manualshive.com logo in svg

Interlogix NS4702-24P-4S-4X, User Manual

The Interlogix NS4702-24P-4S-4X is a high-performance networking device designed for seamless data transmission. Ensure a hassle-free setup with the included Quick Start Manual, available for free download at manualshive.com. This comprehensive manual provides step-by-step instructions and valuable insights, empowering users to maximize the potential of their Interlogix device.

Share
Download
background image

 

265 

 

seconds haven't expired), the same server will be contacted upon the next 

backend authentication server request from the switch. This scenario will loop 

forever. Therefore, the server timeout should be smaller than the supplicant's 

EAPOL Start frame retransmission rate. 

 

Single 802.1X 

In port-based 802.1X authentication, once a supplicant is successfully 

authenticated on a port, the whole port is opened for network traffic. This allows 

other clients connected to the port (for instance through a hub) to piggy-back on 

the successfully authenticated client and get network access even though they 

really aren't authenticated. To overcome this security breach, use the Single 

802.1X variant. 

Single 802.1X is really not an IEEE standard, but features many of the same 

characteristics as does port-based 802.1X. In Single 802.1X, at most one 

supplicant can get authenticated on the port at a time. Normal EAPOL frames are 

used in the communication between the supplicant and the switch. If more than 

one supplicant is connected to a port, the one that comes first when the port's link 

comes up will be the first one considered. If that supplicant doesn't provide valid 

credentials within a certain amount of time, another supplicant will get a chance. 

Once a supplicant is successfully authenticated, only that supplicant will be 

allowed access. This is the most secure of all the supported modes. In this mode, 

the Port Security module is used to secure a supplicant's MAC address once 

successfully authenticated.   

Multi 802.1X 

Multi 802.1X is - like Single 802.1X - not an IEEE standard, but a variant that 

features many of the same characteristics. In Multi 802.1X, one or more 

supplicants can get authenticated on the same port at the same time. Each 

supplicant is authenticated individually and secured in the MAC table using the 

Port Security module. 

In Multi 802.1X it is not possible to use the multicast BPDU MAC address as 

destination MAC address for EAPOL frames sent from the switch towards the 

supplicant, since that would cause all supplicants attached to the port to reply to 

requests sent from the switch. Instead, the switch uses the supplicant's MAC 

address, which is obtained from the first EAPOL Start or EAPOL Response 

Identity frame sent by the supplicant. An exception to this is when no supplicants 

Summary of Contents for NS4702-24P-4S-4X

Page 1: ...NS4702 24P 4S 4X User Manual P N 1072829 REV 00 01 ISS 14JUL14 ...

Page 2: ...the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications You are cautioned that any changes or modif...

Page 3: ...Panel 24 2 1 2 LED Indications 25 2 1 3 Switch Rear Panel 27 2 2 Installing the Switch 28 2 2 1 Desktop Installation 28 2 2 2 Rack Mounting 29 2 2 3 Installing the SFP SFP Transceiver 30 3 SWITCH MANAGEMENT 34 3 1 Requirements 34 3 2 Management Access Overview 35 3 3 Administration Console 36 3 4 Web Management 37 3 5 SNMP based Network Management 38 4 WEB CONFIGURATION 39 4 1 Main Web Page 42 4 2...

Page 4: ...e Upgrade 70 4 2 17 Save Startup Config 71 4 2 18 Configuration Download 71 4 2 20 Configuration Upload 72 4 2 21 Configuration Activate 73 4 2 22 Configuration Delete 73 4 2 23 Image Select 74 4 2 24 Factory Default 75 4 2 25 System Reboot 76 4 3 Simple Network Management Protocol 77 4 3 1 SNMP Overview 77 4 3 2 SNMP System Configuration 79 4 3 3 SNMP Trap Configuration 81 4 3 4 SNMP System Infor...

Page 5: ...ship Status 123 4 6 7 VLAN Port Status 126 4 6 8 Port Isolation 128 4 6 10 VLAN setting example 130 4 6 10 1 Two Separate 802 1Q VLANs 130 4 6 10 2 VLAN Trunking between two 802 1Q aware switches 133 4 6 10 3 Port Isolate 135 4 6 11 MAC based VLAN 137 4 6 12 MAC based VLAN Status 138 4 6 13 Protocol based VLAN 139 4 6 14 Protocol based VLAN Membership 141 4 7 Spanning Tree Protocol 143 4 7 1 Theor...

Page 6: ...nformation 188 4 8 15 MLDv2 Information 190 4 8 16 MVR Multicaset VLAN Registration 192 4 8 17 MVR Status 195 4 8 18 MVR Groups Information 196 4 8 19 MVR SFM Information 197 4 9 Quality of Service 199 4 9 1 Understanding QoS 199 4 9 2 Port Policing 200 4 9 3 Port Classification 201 4 9 4 Port Scheduler 204 4 9 5 Port Shaping 205 4 9 5 1 QoS Egress Port Schedule and Shapers 206 4 9 6 Port Tag Rema...

Page 7: ...Configuration 259 4 11 4 Network Access Overview 271 4 11 5 Network Access Statistics 272 4 11 6 RADIUS 279 4 11 7 TACACS 282 4 11 8 RADIUS Overview 284 4 11 9 RADIUS Details 287 4 11 10 Windows Platform RADIUS Server Configuration 295 4 11 11 802 1X Client Configuration 300 4 12 Security 303 4 12 1 Port Limit Control 303 4 12 2 Access Management 307 4 12 3 Access Management Statistics 308 4 12 4 ...

Page 8: ... Ping 354 4 15 3 Remote IP Ping Test 355 4 15 4 Cable Diagnostics 356 4 16 Power over Ethernet 359 4 16 1 Power over Ethernet Powered Device 359 4 16 2 System Configuration 360 4 16 3 Power Over Ethernet Configuration 361 4 16 4 Port Sequential 363 4 16 5 Port Configuration 364 4 16 6 PoE Status 366 4 16 7 PoE Schedule 369 4 16 8 LLDP PoE Neighbours 372 4 16 9 PoE Alive Check Configuration 372 4 1...

Page 9: ...9 4 Ethernet Ring Protocol Switch Configuration 400 4 19 5 Ring Wizard 403 4 19 6 Ring Wizard Example 404 5 SWITCH OPERATION 407 5 1 Address Table 407 5 2 Learning 407 5 3 Forwarding Filtering 407 5 4 Store and Forward 407 5 5 Auto Negotiation 408 6 Power over Ethernet Overview 409 7 TROUBLESHOOTING 411 APPENDIX A Networking Connection 412 A 1 PoE RJ 45 Port Pin Assignments 412 A 2 Switch s Data R...

Page 10: ... with Hardware Layer3 IPv4 IPv6 Static Routing Managed Switch is used as an alternative name in this user s manual 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items Managed Switch x 1 User s Manual CD x 1 Quick Installation Guide x 1 RJ 45 to RS232 Cable x 1 SFP Dusty Cap x 8 Rubber Feet x 4 Rack mount Accessory Kit x 1 Power ...

Page 11: ... or the transmission speed required to extend the network efficiently With its 4 port 10G Ethernet link capability the NS4702 provides broad bandwidth and powerful processing capacity Centralized Power Management for Gigabit Ethernet PoE Networking To fulfill the needs of higher power required PoE network applications with Gigabit speed transmission the NS4702 features high performance Gigabit IEE...

Page 12: ...uce administrator management burden Schedule Power Recycle The NS4702 allows each of the connected PD Powered Device to reboot in a specific time each week Therefore it will reduce the chance of PD Powered Device crash resulting from buffer overflow SMTP SNMP Trap Event alert Though most NVR or camera management software offers SMTP email alert function the NS4702 further provides event alert func...

Page 13: ...nd money Solution for IPv6 Networking Faced with the increasingly large number of IP cameras and Wireless APs installed and deployed in all kinds of applications more and more network facilities start to support the IPv6 protocol for the next generation networking By supporting both the IPv4 and IPv6 and plenty of management functions with easy and friendly management interfaces the NS4702 is the ...

Page 14: ...ups of 8 ports for trunk maximum and supports connection fail over as well Excellent Traffic Control The NS4702 is loaded with powerful traffic management and QoS features to enhance connection services by SMBs The QoS features include wire speed Layer 4 traffic classifiers and bandwidth limiting that are particular useful for multi tenant unit multi business unit Telco or Network Service Provide ...

Page 15: ...upports SFP DDM Digital Diagnostic Monitor function that greatly helps network administrator to easily monitor real time parameters of the SFP such as optical output power optical input power temperature laser bias current and transceiver supply voltage ...

Page 16: ...Switch Section 4 WEB CONFIGURATION The section explains how to manage the Managed Switch by Web interface Section 5 SWITCH OPERATION The chapter explains how to do the switch operation of the Managed Switch Section 6 POWER over ETHERNET OVERVIEW The chapter introduces the IEEE 802 3af 802 3at PoE standard and PoE provision of the Managed Switch Section 7 TROUBLESHOOTING The chapter explains how to...

Page 17: ...cuit protection prevents power interference between ports Remote power feeding up to 100 meters PoE Management Total PoE power budget control Per port PoE function enable disable PoE Port Power feeding priority Per PoE port power limitation PD classification detection PD alive check PoE schedule PD power recycling schedule Layer 2 Features Prevents packet loss with back pressure half duplex and IE...

Page 18: ...lar port Loop protection to avoid broadcast loops Layer 3 IP Routing Features Supports maximum 128 static routes and route summarization Quality of Service Ingress Shaper and Egress Rate Limit per port bandwidth control 8 priority queues on all switch ports Traffic classification IEEE 802 1p CoS TOS DSCP IP Precedence of IPv4 IPv6 packets IP TCP UDP port number Typical network application Strict p...

Page 19: ...Line Interface Web switch management SNMP v1 v2c and v3 switch management SSH SSL secure access Four RMON groups history statistics alarms and events IPv6 Address NTP management Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment Firmware upload download via HTTP TFTP DHCP Relay and Option 82 User Privilege levels control NTP Network Time Protocol Link Laye...

Page 20: ...x Back pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default Dimensions W x D x H 440 x 300 x 44 5 mm 1U height Weight 4887g LED System PWR Green SYS Green Ring Green R O Green PWR1 Green PWR2 Green FAN1 Green FAN2 Green 10 100 1000T RJ45 Interfaces Port 1 to Port 24 10 100 1000Mbps LNK ACT Green PoE In Use Orange 100 1000Mbps SFP Combo Interfaces Po...

Page 21: ...panning Tree Protocol STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol QoS Traffic classification based Strict priority and WRR 8 Level priority for switching Port Number 802 1p priority 802 1Q VLAN tag DSCP TOS field in IP packet IGMP Snooping IGMP v1 v2 v3 Snooping up to 255 multicast groups IGMP Querier mode su...

Page 22: ...100Base FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3ae 10Gb s Ethernet IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1D Spanning tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1X Port Authentication Network Control IEEE 802...

Page 23: ...23 Storage Temperature 10 70 degrees C Relative Humidity 5 95 non condensing ...

Page 24: ...of NS4702 24P 4S 4X Gigabit TP interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters SFP slot 100 1000Base X mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meters to 2km multi mode fiber up to above 10 20 30 40 50 70 120 kilometers single mode fiber 10 Gigabit SFP slot 10GBase SR LR mini GBIC slot SFP Small Factor Pluggable Transceiver Module supports from 300...

Page 25: ... Managed Switch will then reboot and load the default settings as shown below Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 2 1 2 LED Indications The front panel LEDs indicate instant status of power and system status fan status port links PoE in use and data activity they help monitor and troubleshoot when ne...

Page 26: ...indicate that the switch is actively sending or receiving data over that port Per 100 1000Base X SFP Interface Port 23 to Port 24 LED Color Function Lights To indicate the port is successfully established at 1000Mbps 1000 LNK ACT Green Blink To indicate that the Switch is actively sending or receiving data over that port Lights To indicate the port is successfully established at 100Mbps 100 LNK AC...

Page 27: ...0 60 Hz Plug the female end of the power cord firmly into the receptalbe on the rear panel of the Managed Switch Plug the other end of the power cord into an electric service outlet and the power will be ready Power Notice The device is a power required device which means it will not work till it is powered If your networks should be active all the time please consider using UPS Uninterrupted Powe...

Page 28: ...ttom of the Managed Switch Step 2 Place the Managed Switch on the desktop or the shelf near an AC power source as shown in Figure 2 2 1 Figure 2 2 1 Place the Managed Switch on the Desktop Step 3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and specif...

Page 29: ... the Managed Switch on a hard flat surface with the front panel positioned towards the front side Step 2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 2 2 shows how to attach brackets to one side of the Managed Switch Figure 2 2 2 Attach Brackets to the Managed Switch You must use the screws supplied with the mounting bracket...

Page 30: ...anaged Switch 2 2 3 Installing the SFP SFP Transceiver The sections describe how to insert an SFP SFP transceiver into an SFP SFP slot The SFP SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP SFP port without having to power down the Managed Switch as the Figure 2 2 4 shows Figure 2 2 4 Plug in the SFP SFP Transceiver ...

Page 31: ...gabit Ethernet Transceiver 1000Base X SFP S30 RJ SFP Port 1000Base T Module 100M S30 2MLC SFP Port 1000Base SX mini GBIC module 550M 0 50 C S35 2MLC SFP Port 1000Base SX mini GBIC module 550M 40 75 C S30 2MLC 2 SFP Port 1000Base SX mini GBIC module 2KM 0 50 C S30 2SLC 10 SFP Port 1000Base LX mini GBIC module 10KM 0 50 C S35 2SLC 10 SFP Port 1000Base LX mini GBIC module 10KM 40 75 C S30 2SLC 30 SFP...

Page 32: ...e SFP transceivers are with the same media type for example 1000Base SX to 1000Base SX 1000Bas LX to 1000Base LX 2 Check whether the fiber optic cable type matches with the SFP transceiver requirement To connect to 1000Base SX SFP transceiver please use the multi mode fiber cable with one side being the male duplex LC connector type To connect to 1000Base LX SFP transceiver please use the single m...

Page 33: ...ule and turn it to a horizontal position 4 Pull out the module gently through the lever Figure 2 2 5 How to Pull Out the SFP SFP Transceiver Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP SFP module slot of the Managed Switch ...

Page 34: ...ration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations running Windows 2000 XP 2003 Vista 7 8 2008 MAC OS9 or later or Linux UNIX or other platforms compatible with TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect Terminal The above PC with COM Port DB9 RS 232 or USB to RS 2...

Page 35: ...erTerminal built into Windows 95 98 NT 2000 ME XP operating systems or higher Secure Must be near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be compromised hack...

Page 36: ...rect access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight DB9 RS 232 cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the following ...

Page 37: ...d Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch Figure 3 1 3 Web Management You can then use your Web browser to list and manage the Managed Switch configurat...

Page 38: ...nd the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default getting and setting co...

Page 39: ...rough an Ethernet connection making sure the manager PC must be set on the same IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you have changed the default IP address of the Managed Swi...

Page 40: ...e main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen appears as shown in Figure 4 1 3 Figure 4 1 3 Web Main Page ...

Page 41: ...istics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch 2 The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this first setup 4 Only accept command in lowercase letter under...

Page 42: ...el Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics Page The port status are illustrated as follows State Disabled Down Link RJ 45 Ports SFP Ports Main Menu Using the onboard web agent you can define system parameters manag...

Page 43: ...nditions Via the Web Management the administrator can set up the Managed Switch by selecting the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Managed Switch Main Functions Menu ...

Page 44: ...des statistics for DHCP relay CPU Load This Page displays the CPU load using an SVG graph System Log The Managed Switch system log information is provided here Detailed Log The Managed Switch system detailed log information is provided here Remote Syslog Configure remote syslog on this Page SMTP Configuration Configuration SMTP parameters on this Page Web Firmware Upgrade This Page facilitates an ...

Page 45: ...The system name configured in SNMP System Information System Name Location The system location configured in SNMP System Information System Location MAC Address The MAC Address of this Managed Switch Temperature Indicates chipset temperature System Date The current GMT system time and date The system time is obtained through the configured NTP Server if any System Uptime The period of time the dev...

Page 46: ...ears Figure 4 2 2 IP Configuration Page Screenshot The current column is used to show the active IP configuration Object Description Mode Configure whether the IP stack should act as a Host or a Router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed between all interfaces IP Configurations DNS Server This setting controls the DNS name resolution done ...

Page 47: ... Address Provide the IP address of this Managed Switch in dotted decimal notation IPv4 Mask Length The IPv4 network mask in number of bits prefix length Valid values are between 0 and 30 bits for a IPv4 address Address Provide the IP address of this Managed Switch A IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field IP...

Page 48: ...tus IP Status displays the status of the IP protocol layer The status is defined by the IP interfaces the IP routes and the neighbour cache ARP cache status The screen in Figure 4 2 3 appears Figure 4 2 3 IP Status Page Screenshot The Page includes the following fields Object Description Interface The name of the interface Type The address type of the entry This may be LINK or IPv4 IP Interfaces A...

Page 49: ...ed press Apply button to take effect Please login web interface with new user name and password the screen in Figure 4 2 4 appears Figure 4 2 4 Users Configuration Page Screenshot The Page includes the following fields Object Description User Name The name identifying the user This is also a link to Add Edit User Privilege Level The privilege level of the user The allowed range is 1 to 15 If the p...

Page 50: ... entry should belong to The allowed string length is 1 to 31 The valid user name is a combination of letters numbers and underscores Password The password of the user The allowed string length is 1 to 31 Password again Please enter the user s new password here again to confirm Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can acc...

Page 51: ...o any changes made locally and revert to previously saved values Click to undo any changes made locally and return to the Users Delete the current user This button is not available for new configurations Add new user Once the new user is added the new user entry shown in the Users Configuration Page Figure 4 2 6 User Configuration Page Screenshot If you forget the new password after changing the d...

Page 52: ...rview of the privilege levels After setup is completed please press Apply button to take effect Please login web interface with new user name and password and the screen in Figure 4 2 7 appears Figure 4 2 7 Privilege Levels Configuration Page Screenshot ...

Page 53: ...ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every privilege level group has an authorization level ...

Page 54: ... the agent forward and to transfer NTP messages between the clients and the server when they are not on the same subnet domain Disabled Disable NTP mode operation Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol i...

Page 55: ...me so time zones tend to follow the boundaries of countries and their subdivisions The Time Zone Configuration screen in Figure 4 2 9 appears Figure 4 2 9 Time Configuration Page Screenshot The Page includes the following fields Object Description Time Zone Lists various Time Zones world wide Select appropriate Time Zone from the drop down and click Save to set Acronym User can set the acronym of ...

Page 56: ...ht Saving Time duration for single time configuration Default Disabled Start Time Settings Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute End Time Settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes ...

Page 57: ...rap UPnP related packets to CPU The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range of 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If ...

Page 58: ...58 Click to undo any changes made locally and revert to previously saved values Figure 4 2 11 UPnP devices show on Windows My Network Place ...

Page 59: ... the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes representing the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equals 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the por...

Page 60: ...lay operation mode enabled Disabled Disable DHCP relay information mode operation Relay Information Policy Indicates the DHCP relay information option policy When enabling DHCP relay information mode operation if agent receives a DHCP message that already contains relay agent information It will enforce the policy And it only works under DHCP relay information operation mode enabled Possible polic...

Page 61: ...ts to clients Receive from Server The packets number that received packets from server Receive Missing Agent Option The packets number that received packets without agent information options Receive Missing Circuit ID The packets number that received packets which the Circuit ID option was missing Receive Missing Remote ID The packets number that received packets which Remote ID option was missing...

Page 62: ...packets with relay agent information option Replace Agent Option The packets number that replaced received packets with relay agent information option Keep Agent Option The packets number that kept received packets with relay agent information option Drop Agent Option The packets number that dropped received packets with relay agent information option Buttons Auto refresh Check this box to refresh...

Page 63: ... SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 14 appears Figure 4 2 14 CPU Load Page Screenshot Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds If your browser ...

Page 64: ...stem log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Clear Level To clear the system log entry level The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All ...

Page 65: ...the selected log entries Hides the selected log entries Downloads the selected log entries Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entry currently displayed Updates the system log entries starting from the last entry currently displayed Updates the system log entries ending at the last available entry ID ...

Page 66: ...m log entry Message The message of the system log entry Buttons Download the system log entry to the current entry ID Updates the system log entry to the current entry ID Updates the system log entry to the first available entry ID Updates the system log entry to the previous available entry ID Updates the system log entry to the next available entry ID Updates the system log entry to the last ava...

Page 67: ...ince UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation Syslog Server IP Indicates the IPv4 host address of syslog server If the switch provides DNS feature it also can be a host name Syslo...

Page 68: ...P service SMTP Authentication Controls whether SMTP authentication is enabled If authentication is required when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type the sender s E mail address This address is used for reply e mails E m...

Page 69: ...Web Firmware Upgrade 2 The Firmware Upgrade screen is displayed as in Figure 4 2 19 3 Click the button of the Main Page the system would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file with upload status 5 Once the software is loaded to the system successfully the following screen appears The system will load th...

Page 70: ... firmware image is on the TFTP server The TFTP Firmware Upgrade screen in Figure 4 2 21 appears Figure 4 2 20 TFTP Firmware Update Page Screenshot The Page includes the following fields Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmware DO NOT Power OFF the Managed Switch...

Page 71: ...ther virtual RAM based or stored in flash on the switch There are three system files running config A virtual file that represents the currently active configuration on the switch This file is volatile startup config The startup configuration for the switch read at boot time default config A read only file with vendor specific configuration This file is read when the system is restored to default ...

Page 72: ... the destination is running config the file will be applied to the switch configuration This can be done in two ways Replace mode The current configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system files mentioned above plus two other files it is not possible to c...

Page 73: ...resents the currently active configuration Select the file to activate and click This will initiate the process of completely replacing the existing configuration with that of the selected file 4 2 22 Configuration Delete Configuration Delete page allows to delete the startup config and default config files which stored in FLASH If this is done and the switch is rebooted without a prior Save opera...

Page 74: ...disabled 2 If the alternate image is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 3 The firmware version and date information may be empty for older firmware releases This does not constitute an error Figure 4 2 28 Software Image Selection Page Screenshot The Pa...

Page 75: ...rt is necessary The Factory Default screen in Figure 4 2 29 appears Figure 4 2 29 Factory Default Page Screenshot Buttons Click to reset the configuration to Factory Defaults Click to return to the Port State Page without resetting the configuration To reset the Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel about 10 seconds After the ...

Page 76: ...igure 4 2 30 appears Figure 4 2 30 System Reboot Page Screenshot Buttons Click to reboot the system Click to return to the Port State Page without rebooting the system You can also check the SYS LED at the front panel to identify whether the System is loaded completely or not If the SYS LED is blinking then it is in the firmware load stage if the SYS LED light is on you can use the WEB browser to ...

Page 77: ...ubstantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elements They collect and store management information such as the number of error packets received by a network element Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Colle...

Page 78: ...re Write private Read public Use the SNMP Menu to display or configure the Managed Switch s SNMP function This section has the following items System Configuration Configure SNMP on this Page Trap Configuration Configure SNMP trap on this Page System Information The system information is provided here SNMPv3 Communities Configure SNMPv3 communities table on this Page SNMPv3 Users Configure SNMPv3 ...

Page 79: ...y read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c co...

Page 80: ...nity string a particular range of source addresses can be used to restrict source subnet Engine ID Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users Buttons Click to apply changes Click to undo any changes made locally and revert to previous...

Page 81: ...tion s name for configuring The allowed string length is 0 to 255 and the allowed content is ASCII characters from 33 to 126 Trap Mode Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v...

Page 82: ... the port range is 1 65535 Trap Inform Mode Indicates the SNMP trap inform mode operation Possible modes are Enabled Enable SNMP trap authentication failure Disabled Disable SNMP trap authentication failure Trap Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 25...

Page 83: ...able Link up trap Link Down Enable disable Link down trap LLDP Enable disable LLDP trap AAA Indicates that the AAA group s traps Possible traps are Authentication Fail Enable disable SNMP trap authentication failure trap Switch Indicates that the Switch group s traps Possible traps are STP Enable disable STP trap RMON Enable disable RMON trap Buttons Click to apply changes Click to undo any change...

Page 84: ...26 System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is...

Page 85: ...community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of source addresses can be used to restrict source subnet when combined with s...

Page 86: ...trol For the USM entry the usmUserEngineID and usmUserName are the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID equal system engine ID then it is local user otherwise it s remote user User Name A string i...

Page 87: ...col the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is the ASCII characters from 33 to 126 Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol DES An optional flag to indicate that this user using DES authentication protocol AES An opti...

Page 88: ...ld belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong to The allowe...

Page 89: ...6 View Type Indicates the view type that this entry should belong to Possible view type are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded In general if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID subtree overstep t...

Page 90: ... to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy Read...

Page 91: ...91 Buttons Click to add a new access entry Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 92: ...etail Lists Ethernet and RMON port statistics SFP Module Information Display SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This Page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Figure 4 4 1 Port Configuration Page Screenshot The Page includes the following fields O...

Page 93: ...n a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation...

Page 94: ... 4 4 2 Port Statistics Overview Page Screenshot The displayed counters are Object Description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of...

Page 95: ...is Page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The selected port belong to the currently selected stack unit as reflected by the Page header The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit The Port ...

Page 96: ... The number of received and transmitted good and bad packets split into categories based on their respective frame sizes Receive and Transmit Queue Counters The number of received and transmitted packets per input and output queue Receive Error Counters Object Description Rx Drops The number of frames dropped due to lack of receive buffers or egress congestion Rx CRC Alignment The number of frames...

Page 97: ...smit Error Counters Object Description Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Buttons Click to refresh the Page immediately Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the Page at regular intervals ...

Page 98: ...e Information screen in Figure 4 4 4 appears Figure 4 4 4 SFP Module Information for Switch Page Screenshot The Page includes the following fields Object Description Type Display the type of current SFP module the possible types are 10GBase SR 10GBase LR 1000Base SX 1000Base LX 100Base FX Speed Display the spedd of current SFP module the speed value or description is get from the SFP module Differ...

Page 99: ...rent SFP DDM module the TX power value is get from the SFP DDM module RX power dBm SFP DDM Module Only Display the RX power of current SFP DDM module the RX power value is get from the SFP DDM module Buttons SFP Monitor Event Alert send trap Warning Temperature degrees C Check SFP Monitor Event Alert box it will be in accordance with your warning temperature setting and allows users to record mess...

Page 100: ... can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Figure 4 4 7 Port Mirror Application The traffic to be copied to the mirror port...

Page 101: ...ination tx mirroring enabled are mirrored to this port Disabled disables mirroring Port The logical port for the settings contained in the same row Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Mode Disabled N...

Page 102: ...ports of the same speed set to full duplex operations Ports in a LAG can be of different media types UTP Fiber or different fiber types provided they operate at the same speed Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically ...

Page 103: ...tion menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that The ports used in a link aggregation must all be of the same media type RJ 45 100 Mbps fiber The ports that can be assigned to the same link aggregation have certain other restrictions see below Ports can only be assigned to one link aggregation The ports at both ends of a connection ...

Page 104: ...ection are always forwarded on the same link aggregation member port Reording of frames within a flow is therefore not possible The aggregation code is based on the following information Source MAC Destination MAC Source and destination IPv4 address Source and destination TCP UDP ports for IPv4 packets Normally all 5 contributions to the aggregation code should be enabled to obtain the best traffi...

Page 105: ...frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calc...

Page 106: ...the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons Click to apply changes Click to u...

Page 107: ... each other to discover automatically whether any ports are member of the same LAG This Page allows the user to inspect the current LACP port configurations and possibly change them as well The LACP port settings relate to the currently selected stack unit as reflected by the Page header The LACP Configuration screen in Figure 4 5 4 appears Figure 4 5 4 LACP Port Configuration Page Screenshot ...

Page 108: ...hile ports with different keys cannot The default setting is Auto Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a...

Page 109: ...iated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Partner Priority The priority of the aggregation partner Last changed The time since this aggregation changed Local Ports Shows which ports are a part of...

Page 110: ... link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group Partner System ID The partner s System...

Page 111: ...t Statistics screen in Figure 4 5 7 appears Figure 4 5 7 LACP Statistics Page Screenshot The Page includes the following fields Object Description Port The switch port number LACP Received Shows how many LACP frames have been sent from each port LACP Transmitted Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at...

Page 112: ...112 Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Clears the counters for all ports ...

Page 113: ...as initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unawa...

Page 114: ...curity since traffic must pass through a configured Layer 3 link to reach a different VLAN This Managed Switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging IEEE 802 1Q Stand...

Page 115: ... priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bit 12 bits TPID Tag Protocol I...

Page 116: ...devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Default VLANs The Switch initially c...

Page 117: ...olate user groups or subnets 4 6 3 VLAN Port Configuration This Page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration Page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Configuration Page All untagged packets arriving to the device are tagged by the ports PVID Understand nomenclature of th...

Page 118: ...l VLAN IDs This is accomplished by inserting Service Provider VLAN SPVLAN tags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service p...

Page 119: ...nism between the two ports This way the MAC table requirements is reduced Global VLAN Configuration The Global VLAN Configuration screen in Figure 4 6 1 appears Figure 4 6 1 Global VLAN Configuration Screenshot The Page includes the following fields Object Description Allowed Access VLANs This field shows the allowed Access VLANs it only affects ports configured as Access ports Ports in other mode...

Page 120: ...scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged and C tagged frames Discards all frames that are not classified to the Access VLAN On egress all frames classified to the Access VLAN are transmitted untagged Other dynamically added VLANs are transmitted tagged Mode Trunk Trunk ports can carry traffic ...

Page 121: ...re in the range 1 through 4095 default being 1 On ingress frames get classified to the Port VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the port but the frame is priority tagged VLAN ID 0 On egress frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN The Port VLAN is called an Access ...

Page 122: ...checkbox is checked frames classified to a VLAN that the port is not a member of get discarded If ingress filtering is disabled frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine However the port will never transmit frames classified to VLANs that it is not a member of Ingress Acceptance Hybrid ports allow for changing the type of frames th...

Page 123: ...ember of one or more VLANs This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs The trick is to mark such VLANs as forbidden on the port in question The syntax is identical to the syntax used in the Enabled VLANs field By default the field is left blank which means that the port may become a member of all possible VLANs...

Page 124: ...ration Protocol is a protocol that facilitates control of virtual local area networks VLANs within a larger network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN Por...

Page 125: ...lt VLAN membership allows the frames classified to the VLAN ID to be forwarded on the respective VLAN member ports Buttons Select VLAN Users from this drop down list Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Updates the table starting from the first entry in the VLAN Table i e the entry with the lowe...

Page 126: ...ved on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is di...

Page 127: ...of Conflicts whether exists or Not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur Functional Conflicts between feature Conflicts due to hardware limitation Direct conflict between user modules Buttons Select VLAN Users from this drop down list Auto refresh Check this box to refresh the Page automatically Automatic refresh occu...

Page 128: ...ilitarized Zone DMZ are allowed to communicate with the outside world and with database servers on the inside segment but are not allowed to communicate with each other For private VLANs to be applied the switch must first be configured for standard VLAN operation When this is in place one or more of the configured VLANs can be configured as private VLANs Ports in a private VLAN fall into one of t...

Page 129: ...e is used for enabling or disabling port isolation on ports in a Private VLAN A port member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN The Port Isolation screen in Figure 4 6 6 appears Figure 4 6 6 Port Isolation Configuration Page Screenshot The Page includes the following fields Object Description Port Members A check box is provided for each port of a pr...

Page 130: ...d VLAN Each VLAN isolate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 7 appears and Table 4 6 8 describes the port configuration of the Managed Switches Figure 4 6 7 Two Separate VLANs Diagram VLAN Group VID Untagged Members Tagged Members VLAN Group 1 1 Port 7 Port 28 N A VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 P...

Page 131: ...he packet through Port 1 and Port 2 6 While the packet leaves Port 1 and Port 2 it will be stripped away it tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will received the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away it tag be...

Page 132: ...t 4 6 to be VLAN3 3 Enable VLAN Tag for specific ports Link Type Port 3 VLAN 2 and Port 6 VLAN 3 Change Port 3 Mode as Trunk Selects Egress Tagging as Tag All and Types 2 in the Allowed VLANs column Change Port 6 Mode as Trunk and Selects Egress Tagging as Tag All and Types 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 10 appears Figure 4 6 10 Check VLAN 2 and 3 Membe...

Page 133: ... different switches but they need to access with other switches within the same VLAN group The screen in Figure 4 6 11 appears Figure 4 6 11 VLAN Trunking Diagram Setup steps 1 Add VLAN Group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Figure 4 6 12 Add VLAN 2 and VLAN 3 ...

Page 134: ...AN Trunk port configuration 1 Specify Port 7 to be the 802 1Q VLAN Trunk port 2 Assign Port 7 to both VLAN 2 and VLAN 3 at the VLAN Member configuration Page 3 Define a VLAN 1 as a Public Area that overlapping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member...

Page 135: ...ps 1 to 6 set up the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk repeat Steps 1 to 3 to assign the Trunk port to the VLANs 4 6 10 3 Port Isolate The diagram shows how the Managed Switch handles isolated and promiscuous ports and the each PC is not able to access the isolated port of each other s PCs But they all need to access with the same server AP Printer Thi...

Page 136: ...rt5 and Port 6 in Promiscuous port The screen in Figure 4 6 17 appears Figure 4 6 17 The Configuration of Isolated and Promiscuous Port 2 Assign VLAN Member VLAN 1 Port 5 and Port 6 VLAN 2 Port 1 Port 2 Port 5 and Port 6 VLAN 3 Port 3 Port 6 The screen in Figure 4 6 18 appears ...

Page 137: ...AC based VLAN Membership Configuration Page Screenshot The Page includes the following fields Object Description Delete To delete a MAC based VLAN entry check this box and press save The entry will be deleted in the stack MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members A row of check boxes for each port is displayed for each MAC based VLAN entry To include a port i...

Page 138: ... be used to undo the addition of new MAC based VLANs Buttons Click to add a new MAC based VLAN entry Click to apply changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Updates the table starting from the first entry in the MAC...

Page 139: ...or each Group mapping entries as well as allow you to see and delete already mapped entries for the switch The Protocol based VLAN screen in Figure 4 6 21 appears Figure 4 6 21 Protocol to Group Mapping Table Page Screenshot The Page includes the following fields Object Description Delete To delete a Protocol to Group Name map entry check this box The entry will be deleted on the switch during the...

Page 140: ... OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to 0xffff Group Name A valid Group Name is a unique 16 character lo...

Page 141: ...hichever Group name you try map to a VLAN must be present in Protocol to Group mapping table and must not be preused by any other existing mapping entry on this Page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check th...

Page 142: ...y changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately ...

Page 143: ... automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to...

Page 144: ...rameters the path between source and destination stations in a switched network might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transitioned directly from a...

Page 145: ...locking state No packets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisti...

Page 146: ...U for a port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Defaul...

Page 147: ...If it turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Forward Delay Timer The Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state Observe the following formulas when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max ...

Page 148: ...ore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however relatively straight forward Figure 4 7 2 Before Applying ...

Page 149: ...igabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link 4 7 2 STP System Configuration This Page allows you to configure STP system settings The settings are used by all STP Bridge instances in the Switch or Switch Stack The Managed Switch support the following Spanning Tree protocols Compatiable Sp...

Page 150: ...es the following fields Basic Settings Object Description Protocol Version The STP protocol version setting Valid values are STP RSTP and MSTP Bridge Priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority...

Page 151: ...citly configured as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery ...

Page 152: ... root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Last The time since last Topology Change occurred Buttons Auto ...

Page 153: ...on this switch port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of highe...

Page 154: ... administrator This feature is also known as Root Guard Restricted TCN If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administra...

Page 155: ...net 3 10 2 000 200 000 Table 4 7 1 Recommended STP Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Table 4 7 2 Recommended STP Path Costs Port Type Link Type IEEE 802 1w 2...

Page 156: ...e The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 157: ...ge includes the following fields Configuration Identification Object Description Configuration Name The name identifiying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI configuration...

Page 158: ...to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This Page contains MSTI port settings for physical and aggregat...

Page 159: ...bject Description Port The switch port number of the corresponding STP CIST and MSTI port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path ...

Page 160: ...ority This can be used to control priority of ports having identical port cost Buttons Click to set MSTx configuration Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 7 8 Port Status This Page displays the STP CIST port status for port physical ports in the currently selected switch The STP Port Status screen in Figure 4 7 11 appears Figure 4 7...

Page 161: ... port The port state can be one of the following values Disabled Learning Forwarding Uptime The time since the bridge port was last initialized Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds 4 7 9 Port Statistics This Page displays the STP port statistics counters for port physical ports in the cu...

Page 162: ...of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Auto refresh Automatic refresh occurs ...

Page 163: ...will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of the multicast g...

Page 164: ...164 Figure 4 8 2 Multicast Flooding ...

Page 165: ...g or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 0x11 Specific Group Membership Q...

Page 166: ...it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwar...

Page 167: ...erforming IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting ...

Page 168: ...ete Check to delete the entry The designated entry will be deleted during the next save Profile Name The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Profile Description Additional description which is composed of at maximum 64 alphabetic and numeric characters abou...

Page 169: ...ddress range that will be associated with IPMC Profile It is allowed to create at maximum 128 address entries in the system The Profile Table screen in Figure 4 8 6 appears Figure 4 8 6 IPMC Profile Address Configuration Page The Page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted during the next save Entry Name The name used ...

Page 170: ...igure the addresses Click Save Click to apply changes Click to undo any changes made locally and revert to previously saved values Refreshes the displayed table starting from the input fields Updates the table starting from the first entry in the IPMC Profile Address Configuration Updates the table starting with the entry after the last entry currently displayed ...

Page 171: ...MP Snooping related configuration The IGMP Snooping Configuration screen in Figure 4 8 7 appears Figure 4 8 7 IGMP Snooping Configuration Page Screenshot The Page includes the following fields Object Description Snooping Enabled Enable the Global IGMP Snooping ...

Page 172: ...MP querier The Switch forwards IGMP join or leave packets to an IGMP router port Auto Select Auto to have the Managed Switch automatically uses the port as IGMP Router port if the port receives IGMP query packets Fix The Managed Switch always uses the specified port as an IGMP Router port Use this mode when you connect an IGMP multicast server or IP camera which applied with multicast protocol to ...

Page 173: ...deleted during the next save VLAN ID The VLAN ID of the entry IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected Querier Election Enable the IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier Querier Address Define the IPv4 address as source address used in IP header for IGMP Querier election When the Querier address is not set system us...

Page 174: ...ies The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10...

Page 175: ...multicast groups that are permitted or denied on the port An IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is d...

Page 176: ... Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 7 IGMP Snooping Status This Page provides IGMP Snooping status The IGMP Snooping Status screen in Figure 4 8 10 appears ...

Page 177: ...sion Working Host Version currently Querier Status Show the Querier status is ACTIVE or IDLE Querier Transmitted The number of Transmitted Querier Querier Received The number of Received Querier V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leave Received The number of Received V2...

Page 178: ...esh Automatic refresh occurs every 3 seconds 4 8 8 IGMP Group Information Entries in the IGMP Group Table are shown on this Page The IGMP Group Table is sorted first by VLAN ID and then by group Each Page shows up to 99 entries from the IGMP Group table default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginni...

Page 179: ...M Information Table is sorted first by VLAN ID then by group and then by Port No Diffrent source addresses belong to the same group are treated as single entry Each Page shows up to 99 entries from the IGMP SSM Source Specific Multicast Information table default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginn...

Page 180: ...al number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 address could be handled by chip or not Buttons Auto refresh Check this box to enable an automatic refresh of the Page at regular intervals Click to refresh the Page immediatel...

Page 181: ...LD Snooping related configuration The MLD Snooping Configuration screen in Figure 4 8 13 appears Figure 4 8 13 MLD Snooping Configuration Page Screenshot The Page includes the following fields Object Description Snooping Enabled Enable the Global MLD Snooping ...

Page 182: ...t leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port The allowed selection is Auto Fix Fone default compatibility value is Auto Fast Leave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to which a switch port can belong Buttons Click to apply...

Page 183: ...183 Figure 4 8 14 IGMP Snooping VLAN Configuration Page Screenshot ...

Page 184: ...ess Variable The Robustness Variable allows tuning for the expected packet loss on a network The allowed range is 1 to 255 default robustness variable value is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds QRI Query Response Interval The Max Response Time used to calcu...

Page 185: ...rt and MLD throttling limits the number of simultaneous multicast groups a port can join MLD filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled MLD join reports received on the por...

Page 186: ...t Description Port The logical port for the settings Filtering Group Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 187: ...enshot The Page includes the following fields Object Description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Querier Transmitted The number of Transmitted Querier ...

Page 188: ...er port Port Switch port number Status Indicates whether specific port is a router port or not Buttons Click to refresh the Page immediately Clears all Statistics counters Auto refresh Automatic refresh occurs every 3 seconds 4 8 14 MLD Group Information Entries in the MLD Group Table are shown on this Page The MLD Group Table is sorted first by VLAN ID and then by group Each Page shows up to 99 e...

Page 189: ...189 Figure 4 8 17 MLD Snooping Groups Information Page Screenshot ...

Page 190: ... Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry Each Page shows up to 99 entries from the MLD SFM Information table default being 20 selected through the entries per Page input field When first ...

Page 191: ...total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the input fields Updates th...

Page 192: ...an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximun 8 MVR VLANs with corresponding channel settings for each Multicast VLAN There will b...

Page 193: ...VR Configuration Page Screenshot The Page includes the following fields Object Description MVR Mode Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping ...

Page 194: ...first available IPv4 management address Otherwise system uses a pre defined value By default this value will be 192 0 2 1 Mode Specify the MVR mode of operation In Dynamic mode MVR allows dynamic MVR membership reports on source ports In Compatible mode MVR membership reports are forbidden on source ports The default is Dynamic mode Tagging Specify whether the traversed IGMP MLD control frames wil...

Page 195: ...roup by issuing IGMP MLD messages Be Caution MVR source ports are not recommended to be overlapped with management VLAN ports Select the port role by clicking the Role symbol to switch the setting I indicates Inactive S indicates Source R indicates Receiver The default Role is Inactive Immediate Leave Enable the fast leave on the port Buttons Click to add new MVR VLAN Specify the VID and configure...

Page 196: ...GMPv2 Leaves and MLDv1 Dones respectively Buttons Click to refresh the Page immediately Clears all Statistics counters Auto refresh Automatic refresh occurs every 3 seconds 4 8 18 MVR Groups Information Entries in the MVR Group Table are shown on this Page The MVR Group Table is sorted first by VLAN ID and then by group Each Page shows up to 99 entries from the MVR Group table default being 20 sel...

Page 197: ...with the entry after the last entry currently displayed 4 8 19 MVR SFM Information Entries in the MVR SFM Information Table are shown on this Page The MVR SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as s...

Page 198: ...is It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 When there is no any source filtering address the text None is shown in the Source Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific grou...

Page 199: ...ge network congestion QoS Terminology Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP hea...

Page 200: ... fields Object Description Port The port number for which the configuration below applies Enable Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer...

Page 201: ...t to previously saved values 4 9 3 Port Classification This Page allows you to configure the basic QoS Ingress Classification settings for all switch ports The Port Classification screen in Figure 4 9 2 appears Figure 4 9 2 QoS Ingress Port Classification Page Screenshot The Page includes the following fields Object Description ...

Page 202: ... to the DEI value in the tag Otherwise the frame is classified to the default DPL The classified DPL can be overruled by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag Otherwise the frame is classified to the default PCP value DEI Controls the default ...

Page 203: ...203 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 204: ... 3 QoS Egress Port Schedule Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1 Mode Shows the scheduling mode for this port Q0 Q5 Shows the weight for this queue and port ...

Page 205: ...rt Shapers Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers For more detail please refer to chapter 4 9 5 1 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps ...

Page 206: ...ption Schedule Mode Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is ...

Page 207: ... this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons Click to apply changes Click to undo any changes made locally and...

Page 208: ...208 Figure 4 9 6 QoS Egress Port Tag Remarking Page Screenshot ...

Page 209: ...g Remarking for a specific port are configured on this Page The QoS Egress Port Tag Remarking sscreen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarking Page Screenshot The Page includes the following fields Object Description Mode Controls the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of ...

Page 210: ...t DSCP screen in Figure 4 9 8 appears Figure 4 9 8 QoS Port DSCP Configuration Page Screenshot The Page includes the following fields Object Description Port The Port coulmn shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration p...

Page 211: ...be one of Disable No Egress rewrite Enable Rewrite enable without remapped Remap DP Unaware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remap...

Page 212: ...his Page allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches The DSCP based QoS screen in Figure 4 9 9 appears Figure 4 9 9 DSCP based QoS Ingress Classification Page Screenshot ...

Page 213: ...alues are 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS Class value can be any of 0 7 DPL Drop Precedence Level 0 1 ...

Page 214: ...Ingress or Egress The DSCP Translation screen in Figure 4 9 10 appears Figure 4 9 10 DSCP Translation Page Screenshot The Page includes the following fields Object Description DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP ...

Page 215: ...wing configurable parameter for Egress side Remap Remap DP Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 10 DSCP Classification This Page allows you to map DSCP value to a QoS Class and DPL value The DSCP Classification screen in Figure ...

Page 216: ...ist This Page shows the QoS Control List QCL which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The QoS Control List screen in Figure 4 9 12 appears Figure 4 9 12 QoS Control List Configuration Page Screenshot The Page includes the following fields Object Description QCE I...

Page 217: ...or Valid value of DEI can be any of values between 0 1 or Any Frame Type Indicates the type of frame to look for incomming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only ...

Page 218: ...218 Deletes the QCE The lowest plus sign adds a new entry at the bottom of the list of QCL ...

Page 219: ... Key configuration are discribed as below DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any SMAC Source MAC address 24 MS bits OUI or Any Tag Value of Tag field can be Any Untag or Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP a...

Page 220: ...umber 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any...

Page 221: ...lue is not modified by this QCE Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Return to the previous Page without saving the configuration change 4 9 12 QCL Status This Page shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hard...

Page 222: ... be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen that resources required to add a QCE may not be...

Page 223: ...hese only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen in Figure 4 9 15 appears Figure 4 9 15 Storm Control Configuration Page Screenshot The Page includes the following fields Object Description ...

Page 224: ...tons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 15 WRED This page allows you to configure the Random Early Detection RED settings for queue 0 to 5 RED cannot be applied to queue 6 and 7 Through different RED configuration for the queues QoS classes it is possible to obtain Weighted Random Early Detection WRED operation between queues The...

Page 225: ...d to 0 100 Max DP2 Controls the drop probability for frames marked with Drop Precedence Level 2 when the average queue filling level is 100 This value is restricted to 0 100 Max DP3 Controls the drop probability for frames marked with Drop Precedence Level 3 when the average queue filling level is 100 This value is restricted to 0 100 RED Drop Probability Function The following illustration shows ...

Page 226: ...ng frames The drop probability for frames marked with Drop Precedence Level n increases linearly from zero at Min Threshold average queue filling level to Max DP n at 100 average queue filling level Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 227: ... in Figure 4 9 17 appears Figure 4 9 17 Queuing Counters Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Q0 Q7 There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue ...

Page 228: ...oice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure ...

Page 229: ...229 Figure 4 9 18 Voice VLAN Configuration Page Screenshot ...

Page 230: ...It used when security mode or auto detect mode is enabled In other cases it will based hardware age time The actual age time will be situated in the age_time 2 age_time interval Traffic Class Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply this class Mode Indicates the Voice VLAN port mode Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect ...

Page 231: ...ode is enabled We should enable LLDP feature before configuring discovery protocol to LLDP or Both Changing the discovery protocol to OUI or LLDP will restart auto detect process Possible discovery protocols are OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP ...

Page 232: ...creenshot The Page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which v...

Page 233: ...233 Buttons Click to add a new access management entry Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 234: ...onym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This Page shows the ACL status by different ACL users Each row d...

Page 235: ...yed the rate limiter operation is disabled Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are...

Page 236: ...ingress port of the ACE Possible values are All The ACE will match all ingress port Port The ACE will match a specific ingress port Policy Bitmask Indicates the policy number and bitmask of the ACE Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get m...

Page 237: ...layed the port redirect operation is disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits the ACE row Moves the ACE up the list Moves the ACE down the list Deletes the ACE The lowest plus sign adds a new entry at ...

Page 238: ...ludes the following fields Object Description Ingress Port Select the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the policy number filter for this ACE Any No policy filter is specified policy filter status is don t care Specific If you want to filter a specific pol...

Page 239: ...iter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled Logging Specify the logging operation of ...

Page 240: ... to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears DMAC Value When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this DMAC value VLAN Parameters Object ...

Page 241: ...he sender IP address in the SIP Address field that appears Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear Sender IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IP Mask When Network is selected for the send...

Page 242: ...ettings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 Any Any value is allowed don t care IP Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1 1 ARP RA...

Page 243: ... entry non zero IPv4 frames with a Time to Live field greater than zero must be able to match this entry Any Any value is allowed don t care IP Fragment Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offset FRAG OFFSET field for an IPv4 frame No IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than ...

Page 244: ...tion IP filter you can enter a specific DIP address in dotted decimal notation DIP Mask When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation IPv6 Parameters Object Description Next Header Fliter Specify the IPv6 next header filter for this ACE Any No IPv6 next header filter is specified don t care Specific If you want to filter a speci...

Page 245: ...For example if the SIPv6 address is 2001 3 and the SIPv6 bitmask is 0xFFFFFFFE bit 0 is don t care bit then SIPv6 address 2001 2 and 2001 3 are applied to this rule Hop Limit Specify the hop limit settings for this ACE zero IPv6 frames with a hop limit field greater than zero must not be able to match this entry non zero IPv6 frames with a hop limit field greater than zero must be able to match th...

Page 246: ... range value A field for entering a TCP UDP source value appears TCP UDP Source No When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range va...

Page 247: ...YN field is set must be able to match this entry Any Any value is allowed don t care TCP RST Specify the TCP Reset the connection RST value for this ACE 0 TCP frames where the RST field is set must not be able to match this entry 1 TCP frames where the RST field is set must be able to match this entry Any Any value is allowed don t care TCP PSH Specify the TCP Push Function PSH value for this ACE ...

Page 248: ...fic EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears Ethernet Type Value When Specific is selected for the EtherType filter you can enter a specific EtherType value The allowed range is 0x600 to 0xFFFF but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 A frame that hits this ACE matches this EtherType value Buttons Click to appl...

Page 249: ...uration Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to ap...

Page 250: ...y the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The allowed values are Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disabled To close ports by changing the vo...

Page 251: ...iguration screen in Figure 4 10 5 appears Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot The Page includes the following fields Object Description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate pps The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps ...

Page 252: ...252 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 253: ...nt type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but m...

Page 254: ...on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard defines a client server based access con...

Page 255: ...P extensions is the only supported authentication server it is available in Cisco Secure Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device controls the physical access to the network based on the authentication status of the client The switc...

Page 256: ...AP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an...

Page 257: ... initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized...

Page 258: ...s you to configure how a user is authenticated when he logs into the switch via one of the management client interfaces The Authentication Method Configuration screen in Figure 4 11 3 appears Figure 4 11 3 Authentication Method Configuration Page Screenshot ...

Page 259: ...to previously saved values 4 11 3 Network Access Server Configuration This Page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend se...

Page 260: ...260 Figure 4 11 4 Network Access Server Configuration Page Screenshot The Page includes the following fields System Configuration Object Description ...

Page 261: ...t Identity EAPOL frames Valid values are in the range 1 to 65535 seconds This has no effect for MAC based ports Aging Period This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for...

Page 262: ...DIUS attributes to take advantage of this feature The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned QoS Class functionality When checked the individual ports ditto setting determine whether RADIUS assigned QoS Class is enabled for that port When unchecked RADIUS server assigned QoS Class is disabled for all ports RADIUS Assigned VLAN En...

Page 263: ...e value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received on the port for the life time of the port Once the switch considers whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will...

Page 264: ...ible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the releva...

Page 265: ... first when the port s link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplic...

Page 266: ...y When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802...

Page 267: ...idered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 7 which translates into the desired QoS Class in the range 0 7 RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN ID information carried in the RADIUS Access...

Page 268: ...dium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 Guest VLAN Enabled When Guest VLAN is both globally enabled and enabled checked for a ...

Page 269: ...received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disa...

Page 270: ... clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Buttons Click to refresh the Page Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 271: ...ative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user n...

Page 272: ...this box to refresh the Page automatically Automatic refresh occurs every 3 seconds 4 11 5 Network Access Statistics This Page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed...

Page 273: ...t is appended to the VLAN ID Read more about Guest VLANs here Port Counters Object Description These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X Direction Name IEEE Name Description Rx Total dot1xAuthEapolFrames Rx The number of valid EAPOL frames of any type that have been received...

Page 274: ...is not recognized Rx Invalid Length dot1xAuthEapLengthErr orFramesRx The number of EAPOL frames that have been received by the switch in which the Packet Body Length field is invalid Tx Total dot1xAuthEapolFrames Tx The number of EAPOL frames of any type that have been transmitted by the switch Tx Request ID dot1xAuthEapolReqIdFr amesTx The number of EAPOL Request Identity frames that have been tr...

Page 275: ...er has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Rx Other Requests dot1xAuthBackendOther RequestsToSupplicant 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP meth...

Page 276: ...d a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted Last Supplicant Client Info Info...

Page 277: ... the last frame from the last supplicant client was received Version dot1xAuthLastEapolF rameVersion 802 1X based The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable Identity 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable ...

Page 278: ...supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module State The client can either be...

Page 279: ...s Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear only the currently selected client s counters 4 11 6 RADIUS This Page allows you to configure the RADIUS Servers The RADIUS Configuration screen in Fig...

Page 280: ...0 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from contin...

Page 281: ...ne row for each RADIUS Server and a number of columns which are Object Description Delete To delete a RADIUS server entry check this box The entry will be deleted during the next Save Hostname The IP address or hostname of the RADIUS server Auth Port The UDP port to use on the RADIUS server for authentication Acct Port The UDP port to use on the RADIUS server for accounting Timeout This optional s...

Page 282: ...changes Click to undo any changes made locally and revert to previously saved values 4 11 7 TACACS This Page allows you to configure the TACACS Servers The TACACS Configuration screen in Figure 4 11 8 appears Figure 4 11 8 TACACS Server Configuration Page Screenshot ...

Page 283: ...ed as dead Setting the Deadtime to a value greater than 0 zero will enable this feature but only if more than one server has been configured Key The secret key up to 63 characters long shared between the TACACS server and the switch Server Configuration The table has one row for each TACACS server and a number of columns which are Object Description Delete To delete a TACACS server entry check thi...

Page 284: ...values 4 11 8 RADIUS Overview This Page provides an overview of the status of the RADIUS servers configurable on the Authentication configuration Page The RADIUS Authentication Accounting Server Overview screen in Figure 4 11 9 appears Figure 4 11 9 RADIUS Authentication Accounting Server Overview Page Screenshot The Page includes the following fields RADIUS Authentication Server Status Overview O...

Page 285: ...n one server is enabled RADIUS Accounting Server Status Overview Object Description The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is e...

Page 286: ...286 Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately ...

Page 287: ...e provides detailed statistics for a particular RADIUS server The RADIUS Authentication Accounting for Server Overview screen in Figure 4 11 10 appears Figure 4 11 10 RADIUS Authentication Accounting for Server Overview Page Screenshot ...

Page 288: ...ess Rejects radiusAuthClientExtA ccessRejects The number of RADIUS Access Reject packets valid or invalid received from the server Rx Access Challenges radiusAuthClientExtA ccessChallenges The number of RADIUS Access Challenge packets valid or invalid received from the server Rx Malformed Access Responses radiusAuthClientExt MalformedAccessRe sponses The number of malformed RADIUS Access Response ...

Page 289: ...cess Requests radiusAuthClientExtA ccessRequests The number of RADIUS Access Request packets sent to the server This does not include retransmissions Tx Access Retransmissio ns radiusAuthClientExtA ccessRetransmission s The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server Tx Pending Requests radiusAuthClientExtP endingRequests The number of RADIUS Access Re...

Page 290: ...ed The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get ...

Page 291: ...291 measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet ...

Page 292: ...RADIUS packets received from the server Malformed packets include packets with an invalid length Bad authenticators or or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAcctClientExt BadAuthenticators The number of RADIUS packets containing invalid authenticators received from the server Rx Unknown Types radiusAccClientExt UnknownTypes The number of RADIUS...

Page 293: ...mented due to receipt of a Response timeout or retransmission Tx Timeouts radiusAccClientExt Timeouts The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout This se...

Page 294: ...The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip Time radiusAccClientExtRo undTripTime The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicat...

Page 295: ...case field in the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at the Managed Switch s 802 1x system configuration 12345678 at this case 1 Configure the IP Address of remote RADIUS server and secret key Figure 4 11 11 RADIUS Server Configuration Screenshot ...

Page 296: ...296 2 Add New RADIUS Cleint on the Windows 2003 server Figure 4 11 12 Windows Server Add New RADIUS Client Setting 3 Assign the client IP address to the Managed Switch ...

Page 297: ...297 Figure 4 11 13 Windows Server RADIUS Server Setting 4 The shared secret key should be as same as the key configured on the Managed Switch Figure 4 11 14 Windows Server RADIUS Server Setting ...

Page 298: ...e establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then Figure 4 11 16 Windows 2003 AD Server Setting Path 7 Enter Active Directory Users and Computers create legal user data next right click a user what you created to enter properties and what to be noticed ...

Page 299: ...299 Figure 4 11 17 Add User Properties Screen Figure 4 11 18 Add User Properties Screen ...

Page 300: ...2000 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication ...

Page 301: ...ing IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type Figure 4 11 20 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue ...

Page 302: ...302 Figure 4 11 21 Windows Client Popup Login Request Message 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 22 ...

Page 303: ... Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module Port Security m...

Page 304: ... Page Screenshot The Page includes the following fields System Configuration Object Description Mode Indicates if Limit Control is globally enabled or disabled on the switchstack If globally disabled other modules may still use the underlying functionality but ...

Page 305: ...owers down If it wasn t for aging the end host would still take up resources on this switch and will be allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be...

Page 306: ...rom the port and no new will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Boot the stack or elect a new masterthe switch 2 Disable and re enable Limit Control on the port or the switch 3 Click the Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on ...

Page 307: ...ved values Click to refresh the Page Note that non committed changes will be lost 4 12 2 Access Management Configure access management table on this Page The maximum entry number is 16 If the application s type match any one of the access management entries it will allow access to the switch The Access Management Configuration screen in Figure 4 12 2 appears Figure 4 12 2 Access Management Configu...

Page 308: ...ntry SNMP Indicates the host can access the switch from SNMP interface that the host IP address matched the entry TELNET SSH Indicates the host can access the switch from TELNET SSH interface that the host IP address matched the entry Buttons Click to add a new access management entry Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 3 Access ...

Page 309: ...ed Allow Packets The allowed packets number from the interface under access management mode is enabled Discard Packets The discarded packets number from the interface under access management mode is enabled Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Clears all statistics ...

Page 310: ...ct mode operation It only significant if HTTPS mode Enabled is selected Automatically redirects web browser to an HTTPS connection when both HTTPS mode and Automatic Redirect are enabled or redirects web browser to an HTTP connection when both are disabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Buttons Click to apply changes C...

Page 311: ...ration Disabled Disable SSH mode operation Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 6 Port Security Status This Page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the...

Page 312: ...odule Legend The legend shows all user modules that may request Port Security services Object Description User Module Name The full name of a module that may request Port Security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status ...

Page 313: ... Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administra...

Page 314: ...cludes the following fields Object Description MAC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Addition Shows the date a...

Page 315: ...er on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on this Page The DHCP Snooping Configuration screen in Figure 4 12 8 appears ...

Page 316: ... are Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message ...

Page 317: ...n the Dynamic DHCP snooping Table are shown on this page The Dynamic DHCP Snooping Table screen in Figure 4 12 9 appears Figure 4 12 9 Dynamic DHCP Snooping Table Screen Page Screenshot Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds It will use the last entry of the currently displayed table as a basis for the next lookup When the end...

Page 318: ...ource Guard related configuration The IP Source Guard Configuration screen in Figure 4 12 10 appears Figure 4 12 10 IP Source Guard Configuration Screen Page Screenshot The Page includes the following fields Object Description Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard All configured ACEs will be lost when the mode is enabled ...

Page 319: ...n the specific port Buttons Click to translate all dynamic entries to static entries Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 11 IP Source Guard Static Table This Page provides Static IP Source Guard Table The Static IP Source Guard Table screen in Figure 4 12 11 appears Figure 4 12 11 Static IP Source Guard Table Screen Page Screensh...

Page 320: ...320 Buttons Click to add a new entry to the Static IP Source Guard table Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 321: ...d to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This Page provides ARP Inspection related configuration The ARP Inspection Configuration screen in Figure 4 12 12 appears Figure 4 12 12 ARP Inspection Configuration Screen Page Screenshot ...

Page 322: ...bled When the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting And the setting of Check VLAN is enabled the log type of ARP Inspection will refer to the VLAN setting Possible setting of Check VLAN are Enabled Enable check VLAN operation Disabled Disable check VLAN operation Only the Global Mode and Port Mode on a given port are enabled and the setting...

Page 323: ... Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Buttons Click to add a new entry to the Static ARP Inspection table Click to apply changes Click to undo any ...

Page 324: ... the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time 4 13 1 MAC Table Configuration The MAC Address Table is configured on this Page Set timeouts for entries in the dynam...

Page 325: ...mes are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in this table The static...

Page 326: ...ill show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match...

Page 327: ...ddress Updates the table starting with the entry after the last entry currently displayed 4 13 3 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this Page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address The Dynamic ARP Inspection Table screen in Figure 4 13 3 ap...

Page 328: ...ort number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry IP Address The IP address of the entry Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the Start from MAC address ...

Page 329: ...RP Inspection Table Each Page shows up to 99 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginning of the Dynamic IP Source Guard Table ...

Page 330: ... entries is shown in the displayed table Use the button to start over The Page includes the following fields Object Description Port The port number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry IP Address The IP address of the entry MAC Address The MAC address of the entry Buttons Auto refresh Check this box to refre...

Page 331: ...nes how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP ME...

Page 332: ...ing the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Default 30 seconds This attribute must comply with the following rule Transmission Interval Hold Time Multiplier 65536 and Transmission Interval 4 Delay Interval Tx Hold Each LLDP frame contains information about how long the in...

Page 333: ...he time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds This attribute must comply with the rule 4 Delay Interval Transmission Interval Tx Reinit When a port is disabled LLDP is disabled or the switch is rebooted a LLDP shutdown frame is transmitted to the neighbo...

Page 334: ...n the LLDP neighbours table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics CDP TLVs are mapped onto LLDP neighbours table as shown below CDP TLV Device ID is mapped to the LLDP Chassis ID field CDP TLV Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the f...

Page 335: ...LLDP information transmitted System Capabilites Optional TLV When checked the system capability is included in LLDP information transmitted Management Address Optional TLV When checked the management address is included in LLDP information transmitted Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 14 3 LLDP MED Configuration This Page ...

Page 336: ...336 Figure 4 14 2 LLDPMED Configuration Page Screenshot ...

Page 337: ...an LLDP MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbour has been detected in order share LLDP MED information as fast as possible to new neighbours Because there is a risk of an LLDP frame being ...

Page 338: ...ngs which have different floor to floor dimensions An altitude 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327...

Page 339: ... Leading street direction Leading street direction Example N Trailing street suffix Trailing street suffix Example SW Street suffix Street suffix Example Ave Platz House no House number Example 21 House no suffix House number suffix Example A Landmark Landmark or vanity address Example Columbia University Additional location info Additional location info Example South Wing Name Name residence and ...

Page 340: ... issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv co...

Page 341: ... for the voice signaling than for the voice media This application type should not be advertised if all the same network policies apply as those advertised in the Voice application policy Guest Voice support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Si...

Page 342: ...the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN ID VLAN identifier VID for...

Page 343: ...e same network policies based on the authenticated user identity or port configuration Object Description Port The port number for which the configuration applies Policy ID The set of policies that shall apply for a given port The set of policies is selected by checkmarking the checkboxes that corresponds to the policies ...

Page 344: ...udes the following fields Fast start repeat count Object Description Port The port on which the LLDP frame was received Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastru...

Page 345: ...P Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpoint Class II The LLDP MED Media Endpoint Class II definition is applicable to all endpoint products that have IP m...

Page 346: ...r appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling for use in network topologies that require a different policy for the voice signaling than for the voice media Guest Voice to support a separate limited feature set voice service for guest users a...

Page 347: ...sed if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead Priority Priority is the Layer 2 priority to be used for the specified application type One of eight priority levels 0 through 7 DSCP DSCP is the DSCP value to be used to provide Diffserv node behav...

Page 348: ...tification of the neighbor port Port Description Port Description is the port description advertised by the neighbor unit System Name System Name is the name advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Stat...

Page 349: ...14 6 Port Statistics This Page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole stack switch while local counters refers to counters for the currently selected switch The LLDP Statistics screen in Figure 4 14 5 appears Figure 4 14 5 LLDP Statistics Page Screenshot The Page includes the following fields Global Counters ...

Page 350: ...eceived on the port Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already...

Page 351: ...ick to refresh the Page immediately Clears the local counters All counters including global counters are cleared upon reboot Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds ...

Page 352: ...aged Switch transmit ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as f...

Page 353: ...ived or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears Figure 4 15 1 ICMP Ping Page Screenshot The Page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Be sure the target IP Address is within the same network subnet of the Managed Switch or you had se...

Page 354: ...es the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Egress Interface The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and will be effective only when the corresponding IPv6 interface is valid When the egress interface i...

Page 355: ...umber and roundtrip time are displayed upon reception of a reply The Page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Figure 4 15 3 Remote IP Ping Test Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings Remote IP Address The destination IP Ad...

Page 356: ...s If all ports are selected this can take approximately 15 seconds When completed the Page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnastic on a 10 or 100 Mbps manag...

Page 357: ...357 Figure 4 15 4 VeriPHY Cable Diagnostics Page Screenshot ...

Page 358: ...ir Short Shorted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable p...

Page 359: ...on of cameras or WLAN AP more easily and efficiently Figure 4 16 1 Power over Ethernet Status 4 16 1 Power over Ethernet Powered Device 3 5 Watts Voice over IP phones Enterprise can install POE VoIP Phone ATA and other Ethernet non Ethernet end devices to the central where UPS is installed for un interrupt power system and power control system 6 12 Watts Wireless LAN Access Points Museum Sightseei...

Page 360: ...2 System Configuration In a power over Ethernet system operating power is applied from a power source PSU power supply unit over the LAN infrastructure to powered devices PDs which are connected to ports Under some conditions the total output power required by PDs can exceed the maximum available power provided by the PSU The system may a prior be planed with a PSU capable of supplying less power ...

Page 361: ... 2 The PoE chip of PD69012 has designed to that Class level 0 will be assigned to 15 4 watts by AF mode and 30 8 watts by AT mode under classification power limit mode It is hardware limited Allocation mode In this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port PD is specified in the Maximum Power fields The ports are shut down whe...

Page 362: ...o PoE class level Allocation Consumption mode System offers PoE power according to PD real power consumption Allocation Reserved Power mode Users allow to assign how much PoE power for per port and system will reserves PoE power to PD LLDP Consumption mode System offers PoE power according to PD real power consumption LLDP Reserved Power mode System reserves PoE power to PD according to LLDP confi...

Page 363: ... operational modes A PD will return to Class 0 to 4 in accordance with the maximum power draw as specified by Table 4 16 1 Class Usage Range of maximum power used by the PD Class Description 0 Default 12 95 watts or to 15 4 watts for AF mode 25 5 watts or to 30 8 watts for AT mode Mid power or High power 1 Optional 0 44 to 3 84 watts Very low power 2 Optional 3 84 to 6 49 watts Low power 3 Optiona...

Page 364: ...the PoE Port Start Up interval time Sequential Power up Port Option There are two modes for Starting Up the PoE Port By Port The PoE Port will start up by following Port number By Priority The PoE Port will start up by following the PoE Priority Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 16 5 Port Configuration This section allows ...

Page 365: ...are three modes for PoE mode Enable enable PoE function Disable disable PoE function Schedule enable PoE function in schedule mode Schedule Indicates the schedule profile mode Possible profiles are Profile1 Profile2 Profile3 Profile4 AF AT Mode Allows user to select 802 3at or 802 3af compatibility mode The default vaule is 802 3at mode ...

Page 366: ...sumption has been over total power budget In this case the port with the lowest priority will be turn off and offer power for the port of higher priority Power Allocation It can limit the port PoE supply watts Per port maximum value must less than 30 8W total ports values must less than the Power Reservation value Once power overload detected the port will auto shut down and keep on detection mode...

Page 367: ...367 ...

Page 368: ...hows the total watts usage of Managed PoE Switch Local Port This is the logical port number for this row PD Class Displays the class of the PD attached to the port as established by the classification process Class 0 is the default for PDs The PD is powered based on PoE Class level if system working on Classification mode A PD will return Class to 0 to 4 in accordance with the maximum power draw a...

Page 369: ...ion on the Earth the Managed PoE switch can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMB or Enterprise saving power and money Scheduled Power Recycling The Managed PoE switch allows each of t...

Page 370: ...370 The screen in Figure 4 16 6 appears Figure 4 16 6 PoE Schedule Screenshot Please press Add New Rule button to start set PoE Schedule function You have to set PoE schedule to profile then go back to ...

Page 371: ...ot Enable Allows user to enable or disable whole PoE port reboot by PoE reboot schedule Please be noticed that if you want to PoE schedule and PoE reboot schedule work at the same time please use this function and don t use Reboot Only function This function offers administrator to reboot PoE device at indicate time if administrator has this kind of requirement Reboot Only Allows user to reboot Po...

Page 372: ... in Figure 4 16 8 appears we enabled LLDP function from port1 ro port3 administrator has to plug a PD that supported PoE LLDP function and then administrator is going to see the PoE information of the PD form LLDP Figure 4 16 8 LLDP Configuration Screenshot 4 16 9 PoE Alive Check Configuration The NS4702 24P 4S 4X PoE Switch can be configured to monitor connected PD s status in real time via ping ...

Page 373: ...his page provides you with how to configure PD Alive Check The screen in Figure 4 16 9 appears Figure 4 16 9 PD Alive Check Configuration Screenshot The page includes the following fields Object Description ...

Page 374: ...PoE Switch offers 3 actions as following PD Reboot It menas system will reset the PoE port that connected the PD Reboot Alarm It means system will reset the PoE port and issue an alarm message via Syslog SMTP Alarm It means system will issue an alarm message via Syslog SMTP Reboot Time 30 180s This column allows user to set the PoE device rebooting time due to there are so many kind of PoE device ...

Page 375: ...375 Figure 4 16 10 Port Power Consumption Screenshot Buttons Click to refresh the page immediately ...

Page 376: ...vides loop protection to prevent broadcast loops in Managed Switch 4 17 1 Configuration This Page allows the user to inspect the current Loop Protection configurations and possibly change them as well screen in Figure 4 17 1 appears Figure 4 17 1 Loop Protection Configuration Page Screenshot ...

Page 377: ...ues are 0 to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart Port Configuration Object Description Port The switch port number of the port Enable Controls whether loop protection is enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Co...

Page 378: ...er of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Click to refresh the Page immediately Auto refresh Check ...

Page 379: ...nt Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 18 1 RMON Alarm Configuration Configure RMON Alarm table on this Page The entry index key is ID screen in Figure 4 18 ...

Page 380: ...er of outbound packets that could not be transmitted because of errors OutQLen The length of the output packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the sample directly Delta Calculate the difference between samples default Value The value of the statistic duri...

Page 381: ...18 2 appears Figure 4 18 2 RMON Alarm Overview Page Screenshot The Page includes the following fields Object Description ID Indicates the index of Alarm control entry Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating ...

Page 382: ...owing fields Object Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Indicates the notification of the event the possible types are none The total number of octets received on the interface including framing ...

Page 383: ...e default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginning of the Event table The first displayed will be the one with the lowest Event Index and Log Index found in the Event table table screen in Figure 4 18 5 appears Figure 4 18 5 RMON Event Overview Page Screenshot The Page includes the following fields ...

Page 384: ...story Configuration Page Screenshot The Page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the v...

Page 385: ...385 Click to add a new community entry Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 386: ...including those in bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received tha...

Page 387: ...able starting from the first entry in the History table i e the entry with the lowest History Index and Sample Index Updates the table starting with the entry after the last entry currently displayed 4 18 7 RMON Statistics Configuration Configure RMON Statistics table on this Page The entry index key is ID screen in Figure 4 18 8 appears Figure 4 18 8 RMON Statistics Configuration Page Screenshot ...

Page 388: ...e with the lowest ID found in the Statistics table screen in Figure 4 18 9 appears Figure 4 18 9 RMON Statistics Status Overview Page Screenshot The Page includes the following fields Object Description ID Indicates the index of Statistics entry Data Source ifIndex The port ID which wants to be monitored Drop The total number of events in which packets were dropped by the probe due to lack of reso...

Page 389: ...t were 64 octets in length 65 127 The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 The total number of packets including bad packets received that were between 128 to 255 octets in length 256 511 The total number of packets including bad packets received that were between 256 to 511 octets in length 512 1023 The total number of packets...

Page 390: ...should be assigned as the member ports in the ERPS Only one switch in the Ring group would be set as the RPL owner switch in which one port called owner port would be blocked and PRL neighbour switch has one port in which one port called neighbour port would be blocked The neighbour port is connected to the owner port directly and this link is called the Ring Protection Link or RPL Each switch wil...

Page 391: ...391 ...

Page 392: ...nfiguration The Maintenance Entity Point instances are configured here as screen in Figure 4 19 1 is shown below Figure 4 19 1 MEP configuration page screenshot The page includes the following fields Object Description ...

Page 393: ...ingress traffic on Residence Port Egress This is an Egress up MEP monitoring egress traffic on Residence Port Residence Port The port where MEP is monitoring see Direction Level The MEG level of this MEP Flow Instance The MEP is related to this flow See Domain Tagged VID Port MEP An outer C S tag depending on VLAN Port Type is added with this VID Entering 0 means no TAG added This MAC The MAC of t...

Page 394: ...tion page screenshot The page includes the following fields Instance Data Object Description MEP Instance The ID of the MEP Domain See help on MEP create WEB Mode See help on MEP create WEB Direction See help on MEP create WEB Residence Port See help on MEP create WEB Flow Instance See help on MEP create WEB Tagged VID See help on MEP create WEB This MAC See help on MEP create WEB ...

Page 395: ...t a CCM is received with a lower level than the configured for this MEP cMEG Fault Cause indicating that a CCM is received with an MEG ID different from configured for this MEP cMEP Fault Cause indicating that a CCM is received with an MEP ID different from all Peer MEP ID configured for this MEP cAIS Fault Cause indicating that AIS PDU is received cLCK Fault Cause indicating that LCK PDU is recei...

Page 396: ...e CCM PDU is always transmitted as Multi cast Class 1 Priority The priority to be inserted as PCP bits in TAG if any In case of enabling Continuity Check and Loss Measurement both implemented on SW based CCM Priority has to be the same Frame rate Selecting the frame rate of CCM PDU This is the inverse of transmission period as described in Y 1731 This value has the following uses The transmission ...

Page 397: ... cast MAC described in G 8032 Type R APS APS PDU is transmitted as R APS this is for ERPS L APS APS PDU is transmitted as L APS this is for ELPS Last Octet This is the last octet of the transmitted and expected RAPS multi cast MAC In G 8031 03 2010 a RAPS multi cast MAC is defined as 01 19 A7 00 00 XX In current standard the value for this last octet is 01 and the usage of other values is for furt...

Page 398: ...connected sub ring without virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 SF MEP is associated with this instance Port 0 APS MEP The Port 0 APS PDU handling MEP Port 1 APS MEP The Port 1 APS PDU handling MEP As only one APS MEP is associated with interconnected sub ring without virtual channel it is configured as 0 for such ring instances 0 i...

Page 399: ...399 Click to refresh the page immediately Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 400: ...reenshot The page includes the following fields Instant Data Object Description ERPS ID The ID of the Protection group Port 0 See help on ERPS create WEB Port 1 See help on ERPS create WEB Port 0 SF MEP See help on ERPS create WEB Port 1 SF MEP See help on ERPS create WEB Port 0 APS MEP See help on ERPS create WEB Port 1 APS MEP See help on ERPS create WEB Ring Type Type of Protected ring It can b...

Page 401: ...heck on Signal Fail before switching The range of the hold off timer is 0 to 10 seconds in steps of 100 ms Version ERPS Protocol Version v1 or v2 Revertive In Revertive mode after the conditions causing a protection switch has cleared the traffic channel is restored to the working transport entity i e blocked on the RPL In Non Revertive mode the traffic channel continues to use the RPL if it is no...

Page 402: ...S The received APS on Port 1 according to State Transition Tables in G 8032 WTR Remaining Remaining WTR timeout in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is not received from the other end Port 0 Block Status Block status for Port 0 Both traffic and R APS block status R APS channel is never blocked on sub rings without virtual channel Port 1 Block ...

Page 403: ...in Figure 4 19 4 appears Figure 4 19 5 Ring Wizard page screenshot The page includes the following fields Object Description All Switch Numbers Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 Number ID The switch where you are requesting ERPS ...

Page 404: ...save changes Click to show the ring topology 4 19 6 Ring Wizard Example Figure 4 19 6 Ring Example Diagram The above topology often occurs on using ERPS protocol The multi switch constitutes a single ERPS ring all of the switches only are configured as an ERPS in VLAN 3001 thereby constituting a single MRPP ring ...

Page 405: ...panning tree protocol to avoid confliction with ERPS Setup steps Set ERPS Configuration on Switch 1 Connect PC to switch 1 directly don t connect to port 1 2 Log in on the Switch 1 and click Ring Ring Wizard Set All Switch Number 3 and Number ID 1 click Next button to set the ERPS configuration for Switch 1 Set MEP1 Port1 MEP2 Port2 and VLAN ID 3001 click Set button to save the ERPS configuration ...

Page 406: ...ck Next button to set the ERPS configuration for Switch 3 Set MEP5 Port2 MEP6 Port1 and VLAN ID 3001 click Set button to save the ERPS configuration for Switch 3 To avoid loop please don t connect switch 1 2 3 together in the ring topology before configuring the end of ERPS Follow the configuration or ERPS wizard to connect the Switch 1 2 3 together to establish ERPS application MEP2 MEP3 Switch1 ...

Page 407: ...ress is located at the same port with this packet comes in then this packet will be filtered Thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Managed Switch stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occ...

Page 408: ...n Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode 1000Base T can be only connec...

Page 409: ...onnecting with power device End Span could also tap the wire 1 2 and 3 6 PoE System Architecture The specification of PoE typically requires two devices the Powered Source Equipment PSE and the Powered Device PD The PSE is either an End Span or a Mid Span while the PD is a PoE enabled terminal such as IP Phones Wireless LAN etc Power can be delivered over data pairs or spare pairs of standard CAT ...

Page 410: ...gative supply In fact a late change to the spec allows either polarity to be used Figure 8 1 Power Supplied over the Spare Pins The data pairs are used Since Ethernet pairs are transformer coupled at each end it is possible to apply DC power to the center tap of the isolation transformer without upsetting the data transfer In this mode of operation the pair on pins 3 and 6 and the pair on pins 1 a...

Page 411: ...te of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 1000Base T port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedic...

Page 412: ...ridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment PIN NO MDI Media Dependant Interface MDI X Med...

Page 413: ...ange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown...

Page 414: ...s context they are similar to firewalls There are 3 web Pages associated with the manual ACL configuration ACL Access Control List The web Page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a cou...

Page 415: ...ted the port will select the prefered media APS APS is an acronym for Automatic Protection Switching This protocol is used to secure that switching is done bidirectional in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggreg...

Page 416: ...scovery Protocol D DEI DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the dat...

Page 417: ...formation to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circ...

Page 418: ...rgy Efficient Ethernet defined in IEEE 802 3az EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame F FTP FTP is an acronym for File Transfer Protocol It is a transf...

Page 419: ...ecure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 ins...

Page 420: ...s on the server rather than downloading them to your computer If you wish to remove your messages from the server you must use your mail client to generate local folders copy messages to your local hard drive and then delete and expunge the messages from the server IP IP is an acronym for Internet Protocol It is a protocol used for communicating data across a internet network IP is a best effort s...

Page 421: ...ement of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as ...

Page 422: ...an be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD MLD is an acronym for Multicast Listener Discovery for IPv6 MLD is used by IPv6 routers to discover multicast listeners on a directly attached link much as IGMP is used i...

Page 423: ...ugh they are local file systems NFS allows the system administrator to store resources in a central location on the network providing authorized users continuous access to them which means NFS supports sharing of files printers and other resources as persistent storage over a computer network NTP NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of compute...

Page 424: ...ver a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with an acknowledgment that it received the packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected ping uses Internet Control Message Protocol ICMP packets The PING Request is the packet from the origin comp...

Page 425: ...mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia Private VLAN In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN PTP PTP is an acronym for Precision Time Protocol a network protocol for synchronizing the clocks of computer sy...

Page 426: ... was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the complement of ARP RADIUS RADIUS is an acronym for Remo...

Page 427: ...l representation known as a message digest of an input data sequence the message of any length Shaper A shaper can limit the bandwidth of transmitted frames It is located after the ingress queues SMTP SMTP is an acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service S...

Page 428: ... exchanged using a secure channel between two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia SSM SSM In SyncE this is an abbreviation for Synchronization Status Message and...

Page 429: ...acronym for TELetype NETwork It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user must log in to a server by entering a valid username and password Then th...

Page 430: ...hange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol ...

Page 431: ...quality W WEP WEP is an acronym for Wired Equivalent Privacy WEP is a deprecated algorithm to secure IEEE 802 11 wireless networks Wireless networks broadcast messages using radio so are more susceptible to eavesdropping than wired networks When introduced in 1999 WEP was intended to provide confidentiality comparable to that of a traditional wired network Wikipedia WiFi WiFi is an acronym for Wir...

Page 432: ...able pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPS WPS is an acronym for Wi Fi Protected Setup It is a standard for easy and secure establishment of a wireless home network The goal of the WPS protocol is t...

Reviews:

No comments

Related manuals for NS4702-24P-4S-4X

D-Link DUB-H4 - Hub - USB Installation Manual preview
DUB-H4 - Hub - USB
Brand: D-Link Pages: 4
D-Link DSS-16+ Quick Install Manual preview
DSS-16+
Brand: D-Link Pages: 2
GE GuardSwitch 300 Series Quick Start Manual preview
GuardSwitch 300 Series
Brand: GE Pages: 4
D-Link DES-1018P User Manual preview
DES-1018P
Brand: D-Link Pages: 14
Painless Performance Products 50201 Installation Instructions preview
50201
Brand: Painless Performance Products Pages: 2
Harman Kardon ABH 4000 Owner'S Manual preview
ABH 4000
Brand: Harman Kardon Pages: 2
IBM 8271 Nways Ethernet LAN Switch User Manual preview
8271 Nways Ethernet LAN Switch
Brand: IBM Pages: 210
l-com IES Series User Manual preview
IES Series
Brand: l-com Pages: 12
Eaton ATC-900 Manual preview
ATC-900
Brand: Eaton Pages: 40
hager WXT30 Series Manual preview
WXT30 Series
Brand: hager Pages: 4
PNI CT25WIFI User Manual preview
CT25WIFI
Brand: PNI Pages: 92
IPGARD SA-DVN-8D Quick Start Manual preview
SA-DVN-8D
Brand: IPGARD Pages: 2
Trust START-LINE AGC-3500 Important Information Manual preview
START-LINE AGC-3500
Brand: Trust Pages: 16
Harman AMX PR01-0808 User Manual preview
AMX PR01-0808
Brand: Harman Pages: 50
Tabs TBGW100-915 Reference Manual preview
TBGW100-915
Brand: Tabs Pages: 4
Green Brook KingShield T206-C Installation And Operating Instruction preview
KingShield T206-C
Brand: Green Brook Pages: 2
tactio INEO-SU2402G User Manual preview
INEO-SU2402G
Brand: tactio Pages: 2
AT&T NetGate 8200 Installation Manual preview
NetGate 8200
Brand: AT&T Pages: 24

Brands by name

Popular brands

Load more brands