in Microsoft Windows Neighborhood Network SHA S...

Page 563: ...nges within a stack as well as election of a master switch SPROUT also calculates parameters for setting up each switch to perform shortest path forwarding within the stack SSID Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range advertising their SS...

Page 564: ...t is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sender to receiver and distinguishes data for multiple connections by concurrent applications for example Web server and e mail server running on the same host The applications on networked hosts can use TCP to create c...

Page 565: ...n multiple pieces of information Each of these pieces of information is known as TLV TKIP TKIP is an acronym for Temporal Key Integrity Protocol It used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet U UDP UDP is an acronym for ...

Page 566: ... remove or insert VLAN tags VLAN aware switching This is based on the IEEE 802 1Q standard All ports are VLAN aware Ports connected to VLAN aware switches are members of multiple VLANs and transmit tagged frames Other ports are members of one VLAN set up with this Port VLAN ID and transmit untagged frames Provider switching This is also known as Q in Q switching Ports connected to subscribers are ...

Page 567: ...ireless access points WPA2 implements the full standard but will not work with some older network cards Wikipedia WPA PSK WPA PSK is an acronym for Wi Fi Protected Access Pre Shared Key WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different k...

Page 568: ...shment of a wireless home network The goal of the WPS protocol is to simplify the process of connecting any home device to the wireless network Wikipedia WTR WTR is an acronym for Wait To Restore This is the time a fail on a resource has to be not active before restoration back to this previously failing resource is done ...

Reviews:

No comments

Related manuals for IFS NS3502-8P-2S

ABB EDS500 Series Operating Instruction preview
EDS500 Series
Brand: ABB Pages: 7
ABB Sense7 Series Original Instructions Manual preview
Sense7 Series
Brand: ABB Pages: 15
ABB NAL Series Mounting And Operation Manual preview
NAL Series
Brand: ABB Pages: 32
ABB VUBB User Manual preview
VUBB
Brand: ABB Pages: 44
N-Tron 100 Series User Manual & Installation Manual preview
100 Series
Brand: N-Tron Pages: 20
Barksdale 9000 Series Operating Instructions preview
9000 Series
Brand: Barksdale Pages: 5
Barksdale 8000 Series Operating Instructions Manual preview
8000 Series
Brand: Barksdale Pages: 6
S&C 2000 series Instructions For Field Assembly And Installation preview
2000 series
Brand: S&C Pages: 26
S&C 2000 series Installation Manual preview
2000 series
Brand: S&C Pages: 28
S&C 2000 series Installation And Operation Manual preview
2000 series
Brand: S&C Pages: 37
D-Link DKVM-IP1 Manual preview
DKVM-IP1
Brand: D-Link Pages: 73
La Toulousaine 1400 Installation Manual preview
1400
Brand: La Toulousaine Pages: 6
JDS Uniphase SB Series User Manual preview
SB Series
Brand: JDS Uniphase Pages: 40
Magnetrol T20 Series Instruction Manual And Replacement Parts List preview
T20 Series
Brand: Magnetrol Pages: 12
Magnetrol T20 Series Installation And Operating Manual preview
T20 Series
Brand: Magnetrol Pages: 24
ABLE 6 Series Installation & Maintenance Instructions preview
6 Series
Brand: ABLE Pages: 5
TAMS 1800 Series Installation & Operation Manual preview
1800 Series
Brand: TAMS Pages: 28
D-Link DFE-550TX Datasheet preview
DFE-550TX
Brand: D-Link Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands