manualshive.com logo in svg

Interlogix NS3503-16P-4C, User Manual

The Interlogix NS3503-16P-4C is a high-quality network switch designed for seamless connectivity. With its comprehensive features and advanced technology, this product ensures smooth operation and efficient networking. To get started quickly, download the Quick Installation Manual for free from manualshive.com, providing step-by-step instructions for hassle-free setup.

Share
Download
background image

187 

NS3503-16P-4C User Manual 

State 

Display the current state 

CoS Mode

 

Display the current CoS mode 

 

 

4.9 Security   

This section is to control the access of the Managed Switch, including the user access and management 

control.   

The Security Page contains links to the following main topics: 

 

802.1x 

 

Radius Server 

 

 Server 

 

AAA 

 

Access 

 

Management Access Method 

 

DHCP Snooping 

 

Dynamic ARP Inspection 

 

IP Source Guard 

 

Port Security 

 

DoS 

 

Strom Control 

4.9.1 802.1X 

Overview of 802.1X (Port-based) Authentication 

In the 802.1X-world, the user is called the supplicant, the switch is the authenticator, and the RADIUS 

server is the authentication server. The switch acts as the man-in-the-middle, forwarding requests and 

responses between the supplicant and the authentication server. Frames sent between the supplicant 

and the switch are special 802.1X frames, known as 

EAPOL (EAP over LANs)

 frames. EAPOL frames 

encapsulate 

EAP PDUs (RFC3748)

. Frames sent between the switch and the RADIUS server are 

RADIUS packets. RADIUS packets also encapsulate EAP PDUs together with other attributes like the 

switch's IP address, name, and the supplicant's port number on the switch. EAP is very flexible, in that it 

allows for different authentication methods, like 

MD5-Challenge

PEAP

, and 

TLS

. The important thing is 

that the authenticator (the switch) doesn't need to know which authentication method the supplicant and 

the authentication server are using, or how many information exchange frames are needed for a 

particular method. The switch simply encapsulates the EAP part of the frame into the relevant type 

(EAPOL or RADIUS) and forwards it. 

Summary of Contents for NS3503-16P-4C

Page 1: ...NS3503 16P 4C User Manual P N 1073221 REV A ISS 08SEP16 ...

Page 2: ...ence 2 This Device must accept any interference received including interference that may cause undesired operation ACMA compliance Notice This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Canada This Class A digital apparatus complies with CAN ICES 003 A NMB 3 A Cet appareil numérique de la...

Page 3: ...or Energy Saving 11 PoE Usage Monitoring 12 Environment friendly Smart Fan Design for Silent Operation 12 IPv6 IPv4 Dual Stack Management 12 Robust Layer 2 Features 12 Efficient Traffic Control 13 Powerful Security 13 Advanced Network Security 13 Friendly and Secure Management 13 Flexibility and Long distance Extension Solution 13 1 3 How to Use This Manual 14 1 4 Product Features 14 Physical Port...

Page 4: ...gement 31 3 5 SNMP based Network Management 32 3 6 IFS Smart Discovery Utility 33 4 WEB CONFIGURATION 35 4 1 Main Web Page 37 4 1 1 Save Button 38 4 1 2 Configuration Manager 39 4 1 2 1 Saving Configuration 40 4 2 System 41 4 2 1 System Information 41 4 2 2 IP Configurations 42 4 2 3 IPv6 Configuration 44 4 2 4 User Configuration 45 4 2 5 Time Settings 47 4 2 5 1 System Time 47 4 2 5 2 SNTP Server...

Page 5: ...ion 74 4 3 4 Port Mirroring 75 4 3 5 Jumbo Frame 77 4 3 6 Port Error Disabled Configuration 79 4 3 7 Port Error Disabled 81 4 3 8 Protected Ports 81 4 4 Link Aggregation 84 4 4 1 LAG Setting 86 4 4 2 LAG Management 87 4 4 3 LAG Port Setting 88 4 4 4 LACP Setting 90 4 4 5 LACP Port Setting 91 4 4 6 LAG Status 92 4 5 VLAN 94 4 5 1 VLAN Overview 94 4 5 2 IEEE 802 1Q VLAN 95 4 5 3 Management VLAN 98 4...

Page 6: ...139 4 7 1 Properties 139 4 7 2 IGMP Snooping 140 4 7 2 1 IGMP Setting 144 4 7 2 2 IGMP Querier Setting 146 4 7 2 3 IGMP Static Group 147 4 7 2 4 IGMP Group Table 148 4 7 2 5 IGMP Router Setting 148 4 7 2 6 IGMP Router Table 150 4 7 2 7 IGMP Forward All 151 4 7 3 IGMP Snooping Statics 152 4 7 4 MLD Snooping 153 4 7 4 1 MLD Setting 153 4 7 4 2 MLD Static Group 155 4 7 4 3 MLD Group Table 156 4 7 4 4...

Page 7: ... 180 4 8 4 3 Egress Queue 181 4 8 5 Voice VLAN 182 4 5 8 1 Introduction to Voice VLAN 182 4 8 5 2 Properties 182 4 8 5 3 Telephony OUI MAC Setting 184 4 8 5 4 Telephony OUI Port Setting 185 4 9 Security 187 4 9 1 802 1X 187 4 9 1 1 Understanding IEEE 802 1X Port based Authentication 188 4 9 1 2 802 1X Setting 191 4 9 1 3 802 1X Port Setting 192 4 9 1 4 Guest VLAN Setting 194 4 9 1 5 Authenticated ...

Page 8: ...namic ARP Inspection 224 4 9 8 1 Global Setting 224 4 9 8 2 VLAN Setting 225 4 9 8 3 Port Setting 226 4 9 8 4 Statistics 228 4 9 8 5 Rate Limit 229 4 9 9 IP Source Guard 230 4 9 9 1 Port Settings 230 4 9 9 2 Binding Table 232 4 9 10 Port Security 233 4 9 11 DoS 235 4 9 11 1 Global DoS Setting 235 4 9 11 2 DoS Port Setting 238 4 9 12 Storm Control 239 4 9 12 1 Global Setting 239 4 9 12 2 Port Setti...

Page 9: ...tatistics 278 4 13 Diagnostics 279 4 13 1 Cable Diagnostics 280 4 13 2 Ping 281 4 13 3 Ping Test 281 4 13 4 IPv6 Ping Test 282 4 13 5 Trace Router 283 4 14 RMON 284 4 14 1 RMON Statistics 285 4 14 2 RMON Event 286 4 14 3 RMON Event Log 288 4 14 4 RMON Alarm 289 4 14 5 RMON History 291 4 14 6 RMON History Log 292 4 15 Power over Ethernet 293 4 15 1 Power over Ethernet Powered Device 294 4 15 3 Powe...

Page 10: ... 307 5 SWITCH OPERATION 309 5 1 Address Table 309 5 2 Learning 309 5 3 Forwarding Filtering 309 5 4 Store and Forward 309 5 5 Auto Negotiation 310 6 TROUBLESHOOTING 311 APPENDIX A Switch s RJ45 Pin Assignments 313 A 1 1000Mbps 1000BASE T 313 A 2 10 100Mbps 10 100BASE TX 313 ...

Page 11: ...o Rack mounting Brackets with Attachment Screws 2 Power Cord 1 SFP Dust Caps 4 If any item is found missing or damaged please contact your local reseller for replacement 1 2 Product Description A New Generation Ultra PoE Managed Switch with Advanced L2 L4 Switching and Security IFS NS3503 16P 4C is a cost optimized 1U Gigabit Ultra PoE Managed Switch featuring IFS intelligent PoE functions to impr...

Page 12: ...ew 4 pair system two PSE controllers will be used to power both the data pairs and the spare pairs It can offer more PoE applications such as PoE PTZ speed dome Other network devices that need higher PoE power to work normally Thin client AIO All in One touch PC Remote digital signage display Built in Unique PoE Functions for Powered Devices Management As it is the managed PoE switch for surveilla...

Page 13: ...the connected PoE IP cameras or PoE wireless access points to reboot at a specified time each week Therefore it will reduce the chance of IP camera or AP crash resulting from buffer overflow PoE Schedule for Energy Saving Under the trend of energy saving worldwide and contributing to environmental protection IFS NS3503 16P 4C can effectively control the power supply as well as giving high watt pow...

Page 14: ...y stably and quietly in any environment without affecting its performance IPv6 IPv4 Dual Stack Management Supporting both IPv6 and IPv4 protocols IFS NS3503 16P 4C helps the SMBs to step in the IPv6 era with the lowest investment as its network facilities need not be replaced or overhauled if the IPv6 FTTx edge network is set up Robust Layer 2 Features IFS NS3503 16P 4C can be programmed for advan...

Page 15: ...des DHCP snooping IP source guard and dynamic ARP inspection functions to prevent IP snooping from attack and discard ARP packets with invalid MAC address The network administrators can now construct highly secure corporate networks with considerably less time and effort than before Friendly and Secure Management For efficient management IFS NS3503 16P 4C is equipped with web Telnet and SNMP manag...

Page 16: ...tion of the Managed Switch 1 4 Product Features Physical Port 10 100 1000BASE T Gigabit RJ45 copper ports with IEEE 802 3at af Ultra PoE injector 4 100 1000BASE X mini GBIC SFP slots compatible with 100BASE FX SFP RJ45 console interface for switch basic management and setup Power over Ethernet Complies with IEEE 802 3at Power over Ethernet Plus end span mid span PSE Backward compatible with IEEE 8...

Page 17: ...RSTP Rapid Spanning Tree Protocol MSTP Multiple Spanning Tree Protocol STP BPDU Guard BPDU filtering and BPDU forwarding Supports Link Aggregation IEEE 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel static trunk Provides port mirror many to 1 Loop protection to avoid broadcast loops Quality of Service Ingress and egress rate limit per port bandwidth control Storm control suppor...

Page 18: ...ard prevents IP spoofing attacks DoS attack prevention SSH SSL Management IPv4 and IPv6 dual stack management Switch management interface Web switch management Telnet command line interface SNMP v1 v2c and v3 SSH and SSL secure access User privilege levels control Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment System maintenance Firmware upload downloa...

Page 19: ...ch Throughput 64Bytes 29 7Mpps Address Table 8K entries Shared Data Buffer 4 1 megabits Flow Control IEEE 802 3x pause frame for full duplex Back pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default LED PWR SYS LNK ACT PoE in use 1000 FAN1 FAN2 PoE PWR Power Requirements 100 240V AC 50 60 Hz auto sensing Dimensions W x D x H 440 x 300 x 44 5 mm 1U h...

Page 20: ...EE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP IGMP Snooping IGMP v2 v3 snooping IGMP querier Up to 256 multicast groups MLD Snooping MLD v1 v2 snooping up to 256 multicast groups Access Control List IPv4 IPv6 IP based ACL MAC based ACL QoS 8 mapping IDs to 8 level priority queues Port number 802 1p priority 802 1Q VLAN tag DSCP field in IP packet Traf...

Page 21: ...ds Conformance Regulatory Compliance FCC Part 15 Class A CE LVD Standards Compliance IEEE 802 3 10BASE T IEEE 802 3u 100BASE TX 100BASE FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x flow control and back pressure IEEE 802 3ad port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p...

Page 22: ...3503 16P 4C User Manual 20 RFC 3810 MLD v2 Environment Operating Temperature 0 50 degrees C Relative Humidity 5 95 non condensing Storage Temperature 20 70 degrees C Relative Humidity 5 95 non condensing ...

Page 23: ...d pair Up to 100 meters 100 1000BASE X SFP Slots Each of the SFP Small Form factor Pluggable slots supports dual speed 1000BASE SX LX or 100BASE FX For 1000BASE SX LX SFP transceiver module From 550 meters multi mode fiber to 10 30 50 70 kilometers single mode fiber For 100BASE FX SFP transceiver module From 2 kilometers multi mode fiber to 20 40 60 kilometers single mode fiber Console Port The co...

Page 24: ...2 LED Indications The front panel LEDs indicates instant status of port links data activity and system power it helps monitor and troubleshoot when needed Figure 2 1 2 shows the LED indications of these Managed Switches Figure 2 1 2 NS3503 16P 4C LED indication System Alert LED Color Function PWR Green Lights to indicate that the Switch has power SYS Green Lights to indicate the system is working ...

Page 25: ...ndicate that the port is operating at 10 100Mbps Blinks To indicate that the switch is actively sending or receiving data over that port 100 1000BASE SX LX SFP Interfaces Port 17 to Port 20 LED Color Function 1000 Green Lights To indicate that the port is operating at 1000Mbps Blinks To indicate that the switch is actively sending or receiving data over that port 100 Orange Lights To indicate that...

Page 26: ... install your Managed Switch and make connections to the Managed Switch Please read the following topics and perform the procedures in the order being presented To install your Managed Switch on a desktop or shelf simply complete the following steps 2 2 1 Desktop Installation To install the Managed Switch on desktop or shelf 1 Attach the rubber feet to the recessed areas on the bottom of the Manag...

Page 27: ...ed Switch in a 19 inch standard rack 1 Place the Managed Switch on a hard flat surface with the front panel positioned towards the front side 2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 1 5 shows how to attach brackets to one side of the Managed Switch Figure 2 1 5 Attach Brackets to the Managed Switch CAUTION You must us...

Page 28: ... to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Managed Switch as the Figure 2 1 7 shows Figure 2 1 7 Plug in the SFP transceiver Approved IFS SFP Transceivers IFS Managed Switch supports both single mode and multi mode SFP transceivers The following...

Page 29: ...nsceiver are similar 1 Before we connect Managed Switch to the other network device we have to make sure both sides of the SFP transceivers are with the same media type for example 1000BASE SX to 1000BASE SX 1000BASE LX to 1000BASE LX 2 Check whether the fiber optic cable type matches with the SFP transceiver requirement To connect to 1000BASE SX SFP transceiver please use the multi mode fiber cab...

Page 30: ... fiber NICs or media converters user has to set the port Link mode to 1000 Force or 100 Force Remove the Transceiver Module 1 Make sure there is no network activity anymore 2 Remove the fiber optic cable gently 3 Lift up the lever of the SFP module and turn it to a horizontal position 4 Pull out the module gently through the lever Figure 2 1 8 How to Pull Out the SFP Transceiver Note Never pull ou...

Page 31: ...h TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect Terminal The above PC comes with COM Port DB9 RS 232 or USB to RS 232 converter Ethernet Port connection Network cables Use standard network UTP cables with RJ45 connectors The above Workstation is installed with Web browser and Java runtime environment plug in Note It is recommended to use Int...

Page 32: ...vel Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need to only know the community name 3 3 Administration Console The administration console is an internal character oriented and command line user interface for performing system administration such as displaying statistics ...

Page 33: ...s are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 3 4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch fr...

Page 34: ...n external SNMP based application to configure and manage the Managed Switch such as SNMPc Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set commun...

Page 35: ...u to running the IFS Smart Discovery Utility 1 Deposit the IFS Smart Discovery Utility in administrator PC 2 Run this utility when the following screen appears Figure 3 1 6 IFS Smart Discovery Utility Screen Note If there are two LAN cards or above in the same administrator PC choose a different LAN card by using the Select Adapter tool 3 Press Refresh button for the currently connected devices in...

Page 36: ... 3 buttons above are shown below Update Device Use the current setting on one single device Update Multi Use the current setting on multi devices Update All Use the current setting on whole devices in the list The same functions mentioned above also can be found in Option tools bar 6 Clickg the Control Packet Force Broadcast function to assign a new setting value to the Web Smart Switch under a di...

Page 37: ... PC must be set on the same IP subnet address as the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you have changed the default IP address of the Managed Switch to 192 168 1 1 with subnet mask 255 255 255 0 via ...

Page 38: ...t or manage the Managed Switch by Web interface The Switch Menu on the left of the web page lets you access all the commands and statistics the Managed Switch provides Note It is recommended to use Internet Explore 8 0 or above to access Managed Switch The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface No...

Page 39: ...e Panel Display The Web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ45 Ports SFP Ports PoE Ports Main Menu Using the onboard Web agent you can define system pa...

Page 40: ...Buttons Click to save changes or reset to default Click to logout the Managed Switch Click to reboot the Managed Switch Click to refresh the page 4 1 1 Save Button This save button allows you to save the running startup backup configuration or reset switch in default parameter If you forgot to save configuration all configurations will be lost after system reboot The screen in Figure 4 1 6 appears...

Page 41: ...ect Description Running Configuration Refers to the running configuration sequence used in the switch In switch the running configuration file stores in the RAM In the current version the running configuration sequence running config can be saved from the RAM to FLASH by saving Source File Running Configuration to Destination File Startup Configuration so that the running configuration sequence be...

Page 42: ...he running configuration file stores in the RAM In the current version the running configuration sequence of running config can be saved from the RAM to FLASH by Save Configurations to FLASH function so that the running configuration sequence becomes the startup configuration file which is called configuration save To save all applied changes and set the current configuration as a startup configur...

Page 43: ...age IPv6 Configuration Configure the switch managed IPv6 information on this page User Configuration Configure new user name and password on this page Time Settings Configure SNTP on this page Log Management The switch log information is provided here SNMP Management Configure SNMP on this page 4 2 1 System Information The System Info page provides information for the current device information Sy...

Page 44: ... The loader date of this Managed Switch Firmware Version The firmware version of this Managed Switch Firmware Date The firmware date of this Managed Switch System Object ID The system object ID of the Managed Switch System Up Time The period of time the device has been operational PCN HW Version The hardware version of this Managed Switch Buttons Click to edit parameter 4 2 2 IP Configurations The...

Page 45: ...CP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Provide the IP address of this switch in dotted decimal notation Subnet Mask Provide the subnet mask of this switch in dotted decimal notation Gateway Provide the IP address of the router in dotted decimal notation DNS Server 1 2 Provide the...

Page 46: ... this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 9ef6 1aff fe04 c5c3 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses the following legally IPv4 address For example 192 1...

Page 47: ...c address IPv6 Static Router Display the current IPv6 static gateway DHCPv6 Client Display the current DHCPv6 client status 4 2 4 User Configuration This page provides an overview of the current users and privilege type Currently the only way to login as another user on the Web server is to close and reopen the browser After the setup is completed please press Apply button to take effect Please lo...

Page 48: ... Retype Password Please enter the user s new password here again to confirm Privilege Type The privilege type for the user Options Admin User Other Buttons Click to apply changes Figure 4 2 7 Local User Page Screenshot The page includes the following fields Object Description Username Display the current username Password Type Display the current password type Privilege Type Display the current pr...

Page 49: ...ts and the server when they are not on the same subnet domain Disabled Disable SNTP mode operation Manual Time To set time manually Year Select the starting year Month Select the starting month Day Select the starting day Hours Select the starting hour Minutes Select the starting minute Seconds Select the starting seconds Time Zone Select the time zone according to the current location of switch D...

Page 50: ...ing minute Recurring To Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute Non recurring From Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute Non recurring To Week Select th...

Page 51: ... Display the current time zone Daylight Saving Time Display the current daylight saving time state Daylight Saving Time Offset Display the current daylight saving time offset state From Display the current daylight saving time from To Display the current daylight saving time to 4 2 5 2 SNTP Server Settings The SNTP Server Configuration screens in Figure 4 2 10 and Figure 4 2 11 appear Figure 4 2 1...

Page 52: ...aged Switch log management is provided here The local logs allow you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RAM The following table lists the event levels of the Managed Switch Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational ...

Page 53: ...ge includes the following fields Object Description Logging Service Enabled Enable logging service operation Disabled Disable logging service operation Buttons Click to apply changes Figure 4 2 13 Logging Information Page Screenshot The page includes the following fields Object Description Logging Service Display the current logging service status 4 2 6 2 Local Log The switch system local log info...

Page 54: ...or local log crit Critical level of the critical conditions for local log error Error level of the error conditions for local log warning Warning level of the warning conditions for local log notice Notice level of the normal but significant conditions for local log info Informational level of the informational messages for local log debug Debug level of the debugging messages for local log Button...

Page 55: ...on Server Address Provide the remote syslog IP address of this switch Server Port Provide the port number of remote syslog server Default Port no 514 Severity The severity of the local log entry The following severity types are supported emerg Emergency level of the system unstable for local log alert Alert level of the immediate action needed for local log crit Critical level of the critical cond...

Page 56: ...Server Info Display the current remote syslog server information Severity Display the current remote syslog severity Facility Display the current remote syslog facility Action Delete the remote server entry 4 2 6 4 Log Message The switch log view is provided here The Log View screens in Figure 4 2 18 Figure 4 2 19 and Figure 4 2 20 appear Figure 4 2 18 Log Information Select Page Screenshot The pa...

Page 57: ...notice Notice level of the normal but significant conditions for log view info Informational level of the informational messages for log view debug Debug level of the debugging messages for log view Category The category of the log view includes AAA ACL CABLE_DIAG DAI DHCP_SNOOPING Dot1X GVRP IGMP_SNOOPING IPSG L2 LLDP Mirror MLD_SNOOPING Platform PM Port PORT_SECURITY QoS Rate SNMP and STP Button...

Page 58: ... suite SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth An SNMP managed network consists of three key components Network management stations NMS s SNMP agents Management information base MIB and network management protocol Network management stations NMS s Sometimes called consoles these devices execute management applica...

Page 59: ...of some event The SNMPv2 trap message is designed to replace the SNMPv1 trap message SNMP community An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent The community name is used to identify the group An SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management sta...

Page 60: ...to The allowed string length is 1 to 16 Subtree OID The OID defining the root of the subtree to add to the named view The allowed string content is digital number or asterisk Subtree OID Mask The bitmask identifies which positions in the specified object identifier are to be regarded as wildcards for the purpose of pattern matching View Type Indicates the view type that this entry should belong to...

Page 61: ... entry 4 2 7 4 SNMP Access Group Configure SNMPv3 access group on this page The entry index keys are Group Name Security Model and Security Level The SNMPv3 Access Group Setting screens in Figure 4 2 25 and Figure 4 2 26 appear Figure 4 2 25 SNMPv3 Access Group Setting Page Screenshot The page includes the following fields Object Description Group Name A string identifying the group name to which ...

Page 62: ... length is 1 to 16 Write View Name Write view name is the name of the view in which you enter data and configure the contents of the agent The allowed string length is 1 to 16 Notify View Name Notify view name is the name of the view in which you specify a notify inform or trap Buttons Click to add a new access entry Check to delete the entry Figure 4 2 26 SNMP View Table Status Page Screenshot Th...

Page 63: ...dicates the SNMP community supported mode Possible versions are Basic Set SNMP community mode supported version 1 and 2c Advanced Set SNMP community mode supported version 3 Group Name A string identifying the group name to which this entry should belong The allowed string length is 1 to 16 View Name A string identifying the view name to which this entry should belong The allowed string length is ...

Page 64: ...escription User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 16 Group The SNMP Access Group A string identifying the group name that this entry should belong to Privilege Mode Indicates the security model that this entry should belong to Possible security models are NoAuth None authentication and none privacy Auth Authentication and non...

Page 65: ... to indicate that this user using DES authentication protocol Encryption Key A string identifying the privacy pass phrase The allowed string length is 8 to 16 Buttons Click to add a new user entry Figure 4 2 30 SNMPv3 Users Status Page Screenshot The page includes the following fields Object Description User Name Display the current user name Group Display the current group Privilege Mode Display ...

Page 66: ...address For example 192 1 2 34 SNMP Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c Notify Type Set the notify type in traps or informs Community Name Indicates the community access string when send SNMP trap packet UDP Port Indicates the SNMP trap destination port SNMP Agent will send SNM...

Page 67: ...screens in Figure 4 2 33 and Figure 4 2 34 appear Figure 4 2 33 SNMPv3 Notification Recipients Page Screenshot The page includes the following fields Object Description Server Address Indicates the SNMP trap destination address It allows a valid IP address in dotted decimal notation x y z w It can also represent a legally valid IPv4 address For example 192 1 2 34 Notify Type Set the notify type in...

Page 68: ...UDP Port Display the current UDP port Time Out Display the current time out Retries Display the current retry times Action Delete the SNMPv3 host entry 4 2 7 9 SNMP Engine ID Configure SNMPv3 Engine ID on this page The entry index key is Engine ID The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The SNMPv3 Engin...

Page 69: ...e Screenshot The page includes the following fields Object Description User Default Display the current status Engine ID Display the current engine ID 4 2 7 10 SNMP Remote Engine ID Configure SNMPv3 remote Engine ID on this page The SNMPv3 Remote Engine ID Setting screens in Figure 4 2 37 and Figure 4 2 38 appear Figure 4 2 37 SNMPv3 Remote Engine ID Setting Page Screenshot The page includes the f...

Page 70: ...Management Use the Port Menu to display or configure the Managed Switch s ports This section has the following items Port Configuration Configures port configuration settings Port Counters Lists Ethernet and RMON port statistics Bandwidth Utilization Displays current bandwidth utilization Port Mirroring Sets the source and target ports for mirroring Jumbo Frame Sets the jumbo frame on the switch P...

Page 71: ...ation Auto 100M Setup 100M Auto negotiation Auto 1000M Setup 1000M Auto negotiation Auto 10 100M Setup 10 100M Auto negotiation 10M Setup 10M Force mode 100M Setup 100M Force mode 1000M Setup 1000M Force mode Duplex Select any available link duplex for the given switch port Draw the menu bar to select the mode Auto Setup Auto negotiation Full Force sets Full Duplex mode Half Force sets Half Duplex...

Page 72: ...rrent link status Speed Display the current speed status of the port Duplex Display the current duplex status of the port Flow Control Configuration Display the current flow control configuration of the port Flow Control Status Display the current flow control status of the port 4 3 2 Port Counters This page provides an overview of traffic and trunk statistics for all switch ports The Port Statist...

Page 73: ...use of an unknown or unsupported protocol Received Discards Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Transmit Octets The total number of octets transmitted out of the interface includin...

Page 74: ...er of packets that higher level protocols requested is transmitted and addressed to a broadcast address at this sub layer including those that were discarded or not sent Figure 4 3 5 Ethernet link Counters Page Screenshot Object Description Alignment Errors The number of alignment errors missynchronized data packets FCS Errors A count of frames received on a particular interface that are an integr...

Page 75: ...e Frames The number of received pause frames Out Pause Frames The number of transmitted pause frames Figure 4 3 6 RMON Counters Page Screenshot Object Description Drop Events The total number of events in which packets were dropped due to lack of resources Octets The total number of octets received and transmitted on the interface including framing characters Packets The total number of packets re...

Page 76: ...nd had either an FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet segment 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames Th...

Page 77: ...work traffic that forwards a copy of each incoming or outgoing packet from one port of a network switch to another port where the packet can be studied It enables the manager to keep close track of switch performance and alter it if necessary To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Ma...

Page 78: ...iguration The Port Mirror Configuration screens in Figure 4 3 9 and Figure 4 3 10 appear Figure 4 3 9 Port Mirroring Settings Page Screenshot The page includes the following fields Object Description Session ID Set the port mirror session ID Possible ID are 1 to 4 Monitor Session State Enable or disable the port mirroring function Destination Port Select the port to mirror destination port Allow i...

Page 79: ...Mirroring Status Page Screenshot The page includes the following fields Object Description Session ID Display the session ID Destination Port This is the mirroring port entry Ingress State Display the ingress state Source TX Port Display the current TX ports Source RX Port Display the current RX ports 4 3 5 Jumbo Frame This page provides to select the maximum frame size allowed for the switch port...

Page 80: ...s Enter the maximum frame size allowed for the switch port including FCS The allowed range is 64 bytes to 9216 bytes Buttons Click to apply changes Figure 4 3 12 Jumbo Frame Information Page Screenshot The page includes the following fields Object Description Jumbo Display the current maximum frame size ...

Page 81: ...e port error disabled function to check status by self loop Broadcast Flood Enable or disable the port error disabled function to check status by broadcast flood Unknown Multicast Flood Enable or disable the port error disabled function to check status by unknown multicast flood Unicast Flood Enable or disable the port error disabled function to check status by unicast flood ACL Enable or disable ...

Page 82: ...f Loop Display the current self loop status Broadcast Flood Display the current broadcast flood status Unknown Multicast Flood Display the current unknown multicast flood status Unicast Flood Display the current unicast flood status ACL Display the current ACL status Port Security Violation Display the current port security violation status DHCP Rate Limit Display the current DHCP rate limit statu...

Page 83: ...ror disabled reason of the port Time Left Seconds Display the time left 4 3 8 Protected Ports Overview When a switch port is configured to be a member of protected group also called Private VLAN communication between protected ports within that group can be prevented Two application examples are provided in this section Customers connected to an ISP can be members of the protected group but they a...

Page 84: ...e private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN...

Page 85: ...ous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Unprotected A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting Buttons Click to apply changes Figure 4 3 17 Port Isolation Status Page Screenshot The page includes the following fields Object Description Protected...

Page 86: ...e assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed suplex setting etc The device supports the following Aggregation links Static LAGs Port Trun...

Page 87: ...egation ports None of the ports in a link aggregation can be configured as a mirror source port or a mirror target port All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole Enable the link aggregation prior to connecting any cable between the switches...

Page 88: ...llowing fields Object Description Load Balance Algorithm Select load balance algorithm mode MAC Address The MAC address can be used to calculate the port for the frame IP MAC Address The IP and MAC address can be used to calculate the port for the frame Buttons Click to apply changes Figure 4 4 3 LAG Information Page Screenshot The page includes the following fields Object Description Load Balance...

Page 89: ...lect LAG number for this drop down list Name Indicates each LAG name Type Indicates the trunk type Static Force aggregated selected ports to be a trunk group LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them Ports Select port number for this drop down list to estab...

Page 90: ... Setting screens in Figure 4 4 6 and Figure 4 4 7 appear Figure 4 4 6 LAG Port Setting Information Page Screenshot The page includes the following fields Object Description LAG Select Select LAG number for this drop down list Enable Indicates the LAG state operation Possible states are Enabled Start up the LAG manually Disabled Shut down the LAG manually Speed Select any available link speed for t...

Page 91: ...ings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Buttons Click to apply changes Figure 4 4 7 LAG Port Status Page Screenshot The page includes the following fields Object Description LAG The LAG for the settings contained in the same row Description Display the current des...

Page 92: ...e includes the following fields Object Description System Priority A value which is used to identify the active LACP The Managed Switch with the lowest value has the highest priority and is selected as the active LACP peer of the trunk group Buttons Click to apply changes Figure 4 4 9 LACP Information Page Screenshot The page includes the following fields Object Description System Priority Display...

Page 93: ...P port setting Priority The Priority controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower number means greater priority Timeout The Timeout controls the period between BPDU transmissions Short will transmit LACP packets each secon...

Page 94: ...lays LAG status The LAG Status screens in Figure 4 4 12 and Figure 4 4 13 appear Figure 4 4 12 LAG Status Page Screenshot The page includes the following fields Object Description LAG Display the current trunk entry Name Display the current LAG name Type Display the current trunk type Link State Display the current link state Active Member Display the current active member Standby Member Display t...

Page 95: ...rt disabled state EXPR means expired state LACPds means LACP disabled state DFLT means defaulted state CRRNT means current state PrdTx LACP periodic transmission state machine status of the port no PRD means the port is in no periodic state FstPRD means fast periodic state SlwPRD means slow periodic state PrdTX means periodic TX state AtState The actor state field of LACP PDU description The field...

Page 96: ...at frequently communicate with each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated Note 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets ...

Page 97: ...broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can b...

Page 98: ...f putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header 802 1Q VLAN Tags The figure below shows the 802 1Q VLAN tag There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the Ether Type field When a packet s Ether Type field is equal to 0x8100 th...

Page 99: ...ntained within the tag Tagged packets are also assigned a PVID but the PVID is not used to make packet forwarding decisions the VID is Tag aware switches must keep a table to relate PVID within the switch to VID on the network The switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet If the two VID are different the switch will drop the pac...

Page 100: ...en the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns the frame to an associated VLAN based on the default VLAN ID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame Port Overlapping Port overlapping can be used to allow access to commonly shared netwo...

Page 101: ...ent VLAN 4 5 4 Create VLAN Create delete VLAN on this page The screens in Figure 4 5 3 and Figure 4 5 4 appear Figure 4 5 3 VLAN Setting Page Screenshot The page includes the following fields Object Description VLAN List Indicates the ID of this particular VLAN VLAN Action This column allows users to add or delete VLAN s VLAN Name Prefix Indicates the name of this particular VLAN Buttons Click to ...

Page 102: ...2 1Q compliant switch can be configured as tagged or untagged Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compli...

Page 103: ...pecific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might be mixed Assigning a unique range of VLAN IDs to each customer would restrict customer configurations require intensive processing of VLAN mapping tables and could ea...

Page 104: ...ss indicates the port belongs to one VLAN only Hybrid means the port allows the traffic of multi VLANs to pass in tag or untag mode Tunnel configures IEEE 802 1Q tunneling for a downlink port to another device within the customer network PVID Allows you to assign PVID to selected port The PVID will be inserted into all untagged frames entering the ingress port The PVID must be the same as the VLAN...

Page 105: ...ce Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Interface VLAN Mode Display the current interface VLAN mode PVID Display the current PVID Accepted Frame Type Display the current access frame type Ingress Filtering Display the current ingress filtering Uplink Display the current uplink mode TPID Display the current...

Page 106: ...ect VLAN membership for each interface by marking the appropriate radio button for a port or trunk Forbidden Interface is forbidden from automatically joining the VLAN via GVRP Excluded Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Tagged Interface is a member of the VLAN All packets transmitted by the port will be tagged that is c...

Page 107: ...to modify VLAN membership 4 5 8 Protocol VLAN Group Setting The network devices required to support multiple protocols cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including s...

Page 108: ... protocol based VLAN Group Setting The protocol based VLAN screens in Figure 4 5 9 and Figure 4 5 10 appear Figure 4 5 9 Add Protocol VLAN Group Page Screenshot The page includes the following fields Object Description Group ID Protocol Group ID assigned to the Special Protocol VLAN Group Frame Type Frame Type can have one of the following values Ethernet II IEEE802 3_LLC_Other RFC_1042 Note On ch...

Page 109: ...5 9 Protocol VLAN Port Setting This page allows you to map an already configured Group Name to a VLAN port for the switch The Protocol VLAN Port Setting State screens in Figure 4 5 11 and Figure 4 5 12 appear Figure 4 5 11 Protocol VLAN Port Setting Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list to assign protocol VLAN port Group ...

Page 110: ...ort entry Figure 4 5 12 Protocol VLAN Port State Page Screenshot The page includes the following fields Object Description Port Display the current port Group ID Display the current group ID VLAN ID Display the current VLAN ID Delete Click to delete the group ID entry ...

Page 111: ...across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch The GVRP Global Setting Information screens in Figure 4 5 13 and Figure 4 5 14 appear Figure 4 5 13 GVRP Global Setting Page Screenshot ...

Page 112: ...icants can rejoin before the port actually leaves the group Range 45 32760 centiseconds Default 60 centiseconds LeaveAll Timeout The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Range 65 32765 ce...

Page 113: ...nabled or disabled on port Registration Mode By default GVRP ports are in normal registration mode These ports use GVRP join messages from neighboring switches to prune the VLANs running across the 802 1Q trunk link If the device on the other side is not capable of sending GVRP messages or if you do not want to allow the switch to prune any of the VLANs use the fixed mode Fixed mode ports will for...

Page 114: ...isplay the current registration mode VLAN Creation Status Display the current VLAN creation status 4 5 12 GVRP VLAN The GVRP VLAN Database screen in Figure 4 5 17 appears Figure 4 5 17 GVRP VLAN Database Status Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Member Ports Display the current member ports Dynamic Ports Display the current...

Page 115: ...in Empty Rx Tx Display the current join empty TX RX packets Empty Rx Tx Display the current empty TX RX packets Leave Empty Rx Tx Display the current leave empty TX RX packets Join In Rx Tx Display the current join in TX RX packets Leave In Rx Tx Display the current leave in TX RX packets LeaveAll Rx Tx Display the current leaveall TX RX packets Figure 4 5 19 GVRP Port Error Statistics Page Screen...

Page 116: ...ttons Click to clear the GVRP Error Statistics Click to refresh the GVRP Error Statistics 4 5 14 VLAN setting example Separate VLANs 802 1Q VLAN Trunk 4 5 14 1 Two separate 802 1Q VLANs The diagram shows how the Managed Switch handles Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLANs Each VLAN isolates network traffic so only members of the VLAN recei...

Page 117: ...anaged Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away its tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep as a tagged packet with VLAN Tag 2 Tagged packet entering VLAN 2 1 While PC 3 transmits a tagged packet with VL...

Page 118: ...becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 Note In this example VLAN Group 1 is set as default VLAN but only focuses on VLAN 2 and VLAN 3 traffic flow Setup Steps 1 Create VLAN Group 2 and 3 Add VLAN group 2 and group 3 2 Assign VLAN mode and PVID to each port Port 1 Port 2 and Port 3 VLAN Mode Hybrid PVID 2 Port 4 Port 5 and Port 6...

Page 119: ... Port 6 Tagged Port 1 3 Excluded 4 5 14 2 VLAN Trunking between two 802 1Q aware switches In most cases they are used for Uplink to other switches VLANs are separated at different switches but they need to access other switches within the same VLAN group The screen in Figure 4 5 21 appears ...

Page 120: ...up steps 1 Create VLAN Group 2 and 3 Add VLAN group 2 and group 3 2 Assign VLAN mode and PVID to each port Port 1 Port 2 and Port 3 VLAN Mode Hybrid PVID 2 Port 4 Port 5 and Port 6 VLAN Mode Hybrid PVID 3 Port 7 VLAN Mode Hybrid PVID 1 ...

Page 121: ...119 NS3503 16P 4C User Manual 3 Assign Tagged Untagged to each port VLAN ID 1 Port 1 6 Untagged Port 7 Excluded VLAN ID 2 Port 1 2 Untagged Port 3 7 Tagged Port 4 6 Excluded VLAN ID 3 Port 4 5 Untagged ...

Page 122: ...established Duplicated links are blocked from use and become standby links The protocol allows for the duplicate links to be used in the event of a failure of the primary link Once the Spanning Tree Protocol is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accom...

Page 123: ...s the root switch The shortest distance to the root switch is calculated for each switch A designated switch is selected This is the switch closest to the root switch through which packets will be forwarded to the root A port for each switch is selected This is the port providing the best path from the switch to the root switch Ports included in the STP are selected Creating a Stable STP Topology ...

Page 124: ...o the blocking state Learning the port is adding addresses to its forwarding database but not yet forwarding packets Forwarding the port is forwarding packets Disabled the port only responds to network management messages and must return to the blocking state first A port transitions from one state to another as follows From initialization switch boot to blocking From blocking to listening or to d...

Page 125: ...ority and the switch s MAC address The Bridge Identifier consists of two parts a 16 bit priority and a 48 bit Ethernet MAC address 32768 MAC 32768 MAC Priority A relative priority for each switch lower numbers give a higher priority and a greater chance of a given switch being elected as the root bridge 32768 Hello Time The length of time between broadcasts of the hello message by the switch 2 sec...

Page 126: ...ur Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge If it turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Forward Delay Timer The Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state N...

Page 127: ...ng values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however re...

Page 128: ... chosen as a 100 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link This section has the following items STP Global Setting Configures STP system settings STP Port Setting Configuration per port STP setting CIST Instance Setting Configure syste...

Page 129: ...oup and blocks all but one of the possible alternate paths within each Spanning Tree The STP Global Settings screens in Figure 4 6 4 and Figure 4 6 5 appear Figure 4 6 4 Global Settings Page Screenshot The page includes the following fields Object Description Enable Enable or disable the STP function The default value is Disabled BPDU Forward Set the BPDU forward method PathCost Method The path co...

Page 130: ...rward Display the current BPDU forward mode Cost Method Display the current cost method Force Version Display the current force version Configuration Name Display the current configuration name Configuration Revision Display the current configuration revision 4 6 3 STP Port Setting This page allows you to configure per port STP settings The STP Port Setting screens in Figure 4 6 6 and Figure 4 6 7...

Page 131: ...l whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology P2P MAC Controls whether the port connects to a point to point LAN rather than a shared medium This can be automatically determined or forced either true or false Transition to the forwarding state is faster for point ...

Page 132: ...00 Table 4 6 2 Recommended STP Path Costs Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Table 4 6 3 Default STP Path Costs Port Type Link Type IEEE 802 1w 2001 Ethernet Half Duplex Full...

Page 133: ...re 4 6 8 CIST Instance Setting Page Screenshot The page includes the following fields Object Description priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority o...

Page 134: ...an send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Hello Time The time that controls the switch to send out the BPDU packet to check STP current status Enter a value between 1 through 10 Buttons Click to apply changes Figure 4 6 9 CIST Instance Information Page Screenshot The page includes the following fields Obje...

Page 135: ...ontrols the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 Internal Path Cost 0 Auto Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered T...

Page 136: ...t internal path cost oper Designated Root Bridge Display the current designated root bridge External Root Cost Display the current external root cost Regional Root Bridge Display the current regional root bridge Internal Root Cost Display the current internal root cost Designated Bridge Display the current designated bridge Internal Port Path Cost Display the current internal port path cost Edge P...

Page 137: ...o assign VLAN list to special MSTI ID The range for the VLAN list is 1 4094 Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Click to apply changes Figure 4 6 13 MSTI Instance Setting Information Page Screenshot The page include...

Page 138: ...ining Hops Display the current remaining hops Last Topology Change Display the current last topology change 4 6 7 MST Port Setting This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the por...

Page 139: ...Internal Path Cost 0 Auto Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher pa...

Page 140: ...nated bridge Internal Path Cost Display the current internal path cost Port Role Display the current port role Port State Display the current port state 4 6 8 STP Statistics This page displays STP statistics The STP statistics screen in Figure 4 6 17 appears Figure 4 6 17 STP Statistics Page Screenshot The page includes the following fields Object Description Port The switch port number of the log...

Page 141: ...tatistics Display the MLD snooping statistics Multicast Throttling Setting Configures multicast throttling setting Multicast Filter Configures multicast filter 4 7 1 Properties This page provides multicast properties related configuration The multicast Properties and Information screen in Figure 4 7 1 and Figure 4 7 2 appear Figure 4 7 1 Properties Setting Page Screenshot The page includes the fol...

Page 142: ... member of the multicast group About the Internet Group Management Protocol IGMP Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for member...

Page 143: ...141 NS3503 16P 4C User Manual Figure 4 7 3 Multicast Service Figure 4 7 4 Multicast Flooding ...

Page 144: ...en joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 0x11 Specific Group Mem...

Page 145: ... 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast qu...

Page 146: ...to the current unit as reflected by the page header The IGMP Snooping Setting and Information screens in Figure 4 7 7 Figure 4 7 8 and Figure 4 7 9 appear Figure 4 7 7 IGMP Snooping Page Screenshot The page includes the following fields Object Description IGMP Snooping Status Enable or disable the IGMP snooping The default value is Disabled IGMP Snooping Version Sets the IGMP Snooping operation ve...

Page 147: ...ing fields Object Description Entry No Display the current entry number VLAN ID Display the current VLAN ID IGMP Snooping Operation Status Display the current IGMP snooping operation status Router Ports Auto Learn Display the current router ports auto learning Query Robustness Display the current query robustness Query Interval sec Display the current query interval Query Max Response Interval sec...

Page 148: ...N Setting Page Screenshot The page includes the following fields Object Description VLAN ID Select VLAN ID for this drop down list Querier State Enable or disable the querier state The default value is Disabled Querier Version Sets the querier version for compatibility with other devices on the network Version 2 or 3 Default 2 Buttons Click to apply changes Figure 4 7 11 IGMP Querier Status Page S...

Page 149: ...e Managed Switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN The IGMP Static Group configuration screens in Figure 4 7 12 ...

Page 150: ...eenshot The page includes the following fields Object Description VLAN ID Display the current VID Group IP Address Display multicast IP address for a specific multicast service Member Port Display the current member port Type Member types displayed include Static or Dynamic depending on selected options Life Sec Display the current life 4 7 2 5 IGMP Router Setting Depending on your network connect...

Page 151: ...l multicast traffic coming from the attached multicast router Type Sets the Router port type The types of Router port as below Static Forbid Static Ports Select Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Forbid Port Select Specify which ports un act as router ports Buttons Click to add IGMP ...

Page 152: ... 7 18 and Figure 4 7 19 appear Figure 4 7 17 Dynamic Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Display the current dynamic router ports Expiry Time Sec Display the current expiry time Figure 4 7 18 Static Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the cu...

Page 153: ... This page provides IGMP Forward All The Forward All screen in Figure 4 7 20 appears Figure 4 7 20 Forward All Setting Page Screenshot The page includes the following fields Object Description VLAN ID Select VLAN ID for this drop down list to assign IGMP membership Port The switch port number of the logical port Membership Select IGMP membership for each interface Forbidden Interface is forbidden ...

Page 154: ...will not be transmitted by the interface Static Interface is a member of the IGMP Buttons Click to apply changes 4 7 3 IGMP Snooping Statics This page provides IGMP Snooping Statics The IGMP Snooping Statics screen in Figure 4 7 20 appears Figure 4 7 20 Forward All Setting Page Screenshot The page includes the following fields ...

Page 155: ...rent leave TX Report TX Display current report TX General Query TX Display current general query TX Special Group Query TX Display current special group query TX Special Group Source Query TX Display current special group and source query TX Buttons Click to clear the IGMP Snooping Statistics Click to refresh the IGMP Snooping Statistics 4 7 4 MLD Snooping 4 7 4 1 MLD Setting This page provides ML...

Page 156: ...ersion 2 MLD Snooping Report Suppression Limits the membership report traffic sent to multicast capable routers When you disable report suppression all MLD reports are sent as is to multicast capable routers The default is enabled Buttons Click to apply changes Figure 4 7 22 MLD Snooping information Page Screenshot The page includes the following fields Object Description MLD Snooping Status Displ...

Page 157: ... the current query robustness Query Interval sec Display the current query interval Query Max Response Interval sec Display the current query max response interval Last Member Query count Display the current last member query count Last Member Query Interval sec Display the current last member query interval Immediate Leave Display the current immediate leave Modify Click to edit parameter 4 7 4 2...

Page 158: ...s Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Group IPv6 Address Display the current group IPv6 address Member Ports Display the current member ports Modify Click to edit parameter 4 7 4 3 MLD Group Table This page provides MLD Group Table The MLD Group Table screen in Figure 4 7 26 appears Figure 4 7 26 MLD Group Table Page Screens...

Page 159: ...in all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the Managed Switch The MLD Router Setting screens in Figure 4 7 27 and Figure 4 7 28 appear Figure 4 7 27 Add Router Port Page Screenshot The page includes the following fields Object Description VLAN ID Selects the VLAN to propagate all mul...

Page 160: ... Modify Click to edit parameter Click to delete the group ID entry 4 7 4 5 MLD Router Table This page provides Router Table The Dynamic Static and Forbidden Router Table screens in Figure 4 7 29 Figure 4 7 30 and Figure 4 7 31 appear Figure 4 7 29 Dynamic Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Display the curr...

Page 161: ... the current VLAN ID Port Mask Display the current port mask Figure 4 7 31 Forbidden Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask 4 7 4 6 MLD Forward All This page provides MLD Forward All The Forward All screen in Figure 4 7 32 appears ...

Page 162: ...ical port Membership Select MLD membership for each interface Forbidden Interface is forbidden from automatically joining the MLD via MVR None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Static Interface is a member of the MLD Buttons Click to apply changes 4 7 5 MLD Snooping Statics This page provides MLD Snooping Statics The ML...

Page 163: ... current other RX Leave RX Display current leave RX Report RX Display current report RX General Query RX Display current general query RX Special Group Query RX Display current special group query RX Special Group Source Query RX Display current special group and source query RX Leave TX Display current leave TX Report TX Display current report TX General Query TX Display current general query TX ...

Page 164: ...xisting group and replaces it with the new multicast group Once you have configured multicast profiles you can assign them to interfaces on the Managed Switch Also you can set the multicast throttling number to limit the number of multicast groups an interface can join at the same time The MAX Group and Information screens in Figure 4 7 34 and Figure 4 7 35 appear Figure 4 7 34 Max Groups and Acti...

Page 165: ...a specific subscription plan The multicast filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port Multicast filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A multicast filter profile can contain one or more or a range of multicast addresses but only one pr...

Page 166: ...the following fields Object Description IP Type Select IPv4 or IPv6 for this drop down list Profile Index Indicates the ID of this particular profile Group from Specifies multicast groups to include in the profile Specify a multicast group range by entering a start IP address Group to Specifies multicast groups to include in the profile Specify a multicast group range by entering an end IP address...

Page 167: ...play the current group to Action Display the current action Modify Click to edit parameter Click to delete the MLD IGMP profile entry 4 7 7 2 IGMP Filter Setting The Filter Setting and Status screens in Figure 4 7 38 and Figure 4 7 39 appear Figure 4 7 38 Filter Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number for this drop down list ...

Page 168: ...ter profile ID Action Click to display detail profile parameter Click to delete the IGMP filter profile entry 4 7 7 3 MLD Filter Setting The Filter Setting and Status screens in Figure 4 7 40 and Figure 4 7 41 appear Figure 4 7 40 Filter Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number for this drop down list Filter Profile ID Select ...

Page 169: ...affic such as multi media video protocol specific time critical and file backup traffic QoS reduces bandwidth limitations delay loss and jitter It also provides increased reliability for delivery of your data and allows you to prioritize certain applications across your network You can define exactly how you want the switch to treat selected applications and types of traffic You can use QoS on you...

Page 170: ...e or Port base mode can be selected Both the three mode rely on predefined fields within the packet to determine the output queue 802 1p Tag Priority Mode The output queue assignment is determined by the IEEE 802 1p VLAN priority tag IP DSCP Mode The output queue assignment is determined by the TOS or DSCP field in the IP packets Port Base Priority Mode Any packet received from the specify high pr...

Page 171: ... the following fields Object Description QoS Mode Display the current QoS mode 4 8 2 2 QoS Port Settings The QoS Port Settings and Status screens in Figure 4 8 2 and Figure 4 8 3 appear Figure 4 8 2 QoS Port Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number for this drop down list CoS Value Select CoS value for this drop down list ...

Page 172: ...igure 4 8 3 QoS Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port CoS Value Display the current CoS value Remark CoS Display the current remark CoS Remark DSCP Display the current remark DSCP Remark IP Precedence Display the current remark IP precedence 4 8 2 3 Queue Settings The Queue Table and Information screens...

Page 173: ...heduler mode is Strict Priority on this switch port WRR Controls whether the scheduler mode is Weighted on this switch port Weight Controls the weight for this queue This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted of WRR Bandwidth Display the current bandwidth for each queue Buttons Click to apply changes Figure 4 8 5 Queue Information Page Scree...

Page 174: ...ue value information 4 8 2 4 CoS Mapping The CoS to Queue and Queue to CoS Mapping screens in Figure 4 8 6 and Figure 4 8 7 appear Figure 4 8 6 CoS to Queue and Queue to CoS Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value for this drop down list Class of Service Select CoS value for this drop down list Buttons Click to apply changes ...

Page 175: ... fields Object Description CoS Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to CoS Display the current mapping to CoS 4 8 2 5 DSCP Mapping The DSCP to Queue and Queue to DSCP Mapping screens in Figure 4 8 8 and Figure 4 8 9 appear ...

Page 176: ...ueue to DSCP Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value for this drop down list DSCP Select DSCP value for this drop down list Buttons Click to apply changes Figure 4 8 9 DSCP Mapping Page Screenshot ...

Page 177: ... to queue Queue Display the current queue value Mapping to DSCP Display the current mapping to DSCP 4 8 2 6 IP Precedence Mapping The IP Precedence to Queue and Queue to IP Precedence Mapping screens in Figure 4 8 10 and Figure 4 8 11 appear Figure 4 8 10 IP Precedence to Queue and Queue to IP Precedence Mapping Page Screenshot The page includes the following fields ...

Page 178: ...own list Buttons Click to apply changes Figure 4 8 11 IP Precedence Mapping Page Screenshot The page includes the following fields Object Description IP Precedence Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to IP Precedence Display the current mapping to IP Precedence ...

Page 179: ... Figure 4 8 13 appear Figure 4 8 12 Basic Mode Global Settings Page Screenshot The page includes the following fields Object Description Trust Mode Set the QoS mode Buttons Click to apply changes QoS Information Figure 4 8 13 QoS Information Page Screenshot The page includes the following fields Object Description Trust Mode Display the current QoS mode ...

Page 180: ...reenshot The page includes the following fields Object Description Port Select port number for this drop down list Trust Mode Enable or disable the trust mode Buttons Click to apply changes Figure 4 8 15 QoS Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Trust Mode Display the current trust type ...

Page 181: ...hot The page includes the following fields Object Description Port Select port number for this drop down list State Enable or disable the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 17 Ingress Bandwidth Control Status Page Screens...

Page 182: ...bject Description Port Select port number for this drop down list State Enable or disable the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 19 Egress Bandwidth Control Status Page Screenshot The page includes the following fields Ob...

Page 183: ...er for this drop down list Queue Select queue number for this drop down list State Enable or disable the port rate policer The default value is Disabled CIR Kbps Configure the CIR for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 21 Egress Queue Status Page Screenshot The page includes the following fields Objec...

Page 184: ...e VLAN when relocated physically The greatest advantage of the VLAN is the equipment can be automatically placed into Voice VLAN according to its voice traffic which will be transmitted at specified priority Meanwhile when voice equipment is physically relocated it still belongs to the Voice VLAN without any further configuration modification which is because it is based on voice equipment other t...

Page 185: ...d Disable Voice VLAN mode operation Voice VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR VID PVID etc The allowed range is 1 to 4095 Remark CoS 802 1p Select 802 1p value for this drop down list 1p remark Enable or disable 802 1p remark Aging Time 30 65536 min The tim...

Page 186: ...he current voice VLAN ID Remark CoS 802 1p Display the current remark CoS 802 1p 1p remark Display the current 1p remark Aging Display the current aging time 4 8 5 3 Telephony OUI MAC Setting Configure VOICE VLAN OUI table on this Page The Telephony OUI MAC Setting screens in Figure 4 8 24 and Figure 4 8 25 appear Figure 4 8 24 Voice VLAN OUI Settings Page Screenshot The page includes the followin...

Page 187: ...hot The page includes the following fields Object Description OUI Address Display the current OUI address Description Display the current description Modify Click to edit voice VLAN OUI group parameter Click to delete voice VLAN OUI group parameter 4 8 5 4 Telephony OUI Port Setting The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule ...

Page 188: ...ot The page includes the following fields Object Description Port Select port number for this drop down list State Enable or disable the voice VLAN port setting The default value is Disabled CoS Mode Select the current CoS mode Buttons Click to apply changes Figure 4 8 27 Voice VLAN Port State Page Screenshot The page includes the following fields Object Description Port The switch port number of ...

Page 189: ...d responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and...

Page 190: ...evel control 4 9 1 1 Understanding IEEE 802 1X Port based Authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports The authentication server authenticates each client connected to a switch port before making available any services offered by the swi...

Page 191: ...hernet header is stripped and the remaining EAP frame is re encapsulated in the RADIUS format The EAP frames are not modified or examined during encapsulation and the authentication server must support EAP within the native frame format When the switch receives frames from the authentication server the server s frame header is removed leaving the EAP frame which is then encapsulated for Ethernet a...

Page 192: ...on the client does not respond to the request the port remains in the unauthorized state and the client is not granted access to the network In contrast when an 802 1X enabled client connects to a port that is not running the 802 1X protocol the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number ...

Page 193: ... more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Security 802 1X Access Control 802 1X Setting page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below The 802 1X Setting and Information screens in Figure 4 9 3 a...

Page 194: ...are available No Authentication Authentication Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Rea...

Page 195: ...e before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Buttons Click to apply changes Figure 4 9 6 802 1X Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Mode pps Display the current mode Status pps Display the current ...

Page 196: ... authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If ...

Page 197: ...oth globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e Port based 802 1X Buttons Click to apply changes Figure 4 9 8 Guest VLAN Status Page Screenshot The page includes the following fields Object Description Port Name The switch port number of t...

Page 198: ...s in Figure 4 9 10 Figure 4 9 11 and Figure 4 9 12 appear Figure 4 9 10 Use Default Parameters Page Screenshot The page includes the following fields Object Description Retries Timeout is the number of seconds in the range 1 to 10 to wait for a reply from a RADIUS server before retransmitting the request Timeout for Reply Retransmit is the number of times in the range 1 to 30 a RADIUS request is r...

Page 199: ...t Description Server Definition Set the server definition Server IP Address of the Radius server IP name Authentication Port The UDP port to use on the RADIUS Authentication Server If the port is set to 0 zero the default port 1812 is used on the RADIUS Authentication Server Acct Port The UDP port to use on the RADIUS Accounting Server If the port is set to 0 zero the default port 1813 is used on ...

Page 200: ...number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured ...

Page 201: ... The RADIUS Settings screens in Figure 4 9 13 Figure 4 9 14 and Figure 4 9 15 appear Figure 4 9 13 Guest VLAN Setting Page Screenshot The page includes the following fields Object Description Key String The secret key up to 63 characters long shared between the TACACS server and the switch Timeout for Reply Retransmit is the number of times in the range 1 to 30 a TACACS request is retransmitted to...

Page 202: ... messages Range 1 65535 Default 49 Server Key The key shared between the TACACS Authentication Server and the switch Server Timeout The number of seconds the switch waits for a reply from the server before it resends the request Server Priority Set the server priority Buttons Click to add Radius server setting Figure 4 9 15 Login Authentication List Page Screenshot The page includes the following ...

Page 203: ... response the second server will be tried and so on If at any point a pass or fail is returned the process stops The Managed Switch supports the following AAA features Accounting for IEEE 802 1X authenticated users that access the network through the Managed Switch Accounting for users that access management interfaces on the Managed Switch through the console and Telnet Accounting for commands th...

Page 204: ...t Name Defines a name for the authentication list Method 1 4 Set the login authentication method Empty None Local TACACS RADIUS Enable Buttons Click to add authentication list Figure 4 9 18 Login Authentication List Screenshot The page includes the following fields Object Description List Name Display the current list name Method List Display the current method list Modify Click to edit login auth...

Page 205: ...List Name Defines a name for the authentication list Method 1 3 Set the login authentication method Empty None Enable TACACS RADIUS Buttons Click to add authentication list Figure 4 9 20 Login Authentication List Screenshot The page includes the following fields Object Description List Name Display the current list name Method List Display the current method list Modify Click to edit login authent...

Page 206: ...age Screenshot The page includes the following fields Object Description Telnet Service Disable or enable telnet service Login Authentication List Select login authentication list for this drop down list Enable Authentication List Select enable authentication list for this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Ti...

Page 207: ...e SSH on this Page This Page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user...

Page 208: ...gin Authentication List Select login authentication list for this drop down list Enable Authentication List Select enable authentication list for this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Time Set the silent time value Buttons Click to apply changes Click to disconnect telnet communication ...

Page 209: ...ntication List Display the current enable authentication list Session Timeout Display the current session timeout Password Retry Count Display the current password retry count Silent Time Display the current silent time Current SSH Session Count Display the current SSH session count 4 9 5 3 HTTP The HTTP Settings and Information screens in Figure 4 9 25 and Figure 4 9 26 appear Figure 4 9 25 HTTP ...

Page 210: ...k to apply changes Figure 4 9 26 HTTP Information Page Screenshot The page includes the following fields Object Description HTTP Service Display the current HTTP service Login Authentication List Display the current login authentication list Session Timeout Display the current session timeout 4 9 5 4 HTTPs The HTTPs Settings and Information screen in Figure 4 9 27 and Figure 4 9 28 appear Figure 4...

Page 211: ... changes Figure 4 9 28 HTTPs Information Page Screenshot The page includes the following fields Object Description HTTPs Service Display the current HTTPs service Login Authentication List Display the current login authentication list Session Timeout Display the current session timeout 4 9 6 Management Access Method 4 9 6 1 Profile Rules The Profile Rule Table Setting and Table screens in Figure 4...

Page 212: ...ither permit or deny Port Select port for this drop down list IP Source Indicates the IP address for the access management entry Buttons Click to apply changes Figure 4 9 30 Profile Rule Table Page Screenshot The page includes the following fields Object Description Access Profile Name Display the current access profile name Priority Display the current priority Management Method Display the curre...

Page 213: ...lect access profile for this drop down list Buttons Click to apply changes Figure 4 9 32 Access Profile Table Page Screenshot The page includes the following fields Object Description Access Profile Display the current access profile Delete Click to delete access profile entry 4 9 7 DHCP Snooping 4 9 7 1 DHCP Snooping Overview The addresses assigned to DHCP clients on unsecure ports can be careful...

Page 214: ...an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLAN identifier and port identifier When DHCP snooping is enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Filtering rules are implemented as follows If the global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is...

Page 215: ... port s through which the switch submits a client request to the DHCP server must be configured as trusted Note that the switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any messages from a DHCP server any pack...

Page 216: ...ed VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When the DHCP snooping is globally disabled DHCP snooping can still be configured for specific VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are r...

Page 217: ...AN list Status Display the current DHCP snooping status 4 9 7 4 Port Setting Configures switch ports as trusted or untrusted Command Usage A trusted interface is an interface that is configured to receive only messages from within the network An untrusted interface is an interface that is configured to receive messages from outside the network or firewall When DHCP snooping enabled both globally a...

Page 218: ...p down list Type Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message Chaddr Check Indicates that the Chaddr check function is enabled on selected port Chaddr Client hardware address Buttons Click to apply changes Figure 4 9 38 DHCP Snooping Port Settin...

Page 219: ...Snooping Statistics Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Forwarded Display the current forwarded Chaddr Check Dropped Display the chaddr check dropped Untrust Port Dropped Display untrust port dropped Untrust Port with Option82 Dropped Display untrust port with option82 dropped Invalid Dropped Display invalid drop...

Page 220: ...onnectivity If the agent is disabled and only DHCP snooping is enabled the switch does not lose its connectivity but DHCP snooping might not prevent DCHP spoofing attacks The database agent stores the bindings in a file at a configured location When reloading the switch reads the binding file to build the DHCP snooping binding database The switch keeps the file current by updating it when the data...

Page 221: ...sfer process after the binding database changes The range is from 0 to 86400 Use 0 for an infinite duration The default is 300 seconds 5 minutes Buttons Click to apply changes Figure 4 9 41 DHCP Snooping Database Information Page Screenshot The page includes the following fields Object Description Database Type Display the current database type File Name Display the current file name Remote Server...

Page 222: ...default or user define Rate Limit pps Configure the rate limit for the port policer The default value is unlimited Valid values are in the range 1 to 300 Buttons Click to apply changes Figure 4 9 43 DHCP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Rate Limit pps Display the current rate limit 4 9 7 8 O...

Page 223: ...the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always...

Page 224: ... the system will drop it without processing The keep mode means that the system will keep the original option82 segment in the message and forward it to the server to process The replace mode means that the system will replace the option 82 segment in the existing message with its own option 82 and forward the message to the server to process Option82 Port Setting screens in Figure 4 9 46 and Figu...

Page 225: ...lowing fields Object Description Port The switch port number of the logical port Enable Display the current status Allow Untrusted Display the current untrusted mode 4 9 7 10 Option82 Circuit ID Setting Set creation method for option82 users can define the parameters of circuit id suboption by themselves Option82 Circuit ID Setting screens in Figure 4 9 48 and Figure 4 9 49 appear Figure 4 9 48 Op...

Page 226: ...e current port VLAN Display the current VLAN Circuit ID Display the current circuit ID 4 9 8 Dynamic ARP Inspection Dynamic ARP Inspection DAI is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page pr...

Page 227: ... disable the Global ARP Inspection Buttons Click to apply changes Figure 4 9 51 DAI Information Page Screenshot The page includes the following fields Object Description DAI Display the current DAI status 4 9 8 2 VLAN Setting DAI VLAN Setting screens in Figure 4 9 52 and Figure 4 9 53 appear Figure 4 9 52 DAI VLAN Setting Page Screenshot The page includes the following fields ...

Page 228: ...ure 4 9 53 DAI VLAN Setting Page Screenshot The page includes the following fields Object Description VLAN List Display the current VLAN list Status Display the current status 4 9 8 3 Port Setting Configures switch ports as DAI trusted or untrusted and check mode DAI Port Setting screens in Figure 4 9 54 and Figure 4 9 55 appear Figure 4 9 54 DAI Port Setting Page Screenshot The page includes the ...

Page 229: ...Enable or disable to checks the destination MAC address in the Ethernet header against the target MAC address in ARP body This check is performed for ARP responses When enabled packets with different MAC addresses are classified as invalid and are dropped IP Chk Enable or disable to checks the source and destination IP addresses of ARP packets The all zero all one or multicast IP addresses are con...

Page 230: ...Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Forwarded Display the current forwarded Source MAC Failures Display the current source MAC failures Dest MAC Failures Display the current source MAC failures SIP Validation Failures Display the current SIP Validation failures DIP Validation Failures Display the current DIP Validatio...

Page 231: ...elds Object Description Port Select port for this drop down list State Set default or user define Rate Limit pps Configure the rate limit for the port policer The default value is unlimited Buttons Click to apply changes Figure 4 9 58 ARP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Rate Limit pps Displ...

Page 232: ... of the IP source guard If there is a matching entry the port will forward the packet Otherwise the port will abandon the packet IP source guard filters packets based on the following types of binding entries IP port binding entry MAC port binding entry IP MAC port binding entry 4 9 9 1 Port Settings IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports b...

Page 233: ...source guard filtering on the Managed Switch IP Enables traffic filtering based on IP addresses stored in the binding table IP and MAC Enables traffic filtering based on IP addresses and corresponding MAC addresses stored in the binding table Max Binding Entry The maximum number of IP source guard that can be secured on this port Buttons Click to apply changes Figure 4 9 61 IP Source Guard Port Se...

Page 234: ...eens in Figure 4 9 62 and Figure 4 9 63 appear Figure 4 9 62 IP Source Guard Static Binding Entry Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list VLAN ID Indicates the ID of this particular VLAN MAC Address Sourcing MAC address is allowed IP Address Sourcing IP address is allowed Buttons Click to add authentication list Figure 4 9 ...

Page 235: ...t Control module is one of the modules that utilize a lower layer module while the Port Security module manages MAC addresses learned on the port The Limit Control configuration consists of two sections a system and a port wid The IP Source Guard Static Binding Entry and Table Status screens in Figure 4 9 64 and Figure 4 9 65 appear Figure 4 9 64 Port Security Setting Page Screenshot The page incl...

Page 236: ...port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Disable and re enable Limit Control on the port or the switch 2 Click the Reopen button Discard If Limit 1 MAC addresses is seen on the port it will trigger the action that do not learn the new MAC and drop the package Buttons Click to apply changes Figure 4 9 65 Port Security Status Page Scre...

Page 237: ...ture refers to applications such as protocol check which is for protecting the server from attacks such as DoS The protocol check allows the user to drop matched packets based on specified conditions The security features provide several simple and effective protections against Dos attacks while acting no influence on the linear forwarding performance of the switch 4 9 11 1 Global DoS Setting The ...

Page 238: ...ing Max Size Enable or disable DoS check mode by IPv6 ping max size Ping Max Size Setting Set the max size for ping Smurf Attack Enable or disable DoS check mode by smurf attack TCP Min Hdr Size Enable or disable DoS check mode by TCP min hdr size TCP SYN SPORT 1024 Enable or disable DoS check mode by TCP syn sport 1024 Null Scan Attack Enable or disable DoS check mode by null scan attack X Mas Sc...

Page 239: ... current ICMP fragment status IPv4 Ping Max Size Display the current IPv4 ping max size status IPv6 Ping Max Size Display the current IPv6 ping max size status Smurf Attack Display the current smurf attack status TCP Min Header Length Display the current TCP min header length TCP SYN SPORT 1024 Display the current TCP syn status Null Scan Attack Display the current null scan attack status X Mas Sc...

Page 240: ...age includes the following fields Object Description Port Select Select port for this drop down list DoS Protection Enable or disable per port DoS protection Buttons Click to apply changes Figure 4 9 68 Port Security Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port DoS Protection Display the current DoS protection ...

Page 241: ...bal Setting and Information screens in Figure 4 9 69 and Figure 4 9 70 appear Figure 4 9 69 Storm Control Global Setting Page Screenshot The page includes the following fields Object Description Unit Controls the unit of measure for the storm control rate as pps or bps The default value is bps Preamble IFG Set the excluded or included interframe gap Buttons Click to apply changes Figure 4 9 70 Sto...

Page 242: ...in Figure 4 9 71 and Figure 4 9 72 appear Figure 4 9 71 Storm Control Setting Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list Port State Enable or disable the storm control status for the given storm type Action Configures the action performed when storm control is over rate on a port Valid values are Shutdown or Drop Type Enable T...

Page 243: ...control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In network...

Page 244: ...Pv4 based ACE Access Control Entry setting IPv6 based ACL Configuration IPv6 based ACL setting IPv6 based ACE Add Edit Delete the IPv6 based ACE Access Control Entry setting ACL Binding Configure the ACL parameters ACE of each switch port 4 10 1 MAC based ACL This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not a...

Page 245: ...Different parameter options are displayed depending on the frame type that you selected The MAC based ACE screen in Figure 4 10 3 and Figure 4 10 4 appears Figure 4 10 3 MAC based ACE Page Screenshot The page includes the following fields Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence Action Indicates the forwarding action of the ACE ...

Page 246: ... Any No SA MAC filter is specified User Defined If you want to filter a specific source MAC address with this ACE choose this value A field for entering a SA MAC value appears SA MAC Value When User Defined is selected for the SA MAC filter you can enter a specific source MAC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this SA MAC value SA MAC Mask Specify whet...

Page 247: ...802 1p Display the current 802 1p value 802 1p Mask Display the current 802 1p mask Ethertype Display the current Ethernet type Modify Click to edit MAC based ACL parameter Click to delete MAC based ACL entry 4 10 3 IPv4 based ACL This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to...

Page 248: ...e following fields Object Description Delete Click to delete ACL name entry 4 10 4 IPv4 based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you selected The IPv4 based ACE screens in Figure 4 10 7 and Figure 4 10 8 appear ...

Page 249: ...NS3503 16P 4C User Manual Figure 4 10 7 IP based ACE Page Screenshot The page includes the following fields Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence ...

Page 250: ...ering a source IP address value appears Destination IP Address Value When User Defined is selected for the destination IP address filter you can enter a specific destination IP address The legal format is xxx xxx xxx xxx A frame that hits this ACE matches this destination IP address value Destination IP Wildcard Mask When User Defined is selected for the destination IP filter you can enter a speci...

Page 251: ... match this entry Unset TCP frames where the RST field is set must not be able to match this entry Don t Care Any value is allowed don t care SYN Specify the TCP Synchronize sequence numbers SYN value for this ACE Set TCP frames where the SYN field is set must be able to match this entry Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowe...

Page 252: ...status is don t care User Defined If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value Buttons Click to add ACE list Figure 4 10 8 IPv4 based ACE Table Page Screenshot The page includes the following fields Object ...

Page 253: ...4 based ACL entry 4 10 5 IPv6 based ACL This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations IPv6 based ACL screens in Figure 4 10 9 and Figure 4 10 10 appear Figure 4 10 9 IPv6 based ACL Page Screenshot The page includes the following fields Object Description ...

Page 254: ...iption Delete Click to delete ACL name entry 4 10 6 IPv6 based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you selected The IPv6 based ACE screens in Figure 4 10 11 and Figure 4 10 12 appear ...

Page 255: ...NS3503 16P 4C User Manual Figure 4 10 11 IP based ACE Page Screenshot The page includes the following fields Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence ...

Page 256: ...Value When User Defined is selected for the destination IP address filter you can enter a specific destination IP address The legal format is xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx A frame that hits this ACE matches this destination IP address value Destination IP Prefix Length When User Defined is selected for the destination IP filter you can enter a specific DIP prefix length in dotted decimal...

Page 257: ... match this entry Unset TCP frames where the RST field is set must not be able to match this entry Don t Care Any value is allowed don t care SYN Specify the TCP Synchronize sequence numbers SYN value for this ACE Set TCP frames where the SYN field is set must be able to match this entry Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowe...

Page 258: ... If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value Buttons Click to add ACE list Figure 4 10 12 IPv6 based ACE Table Page Screenshot The page includes the following fields Object Description ACL Name Display the...

Page 259: ...rameter Click to delete IPv6 based ACL entry 4 10 7 ACL Binding This page allows you to bind the Policy content to the appropriate ACLs The ACL Policy screens in Figure 4 10 13 and Figure 4 10 14 appears Figure 4 10 13 ACL Binding Page Screenshot The page includes the following fields Object Description Binding Port Select port for this drop down list ACL Select Select ACL list for this drop down ...

Page 260: ...dministrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC addres...

Page 261: ...splay the current port Delete Click to delete static MAC status entry 4 11 2 MAC Filtering By filtering MAC address the switch can easily filter the per configured MAC address and reduce the un safety The Static MAC Setting screens in Figure 4 11 3 and Figure 4 11 4 appear Figure 4 11 3 MAC Filtering Setting Page Screenshot The page includes the following fields Object Description MAC Address Phys...

Page 262: ...try Delete Click to delete static MAC status entry 4 11 3 Dynamic Address Setting By default dynamic entries are removed from the MAC table after 300 seconds The Dynamic Address Setting Status screens in Figure 4 11 5 and Figure 4 11 6 appear Figure 4 11 5 Dynamic Addresses Setting Page Screenshot The page includes the following fields Object Description Aging Time The time after which a learned e...

Page 263: ... MAC Table is sorted first by VLAN ID and then by MAC address The Dynamic Learned screens in Figure 4 11 6 and Figure 4 11 7 appear Figure 4 11 6 Dynamic Learned Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list VLAN Select VLAN for this drop down list MAC Address Physical address associated with this interface Buttons Refreshes the ...

Page 264: ...nformation Page Screenshot Object Description MAC Address The MAC address of the entry VLAN The VLAN ID of the entry Type Indicates whether the entry is a static or dynamic entry Port The ports that are members of the entry Buttons Click to add dynamic MAC address to static MAC address ...

Page 265: ... LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology 4 12 2 LLDP Global Setting This Page a...

Page 266: ...the switch is rebooted a LLDP shutdown frame is transmitted to the neighboring units signaling that the LLDP information isn t valid anymore Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds Transmit Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time betwe...

Page 267: ...Holdtime Multiplier Display the current holdtime multiplier Reinitialization Delay Display the current reinitialization delay Transmit Delay Display the current transmit delay LLDP MED Fast Start Repeat Count Display the current LLDP MED Fast Start Repeat Count 4 12 3 LLDP Port Setting Use the LLDP Port Setting to specify the message attributes for individual interfaces including whether messages ...

Page 268: ...n checked the Port Description is included in LLDP information transmitted System Description When checked the System Description is included in LLDP information transmitted System Capability When checked the System Capability is included in LLDP information transmitted 802 3 MAC PHY When checked the 802 3 MAC PHY is included in LLDP information transmitted 802 3 Link Aggregation When checked the ...

Page 269: ...us Selected Optional TLVs Display the current selected optional TLVs The VLAN Name TLV VLAN Selection and LLDP Port VLAN TLV Status screens in Figure 4 12 5 and Figure 4 12 6 appear Figure 4 12 5 VLAN Name TLV Selection Page Screenshot The page includes the following fields Object Description Port Select Select port for this drop down list VLAN Select Select VLAN for this drop down list Buttons Cl...

Page 270: ...AN Display the current selected VLAN 4 12 4 LLDP Local Device Use the LLDP Local Device Information screen to display information about the switch such as its MAC address chassis ID management IP address and port information The Local Device Summary and Port Status screens in Figure 4 12 7 and Figure 4 12 8 appear Figure 4 12 7 Local Device Summary Page Screenshot The page includes the following f...

Page 271: ...nt capabilities enabled Port ID Subtype Display the current port ID subtype Figure 4 12 8 Port Status Page Screenshot The page includes the following fields Object Description Interface The switch port number of the logical port LLDP Status Display the current LLDP status LLDP MED Status Display the current LLDP MED Status 4 12 5 LLDP Remove Device This page provides a status overview for all LLDP...

Page 272: ... Click to refresh LLDP remove device 4 12 6 MED Network Policy Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that...

Page 273: ... Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN The Voice A...

Page 274: ...s App Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling for use in network topologies that require a separate policy for the video sig...

Page 275: ...urrent application VLAN ID Display the current VLAN ID VLAN Tag Display the current VLAN tag status L2 Priority Display the current L2 priority DSCP Value Display the current DSCP value Buttons Click to delete LLDP MED network policy table entry 4 12 7 MED Port Setting The Port LLDP MED Configuration Port Setting Table screens in Figure 4 12 12 and Figure 4 12 13 appear Figure 4 12 12 Port LLDP ME...

Page 276: ...y result in voice quality degradation or complete service disruption Location This option advertises location identification details Inventory This option advertises device details useful for inventory management such as manufacturer model software version and other pertinent information MED Network Policy Select MED network policy for this drop down list Buttons Click to apply changes Figure 4 12...

Page 277: ...4 12 14 Port LLDP MED Configuration Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list Location Coordinate A string identifying the Location Coordinate that this entry should belong to Location Civic Address A string identifying the Location Civic Address that this entry should belong to Location ESC ELIN A string identifying the Loca...

Page 278: ...ludes the following fields Object Description Port The switch port number of the logical port Coordinate Display the current coordinate Civic Address Display the current civic address ESC ELIN Display the current ESC ELIN 4 12 8 LLDP Overloading The LLDP Port Overloading screen in Figure 4 12 16 appears ...

Page 279: ...ed or overloaded MED Capabilities Displays if the capabilities packets were transmitted or overloaded MED Location Displays if the location packets were transmitted or overloaded MED Network Policy Displays if the network policies packets were transmitted or overloaded MED Extended Power via MDI Displays if the extended power via MDI packets were transmitted or overloaded 802 3 TLVs Displays if th...

Page 280: ...and Figure 4 12 18 appear Figure 4 12 17 LLDP Global Statistics Page Screenshot The page includes the following fields Object Description Insertions Shows the number of new entries added since switch reboot Deletions Shows the number of new entries deleted since switch reboot Drops Shows the number of LLDP frames dropped due to that the entry table was full Age Outs Shows the number of entries del...

Page 281: ... down an LLDP shutdown frame is received or when the entry ages out RX Frame Error The number of received LLDP frames containing some kind of error RX TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded RX TLVs Unrecognized The number of well formed TLVs but with an unknown type...

Page 282: ...tics can run without disruption of the link or of any data transfer If the link is established in 100Base TX or 10Base T the Cable Diagnostics cause the link to drop while the diagnostics are running After the diagnostics are finished the link is reestablished And the following functions are available Coupling between cable pairs Cable pair termination Cable Length Note Cable Diagnostics is only a...

Page 283: ...e ICMP PING packets to troubleshoot IP connectivity issues The Managed Switch transmits ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply 4 13 3 Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues After you press Apply ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon...

Page 284: ...result Buttons Click to transmit ICMP packets Note Be sure the target IP Address is within the same network subnet of the switch or you have to set up the correct gateway IP address 4 13 4 IPv6 Ping Test This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Apply 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are dis...

Page 285: ...om the source device to the destination device so to check the network accessibility and locate the network failure Execution procedure of the Traceroute function consists of first a data packet with TTL at 1 is sent to the destination address if the first hop returns an ICMP error message to inform this packet can not be sent due to TTL timeout a data packet with TTL at 2 will be sent Also the se...

Page 286: ...MIB definitions used to define standard network monitor functions and interfaces enabling the communication between SNMP management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets MID of RMON consists of 10 groups The switch supports the most frequently used group 1 2 3 and 9 Statistics Maintain basic usage and error statistics for each s...

Page 287: ...ics This page provides a Detail of a specific RMON statistics entry RMON Statistics screen in Figure 4 14 1 appears Figure 4 14 1 RMON Statistics Detail Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list Drop Events The total number of events in which packets were dropped by the probe due to lack of resources Octets The total number o...

Page 288: ... The best estimate of the total number of collisions on this Ethernet segment 64 Bytes Frame The total number of packets including bad packets received that were 64 octets in length 65 127 Byte Frames The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 Byte Frames The total number of packets including bad packets received that were betwee...

Page 289: ...ncluding framing characters log The number of uni cast packets delivered to a higher layer protocol SNMP Trap The number of broad cast and multi cast packets delivered to a higher layer protocol Log and Trap The number of inbound packets that are discarded even the packets are normal Community Specify the community when trap is sent the string length is from 0 to 127 default is public Owner Indica...

Page 290: ...nt description Last Sent Time Display the current last sent time Owner Display the current event owner Action Click to delete RMON event entry 4 14 3 RMON Event Log This page provides an overview of RMON Event Log The RMON Event Log Table screen in Figure 4 14 4 appears Figure 4 14 4 RMON Event Log Table Page Screenshot The page includes the following fields Object Description Select Index Select ...

Page 291: ...ble variables are DropEvents The total number of events in which packets were dropped due to lack of resources Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Pkts The total number of frames bad broadcast and multicast received and transmitted BroadcastPkts The total number of good frames received that were directed to the broadcast address N...

Page 292: ...transmitted where the number of octets falls within the specified range excluding framing bits but including FCS octets Pkts256to511Octets The total number of frames including bad packets received and transmitted where the number of octets falls within the specified range excluding framing bits but including FCS octets Pkts512to1023Octets The total number of frames including bad packets received a...

Page 293: ...rrent interval Sample Type Display the current sample type Rising Threshold Display the current rising threshold Falling Threshold Display the current falling threshold Rising Event Display the current rising event Falling Event Display the current falling event Owner Display the current owner Action Click to delete RMON alarm entry 4 14 5 RMON History Configure RMON History table on this page The...

Page 294: ...he interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Owner Specify an owner for the history Buttons Click to apply changes Figure 4 14 8 RMON History Status Page Screenshot The page includes the following fields Object Description Index Display the current index Data Source Display the current data source Bucket Requested Display...

Page 295: ...easily build a power central controlled IP phone system IP camera system and AP group for the enterprise For instance cameras APs can be easily installed around the corner in the company for surveillance demands or build a wireless roaming environment in the office Without the power socket limitation the NS3503 UPoE Switch makes the installation of cameras or WLAN APs easier and more efficient PoE...

Page 296: ...s sightseeing spots airports hotels campuses factories and warehouses can install the Access Point anywhere 10 12 watts IP Surveillance Enterprises museums campuses hospitals and banks can install IP camera without the limit of the installation location Electrician is not needed to install AC sockets 3 60 watts PoE Splitter PoE Splitter splits the PoE DC over the Ethernet cable into 5 12 19 24V DC...

Page 297: ... implemented The PSU input power consumption is monitored by measuring voltage and current The input power consumption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activates additional ports as long as the aggregated power of the system is lower than the power level at which additional PDs cannot be connected When this value i...

Page 298: ...ts Consumption mode The system offers PoE power according to PD real power consumption Allocation mode Users allow to assign how much PoE power to each port and the system will reserve PoE power to PD Temperature Threshold Allows setting over temperature protection threshold value PoE Temperature Display the PoE chip temperature This section displays the PoE Power Usage of Current Power Consumptio...

Page 299: ...s are End Span Pins 1 2 pair 2 in both T568A and T568B form one side of the DC supply and pins 3 6 pair 3 in both T568A and T568B provide the return Mid Span Pins 4 5 pair 1 in both T568A and T568B form one side of the DC supply and pins 7 8 pair 4 in both T568A and T568B provide the return UPoE Pins 1 2 pair 2 in both T568A and T568B form one side of the DC supply and pins 3 6 pair 3 in both T568...

Page 300: ...Used W The Power Used shows how much power the PD currently is using Power Allocation It can limit the port PoE supply watts Per port maximum value must be less than 60 watts Total port values must be less than the Power Reservation value Once power overload is detected the port will auto shut down and keep in detection mode until PD s power consumption is lower than the power limit value Buttons ...

Page 301: ...ng worldwide and contributing to the environmental protection on the Earth the Managed PoE switch can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMB or Enterprise saving power and money Schedul...

Page 302: ...NS3503 16P 4C User Manual 300 The screen in Figure 4 16 5 appears Figure 4 16 5 PoE Schedule Screenshot ...

Page 303: ...by disabling it End Min Allows user to set what minute PoE function does by disabling it Reboot Enable Allows user to enable or disable the whole PoE port reboot by PoE reboot schedule Please note that if you want PoE schedule and PoE reboot schedule to work at the same time please use this function and don t use Reboot Only function This function offers administrator to reboot PoE device at an in...

Page 304: ... administrator management burden This page provides you with how to configure PD Alive Check The screen in Figure 4 16 6 appears Figure 4 15 6 PD Alive Check Configuration Screenshot The page includes the following fields Object Description Mode Allows user to enable or disable per port PD Alive Check function By default all ports are disabled Ping PD IP Address This column allows user to set PoE ...

Page 305: ...e via Syslog Alarm It means system will issue an alarm message via Syslog Reboot Time 30 180s This column allows user to set the PoE device rebooting time as there are so many kinds of PoE devices on the market and they have a different rebooting time The PD Alive check is not a defining standard so the PoE device on the market doesn t report reboot done information to the PoE Switch Thus user has...

Page 306: ...the configuration to Factory Defaults Figure 4 15 1 Factory Default Page Screenshot After the Factory button is pressed and rebooted the system will load the default IP settings as follows Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Gateway 192 168 0 254 The other setting value is back to disable or none Note To reset the Managed Switch to the Factory default setting you can also pr...

Page 307: ...m front panel 4 16 3 Backup Manager This function allows backup of the current image or configuration of the Managed Switch to the local management station The Backup Manager screen in Figure 4 16 3 appears Figure 4 16 3 Backup Manager Page Screenshot The page includes the following fields ...

Page 308: ...function allows reloading of the current image or configuration of the Managed Switch to the local management station The Upgrade Manager screen in Figure 4 16 4 appears Figure 4 16 4 Upgrade Manager Page Screenshot The page includes the following fields Object Description Upgrade Method Select upgrade method for this drop down list Server IP Fill in your TFTP server IP address File Name The name ...

Page 309: ... web page displays two tables with information about the active and backup firmware images The Dual Image Configuration and Information screens in Figure 4 16 5 and Figure 4 16 6 appear Figure 4 15 5 Dual Image Configuration Page Screenshot The page includes the following fields Object Description Active Image Select the active or backup image Buttons Click to apply active image Figure 4 16 6 Dual...

Page 310: ...The page includes the following fields Object Description Flash Partition Display the current flash partition Image Name Display the current image name Image Size Display the current image size Created Time Display the created time ...

Page 311: ... if the destination address is located at the same port as this packet then this packet will be filtered thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding technique A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer and does the complete error checking before transmission Therefore...

Page 312: ... when a connection is established with another network device usually at Power On or Reset This is done by detecting the modes and speeds when both devices are connected Both 10BASE T and 100BASE TX devices can connect with the port in either half or full duplex mode If attached device is 100BASE TX port will set to 10Mbps without auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10BA...

Page 313: ...ll duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port Why doesn t the Switch connect to the network Solution 1 Check the LNK ACT LED on the Managed Switch 2 Try another port on the Managed Switch 3 Make sure the cable is installed correctly 4 Make sure the cable is the right type 5 Turn off the power After a few moments turn...

Page 314: ...the PoE Ethernet Switch Make sure the cable is installed properly and make sure the cable is the right type Turn off the power After a few moments turn on the power again When I connect my PoE device to PoE Ethernet Switch it cannot be powered on Solution 1 Please check the cable type of the connection from the PoE Ethernet Switch port 1 to port 8 to the other end The cable should be an 8 wire UTP...

Page 315: ... 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ45 receptacle connector and their pin assignments RJ45 Connector pin assignment...

Page 316: ...hite Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 2 Crossover Cable SIDE 1 SIDE 2 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Oran...

Reviews:

No comments

Related manuals for NS3503-16P-4C

ABB NAL Series Mounting And Operation Manual preview
NAL Series
Brand: ABB Pages: 32
ABB VUBB User Manual preview
VUBB
Brand: ABB Pages: 44
ABB Sense7 Series Original Instructions Manual preview
Sense7 Series
Brand: ABB Pages: 15
Hama 78499 Operating Instructions Manual preview
78499
Brand: Hama Pages: 10
Hama 11467 Operating Instruction preview
11467
Brand: Hama Pages: 14
N-Tron 608MFX-ST Specifications preview
608MFX-ST
Brand: N-Tron Pages: 2
Qlogic SilverStorm 9000 Hardware Installation Manual preview
SilverStorm 9000
Brand: Qlogic Pages: 50
Quintum Tenor AXE1600 Specifications preview
Tenor AXE1600
Brand: Quintum Pages: 2
AVE 8PSWT Specification preview
8PSWT
Brand: AVE Pages: 2
protech 4PET0301SC User Manual preview
4PET0301SC
Brand: protech Pages: 4
GE POWER/VAC 4.16 Instructions Manual preview
POWER/VAC 4.16
Brand: GE Pages: 50
Scame electrical solutions ROCKER-EXGD Instructions For Installation, Use And Maintenance Manual preview
ROCKER-EXGD
Brand: Scame electrical solutions Pages: 68
Icy Box IB-HUB1410-C3 Quick Installation Manual preview
IB-HUB1410-C3
Brand: Icy Box Pages: 12
WilTec SKD-1 Operation Manual preview
SKD-1
Brand: WilTec Pages: 7
Duxbury Networking N.JGS516PE-100EUS Installation Manual preview
N.JGS516PE-100EUS
Brand: Duxbury Networking Pages: 4
Epcom KIT-TT4PVTURBO Quick Setup Manual preview
KIT-TT4PVTURBO
Brand: Epcom Pages: 2
Shinybow USA SB-5688CAK Instruction Manual preview
SB-5688CAK
Brand: Shinybow USA Pages: 32
Neol ePowerSwitch 1GR2 User Manual preview
ePowerSwitch 1GR2
Brand: Neol Pages: 47

Brands by name

Popular brands

Load more brands