manualshive.com logo in svg

IS5 COMMUNICATIONS iES22GF, User Manual

Share
Download
IS5 COMMUNICATIONS iES22GF User Manual Download Page 151

iES22GF  User’s  Manual 

 

151 

 

 

iS5 Communications Inc.

 

 

 

6.9.3

 

NAS (802.1x)

 

Configuration 

This  page  allows  you  to  configure  the  IEEE  802.1X  and  MAC-based  authentication  system  and  port 

settings. 

The  IEEE  802.1X  standard  defines  a  port-based  access  control  procedure  that  prevents 

unauthorized  access  to  a  network  by  requiring  users  to  first  submit  credentials  for  authentication. 

One  or more central servers (the backend servers

determine whether  the user  is  allowed  access  to  the 

network. These  backend  (RADIUS)  servers  are  configured  on  the  "Security → AAA → AAA" page. 

MAC-based  authentication  allows  for  authentication  of  more than one user  on  the  same port,  and does 

not  require  the  users  to  have  special  802.1X  software  installed  on  their  system.  The  switch  uses  the 

users'  MAC  addresses  to  authenticate  against  the  backend  server.  As  intruders  can  create  counterfeit 

MAC  addresses,  which makes MAC-based  authentication  is  less  secure  than 802.1 X authentications. 

 

 

Overview  of 802.1X  (Port-Based) Authentication 

In  an  802.1X  network  environment,  the  user  is  called  the  supplicant,  the  switch  is  the 

authenticator,  and  the  RADIUS  server  is  the  authentication  server.  The  switch  acts  as  the  man-in-the-

middle, forwarding requests and responses between  the supplicant and the  authentication server. Frames 

sent between the  supplicant and the switch are special 802.1X  frames, known as EAPOL (EAP Over LANs) 

frames which encapsulate EAP PDUs (RFC3748).  Frames  sent  between  the  switch  and  the  RADIUS 

server are  RADIUS  packets.  RADIUS  packets also encapsulate EAP PDUs together with other attributes like 

the switch's IP address,  name,  and the supplicant's port  number  on  the  switch.  EAP  is  very flexible  as 

it allows  for  different authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is 

that  the  authenticator  (the  switch)  does  not  need to  know which  authentication  method  the 

supplicant and the authentication server are using, or how many information exchange frames  are needed 

for a particular method. The switch simply encapsulates the EAP part of the frame  into the relevant type 

(EAPOL or RADIUS) and forwards it. 

 

When  authentication  is  complete,  the  RADIUS  server  sends  a  special  packet  containing  a  success  or 

failure indication. Besides forwarding the result to the supplicant, the switch uses it  to open up or block 

traffic on the switch port connected to the supplicant. 

Note:  in  an  environment  where  two  backend  servers  are  enabled,  the  server  timeout  is  configured 

to  X  seconds  (using  the  authentication  configuration  page),  and  the  first  server  in  the  list  is  currently 

down (but not considered dead) , if the supplicant retransmits EAPOL Start  frames at a rate faster than X 

seconds,  it  will  never  be authenticated  because the switch  will  cancel  on-going  backend authentication 

server  requests whenever  it receives a  new EAPOL  Start frame from the supplicant. Since the server has 

Summary of Contents for iES22GF

Page 1: ...iES22GF User s Manual Intelligent 20 Ports Configurable Gigabit Ethernet Switch Version 1 8 May 2017...

Page 2: ...tive within this warranty period including shipping costs This warranty does not cover product modifications or repairs done by persons other than iS5 approved personnel and this warranty does not app...

Page 3: ...allation 10 2 1 Installing the Switch on a DIN Rail 10 2 1 1 Mounting the iES22GF on a DIN Rail 10 2 2 Wall Mount Installation 10 2 2 1 Mounting the iES22GF on a Wall or Panel 10 Hardware Overview 12...

Page 4: ...overy 35 5 7 Dual Port Recovery 36 5 7 1 Introduction 36 5 7 2 Configuration 37 Management 39 6 1 Basic Settings 40 6 1 1 Basic Setting 40 6 1 2 Admin Password 41 6 1 3 Authentication Method 42 6 1 4...

Page 5: ...6 6 2 SNMP Community Configurations 95 6 6 3 SNMP User Configurations 95 6 6 4 SNMP Group Configurations 98 6 6 5 SNMP View Configurations 99 6 6 6 SNMP Access Configurations 99 6 7 Traffic Prioritiz...

Page 6: ...10 2 System Warning 164 6 11 Monitor and Diag 168 6 11 1 MAC Table 168 6 11 2 Port Statistics 170 6 11 3 Port Monitoring 172 6 11 4 System Log Information 173 6 11 5 VeriPHY Cable Diagnostics 174 6 1...

Page 7: ...be required to take adequate measures Caution LASER This product contains a laser system and is classified as a CLASS 1 LASER PRODUCT Use of controls or adjustments or performance of procedures other...

Page 8: ...ast recovery technology The iES22GF supports a wide operating temperature of 40 o C to 85 o C Both products can be managed centrally and conveniently via the iManaged Software Suite web browsers Telne...

Page 9: ...r Authentication for security Supports 9 6K Bytes Jumbo Frame Multiple notification for warning of unexpected event Web based Telnet Console CLI and Windows utility iMSS configuration Support LLDP Pro...

Page 10: ...t the switch and hook the top 2 catches of the metal bracket onto the top of the DIN Rail Step 2 Push the bottom of the switch toward the DIN Rail until the bracket snaps in place 2 2 Wall Mount Insta...

Page 11: ...s Manual 11 iS5 Communications Inc Option 2 Fix mounting brackets to back of switch using 4 screws included in the package Note To avoid damage to the unit please use the screws provided to mount the...

Page 12: ...for PWR When the PWR UP the green led will be light on 3 LED for PWR1 4 LED for PWR2 5 LED for R M Ring master When the LED light on it means that the switch is the ring master of Ring LED for Ring Wh...

Page 13: ...en On Data transmitted 3 2 Bottom view Panel The Phillips Screw Terminal Block located on the bottom of the unit has Phillips screws with compression plates allowing either bare wire connections or cr...

Page 14: ...econd or backup DC power source 8 RLY NO Failsafe Relay Normally Open contact 9 RLY CM Failsafe Relay Common contact 10 RLY NC Failsafe Relay Normally Closed contact Chassis Ground Connection The iES2...

Page 15: ...hown below 1 Screw holes 4 for wall mount kit 2 DIN Rail mount 3 4 Side Panel The components on the side of the iES10G are shown below 1 Screw holes 4 for wall mount kit Cables 4 1 Ethernet Cables The...

Page 16: ...SE T Cat 5 Cat 5e 100 ohm UTP UTP 100 m 328ft RJ 45 4 1 1 1000 100BASE TX 10BASE T Pin Assignments With 10 100 1000BASE T X cables pins 1 and 2 are used for transmitting data and pins 3 and 6 are used...

Page 17: ...used Not used 1000 Base T MDI MDI XPin Assignments Pin Number MDI port MDI X port 1 BI_DA BI_DB 2 BI_DA BI_DB 3 BI_DB BI_DA 4 BI_DC BI_DD 5 BI_DC BI_DD 6 BI_DB BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC Note a...

Page 18: ...using the RS 232 cable with a DB 9 female connector The DB 9 female connector of the RS 232 cable should be connected the PC while the other end of the cable RJ 45 connector should be connected to th...

Page 19: ...om traveling through any of the network s redundant loops In the event that one branch of the ring gets disconnected from the rest of the network the protocol automatically re adjusts the ring so that...

Page 20: ...which port on each switch will be used as the coupling ports and then link them together For example port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D Then enable C...

Page 21: ...e ring to connect the switches in the RSTP network backbone switches The connection of one of the switches Switch A or B will act as the primary path while the other will act as the backup path when t...

Page 22: ...void network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Used for connecting multiple rings A coupling ring needs four switches to build an activ...

Page 23: ...allows multiple redundant rings of different redundancy protocols to interoperate together as a large robust network topology It can create multiple redundant networks beyond the limitations of curren...

Page 24: ...ncy for any backbone network with different equipment providing ease of use and maximum fault recovery times flexibility compatibility and cost effectiveness iBridge feature allows usage iES22GF devic...

Page 25: ...witch needs to be defined Other switches beside them just need to have iBridge enabled Label Description Enable Check to enable iBridge function Vender Chose vendor from the vendor s list Moxx Advante...

Page 26: ...recovers a link in 30 to 50 seconds RSTP can shorten the time to 5 to 6 seconds STP Bridge Status This page shows the status for all STPbridge instance Label Description MSTI The bridge instance Can...

Page 27: ...e current STP port state of the CIST port The values include Blocking Learning and Forwarding Uptime The time since the bridge port is last initialized Refresh Click to refresh the page immediately Au...

Page 28: ...tree BPDU s received and discarded on the port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals STP Bridge Configuratio...

Page 29: ...eptable in some industrial applications MSTP supports multiple spanning trees within a network by grouping and mapping multiple VLAN s into different spanning tree instances known as MSTI s forming in...

Page 30: ...02 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding por...

Page 31: ...The name should not exceed 32 characters Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI The bridge i n s t a n c e The CIST is n...

Page 32: ...and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 4 3 CIST With the ab...

Page 33: ...rts are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above OperE...

Page 34: ...fications and topology changes to other ports If se t it will cause temporary disconnection after changes in an active spanning trees topology as a result of persistent incorrectly learned station loc...

Page 35: ...a MRP manager and can only have one manager If two or more switches are set to be Managers at the same time the MRP topology will fail React on Link Change Advanced mode Faster mode Enabling this fun...

Page 36: ...ery mode will provide redundant links 5 7 1 Introduction Dual Port Recovery is an iS5 Communication Proprietary solution for interoperability issues with unmanaged devices like unmanaged switches Dual...

Page 37: ...he backup port is changing its state to be forwarding like in picture below The disconnected port changes its status to No Link When link of port 1 on switch 2 returns back to be link up the switch 1...

Page 38: ...need to select one port to be Active Port on each of two devices of each side Test Interval Setting Interval time for sending keep alive messages 10 5000ms default 10 Note Test interval should be the...

Page 39: ...sumption but also enhances access speed and provides a user friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting s...

Page 40: ...ppears Note Session timeout is 10 minutes On the right hand side of the management interface it shows links to various settings Click on the links to access the configuration pages to different functi...

Page 41: ...tring length is 0 to 255 and only ASCII characters from 32 to 126 are allowed System Contact The textual identification of the contact person for this managed node together with information on how to...

Page 42: ...e she logs into the switch via one of the management interfaces Label Description Client The management client for which the configuration belowapplies Authentication Method Authentication Method can...

Page 43: ...nabling you do not need to assign the IP address IP Address The network DHCP server will assign the IP address for the switch and it will be display in this column The default IP is 192 168 10 1 IP Ma...

Page 44: ...e Acronym The user can set the acronym of the time zone This is a User configurable acronym to identify the time zone Range Up to 16 characters Daylight Savings Time Mode This is used to set the clock...

Page 45: ...t the ending day Recurring Month Select the ending month Date Select the ending date Non Recurring Year Select the ending year Non Recurring Hours Select the ending hour Offset Settings Enter the numb...

Page 46: ...tion Mode Indicates the selected SSHmode The modes include Enabled enable SSH Disabled disable SSH Save Click to save changes Reset Click to undo any changes made locally and revert to previously save...

Page 47: ...nd out LLDP information and will analyze LLDP information received from its neighbors LLDP Neighbor Information This page provides a status overview for all LLDP neighbors The following table contains...

Page 48: ...ty is disabled a will be displayed Management Address The neighbor s address which can be used to help network management This may contain the neighbor s IP address Refresh Click to refresh the page i...

Page 49: ...iscarded If a port receives an LLDP frame and the switch s internal table is full the LLDP frame will be counted and discarded This situation is known as too many neighbors in the LLDP standard LLDP f...

Page 50: ...rg Label Description Mode Shows the existing status of the Modbus TCP function Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Note For Mo...

Page 51: ...restart or power off the device at this time or the switch may fail to function afterwards Upgrade takes 10 minutes or more based on connection bandwidth 6 2 DHCP Server The switch provides DHCP serve...

Page 52: ...to save changes Reset Click to undo any changes made locally and revert to previously saved values 6 3 6 DHCP Dynamic Client List When DHCP server functions are activated the switch will collect DHCP...

Page 53: ...be added to the Static Client List IP Address Enter the MAC address to be added to the Static Client List Add as Static Add new entry to static table Label Description Type The type of client Dynamic...

Page 54: ...h and sixth characters are the module ID In stand alone devices the module ID always equals to 0 in stacked devices it means switch ID The last two characters are the port number For example 00030108...

Page 55: ...eive Agent Option The number of received packets containing relay agent information Replace Agent Option The number of packets replaced when received messages contain relay agent information Label Des...

Page 56: ...ort Control This page shows current port configurations Ports can also be configured here Label Description Port This is the logical port number for this row Link The current link state is displayed g...

Page 57: ...This setting is related to the setting for Configured Link Speed MaximumFrame You can enter the maximum frame size allowed for the switch port in this column including FCS The allowed range is 1518 by...

Page 58: ...is enabled DestinationMAC Address Calculates the destination port of the frame You can check this box to enable the destination MAC address or uncheck to disable By default Destination MACAddress is...

Page 59: ...ges made locally and revert to previously saved values LACP Port This page allows you to enable LACP functions to group ports together to form single virtual links thereby increasing the bandwidth bet...

Page 60: ...ty of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lo...

Page 61: ...the port cannot join in the aggregation group unless other ports are removed and is in disabled LACP status Key The key assigned to this port Only ports with the same key can be Aggregated Aggr ID Th...

Page 62: ...number of unknown or illegalLACP frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular Intervals Clear C...

Page 63: ...alue is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Label Description Port Switch port number Enable Activate loop protection functio...

Page 64: ...hich connects to the MRP ring 6 4 2 iRing iS5 supports three ring topologies Ring Master Coupling Ring and Dual Homing You can configure the settings in the interface below Label Description iRing Che...

Page 65: ...ing to the normal switches in RSTP mode Save Click to apply the configurations 6 4 3 iChain iChain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Other...

Page 66: ...le STP and RSTP Bridge Priority 0 61440 A value used to identify the root bridge The bridge with the lowest value highest priority is selected as the root If the value changes the switch must be reboo...

Page 67: ...Enter which port should be blocked by setting the priority on the LAN Enter a number between 0 and 240 The value of priority must be a multiple of 16 Admin Edge Admin Edge is the port which is directl...

Page 68: ...is enabled or disabled on this switch port Label Description Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately R...

Page 69: ...ed OperP2P Some of the rapid state transactions that are possible within RSTP are dependent upon whether the port concerned can only be connected to exactly one other bridge i e It is served by a poin...

Page 70: ...of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information to The range of valid values is 4 to 30 seconds and MaxAge must be FwdDelay 1 2 Transmit Hold Count The...

Page 71: ...hare spanning trees for MSTI s intra region The name should not exceed 32 characters Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 M...

Page 72: ...tive Priority Indicates bridge priority The lower the value the higher the priority The bridge priority MSTI instance number and the 6 byte MAC address of the switch forms a bridge identifier Save Cli...

Page 73: ...chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above OperEdge sta...

Page 74: ...et by a network administrator to prevent bridges outside a core region of the network from causing address flushing in that region because those bridges are not under the full control of the administr...

Page 75: ...02 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding por...

Page 76: ...tly assigned the root port role Root Cost Root path cost For a root bridge this is zero For other bridges it is the sum of port path costs on the least cost path to the Root Bridge Topology Flag The c...

Page 77: ...lays the STPport statistics for the currently selected switch Label Description Port The switch port number to which the following settings will be applied MSTP The number of MSTP configuration BPDU s...

Page 78: ...Recovery The Dual Port Recovery mechanism is the mechanism that allows execution of recovery protocol over the unmanaged devices switches ring of switches that don t support other recovery protocols T...

Page 79: ...hen link of port 1 on switch 2 returns back to be link up the switch 1 port 1 is in forwarding state and in this case the No Link port is changing its status to be Blocking port Dual Port Recovery Con...

Page 80: ...ship configurations for a selected switch stack in this page Up to 64 VLAN s are supported This page allows for adding and deleting VLAN s as well as adding and deleting port members of each VLAN Labe...

Page 81: ...wVLANs Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 6 7 6 Port Configurations This page allows you to set up VLANports individually Lab...

Page 82: ...fied VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Tx tag should be set to Untag_pvid when this mode is used If Specific t...

Page 83: ...aware port will be set to 0x8100 The final status of the frame after egressing will also be affected by the Egress Rule C port When the port receives untagged frames an untagged frame obtains a tag ba...

Page 84: ...D and is forwarded When the port receives tagged frames If the tagged frame contains a TPID of 0x8100 it will be forwarded If the TPID of tagged frame is not 0x88A8 ex 0x8100 it will be discarded The...

Page 85: ...iES22GF User s Manual 85 iS5 Communications Inc...

Page 86: ...22GF User s Manual 86 iS5 Communications Inc Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLANAccess mode Untagged 20 Port 8 is VLANAccess mode Untagged 10 Below are the switch settin...

Page 87: ...iES22GF User s Manual 87 iS5 Communications Inc VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Page 88: ...iES22GF User s Manual 88 iS5 Communications Inc VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Page 89: ...ES22GF User s Manual 89 iS5 Communications Inc VLAN QinQ Mode VLANQinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN iES22GF Port 1 VLAN Setting...

Page 90: ...d here Private VLANs can be added or deleted here Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs T...

Page 91: ...row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are not ac...

Page 92: ...port isolation is disabled for that port By default port isolation is disabled for all ports Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page...

Page 93: ...e field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table Write Community Indicates the write comm...

Page 94: ...MP trap packets The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed Trap Destination Address Indicates the SNMP trap destination address It allow a valid IP addr...

Page 95: ...ns This page allows you to configure SNMPv3 community table The entry index key is Community Label Description Delete Check to delete the entry It will be deleted during the next save Community Indica...

Page 96: ...nt s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID is the same as system en...

Page 97: ...t be set correctly at the time of entry creation Authentication Password A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SH...

Page 98: ...v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name Astring identifying the security name that this entry should belong to The allowed string length is 1 t...

Page 99: ...ate that this view subtree should be included Excluded An optional flag to indicate that this view subtree should be excluded Generally if an entry s view type is Excluded it should exist in another e...

Page 100: ...Possible security models include NoAuth NoPriv no authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The names o f t h e M I B...

Page 101: ...d to this rate The management VLAN is configured on the IP setup page Label Description Frame Type The settings in a particular row apply to the frame type listed here unicast multicast or broadcast S...

Page 102: ...and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag as s...

Page 103: ...by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag O...

Page 104: ...all switch ports Label Description Port The switch port number to which the following settings will be applied Click on the port number to configure tag remarking Mode Shows the tag remarking mode fo...

Page 105: ...e Check to enable ingress translation 2 Classify Classification has 4 different values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected cl...

Page 106: ...ricted to 100 to 1000000 when the Unit is kbps or fps and is restricted to 1 to 3300 when the Unit is Mbps or kfps Unit Configures the unit of measurement for each policer rate as kbps Mbps fps or kfp...

Page 107: ...kbps and is restricted to 1 to 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enabled Unit Configures the unit of measurement for each queue policer rate...

Page 108: ...t Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports Label Description Port The switch port number to which the following settings will be applied Click on the port...

Page 109: ...haper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use exce...

Page 110: ...default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate of each queue shap...

Page 111: ...is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Port Shaper Unit Configures the unit of measurement for each port shaper rate as kbps or...

Page 112: ...rop precedence level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS class value can be any number from 0 7 DPL Drop Precedence Level 0 3 Save Click to save changes Reset...

Page 113: ...cation Egress There are the following configurable parameters for Egress side 1 Remap DP0 Controls the remapping for frames with DP level 0 2 Remap DP1 Controls the remapping for frames with DP level...

Page 114: ...lue 0 63 Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 6 7 13 QoS Control List This page shows the QoS Control List QCL which is made up...

Page 115: ...iES22GF User s Manual 115 iS5 Communications Inc Label Description Port Members Check to include the port in the QCL entry By default all ports are included...

Page 116: ...ast BC or Any Frame Type can be the following values Any Ethernet LLC SNAP IPv4 IPv6 Note all frame types are explained below Any Allowall types of frames Ethernet Valid Ethernet values can range from...

Page 117: ...specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IPv6 Protocol IP protocol number Other 0 255 TCP UDP or Any Source IP IPv6 source address a b c d...

Page 118: ...he QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs...

Page 119: ...alue displayed under DSCP column Conflict Displays the conflict status of QCL entries As hardware resources are shared by multiple applications resources required to add a QCE may not be available In...

Page 120: ...GMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting Router Port Specifies which ports act as router ports A router por...

Page 121: ...e starting point in the VLAN Table Clicking the Refresh button will update the displayed table starting from that or the next closest VLAN Table match The will use the last entry of the currently disp...

Page 122: ...Querier Received The number of transmitted Queries V1 Reports Received The number of received V1 reports V2 Reports Received The number of received V2 reports V3 Reports Received The number of receiv...

Page 123: ...to select the starting point in the IGMP Group Table Clicking the refresh button will update the displayed table starting from that or the next closest IGMP Group Table match In addition the two input...

Page 124: ...iption Port Port number of the remote client IP Address IP address of the remote client 0 0 0 0 means any IP Web Check to enable management via a Web interface Telnet Check to enable management via a...

Page 125: ...Stream Check Active Check to enable stream check When enabled the switch will detect the stream change getting low from the device Stream Check Status Indicates stream check status Possible statuses...

Page 126: ...s you can set actions from the list 6 7 Label Description Link Change Disables or enables the port Only log it Simply sends logs to the log server Shunt Down the port Disables the port Reboot Device D...

Page 127: ...a single number In this case please insert the same number Filter If packet type is UDP or TCP please choose the socket direction Destination Source Action Indicates the action to take when DDOS atta...

Page 128: ...ble types are no specification IP Camera IP Phone Access Point PC PLC and Network Video Recorder Location Address Indicates location information of the device The information can be used for Google Ma...

Page 129: ...ort unless the frame matches a specific ACE Label Description Port The switch port number to which the following settings will be applied Policy ID Select to apply a policy to the port The allowed val...

Page 130: ...ion of this port The allowed values are Enabled if a frame is received on the port the port will be disabled Disabled port shut down is disabled The default value is Disabled State Specify the state o...

Page 131: ...s packets per second kbps Kbits per second Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ACL Control List This page shows the Access Con...

Page 132: ...iption Ingress Port Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this port number where n is the number of the switch port Policy Fi...

Page 133: ...s the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled i...

Page 134: ...es the destination MAC filter for this ACE Any no DMAC filter is specified DMAC filter status is don t care MC frame must be multicast BC frame must be broadcast UC frame must be unicast Specific If y...

Page 135: ...r a specific VLAN ID number The allowed range is 1 to 4095 Frames matching the ACE will use this VLANID value Tag Priority Specifies the tag priority for the ACE Aframe matching the ACE will use this...

Page 136: ...ters will appear For more details of these fields please refer to the help file IP Protocol Value Other allows you to enter a specific value The allowed range is 0 to 255 Frames matching the ACE will...

Page 137: ...ork is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation SIP Mask When Network is selected for the source IP filter you can enter a specific SIP mask in...

Page 138: ...k is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IPMask When Network is selected for the sender IP filter you can enter a specific se...

Page 139: ...t not match this entry 1 ARP RARP frames where the HLNis equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed don t care IP Specifies whether frames...

Page 140: ...can enter a specific ICMP value The allowed range is 0 to 255 Aframe matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE Any no ICMP code filter is sp...

Page 141: ...llowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source range TCP UDP Destination Filter Specifies the TCP UDP destination filter for the ACE Any no TCP UDP destination filter...

Page 142: ...SH Specifies the TCPPSH push function value for the ACE 0 TCP frames where the PSHfield is set must not be able to match this entry 1 TCP frames where the PSHfield is set must be able to match this en...

Page 143: ...ames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE...

Page 144: ...sh the page Auto refresh Check to enable an automatic refresh of the page at regular intervals 6 9 2 AAA AAA Radius Server Configuration Common Server Configuration This page allows you to configure t...

Page 145: ...Server Configuration The table has one row for each RADIUS Authentication Server and a number of columns which are Label Description The RADIUS Authentication Server number for which the configuratio...

Page 146: ...e RADIUS Accounting Server If the port is Port set to 0 zero the default port 1813 is used on the RADIUS Accounting Server Secret The secret up to 29 characters long shared between the RADIUS Accounti...

Page 147: ...number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Refresh Click to refresh the page immediately Auto refresh Chec...

Page 148: ...e number of RADIUS packets that were received with unknown types from the server on the authentication port and dropped Rx Packets Dropped radiusAuthClientExtPac ketsDropped The number of RADIUS packe...

Page 149: ...p Time radiusAuthClientExtRou ndTripTime The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authent...

Page 150: ...ounted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other info This section contains information about the state of the server and the...

Page 151: ...al 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs...

Page 152: ...tween the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS...

Page 153: ...into a switch port For MAC based ports re authentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefor...

Page 154: ...modes using the Port Security functionality to secure MAC addresses MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server r...

Page 155: ...od the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the r...

Page 156: ...aracteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communications between the supplicant and the...

Page 157: ...h supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as the destination MAC a...

Page 158: ...has nothing to do with the 802 1Xstandard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or...

Page 159: ...fect on successfully authenticated clients on the port and will not cause the clients to be temporarily unauthorized Reinitialize forces a reinitialization of the clients on the port and hence a reaut...

Page 160: ...istics for a specific switch port using port based authentication For MAC based ports only selected backend server RADIUS Authentication Server statistics are shown Use the port drop down list to sele...

Page 161: ...e been received by the switch Rx Responses dot1xAuthEapolRespFram esRx The number of valid EAPOL response frames other than Response Identity frames that have been received by the switch Rx Start dot1...

Page 162: ...ndicates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAut hSuccesses 802 1X and MAC based Counts the number of times that the switch receives...

Page 163: ...ed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Label Description MAC A...

Page 164: ...and the electric relay will signal at the same time Select the events to cause the Fault Alarm then click Save at the bottom of the screen to save the changes 6 10 2 System Warning SYSLOG Settings The...

Page 165: ...ation and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will...

Page 166: ...The recipient s e mail address allows a total number of six recipients Apply Click to activate the configurations Help Shows help box Event Selection SYSLOG is the warning method supported by the syst...

Page 167: ...lure Alerts when SNMP authentication fails Redundant Ring Topology Change Alerts when there is a ring topology change Port Event SYSLOG Select the SYSLOG event for a specific port number Possible sele...

Page 168: ...aging You can configure aging time by entering a value in the box of Age Time The allowed range is 10 to 1000000 seconds You can also disable the automatic aging of dynamic entries by checking Disabl...

Page 169: ...rs Checkmarks indicate which ports are members of the entry Check or uncheck to modify the entry Adding New Static Entry Click to add a new entry to the static MAC table You can specify the VLAN ID MA...

Page 170: ...whether the entry is a static or dynamic entry MAC address The MAC address of the entry VLAN The VLANID of the entry Port Members The ports that are members of the entry 6 11 2 Port Statistics Traffi...

Page 171: ...d bad bytes including FCS except framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and...

Page 172: ...nvalid CRC Rx Jabber The number of long 2 frames received with an invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Tx Drops The number of frames dropped due to...

Page 173: ...iES22GF User s Manual 173 iS5 Communications Inc 6 11 4 System Log Information This page provides switch system log information...

Page 174: ...he switch Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Updates system log entries starting from the current entry ID Clear Flushes all system log...

Page 175: ...unning VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port The port for which Ve...

Page 176: ...ets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2...

Page 177: ...ible Output enable the 1 pps clock output Input enable the 1 pps clock input Disable disable the 1 pps clock in out put External Enable The boxallows you to configure external clock output The followi...

Page 178: ...iES22GF User s Manual 178 iS5 Communications Inc...

Page 179: ...P2p Transp peer to peer transparent clock E2e Transp end to end transparent clock Master Only master only Slave Only slave only Port List Set check mark for each port configured for this Clock Instanc...

Page 180: ...hich master clocks to request Announce and Sync messages from For more information please refer to Unicast Slave Configuration VLAN Tag Enable Enables VLAN tagging for PTP frames Note Packets are only...

Page 181: ...e switch is restored to factory defaults Label Description Yes Click to reset the configuration to factory defaults No Click to return to the System Information page without resetting 6 14 System Rebo...

Page 182: ...configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable Follow the steps belowto access the console via RS 232 serial cable 1 Start Tar...

Page 183: ...ual 183 iS5 Communications Inc 4 Press Enter for the Console login screen to appear Use the keyboard to enter the Console Username and Password which is same as the Web Browser password admin for both...

Page 184: ...llow the steps belowto access the console via Telnet 1 Connect your PC to one of the Ethernet ports of the switch via an Ethernet cable 2 Telnet to the IP address of the switch from the Windows Run co...

Page 185: ...iES22GF User s Manual 185 iS5 Communications Inc Command Groups...

Page 186: ...error Log Clear all info warning error Timezone Configuration Timezone Offset offset Timezone Acronym acronym DST Configuration DST Mode disable recurring non recurring DST start week day month date y...

Page 187: ...figuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx 10gfdx State port_list enable disable Port MaxFrame port_list max_frame Excessive port_list discard restart Statistic...

Page 188: ...s all Name Add name vid Name Delete name Name Lookup name Status port_list combined static nas mstp all conflicts Private VLAN Configuration port_list Add pvlan_id port_list PVLAN Delete pvlan_id Look...

Page 189: ...tistics Add stats_id data_source Statistics Delete stats_id Statistics Lookup stats_id History Add history_id data_source interval buckets History Delete history_id History Lookup history_id Alarm Add...

Page 190: ...pol radius Security Network ACL Security Network ACL Configuration port_list Action port_list permit deny rate_limiter port_redirect mirror logging shutdown Policy port_list policy Rate rate_limiter_l...

Page 191: ...Security AAA Configuration Radius server timeout timeout Radius server retransmit retransmit Radius server deadtime deadtime radius server key key radius server nas ip address ipv4_addr disable radiu...

Page 192: ...enable disable Port RestrictedTcn stp_port_list enable disable Port bpduGuard stp_port_list enable disable Port Statistics stp_port_list clear Port Mcheck stp_port_list Msti Port Configuration msti st...

Page 193: ...ap port_list pcp_list dei_list class dpl Port Classification DSCP port_list enable disable Port Policer Mode port_list enable disable Port Policer Rate port_list rate Port Policer Unit port_list kbps...

Page 194: ...ss_list dpl_list dscp DSCP EgressRemap dscp_list dpl_list dscp Port Storm Unicast port_list enable disable rate kbps fps Storm Multicast enable disable packet_rate Port Storm Broadcast port_list enabl...

Page 195: ...okup index User Add engineid user_name MD5 SHA auth_password DES AES priv_password User Delete index User Changekey engineid user_name auth_password priv_password User Lookup index Group Add security_...

Page 196: ...me enable disable Trap Event AAA Authentication Failure conf_name enable disable Trap Event Switch STP conf_name enable disable Trap Event Switch RMON conf_name enable disable Firmware Firmware Load i...

Page 197: ...kMode one_pps_mode ext_enable clockfreq vcxo_enable OnePpsAction one_pps_clear DebugMode clockinst debug_mode Wireless mode clockinst port_list enable disable Wireless pre notification clockinst port_...

Page 198: ...onfiguration Syslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable disable Syslog RingTopologyChange enable disable Syslog Port port_list disable...

Page 199: ...Configuration Mode enable disable Open Ring 1stUplinkPort port 2ndUplinkPort port Vender moxx advantexx hirschmaxx SFP SFP syslog enable disable temp temperature Info Device Binding DeviceBinding Mode...

Page 200: ...st Port Addr port_list ip_addr mac_addr Port Alias port_list ip_addr Port DeviceType port_list unknown ip_cam ip_phone ap pc plc nvr Port Location port_list device_location Port Description port_list...

Page 201: ...port security Port based network access control 802 1x VLAN 802 1Q to segregate and secure network traffic Radius centralized password management SNMPv3 encrypted authentication and access security Ht...

Page 202: ...x D x H 5 x 6 44 x 6 07 inch Environmental Storage Temperature 40oC to 85oC 40oF to 18 5oF Operating Temperature 40oC to 85oC 40oF to 18 5oF Operating Humidity 5 to 95 Non condensing Regulatory appro...

Page 203: ...Alarm 256 SysName 512 SysDescription 768 SysLocation 1024 SysContact 4096 4115 PortStatus Port 1 VTSS_PORTS Value 0x0000 Link down 0x0001 Link up 0x0002 Disable 0xffff NoPort 4352 4371 PortSpeed Port...

Reviews:

No comments

Brands by name

Popular brands

Load more brands