manualshive.com logo in svg

Interlogix NS3562-8P-2S, User Manual, Page: 172 / 245

Share
Download
Interlogix NS3562-8P-2S User Manual Download Page 172

Chapter 4: Web configuration 

170 

NS3562-8P-2S User Manual 

 

The page includes the following fields: 

 

Object 

Description 

Port 

The port number for which the status applies. 

Security 

Enable or disable port security. 

Mac L2 Entry 

The maximum number of MAC addresses that can be secured on this port. If 
the limit is exceeded, the corresponding action is taken. 

The switch is "born" with a total number of MAC addresses from which all 
ports draw whenever a new MAC address is seen on a Port Security-
enabled port. Since all ports draw from the same pool, it may happen that a 
configured maximum cannot be granted, if the remaining ports have already 
used all available MAC addresses. 

Action 

If a limit is reached, the switch can take one of the following actions: 

Forward

: Do not allow more than Limit MAC addresses on the port, but take 

no further action. 

Shutdown

: If Limit + 1 MAC addresses is seen on the port, shut down the 

port. This implies that all secured MAC addresses will be removed from the 
port, and no new ones will be learned. Even if the link is physically 
disconnected and reconnected on the port (by disconnecting the cable), the 
port will remain shut down. There are three ways to re-open the port: 

1) Disable and re-enable Limit Control on the port or the switch, 

2) Click the Reopen button. 

Discard

: If Limit + 1 MAC addresses is seen on the port, it will not learn the 

new MAC address and drop the package. 

Buttons 

•  Click 

Apply

 to apply changes. 

DoS 

DoS (Denial of Service) is a simple but effective destructive attack on the internet. The 
server under DoS attack will drop normal user data packets due to the non-stop 
processing of the attacker’s data packet, leading to denial of the service and could lead 
to a leak of sensitive data from the server. 

Protocol check is an application that can protect the server from attacks such as DoS. 
The protocol check allows the user to drop matched packets based on specified 
conditions. This type of security feature provides several simple and effective 
protections against DoS attacks while having no influence on the linear forwarding 
performance of the switch. 

Summary of Contents for NS3562-8P-2S

Page 1: ...NS3562 8P 2S User Manual P N 1073225 EN REV B ISS 01MAR19 ...

Page 2: ...rference at his own expense Canada This Class A digital apparatus complies with CAN ICES 003 A NMB 3 A Cet appareil numérique de la classe A est conforme à la norme CAN ICES 003 A NMB 3 A ACMA compliance Notice This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Certification EU directives Th...

Page 3: ...overview 28 Web management 29 SNMP based network management 30 Smart discovery utility 30 Chapter 4 Web configuration 32 Main web page 33 System 37 Port management 57 Link aggregation 69 VLAN 77 Spanning Tree Protocol STP 99 Multicast 112 Quality of Service QoS 130 Security 139 Access Control Lists ACL 174 MAC address table 185 LLDP 187 Diagnostics 198 RMON 202 Power over Ethernet PoE 209 Maintena...

Page 4: ...2 NS3562 8P 2S User Manual Chapter 6 PoE overview 223 What is PoE 223 PoE system architecture 223 Chapter 7 Troubleshooting 225 Appendix A Networking connection 226 Glossary 228 ...

Page 5: ...egardless of whether any remedy fails of its essential purpose Installation in accordance with this manual applicable codes and the instructions of the authority having jurisdiction is mandatory While every precaution has been taken during the preparation of this manual to ensure the accuracy of its contents UTCFS assumes no responsibility for errors or omissions Advisory messages Advisory message...

Page 6: ...ing items The industrial managed switch 1 Quick installation guide 1 3 pin terminal block connector 1 DIN rail kit 1 Wall mounting kit 1 Magnet kit 1 SFP dust proof cap 2 RJ45 dust proof cap 8 If any of these are missing or damaged contact your dealer immediately If possible retain the carton including the original packing materials for repacking the product in case there is a need to return it to...

Page 7: ...he installing cable wiring LED monitoring and maintenance of the wall mount managed switch placed in an enclosure convenient for technicians The IFS managed series can be installed by fixed wall mounting magnetic wall mounting or DIN rail thereby making its usability more flexible IPv6 IPv4 dual stack Supporting both IPv6 and IPv4 protocols the industrial managed switch helps SMBs to step into the...

Page 8: ...icient management For efficient management the industrial managed switches are equipped with console web and SNMP management interfaces With the built in web based management interface the managed industrial switch offers an easy to use platform independent management and configuration facility It supports standard Simple Network Management Protocol SNMP and can be managed by any management softwa...

Page 9: ...saving Under the trend of energy saving worldwide and contributing to environmental protection the industrial managed switch can effectively control the power supply in addition to its capability of provideing high Watt power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and is a powerful function to help SMBs or enterp...

Page 10: ...input power temperature laser bias current and transceiver supply voltage Flexible and extendable solution The industrial managed switch features 100BASE FX and 1000BASE SX LX SFP Small Form factor Pluggable fiber optic modules meaning the administrator now can flexibly choose the suitable SFP transceiver according to the transmission distance or the transmission speed required to extend the netwo...

Page 11: ...s High performance of Store and Forward architecture and runt CRC filtering eliminates erroneous packets to optimize the network bandwidth Storm control support Broadcast Multicast Unknown Unicast Supports VLAN IEEE 802 1Q tagged VLAN Provider bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Protocol based VLAN MAC based VLAN Voice VLAN Management VLAN GVRP Supports STP STP IEEE 802 1D Spann...

Page 12: ...D snooping v1 and v2 Querier mode support IGMP snooping port filtering MLD snooping port filtering Security Authentication IEEE 802 1x Port Based MAC Based network access authentication Built in RADIUS client to co operate with the RADIUS servers TACACS login users access authentication RADIUS TACACS users access authentication Access Control List ACL IP based ACL MAC based ACL Source MAC IP addre...

Page 13: ...ssignment User privilege levels control Link Layer Discovery Protocol LLDP and LLDP MED Smart discovery utility for deploy management SNMP trap for interface Link Up and Link Down notification Smart fan with speed control Cable diagnostics Event message logging to remote Syslog server Product specifications Hardware Specifications Copper Ports Eight 10 100 1000BASE T RJ45 auto MDI MDI X ports SFP ...

Page 14: ...emovable 3 pin terminal block for power input Pin 1 2 for Power Pin 1 V Pin 2 V Pin 3 for earth ground DC power jack with 2 0 mm central pole LED System Power Green PoE Ports PoE in Use Orange LNK ACT Green LAN Port 100 LNK ACT Orange 1000 LNK ACT Green Power Requirement 48 56 VDC 5A max terminal block power input 48 56 DC 5A max DC jack power input Note These two power input interfaces don t supp...

Page 15: ... SNMP v1 v2c Up to 256 VLAN groups out of 4094 VLAN IDs 802 1ad Q in Q tunneling VLAN stacking Voice VLAN Protocol VLAN Private VLAN Protected port GVRP Management VLAN Secure Management Interfaces SSH SSL SNMP v3 Port Mirroring TX RX both 1 to 1 monitor VLAN 802 1Q tagged based VLAN Up to 256 VLAN groups out of 4094 VLAN IDs 802 1ad Q in Q tunneling VLAN stacking Voice VLAN Protocol VLAN Private ...

Page 16: ...SE T IEEE 802 3x Flow Control and Back Pressure IEEE 802 3ad Port Trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of Service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP v...

Page 17: ...Chapter 1 Introduction NS3562 8P 2S User Manual 15 Relative Humidity 5 to 95 non condensing Storage Temperature 40 to 75 C Relative Humidity 5 to 95 non condensing ...

Page 18: ...urself with its display indicators and ports Front panel illustrations in this chapter display the unit LED indicators Before connecting any network device to the industrial managed switch please read this chapter completely Hardware description The industrial managed switch provides three different running speeds 10Mbps 100Mbps and 1000Mbps and automatically distinguishes the speed of the incomin...

Page 19: ...Chapter 2 Installation NS3562 8P 2S User Manual 17 Physical dimensions Dimensions W x D x H 178 x 25 x 134 mm ...

Page 20: ...0 120 kilometers single mode fiber AC DC power receptacle The industrial managed switch features a strong dual power input system terminal block and DC jack incorporated into customer s automation network to enhance system reliability and uptime 3 pin Terminal Block DC Jack Power Input Range 48 56 VDC 48 56 VDC To install the 3 pin terminal block connector on the wall mount managed switch 1 Insert...

Page 21: ...s as shown below Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 LED indicators The front panel LEDs indicate port link status data activity and system power System LED Color Function PWR Green Lit indicates that the switch has power Blinking indicates the system of the switch is booting Per 10 100 1000BASE T in...

Page 22: ...er presented Note Ensure that the industrial managed switch is mounted vertically with the air holes on the top and a minimum of three inches above and below the switch to allow for proper air flow This device uses a convection flow of hot air which rises and brings cold air in from the bottom and out of the top of the device Do not mount the switch horizontally as this does not allow air to flow ...

Page 23: ...ate installation steps as shown in the example To install the industrial managed switch on the wall 1 Drill four 8 mm diameter holes in the wall with a horizontal distance of 163 mm between each 2 Install a conductor pipe inside the board hole and flush the edge of the conductor pipe with the wall surface 3 Screw the bolts into the conductor pipe The switch is between the bolts and the conductor p...

Page 24: ... auto negotiation capability They automatically support 1000BASE T 100BASE TX and 10BASE T networks Users only need to plug a working network device into one of the 10 100 1000BASE T ports and then turn on the industrial managed switch The port will automatically run in 10 Mbps 20 Mbps 100 Mbps or 200 Mbps and 1000 Mbps or 2000 Mbps after negotiating with the connected device ...

Page 25: ...ot uses an LC connector with optional SFP module The table below provides cable specification details Port Type Cable Type Connector 10BASE T Cat3 4 5 2 pair RJ45 100BASE TX Cat5 UTP 2 pair RJ45 1000BASE T Cat5 5e 6 UTP 2 pair RJ45 100BASE FX 50 125 µm or 62 5 125 µm multi mode 9 125 µm single mode LC multi single mode 1000BASE SX LX 50 125 µm or 62 5 125 µm multi mode 9 125 µm single mode LC mult...

Page 26: ...1000Base TX S30 RJ RJ 45 1 Cat5e 100M 328 ft 0 to 50 C 32 to 122 F Fast Ethernet 100Base FX S20 2MLC2 LC 2 Multi mode 2 km 1 2 mi 1310 nm 12 20 14 32 0 to 50 C 32 to 122 F S25 2MLC2 LC 2 Multi mode 2 km 1 2 mi 1310 nm 12 20 14 32 40 to 75 C 40 to 167 F Fast Ethernet 100Base LX S20 2SLC20 LC 2 Single Mode 20 km 12 mi 1310 nm 19 15 8 34 0 to 50 C 32 to 122 F S25 2SLC20 LC 2 Single Mode 20 km 12 mi 1...

Page 27: ...m 6 2 mi 1310 nm 18 9 5 3 20 0 to 50 C 32 to 122 F S35 2SLC 10 LC 2 Single Mode 10 km 6 2 mi 1310 nm 18 9 5 3 20 40 to 75 C 40 to 167 F S30 2SLC 30 LC 2 Single Mode 30 km 18 6 mi 1310 nm 18 2 3 23 0 to 50 C 32 to 122 F S35 2SLC 30 LC 2 Single Mode 30 km 18 6 mi 1310 nm 18 2 3 23 40 to 75 C 40 to 167 F Gigabit Ethernet 1000 Base ZX S30 2SLC 70 LC 2 Single Mode 70 km 43 mi 1550 nm 19 15 8 34 0 to 50...

Page 28: ...ose a SFP SFP transceiver that can be operated under 40 to 75 C temperature if the industrial managed switch is working in a 0 to 50 C temperature environment To connect the fiber cable 1 Attach the duplex LC connector on the network cable to the SFP SFP transceiver 2 Connect the other end of the cable to a device with the SFP SFP transceiver installed 3 Check the LNK ACT LED of the SFP SFP slot o...

Page 29: ...8P 2S User Manual 27 Note Never pull out the module without making use of the lever or the push bolts on the module Removing the module with force could damage the module and the SFP SFP module slot of the industrial managed switch ...

Page 30: ...ther platforms compatible with TCP IP protocols Workstations must have an Ethernet NIC Network Interface Card installed Serial Port connection Terminal The workstation must have a COM Port DB9 RS 232 or USB to RS 232 converter Ethernet port connection Use standard network UTP cables with RJ45 connectors Workstations must have a web browser and Java runtime environment plug in installed Note We rec...

Page 31: ...net mask May encounter lag times on poor connections SNMP agent Communicates with switch functions at the MIB level Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need to only know the community name Web management The industrial managed switch provides features that allow u...

Page 32: ...anagement method uses two community strings the get community string and the set community string If the SNMP Network Management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default get and set community strings for the industrial managed switch are public Smart discovery utility For easily...

Page 33: ...te All button Update Device Use the current setting on one single device Update Multi Use the current setting on multi devices Update All Use the current setting on all devices in the list The same functions mentioned above also can be found in Option menu 5 Selecting the Control Packet Force Broadcast check box allows you to assign a new setting value to the Web Smart Switch under a different IP ...

Page 34: ...explicitly modify the browser setting to enable Java Applets to use network ports The industrial managed switch can be configured through an Ethernet connection when the manager computer is set to the same IP subnet address as the industrial managed switch For example if the default IP address of the industrial managed switch is 192 168 0 100 then the administrator computer should be set at 192 16...

Page 35: ...the username and password you have changed via console to log into the main screen of the industrial managed switch 3 After typing the username and password the main UI screen appears The main menu on the left side of the web page permits access to all the functions and status provided by the industrial managed switch Note For security purposes change and memorize the new password after this first...

Page 36: ...ng Link up or Link down Clicking on the image of a port opens the Port Statistics page Port status is indicated as follows State Disabled Down Link PoE in use RJ45 Ports SFP Ports Main menu Using the web interface you can define system parameters manage and control the industrial managed switch and all its ports or monitor network conditions The administrator can set up the industrial managed swit...

Page 37: ...T to reboot the managed switch Click REFRESH to refresh the page Save button Click the SAVE button to save the running startup backup configuration or reset the switch to default parameters The page includes the following fields Item Function Save Configuration to FLASH Saves the configuration See xxx Restore to Default Resets the switch to default parameters See xxx ...

Page 38: ...le is stored in nonvolatile storage corresponding to the so called configuration save If the device supports multi config file name the configuration file as a cfg file the default is startup cfg If the device does not support multi config files it names the startup configuration file startup config Backup Configuration The backup configuration is empty in FLASH save the backup configuration first...

Page 39: ...tion This list contains the following items Item Function System Information The industrial managed switch system information is provided here IP Configuration Configure the industrial managed switch IP information on this page IPv6 Configuration Configure the industrial managed switch IPv6 information on this page User Configuration Configure a new user name and password on this page Time Setting...

Page 40: ...ay The gateway of this industrial managed switch Loader Version The loader version of this industrial managed switch Loader Date The loader date of this industrial managed switch Firmware Version The firmware version of this industrial managed switch Firmware Date The firmware date of this industrial managed switch System Object ID The system object ID of this industrial managed switch System Upti...

Page 41: ...e configured IP address is not zero DHCP will stop and the configured IP settings will be used The DHCP client announces the configured System Name as hostname to provide DNS lookup IP Address Provides the IP address of the industrial managed switch in dotted decimal notation Subnet Mask Provides the subnet mask of the industrial managed switch in dotted decimal notation Gateway Provides the IP ad...

Page 42: ...llowing legal IPv4 address For example 192 1 2 34 Provide the IPv6 Prefix of this switch The allowed range is 1 through 128 Gateway Provide the IPv6 gateway address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 aaf7 e0ff fe20 fd27 DHCPv6 Client To enable this Managed Switch to accep...

Page 43: ...e 0 32 characters plain text case sensitive Retype Password Type the user s new password here again to confirm Privilege Level The privilege level of the user Options Admin User Other Buttons Click Apply to apply changes This page includes the following fields Object Description Username Dsiplays the current user name Password Type Displays the current password type Privilege Type Displays the cur...

Page 44: ...de operation Server Provides the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field Example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also us...

Page 45: ...ecurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Daylight Saving Time Offset Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Buttons Click Apply to apply changes SNTP server settings This page includes the following fields Object Description SNTP Server Address Type the IP address or domain name of the SNTP serve...

Page 46: ... free memory error resource exhausted 1 Alert Immediate action needed 0 Emergency System unusable Local log The industrial managed switch local log information is provided here This page includes the following fields Object Description Logging Service Enabled Enable logging service operation Disabled Disable logging service operation Buttons Click Apply to apply changes This page includes the foll...

Page 47: ...al but significant conditions for local log info Informational level of the informational messages for local log debug Debug level of the debugging messages for local log Buttons Click Apply to apply changes This page includes the following fields Object Description Status Displays the current local log status Target Displays the current local log target Severity Displays the current local log sev...

Page 48: ...level of the error conditions for local log warning Warning level of the warning conditions for local log notice Notice level of the normal but significant conditions for local log info Informational level of the informational messages for local log debug Debug level of the debugging messages for local log Facility Local0 7 local user 0 7 Buttons Click Apply to apply changes This page includes the...

Page 49: ...t conditions for local log info Informational level of the informational messages for local log debug Debug level of the debugging messages for local log Category The category of the log view includes AAA ACL CABLE_DIAG DAI DHCP_SNOOPING Dot1X GVRP IGMP_SNOOPING IPSG L2 LLDP Mirror MLD_SNOOPING Platform PM Port PORT_SECURITY QoS Rate SNMP and STP Buttons Click View to view log Click Clear to clear...

Page 50: ...agement protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol SNMP operations SNMP itself is a simple request response protocol NMSs can send multiple requests without receiving a response Get Allows the NMS to retrieve an object instance from the agent Set Allows the NMS to set values ...

Page 51: ...ame A string identifying the view name that this entry should belong to The allowed string length is 1 to 16 Subtree OID The OID defining the root of the subtree to add to the named view The allowed string content is digital number or asterisk Subtree OID Mask The bitmask identifies which positions in the specified object identifier are to be regarded as wildcards for the purpose of pattern matchi...

Page 52: ...w table entry SNMP access group Configure SNMPv3 access groups on this page The entry index keys are Group Name Security Model and Security Level The page includes the following fields Object Description Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 16 Security Model Indicates the security model that this entry should belong to Po...

Page 53: ...wed string length is 1 to 16 Notify View Name Notify view name is the name of the view in which you specify a notify inform or trap Buttons Click Add to add a new access entry Click Delete to delete the entry The page includes the following fields Object Description Group Name Display the current SNMP access group name Security Model Display the current security model Security Level Display the cu...

Page 54: ...try should belong to The allowed string length is 1 to 16 View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 16 Access Right Indicates the SNMP community type operation Possible types are RO Read Only Set access string type in read only mode RW Read Write Set access string type in read write mode Buttons Click Apply to apply changes The ...

Page 55: ... correctly Authentication Protocol Indicates the authentication protocol that this entry should belong to Selections include None None authentication protocol MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if the entry already exists En...

Page 56: ...ds Object Description Server Address Indicates the SNMP trap destination address It allows a valid IP address in dotted decimal notation x y z w It can also represent a legally valid IPv4 address For example 192 1 2 34 SNMP Version Indicates the SNMP trap supported version Selections include SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c Notify Type Set the n...

Page 57: ...NMPv3 notication recipients Configure SNMPv3 notification recipients on this page The page includes the following fields Object Description Server Address Indicates the SNMP trap destination address It allows a valid IP address in dotted decimal notation x y z w It can also represent a legally valid IPv4 address For example 192 1 2 34 Notify Type Set the notify type in traps or informs User Name I...

Page 58: ... Delete to delete the SNMPv3 host entry SNMP engine ID Configure the SNMPv3 engine ID on this page The entry index key is Engine ID The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The page includes the following fields Object Description Engine ID An octet string identifying the engine ID that this entry should...

Page 59: ...ent remote IP address Engine ID Displays the current engine ID Action Click Delete to delete the remote IP address entry Port management Use the Port menu to display or configure the industrial managed switch ports This section has the following items Port Configuration Configures port connection settings Port Counters Lists Ethernet and RMON port statistics Bandwidth Utilization Displays current ...

Page 60: ...up 10 100M Auto negotiation 10M Set up 10M Force mode 100M Set up 100M Force mode 1000M Set up 1000M Force mode Duplex Select any available link duplex for the given switch port Draw the menu bar to select the mode Auto Setup Auto negotiation Full Force sets Full Duplex mode Half Force sets Half Duplex mode Flow Control When Auto Speed is selected on a port this section indicates the flow control ...

Page 61: ...t speed status of the port Duplex Displays the current duplex status of the port Flow Control Configuration Displays the current flow control configuration of the port Flow Control Status Display the current flow control status of the port Port counters This page provides an overview of general traffic and trunk statistics for all switch ports The page includes the following fields Object Descript...

Page 62: ...mit Unknown Unicast Packets The total number of packets that higher level protocols requested is transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Discards Packets The number of inbound packets which is chosen to be discarded even though no errors have been detected to prevent from being delivered to a higher layer protocol One possible reason for...

Page 63: ...ision Deferred Transmissions A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy Late Collision The number of times that a collision is detected later than 512 bit times into the transmission of a packet Excessive Collision A count of frames for which transmission on a particular interface fails due to excessive collisions Thi...

Page 64: ...rors The number of CRC alignment errors FCS or alignment errors Undersize Packets The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed Oversize Packets The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fr...

Page 65: ... of frames including bad packets received and transmitted where the number of octets falls within the specified range excluding framing bits but including FCS octets Bandwidth utilization The Bandwidth Utilization page displays the percentage of the total available bandwidth being used on the ports Bandwidth utilization statistics are represented with a line graph The page includes the following f...

Page 66: ...raffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The industrial managed switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity The traffic to be copied to the mirror port is selected as foll...

Page 67: ...ts are mirrored to the mirroring port Frames received are not mirrored Sniffer RX Ports Frames received at these ports are mirrored to the mirroring port Frames transmitted are not mirrored Buttons Click Apply to apply changes Jumbo frame This page permits selection of the maximum frame size allowed for the switch port The page includes the following fields Object Description Jumbo Frame Bytes Ent...

Page 68: ...disabled function to check status by broadcast flood Unknown Multicast Flood Enable or disable the port error disabled function to check status by unknown multicast flood Unicast Flood Enable or disable the port error disabled function to check status by unicast flood ACL Enable or disable the port error disabled function to check status by ACL Port Security Violation Enable or disable the port er...

Page 69: ...rt disable Protected ports When a switch port is configured to be a member of a protected group also called a private VLAN communication between protected ports within that group can be prevented Two application examples are provided in this section Customers connected to an ISP can be members of the protected group but they are not allowed to communicate with each other within that VLAN Servers i...

Page 70: ... private VLAN Isolated Protected ports Ports from which traffic can only be forwarded to promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When ...

Page 71: ... port flexibility and provides link redundancy Each LAG is composed of ports of the same speed set to full duplex operations Ports in a LAG can be of different media types UTP Fiber or different fiber types provided they operate at the same speed Aggregated links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated...

Page 72: ...tion permits grouping up to four consecutive ports into a single dedicated connection between any two industrial managed switches or other Layer 2 switches However before making any physical connections between devices use the link aggregation configuration menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that The ports used in a link aggrega...

Page 73: ...strial managed switch supports Gigabit Ethernet ports up to eight groups If the group is defined as a LACP static link aggregationing group then any extra ports selected are placed in a standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregationing group then the number of ports must be the same as the group member ports LAG setting This p...

Page 74: ... device If the other device ports are also LACP ports the devices establish a LAG between them Ports Select port number from this drop down menu to establish Link Aggregation The page includes the following fields Object Description LAG The LAG for the settings contained in the same row Name Displays the current name Type Displays the current type Link State Displays the link state Active Member D...

Page 75: ...Set up 10 100M Auto negotiation 10M Set up 10M Force mode 100M Set up 100M Force mode 1000M Set up 1000M Force mode Flow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates if pause frames on the port are obeyed and the Curr...

Page 76: ...wer number means greater priority Timeout The Timeout controls the period between BPDU transmissions Short transmits LACP packets each second while Long waits for 30 seconds before sending an LACP packet Buttons Click Apply to apply changes LACP configuration LACP LAG negotiates aggregated port links with other LACP ports located on a different device LACP allows switches connected to each other t...

Page 77: ...his device then this parameter controls which ports will be active and which ports will be in a backup role Lower number means greater priority Buttons Click Apply to apply changes LAG status The LACP System Status page provides a status overview of all LACP instances This page displays the current LACP aggregation groups and LACP port status The page includes the following fields Object Descripti...

Page 78: ...disabled state EXPR means expired state LACPds means LACP disabled state DFLT means defaulted state CRRNT means current state PrdTx LACP periodic transmission state machine status of the port no PRD means the port is in no periodic state FstPRD means fast periodic state SlwPRD means slow periodic state PrdTX means periodic TX state AtState The actor state field of LACP PDU description The field fr...

Page 79: ...requently communicate with each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded only to members of the VLAN on which the broadcast was initiated Note 1 Regardless of the method used to uniquely identify end nodes and assign VLAN membership to these nodes packets ...

Page 80: ...nd can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by permitting relocation of devices to a new VLAN without having to change any physical co...

Page 81: ... a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header 802 1Q VLAN tags There are four additional octets inserted after the source MAC address as shown in the following 802 1Q ...

Page 82: ...o assigned a PVID for use within the switch If no VLANs are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID of the port on which they were received Forwarding decisions are based upon this PVID in so far as VLANs are concerned Tagged packets are forwarded according to the VID contained within the tag Tagged packets a...

Page 83: ...t a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then this port should be added to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing them on to an...

Page 84: ...LAN Select the managed VLAN ID Buttons Click Apply to apply changes Create VLAN Create and delete VLANs on this page The page includes the following fields Object Description VLAN List Indicates the ID of this particular VLAN VLAN Action This column allows users to add or delete VLANs VLAN Name Prefix Indicates the name of this particular VLAN Buttons Click Apply to apply changes ...

Page 85: ...2 1Q compliant devices on the network to make packet forwarding decisions Untagged Ports with untagging enabled strip the 802 1Q tag from all packets that flow into those ports If the packet doesn t have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarded by an untagging port have no 802 1Q VLAN information remember that the PVID is only used internally...

Page 86: ...mer LANs into the MAN space One of the purposes of the provider bridge is to recognize and use VLAN tags so that the VLANs in the MAN space can be used independent of the customers VLANs This is accomplished by adding a VLAN tag with a MAN related VID for frames entering the MAN When leaving the MAN the tag is stripped and the original VLAN tag with the customer related VID is again available This...

Page 87: ... the untagged traffic will be dropped The range for the PVID is 1 4094 Accepted Type Determines whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded Options All Tag Only Untag Only By default the field is set to All Ingress Filtering If ingress filtering is ...

Page 88: ...orbidden from automatically joining the VLAN via GVRP Excluded Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Tagged Interface is a member of the VLAN All packets transmitted by the port will be tagged that is carry a tag and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted b...

Page 89: ...work devices required to support multiple protocols cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including security and easy accessibility To avoid these problems you can conf...

Page 90: ...AN Port Configuration page This page allows you to configure protocol based VLAN group settings The page includes the following fields Object Description Group ID Protocol Group ID assigned to the Special Protocol VLAN Group Frame Type Frame Type can have one of the following values Ethernet II IEEE802 3_LLC_Other RFC_1042 Note On changing the Frame type field valid value of the following text fie...

Page 91: ...AN port for the switch The page includes the following fields Object Description Port Select a port from this drop down menu to assign a protocol VLAN port Group Select a group ID from this drop down menu to protocol VLAN group VLAN VLAN ID assigned to the Special Protocol VLAN Group Buttons Click Add to add a protocol VLAN port entry The page includes the following fields Object Description Port ...

Page 92: ...AN information in order to register VLAN members on ports across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch The page includes the following fields ...

Page 93: ...e group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Range 65 32765 centiseconds Default 1000 centiseconds Note Timer settings must follow this rule 2 x join timer leave timer leaveAll timer Buttons Click Apply to apply changes GVRP port setting Configure GVRP port settings on this page The page includes th...

Page 94: ...ut VLANs it does not have Buttons Click Apply to apply changes GVRP VLAN The page includes the following fields Object Description VLAN ID Displays the current VLAN ID Member Ports Displays the current member ports Dynamic Ports Displays the current dynamic ports VLAN Type Displays the current VLAN type GVRP statistics The page includes the following fields Object Description Port The switch port ...

Page 95: ...invalid attribute value Invalid Attribute Length Displays the current invalid attribute length Invalid Event Displays the current invalid event Buttons Click Clear to clear error statistics Click Refresh to refresh the error statistics VLAN setting examples This section covers the following setup scenarios Separate VLAN 802 1Q VLAN Trunk Port Isolate Two Separate 802 1Q VLANs The diagram below sho...

Page 96: ...h will tag it with a VLAN Tag 2 PC 2 and PC 3 will receive the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away becoming an untagged packet 4 While the packet leaves Port 3 it will remain as a tagged packet with VLAN Tag 2 Tagged packet entering VLAN 2 1 While PC 3 a tagged packet with VLAN Tag 2 enters Port 3 PC 1 a...

Page 97: ...ng an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 Note For this example set VLAN Group 1 as the default VLAN but only focus on VLAN 2 and VLAN 3 traffic flow Setup steps 1 Add VLAN group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in an Allowed Access VLANs column the 1 3 includes VLAN1 and 2 and 3 2 Assign VLAN members and PVIDs to each port VLAN ...

Page 98: ...Port 4 6 Excluded VLAN ID 3 Port 4 5 Untagged Port 6 Tagged Port 1 3 Excluded VLAN trunking between two 802 1Q aware switches In most cases they are used for Uplink to other switches VLANs are separated at different switches but they need access to other switches within the same VLAN group ...

Page 99: ...p Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in the allowed Access VLANs column the 1 3 includes VLAN 1 and 2 and 3 2 Assign VLAN members and PVIDs to each port VLAN 2 Port 1 Port 2 and Port 3 VLAN Mode Hybrid VLAN 3 Port 4 Port 5 and Port 6 VLAN Mode Hybrid VLAN 1 Port 7 VLAN Mode Hybrid ...

Page 100: ... configuration 98 NS3562 8P 2S User Manual 3 Assign Tagged Untagged to each port VLAN ID 1 Port 1 6 Untagged Port 7 Excluded VLAN ID 2 Port 1 2 Untagged Port 3 7 Tagged Port 4 6 Excluded VLAN ID 3 Port 4 5 Untagged ...

Page 101: ...itches that form loops within the network When multiple links between switches are detected a primary link is established Duplicated links are blocked from use and become standby links The protocol allows for the duplicate links to be used in the event of a failure of the primary link Once the STP is configured and enabled primary links are established and duplicated links are blocked automaticall...

Page 102: ...ree topology All switches connected to the LAN on which the packet is transmitted will receive the BPDU BPDUs are not directly forwarded by the switch but the receiving switch uses the information in the frame to calculate a BPDU and if the topology changes initiates a BPDU transmission The communication between switches via BPDUs results in the following One switch is elected as the root switch T...

Page 103: ...nge In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Each port on a switch using STP exists is in one of the following five states Blocking The port is blocked from forwarding or receiving packets Listening The port is waiting to receive BPDU packets that may tell the port to go back to t...

Page 104: ...P enabled ports until the forwarding state is enabled for that port STP parameters STP operation levels The industrial managed switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in muc...

Page 105: ... and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Default Value Port Priority A relative priority for each port lower numbers give a higher priority and a greater chance of a given port being elected as the root port 128 Port Cost A value use...

Page 106: ... bridge If the switch has the lowest bridge identifier it will become the root bridge Forward Delay Timer The forward delay can be from 4 to 30 seconds This is the time any port on the switch spends in the listening state while moving from the blocking state to the forwarding state Note Observe the following formulas when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _ ...

Page 107: ...ngs and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the priority setting or influencing STP to choose a particular port to block using the port priority and port cost settings is however relatively straightforward In this example only the default STP values are used The switch with the lowest bri...

Page 108: ...es a separate spanning tree for each VLAN group and blocks all but one of the possible alternate paths within each spanning tree The page includes the following fields Object Description Enable STP function Enabled or Disabled The default value is Disabled BPDU Forward Set the BPDU forward method PathCost Method The path cost method is used to determine the best path between devices Therefore lowe...

Page 109: ...s initialized BPDU Filter Determines if a port explicitly configured as Edge will transmit and receive BPDUs BPDU Guard Determines if a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology P2P MAC Determines if the port connects to a point to point LAN rather than a shared medium Th...

Page 110: ...00 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Recommended STP path costs Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Default STP path costs Po...

Page 111: ... range of 6 to 40 hops Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 se...

Page 112: ... of 16 Internal Path Cost 0 Auto Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of hi...

Page 113: ...TI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are global The page includes the following fields Object Description MST ID Select the special MST ID to configure path cost and priority Port Select Select the...

Page 114: ...he currently selected switch The page includes the following fields Object Description Port The switch port number of the logical STP port Configuration BPDUs Received The current configuration BPDUs received TCN BPDUs Received The current TCN BPDUs received MSTP BPDUs Received The current MSTP BPDUs received Configuration BPDUs Transmitted The configuration BPDUs transmitted TCN BPDUs Transmitted...

Page 115: ...mes to only ports that are a member of the multicast group About IGMP snooping Computers and network devices that need to receive multicast transmissions must inform nearby routers that they will become members of a multicast group IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there i...

Page 116: ...Chapter 4 Web configuration 114 NS3562 8P 2S User Manual Multicast service Multicast flooding ...

Page 117: ... at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP message format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query ...

Page 118: ...ll never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on th...

Page 119: ... the LAN for group members It then propagates the service requests to any upstream multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet IGMP settings This page provides IGMP snooping related configuration options...

Page 120: ...s to multicast capable routers The default is Enable Buttons Click Apply to apply changes Click Edit to edit parameters IGMP querier setting The page includes the following fields Object Description VLAN ID Select VLAN ID from this drop down menu Querier State Enable or disable the querier state The default value is Disabled Querier Version Sets the querier version for compatibility with other dev...

Page 121: ...Ports Select a port number from this drop down menu Buttons Click Add to add an IGMP router port entry Click Edit to edit parameters IGMP router setting Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on the switch you can m...

Page 122: ...ter port entry Click Edit to edit parameters Click Delete to delete the group ID entry IGMP forward all The page includes the following fields Object Description VLAN ID Select the VLAN ID from this drop down menu to assign IGMP membership Port The switch port number of the logical port Membership Select IGMP membership for each interface Forbidden Interface is forbidden from automatically joining...

Page 123: ...t total RX Valid RX The current valid RX Invalid RX The current invalid RX Other RX The current other RX Leave RX The current leave RX Report RX The current report RX General Query RX The current general query RX Special Group Query RX The current special group query RX Special Group Source Query RX The current special group source query RX Leave TX The current leave TX Report TX The current repor...

Page 124: ...iguration is related to the current unit as reflected by the page header The page includes the following fields Object Description MLD Snooping Status Enable or disable the MLD snooping The default value is Disable MLD Snooping Version Sets the MLD Snooping operation version Possible versions are v1 Set MLD Snooping supported MLD version 1 v2 Set MLD Snooping supported MLD version 2 MLD Snooping R...

Page 125: ...ons MLD snooping may not always be able to locate the MLD querier Therefore if the MLD querier is a known multicast router switch connected over the network to an interface port or trunk on the industrial managed switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is pa...

Page 126: ...yer 3 multicast device or IGMP querier Forbid Port Select Forbid certain ports from acting as router ports Buttons Click Add to add a IGMP router port entry Click Edit to edit parameters in the MLD Router Port Status table Click Delete to delete the group ID entry in the MLD Router Port Status table MLD routing table This page includes the Dynamic Router Static Router and Forbidden Router table in...

Page 127: ...h port number of the logical port Membership Select MLD membership for each interface Forbidden Interface is forbidden from automatically joining the MLD via MVR None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Static Interface is a member of the MLD Buttons Click Apply to apply changes MLD snooping statistics This page provides ...

Page 128: ...al Query RX The current general query RX Special Group Query RX The current special group query RX Special Group Source Query RX The current special group source query RX Leave TX The current leave TX Report TX The current report TX General Query TX The current general query TX Special Group Query TX The current special group query TX Special Group Source Query TX The current special group source ...

Page 129: ...ect IPv4 or IPv6 from this drop down menu Port Select Select a port number from this drop down menu Max Groups Sets the maximum number of multicast groups an interface can join at the same time Range 0 256 Default 256 Action Sets the action to take when the maximum number of multicast groups for the interface has been exceeded Default Deny Deny The new multicast group join report is dropped Replac...

Page 130: ...ed range When the access mode is set to deny multicast join reports are only processed when the multicast group is not in the controlled range Multicast profile setting The page includes the following fields Object Description IP Type Select IPv4 or IPv6 from this drop down menu Profile Index Indicates the ID of this particular profile Group from Specifies multicast groups to include in the profil...

Page 131: ...ter Profile ID Select a filter profile ID from this drop down menu Buttons Click Apply to apply changes Click Show to display parameters in the Port Filter Status page Click Delete to delete the IGMP profile entry in the Port Filter Status page MLD filter setting The page includes the following fields Object Description Port Select Select a port number from this drop down menu Filter Profile ID Se...

Page 132: ...me critical or business critical applications Applying security policy through traffic filtering Providing predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter Improving performance for specific types of traffic and preserving performance as the amount of traffic grows Reducing the need to constantly add bandwidth to the netw...

Page 133: ...riority and low priority can be set to 4 1 and 8 1 General QoS properties The page includes the following fields Object Description QoS Mode Enable or disable QoS mode Buttons Click Apply to apply changes QoS port settings The page includes the following fields Object Description Port Select Select a port number from this drop down menu CoS Value Select CoS value from this drop down menu Remark Co...

Page 134: ...ines if the scheduler mode is Strict Priority on this switch port WRR Determines if the scheduler mode is Weighted on this switch port Weight Determines the weight for this queue This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted of WRR Bandwidth The current bandwidth for each queue Buttons Click Apply to apply changes CoS mapping ...

Page 135: ... this drop down menu Class of Service Select a CoS value from this drop down menu Buttons Click Apply to apply changes DSCP mapping The page includes the following fields Object Description Queue Select a Queue value from this drop down menu DSCP Select DSCP value from this drop down menu Buttons Click Apply to apply changes IP precedence mapping ...

Page 136: ... drop down menu Buttons Click Apply to apply changes QoS basic mode Global settings The page includes the following fields Object Description Trust Mode Set the QoS mode Buttons Click Apply to apply changes Port settings The page includes the following fields Object Description Port Select a port number from this drop down menu Trust Mode Set the trust mode to Enabled or Disabled Buttons Click App...

Page 137: ... Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click Apply to apply changes Egress bandwidth control Select the egress bandwidth preamble on this page The page includes the following fields Object Description Port Select a port number from this drop down menu State Enable or Disable the port rate policer...

Page 138: ...ng quality The switch can judge if the data traffic is the voice data traffic from specified equipment according to the source MAC address field of the data packet entering the port The packet with the source MAC address complying with the system defined voice equipment OUI Organizationally Unique Identifier will be considered the voice data traffic and transmitted to the Voice VLAN The configurat...

Page 139: ...de operation The MSTP feature must be disabled before Voice VLAN is enabled to avoid an ingress filter conflict Selections include Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode operation Voice VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR ...

Page 140: ...ters on the Voice VLAN OUI Group page Click Delete to delete voice VLAN OUI group parameters Telephony OUI port setting The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN so that the switch can classify and schedule network traffic We recommend that there be two VLANs on a port one for voice and one for data Before connecting the IP device to the switch the IP phone should c...

Page 141: ...hentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL Extensible Authentication Protocol over LAN frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packe...

Page 142: ...mote Authentication Dial in User Service RADIUS Terminal Access Controller Access Control System Plus TACACS Local user name and Privilege Level control IEEE 802 1X port based authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports The authenticati...

Page 143: ...er model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device Controls the physical access to the network based on the authentication status of the client The switch acts as an intermediary proxy between the client and the authentication server requesting identity information from the client verifying that information...

Page 144: ...initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three attempts to start authentication the client transmits frames as if the port is in the authorized stat...

Page 145: ... from the authentication server the port state changes to authorized and all frames from the authenticated client are allowed through the port If the authentication fails the port remains in the unauthorized state but authentication can be retried If the authentication server cannot be reached the switch can retransmit the request If no response is received from the server after the specified numb...

Page 146: ...e available No Authentication Authentication Force Authorized In this mode the switch will send one EAPOL Success frame when the port link appears and any client on the port will be permitted to access the network without authentication Force Unauthorized In this mode the switch sends one EAPOL Failure frame when the port link appears and any client on the port will not be permitted to access the ...

Page 147: ...mes have been received in the meantime the switch considers entering the Guest VLAN The interval between transmission of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is enabled the port will be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been received on the port this histor...

Page 148: ...st VLAN as listed below The Guest VLAN ID Enable checkbox provides a quick way to globally enable disable Guest VLAN functionality When selected the individual ports ditto setting determines whether the port can be moved into Guest VLAN When deselected the ability to move to the Guest VLAN is disabled for all ports Guest VLAN Port Setting When Guest VLAN is both globally enabled and enabled select...

Page 149: ...o 1000 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from c...

Page 150: ... request Timeout for Reply Retransmit is the number of times in the range 1 to 30 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that h...

Page 151: ...n page permits configuration of the TACACS Servers The page includes the following fields Object Description Timeout for Reply Retransmit is the number of times in the range 1 to 30 a TACACS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Key String The secret key up to 63 characters long shared betwe...

Page 152: ...t the server priority Buttons Click Add to add a new TACACS server Click Edit to edit port parameters in the Modify column Click Delete to delete a login interface entry AAA Authentication authorization and accounting AAA provides a framework for configuring access control on the industrial managed switch Its three security functions can be summarized as follows Authentication Identifies users tha...

Page 153: ...strial managed switch through the Telnet To configure AAA on the industrial managed switch follow this general process 1 Configure RADIUS and TACACS server access parameters See Configuring Local Remote Logon Authentication 2 Define RADIUS and TACACS server groups to support the accounting and authorization of services 3 Define a method name for each service to which you want to apply accounting o...

Page 154: ... The page includes the following fields Object Description List Name Defines a name for the authentication list Method 1 3 Set the login authentication method Empty None TACACS RADIUS Enable Buttons Click Add to add a new authentication list Click Edit to edit login authentication list parameters in the Modify column Click Delete to delete a login authentication list entry Access Configure the acc...

Page 155: ...ick Delete to delete a login authentication list entry SSH Configure SSH on the SSH Configuration page This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC address...

Page 156: ...ist Select login authentication list from this drop down menu Enable Authentication List Select enable authentication list from this drop down menu Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Time Set the silent time value Buttons Click Apply to apply changes Click Disconnect to disconnect Telnet communication HTTP ...

Page 157: ...nu Session Timeout Set the session timeout value Buttons Click Apply to apply changes HTTPs Configure HTTPs on the HTTPs Configuration page The page includes the following fields Object Description HTTPs Service Disable or enable HTTPs service Login Authentication List Select login authentication list from this drop down menu Session Timeout Set the session timeout value Buttons Click Apply to app...

Page 158: ...e either Permit or Deny Port Select a port from this drop down menu IP Source Indicates the IP address for the access management entry Buttons Click Apply to apply changes Click Edit to edit profile rules in the Modify column Click Delete to delete a profile rules list entry in the Modify column Access rules The page includes the following fields Object Description Access Profile Select an access ...

Page 159: ... DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received all DHCP packets are forwarded for a trusted port If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP p...

Page 160: ...through which the switch submits a client request to the DHCP server must be configured as trusted Note that the switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any messages from a DHCP server any packets rece...

Page 161: ... mode operation the request DHCP messages are forwarded to trusted ports and only permit reply packets from trusted ports Disabled Disable DHCP snooping mode operation Buttons Click Apply to apply changes Port setting A trusted interface is an interface that is configured to receive only messages from within the network An untrusted interface is an interface that is configured to receive messages ...

Page 162: ... sources of the DHCP message Chaddr Check Indicates that the Chaddr check function is enabled on selected port Chaddr Client hardware address Buttons Click Apply to apply changes Statistics The page includes the following fields Object Description Port Select a port from this drop down menu Forwarded The current forwarded packets Chaddr Check Dropped Dropped chaddr checks Untrusted Port Dropped Un...

Page 163: ...the agent is disabled dynamic ARP or IP source guard is enabled and the DHCP snooping binding database has dynamic bindings the switch loses its connectivity If the agent is disabled and only DHCP snooping is enabled the switch does not lose its connectivity but DHCP snooping might not prevent DCHP spoofing attacks The database agent stores the bindings in a file at a configured location When relo...

Page 164: ...Apply to apply changes Rate limit After enabling DHCP snooping the switch monitors all the DHCP messages and implements software transmission Configure the DHCP Rate Limit Setting on this page The page includes the following fields Object Description Port Select a port from the drop down menu State The name of file image Rate Limit pps Configure the rate limit for the port policer The default valu...

Page 165: ... information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in switch it means switch ID The parameter of port_no is the...

Page 166: ...ption 82 segment in the existing message with its own option 82 and forward the message to the server to process The page includes the following fields Object Description Port Select a port from the drop down menu Enable Disable Enable or Disable option82 on the port Allow Untrusted Select modes from this drop down menu The following modes are available Drop Keep Replace Buttons Click Apply to app...

Page 167: ...re Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT The ARP Inspection Configuration page provides ARP Inspection related configuration Note A Dynamic ARP prevents the untrusted ARP packets based on the DHCP Snooping Databas...

Page 168: ...ed by default Src Mac Chk Enable or disable to check the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses When enabled packets with different MAC addresses are classified as invalid and dropped Dst Mac Chk Enable or disable to check the destination MAC address in the Ethernet header against the targe...

Page 169: ...ailures The current SIP Validation failures DIP Validation Failure The current DIP Validation failures IP MAC Mismatch Failures The current IP MAC mismatch failures Buttons Click Clear to clear the statistics Click Refresh to refresh the statistics Rate limit The page includes the following fields Object Description Port Select a switch port number from the drop down menu State Select Default or U...

Page 170: ...se the IP address of another host After receiving a packet the port looks up the key attributes including IP address MAC address and VLAN tag of the packet in the binding entries of the IP source guard If there is a matching entry the port will forward the packet Otherwise the port will abandon the packet IP source guard filter packets are based on the following types of binding entries IP port bi...

Page 171: ...g fields Object Description Port Select a port from the drop down menu VLAN ID Indicates the ID of this particular VLAN MAC Address Sourcing MAC address is permitted IP Address Sourcing IP address is permitted Click Add to add an IP source guard static binding table entry Click Delete to delete an IP source guard static binding table entry Port security This page allows you to configure the Port S...

Page 172: ...C addresses will be removed from the port and no new ones will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Disable and re enable Limit Control on the port or the switch 2 Click the Reopen button Discard If Limit 1 MAC addresses is seen on the port it will not ...

Page 173: ...nable or disable DoS check mode by TCP blat POD Enable or disable DoS check mode by POD IPv6 Min Fragment Enable or disable DoS check mode by IPv6 min fragment ICMP Fragments Enable or disable DoS check mode by ICMP fragment IPv4 Ping Max Size Enable or disable DoS check mode by IPv4 ping max size IPv6 Ping Max Size Enable or disable DoS check mode by IPv6 ping max size Ping Max Size Setting Set t...

Page 174: ...le DoS check mode by TCP syn rst attack TCP Fragment Offset 1 Enable or disable DoS check mode by TCP fragment offset 1 Buttons Click Apply to apply changes DoS port setting The page includes the following fields Object Description Port Select Select a port from this drop down menu DoS Protection Enable or disable per port DoS protection Buttons Click Apply to apply changes Storm control Storm con...

Page 175: ...control Unknown Multicast storm rate control The configuration indicates the permitted packet rate for unknown unicast unknown multicast or broadcast traffic across the switch The page includes the following fields Object Description Port Select a port from this drop down menu Port State Enable or disable the storm control status for the given storm type Action Configures the action performed when...

Page 176: ... of hosts or servers permitted or denied to use the service ACLs can generally be configured to control inbound traffic and in this context they are similar to firewalls ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains man...

Page 177: ...own Port shutdown is disabled for the ACE DA MAC Specify the destination MAC filter for this ACE Any No DA MAC filter is specified User Defined If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DA MAC value appears DA MAC Value When User Defined is selected for the DA MAC filter you can enter a specific destination MAC address The legal...

Page 178: ...ngs 0 ARP frames where SHA is not equal to the SA MAC address 1 ARP frames where SHA is equal to the SA MAC address VLAN ID Indicates the ID of this particular VLAN 802 1p Include or exclude the 802 1p value 802 1p Value Set the 802 1p value 802 1p Mask 0 The frame is not equal to the 802 1p value 1 The frame is equal to the 802 1p value EtherType Range 0x05DD 0xFFFF You can type a specific EtherT...

Page 179: ...177 Buttons Select the Add to add an ACL name list Click Delete to delete an ACL name entry IPv4 based ACE An ACE consists of several parameters Different parameter options appear depending on the frame type selected The page includes the following fields ...

Page 180: ...stination IP Address Specify the Destination IP address filter for this ACE Any No destination IP address filter is specified User Defined If you want to filter a specific destination IP address with this ACE choose this value A field for entering a source IP address value appears Destination IP Address Value When User Defined is selected for the destination IP address filter you can enter a speci...

Page 181: ...t care List If you want to filter a specific list with this ACE you can select a specific list value Protocol ID If you want to filter a specific protocol ID filter with this ACE you can enter a specific protocol ID value A field for entering a protocol ID value appears The allowed range is 0 to 255 A frame that hits this ACE matches this protocol ID value ICMP Code Specify the ICMP code filter fo...

Page 182: ...try Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowed don t care FIN Specify the TCP No more data from sender FIN value for this ACE Set TCP frames where the FIN field is set must be able to match this entry Unset TCP frames where the FIN field is set must not be able to match this entry Don t Care Any value is allowed don t care Butto...

Page 183: ...Web configuration NS3562 8P 2S User Manual 181 Click Delete to delete an ACL name entry IPv6 based ACE An ACE consists of several parameters Different parameter options appear depending on the frame type selected ...

Page 184: ...can enter a specific SIP mask in dotted decimal notation Destination IP Address Specify the Destination IP address filter for this ACE Any No destination IP address filter is specified User Defined If you want to filter a specific destination IP address with this ACE choose this value A field for entering a source IP address value appears Destination IP Address Value When User Defined is selected ...

Page 185: ...CE Any No specific ICMP is specified destination port status is don t care List If you want to filter a specific list with this ACE you can select a specific list value Protocol ID If you want to filter a specific protocol ID filter with this ACE you can enter a specific protocol ID value A field for entering a protocol ID value appears The allowed range is 0 to 255 A frame that hits this ACE matc...

Page 186: ...N value for this ACE Set TCP frames where the SYN field is set must be able to match this entry Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowed don t care FIN Specify the TCP No more data from sender FIN value for this ACE Set TCP frames where the FIN field is set must be able to match this entry Unset TCP frames where the FIN field ...

Page 187: ...nd switch ports The frames also contain a MAC address SMAC address that shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time Static MAC setting Th...

Page 188: ...d a new MAC filtering setting Click Delete to delete a static MAC status entry Dynamic address setting By default dynamic entries are removed from the MAC table after 300 seconds This page includes the following fields Object Description Aging Time The time after which a learned entry is discarded By default dynamic entries are removed from the MAC after 300 seconds This removal is also called agi...

Page 189: ...cast domain LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device Advertised information is represented in Type Length Value TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the nei...

Page 190: ... Transmission Interval Hold Time Multiplier 65536 and Transmission Interval 4 Delay Interval Holdtime Multiplier Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times TTL in seconds is based on the following rule T...

Page 191: ... Count parameter is part of the timer which ensures that the LLDP MED Fast Start mechanism is active for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service Buttons Click Apply to apply changes LLDP port configuration Use the LLDP Port Configuration to specify the message attributes for individual interfa...

Page 192: ...tted 802 3 MAC PHY When selected the 802 3 MAC PHY is included in LLDP information transmitted 802 3 Link Aggregation When selected the 802 3 Link Aggregation is included in LLDP information transmitted 802 3 Maximum Frame Size When selected the 802 3 Maximum Frame Size is included in LLDP information transmitted Management Address When selected the Management Address is included in LLDP informati...

Page 193: ...bor is detected The page includes the following fields Object Description Local Port The switch port number of the logical LLDP port Chassis ID Subtype The current chassis ID subtype Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Port ID Subtype The current port ID subtype Port ID The Remote Port ID is the identification of the neighbor port System Name System Name i...

Page 194: ...FC 2474 This network policy is potentially advertised and associated with multiple sets of application types supported on a given port The application types specifically addressed are Voice Guest Voice Softphone Voice Video Conferencing Streaming Video Control Signaling conditionally support a separate network policy for the media types above A large network may support multiple VoIP policies acro...

Page 195: ...ture set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Signaling conditional For use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply a...

Page 196: ...ed and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN ID VLAN identi...

Page 197: ...identification details Inventory This option advertises device details useful for inventory management such as manufacturer model software version and other pertinent information MED Network Policy Select MED network policy from this drop down menu Buttons Click Apply to apply changes Click Reset to undo any changes made locally and revert to previously saved values MED location configuration The ...

Page 198: ... that were transmitted or overloaded MED Capabilities The capabilities packets that were transmitted or overloaded MED Location The location packets that were transmitted or overloaded MED Network Policy The network policies packets that were transmitted or overloaded MED Extended Power via MDI The extended power via MDI packets that were transmitted or overloaded 802 3 TLVs The 802 3 TLVs that we...

Page 199: ...erfaces The page includes the following fields Object Description Insertions Shows the number of new entries added since switch reboot Deletions Shows the number of new entries added since switch reboot Drops Shows the number of LLDP frames dropped due to the entry table being full Age Outs Shows the number of entries deleted due to Time To Live expiring Buttons Click Refresh to refresh the statis...

Page 200: ... a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Age Outs Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Diagnostics This section provides t...

Page 201: ...e Coupling between cable pairs Cable pair termination Cable Length Note Cable Diagnostics is only accurate for cables of length from 15 to 100 meters The page includes the following fields Object Description Port The port where you are requesting cable diagnostics Buttons Click Copper Test to run the diagnostics Ping The ping and IPv6 ping permit the issuance of ICMP PING packets to troubleshoot I...

Page 202: ...tes The payload size of the ICMP packet Values range from 8 bytes to 5120 bytes Ping Results Display the current ping result Note Be sure the target IP address is within the same network subnet of the industrial managed switch otherwise the correct gateway IP address must be set up Buttons Click Apply to transmit ICMP packets IPv6 ping The ICMPv6 Ping page allows you to issue ICMPv6 ping packets t...

Page 203: ...h which the data packets travel from the source device to the destination device checking network accessibility and locating network failure The execution procedure of the trace route function sends a data packet with TTL at 1 to the destination address If the first hop returns an ICMP error message saying that this packet cannot be sent due to a TTL timeout a data packet with TTL at 2 is sent The...

Page 204: ...P management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets The MID of RMON consists of 10 groups The switch supports the most frequently used groups Statistics Maintain basic usage and error statistics for each subnet monitored by the agent History Record periodical statistic samples Alarm Allow management console users to set any count...

Page 205: ...ncludes the following fields Object Description Port Select a port from this drop down menu Drop The total number of events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Packets The total number of packets including bad packets broadcast packets and multicast packets received Broa...

Page 206: ...he total number of collisions on this Ethernet segment 64 Bytes Frame The total number of packets including bad packets received that were 64 octets in length 65 127 Frame The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 Frame The total number of packets including bad packets received that were between 128 to 255 octets in length 256 5...

Page 207: ...racters log The number of unicast packets delivered to a higher layer protocol snmptrap The number of broadcast and multicast packets delivered to a higher layer protocol logandtrap The number of inbound packets that are discarded when the packets are normal Community Specify the community when trap is sent The string length is from 0 to 127 default is public Owner Indicates the owner of this even...

Page 208: ...ntry The range is from 1 to 65535 Sample Port Select a port from this drop down menu Sample Variable Indicates the particular variable to be sampled the possible variables are DropEvents The total number of events in which packets were dropped due to lack of resources Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Pkts The total number of fr...

Page 209: ...raming bits but including FCS octets Pkts158to255Octets The total number of frames including bad packets received and transmitted where the number of octets falls within the specified range excluding framing bits but including FCS octets Pkts256to511Octets The total number of frames including bad packets received and transmitted where the number of octets falls within the specified range excluding...

Page 210: ...e maximum data entries associated this History control entry stored in RMON The range is from 1 to 50 default value is 50 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Owner Specify an owner for the history Buttons Click Apply to apply changes Click Delete to delete the RMON history entry RMON history l...

Page 211: ...install APs in any location 10 12 Watts IP Surveillance Enterprises museums campuses hospitals banks etc can install IP cameras regardless of installation location without the need to install AC sockets 3 12 Watts PoE Splitter PoE splitters split the PoE 52 VDC over the Ethernet cable into a 5 12 VDC power output It frees the device deployment from restrictions due to power outlet locations which ...

Page 212: ... the system is lower than the power level at which additional PDs cannot be connected When this value is exceeded ports will be deactivated according to user defined priorities The power budget is managed according to the following user definable parameters Maximum available power Ports priority Maximum allowable power per port There are five modes for configuring how the ports PDs may reserve pow...

Page 213: ...that the power supply can deliver Note In this mode the port power is not turned on if the PD requests more available power PoE configuration Inspect and configure the current PoE configuration settings on the PoE Configuration page The page includes the following fields Object Description System PoE Admin Mode Enables disables the PoE function determining whether or not the PoE ports supply power...

Page 214: ...e Profile1 Profile2 Profile3 Profile4 Priority Priority represents PoE port priority There are three levels of power priority Low High and Critical Priority is used when total power consumption is over the total power budget In this case the port with the lowest priority is turned off and power is provided to the port with higher priority PD Class Displays the class of the PD attached to the port ...

Page 215: ...e implemented in any PoE network including VoIP and Wireless LAN Under the trend of energy saving worldwide and contributing to worldwide environmental protection the industrial managed switch can effectively control power supply in addition to its capability to provde high Watt power The PoE schedule function can enable or disable PoE power feeding for each PoE port during specified time interval...

Page 216: ...wer recycling The managed switch allows each of the connected PoE IP cameras to reboot at a specific time each week thus reducing the chance of IP camera crashes resulting from buffer overflow Define the PoE schedule and schedule power recycling on the PoE Schedule page ...

Page 217: ... you want the PoE schedule and PoE reboot schedule to work at the same time use this function and do not use the Reboot Only function This function permits the administrator to reboot the PoE device at the indicated time as required Reboot Only Permits a reboot of the PoE function according to the PoE reboot schedule Note that if the administrator enables this function the PoE schedule will not se...

Page 218: ...w long the system should issue a ping request to a PD to detect if the PD is alive or dead Interval time range is from 10 to 300 seconds Retry Count 1 5 This column permits the user to set the number of times the system retries pinging the PD For example if the count is set to 2 and the system retries pinging the PD and the PD doesn t respond continuously the PoE port will be reset Action Permits ...

Page 219: ...d configure basic configurations of the managed switch Under Maintenance the following topics are provided to back up upgrade save and restore the configuration This section has the following items Factory Default Reset the configuration of the switch on this page Reboot Switch Restart the switch on this page After restart the switch will boot normally Backup Manager Back up the switch configurati...

Page 220: ... page permits the device to be rebooted from a remote location After clicking the Reboot button to restart log in to the web interface about 60 seconds later Backup manager This function allows backup of the current image or configuration of the managed switch to the local management station The page includes the following fields Object Description Backup Method Select a backup method from this dr...

Page 221: ...od Select an upgrade method from this drop down menu Server IP Type in the TFTP server IP address File Name The name of the firmware image or configuration Backup Type Select the upgrade type Image Select the active or backup image Buttons Click Upgrade to upgrade the image or configuration Dual image This page provides information about the active and backup firmware images in the device and perm...

Page 222: ...Chapter 4 Web configuration 220 NS3562 8P 2S User Manual The page includes the following fields Object Description Image Select the active or backup image Buttons Click Apply to apply the active image ...

Page 223: ... destination address as well as the source address learning The industrial managed switch will look up the address table for the destination address If not found this packet will be forwarded to all the other ports except the port that this packet comes from These ports will transmit this packet to the network it is connected to If found and the destination address is located at a different port f...

Page 224: ...of the industrial managed switch the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is on the same segment as the source address This confines network traffic to its respective domain and reduces the overall load on the network The industrial managed sw...

Page 225: ...able The updated IEEE 802 3at 2009 PoE standard also known as PoE or PoE plus provides up to 25 5 W of power The 2009 standard prohibits a powered device from using all four pairs for power The 802 3af 802 3at standards define two types of source equipment Mid Span A mid span device is placed between a legacy switch and the powered device PD Mid span taps the unused wire pairs 4 5 and 7 8 to carry...

Page 226: ...ied from the auxiliary port with the auxiliary port sometimes acting as backup power in case of PoE supplied power failure How power is transferred through the cable A standard CAT5 Ethernet cable has four twisted pairs but only two of these are used for 10BASE T and 100BASE TX The specification allows two options for using these cables for power The spare pairs are used The diagram below shows th...

Page 227: ...k the in out rate of the port The managed switch doesn t connect to the network 1 Check the LNK ACT LED on the industrial managed switch 2 Try another port on the industrial managed switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again The 1000BASE T port link LED illuminates but the traffic is irregular Ch...

Page 228: ...r at a wiring panel while not expressly forbidden is beyond the scope of this standard 10 100Mbps 10 100BASE TX When connecting the industrial managed switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the industrial managed switch supports auto MDI Media Dependent Interface MDI X Media Dependent Interface Cross detection This makes it ...

Page 229: ...nection Straight Cable SIDE 1 SIDE 2 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 2 Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 Wh...

Page 230: ...taining access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine if there are specific traffic object access rights In networking the ACL refers to a list of service ports or network services that are available on a host or s...

Page 231: ...h specific port property ACL Rate Limiters This page can be used to configure the rate limiters There can be 15 different rate limiters each ranging from 1 1024K packets per second The Ports and Access Control List web pages can be used to assign a Rate Limiter ID to the ACE s or ingress port s AES Advanced Encryption Standard The encryption key protocol is applied in 802 1i standard to improve WL...

Page 232: ...ing deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP Dynamic Host Configuration Protocol It is a protocol used for as...

Page 233: ...s 6 bytes in length and the value is equal to the DHCP relay agent s MAC address DHCP Snooping DHCP snooping is used to block an intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet into a legitimate conversation between the DHCP client and server DNS Domain Name System It stores and associates many types of information with domain ...

Page 234: ...oups are in use simultaneously H HTTP Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands For example entering a URL in a browser actually sends an HTTP command to the web server directing it to ...

Page 235: ... 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network IGMP Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establis...

Page 236: ...nt IP spoofing attacks when a host tries to spoof and use the IP address of another host L LACP LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling several physical ports together to form a single logical port LLDP Link Layer Discovery Protocol is an IEEE 802 1ab standard protocol The LLDP specified in this standard allows stations attached to an IEEE 80...

Page 237: ...n RFC 1321 The MD5 Message Digest Algorithm Mirroring For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD Multicast Listener Discovery for IPv...

Page 238: ...uter systems NTP uses UDP datagrams as the transport layer O OAM Operation Administration and Maintenance It is a protocol described in ITU T Y 1731 used to implement carrier Ethernet functionality MEP functionality like CC and RDI is based on this Optional TLVs A LLDP frame contains multiple TLVs For some TLVs it is configurable if the switch includes the TLV in the LLDP frame These TLVs are know...

Page 239: ...rnet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining email on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of email and are not to be confused with the Simple Mail Transfer Protocol SMTP You send email with SMTP and a mail handler receives it on the recipient s ...

Page 240: ...cheduling and congestion control guarantees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the com...

Page 241: ...ext based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications regarding incoming mail SNAP SubNetwork Access Protocol SNAP It is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the 8 bit 802 2 Service Acce...

Page 242: ...nchronized IEEE 1588 T TACACS Terminal Acess Controller Access Control System Plus It is a networking protocol that provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority Tag Priority is a 3 bit field storing the priority level for...

Page 243: ...ieces of information Each of these pieces of information is known as a TLV TKIP Temporal Key Integrity Protocol It is used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet U UDP User Datagram Protocol It is a communications protoc...

Page 244: ...ng Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to the provider ...

Page 245: ...d on a Draft 3 of the IEEE 802 11i standard WPA Radius Wi Fi Protected Access Radius 802 1X authentication server WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK ...

Reviews:

No comments