manualshive.com logo in svg

Interlogix NS3552-8P-2S-V2, User Manual

The Interlogix NS3552-8P-2S-V2 is a reliable and powerful network switch designed for seamless connectivity. For a hassle-free setup, our Quick Installation Manual provides step-by-step instructions. You can easily download this manual for free from manualshive.com, ensuring you have all the necessary guidance to configure and optimize your network.

Share
Download
background image

Chapter 4: Web configuration 

210 

NS3552-8P-2S-V2 User Manual 

Overview of MAC-based authentication 

Unlike 802.1X, MAC-based authentication is not a standard, but merely a best-

practices method adopted by the industry. In MAC-based authentication, users are 

called clients, and the switch acts as the supplicant on behalf of clients. The initial 

frame (any kind of frame) sent by a client is snooped by the switch, which in turn uses 

the client's MAC address as both username and password in the subsequent EAP 

exchange with the RADIUS server. The 6-byte MAC address is converted to a string on 

the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator between 

the lower-cased hexadecimal digits. The switch only supports the MD5-Challenge 

authentication method, so the RADIUS server must be configured accordingly. 
When authentication is complete, the RADIUS server sends a success or failure 

indication, which in turn causes the switch to open up or block traffic for that particular 

client using static entries into the MAC table. Only then will frames from the client be 

forwarded on the switch. There are no EAPOL frames involved in this authentication, 

therefore MAC-based authentication has nothing to do with the 802.1X standard. 
The advantage of MAC-based authentication over 802.1X is that several clients can be 

connected to the same port (e.g., through a third party switch or a hub) and still require 

individual authentication, and the clients don't need special supplicant software to 

authenticate. The disadvantage is that MAC addresses can be spoofed by malicious 

users, equipment whose MAC address is a valid RADIUS user that can be used by 

anyone, and only the MD5-Challenge method is supported.  
The 802.1X and MAC-based authentication configuration consists of two sections, a 

system- and a port-wide.  

Overview of user authentication 

The industrial managed switch may be configured to authenticate users logging into the 

system for management access using local or remote authentication methods, such as 

telnet and web browser. The industrial managed switch provides secure network 

management access using the following options:  
•  Remote Authentication Dial-in User Service (RADIUS) 
•  Terminal Access Controller Access Control System Plus () 
•  Local user name and privilege level control 
RADIUS and  are logon authentication protocols that use software running 

on a central server to control access to RADIUS-aware or TACACS-aware devices on 

the network. An authentication server contains a database of multiple user name / 

password pairs with associated privilege levels for each user that requires management 

access to the industrial managed switch.  

Understanding IEEE 802.1X port-based authentication 

The IEEE 802.1X standard defines a client-server-based access control and 

authentication protocol that restricts unauthorized clients from connecting to a LAN 

through publicly accessible ports. The authentication server authenticates each client 

Summary of Contents for NS3552-8P-2S-V2

Page 1: ...NS3552 8P 2S V2 User Manual P N 1073552 EN REV B ISS 25JAN19 ...

Page 2: ... Canada This Class A digital apparatus complies with CAN ICES 003 A NMB 3 A Cet appareil numérique de la classe A est conforme à la norme CAN ICES 003 A NMB 3 A ACMA compliance Notice This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Certification EU directives This product and if applicabl...

Page 3: ...anagement access overview 35 CLI mode management 36 Web management 38 SNMP based network management 38 Chapter 4 Web configuration 40 Main web page 42 System 43 DHCP server 67 UDLD 79 Simple Network Management Protocol SNMP 81 Port management 91 Link aggregation 98 VLAN 106 Spanning Tree Protocol STP 131 Multicast 149 Quality of Service QoS 172 Access Control Lists ACL 195 Authentication 209 Secur...

Page 4: ...d 410 LLDP MED Command 414 Thermal Command 418 PoE Command 419 Ethernet Virtual Connections Command 420 Ethernet Protection Switching Command 425 Maintainence entity End Point Command 426 Quality of Service Command 433 Mirror Command 446 Configuration Command 447 Firmware Command 448 UPnP Command 448 MVR Command 450 Voice VLAN Command 453 Ethernet Ring Protection Switching Command 458 Loop Protect...

Page 5: ...NS3552 8P 2S V2 User Manual 3 Chapter 8 Troubleshooting 489 Appendix A Networking connection 491 Glossary 493 ...

Page 6: ... regardless of whether any remedy fails of its essential purpose Installation in accordance with this manual applicable codes and the instructions of the authority having jurisdiction is mandatory While every precaution has been taken during the preparation of this manual to ensure the accuracy of its contents UTCFS assumes no responsibility for errors or omissions Advisory messages Advisory messa...

Page 7: ... installation guide 1 DIN rail kit x 1 Wall mounting kit x 1 RS232 console cable x 1 SFP dust proof cap x 2 RJ45 dust proof cap x 9 If any of these are missing or damaged contact your dealer immediately If possible retain the carton including the original packing materials for repacking the product in case there is a need to return it to us for repair Product description Centralized Power Manageme...

Page 8: ... switch can be configured to monitor connected powered device PD status in real time via a ping action After the PD stops working and responding the industrial managed switch resumes the PoE port power and puts the PD back to work The industrial managed switch greatly enhances the network reliability through the PoE port resetting the PD s power source and reducing the administrator management bur...

Page 9: ... and multicast applications It is ideal for the remote access layer of campus or enterprise networks and the aggregation layer of IP metropolitan networks Robust layer 2 features The industrial managed switch can be programmed for advanced switch management functions such as dynamic port link aggregation Q in Q VLAN private VLAN Multiple Spanning Tree Protocol MSTP layer 2 to layer 4 QoS bandwidth...

Page 10: ...is equipped with console web and SNMP management interfaces With the built in web based management interface the industrial switches offers an easy to use platform independent management and configuration facility The industrial managed switch supports standard Simple Network Management Protocol SNMP and can be managed by any management software based on the standard SNMP v1 or v2 protocol For tex...

Page 11: ...ch can directly connect with any IEEE 802 3at end nodes like PTZ Pan Tilt Zoom network cameras PTZ Speed Dome cameras color touch screen Voice over IP VoIP telephones and multi channel wireless LAN access points Besides the wired Internet network by adopting PoE Wireless LAN structure the transportation authority gains benefits from more efficiency and less cost while providing better high speed I...

Page 12: ...e power can be provided via the standard Ethernet cable from the connected industrial managed switch With the industrial managed switch IP Telephony deployment becomes more reliable and cost effective which helps enterprises save tremendous cost when upgrading from traditional telephony systems to IP telephony communications infrastructure Product features Physical port Eight 10 100 1000BASE T gig...

Page 13: ...sification detection Intelligent PoE features Temperature threshold control PoE usage threshold control PD alive check PoE schedule PD power recycling schedule Industrial case and installation IP30 aluminum case DIN rail and wall mount design 48 VDC redundant power with polarity reverse protect function Supports 6000 VDC EFT protection for power line Supports Ethernet ESD protection for 6000 VDC 4...

Page 14: ...id Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Supports link aggregation IEEE 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel static trunk Maximum five trunk groups up to eight ports per trunk group Up to 16 Gbps bandwidth duplex mode Provides port mirror many to 1 Port mirroring to monitor the incoming or outgoing tra...

Page 15: ...02 1x Port Based MAC Based network access authentication Built in RADIUS client to co operate with the RADIUS servers TACACS login users access authentication RADIUS TACACS users access authentication IP based Access Control List ACL MAC based ACL Source MAC IP address binding DHCP snooping to filter distrusted DHCP messages Dynamic ARP inspection discards ARP packets with invalid MAC addresses to...

Page 16: ...nd LLDP MED SFP DDM Digital Diagnostic Monitor Smart discovery utility for deploy management Network diagnostic Cable diagnostic technology provides the mechanism to detect and report potential cabling issues Product specifications Model Name NS3552 8P 2S V2 Hardware Specifications Copper Ports Eight 10 100 1000BASE T RJ45 Auto MDI MDI X ports SFP Slots Two 1000BASE SX LX BX SFP interfaces port 9 ...

Page 17: ...ability 1A 24 VDC Digital Input Two Digital Inputs DI Level 0 24 2 1 V 0 1 V Level 1 2 1 24 V 0 1 V Input load to 24 VDC 10 mA max Digital Output Two Digital Outputs DO Open collector to 24 VDC 100 mA max LED System Power 1 Green Power 2 Green Fault Alarm Green Ring Green Ring Owner Green Per 10 100 1000T RJ45 Ports PoE in use Orange 1000 LNK ACT Green Per SFP Interface 100 LNK ACT Orange 1000 LNK...

Page 18: ... 1000Mbps full and half duplex mode selection Flow control disable enable Bandwidth control on each port Power saving mode control Port Status Display each port s speed duplex mode link status flow control status auto negotiation status trunk status Port Mirroring TX RX both Many to 1 monitor VLAN 802 1Q tagged based VLAN up to 255 VLAN groups Q in Q tunneling Private VLAN Edge PVE MAC based VLAN ...

Page 19: ... 802 3 10BASE T IEEE 802 3u 100BASE TX 100BASE FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x flow control and back pressure IEEE 802 3ad port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of Service IEEE 802 1Q VLAN tagging IEEE 802 1X Port Authentication Network Contro...

Page 20: ...ups 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2933 IGMP STD MIB RFC 3411 SNMP Frameworks MIB IEEE 802 1X PAE LLDP MAU MIB Environment Operating Temperature 40 to 75 C Relative Humidity 5 to 95 non condensing Storage Temperature 40 to 85 C Relative Humidity 5 to 95 non condensing ...

Page 21: ...ourself with its display indicators and ports Front panel illustrations in this chapter display the unit LED indicators Please read this chapter completely before connecting any network device to the industrial managed switch Hardware description The industrial managed switch provides three different running speeds 10Mbps 100Mbps and 1000Mbps and automatically distinguishes the speed of the incomi...

Page 22: ...Chapter 2 Installation 20 NS3552 8P 2S V2 User Manual Physical dimensions Dimensions W x D x H 152 x 107 x 72 mm ...

Page 23: ...s Reset button pressed and released Function 5 seconds System reboot Reboots the industrial managed switch 5 seconds Factory default Resets the industrial managed switch to factory default configuration The switch then reboots and loads the default settings as shown below Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 16...

Page 24: ...is providing 48 56 VDC in line power Off indicates that the connected device is not a PoE powered device PD Per SFP interface port 9 port 10 mini GBIC LED Color Function LNK ACT Green Lit indicates the port has successfully connected to the network Blinking indicates that the switch is actively sending or receiving data over that port 1000 Orange Lit indicates the port has successfully connected t...

Page 25: ... wires or tightening the wire clamp screws make sure the power is OFF to avoid electrical shock Wiring the fault alarm contact The fault alarm contacts are in the middle 3 4 of the terminal block connector as the picture shows below Inserting the wires the industrial managed switch detects the fault status of the power failure or port link failure The following illustration shows an application ex...

Page 26: ...avoid electrical shock Wiring the digital input output The 6 contact terminal block connector on the rear panel of the industrial managed switch is used for digital input and digital output Please follow the steps below to insert wires 1 The industrial managed switch offers two DI and DO groups 1 and 2 are DI groups 3 and 4 are DO groups and 5 and 6 are GND ground 2 Tighten the wire clamp screws f...

Page 27: ...ups for you to monitor two different devices The following topology shows how to wire DI0 and DI1 4 There are two Digital Output groups for you to sense port failure or power failure and issue a high or low signal to the external device The following topology shows how to wire DO0 and DO1 ...

Page 28: ...the wiring the power inputs section for information about how to wire the power The power LED on the industrial managed switch illuminates Refer to the LED Indicators section for information about LED functionality 4 Prepare the twisted pair straight through Category 5 cable for Ethernet connection 5 Insert one side of RJ45 cable category 5 into the industrial managed switch Ethernet port RJ45 por...

Page 29: ...this does not allow air to flow up into the device and will result in damage to the switch Do not tie DC1 to DC2 DC2 is for secondary power redundancy Do not plug DC power into the device while the AC power cord is plugged in This is not a hot swappable switch Hot swapping this device will result in damage DIN rail mounting Note Follow all the DIN rail installation steps as shown in the example To...

Page 30: ...ll mount plate mounting Note Follow all the wall mount plate installation steps as shown in the example To install the industrial managed switch on the wall 1 Remove the DIN rail from the industrial managed switch Use the screwdriver to loosen the screws to remove the DIN rail 2 Place the wall mount plate on the rear panel of the industrial managed switch ...

Page 31: ...managed switch The port will automatically run in 10 Mbps 20 Mbps 100 Mbps or 200 Mbps and 1000 Mbps or 2000 Mbps after negotiating with the connected device The industrial managed switch has eight SFP interfaces that support 100 1000 Mbps dual speed mode optional multi mode single mode 100BASE FX 1000BASE SX LX SFP module Cabling Each 10 100 1000BASE T port uses an RJ45 socket similar to phone ja...

Page 32: ...nect to the industrial managed switch by using straight through wires The two 10 100 1000Mbps ports are auto MDI MDI X and can be used on straight through or crossover cable Installing the SFP SFP transceiver SFP transceivers are hot pluggable and hot swappable They can be plugged in and removed to from any SFP port without having to power down the industrial managed switch see below Approved Inte...

Page 33: ...C A 20 LC 1 Single Mode 20 km 12 mi 1310 1550 nm 18 14 8 32 0 to 50 C 32 to 122 F S25 1SLC B 20 LC 1 Single Mode 20 km 12 mi 1550 1310 nm 18 14 8 32 40 to 75 C 40 to 167 F Gigabit Ethernet 1000Base SX S30 2MLC LC 2 Multi mode 220 550 m 720 1800 ft 850 nm 7 5 9 5 1 17 0 to 50 C 32 to 122 F S35 2MLC LC 2 Multi mode 220 550 m 720 1800 ft 850 nm 7 5 14 8 17 40 to 75 C 40 to 167 F OM1 Multimode fiber 2...

Page 34: ...0 nm 24 0 5 24 0 to 50 C 32 to 122 F S30 1SLC B 60 LC 1 Single Mode 60 km 37 mi 1490 1310 nm 24 0 5 24 0 to 50 C 32 to 122 F Note High Power Optic There must be a minimum of 5 dB of optical loss to the fiber for proper operation Note We recommend the use of Interlogix SFPs on the industrial managed switch If you insert an SFP transceiver that is not supported the industrial managed switch will not...

Page 35: ...side being male duplex LC connector type To connect to a SFP transceiver use the single mode fiber cable with one side being male duplex LC connector type To connect the fiber cable 1 Attach the duplex LC connector on the network cable to the SFP transceiver 2 Connect the other end of the cable to a device with the SFP transceiver installed 3 Check the LNK ACT LED of the SFP slot on the front of t...

Page 36: ...552 8P 2S V2 User Manual Note Never pull out the module without making use of the lever or the push bolts on the module Removing the module with force could damage the module and the SFP module slot of the industrial managed switch ...

Page 37: ...ions must have an Ethernet NIC Network Interface Card installed Ethernet port connection Use standard network UTP cables with RJ45 connectors Workstations must have a web browser and Java runtime environment plug in installed Note We recommend the use of Internet Explorer 11 0 or later to access the industrial managed switches Management access overview The industrial managed switch provides the f...

Page 38: ...el Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need to only know the community name CLI mode management There are two methods for CLI mode management remote telnet and operation from a console port Remote telnet is an IP based protocol and a console port operates the indu...

Page 39: ...ter 3 Switch management NS3552 8P 2S V2 User Manual 37 Remote Telnet In a Windows system open the command prompt screen type telnet 192 168 0 100 and press Enter on the keyboard The following screen appears ...

Page 40: ... industrial managed switch s console port Web management requires Microsoft Internet Explorer 11 0 or later SNMP based network management Use an external SNMP based application to configure and manage the industrial managed switches such as SNMP Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Networ...

Page 41: ...Chapter 3 Switch management NS3552 8P 2S V2 User Manual 39 ...

Page 42: ...o explicitly modify the browser setting to enable Java Applets to use network ports The industrial managed switches can be configured through an Ethernet connection when the manager computer is set to the same IP subnet address as the industrial managed switch For example if the default IP address of the industrial managed switch is 192 168 0 100 then the administrator computer should be set at 19...

Page 43: ...creen appears type the default username admin with password admin or the username and password you have changed via console to log into the main screen of the industrial managed switch 3 After typing the username and password the main UI screen appears The main menu on the left side of the web page permits access to all the functions and status provided by the industrial managed switch Note For se...

Page 44: ...de can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page Port status is indicated as follows State Disabled Down Link PoE On RJ45 Ports SFP Ports Not supported Main menu Using the web interface you can define system parameters manage and control the industrial managed switch and all its ports or monit...

Page 45: ... details of the industrial managed switch Under the System list the following topics are provided to configure and view the system information This list contains the following items System information The System Infomation page provides information on the current device such as the hardware MAC address software version and system uptime ...

Page 46: ...re System Date The current GMT system time and date The system time is obtained through the configured NTP server if present System Uptime The period of time the device has been operational Software Version The software version of the industrial managed switch Software Date The date when the industrial managed switch software was produced Select the Auto refresh check box to refresh the page autom...

Page 47: ...ovide the IP address of this switch in dotted decimal notation IP Mask Provide the IP mask of this switch dotted decimal notation IP Router Provide the IP address of the router in dotted decimal notation VLAN ID Provide the managed VLAN ID The allowed range is 1 through 4095 DNS Server Provide the IP address of the DNS Server in dotted decimal notation DNS Proxy When DNS proxy is enabled DUT will ...

Page 48: ...l is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 Prefix Provide the IPv6 Prefix of this switch The allowed range is 1 to 128 Router Provide the IPv6 gateway address of this switch IPv6 address is in 128 bit records represented as ...

Page 49: ...ed full control of the device Other values need to refer to each group privilege level User privileges should be the same or greater than the group privilege level to have access to that group By default most groups privilege level 5 has read only access and privilege level 10 has read write access System maintenance software upload factory defaults etc requires user privilege level 15 Generally p...

Page 50: ...vilege level 5 has read only access and privilege level 10 has read write access System maintenance software upload factory defaults etc requires user privilege level 15 Generally privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Buttons Click Save to save changes Click Reset to undo any changes made...

Page 51: ... module e g LACP RSTP or QoS but a few of them contain more than one The following description defines these privilege level groups in detail System Contact Name Location Timezone Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY ...

Page 52: ...nym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP data grams as a transport layer You can specify NTP servers and GMT time zone in this page This page includes the following fields Object Description Mode Indicates the NTP mode operation Possible modes are Enabled Enable NTP mode operation When enabling NTP mode operation the agent forwa...

Page 53: ...for legal commercial and social purposes It is convenient for areas in close commercial or other communication to maintain the same time so time zones tend to follow the boundaries of countries and their subdivisions Configure the time zone on the Time Zone Configuration page This page includes the following fields Object Description Time Zone Lists various Time Zones worldwide Select the appropri...

Page 54: ...Select the ending hour Minutes Select the ending minute Offset Settings Enter the number of minutes 1 to 1440 to add during Daylight Saving Time Buttons Click Save to apply changes Click Reset to undo any changes made locally and revert to previously saved values UPnP UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the imp...

Page 55: ...to transfer DHCP messages between the clients and the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can us...

Page 56: ...n When enabling DHCP relay information mode operation the agent inserts specific information option82 into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client It only works when DHCP relay operation mode is enabled Disabled Disable DHCP relay information mode operation Relay Information Policy Indicates the DHCP relay information option...

Page 57: ...kets received from the server Receive Missing Agent Option The number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID option missing Receive Missing Remote ID The number of packets received with the Remote ID option missing Receive Bad Circuit ID The number of packets in which the Circuit ID option does not match w...

Page 58: ...eived is kept with the relay agent information option Drop Agent Option The number of packets received is dropped with the relay agent information option Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to immediately refresh the page Click Clear to clear all statistics CPU load This page displays the CPU load us...

Page 59: ...e page includes the following fields Object Description ID The ID 1 of the system log entry Level The level of the system log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Clear Level Clears the system log entry level The following level types are supported Info Infor...

Page 60: ...e last entry currently displayed Click to update the system log entries starting from the last entry currently displayed Click I to update the system log entries ending at the last available entry ID Detailed log The Detailed System Log Information page displays the industrial managed switch system log information details The page includes the following fields Object Description ID The ID 1 of the...

Page 61: ...to the syslog server The syslog protocol is based on UDP communication and received on UDP port 514 The syslog server will not send acknowledgments back to sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet is always sent out even if the syslog server does not exist Selections include Enabled Enable remote syslog mode operation Disabled Disable ...

Page 62: ...n is enabled if selected Authentication is required when an email is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type the sender s email address This address is used for reply emails E mail Subject Type the subject title of the email E mail 1 To...

Page 63: ...the Enable check bo to disable the digital input output function Condition As Digital Input Allows the user to select High to Low or Low to High This means a signal received by system is from High to Low or From Low to High It will trigger an action that logs a customize message or issue the message from the switch As Digital Output Allows user to select High to Low or Low to High This means that ...

Page 64: ...he port to be monitored Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Fault alarm The Fault Alarm Control Configuration page manages the fault alarm output The page includes the following fields Object Description Enable Controls whether or not the Fault Alarm is enabled on this switch Record Controls whether or not Record is ...

Page 65: ...rmware file and then click Upload The Software Upload Progress displays the file with upload status 4 After the software is uploaded to the system successfully the following screen appears The system loads the new software after reboot Note DO NOT Power OFF the industrial managed switch until the update progress is completed Note Do not quit the Firmware Upgrade page without clicking the OK button...

Page 66: ...the switch This file is volatile startup config The startup configuration for the switch read at boot time default config A read only file with vendor specific configuration This file is read when the system is restored to default settings It is also possible to store up to two other files and apply them to running config thereby switching configuration The Download Configuration page permits the ...

Page 67: ...tioned above plus two other files it is not possible to create new files unless an existing file is overwritten or another is deleted first Configuration activate The Activate Configuration page permits activation of the startup config and default config files on the switch It is possible to activate any of the configuration files present on the switch except for running config which represents th...

Page 68: ... in the device and permits you to revert to the alternate image The web page displays two tables with information about the active and alternate firmware images Note If the active firmware image is the alternate image only the Active Image table is shown In this case the Activate Alternate Image button is also disabled Note 1 If the alternate image is active due to a corruption of the primary imag...

Page 69: ... the alternate image This button may be disabled depending on the system state After clicking Activate Alternate Image click OK to restart the system and use the alternate image System reboot The Restart Device page permits the device to be rebooted from a remote location After clicking the Yes button to restart log in to the web interface about 60 seconds later Buttons Click Yes to reboot the sys...

Page 70: ...be added in the IP Configuration page Enabled Enable disable DHCP server service to the VLAN Buttons Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved values Excluded IP The DHCP Server Excluded IP Configuration page permits exclusion of IP addresses for static IP address devices such as servers or routers The DHCP server will not allocate the...

Page 71: ...uded IPs or both Buttons Click Add IP Range to add an IP range Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved values Pool The DHCP Server Pool Configuration page manages DHCP pools According to the DHCP pool the DHCP server will allocate IP addresses and deliver configuration parameters to the DHCP client Adding a pool and giving it a name ...

Page 72: ...e than one DHCP client Host the pool services for a specific DHCP client identified by client identifier or hardware address If appears it means not defined IP Indicates the network number of the DHCP address pool If appears it means not defined Subnet Mask Indicates the subnet mask of the DHCP address pool If appears it means not defined Lease Time Indicates the lease time of the pool Buttons Cli...

Page 73: ...Chapter 4 Web configuration NS3552 8P 2S V2 User Manual 71 ...

Page 74: ...es to service more than one DHCP client Host the pool services for a specific DHCP client identified by client identifier or hardware address IP Indicates the specific network number of the DHCP address pool Subnet Mask DHCP option 1 Specifies the subnet mask of the DHCP address pool Lease Time DHCP option 51 58 and 59 Specifies the lease time that allows the client to request a lease time for the...

Page 75: ...d in order of preference NIS Domain Name DHCP option 40 Specifies the name of the client s NIS domain NIS Server DHCP option 41 Specifies a list of IP addresses indicating NIS servers available to the client Client Identifier DHCP option 61 Specifies the client s unique identifier to be used when the pool is the type of host Select the type of client identifier at first None client identifier is n...

Page 76: ...corresponding option 43 specific information to the client that sends the option 60 vendor class identifier Vendor 3 Specific Information DHCP option 43 Specifies vendor specific information according to the option 60 vendor class identifier Vendor 4 Class Identifier DHCP option 60 Specifies the identifier to be used by the DHCP client to optionally identify the vendor type and configuration of a ...

Page 77: ... to a client host pool type Expired Binding Number of bindings in which the lease time expired or they are cleared from Automatic Manual type bindings Binding counters Displays the counters of various bindings Object Description Automatic Binding Number of bindings with network type pools Manual Binding Number of bindings that the administrator assigns an IP address to a client host pool type Expi...

Page 78: ...ed DHCP message sent counters Displays the counters of DHCP messages sent by the DHCP server Object Description Offer Number of DHCP OFFER messages sent Ack Number of DHCP ACK messages sent Nak Number of DHCP NAK messages sent Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately Click ...

Page 79: ...to refresh the page immediately Click Clear Selected to clear the selected bindings If the selected binding is Automatic or Manual then it is changed to Expired If the selected binding is Expired then it is freed Click Clear Automatic to clear all automatic bindings and change them to Expired bindings Click Clear Manual to clear all manual bindings and change them to Expired bindings Click Clear E...

Page 80: ...es the following fields Object Description RX and TX Discover The number of discover option 53 with value 1 packets received and transmitted RX and TX Offer The number of offer option 53 with value 2 packets received and transmitted RX and TX request The number of request option 53 with value 3 packets received and transmitted RX and TX Decline The number of decline option 53 with value 4 packets ...

Page 81: ... number of lease active option 53 with value 13 packets received and transmitted RX Discarded Checksum Error The number of discarded packets where IP UDP checksum is in error RX Discarded from Untrused The number of discarded packets that are coming from an untrusted port Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click ...

Page 82: ...ggressive In aggressive mode unidirectional detected ports will get shut down To bring back the ports up disable UDLD on the ports Message Interval Configures the period of time between UDLD probe messages on ports that are in the advertisement phase and are determined to be bidirectional The range is from 7 to 90 seconds default value is 7 seconds Currently the default time interval is supported ...

Page 83: ... refresh occurs every three seconds Click Refresh to refresh the page immediately Simple Network Management Protocol SNMP SNMP overview The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devices It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol suite SNMP permits networ...

Page 84: ... to set values for object instances within an agent Trap Used by the agent to asynchronously inform the NMS of some event The SNMPv2 trap message is designed to replace the SNMPv1 trap message SNMP community An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent The community name is used to identify the group An SNMP de...

Page 85: ...operation Selections include Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Version Indicates the SNMP supported version Selections include SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported version 3 Read Community Indicates the community read access string to permit access to the SNMP agent The allowed st...

Page 86: ... changes Click Reset to undo any changes made locally and revert to previously saved values The SNMP trap configuration table includes the following fields Object Description Trap Mode Indicates the SNMP trap mode operation Selections include Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Trap Version Indicates the SNMP trap supported version Selections include S...

Page 87: ...wed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values SNMP system information The switch system information is provided in the System Information Configuration page The page includes the following fields Object Descr...

Page 88: ... The entry index key is Community The page includes the following fields Object Description Delete Select the check box to delete the entry It will be deleted during the next save Community Name Indicates the security name to map the community to the SNMP Groups configuration The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Source IP Indicates the SNM...

Page 89: ...e ID then it is local user otherwise it is a remote user User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Selections include NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentica...

Page 90: ...tent is the ASCII characters from 33 to 126 Buttons Click Add New Entry to add a new user entry Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values SNMPv3 groups Configure SNMPv3 groups on the SMNPv3 Group Configuration page The entry index keys are Security Model and Security Name The page includes the following fields Object Description D...

Page 91: ...ing fields Object Description Delete Select Delete to delete the entry It will be deleted during the next save View Name A string identifies the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 View Type Indicates the view type that this entry should belong to Selections include included An optional flag ...

Page 92: ... Security Model Indicates the security model that this entry should belong to Selections include any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Selections include NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and ...

Page 93: ... connection settings Port Statistics Overview Lists Ethernet and RMON port statistics Port Statistics Detail Lists Ethernet and RMON port statistics SFP Module Information Displays SFP information Port Mirror Sets the source and target ports for mirroring Port configuration Ports can be configured on the Port Configuration page The page includes the following fields Object Description Port This is...

Page 94: ...on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 bytes Excessive Collision Mode Configure port tr...

Page 95: ...ames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Buttons Click Refresh to refresh the page immediately Click Clear to clear the counters for all ports Select the Auto refresh check box to enable an automatic refresh of the page at regular intervals Port statistics detail The Port Statistics Detail page provides detailed tr...

Page 96: ...d and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that has an opcode indicating a PAUSE operation Receive and transmit size counters The number of received a...

Page 97: ... that are longer than the configured maximum frame length for this port Transmit error counters Object Description Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Buttons Click Refresh to refresh the page immediately Click Clear to clear the counters for all ports Select the Auto refresh check b...

Page 98: ... the current SFP module Temperature C Displays the temperature of the current SFP module Voltage V Displays the voltage of the current SFP module Current mA Displays the Ampere of the current SFP module TX power dBm Displays the TX power of the current SFP module RX power dBm Displays the RX power of the current SFP module Buttons Select the SFP Monitor Event Alert check box The switch will be in ...

Page 99: ...t if necessary To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The industrial managed switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity The traffic ...

Page 100: ...ll ports are selected Mode Select mirror mode Note For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on the mirror port Because of this the mode for the selected mirror port is limited to Disabled or Rx only Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Link aggregation Port Agg...

Page 101: ...ic LAGs Port Trunk Force aggregated selected ports to be a trunk group Link Aggregation Control Protocol LACP LAGs LACP LAGs negotiate aggregated port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them The Link Aggregation Control Protocol LACP provides a standardized means for exchanging information betw...

Page 102: ...k aggregation ports before removing a port link aggregation to avoid creating a data loop It allows a maximum of 10 ports to be aggregated at the same time The industrial managed switch supports Gigabit Ethernet ports up to five groups If the group is defined as a LACP static link aggregationing group then any extra ports selected are placed in a standby mode for redundancy if one of the other por...

Page 103: ...eck it to disable By default the Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Select the check box to enable the use of the Destination MAC Address or uncheck it to disable By default the Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the...

Page 104: ... or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values LACP configuration LACP LAG negotiates aggregated port links with other LACP ports located on a different device LACP allows switches connected to each other to di...

Page 105: ...le ports with different keys cannot Role The Role shows the LACP activity status The Active selection transmits LACP packets each second while the Passive setting waits for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast transmits LACP packets each second while the Slow selection provides a wait for 30 seconds before sending a...

Page 106: ...ner System ID The system ID MAC address of the aggregation partner Partner Key The key that the partner has assigned to this aggregation ID Partner Priority The priority of the aggregation partner Last changed The time since this aggregation changed Local Ports Shows which ports are a part of this aggregation for this switch Buttons Click Refresh to to refresh the page immediately Select the Auto ...

Page 107: ...ts LACP status is disabled Key The key is assigned to this port Only ports with the same key can aggregate together Aggregation ID The aggregation ID assigned to this aggregation group Partner System ID The partner s system ID MAC address Partner Port The partner s port number connected to this port Partner Priority The partner s port priority Buttons Click Refresh to to refresh the page immediate...

Page 108: ...k into different broadcast domains so that packets are forwarded only between ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily VLAN can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains A VLAN is a collection of end nodes grouped by logic instead of physical location End nodes that frequently c...

Page 109: ...des into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network managem...

Page 110: ...gh a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header 802 1Q VLAN tags There are four additional octets inserted after the source MAC address as shown in the following 802 1...

Page 111: ...lso assigned a PVID for use within the switch If no VLANs are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID of the port on which they were received Forwarding decisions are based upon this PVID in so far as VLANs are concerned Tagged packets are forwarded according to the VID contained within the tag Tagged packets...

Page 112: ...ant a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then this port should be added to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing them on to ...

Page 113: ...itch port VLAN This page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is also configured on this page All untagged packets arriving to the device are tagged by the port s PVID Managed switch nomenclature IEEE 802 1Q tagged and untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged Tagged Ports with tagging enabled put t...

Page 114: ...n they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might be mixed Assigning ...

Page 115: ...space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 is used for service provider tags In cases where a given service VLAN only has two member ports on the switch the learning can be disabled for the particular VLAN and can therefore rely on flooding as the forwarding mechanism between the two ports This way the MAC ...

Page 116: ...gged frames received on the port are discarded By default the field is set to All Link Type Allow 802 1Q Untagged or Tagged VLAN for selected port When adding a VLAN to selected port it tells the switch whether to keep or remove the tag from a frame on egress Untag outgoing frames without VLAN Tagged Tagged outgoing frames with VLAN Tagged Q in Q Mode Sets the industrial managed switch to QinQ mod...

Page 117: ... numbers The VLAN name should contain at least one alpha character The VLAN name can be edited for the existing VLAN entries or it can be added to the new entries Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN select a check box To remove or exclude the port from the VLAN deselect a check box By default no ports are members and all boxes a...

Page 118: ...on VLAN ID Indicates the ID of this particular VLAN Port Members The VLAN Membership Status Page shows the current VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users is selected it shall show this information for all the VLAN Users and this is the default VLAN membership allows the frames classified to the VLAN ID to be ...

Page 119: ...create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Buttons Select VLAN Users from the Combined drop down list Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately Click I to update the table starting f...

Page 120: ... packet s behavior at the egress side Buttons Select VLAN Users from the Static drop down list Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately Private VLAN The Private VLAN Membership Configuration page allows you to configure private VLAN membership The private VLAN membership configurat...

Page 121: ...sage appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new Private VLANs Buttons Select Add new Private VLAN from the Static drop down list Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs ever...

Page 122: ...ous ports in the private VLAN Ports that can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask...

Page 123: ...alues Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately VLAN setting examples This section covers the following setup scenarios Separate VLAN 802 1Q VLAN Trunk Port Isolate Two Separate 802 1Q VLANs The diagram below shows how the industrial managed switch handles tagged and untagged traffi...

Page 124: ...tch will tag it with a VLAN Tag 2 PC 2 and PC 3 will receive the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away becoming an untagged packet 4 While the packet leaves Port 3 it will remain as a tagged packet with VLAN Tag 2 Tagged packet entering VLAN 2 1 While PC 3 a tagged packet with VLAN Tag 2 enters Port 3 PC 1...

Page 125: ...p Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 3 Remove VLAN member for VLAN 1 Remember to remove Port 1 Port 6 from VLAN 1 membership since Port 1 Port 6 has been assigned to VLAN 2 and VLAN 3...

Page 126: ...ween two 802 1Q aware switches In most cases they are used for Uplink to other switches VLANs are separated at different switches but they need access to other switches within the same VLAN group Setup steps 1 Create a VLAN group Set VLAN Group 1 Default VLAN with VID VLAN ID 1 ...

Page 127: ...ts 5 Specify Port 8 to be the 802 1Q VLAN trunk port and the trunking port must be a tagged port during egress The Port 7 configuration is shown below Both the VLAN 2 members of Port 1 to Port 3 and VLAN 3 members of Port 4 to Port 6 belong to VLAN 1 But with different PVID settings packets from VLAN 2 or VLAN 3 are not able to access the other VLAN 6 Repeat Steps 1 to 5 by setting up the VLAN tru...

Page 128: ...s The Port Isolation Configuration page appears 2 Assign VLAN Member VLAN 1 Port 1 Port 2 Port 5 and Port 3 VLAN 2 Port 3 Port 6 The Private VLAN Membership Configuration page appears MAC based VLAN The MAC based VLAN entries can be configured on the MAC based VLAN Membership Configuration page This page allows for adding and deleting MAC based ...

Page 129: ...based VLAN Click Add New Entry to add a new MAC based VLAN entry An empty row is added to the table and the MAC based VLAN entry can be configured as needed Any unicast MAC address can be configured for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled when clicking Save A MAC based VLAN wi...

Page 130: ... The page includes the following fields Object Description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Buttons Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page immediately Protocol based VLAN The Protocol to Group Mapping Ta...

Page 131: ...ent sub values a OUI OUI Organizationally Unique Identifier is value in format of xx xx xx where each pair xx in string is a hexadecimal value ranges from 0x00 0xff b PID If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that or...

Page 132: ...up Name is a unique 16 character long string for every entry which consists of a combination of alpha characters a z or A Z and integers 0 9 No special character is allowed Whichever group name you try map to a VLAN must be present in the Protocol to Group mapping table and must not be used by any other existing mapping entry on this page VLAN ID Indicates the ID to which the group name will be ma...

Page 133: ... Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s The IEEE 802 1D Spanning Tree Protocol and IEEE 802 1w Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network When multiple links between switches are detected a primary link is established Duplicated links are blocked from use and become standby link...

Page 134: ...ort identifier of the transmitting port The switch sends BPDUs to communicate and construct the spanning tree topology All switches connected to the LAN on which the packet is transmitted will receive the BPDU BPDUs are not directly forwarded by the switch but the receiving switch uses the information in the frame to calculate a BPDU and if the topology changes initiates a BPDU transmission The co...

Page 135: ...delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Each port on a switch using STP exists is in one of the following five states Blocking The port is blocked from forwarding or receiving packets Listening...

Page 136: ...TP enabled ports until the forwarding state is enabled for that port STP parameters STP operation levels The industrial managed switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in mu...

Page 137: ...g and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Default Value Port Priority A relative priority for each port lower numbers give a higher priority and a greater chance of a given port being elected as the root port 128 Port Cost A value us...

Page 138: ...t bridge If the switch has the lowest bridge identifier it will become the root bridge Forward Delay Timer The forward delay can be from 4 to 30 seconds This is the time any port on the switch spends in the listening state while moving from the blocking state to the forwarding state Note Observe the following formulas when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _...

Page 139: ...ings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the priority setting or influencing STP to choose a particular port to block using the port priority and port cost settings is however relatively straightforward In this example only the default STP values are used The switch with the lowest br...

Page 140: ...ocol MSTP Defines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN MSTP configures a separate spanning tree for each VLAN group and blocks all but one of the possible alternate paths within each spanning tree The page includes the following fields Basic settings Object Description Protocol Version The STP protocol version setting Selections are STP RSTP an...

Page 141: ...ttings Object Description Edge Port BPDU Filtering Controls whether a port explicitly configured as Edge will transmit and receive BPDUs Edge Port BPDU Guard Controls whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port enters the error disabled state and is removed from the active topology Port Error Recovery Controls whether a port in the error disab...

Page 142: ...is bridge instance Root ID The bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the root bridge this is zero For all other bridges it is the sum of the port path costs on the least cost path to the root bridge Topology Flag The current state of the topology change flag for this bridge instance Topology Chang...

Page 143: ...ered The path cost is used when establishing the active topology of the network Lower path cost ports can be chosen as forwarding ports in favor of higher path cost ports Valid values are in the range of 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 All means all ports wil...

Page 144: ...egion of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently BPDU Guard If enabled causes the port to disable itself upon receiving valid BPDU s Contrary to the similar bridge setting the port Edge status does not effect this setting A port entering...

Page 145: ... 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Default STP path costs Port Type Link Type IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 2 000 000 1 000 000 500 000 Fast Ethernet Half Duplex Full Duplex Trunk 200 000 100 000 ...

Page 146: ...Lower numerical values have higher priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a bridge identifier Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values MSTI configuration The MSTI Configuration page permits the user to inspect and change the current STP MSTI ...

Page 147: ...Chapter 4 Web configuration NS3552 8P 2S V2 User Manual 145 ...

Page 148: ...t explicitly mapped VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with a comma and or space A VLAN can only be mapped to one MSTI A unused MSTI should be left empty i e not have any VLANs mapped to it Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values MSTI ports configuration The MSTI Port Configura...

Page 149: ...urred by the port The Auto setting sets the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 2000000...

Page 150: ...owing fields Object Description Port The switch port number of the logical STP port CIST Role The current STP port role of the ICST port The port role can be one of the following values AlternatePort BackupPort RootPort DesignatedPort CIST State The current STP port state of the CIST port The port state can be one of the following values Disabled Blocking Learning Forwarding Non STP Uptime The tim...

Page 151: ...P Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Select the Auto refresh check box to refresh the p...

Page 152: ...unicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as queried This router then keeps track of the membership of the multicast groups that have active members The information received from IGMP is then used to determine whether or n...

Page 153: ...Chapter 4 Web configuration NS3552 8P 2S V2 User Manual 151 Multicast flooding IGMP snooping multicast stream control ...

Page 154: ...p of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries ...

Page 155: ...ected querier and assumes the role of querying the LAN for group members It then propagates the service requests to any upstream multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet IGMP snooping configuration Th...

Page 156: ...nabled When IGMP snooping is disabled unregistered IPMCv4 traffic flooding is always active IGMP SSM Range SSM Source Specific Multicast range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Leave Proxy Enable Enable IGMP leave proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enable Enable IG...

Page 157: ...g connected to this port Use this mode when connecting other IGMP multicast servers directly to the non querier industrial managed switch and you don t want the multicast stream to be flooded to the uplink switch through the port that connected to the IGMP querier Fast Leave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to which a switch port can belong...

Page 158: ... the IGMP control frame priority level generated by the system These values can be used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest The default interface priority value is 0 RV Robustness Variable The RV permits tuning for the expected packet loss on a network The allowed range is 1 to 255 The default robustness variable value is 2 QI Query Interval T...

Page 159: ...ills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a port can join The IGMP Snooping Port Group Filtering Configuration page permits assigning a profile to a switch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile can contain one or mo...

Page 160: ...ext save Port The logical port for the settings Filtering Group The IP multicast group that will be filtered Buttons Click Add New Filtering Group to add a new entry to the Group Filtering table Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values IGMP snooping status The IGMP Snooping Status page provides IGMP snooping status ...

Page 161: ...e acting as router ports Port Switch port number Status Indicates whether or not the specific port is a router port Buttons Click Refresh to refresh the page immediately Click Clear to clear all statistics counters Select Auto refresh to automatically refresh the page every three seconds IGMP group information Entries in the IGMP group table are shown in the IGMP Snooping Group Information page Th...

Page 162: ...MPv3 information Entries in the IGMP SFM Source Filtered Multicast information table are shown on the IGMP SFM Information page The table also contains SSM Source Specific Multicast information The table is sorted first by VLAN ID then by group and then by port number Different source addresses that belong to the same group are treated as a single entry Each page shows up to 99 entries from the IG...

Page 163: ...filtering to 128 Type Indicates the type It can be either Allow or Deny Hardware Filter Switch Indicates if the data plane destined to the specific group address from the source IPv4 address can be accomodated by the chip Buttons Select Auto refresh to automatically refresh the page every three seconds Click Refresh to refresh the table starting from the input fields Click I to update the table st...

Page 164: ...s act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation acts as a router port Selections are Auto Fix Fone and the default compatibility value is Auto All means all ports will have one specific setting Fast Leave Enable fast leave on the port ...

Page 165: ...queries sent by the querier The allowed range is 1 to 31744 seconds The default query interval is 125 seconds QRI Query Response Interval This is the maximum response time used to calculate the maximum resp code inserted into the periodic general queries The allowed range is 0 to 31744 in tenths of seconds The default query response interval is 100 in tenths of seconds 10 seconds LLQI Last Listene...

Page 166: ...limits the number of simultaneous multicast groups a port can join The MLD Snooping Port Filtering Profile Configuration page permits assigning a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses However only one profile can be assigned to a port When enabled MLD join repo...

Page 167: ...leted during the next save Port The logical port for the settings Filtering Group The IP Multicast Group that will be filtered Buttons Click Add New Filtering Group to add a new entry to the Group Filtering table Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values MLD snooping status The MLD Snooping Status page provides MLD snooping status...

Page 168: ... are acting as router ports Port Switch port number Status Indicates whether or not the specific port is a router port Buttons Click Refresh to refresh the page immediately Click Clear to clear all statistics counters Select Auto refresh to automatically refresh the page every three seconds MLD group information Entries in the MLD group table are shown in the MLD Snooping Group Information page Th...

Page 169: ...hown MLDv2 information Entries in the MLD SFM Source Filtered Multicast information table are shown on the IGMP SFM Information page The table also contains SSM Source Specific Multicast information The table is sorted first by VLAN ID then by group and then by port number Different source addresses that belong to the same group are treated as single entry Each page shows up to 99 entries from the...

Page 170: ...om the input fields Click I to update the table starting from the first entry in the MLD SFM information table Click to update the table starting with the entry after the last entry currently shown MVR Multicast VLAN Registration The MVR feature enables multicast traffic forwarding on the Multicast VLANs In a multicast television application a computer or a network television or a set top box can ...

Page 171: ...Chapter 4 Web configuration NS3552 8P 2S V2 User Manual 169 The MVR Configurations page provides MVR related configuration information ...

Page 172: ...on In Dynamic mode default setting MVR allows dynamic MVR membership reports on source ports In Compatible mode MVR membership reports are forbidden on source ports Tagging Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged default setting with the MVR VID Priority Specify how the traversed IGMP MLD control frames will be sent in a prioritized manner The defau...

Page 173: ... MVR Statistics page provides MVR status The page includes the following fields Object Description VLAN ID The multicast VLAN ID IGMP MLD Queries Received The number of received queries for IGMP and MLD respectively IGMP MLD Queries Transmitted The number of transmitted queries for IGMP and MLD respectively IGMPv1 Joins Received The number of received IGMPv1 joins IGMPv2 MLDv1 Reports Received The...

Page 174: ...he Start from VLAN and Group Address fields permit the user to select the starting point in the MVR group table The page includes the following fields Object Description VLAN ID VLAN ID of the group Groups Group ID of the group shown Port Members Ports under this group Buttons Select Auto refresh to automatically refresh the page every three seconds Click Refresh to refresh the table starting from...

Page 175: ...work Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The industrial managed switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP Traffic prioritization bits within an IP header that are encoded by certain applications and or devices to indicat...

Page 176: ... Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control is enabled...

Page 177: ...t The logical port for the settings contained in the same row Click on the port number to configure the shapers For more details refer to Understanding QoS on page 172 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps QoS egress port schedule and shapers The port scheduler and shapers for a specific port are configured on the ...

Page 178: ...e default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth Queue Scheduler Weight Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter only appears if Scheduler Mode is set to Weighted Queue Scheduler Percent Shows the weight in percent for this queue This parameter only appears if Scheduler Mode ...

Page 179: ...e default class of service All frames are classified to a QoS There is a one to one mapping between CoS queue and priority A QoS class of 0 zero has the lowest priority All means all ports will have one specific setting DP Level Controls the default drop precedence level All frames are classified to a drop precedence level If the port is VLAN aware and the frame is tagged then the frame is classif...

Page 180: ...e is classified to the default DEI value All means all ports will have one specific setting Tag Class Shows the classification mode for tagged frames on this port Disabled Use default CoS and DPL for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode to configure the mode and or mapping DSCP Based Select DSCP Based to enable DSCP based QoS ingress port cla...

Page 181: ...o QoS class DP level values when Tag Classification is set to Enabled Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Cancel to return to the previous page Port scheduler The QoS Egress Port Schedulers page provides an overview of the QoS egress port schedulers for all switch ports The page includes the following fields Ob...

Page 182: ...e settings contained in the same row Click on the port number to configure tag remarking For further details refer to QoS egress port tag remarking below Mode Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level QoS egress port tag remarking The QoS Egress Port Tag Remarking page ...

Page 183: ...ation Controls the default PCP and DEI values used when the mode is set to Default QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS class DP level to PCP DEI values when the mode is set to Mapped Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Cancel to return to the previous page Port DSCP ...

Page 184: ...or the specific DSCP All Classify all DSCP Egress Selections for Rewrite are as follows Disable No egress rewrite Enable Rewrite enabled without remapping Remap DP Unaware DSCP from the analyzer is remapped and the frame is remarked with the remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from the analyzer is remapped...

Page 185: ...er a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS Class values can be between 0 7 DPL Drop Precedence Level 0 1 Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values ...

Page 186: ...ields Object Description DSCP The maximum number of supported DSCP values is 64 and valid DSCP values range from 0 to 63 Ingress The Ingress side of DSCP can be first translated to new DSCP before using the DSCP for the QoS class and DPL map There are two configuration parameters for DSCP Translation Translate Classify Translate DSCP at the Ingress side can be translated to any of 0 63 DSCP values...

Page 187: ...ssign to whole DSCP values Select the DSCP value from select menu to which you want to remap DSCP value ranges from 0 to 63 Remap DP1 The Configuration All with available values will assign to whole DSCP values Select the DSCP value from select menu to which you want to remap DSCP value ranges from 0 to 63 Buttons Click Save to save changes Click Reset to undo any changes made locally and revert t...

Page 188: ...E that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The page includes the following fields Object Description QCE Indicates the index of QCE Port Indicates the list of ports configured with the QCE DMAC Specify the type of Destination MAC addresses for incoming frames Selections include Any All types of Destination MAC addre...

Page 189: ...xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE only matches IPV4 frames IPv6 The QCE only matches IPV6 frames Action Indicates the classification action taken on the ingress frame if the parameters configured match with the frame s content Action fields include Class Classified QoS class DPL Classified Drop Precedence Level DSCP Classified DSCP val...

Page 190: ...e DSAP Address DSAP Destination Service Access Point selections are 0x00 to 0xFF or Any default value Control Address Control Address selections are 0x00 to 0xFF or Any default value SNAP PID PID a k a Ethernet type elections are 0x00 to 0xFFFF or Any default value IPv4 Protocol IP protocol number 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask ...

Page 191: ...page without saving the configuration change QCL status The QoS Control List Status page shows the QCL status by different QCL users Each row describes the QCE that is defined A conflict occurs if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch The page includes the following fields Object Description User Indicates the QCL...

Page 192: ...ict status of QCL entries when hardware resources are shared by multiple applications It may happen that resources required to add a QCE may not be available in which case it shows conflict status as Yes otherwise it is always No Conflict can be resolved by releasing the hardware resources required to add the QCL entry by clicking the Resolve Conflict button Buttons Select the QCL status from the ...

Page 193: ...olicers are enabled Unit Controls the unit of measure for the queue policer rate as kbps or Mbps This field is only shown if at least one of the queue policers are enabled Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Storm control configuration Storm control for the switch is configured on the Storm Control Configuration page...

Page 194: ...ble the storm control status for the given frame type Rate The rate unit is packets per second pps Valid values are 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1024K 2048K 4096K 8192K 16384K or 32768K Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values QoS statistics The Queuing Counters page provides statist...

Page 195: ...ear the counters for all ports Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Voice VLAN configuration The Voice VLAN Configuration page contains the Voice VLAN feature This enables voice traffic forwarding on the Voice VLAN permitting the switch to classify and schedule network traffic We recommended that there be two VLANs on a po...

Page 196: ...ode Selections include Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects if there is a VoIP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN All All ports will have one specific setting Port Security Indicates the Voice VLAN port security mode When the function is enabled all non telephone MAC address in ...

Page 197: ...s 0 to 32 Buttons Click Add New Entry to add a new access management entry Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Access Control Lists ACL ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objec...

Page 198: ...includes the following fields Object Description User Indicates the ACL user Ingress Port Indicates the ingress port of the ACE Values include All The ACE matches all ingress ports Port The ACE matches a specific ingress port Frame Type Indicates the frame type of the ACE Values are Any The ACE matches any frame type EType The ACE matches Ethernet Type frames Note that an Ethernet Type based ACE w...

Page 199: ...ecific ACE is not applied to the hardware due to hardware limitations Buttons Select the ACL status from the Combined drop down list Select the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click Refresh to refresh the page ACL configuration The Access Control List Configuration page shows the Access Control List ACL which is made up of the A...

Page 200: ...ect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is shown the port redirect operation is disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons Modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE be...

Page 201: ...ify the policy number filter for this ACE Any No policy filter is specified policy filter status is don t care Specific If you want to filter a specific policy with this ACE choose this value Two fields for entering a policy value and bitmask appear Policy Value When Specific is selected for the policy filter you can enter a specific policy value The permitted range is 0 to 255 Policy Bitmask When...

Page 202: ...is enabled or disabled The default value is Disabled EVC Policer ID Select which EVC policer ID to apply on this ACE The allowed values are Disabled or the values 1 through 128 Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled Mirror Spe...

Page 203: ...lected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this DMAC value VLAN parameters Object Description 802 1Q Tagged Specify whether frames can hit the action according to the 802 1Q tagged Selections include Any Any value is allowed don t c...

Page 204: ...t IP filter is don t care Host Target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear Target IP Address When Host or Network is selected for the target IP filter you can enter a specific target ...

Page 205: ...tocol frames Extra fields for defining ICMP parameters appear UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear IP Protocol Value When Specific is selected for the IP protocol value you can enter a specific value The allowed range is 0 to 255 A...

Page 206: ... field that appears Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear DIP Address When Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation DIP Mask When Network is selected for the destination IP filter you can enter a spe...

Page 207: ...ation value A field for entering a TCP UDP destination value appears Range To filter a specific range TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination range value A field for entering a TCP UDP destination value appears TCP UDP Destination Number When Specific is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination value The ...

Page 208: ...Ethernet type parameters Ethernet Type parameters can be configured when Ethernet Type is selected as the Frame Type Object Description EtherType Filter Specify the Ethernet type filter for this ACE Any No EtherType filter is specified EtherType filter status is don t care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for ...

Page 209: ...er and it can t be set when action is permitted All means all ports will have one specific setting Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled All means all ports will have one specific setting Logging Specify the logging operation of this...

Page 210: ...er module The default value is Enabled All means all ports will have one specific setting Counter Counts the number of frames that match this ACE Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Refresh to refresh the page Any changes made locally are undone Click Clear to clear the counters ACL rate limiter configuration C...

Page 211: ...ion server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together w...

Page 212: ...itch or a hub and still require individual authentication and the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user that can be used by anyone and only the MD5 Challenge method is supported The 802 1X and MAC based authentication configuration consists of two sec...

Page 213: ...he client and notifies the switch if the client is authorized to access the LAN and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial In User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only supported authentication server which is available in ...

Page 214: ...one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if the client does not receive an EAP request identity frame from the switch during bootup the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity Note If 802 1X is not enabled or suppo...

Page 215: ...nt initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an accept frame from the authentication server the port state changes to authoriz...

Page 216: ...continues until a method either approves or rejects a user If a remote server is used for primary authentication we recommend configuring secondary authentication as local This permits the management client to log in via the local user database if none of the configured authentication servers are valid Fallback Enable fallback to local authentication by selecting this check box If none of the conf...

Page 217: ...dard variants overcome security limitations MAC based authentication permits authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on the system The switch uses the MAC address to authenticate against the back end server Intruders can create counterfeit MAC addresses which makes MAC based authentication less secure t...

Page 218: ...lity to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the port security module to secure MAC addresses the port security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between...

Page 219: ...orts Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled check box provides a quick way to globally enable disable Guest VLAN functionality When selected the indi...

Page 220: ...o know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides...

Page 221: ...ity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the port security limit control functionality MAC based authentication Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry ...

Page 222: ...d and enabled selected for a given port the switch reacts to VLAN ID information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid the port s Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the port will be forced into VLAN unaware mode Once assigned a...

Page 223: ...by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and start...

Page 224: ... Port The switch port number Click to navigate to detailed NAS statistics Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based aut...

Page 225: ...switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it only shows selected back end server RADIUS Authentication Server statistics Use the port drop down menu to select the port details to be displayed The page includes the following fields Port state Object Description Admin State The port s current administrative state Refer to NAS Admin State for a description of poss...

Page 226: ...han Response Identity frames that have been received by the switch Rx Start dot1xAuthEapolStartFr amesRx The number of EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoff FramesRx The number of valid EAPOL Logoff frames that have been received by the switch Rx Invalid Type dot1xAuthInvalidEapol FramesRx The number of EAPOL frames that have been received by the s...

Page 227: ...back end server has communication with the switch MAC based Counts all Access Challenges received from the back end server for this port left most table or client right most table Rx Other Requests dot1xAuthBack endOtherRequestsTo Supplicant 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the back end server c...

Page 228: ...ons are not counted Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Name IEEE Name Description MAC Address dot1xAuthLastEapo lFrameSource The MAC address of the last supplicant client VLAN ID The VLAN ID on which t...

Page 229: ...ess of the attached client Clicking the link causes the client s back end server counters to be shown in the Selected Counters table If no clients are attached it shows no clients attached VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module State The client can either be authenticated or unauthenticated In the authenticated stat...

Page 230: ...action will not clear Last Client This button is available in the following modes Multi 802 1X MAC based Auth X Click Clear This to clear only the currently selected client s counter This button is available in the following modes Multi 802 1X MAC based Auth X Authentication server configuration Configure the authentication servers on the Authentication Server Configuration page ...

Page 231: ...has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured RADIUS authentication accounting server configuration The table has one row for each RADIUS server and a number of columns which are Object Description The RADIUS server number for which the configuration below applies Enabled Enable the ...

Page 232: ...29 characters long shared between the TACACS authentication server and the switch Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values RADIUS overview The RADIUS Authentication Accounting Server Overview page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page ...

Page 233: ...led but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access or accounting attempts Dead X seconds left Access or accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expir...

Page 234: ...overview page provides detailed statistics for a particular RADIUS server The page includes the following fields RADIUS authentication statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the back end servers to show details for each ...

Page 235: ...alformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authenticator s radiusAuthClientEx tBadAuthenticators The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server Rx Unknown Types radiusA...

Page 236: ... state of the server and the latest round trip time Name RFC4668 Name Description IP Address IP address and UDP port for the authentication server in question State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is ...

Page 237: ...ormed RADIUS packets received from the server Malformed packets include packets with an invalid length Bad authenticators or or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAcctClientE xtBadAuthenticato rs The number of RADIUS packets containing invalid authenticators received from the server Rx Unknown Types radiusAccClientEx tUnknownTypes The number of...

Page 238: ... server in question State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this serve...

Page 239: ...ared by this operation Windows platform RADIUS server configuration Set up the RADIUS server and assign the client IP address to the industrial managed switch in this case the field in the default IP address of the industrial managed switch with 192 168 0 100 Ensure that the shared secret key is as same as the one you had set at the industrial managed switch s 802 1x system configuration 12345678 ...

Page 240: ... Web configuration 238 NS3552 8P 2S V2 User Manual 3 Assign the client IP address to the industrial managed switch 4 The shared secret key should be as same as the key configured on the industrial managed switch ...

Page 241: ...2 1X Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example select Active Directory Users and Computers and create legal user data Windows Server 2003 7 Right click a user that you created and then type in properties and configure settings ...

Page 242: ...ted to the RADIUS server or the port is an uplink port that is connected to another switch Otherwise the switch might not be able to access the RADIUS server after the 802 1X starts to work 802 1X client configuration Windows XP has native support for 802 1X The following procedures show how to configure 802 1X Authentication in Windows XP ...

Page 243: ...referred connection first and add it in again Configuration sample EAP MD5 authentication 1 Go to Start Control Panel and then double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting window 4 Click the Authentication tab 5 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6 Select MD...

Page 244: ...n the client has associated with the industrial managed switch a user authentication notice appears in the system tray Click on the notice to continue 9 Type the user name password and the logon domain that your account belongs to 10 Click OK to complete the validation process ...

Page 245: ...you to configure the port security limit control system and port settings Limit control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If limit control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as describ...

Page 246: ...f other modules are using the underlying port security for securing MAC addresses they may have other requirements to the aging period The underlying port security will use the shorter requested aging period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be required consider the following scenario Supp...

Page 247: ...able MAC addresses Action If the limit is reached the switch can take one of the following actions None Do not allow more than Limit MAC addresses on the port but take no further action Trap If Limit 1 MAC addresses are seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent every time the limit is exceeded Shutdown...

Page 248: ...utton causes the page to be refreshed resulting in the loss of non committed changes Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Refresh to refresh the page Note that non committed changes are lost Access management Configure the access management table on the Access Management Configuration page The maximum entry numb...

Page 249: ...Indicates the end IP address for the access management entry HTTP HTTPS Indicates the host can access the switch from the HTTP HTTPS interface and that the host IP address matched the entry SNMP Indicates the host can access the switch from the SNMP interface and that the host IP address matched the entry TELNET SSH Indicates the host can access the switch from the TELNET SSH interface and that th...

Page 250: ...to clear all statistics HTTPs Configure HTTPS on the HTTPS Configuration page The page includes the following fields Object Description Mode Indicates the HTTPS mode operation When the current connection is HTTPS applying the HTTPS disabled mode operation automatically redirects the web browser to an HTTP connection Selections include Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode...

Page 251: ...wo sections one with a legend of user modules and one with the actual port status The page includes the following fields Object Description Mode Indicates the SSH mode operation Selections include Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Port security s...

Page 252: ...r module legend The legend shows all user modules that may request Port Security services Object Description User Module Name The full name of a module that may request port security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port status The table has one row for each port on the selected switch in the switch and a number of...

Page 253: ...y re opened on the Limit Control configuration web page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the ...

Page 254: ...ime measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disable...

Page 255: ...Chapter 4 Web configuration NS3552 8P 2S V2 User Manual 253 Configure DHCP Snooping on the DHCP Snooping Configuration page ...

Page 256: ...g mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message All All ports will have one specific setting Buttons Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved val...

Page 257: ...ted Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Unassigned The number of lease unassigned option 53 with value 11 packets received and transmitted Rx and Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx and Tx Lease Active The number of lease active option 53 with va...

Page 258: ...his port All means that all ports will have one specific setting Max Dynamic Clients Specify the maximum number of dynamic clients that can be learned on given ports This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max dynamic client is equal 0 it only allows the forwarding of IP packets that are matched in static entries on the specific port All means that all po...

Page 259: ...MAC Address Allowed Source MAC address Buttons Click Add New Entry to add a new entry to the Static IP Source Guard table Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values ARP inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP ...

Page 260: ...Port Mode on a given port are enabled will ARP Inspection be enabled on this port Selections include Enabled Enable ARP Inspection operation Disabled Disable ARP Inspection operation ALL Log all entries Buttons Click Translate Dynamic to Static to translate all dynamic entries to static entries Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved v...

Page 261: ...ilds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC addres...

Page 262: ...e 10 10000000 seconds Default 300 seconds MAC table learning If the learning mode for a given port is greyed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Object Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done ...

Page 263: ...ill be deleted during the next save VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Select or deselect as needed to modify the entry Adding a New Static Entry Click Add New Static Entry to add a new entry to the static MAC table Specify the VLAN ID MAC address and port members for the new entry Click Sa...

Page 264: ...irs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the I button to start over The page includes the following fields Object Description Type Indicates if the entry is a static or dynamic entry VLAN The VLAN ID of the entry MAC Address The MAC address of the entry Port Members The ports that are members of the entry Buttons Click ...

Page 265: ... first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the I button to start over The page includes the following fields Object Description Port The port number for which the sta...

Page 266: ...h button updates the displayed table starting from that or the closest next Dynamic IP source guard table match In addition the two input fields will after clicking the Refresh button assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN IP address pairs as a basis for the next lookup Wh...

Page 267: ...mat according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP ...

Page 268: ...t the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds This attribute must comply with the rule 4 Delay Interval Transmission Interval Tx Reinit When a port is disabled LLDP is disabled or the switch is rebooted a LLDP shutdown frame is transmitted to the neig...

Page 269: ... are terminated by the switch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded Port Description Optional TLV When selected the port description is included in LLDP information transmitted System Name Optional TLV When selected the system name is included in LLDP information transmitted System Description Opt...

Page 270: ...ion layers on top of the protocol in order to achieve these related properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the tran...

Page 271: ...titude in a form more relevant in buildings which have different floor to floor dimensions An altitude of 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum used for the coordinates given in this option WGS84 Geographical ...

Page 272: ...oor Floor Example 4 Room no Room number Example 450F Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional code Additional code Example 1320300003 Emergency call service Emergency Call Service e g E911 and others such as defined by TIA or NENA Object Description Emergency Call Service Emergency Call ...

Page 273: ... be noted that LLDP MED is not intended to run on links other than between network connectivity devices and endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description Delete Select this check box to delete the policy It will be deleted during the next save Policy ID ID for the policy This is ...

Page 274: ...cy Tag Tag indicates if the specified application type is using a tagged or an untagged VLAN Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 80...

Page 275: ... Port The port on which the LLDP frame was received Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity...

Page 276: ...ous Generic Endpoint Class Class I and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to voice media gateways conference bridges media servers etc Discovery services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III The LLDP ME...

Page 277: ...olicy indicates that an Endpoint Device wants to explicitly advertise that the policy is required by the device Can be either Defined or Unknown Unknown The network policy for the specified application type is currently unknown Defined The network policy is defined TAG TAG is indicating whether the specified application type is using a tagged or an untagged VLAN Can be Tagged or Untagged Untagged ...

Page 278: ...ich the LLDP frame was received Chassis ID The identification of the neighbor s LLDP frames Port ID The identification of the neighbor port Port Description The port description advertised by the neighbor unit System Name The name advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bri...

Page 279: ...he currently selected switch The page includes the following fields Global counters Object Description Neighbor entries were last changed Shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the numbe...

Page 280: ...known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Age Outs Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out t...

Page 281: ...ination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Note Be sure the target IP address is within the same network subnet of the industrial managed switch otherwise the correct gateway IP address must be set up Buttons Click Start to transmit ICMP packets Click New Ping to re start diagnostics with ping IPv6 ping The ICMPv6 Ping page allows you...

Page 282: ...rt to transmit ICMP packets Click New Ping to re start diagnostics with ping Remote IP ping test This Remote ICMP Ping Test page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on a special port After clicking Test five ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until ...

Page 283: ...e ping result Buttons Click Ping to start the ping process Click Save to save changes Click Reset to undo any changes made locally and revert to previously saved values Click Clear to clear the IP address and the result of the ping value Cable diagnostics The VeriPHY Cable Diagnostics page is used for running cable diagnostics Click Start to run the diagnostics This will take approximately 15 seco...

Page 284: ...tic function If the link is established in 100BASE TX or 10BASE T the cable diagnostics cause the link to drop while the diagnostics are running This may require the following steps Select the Auto Refresh check box Click the Fresh button 45 seconds after the cable diagnostic function has started After the diagnostics are finished the link is re established and the following functions are availabl...

Page 285: ...on describes the enable loop protection function that provides loop protection to prevent broadcast loops in the industrial managed switch Loop protection configuration The Loop Protection Configuration page allows the user to inspect and change the current loop protection configurations ...

Page 286: ...0 seconds seven days A value of zero keeps a port disabled until the next device restart Port configuration Object Description Port The switch port number Enable Controls loop protection enable disable on this switch port Action Configures the action performed when a loop is detected on a port Selections include Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls if the port is active...

Page 287: ...erfaces enabling communication between SNMP management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets The MID of RMON consists of 10 groups The switch supports the most frequently used groups Statistics Maintain basic usage and error statistics for each subnet monitored by the agent History Record periodical statistic samples Alarm Allow...

Page 288: ...ber of broadcast and multicast packets delivered to a higher layer protocol InDiscards The number of inbound packets that are discarded when the packets are normal InErrors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol InUnknownProtos The number of inbound packets that were discarded because of an unknown or unsupported protoc...

Page 289: ...irst value is larger than the rising threshold or less than the falling threshold default Rising Threshold Rising threshold value 2147483648 2147483647 Rising Index Rising event index 1 65535 Falling Threshold Falling threshold value 2147483648 2147483647 Falling Index Falling event index 1 65535 Buttons Click Add New Entry to add a new community entry Click Save to save changes Click Reset to und...

Page 290: ...Startup Alarm The alarm that may be sent when this entry is first set to valid Rising Threshold Rising threshold value Rising Index Rising event index Falling Threshold Falling threshold value Falling Index Falling event index Buttons Click Refresh to refresh the page immediately Click the Auto refresh check box to refresh the page automatically Automatic refresh occurs every three seconds Click I...

Page 291: ...ackets that are discarded when the packets are normal Community Specify the community when trap is sent The string length is from 0 to 127 default is public Event Last Time Indicates the value of sysUpTime at the time this event entry last generated an event Buttons Click Add New Entry to add a new community entry Click Save to save changes Click Reset to undo any changes made locally and revert t...

Page 292: ...currently displayed RMON history configuration Configure RMON History on the RMON History Configuration page The entry index key is ID The page includes the following fields Object Description Delete Select to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID to be monitored If in the switch t...

Page 293: ...e total number of octets of data including those in bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Errors The tot...

Page 294: ...rst entry in the alarm table i e the entry with the lowest ID Click to update the table starting with the entry after the last entry currently displayed RMON statistics configuration Configure the RMON Statistics table on the RMON Statistics Configuration page The entry index key is ID The page includes the following fields Object Description Delete Select to delete the entry It will be deleted du...

Page 295: ...al number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but including FCS octets of b...

Page 296: ...tion Switching ERPS is a link layer protocol applied on Ethernet loop protection to provide sub 50 ms protection and recovery switching for Ethernet traffic in a ring topology ERPS provides a faster redundant recovery than Spanning Tree topology The action is similar to STP or RSTP but the algorithms between them are not the same In the ring topology every switch should be enabled with the ring fu...

Page 297: ...Chapter 4 Web configuration NS3552 8P 2S V2 User Manual 295 MEP configuration Maintenance entity point instances are configured in the Maintenance Entity Point page ...

Page 298: ...ss This is an ingress down MEP monitoring ingress traffic on the Residence Port Egress This is an egress up MEP monitoring egress traffic on the Residence Port Residence Port The port where MEP is monitoring See Direction Level The MEG level of this MEP Flow Instance The MEP is related to this flow See Domain Tagged VID Port MEP An outer C S tag depending on VLAN port type is added with this VID E...

Page 299: ...ck Help when on the MEP web page Tagged VID Click Help when on the MEP web page This MAC Click Help when on the MEP web page Instance configuration Object Description Level Click Help when on the MEP web page Format This is the configuration of the two possible Maintenance Association Identifier formats ITU ICC This is defined by ITU ICC can be a maximum of six characters MEG id can be a maximum o...

Page 300: ...at the server layer is indicating Signal Fail aBLK The consequent action of blocking service frames in this flow is active aTSF The consequent action of indicating Trail Signal Fail protection is active Delete Select this check box to mark a Peer MEP for deletion in the next save operation Peer MEP ID This value will become an expected MEP ID in a received CCM See cMEP Unicast Peer MAC This MAC wi...

Page 301: ... SW based CCM Frame Rate has to be the same APS protocol Object Description Enable Automatic Protection Switching protocol information transportation based on transmitting receiving R APS L APS PDU can be enabled disabled APS must be enabled to support ERPS ELPS implementing APS This is only valid with one peer MEP configured Priority The priority to be inserted as PCP bits in TAG if any Cast Sele...

Page 302: ...ting MEP As only one SF MEP is associated with the interconnected sub ring without a virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 SF MEP is associated with this instance Port 0 APS MEP The Port 0 APS PDU handling MEP Port 1 APS MEP The Port 1 APS PDU handling MEP As only one APS MEP is associated with the interconnected sub ring without a v...

Page 303: ...the following fields Instance data Object Description ERPS ID The ID of the protection group Port 0 Click Help when on the ERPS web page Port 1 Click Help when on the ERPS web page Port 0 SF MEP Click Help when on the ERPS web page Port 1 SF MEP Click Help when on the ERPS web page Port 0 APS MEP Click Help when on the ERPS web page Port 1 APS MEP Click Help when on the ERPS web page Ring Type Typ...

Page 304: ...n steps of 100 ms Version ERPS Protocol Version v1 or v2 Revertive In revertive mode after the conditions causing a protection switch has cleared the traffic channel is restored to the working transport entity i e blocked on the RPL In non revertive mode the traffic channel continues to use the RPL if it has not failed after a protection switch condition has cleared VLAN Config VLAN configuration ...

Page 305: ...out in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is not received from the other end Port 0 Block Status Block status for Port 0 both traffic and R APS block status R APS channel is never blocked on sub rings without a virtual channel Port 1 Block Status Block status for Port 1 both traffic and R APS block status R APS channel is never blocked on sub r...

Page 306: ...tance data Object Description All Switch Numbers Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 Number ID The switch where you are requesting ERPS Port Configures the port number for the MEP VLAN Set the ERPS VLAN Buttons Click Next to configure ERPS Click Set to save changes Click Save Topology to show the ring topology ...

Page 307: ...p Switch 1 Port 1 1 None 3001 Port 2 2 Owner 3001 Switch 2 Port 1 4 None 3001 Port 2 3 Neighbor 3001 Switch 3 Port 1 6 None 3001 Port 2 5 None 3001 The scenario is described as follows 1 Disable the DHCP client and set a proper static IP for switch 1 2 and 3 In this example switch 1 is 192 168 0 101 switch 2 is 192 168 0 102 and switch 3 is 192 168 0 103 2 On switch 1 2 and 3 disable STP to avoid ...

Page 308: ...ct a PC directly to switch 2 Do not connect to port 1 or 2 2 Log in to switch 2 and select Ring Ring Wizard 3 Set All Switch Number 3 and Number ID 2 Click Next to set the ERPS configuration for switch 2 4 Set MEP3 Port 2 MEP4 Port 1 and VLAN ID 3001 Click Set to save the ERPS configuration for switch 2 Set ERPS configuration on switch 3 1 Connect a PC directly to switch 3 Do not connect to port 1...

Page 309: ...witch 1 Port 2 Switch 2 Port 2 MEP4 MEP5 Switch 2 Port 1 Switch 3 Port 2 MEP1 MEP6 Switch 1 Port 1 Switch 3 Port 1 Power over Ethernet PoE Providing up to 24 PoE in line power interfaces the industrial managed switch can easily build a power central controlled IP phone system IP camera system and Access Point AP group for the enterprise For example 24 cameras APs can be installed for company surve...

Page 310: ...ts Museums airports hotels campuses factories warehouses etc can install APs in any location 10 12 Watts IP Surveillance Enterprises museums campuses hospitals banks etc can install IP cameras regardless of installation location without the need to install AC sockets 3 12 Watts PoE Splitter PoE splitters split the PoE 52 VDC over the Ethernet cable into a 5 12 VDC power output It frees the device ...

Page 311: ...ided by the PSU The system may include a PSU capable of supplying less power than the total potential power consumption of all the PoE ports in the system To keep the majority of the ports active power management is implemented The PSU input power consumption is monitored by measuring voltage and current and is equal to the system s aggregated power consumption The power management concept allows ...

Page 312: ...unt of power that the power supply can deliver Note In this mode the port power is not turned on if the PD requests more available power Consumption mode The ports are shut down in this mode when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port The po...

Page 313: ...ided power to the PDs For NS3552 8P 2S V2 the available max value is 240 depends on power input Temperature Threshold Sets the temperature protection threshold value If the system temperature is over this value then the system lowers the total PoE power budget automatically PoE Usage Threshold Sets the PoE power budget limitation Buttons Click Save to save changes Click Reset to undo any changes m...

Page 314: ...95 to 25 50 W or to 30 8 W High power Port configuration Inspect and configure the current PoE port settings on the PoE Ethernet Configuration page The page includes the following fields Object Description PoE Mode There are three PoE modes Enable Enables the PoE function Disable Disables the PoE function Schedule Enables the PoE function in schedule mode Schedule Indicates the schedule profile mo...

Page 315: ...onsumption is over the total power budget In this case the port with the lowest priority is turned off and power is provided to the port with higher priority Power Allocation Limits the port PoE supply Watts The per port maximum value must less than 30 8W and total port values must less than the power reservation value After a power overload has been detected the port automatically shuts down and ...

Page 316: ...hows how much current the PD is currently using Priority Shows the port s priority configured by the user Port Status Shows the port s status AF AT Mode Displays per PoE ports operating in 802 3af or 802 3at mode Total Shows the total power and current usage of all PDs Buttons Select the Auto refresh check box to enable an automatic refresh of the page at regular intervals Click Refresh to refresh...

Page 317: ...e the chance of powered device crash resulting from buffer overflow Power over Ethernet schedule configuration Define the PoE schedule and schedule power recycling on the PoE Schedule page Click the Add New Rule button to start setting the PoE schedule function Click Apply after creating a schedule for the selected profile Then go to the PoE Port Configuration page and select Schedule from the PoE...

Page 318: ... work at the same time use this function and do not use the Reboot Only function This function permits the administrator to reboot the PoE device at the indicated time as required Reboot Only Permits a reboot of the PoE function according to the PoE reboot schedule Note that if the administrator enables this function the PoE schedule will not set the time to a profile This function only applies to...

Page 319: ... the PoE LLDP function the PD s PoE information appears in the LLDP Neighbor PoE Information page PoE alive check configuration The industrial managed switch can be configured to monitor a connected PD s status in real time via ping action After the PD stops working and does not respond the industrial managed switch restarts PoE port power so that the PD is once again recognized and working Config...

Page 320: ... Set the action to be applied if the PD does not respond Action selections are as follows PD Reboot The system resets the PoE port that connected the PD Reboot Alarm The system resets the PoE port and issues an alarm message via syslog SMTP Alarm The system issues an alarm message via syslog SMTP Reboot Time 30 180s Set the PoE device rebooting time This is useful due to the different rebooting ti...

Page 321: ...Chapter 4 Web configuration NS3552 8P 2S V2 User Manual 319 Port identification Configure each port response time for TruVision Navigator in the port identification Configuration page ...

Page 322: ...ering command keywords and parameters at the prompt Using the industrial managed switch s command line interface CLI is very similar to entering commands on a UNIX system This chapter describes how to use the Command Line Interface CLI Telnet login The managed switch supports telnet for remote management The switch asks for a user name and password for remote login when using telnet Use admin for ...

Page 323: ...ual LAN PVLAN Private VLAN Security Security management STP Spanning Tree Protocol Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media Thermal Thermal Protection PoE Power Over Ethernet EVC Ethernet Virtual Connections EPS Ethernet Protection Switching MEP Maintainence entity End Point QoS Quality of Service Mi...

Page 324: ...figuration default Show system configuration port Show switch port configuration port_list Port list or all default All ports Example To display system information NS3552 8P 2S V2 System configuration System Contact System Name NS3552 8P 2S V2 System Location MAC Address 9c f6 1a 02 7d 70 Temperature 27 0 C 80 6 F System Time 1970 01 01 Thu 03 28 50 00 00 System Uptime 03 28 50 Software Version 1 ...

Page 325: ...m Version Description Show system version information Syntax System Version Example To display system version NS3552 8P 2S V2 System version Version 1 0b121221 Build Date 2012 12 21T14 58 31 0800 NS3552 8P 2S V2 System Log Server Mode Description Show or set the system log server mode Syntax System Log Server Mode enable disable Parameters enable Enable system log server mode disable Disable syste...

Page 326: ...one offset Syntax System Timezone Offset offset Parameters offset Time zone offset in minutes 7200 to 7201 relative to UTC System Contact Description Set or show the system contact Syntax System Contact contact clear Parameters contact System contact string 1 255 Use clear or to clear the string In CLI No blank or space characters are permitted as part of a contact clear Clear system contact Defau...

Page 327: ...stem Location location Parameters location System location string 1 255 Use clear or to clear the string In CLI no blank or space characters are permitted as part of a location Default Setting empty Example To set device location NS3552 8P 2S V2 System location MyOffice System Log Level Description Show or set the system log level It uses to determine what kind of message will send to syslog serve...

Page 328: ...nth date year hour minute Parameters week Week 1 5 0 ignored day Day 1 7 0 ignored month Month 1 12 0 ignored date Date 1 31 0 ignored year Year 2000 2097 hour Hour 0 23 minute Minutes 0 59 System Log Lookup Description Show the system log Syntax System Log Lookup log_id all info warning error Parameters log_id System log ID or range default All entries all Show all levels default info Show inform...

Page 329: ...ax System Reboot Example To reboot device without changing any of the settings NS3552 8P 2S V2 system reboot System DST Offset Description Set or show the daylight saving time offset Syntax System DST Offset dst_offset Parameters dst_offset DST offset in minutes 1 to 1440 System Restore Default Description Restore factory default configuration Syntax System Restore Default keep_ip Parameters keep_...

Page 330: ...ation Description Show IP configuration Syntax IP Configuration Example Show IP configuration NS3552 8P 2S V2 ip configuration IP Configuration DHCP Client Disabled IP Address 192 168 0 101 IP Mask 255 255 255 0 IP Router 192 168 0 253 DNS Server 0 0 0 0 VLAN ID 1 DNS Proxy Disabled IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 6082 cdb9 19ab c0e2 IPv6 Address 192 168 0 100 IPv6 Prefi...

Page 331: ...ault Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 Example Set IP address NS3552 8P 2S V2 ip setup 192 168 0 100 255 255 255 0 IP Ping Description Ping IP address ICMP echo Syntax IP Ping ip_addr_string Length ping_length Count ping_count Interval ping_interval Parameters ip_addr_string IPv4 host address a b c d or a ...

Page 332: ... mode Syntax IP DNS_Proxy enable disable Parameters enable Enable DNS Proxy disable Disable DNS Proxy Default Setting disable Example Enable DNS proxy function NS3552 8P 2S V2 ip dns_proxy enable IPv6 AUTOCINFIG Description Set or show the IPv6 AUTOCONFIG mode Syntax IP IPv6 AUTOCONFIG enable disable Parameters enable Enable IPv6 AUTOCONFIG mode disable Disable IPv6 AUTOCONFIG mode Default Setting...

Page 333: ...y of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses a following legally IPv4 address For example 192 1 2 34 Default Setting IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 6082 cdb9 19ab c0e2 IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router Example Set IPv6 address NS3552 8P 2S V2 ip ipv6 setup 2001 0002 64 2100 0001 IPv6 State Desc...

Page 334: ...Pv4 address For example 192 1 2 34 length PING Length keyword ping_length Ping ICMP data length 2 1452 Default is 56 excluding MAC IP and ICMP headers count PING Count keyword ping_count Transmit ECHO_REQUEST packet count 1 60 Default is 5 interval PING Interval keyword ping_interval Ping interval 0 30 Default is 0 IP NTP Configuration Description Show NTP configuration Syntax IP NTP Configuration...

Page 335: ...x The server index 1 5 server_ipv6 IPv6 server address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses a following...

Page 336: ... Excessive Link 1 Enabled Auto Disabled 9600 Disabled Discard Down 2 Enabled Auto Disabled 9600 Disabled Discard Down 3 Enabled Auto Disabled 9600 Disabled Discard Down 4 Enabled Auto Disabled 9600 Disabled Discard Down Port Mode Description Set or show the port speed and duplex mode Syntax Port Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx Parameters port_list Port list or all default All...

Page 337: ...rol function for port1 NS3552 8P 2S V2 port flow control 1 enable Port State Description Set or show the port administrative state Syntax Port State port_list enable disable Parameters port_list Port list or all default All ports enable Enable port disable Disable port default Show administrative mode Default Setting Enable Example Disable port1 NS3552 8P 2S V2 port state 1 disable Port Maximum Fr...

Page 338: ...g disable Example Disable port power function for port1 4 NS3552 8P 2S V2 port power 1 4 enable Port Excessive Description Set or show the port excessive collision mode Syntax Port Excessive port_list discard restart Parameters port_list Port list or all default All ports discard Discard frame after 16 collisions restart Restart backoff algorithm after 16 collisions default Show mode Default Setti...

Page 339: ...Run cable diagnostics Syntax Port VeriPHY port_list Parameters port_list Port list or all default All ports Port SFP Description Show SFP port information Syntax Port SFP port_list Parameters port_list Port list or all default All ports Example Show SFP information for port9 10 NS3552 8P 2S V2 port sfp Port Type Speed Wave Length nm Distance m 9 1000Base LX 1000 Base 1310 10000 10 1000Base LX 1000...

Page 340: ... 8P 2S V2 mac configuration MAC Configuration MAC Address 9c f6 1a 03 1c 48 MAC Age Time 300 Port Learning 1 Auto 2 Auto 3 Auto 4 Auto 5 Auto 6 Auto 7 Auto 8 Auto 9 Auto 10 Auto MAC Add Description Add MAC address table entry Syntax MAC Add mac_addr port_list vid Parameters mac_addr MAC address xx xx xx xx xx xx port_list Port list or all or none vid VLAN ID 1 4095 default 1 Example Add Mac addres...

Page 341: ...rameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 default 1 Example Lookup state of Mac address 00 30 4F a1 01 d2 NS3552 8P 2S V2 mac lookup 33 33 4F a1 01 d2 MAC Age Time Description Set or show the MAC address age timer Syntax MAC Agetime age_time Parameters age_time MAC address age time 0 10 1000000 0 disable default Show age time Default Setting 300 Example Set agetime value i...

Page 342: ...xx xx xx xx xx default MAC address zero vid First VLAN ID 1 4095 default 1 Example Show all of MAC table NS3552 8P 2S V2 mac dump Type VID MAC Address Ports Static 1 00 30 4F a6 34 9d None CPU Dynamic 1 33 33 4F a1 01 d2 1 Static 1 33 33 00 00 00 01 1 2 4 10 CPU Static 1 33 33 00 00 00 02 1 2 4 10 CPU Static 1 33 33 ff 16 81 68 1 2 4 10 CPU Static 1 33 33 ff a8 00 64 1 2 4 10 CPU Static 1 ff ff ff...

Page 343: ...s Syntax MAC Flush VLAN Configuration Command VLAN Configuration Description Show VLAN configuration Syntax VLAN Configuration port_list Parameters port_list Port list or all default All ports Example Show VLAN status of port1 NS3552 8P 2S V2 vlan configuration 1 VLAN Configuration Mode IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type 1 1 Disabled All UnTag Disable N A VID ...

Page 344: ...52 8P 2S V2 vlan pvid 10 2 VLAN Frame Type Description Set or show the port VLAN frame type Syntax VLAN FrameType port_list all tagged Parameters port_list Port list or all default All ports all Allow tagged and untagged frames tagged Allow tagged frames only default Show accepted frame types Default Setting All Example Set port10 that allow tagged frames only NS3552 8P 2S V2 vlan frametype 10 tag...

Page 345: ... dot1q 802 1Q VLAN Mode default Show VLAN Mode Default Setting IEEE 802 1Q Example Set VLAN mode in port base NS3552 8P 2S V2 vlan mode portbased VLAN Link Type Description Set or show the port VLAN link type Syntax VLAN LinkType port_list untagged tagged Parameters port_list Port list or all default All ports untagged VLAN Link Type Tagged tagged VLAN Link Type Untagged default Show VLAN link typ...

Page 346: ...s man Set out layer VLAN tag ether type MAN dot1q Set out layer VLAN tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Default Setting N A Example Set out layer VLAN tag Ethernet type for port 10 in man Ethernet type NS3552 8P 2S V2 vlan ethtype 10 man VLAN untagVID Description Set or show the port untagVLAN ID Syntax VLAN untagVID port_list untagvid Parameters port_list Port l...

Page 347: ...Port list or all default All ports Example Forbidden add port1 to port4 in VLAN10 NS3552 8P 2S V2 vlan forbidden add 10 1 4 VLAN Delete Description Delete VLAN entry Syntax VLAN Delete vid name Parameters vid name VLAN ID 1 4095 or VLAN Name Example Delete VLAN10 NS3552 8P 2S V2 vlan delete 10 VLAN Forbidden Delete Description Delete VLAN entry Syntax LAN Forbidden Delete vid name Parameters vid n...

Page 348: ...r numbers VLAN name should contain at least one alpha character combined Shows All the Combined VLAN database static Shows the VLAN entries configured by the administrator nas Shows the VLANs configured by NAS mvr Shows the VLANs configured by MVR voice_vlan Shows the VLANs configured by Voice VLAN all Shows all VLANs configuration default combined VLAN Users configuration Example Show VLAN status...

Page 349: ...VLAN Name can only contain alpha characters or numbers VLAN name should contain at least one alpha character Example To show VLAN Name table NS3552 8P 2S V2 vlan name lookup VLAN NAME vid test 1 VLAN Status Description VLAN Port Configuration Status Syntax VLAN Status port_list combined static nas mvr voice_vlan mstp all conflicts Parameters port_list Port list or all default All ports combined co...

Page 350: ... Unaware 1 All Disabled Untag This 1 No Private VLAN Configuration Command PVLAN Configuration Description Show Private VLAN configuration Syntax PVLAN Configuration port_list Parameters port_list Port list or all default All ports Example Show private VLAN configuration NS3552 8P 2S V2 pvlan configuration Private VLAN Configuration Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disa...

Page 351: ...scription Delete Private VLAN entry Syntax PVLAN Delete pvlan_id Parameters pvlan_id Private VLAN ID The allowed range for a Private VLAN ID is the same as the switch port number range Example Delete PVLAN10 NS3552 8P 2S V2 pvlan delete 10 PVLAN Lookup Description Lookup Private VLAN entry Syntax PVLAN Lookup pvlan_id Parameters pvlan_id Private VLAN ID default Show all PVLANs The allowed range fo...

Page 352: ... Configuration Default Setting User Name Privilege admin 15 Example Show users configuration NS3552 8P 2S V2 security switch user configuration Users Configuration User Name Privilege Level admin 15 Security Switch User Add Description Add or modify users entry Syntax Security Switch Users Add user_name password privilege_level Parameters user_name A string identifying the user name that this entr...

Page 353: ...lege Level Configuration Description Show privilege configuration Syntax Security Switch Privilege Level Configuration Security Switch Privilege Level Group Description Configure a privilege level group Syntax Security Switch Privilege Level Group group_name cro crw sro srw Parameters group_name Privilege group name cro Configuration read only privilege level 1 15 crw Configuration Execute read wr...

Page 354: ...Switch Auth Method console telnet ssh web none local radius tacacs enable disable Parameters console Settings for console telnet Settings for telnet ssh Settings for ssh web Settings for web default Set or show the specific client authentication method none Authentication disabled local Use local authentication radius Use remote RADIUS authentication tacacs Use remote TACACS authentication default...

Page 355: ...iption Set or show the SSH mode Syntax Security Switch SSH Mode enable disable Parameters enable Enable SSH disable Disable SSH default Show SSH mode Default Setting enable Example Enable SSH function NS3552 8P 2S V2 security switch ssh mode enable Security Switch HTTPs Configuration Description Show HTTPS configuration Syntax Security Switch HTTPS Configuration Example Show HTTPs configuration NS...

Page 356: ...redirect web browser to HTTPS during HTTPS mode enabled Syntax Security Switch HTTPS Redirect enable disable Parameters enable Enable HTTPs redirect disable Disable HTTPs redirect default Show HTTPs redirect mode Default Setting disable Example Enable HTTPs redirect function NS3552 8P 2S V2 security switch https redirect enable Security Switch Access Configuration Description Show access managemen...

Page 357: ...at the host can access the switch from HTTP HTTPS snmp Indicates that the host can access the switch from SNMP telnet Indicates that the host can access the switch from TELNET SSH Example Add access management list from 192 168 0 1 to 192 168 0 200 via web interface NS3552 8P 2S V2 security switch access add 1 192 168 0 1 192 168 0 200 web Security Switch Access IPv6 Add Description Add access man...

Page 358: ...ost can access the switch from SNMP telnet Indicates that the host can access the switch from TELNET SSH Example Add access management list from 2001 0001 to 2001 0100 via web interface NS3552 8P 2S V2 security switch access add 2001 0001 2001 0100 web Security Switch Access Delete Description Delete access management entry Syntax Security Switch Access Delete access_id Parameters access_id entry ...

Page 359: ...cess statistics Access Management Statistics HTTP Receive 0 Allow 0 Discard 0 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Receive 0 Allow 0 Discard 0 Security Switch SNMP Configuration Description Show SNMP configuration Syntax Security Switch SNMP Configuration Security Switch SNMP Mode Description Set or show the SNMP mode Syntax Secu...

Page 360: ...ntax Security Switch SNMP Read Community community Parameters community Community string Use clear or to clear the string default Show SNMP read community Default Setting public Example Set SNMP read community private NS3552 8P 2S V2 security switch snmp read community private Security Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax Security Sw...

Page 361: ...protocol version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP trap version in version 2c NS3552 8P 2S V2 security switch snmp trap version 2c Security Switch SNMP Trap Community Description Set or show the community string for SNMP traps Syntax Security Switch SNMP T...

Page 362: ...mple four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses a following legally IPv4 address For example 192 1 2 34 Example Set SNMP trap IPv6 destination address for 2001 0001 NS3552 8P 2S V2 ...

Page 363: ...Mode Description Set or show the SNMP trap inform mode Syntax Security Switch SNMP Trap Inform Mode enable disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting enable Example Disable SNMP trap inform mode NS3552 8P 2S V2 security switch snmp trap inform mode disable Security Switch SNMP Trap Inform Timeout Description Set ...

Page 364: ...e ID enable disable Parameters enable Enable SNMP trap security engine ID probe disable Disable SNMP trap security engine ID probe default Show SNMP trap security engine ID probe mode Default Setting enable Example Disable SNMP trap probe security engine ID NS3552 8P 2S V2 security switch snmp trap probe security engine id disable Security Switch SNMP Trap Security Engine ID Description Set or sho...

Page 365: ...os or all ff H and is restricted to 5 32 octet string Default Setting 800007e5017f000001 Example Set 800007e5017f000002 for SNMPv3 local engine ID NS3552 8P 2S V2 security switch snmp engine id 800007e5017f000002 Security Switch SNMP Community Add Description Add or modify SNMPv3 community entry The entry index key is community Syntax Security Switch SNMP Community Add community ip_addr ip_mask Pa...

Page 366: ...at may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 md5 An optional flag to indicate that this user using MD5 authentication protocol The allowed length is 8 32 and the allowed ...

Page 367: ...arameters engineid Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 auth_password A string identifying the authentication pass phrase priv_password A string...

Page 368: ...ing the security name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 group_name A string identifying the group name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 Example Add SNMPv3 group entry NS3552 8P 2S V2 security switch snmp group add u...

Page 369: ...d excluded oid_subtree Parameters view_name A string identifying the view name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 included An optional flag to indicate that this view subtree should included excluded An optional flag to indicate that this view subtree should excluded oid_subtree The OID defining the root of ...

Page 370: ...ength is 1 32 and the allowed content is ASCII characters from 33 to 126 security_model any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM security_level noAuthNoPriv None authentication and none privacy AuthNoPriv Authentication and none privacy AuthPriv Authentication and privacy read_view_name The name of the MIB view def...

Page 371: ... 2S V2 security switch snmp access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of entries 2 Security Switch RMON Statistics Add Description Add or modify RMON Statistics entry The entry index key is stats_id Syntax Security Switch RMON Statistics Add stats_id data_source Parameters stats_id Statistics ID 1 65535 data_source The...

Page 372: ...interval 1 3600 default 1800 buckets The maximum data entries associated this History control entry stored in RMON 1 65535 default 50 Security Switch RMON History Delete Description Delete RMON Hisotry entry The entry index key is history_id Syntax Security Switch RMON History Delete history_id Parameters history_id History ID 1 65535 Security Switch RMON History Lookup Description Show RMON Histo...

Page 373: ...y the same value of OID ifIndex absolute Get the sample directly delta Calculate the difference between samples default rising_threshold Rising threshold value 2147483648 2147483647 rising_event_index Rising event index 1 65535 falling_threshold Falling threshold value 2147483648 2147483647 falling_event_index Falling event index 1 65535 rising Trigger alarm when the first value is larger than the...

Page 374: ...scription The string for describing this event the string lengh is 0 127 default null string Security Switch RMON Event Delete Description Delete RMON Event entry The entry index key is event_id Syntax Security Switch RMON Event Delete event_id Parameters event_id Event ID 1 65535 Security Switch RMON Event Lookup Description Show RMON Event entries Syntax Security Switch RMON Event Lookup event_i...

Page 375: ... Port port_list Parameters port_list Port list or all default All ports Example Show MAC address learned on port 1 NS3552 8P 2S V2 security network psec port 1 Port 1 MAC Address VID State Added Age Hold Time none Security Network Limit Configuration Description Show Limit Control configuration Syntax Security Network Limit Configuration port_list Parameters port_list Port list or all default All ...

Page 376: ...imit Mode enable disable Parameters enable Globally enable port security disable Globally disable port security default Show current global enabledness of port security limit control Default Setting disable Example Enable the limit mode NS3552 8P 2S V2 security network limit mode enable Security Network Limit Aging Description Set or show aging enabledness Syntax Security Network Limit Aging enabl...

Page 377: ...t Port port_list enable disable Parameters port_list Port list or all default All ports enable Enable port security on this port disable Disable port security on this port default Show current port enabledness of port security limit control Default Setting disable Example Enable port limit for port 1 NS3552 8P 2S V2 security network limit port 1 enable Security Network Limit Limit Description Set ...

Page 378: ...n Default Setting none Example Set trap mode for limit action for port 1 NS3552 8P 2S V2 security network limit action 1 trap Security Network Limit Reopen Description Reopen one or more ports whose limit is exceeded and shut down Syntax Security Network Limit Reopen port_list Parameters port_list Port list or all default All ports Example Reopen port 1 NS3552 8P 2S V2 security network limit reope...

Page 379: ... disable Globally disable 802 1X default Show current 802 1X global enabledness Default Setting disable Example Enable IEEE802 1X function NS3552 8P 2S V2 security network nas mode enable Security Network NAS State Description Set or show the port security state Syntax Security Network NAS State port_list auto authorized unauthorized single multi macbased Parameters port_list Port list or all defa...

Page 380: ...escription Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned VLAN Syntax Security Network NAS RADIUS_VLAN global port_list enable disable Parameters global Select the global RADIUS assigned VLAN setting port_list Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enable RADIUS ...

Page 381: ... on a MAC address that succeeded autentication default Show current age time Default Setting 300 Example Set NAS age time in 1000sec NS3552 8P 2S V2 security network nas agetime 1000 Security Network NAS Holdtime Description Time in seconds before a MAC address that failed authentication gets a new authentication chance Syntax Security Network NAS Holdtime hold_time Parameters hold_time Hold time ...

Page 382: ...e global RADIUS assigned VLAN setting port_list Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enable RADIUS assigned VLAN either globally or on one or more ports disable Disable RADIUS assigned VLAN either globally or on one or more ports default Show current RADIUS assigned VLAN enabledness Default Setting disable Example En...

Page 383: ...ved on a port for the lifetime of the port enable The Guest VLAN can be entered even if an EAPOL frame has been received during the lifetime of the port default Show current setting Default Setting Disable Example Enable NAS guest VLAN NS3552 8P 2S V2 security network nas guest_vlan enable Security Network NAS Authenticate Description Refresh restart 802 1X authentication process Syntax Security N...

Page 384: ...rity Network ACL Configuration port_list Parameters port_list Port list or all default All ports Security Network ACL Action Description Set or show the ACL port default action Syntax Security Network ACL Action port_list permit deny rate_limiter port_copy logging shutdown Parameters port_list Port list or all default All ports permit Permit forwarding default deny Deny forwarding rate_limiter Rat...

Page 385: ... or kbps 0 100 2 100 3 100 1000000 Default Setting 1 Example Set rate limit value in 100 for port 1 NS3552 8P 2S V2 security network acl rate 1 100 Security Network ACL Add Description Add or modify Access Control Entry ACE If the ACE ID parameter ace_id is specified and an entry with this ACE ID already exists the ACE will be modified Otherwise a new ACE will be added If the ACE ID is not specifi...

Page 386: ...word etype Ethernet Type 0x600 0xFFFF or any but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 smac Source MAC address xx xx xx xx xx xx or any dmac Destination MAC address xx xx xx xx xx xx or any arp ARP keyword sip Source IP address a b c d n or any dip Destination IP address a b c d n or any arp_opcode ARP operation code any arp rarp other arp_flags ARP flags request smac tmac len ip ether 0 ...

Page 387: ...work acl lookup 1 Security Network ACL Clear Description Clear all ACL counters Syntax Security Network ACL Clear Example Clear all ACL counters NS3552 8P 2S V2 security network acl clear Security Network ACL Status Description Show ACL status Syntax Security Network ACL Status combined static dhcp upnp arp_inspection ipmc ip_source_guard conflicts Parameters combined Shows the combined status sta...

Page 388: ...Policy replace Security Network DHCP Relay Mode Description Set or show the DHCP relay mode Syntax Security Network DHCP Relay Mode enable disable Parameters enable Enable DHCP relaly mode When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for...

Page 389: ...ormation option mode default Show DHCP relay agent information option mode Default Setting disable Example Enable DHCP relay agent information option mode NS3552 8P 2S V2 security network dhcp relay information mode enable Security Network DHCP Relay Information Policy Description Set or show the DHCP relay mode When DHCP relay information mode operation is enabled if an agent receives a DHCP mess...

Page 390: ... Security Network DHCP Snooping Mode Description Set or show the DHCP snooping mode Syntax Security Network DHCP Snooping Mode enable disable Parameters enable Enable DHCP snooping mode When DHCP snooping mode operation is enabled the requested DHCP messages will be forwarded to trusted ports and only allows reply packets from trusted ports disable Disable DHCP snooping mode default Show flow DHCP...

Page 391: ...ports clear Clear DHCP snooping statistics Example Show DHCP snooping statistics of port 1 NS3552 8P 2S V2 security network dhcp snooping statistics 1 Port 1 Statistics Rx Discover 0 Tx Discover 0 Rx Offer 0 Tx Offer 0 Rx Request 0 Tx Request 0 Rx Decline 0 Tx Decline 0 Rx ACK 0 Tx ACK 0 Rx NAK 0 Tx NAK 0 Rx Release 0 Tx Release 0 Rx Inform 0 Tx Inform 0 Rx Lease Query 0 Tx Lease Query 0 Rx Lease ...

Page 392: ...urce Guard port mode Default Setting disable Example Enable IP source guard port mode for port1 4 NS3552 8P 2S V2 security network ip source guard port mode 1 4 enable Security Network IP Source Guard Limit Description Set or show the IP Source Guard port limitation for dynamic entries Syntax Security Network IP Source Guard limit port_list dynamic_entry_limit unlimited Parameters port_list Port l...

Page 393: ...d static and dynamic entries Syntax Security Network IP Source Guard Status port_list Parameters port_list Port list or all default All ports Example Show IP source guard static and dynamic entries NS3552 8P 2S V2 security network ip source guard status Security Network IP Source Guard Translation Description Translate IP source guard dynamic entries into static entries Syntax Security Network IP ...

Page 394: ...Example Enable the ARP inspection mode of port 1 NS3552 8P 2S V2 security network arp inspection port mode 1 Security Network ARP Inspection Entry Description Add or delete ARP inspection static entry Syntax Security Network ARP Inspection Entry port_list add delete vid allowed_mac allowed_ip Parameters port_list Port list or all default All ports add Add new port ARP inspection static entry delet...

Page 395: ...pection dynamic entries into static entries Syntax Security Network ARP Inspection Translation Security AAA Configuration Description Show Auth configuration Syntax Security AAA Configuration Example Show Auth configuration NS3552 8P 2S V2 security aaa configuration AAA Configuration Server Timeout 15 seconds Server Dead Time 300 seconds RADIUS Authentication Server Configuration Server Mode IP Ad...

Page 396: ...eout 3 3600 seconds default Show server timeout configuration Default Setting 15 Example Set 30sec for server timeout NS3552 8P 2S V2 security aaa timeout 30 Security AAA Deadtime Description Set or show server dead time Syntax Security AAA Deadtime dead_time Parameters dead_time Time that a server is considered dead if it doesn t answer a request 0 3600 seconds default Show server dead time confi...

Page 397: ... 168 0 20 12345678 1812 Security AAA ACCT_RADIUS Description Set or show RADIUS accounting server setup Syntax Security AAA ACCT_RADIUS server_index enable disable ip_addr_string secret server_port Parameters The server index 1 5 default Show RADIUS accounting server configuration enable Enable RADIUS accounting server disable Disable RADIUS accounting server default Show RADIUS server mode ip_add...

Page 398: ...Quotes in the secret are not allowed server_port Server TCP port Use 0 to use the default TACACS port 49 Example Set TACACS authentication server configuration NS3552 8P 2S V2 security aaa tacacs 1 enable 192 168 0 20 12345678 49 Security AAA Statistics Description Show RADIUS statistics Syntax Security AAA Statistics server_index Parameters The server index 1 5 default Show statistics for all ser...

Page 399: ...ault Setting MSTP Example Set the STP Bridge protocol version NS3552 8P 2S V2 stp version rstp STP Tx Hold Description Set or show the STP Bridge Transmit Hold Count parameter Syntax STP Txhold holdcount Parameters holdcount STP Transmit Hold Count 1 10 Default Setting 6 Example Set STP Tx hold in 10 NS3552 8P 2S V2 stp txhold 10 STP MaxHops Description Set or show the MSTP Bridge Max Hop Count pa...

Page 400: ...rd delay Syntax STP FwdDelay delay Parameters delay MSTP forward delay 4 30 and max_age forward_delay 1 2 Default Setting 15 Example Set STP forward delay value in 25 NS3552 8P 2S V2 stp fwddelay 25 STP CName Description Set or Show MSTP configuration name and revision Syntax STP CName config name integer Parameters config name MSTP Configuration name A text string up to 32 characters long Use quo...

Page 401: ...t BPDU Guard Syntax STP bpduGuard enable disable Parameters enable disable enable or disable BPDU Guard for Edge ports Default Setting Disable Example Set edge port BPDU guard NS3552 8P 2S V2 stp bpduguard enable STP Recovery Description Set or show edge port error recovery timeout Syntax STP recovery timeout Parameters timeout Time before error disabled ports are reenabled 30 86400 seconds 0 disa...

Page 402: ...TC Flag Steady TC Count 0 TC Last Port Port Role State Pri PathCost Edge P2P Uptime 10 DesignatedPort Forwarding 128 20000 Yes Yes 0d 00 10 32 STP MSTI Priority Description Set or show the bridge instance priority Syntax STP Msti Priority msti priority Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 priority STP bridge priority 0 16 32 48 224 240 Default 128 Example Set MST1 priority val...

Page 403: ...TP Port Configuration port_list Parameters port_list Port list or all Port zero means aggregations Example Show STP status of Port1 NS3552 8P 2S V2 stp port configuration 1 Port Mode AdminEdge AutoEdge restrRole restrTcn Point2point 1 Disabled Disabled Enabled Disabled Disabled Auto STP Port Mode Description Set or show the STP enabling for a port Syntax STP Port Mode port_list enable disable Para...

Page 404: ...autoEdge port parameter Syntax STP Port AutoEdge port_list enable disable Parameters port_list Port list or all default All ports Enable Enable MSTP autoEdge Disable Disable MSTP autoEdge Default enable Example Disable STP edge function on port1 NS3552 8P 2S V2 stp port autoedge 1 disable STP Port P2P Description Set or show the STP point2point port parameter Syntax STP Port P2P port_list enable d...

Page 405: ...ion Set or show the MSTP restrictedTcn port parameter Syntax STP Port RestrictedTcn port_list enable disable Parameters port_list Port list or all default All ports enable Enable MSTP restricted TCN disable Disable MSTP restricted TCN Default disable Example Enable STP restricted TCN on port1 NS3552 8P 2S V2 stp port restrictedtcn 1 enable STP Port bpduGuard Description Set or show the bpduGuard p...

Page 406: ...r ports Syntax STP Port Mcheck port_list Parameters port_list Port list or all default All ports Example Set the STP mCheck Migration Check variable for port 1 NS3552 8P 2S V2 stp port mcheck 1 STP MSTI Port Configuration Description Show the STP port instance configuration Syntax STP Msti Port Configuration msti port_list Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port li...

Page 407: ...st priority Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port zero means aggregations priority STP port priority 0 16 32 48 224 240 Default 128 Link Aggregation Command Aggregation Configuration Description Show link aggregation configuration Syntax Aggr Configuration Aggregation Add Description Add or modify link aggregation Syntax Aggr Add port_list aggr_i...

Page 408: ...ggr_id Aggregation ID Aggregation Mode Description Set or show the link aggregation traffic distribution mode Syntax Aggr Mode smac dmac ip port enable disable Parameters smac Source MAC address dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribution Default ...

Page 409: ...abled Auto Active 2 Disabled Auto Active 3 Disabled Auto Active 4 Disabled Auto Active 5 Disabled Auto Active 6 Disabled Auto Active 7 Disabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active LACP Mode Description Set or show LACP mode Syntax LACP Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable LACP protocol disa...

Page 410: ... Syntax LACP Prio port_list prio Parameters port_list Port list or all default All ports prio LACP Prio 0 65535 Default Setting 32768 LACP System Prio Description Set or show the LACP System prio Syntax LACP System Prio sysprio Parameters sysprio LACP System Prio 0 65535 Default Setting 32768 LACP Role Description Set or show the LACP role Syntax LACP Role port_list active passive Parameters port_...

Page 411: ... Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 1 2 Disabled 1 3 Disabled 1 4 Disabled 1 LACP Statistics Description Show LACP Statistics Syntax LACP Statistics port_list clear Parameters port_list Port list or all default All ports clear Clear LACP statistics Example Show LACP statistics of port1 4 NS3552 8P 2S V2 lacp statistics 1 4 Port Rx Frames Tx Frames Rx Unknown Rx Illegal 1 0 ...

Page 412: ... port_list Port list or all default All ports Example Show LLDP configuration of port1 4 NS3552 8P 2S V2 lldp configuration 1 4 LLDP Configuration Interval 30 Hold 3 Tx Delay 2 Reinit Delay 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness 1 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 2 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 3 Enable...

Page 413: ..._descr sys_capa mgmt_addr enable disable Parameters port_list Port list or all default All ports port_descr Description of the port sysm_name System name sys_descr Description of the system sys_capa System capabilities mgmt_addr Master s IP address default Show optional TLV s configuration enable Enables TLV disable Disable TLV default Show optional TLV s configuration Default Setting Description ...

Page 414: ... LLDP Hold hold Parameters hold LLDP hold value 2 10 Default Setting 3 Example Set LLDP hold value in 10 NS3552 8P 2S V2 lldp hold 10 LLDP Delay Description Set or show LLDP Tx delay Syntax LLDP Delay delay Parameters delay LLDP transmission delay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 NS3552 8P 2S V2 lldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syntax LLD...

Page 415: ...P Statistics of port 1 NS3552 8P 2S V2 lldp statistics 1 LLDP global counters Neighbor entries was last changed at 18819 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP local counters Rx Tx Rx Rx Rx TLV Rx TLV Rx TLV Port Frames Frames Errors Discards Errors Unknown Organz Aged 1 0 0 0 0 0 0 0 0 LLD...

Page 416: ...t Policies 1 none 2 none 3 none 4 none LLDP MED Civic Description Set or show LLDP MED Civic Address Location Syntax LLDPMED Civic country state county city district block street leading_street_direction trailing_street _suffix str_suf house_no house_no_suffix landmark additional_info name zip_code building apartment floor room_number place_type postal_com_name p_o_box addi tional_code civic_value...

Page 417: ...w Civic Address Location configuration civic_value lldpmed The value for the Civic Address Location entry LLDP MED ECS Description Set or show LLDP MED Emergency Call Service Syntax LLDPMED ecs ecs_value Parameters ecs_value lldpmed The value for the Emergency Call Service LLDP MED Policy Delete Description Delete the selected policy Syntax LLDPMED policy delete policy_list Parameters policy_list ...

Page 418: ... specific VLAN video_conferencing Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services streaming_video Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment V...

Page 419: ... default Show coordinate location configuration north south west east meters floor North North Valid for latitude South South Valid for latitude West West Valid for longitude East East Valid for longitude Meters Meters Valid for altitude Floor Floor Valid for altitude lldpmed Coordinate value coordinate_value lldpmed Coordinate value LLDP MED Datum Description Set or show LLDP MED Coordinates map ...

Page 420: ...rts shall be shut down Syntax Thermal prio_temp prio_list shut_down_temp Parameters prio_list List of priorities 0 3 shut_down_temp Temperature at which ports shall be shut down 0 255 C Thermal Port_prio Description Set or show the ports priority Syntax Thermal port_prio port_list prio Parameters port_list Port list or all default All ports prio Priority 0 3 Thermal Status Description Shows the ch...

Page 421: ...ult All ports enable Enables PoE disable Disable PoE default Show PoE s mode af PoE to af mode at PoE to at mode default Show PoE s af at mode Default Setting enable PoE Priority Description Show Set PoE Priority Syntax PoE Priority port_list low high critical Parameters port_list Port list or all default All ports low Set priority to low high Set priority to high critical Set priority to critical...

Page 422: ...he port 0 30 8 Default Setting 30 8 PoE Power Supply Description Set or show the value of the power supply Syntax PoE Power_Supply supply_power Parameters supply_power PoE power for a power supply PoE Status Description Show PoE status Syntax PoE Status Ethernet Virtual Connections Command EVC Configuration Description Show EVC configuration Syntax EVC Configuration port_list policer_id Parameters...

Page 423: ...e IP MAC address mode source destination EVC Port L2CP Description Set or show port L2CP mode Syntax EVC Port L2CP port_list l2cp_list mode Parameters port_list Port list or all default All ports l2cp_list L2CP ID list 0 31 BPDU range 0 15 GARP range 16 31 mode The mode takes the following values normal Default forwarding forward Forward redirect Redirect to CPU EVC Policer Description Set or show...

Page 424: ...disable inner Inner tag action keyword it_type Inner tag type none c tag s tag s custom tag it_vid_mode Inner VID mode normal tunnel it_vid Inner tag VLAN ID 1 4095 it_preserve Inner tag preserved or fixed PCP DEI preserved fixed it_pcp Inner tag PCP value 0 7 it_dei Inner tag DEI value 0 1 outer Outer tag action keyword ot_vid EVC outer tag VID for UNI ports EVC Delete Description Delete EVC Synt...

Page 425: ...he ECE will not be moved Syntax EVC ECE Add ece_id ece_id_next uni uni_list dmac_type smac tag tag_type vid pcp dei all ipv4 proto sip dscp fragment sport dport ipv6 proto sip_v6 dscp sport dport direction direction evc evc_id pop pop policy policy class class outer ot_mode ot_preserve ot_pcp ot_dei Parameters ece_id ECE ID 1 128 ece_id_next Next ECE ID 1 128 or last uni UNI keyword uni_list UNI p...

Page 426: ...ss Class keyword class QoS class disable or 0 7 outer Outer tag action keyword ot_mode Outer tag for nni to uni direction enable disable ot_preserve Outer tag preserved or fixed PCP DEI preserved fixed ot_pcp Outer tag PCP value 0 7 ot_dei Outer tag DEI value 0 1 EVC ECE Delete Description Delete ECE Syntax EVC ECE Delete ece_id Parameters ece_id ECE ID 1 128 EVC ECE Lookup Description Lookup ECE ...

Page 427: ...protection EPS Config Description EPS config operation Syntax EPS config inst aps noaps revert norevert unidir bidir w0s w10s w30s w1m w5m w12m h0s h100ms h500ms h1s h2s h5s h10s Parameters inst Instance number aps noaps APS enable disable revert norevert Revertive enable disable unidir bidir Unidirectional or bidirectional switching w0s w10s w30s w1m w5m w12m Wait to restore timer value h0s h100m...

Page 428: ...t domain itu ieee is the MEG ID format meg is the MEG ID max 8 char in case of ieee 6 or 7 char in case of itu mep is the MEP ID Syntax MEP config inst mep mip ingress egress port domport domevc level itu ieee meg mep vid flow enable disable Parameters inst Instance number mep mip Mode of the MEP instance ingress egress Direction of the MEP instance port Port number domport domevc Flow domain leve...

Page 429: ...easurement configuration prio is the priority PCP of transmitted LM frame uni multi is selecting uni cast or multi cast transmission of LM frame single dual is selecting single ended LMM or dual ended CCM LM 10s 1s 6m 1m 6h is the number of LM frame pr second flr is the Frame Loss Ratio time interval Syntax MEP lm config inst prio uni multi single dual 10s 1s 6m 1m 6h flr enable disable Parameters...

Page 430: ... cflow Parameters inst Instance number domport domevc Flow domain level MEP level 0 7 cflow Client flow instance number EVC MEP AIS Configuration Description MEP AIS configuration prio is the priority PCP of transmitted AIS frame 1s 1m is the number of AIS frame pr second set clear is set or clear of protection usability If set the first three AIS frames are transmitted as fast as possible this gi...

Page 431: ... MAC address xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit mep This MEP id 0 0x1FFF ttl LT Time To Live enable disable enable disable MEP Loop Back Configuration Description MEP Loop Back configuration set clear is set or clear of DEI of transmitted LBM frame prio is the priority PCP of transmitted LBM frame uni multi is selecting uni cast or multi cast transmissi...

Page 432: ...10 ms count number of frames used for average calculation on the latest count frames received us ns calculation results are shown in micro or nano seconds keep reset the action in case of total delay counter overflow either keep all results or reset all results d2ford1 this is selecting to used two way DMM for calculate one way delay Syntax MEP dm config inst prio uni multi mep oneway twoway std p...

Page 433: ...le Parameters inst Instance number set clear OAM DEI set clear prio OAM PDU priority mep This MEP id 0 0x1FFF no_seq seq TST sequence number transmission rate Transmission bit rate of TST frames in Mbps size Size of TST data field in bytes max 1518 allzero allone onezero Data pattern to be filled in TST PDU enable disable enable disable MEP State Description MEP state get Syntax MEP state inst Par...

Page 434: ...surement state get Syntax MEP dm state inst Parameters inst Instance number MEP Delay Measurement State Clear Description MEP Delay Measurement state clear Syntax MEP dm clear inst Parameters inst Instance number MEP Test Signal State Description MEP Test Signal state get RX rate is shown in 100 Kbps Syntax MEP tst state inst Parameters inst Instance number MEP Test Signal State Clear Description ...

Page 435: ...etting 0 Example Set default QoS class in 1 for port 1 NS3552 8P 2S V2 qos Port Classification Class 1 1 QoS Port Classification DPL Description Set or show the default Drop Precedence Level Syntax QoS Port Classification DPL port_list dpl Parameters port_list Port list or all default All ports dpl Drop Precedence Level 0 1 Default Setting 0 Example Set the default Drop Precedence Level in 1 for p...

Page 436: ...fication dei 1 1 QoS Port Classification Tag Description Set or show if the classification is based on the PCP and DEI values in tagged frames Syntax QoS Port Classification Tag port_list enable disable Parameters port_list Port list or all default All ports enable Enable tag classification disable Disable tag classification default Show tag classification mode Default Setting disable Example Enab...

Page 437: ...ult All ports enable Enable DSCP based classification disable Disable DSCP based classification default Show DSCP based classification mode Default Setting disable Example Enable QoS port classification DSCP NS3552 8P 2S V2 qos Port Classification dscp 1 10 enable QoS Port Policer Mode Description Set or show the port policer mode Syntax QoS Port Policer Mode port_list enable disable Parameters po...

Page 438: ... Setting kbps Example Set the port policer unit in fps NS3552 8P 2S V2 qos Port Policer unit 1 10 fps QoS Port Policer Flow Control Description Set or show the port policer flow control If policer flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames Syntax QoS Port Policer FlowControl port_list enable disable Parameters port_list Port...

Page 439: ...te Rate in kilo bits per second 100 3300000 Default Setting 500 QoS Port Scheduler Mode Description Set or show the port scheduler mode Syntax QoS Port Scheduler Mode port_list strict weighted Parameters port_list Port list or all default All ports strict Strict mode weighted Weighted mode default Show port scheduler mode Default Setting strict Example Set the port schedule mode in weighted mode N...

Page 440: ...r rate Syntax QoS Port QueueShaper Rate port_list queue_list bit_rate Parameters port_list Port list or all default All ports queue_list Queue list or all default All queues 0 7 bit_rate Rate in kilo bits per second 100 3300000 Default Setting 500kbps Example Set the port queue shaper rate in 1000 NS3552 8P 2S V2 qos Port QueueShaper rate 1 10 0 7 1000 QoS Port QueueShaper Excess Description Set o...

Page 441: ...port tag remarking mode in mapped NS3552 8P 2S V2 qos Port TagRemarking Mode 1 10 mapped QoS Port TagRemarking PCP Description Set or show the default PCP This value is used when port tag remarking mode is set to default Syntax QoS Port TagRemarking PCP port_list pcp Parameters port_list Port list or all default All ports pcp Priority Code Point 0 7 Default Setting 0 Example Set the default PCP in...

Page 442: ...tion Set or show DSCP ingress translation mode If translation is enabled for a port incoming frame DSCP value is translated and translated value is used for QoS classification Syntax QoS Port DSCP Translation port_list enable disable Parameters port_list Port list or all default All ports enable Enable DSCP ingress translation disable Disable DSCP ingress translation default Show DSCP ingress tran...

Page 443: ...with the value received from analyzer remap_dp_unaware Rewrite DSCP in egress frame with remapped DSCP where remap is DP unaware or DP 0 remap_dp_aware Rewrite DSCP in egress frame with remapped DSCP where remap is DP aware and DP 1 default Show port DSCP egress remarking mode Default Setting disable Example Enable DSCP egress rewrite NS3552 8P 2S V2 QoS Port DSCP EgressRemark 1 10 enable QoS DSCP...

Page 444: ...the port Trusted DSCP value is onlyused for QoS classification Syntax QoS DSCP Trust dscp_list enable disable Parameters dscp_list DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all enable Set DSCP as trusted DSCP disable Set DSCP as un trusted DSCP default Show DSCP Trust status Default Setting disable QoS DSCP Classification Mode Description Set or show DSCP ingress classification mode If port DSC...

Page 445: ...l packet_rate Rate in fps 1 2 4 512 1k 2k 4k 32768k Default Setting disable Example Enable unicast storm control in 2fps NS3552 8P 2S V2 QoS Storm Unicast enable 2 QoS Storm Multicast Description Set or show the multicast storm rate limiter Syntax QoS Storm Multicast enable disable packet_rate Parameters enable Enable multicast storm control disable Disable multicast storm control packet_rate Rate...

Page 446: ...AP control SNAP PID ipv4 protocol sip dscp fragment sport dport ipv6 protocol sip_v6 dscp sport dport class dp classified_dscp Parameters qce_id QCE ID 1 256 default Next available ID qce_id_next Next QCE ID next_id 1 256 or last port_list Port List port port_list or all default All ports tag Frame tag untag tag any vid VID 1 4095 or any either a specific VID or range of VIDs pcp Priority Code Poi...

Page 447: ...cast storm control in 2fps NS3552 8P 2S V2 QoS Storm multicast enable 2 QoS QCL Lookup Description Lookup QoS Control List Syntax QoS QCL Lookup qce_id Parameters qce_id QCE ID 1 256 default Next available ID Default Setting disable Example Enable multicast storm control in 2fps NS3552 8P 2S V2 QoS Storm multicast enable 2 QoS QCL Status Description Show QCL status This can be used to display if t...

Page 448: ...us voice_vlan Shows the status by Voice VLAN conflicts Shows all conflict status default Shows the combined status Default Setting disable Example Enable multicast storm control in 2fps NS3552 8P 2S V2 QoS Storm multicast enable 2 Mirror Command Mirror Configuration Description Show mirror configuration Syntax Mirror Configuration port_list Parameters port_list Port list or all default All ports E...

Page 449: ...Default Setting disable Example Enable the mirror mode for port 1 4 NS3552 8P 2S V2 mirror mode 1 4 enable Configuration Command Configuration Save Description Save configuration to TFTP server Syntax Config Save ip_server file_name Parameters ip_server TFTP server IP address a b c d file_name Configuration file name Configuration Load Description Load configuration from TFTP server Syntax Config ...

Page 450: ... firmware from IPv6 TFTP server Syntax Firmware IPv6 Load ipv6_server file_name Parameters ipv6_server TFTP server IPv6 address file_name Firmware file name Firmware Information Description Display information about active and alternate firmware images Syntax Firmware Information Firmware Swap Description Activate the alternate firmware image Syntax Firmware Swap UPnP Command UPnP Configuration De...

Page 451: ...he UPnP mode NS3552 8P 2S V2 upnp mode enable UPnP TTL Description Set or show the TTL value of the IP header in SSDP messages Syntax UPnP TTL ttl Parameters ttl ttl range 1 255 default Show UPnP TTL Default Setting 4 Example Set the value 10 for TTL value of the IP header in SSDP messages NS3552 8P 2S V2 upnp ttl 10 UPnP Advertising Duration Description Set or show UPnP Advertising Duration Synta...

Page 452: ...MVR Mode Disabled Muticast VLAN ID 100 Port Port Mode Port Type Immediate Leave 1 Disabled Receive Disabled 2 Disabled Receive Disabled 3 Disabled Receive Disabled 4 Disabled Receive Disabled 5 Disabled Receive Disabled 6 Disabled Receive Disabled 7 Disabled Receive Disabled 8 Disabled Receive Disabled 9 Disabled Receive Disabled 10 Disabled Receive Disabled MVR Mode Description Set or show the MV...

Page 453: ... mode Syntax MVR VLAN Mode vid mvr_name dynamic compatible Parameters vid mvr_name MVR VLAN ID 1 4095 or Name Maximum of 32 characters dynamic Dynamic MVR mode compatible Compatible MVR mode default Show MVR VLAN mode MVR VLAN Port Description Set or show per MVR VLAN port role Syntax MVR VLAN Port vid mvr_name port_list source receiver inactive Parameters vid mvr_name MVR VLAN ID 1 4095 or Name M...

Page 454: ... operation upd Update operation channel IPv4 IPv6 multicast group address channel_bound The boundary IPv4 IPv6 multicast group address for the channel name MVR Name keyword grp_name MVR Channel name Maximum of 32 characters MVR VLAN Priority Description Set or show per MVR VLAN priority and VLAN tag Syntax MVR VLAN Priority vid mvr_name priority tagged untagged Parameters vid mvr_name MVR VLAN ID ...

Page 455: ...group addresses Syntax MVR Groups vid Parameters vid VLAN ID 1 4095 MVR SFM Description Show SFM including SSM related information for MVR Syntax MVR SFM vid port_list Parameters vid VLAN ID 1 4095 port_list Port list or all default All ports Voice VLAN Command Voice VLAN Configuration Description Show Voice VLAN configuration Syntax Voice VLAN Configuration Example Show Voice VLAN configuration N...

Page 456: ...overy Protocol 1 Disabled Disabled OUI 2 Disabled Disabled OUI 3 Disabled Disabled OUI 4 Disabled Disabled OUI 5 Disabled Disabled OUI 6 Disabled Disabled OUI 7 Disabled Disabled OUI 8 Disabled Disabled OUI 9 Disabled Disabled OUI 10 Disabled Disabled OUI Voice VLAN Mode Description Set or show the Voice VLAN mode We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict o...

Page 457: ...Agetime Description Set or show Voice VLAN age time Syntax Voice VLAN Agetime age_time Parameters age_time MAC address age time 10 10000000 default Show age time Default Setting 86400sec Example Set Voice VLAN age time in 100sec NS3552 8P 2S V2 voice valn agetime 100 Voice VLAN Traffic Class Description Set or show Voice VLAN ID Syntax Voice VLAN Traffic Class class Parameters class Traffic class ...

Page 458: ...ui add 00 11 22 test Voice VLAN OUI Delete Description Delete Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Delete oui_addr Parameters oui_addr OUI address xx xx xx The null OUI address isn t allowed Example Delete Voice VLAN OUI entry NS3552 8P 2S V2 voice vlan oui delete 00 11 22 Voice VLAN OUI Clear Description Clear Voice VLAN OUI entry Modify...

Page 459: ...of Voice VLAN port mode NS3552 8P 2S V2 voice vlan port mode 1 4 auto Voice VLAN Security Description Set or show the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Syntax Voice VLAN Security port_list enable disable Parameters port_list Port list or all default All ports enable Enable Voice VLAN security mode disab...

Page 460: ...is issued group_id protection group id Syntax Erps command fs ms clear port group id Parameters fs ms clear administrative commands port Port number group id protection group id 1 64 ERPS Version Description Specifying protocol version for a given protection group v1 v2 specifying protocol version for a given protection group group_id protection group id Syntax Erps version v1 v2 group id Paramete...

Page 461: ...ics for a given node revertive nonrevertive enabling or disabling reversion for a given group group_id protection group id Syntax Erps reversion revertive nonrevertive group id Parameters revertive nonrevertive specifying reversion parameters group id protection group id 1 64 ERPS VLAN Add Description Associating a given vlan to a protection group vid vlan to be protected group id protection group...

Page 462: ...ort 1 group id protection group id 1 64 ERPS RPL Neighbour Description Selection of RPL neighbour for a protection group east west selected east Port 0 or west Port 1 as RPL neighbour group id protection group id for selecting RPL Block Syntax Erps rpl neighbour rpl_port group id Parameters rpl_port RPL Block group id protection group id 1 64 ERPS RPL Owner Description Selection of RPL Block for a...

Page 463: ...iguring hold off time Syntax Erps hold off timeout hold_timeout group id Parameters hold_timeout timer timeout values group id protection group id 1 64 ERPS Guard timeout Description configuring guard timeout for a protection group guard timeout should be configured in the increments of 10 milliseconds minimum guard timeout 10 ms and maximum 2 seconds guard_timeout guard timeout group id protectio...

Page 464: ...change propagation for a given group group_id protection group id Syntax Erps topologychange propagate nopropagate group id Parameters propagate nopropagate topology change propagation configuration group id protection group id 1 64 ERPS Configurationt Description deletion of a protection group group id protection group id statistics for displaying R APS statistics clear for clearing R APS statist...

Page 465: ...ds Default Setting 5 Loop Protect Shutdown Description Set or show the Loop Protection shutdown time Syntax Loop Protect Shutdown shutdown time Parameters Shutdown time interval 0 604800 seconds A value of zero disables re enabling the port Default Setting 10 Loop Protect Port Configuration Description Show Loop Protection port configuration Syntax Loop Protect Port Configuration port_list Paramet...

Page 466: ... event Loop Protect Port Transmit Description Set or show the Loop Protection port transmit mode Syntax Loop Protect Port Transmit port_list enable disable Parameters port_list Port list or all default All ports enable Enable Loop Protection disable Disable Loop Protection Loop Protect Status Description Show the Loop Protection status Syntax Loop Protect Status port_list Parameters port_list Port...

Page 467: ...g Description Set or show the IPMC unregistered addresses flooding operation Syntax IPMC Flooding mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC flooding disable Disable IPMC flooding default Show global IPMC flooding mode Default Setting enable Example Enable IGMP flooding NS3552 8P 2S V2 ipmc flooding igmp enable IPMC Leave Proxy Desc...

Page 468: ...sable Disable IPMC Proxy default Show global IPMC Proxy mode Default Setting disable Example Enable IGMP Proxy NS3552 8P 2S V2 ipmc proxy igmp enable IPMC SSM Description Set or show the IPMC SSM Range Syntax IPMC SSM mld igmp Range prefix mask_len Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP range SSM Range keyword prefix IPv4 IPv6 multicast group address accordingly mask_len...

Page 469: ...able Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs enable Enable MLD snooping disable Disable MLD snooping Default Setting disable Example Enable IGMP snooping state for VLAN 1 NS3552 8P 2S V2 ipmc state igmp 1 enable IPMC Querier Description Set or show the IPMC snooping querier mode for VLAN Syntax IPMC Querier mld igmp vid ena...

Page 470: ...bility of IGMPv2 or MLDv2 v3 Forced Compatibility of IGMPv3 default Show IPMC Interface Compatibility IPMC Fastleave Description Set or show the IPMC snooping fast leave port mode Syntax IPMC Fastleave mld igmp port_list enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports enable Enable MLD fast leave disable Disable MLD fast...

Page 471: ...ameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports add Add new port group filtering entry del Del existing port group filtering entry default Show IPMC port group filtering list group_addr IPv4 IPv6 multicast group address accordingly IPMC Router Description Set or show the IPMC snooping router port mode Syntax IPMC Router mld igmp port_list...

Page 472: ...addresses accordingly Syntax IPMC Groups mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs Example Show VLAN 1 IPMC group addresses accordingly NS3552 8P 2S V2 ipmc groups igmp 1 IPMC Version Description Show IPMC Versions Syntax IPMC Version mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP ...

Page 473: ...any default Show all VLANs ipmc_param_rv 1 Default Value 2 1 255 Robustness Variable default Show IPMC Interface Robustness Variable IPMC Parameter QI Description Set or show the IPMC Query Interval Syntax IPMC Parameter QI mld igmp vid ipmc_param_qi Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs ipmc_param_qi 1 Default Value 125 ...

Page 474: ...how all VLANs ipmc_param_llqi 1 Default Value 10 0 31744 Last Listener Query Interval in tenths of seconds default Show IPMC Interface Last Listener Query Interval IPMC Parameter URI Description Set or show the IPMC Unsolicited Report Interval Syntax IPMC Parameter URI mld igmp vid ipmc_param_uri Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Sh...

Page 475: ..._addr Parameters mac_addr MAC address xx xx xx xx xx xx Example Delete 00 11 22 33 44 55 66 in MAC based VLAN list NS3552 8P 2S V2 vcl macvlan del 00 11 22 33 44 55 66 VCL Stasus Description Show VCL MAC based VLAN users configuration Syntax VCL Status combined static nas all Parameters combined static nas all VCL User VCL Protocol based VLAN Add Ethernet II Description Add VCL protocol based VLAN...

Page 476: ... Delete Ethernet II Description Delete VCL protocol based VLAN Ethernet II protocol to group mapping Syntax VCL ProtoVlan Protocol Delete Eth2 ether_type arp ip ipx at Parameters ether_type arp ip ipx at Ether Type 0x0600 0xFFFF VCL Protocol based VLAN Delete SNAP Description Delete VCL protocol based VLAN SNAP protocol to group mapping Syntax VCL ProtoVlan Protocol Delete Snap oui rfc_1042 snap_8...

Page 477: ... ports group_id Protocol group ID VCL Protocol based VLAN Configuration Description Show VCL protocol based VLAN entries Syntax VCL ProtoVlan Conf VCL IP Subnet based Vlan Configuration Description Show VCL IP Subnet based VLAN configuration Syntax VCL IPVlan Configuration vce_id Parameters vce_id Unique VCE ID 1 128 for each VCL entry VCL IP Subnet based Vlan Add Description Add or modify VCL IP ...

Page 478: ...gure Syntax SMTP Configuration Default Setting disable SMTP Mode Description Enable or disable SMTP configure Syntax SMTP Mode enable disable Parameters enable Enable SMTP mode disable Disable SMTP mode default Show SMTP mode Default Setting Disable SMTP Server Description Set or show SMTP server configure Syntax SMTP Server server port Parameters server SMTP server address port SMTP server port D...

Page 479: ...hentication User Name Default Setting disable SMTP Auth_pass Description Set or to show SMTP authentication password configure Syntax SMTP Auth_pass auth_pass_text Parameters auth_pass_text SMTP Authentication Password Default Setting disable SMTP Mail from Description Set or show SMTP e mail from configure Syntax SMTP Mailfrom mailfrom_text Parameters mailfrom_text SMTP E mail From address Defaul...

Page 480: ... mailto1_text SMTP e mail 2 to address Default Setting Disable SMTP Test Description Test the status for linking to SMTP server Syntax SMTP Test DIDO Command DIDO DI Act Description Set or show the system digital input0 1 action Syntax DIDO Di_act first second 1 2 enable disable Parameters first Digital Input Output 0 second Digital Input Output 1 default Set or show digital input output first 0 s...

Page 481: ...put Output 0 second Digital Input Output 1 default Set or show digital input output first 0 second 1 select enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status hightolow Trigger high to low lowtohigh Trigger low to high default Set or show digital input output 0 1 trigger DIDO DO Act Description Set or sh...

Page 482: ...alarm Syntax DIDO Do_port_alr first second port_list Parameters first Digital Input Output 0 second Digital Input Output 1 default Set or show digital input output first 0 second 1 select port_list Port list or all default All ports DIDO DO Power Alarm Description Set or show the system digital output0 1 power alarm Syntax DIDO Do_pwr_alr first second dc1 dc2 enable disable Parameters first Digita...

Page 483: ...t0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status DIDO Fault Port Alarm Description Set or show the system fault alarm of port alarm Syntax DIDO Fault_port_alr port_list Parameters port_list Port list or all default All ports DIDO Fault Power Alarm Description Set or show the system fault alarm of power alarm Syntax DIDO Fault_p...

Page 484: ...onfiguration Syntax Show acl Show Aggregation Description Show link aggregation configuration Syntax Show aggr Show ARP Description Show ARP inspection configuration Syntax Show arp Show Auth Description Show Auth configuration Syntax Show auth Show DHCP Relay Description Show DHCP relay configuration Syntax Show DHCP relay Show EEE Description Show EEE configuration Syntax Show EEE ...

Page 485: ...iguration Syntax Show igmp Show IP Description Show IP configuration Syntax Show ip Show LACP Description Show LACP configuration Syntax Show lacp Show Limit Control Description Show Limit Control configuration Syntax Show limit control Show LLDP Description Show LLDP configuration Syntax Show lldp Show LLDP MED Description Show LLDP MED configuration Syntax Show LLDPMED ...

Page 486: ...MAC address table configuration Syntax Show MAC Show Mirror Description Show mirror configuration Syntax Show mirror Show MVR Description Show MVR configuration Syntax Show MVR Show PoE Description Show PoE configuration Syntax Show PoE Show Port Description Show port configuration Syntax Show port Show Privilege Description Show privilege configuration Syntax Show privilege ...

Page 487: ...oS Configuration Syntax Show QoS Show SNMP Description Show SNMP configuration Syntax Show SNMP Show SSH Description Show SSH configuration Syntax Show ssh Show System Description Show system configuration Syntax Show system Show Timezone Description Show System Timezone configuration Syntax Show timezone Show UPnP Description Show UPnP configuration Syntax Show upnp ...

Page 488: ...sers Show VLAN Description Show VLAN configuration Syntax Show vlan Show Voice VLAN Description Show Voice VLAN configuration Syntax Show voice vlan Show Firmware Description Display information about active and alternate firmware images Syntax Show firmware Show STP Description Show STP Port configuration Syntax Show STP ...

Page 489: ...e destination address as well as the source address learning The industrial managed switch will look up the address table for the destination address If not found this packet will be forwarded to all the other ports except the port that this packet comes from These ports will transmit this packet to the network it is connected to If found and the destination address is located at a different port ...

Page 490: ...n of the industrial managed switch the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is on the same segment as the source address This confines network traffic to its respective domain and reduces the overall load on the network The industrial managed ...

Page 491: ...the per port LED on the industrial managed switch 2 Try another port on the industrial managed switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again The per port LED illuminates but the traffic is irregular Check that the attached device is not set to dedicate full duplex Some devices use a physical or soft...

Page 492: ...re range of 40 to 75 C We recommend using an IFS wide temperature SFP module for the industrial managed switch If an IP address needs to be changed or an admin password is forgotten To reset the IP address to the default IP address 192 168 0 100 or reset the password to default value press the hardware reset button at the front panel for approximately 10 seconds After the device is rebooted you ca...

Page 493: ... or at a wiring panel while not expressly forbidden is beyond the scope of this standard 10 100Mbps 10 100BASE TX When connecting the industrial managed switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the industrial managed switch supports auto MDI Media Dependent Interface MDI X Media Dependent Interface Cross detection This makes i...

Page 494: ...onnection Straight Cable SIDE 1 SIDE 2 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 2 Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 ...

Page 495: ...ontaining access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine if there are specific traffic object access rights In networking the ACL refers to a list of service ports or network services that are available on a host or...

Page 496: ...or each specific port property ACL Rate Limiters This page can be used to configure the rate limiters There can be 15 different rate limiters each ranging from 1 1024K packets per second The Ports and Access Control List web pages can be used to assign a Rate Limiter ID to the ACE s or ingress port s AES Advanced Encryption Standard The encryption key protocol is applied in 802 1i standard to impr...

Page 497: ...g and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP Dynamic Host Configuration Protocol It is a protoco...

Page 498: ...e ID is 6 bytes in length and the value is equal to the DHCP relay agent s MAC address DHCP Snooping DHCP snooping is used to block an intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet into a legitimate conversation between the DHCP client and server DNS Domain Name System It stores and associates many types of information with d...

Page 499: ...multicast groups are in use simultaneously H HTTP Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions web servers and browsers should take in response to various commands For example entering a URL in a browser actually sends an HTTP command to the web server dire...

Page 500: ...s With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network IGMP Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to es...

Page 501: ... helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host L LACP LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling several physical ports together to form a single logical port LLDP Link Layer Discovery Protocol is an IEEE 802 1ab standard protocol The LLDP specified in this standard allows stations attached t...

Page 502: ...ined in RFC 1321 The MD5 Message Digest Algorithm Mirroring For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD Multicast Listener Discovery f...

Page 503: ...locks of computer systems NTP uses UDP datagrams as the transport layer O OAM Operation Administration and Maintenance It is a protocol described in ITU T Y 1731 used to implement carrier Ethernet functionality MEP functionality like CC and RDI is based on this Optional TLVs A LLDP frame contains multiple TLVs For some TLVs it is configurable if the switch includes the TLV in the LLDP frame These ...

Page 504: ...s Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining email on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of email and are not to be confused with the Simple Mail Transfer Protocol SMTP You send email with SMTP and a mail handler receives it on the recipi...

Page 505: ...ng queuing scheduling and congestion control guarantees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RAR...

Page 506: ...is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications regarding incoming mail SNAP SubNetwork Access Protocol SNAP It is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the 8 bit 802 2 Servic...

Page 507: ...ime clock synchronized IEEE 1588 T TACACS Terminal Acess Controller Access Control System Plus It is a networking protocol that provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority Tag Priority is a 3 bit field storing the priori...

Page 508: ...iple pieces of information Each of these pieces of information is known as a TLV TKIP Temporal Key Integrity Protocol It is used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet U UDP User Datagram Protocol It is a communications ...

Page 509: ...in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to t...

Page 510: ...s based on a Draft 3 of the IEEE 802 11i standard WPA Radius Wi Fi Protected Access Radius 802 1X authentication server WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared ke...

Page 511: ......

Reviews:

No comments

Related manuals for NS3552-8P-2S-V2

Keithley 3700 series Reference Manual preview
3700 series
Brand: Keithley Pages: 434
D-Box HaptiSync Hub User Manual preview
HaptiSync Hub
Brand: D-Box Pages: 27
Little Giant ACS-3 Installation, Operation, Maintenance & Repair Parts preview
ACS-3
Brand: Little Giant Pages: 2
Comtrend Corporation ES-7211PoE User Manual preview
ES-7211PoE
Brand: Comtrend Corporation Pages: 2
Magnum M9-EKCS Quick Start Manual preview
M9-EKCS
Brand: Magnum Pages: 3
Cabletron Systems Cyber SWITCH 1000 User Manual preview
Cyber SWITCH 1000
Brand: Cabletron Systems Pages: 106
Samson 4747 Mounting And Operating Instructions preview
4747
Brand: Samson Pages: 64
Pilz PSEN 1.2p-25 Operating Instructions Manual preview
PSEN 1.2p-25
Brand: Pilz Pages: 8
Pathway connectivity solutions 6716 User Manual preview
6716
Brand: Pathway connectivity solutions Pages: 34
3Com 3C16895 Installation Manual preview
3C16895
Brand: 3Com Pages: 74
Patton FiberPlex 1004E User Manual preview
FiberPlex 1004E
Brand: Patton Pages: 39
Clare Controls CLIQ.mini Quick Start Manual preview
CLIQ.mini
Brand: Clare Controls Pages: 2
Novy 990.031 Operating Instructions Manual preview
990.031
Brand: Novy Pages: 12
Radio Shack AFX-400 Owner'S Manual preview
AFX-400
Brand: Radio Shack Pages: 16
SolidView PS-5008 User Manual preview
PS-5008
Brand: SolidView Pages: 39
Raritan Dominion KX II Quick Setup Manual preview
Dominion KX II
Brand: Raritan Pages: 7
Leaf LTHDMI88 Manual preview
LTHDMI88
Brand: Leaf Pages: 16
CYP EL-M31TT-4K22 Operation Manual preview
EL-M31TT-4K22
Brand: CYP Pages: 44

Brands by name

Popular brands

Load more brands