IS5 COMMUNICATIONS iES28GF User Manual Download Page 152

Page: 152 / 205

iES28TG/iES28GF User Manual

152

iS5 Communications Inc.

Force

Unauthorized

In this mode, the switch will send one EAPOL Failure frame when the port link is

up, and any client on the port will be disallowed network access.

Port-based

802.1X

In an 802.1X network environment, the user is called the supplicant, the switch is the

authenticator, and the RADIUS server is the authentication server. The authenticator acts

as the man-in-the-middle, forwarding requests and responses between the supplicant and

the authentication server. Frames sent between the supplicant and the switch are special

802.1X frames, known as EAPOL (EAP Over LANs) frames which encapsulate EAP PDUs

(RFC3748). Frames sent between the switch and the RADIUS server is RADIUS packets.

RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch's

IP address, name, and the supplicant's port number on the switch. EAP is very flexible as it

allows for different authentication methods, like MD5-Challenge, PEAP, and TLS. The

important thing is that the authenticator (the switch) does not need to know which

authentication method the supplicant and the authentication server are using, or how

many information exchange frames are needed for a particular method. The switch simply

encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and

forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a

success or failure indication. Besides forwarding the result to the supplicant, the switch

uses it to open up or block traffic on the switch port connected to the supplicant.

Note: in an environment where two backend servers are enabled, the server

timeout is configured to X seconds (using the authentication configuration page),

and the first server in the list is currently down (but not considered dead), if the

supplicant retransmits EAPOL Start frames at a rate faster than X seconds, it will

never be authenticated because the switch will cancel on-going backend

authentication server requests whenever it receives a new EAPOL Start frame from

the supplicant. Since the server has not failed (because the X seconds have not

expired), the same server will be contacted when the next backend authentication

server request from the switch This scenario will loop forever. Therefore, the server

timeout should be smaller than the supplicant's EAPOL Start frame retransmission

rate.

Summary of Contents for iES28GF

Page 1: ...iES28TG iES28GF User s Manual Intelligent 28 Port Configurable Gigabit Ethernet Switch with 10GE Version 4 4 May 2017...

Page 2: ...fective within this warranty period including shipping costs This warranty does not cover product modifications or repairs done by persons other than iS5 approved personnel and this warranty does not...

Page 3: ...10 2 1 Front Panel 10 2 1 1 Ports and Connectors 10 2 1 2 Ports and Connectors iES28GF 12 2 1 3 LED 14 2 2 Rear Panel 15 Hardware Installation 16 3 1 Rack mount Installation for iES28GF 16 3 2 Rack mo...

Page 4: ...1 Basic Setting 43 5 1 2 Admin Password 44 5 1 3 Authentication Method 45 5 1 4 IP Setting 45 5 1 5 SNTP Configuration 47 5 1 6 Daylight Saving Time 48 5 1 7 Switch Time Configuration 49 5 1 8 RIP 50...

Page 5: ...munity Configurations 99 5 6 4 SNMP User Configurations 99 5 6 5 SNMP Group Configurations 102 5 6 6 SNMP View Configurations 103 5 6 7 SNMP Access Configurations 103 5 7 Traffic Prioritization 104 5...

Page 6: ...168 5 10 2 System Warning 168 5 11 Monitor and Diag 171 5 11 1 MAC Table 171 5 11 2 Port Statistics 173 5 11 3 Port Monitoring 176 5 11 4 System Log Information 176 5 11 5 VeriPHY Cable Diagnostics 1...

Page 7: ...laser system and is classified as a CLASS 1 LASER PRODUCT Use of controls or adjustments or performance of procedures other than those specified herein may result in hazardous radiation exposure Caut...

Page 8: ...support for Ethernet redundancy protocols such as iRing recovery time 20ms over 250 units of connection and MSTP RSTP STP compatible The switches can protect mission critical applications from network...

Page 9: ...Bytes Jumbo Frame Supports multiple notifications for incidents Supports management via Web based interfaces Telnet Console CLI and Windows utility iMSS Supports LLDP Protocol Supports Layer 3 iES28TG...

Page 10: ...odules otherwise the system will not detect newly inserted modules iS5Com Slots 1 3 Description CM28 BLK1 Blank Module slot 1 3 CM28 8GRJ45 MODULE 8 X 10 100 1000Base TX RJ45 CM28 2MMST FL MODULE 2 X...

Page 11: ...10 MODULE 2 x 1000LX Singlemode ST 10Km 1310nm CM28 4GSMST 10 MODULE 4 x 1000LX Singlemode ST 10Km 1310nm CM28 2GSMSC 40 MODULE 2 x 1000LX Singlemode SC 40Km 1310nm CM28 4GSMSC 40 MODULE 4 x 1000LX Si...

Page 12: ...ns based on your needs The iES28GF includes the following models Models Description iES28GF L2 Compliant IEC61850 3ed 2support and Layer 2 functionality iES28GF L3 future IEC61850 3support and Layer 3...

Page 13: ...0FX Singlemode SC 100Km 1550nm 2SMST100 2 x 100FX Singlemode ST 100Km 1550nm 4SMST100 4 x 100FX Singlemode ST 100Km 1550nm iS5Com Slot 4 Description XX None 2GRJ45 2 X 1000Base TX RJ45 4GRJ45 4 x 1000...

Page 14: ...1 3 LED LED Color Status Description PWR Green On System power on Green Blinking Upgrading firmware PW1 Green On Power module 1 activated PW2 Green On Power module 2 activated R M Green On Ring Maste...

Page 15: ...the rear of the switch are for the hot swappable power supply modules The power supply terminal block can be mounted in the front of the chassis or at the rear as shown The terminal block includes two...

Page 16: ...he switch using 4 M3 screws on each side screws provided with the switch Step 2 Place the switch in the rack and mount to the rack using the rack screws Note You can install the brackets either in the...

Page 17: ...iES28TG iES28GF User Manual 17 iS5 Communications Inc 3 2 Rack mount Installation for iES28TG The switch can be rack mounted using the hardware provided...

Page 18: ...unting rails Mount to the rack using rack screws at the front and rear ears 3 3 Module Installation iES28TG only 3 3 1 RJ 45 Module The iES28TG supports maximum of 3 8x10 100 1000Base T X configurable...

Page 19: ...tion Step 1 Turn offthe power to the switch Step 2 Insert the module in Slot 4 Step 3 Turn onthe power to the switch 1 The 10G slot can only accommodate a 10G module therefore do not insert non 10Giga...

Page 20: ...bserve all electrical codes dictating the maximum current allowable for each wire size 3 If the current goes above the maximum ratings the wiring could overheat causing serious damage to your equipmen...

Page 21: ...w 1 Remove the cover designed for protection from the terminalblock 2 Connect the ground from the first power source to GND1 terminal screw 3 Connect the Positive or Live from the first power source t...

Page 22: ...of the unit and remain energized unless a critical error occurs One common application for this output is to signal an alarm if a power failure or removal of control power occurs 3 4 Connection 3 4 1...

Page 23: ...are used for transmitting data and pins 3 and 6 are used for receiving data 10 100 Base T X RJ 45 Pin Assignments Pin Number Assignment 1 TD 2 TD 3 RD 4 Not used 5 Not used 6 RD 7 Not used 8 Not used...

Page 24: ...BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC Note and signs represent the polarity of the wires that make up each wire pair RS 232 console port wiring The iES28TG can be managed via the console port using the RS...

Page 25: ...iChain iRing Three or more switches can be connected together to form a ring topology with network redundancy capabilities byfollowing the steps below 1 Connect each switch to form a daisy chain usin...

Page 26: ...ch D Then enable Coupling Ring on the management page and select the coupling ring in correspondence to the connected port For more information on port setting please refer to 4 1 2 Configurations Onc...

Page 27: ...n Switch A B that you want to connect to the iRing and connect them to the switches in the ring Switch C D 2 In correspondence to the ports connected to the ring configure an edge port for both of the...

Page 28: ...gabit operation or 10 milliseconds in full duplex Fast Ethernet operation with up to 250 nodes The ring protocols identify one switch as the master of the network and then automatically block packets...

Page 29: ...o avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Used for connecting multiple rings A coupling ring needs four switches to build an ac...

Page 30: ...to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment of the chain fails iC...

Page 31: ...ovide network redundancy Network loops occur frequently in large networks when two or more paths run to the same destination broadcast packets could get in to an infinite loop and cause congestion in...

Page 32: ...page at regular intervals STP Port Status This page displays the STPport status for the currently selected switch Label Description Port The switch port number to which the following settings will be...

Page 33: ...mber of legacy STP configuration BPDU s received transmitted on the port TCN The number of legacy topology change notifications BPDU s received transmitted on the port Discarded Unknown The number of...

Page 34: ...l be delayed The range of valid values is 1 to 10 BPDUs per second Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 2 MSTP MSTP was dev...

Page 35: ...ath cost according to the physical link speed by using the 802 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for th...

Page 36: ...on The name should not exceed 32 characters Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI The bridge i n s t a n c e The CIST i...

Page 37: ...ber and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 3 CIST With the...

Page 38: ...ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above Op...

Page 39: ...otifications and topology changes to other ports If se t it will cause temporary disconnection after changes in an active spanning trees topology as a result of persistent incorrectly learned station...

Page 40: ...a MRP manager and can only have one manager If two or more switches are set to be Managers at the same time the MRP topology will fail React on Link Change Advanced mode Faster mode Enabling this func...

Page 41: ...munications Inc Label Description Enable Enables fast recovery mode Port Ports can be set to 12 priorities Only the port with the highest priority will be the active port 1 st Priority is the highest...

Page 42: ...consumption but also enhances access speed and provides a user friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser settin...

Page 43: ...ppears Note Session timeout is 10 minutes On the right hand side of the management interface it shows links to various settings Click on the links to access the configuration pages to different functi...

Page 44: ...ng length is 0 to 255 and only ASCII characters from 32 to 126 are allowed System Contact The textual identification of the contact person for this managed node together with information on how to con...

Page 45: ...management interfaces Label Description Client The management client for which the configuration belowapplies Authentication Method Authentication Method can be set to one of the following values Non...

Page 46: ...be used as IPv4 interface address A value of zero disables the fallback mechanism such that DHCP will keep retrying until a valid lease is obtained Legal values are 0 to 4294967295 seconds IPv4 DHCP...

Page 47: ...route will have a mask length of 0 as it will match anything Gateway The IP address of the IP gateway Valid format is dotted decimal notation Next Hop VLAN The VLAN ID VID of the specific IPv6 interf...

Page 48: ...ve changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 6 Daylight Saving Time This page allows you to configure the Time Zone Label Description Time Zone Con...

Page 49: ...Day Select the starting day Recurring Month Select the starting month Date Select the starting date Non Recurring Year Select the starting year Non Recurring Hours Select the starting hour Minutes Sel...

Page 50: ...conds Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values 5 1 8 RIP Configure RIP on this page Label Description Mode Indicates the RIP operatio...

Page 51: ...s no group VRIP Virtual Router IP Default IP If this VLAN gets into backup state from master state this interface would recover by this IP Save Click to save changes 5 1 10 HTTPS Configure HTTPS setti...

Page 52: ...bel Description Port The switch port number to which the following settings will be applied Mode Indicates the selected LLDP mode Rx only the switch will not send out LLDP information but LLDP informa...

Page 53: ...port Port Description The description of the port advertised by the neighbor System Name The name advertised by the neighbor System Capabilities Description of the neighbor s capabilities The capabil...

Page 54: ...tries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows...

Page 55: ...d discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Age Outs Each LLDP frame contains information abo...

Page 56: ...may fail to function afterwards Upgrade takes 10 minutes or more based on connection bandwidth 5 1 16 Modbus TCP This page shows Modbus TCP support of the switch For more information regarding Modbus...

Page 57: ...Mask The subnet mask Router The IP address of the gateway DNS The IP address of the Domain Name Server Lease Time Lease timer counted in seconds TFTP Server The IP address of the TFTP Sever Option 66...

Page 58: ...y to static table 5 2 3 DHCP Static Client List You can assign a specific IP address within the dynamic IP range to a specific port When a device is connected to the port and requests for dynamic IP a...

Page 59: ...et domain You can configure the function on the following page Relay Label Description Relay Mode Indicates the existing DHCP relay mode The modes include Enabled activate DHCP relay When DHCP relay i...

Page 60: ...2 into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to a DHCP client It only works when the DHCP relay mode is enabled Disabled disable DHCP rel...

Page 61: ...etting Port Setting allows you to manage individual ports of the switch including traffic power and trunks 5 3 1 Port Control This page shows current port configurations Ports can also be configured h...

Page 62: ...figured Link Speed The drop down list provides available link speed options for a given switch port Auto selects the highest speed supported by the link partner Disabled disables switch port configura...

Page 63: ...ess is enabled DestinationMAC Address Calculates the destination port of the frame You can check this box to enable the destination MAC address or uncheck to disable By default Destination MACAddress...

Page 64: ...hanges made locally and revert to previously saved values LACP Port This page allows you to enable LACP functions to group ports together to form single virtual links thereby increasing the bandwidth...

Page 65: ...ority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role...

Page 66: ...ans the port cannot join in the aggregation group unless other ports are removed and is in disabled LACP status Key The key assigned to this port Only ports with the same key can be Aggregated Aggr ID...

Page 67: ...The number of unknown or illegalLACP frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular Intervals Clea...

Page 68: ...d value is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Label Description Port Switch port number Enable Activate loop protection func...

Page 69: ...t which connects to the MRP ring 5 4 2 iRing iS5 supports three ring topologies Ring Master Coupling Ring and Dual Homing You can configure the settings in the interface below Label Description iRing...

Page 70: ...h ring to the normal switches in RSTP mode Save Click to apply the configurations 5 4 3 iChain iChain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Oth...

Page 71: ...sable STP and RSTP Bridge Priority 0 61440 A value used to identify the root bridge The bridge with the lowest value highest priority is selected as the root If the value changes the switch must be re...

Page 72: ...s are in the range 1 to 200000000 Priority 0 240 Enter which port should be blocked by setting the priority on the LAN Enter a number between 0 and 240 The value of priority must be a multiple of 16 A...

Page 73: ...age at regular intervals Refresh Click to refresh the page immediately Root Bridge ID The Bridge ID of this Bridge instance Root Port The switch port currently assigned the root port role Path Cost Ro...

Page 74: ...nfigured as an edge port and directly connected to an end station and cannot create a bridging loop False means OperEdge disabled OperP2P Some of the rapid state transactions that are possible within...

Page 75: ...MaxAge must be FwdDelay 1 2 Transmit Hold Count The number of BPDUs a bridge port can send per second When exceeded transmission of the next BPDU will be delayed The range of valid values is 1 to 10...

Page 76: ...an integer between 0 and 65535 MSTI The bridge i n s t a n c e The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANS Mapped The list of VLAN s mapped...

Page 77: ...ity The bridge priority MSTI instance number and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to pr...

Page 78: ...ces or not no bridges attached Transiting to the forwarding state is faster for edge ports operEdge set to true than other ports AdminEdge Configures the operEdge flag to start as set or cleared the i...

Page 79: ...frequently Point to Point Configures whether the port connects to a point to point LAN rather than a shared medium This can be configured automatically or set to true or false manually Transiting to...

Page 80: ...path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 2000000...

Page 81: ...e last Topology Change occurred Refresh Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Port Status This page displays...

Page 82: ...e port RSTP The number of RSTP configuration BPDU s received transmitted on the port STP The number of legacy STP configuration BPDU s received transmitted on the port TCN The number of legacy topolog...

Page 83: ...riority is the highest Save Click to save the configurations 5 5 VLAN 5 5 1 VLAN Membership You can view and change VLAN membership configurations for a selected switch stack in this page Up to 64 VLA...

Page 84: ...the port from the VLAN By default no ports are members of a newly created VLAN Add New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Vali...

Page 85: ...rt will be discarded By default the field is set to All Port VLAN Mode The allowed values are None or Specific This parameter affects VLAN ingress and egress processing If None is selected a VLAN tag...

Page 86: ...Unaware port will be set to 0x8100 The final status of the frame after egressing will also be affected by the Egress Rule C port When the port receives untagged frames an untagged frame obtains a tag...

Page 87: ...PVID and is forwarded When the port receives tagged frames If the tagged frame contains a TPID of 0x8100 it will be forwarded If the TPID of tagged frame is not 0x88A8 ex 0x8100 it will be discarded T...

Page 88: ...iES28TG iES28GF User Manual 88 iS5 Communications Inc...

Page 89: ...G iES28GF User Manual 89 iS5 Communications Inc Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLANAccess mode Untagged 20 Port 8 is VLANAccess mode Untagged 10 Below are the switch set...

Page 90: ...iES28TG iES28GF User Manual 90 iS5 Communications Inc VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Page 91: ...iES28TG iES28GF User Manual 91 iS5 Communications Inc VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Page 92: ...8TG iES28GF User Manual 92 iS5 Communications Inc VLAN QinQ Mode VLANQinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN iES28TG Port 1 VLAN Sett...

Page 93: ...fied here Private VLANs can be added or deleted here Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLAN...

Page 94: ...pty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are not...

Page 95: ...ed port isolation is disabled for that port By default port isolation is disabled for all ports Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the p...

Page 96: ...v1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table Write Community Indicates the write community string to permit acc...

Page 97: ...rap mode Disabled disable SNMP trap mode Delete Check to delete the entry It will be deleted during the next save Trap Name Indicates the trap Configuration s name The allowed string length is 0 to 25...

Page 98: ...Configures the retry times for SNMP trap inform The allowed range is 0 to 255 Trap Probe Security Engine ID Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabl...

Page 99: ...set Click to undo any changes made locally and revert to previously saved values 5 6 3 SNMP Community Configurations This page allows you to configure SNMPv3 community table The entry index key is Com...

Page 100: ...ent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID is the same as system e...

Page 101: ...must be set correctly at the time of entry creation Authentication Password A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For...

Page 102: ...uded v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name Astring identifying the security name that this entry should belong to The allowed string length is...

Page 103: ...ndicate that this view subtree should be included Excluded An optional flag to indicate that this view subtree should be excluded Generally if an entry s view type is Excluded it should exist in anoth...

Page 104: ...long to Possible security models include NoAuth NoPriv no authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The names o f t h...

Page 105: ...icted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 13200 when the Unit is Mbps or kfps Unit Controls the unit of measure for the storm control rate as kbps Mbps fps or kfps Th...

Page 106: ...eue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag a...

Page 107: ...led by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the ta...

Page 108: ...for all switch ports Label Description Port The switch port number to which the following settings will be applied Click on the port number to configure tag remarking Mode Shows the tag remarking mode...

Page 109: ...late Check to enable ingress translation 2 Classify Classification has 4 different values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected...

Page 110: ...the rate of each policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps or fps and is restricted to 1 to 3300 when the Unit is Mbps or kfps Unit Configures...

Page 111: ...easurement for each queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled Save Click to save changes Reset Click to und...

Page 112: ...ll be applied Click on the port number to configure the shapers Details for configuration can be found in the QoS Egress Port Scheduler and Shapers section Qn Shows disabled or actual port shaper rate...

Page 113: ...restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use excess bandwidth Port Shaper Enable Check to ena...

Page 114: ...cted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is...

Page 115: ...restricted to 1 to 3300 when the Unit is Mbps Port Shaper Unit Configures the unit of measurement for each port shaper rate as kbps or M bps The default value is kbps Save Click to save changes Reset...

Page 116: ...es are treated as a non IP frame QoS Class QoS class value can be any number from 0 7 DPL Drop Precedence Level 0 3 Save Click to save changes Reset Click to undo any changes made locally and revert t...

Page 117: ...rs include Remap controls the remapping for frames You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges from 0 to 63 Save Click to save changes Reset Click t...

Page 118: ...s Inc 5 7 13 QoS Control List This page shows the QoS Control List QCL which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on t...

Page 119: ...estination MAC type can be unicast UC multicast MC broadcast BC or Any Frame Type can be the following values Any Ethernet LLC SNAP IPv4 IPv6 Note all frame types are explained below Any Allowall type...

Page 120: ...e a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IPv6 Protocol IP protocol number Other 0 255 TCP UDP or Any Source IP IPv6 source address a b c...

Page 121: ...s the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of Q...

Page 122: ...e value displayed under DSCP column Conflict Displays the conflict status of QCL entries As hardware resources are shared by multiple applications resources required to add a QCE may not be available...

Page 123: ...n IGMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting Router Port Specifies which ports act as router ports A router...

Page 124: ...displayed table Use the button to start over Label Description Delete Check to delete the entry The designated entry will be deleted during the next save VLAN ID The VLANID of the entry IGMP Snooping...

Page 125: ...ies Querier Received The number of transmitted Queries V1 Reports Received The number of received V1 reports V2 Reports Received The number of received V2 reports V3 Reports Received The number of rec...

Page 126: ...isplayed table starting from that or the next closest IGMP Group Table match In addition the two input fields will upon a refresh button click assume the value of the first displayed entry allowing fo...

Page 127: ...owed values are Enabled frames received on the port are stored in the system log Disabled frames received on the port are not logged The default value is Disabled Please note that system log memory ca...

Page 128: ...s packet per second pps The allowed values are 0 131071 in pps Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ACL Control List This page...

Page 129: ...us is don t care Specific If you want to filter a specific policy with this ACE choose this value Two fields for entering a policy value and bitmask appears 8 Policy Value Enter a range between 0 and...

Page 130: ...rate is limited Shutdown Specifies the shutdown operation of the ACE The allowed values are Enabled if a frame matches the ACE the ingress port will be disabled Disabled port shutdown is disabled for...

Page 131: ...xx xx xx xx xx xx Frames matching the ACE will use this DMAC value Label Description VLAN ID Filter Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter status i...

Page 132: ...protocol frames Extra fields for defining UDP parameters will appear For more details of these fields please refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for...

Page 133: ...P address in the SIP Address field that appears Network source IP filter is set to Network Specify the source IP address and source IP mask in the SIPAddress and SIPMask fields that appear SIP Address...

Page 134: ...nder IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP...

Page 135: ...allowed don t care IP Ethernet Length Specifies whether frames will meet the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames...

Page 136: ...ou can enter a specific ICMP value The allowed range is 0 to 255 Aframe matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE Any no ICMP code filter is...

Page 137: ...e allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source range TCP UDP Destination Filter Specifies the TCP UDP destination filter for the ACE Any no TCP UDP destination fil...

Page 138: ...P PSH Specifies the TCPPSH push function value for the ACE 0 TCP frames where the PSHfield is set must not be able to match this entry 1 TCP frames where the PSHfield is set must be able to match this...

Page 139: ...Pv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other Th...

Page 140: ...refresh Check to enable an automatic refresh of the page at regular intervals 5 9 2 AAA AAA Radius Server Configuration This page allows you to configure RADIUS servers Label Description Timeout Time...

Page 141: ...address of the outgoing interface is used NAS Identifier Attribute 32 The identifier up to 255 characters long to be used as attribute 32 in RADIUS Access Request packets If this field is left blank t...

Page 142: ...is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept acce...

Page 143: ...lect drop down box determines which server s information is shown by selecting server n Where n is a server 1 to 5 Auto refresh Check this box to refresh the page automatically Automatic refresh occur...

Page 144: ...ver Rx Unknown Types radiusAuthClientExtUnk nownTypes The number of RADIUS packets that were received with unknown types from the server on the authentication port and dropped Rx Packets Dropped radiu...

Page 145: ...e is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will g...

Page 146: ...accounting port Rx Packets Dropped radiusAccClientExtPack etsDropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Tx Reques...

Page 147: ...RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been...

Page 148: ...r Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS serve...

Page 149: ...form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be con...

Page 150: ...ged into a switch port For MAC based ports re authentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and there...

Page 151: ...e modes using the Port Security functionality to secure MAC addresses MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS serve...

Page 152: ...ethod the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into th...

Page 153: ...characteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communications between the supplicant and...

Page 154: ...Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as the destination MA...

Page 155: ...ion has nothing to do with the 802 1Xstandard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch...

Page 156: ...whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect on successfully authent...

Page 157: ...the port Refer to NAS Port State for more details regarding each value Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most...

Page 158: ...ch value Port n The port select drop down box determines which port s information is shown by selecting port n Where n is a valid port number Auto refresh Check this box to refresh the page automatica...

Page 159: ...EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoffFra mesRx The number of valid EAPOL Logoff frames that have been received by the switch Rx Invalid Type dot1xAuth...

Page 160: ...t Indicates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAut hSuccesses 802 1X and MAC based Counts the number of times that the switch receiv...

Page 161: ...laced next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Label Description MA...

Page 162: ...escription Port Port number of the remote client IP Address IP address of the remote client 0 0 0 0 means any IP Web Check to enable management via a Web interface Telnet Check to enable management vi...

Page 163: ...ead Stream Check Active Check to enable stream check When enabled the switch will detect the stream change getting low from the device Stream Check Status Indicates stream check status Possible status...

Page 164: ...e does not have an alias IP address Alive Check You can use ping commands to check port link status If port link fails you can set actions from the list Label Description Link Change Disables or enabl...

Page 165: ...al normal sensibility Medium medium sensibility High high sensibility Packet Type Indicates the types of DDoS attack packets to be monitored Possible types are RX Total all ingress packets RX Unicast...

Page 166: ...gs the event Shunt Down the Port shuts down the port No Link and logs the event Only Log it simply logs the event Reboot Device if PoE is supported the device can be rebooted The event will be logged...

Page 167: ...er Location Address Indicates location information of the device The information can be used for Google Mapping Description Device descriptions Stream Check This page allows you to configure stream ch...

Page 168: ...nel will light up and the electric relay will signal at the same time Select the events to cause the Fault Alarm then click Save at the bottom of the screen to save the changes 5 10 2 System Warning S...

Page 169: ...nowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server does not exist Possible m...

Page 170: ...tion username Password the authentication password Confirm Password re enter password Recipient E mail Address The recipient s e mail address allows a total number of six recipients Apply Click to act...

Page 171: ...Failure Alerts when SNMP authentication fails Redundant Ring Topology Change Alerts when there is a ring topology change Port Event SYSLOG Select the SYSLOG event for a specific port number Possible...

Page 172: ...ly static MAC entries are learned allother frames are dropped Note make sure the link used for managing the switch is added to the static Mac table before changing to secure learning mode otherwise th...

Page 173: ...t in the MAC table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC table match In addition the two input fields will upon clicking Refresh assume...

Page 174: ...the same row Click on a port to go to that ports Detailed Statistics page Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Er...

Page 175: ...categories based on their respective frame sizes Rx and Tx Queue Counters The number of received and transmitted packets per input and output queue Rx Drops The number of frames dropped due to insuff...

Page 176: ...to be copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or dest...

Page 177: ...f the switch Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Updates system log entries starting from the current entry ID Clear Flushes all system...

Page 178: ...e running VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port The port for which...

Page 179: ...all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 i...

Page 180: ...ut enable the 1 pps clock input Disable disable the 1 pps clock in out put External Enable The boxallows you to configure external clock output The following values are possible True enable external c...

Page 181: ...ck P2p Transp peer to peer transparent clock E2e Transp end to end transparent clock Master Only master only Slave Only slave only Port List Set check mark for each port configured for this Clock Inst...

Page 182: ...e which master clocks to request Announce and Sync messages from For more information please refer to Unicast Slave Configuration VLAN Tag Enable Enables VLAN tagging for PTP frames Note Packets are o...

Page 183: ...the switch is restored to factory defaults Label Description Yes Click to reset the configuration to factory defaults No Click to return to the System Information page without resetting 5 14 System R...

Page 184: ...Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable Follow the steps belowto access the console via RS 232 serial cable 1 Sta...

Page 185: ...Manual 185 iS5 Communications Inc 4 Press Enter for the Console login screen to appear Use the keyboard to enter the Console Username and Password which is same as the Web Browser password admin for b...

Page 186: ...Follow the steps belowto access the console via Telnet 1 Connect your PC to one of the Ethernet ports of the switch via an Ethernet cable 2 Telnet to the IP address of the switch from the Windows Run...

Page 187: ...iES28TG iES28GF User Manual 187 iS5 Communications Inc Command Groups...

Page 188: ...ng error Log Clear all info warning error Timezone Configuration Timezone Offset offset Timezone Acronym acronym DST Configuration DST Mode disable recurring non recurring DST start week day month dat...

Page 189: ...Configuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx 10gfdx State port_list enable disable Port MaxFrame port_list max_frame Excessive port_list discard restart Statis...

Page 190: ...nas all Name Add name vid Name Delete name Name Lookup name Status port_list combined static nas mstp all conflicts Private VLAN Configuration port_list Add pvlan_id port_list PVLAN Delete pvlan_id L...

Page 191: ...Statistics Add stats_id data_source Statistics Delete stats_id Statistics Lookup stats_id History Add history_id data_source interval buckets History Delete history_id History Lookup history_id Alarm...

Page 192: ...eapol radius Security Network ACL Security Network ACL Configuration port_list Action port_list permit deny rate_limiter port_redirect mirror logging shutdown Policy port_list policy Rate rate_limite...

Page 193: ...AAA Security AAA Configuration Radius server timeout timeout Radius server retransmit retransmit Radius server deadtime deadtime radius server key key radius server nas ip address ipv4_addr disable ra...

Page 194: ...st enable disable Port RestrictedTcn stp_port_list enable disable Port bpduGuard stp_port_list enable disable Port Statistics stp_port_list clear Port Mcheck stp_port_list Msti Port Configuration msti...

Page 195: ...n Map port_list pcp_list dei_list class dpl Port Classification DSCP port_list enable disable Port Policer Mode port_list enable disable Port Policer Rate port_list rate Port Policer Unit port_list kb...

Page 196: ...class_list dpl_list dscp DSCP EgressRemap dscp_list dpl_list dscp Port Storm Unicast port_list enable disable rate kbps fps Storm Multicast enable disable packet_rate Port Storm Broadcast port_list en...

Page 197: ...Lookup index User Add engineid user_name MD5 SHA auth_password DES AES priv_password User Delete index User Changekey engineid user_name auth_password priv_password User Lookup index Group Add securi...

Page 198: ..._name enable disable Trap Event AAA Authentication Failure conf_name enable disable Trap Event Switch STP conf_name enable disable Trap Event Switch RMON conf_name enable disable Firmware Firmware Loa...

Page 199: ...lockMode one_pps_mode ext_enable clockfreq vcxo_enable OnePpsAction one_pps_clear DebugMode clockinst debug_mode Wireless mode clockinst port_list enable disable Wireless pre notification clockinst po...

Page 200: ...t Configuration Syslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable disable Syslog RingTopologyChange enable disable Syslog Port port_list disab...

Page 201: ...ng Configuration Mode enable disable Open Ring 1stUplinkPort port 2ndUplinkPort port Vender moxx advantexx hirschmaxx SFP SFP syslog enable disable temp temperature Info Device Binding DeviceBinding M...

Page 202: ..._list Port Addr port_list ip_addr mac_addr Port Alias port_list ip_addr Port DeviceType port_list unknown ip_cam ip_phone ap pc plc nvr Port Location port_list device_location Port Description port_li...

Page 203: ...Port rate limiting User Define Jumbo frame Up to 10K Bytes Security Features Device Binding security feature Enable disable ports M AC based port security Port based network access control 802 1x Sin...

Page 204: ...isplay system Link Act LK ACT Speed SPD Duplex FDX Remote RMT green LED indicator x 4 Mode select Button MODE Link Act LK ACT Speed SP D Duplex FDX Remote RMT mode select button Port 1 28 Link Act LK...

Page 205: ...e 512 SysDescription 768 SysLocation 1024 SysContact 4096 PortStatus Port 1 VTSS_PORTS Value 0x0000 Link down 0x0001 Link up 0x0002 Disable 0xffff NoPort 4352 PortSpeed Port 1 VTSS_PORTS Value 0x0000...

Search results

Summary of Contents for iES28GF

Reviews:

Related manuals for iES28GF

Brands by name

Popular brands

IS5 COMMUNICATIONS iES28GF, User Manual

Search results

Summary of Contents for iES28GF

Reviews:

Related manuals for iES28GF

Brands by name

Popular brands