manualshive.com logo in svg

KTI Networks KGS-1064-HP, User Manual

The KTI Networks KGS-1064-HP is a high-performance network switch that offers seamless connectivity and efficient data transfer. Unlock the full potential of this powerful device with the comprehensive and user-friendly User Manual available for free download at manualshive.com. Discover all the features and functionalities hassle-free, just a few clicks away.

Share
Download
background image

-58- 

life-time of the port. Once the switch considers whether to enter the Guest VLAN, it 

will first check if this option is enabled or disabled. If disabled (unchecked; default), 

the switch will only enter the Guest VLAN if an EAPOL frame has not been received 

on the port for the life-time of the port. If enabled (checked), the switch will consider 

entering the Guest VLAN even if an EAPOL frame has been received on the port for 

the life-time of the port. The value can only be changed if the Guest VLAN option is 

globally enabled.   

 

   

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

   

 

 

 

 

 

 

 

 

Port Configuration 

Description 

 

   

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

   

 

 

 

 

 

 

 

 

Port 

The port number for which the configuration below applies.   

Admin State   

If NAS is globally enabled, this selection controls the port's authentication mode. The 

following modes are available: 

 

 

 

Force Authorized: 

In this mode, the switch will send one EAPOL Success frame 

when the port link comes up, and any client on the port will be allowed network 

access without authentication.   

 

Force Unauthorized: 

In this mode, the switch will send one EAPOL Failure frame 

when the port link comes up, and any client on the port will be disallowed network 

access.   

 

Port-based 802.1X: 

In the 802.1X-world, the user is called the supplicant, the switch 

is the authenticator, and the RADIUS server is the authentication server. The 

authenticator acts as the man-in-the-middle, forwarding requests and responses 

between the supplicant and the authentication server. Frames sent between the 

supplicant and the switch are special 802.1X frames, known as EAPOL (EAP Over 

LANs) frames. EAPOL frames encapsulate EAP PDUs (RFC3748). Frames sent 

between the switch and the RADIUS server are RADIUS packets. RADIUS packets 

also encapsulate EAP PDUs together with other attributes like the switch's IP address, 

name, and the supplicant's port number on the switch. EAP is very flexible, in that it 

allows for different authentication methods, like MD5-Challenge, PEAP, and TLS. 

The important thing is that the authenticator (the switch) doesn't need to know which 

authentication method the supplicant and the authentication server are using, or how 

Summary of Contents for KGS-1064-HP

Page 1: ... 1 KGS 1064 HP Web Management Interface User s Manual Software Rev 1 0 or up DOC 170505 ...

Page 2: ...e and modify the software and its source code is granted Permission to integrate into other products disclose transmit and distribute the software in an absolute machine readable format e g HEX file is also granted The software may only be used in products utilizing the Vitesse switch products C 2016 KTI Networks Inc All rights reserved No part of this documentation may be reproduced in any form o...

Page 3: ...content from time to time without obligation on the part of KTI Networks Inc to provide notification of such revision or change For more information contact 15F 7 No 79 Sec 1 Hsin Tai Wu RD His chih New Taipei City Taiwan Fax 886 2 26983873 E mail kti ktinet com tw URL http www ktinet com tw ...

Page 4: ...t VID MVID Operation Rules 19 2 1 3 IPv6 19 2 1 4 NTP 21 2 1 5 Time 22 2 1 6 Log 24 2 2 Power Reduction 25 2 2 1 EEE 25 2 3 Thermal Protection 27 2 4 Ports 28 2 5 Security 30 2 5 1 Switch 30 2 5 1 1 Users 30 2 5 1 2 Privilege Level 32 2 5 1 3 Auth Method 34 2 5 1 4 SSH 35 2 5 1 5 HTTPS 36 2 5 1 6 Access Management 37 2 5 1 7 SNMP 38 2 5 1 7 1 System 38 2 5 1 7 2 Communities 41 2 5 1 7 3 Users 42 2...

Page 5: ... 2 3 3 Access Control List 67 2 5 2 4 DHCP 69 2 5 2 4 1 Snooping 69 2 5 2 4 2 Relay 70 2 5 2 5 IP Source Guard 71 2 5 2 5 1 Configuration 71 2 5 2 5 2 Static Table 72 2 5 2 6 ARP Inspection 73 2 5 2 6 1 Configuration 73 2 5 2 6 2 Static Table 74 2 5 3 AAA 75 2 6 Aggregation 77 2 6 1 Static 77 2 6 2 LACP 78 2 7 Loop Protection 79 2 8 Spanning Tree 80 2 8 1 Bridge Settings 81 2 8 2 MSTI Mapping 83 2...

Page 6: ...rt Group Filtering 99 2 11 LLDP 101 2 11 1 LLDP 101 2 11 2 LLDP MED 103 2 12 PoE 109 2 12 1 PoE Redundancy Support 111 2 13 MAC Table 113 2 14 VLANs 114 2 14 1 Abbreviation 114 2 14 2 VLAN Membership 115 2 14 3 Ports 117 2 15 Private VLANs 120 2 15 1 PVLAN Membership 120 2 15 2 Port Isolation 121 2 16 Voice VLAN 122 2 16 1 Configuration 122 2 16 2 OUI 124 2 17 QoS 125 2 17 1 Port Classification 12...

Page 7: ...r Alarm Configuration 152 2 23 ALS Auto Laser Shutdown Configuration 153 3 Monitor 154 3 1 System 155 3 1 1 Information 155 3 1 2 CPU Load 156 3 1 3 Log 157 3 1 4 Detailed Log 158 3 2 Thermal Protection 158 3 3 Ports 159 3 3 1 State 159 3 3 2 Traffic Overview 160 3 3 3 QoS Statistics 160 3 3 4 QCL Status 161 3 3 5 Detailed Statistics 162 3 4 Security 164 3 4 1 Access Management Statistics 164 3 4 ...

Page 8: ...3 2 RADIUS Details 174 3 4 4 Switch RMON 178 3 4 4 1 Statistics 178 3 4 4 2 History 179 3 4 4 3 Alarm 180 3 4 4 4 Event 180 3 5 LACP 182 3 5 1 System Status 182 3 5 2 Port Status 182 3 5 3 Port Statistics 183 3 6 Loop Protection 184 3 7 Spanning Tree 185 3 7 1 Bridge Status 185 3 7 2 Port Status 185 3 7 3 Port Statistics 186 3 8 MVR 187 3 8 1 Statistics 187 3 8 2 MVR Channel Groups 187 3 8 3 MVR S...

Page 9: ...LDP MED Neighbours 194 3 10 3 PoE 197 3 10 4 EEE 198 3 10 5 Port Statistics 199 3 11 PoE 201 3 12 MAC Table 203 3 13 VLANs 204 3 13 1 VLAN Membership 204 3 13 2 VLAN Ports 205 3 14 sFlow 207 3 15 Multi Ring Status 209 3 16 Relay Alarm Status 210 4 Diagnostics 211 4 1 Ping Ping6 211 4 2 VeriPHY 213 4 3 SFP DDM 215 5 Maintenance 216 5 1 Restart Device 216 5 2 Factory Defaults 217 5 3 Software 217 5 ...

Page 10: ... 10 5 4 Configuration 219 5 4 1 Save 219 5 4 2 Upload 220 Glossary 221 ...

Page 11: ...efore the switch can be managed from web browser software make sure a unique IP address is configured for the switch 1 1 Start Browser Software and Making Connection Start your browser software and enter the IP address of the switch unit to which you want to connect The IP address is used as URL for the browser software to search the device URL http xxx xxx xxx xxx Factory default IP address 192 1...

Page 12: ...successfully a Login screen is provided for you to login to the device as the left display below Port State Overview page is displayed after a successful login Logout button and Show Help button Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds ...

Page 13: ...atus Description RJ 45 port disabled RJ 45 port link down RJ 45 port link up SFP port disabled SFP port link down SFP port link in 1G full duplex SFP port link in 100M full duplex The switch can accept more than one successful management connection simultaneously ...

Page 14: ...uration frame size and power saving control Security Switch UI authentication configuration Port access security control Aggregation Static and LACP port link aggregation related configuration Loop Protection Configuration for port loop detection and protection Spanning Tree STP bridge MSTI and CIST configuration MVR MVR feature enables multicast traffic forwarding on the Multicast VLANs IPMC IGMP...

Page 15: ...and status Ports Port link status traffic statistics QoS statistics Security Switch UI authentication Port access security status LACP LACP system and port status Loop Protection Display port configuration and status for loop protection Spanning Tree Bridge status Port status and RSTP STP MSTP statistics MVR Display IGMP and MLD snooping status and counters IPMC IGMP Snooping MLR snooping groups l...

Page 16: ...e Command to reboot the switch Factory Defaults Command to restore the switch with factory default settings Software Command to update the switch firmware Configuration Command to save or upload the system configuration ...

Page 17: ...z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126...

Page 18: ...Proxy When DNS proxy is enabled DUT will relay DNS requests to the current configured DNS server on DUT and reply as a DNS resolver to the client device on the network Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Renew Click to renew DHCP This button is only available if DHCP is enabled Note 1 If DHCP fails and the configured IP ...

Page 19: ...MVID Untagged S custom port Untagged PVID MVID Untagged S custom tag tagged VID MVID Untagged 2 1 3 IPv6 Configuration Description Auto Configuration DHCP Client Enable IPv6 auto configuration by checking this box If system cannot obtain the stateless address in time the configured IPv6 settings will be used The router may delay responding to a router solicitation for a few seconds the total time ...

Page 20: ...h field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Renew Click to...

Page 21: ... NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 a...

Page 22: ... can contain _ or Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disable to disable the Daylight Saving Time configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving T...

Page 23: ...g minute End time settings Month Select the ending month Date Select the ending day Year Select the ending year number Hours Select the ending hour Minutes Select the ending minute Offset Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 24: ...The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled Enable server mode operation Disabled Disable server mode operation Server Address Indicates the IPv4 host address of syslog server If the switch provide DNS feature it also can be a host name Syslog Level Indicates what kind of message will send to syslog server Possible modes are Info Send ...

Page 25: ...e wakeup time information using the LLDP protocol For maximizing power savings the circuit isn t started at once transmit data is ready for a port but is instead queued until 3000 bytes of data is ready to be transmitted For not introducing a large delay in case that data less then 3000 bytes shall be transmitted data are always transmitted after 48 us giving a maximum latency of 48 us the wakeup ...

Page 26: ...EEE port Enabled Controls whether EEE is enabled for this switch port EEE Urgent Queues Queues set will activate transmission of frames as soon as data is available Otherwise the queue will postpone transmission until 3000 bytes are ready to be transmitted Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 27: ...is possible to arrange the ports with different priorities Each priority can be given a temperature at which the corresponding ports shall be turned off Configuration Description Temperature settings for priority groups Temperature The temperature at which the ports with the corresponding priority will be turned off Temperatures between 0 and 255 are supported Port Priorities The priority the port...

Page 28: ...ven switch port Disabled disables the switch port operation Auto selects the highest speed that is compatible with a link partner 10Mbps HDX selects fixed 10Mbps and half duplex 10Mbps FDX selects fixed 10Mbps and full duplex 100Mbps HDX selects fixed 100Mbps and half duplex 100Mbps FDX selects fixed 100Mbps and full duplex 1Gbps FDX selects auto negotiation 1000Mbps and full duplex Flow Control C...

Page 29: ...ions default Restart Restart back off algorithm after 16 collisions Power Control The configured column allows for changing the power savings mode parameters per port Disabled All power savings mechanisms are disabled ActiPHY Link down power savings is enabled PerfectReach Link up power savings is enabled Enabled Both link up and link down power savings are enabled Link Alarm Port link fault alarm...

Page 30: ...er to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be ...

Page 31: ...l User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most group privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator accoun...

Page 32: ... privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contains more than one The following description defines these privilege level groups in details System Contact Name Location Timezone Daylight Saving Time Log Security Authentication System Access Management Port contains Dot1x port ...

Page 33: ... and everything in Maintenance Debug Only present in CLI Privilege Levels Every group has an authorization Privilege level for the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics User Privilege should be same or greater than the authorization Privilege level to have the access to t...

Page 34: ...n is not possible local use the local user database on the switch stack for authentication radius use a remote RADIUS server for authentication tacacs use a remote TACACS server for authentication Fallback Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user database is used for authentication This is only possible i...

Page 35: ...n Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 36: ...Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation It is only significant if HTTPS mode Enabled is selected Automatically redirects web browser to an HTTPS connection when both HTTPS mode and Automatic Redirect are enabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Save Click to save the ch...

Page 37: ...address for the access management entry End IP Address Indicates the end IP address for the access management entry HTTP HTTPS Indicates that the host can access the switch from HTTP HTTPS interface if the host IP address matches the IP address range provided in the entry SNMP Indicates that the host can access the switch from SNMP interface if the host IP address matches the IP address range prov...

Page 38: ...de Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c ...

Page 39: ...ommunity string a particular range of source addresses can use to restrict source subnet Engine ID Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users Trap Configuration Description Trap Mode Indicates the SNMP trap mode operation Possible mod...

Page 40: ...ange is 0 2147 Trap InformRetryTimes Indicates the SNMP trap inform retry times The allowed range is 0 255 TrapProbeSecurityEngineID Available for SNMP v3 indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID mode of operation Disabled Disable SNMP trap probe security engine ID mode of operation Trap Security Engine...

Page 41: ...nity string will treat as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of source addresses can use to restrict source subnet when combined with source mask Source Mask Indicates the SNMP access source address mask Add New Entry Click to add a new community entry Delete Click to cancel the new entry Save Click to sa...

Page 42: ... The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The value of security level cannot be modified if entry alrea...

Page 43: ...SCII characters from 33 to 126 Add New Entry Click to add a new entry Delete Click to cancel the new entry Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add New Entry 2 5 1 7 4 Groups Configuration Description Delete Check to delete the entry It will be deleted during the next save Security Model Indicates the security model...

Page 44: ...hanges Reset Click to undo any changes made locally and revert to previously saved values Click Add New Entry 2 5 1 7 5 Views Configuration Description Delete Check to delete the entry It will be deleted during the next save View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 1...

Page 45: ...cancel the new entry Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add New Entry 2 5 1 7 6 Access Configuration Description Delete Check to delete the entry It will be deleted during the next save Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allo...

Page 46: ...e current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Write View Name The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Add New Entry Click to add a new entry Delete Click to cancel t...

Page 47: ...to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Add New Entry Click to add a new entry Delete Click to cancel the new entry Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add New Entry ...

Page 48: ... 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Buckets Indicates the maximum data entries associated this History control entry stored in RMON The range is from 1 to 3600 default value is 50 Buckets Granted The number of data shall be saved in the RMON Add New Entry Click to add a new entry Delete ...

Page 49: ... the packets are normal InErrors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol InUnknownProtos the number of the inbound packets that were discarded because of the unknown or un support protocol OutOctets The number of octets transmitted out of the interface including framing characters OutUcastPkts The number of uni cast pack...

Page 50: ...value is less than the falling threshold RisingOrFallingTrigger alarm when the first value is larger than the rising threshold or less than the falling threshold default Rising Threshold Rising threshold value 2147483648 2147483647 Rising Index Rising event index 1 65535 Falling Threshold Falling threshold value 2147483648 2147483647 Falling Index Falling event index 1 65535 Add New Entry Click to...

Page 51: ...ast packets delivered to a higher layer protocol snmptrap The number of broad cast and multi cast packets delivered to a higher layer protocol logandtrap The number of inbound packets that are discarded even the packets are normal Community Specify the community when trap is sent the string length is from 0 to 127 the default is public Event Last Time Indicates the value of sysUpTime at the time t...

Page 52: ...n a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module Port Security module which manages MAC addresses learned on the port The Limit Control configuration consists of two sections a system and a port wide ...

Page 53: ...t for aging the end host would still take up resources on this switch and will be allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the ...

Page 54: ...the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The limit is not yet reached This can be shown for all actions Limit Reached Indicates that the limit is reached on this port This state can only be shown if Action is set to None or Trap Shutdown Indicates that the port is shut down by the Limit Con...

Page 55: ...supplicants clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the swit...

Page 56: ...ion is enabled and the port is in a 802 1X based mode this is not so criticial since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthentication is not enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication doesn t cause direct communication between the switch a...

Page 57: ...able disable RADIUS server assigned VLAN functionality When checked the individual ports ditto setting determines whether RADIUS assigned VLAN is enabled for that port When unchecked RADIUS server assigned VLAN is disabled for all ports Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator de...

Page 58: ...ntication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Port based 802 1X In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests a...

Page 59: ... once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Single 802 1X variant Single 802 1X is really not an IEEE...

Page 60: ... the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses th...

Page 61: ...everted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X RADIUS attributes used in identifying a QoS Class Refer to the written documentation for a description of the RADIUS attributes needed in order to successfully identify a QoS Clas...

Page 62: ...be present at least once in the Access Accept packet The switch looks for the first set of these attributes that have the same Tag value and fulfill the following requirements if Tag 0 is used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Private Group ID m...

Page 63: ... and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the p...

Page 64: ...uthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 2 5 2 3 ACL 2 5 2 3 1 Ports Configuration Description ...

Page 65: ...s port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled ...

Page 66: ...tained in the same row Rate The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Unit Specify the rate unit The allowed values are pps packets per second kbps Kbits per second Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 67: ...ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled Port Redirect Indicates the port r...

Page 68: ...he page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page any changes made locally will be undone Clear Click to clear the counters Remove All Click to remove all ACEs Click to add one ACE entry Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Click to return to the previous page ...

Page 69: ...ll be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as un trusted sources of the DHCP message Save Click to save the changes Reset Click to undo any chang...

Page 70: ...P relay information mode operation When enable DHCP relay information mode operation the agent insert specific information option 82 into a DHCP message when forwarding to DHCP server and remove it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Disabled Disable DHCP relay information mode operation Relay Information Policy Indicates the D...

Page 71: ... 5 IP Source Guard 2 5 2 5 1 Configuration Configuration Description Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard All configured ACEs will be lost when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode ...

Page 72: ...o translate all dynamic entries to static entries Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 2 5 2 5 2 Static Table Configuration Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings IP Address Allowed Source IP address M...

Page 73: ...ort Mode Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Translate dynamic to static Click to translate all dynamic entries to static entries Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 74: ...save Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allowed MAC address IP Address Allowed Source IP address Add new entry Click to add a new entry Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add New Entry ...

Page 75: ...etween 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this timeframe we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order ...

Page 76: ...t to use on the server If the port is set to zero 0 the default port 1812 is used for the server Secret The secret up to 29 characters long shared between the server and the switch unit RADIUS Accounting Server Configuration The RADIUS accounting server number for which the configuration applies Enabled Enable the server by checking this box IP Address Hostname The IP address of the server express...

Page 77: ...e Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destin...

Page 78: ...ation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 2 6 2 LACP Configuration Description Port The port number for whi...

Page 79: ...ut controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet Prio The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower numb...

Page 80: ...bled until next device restart Port The switch port number of the port Enable Controls whether loop protection is enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is actively generating loop protection PDU s or whether it is just passively looking f...

Page 81: ...bridge Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values 4 30 seconds Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values 6 40 seconds Max Age must be FwdDelay 1 2 Maximum Hop Count It defines how many bridges a root bridge can distribute its BPDU inform...

Page 82: ...rom the active topology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot PortErrorRecoveryTimeout The time that has to pass before a port in the error disabled state can be enabled Vali...

Page 83: ...he VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 65535 MSTI Mapping MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped ...

Page 84: ...lly and revert to previously saved values 2 8 3 MSTI Priorities Configuration Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Save Click to sa...

Page 85: ...ding ports in favor of higher path cost ports Valid values 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above AdminEdge Controls whether the operEdge flag should start as being set or cleared The initial operEdge state when a port is initialized operEdge Operational flag describing whether the port is connecting dir...

Page 86: ...ned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently BPDU Guard If enabled causes the port to disable itself upon receiving v...

Page 87: ...h MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports Configuration Description MSTI Select an MSTI for pop up configuration Get Click to pop up configuration page ...

Page 88: ...ded values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values 1 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Save Click to save ...

Page 89: ... MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximum 8 MVR VLANs with corresponding channel settings for each Multicast VLAN There will be totally at maximum 256 group addresses for channel settings Configuration Description Exam...

Page 90: ...LQI Define the maximum time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership The value is in units of tenths of a second The range is from 0 to 31744 The default LLQI is 5 tenths or one half second Interface Channel Setting When the MVR VLAN is created click the Edit symbol to expand the corresponding multicast channel settings for...

Page 91: ...ve Immediate Leave Enable the fast leave on the port Add New MVR VLAN Click to add a new entry Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add New MVR VLAN ...

Page 92: ... 92 2 10 IPMC 2 10 1 IGMP Snooping 2 10 1 1 Basic Configuration Configuration Description Example with MSTI1 Snooping Enabled Enable the Global IGMP Snooping ...

Page 93: ...ing unnecessary leave messages to the router side Proxy Enabled Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router p...

Page 94: ...IGMPv1 Forced IGMPv2 Forced IGMPv3 default compatibility value is IGMP Auto RV Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a network The allowed range is 1 to 255 default robustness variable value is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query i...

Page 95: ... entry in the VLAN Table i e the entry with the lowest VLAN ID Updates the table starting with the entry after the last entry currently displayed Add New IGMP VLAN Click to add new IGMP VLAN Specify the VID and configure the new entry Click Save The specific IGMP VLAN starts working after the corresponding static VLAN is also created Save Click to save the changes Reset Click to undo any changes m...

Page 96: ...ltering Groups The IP Multicast Group that will be filtered Add New Filtering Group Click to add a new entry to the Group Filtering table Specify the Port and Filtering Group of the new entry Click Save Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add New Filtering Group 2 10 2 MLD Snooping 2 10 2 1 Basic Configuration ...

Page 97: ...nge SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Leave Proxy Enabled Enable MLD Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enabled Enable MLD Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router...

Page 98: ...to delete the entry The designated entry will be deleted during the next save VLAN ID The VLAN ID of the entry MLD Snooping Enabled Enable the per VLAN MLD Snooping Up to 32 VLANs can be selected for MLD Snooping MLD Querier Enable the MLD Querier in the VLAN Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on host...

Page 99: ...nge is 0 to 31744 seconds default unsolicited report interval is 1 second Refresh Refreshes the displayed table starting from the VLAN input fields Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID Updates the table starting with the entry after the last entry currently displayed Add New MLD VLAN Click to add new MLD VLAN Specify the VID and co...

Page 100: ...iltering Group Click to add a new entry to the Group Filtering table Specify the Port and Filtering Group of the new entry Click Save Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add New Filtering Group ...

Page 101: ...iscovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values 5 32768 seconds Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values 2 10 times ...

Page 102: ...nd will drop LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors CDP Aware Select CDP awareness The CDP operation is restricted to decoding incoming CDP frames The switch doesn t transmit CDP frames CDP frames are only decoded if LLDP for the port is enabled Only CDP TLVs that can be mapped into a corr...

Page 103: ...ort Descr When checked the port description is included in LLDP information transmitted Sys Name When checked the system name is included in LLDP information transmitted Sys Descr When checked the system description is included in LLDP information transmitted Sys Capa When checked the system capability is included in LLDP information transmitted Mgmt Addr When checked the management address is inc...

Page 104: ...de 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American D...

Page 105: ...ommunity name Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional code Additional code Example 1320300003 Emergency Call Service Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numeri...

Page 106: ...network policy is defined for use with an untagged VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance 6 Video Conferencing 7 Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying...

Page 107: ...ted by checkmarking the checkboxes that corresponds to the policies Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Civic Address Location IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Policies Net...

Page 108: ...LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints an...

Page 109: ...e class the connected PD belongs to and reserves the power accordingly Three different port classes exist and one for 4 7 15 4 and 30 Watts In this mode the Maximum Power fields have no effect LLDP MED mode This mode is similar to the Class mode expect that each port determine the amount power it reserves by exchanging PoE information using the LLDP protocol and reserves power accordingly If no LL...

Page 110: ...Disabled PoE disabled for the port PoE Enables PoE IEEE 802 3af Class 4 PDs limited to 15 4W PoE Enables PoE IEEE 802 3at Class 4 PDs limited to 30W Priority The Priority represents the ports priority There are three levels of power priority named Low High and Critical The priority is used in the case where the remote device requires more power than the power supply can deliver In this case the po...

Page 111: ... port is disabled for its PoE function and port function by the system as it is configured being a PoE backup port PoE failure detection The system is monitoring continuously the PoE connection failure status as the port s PoE redundancy function is enabled There are two modes for detection PoE failure as follows Power only PoE power is off due to the possible reasons the PD disconnection power bu...

Page 112: ...rates Note PoE function on the primary port is kept enabled although a PoE failure is detected by the system Primary port PoE recovery A PoE failure was detected on the primary port and the backup port is activated and operates The system is still monitoring primary port s PoE status and port link status As the failure situation is released and recovered the system will disable the PoE function of...

Page 113: ...th unknown SMAC is received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial...

Page 114: ...ded with a VLAN Tag field IEEE 802 1Q VLAN Tag In IEEE 802 1Q packet format 4 byte tag field is inserted in the original Ethernet frame between the Source Address and Type Length fields Two bytes are used for the tag protocol identifier TPID the other two bytes for tag control information TCI The TCI field is further divided into PCP DEI and VID TPID Tag protocol identifier a 16 bit field set to a...

Page 115: ...2 1Q frame which VID field value is not zero VID 0 Double tagging Double Tags With the IEEE standard 802 1ad double tagging can be useful for Internet service providers allowing them to use VLANs internally while mixing traffic from clients that are already VLAN tagged The outer next to source MAC and representing ISP VLAN S TAG service tag comes first followed by the inner C TAG customer tag In s...

Page 116: ...ng VLAN entries or it can be added to the new entries Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Add New VLAN Click to add a new VLAN entry An empty row is added to the table and the VLAN ...

Page 117: ...ort S custom port Each frame received on an ingress port will be classified to a VLAN before it is forwarding to other ports The classified VLAN is abbreviated as Classified VID The VLAN classification rules for each of the port types are Unaware Received frame type Classified VID Untagged PVID Ingress Port VLAN ID Priority tagged VID 0 PVID Ingress Port VLAN ID All tagged VID 0 PVID Ingress Port ...

Page 118: ...cepts all frames or only tagged untagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded By default the field is set to All The rules of the accepted frames for different port types are Unaware port Untag Untagged Priority C tag S tag frames Tag C tag S tag tagged frames All All above frames C port Unta...

Page 119: ...be a member of the same VLAN as the Port VLAN ID Tx Tag Determines egress tagging of a port Untag_pvid All frames except the configured PVID will be tagged The frames that the associated classified VID match egress port s PVID are NOT inserted with any tag All other frames are with the associated classified tag in egress Tag_all All frames are tagged All frames are inserted with the associated cla...

Page 120: ...n Delete To delete a private VLAN entry check this box The entry will be deleted during the next save Private VLAN ID Indicates the ID of this particular private VLAN Port Members A row of check boxes for each port is displayed for each private VLAN ID To include a port in a Private VLAN check the box To remove or exclude the port from the Private VLAN make sure the box is unchecked By default no ...

Page 121: ...ption Port Members A check box is provided for each port of a private VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 122: ...e IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI 2 16 1 Configuration Configuration Description Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode operation V...

Page 123: ... Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN Port Security Indicates the Voice VLAN port security mode When the function is enabled all non telephonic MAC addresses in the Voice VLAN will be blocked for 10 seconds Possible port modes are Enabled Enable Voice VLAN sec...

Page 124: ...EEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which vendor telephony device it belongs to The allowed string length is 0 to 32 Add New Entry Click to add a new entry Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Click Add ...

Page 125: ...es are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS class PCP value 0 1 2 3 4 5 6 7 ...

Page 126: ... default DP level The classified DP level can be overruled by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag Otherwise the frame is classified to the default PCP value DEI Controls the default DEI value All frames are classified to a DEI value If the p...

Page 127: ...tricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames Save Click to save the changes Reset Click to un...

Page 128: ... mode for this port Qn Shows the weight for this queue and port Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 2 17 4 Shaping Configuration Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers Qn Shows disabled or actual queue shaper rate e g 800 Mbp...

Page 129: ...her the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess C...

Page 130: ...ether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Save Click to save the changes Reset C...

Page 131: ... same row Click on the port number in order to configure tag remarking Mode Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Click Port 1 icon as an example Mode Classified Mode Default ...

Page 132: ...ass and DP level PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default DP level Configuration Controls the Drop Precedence level translation table when the mode is set to Mapped The purpose of this table is to reduce the 2 bit classified DP level to a 1 bit DP level used in the QoS class DP level to PCP DEI mapping process QoS class DP level to PCP DEI ...

Page 133: ... Port The Port column shows the list of ports for which you can configure dscp ingress and egress settings Ingress Translate To Enable the Ingress Translation click the checkbox Classify Classification for a port have 4 different values Disable No Ingress DSCP Classification DSCP 0 Classify if incoming or translated if enabled DSCP is 0 Selected Classify only selected DSCP for which classification...

Page 134: ... Translation Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation Egress Remap DP0 table or from the DSCP Translation Egress Remap DP1 table Save Click to save the changes Reset Click to undo any changes made locally and revert to p...

Page 135: ... 135 2 17 7 DSCP Based QoS ...

Page 136: ... 136 ...

Page 137: ... frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS class value can be any of 0 7 DPL Drop Precedence Level 0 1 Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 138: ... 138 2 17 8 DSCP Translation ...

Page 139: ... 139 ...

Page 140: ...alues Classify Click to enable Classification at Ingress side Egress There are the following configurable parameters for Egress side 1 Remap DP0 Controls the remapping for frames with DP level 0 2 Remap DP1 Controls the remapping for frames with DP level 1 Remap DP0 Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Remap DP1 Select the DSCP value from...

Page 141: ...iguration Description QoS Class Actual QoS class DPL Actual Drop Precedence Level DSCP Select the classified DSCP value 0 63 Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 142: ... Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any SMAC Source MAC address 24 MS bits OUI or Any DMAC Type Destination MA...

Page 143: ...he format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be a specific value range of values or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IP Fragment IPv4 frame fragmented option...

Page 144: ... storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table Configuration Description Frame Type The settings in a particular row apply to the frame type listed here Unicast Multicast or Broadcast Enable Enable or disable the storm control status for the given frame typ...

Page 145: ... known as egress or destination mirroring Configuration Description Port to mirror to Port to mirror also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored on this port Disabled disables mirroring Port The logical port for the settings contained in the same row Mode Select mirror mode Rx only Frames received on this port are mirr...

Page 146: ... The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive a...

Page 147: ...s If sFlow is currently unconfigured unclaimed Owner contains none If sFlow is currently configured through Web or CLI Owner contains Configured through local management If sFlow is currently configured through SNMP Owner contains a string identifying the sFlow receiver If sFlow is configured through SNMP all controls except for the Release button are disabled to avoid inadvertent reconfiguration ...

Page 148: ... bytes with default being 1400 bytes Port Configuration Port The port number for which the configuration below applies Flow Sampler Enabled Enables disables flow sampling on this port Sampling Rate The statistical sampling rate for packet sampling Set to N to sample on average 1 Nth of the packets transmitted received on the port Not all sampling rates are achievable If an unsupported sampling rat...

Page 149: ...rs ring health until faults are repaired The backup link is set back to standby state automatically when the ring is recovered from any faults and back to normal Configuration Definition 868BSlave Units All switch units except the master switch in a ring configuration 869BMaster Unit The switch unit which monitors the ring configuration and controls the backup link in a ring One ring port and one ...

Page 150: ...overy 425BWhen the backup link is activated to support continuous network operation the failed section in the ring is blocked and isolated for physical examination and repairing by network administration people After the failure is repaired the ring master monitors the health of the ring until all elements and whole network are verified to recover back to normal condition The ring can enter into s...

Page 151: ...ted in one switch 1096BRing Port 1 2 Two ring ports are needed to support one redundant ring 1097BBackup Port Check to specify the ring port as a backup port 1098BRing Group ID One unique ID is assigned for the associated ring group The ring group ID should be same for all switch members in the associated ring 730BU Save Click to save the changes Reset Click to undo any changes made locally and re...

Page 152: ..._________________________________________________________________________________________________________ Port The fiber optical port number MinMode enable alarm if power is less than the lower threshold MinLimit set lower threshold limit unit dBm ManMode enable alarm if power is higher than the upper threshold ManLimit set upper threshold limit unit dBm 730BU Save Click to save the changes Reset ...

Page 153: ...eared for 100ms up ___________________________________________________________________________________________________________________________________________________ Configuration Description 729BU___________________________________________________________________________________________________________________________________________________ Port The fiber optical port number Mode ALS mode for t...

Page 154: ...ery 3 seconds Updates the system log entries starting from the current entry ID Flushes the selected log entries Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entry currently displayed Updates the system log entries starting from the last entry currently displayed Updates the system log entries ending at the last availab...

Page 155: ...g telephone closet 3rd floor MAC Address The MAC Address of this switch Chip ID The Chip ID of this switch System Date The current GMT system time and date The system time is obtained through the Timing server running on the switch if any System Uptime The period of time the device has been operational Chip ID The Chip ID of this switch Software Version The software version of this switch Software...

Page 156: ...e last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format The system needs Adobe SVG Plugin software to support this page otherwise a message displayed as Normal Display ...

Page 157: ...ies for Clear button ID The ID 1 of the system log entry Level The level of the system log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry ...

Page 158: ...sage The detailed message of the system log entry 3 2 Thermal Protection Status Description Thermal Protection Port Status Shows if the port is thermally protected link is down or if the port is operating normally Chip Temperature Shows the current chip temperature in degrees Celsius ...

Page 159: ...9 3 3 Ports 3 3 1 State Status Description RJ 45 port disabled RJ 45 port link down RJ 45 port link up SFP port disabled SFP port link down SFP port link in 1G full duplex SFP port link in 100M full duplex ...

Page 160: ...frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process 3 3 3 QoS Statistics Status Description Port The logical port for the settings contained in the same row Qn There are 8 QoS queues per port Q0 is the lowest priority queue Rx T...

Page 161: ...There are three action fields Class DPL and DSCP Class Classified QoS class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays Conflict status of QCL entries As H...

Page 162: ... of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive and Transmit Size Counters Rx and Tx xxxx Bytes The number of received and transmitted good and bad packets split into categories based on their respective frame sizes Receive and Transmit Queue C...

Page 163: ...rames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process 1 Short frames are frames that are smaller than 64 bytes 2 Long frames are frames that are longer than the configured maximum frame length for this port Transmit Error Counters Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames droppe...

Page 164: ...switch Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access management mode is enabled Discarded Packets Number of discarded packets from the interface when access management mode is enabled 3 4 2 Network 3 4 2 1 Port Security ...

Page 165: ...odules has a column that shows whether that module has enabled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security State Shows the current state of the port It can take one of four values Disabled No user modules are currently using the Port Security service Read...

Page 166: ...hat is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module ha...

Page 167: ... new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication QoS Class QoS Class assigned to the port by the RADIUS server if enabled Port VLAN ID The VLAN ID that NAS...

Page 168: ...er RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here 3 4 2 3 ACL Status Status Description User Indicates the ACL user Ingress Port Indicates the ingress port of the ACE Possible values are All The ACE will match all ingress port Port The ACE will match a spe...

Page 169: ...The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled Port Redirect Indicates the p...

Page 170: ...s received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform The number of inform option 53 with value 8 packets received and transmitted Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and tr...

Page 171: ... The number of packets whose Circuit ID option did not match known circuit ID Receive Bad Remote ID The number of packets whose Remote ID option did not match known Remote ID Client Statistics Transmit to Client The number of relayed packets from server to client Transmit Error The number of packets that resulted in error while being sent to servers Receive from Client The number of received packe...

Page 172: ...D VLAN ID in which the ARP traffic is permitted MAC Address User MAC address of the entry IP Address User IP address of the entry 3 4 2 6 IP Source Guard The Dynamic IP Source Guard Table is sorted first by port then by VLAN ID then by IP address and then by MAC address The Start from port address VLAN and IP address input fields allow the user to select the starting point in the Dynamic IP Source...

Page 173: ...ady The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The...

Page 174: ...and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is display...

Page 175: ...usAuthClientExtBadAuthenticators The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server Rx Unknown Types RFC4670 name radiusAuthClientExtUnknownTypes The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason Rx Packets Dropped RFC4670 name radiusAu...

Page 176: ...s The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip Time RFC4670 name radiusAuthClientExtRoundTripTime The time interval measured in milliseconds is between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of ...

Page 177: ... retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout IP Address The IP address of the selected server State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The ...

Page 178: ...ber of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Under size The total number of packets received that were less than 64 octets Over size The total number of packet...

Page 179: ...ch packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packet...

Page 180: ...nterval in seconds for sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds Value The value of the statistic during the last sampling period Startup Alarm The alarm that may be sent when this entry is first set to valid...

Page 181: ... 181 Log Index Indicates the index of the log entry LogTIme Indicates Event log time LogDescription Indicates the Event description ...

Page 182: ...artner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local Ports Shows which ports are a part of this aggregation for this switch The format is Switch ID Port 3 5 2 Port Status Status Description Port The switch port number LACP Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that th...

Page 183: ...Ds 3 14 are LLAGs Partner System ID The partner s System ID MAC address Partner Port The partner s port number connected to this port Partner Prio The partner s port priority 3 5 3 Port Statistics Status Description Port The switch port number LACP Received Shows how many LACP frames have been received at each port LACP Transmitted Shows how many LACP frames have been sent from each port Discarded...

Page 184: ...e currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected ...

Page 185: ...ost For the Root Bridge it is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag of this Bridge instance Topology Change Last The time since last Topology Change occurred 3 7 2 Port Status Status Description Port The switch port number of the logical STP port CIST Role The current STP...

Page 186: ...STP The number of MSTP BPDU s received transmitted on the port RSTP The number of RSTP BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port ...

Page 187: ...The number of Received IGMPv1 Join s IGMPv2 MLDv1 Report s Received The number of Received IGMPv2 Join s and MLDv1 Report s respectively IGMPv3 MLDv2 Report s Received The number of Received IGMPv1 Join s and MLDv2 Report s respectively IGMPv2 MLDv1 Leave s Received The number of Received IGMPv2 Leave s and MLDv1 Done s respectively 3 8 2 MVR Channel Groups Status Description VLAN ID VLAN ID of th...

Page 188: ...nclude or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 When there is no any source filtering address the text None is shown in the Source Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the so...

Page 189: ...nistratively disabled Queries Transmitted The number of Transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Router Port Display which ports act as router ports A router p...

Page 190: ...s Ports under this group 3 9 1 3 IPv4 SFM Information Status Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses fo...

Page 191: ... V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V1 Leaves Received The number of Received V1 Leaves Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic d...

Page 192: ...ort Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the s...

Page 193: ...ised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address Manage...

Page 194: ... Definition LLDP MED Endpoint Devices as defined in TIA 1057 are located at the IEEE 802 LAN network edge and participate in IP communication service using the LLDP MED framework Within the LLDP MED Endpoint Device category the LLDP MED scheme is broken into further Endpoint Device Classes as defined in the following Each LLDP MED Endpoint Device Class is defined to build upon the capabilities def...

Page 195: ... services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III The LLDP MED Communication Endpoint Class III definition is applicable to all endpoint products that act as end user communication appliances supporting IP media Capabilities include all of the capabilities defined for the previous Generic Endpoint Class I and Media ...

Page 196: ... dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services 7 Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use ...

Page 197: ...negotiation Auto negotiation Capabilities Auto negotiation Capabilities shows the link partners MAC PHY capabilities 3 10 3 PoE Status Description Local Port The port for this switch on which the LLDP frame was received Power Type The Power Type represents whether the device is a Power Sourcing Entity PSE or Power Device PD If the Power Type is unknown it is represented as Reserved Power Source Th...

Page 198: ...ay inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discrete levels for savings this provides the transmitter with additional information that it may use for a more efficient allocation Systems that do not implement this option default the value to be the same as that of the Receive Tw_sys_tx Echo Tx Tw The link partner s Echo Tx Tw value Th...

Page 199: ... Global Counters Neighbour entries were last changed Shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbours Entries Added Shows the number of new entries added since switch reboot Total Neighbours Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbours Entries Dropped Shows...

Page 200: ...D or Remote Port ID is not already contained within the table Entries are removed from the table when a given port s link is down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of wel...

Page 201: ...d The Power Used shows how much power the PD currently is using Current Used The Power Used shows how much current the PD currently is using Priority The Priority shows the port s priority configured by the user Port Status The Port Status shows the port s status The status can be one of the following values PoE not available No PoE chip found PoE not supported for the port PoE turned OFF PoE disa...

Page 202: ... port status Normal Port PoE operation is normal with no failure detected Fail PoE failure is detected on the port according to detection mode Backup port status Standby Primary port is under normal operation Its backup port is in standby state Fail PoE failure is detected on the port according to detection mode ...

Page 203: ...C Table Status Description Type Indicates whether the entry is a static or a dynamic entry MAC address The MAC address of the entry VLAN The VLAN ID of the entry Port Members The ports that are members of the entry ...

Page 204: ...the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Combined List all types VLAN ID Indicates the...

Page 205: ...icate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Status Description Port The logical port for the settings con...

Page 206: ...d frames received on that port are discarded Tx Tag Shows egress filtering frame status whether tagged or untagged UVID Shows UVID untagged VLAN ID Port s UVID determines the packet s behaviour at the egress side Conflicts Shows status of Conflicts whether exists or not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur Functional...

Page 207: ... The IP address or hostname of the sFlow receiver Timeout The number of seconds remaining before sampling stops and the current sFlow owner is released Tx Successes The number of UDP datagrams successfully sent to the sFlow receiver Tx Errors The number of UDP datagrams that has failed transmission The most common source of errors is invalid sFlow receiver IP hostname configuration To diagnose pas...

Page 208: ...Here flow samples are divided into Rx and Tx flow samples where Rx flow samples contains the number of packets that were sampled upon reception ingress on the port and Tx flow samples contains the number of packets that were sampled upon transmission egress on the port Counter Samples The total number of counter samples sent to the sFlow receiver originating from this port ...

Page 209: ...occurred on the master unit itself No backup support is available This is a critical situation and should be repaired immediately Backup Port Failed Possible failure occurred on the backup link No backup support is available This is a critical situation and should be repaired immediately Members The number of the switch members in the ring Click to browse the ring member information and status Thi...

Page 210: ...ing ID RSTP the port is serving RSTP instead of Multi Ring protocol Ring ID Ring Group ID the port connected 3 16 Relay Alarm Status Status Description Port Port number of this switch Link Alarm Port link down alarm setting status OPA MinMode Alarm enabled status if power is less than the lower threshold OPA ManMode Alarm enabled status if power is higher than the upper threshold ...

Page 211: ...val The interval of the ICMP packet Values range from 0 second to 30 seconds Start After you press button ICMP packets are transmitted and the sequence number and round trip time are displayed upon reception of a reply The amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space the ICMP header The page refreshes automatically...

Page 212: ... 212 Result displayed for a failed ping test Result displayed for a successful ping test New Ping Click to start a new ping test ...

Page 213: ...rted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable pair Start Cl...

Page 214: ... the cable diagnostics results in the cable status table Note that VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete ...

Page 215: ...mation of the transceiver Vendor Name The vendor name of the transceiver Vendor OUI The vendor OUI of the transceiver Temperature The current temperature sensed currently inside the transceiver Voltage The working voltage sensed currently inside the transceiver TX Power The transmission optical power sensed currently RX Power The receiving optical power sensed currently Note The TX power and RX po...

Page 216: ...ce 5 1 Restart Device You can reset the stack switch on this page After reset the system will boot normally as if you had powered on the devices Yes Click to reboot device The following message is displayed as follows ...

Page 217: ...ion of a software image Upload Click to start uploading After the software image is uploaded a page announces that the firmware update is initiated After about a minute the software is updated and the switch reboots Warning While the software is being updated Web access appears to be defunct The front LED flashes Green Off with a frequency of 10Hz while the software update is in progress Do not re...

Page 218: ...are image to the device will automatically use the primary image slot and activate this 3 The firmware version and date information may be empty for older firmware releases This does not constitute an error Image Information Image The flash index name of the firmware image The name of primary preferred image is managed the alternate image is named managed bk Version The version of the firmware ima...

Page 219: ...etc These tags identify a module controlling specific parts of the configuration Group tags port_table vlan_table etc These tags identify a group of parameters typically a table Parameter tags mode entry etc These tags identify parameters for the specific section module and group The entry tag is used for table entries Configuration parameters are represented as attribute values When saving the co...

Page 220: ...ac global switch sid 1 mac entry port 1 24 learn_mode auto entry mac switch configuration Save configuration Click to start download of the configuration 5 4 2 Upload Browse Click to the location of a configuration file Upload Click to start uploading configuration ...

Page 221: ...ervice ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs...

Page 222: ...ed media APS APS is an acronym for Automatic Protection Switching This protocol is used to secure that switching is done bidirectional in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP ARP is a...

Page 223: ...tor parameters of the SFP such as optical output power optical input power temperature laser bias current and transceiver supply voltage in real time DEI DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting decipher...

Page 224: ...ion specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID ...

Page 225: ... in the header of IP packets for packet classification purposes E EEE EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802 3az EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is bein...

Page 226: ...age HTTPS HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer...

Page 227: ...xample the IMAP4 protocol leaves your email messages on the server rather than downloading them to your computer If you wish to remove your messages from the server you must use your mail client to generate local folders copy messages to your local hard drive and then delete and expunge the messages from the server IP IP is an acronym for Internet Protocol It is a protocol used for communicating d...

Page 228: ...ource Service Access Point 1 or 2 bytes Control field followed by LLC information LLDP LLDP is an IEEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address ...

Page 229: ...een seen after a configurable age time MEP MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 MD5 MD5 is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest ...

Page 230: ...pplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X NetBIOS NetBIOS is an acronym for Network Basic Input Output System It is a program that allows applications on separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The Ne...

Page 231: ...PSE power sourcing equipment to a remote device The remote device is called a PD PHY PHY is an abbreviation for Physical Interface Transceiver and is the device that implement the Ethernet physical layer IEEE 802 3 PING PING is a program that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer The other computer respond...

Page 232: ...ail clients and servers support both PPPoE PPPoE is an acronym for Point to Point Protocol over Ethernet It is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia Private VLAN In a private VLAN PVLA...

Page 233: ... control guarantees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the comp...

Page 234: ...per networking cable It is a popular industry format jointly developed and supported by many network component vendors SFP transceivers are designed to support SONET Gigabit Ethernet Fibre Channel and other communications standards sFlow sFlow is an industry standard technology for monitoring switched networks through random sampling of packets on switch ports and time based sampling of port count...

Page 235: ... SPROUT Stack Protocol using ROUting Technology An advanced protocol for almost instantaneous discovery of topology changes within a stack as well as election of a master switch SPROUT also calculates parameters for setting up each switch to perform shortest path forwarding within the stack SSID Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user w...

Page 236: ...ontrol Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sender to receiver and distinguishes data for multiple connections by concurrent applications for example Web server and e mail server running on the same host The applications on networked hosts can us...

Page 237: ...used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet U UDP UDP is an acronym for User Datagram Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers UDP is an alter...

Page 238: ...Port VLAN ID and transmit untagged frames Provider switching This is also known as Q in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port ...

Page 239: ...ess scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPA Radius WPA Radius is an acronym for Wi Fi Protected Access Radius 802 1X authentication server WPA was designed to enhance the security of wireless...

Page 240: ... a higher probability that the frame is dropped during times of congestion WTR WTR is an acronym for Wait To Restore This is the time a fail on a resource has to be not active before restoration back to this previously failing resource is done ...

Reviews:

No comments

Related manuals for KGS-1064-HP

Cabletron Systems SmartCell 6A000 User Manual preview
SmartCell 6A000
Brand: Cabletron Systems Pages: 114
Cabletron Systems MRX Installation Manual preview
MRX
Brand: Cabletron Systems Pages: 62
Cabletron Systems CyberSWITCH CSX150 Quick Start Manual preview
CyberSWITCH CSX150
Brand: Cabletron Systems Pages: 49
Cabletron Systems Cabletron CyberSWITCH CSX5500 User Manual preview
Cabletron CyberSWITCH CSX5500
Brand: Cabletron Systems Pages: 729
LEGRAND Raritan Dominion LX II Quick Setup Manual preview
Raritan Dominion LX II
Brand: LEGRAND Pages: 7
Sangamo RPTS Q550 Installation & User'S Instructions preview
RPTS Q550
Brand: Sangamo Pages: 2
G&D TradeSwitch2-USB Assembly, Installation And Operation Manual preview
TradeSwitch2-USB
Brand: G&D Pages: 88
DAS AUDIO INTEGRAL Series User Manual preview
INTEGRAL Series
Brand: DAS AUDIO Pages: 45
Gefen EXT-UHDA-HBTL-RX User Manual preview
EXT-UHDA-HBTL-RX
Brand: Gefen Pages: 33
GeoVision GV-POE2411-V2 Manual preview
GV-POE2411-V2
Brand: GeoVision Pages: 7
Manhattan 100984 Instruction Manual preview
100984
Brand: Manhattan Pages: 2
Comm-Tec UP-42T-CODEC User Manual preview
UP-42T-CODEC
Brand: Comm-Tec Pages: 48
Lightwave MX 8x8 DVI Pro User Manual preview
MX 8x8 DVI Pro
Brand: Lightwave Pages: 53
Quidway S5012G-DC Installation Manual preview
S5012G-DC
Brand: Quidway Pages: 43
H3C S5130-EI Series Manual preview
S5130-EI Series
Brand: H3C Pages: 32
YOKOGAWA GRVSW-660FA Technical Information preview
GRVSW-660FA
Brand: YOKOGAWA Pages: 74
IOGear GCS1792 Installation Manual preview
GCS1792
Brand: IOGear Pages: 40
Dahua D-PFS3110-8ET1GT1GF-96 Quick Start Manual preview
D-PFS3110-8ET1GT1GF-96
Brand: Dahua Pages: 17

Brands by name

Popular brands

Load more brands