IS5 COMMUNICATIONS IES12G User Manual Download Page 139 | Manualshive

Page: 139 / 177

background image

iES12G

User’s

Manual

UM-iES12G-1.72.2-EN.docx

Pages 128 of 166

© 2020 IS5 COMMUNICATIONS INC. ALL RIGHTS RESERVED

System Configuration

Label

Description

Mode

Indicates if NAS is globally enabled or disabled on the switch. If globally
disabled, all ports are allowed to forward frames.

Reauthentication
Enabled

If checked, clients are re-authenticated after the interval specified by the Re-
authentication Period. Re-authentication for 802.1X-enabled ports can be used

to detect if a new device is plugged into a switch port.
For MAC-based ports, re-authentication is only useful if the RADIUS server
configuration has changed. It does not involve communication between the
switch and the client, and therefore does not imply that a client is still present on a
port (see Age Period below).

Reauthentication
Period

Determines the period, in seconds, after which a connected client must be re-
authenticated. This is only active if the

Re-authentication is Enabled

. Valid range

of the value is 1 to 3600 seconds.

EAPOL Timeout

Determines the time for retransmission of Request Identity EAPOL frames.
Valid range of the value is 1 to 65535 seconds. This has no effect for MAC-

based ports.

Aging Period

This setting applies to the following modes, i.e. modes using the

Port Security

functionality to secure MAC addresses:

M AC-Based Auth

.:

When the NAS module uses the Port Security module to secure MAC addresses,
the Port Security module needs to check for activity on the MAC address in

question  at  regular  intervals  and  free  resources  if  no  activity  is  seen within a
given period of time. This parameter controls exactly this period  and can be set to
a number between 10 and 1000000 seconds.
For  ports  in

MAC-based Auth.

mode, reauthentication does not cause direct

communications between the switch and the client, so this will not detect
whether the client is still attached or not, and the only way to free any
resources is to age the entry.

Hold Time

This setting applies to the following modes, i.e. modes using the

Port Security

functionality to secure MAC addresses:

M AC-Based Auth

.:

If a client is denied access - either because the RADIUS server denies the client
access or because the RADIUS server request times out (according to the timeout
specified on the "

Security

→

AAA

→

AAA"

page), the client is put on hold in

Unauthorized state. The hold timer does not count during an on-going

authentication.
The switch will ignore new frames coming from the client during the hold time.
The hold time can be set to a number between 10 and 1000000 seconds.

«
...
137
138
139
140
141
...
»

Summary of Contents for IES12G

Page 1: ...User s Manual IES12G Intelligent 12 Port Managed Gigabit Ethernet Switch IES12G https is5com com products Version 1 72 2 May 20 2020 2020 iS5 Communications Inc All rights reserved...

Page 2: ...to be defective within this warranty period including shipping costs This warranty does not cover product modifications or repairs done by persons other than iS5 approved personnel and this warranty...

Page 3: ...ew 8 2 1 Front Panel 8 2 2 Front Panel LED 9 2 3 Bottom View of Panel 9 2 4 Rear Panel 11 2 5 Side Panel 12 Hardware Installation 13 3 1 Installing the Switch on DIN Rail 13 Mounting on DIN Rail 13 3...

Page 4: ...tistics 30 Global Counters 31 Local Counters 31 Modbus TCP 32 Backup Restore Configuration 32 Firmware Update 32 DHCP Server Relay 33 Setting 33 DHCP Dynamic Client List 33 DHCP Client List 34 Port Se...

Page 5: ...p 59 Example for Port Based VLAN Setting 60 For ingress port 60 For egress port 61 802 1Q Access port Setting 62 802 1Q Trunk port setting multi tag 63 Private VLAN 68 Private VLAN Membership Configur...

Page 6: ...LAN Configurations 95 IGMP Snooping Status 96 IGMP Snooping Group Information 97 Remote Control Security 98 Remote Control Security Configuration 98 Device Binding 98 Advanced Configurations 100 Alias...

Page 7: ...2 Warning 137 Fault Alarm 137 System Warning 138 SYSLOG Setting 138 SMTP Settings 139 Event Selection 140 4 3 Monitor and Diagnostic 141 MAC Table 141 MAC Address Table Configuration 141 Aging Config...

Page 8: ...figuration 20 Figure 17 System Password 21 Figure 18 Guest Password Configuration 21 Figure 19 Authentication Method Configuration 22 Figure 20 Auto Logout Configuration 23 Figure 21 IP Configuration...

Page 9: ...Accesses Configuration 76 Figure 76 Storm Control Configuration 78 Figure 77 QoS Ingress Port Classification 79 Figure 78 QoS Egress Port Tag Remarking 80 Figure 79 QoS Port DSCP Configuration 81 Fig...

Page 10: ...9 Last Supplicant Client Info Admin State MAC based Auth 136 Figure 130 Last Supplicant Client Info Admin State 802 1X based 136 Figure 131 Selected Counters Attached Clients 137 Figure 132 Fault Alar...

Page 11: ...ual UM iES12G 1 72 2 EN docx Page ix 2020 IS5 COMMUNICATIONS INC ALL RIGHTS RESERVED Table 5 1000 Base T MDI MDI X Pin Assignments 16 Table 6 Signals and Pinouts from Console Port RJ 45 to DB 9 Serial...

Page 12: ...nce in which case the user may be required to take adequate measures Caution LASER This product contains a laser system and is classified as a CLASS 1 LASER PRODUCT Use of controls or adjustments or p...

Page 13: ...up to 4 Gigabit SFP ports The iES12G provides redundancy support through functions such as STP RSTP MSTP assuring protection of all mission critical network applications iES12G can be managed via the...

Page 14: ...40037c31414269 html scrolltoc Online Accessed on Apr 3 2019 7 Stack Overflow Maximum size of ICMP IPv6 packet https stackoverflow com questions 15434362 maximum size of icmp ipv6 packet 8 Cisco com Ci...

Page 15: ...e ARP hardware address type ar hrd HSR High availability Seamless Redundancy HTTPS Hyper Text Transfer Protocol Secure or HTTP over SSL ICMP Internet Control Message Protocol IGMP Internet Group Mana...

Page 16: ...Service RARP Reverse Address Resolution Protocol Reverse ARP RIP Routing Information Protocol RMON Remote Monitoring RSTP Rapid Spanning Tree Protocol SIP Source IP SMAC Source MAC Address SNMP Simpl...

Page 17: ...ALL RIGHTS RESERVED Acronym Explanation SSH Secure Shell UDP User Datagram Protocol URG Urgent Pointer Field Significant an ACE value USM User based Security Model UTC Coordinated Universal Time VACM...

Page 18: ...Auto MDI MDIX 8 4 X 100 1000Base X SFP 4 RS 232 Serial Console Port RS 232 in RJ45 connector with console cable 115200 bps 8 N 1 Warning Monitoring System Relay output for fault event alarming 2 alar...

Page 19: ...ds for factory default 2 LED for PWR When the PWR UP the green led will be light on 3 LED for PWR1 4 LED for PWR2 5 LED for R M Ring master When the LED light on it means that the switch is the ring m...

Page 20: ...Blinking Data is transmitted On Port link up 2 3Bottom View of Panel The Phillips Screw Terminal Block located on the bottom of the unit has Phillips screws with compression plates allowing either ba...

Page 21: ...or Neutral terminal of an AC power source 4 G Chassis Ground Connected to the ground bus for DC inputs or Safety Ground terminal for AC Units Chassis Ground connects to both power supply surge grounds...

Page 22: ...ure 3 Rear Panel 100 240VAC rated equipment A 250VAC appropriately rated circuit breaker must be installed Equipment must be installed according to the applicable country wiring codes When equipped wi...

Page 23: ...al UM iES12G 1 72 2 EN docx Pages 12 of 166 2020 IS5 COMMUNICATIONS INC ALL RIGHTS RESERVED 2 5Side Panel The components on the side of the iES10G are shown below 1 Screw holes 4 for wall mount kit Fi...

Page 24: ...IN Rail bracket on the rear panel The DIN Rail bracket helps secure the switch on to the DIN Rail Mounting on DIN Rail Step 1 Slant the switch and hook the top 2 catches of the metal bracket onto the...

Page 25: ...anel or wall Mounting IES12G on a Wall or Panel Option 1 Side of switch Fix mounting brackets to the side of switch using the 4 screws included in the package Figure 7 Brackets Mounted on Side of Swit...

Page 26: ...T Cat 3 4 5 100 ohm UTP 100 m 328ft RJ 45 100BASE TX Cat 5 100 ohm UTP UTP 100 m 328ft RJ 45 1000BASE T Cat 5 Cat 5e 100 ohm UTP UTP 100 m 328ft RJ 45 Pin Assignments With 10 100 1000BASE T X cables p...

Page 27: ...used Table 5 1000 Base T MDI MDI X Pin Assignments Pin Number MDI port MDI X port 1 BI_DA BI_DB 2 BI_DA BI_DB 3 BI_DB BI_DA 4 BI_DC BI_DD 5 BI_DC BI_DD 6 BI_DB BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC Note a...

Page 28: ...port using the RS232 DB 9 to RJ 45 cable provided Connect to the PC via the RS 232 DB9 connector and the RJ45 connector to the console port of the switch Table 6 Signals and Pinouts from Console Port...

Page 29: ...It is based on Java Applets with an aim at reducing network bandwidth consumption and enhances access speed in a viewing screen Note By default IE 5 0 or later versions do not allow Java Applets to o...

Page 30: ...een 5 Enter the username and password The default username and password are admin 6 Click OK The main interface of the Web Management appears see Figure 14 Figure 14 Main Interface or System Informati...

Page 31: ...e closet 3rd floor The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are allowed System Contact The textual identification of the contact person for this managed node toge...

Page 32: ...system admin password required to access the web interface or log in to the CLI Figure 17 System Password Label Description Username The default user name is admin Old Password The existing password...

Page 33: ...lient for which the configuration below applies Authentication Method Authentication Method can be set to one of the following values None authentication is disabled and login is not possible Local lo...

Page 34: ...onfiguration The Current column is used to show the active IP configuration Label Description DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zer...

Page 35: ...digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous z...

Page 36: ...es made locally and revert to previously saved values IP Configuration Configure SNTP on this page Figure 23 SNTP Configuration Label Description Mode Indicates the selected Simple Network Time Protoc...

Page 37: ...ntain _ or Daylight Savings Time Mode This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Options include Disable to...

Page 38: ...Switch Time Configuration Configure date and time on this page Figure 25 Switch Time Configuration Mode Description Current Date Modify Current Date in the following order according to your preferenc...

Page 39: ...network Typical applications include remote command line login and remote command execution but any network service can be secured with SSH Configure SSH settings in the following page Figure 27 SSH C...

Page 40: ...Description LLDP Parameters Tx Interval The switch periodically transmits LLDP frames to its neighbours for having the network discovery information up to date The interval between each LLDP frame is...

Page 41: ...f the neighbor s capabilities The capabilities include Other Repeater Bridge WLAN Access Point Router Telephone DOCSIS Cable Device Station Only Reserved When a capability is enabled a will be display...

Page 42: ...rames are received or transmitted Tx Frames The number of LLDP frames transmitted on the port Rx Frames The number of LLDP frames received on the port Rx Errors The number of received LLDP frames cont...

Page 43: ...refresh occurs every 3 seconds Modbus TCP This page shows Modbus TCP support of the switch For more information regarding Modbus refer to http www modbus org Figure 32 MODBUS Configuration Label Desc...

Page 44: ...DHCP in this page Figure 36 DHCP Server Configuration Label Description Enabled Enable Disable DHCP server Start IP Address The first IP address of IP pool End IP Address The Last IP address of IP po...

Page 45: ...rt When the device is connecting to the port and asks for dynamic IP assigning the system will assign the IP address that has been assigned before in the connected device Figure 38 DHCP Static Client...

Page 46: ...nt Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the res...

Page 47: ...done Port Alias This page shows the port alias configuration Figure 40 Port Alias Label Description Port This is the port number Port Alias This is the port alias Save Click to save changes Reset Clic...

Page 48: ...ble the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Figure 42 Aggregation Group Configuration Label Description Group ID Indicates the ID of each agg...

Page 49: ...the port ranging from 1 to 65535 Auto will set the key according to the physical link speed 10Mb 1 100Mb 2 1Gb 3 Specific allows the user to enter a user defined value Ports with the same key value c...

Page 50: ...able an automatic refresh of the page at regular Intervals LACP Port Status This page provides an overview of the LACP status for all ports Figure 45 LACP Status Label Description Port Switch port num...

Page 51: ...ch port Discarded The number of unknown or illegal LACP frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at reg...

Page 52: ...sabled permanently until the device is restarted Figure 48 Port Configuration Label Description Port The switch port number of the port Enable Controls whether loop protection is enabled on this switc...

Page 53: ...nges affecting all switches It is a good method for connecting two rings Coupling Port Used for connecting multiple rings A coupling ring needs four switches to build an active and a backup link Links...

Page 54: ...ork State There three states for uplink port Link Down Blocking and Forwarding Save Click to apply the configurations Refresh Click to refresh the page immediately iBridge Figure 51 iBridge Label Desc...

Page 55: ...e Multiple Spanning Tree Instances MSTI number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is th...

Page 56: ...0000 Priority 0 240 Enter which port should be blocked by setting the priority on the LAN Enter a number between 0 and 240 The value of priority must be a multiple of 16 Admin Edge Admin Edge is the p...

Page 57: ...or disabled on this switch port Port Priority Which ports should be blocked by priority in LAN A number 0 through 240 The value of priority must be the multiple of 16 Label Description Auto refresh Ch...

Page 58: ...ges i e It is served by a shared medium LAN segment OperP2P shows the P2P status of the link to be manipulated administratively True means P2P enabling False means P2P disabling Role The Role of each...

Page 59: ...to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time to pass before a port in the error disabled state can be e...

Page 60: ...of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI Mapping MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not...

Page 61: ...iority Indicates bridge priority The lower the value the higher the priority The bridge priority MSTI instance number and the 6 byte MAC address of the switch forms a Bridge Identifier Save Click to s...

Page 62: ...s the priority for ports having identical port costs See above Admin Edge Configures the operEdge flag should start as set or cleared the initial operEdge stated when a port is initialized Auto Edge C...

Page 63: ...milar bridge setting the port Edge status does not effect this setting A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well Point to Po...

Page 64: ...Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port cos...

Page 65: ...nable an automatic refresh of the page at regular intervals STP Port Status This page displays the STP port status for the currently selected switch Figure 62 STP Port Status Label Description Port Th...

Page 66: ...on the port RSTP The number of RSTP configuration BPDU s received transmitted on the port STP The number of legacy STP configuration BPDU s received transmitted on the port TCN The number of legacy to...

Page 67: ...Recovery Dual Port Recovery mode is defined to work with unmanaged devices switches or ring of switches This feature can be set to on single port of switches on both sides of unmanaged ring The IES12G...

Page 68: ...k of port in Forwarding state goes down the backup port is changing its state to be forwarding like in picture below The disconnected port changes its status to No Link When link of port 1 on switch 2...

Page 69: ...he unmanaged switch ring of switches Note User need to select one port to be Active Port on each of two devices of each side Test Interval Setting Interval time for sending keep alive messages 10 5000...

Page 70: ...VLAN name can be edited for the existing VLAN entries or it can be added to the new entries Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN ch...

Page 71: ...0 of 166 2020 IS5 COMMUNICATIONS INC ALL RIGHTS RESERVED Example for Port Based VLAN Setting For ingress port VLAN Membership Configuration setting port 1 VID 50 VLAN Port 1 Configuration Disable VLAN...

Page 72: ...1 of 166 2020 IS5 COMMUNICATIONS INC ALL RIGHTS RESERVED For egress port VLAN Membership Configuration setting port 2 VID 50 VLAN Port 2 Configuration don t care VLAN Aware 3 VLAN Port 2 Configuration...

Page 73: ...ALL RIGHTS RESERVED 802 1Q Access port Setting 4 1 6 2 1 1 For ingress port VLAN Membership Configuration setting port VID 50 VLAN Port Configuration Enable VLAN Aware VLAN Port Configuration Mode spe...

Page 74: ...ONS INC ALL RIGHTS RESERVED VLAN Port Configuration Disable VLAN Aware 3 VLAN Port Configuration Mode specific ID 50 untagged tag 50 packet can enter egress port 802 1Q Trunk port setting multi tag 4...

Page 75: ...tion Enable VLAN Aware 3 VLAN Port Configuration Mode specific ID 11 when enterring packet is untagged frame added tag 11 When entering the tagged frame only VID 11 22 33 three kinds of packets can pa...

Page 76: ...UM iES12G 1 72 2 EN docx Pages 65 of 166 2020 IS5 COMMUNICATIONS INC ALL RIGHTS RESERVED VLAN Port Configuration Mode none egress port can receive tag 11 22 33 packet In addition only tag 11packet ca...

Page 77: ...CATIONS INC ALL RIGHTS RESERVED Q in Q VLAN Setting ingress Port 1 egress Port 2 4 1 6 2 1 3 For ingress port Port 1 VLAN Membership Configuration setting port 1 2 3 VID 50 2 VLAN Port Configuration D...

Page 78: ...2020 IS5 COMMUNICATIONS INC ALL RIGHTS RESERVED 4 1 6 2 1 4 For egress port Port 2 VLAN Membership Configuration setting port VID 50 VLAN Port Configuration Enable Port 2 3 VLAN Aware 3 VLAN Port Con...

Page 79: ...ANs can be added or deleted Port members of each Private VLAN can be added or removed Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and...

Page 80: ...s enabled when you click Save The Delete button can be used to undo the addition of new private VLANs Save Click to save changes Reset Click to undo any changes made locally and revert to previously s...

Page 81: ...SNMPv1 or SNMPv2c SNMPv3 uses User based Security Model USM for authentication and privacy and the community string will be associated with SNMPv3 communities table It provides more flexibility to co...

Page 82: ...ng length is 0 to 255 and the allowed content is ASCII characters from 33 to 126 community string In addition to community string a particular range of source addresses can be used to restrict source...

Page 83: ...D Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID mode of operation Disabled Disable SNMP trap probe security e...

Page 84: ...Name Figure 72 SNMPv3 User Configuration Label Description Delete Check to delete the entry It will be deleted during the next save Engine ID An octet string identifying the engine ID that this entry...

Page 85: ...otocol SHA an optional flag to indicate that this user is using SHA authentication protocol The value of security level cannot be modified if the entry already exists which means the value must be set...

Page 86: ...for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from...

Page 87: ...efining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Add New Entry Click to add a new view configuration...

Page 88: ...rioritization Storm Control A traffic storm occurs when packets flood the LAN creating excessive traffic and degrading network performance Storm Control is a feature which monitors incoming traffic le...

Page 89: ...ork or to carry information from one interface in a device to another When traffic is marked QoS operations on that traffic can be applied Shaping and policing Shaping is the process of imposing a max...

Page 90: ...be overruled by a QCL entry Note if the default QoS class has been dynamically changed then the actual default QoS class is shown in parentheses after the configured default QoS class DP level Contro...

Page 91: ...on the mode to configure the mode and or mapping Note this setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always classified to the default QoS clas...

Page 92: ...tings for individual ports There are two configuration parameters available in Ingress 1 Translate 2 Classify Translate Check to enable ingress translation Classify Classification has 4 different valu...

Page 93: ...icer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps or fps and it is restricted to 1 13200 when the Unit is Mbps or kfps Unit Configures the unit of measurem...

Page 94: ...abled Unit Configures the unit of measurement for each queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled Save Click...

Page 95: ...nfigure the shapers Details for configuration can be found in the QoS Egress Port Scheduler and Shapers section Shapers Qn Shows disabled or actual port shaper rate e g 800 Mbps QoS Egress Port Schedu...

Page 96: ...is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use excess bandwidth Port Shaper Enable Check to enable port shaper for individual switch ports...

Page 97: ...gures the weight of each queue The default value is 17 This value is restricted to 1 to 100 This parameter is only shown if Scheduler Mode is set to Weighted Queue Scheduler Percent Shows the weight o...

Page 98: ...g frame is classified to a DP level which is used throughout the device for providing congestion control guarantees to the frame according to what was configured for that specific DP level Frames with...

Page 99: ...o new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate DSCP can be translated to any of 0 63 DSCP values 2 Classify check to...

Page 100: ...o configure the mapping of QoS class to DSCP value Figure 88 DSCP Classification Label Description QoS Class Actual QoS class A QoS class of 0 zero has the lowest priority DPL Actual Drop Precedence L...

Page 101: ...e QCL entry By default all ports are included Key Parameters Key configurations include Tag value of tag can be Any Untag or Tag VID valid value of VLAN ID can be any value from 1 to 4095 o r Any a sp...

Page 102: ...Source IP address in value mask format or Any IP and mask are in the format of x y z w where x y z and w are decimal numbers between 0 and 255 When the mask is converted to a 32 bit binary string and...

Page 103: ...8 QoS queues per port Q0 is the lowest priority Rx Tx The number of received and transmitted packets per queue Refresh Click to refresh the page immediately Clear Clear all statistics counters Auto r...

Page 104: ...t will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will be set to a value displayed under DPL column DSCP if a frame matches the QCE then DSCP will be classi...

Page 105: ...ooding The flooding control takes effect only when IGMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting Router Port Sp...

Page 106: ...he displayed table starting from that or the next closest VLAN Table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text...

Page 107: ...Transmitted The number of transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of received V1 reports V2 Reports Received The number of received V2 report...

Page 108: ...he next closest IGMP Group Table match In addition the two input fields will upon clicking Refresh assume the value of the first displayed entry allowing for continuous refresh with the same start add...

Page 109: ...0 0 0 it means Any IP Web Check this item to enable Web management interface Telnet Check this item to enable Telnet management interface SNMP Check this item to enable SNMP management interface Save...

Page 110: ...continually Alive Check Status Indicates the Alive Check status Possible options are Disable Got Reply Got ping reply from device that means the device is still alive Lost Reply Lost ping reply from d...

Page 111: ...ias IP Address Specifies alias IP address Keep 0 0 0 0 if the device does not have an alias IP address Alive Check You can use ping commands to check port link status If port link fails you can set ac...

Page 112: ...Enables or disables DDOS prevention of the port Sensibility Indicates the level of DDOS detection Possible levels are Low low sensibility Normal normal sensibility Medium medium sensibility High high...

Page 113: ...Log it simply logs the event Status Indicates the DDOS prevention status Possible statuses are disables DDOS prevention Analyzing analyzes packet throughput for initialization Running analysis complet...

Page 114: ...ure Stream Check settings Figure 102 Steam Check Label Description Mode Enables or disables stream monitoring of the port Action Indicates the action to take when the stream gets low Possible actions...

Page 115: ...value is Disabled Port Redirect Select which port frames are redirected on The allowed values are Disabled or a specific port number and it can t be set when action is permitted The default value is...

Page 116: ...he page immediately Clear Clear all statistics counters Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Rate Limiters This page allows the...

Page 117: ...click the sign the following default ACE Configuration appears Figure 106 Default ACE Configuration An ACE consists of several parameters These parameters vary with the frame type you have selected F...

Page 118: ...tch the ACE Ethernet Type only Ethernet type frames can match the ACE The IEEE 802 3 describes the value of length types should be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP o...

Page 119: ...ed Shutdown Specifies the shutdown operation of the ACE The allowed values are Enabled if a frame matches the ACE the ingress port will be disabled Disabled port shutdown is disabled for the ACE Count...

Page 120: ...number appears VLAN ID When Specific is selected for the VLAN ID filter the user can enter a specific VLAN ID number The allowed range is 1 to 4095 Frames matching the ACE will use this VLAN ID value...

Page 121: ...t not be able to match this entry Non zero IPv4 frames with a time to live field greater than zero must be able to match this entry Any any value is allowed don t care IP Fragment Specifies the fragme...

Page 122: ...Host Specify the destination IP address in the DIP Address field that appears Network destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Addr...

Page 123: ...ted decimal notation Sender IP Mask When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation Dotted Decimal Notation refers to a method of w...

Page 124: ...where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed don t care IP Specifies whether frames will meet the action according to their...

Page 125: ...matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE Any no ICMP code filter is specified ICMP code filter status is don t care Specific if you want to...

Page 126: ...Destination Filter Specifies the TCP UDP destination filter for the ACE Any no TCP UDP destination filter is specified TCP UDP destination filter status is don t care Specific if you want to filter a...

Page 127: ...le to match this entry Any any value is allowed don t care TCP URG Specifies the TCP URG urgent pointer field significant value for the ACE 0 TCP frames where the URG field is set must not be able to...

Page 128: ...4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwar...

Page 129: ...sage warns about this event and interface is marked with a loop protect comment by system Conflict Show conflict entries in the ACL Refresh Click to refresh the page Auto refresh Check to enable an au...

Page 130: ...The RADIUS Authentication Server number for which the configuration below applies Enabled Enable the RADIUS Authentication Server by checking this box IP Address The IP address of the RADIUS Authentic...

Page 131: ...The IP address and UDP port number in IP Address UDP Port notation of the server For example 0 0 0 0 1812 Status The current status of the server This field takes one of the following values Disabled...

Page 132: ...eady The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply...

Page 133: ...AccessChallenges The number of RADIUS Access Challenge packets valid or invalid received from the server Rx Malformed Access Responses radiusAuthClientExt MalformedAccessRe sponses The number of malfo...

Page 134: ...te of the server and the latest round trip time Name RFC4668 Name 4 Description IP Address IP address and UDP port for the authentication server in question State Shows the state of the server It take...

Page 135: ...received from the server Malformed packets include packets with an invalid length Bad authenticators or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAcctCl...

Page 136: ...the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and runn...

Page 137: ...between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number o...

Page 138: ...igured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using...

Page 139: ...sed ports Aging Period This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC Based Auth When the NAS module uses the Port Security mod...

Page 140: ...icant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs 2 Frames sent betw...

Page 141: ...as nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a...

Page 142: ...frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received...

Page 143: ...urrent state of the port Refer to NAS Port State for more details regarding each value Port n The port select drop down box determines which port s information is shown by selecting port n Where n is...

Page 144: ...tch Rx Start dot1xAuthEapolStartFrames Rx The number of EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoffFram esRx The number of valid EAPOL Logoff frames that ha...

Page 145: ...elect drop down box determines which port s information is shown by selecting port n Where n is a valid port number Auto refresh Check this box to refresh the page automatically Automatic refresh occu...

Page 146: ...ackend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackend AuthSuccesses 802 1X and MAC based Counts the number of times that the switch receives a success indicatio...

Page 147: ...ion MAC Address dot1xAuthLastEapol FrameSource The MAC address of the last supplicant client VLAN ID The VLAN ID on which the last frame from the last supplicant client was received Version dot1xAuthL...

Page 148: ...no clients are attached it shows No clients attached VLAN ID This column holds the VLAN ID of the corresponding client that is currently secured through the Port Security module State The client can e...

Page 149: ...Figure 133 System Log Configuration Label Description Server Mode Indicates existing server mode When the mode operation is enabled the syslog message will be sent to syslog server The syslog protoco...

Page 150: ...E mail Alarm Enables or disables transmission of system warnings by e mail SMTP Server Address The SMTP server IP address or domain name address Sender E mail Address Sender email address Mail Subjec...

Page 151: ...t the checkbox cannot be checked when SYSLOG is disabled Figure 135 System Warning Event Selection SYSLOG is the warning method supported by the system Check the corresponding box to enable the system...

Page 152: ...own Link Up Link Down SMTP Port Event Select the SMTP event for a specific port number Options are Disable Link Up Link Down Link Up Link Down Save Click to save changes Reset Click to undo any change...

Page 153: ...Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped No...

Page 154: ...rt to mirror is also known as the mirror port Frames from ports that have either source Rx or destination Tx mirroring enabled are mirrored to this port Disabled option disables mirroring Figure 138 M...

Page 155: ...or error level of the system log All choose for all levels to be logged Time The time of the system log entry Message The MAC Address of this switch Auto refresh Check this box to enable an automatic...

Page 156: ...for receive and transmit Label Description Port The logical port for the settings contained in the same row Click on a port to go to that ports Detailed Statistics page Packets The number of received...

Page 157: ...nters The number of received and transmitted packets per input and output queue Rx Drops The number of frames dropped due to insufficient receive buffer or egress congestion Rx CRC Alignment The numbe...

Page 158: ...range from 1 time to 60 times Ping Interval The interval of the ICMP packet Values range from 0 second to 30 seconds VeriPHY Cable Diagnostics This page is used for running the VeriPHY Cable Diagnosti...

Page 159: ...gnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port The port for which VeriPHY Cable Diagno...

Page 160: ...an measure the temperature of the apparatus helping you monitor the status of connection and detect errors immediately through DDM Web interface event alarms can be managed and set up Figure 144 SFP M...

Page 161: ...el Description One_PPS_Mode The box allows the user to select One_PPS_Mode configurations The following values are possible Output enable the 1 pps clock output Input enable the 1 pps clock input Disa...

Page 162: ...y measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay requests Protocol The options for Transport protocol used by the PTP...

Page 163: ...66 2020 IS5 COMMUNICATIONS INC ALL RIGHTS RESERVED Status This page allows the user to examine the current PTP clock settings For information on this screen see Synchronization Configuration above Fig...

Page 164: ...witch is restored to factory defaults Figure 149 Factory Defaults Label Description Yes Click to reset the configuration to factory defaults No Click to return to the System Information page without r...

Page 165: ...8 none 1 none Before starting CLI management by the RS 232 serial console connect the RS 232 port of the switch to your PC Follow the steps below to access the console via a RS 232 serial cable 1 Star...

Page 166: ...2 Tera Term VT Serial port setup 4 Press Enter for the Console login screen to appear Use the keyboard to enter the Console Username and Password which is same as for Web management admin for both the...

Page 167: ...e steps below to access the console via Telnet Connect your PC to one of the Ethernet ports of the switch via an Ethernet cable Telnet to the IP address of the switch from the Windows Run command or f...

Page 168: ...Link Aggregation Control Protocol STP Spanning Tree Protocol Dot1x IEEE 82 1X port authentication IGMP Internet Group Management Protocol snooping LLDP Link Layer Discovery Protocol MAC MAC address ta...

Page 169: ...DHCP enable disable Setup ip_addr ip_mask ip_router vid Ping ip_addr_string ping_length SNTP ip_addr_string Auth Auth Configuration Timeout timeout Deadtime dead_time RADIUS server_index enable disabl...

Page 170: ...st active passive Status port_list Statistics port_list clear STP STP Configuration Version stp_version Non certified release v Txhold holdcount lt 15 15 15 Dec 6 2007 MaxAge max_age FwdDelay delay bp...

Page 171: ...uthorized Authenticate port_list now Reauthentication enable disable Period reauth_period Timeout eapol_timeout Statistics port_list clear eapol radius Clients port_list all client_cnt Agetime age_tim...

Page 172: ...VLAN Configuration port_list Aware port_list enable disable PVID port_list vid none FrameType port_list all tagged Add vid port_list Delete vid Lookup vid PVLAN PVLAN Configuration port_list Add pvlan...

Page 173: ...t policy Rate rate_limiter_list packet_rate Add ace_id ace_id_next switch port port policy policy vid tag_prio dmac_type etype etype smac dmac arp sip dip smac arp_opcode arp_flags ip sip dip protocol...

Page 174: ...kup index Group Add security_model security_name group_name Group Delete index Group Lookup index View Add view_name included excluded oid_subtree View Delete index View Lookup index Access Add group_...

Page 175: ...apacity of 1 A at 24 VDC Technology MAC Table 8K Priority Queues 8 Processing Store and Forward Switch Properties Switching latency 7 s Switching bandwidth 24 Gbps Max Number of Available VLANs 4096 I...

Page 176: ...ackets for troubleshooting IP connectivity issues SNTP for synchronizing of clocks over network Network Redundancy RSTP IEEE 802 1 D w MSTP RSTP STP compatible Fast Recovery and Dual Port Recovery Phy...

Page 177: ...escription 16 VendorName 48 ProductName 81 Version 85 MacAddress 256 SysName 512 SysDescription 768 SysLocation 1024 SysContact 4096 PortStatus Port 1 VTSS_PORTS Value 0x0000 Link down 0x0001 Link up...

Reviews:

No comments

Related manuals for IES12G

Brand: KanexPro Pages: 16

Brand: Field Controls Pages: 4

Brand: Vector Pages: 6

Brand: CZHOON Pages: 4

Brand: Siqura Pages: 2

Brand: AsGa Pages: 23

Brand: KanexPro Pages: 35

Brand: C&C TECHNIC Pages: 2

Brand: KinAn Pages: 5

Brand: BluStream Pages: 4

Brand: CIECO Pages: 17

TK-407K - KVM Switch - USB

Brand: TRENDnet Pages: 2

Brand: SmartAVI Pages: 2

Brand: W Box Technologies Pages: 10

kontron KSwitch D1 UGPD

Brand: S&T Pages: 40

Brand: LevelOne Pages: 15

Brand: Nxg Pages: 2

Brand: SICK Pages: 64

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands