background image

 

 

21 

 

Firmware Update 

Click

 System Configuration > Firmware Update

 to enter the interface below: 

 

This  section  displays  current  firmware  version.  To  update  the  switch's  firmware,  click 

Browse… 

to  locate  and 

select the latest firmware and click 

Update

. The process takes 1-2 minutes to finish. 

Note:   

1.

 

Do not disconnect from power while upgrade is in process. 

2.

 

If power supply is disconnected, please upgrade it again; if unable to enter the management interface, contact 

maintenance personnel. 

4.1.2 System Security 

SSL Overview 

Secure Sockets Layer  (SSL)  is a  cryptographic protocol that  is  designed to provide communication security over 

the Internet. It is widely applied in E-commerce and Internet banking areas. 

 

SSL Security 

Privacy: Adopting asymmetrical encryption technology and RSA (Rivest Shamir and Adleman), SSL uses key pair 

to encrypt information.   

Authentication: Authenticate the users and the servers based on the certificates to ensure the data are transmitted to 

the correct users and servers. SSL server and clients obtain CA certificates via PKI (Public Key Infrastructure).   

Integrality:  Maintain  the  integrality  of  the  data  based  on  Message  Authentication  Code  (MAC)  to  prevent  data 

being  altered  in  the  transmission.  A  MAC  algorithm,  sometimes  called  a  keyed  (cryptographic)  hash  function, 

accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes 

known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing 

verifiers (who also possess the secret key) to detect any changes to the message content.   

 

 

Summary of Contents for G3224P

Page 1: ......

Page 2: ...more about our product information please visit our website at www ip com com cn Disclaimer Pictures images and product specifications herein are for references only To improve internal design operati...

Page 3: ...re the switch is installed 4 Operating conditions Keep the switch away from electromagnetic noise such as photocopy machines microwaves cellphones etc Use Notes 1 Use the provided accessories such as...

Page 4: ...it 2 Use soft cloth to clean the device s housing shell Environmental Protection 1 Throw the discarded device or batteries into the specified recycling places 2 Observe the local processing acts abou...

Page 5: ...g the Switch on a Flat Workbench 7 2 3 Connecting to Protective Grounding Line 8 2 3 1 With Grounding Bar 8 2 3 2 Without Grounding Bar 8 2 4 Connecting the Power Cord 9 2 5 Connecting to Interface 9...

Page 6: ...76 4 6 5 SNMP 78 4 6 6 DHCP Relay 85 4 6 7 DHCP Snooping 88 4 7 QoS 91 4 7 1 QoS Configuration 91 4 7 2 Traffic Control 96 4 7 3 ACL 98 4 8 Security 103 4 8 1 Attack Defense 103 4 8 2 IP Filter 110 4...

Page 7: ...ocol VLAN 137 5 3 18 Voice VLAN 138 5 3 19 MAC Configuration 139 5 3 20 QoS Configuration 140 5 3 21 STP Configuration 141 5 3 22 IGMP Configuration 144 5 3 23 Time Range Management 145 5 3 24 PoE Man...

Page 8: ...features Aiming at solving the safety problems in LAN it provides user grading management management VLAN ARP attack defense worm attack defense DoS attack defense MAC attack defense IP MAC PORT VLAN...

Page 9: ...RJ45 10 100 1000 auto negotiation Gigabit switching ports 4 1000Mbps SFP ports Management Interface One Console port Operating Temperature 0 40 Storage Temperature 40 70 Operating Humidity 10 90 RH n...

Page 10: ...storm constrain based on ports Multicast storm constrain based on ports Unknown unicast storm constrain based on ports STP IEEE 802 1d STP IEEE 802 1w FSTP IEEE 802 1s MSTP protocol In MSTP mode up to...

Page 11: ...e contains the following items 24 Port Gigabit with 4 Shared SFP PoE Managed Switch Power Cord Install Guide Console Cable Mounting Kit 2 brackets screws Four Footpads 1 4 Device Hardware Interfaces 1...

Page 12: ...valid link is established on the port Off An invalid link is established on the port 1 4 3 Interfaces 1 4 3 1 Console Interface This switch with an RS232 asynchronous console port can be used for con...

Page 13: ...y for detachable connection between optical channels is very convenient for the test and maintenance of the optical system This device with its 1000Mbps Combo copper fiber ports supports gigabit SFP c...

Page 14: ...19 inch rack is not available place the switch on a clean flat workbench Attach the 4 footpads to corresponding position of the switch bottom to avoid potential sliding and vibration and ensure good...

Page 15: ...proper options for grounding bar The grounding cable on the switch should be connected to the grounding bar in the IT room 2 3 2 Without Grounding Bar 1 With mud land nearby and allowed to bury groun...

Page 16: ...t the DB 9 plug on the console cable to a PC Connect the RJ45 connector to the console port on the switch 2 5 2 Connecting to RJ45 ports The switch provides auto MDI MDIX feature on each RJ45 ports PC...

Page 17: ...compliant AP IP telephone or IP camera to switch By default the power supply mode is dynamic PoE power supply is enabled and the power supply standard is 802 3at 2 6 Check the Installation Before appl...

Page 18: ...etwork segment It can t be 192 168 0 1 Web Browser Microsoft IE 8 0 or higher Ethernet Cable One CAT 5 RJ45 cable 3 1 2 Configuration Preparation Launch a web browser such as IE8 type in 192 168 0 1 a...

Page 19: ...C to the console port on the switch Step 2 Run terminal program for example terminal in Windows 3 X Hyper Terminal in Windows 9X Windows 2000 Windows XP an example of Windows XP is described below on...

Page 20: ...13 Figure 3 2 Connect To Figure 3 3 Port Settings Step 3 Power the switch press Enter input user name and password admin admin by default and then press Enter again Below screen will appear...

Page 21: ...3 3 Telnet Login Take Windows XP as an example click Start Run and enter telnet 192 168 0 1 as seen below Then press Enter input the username and password admin admin and the following window will app...

Page 22: ...ser This section allows you to add new users and change password Port Management Port Configuration Allows users to configure them a port and displays port status and statistics Link Aggregation Displ...

Page 23: ...ettings and client access settings QoS CoS CoS priority 0 7 is supported Default 0 and 3 correspond to queue 1 1 and 2 correspond to 2 4 and 5 correspond to queue 3 6 and 7 correspond to queue 4 DSCP...

Page 24: ...ation Corporate and hotel network administrators can use this section to easily configure file server port and router port For details please refer to 4 9 Smart Configuration Maintenance Allows users...

Page 25: ...ccess the switch s web manager The default is 192 168 0 1 Subnet Mask Configure the corresponding subnet mask of the IP address specified above The default is 255 255 255 0 Gateway Specify a gateway a...

Page 26: ...d time will not be updated or synchronized with other devices and will be restored to factory defaults after system reboot 2 System Time Config Click System Configuration System Time to enter interfac...

Page 27: ...rent settings will be lost after reset So if you want to retain current settings please click Save Configurations in the lower left concern of the page 2 Do not operate the device while reset is in pr...

Page 28: ...areas SSL Security Privacy Adopting asymmetrical encryption technology and RSA Rivest Shamir and Adleman SSL uses key pair to encrypt information Authentication Authenticate the users and the servers...

Page 29: ...ryptography negotiation and authentication A session will be established between clients and the server Session ID certificate of the other side cryptography algorithm and primary security key are inc...

Page 30: ...ng the set time the web manager will return to login window The Login Timeout can be set to any value between 30 and 3600 seconds The default setting is 300 seconds User Name Specify a user name for l...

Page 31: ...the switch to factory default To add user do as follows 1 Click Add to enter interface below 2 Enter the user name 3 Select user or technician from the Access Mode pull down list 4 Specify a password...

Page 32: ...f a port is not connected Speed Duplex Three types of duplex modes are available on Ethernet ports Full duplex Ports operating in Full duplex mode can send and receive packets concurrently Half duplex...

Page 33: ...l ports are enabled Isolation Only in 802 1Q VLAN mode isolation feature can be set It can implement isolation of group members intercommunication by adding a port into one isolation group This featur...

Page 34: ...for ports in an aggregation will not be affected 5 When a not isolated port joins an isolated aggregation group it joins the same isolation group automatically Port Mirroring Port Mirroring allows co...

Page 35: ...roring port packets loss will happen Ingress Only incoming packets are copied to the monitor port Egress Only outgoing packets are copied to the monitor port Egress Ingress Both inbound and outbound p...

Page 36: ...ink Aggregation Overview Link aggregation groups multiple Ethernet ports together in parallel to act as a single logical link Aggregation enabled devices treat all physical links ports in an aggregati...

Page 37: ...will treat a link aggregation group as a single link on the switch level On the port level the STP will use the port parameters of the Master Port in the calculation of port cost and in determining th...

Page 38: ...rding status can send receive both service packets and LACP frames ports in blocked status can only send receive LACP frames Link Aggregation View Config Click Port Management Link Aggregation to ente...

Page 39: ...ote Once ports in static aggregation group are linked successfully they will be aggregated and not be affected by port speed LACP Aggregation Config Click New to enter the configuration screen as seen...

Page 40: ...ding port joins an LACP aggregation group and Disable when the port does not join any LACP aggregation group or joined a static aggregation group Priority Configure port priority 0 65535 The default i...

Page 41: ...1 and port 3 3 Set Switch A s system priority on the LACP protocol interface to a value which is smaller than 32768 so that switch A s priority is higher than switch B s At the same time set port 2 s...

Page 42: ...AC learning Enable IP filter Configuring mirroring destination port Enable voice VLAN feature Enable 802 1X authentication Below ports cannot join the aggregation group 802 1x enabled port s ACL Bindi...

Page 43: ...n order to better collaborate with staffs from home or abroad on a special project a workgroup is indispensable Using VLAN all workstations and servers that a particular workgroup uses can be assigned...

Page 44: ...ive and send traffic for them Usually ports that connect switches are configured as trunk ports Hybrid Like a trunk port a hybrid port can carry multiple VLANs to receive and send traffic for them A p...

Page 45: ...PVID If voice VLAN protocol VLAN MAC VLAN and 802 1Q VLAN are configured on this switch ingress packets will be matched according to the VLAN sequence mentioned above VLAN Mode Toggle You can toggle b...

Page 46: ...ailable Port and click to move them to Member Ports 4 Click OK and below screen will be displayed Note 1 Available values for VLAN ID range from 2 to 4029 You can configure multiple VLANs by entering...

Page 47: ...elete an access port 1 Click the VLAN ID of 2 2 Select port3 from Available Ports and click 3 Select port2 from Member Ports and click 4 Click OK To add trunk port 1 Click Trunk Port to enter the trun...

Page 48: ...e a trunk port in the trunk port view To delete a single trunk port click the Delete button to delete a batch of trunk ports click and then the Batch Delete button Note 1 An existing hybrid port canno...

Page 49: ...ple 1 24 denotes 24 ports while 1 24 indicates 2 ports 3 PVID Enter an existing VLAN ID 4 Tagged VLAN Enter 1 4094 or leave it empty 5 Untagged VLAN Enter 1 4094 or leave it empty 6 Click OK To edit a...

Page 50: ...ete a batch of hybrid ports click and then the Batch Delete button Note 1 An existing trunk port cannot be directly configured as a hybrid port However you can convert a Trunk port into a Hybrid port...

Page 51: ...LAN1 To isolate them from other ports do as follows 1 Click VLAN1 as seen below Select port1 and port2 in Member Ports to move them back to Available Ports Click OK Add members to a port VLAN To add n...

Page 52: ...VLAN The packet in MAC VLAN is processed in the following way 1 When receiving an untagged packet the switch will check whether the corresponding MAC VLAN has been created If the corresponding MAC VLA...

Page 53: ...MAC VLAN As shown above click the Delete button to delete the corresponding MAC VLAN Up to 64 MAC VLANs can be supported on this device 4 3 3 Protocol VLAN Overview Protocol VLAN another way to classi...

Page 54: ...Type on this device is set to LLC Ether Type of this protocol VLAN will match 16 18th bytes of the packet for VLAN mapping Ethernet SNAP The biggest difference between Ethernet SNAP Frame and 802 3 8...

Page 55: ...e Displays protocol model s encapsulation Frame Type Ethernet II LLC or SNAP To add protocol model 1 Click New to enter interface below Configure protocol name in the Protocol Name Field Up to 31 char...

Page 56: ...AN matches with 13 14th bytes to map VLAN LLC Protocol VLAN matches with 17 18th bytes to map VLAN SNAP Protocol VLAN matches with 23 24th bytes to map VLAN and 16 21th bytes are AA AA 03 00 00 00 To...

Page 57: ...ice VLAN Voice VLAN Overview Voice VLAN is a VLAN designed for voice data flow partition By creating voice VLAN and adding ports connected to voice devices into the voice VLAN you can centrally transm...

Page 58: ...s are described as below Voice VLAN Working Mode Voice Traffic Type Port Link Type Auto Tagged Access Not supported Trunk Supported but the default VLAN of the connected port must already exist and ca...

Page 59: ...rted but the default VLAN of the connected port must already exist and can t be voice VLAN And voice VLAN should be in the allowed tagged VLAN list Global Setup Click VLAN Management Voice VLAN Global...

Page 60: ...ription Port Display port number VLAN Display voice VLAN ID on corresponding port Mode Display voice VLAN mode auto or manual Status Display voice VLAN status Enable or Disable To configure voice VLAN...

Page 61: ...54 OUI Setup Click VLAN Management Voice VLAN OUI Setup to enter interface below To configure OUI settings To add a new OUI address click Add on the OUI Setup page...

Page 62: ...B900 0000 FFFF FF00 0000 Philips NEC 5 00D0 1E00 0000 FFFF FF00 0000 Pingtel 6 00E0 7500 0000 FFFF FF00 0000 Polycom 7 00E0 BB00 0000 FFFF FF00 0000 3com To delete an OUI address click Delete on the...

Page 63: ...iority port number If the priority is the same the smaller the port number is the higher the priority Power Utilization Displays the current power utilization rate PoE CPU Temperature Displays the thr...

Page 64: ...EEE 802 3af Enter a valid power value between 0 15 4w If you enter a power value that is greater than 15 4w 15 4w will be applied automatically IEEE 802 3at Enter a valid power value between 0 30w If...

Page 65: ...week 4 5 1 Time Range Click Time Range Management Time Range to enter interface below Fields on the screen are described below Field Description Time Range ID Displays corresponding time range ID Tim...

Page 66: ...length is 6 bytes The format is XXXX XXXX XXXX and X is hexadecimal When forwarding a frame the device adopts the following forwarding modes based on the MAC address table Unicast mode If an entry is...

Page 67: ...be manually added or dynamically learned and might age out Configure MAC Address Table Entries To display MAC address entries globally Click Device Management MAC MAC Address Display to enter interfa...

Page 68: ...ss while the VLAN ID is optional In Port VLAN mode you only need to enter a MAC address to view details Delete Click this button next to the corresponding MAC address to delete the MAC address Batch D...

Page 69: ...agement MAC Static MAC Address to enter interface below To add a static MAC address entry Click Add enter a MAC address specifying a VLAN ID and selecting port then click OK In Port VLAN mode only MAC...

Page 70: ...work nodes This is accomplished in the STP A STP enabled switch can perform the following tasks 1 Discover and generate an optimum STP topology 2 Discover and repair failures on the network automatica...

Page 71: ...all of its spanning tree information in a single BPDU format Not only does this reduce the number of BPDUs required on a LAN to communicate spanning tree information for each VLAN but it also ensures...

Page 72: ...max aging time for messages You may choose a time between 6 and 40 seconds The default value is 20s Hello time Configure the Hello Time You may choose a time between 1 and 10 seconds The default value...

Page 73: ...e 32 characters allowed The default is the device s MAC address Modification Level Configure MSTP modification level Valid range is 0 65535 The default is 0 Format Selector Display 0 Configuration Abs...

Page 74: ...ed instance Only instance 0 is enabled by default and can t be disabled VLAN Mapping List Display instance s current mapping VLANs Bridge Priority Display instance s current bridge priority To configu...

Page 75: ...onding port as seen below Fields on the screen are described below Field Description STP Status STP feature switch By default the STP is disabled To activate the STP feature you must enable STP both g...

Page 76: ...k automatically Instance ID Configure port parameters in different instances Priority By default the port priority is set to 128 Default Path Cost Enable disable port default path cost You can specify...

Page 77: ...dification level and the same instance mapping Make VLAN 10 30 100 map instance 1 and set Device 1 as the root bridge of instance 1 Make VLAN 20 40 200 map instance 2 and set Device 2 as the root brid...

Page 78: ...Configuration MSTP Configuration Save configurations Steps Add vlan10 20 30 40 100 and 200 Set ports on Device 1 and Device 2 to Hybrid and Tagged Set Device 1 and Device 2 s domain name to G3224P se...

Page 79: ...settings is represented in TLV Type Length Value format according to the IEEE 802 1ab standard and these TLVs are encapsulated in LLDPDU Link Layer Discovery Protocol Data Unit The LLDPDU distributed...

Page 80: ...iplier you can control this device info s age time on the neighboring device 2 10s Sending Delay When local configurations change each LLDP packet will be sent after one sending delay time 1 8192s and...

Page 81: ...the Port Setup page to configure LLDP settings on a batch of ports concurrently Fields on the screen are described below Field Description Port Properties Select LLDP working status Disable Send Only...

Page 82: ...receives LLDP packet System Name Display the neighboring device s system name Neighbor Port Display the port which sends LLDP packets on the neighboring device Chassis ID Display the MAC address of t...

Page 83: ...MP Snooping enabled disabled How IGMP Snooping Works A switch that runs IGMP snooping performs different actions when receiving different IGMP messages When receiving a general query The IGMP querier...

Page 84: ...d to such port After receiving the IGMP leave message from a host the IGMP querier resolves the multicast group address in the message and sends an IGMP group specific query to that multicast group th...

Page 85: ...nable Disable multicast VLAN When multicast VLAN is enabled multicast VLAN ID becomes configurable and multicast packets can only be forwarded in this VLAN Multicast VLAN ID This option 1 4094 becomes...

Page 86: ...ged objects depending on the type of packets received and generate Response packets to return to NMS SNMP Version The device supports SNMP v3 and is compatible with SNMP v1 and SNMP v2c SNMP v3 adopts...

Page 87: ...al location SNMP Version Select V1 V2c or V3 Click Add to create a community name as seen below Note You must create a view before you can create a community Community Name Click Standard and select p...

Page 88: ...t and enter a password and confirm password at least 8 characters If noauth nopriv is selected this field will be greyed out Select an Encryption Mode from the drop down list and enter a password and...

Page 89: ...iv Specify Read only View Read Write View Notification View respectively from corresponding drop down list To edit groups click the corresponding Group Name to enter the interface for modification Vie...

Page 90: ...s undergoing a coldstart power disconnection or reboot Warmstart Trap Send Warmstart Trap to designated host when the SNMP is disabled on the switch Linkdown Trap Send Linkdown Trap to designated host...

Page 91: ...me IP net segment as the switch say 192 168 0 77 3 Enter a UDP port number to which Traps are to be sent in the Port NO field The default is 162 4 Enter a custom community name of up to 31 characters...

Page 92: ...relay forwarding process DHCP relay working process When network devices with DHCP relay feature receive DHCP DISCOVER or DHCP REQUEST packets broadcast transmitted by DHCP clients the giaddr field w...

Page 93: ...ts without Option82 Any Add the switch defined one into Option 82 field DHCP Relay Global Setup Click Device Management DHCP Relay Global Setup to enter interface below Fields on the screen are descri...

Page 94: ...virtual interface click New as below 1 Specify the VLAN ID ranging from 2 to 4094 and the VLAN ID must be existing 802 1Q VLAN ID 2 Enable the IPV4 setup status 3 Enter the valid IPV4 address say 1 1...

Page 95: ...mmunication In order that DHCP clients obtain IP addresses via legal DHCP servers trusted ports and untrusted ports are allowed Trusted ports can forward DHCP packets they ve received After receiving...

Page 96: ...e Management DHCP Snooping Global Setup as below Fields on the screen are described below Field Description DHCP Snooping Enable Disable DHCP snooping feature globally By default it is disabled Source...

Page 97: ...o port setup page Three strategies are available for this device Replace When DHCP relay receives DHCP packets with Option 82 the previous Option 82 information will be replaced by the default content...

Page 98: ...munication QoS addresses network latency and congestion issues Non critical elastic applications like web browsing or emailing do not rely on QoS as they function however much or little bandwidth is a...

Page 99: ...ues ranging from 0 to 7 Bits 3 6 denote the ToS priority with available values ranging from 0 to 15 The RFC 2474 redefined the IPv4 ToS field as the DS field The DSCP priority is denoted by the first...

Page 100: ...d before low priority packets The lowest priority queue would be serviced only when highest priority queues had no packets buffered Disadvantages of SP The SP queueing gives absolute priority to high...

Page 101: ...mediately Thus bandwidth resources are fully utilized Scheduling Scheme Click QoS QoS Configuration Scheduling Scheme to enter interface below To configure scheduling scheme select SP or WRR from the...

Page 102: ...red mapping relationships at first Then according to the CoS queue mapping table it assigns packets with DSCP priority to queues which CoS priority corresponds to Port Priority To configure port prior...

Page 103: ...t via configuring the available bandwidth of each port In this way the network bandwidth can be reasonably distributed and utilized Rate limit adopts token bucket for flow control If rate limit is con...

Page 104: ...ilter broadcast multicast and unknown unicast frames in the network If the transmission rate of the three kind packets exceeds the set bandwidth the packets will be automatically discarded to avoid ne...

Page 105: ...An access control list ACL implements packet filter via configured rules and operations attached to a packet When the switch receives a packet it analyzes the packet using currently applied ACL rules...

Page 106: ...l existing MAC based ACLs and rules thereof To delete an existing MAC based ACL Select the ACL you wish to delete from the ACL drop down list and click on the Delete ACL button To create MAC based ACL...

Page 107: ...tch and apply to all packets with whatever source MAC destination MAC Message Type Specify the message type in Hex Action Permit Allow messages that match existing rules to pass device Prohibit Discar...

Page 108: ...n Configure required ACL settings and click OK ACL ID Specify an ACL ID between 1 and 100 Description Specify an ACL description To add rules to a specified ACL Select an ACL from the ACL drop down li...

Page 109: ...configurable only when TCP or UDP protocol is selected Action Specify an action to handle messages Permit Allow messages that match existing rules to pass device Prohibit Discard messages that match e...

Page 110: ...Attack Defense ARP Attack Defense If a switch continuously receives an enormous number of ARP messages on a specific port it will not function properly as CPU is overloaded and worse still may break u...

Page 111: ...ARP RX Rate The default is 100PPS Note PPS refers to the number of packets per second It has nothing to do with the size of a packet Status Displays the status how a corresponding port deals with rec...

Page 112: ...responding page for configuration Worm Attack Defense Worm Attack Defense prevents virus worm infected PCs being spread to targeted healthy PCs and the whole network by scanning for security failures...

Page 113: ...ck defense feature 1 Click New to enter screen below 2 Enter the virus name say SQLSlammer 3 Specify a protocol say TCP or UDP 4 Specify the TCP destination port number say 1434 5 Click OK and defense...

Page 114: ...o enter the corresponding interface Re configure it and then click OK Note The device supports up to 20 virus types DoS Attack Defense DoS Attack Defense prevents potential attackers from making a mac...

Page 115: ...graded due to an oversized MAC address table The MAC Attack Defense is implemented on the device by limiting the number of MAC addresses that can be learned on each port Click Security Attack Defense...

Page 116: ...port can learn is not limited Unknown MAC Address Drop If enabled corresponding port s will discard packets where source MAC addresses are not in the MAC address table when reaching the set address l...

Page 117: ...for example 192 168 100 1 Enter an IP address in the End IP field for example 192 168 100 254 Enter a number in VLAN ID field for example 1 and this field is optional Click OK to start searching Searc...

Page 118: ...for example 24 This item is optional 5 Enter a number in VLAN ID field for example 1 This item is optional 6 Click OK The IP MAC Port VLAN Bind screen will display added binding entries Port Filter Se...

Page 119: ...ch the active IP MAC Port VLAN Binding entries can pass such port s otherwise are dropped directly No Selecting NO sets corresponding port s as trusted port s namely IP packets will not be examined wh...

Page 120: ...erface to check whether the IP filter is disabled if not such port will not be able to receive any IP packets Thus before you delete an IP MAC Port VLAN Binding entry ensure that the IP filter has bee...

Page 121: ...n authenticator and an authentication server The supplicant is a client device such as a laptop that wishes to attach to the LAN WLAN though the term supplicant is also used interchangeably to refer t...

Page 122: ...thout being authenticated However if the first user is disconnected other users will be unable to access Internet When MAC based access control is adopted all users connected to this port need to be a...

Page 123: ...on the same net segment as the switch s management IP address Authorized Shared Key Enter the authorized shared key as it is on the Radius authentication authorization server Recertification Enable o...

Page 124: ...eed authenticating first to communicate with other devices Note If PORT is select from Access Control Method drop down list the default maximum access number is 1 But this does not indicate only one u...

Page 125: ...s on the screen are described below Field Description Cash Register Server Port The priority of a Cash Register Server Port will be automatically set to 7 and two cash register server ports can be con...

Page 126: ...istration Technology Agent software actively broadcasts requests to join server s management domain and server determines whether to accept the client When accepting such client the Intel Platform Adm...

Page 127: ...Server Port Specify a port to connect to a file server File Server Port Priority Specify priority for the file serve port say Higher High Standard or Low which represents 7 5 3 and 1 respectively For...

Page 128: ...for network administrators and developers to monitor network operation and diagnose malfunction The system logs have the following features 1 Classification of Syslog Log log info Trap warning info D...

Page 129: ...creen are described below Field Description Enable Logging Enable disable Log feature By default it is enabled Enable Server Check to enable log server Log Severity Level Only logs of severity level e...

Page 130: ...messages sent from the originating host to a destination computer Ping operates by sending Internet Control Message Protocol ICMP echo request packets to the target host and waiting for an ICMP respo...

Page 131: ...t Display the ping result Tracert Check up Tracert Overview Tracert is a computer network diagnostic tool for displaying the route path and measuring whether network connection is available or not Whe...

Page 132: ...knows packets have reached Device D and the route packets have passed from Device A to Device D is obtained 1 1 1 2 1 1 2 2 1 1 3 2 To implement tracert check up click Maintenance Network Diagnostics...

Page 133: ...lost When the page refreshes the action of saving configurations is completed 2 Backup Settings Once you have configured the device the way you want you can save all settings to your local hard drive...

Page 134: ...ection if only one match is found then it will be populated to the con field automatically To go back to previous directory press the key is invalid in IP COM To activate a command press Enter after y...

Page 135: ...ig a gateway IP address IP COM show ip Note View configured IP address es 5 3 4 Enable DHCP Client to Obtain an IP Address IP COM config ip dhcp Note Enable DHCP client and switch will obtain an IP ad...

Page 136: ...stem Time Configuration IP COM clock set 14 09 30 4 11 2012 Note Manually set system date and time to Apr 11 2012 and 14 09 30 respectively IP COM config sntp enable Note Enable SNTP server IP COM con...

Page 137: ...ia a TFTP server 5 3 9 Web Login Timeout Configuration IP COM config http redirect timeout 300 Note Config web login timeout interval as 300 seconds IP COM show http redirect timeout Note View web log...

Page 138: ...stination port IP COM config monitor source interface range gigabitethernet 0 1 3 rx Note Config ports 1 3 as mirroring source ports and sniffer mode as Ingress IP COM config monitor source interface...

Page 139: ...te aggregation group IP COM config interface range gigabitethernet 0 1 4 Note Set ports 1 4 as link aggregation member ports IP COM config if trunk group 1 type static Note Set static aggregation grou...

Page 140: ...lgorithm IP COM config port channel load balance src dst ip Note Config source and destination IP algorithm View aggregation info IP COM show aggregate port Note View aggregation group IP COM show lac...

Page 141: ...port 5 and port 6 from QVLAN2 A port must belong to a single VLAN and belong to VLAN1 by default Delete QVLAN IP COM config no vlan 2 Note Delete QVLAN2 IP COM config no vlan 10 15 Note Delete multipl...

Page 142: ...et 0 24 IP COM config if switchport mode access Note Change port 24 to access port trunk port 24 will not exist IP COM config interface range gigabitethernet 0 1 10 IP COM config if switchport mode ac...

Page 143: ...ethernet 0 10 IP COM config if switchport mode access Note Delete existing Hybrid port 10 IP COM config interface range gigabitethernet 0 1 24 IP COM config if switchport mode access Note Delete all h...

Page 144: ...Note Add MAC VLANs whose MAC address is 0000 0000 0001 It is described as v11 and corresponds to vlan2 with cos 0 IP COM configure terminal IP COM config no mac vlan 0000 0000 0001 Note Delete the MAC...

Page 145: ...Disable voice VLAN global security mode IP COM config voice vlan agetime 3600 Note Set voice VLAN agetime to 3600min IP COM show voice vlan global Note View voice VLAN global info Voice VLAN port sett...

Page 146: ...ig mac address table aging time 0 Note Set MAC address never to age out IP COM config mac address table aging time 100 Note Config MAC age time IP COM config no mac address table aging time Note Resto...

Page 147: ...w mac address table interface gigabitethernet 0 5 Note Display MAC address es on a certain port Clear MAC address table IP COM clear mac address table Note Delete all dynamic MAC addresses 5 3 20 QoS...

Page 148: ...mstp Note Set STP version to mstp IP COM config spanning tree bpdu forward broadcast Note Broadcast BPDU packets IP COM config spanning tree bpdu forward filter Note Filter BPDU packets IP COM config...

Page 149: ...config no spanning tree mstp max hops Note Delete max hop setting and restore it to the default 20 IP COM config no spanning tree mstp 0 priority Note Delete instance bridge priority setting and resto...

Page 150: ...onfig if spanning tree link type point to point auto Note spanning tree link type point to point auto IP COM config if spanning tree link type point to point force false Note Set port as non p2p port...

Page 151: ...edge port setting P2P port setting port role port status STP statistics on port 5 IP COM show spanning tree detail Note Display all STP info IP COM show spanning tree enable instance Note Display all...

Page 152: ...e Reset Max age of IGMP routing port to factory default IP COM config no ip igmp snooping host aging time Note Reset Max age of IGMP host port to factory default Enable disable IGMP port fast leave IP...

Page 153: ...M config interface range gigabitethernet 0 9 IP COM config if power inline standard af at Note Configure interface power supply standard IP COM config interface range gigabitethernet 0 6 IP COM config...

Page 154: ...any dst mac mask any Note Add rule 3 and deny all packets at the source MAC address of aaaa aaaa aaa passing Note Deny Deny packets matching the rule to pass Vlan Specify VID Eth type Specify protocol...

Page 155: ...e IP ACL rule binding with time range Delete ACL IP COM config no access list 125 Note Delete MAC based ACL 125 IP COM config no access list 1 Note Delete IP based ACL 1 Delete an ACL rule IP COM conf...

Page 156: ...ound port s 5 3 26 DoS Attack Defense Configuration IP COM config ip deny ping of death Note Enable Ping of Death Attack Defense IP COM config no ip deny ping of death Note Disable Ping of Death Attac...

Page 157: ...packets with destination port number of 10 IP COM config filter aaa tcp 10 off Note Disable filter of TCP virus packets with destination port number of 10 IP COM config filter ccc udp 65535 on Note E...

Page 158: ...te Disable ARP Attack Defense on ports11 20 5 3 29 Config MAC Attack Defense IP COM config interface gigabitethernet 0 1 IP COM config if mac address learning limit 8191 Note Set MAC address learning...

Page 159: ...erface gigabitethernet 0 5 Note Add IP MAC Port VLAN binding entry bind the IP address of 192 168 0 5 and MAC address of 0000 0000 0002 to port 5 in VLAN4094 Port binding and unbinding IP COM config i...

Page 160: ...es Note Display all port filter settings and IP MAC Port VLAN binding entries 5 3 31 DHCP Relay DHCP relay global settings IP COM config service dhcp Note Enable global DHCP feature IP COM config no s...

Page 161: ...ay all virtual interfaces which have been created IP COM show interface vlan interface 2 Note Display settings on VLAN virtual interface 2 only Remote server configuration IP COM config ip helper addr...

Page 162: ...o ip dhcp snooping verify mac address Note Disable verifying MAC address Port settings IP COM config interface range gigabitethernet 0 7 IP COM config if ip dhcp snooping trust Note Set port property...

Page 163: ...t community name to public access right to read write and enable SNMP in the meantime Adding the first community name enables the SNMP agent feature and the SNMP will stay enabled thereafter unless di...

Page 164: ...e Enable warmstart trap on the Switch IP COM config snmp server trap type 4 Note Enable Linkdown Trap on the Switch IP COM config snmp server trap type 8 Note Enable Linkup Trap on the Switch IP COM c...

Page 165: ...8 0 2 public Note Delete the destination host 192 168 0 2 5 3 34 Log Configuration Enable disable logging IP COM config logging on Note Enable log IP COM config logging off Note Disable log Enable dis...

Page 166: ...dot1x re authentication Note Disable 802 1X re authentication IP COM config dot1x timeout re authperiod 1 Note Specify 802 1X re authentication timeout as 1s IP COM config dot1x timeout tx period 255...

Page 167: ...and port status IP COM show dot1x statistics Note Display all ports status IP COM show dot1x interface gigabitethernet 0 1 Note Display a single port s status 5 3 36 Save Configurations IP COM copy ru...

Page 168: ...g if no port isolated Note Disable port isolation Display settings on port IP COM show interface gigabitethernet 0 3 Note Display basic settings on interface 3 IP COM show interface status Note Displa...

Page 169: ...waits for a client s request message Upon receiving the request the server sends back a status line and a message of its own Auto negotiation Auto negotiation is an Ethernet procedure by which two con...

Page 170: ...routers and switches an Access Control List refers to rules that are applied to port numbers or IP Addresses that are available on a host or other layer 3 each with a list of hosts and or networks per...

Page 171: ...Pv4 uses 32 bit addresses which indicates 4 billion or 4 3 109 available addresses Thus IPv6 is brought into use for addressing rapid exhaustion of IP addresses The IPv6 uses 128 bit addresses which i...

Page 172: ...allows a network design to include spare redundant links to provide automatic backup paths if an active link fails without the danger of bridge loops or the need for manual enabling disabling of these...

Page 173: ...ervices Field DS field field and a two bit Explicit Congestion Notification ECN field While Differentiated Services is somewhat backward compatible with TOS ECN is not The TOS field could specify a da...

Page 174: ...le in use please feel free to go to www ip com com cn to find a solution or email your problems to info ip com com cn We will be more than happy to help you out as soon as possible Website http www ip...

Page 175: ...rdance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the us...

Reviews: