manualshive.com logo in svg

LevelOne GEL-2670, User Manual, Page: 91 / 320

Share
Download
LevelOne GEL-2670 User Manual Download Page 91

C

HAPTER

 4

  |  Configuring the Switch

Configuring Security

–  91  –

Figure 30:  Using Port Security

This switch uses the Extensible Authentication Protocol over LANs (EAPOL) 

to exchange authentication protocol messages with the client, and a 

remote RADIUS authentication server to verify user identity and access 

rights. These backend servers are configured on the AAA menu (see 

page 123

).

When a client (i.e., Supplicant) connects to a switch port, the switch (i.e., 

Authenticator) responds with an EAPOL identity request. The client 

provides its identity (such as a user name) in an EAPOL response to the 

switch, which it forwards to the RADIUS server. The RADIUS server verifies 

the client identity and sends an access challenge back to the client. The 

EAP packet from the RADIUS server contains not only the challenge, but 

the authentication method to be used. The client can reject the 

authentication method and request another, depending on the 

configuration of the client software and the RADIUS server. The encryption 

method used by IEEE 802.1X to pass authentication messages can be MD5 

(Message-Digest 5), TLS (Transport Layer Security), PEAP (Protected 

Extensible Authentication Protocol), or TTLS (Tunneled Transport Layer 

Security). However, note that the only encryption method supported by 

MAC-Based authentication is MD5. The client responds to the appropriate 

method with its credentials, such as a password or certificate. The RADIUS 

server verifies the client credentials and responds with an accept or reject 

packet. If authentication is successful, the switch allows the client to 

access the network. Otherwise, network access is denied and the port 

remains blocked. 

The operation of 802.1X on the switch requires the following:

The switch must have an IP address assigned (see 

page 48

).

RADIUS authentication must be enabled on the switch and the IP 

address of the RADIUS server specified. Backend RADIUS servers are 

configured on the Authentication Configuration page (see 

page 123

).

802.1x
client

RADIUS
server

1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.

Summary of Contents for GEL-2670

Page 1: ...GEL 2670 24 GE 2 GE SFP L2 Managed Switch User Manual Ver 1 0...

Page 2: ......

Page 3: ...MANAGEMENT GUIDE GEL 2670 L2 MANAGED SWITCH Layer 2 Gigabit Ethernet Switch with 24 10 100 1000BASE T Ports RJ 45 and 2 Gigabit SFP Ports E012013 KS R01...

Page 4: ......

Page 5: ...ur attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that...

Page 6: ...ABOUT THIS GUIDE 6...

Page 7: ...INITIAL SWITCH CONFIGURATION 31 SECTION II SECTION III WEB CONFIGURATION 33 3 USING THE WEB INTERFACE 35 Navigating the Web Browser Interface 35 Home Page 35 Configuration Options 36 Panel Display 36...

Page 8: ...Authentication Through Network Access Servers 90 Filtering Traffic with Access Control Lists 101 Configuring DHCP Snooping 112 Configuring DHCP Relay and Option 82 Information 115 Configuring IP Sourc...

Page 9: ...Port Members 176 Configuring Private VLANs 179 Using Port Isolation 181 Configuring MAC based VLANs 181 Protocol VLANs 183 Configuring Protocol VLAN Groups 183 Mapping Protocol Groups to Ports 185 Co...

Page 10: ...stics 236 Displaying Information About Switch Settings for Port Security 237 Displaying Information About Learned MAC Addresses 239 Displaying Port Status for Authentication Services 240 Displaying Po...

Page 11: ...mation 268 Showing IPv4 SFM Information 269 Showing MLD Snooping Information 270 Showing MLD Snooping Status 270 Showing MLD Snooping Group Information 271 Showing IPv6 SFM Information 272 Displaying...

Page 12: ...nfiguration Settings 292 SECTION IV APPENDICES 295 A SOFTWARE SPECIFICATIONS 297 Software Features 297 Management Features 298 Standards 299 Management Information Bases 300 B TROUBLESHOOTING 301 Prob...

Page 13: ...14 Authentication Server Operation 66 Figure 15 Authentication Method for Management Access 67 Figure 16 SSH Configuration 68 Figure 17 HTTPS Configuration 70 Figure 18 Access Management Configuratio...

Page 14: ...g Trees 134 Figure 48 STA Bridge Configuration 137 Figure 49 Adding a VLAN to an MST Instance 139 Figure 50 Configuring STA Bridge Priorities 140 Figure 51 STP RSTP CIST Port Configuration 144 Figure...

Page 15: ...82 Configuring Port Tag Remarking Mode 202 Figure 83 Configuring Port DSCP Translation and Rewriting 203 Figure 84 Configuring DSCP based QoS Ingress Classification 205 Figure 85 Configuring DSCP Tran...

Page 16: ...119 RMON Alarm Overview 256 Figure 120 RMON Event Overview 256 Figure 121 LACP System Status 257 Figure 122 LACP Port Status 258 Figure 123 LACP Port Statistics 259 Figure 124 Loop Protection Status 2...

Page 17: ...145 Showing MAC based VLAN Membership Status 284 Figure 146 Showing sFlow Statistics 286 Figure 147 ICMP Ping 288 Figure 148 ICMP Ping Results 288 Figure 149 ICMP V6 Ping 288 Figure 150 ICMP V6 Result...

Page 18: ...FIGURES 18...

Page 19: ...upport 69 Table 6 SNMP Security Models and Levels 72 Table 7 Dynamic QoS Profiles 94 Table 8 QCE Modification Buttons 106 Table 9 Recommended STA Path Cost Range 141 Table 10 Recommended STA Path Cost...

Page 20: ...TABLES 20...

Page 21: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Page 22: ...SECTION I Getting Started 22...

Page 23: ...Port Authentication Port Security DHCP Snooping with Option 82 relay information IP Source Guard Access Control Lists Supports up to 256 rules DHCP Client DNS Client and Proxy service Port Configurati...

Page 24: ...authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request use...

Page 25: ...E LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of...

Page 26: ...ed by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol will choose a single path and disable al...

Page 27: ...ecified interfaces based on protocol type IEEE 802 1Q TUNNELING QINQ This feature is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used...

Page 28: ...Query to manage multicast group registration for IPv4 traffic and MLD Snooping for IPv6 traffic It also supports Multicast VLAN Registration MVR which allows common multicast traffic such as televisio...

Page 29: ...t Enabled 1 kpps Multicast disabled Unknown unicast disabled Spanning Tree Algorithm Status Enabled RSTP Defaults RSTP standard Edge Ports Enabled Address Table Aging Time 300 seconds Virtual LANs Def...

Page 30: ...ent Disabled Snooping Disabled DNS Proxy service Disabled Multicast Filtering IGMP Snooping Snooping Disabled Querier Disabled MLD Snooping Disabled Multicast VLAN Registration Disabled System Log con...

Page 31: ...ave addresses that start 192 168 1 x If the PC and switch are not on the same subnet you must manually set the PC s IP address to 192 168 1 x where x is any number from 1 to 254 except 10 4 Open your...

Page 32: ...CHAPTER 2 Initial Switch Configuration 32 logging out To change the password click Security and then Users Select admin from the User Configuration list fill in the Password fields and then click Save...

Page 33: ...ith a detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 35 Configuring the Switch on page 47 Monitoring the S...

Page 34: ...SECTION II Web Configuration 34...

Page 35: ...the web browser interface you must first enter a user name and password The administrator has Read Write access to all configuration parameters and statistics The default user name and password for t...

Page 36: ...onboard web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions The following table briefly describes the selections available from thi...

Page 37: ...source and target ports for local or remote mirroring 213 Advanced Configuration System2 Information Configures system contact name and location 47 IP Configures IPv4 and SNTP settings 48 IPv6 Config...

Page 38: ...luding maximum allowed MAC addresses and response for security breach 87 NAS Configures global and port settings for IEEE 802 1X 90 ACL Access Control Lists 101 Ports Assigns ACL rate limiter and othe...

Page 39: ...and immediate leave 145 IPMC IP Multicast IGMP Snooping Internet Group Management Protocol Snooping 151 Basic Configuration Configures global and port settings for multicast filtering 151 VLAN Config...

Page 40: ...provided for frames entering the ingress queue of specified ports 194 Port Scheduler Provides overview of QoS Egress Port Schedulers including the queue mode and weight also configures egress queue m...

Page 41: ...ys the number of packets used to manage the switch via HTTP HTTPS and SNMP Telnet and SSH 236 Network Port Security Switch Shows information about MAC address learning for each port including the soft...

Page 42: ...plays administration key and associated local ports for each partner 257 Port Status Displays administration key LAG ID partner ID and partner ports for each local port 257 Port Statistics Displays st...

Page 43: ...vices and statistics for LLDP protocol packets crossing each port 278 MAC Table Displays dynamic and static address entries associated with the CPU and each port 280 VLANs Virtual LANs 281 VLAN Member...

Page 44: ...he switch and allows you to revert to the alternate image 292 Save Saves or views the switch s current configuration in XML format Select Save to save the XML configuration file to local storage or se...

Page 45: ...292 Upload Restores configuration settings from a file on the management station 292 1 The Basic Configuration menu is a subset of Advanced Configuration The following configuration chapter is therefo...

Page 46: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 46...

Page 47: ...ETERS These parameters are displayed System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters...

Page 48: ...ned via DHCP by default If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 2 10 and subnet mask 255 255 255 0 You can manually configure a specific...

Page 49: ...IP addresses are forwarded IP DNS Proxy Configuration DNS Proxy If enabled the switch maintains a local database based on previous responses to DNS queries forwarded on behalf of attached clients If...

Page 50: ...ed EUI 64 Extended Universal Identifier form of the interface identifier i e the physical MAC address You can manually configure a link local address by entering the full address with the network pref...

Page 51: ...ts specifies that the first six colon separated values comprise the network portion of the address Router Sets the IPv6 address of the default next hop router An IPv6 default gateway must be defined i...

Page 52: ...the switch periodically sends a request for a time update to a configured time server You can configure up to five time server IP addresses The switch will attempt to poll each server in the configur...

Page 53: ...t and mornings have less This is known as Daylight Savings Time or Summer Time Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn PATH Basic Adv...

Page 54: ...me basis From Start time for summer time To End time for summer time Offset The number of minutes to add during Daylight Saving Time Range 1 1440 WEB INTERFACE To set the time zone or Daylight Savings...

Page 55: ...CHAPTER 4 Configuring the Switch Configuring the Time Zone and Daylight Savings Time 55 Figure 7 Time Zone and Daylight Savings Time Configuration...

Page 56: ...t exist PARAMETERS These parameters are displayed Server Mode Enables disables the logging of debug or error messages to the remote logging process Default Disabled Server Address Specifies the IPv4 a...

Page 57: ...uits powered up when traffic is transmitted The devices can exchange information about the device wakeup time using LLDP protocol To maximize power savings the circuit is not started as soon as data i...

Page 58: ...iguring EEE Power Reduction CONFIGURING PORT CONNECTIONS Use the Port Configuration page to configure the connection parameters for each port This page includes options for enabling auto negotiation o...

Page 59: ...1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T port or trunk If not used the success of the link process cannot b...

Page 60: ...quirements IEEE 802 3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters Enabling power saving mode can significantly reduce power used...

Page 61: ...S over the Secure Socket Layer SSL static configuration of client addresses and SNMP General Security Measures Network menu This switch supports many methods of segregating traffic for clients attache...

Page 62: ...er s privilege should be same or greater than the group privilege level to have the access of a group By default most of the group privilege levels are set to 5 which provides read only access and pri...

Page 63: ...Users Figure 11 Showing User Accounts To configure a user account 1 Click Advanced Configuration Security Switch Users 2 Click Add new user 3 Enter the user name password and privilege level 4 Click...

Page 64: ...Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege levels Every privilege level group can be configured to access the following modules...

Page 65: ...or TACACS remote access authentication server Note that the RADIUS servers used to authenticate client access for IEEE 802 1X port authentication are also configured on this page see page 90 Remote A...

Page 66: ...authentication method and the corresponding parameters for the remote authentication protocol on the Network Access Server Configuration page Local and remote logon authentication can be used to contr...

Page 67: ...ossible if the Authentication Method is set to something else than none or local WEB INTERFACE To configure authentication for management access 1 Click Advanced Configuration Security Switch Auth Met...

Page 68: ...nitial connection or manually entered into the known host file However you do not need to configure the client s keys The SSH service on the switch supports up to four client sessions The maximum numb...

Page 69: ...or above The following web browsers and operating systems currently support HTTPS PARAMETERS These parameters are displayed Mode Enables HTTPS service on the switch Default Enabled Automatic Redirect...

Page 70: ...ch Access Management PARAMETERS These parameters are displayed Mode Enables or disables filtering of management access based on configured IP addresses Default Disabled Start IP Address The starting a...

Page 71: ...by the agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions...

Page 72: ...es or disables SNMP service Default Disabled Table 6 SNMP Security Models and Levels Model Level Community String Group Read View Write View Security v1 noAuth NoPriv public default_ro_group default_v...

Page 73: ...against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engin...

Page 74: ...raffic You should consider these effects when deciding whether to issue notifications as traps or informs Trap Inform Timeout The number of seconds to wait for an acknowledgment before resending an in...

Page 75: ...o enable SNMP service on the switch specify the SNMP version to use change the community access strings if required and set the engine ID if SNMP version 3 is used 3 In the SNMP Trap Configuration tab...

Page 76: ...uration table For security reasons you should consider removing the default strings PATH Advanced Configuration Security Switch SNMP Communities PARAMETERS These parameters are displayed Community Spe...

Page 77: ...Click Save Figure 20 SNMPv3 Community Configuration CONFIGURING SNMPV3 USERS Use the SNMPv3 User Configuration page to define a unique name and remote engine ID for each SNMPv3 user Users must be con...

Page 78: ...oAuth NoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 Auth NoPriv SNMP communications use authentication but the data is not encrypted Auth P...

Page 79: ...ASCII characters 33 126 only The options displayed for this parameter depend on the selected Security Model For SNMP v1 and v2c the switch displays the names configured on the SNMPv3 Communities Conf...

Page 80: ...of the SNMP view Range 1 32 characters ASCII characters 33 126 only View Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Generally if...

Page 81: ...User based Security Model usm Default any Security Level The security level assigned to the group NoAuth NoPriv There is no authentication or encryption used in SNMP communications This is the default...

Page 82: ...adually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent then periodically communicates with the switch using the SNM...

Page 83: ...ittent problems The record can be used to establish normal baseline activity which may reveal problems associated with high traffic levels broadcast storms or other unusual events It can also be used...

Page 84: ...or changing values such as a statistical counter reaching a specific value or a statistic changing by a certain amount over the set interval Alarms can be set to respond to rising or falling threshold...

Page 85: ...value is greater than the rising threshold and the last sample value was less than this threshold then an alarm will be generated After a rising event has been generated another such event will not be...

Page 86: ...a message to a trap manager Alarms and corresponding events provide a way of immediately responding to critical network problems PATH Advanced Configuration Security RMON Event PARAMETERS The followi...

Page 87: ...nd the community string to send with trap messages 4 Click Save Figure 28 RMON Event Configuration CONFIGURING PORT LIMIT CONTROLS Use the Port Security Limit Control Configuration page to limit the n...

Page 88: ...MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken The switch is initialized with a total number of MAC addresses...

Page 89: ...cates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap Shutdown Re open If a port is shut down by this module you may reopen it...

Page 90: ...to easily intrude and possibly gain access to sensitive network data Use the Network Access Server Configuration page to configure IEEE 802 1X port based and MAC based authentication settings The 802...

Page 91: ...MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security However note that the only encryption method supported by...

Page 92: ...he user to have special 802 1X software installed on his system The switch uses the client s MAC address to authenticate against the backend server However note that intruders can create counterfeit M...

Page 93: ...t enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication does not cause direct communication between the switch and the client so this will no...

Page 94: ...cept packet Only the first occurrence of the attribute in the packet will be considered To be valid all 8 octets in the attribute s value must be identical and consist of ASCII characters in the range...

Page 95: ...er is denied access While a port has an assigned dynamic QoS profile any manual QoS configuration changes only take effect after all users have logged off the port RADIUS Assigned VLAN Enabled RADIUS...

Page 96: ...used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Privat...

Page 97: ...OL Success frame after entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the...

Page 98: ...ted on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast...

Page 99: ...e The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The...

Page 100: ...client authentication using one of the methods described below Note that the restart buttons are only enabled when the switch s authentication mode is globally enabled under System Configuration and t...

Page 101: ...opped as soon as it matches a deny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to an...

Page 102: ...n page 213 ACL based port mirroring set by this parameter and port mirroring set on the general Mirror Configuration page are implemented independently To use ACL based mirroring enable the Mirror par...

Page 103: ...r each port to which an ACL will be applied 4 Click Save Figure 32 ACL Port Configuration CONFIGURING RATE LIMITERS Use the ACL Rate Limiter Configuration page to define the rate limits applied to a p...

Page 104: ...tion CONFIGURING ACCESS CONTROL LISTS Use the Access Control List Configuration page to define filtering rules for an ACL policy for a specific port or for all ports Rules applied to a port take effec...

Page 105: ...ing is equal to IP 0x800 IPv4 frames based on destination MAC address protocol type TTL IP fragment IP option flag source destination IP VLAN ID VLAN priority PARAMETERS These parameters are displayed...

Page 106: ...to match Options Any Ethernet ARP IPv4 Default Any Filter Criteria Based on Selected Frame Type Ethernet MAC Parameters SMAC Filter The type of source MAC address Options Any Specific user defined Def...

Page 107: ...IP address Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Network specifies the sender IP address and sender IP mask in the SIP Address and...

Page 108: ...owed 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Default Any IPv4 MAC Parameters DMAC Filt...

Page 109: ...st match this entry Default Any TCP PSH Specifies the TCP Push Function PSH value for this rule Options Any any value is allowed 0 TCP frames where the PSH field is set must not match this entry 1 TCP...

Page 110: ...on IP mask in the DIP Address and DIP Mask fields Default Any Response to take when a rule is matched Action Permits or denies a frame based on whether it matches an ACL rule Default Permit Rate Limit...

Page 111: ...B INTERFACE To configure an Access Control List for a port or a policy 1 Click Advanced Configuration Security Network ACL Access Control List 2 Click the button to add a new ACL or use the other ACL...

Page 112: ...o DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping or using the static bindings configured with IP Source Guard DHCP snooping allows...

Page 113: ...r a trusted port If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally but the port is not trusted it is pr...

Page 114: ...nables DHCP snooping globally When DHCP snooping is enabled DHCP request messages will be forwarded to trusted ports and reply packets only allowed from trusted ports Default Disabled Port Port identi...

Page 115: ...o which they are connected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire...

Page 116: ...ddress of a neighbor to access the network CONFIGURING GLOBAL AND PORT SETTINGS FOR IP SOURCE GUARD Use the IP Source Guard Configuration page to filter traffic on an insecure port which receives mess...

Page 117: ...inding the packet will be forwarded If IP source guard if enabled on an interface for which IP source bindings have not yet been configured neither by static configuration in the IP source guard bindi...

Page 118: ...Source Guard CONFIGURING STATIC BINDINGS FOR IP SOURCE GUARD Use the Static IP Source Guard Table to bind a static address to a port Table entries include a port identifier VLAN identifier IP address...

Page 119: ...o static IP source guard binding Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed Port The port to which a static entry is bound VLAN ID ID of a config...

Page 120: ...tion is controlled on a global and port basis By default ARP Inspection is disabled both globally and on all ports If ARP Inspection is globally enabled then it becomes active only on the ports where...

Page 121: ...Default Disabled Translate dynamic to static Click to translate all dynamic entries to static entries Port Mode Configuration Port Port identifier Mode Enables Dynamic ARP Inspection on a given port O...

Page 122: ...packets to any entries specified in the static ARP table If no static entry matches the packets then the DHCP snooping bindings database determines their validity PATH Advanced Configuration Security...

Page 123: ...equest Range 3 3600 seconds Default 15 seconds Dead Time The time after which the switch considers an authentication server to be dead if it does not reply Range 0 3600 seconds Default 300 seconds Set...

Page 124: ...ement access in the web interface 1 Click Advanced Configuration Security AAA 2 Configure the authentication method for management client types the common server timing parameters and address UDP port...

Page 125: ...e standby ports will automatically be activated to replace it USAGE GUIDELINES Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a...

Page 126: ...e a balanced load across all links in a trunk the switch uses a hash algorithm to calculate an output link number in the trunk However depending on the device to which a trunk is connected and the tra...

Page 127: ...nt hosts Do not use this mode for switch to server trunk links where the destination IP address is the same for all traffic One of the defaults TCP UDP Port Number All traffic with the same source and...

Page 128: ...onnecting the ports and also disconnect the ports before disabling LACP If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with...

Page 129: ...s are connected to the same partner LACP can form up to 12 LAGs per switch Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default Aut...

Page 130: ...nabled a control frame is transmitted on the participating ports and the switch monitors inbound traffic to see if the frame is looped back PATH Advanced Configuration Loop Protection USAGE GUIDELINES...

Page 131: ...in that state until the switch is reset When the loop protection mode is changed any ports placed in shutdown state by the loopback detection process will be immediately restored to operation regardle...

Page 132: ...D RSTP Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s STP STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router...

Page 133: ...aining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs MSTP When using STP or RSTP it may be difficult to maintain a stable path between all...

Page 134: ...ng Tree Instance MSTI the protocol will automatically build an MSTI tree to maintain connectivity among each of the VLANs MSTP maintains contact with the global network because each instance is treate...

Page 135: ...lowing for faster convergence of a new topology for the failed instance To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP conf...

Page 136: ...becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Note that references to ports in this section mean...

Page 137: ...uthorized device The BPDU guard feature provides a secure response to invalid configurations because an administrator must manually enable the port Default Disabled Port Error Recovery Controls whethe...

Page 138: ...l area of your network However remember that you must configure all bridges that exist within the same MSTI Region with the same set of instances and the same instance on each bridge with the same set...

Page 139: ...pped VLANs to assign to this MST instance The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI Range 1 4094 WEB INTERFACE To add VLAN groups to an MSTP instance 1...

Page 140: ...16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 Default 128 Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the ST...

Page 141: ...ation settings can be applied to all trunks STP Enabled Sets the interface to enable STA disable STA or disable STA with BPDU transparency Default Enabled BPDU transparency is commonly used to support...

Page 142: ...looding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA rela...

Page 143: ...eceiving BPDUs It can prevent loops by shutting down an port when a BPDU is received instead of putting it into the spanning tree discarding state The BPDU guard feature provides a secure response to...

Page 144: ...the same media type to indicate the preferred path References to ports in this section means interfaces which includes both ports and trunks PATH Basic Advanced Configuration Spanning Tree MSTI Ports...

Page 145: ...ric identifier will be enabled Range 0 240 in steps of 16 Default 128 WEB INTERFACE To configure settings for MSTP interfaces 1 Click Configuration Spanning Tree MSTI Ports 2 Modify the required attri...

Page 146: ...ver port PATH Advanced Configuration MVR COMMAND USAGE General Configuration Guidelines for MVR 1 Enable MVR globally on the switch and select the MVR VLAN 2 Set the interfaces that will join the MVR...

Page 147: ...aracters containing at least one alphabetic character Mode Specify the MVR mode of operation Dynamic MVR allows dynamic MVR membership reports on source ports This is the default Compatible MVR member...

Page 148: ...anually configured as a member of the MVR VLAN see Assigning Ports to VLANs on page 175 Receiver A subscriber port that can receive multicast data sent through the MVR VLAN Any port configured as a re...

Page 149: ...URING MVR CHANNEL SETTINGS Use the MVR Channel Configuration page to view dynamic multicast group bindings for a multicast VLAN or to configure static bindings for a multicast VLAN PATH COMMAND USAGE...

Page 150: ...ETERS These parameters are displayed VLAN ID Displays the Multicast VLAN identifier VLAN Name Displays the Multicast VLAN name Start Address The starting IPv4 IPv6 Multicast Group Address that will be...

Page 151: ...ry thereby identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch rou...

Page 152: ...cket only when the last dynamic member port leaves a multicast group The leave proxy feature does not function when a switch is set as the querier When the switch is a non querier the receiving port i...

Page 153: ...s the switch to remove a port from the multicast forwarding table without first having to send an IGMP group specific GS query to that interface If Fast Leave is not used a multicast router or querier...

Page 154: ...Configuration PARAMETERS These parameters are displayed VLAN ID VLAN Identifier Snooping Enabled When enabled the switch will monitor network traffic on the indicated VLAN interface to determine which...

Page 155: ...t 125 seconds An MLD general query message is sent by the switch at the interval specified by this attribute When this message is received by downstream hosts all receivers build an MLD report for the...

Page 156: ...ator may want to control the multicast services that are available to end users for example an IP TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement...

Page 157: ...ndent functions and can therefore both function at the same time CONFIGURING GLOBAL AND PORT RELATED SETTINGS FOR MLD SNOOPING Use the MLD Snooping Configuration page to configure global and port rela...

Page 158: ...ges so that a non querier switch forwards an MLD leave packet only when the last dynamic member port leaves a multicast group The leave proxy feature does not function when a switch is set as the quer...

Page 159: ...If Fast Leave is not used a multicast router or querier will send a GS query message when a group leave message is received The router querier stops forwarding traffic for that group only if no host...

Page 160: ...is enabled globally the per VLAN interface settings for MLD snooping take precedence When MLD snooping is disabled globally snooping can still be configured per VLAN interface but the interface settin...

Page 161: ...t which General Queries are sent by the Querier Range 1 255 seconds Default 125 seconds An MLD general query message is sent by the switch at the interval specified by this attribute When this message...

Page 162: ...ing Configuration page to filter specific multicast traffic In certain switch applications the administrator may want to control the multicast services that are available to end users for example an I...

Page 163: ...ype Length Value TLV format according to the IEEE 802 1AB standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and main...

Page 164: ...pting to re initialize after LLDP ports are disabled or the link goes down Range 1 10 seconds Default 2 seconds When LLDP is re initialized on a port all information in the remote system s LLDP MIB as...

Page 165: ...Capa The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB...

Page 166: ...ver IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details Both LLDP and LLDP MED information can be used by SNMP app...

Page 167: ...at count it is possible to specify the number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted w...

Page 168: ...de The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City Ci...

Page 169: ...ific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are Layer 2 VLAN ID IEEE 802 1Q 2003 Layer 2 priority value IEEE 802...

Page 170: ...dvertised in the Guest Voice application policy Softphone Voice For use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not sup...

Page 171: ...value used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 63 A value of 0 represents use of the default...

Page 172: ...for all known devices This information is used to pass traffic directly between the inbound and outbound ports All the addresses learned by monitoring traffic are stored in the dynamic address table...

Page 173: ...he MAC Learning Table is grayed out another software module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X...

Page 174: ...twork but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical c...

Page 175: ...carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devi...

Page 176: ...orts PARAMETERS These parameters are displayed Ethertype for Custom S ports When Port Type is set to S custom port the EtherType also called the Tag Protocol Identifier or TPID of all frames received...

Page 177: ...f ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded If ingress filtering is disabled and a port receives frames tagge...

Page 178: ...ntain any VLAN aware devices including the destination host the switch should first strip off the VLAN tag before forwarding the frame Port VLAN ID VLAN ID assigned to untagged frames received on the...

Page 179: ...n only be forwarded to and from uplink ports that is ports configured as members of both a standard IEEE 802 1Q VLAN and the private VLAN Ports isolated in the private VLAN are designated as downlink...

Page 180: ...VLANs PVLAN Membership PARAMETERS These parameters are displayed PVLAN ID Private VLAN identifier By default all ports are configured as members of VLAN 1 and PVLAN 1 Because all of these ports are me...

Page 181: ...re displayed Port Number Port identifier WEB INTERFACE To configure isolated ports 1 Click Configuration Private VLANs Port Isolation 2 Mark the ports which are to be isolated from each other 3 Click...

Page 182: ...C address which is to be mapped to a specific VLAN The MAC address must be specified in the format xx xx xx xx xx xx VLAN ID VLAN to which ingress traffic matching the specified source MAC address is...

Page 183: ...want to use page 175 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for e...

Page 184: ...0x0600 0xffff and if value of the OUI is other than 00 00 00 then valid value of the PID will be any value from 0x0000 to 0xffff Group Name The name assigned to the Protocol VLAN Group This name must...

Page 185: ...rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the...

Page 186: ...et these frames are assigned to the VLAN indicated in the entry If no IP subnet is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID PATH Advanced Configurat...

Page 187: ...Then mark the ports which will be assigned to this VLAN 3 Click Save Figure 72 Assigning Ports to an IP Subnet based VLAN MANAGING VOIP TRAFFIC When IP telephony is deployed in an enterprise network...

Page 188: ...Disabled VLAN ID Sets the Voice VLAN ID for the network Only one Voice VLAN is supported on the switch Range 1 4095 Default 1000 The Voice VLAN cannot be the same as that defined for any other functio...

Page 189: ...d Discovery Protocol Selects a method to use for detecting VoIP traffic on the port Default OUI OUI Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MA...

Page 190: ...numbers for VoIP equipment can be configured on the switch so that traffic from these devices is recognized as VoIP NOTE Making any changes to the OUI table will restart the auto detection process fo...

Page 191: ...classes The manner in which an individual device handles traffic is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end Q...

Page 192: ...es not classified in any other way Range 0 1 Default 0 PCP Controls the default Priority Code Point or User Priority for untagged frames Range 0 7 Default 0 DEI Controls the default Drop Eligible Indi...

Page 193: ...e values when Tag Classification is Enabled Range 0 1 Default 0 WEB INTERFACE To set the basic QoS parameters for a port 1 Click Advanced Configuration QoS Port Classification 2 Set any of the ingress...

Page 194: ...his function allows the network manager to control the maximum rate for traffic received on an port Port policing is configured on interfaces at the edge of a network to limit traffic into of the netw...

Page 195: ...ure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discardin...

Page 196: ...ch queue Options Strict Weighted Default Strict DWRR services the queues in a manner similar to WRR but the next queue is serviced only when the queue s Deficit Counter becomes smaller than the packet...

Page 197: ...queue Port Shaper Sets the rate at which traffic can egress this queue Enable Enables or disables port shaping Default Disabled Rate Controls the rate for the port shaper The default value is 500 Thi...

Page 198: ...r queue scheduler when the scheduler mode is set to Weighted and the port shaper 4 Click Save Figure 79 Configuring Egress Port Schedulers and Shapers CONFIGURING EGRESS PORT SHAPER Use the QoS Egress...

Page 199: ...meters under Configuring Egress Port Scheduler WEB INTERFACE To show an overview of the rate for each queue and port 1 Click Advanced Configuration QoS Port Shaper 2 Click on any enter under the Port...

Page 200: ...ort Classified Uses classified PCP DEI values Default Uses default PCP DEI values Range PCP 0 7 Default 0 DEI 0 1 Default 0 Mapped Controls the mapping of the classified QoS class values and DP levels...

Page 201: ...81 Displaying Port Tag Remarking Mode To configure the tag remarking mode 1 Click Configuration QoS Port Tag Remarking 2 Click on any of the entries in the Port field 3 Set the tag remarking mode and...

Page 202: ...Mode CONFIGURING PORT DSCP TRANSLATION AND REWRITING Use the QoS Port DSCP Configuration page to configure ingress translation and classification settings and egress re writing of DSCP values PATH Adv...

Page 203: ...ed without remapping Remap DP Aware Frame with DSCP from analyzer is remapped and remarked with the remapped DSCP value Depending on the frame s DP level the remapped DSCP value is either taken from t...

Page 204: ...re mapped to a specific QoS class and drop level DPL Frames with untrusted DSCP values are treated as non IP frames QoS Class QoS value to which the corresponding DSCP value is classified for ingress...

Page 205: ...RAMETERS These parameters are displayed DSCP DSCP value Range 0 63 Ingress Translate Enables ingress translation of DSCP values based on the specified classification method Ingress Classify Enable Cla...

Page 206: ...pping parameters 3 Click Save Figure 85 Configuring DSCP Translation and Re mapping CONFIGURING DSCP CLASSIFICATION Use the DSCP Classification page to map DSCP values to a QoS class and drop preceden...

Page 207: ...tion page to configure Quality of Service policies for handling ingress packets based on Ethernet type VLAN ID TCP UDP port DSCP ToS or VLAN priority tag Once a QCE is mapped to a port traffic matchin...

Page 208: ...ill be put in the queue corresponding to the specified QoS class DPL The drop precedence level will be set to the specified value DSCP The DSCP value will be set the specified value The following butt...

Page 209: ...esponse or sequence information depending on whether the LLC frame type is Unnumbered Supervisory or Information Options Any Specific 0x00 0xff Default 0xff SNAP SubNetwork Access Protocol can be dist...

Page 210: ...535 Action Parameters Indicates the classification action taken on ingress frame if the configured parameters are matched in the frame s content If a frame matches the QCE the following actions will b...

Page 211: ...g the network is not properly configured or application programs are not well designed or properly configured Traffic storms caused by any of these problems can severely degrade performance or bring y...

Page 212: ...32 64 128 256 512 or 1 2 4 8 16 32 64 128 256 512 1024 Kpps Default 2 pps Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps translates int...

Page 213: ...on the ACL Ports Configuration page see Filtering Traffic with Access Control Lists on page 101 or the ACE Configuration page see Configuring Access Control Lists on page 104 PARAMETERS These paramet...

Page 214: ...figuration CONFIGURING REMOTE PORT MIRRORING Use the Mirroring RSPAN Configuration page to mirror traffic from remote switches for analysis at a destination port on the local switch This feature also...

Page 215: ...tch on the Mirroring RSPAN configuration page by specifying switch type Destination the RSPAN VLAN intermediate ports and the destination port s where the mirrored traffic will be received RSPAN Limit...

Page 216: ...y mirrored traffic Source port s reflector port and intermediate port s are located on this switch Intermediate Specifies this device as an intermediate switch transparently passing mirrored traffic f...

Page 217: ...tination port can still send and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned WEB INTERFACE To configure remote port mirroring for an RSPAN source sw...

Page 218: ...ng for an RSPAN intermediate switch 1 Click Basic Advanced Configuration Mirroring RSPAN 2 Set the Mode to Enabled and the Type to Intermediate 3 Select the intermediate ports through which all mirror...

Page 219: ...o Enabled and the Type to destination 3 Select the intermediate ports to add to the RSPAN VLAN which will then pass traffic on to the destination ports 4 Select the destination ports which are to moni...

Page 220: ...URL for the service provided in the device description When a device is known to the control point periodic event notification messages are sent A UPnP description for a service includes a list of ac...

Page 221: ...t on their network The sFlow Agent samples 1 out of n packets from all data traversing the switch re encapsulates the samples as sFlow datagrams and transmits them to the sFlow Collector This sampling...

Page 222: ...ent reconfiguration The Release button can be used to release the current owner and disable sFlow sampling This button is disabled if sFlow is currently unconfigure If configured through SNMP the rele...

Page 223: ...en Range 1 4096 packets or 0 to disable sampling Default Disabled Max Header Maximum size of the sFlow datagram header Range 14 200 bytes Default 128 bytes If the maximum datagram size does not take i...

Page 224: ...CHAPTER 4 Configuring the Switch Configuring sFlow 224 Figure 95 sFlow Configuration...

Page 225: ...splaying the device name location and contact information PATH Monitor System Information PARAMETERS These parameters are displayed System To configure the following items see Configuring System Infor...

Page 226: ...ation Figure 96 System Information DISPLAYING CPU UTILIZATION Use the CPU Load page to display information on CPU utilization The load is averaged over the last 100ms 1sec and 10 seconds intervals The...

Page 227: ...the logged system and event messages PATH Monitor System Log PARAMETERS These parameters are displayed Display Filter Level Specifies the type of log messages to display Info Informational messages on...

Page 228: ...splay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entrie...

Page 229: ...S You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the number of pa...

Page 230: ...he number of packets received and transmitted Bytes Received Transmitted The number of bytes received and transmitted Errors Received Transmitted The number of frames received with errors and the numb...

Page 231: ...meters are displayed Port Port identifier Q Receive Transmit The number of packets received and transmitted through the indicated queue WEB INTERFACE To display the queue counters click Monitor Ports...

Page 232: ...aken Class Classified QoS Class If a frame matches the QCE it will be put in the queue corresponding to the specified QoS class DP The drop precedence level will be set to the specified value DSCP The...

Page 233: ...ber of received and transmitted broadcast packets good and bad Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive Tra...

Page 234: ...bber The total number of frames received that were longer than the configured maximum frame length for this port excluding framing bits but including FCS octets and had either an FCS or alignment erro...

Page 235: ...CHAPTER 5 Monitoring the Switch Displaying Information About Ports 235 WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 104 Detailed Port Statistics...

Page 236: ...Management Statistics USAGE GUIDELINES Statistics will only be displayed on this page if access management is enabled on the Access Management Configuration menu see page 70 and traffic matching one o...

Page 237: ...es to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules that may request port security services and on...

Page 238: ...ed on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count The two columns indicate the number of currently learned MAC addresses forwarding as well as...

Page 239: ...ive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blo...

Page 240: ...rame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received...

Page 241: ...Port selection page to display the authentication status for the selected port either for 802 1X protocol or for the remote authentication server depending on the authentication method PATH Monitor Se...

Page 242: ...will match any ingress port Policy The ACE will match ingress ports with a specific policy Port The ACE will match a specific ingress port Frame Type Indicates the frame type to which the ACE applies...

Page 243: ...ounter The number of times the ACE was matched by a frame Conflict This field shows Yes if a specific ACE is not applied due to hardware limitations WEB INTERFACE To display ACL status 1 Click Monitor...

Page 244: ...e number of inform option 53 with value 8 packets received and transmitted Rx Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx Tx Lease Unassigned T...

Page 245: ...re displayed Server Statistics Transmit to Server The number of packets relayed from the client to the server Transmit Error The number of packets containing errors that were sent to clients Receive f...

Page 246: ...eived where the DHCP client packet information was replaced with the switch s relay information Keep Agent Option The number of packets received where the DHCP client packet information was retained D...

Page 247: ...ard Table to display entries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected thr...

Page 248: ...TERS These parameters are displayed IP Address The IP address and UDP port number of this server Status The current state of the server This field takes one of the following values Disabled The server...

Page 249: ...tication Statistics Receive Packets Access Accepts The number of RADIUS Access Accept packets valid or invalid received from this server Access Rejects The number of RADIUS Access Reject packets valid...

Page 250: ...ission Timeouts The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted...

Page 251: ...rt Packets Dropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Transmit Packets Requests The number of RADIUS packets sent...

Page 252: ...but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Tri...

Page 253: ...events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of pac...

Page 254: ...statistics on a physical interface including network utilization packet types and errors PATH Monitor Security Switch RMON History PARAMETERS These parameters are displayed History Index Index of Hist...

Page 255: ...sampling the selected variable and calculating the value to be compared against the thresholds For more information see Configuring RMON Alarms on page 84 Value The value of the statistic during the l...

Page 256: ...h RMON Alarm Figure 119 RMON Alarm Overview DISPLAYING RMON EVENT SETTINGS Use the RMON Alarm Event page to display configured event settings PATH Monitor Security Switch RMON Event PARAMETERS These p...

Page 257: ...Aggr ID The Aggregation ID associated with this Link Aggregation Group LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Last Cha...

Page 258: ...AG partner s system ID assigned by the LACP protocol i e its MAC address Partner Port The partner port connected to this local port WEB INTERFACE To display LACP status for local ports this switch cli...

Page 259: ...conditions PATH Monitor Loop Protection PARAMETERS These parameters are displayed Port Port identifier Action Configured port action i e the response to take when a loop is detected on a port Transmi...

Page 260: ...are displayed STA Bridges MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC addres...

Page 261: ...gured during a one second interval CIST Ports Aggregations State Port Port Identifier Port ID The port identifier as used by the RSTP protocol This consists of the priority part and the logical port i...

Page 262: ...one other bridge The flag may be automatically computed or explicitly configured The point to point properties of a port affect how fast it can transition RSTP states Uptime The time since the bridge...

Page 263: ...re removed CIST State Displays current state of this port within the Spanning Tree Blocking Port receives STA configuration messages but does not forward packets Learning Port has transmitted configur...

Page 264: ...transmitted on a port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on a port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded...

Page 265: ...Joins and MLDv2 Reports respectively IGMPv2 MLDv1 Leaves Received Number of received IGMPv2 Leaves and MLDv1 Dones respectively WEB INTERFACE To display information for MVR statistics click Monitor M...

Page 266: ...130 MVR Group Information DISPLAYING MVR SFM INFORMATION Use the MVR SFM Information page to display MVR Source Filtered Multicast information including group filtering mode include or exclude source...

Page 267: ...GMP Snooping Status page to display IGMP querier status snooping statistics for each VLAN carrying IGMP traffic and the ports connected to an upstream multicast router switch PATH Monitor IPMC IGMP Sn...

Page 268: ...tatus Ports connected to multicast routers may be dynamically discovered by this switch or statically assigned to an interface on this switch WEB INTERFACE To display IGMP snooping status information...

Page 269: ...r IPMC IGMP Snooping IPv4 SFM Information PARAMETERS These parameters are displayed VLAN ID VLAN identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mo...

Page 270: ...orts connected to an upstream multicast router switch PATH Monitor IPMC MLD Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version MLD version use...

Page 271: ...o an interface on this switch WEB INTERFACE To display MLD snooping status information click Monitor MLD Snooping Status Figure 135 MLD Snooping Status SHOWING MLD SNOOPING GROUP INFORMATION Use the M...

Page 272: ...S These parameters are displayed VLAN ID VLAN Identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID port n...

Page 273: ...PATH Monitor LLDP Neighbors PARAMETERS These parameters are displayed Local Port The local port to which a remote LLDP capable device is attached Chassis ID An octet string indicating the specific ide...

Page 274: ...or Information page to display information about a remote device connected to a port on this switch which is advertising LLDP MED TLVs including network connectivity device endpoint device capabilitie...

Page 275: ...Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device lo...

Page 276: ...he VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagg...

Page 277: ...Tw The link partner s maximum time that the transmit path can hold off sending data after de assertion of Lower Power Idle LPI mode Tw indicates Wake State Time Rx Tw The link partner s time the recei...

Page 278: ...d via LLDP Resolved Rx Tw The resolved Rx Tw for this link not the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE...

Page 279: ...es discarded because they did not conform to the general validation rules as well as any specific usage rules defined for the particular Type Length Value TLV TLVs Discarded Each LLDP frame can contai...

Page 280: ...t fields allow you to select the starting point in the table Type Indicates whether the entry is static or dynamic Dynamic MAC addresses are learned by monitoring the source address for traffic enteri...

Page 281: ...eb or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server MVR Eliminates the need to duplicate multicast traffic f...

Page 282: ...tion of the software modules that use VLAN management services Port Port Identifier PVID The native VLAN assigned to untagged frames entering this port Port Type Shows whether or not a port processes...

Page 283: ...VLAN port status click Monitor VLANs VLAN Port 2 Select a software module from the drop down list on the right side of the page Figure 144 Showing VLAN Port Status DISPLAYING INFORMATION ABOUT MAC BA...

Page 284: ...AC based VLAN Membership Status DISPLAYING INFORMATION ABOUT FLOW SAMPLING Use the sFlow Statistics page to display information on sampled traffic including the owner receiver address remaining sampli...

Page 285: ...ress host name into the Ping Web page Diagnostics Ping Ping6 Flow Samples The total number of flow samples sent to the sFlow receiver Counter Samples The total number of counter samples sent to the sF...

Page 286: ...CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling 286 WEB INTERFACE 1 To display information on sampled traffic click Monitor sFlow Figure 146 Showing sFlow Statistics...

Page 287: ...IPv4 address consists of 4 numbers 0 to 255 separated by periods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the app...

Page 288: ...Start the sequence number and round trip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs Figure 147...

Page 289: ...aving configuration settings and resetting the switch RESTARTING THE SWITCH Use the Restart Device page to restart the switch PATH Maintenance Restart Device WEB INTERFACE To restart the switch 1 Clic...

Page 290: ...reboot is necessary Figure 152 Factory Defaults UPGRADING FIRMWARE Use the Software Upload page to upgrade the switch s system firmware by specifying a file provided by LevelOne You can download firmw...

Page 291: ...off the device at this time or the switch may fail to function afterwards Figure 153 Software Upload ACTIVATING THE ALTERNATE IMAGE Use the Software Image Selection page to display information about t...

Page 292: ...the file under which to save the current configuration settings The configuration file is in XML format The configuration parameters are represented as attribute values When saving the configuration...

Page 293: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 293 Figure 156 Configuration Upload...

Page 294: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 294...

Page 295: ...295 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 297 Troubleshooting on page 301 License Information on page 303...

Page 296: ...SECTION III Appendices 296...

Page 297: ...0 Mbps at half full duplex 1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast...

Page 298: ...ts DSCP remarking ingress traffic policing and egress traffic shaping MULTICAST FILTERING IGMP Snooping IPv4 MLD Snooping IPv6 Multicast VLAN Registration ADDITIONAL FEATURES DHCP Client Relay Option...

Page 299: ...EEE 802 1p Priority tags IEEE 802 1Q 2005 VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protoco...

Page 300: ...RFC 2065 IPV6 ICMP MIB RFC 2066 IPV6 TCP MIB RFC 2052 IPV6 UDP MIB RFC 2054 MAU MIB RFC 3636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB...

Page 301: ...t been disabled Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station...

Page 302: ...witch follow these steps 1 Enable logging 2 Set the error messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages...

Page 303: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Page 304: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Page 305: ...These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Page 306: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Page 307: ...according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DHCP Dynamic Host Control Protocol Provides a framework for passing...

Page 308: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Page 309: ...1S An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1W An IEEE standard for the Rapid Spanning Tree Protocol RSTP which...

Page 310: ...by this switch can pass multicast traffic along to participating hosts IP PRECEDENCE The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority l...

Page 311: ...egion and prevents VLAN members from being segmented from the rest of the group MULTICAST SWITCHING A process whereby the switch filters incoming multicast frames for services for which no attached ho...

Page 312: ...rity of one flow or limiting the priority of another flow RADIUS Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to...

Page 313: ...T Defines a remote communication facility for interfacing to a terminal device over TCP IP TFTP Trivial File Transfer Protocol A TCP IP protocol commonly used for software downloads UDP User Datagram...

Page 314: ...GLOSSARY 314...

Page 315: ...on policy 115 DHCP snooping 112 DNS server 49 Domain Name Service See DNS downloading software 290 using HTTP 290 using TFTP 290 drop precedence QoS 192 DSCP classification QoS 206 rewriting port 202...

Page 316: ...ng syslog traps 56 to syslog servers 56 log in web interface 35 logon authentication 62 encryption keys 123 RADIUS client 123 RADIUS server 123 settings 123 TACACS client 65 TACACS server 65 123 loopb...

Page 317: ...2 control lists 207 drop precedence 192 DSCP classification 206 DSCP rewriting 202 DSCP translation 202 205 egress port scheduler 196 ingress classification 204 ingress port classification 192 ingress...

Page 318: ...2 trap destination 73 trap manager 73 troubleshooting 301 trunk configuration 126 128 LACP 128 static 126 Type Length Value See LLDP TLV See LLDP MED TLV U unknown unicast storm threshold 212 upgradin...

Page 319: ......

Page 320: ...Level 1 GEL 2670 E012013 KS R01...

Reviews:

No comments