manualshive.com logo in svg

Interlogix NS3550-8T-2S, User Manual

The Interlogix NS3550-8T-2S is a cutting-edge networking switch that offers exceptional performance and reliability. For quick and hassle-free setup, we provide a comprehensive Quick Installation Manual that you can easily download for free from our website. Get your manual now at manualshive.com and effortlessly configure your device.

Share
Download
background image

 

Chapter 4: Web management 

NS3550-8T-2S Industrial Managed Switch User Manual 

255 

Object 

Description 

Auto-negotiation 
capabilities 

Auto-negotiation Capabilities

 shows the link partner’s MAC/PHY 

capabilities. 

Buttons 

•  Click 

Auto-refresh

 to refresh the page automatically. Automatic refresh occurs 

every three seconds. 

•  Click 

Refresh

 to refresh the page immediately. 

Neighbor 

The LLDP Neighbor Information page provides a status overview for all LLDP 
neighbors. The displayed table contains a row for each port on which an LLDP 
neighbor is detected.  

 

The page includes the following fields: 

 

Object 

Description 

Local Port 

The port on which the LLDP frame was received. 

Chassis ID 

The identification of the neighbor's LLDP frames. 

Port ID 

The identification of the neighbor port. 

Port Description 

The port description advertised by the neighbor unit. 

System Name 

The name advertised by the neighbor unit. 

System Capabilities 

System Capabilities describes the neighbor unit's capabilities. The possible 
capabilities are: 

1. Other 

2. Repeater 

3. Bridge 

4. WLAN Access Point 

5. Router 

6. Telephone 

7. DOCSIS cable device 

8. Station only 

9. Reserved 

When a capability is enabled, the capability is followed by (+). If the 
capability is disabled, the capability is followed by (-). 

Management 
Address 

The neighbor unit's address that is used for higher layer entities to assist the 
discovery by the network management. This could, for instance, hold the 
neighbor's IP address. 

Summary of Contents for NS3550-8T-2S

Page 1: ...NS3550 8T 2S Industrial Managed Switch User Manual P N 1072687 EN REV E ISS 25JAN19 ...

Page 2: ... will be required to correct the interference at his own expense Canada This Class A digital apparatus complies with CAN ICES 003 A NMB 3 A Cet appareil numérique de la classe A est conforme à la norme CAN ICES 003 A NMB 3 A ACMA compliance Notice This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate me...

Page 3: ...7 Management access overview 27 Remote Telnet 28 Web management 29 SNMP based network management 30 Chapter 4 Web management 31 Main web page 33 System 34 Simple Network Management Protocol SNMP 60 Port management 70 Link aggregation 77 VLAN 84 Spanning Tree Protocol STP 110 Multicast 128 Quality of Service QoS 151 Access Control Lists ACL 174 Authentication 188 Security 222 MAC address table 238 ...

Page 4: ... Command 387 Ethernet Virtual Connections Command 388 Ethernet Protection Switching Command 392 Maintainence entity End Point Command 393 Quality of Service Command 400 Mirror Command 413 Configuration Command 415 Firmware Command 415 UPnP Command 416 MVR Command 417 Voice VLAN Command 421 Ethernet Ring Protection Switching Command 425 Loop Protect Command 430 IPMC Command 432 VLAN Control List Co...

Page 5: ...damages and regardless of whether any remedy fails of its essential purpose Installation in accordance with this manual applicable codes and the instructions of the authority having jurisdiction is mandatory While every precaution has been taken during the preparation of this manual to ensure the accuracy of its contents UTCFS assumes no responsibility for errors or omissions Advisory messages Adv...

Page 6: ...kage contents Open the box of the industrial managed switch and carefully unpack it The box should contain the following items The industrial managed switch 1 Quick installation guide 1 CD with user manual 1 DIN rail kit x 1 Wall mounting kit x 1 SFP dust proof cap x 2 RJ45 dust proof cap x 8 If any of these are missing or damaged contact your dealer immediately If possible retain the carton inclu...

Page 7: ...ls advanced Layer 2 to Layer 4 data switching and redundancy QoS traffic control network access control and authentication and secure management features to protect customer s industrial and building automation network connectivity with reliable switching recovery capability that is suitable for implementing fault tolerant and mesh network architectures Redundant ring fast recovery for critical ne...

Page 8: ...ission distance or the transmission speed required to extend the network efficiently The industrial managed switch supports the SFP DDM Digital Diagnostic Monitor function that can easily monitor real time parameters of the SFP for the network administrator such as optical output power optical input power temperature laser bias current and transceiver supply voltage Product features Physical port ...

Page 9: ...l based VLAN MAC based VLAN Voice VLAN Supports STP STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Supports link aggregation IEEE 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel static trunk Maximum five trunk groups up to 10 ports per trunk group Up to 20 Gbps...

Page 10: ... VLAN Registration MVR support Security Authentication IEEE 802 1x Port Based MAC Based network access authentication Built in RADIUS client to co operate with the RADIUS servers TACACS login users access authentication RADIUS TACACS users access authentication Access Control List ACL IPv4 IPv6 IP based ACL MAC based ACL Source MAC IP address binding DHCP snooping to filter distrusted DHCP message...

Page 11: ...CP relay DHCP Option 82 User privilege levels control NTP Network Time Protocol Link Layer Discovery Protocol LLDP and LLDP MED Network diagnostic Cable diagnostic technology provides the mechanism to detect and report potential cabling issues Reset button for system reboot or reset to factory default Product specifications Model Name NS3550 8T 2S Hardware Specifications Copper Ports Eight 10 100 ...

Page 12: ...Ports 1000 Orange LNK ACT Green Per SFP Interface 1000 Orange LNK ACT Green Dimensions 187 8 x 135 x 56 mm Weight 720 g Power Requirement DC 12 to 48 V 24 VAC power adapter Power Consumption 10 W 34 BTU full loading ESD Protection 6K VDC EFT Protection 6K VDC Layer 2 Functions Basic Management Interfaces Web browser Remote Telnet SNMP v1 v2c Secure Management Interfaces SSH SSL SNMPv3 Port Configu...

Page 13: ...LD v1 v2 snooping up to 255 multicast groups MLD querier mode support Access Control List IP based ACL MAC based ACL Up to 256 entries Bandwidth Control Per port bandwidth control Ingress 500 Kbps 1000 Mbps Egress 500 Kbps 1000 Mbps Standards Conformance Regulation Compliance FCC Part 15 Class A CE Stability Testing IEC60068 2 32 Free fall IEC60068 2 27 Shock IEC60068 2 6 Vibration Standards Compl...

Page 14: ...ersion 2 SNMP MIBs RFC 1213 MIB II IF MIB RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2933 IGMP STD MIB RFC3411 SNMP Frameworks MIB IEEE 802 1X PAE LLDP MAU MIB Environment Operating Temperature 40 to 75 C Relative Humidity 5 to 95 non condensing Storage Temperature 4...

Page 15: ...amiliarize yourself with its display indicators and ports Front panel illustrations in this chapter display the unit LED indicators Please read this chapter completely before connecting any network device to the industrial managed switch Hardware description The industrial managed switch provides three different running speeds 10Mbps 100Mbps and 1000Mbps and automatically distinguishes the speed o...

Page 16: ...Chapter 2 Installation 14 NS3550 8T 2S Industrial Managed Switch User Manual Physical dimensions Dimensions W x D x H 87 8 x 135 x 56 mm ...

Page 17: ...h User Manual 15 Front panel Reset button Located on the upper left side of the front panel the reset button is designed to reboot the industrial managed switch without turning the power off and on The following is the summary table of the reset button functions ...

Page 18: ...either power 1 or power 2 has no power Ring Green Lit indicates that the ERPS ring has been sucessfully created R O Green Lit indicates that the switch has enabled ring owner Per 10 100 1000Base T port LED Color Function LNK ACT Green Lit indicates the port has successfully connected to the network Blinking indicates that the switch is actively sending or receiving data over that port 1000 Orange ...

Page 19: ...e 1 The wire gauge for the terminal block should be in the range of 12 to 24 AWG 2 When performing any of the procedures such as inserting the wires or tightening the wire clamp screws make sure the power is OFF to avoid electrical shock Wiring the fault alarm contact The fault alarm contacts are in the middle 3 4 of the terminal block connector as the picture shows below Inserting the wires the i...

Page 20: ...aged switch please refer to the wall mount plate mounting section for wall mount plate installation 3 Power on the industrial managed switch please refer to the wiring the power inputs section for information about how to wire the power The power LED on the industrial managed switch illuminates Refer to the LED Indicators section for information about LED functionality 4 Prepare the twisted pair s...

Page 21: ...convection flow of hot air which rises and brings cold air in from the bottom and out of the top of the device Do not mount the switch horizontally as this does not allow air to flow up into the device and will result in damage to the switch Do not tie DC1 to DC2 DC2 is for secondary power redundancy Do not plug DC power into the device while the AC power cord is plugged in This is not a hot swapp...

Page 22: ...ation 20 NS3550 8T 2S Industrial Managed Switch User Manual 3 Ensure that the DIN rail is tightly attached to the track To remove the industrial managed switch from the track Carefully remove the DIN rail from the track ...

Page 23: ...he wall mount plate to hang the industrial managed switch on the wall 5 To remove the wall mount plate reverse the steps above Cabling 10 100 1000BASE T and 100BASE FX 1000BASE SX LX All 10 100 1000BASE T ports come with auto negotiation capability They automatically support 1000BASE T 100BASE TX and 10BASE T networks Users only need to plug a working network device into one of the 10 100 1000BASE...

Page 24: ...gle mode 1000BASE SX LX 50 125 µm or 62 5 125 µm multi mode 9 125 µm single mode LC multi single mode Ethernet devices like hubs and PCs can connect to the industrial managed switch by using straight through wires The two 10 100 1000Mbps ports are auto MDI MDI X and can be used on straight through or crossover cable Installing the SFP SFP transceiver SFP transceivers are hot pluggable and hot swap...

Page 25: ...to 122 F S25 1SLC B 20 LC 1 Single Mode 20 km 12 mi 1550 1310 nm 18 14 8 32 40 to 75 C 40 to 167 F Gigabit Ethernet 1000Base SX S30 2MLC LC 2 Multi mode 220 550 m 720 1800 ft 850 nm 7 5 9 5 1 17 0 to 50 C 32 to 122 F S35 2MLC LC 2 Multi mode 220 550 m 720 1800 ft 850 nm 7 5 14 8 17 40 to 75 C 40 to 167 F OM1 Multimode fiber 200 500 MHz km OM2 Multimode fiber 500 500 MHZ km Laser Rated for GbE LANs...

Page 26: ...122 F S30 1SLC B 60 LC 1 Single Mode 60 km 37 mi 1490 1310 nm 24 0 5 24 0 to 50 C 32 to 122 F Note High Power Optic There must be a minimum of 5 dB of optical loss to the fiber for proper operation Note We recommend the use of Interlogix SFPs on the industrial managed switch If you insert an SFP transceiver that is not supported the industrial managed switch will not recognize it Note Choose a SFP...

Page 27: ...le with one side being male duplex LC connector type To connect to a SFP transceiver use the single mode fiber cable with one side being male duplex LC connector type To connect the fiber cable 1 Attach the duplex LC connector on the network cable to the SFP transceiver 2 Connect the other end of the cable to a device with the SFP transceiver installed 3 Check the LNK ACT LED of the SFP slot on th...

Page 28: ...dustrial Managed Switch User Manual Note Never pull out the module without making use of the lever or the push bolts on the module Removing the module with force could damage the module and the SFP module slot of the industrial managed switch ...

Page 29: ...cols Workstations must have an Ethernet NIC Network Interface Card installed Ethernet port connection Use standard network UTP cables with RJ45 connectors Workstations must have a web browser and Java runtime environment plug in installed Note We recommend the use of Internet Explorer 8 0 or later to access the industrial managed switch Management access overview The industrial managed switch prov...

Page 30: ...the IP address and subnet mask May encounter lag times on poor connections SNMP agent Communicates with switch functions at the MIB level Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need to only know the community name Remote Telnet The command line user interface is for ...

Page 31: ...ork through a standard browser such as Microsoft Internet Explorer After setting up the IP address for the switch you can access the industrial managed switch s web interface applications directly in the web browser by entering the IP address of the industrial managed switch You can use a web browser to list and manage the industrial managed switch configuration parameters from one central locatio...

Page 32: ...management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method uses two community strings the get community string and the set community string If the SNMP Network Management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can o...

Page 33: ...ser has to explicitly modify the browser setting to enable Java Applets to use network ports The industrial managed switches can be configured through an Ethernet connection when the manager computer is set to the same IP subnet address as the industrial managed switch For example if the default IP address of the industrial managed switch is 192 168 0 100 then the administrator computer should be ...

Page 34: ...g login screen appears type the default username admin with password admin or the username and password you have changed via console to log into the main screen of the industrial managed switch 3 After typing the username and password the main UI screen appears The main menu on the left side of the web page permits access to all the functions and status provided by the industrial managed switch No...

Page 35: ...witch s ports The mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page Port status is indicated as follows State Disabled Down Link RJ45 Ports SFP Ports Main menu Using the web interface you can define system parameters manage and control the industrial managed switch and all its ports or monito...

Page 36: ...nistrative details of the industrial managed switch Under the System list the following topics are provided to configure and view the system information This list contains the following items System information The System Infomation page provides information on the current device such as the hardware MAC address software version and system uptime ...

Page 37: ... temperature System Date The current GMT system time and date The system time is obtained through the configured NTP server if present System Uptime The period of time the device has been operational Software Version The software version of the industrial managed switch Software Date The date when the industrial managed switch software was produced Select the Auto refresh check box to refresh the ...

Page 38: ...Address Provide the IP address of this switch in dotted decimal notation IP Mask Provide the IP mask of this switch dotted decimal notation IP Router Provide the IP address of the router in dotted decimal notation VLAN ID Provide the managed VLAN ID The allowed range is 1 through 4095 DNS Server Provide the IP address of the DNS Server in dotted decimal notation DNS Proxy When DNS proxy is enabled...

Page 39: ...or example fe80 235 c5ff fe03 4cd7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 Prefix Provide the IPv6 Prefix of this switch The allowed range is 1 to 128 Router Provide the IPv6 gateway address of this switch IPv6 a...

Page 40: ...he allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e it is granted full control of the device Other values need to refer to each group privilege level User privileges should be the same or greater than the group privilege level to have access to that group By default most groups privilege level 5 has read only access and privilege level 10 has read write acce...

Page 41: ...groups privilege level 5 has read only access and privilege level 10 has read write access System maintenance software upload factory defaults etc requires user privilege level 15 Generally privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Buttons Click Save to save changes Click Reset to undo any ch...

Page 42: ...dustrial Managed Switch User Manual Privilege levels This page provides an overview of the privilege levels After setup is complete click the Apply button and log in to the web interface with the new user name and password The following appears ...

Page 43: ...m Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every privilege level group has an authorization level for the following sub groups Configuration read only Configuration execute read write Status statistics read only Status statistics read write e g for clear...

Page 44: ...epresented as eight fields of up to four hexadecimal digits with a colon separating each field Example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses an IPv4 address for example 192 1 2 34 Buttons Click Save to save changes Click Reset to undo any changes ...

Page 45: ...he Daylight Saving Time configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Start Time Settings Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting...

Page 46: ...ckets to the CPU The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range from 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control poi...

Page 47: ...ment policies Specifically the option works by setting two sub options Circuit ID option 1 This sub option should include information specific to which circuit the request came in on Remote ID option 2 This sub option is designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is four bytes in length and the format is vlan_id module_id...

Page 48: ...e operation When enabling DHCP relay information mode operation the agent inserts specific information option82 into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client It only works when DHCP relay operation mode is enabled Disabled Disable DHCP relay information mode operation Relay Information Policy Indicates the DHCP relay informat...

Page 49: ... Receive Bad Circuit ID The number of packets in which the Circuit ID option does not match with the known circuit ID Receive Bad Remote ID The number of packets in which the Remote ID option does not match with the known Remote ID Client statistics Object Description Transmit to Client The number of packets relayed from server to client Transmit Error The number of packets erroneously sent to ser...

Page 50: ...d and 10 second intervals The last 120 samples are graphed and the last numbers are displayed as text as well To display the SVG graph the browser must support the SVG format Consult the SVG Wiki for more information on browser support as a plugin may be required Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Note If the bro...

Page 51: ...e following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to immediatel...

Page 52: ...s the following fields Object Description ID The ID 1 of the system log entry Message The message of the system log entry Buttons Click Download to download the system log entry to the current entry ID Click Refresh to update the system log entry to the current entry ID Click I to update the system log entries starting from the first available entry ID Click to update the system log entries ending...

Page 53: ... it does not provide acknowledgments The syslog packet is always sent out even if the syslog server does not exist Selections include Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation Syslog Server IP Indicates the IPv4 host address of syslog server If the switch provides the DNS feature it also can be a host name Syslog Level Indicates what kind of message ...

Page 54: ...ype the sender s email address This address is used for reply emails E mail Subject Type the subject title of the email E mail 1 To E mail 2 To Type the receiver s email address Buttons Click test to send a test mail to the mail server to indicate if the account is available Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values EEE power redu...

Page 55: ...m latency of 48 us plus the wakeup time If required it is possible to minimize the latency for specific frames by mapping the frames to a specific queue done with QOS and then mark the queue as an urgent queue When an urgent queue acquires data to be transmitted the circuits will be powered up at once and the latency will be reduced to the wakeup time EEE works for ports in auto negotiation mode w...

Page 56: ...are Upload Progress displays the file with upload status 4 After the software is uploaded to the system successfully the following screen appears The system loads the new software after reboot Note DO NOT Power OFF the industrial managed switch until the update progress is completed Note Do not quit the Firmware Upgrade page without clicking the OK button after the image is loaded Otherwise the sy...

Page 57: ...ot quit the Firmware Upgrade page without clicking the OK button after the image is loaded Otherwise the system won t apply the new firmware and the user has to repeat the firmware upgrade process Configuration backup This page permits backup and reload of the current industrial managed switch configuration to the local management station The Save configuration except IP Address feature is almost ...

Page 58: ...tags identify a group of parameters typically a table Parameter tags mode entry etc These tags identify parameters for the specific section module and group The entry tag is used for table entries Configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including syntax descriptions is included in the file The file may then...

Page 59: ...nfiguration upload This Configuration Upload page permits backup and reload of the current configuration of the industrial managed switch to the local management station 1 Click Browse The Choose file window appears 2 Select the configuration file and then click Open 3 Click Upload ...

Page 60: ...he primary image or by manual intervention uploading a new firmware image to the device will activate the primary image slot and use it instead 2 The firmware version and date information may be empty for older firmware releases This does not constitute an error The page includes the following fields Object Description Image The flash index name of the firmware image The name of primary preferred ...

Page 61: ...out resetting the configuration Note To reset the industrial managed switch to the factory default setting you can also press the hardware reset button at the front panel for more than 10 seconds After the device is rebooted all configurations will be loaded to default setting including the IP address You can log in to the management web interface within the same subnet of 192 168 0 xx System rebo...

Page 62: ...ns NMSs Sometimes called consoles these devices execute management applications that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fast CPUs megapixel color displays substantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elemen...

Page 63: ...ormation is sent The community name is used to identify the group An SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are Write private Read public Use the SNMP Menu to display or configure the industrial managed switch s SNMP function This section has the f...

Page 64: ...v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported version 3 Read Community Indicates the community read access string to permit access to the SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when the SNMP version is SNMPv1 or SNMPv2c If the SNMP version is SNMPv3 the community string wi...

Page 65: ...ation Disabled Disable SNMP trap mode operation Trap Version Indicates the SNMP trap supported version Selections include SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported version 3 Trap Community Indicates the community access string when sending the SNMP trap packet The allowed string length is 0 to 255 and the allowed content i...

Page 66: ...anges Click Reset to undo any changes made locally and revert to previously saved values SNMP system information The switch system information is provided in the System Information Configuration page The page includes the following fields Object Description System Contact The textual identification of the contact person for this managed node and information on how to contact this person The allowe...

Page 67: ...mmunity The page includes the following fields Object Description Delete Select the check box to delete the entry It will be deleted during the next save Community Name Indicates the security name to map the community to the SNMP Groups configuration The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Source IP Indicates the SNMP access source address A ...

Page 68: ...stem engine ID then it is local user otherwise it is a remote user User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Selections include NoAuth NoPriv None authentication and none privacy Auth NoPriv ...

Page 69: ...llowed content is the ASCII characters from 33 to 126 Buttons Click Add New Entry to add a new user entry Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values SNMPv3 groups Configure SNMPv3 groups on the SMNPv3 Group Configuration page The entry index keys are Security Model and Security Name The page includes the following fields Object Des...

Page 70: ...the following fields Object Description Delete Select Delete to delete the entry It will be deleted during the next save View Name A string identifies the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 View Type Indicates the view type that this entry should belong to Selections include included An opti...

Page 71: ... 33 to 126 Security Model Indicates the security model that this entry should belong to Selections include any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Selections include NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentic...

Page 72: ...gures port connection settings Port Statistics Overview Lists Ethernet and RMON port statistics Port Statistics Detail Lists Ethernet and RMON port statistics SFP Module Information Displays SFP information Port Mirror Sets the source and target ports for mirroring Port configuration Ports can be configured on the Port Configuration page The page includes the following fields Object Description Po...

Page 73: ...se frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 bytes Excessive Collision Mode Configu...

Page 74: ...mber of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Buttons Click Refresh to refresh the page immediately Click Clear to clear the counters for all ports Select the Auto refresh check box to enable an automatic refresh of the page at regular intervals Port statistics detail The Port Statistics Detail page provides d...

Page 75: ...mitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that has an opcode indicating a PAUSE operation Receive and transmit size counters The number of ...

Page 76: ...are frames that are longer than the configured maximum frame length for this port Transmit error counters Object Description Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Buttons Click Refresh to refresh the page immediately Click Clear to clear the counters for all ports Select the Auto refre...

Page 77: ...ately Select the Auto refresh check box to enable an automatic refresh of the page at regular intervals Port mirror Configure port mirroring on the Mirror RMirror Configuration Table page This function provides the monitoring of network traffic that forwards a copy of each incoming or outgoing packet from one port of a network switch to another port where the packet can be studied It enables the m...

Page 78: ... User Manual The traffic to be copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Mirror port configuration ...

Page 79: ...her to form a single Link Aggregated Group LAG Port aggregation multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Each LAG is composed of ports of the same speed set to full duplex operations Ports in a LAG can be of different media types UTP Fiber or different fiber types provided they operate at the same speed Aggregated links can be assigned ma...

Page 80: ...nk aggregation note that The ports used in a link aggregation must all be of the same media type RJ45 100 Mbps fiber The ports that can be assigned to the same link aggregation have certain other restrictions see below Ports can only be assigned to one link aggregation The ports at both ends of a connection must be configured as link aggregation ports None of the ports in a link aggregation can be...

Page 81: ...nk aggregations may be configured for the device they are only limited by the quantity of ports on the device To configure a proper traffic distribution the ports within a link aggregation must use the same link speed Static aggregation The Aggregation Mode Configuration page is used to configure the aggregation hash mode and the aggregation group The aggregation hash mode settings are global wher...

Page 82: ...roup ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons Click Save to save changes Click Reset to undo any changes made locally a...

Page 83: ... group while ports with different keys cannot Role The Role shows the LACP activity status The Active selection transmits LACP packets each second while the Passive setting waits for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast transmits LACP packets each second while the Slow selection provides a wait for 30 seconds before...

Page 84: ...gr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The key that the partner has assigned to this aggregation ID Partner Priority The priority of the aggregation partner Last changed The time since this aggregation changed Local Ports Shows which ports are a part of this aggregation for this switch Buttons Click Refresh to to refresh the page immediately Select...

Page 85: ... occurs its LACP status is disabled Key The key is assigned to this port Only ports with the same key can aggregate together Aggregation ID The aggregation ID assigned to this aggregation group Partner System ID The partner s system ID MAC address Partner Port The partner s port number connected to this port Partner Priority The partner s port priority Buttons Click Refresh to to refresh the page ...

Page 86: ...he network into different broadcast domains so that packets are forwarded only between ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily VLAN can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains A VLAN is a collection of end nodes grouped by logic instead of physical location End nodes that fre...

Page 87: ...etwork nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify networ...

Page 88: ...ches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header 802 1Q VLAN tags There are four additional octets inserted after the source MAC address as shown in the follo...

Page 89: ...rts are also assigned a PVID for use within the switch If no VLANs are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID of the port on which they were received Forwarding decisions are based upon this PVID in so far as VLANs are concerned Tagged packets are forwarded according to the VID contained within the tag Tagge...

Page 90: ...r if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then this port should be added to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing t...

Page 91: ...managed switch port VLAN This page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is also configured on this page All untagged packets arriving to the device are tagged by the port s PVID Managed switch nomenclature IEEE 802 1Q tagged and untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged Tagged Ports with tagging ena...

Page 92: ...rames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might be mixed A...

Page 93: ...ommon MAN space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 is used for service provider tags In cases where a given service VLAN only has two member ports on the switch the learning can be disabled for the particular VLAN and can therefore rely on flooding as the forwarding mechanism between the two ports This wa...

Page 94: ...rames untagged frames received on the port are discarded By default the field is set to All Link Type Allow 802 1Q Untagged or Tagged VLAN for selected port When adding a VLAN to selected port it tells the switch whether to keep or remove the tag from a frame on egress Untag outgoing frames without VLAN Tagged Tagged outgoing frames with VLAN Tagged Q in Q Mode Sets the industrial managed switch t...

Page 95: ...acters or numbers The VLAN name should contain at least one alpha character The VLAN name can be edited for the existing VLAN entries or it can be added to the new entries Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN select a check box To remove or exclude the port from the VLAN deselect a check box By default no ports are members and al...

Page 96: ... Description VLAN ID Indicates the ID of this particular VLAN Port Members The VLAN Membership Status Page shows the current VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users is selected it shall show this information for all the VLAN Users and this is the default VLAN membership allows the frames classified to the VLAN...

Page 97: ...VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Buttons Select VLAN Users from the Combined drop down list Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately Click I to update the table s...

Page 98: ...d UVID Shows UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side Conflicts Shows status of Conflicts whether exists or Not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur Functional Conflicts between feature Conflicts due to hardware limitation Direct conflict between user modules Buttons Selec...

Page 99: ...ate VLAN to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are not accepted and a warning message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The private VL...

Page 100: ...de world and with database servers on the inside segment but are not allowed to communicate with each other For private VLANs to be applied the switch must first be configured for standard VLAN operation When this is in place one or more of the configured VLANs can be configured as private VLANs Ports in a private VLAN fall into one of these two groups Promiscuous ports Ports from which traffic ca...

Page 101: ... in a private VLAN A port member of a VLAN can be isolated to other isolated ports on the same VLAN and private VLAN The page includes the following fields Object Description Port Members A check box is provided for each port of a private VLAN When selected port isolation is enabled on that port When deselected port isolation is disabled on that port By default port isolation is disabled on all po...

Page 102: ...e industrial managed switches VLAN Group VID Untagged Members Tagged Members VLAN Group 1 1 Port 7 Port 10 N A VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 Port 5 Port 6 The scenario is described as follows Untagged packet entering VLAN 2 1 While PC 1 an untagged packet enters Port 1 the industrial managed switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will receive the packet thro...

Page 103: ...While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 Note For this example set VLAN Group 1 as the default VLAN but only focus on VLAN 2 and VLAN 3 traffic flow Setup steps 1 Create VLAN group Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN member VLAN 2 Port 1 Port 2 and Port 3...

Page 104: ...d Port 6 PVID 3 Port 7 Port 24 PVID 1 5 Enable VLAN Tag for specific ports Link Type Port 3 VLAN 2 and Port 6 VLAN 3 VLAN trunking between two 802 1Q aware switches In most cases they are used for Uplink to other switches VLANs are separated at different switches but they need access to other switches within the same VLAN group ...

Page 105: ... VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 The following steps focus on the VLAN trunk port configuration 1 Specify Port 8 to be the 802 1Q VLAN Trunk port 2 Assign Port 8 to both VLAN 2 and VLAN 3 on the VLAN Member configuration page 3 Define a VLAN 1 as a Public Area that overlaps with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to being the m...

Page 106: ... VLAN 3 are not able to access the other VLAN 6 Repeat Steps 1 to 5 by setting up the VLAN trunk port at the partner switch and add more VLANs to join the VLAN trunk Repeat Steps 1 to 3 to assign the trunk port to the VLANs Port isolate The diagram below shows how the industrial managed switch handles isolated and promiscuous ports and how computers are not able to access the each other s isolated...

Page 107: ...ge appears 2 Assign VLAN Member VLAN 1 Port 1 Port 2 Port 5 and Port 3 VLAN 2 Port 3 Port 6 The Private VLAN Membership Configuration page appears MAC based VLAN The MAC based VLAN entries can be configured on the MAC based VLAN Membership Configuration page This page allows for adding and deleting MAC based VLAN entries and assigning the entries to different ports This page shows only static entr...

Page 108: ...ured for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled when clicking Save A MAC based VLAN without any port members will be deleted when clicking Save The Delete button can be used to undo the addition of new MAC based VLANs Buttons Click Add New Entry to add a new MAC based VLAN entry ...

Page 109: ...embers of the MAC based VLAN entry Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately Protocol based VLAN The Protocol to Group Mapping Table page permits the addition of new protocols to the Group Name unique for each Group mapping entries and allows you to see and delete entries al...

Page 110: ...x00 0xff b PID If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if valu...

Page 111: ...ates the ID to which the group name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each group name to VLAN ID mapping To include a port in a mapping select the box To remove or exclude the port from the mapping make sure the box is deselected By default no ports are members and all boxes are deselected Adding a New Group to VLAN m...

Page 112: ...P is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the spanning tree algorithm and protocol are a com...

Page 113: ...cted Creating a stable STP topology The goal is to make the root port the fastest link If all switches have STP enabled with default settings the switch with the lowest MAC address in the network becomes the root switch By increasing the priority lowering the priority number of the best switch STP can be forced to select the best switch as the root switch When STP is enabled using the default para...

Page 114: ...ansitions from one state to another as follows From initialization switch boot to blocking From blocking to listening or to disabled From listening to learning or to disabled From learning to forwarding or to disabled From forwarding to disabled From disabled to blocking You can modify each port state by using management software When STP is enabled every port on every switch in the network goes t...

Page 115: ...MAC Priority A relative priority for each switch lower numbers give a higher priority and a greater chance of a given switch being elected as the root bridge 32768 Hello Time The length of time between broadcasts of the hello message by the switch 2 seconds Maximum Age Timer Measures the age of a received BPDU for a port and ensures that the BPDU is discarded when its age exceeds the value of the ...

Page 116: ... Max Age The max age can be from 6 to 40 seconds At the end of the max age if a BPDU has still not been received from the root bridge the switch starts sending its own BPDU to all other switches for permission to become the root bridge If the switch has the lowest bridge identifier it will become the root bridge Forward Delay Timer The forward delay can be from 4 to 30 seconds This is the time any...

Page 117: ...ation of the most current bridge and port settings Now if switch A broadcasts a packet to switch C then switch C drops the packet at port 2 and the broadcast ends there Setting up STP using values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to ch...

Page 118: ... is the blocked link STP system configuration The STP Bridge Configuration page permits configuration of the STP system settings The settings are used by all STP bridge instances in the switch The industrial managed switch supports the following spanning tree protocols Compatible Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Span...

Page 119: ...to forwarding used in STP compatible mode Valid values are in the range of 4 to 30 seconds Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Dela...

Page 120: ...re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time that has to pass before a port in the error disabled state can be enabled Valid values are between 30 and 86400 seconds 24 hours Note The industrial managed switch implements the rapid spanning protocol as the default spanning tree protocol When selecting Compatibles mode the s...

Page 121: ... The switch port currently assigned the root port role Root Cost Root Path Cost For the root bridge this is zero For all other bridges it is the sum of the port path costs on the least cost path to the root bridge Topology Flag The current state of the topology change flag for this bridge instance Topology Change Last The time since the last topology change occurred Buttons Select the Auto refresh...

Page 122: ...can be entered The path cost is used when establishing the active topology of the network Lower path cost ports can be chosen as forwarding ports in favor of higher path cost ports Valid values are in the range of 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 All means all...

Page 123: ...o a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently BPDU Guard If enabled causes the port to disable itself upon receiving valid BPDU s Contrary to the similar bridge setting the port Edge status does not effect this setting A por...

Page 124: ...EEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Default STP path costs Port Type Link Type IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 2 000 000 1 000 000 500 000 Fast Ethernet Half Duplex Full Duplex Trunk 200 00...

Page 125: ... priority Lower numerical values have higher priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a bridge identifier Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values MSTI configuration The MSTI Configuration page permits the user to inspect and change the current...

Page 126: ...Chapter 4 Web management 124 NS3550 8T 2S Industrial Managed Switch User Manual ...

Page 127: ...e VLANs not explicitly mapped VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with a comma and or space A VLAN can only be mapped to one MSTI A unused MSTI should be left empty i e not have any VLANs mapped to it Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values MSTI ports configuration The MSTI Port...

Page 128: ...h cost incurred by the port The Auto setting sets the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 ...

Page 129: ...s the following fields Object Description Port The switch port number of the logical STP port CIST Role The current STP port role of the ICST port The port role can be one of the following values AlternatePort BackupPort RootPort DesignatedPort CIST State The current STP port state of the CIST port The port state can be one of the following values Disabled Blocking Learning Forwarding Non STP Upti...

Page 130: ... legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Select the Auto refresh check box to ref...

Page 131: ...ed to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as queried This router then keeps track of the membership of the multicast groups that have active members The information received from IGMP is then used to determine wh...

Page 132: ...Chapter 4 Web management 130 NS3550 8T 2S Industrial Managed Switch User Manual Multicast flooding IGMP snooping multicast stream control ...

Page 133: ... membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGM...

Page 134: ...ices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests to any upstream multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet IGMP snooping config...

Page 135: ...oping is enabled When IGMP snooping is disabled unregistered IPMCv4 traffic flooding is always active IGMP SSM Range SSM Source Specific Multicast range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Leave Proxy Enable Enable IGMP leave proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enable...

Page 136: ...outer being connected to this port Use this mode when connecting other IGMP multicast servers directly to the non querier industrial managed switch and you don t want the multicast stream to be flooded to the uplink switch through the port that connected to the IGMP querier Fast Leave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to which a switch port ...

Page 137: ... indicates the IGMP control frame priority level generated by the system These values can be used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest The default interface priority value is 0 RV Robustness Variable The RV permits tuning for the expected packet loss on a network The allowed range is 1 to 255 The default robustness variable value is 2 QI Query ...

Page 138: ...rt and IGMP throttling limits the number of simultaneous multicast groups a port can join The IGMP Snooping Port Group Filtering Configuration page permits assigning a profile to a switch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile can contain one or more or a range of multicast addresses However only one profile can be assigned to a port Wh...

Page 139: ...ring the next save Port The logical port for the settings Filtering Group The IP multicast group that will be filtered Buttons Click Add New Filtering Group to add a new entry to the Group Filtering table Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values IGMP snooping status The IGMP Snooping Status page provides IGMP snooping status ...

Page 140: ...ts that are acting as router ports Port Switch port number Status Indicates whether or not the specific port is a router port Buttons Click Refresh to refresh the page immediately Click Clear to clear all statistics counters Select Auto refresh to automatically refresh the page every three seconds IGMP group information Entries in the IGMP group table are shown in the IGMP Snooping Group Informati...

Page 141: ...y shown IGMPv3 information Entries in the IGMP SFM Source Filtered Multicast information table are shown on the IGMP SFM Information page The table also contains SSM Source Specific Multicast information The table is sorted first by VLAN ID then by group and then by port number Different source addresses that belong to the same group are treated as a single entry Each page shows up to 99 entries f...

Page 142: ...esses for filtering to 128 Type Indicates the type It can be either Allow or Deny Hardware Filter Switch Indicates if the data plane destined to the specific group address from the source IPv4 address can be accomodated by the chip Buttons Select Auto refresh to automatically refresh the page every three seconds Click Refresh to refresh the table starting from the input fields Click I to update th...

Page 143: ...which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation acts as a router port Selections are Auto Fix Fone and the default compatibility value is Auto All means all ports will have one specific setting Fast Leave Enable fast leave on...

Page 144: ...n general queries sent by the querier The allowed range is 1 to 31744 seconds The default query interval is 125 seconds QRI Query Response Interval This is the maximum response time used to calculate the maximum resp code inserted into the periodic general queries The allowed range is 0 to 31744 in tenths of seconds The default query response interval is 100 in tenths of seconds 10 seconds LLQI La...

Page 145: ...hrottling limits the number of simultaneous multicast groups a port can join The MLD Snooping Port Filtering Profile Configuration page permits assigning a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses However only one profile can be assigned to a port When enabled MLD...

Page 146: ...will be deleted during the next save Port The logical port for the settings Filtering Group The IP Multicast Group that will be filtered Buttons Click Add New Filtering Group to add a new entry to the Group Filtering table Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values MLD snooping status The MLD Snooping Status page provides MLD snoop...

Page 147: ...ports that are acting as router ports Port Switch port number Status Indicates whether or not the specific port is a router port Buttons Click Refresh to refresh the page immediately Click Clear to clear all statistics counters Select Auto refresh to automatically refresh the page every three seconds MLD group information Entries in the MLD group table are shown in the MLD Snooping Group Informati...

Page 148: ...urrently shown MLDv2 information Entries in the MLD SFM Source Filtered Multicast information table are shown on the IGMP SFM Information page The table also contains SSM Source Specific Multicast information The table is sorted first by VLAN ID then by group and then by port number Different source addresses that belong to the same group are treated as single entry Each page shows up to 99 entrie...

Page 149: ...tarting from the input fields Click I to update the table starting from the first entry in the MLD SFM information table Click to update the table starting with the entry after the last entry currently shown MVR Multicast VLAN Registration The MVR feature enables multicast traffic forwarding on the Multicast VLANs In a multicast television application a computer or a network television or a set to...

Page 150: ...Chapter 4 Web management 148 NS3550 8T 2S Industrial Managed Switch User Manual The MVR Configurations page provides MVR related configuration information ...

Page 151: ...of operation In Dynamic mode default setting MVR allows dynamic MVR membership reports on source ports In Compatible mode MVR membership reports are forbidden on source ports Tagging Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged default setting with the MVR VID Priority Specify how the traversed IGMP MLD control frames will be sent in a prioritized manner...

Page 152: ...status The MVR Statistics page provides MVR status The page includes the following fields Object Description VLAN ID The multicast VLAN ID IGMP MLD Queries Received The number of received queries for IGMP and MLD respectively IGMP MLD Queries Transmitted The number of transmitted queries for IGMP and MLD respectively IGMPv1 Joins Received The number of received IGMPv1 joins IGMPv2 MLDv1 Reports Re...

Page 153: ...up table The Start from VLAN and Group Address fields permit the user to select the starting point in the MVR group table The page includes the following fields Object Description VLAN ID VLAN ID of the group Groups Group ID of the group shown Port Members Ports under this group Buttons Select Auto refresh to automatically refresh the page every three seconds Click Refresh to refresh the table sta...

Page 154: ...on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The industrial managed switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP Traffic prioritization bits within an IP header that are encoded by certain applications and or devices ...

Page 155: ...ies Enable Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control ...

Page 156: ...iption Port The logical port for the settings contained in the same row Click on the port number to configure the shapers For more details refer to Understanding QoS on page 151 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps QoS egress port schedule and shapers The port scheduler and shapers for a specific port are configur...

Page 157: ...or Mbps The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth Queue Scheduler Weight Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter only appears if Scheduler Mode is set to Weighted Queue Scheduler Percent Shows the weight in percent for this queue This parameter only appears if Sched...

Page 158: ...ontrols the default class of service All frames are classified to a QoS There is a one to one mapping between CoS queue and priority A QoS class of 0 zero has the lowest priority All means all ports will have one specific setting DP Level Controls the default drop precedence level All frames are classified to a drop precedence level If the port is VLAN aware and the frame is tagged then the frame ...

Page 159: ...e the frame is classified to the default DEI value All means all ports will have one specific setting Tag Class Shows the classification mode for tagged frames on this port Disabled Use default CoS and DPL for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode to configure the mode and or mapping DSCP Based Select DSCP Based to enable DSCP based QoS ingres...

Page 160: ... PCP DEI to QoS class DP level values when Tag Classification is set to Enabled Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Cancel to return to the previous page Port scheduler The QoS Egress Port Schedulers page provides an overview of the QoS egress port schedulers for all switch ports The page includes the following...

Page 161: ...ort for the settings contained in the same row Click on the port number to configure tag remarking For further details refer to QoS egress port tag remarking below Mode Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level QoS egress port tag remarking The QoS Egress Port Tag Remar...

Page 162: ...I Configuration Controls the default PCP and DEI values used when the mode is set to Default QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS class DP level to PCP DEI values when the mode is set to Mapped Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Cancel to return to the previous page ...

Page 163: ...n window for the specific DSCP All Classify all DSCP Egress Selections for Rewrite are as follows Disable No egress rewrite Enable Rewrite enabled without remapping Remap DP Unaware DSCP from the analyzer is remapped and the frame is remarked with the remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from the analyzer i...

Page 164: ...rols whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS Class values can be between 0 7 DPL Drop Precedence Level 0 1 Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved value...

Page 165: ...ollowing fields Object Description DSCP The maximum number of supported DSCP values is 64 and valid DSCP values range from 0 to 63 Ingress The Ingress side of DSCP can be first translated to new DSCP before using the DSCP for the QoS class and DPL map There are two configuration parameters for DSCP Translation Translate Classify Translate DSCP at the Ingress side can be translated to any of 0 63 D...

Page 166: ...ues will assign to whole DSCP values Select the DSCP value from select menu to which you want to remap DSCP value ranges from 0 to 63 Remap DP1 The Configuration All with available values will assign to whole DSCP values Select the DSCP value from select menu to which you want to remap DSCP value ranges from 0 to 63 Buttons Click Save to save changes Click Reset to undo any changes made locally an...

Page 167: ...ribes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The page includes the following fields Object Description QCE Indicates the index of QCE Port Indicates the list of ports configured with the QCE DMAC Specify the type of Destination MAC addresses for incoming frames Selections include Any All types of Destination...

Page 168: ...pe 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE only matches IPV4 frames IPv6 The QCE only matches IPV6 frames Action Indicates the classification action taken on the ingress frame if the parameters configured match with the frame s content Action fields include Class Classified QoS class DPL Classified Drop Precedence Level DSCP Classifie...

Page 169: ...fault value DSAP Address DSAP Destination Service Access Point selections are 0x00 to 0xFF or Any default value Control Address Control Address selections are 0x00 to 0xFF or Any default value SNAP PID PID a k a Ethernet type elections are 0x00 to 0xFFFF or Any default value IPv4 Protocol IP protocol number 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP...

Page 170: ... previous page without saving the configuration change QCL status The QoS Control List Status page shows the QCL status by different QCL users Each row describes the QCE that is defined A conflict occurs if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch The page includes the following fields Object Description User Indicat...

Page 171: ... the conflict status of QCL entries when hardware resources are shared by multiple applications It may happen that resources required to add a QCE may not be available in which case it shows conflict status as Yes otherwise it is always No Conflict can be resolved by releasing the hardware resources required to add the QCL entry by clicking the Resolve Conflict button Buttons Select the QCL status...

Page 172: ...he queue policers are enabled Unit Controls the unit of measure for the queue policer rate as kbps or Mbps This field is only shown if at least one of the queue policers are enabled Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Storm control configuration Storm control for the switch is configured on the Storm Control Configur...

Page 173: ...le or disable the storm control status for the given frame type Rate The rate unit is packets per second pps Valid values are 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1024K 2048K 4096K 8192K 16384K or 32768K Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values QoS statistics The Queuing Counters page provid...

Page 174: ...lear to clear the counters for all ports Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Voice VLAN configuration The Voice VLAN Configuration page contains the Voice VLAN feature This enables voice traffic forwarding on the Voice VLAN permitting the switch to classify and schedule network traffic We recommended that there be two VLA...

Page 175: ...LAN port mode Selections include Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects if there is a VoIP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN All All ports will have one specific setting Port Security Indicates the Voice VLAN port security mode When the function is enabled all non telephone MAC a...

Page 176: ...g length is 0 to 32 Buttons Click Add New Entry to add a new access management entry Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Access Control Lists ACL ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific tra...

Page 177: ... The page includes the following fields Object Description User Indicates the ACL user Ingress Port Indicates the ingress port of the ACE Values include All The ACE matches all ingress ports Port The ACE matches a specific ingress port Frame Type Indicates the frame type of the ACE Values are Any The ACE matches any frame type EType The ACE matches Ethernet Type frames Note that an Ethernet Type b...

Page 178: ...ACE The specific ACE is not applied to the hardware due to hardware limitations Buttons Select the ACL status from the Combined drop down list Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page ACL configuration The Access Control List Configuration page shows the Access Control List ACL which is made u...

Page 179: ...port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is shown the port redirect operation is disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons Modify each ACE Access Control Entry in the table using the following buttons Inserts a ...

Page 180: ...ilter Specify the policy number filter for this ACE Any No policy filter is specified policy filter status is don t care Specific If you want to filter a specific policy with this ACE choose this value Two fields for entering a policy value and bitmask appear Policy Value When Specific is selected for the policy filter you can enter a specific policy value The permitted range is 0 to 255 Policy Bi...

Page 181: ...C policer is enabled or disabled The default value is Disabled EVC Policer ID Select which EVC policer ID to apply on this ACE The allowed values are Disabled or the values 1 through 128 Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled ...

Page 182: ...ific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this DMAC value VLAN parameters Object Description 802 1Q Tagged Specify whether frames can hit the action according to the 802 1Q tagged Selections include Any Any value is allow...

Page 183: ...fied Target IP filter is don t care Host Target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear Target IP Address When Host or Network is selected for the target IP filter you can enter a specif...

Page 184: ...4 ICMP protocol frames Extra fields for defining ICMP parameters appear UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear IP Protocol Value When Specific is selected for the IP protocol value you can enter a specific value The allowed range is ...

Page 185: ...IP Address field that appears Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear DIP Address When Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation DIP Mask When Network is selected for the destination IP filter you can e...

Page 186: ...UDP destination value A field for entering a TCP UDP destination value appears Range To filter a specific range TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination range value A field for entering a TCP UDP destination value appears TCP UDP Destination Number When Specific is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination ...

Page 187: ...on t care Ethernet type parameters Ethernet Type parameters can be configured when Ethernet Type is selected as the Frame Type Object Description EtherType Filter Specify the Ethernet type filter for this ACE Any No EtherType filter is specified EtherType filter status is don t care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A ...

Page 188: ... port number and it can t be set when action is permitted All means all ports will have one specific setting Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled All means all ports will have one specific setting Logging Specify the logging operati...

Page 189: ...the ACL user module The default value is Enabled All means all ports will have one specific setting Counter Counts the number of frames that match this ACE Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Refresh to refresh the page Any changes made locally are undone Click Clear to clear the counters ACL rate limiter confi...

Page 190: ...uthentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs ...

Page 191: ...d party switch or a hub and still require individual authentication and the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user that can be used by anyone and only the MD5 Challenge method is supported The 802 1X and MAC based authentication configuration consists ...

Page 192: ...ntity of the client and notifies the switch if the client is authorized to access the LAN and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial In User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only supported authentication server which is ava...

Page 193: ...llowed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if the client does not receive an EAP request identity frame from the switch during bootup the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity Note If 802 1X is not enable...

Page 194: ...l the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an accept frame from the authentication server the port state changes t...

Page 195: ...right and continues until a method either approves or rejects a user If a remote server is used for primary authentication we recommend configuring secondary authentication as local This permits the management client to log in via the local user database if none of the configured authentication servers are valid Fallback Enable fallback to local authentication by selecting this check box If none o...

Page 196: ...t non standard variants overcome security limitations MAC based authentication permits authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on the system The switch uses the MAC address to authenticate against the back end server Intruders can create counterfeit MAC addresses which makes MAC based authentication les...

Page 197: ... functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the port security module to secure MAC addresses the port security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a numb...

Page 198: ... for all ports Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled check box provides a quick way to globally enable disable Guest VLAN functionality When selecte...

Page 199: ...n t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indicati...

Page 200: ...uest identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the port security limit control functionality MAC based authentication Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the...

Page 201: ...lly enabled and enabled selected for a given port the switch reacts to VLAN ID information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid the port s Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the port will be forced into VLAN unaware mode Once ...

Page 202: ...ate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN...

Page 203: ...escription Port The switch port number Click to navigate to detailed NAS statistics Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL...

Page 204: ... specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it only shows selected back end server RADIUS Authentication Server statistics Use the port drop down menu to select the port details to be displayed The page includes the following fields Port state Object Description Admin State The port s current administrative state Refer to NAS Admin State for a descripti...

Page 205: ...es other than Response Identity frames that have been received by the switch Rx Start dot1xAuthEapolStartFr amesRx The number of EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoff FramesRx The number of valid EAPOL Logoff frames that have been received by the switch Rx Invalid Type dot1xAuthInvalidEapol FramesRx The number of EAPOL frames that have been receive...

Page 206: ... that the back end server has communication with the switch MAC based Counts all Access Challenges received from the back end server for this port left most table or client right most table Rx Other Requests dot1xAuthBack endOtherRequestsTo Supplicant 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the back en...

Page 207: ...transmissions are not counted Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Name IEEE Name Description MAC Address dot1xAuthLastEapo lFrameSource The MAC address of the last supplicant client VLAN ID The VLAN ID ...

Page 208: ...e MAC address of the attached client Clicking the link causes the client s back end server counters to be shown in the Selected Counters table If no clients are attached it shows no clients attached VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module State The client can either be authenticated or unauthenticated In the authenti...

Page 209: ...ming this action will not clear Last Client This button is available in the following modes Multi 802 1X MAC based Auth X Click Clear This to clear only the currently selected client s counter This button is available in the following modes Multi 802 1X MAC based Auth X Authentication server configuration Configure the authentication servers on the Authentication Server Configuration page ...

Page 210: ...r that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured RADIUS authentication accounting server configuration The table has one row for each RADIUS server and a number of columns which are Object Description The RADIUS server number for which the configuration below applies Enabled E...

Page 211: ...ret up to 29 characters long shared between the TACACS authentication server and the switch Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values RADIUS overview The RADIUS Authentication Accounting Server Overview page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page ...

Page 212: ...er is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access or accounting attempts Dead X seconds left Access or accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead ...

Page 213: ...or Server overview page provides detailed statistics for a particular RADIUS server The page includes the following fields RADIUS authentication statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the back end servers to show details for each ...

Page 214: ...e server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authenticator s radiusAuthClientEx tBadAuthenticators The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server Rx Unknown Typ...

Page 215: ... about the state of the server and the latest round trip time Name RFC4668 Name Description IP Address IP address and UDP port for the authentication server in question State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communi...

Page 216: ...er of malformed RADIUS packets received from the server Malformed packets include packets with an invalid length Bad authenticators or or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAcctClientE xtBadAuthenticato rs The number of RADIUS packets containing invalid authenticators received from the server Rx Unknown Types radiusAccClientEx tUnknownTypes The...

Page 217: ...accounting server in question State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to ...

Page 218: ...not be cleared by this operation Windows platform RADIUS server configuration Set up the RADIUS server and assign the client IP address to the industrial managed switch in this case the field in the default IP address of the industrial managed switch with 192 168 0 100 Ensure that the shared secret key is as same as the one you had set at the industrial managed switch s 802 1x system configuration...

Page 219: ...ement NS3550 8T 2S Industrial Managed Switch User Manual 217 3 Assign the client IP address to the industrial managed switch 4 The shared secret key should be as same as the key configured on the industrial managed switch ...

Page 220: ...same as 802 1X Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example select Active Directory Users and Computers and create legal user data Windows Server 2003 7 Right click a user that you created and then type in properties and configure settings ...

Page 221: ... is connected to the RADIUS server or the port is an uplink port that is connected to another switch Otherwise the switch might not be able to access the RADIUS server after the 802 1X starts to work 802 1X client configuration Windows XP has native support for 802 1X The following procedures show how to configure 802 1X Authentication in Windows XP ...

Page 222: ...rom your preferred connection first and add it in again Configuration sample EAP MD5 authentication 1 Go to Start Control Panel and then double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting window 4 Click the Authentication tab 5 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6...

Page 223: ...k OK 8 When the client has associated with the industrial managed switch a user authentication notice appears in the system tray Click on the notice to continue 9 Type the user name password and the logon domain that your account belongs to 10 Click OK to complete the validation process ...

Page 224: ...ge allows you to configure the port security limit control system and port settings Limit control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If limit control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions ...

Page 225: ...is input If other modules are using the underlying port security for securing MAC addresses they may have other requirements to the aging period The underlying port security will use the shorter requested aging period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be required consider the following sce...

Page 226: ... all available MAC addresses Action If the limit is reached the switch can take one of the following actions None Do not allow more than Limit MAC addresses on the port but take no further action Trap If Limit 1 MAC addresses are seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent every time the limit is exceede...

Page 227: ...e reopen button causes the page to be refreshed resulting in the loss of non committed changes Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Refresh to refresh the page Note that non committed changes are lost Access management Configure the access management table on the Access Management Configuration page The maximum ...

Page 228: ...P address Indicates the end IP address for the access management entry HTTP HTTPS Indicates the host can access the switch from the HTTP HTTPS interface and that the host IP address matched the entry SNMP Indicates the host can access the switch from the SNMP interface and that the host IP address matched the entry TELNET SSH Indicates the host can access the switch from the TELNET SSH interface a...

Page 229: ...ick Clear to clear all statistics HTTPs Configure HTTPS on the HTTPS Configuration page The page includes the following fields Object Description Mode Indicates the HTTPS mode operation When the current connection is HTTPS applying the HTTPS disabled mode operation automatically redirects the web browser to an HTTP connection Selections include Enabled Enable HTTPS mode operation Disabled Disable ...

Page 230: ...ded into two sections one with a legend of user modules and one with the actual port status The page includes the following fields Object Description Mode Indicates the SSH mode operation Selections include Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Port ...

Page 231: ...fields User module legend The legend shows all user modules that may request Port Security services Object Description User Module Name The full name of a module that may request port security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port status The table has one row for each port on the selected switch in the switch and a...

Page 232: ...istratively re opened on the Limit Control configuration web page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabl...

Page 233: ...the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging ...

Page 234: ...Chapter 4 Web management 232 NS3550 8T 2S Industrial Managed Switch User Manual Configure DHCP Snooping on the DHCP Snooping Configuration page ...

Page 235: ...CP snooping mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message All All ports will have one specific setting Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously...

Page 236: ...d transmitted Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Unassigned The number of lease unassigned option 53 with value 11 packets received and transmitted Rx and Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx and Tx Lease Active The number of lease active option ...

Page 237: ...abled on this port All means that all ports will have one specific setting Max Dynamic Clients Specify the maximum number of dynamic clients that can be learned on given ports This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max dynamic client is equal 0 it only allows the forwarding of IP packets that are matched in static entries on the specific port All means t...

Page 238: ...P address MAC Address Allowed Source MAC address Buttons Click Add New Entry to add a new entry to the Static IP Source Guard table Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values ARP inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisonin...

Page 239: ... Mode and Port Mode on a given port are enabled will ARP Inspection be enabled on this port Selections include Enabled Enable ARP Inspection operation Disabled Disable ARP Inspection operation ALL Log all entries Buttons Click Translate Dynamic to Static to translate all dynamic entries to static entries Click Save to save changes Click Reset to undo any changes made locally and revert to previous...

Page 240: ... switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address S...

Page 241: ...aging Range 10 10000000 seconds Default 300 seconds MAC table learning If the learning mode for a given port is greyed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Object Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learnin...

Page 242: ...entry It will be deleted during the next save VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Select or deselect as needed to modify the entry Adding a New Static Entry Click Add New Static Entry to add a new entry to the static MAC table Specify the VLAN ID MAC address and port members for the new entr...

Page 243: ...address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the I button to start over The page includes the following fields Object Description Type Indicates if the entry is a static or dynamic entry VLAN The VLAN ID of the entry MAC Address The MAC address of the entry Port Members The ports that are members of the entry Butt...

Page 244: ...lue of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the I button to start over The page includes the following fields Object Description Port The port number for whi...

Page 245: ...the Refresh button updates the displayed table starting from that or the closest next Dynamic IP source guard table match In addition the two input fields will after clicking the Refresh button assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN IP address pairs as a basis for the next...

Page 246: ...ue TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voic...

Page 247: ...smitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds This attribute must comply with the rule 4 Delay Interval Transmission Interval Tx Reinit When a port is disabled LLDP is disabled or the switch is rebooted a LLDP shutdown frame is transmitted t...

Page 248: ...CDP frames are terminated by the switch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded Port Description Optional TLV When selected the port description is included in LLDP information transmitted System Name Optional TLV When selected the system name is included in LLDP information transmitted System Descr...

Page 249: ...e application layers on top of the protocol in order to achieve these related properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed u...

Page 250: ...senting altitude in a form more relevant in buildings which have different floor to floor dimensions An altitude of 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum used for the coordinates given in this option WGS84 Geo...

Page 251: ... Apt 42 Floor Floor Example 4 Room no Room number Example 450F Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional code Additional code Example 1320300003 Emergency call service Emergency Call Service e g E911 and others such as defined by TIA or NENA Object Description Emergency Call Service Emerg...

Page 252: ... It should be noted that LLDP MED is not intended to run on links other than between network connectivity devices and endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description Delete Select this check box to delete the policy It will be deleted during the next save Policy ID ID for the polic...

Page 253: ...ation policy Tag Tag indicates if the specified application type is using a tagged or an untagged VLAN Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using t...

Page 254: ...escription Port The port on which the LLDP frame was received Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Co...

Page 255: ... the previous Generic Endpoint Class Class I and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to voice media gateways conference bridges media servers etc Discovery services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III T...

Page 256: ...a Policy Policy indicates that an Endpoint Device wants to explicitly advertise that the policy is required by the device Can be either Defined or Unknown Unknown The network policy for the specified application type is currently unknown Defined The network policy is defined TAG TAG is indicating whether the specified application type is using a tagged or an untagged VLAN Can be Tagged or Untagged...

Page 257: ...port on which the LLDP frame was received Chassis ID The identification of the neighbor s LLDP frames Port ID The identification of the neighbor port Port Description The port description advertised by the neighbor unit System Name The name advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repe...

Page 258: ...ters for the currently selected switch The page includes the following fields Global counters Object Description Neighbor entries were last changed Shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows...

Page 259: ...ieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Age Outs Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is received...

Page 260: ... can determine whether or not the remote link partner has received registered and processed its most recent values For example if the local link partner receives echoed parameters that do not match the values in its local MIB then the local link partner infers that the remote link partners request was based on stale information Echo Rx Tw The link partner s Echo Rx Tw value Resolved Tx Tw The reso...

Page 261: ...nd to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two states which are as follows If the link is established on the twisted pair interface in 1000BASE T mode the cable diagnostics can run without disruption of the link or of any data transfer If the link is established in 100BASE TX or 10BASE T the cable diagnostics cause the link to drop while...

Page 262: ...aged switch otherwise the correct gateway IP address must be set up Buttons Click Start to transmit ICMP packets Click New Ping to re start diagnostics with ping IPv6 ping The ICMPv6 Ping page allows you to issue ICMPv6 ping packets to troubleshoot IPv6 connectivity issues After clicking Start five ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon recepti...

Page 263: ...lick New Ping to re start diagnostics with ping Remote IP ping test This Remote ICMP Ping Test page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on a special port After clicking Test five ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are ...

Page 264: ...agnostics The VeriPHY Cable Diagnostics page is used for running cable diagnostics Click Start to run the diagnostics This will take approximately five seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and the cable diagnostics results appear in the cable status table Note that cable diagnostics is only accurate for cables of 7...

Page 265: ...th The length in meters of the cable pair The resolution is 3 meters Buttons Click Start to run the diagnostics Loop protection This section describes the enable loop protection function that provides loop protection to prevent broadcast loops in the industrial managed switch Loop protection configuration The Loop Protection Configuration page allows the user to inspect and change the current loop...

Page 266: ...0 to 604800 seconds seven days A value of zero keeps a port disabled until the next device restart Port configuration Object Description Port The switch port number Enable Controls loop protection enable disable on this switch port Action Configures the action performed when a loop is detected on a port Selections include Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls if the port...

Page 267: ...ns and interfaces enabling communication between SNMP management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets The MID of RMON consists of 10 groups The switch supports the most frequently used groups Statistics Maintain basic usage and error statistics for each subnet monitored by the agent History Record periodical statistic samples A...

Page 268: ...ts The number of broadcast and multicast packets delivered to a higher layer protocol InDiscards The number of inbound packets that are discarded when the packets are normal InErrors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol InUnknownProtos The number of inbound packets that were discarded because of an unknown or unsuppor...

Page 269: ...when the first value is larger than the rising threshold or less than the falling threshold default Rising Threshold Rising threshold value 2147483648 2147483647 Rising Index Rising event index 1 65535 Falling Threshold Falling threshold value 2147483648 2147483647 Falling Index Falling event index 1 65535 Buttons Click Add New Entry to add a new community entry Click Save to save changes Click Re...

Page 270: ...ng period Startup Alarm The alarm that may be sent when this entry is first set to valid Rising Threshold Rising threshold value Rising Index Rising event index Falling Threshold Falling threshold value Falling Index Falling event index Buttons Click Refresh to refresh the page immediately Click the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three secon...

Page 271: ... inbound packets that are discarded when the packets are normal Community Specify the community when trap is sent The string length is from 0 to 127 default is public Event Last Time Indicates the value of sysUpTime at the time this event entry last generated an event Buttons Click Add New Entry to add a new community entry Click Save to save changes Click Reset to undo any changes made locally an...

Page 272: ...ast entry currently displayed RMON history configuration Configure RMON History on the RMON History Configuration page The entry index key is ID The page includes the following fields Object Description Delete Select to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID to be monitored If in th...

Page 273: ... Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Erro...

Page 274: ...rom the first entry in the alarm table i e the entry with the lowest ID Click to update the table starting with the entry after the last entry currently displayed RMON statistics configuration Configure the RMON Statistics table on the RMON Statistics Configuration page The entry index key is ID The page includes the following fields Object Description Delete Select to delete the entry It will be ...

Page 275: ...ts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but including FCS o...

Page 276: ...ing Protection Switching ERPS is a link layer protocol applied on Ethernet loop protection to provide sub 50 ms protection and recovery switching for Ethernet traffic in a ring topology ERPS provides a faster redundant recovery than Spanning Tree topology The action is similar to STP or RSTP but the algorithms between them are not the same In the ring topology every switch should be enabled with t...

Page 277: ...Chapter 4 Web management NS3550 8T 2S Industrial Managed Switch User Manual 275 MEP configuration Maintenance entity point instances are configured in the Maintenance Entity Point page ...

Page 278: ...tion Ingress This is an ingress down MEP monitoring ingress traffic on the Residence Port Egress This is an egress up MEP monitoring egress traffic on the Residence Port Residence Port The port where MEP is monitoring See Direction Level The MEG level of this MEP Flow Instance The MEP is related to this flow See Domain Tagged VID Port MEP An outer C S tag depending on VLAN port type is added with ...

Page 279: ...stance Click Help when on the MEP web page Tagged VID Click Help when on the MEP web page This MAC Click Help when on the MEP web page Instance configuration Object Description Level Click Help when on the MEP web page Format This is the configuration of the two possible Maintenance Association Identifier formats ITU ICC This is defined by ITU ICC can be a maximum of six characters MEG id can be a...

Page 280: ...icating that the server layer is indicating Signal Fail aBLK The consequent action of blocking service frames in this flow is active aTSF The consequent action of indicating Trail Signal Fail protection is active Delete Select this check box to mark a Peer MEP for deletion in the next save operation Peer MEP ID This value will become an expected MEP ID in a received CCM See cMEP Unicast Peer MAC T...

Page 281: ...emented on SW based CCM Frame Rate has to be the same APS protocol Object Description Enable Automatic Protection Switching protocol information transportation based on transmitting receiving R APS L APS PDU can be enabled disabled APS must be enabled to support ERPS ELPS implementing APS This is only valid with one peer MEP configured Priority The priority to be inserted as PCP bits in TAG if any...

Page 282: ...Fail reporting MEP As only one SF MEP is associated with the interconnected sub ring without a virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 SF MEP is associated with this instance Port 0 APS MEP The Port 0 APS PDU handling MEP Port 1 APS MEP The Port 1 APS PDU handling MEP As only one APS MEP is associated with the interconnected sub ring w...

Page 283: ... includes the following fields Instance data Object Description ERPS ID The ID of the protection group Port 0 Click Help when on the ERPS web page Port 1 Click Help when on the ERPS web page Port 0 SF MEP Click Help when on the ERPS web page Port 1 SF MEP Click Help when on the ERPS web page Port 0 APS MEP Click Help when on the ERPS web page Port 1 APS MEP Click Help when on the ERPS web page Rin...

Page 284: ... seconds in steps of 100 ms Version ERPS Protocol Version v1 or v2 Revertive In revertive mode after the conditions causing a protection switch has cleared the traffic channel is restored to the working transport entity i e blocked on the RPL In non revertive mode the traffic channel continues to use the RPL if it has not failed after a protection switch condition has cleared VLAN Config VLAN conf...

Page 285: ...g WTR timeout in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is not received from the other end Port 0 Block Status Block status for Port 0 both traffic and R APS block status R APS channel is never blocked on sub rings without a virtual channel Port 1 Block Status Block status for Port 1 both traffic and R APS block status R APS channel is never blocke...

Page 286: ...fields Instance data Object Description All Switch Numbers Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 Number ID The switch where you are requesting ERPS Port Configures the port number for the MEP VLAN Set the ERPS VLAN Buttons Click Next to configure ERPS Click Set to save changes Click Save Topology to show the ring topology ...

Page 287: ... VLAN Group Switch 1 Port 1 1 None 3001 Port 2 2 Owner 3001 Switch 2 Port 1 4 None 3001 Port 2 3 Neighbor 3001 Switch 3 Port 1 6 None 3001 Port 2 5 None 3001 The scenario is described as follows 1 Disable the DHCP client and set a proper static IP for switch 1 2 and 3 In this example switch 1 is 192 168 0 101 switch 2 is 192 168 0 102 and switch 3 is 192 168 0 103 2 On switch 1 2 and 3 disable STP...

Page 288: ... 2 1 Connect a PC directly to switch 2 Do not connect to port 1 or 2 2 Log in to switch 2 and select Ring Ring Wizard 3 Set All Switch Number 3 and Number ID 2 Click Next to set the ERPS configuration for switch 2 4 Set MEP3 Port 2 MEP4 Port 1 and VLAN ID 3001 Click Set to save the ERPS configuration for switch 2 Set ERPS configuration on switch 3 1 Connect a PC directly to switch 3 Do not connect...

Page 289: ...n for switch 3 Note To avoid a loop do not connect switches 1 2 and 3 together in the ring topology before configuring the end of ERPS Follow the configuration or ERPS wizard to connect switch 1 2 and 3 together to establish ERPS application MEP2 MEP3 Switch 1 Port 2 Switch 2 Port 2 MEP4 MEP5 Switch 2 Port 1 Switch 3 Port 2 MEP1 MEP6 Switch 1 Port 1 Switch 3 Port 1 ...

Page 290: ...aged by entering command keywords and parameters at the prompt Using the industrial managed switch s command line interface CLI is very similar to entering commands on a UNIX system This chapter describes how to use the Command Line Interface CLI Telnet login The managed switch supports telnet for remote management The switch asks for a user name and password for remote login when using telnet Use...

Page 291: ...ble VLAN Virtual LAN PVLAN Private VLAN Security Security management STP Spanning Tree Protocol Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media EEE Energy Efficient Ethernet Thermal Thermal Protection QoS Quality of Service Mirror Port mirroring Config Load Save of configuration via TFTP Firmware Download o...

Page 292: ...h port configuration port_list Port list or all default All ports Example To display system information NS3552 8P 2S System configuration System Contact System Name NS3552 8P 2S System Location MAC Address 9c f6 1a 02 7d 70 Temperature 27 0 C 80 6 F System Time 1970 01 01 Thu 03 28 50 00 00 System Uptime 03 28 50 Software Version 1 0b121221 Software Date 2012 12 21T14 58 31 0800 Previous Restart C...

Page 293: ...uration System Version Description Show system version information Syntax System Version Example To display system version NS3552 8P 2S System version Version 1 0b121221 Build Date 2012 12 21T14 58 31 0800 NS3552 8P 2S System Log Server Mode Description Show or set the system log server mode Syntax System Log Server Mode enable disable Parameters enable Enable system log server mode disable Disabl...

Page 294: ... system timezone offset Syntax System Timezone Offset offset Parameters offset Time zone offset in minutes 7200 to 7201 relative to UTC System Contact Description Set or show the system contact Syntax System Contact contact clear Parameters contact System contact string 1 255 Use clear or to clear the string In CLI No blank or space characters are permitted as part of a contact clear Clear system ...

Page 295: ...ation Syntax System Location location Parameters location System location string 1 255 Use clear or to clear the string In CLI no blank or space characters are permitted as part of a location Default Setting empty Example To set device location NS3552 8P 2S System location MyOffice System Log Level Description Show or set the system log level It uses to determine what kind of message will send to ...

Page 296: ... week day month date year hour minute Parameters week Week 1 5 0 ignored day Day 1 7 0 ignored month Month 1 12 0 ignored date Date 1 31 0 ignored year Year 2000 2097 hour Hour 0 23 minute Minutes 0 59 System Log Lookup Description Show the system log Syntax System Log Lookup log_id all info warning error Parameters log_id System log ID or range default All entries all Show all levels default info...

Page 297: ...he system Syntax System Reboot Example To reboot device without changing any of the settings NS3552 8P 2S system reboot System DST Offset Description Set or show the daylight saving time offset Syntax System DST Offset dst_offset Parameters dst_offset DST offset in minutes 1 to 1440 System Restore Default Description Restore factory default configuration Syntax System Restore Default keep_ip Param...

Page 298: ...IP Configuration Description Show IP configuration Syntax IP Configuration Example Show IP configuration NS3552 8P 2S ip configuration IP Configuration DHCP Client Disabled IP Address 192 168 0 101 IP Mask 255 255 255 0 IP Router 192 168 0 253 DNS Server 0 0 0 0 VLAN ID 1 DNS Proxy Disabled IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 6082 cdb9 19ab c0e2 IPv6 Address 192 168 0 100 IP...

Page 299: ... 1 4095 default Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 Example Set IP address NS3552 8P 2S ip setup 192 168 0 100 255 255 255 0 IP Ping Description Ping IP address ICMP echo Syntax IP Ping ip_addr_string Length ping_length Count ping_count Interval ping_interval Parameters ip_addr_string IPv4 host address a b c...

Page 300: ... IP DNS Proxy mode Syntax IP DNS_Proxy enable disable Parameters enable Enable DNS Proxy disable Disable DNS Proxy Default Setting disable Example Enable DNS proxy function NS3552 8P 2S ip dns_proxy enable IPv6 AUTOCINFIG Description Set or show the IPv6 AUTOCONFIG mode Syntax IP IPv6 AUTOCONFIG enable disable Parameters enable Enable IPv6 AUTOCONFIG mode disable Disable IPv6 AUTOCONFIG mode Defau...

Page 301: ... shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses a following legally IPv4 address For example 192 1 2 34 Default Setting IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 6082 cdb9 19ab c0e2 IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router Example Set IPv6 address NS3552 8P 2S ip ipv6 setup 2001 0002 64 2100 0001 IPv6 ...

Page 302: ...ng legally IPv4 address For example 192 1 2 34 length PING Length keyword ping_length Ping ICMP data length 2 1452 Default is 56 excluding MAC IP and ICMP headers count PING Count keyword ping_count Transmit ECHO_REQUEST packet count 1 60 Default is 5 interval PING Interval keyword ping_interval Ping interval 0 30 Default is 0 IP NTP Configuration Description Show NTP configuration Syntax IP NTP C...

Page 303: ... server_index The server index 1 5 server_ipv6 IPv6 server address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses...

Page 304: ...rame Power Excessive Link 1 Enabled Auto Disabled 9600 Disabled Discard Down 2 Enabled Auto Disabled 9600 Disabled Discard Down 3 Enabled Auto Disabled 9600 Disabled Discard Down 4 Enabled Auto Disabled 9600 Disabled Discard Down Port Mode Description Set or show the port speed and duplex mode Syntax Port Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx Parameters port_list Port list or all d...

Page 305: ...ble flow control function for port1 NS3552 8P 2S port flow control 1 enable Port State Description Set or show the port administrative state Syntax Port State port_list enable disable Parameters port_list Port list or all default All ports enable Enable port disable Disable port default Show administrative mode Default Setting Enable Example Disable port1 NS3552 8P 2S port state 1 disable Port Max...

Page 306: ...efault Setting disable Example Disable port power function for port1 4 NS3552 8P 2S port power 1 4 enable Port Excessive Description Set or show the port excessive collision mode Syntax Port Excessive port_list discard restart Parameters port_list Port list or all default All ports discard Discard frame after 16 collisions restart Restart backoff algorithm after 16 collisions default Show mode Def...

Page 307: ... Description Run cable diagnostics Syntax Port VeriPHY port_list Parameters port_list Port list or all default All ports Port SFP Description Show SFP port information Syntax Port SFP port_list Parameters port_list Port list or all default All ports Example Show SFP information for port9 10 NS3552 8P 2S port sfp Port Type Speed Wave Length nm Distance m 9 1000Base LX 1000 Base 1310 10000 10 1000Ba...

Page 308: ...s state NS3552 8P 2S mac configuration MAC Configuration MAC Address 9c f6 1a 03 1c 48 MAC Age Time 300 Port Learning 1 Auto 2 Auto 3 Auto 4 Auto 5 Auto 6 Auto 7 Auto 8 Auto 9 Auto 10 Auto MAC Add Description Add MAC address table entry Syntax MAC Add mac_addr port_list vid Parameters mac_addr MAC address xx xx xx xx xx xx port_list Port list or all or none vid VLAN ID 1 4095 default 1 Example Add...

Page 309: ...c_addr vid Parameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 default 1 Example Lookup state of Mac address 00 30 4F a1 01 d2 NS3552 8P 2S mac lookup 33 33 4F a1 01 d2 MAC Age Time Description Set or show the MAC address age timer Syntax MAC Agetime age_time Parameters age_time MAC address age time 0 10 1000000 0 disable default Show age time Default Setting 300 Example Set ageti...

Page 310: ...MAC address xx xx xx xx xx xx default MAC address zero vid First VLAN ID 1 4095 default 1 Example Show all of MAC table NS3552 8P 2S mac dump Type VID MAC Address Ports Static 1 00 30 4F a6 34 9d None CPU Dynamic 1 33 33 4F a1 01 d2 1 Static 1 33 33 00 00 00 01 1 2 4 10 CPU Static 1 33 33 00 00 00 02 1 2 4 10 CPU Static 1 33 33 ff 16 81 68 1 2 4 10 CPU Static 1 33 33 ff a8 00 64 1 2 4 10 CPU Stati...

Page 311: ...arned entries Syntax MAC Flush VLAN Configuration Command VLAN Configuration Description Show VLAN configuration Syntax VLAN Configuration port_list Parameters port_list Port list or all default All ports Example Show VLAN status of port1 NS3552 8P 2S vlan configuration 1 VLAN Configuration Mode IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type 1 1 Disabled All UnTag Disable...

Page 312: ...for port10 NS3552 8P 2S vlan pvid 10 2 VLAN Frame Type Description Set or show the port VLAN frame type Syntax VLAN FrameType port_list all tagged Parameters port_list Port list or all default All ports all Allow tagged and untagged frames tagged Allow tagged frames only default Show accepted frame types Default Setting All Example Set port10 that allow tagged frames only NS3552 8P 2S vlan framety...

Page 313: ...sed VLAN Mode dot1q 802 1Q VLAN Mode default Show VLAN Mode Default Setting IEEE 802 1Q Example Set VLAN mode in port base NS3552 8P 2S vlan mode portbased VLAN Link Type Description Set or show the port VLAN link type Syntax VLAN LinkType port_list untagged tagged Parameters port_list Port list or all default All ports untagged VLAN Link Type Tagged tagged VLAN Link Type Untagged default Show VLA...

Page 314: ...ult All ports man Set out layer VLAN tag ether type MAN dot1q Set out layer VLAN tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Default Setting N A Example Set out layer VLAN tag Ethernet type for port 10 in man Ethernet type NS3552 8P 2S vlan ethtype 10 man VLAN untagVID Description Set or show the port untagVLAN ID Syntax VLAN untagVID port_list untagvid Parameters port_li...

Page 315: ...Name port_list Port list or all default All ports Example Forbidden add port1 to port4 in VLAN10 NS3552 8P 2S vlan forbidden add 10 1 4 VLAN Delete Description Delete VLAN entry Syntax VLAN Delete vid name Parameters vid name VLAN ID 1 4095 or VLAN Name Example Delete VLAN10 NS3552 8P 2S vlan delete 10 VLAN Forbidden Delete Description Delete VLAN entry Syntax LAN Forbidden Delete vid name Paramet...

Page 316: ...a characters or numbers VLAN name should contain at least one alpha character combined Shows All the Combined VLAN database static Shows the VLAN entries configured by the administrator nas Shows the VLANs configured by NAS mvr Shows the VLANs configured by MVR voice_vlan Shows the VLANs configured by Voice VLAN all Shows all VLANs configuration default combined VLAN Users configuration Example Sh...

Page 317: ... characters VLAN Name can only contain alpha characters or numbers VLAN name should contain at least one alpha character Example To show VLAN Name table NS3552 8P 2S vlan name lookup VLAN NAME vid test 1 VLAN Status Description VLAN Port Configuration Status Syntax VLAN Status port_list combined static nas mvr voice_vlan mstp all conflicts Parameters port_list Port list or all default All ports co...

Page 318: ... No Combined Unaware 1 All Disabled Untag This 1 No Private VLAN Configuration Command PVLAN Configuration Description Show Private VLAN configuration Syntax PVLAN Configuration port_list Parameters port_list Port list or all default All ports Example Show private VLAN configuration NS3552 8P 2S pvlan configuration Private VLAN Configuration Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabl...

Page 319: ...LAN Delete Description Delete Private VLAN entry Syntax PVLAN Delete pvlan_id Parameters pvlan_id Private VLAN ID The allowed range for a Private VLAN ID is the same as the switch port number range Example Delete PVLAN10 NS3552 8P 2S pvlan delete 10 PVLAN Lookup Description Lookup Private VLAN entry Syntax PVLAN Lookup pvlan_id Parameters pvlan_id Private VLAN ID default Show all PVLANs The allowe...

Page 320: ...Switch Users Configuration Default Setting User Name Privilege admin 15 Example Show users configuration NS3552 8P 2S security switch user configuration Users Configuration User Name Privilege Level admin 15 Security Switch User Add Description Add or modify users entry Syntax Security Switch Users Add user_name password privilege_level Parameters user_name A string identifying the user name that ...

Page 321: ...itch Privilege Level Configuration Description Show privilege configuration Syntax Security Switch Privilege Level Configuration Security Switch Privilege Level Group Description Configure a privilege level group Syntax Security Switch Privilege Level Group group_name cro crw sro srw Parameters group_name Privilege group name cro Configuration read only privilege level 1 15 crw Configuration Execu...

Page 322: ...x Security Switch Auth Method console telnet ssh web none local radius tacacs enable disable Parameters console Settings for console telnet Settings for telnet ssh Settings for ssh web Settings for web default Set or show the specific client authentication method none Authentication disabled local Use local authentication radius Use remote RADIUS authentication tacacs Use remote TACACS authenticat...

Page 323: ...SH Mode Description Set or show the SSH mode Syntax Security Switch SSH Mode enable disable Parameters enable Enable SSH disable Disable SSH default Show SSH mode Default Setting enable Example Enable SSH function NS3552 8P 2S security switch ssh mode enable Security Switch HTTPs Configuration Description Show HTTPS configuration Syntax Security Switch HTTPS Configuration Example Show HTTPs config...

Page 324: ...de Automatic redirect web browser to HTTPS during HTTPS mode enabled Syntax Security Switch HTTPS Redirect enable disable Parameters enable Enable HTTPs redirect disable Disable HTTPs redirect default Show HTTPs redirect mode Default Setting disable Example Enable HTTPs redirect function NS3552 8P 2S security switch https redirect enable Security Switch Access Configuration Description Show access...

Page 325: ...ndicates that the host can access the switch from HTTP HTTPS snmp Indicates that the host can access the switch from SNMP telnet Indicates that the host can access the switch from TELNET SSH Example Add access management list from 192 168 0 1 to 192 168 0 200 via web interface NS3552 8P 2S security switch access add 1 192 168 0 1 192 168 0 200 web Security Switch Access IPv6 Add Description Add ac...

Page 326: ...cates that the host can access the switch from SNMP telnet Indicates that the host can access the switch from TELNET SSH Example Add access management list from 2001 0001 to 2001 0100 via web interface NS3552 8P 2S security switch access add 2001 0001 2001 0100 web Security Switch Access Delete Description Delete access management entry Syntax Security Switch Access Delete access_id Parameters acc...

Page 327: ... switch access statistics Access Management Statistics HTTP Receive 0 Allow 0 Discard 0 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Receive 0 Allow 0 Discard 0 Security Switch SNMP Configuration Description Show SNMP configuration Syntax Security Switch SNMP Configuration Security Switch SNMP Mode Description Set or show the SNMP mode S...

Page 328: ...ead access Syntax Security Switch SNMP Read Community community Parameters community Community string Use clear or to clear the string default Show SNMP read community Default Setting public Example Set SNMP read community private NS3552 8P 2S security switch snmp read community private Security Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax S...

Page 329: ...he SNMP trap protocol version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP trap version in version 2c NS3552 8P 2S security switch snmp trap version 2c Security Switch SNMP Trap Community Description Set or show the community string for SNMP traps Syntax Security Swi...

Page 330: ...field For example four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses a following legally IPv4 address For example 192 1 2 34 Example Set SNMP trap IPv6 destination address for 2001 0001 NS3...

Page 331: ... Trap Inform Mode Description Set or show the SNMP trap inform mode Syntax Security Switch SNMP Trap Inform Mode enable disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting enable Example Disable SNMP trap inform mode NS3552 8P 2S security switch snmp trap inform mode disable Security Switch SNMP Trap Inform Timeout Descri...

Page 332: ...ecurity Engine ID enable disable Parameters enable Enable SNMP trap security engine ID probe disable Disable SNMP trap security engine ID probe default Show SNMP trap security engine ID probe mode Default Setting enable Example Disable SNMP trap probe security engine ID NS3552 8P 2S security switch snmp trap probe security engine id disable Security Switch SNMP Trap Security Engine ID Description ...

Page 333: ...ot be all zeros or all ff H and is restricted to 5 32 octet string Default Setting 800007e5017f000001 Example Set 800007e5017f000002 for SNMPv3 local engine ID NS3552 8P 2S security switch snmp engine id 800007e5017f000002 Security Switch SNMP Community Add Description Add or modify SNMPv3 community entry The entry index key is community Syntax Security Switch SNMP Community Add community ip_addr ...

Page 334: ...the format may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 md5 An optional flag to indicate that this user using MD5 authentication protocol The allowed length is 8 32 and the ...

Page 335: ...password Parameters engineid Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 auth_password A string identifying the authentication pass phrase priv_passwor...

Page 336: ...ring identifying the security name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 group_name A string identifying the group name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 Example Add SNMPv3 group entry NS3552 8P 2S security switch snmp g...

Page 337: ...d oid_subtree Parameters view_name A string identifying the view name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 included An optional flag to indicate that this view subtree should included excluded An optional flag to indicate that this view subtree should excluded oid_subtree The OID defining the root of the subtr...

Page 338: ...32 and the allowed content is ASCII characters from 33 to 126 security_model any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM security_level noAuthNoPriv None authentication and none privacy AuthNoPriv Authentication and none privacy AuthPriv Authentication and privacy read_view_name The name of the MIB view defining the M...

Page 339: ...ry NS3552 8P 2S security switch snmp access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of entries 2 Security Switch RMON Statistics Add Description Add or modify RMON Statistics entry The entry index key is stats_id Syntax Security Switch RMON Statistics Add stats_id data_source Parameters stats_id Statistics ID 1 65535 data_s...

Page 340: ...l Sampling interval 1 3600 default 1800 buckets The maximum data entries associated this History control entry stored in RMON 1 65535 default 50 Security Switch RMON History Delete Description Delete RMON Hisotry entry The entry index key is history_id Syntax Security Switch RMON History Delete history_id Parameters history_id History ID 1 65535 Security Switch RMON History Lookup Description Show...

Page 341: ...identified by the same value of OID ifIndex absolute Get the sample directly delta Calculate the difference between samples default rising_threshold Rising threshold value 2147483648 2147483647 rising_event_index Rising event index 1 65535 falling_threshold Falling threshold value 2147483648 2147483647 falling_event_index Falling event index 1 65535 rising Trigger alarm when the first value is lar...

Page 342: ...ult public description The string for describing this event the string lengh is 0 127 default null string Security Switch RMON Event Delete Description Delete RMON Event entry The entry index key is event_id Syntax Security Switch RMON Event Delete event_id Parameters event_id Event ID 1 65535 Security Switch RMON Event Lookup Description Show RMON Event entries Syntax Security Switch RMON Event L...

Page 343: ...ty Network Psec Port port_list Parameters port_list Port list or all default All ports Example Show MAC address learned on port 1 NS3552 8P 2S security network psec port 1 Port 1 MAC Address VID State Added Age Hold Time none Security Network Limit Configuration Description Show Limit Control configuration Syntax Security Network Limit Configuration port_list Parameters port_list Port list or all ...

Page 344: ...rity Network Limit Mode enable disable Parameters enable Globally enable port security disable Globally disable port security default Show current global enabledness of port security limit control Default Setting disable Example Enable the limit mode NS3552 8P 2S security network limit mode enable Security Network Limit Aging Description Set or show aging enabledness Syntax Security Network Limit ...

Page 345: ... Network Limit Port port_list enable disable Parameters port_list Port list or all default All ports enable Enable port security on this port disable Disable port security on this port default Show current port enabledness of port security limit control Default Setting disable Example Enable port limit for port 1 NS3552 8P 2S security network limit port 1 enable Security Network Limit Limit Descri...

Page 346: ...ow current action Default Setting none Example Set trap mode for limit action for port 1 NS3552 8P 2S security network limit action 1 trap Security Network Limit Reopen Description Reopen one or more ports whose limit is exceeded and shut down Syntax Security Network Limit Reopen port_list Parameters port_list Port list or all default All ports Example Reopen port 1 NS3552 8P 2S security network l...

Page 347: ...enable 802 1X disable Globally disable 802 1X default Show current 802 1X global enabledness Default Setting disable Example Enable IEEE802 1X function NS3552 8P 2S security network nas mode enable Security Network NAS State Description Set or show the port security state Syntax Security Network NAS State port_list auto authorized unauthorized single multi macbased Parameters port_list Port list o...

Page 348: ...thPeriod Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned VLAN Syntax Security Network NAS RADIUS_VLAN global port_list enable disable Parameters global Select the global RADIUS assigned VLAN setting port_list Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enab...

Page 349: ...for activitiy on a MAC address that succeeded autentication default Show current age time Default Setting 300 Example Set NAS age time in 1000sec NS3552 8P 2S security network nas agetime 1000 Security Network NAS Holdtime Description Time in seconds before a MAC address that failed authentication gets a new authentication chance Syntax Security Network NAS Holdtime hold_time Parameters hold_time ...

Page 350: ...al Select the global RADIUS assigned VLAN setting port_list Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enable RADIUS assigned VLAN either globally or on one or more ports disable Disable RADIUS assigned VLAN either globally or on one or more ports default Show current RADIUS assigned VLAN enabledness Default Setting disabl...

Page 351: ...have been received on a port for the lifetime of the port enable The Guest VLAN can be entered even if an EAPOL frame has been received during the lifetime of the port default Show current setting Default Setting Disable Example Enable NAS guest VLAN NS3552 8P 2S security network nas guest_vlan enable Security Network NAS Authenticate Description Refresh restart 802 1X authentication process Synta...

Page 352: ... Syntax Security Network ACL Configuration port_list Parameters port_list Port list or all default All ports Security Network ACL Action Description Set or show the ACL port default action Syntax Security Network ACL Action port_list permit deny rate_limiter port_copy logging shutdown Parameters port_list Port list or all default All ports permit Permit forwarding default deny Deny forwarding rate...

Page 353: ...in pps 0 100 or kbps 0 100 2 100 3 100 1000000 Default Setting 1 Example Set rate limit value in 100 for port 1 NS3552 8P 2S security network acl rate 1 100 Security Network ACL Add Description Add or modify Access Control Entry ACE If the ACE ID parameter ace_id is specified and an entry with this ACE ID already exists the ACE will be modified Otherwise a new ACE will be added If the ACE ID is no...

Page 354: ...et Type keyword etype Ethernet Type 0x600 0xFFFF or any but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 smac Source MAC address xx xx xx xx xx xx or any dmac Destination MAC address xx xx xx xx xx xx or any arp ARP keyword sip Source IP address a b c d n or any dip Destination IP address a b c d n or any arp_opcode ARP operation code any arp rarp other arp_flags ARP flags request smac tmac len ...

Page 355: ...curity network acl lookup 1 Security Network ACL Clear Description Clear all ACL counters Syntax Security Network ACL Clear Example Clear all ACL counters NS3552 8P 2S security network acl clear Security Network ACL Status Description Show ACL status Syntax Security Network ACL Status combined static dhcp upnp arp_inspection ipmc ip_source_guard conflicts Parameters combined Shows the combined sta...

Page 356: ...formation Policy replace Security Network DHCP Relay Mode Description Set or show the DHCP relay mode Syntax Security Network DHCP Relay Mode enable disable Parameters enable Enable DHCP relaly mode When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t...

Page 357: ...ay agent information option mode default Show DHCP relay agent information option mode Default Setting disable Example Enable DHCP relay agent information option mode NS3552 8P 2S security network dhcp relay information mode enable Security Network DHCP Relay Information Policy Description Set or show the DHCP relay mode When DHCP relay information mode operation is enabled if an agent receives a ...

Page 358: ...figuration Security Network DHCP Snooping Mode Description Set or show the DHCP snooping mode Syntax Security Network DHCP Snooping Mode enable disable Parameters enable Enable DHCP snooping mode When DHCP snooping mode operation is enabled the requested DHCP messages will be forwarded to trusted ports and only allows reply packets from trusted ports disable Disable DHCP snooping mode default Show...

Page 359: ...t All ports clear Clear DHCP snooping statistics Example Show DHCP snooping statistics of port 1 NS3552 8P 2S security network dhcp snooping statistics 1 Port 1 Statistics Rx Discover 0 Tx Discover 0 Rx Offer 0 Tx Offer 0 Rx Request 0 Tx Request 0 Rx Decline 0 Tx Decline 0 Rx ACK 0 Tx ACK 0 Rx NAK 0 Tx NAK 0 Rx Release 0 Tx Release 0 Rx Inform 0 Tx Inform 0 Rx Lease Query 0 Tx Lease Query 0 Rx Lea...

Page 360: ... Guard port mode Default Setting disable Example Enable IP source guard port mode for port1 4 NS3552 8P 2S security network ip source guard port mode 1 4 enable Security Network IP Source Guard Limit Description Set or show the IP Source Guard port limitation for dynamic entries Syntax Security Network IP Source Guard limit port_list dynamic_entry_limit unlimited Parameters port_list Port list or ...

Page 361: ...atic and dynamic entries Syntax Security Network IP Source Guard Status port_list Parameters port_list Port list or all default All ports Example Show IP source guard static and dynamic entries NS3552 8P 2S security network ip source guard status Security Network IP Source Guard Translation Description Translate IP source guard dynamic entries into static entries Syntax Security Network IP Source ...

Page 362: ...he ARP inspection mode of port 1 NS3552 8P 2S security network arp inspection port mode 1 Security Network ARP Inspection Entry Description Add or delete ARP inspection static entry Syntax Security Network ARP Inspection Entry port_list add delete vid allowed_mac allowed_ip Parameters port_list Port list or all default All ports add Add new port ARP inspection static entry delete Delete existing p...

Page 363: ...ies into static entries Syntax Security Network ARP Inspection Translation Security AAA Configuration Description Show Auth configuration Syntax Security AAA Configuration Example Show Auth configuration NS3552 8P 2S security aaa configuration AAA Configuration Server Timeout 15 seconds Server Dead Time 300 seconds RADIUS Authentication Server Configuration Server Mode IP Address Secret Port 1 Dis...

Page 364: ...timeout 3 3600 seconds default Show server timeout configuration Default Setting 15 Example Set 30sec for server timeout NS3552 8P 2S security aaa timeout 30 Security AAA Deadtime Description Set or show server dead time Syntax Security AAA Deadtime dead_time Parameters dead_time Time that a server is considered dead if it doesn t answer a request 0 3600 seconds default Show server dead time confi...

Page 365: ...20 12345678 1812 Security AAA ACCT_RADIUS Description Set or show RADIUS accounting server setup Syntax Security AAA ACCT_RADIUS server_index enable disable ip_addr_string secret server_port Parameters The server index 1 5 default Show RADIUS accounting server configuration enable Enable RADIUS accounting server disable Disable RADIUS accounting server default Show RADIUS server mode ip_addr_strin...

Page 366: ...are not allowed server_port Server TCP port Use 0 to use the default TACACS port 49 Example Set TACACS authentication server configuration NS3552 8P 2S security aaa tacacs 1 enable 192 168 0 20 12345678 49 Security AAA Statistics Description Show RADIUS statistics Syntax Security AAA Statistics server_index Parameters The server index 1 5 default Show statistics for all servers Example Show RADIUS...

Page 367: ...mple Set the STP Bridge protocol version NS3552 8P 2S stp version rstp STP Tx Hold Description Set or show the STP Bridge Transmit Hold Count parameter Syntax STP Txhold holdcount Parameters holdcount STP Transmit Hold Count 1 10 Default Setting 6 Example Set STP Tx hold in 10 NS3552 8P 2S stp txhold 10 STP MaxHops Description Set or show the MSTP Bridge Max Hop Count parameter Syntax STP MaxHops ...

Page 368: ... Parameters delay MSTP forward delay 4 30 and max_age forward_delay 1 2 Default Setting 15 Example Set STP forward delay value in 25 NS3552 8P 2S stp fwddelay 25 STP CName Description Set or Show MSTP configuration name and revision Syntax STP CName config name integer Parameters config name MSTP Configuration name A text string up to 32 characters long Use quotes to embed spaces in name integer I...

Page 369: ...able disable enable or disable BPDU Guard for Edge ports Default Setting Disable Example Set edge port BPDU guard NS3552 8P 2S stp bpduguard enable STP Recovery Description Set or show edge port error recovery timeout Syntax STP recovery timeout Parameters timeout Time before error disabled ports are reenabled 30 86400 seconds 0 disables default Show recovery timeout Default Setting Disable Exampl...

Page 370: ...Cost Edge P2P Uptime 10 DesignatedPort Forwarding 128 20000 Yes Yes 0d 00 10 32 STP MSTI Priority Description Set or show the bridge instance priority Syntax STP Msti Priority msti priority Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 priority STP bridge priority 0 16 32 48 224 240 Default 128 Example Set MST1 priority value in 48 NS3552 8P 2S stp msti priority 1 48 STP MSTI Map Descr...

Page 371: ... list or all Port zero means aggregations Example Show STP status of Port1 NS3552 8P 2S stp port configuration 1 Port Mode AdminEdge AutoEdge restrRole restrTcn Point2point 1 Disabled Disabled Enabled Disabled Disabled Auto STP Port Mode Description Set or show the STP enabling for a port Syntax STP Port Mode port_list enable disable Parameters port_list Port list or all Port zero means aggregatio...

Page 372: ...utoEdge port_list enable disable Parameters port_list Port list or all default All ports Enable Enable MSTP autoEdge Disable Disable MSTP autoEdge Default enable Example Disable STP edge function on port1 NS3552 8P 2S stp port autoedge 1 disable STP Port P2P Description Set or show the STP point2point port parameter Syntax STP Port P2P port_list enable disable auto Parameters port_list Port list o...

Page 373: ...et or show the MSTP restrictedTcn port parameter Syntax STP Port RestrictedTcn port_list enable disable Parameters port_list Port list or all default All ports enable Enable MSTP restricted TCN disable Disable MSTP restricted TCN Default disable Example Enable STP restricted TCN on port1 NS3552 8P 2S stp port restrictedtcn 1 enable STP Port bpduGuard Description Set or show the bpduGuard port para...

Page 374: ...variable for ports Syntax STP Port Mcheck port_list Parameters port_list Port list or all default All ports Example Set the STP mCheck Migration Check variable for port 1 NS3552 8P 2S stp port mcheck 1 STP MSTI Port Configuration Description Show the STP port instance configuration Syntax STP Msti Port Configuration msti port_list Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list...

Page 375: ...sti port_list priority Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port zero means aggregations priority STP port priority 0 16 32 48 224 240 Default 128 Link Aggregation Command Aggregation Configuration Description Show link aggregation configuration Syntax Aggr Configuration Aggregation Add Description Add or modify link aggregation Syntax Aggr Add port_...

Page 376: ...Parameters aggr_id Aggregation ID Aggregation Mode Description Set or show the link aggregation traffic distribution mode Syntax Aggr Mode smac dmac ip port enable disable Parameters smac Source MAC address dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribut...

Page 377: ...y Role 1 Disabled Auto Active 2 Disabled Auto Active 3 Disabled Auto Active 4 Disabled Auto Active 5 Disabled Auto Active 6 Disabled Auto Active 7 Disabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active LACP Mode Description Set or show LACP mode Syntax LACP Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable LACP p...

Page 378: ... LACP prio Syntax LACP Prio port_list prio Parameters port_list Port list or all default All ports prio LACP Prio 0 65535 Default Setting 32768 LACP System Prio Description Set or show the LACP System prio Syntax LACP System Prio sysprio Parameters sysprio LACP System Prio 0 65535 Default Setting 32768 LACP Role Description Set or show the LACP role Syntax LACP Role port_list active passive Parame...

Page 379: ...s 1 4 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 1 2 Disabled 1 3 Disabled 1 4 Disabled 1 LACP Statistics Description Show LACP Statistics Syntax LACP Statistics port_list clear Parameters port_list Port list or all default All ports clear Clear LACP statistics Example Show LACP statistics of port1 4 NS3552 8P 2S lacp statistics 1 4 Port Rx Frames Tx Frames Rx Unknown Rx Illeg...

Page 380: ...st Parameters port_list Port list or all default All ports Example Show LLDP configuration of port1 4 NS3552 8P 2S lldp configuration 1 4 LLDP Configuration Interval 30 Hold 3 Tx Delay 2 Reinit Delay 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness 1 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 2 Enabled Enabled Enabled Enabled Enabled Enabled Disable...

Page 381: ...ys_name sys_descr sys_capa mgmt_addr enable disable Parameters port_list Port list or all default All ports port_descr Description of the port sysm_name System name sys_descr Description of the system sys_capa System capabilities mgmt_addr Master s IP address default Show optional TLV s configuration enable Enables TLV disable Disable TLV default Show optional TLV s configuration Default Setting D...

Page 382: ... value Syntax LLDP Hold hold Parameters hold LLDP hold value 2 10 Default Setting 3 Example Set LLDP hold value in 10 NS3552 8P 2S lldp hold 10 LLDP Delay Description Set or show LLDP Tx delay Syntax LLDP Delay delay Parameters delay LLDP transmission delay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 NS3552 8P 2S lldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syn...

Page 383: ...le Show LLDP Statistics of port 1 NS3552 8P 2S lldp statistics 1 LLDP global counters Neighbor entries was last changed at 18819 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP local counters Rx Tx Rx Rx Rx TLV Rx TLV Rx TLV Port Frames Frames Errors Discards Errors Unknown Organz Aged 1 0 0 0 0 0 0...

Page 384: ...cation Port Policies 1 none 2 none 3 none 4 none LLDP MED Civic Description Set or show LLDP MED Civic Address Location Syntax LLDPMED Civic country state county city district block street leading_street_direction trailing_street _suffix str_suf house_no house_no_suffix landmark additional_info name zip_code building apartment floor room_number place_type postal_com_name p_o_box addi tional_code c...

Page 385: ...e default Show Civic Address Location configuration civic_value lldpmed The value for the Civic Address Location entry LLDP MED ECS Description Set or show LLDP MED Emergency Call Service Syntax LLDPMED ecs ecs_value Parameters ecs_value lldpmed The value for the Emergency Call Service LLDP MED Policy Delete Description Delete the selected policy Syntax LLDPMED policy delete policy_list Parameters...

Page 386: ...tagged data specific VLAN video_conferencing Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services streaming_video Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy ...

Page 387: ...ax 4 digits default Show coordinate location configuration north south west east meters floor North North Valid for latitude South South Valid for latitude West West Valid for longitude East East Valid for longitude Meters Meters Valid for altitude Floor Floor Valid for altitude lldpmed Coordinate value coordinate_value lldpmed Coordinate value LLDP MED Datum Description Set or show LLDP MED Coord...

Page 388: ...uration port_list Parameters port_list Port list or all default All ports Example Show EEE configuration of port1 4 NS3552 8P 2S eee configuration 1 4 EEE Configuration Port Mode Urgent queues 1 Disabled none 2 Disabled none 3 Disabled none 4 Disabled none EEE Mode Description Set or show the eee mode Syntax EEE Mode port_list enable disable Parameters port_list Port list or all default All ports ...

Page 389: ...mal Priority Temperature Description Set or show the temperature at which the ports shall be shut down Syntax Thermal prio_temp prio_list shut_down_temp Parameters prio_list List of priorities 0 3 shut_down_temp Temperature at which ports shall be shut down 0 255 C Thermal Port Priority Description Set or show the ports priority Syntax Thermal port_prio port_list prio Parameters port_list Port lis...

Page 390: ...I mode Syntax EVC Port DEI port_list dei_mode Parameters port_list Port list or all default All ports dei_mode DEI mode coloured fixed EVC Port Tag Description Set or show port tag match mode Syntax EVC Port Tag port_list tag_mode Parameters port_list Port list or all default All ports tag_mode Tag mode inner outer EVC Port Addr Description Set or show port address match mode Syntax EVC Port Addr ...

Page 391: ... coupled aware cir Committed Information Rate kbps cbs Committed Burst Size bytes eir Excess Information Rate kbps ebs Excess Burst Size bytes EVC Add Description Add or modify EVC Syntax EVC Add evc_id vid ivid nni_list learning inner it_type it_vid_mode it_vid it_preserve it_pcp it_dei outer ot_vid Parameters evc_id EVC ID 1 128 vid EVC VLAN ID ivid Internal VLAN ID nni_list NNI port list 1 10 o...

Page 392: ...ass_list QoS class list 0 7 command Statistics command clear green yellow red discard EVC ECE Add Description Add or modify EVC Control Entry ECE If ece_id is specified and the ECE exists the ECE will be modified If ece_id is omitted or the ECE does not exist a new ECE will be added If ece_id_next is specified the ECE will be placed before this entry If ece_id_next is last the ECE will be placed a...

Page 393: ...ss a b c d n or any dscp DSCP value range 0 63 or any fragment IPv4 fragment any fragment non fragment sport UDP TCP source port value range 0 65535 or any dport UDP TCP destination port value range 0 65535 or any ipv6 Keyword for matching IPv6 frames sip_v6 IPv6 source address a b c d n or any direction Direction keyword direction ECE direction both uni to nni nni to uni evc EVC keyword evc_id EV...

Page 394: ...ow_p mep_w mep_p mep_aps enable disable Parameters inst Instance number domport dompath domservice dommpls Flow domain 1p1 1f1 EPS architecture flow_w Working flow instance number flow_p Protecting flow instance number mep_w Working MEP instance number mep_p Protecting MEP instance number mep_aps APS MEP instance number enable disable enable disable protection EPS Config Description EPS config ope...

Page 395: ...Parameters inst Instance number Maintainence entity End Point Command MEP Config Description MEP instance configuration mep mip this entity is either a MEP or a MIP end point or intermediate point ingress egress this entity is either a Ingress down or Egress up type of MEP MIP domport domevc the domain is either Port or EVC level is the MEG level port is the residence port flow is the related flow...

Page 396: ...xxxxxxxxxx x is a hexadecimal digit enable disable enable disable MEP Continuity Check Configuration Description MEP Continuity Check configuration prio is the priority PCP of transmitted CCM frame 300s 100s 10s 1s 6m 1m 6h is the number of CCM frame pr second Syntax MEP cc config inst prio 300s 100s 10s 1s 6m 1m 6h enable disable Parameters inst Instance number prio OAM PDU priority 300s 100s 10s...

Page 397: ...mber prio OAM PDU priority uni multi Destination address is unicast or multicast laps raps Selection of Linear or Ring APS type octet The last octet in RAPS multicast MAC enable disable enable disable MEP Client Configuration Description MEP Client configuration domport domevc is the client domain must be EVC level is the client MEG level the contained level in the AIS and LCK frames cflow is the ...

Page 398: ...nd Syntax MEP lck config inst prio 1s 1m enable disable Parameters inst Instance number prio OAM PDU priority 1s 1m Transmit period for LCK 1s to send OAM Frames in the rate of 1 per second 1m to send OAM frames in the rate of 1 per minute enable disable enable disable MEP Link Trace Configuration Description MEP Link Trace configuration prio is the priority PCP of transmitted LTM frame mac_addr i...

Page 399: ...o send in 10ms max 100 0 is as fast as possible enable disable enable disable MEP Delay Measurement Configuration Description MEP Delay Measurement configuration prio is the priority PCP of transmitted DM frame uni multi is selecting uni cast or multi cast transmission of DM frame mep is the peer MEP ID of target MEP only used if uni oneway twoway is selecting one way 1DM or two way DMM DM std pro...

Page 400: ...transmitted LBM frame prio is the priority PCP of transmitted TST frame mep is the peer MEP ID of target MEP only used if mac_addr is all zero no_seq seq is without and with transmitted sequence numbers rate is the TST frame transmission bit rate in Mbps size is the size of the un tagged TST frame four bytes will be added for each tag allzero allone onezero is pattern contained in the TST frame da...

Page 401: ...inst Parameters inst Instance number MEP Link Trace State Description MEP Link Trace state get Syntax MEP lt state inst Parameters inst Instance number MEP Loop Back State Description MEP Loop Back state get Syntax MEP lb state inst Parameters inst Instance number MEP Delay Measurement State Description MEP Delay Measurement state get Syntax MEP dm state inst Parameters inst Instance number MEP De...

Page 402: ...st clear inst Parameters inst Instance number Quality of Service Command QoS Configuration Description Show QoS Configuration Syntax QoS Configuration port_list Parameters port_list Port list or all default All ports QoS Port Classification Class Description Set or show the default QoS class Syntax QoS Port Classification Class port_list class Parameters port_list Port list or all default All port...

Page 403: ...QoS Port Classification PCP port_list pcp Parameters port_list Port list or all default All ports pcp Priority Code Point 0 7 Default Setting 0 Example Set the default PCP for an untagged frame in 1 for port1 NS3552 8P 2S qos Port Classification pcp 1 1 QoS Port Classification DEI Description Set or show the default DEI for an untagged frame Syntax QoS Port Classification DEI port_list dei Paramet...

Page 404: ...CP and Drop Eligible Indicator DEI from a tagged frame to QoS class and DP level Syntax QoS Port Classification Map port_list pcp_list dei_list class dpl Parameters port_list Port list or all default All ports pcp_list PCP list or all default All PCPs 0 7 dei_list DEI list or all default All DEIs 0 1 class QoS class 0 7 dpl Drop Precedence Level 0 1 QoS Port Classification DSCP Description Set or ...

Page 405: ... Rate Description Set or show the port policer rate Syntax QoS Port Policer Rate port_list rate Parameters port_list Port list or all default All ports rate Rate in kbps or fps 100 15000000 Default Setting 500 Example Set the port policer rate in 1000 NS3552 8P 2S qos Port Policer Rate 1 10 1000 QoS Port Policer Unit Description Set or show the port policer unit Syntax QoS Port Policer Unit port_l...

Page 406: ...e policer mode Syntax QoS Port QueuePolicer Mode port_list queue_list enable disable Parameters port_list Port list or all default All ports queue_list Queue list or all default All queues 0 7 enable Enable port queue policer disable Disable port queue policer default Show port queue policer mode Default Setting Disable QoS Port QueuePolicer Rate Description Set or show the port queue policer rate...

Page 407: ...eueShaper Mode Description Set or show the port queue shaper mode Syntax QoS Port QueueShaper Mode port_list queue_list enable disable Parameters port_list Port list or all default All ports queue_list Queue list or all default All queues 0 7 enable Enable port queue shaper disable Disable port queue shaper default Show port queue shaper mode Default Setting disable Example Enable port queue shape...

Page 408: ...ng disable Example Enable the port queue excess bandwidth mode NS3552 8P 2S qos Port QueueShaper Excess 1 10 0 7 enable QoS Port TagRemarking Mode Description Set or show the port tag remarking mode Syntax QoS Port TagRemarking Mode port_list classified default mapped Parameters port_list Port list or all default All ports classified Use classified PCP DEI values default Use default PCP DEI values...

Page 409: ... 1 10 1 QoS Port TagRemarking Map Description Set or show the port tag remarking map This map is used when port tag remarking mode is set to mapped and the purpose is to translate the classified QoS class 0 7 and DP level 0 1 to PCP and DEI Syntax QoS Port TagRemarking Map port_list class_list dpl_list pcp dei Parameters port_list Port list or all default All ports class_list QoS class list or all...

Page 410: ...cation zero Classify DSCP if DSCP 0 selected Classify DSCP for which class mode is enable all Classify all DSCP default Show port DSCP ingress classification mode Default Setting none Example Set DSCP classification based on QoS class and DP level in zero NS3552 8P 2S QoS Port DSCP Classification 1 10 zero QoS Port DSCP EgressRemark Description Set or show the port DSCP remarking mode Syntax QoS P...

Page 411: ...abled translation table is used to translate incoming frames DSCP value and translated value is used to map QoS class and DP level Syntax QoS DSCP Translation dscp_list trans_dscp Parameters dscp_list DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all default Show DSCP translation table trans_dscp Translated DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 QoS DSCP Trust Description Set or show trusted DSCP val...

Page 412: ...ressRemap Description Set or show DSCP egress remap table This table is used if the port egress remarking mode is remap and the purpose is to map the DSCP and DP level to a new DSCP value Syntax QoS DSCP EgressRemap dscp_list dpl_list dscp Parameters dscp_list DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all dpl_list DP level list or all default All DP levels 0 1 dscp Egress remapped DSCP 0 63 BE ...

Page 413: ...is specified and an entry with this QCE ID already exists the QCE will be modified Otherwise a new QCE will be added If the QCE ID is not specified the next available QCE ID will be used If the next QCE ID parameter qce_id_next is specified the QCE will be placed before this QCE in the list If the next QCE ID is not specified and if it is a new entry added the QCE will be placed last in the list O...

Page 414: ...p Source IP address a b c d n or any dscp DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 or any specific range fragment IPv4 frame fragmented yes no any sport Source TCP UDP port 0 65535 or any specific or port range dport Dest TCP UDP port 0 65535 or any specific or port range ipv6 IPv6 keyowrd sip_v6 IPv6 source address a b c d n or any 32 LS bits class QoS Class class 0 7 default basic classification dp ...

Page 415: ...ows all conflict status default Shows the combined status QoS QCL Refresh Description Resolve QCE conflict status Same H W resource is shared by multiple applications and it may not be available even before MAX QCE entry So user can release the resource in use by other applications and use this command to acquire the resource Syntax QoS QCL refresh Parameters combined static voice_vlan conflicts c...

Page 416: ...able Parameters port disable Mirror port or disable default Show port Default Setting disable Example Set port 2 for the mirror port NS3552 8P 2S mirror port 2 Mirror Mode Description Set or show the mirror mode Syntax Mirror Mode port_list enable disable rx tx Parameters port_list Port list or all default All ports enable Enable Rx and Tx mirroring disable Disable Mirroring rx Enable Rx mirroring...

Page 417: ...k Parameters ip_server TFTP server IP address a b c d file_name Configuration file name check Check configuration file only default Check and apply file Firmware Command Firmware Load Description Load new firmware from TFTP server Syntax Firmware Load ip_addr_string file_name Parameters ip_addr_string IP host address a b c d or a host name string file_name Firmware file name Firmware IPv6 Load Des...

Page 418: ...ommand UPnP Configuration Description Show UPnP configuration Syntax UPnP Configuration Example Show UPnP configuration NS3552 8P 2S upnp configuration UPnP Configuration UPnP Mode Disabled UPnP TTL 4 UPnP Advertising Duration 100 UPnP Mode Description Set or show the UPnP mode Syntax UPnP Mode enable disable Parameters enable Enable UPnP disable Disable UPnP default Show UPnP mode Default Setting...

Page 419: ...ertising Duration Description Set or show UPnP Advertising Duration Syntax UPnP Advertising Duration duration Parameters duration duration range 100 86400 default Show UPnP duration range Default Setting 100 Example Set value 1000 for UPnP Advertising Duration NS3552 8P 2S upnp advertising duration 1000 MVR Command MVR Configuration Description Show the MVR configuration Syntax MVR Configuration E...

Page 420: ...nable disable Parameters enable Enable MVR mode disable Disable MVR mode default Show MVR mode Default Setting disable Example Enable MVR mode NS3552 8P 2S mvr mode enable MVR VLAN Setup Description Set or show per MVR VLAN configuration Syntax MVR VLAN Setup mvid add del upd Name mvr_name Parameters mvid MVR VLAN ID 1 4095 add Add operation del Delete operation upd Update operation name MVR Name ...

Page 421: ...Set or show per MVR VLAN LLQI Last Listener Query Interval Syntax MVR VLAN LLQI vid mvr_name mvr_param_llqi Parameters vid mvr_name MVR VLAN ID 1 4095 or Name Maximum of 32 characters mvr_param_llqi 1 Default Value 5 0 31744 Last Listener Query Interval in tenths of seconds default Show MVR Interface Last Listener Query Interval MVR VLAN Channel Description Set or show per MVR VLAN channel Syntax ...

Page 422: ...ent untagged Untagged IGMP MLD frames will be sent MVR Immediate Leave Description Set or show MVR immediate leave per port Syntax MVR Immediate Leave port_list enable disable Parameters port_list Port list or all default All ports enable Enable Immediate Leave disable Disable Immediate Leave default Show MVR Immediate Leave MVR Status Description Show Clear MVR operational status Syntax MVR Statu...

Page 423: ...2S voice vlan configuration V oice VLAN Configuration Voice VLAN Mode Disabled Voice VLAN VLAN ID 1000 Voice VLAN Age Time seconds 86400 Voice VLAN Traffic Class 7 Voice VLAN OUI Table Telephony OUI Description 00 03 6B Cisco phones 00 0F E2 H3C phones 00 60 B9 Philips and NEC AG phones 00 D0 1E Pingtel phones 00 E0 75 Polycom phones 00 E0 BB 3Com phones 00 01 E3 Siemens AG phones Voice VLAN Port ...

Page 424: ...ode enable disable Parameters enable Enable Voice VLAN mode disable Disable Voice VLAN mode default Show flow Voice VLAN mode Default Setting disable Example Enable the Voice VLAN mode NS3552 8P 2S voice vlan mode enable Voice VLAN ID Description Set or show Voice VLAN ID Syntax Voice VLAN ID vid Parameters vid VLAN ID 1 4095 Default Setting 1000 Example Set ID 2 for Voice VLAN ID NS3552 8P 2S voi...

Page 425: ...t OUI process The maximum entry number is 16 Syntax Voice VLAN OUI Add oui_addr description Parameters oui_addr OUI address xx xx xx The null OUI address isn t allowed description Entry description Use clear or to clear the string No blank or space characters are permitted as part of a contact only in CLI Example Add Voice VLAN OUI entry NS3552 8P 2S voice vlan oui add 00 11 22 test Voice VLAN OUI...

Page 426: ... must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Port Mode port_list disable auto force Parameters port_list Port list or all default All ports disable Disjoin from Voice VLAN auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configures the Voice VLAN members automatically force ...

Page 427: ...nge the discovery protocol to OUI or LLDP to restart the auto detect process Syntax Voice VLAN Discovery Protocol port_list oui lldp both Parameters port_list Port list or all default All ports OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP default Show Voice VLAN discovery protocol Default Setting OUI Ethernet Ring Protection Switching Comma...

Page 428: ...r interconnected sub ring Syntax Erps add group id east_port west_port major sub interconnected virtual_channel major ring id Parameters group id protection group id 1 64 east_port Port 0 of a protection group west_port Port 1 of a protection group major sub ring type interconnected Set for interconnected node virtual_channel Set for virtual channel major ring id major ring of a sub ring when conf...

Page 429: ...D for finding out Continuity Check errors on Port 1 east_raps_mep Mep_ID for transmitting R APS frames on Port 0 west_raps_mep Mep_ID for transmitting R APS frames on Port 1 group_id protection group id for which mep is associating Syntax Erps mep east_sf_mep west_sf_mep east_raps_mep west_raps_mep group id Parameters east_sf_mep SF mep id for Port 0 west_sf_mep SF mep id for Port 1 east_raps_mep ...

Page 430: ...s group id protection group id 1 64 ERPS RPL Owner Clear Description making a node as Non RPL Block for a protection group After clear this node is nore an rpl owner for the given group east west selected east Port 0 or west Port 1 as RPL Block group id protection group id for selecting RPL Block Syntax Erps rpl owner clear group id Parameters group id protection group id 1 64 ERPS Hold Off Timeou...

Page 431: ...p id for configuring wtr time Syntax Erps wtr timeout wtr_timeout group id Parameters wtr_timeout timer timeout values group id protection group id 1 64 ERPS Delete Description deletion of a protection group group id protection group id for deletion Syntax Erps delete group id Parameters group id protection group id 1 64 ERPS Topologychange Description specifying topology change propagation parame...

Page 432: ...ion Loop Protect Mode Description Set or show the Loop Protection mode Syntax Loop Protect Mode enable disable Parameters enable Enable Loop Protection disable Disable Loop Protection Default Setting enable Loop Protect Transmit Description Set or show the Loop Protection transmit interval Syntax Loop Protect Transmit transmit time Parameters Transmit time interval 1 10 seconds Default Setting 5 L...

Page 433: ...e Enable Loop Protection disable Disable Loop Protection Loop Protect Port Action Description Set or show the Loop Protection port action Syntax Loop Protect Port Action port_list shutdown shut_log log Parameters port_list Port list or all default All ports shutdown Shutdown the port shut_log Shutdown the port and Log event log Only Log the event Loop Protect Port Transmit Description Set or show ...

Page 434: ...show the IPMC snooping mode Syntax IPMC Mode mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC snooping disable Disable IPMC snooping default Show global IPMC snooping mode Default Setting disable Example Enable IGMP snooping NS3552 8P 2S ipmc mode igmp enable IPMC Flooding Description Set or show the IPMC unregistered addresses flooding o...

Page 435: ...MC for IPv4 IGMP enable Enable IPMC Leave Proxy disable Disable IPMC Leave Proxy default Show global IPMC Leave Proxy mode Default Setting disable Example Enable IGMP Leave Proxy NS3552 8P 2S ipmc leave proxy igmp enable IPMC Proxy Description Set or show the mode of IPMC Proxy Syntax IPMC Proxy mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable...

Page 436: ...face Syntax IPMC VLAN Add mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 IPMC VLAN Delete Description Delete the IPMC snooping VLAN interface Syntax IPMC VLAN Delete mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 IPMC State Description Set or show the IPMC snooping state for VLAN Syntax IPMC State...

Page 437: ...le IGMP querier for VLAN 1 NS3552 8P 2S ipmc querier igmp 1 enable IPMC Compatibility Description Set or show the IPMC Compatibility Syntax IPMC Compatibility mld igmp vid auto v1 v2 v3 Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs auto v1 v2 v3 auto Auto Compatibility Default Value v1 Forced Compatibility of IGMPv1 or MLDv1 v2 F...

Page 438: ...ld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports 0 No limit 1 10 Group learn limit default Show IPMC Port Throttling Default Setting Unlimited Example Set the max learn 10 groups for ICMP port throttling NS3552 8P 2S ipmc throttling igmp 1 10 10 IPMC Filtering Description Set or show the IPMC port group filtering list Syntax IPMC Filtering mld igmp port_lis...

Page 439: ... in IPMC router port NS3552 8P 2S ipmc riuter igmp 1 enable IPMC Status Description Show IPMC operational status accordingly Syntax IPMC Status mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs Example Show VLAN 1 IPMC operational status NS3552 8P 2S ipmc status igmp 1 IPMC Group Description Show IPMC group addresses acc...

Page 440: ...d port_list Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs port_list Port list or all default All ports IPMC Parameter RV Description Set or show the IPMC Robustness Variable Syntax IPMC Parameter RV mld igmp vid ipmc_param_rv Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show ...

Page 441: ... ipmc_param_qri 1 Default Value 100 0 31744 Query Response Interval in tenths of seconds default Show IPMC Interface Query Response Interval IPMC Parameter LLQI Description Set or show the IPMC Last Listener Query Interval Syntax IPMC Parameter LLQI mld igmp vid ipmc_param_llqi Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs ipmc_p...

Page 442: ...MAC based VLAN entry Syntax VCL Macvlan Add mac_addr vid port_list Parameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 port_list Port list or all default All ports Example Add 00 11 22 33 44 55 66 in VLAN 20 for all port NS3552 8P 2S vcl macvlan add 00 11 22 33 44 55 66 20 1 10 VCL MAC based VLAN Delete Description Delete VCL MAC based VLAN entry Syntax VCL Macvlan Del mac_addr Pa...

Page 443: ...lue Hexadecimal 00 00 00 to FF FF FF pid PID value 0x0 0xFFFF If OUI is 00 00 00 valid range of PID is from 0x0600 0xFFFF group_id Protocol group ID VCL Protocol based VLAN Add LLC Description Add VCL protocol based VLAN LLC protocol to group mapping Syntax VCL ProtoVlan Protocol Add Llc dsap ssap group_id Parameters dsap DSAP value 0x00 0xFF ssap SSAP value 0x00 0xFF group_id Protocol group ID VC...

Page 444: ...l based VLAN group to VLAN mapping Syntax VCL ProtoVlan Vlan Add port_list group_id vid Parameters port_list Port list or all default All ports group_id Protocol group ID vid VLAN ID 1 4095 VCL Protocol based VLAN Delete Description Delete VCL protocol based VLAN group to VLAN mapping Syntax VCL ProtoVlan Vlan Delete port_list group_id Parameters port_list Port list or all default All ports group_...

Page 445: ...a b c d n vid VLAN ID 1 4095 port_list Port list or all default All ports VCL IP Subnet based Vlan Delete Description Delete VCL IP Subnet based VLAN entry Syntax VCL IPVlan Delete vce_id Parameters vce_id Unique VCE ID 1 128 for each VCL entry SMTP Command SMTP Configuration Description Show SMTP configure Syntax SMTP Configuration Default Setting disable SMTP Mode Description Enable or disable S...

Page 446: ...Disable SMTP Authentication default Show SMTP Authentication Default Setting disable SMTP Auth_user Description Set or show SMTP authentication user name configure Syntax SMTP Auth_user auth_user_text Parameters auth_user_text SMTP Authentication User Name Default Setting disable SMTP Auth_pass Description Set or to show SMTP authentication password configure Syntax SMTP Auth_pass auth_pass_text P...

Page 447: ...bject_text SMTP E mail Subject Default Setting Disable SMTP Mail to 1 Description Set or show SMTP e mail 1 to configure Syntax SMTP Mailto1 mailto1_text Parameters mailto1_text SMTP e mail 1 to address Default Setting Disable SMTP Mail to 2 Description Set or show SMTP e mail 2 to configure Syntax SMTP Mailto2 mailto2_text Parameters mailto1_text SMTP e mail 2 to address Default Setting Disable S...

Page 448: ...ource address learning The industrial managed switch will look up the address table for the destination address If not found this packet will be forwarded to all the other ports except the port that this packet comes from These ports will transmit this packet to the network it is connected to If found and the destination address is located at a different port from the one this packet comes from th...

Page 449: ...s and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is on the same segment as the source address This confines network traffic to its respective domain and reduces the overall load on the network The industrial managed switch performs Store and Forward preventing errorne...

Page 450: ...ork 1 Check the per port LED on the industrial managed switch 2 Try another port on the industrial managed switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again The per port LED illuminates but the traffic is irregular Check that the attached device is not set to dedicate full duplex Some devices use a phys...

Page 451: ...de temperature range of 40 to 75 C We recommend using an IFS wide temperature SFP module for the industrial managed switch If an IP address needs to be changed or an admin password is forgotten To reset the IP address to the default IP address 192 168 0 100 or reset the password to default value press the hardware reset button at the front panel for approximately 10 seconds After the device is reb...

Page 452: ... TX When connecting the industrial managed switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the industrial managed switch supports auto MDI Media Dependent Interface MDI X Media Dependent Interface Cross detection This makes it possible to directly connect the industrial managed switch to any Ethernet device without making a crossover...

Page 453: ... Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 2 Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown SIDE 2 Ensure that c...

Page 454: ...e of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine if there are specific traffic object access rights In networking the ACL refers to a list of service ports or network services that are available o...

Page 455: ...b page help text for each specific port property ACL Rate Limiters This page can be used to configure the rate limiters There can be 15 different rate limiters each ranging from 1 1024K packets per second The Ports and Access Control List web pages can be used to assign a Rate Limiter ID to the ACE s or ingress port s AES Advanced Encryption Standard The encryption key protocol is applied in 802 1...

Page 456: ...hering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP Dynamic Host Configuration Protocol It is a pr...

Page 457: ...t number The Remote ID is 6 bytes in length and the value is equal to the DHCP relay agent s MAC address DHCP Snooping DHCP snooping is used to block an intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet into a legitimate conversation between the DHCP client and server DNS Domain Name System It stores and associates many types of ...

Page 458: ...iple multicast groups are in use simultaneously H HTTP Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands For example entering a URL in a browser actually sends an HTTP command to the web server...

Page 459: ...uthentication fails With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network IGMP Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multi...

Page 460: ...gs It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host L LACP LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling several physical ports together to form a single logical port LLDP Link Layer Discovery Protocol is an IEEE 802 1ab standard protocol The LLDP specified in this standard allows stations attac...

Page 461: ... is officially defined in RFC 1321 The MD5 Message Digest Algorithm Mirroring For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD Multicast Li...

Page 462: ...the clocks of computer systems NTP uses UDP datagrams as the transport layer O OAM Operation Administration and Maintenance It is a protocol described in ITU T Y 1731 used to implement carrier Ethernet functionality MEP functionality like CC and RDI is based on this Optional TLVs A LLDP frame contains multiple TLVs For some TLVs it is configurable if the switch includes the TLV in the LLDP frame T...

Page 463: ...rnative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining email on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of email and are not to be confused with the Simple Mail Transfer Protocol SMTP You send email with SMTP and a mail handler receive...

Page 464: ...oviding queuing scheduling and congestion control guarantees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet addres...

Page 465: ...nsfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications regarding incoming mail SNAP SubNetwork Access Protocol SNAP It is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the ...

Page 466: ...eal time clock synchronized IEEE 1588 T TACACS Terminal Acess Controller Access Control System Plus It is a networking protocol that provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority Tag Priority is a 3 bit field storing the p...

Page 467: ...e can contain multiple pieces of information Each of these pieces of information is known as a TLV TKIP Temporal Key Integrity Protocol It is used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet U UDP User Datagram Protocol It is...

Page 468: ...as Q in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded...

Page 469: ...he design of WPA is based on a Draft 3 of the IEEE 802 11i standard WPA Radius Wi Fi Protected Access Radius 802 1X authentication server WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scal...

Page 470: ......

Reviews:

No comments

Related manuals for NS3550-8T-2S

GarrettCom MAGNUM 6KM Installation And User Manual preview
MAGNUM 6KM
Brand: GarrettCom Pages: 24
LAUMAS TLB Installation And User Manual preview
TLB
Brand: LAUMAS Pages: 40
Black Box SW1046A Manual preview
SW1046A
Brand: Black Box Pages: 28
N-Tron 714FX6 Series User Manual & Installation Manual preview
714FX6 Series
Brand: N-Tron Pages: 158
Jlso Tec Trade VH M 1 1 1 Series Operating Manual preview
VH M 1 1 1 Series
Brand: Jlso Tec Trade Pages: 15
Black Box ServSwitch 17S Quick Start Manual preview
ServSwitch 17S
Brand: Black Box Pages: 10
ORiNG TGS-1080-M12 Series Quick Installation Manual preview
TGS-1080-M12 Series
Brand: ORiNG Pages: 2
SICK MSL Series Operating Instructions Manual preview
MSL Series
Brand: SICK Pages: 299
H3C S3100-16T P-EI-W Quick Start Manual preview
S3100-16T P-EI-W
Brand: H3C Pages: 60
nedis VMAT3482AT Manual preview
VMAT3482AT
Brand: nedis Pages: 24
Jabra EHS - Brochure preview
EHS -
Brand: Jabra Pages: 13
Gefen HDMI-242 User Manual preview
HDMI-242
Brand: Gefen Pages: 12
Exsys EX-1195HMS Manual preview
EX-1195HMS
Brand: Exsys Pages: 14
The Siemon Company Block S66M1-50 Specifications preview
Block S66M1-50
Brand: The Siemon Company Pages: 2
G-Force Power Switch G0021 Instruction Manual preview
Power Switch G0021
Brand: G-Force Pages: 2
AMX AVS-OP-1616-567SD Product View preview
AVS-OP-1616-567SD
Brand: AMX Pages: 1
Leonton EG5-0702-SFP Series User Manual preview
EG5-0702-SFP Series
Brand: Leonton Pages: 21
TDT ACO32 Hardware Reference Manual preview
ACO32
Brand: TDT Pages: 21

Brands by name

Popular brands

Load more brands