manualshive.com logo in svg

LevelOne GEP-1070, User Manual, Page: 81 / 319

Share
Download
LevelOne GEP-1070 User Manual Download Page 81

 

81 

Figure 30: Using Port Security  

 

This  switch  uses  the  Extensible  Authentication  Protocol  over  LANs  (EAPOL)  to  exchange 

authentication protocol messages with the client, and a remote RADIUS authentication server 

to verify user identity and access rights. These backend servers are configured on the AAA 

menu (see page 109).  

When  a  client  (i.e.,  Supplicant)  connects  to  a  switch  port,  the  switch  (i.e.,  Authenticator) 

responds  with  an  EAPOL  identity  request.  The  client  provides  its  identity  (such  as  a  user 

name)  in  an  EAPOL  response  to  the  switch,  which  it  forwards  to  the  RADIUS  server.  The 

RADIUS server verifies the client identity and sends an access challenge back to the client. 

The  EAP  packet  from  the  RADIUS  server  contains  not  only  the  challenge,  but  the 

authentication  method  to  be  used.  The  client  can  reject  the  authentication  method  and 

request  another,  depending  on  the  configuration  of  the  client  software  and  the  RADIUS 

server. The  encryption  method  used  by  IEEE  802.1X  to  pass  authentication  messages  can 

be  MD5  (Message-Digest  5),  TLS  (Transport  Layer  Security),  PEAP  (Protected  Extensible 

Authentication  Protocol),  or  TTLS  (Tunneled  Transport  Layer  Security).  However,  note  that 

the  only  encryption  method  supported  by  MAC-Based  authentication  is  MD5.  The  client 

responds  to  the  appropriate  method  with  its  credentials,  such  as  a  password  or  certificate. 

The  RADIUS  server  verifies  the  client  credentials  and  responds  with  an  accept  or  reject 

packet.  If  authentication  is  successful,  the  switch  allows  the  client  to  access  the  network. 

Otherwise, network access is denied and the port remains blocked.  

The operation of 802.1X on the switch requires the following:  

 The switch must have an IP address assigned (see page 35).  

 RADIUS authentication must be enabled on the switch and the IP address of the RADIUS 

server  specified.  Backend  RADIUS  servers  are  configured  on  the  Authentication 

Configuration page (see page 109).  

 802.1X / MAC-based authentication must be enabled globally for the switch. 

 The Admin State for each switch port that requires client authentication must be set to 

802.1X or MAC-based.  

 When using 802.1X authentication:  

Summary of Contents for GEP-1070

Page 1: ...1 GEP 1070 L2 Managed Gigabit PoE Switch 802 3at PoE 8 PoE Outputs 2 x SFP User Manual V1 0 Digital Data Communications Asia Co Ltd http www level1 com...

Page 2: ...terms applicable to your products and replacement parts can be obtained from your local Sales and Service Office or authorized dealer Disclaimer Manufacturer does not warrant that the hardware will w...

Page 3: ...This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation CE Warning This is a Class A device In...

Page 4: ...Navigating the Web Browser Interface 22 Home Page 22 Configuration Options 22 Panel Display 23 Main Menu 23 4 CONFIGURING THE SWITCH 34 4 1 System 34 System Information Configuration 34 IP Configurat...

Page 5: ...IPMC Configurations 138 IGMP Snooping 138 MLD Snooping 145 4 11 Link Layer Discovery Protocol LLDP 152 LLDP Configuration 152 LLDP MED Configuration 155 4 12 Power over Ethernet PoE 160 PoE Configurat...

Page 6: ...QOS Control Lists 197 Configuring Storm Control 201 4 19 Configuring Port Mirroring 203 4 20 Configuring UPnP 204 4 21 sFlow Agent 206 5 MONITORING THE SWITCH 208 5 1 System 208 Displaying System Info...

Page 7: ...R SFM Information 257 5 9 IPMC 259 IGMP SNOOPING 259 MLD SNOOPING 262 5 10 Link Layer Discovery Protocol LLDP 266 Displaying LLDP Neighbour 266 Displaying LLDP MED Neighbour 267 Displaying LLDP Neighb...

Page 8: ...t 293 7 4 Configuration 295 Saving Configuration Settings 295 Upload Configuration Settings 295 SECTION III APPENDICES 297 A SOFTWARE SPECIFICATIONS 298 A 1 Software Features 298 A 2 Management Featur...

Page 9: ...managed Gigabit PoE Switch and introduces some basic concepts about switching network management It also describes the basic settings required to access the management interfaces This section include...

Page 10: ...r there are many options that you should configure to maximizes the switch performance for your particular network environment The Gigabit PoE switch is equipped with a power supply to operate under 1...

Page 11: ...ast unknown unicast storms Address Table 8K MAC addresses in the forwarding table 1000 static MAC addresses 1K L2 IGMP multicast groups and 128 MVR groups IP Version 4 and 6 Supports IPv4 and IPv6 add...

Page 12: ...er i e RADIUS or TACACS server Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Telnet equivalent connection SNMP Version 3 I...

Page 13: ...PORT TRUNKING Ports can be combined into an aggregate connection Trunks can be manually set up or dynamically configured using Link Aggregation Control Protocol LACP IEEE 802 3 2005 The additional po...

Page 14: ...ould fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology ch...

Page 15: ...sing four priority queues with strict or Weighted Round Robin queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions...

Page 16: ...AN Registration MVR which allows common multicast traffic such as television channels to be transmitted across a single network wide multicast VLAN shared by hosts residing in other standard or privat...

Page 17: ...thentication 802 1X Port Authentication HTTPS SSH Port Security IP Filtering admin Disabled Disabled Disabled Enabled Enabled Disabled Disabled Web Management HTTP Server HTTP Port Number HTTP Secure...

Page 18: ...ual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Switchport Mode Egress Mode 1 1 All Disabled Access Traffic Prioritization Ingress Port Priority Queue Mode Weighted Round Robin Ethe...

Page 19: ...ent Disabled Snooping Disabled Proxy service Disabled Multicast Filtering IGMP Snooping MLD Snooping Multicast VLAN Registration Snooping Disabled Querier Disabled Disabled Disabled System Log console...

Page 20: ...set the PC s IP address to 192 168 1 x where x is any number from 2 to 254 except 1 4 Open your web browser and enter the address http 192 168 1 1 If your PC is properly configured you will see the l...

Page 21: ...long with a detailed description of how to configure each feature via a web browser This section includes these chapters 3 Using the Web Interface on page 22 4 Configuring the Switch on page 34 5 Moni...

Page 22: ...ration parameters and statistics The default user name for the administrator is admin and for password Home Page When your web browser connects with the switch s web agent the home page is displayed a...

Page 23: ...Files Settings Internet Explorer 7 x This option is available under Tools Internet Options General Browsing History Settings Temporary Internet Files Panel Display The web agent displays an image of t...

Page 24: ...cy expires regardless queue length 43 Thermal Protection Configures temperature priority levels and assigns those priorities for port shut down if exceeded 45 Ports Configures port connection settings...

Page 25: ...Limiters Configures rate limit policies 91 Access Control List Configures ACLs based on frame type destination MAC type VLAN ID VLAN priority tag and the action to take for matching packets 92 DHCP D...

Page 26: ...instance 123 MSTI Priorities Configures the priority for the CIST and each MISTI 125 CIST Ports Configures interface settings for STA 126 MSTI Ports Configures interface settings for an MST instance...

Page 27: ...ate and hourly period 159 Auto Checking To set the checking IP address and time intervals 160 MAC Table Configures address aging dynamic learning and static addresses 162 VLANs Virtual LANs 164 VLAN M...

Page 28: ...e queue shaper rate and access to excess bandwidth and port shaper 183 Port Shaping Provides overview of QoS Egress Port Shapers including the rate for each queue and port also configures egress queue...

Page 29: ...panel indicating active port connections 210 Traffic Overview Shows basic Ethernet port statistics 211 QoS Statistics Shows the number of packets entering and leaving the egress queues 212 QCL Status...

Page 30: ...splays entries in the IP Source Guard table sorted first by port then VLAN ID MAC address and finally IP address 230 AAA Authentication Authorization and Accounting 231 RADIUS Overview Displays status...

Page 31: ...IGMP groups 255 IPv4 SFM Information Displays IGMP Source Filtered Multicast Information including group filtering mode include or exclude source address and type allow or deny 256 MLD Snooping Multic...

Page 32: ...ows the current port members for all VLANs configured by a selected software module 275 VLAN Port Shows the VLAN attributes of port members for all VLANs configured by a selected software module which...

Page 33: ...33 Menu Description Page Save Saves configuration settings to a file on the management station 288 Upload Restores configuration settings from a file on the management station 289...

Page 34: ...ng contact information system name location of the switch and time zone offset PATH Configuration System Information Figure 3 System Information Configuration PARAMETERS These parameters are displayed...

Page 35: ...dynamically generated Setting an IPV4 Address Use the IP Configuration page to configure an IPv4 address for the switch The IP address for the switch is obtained via DHCP by default for VLAN 1 To man...

Page 36: ...to which the management station is attached Valid IP addresses consist of four numbers 0 to 255 separated by periods Default 192 168 1 1 IP Mask This mask identifies the host address bits used for rou...

Page 37: ...Configuration page to configure an IPv6 address for management access to the switch IPv6 includes two distinct address types link local unicast and global unicast A link local address makes the switc...

Page 38: ...ss by entering the full address with the network prefix FE80 To connect to a larger network with multiple subnets you must configure a global unicast address There are several alternatives to configur...

Page 39: ...y must be defined if the management station is located in a different IPv6 segment An IPv6 default gateway can only be successfully set when a network interface that directly connects to the gateway h...

Page 40: ...ttempts an update from the next server in the sequence The polling interval is fixed at 15 minutes WEB INTERFACE To configure the NTP servers 1 Click Configuration System NTP 2 Enter the IP address of...

Page 41: ...e parameters are displayed Server Mode Enables disables the logging of debug or error messages to the remote logging process Default Disabled Server Address Specifies the IPv4 address or alias of a re...

Page 42: ...Intensity Use the LED Power Reduction Configuration page to reduces LED intensity during specified hours PATH Configuration Power Reduction LED Figure 8 Configuring LED Power Reduction COMMAND USAGE...

Page 43: ...ll intensity for a specified period when a link change occurs Default 10 seconds On at errors LEDs set at full intensity when a link error occurs WEB INTERFACE To configure LED intensity 1 Click Confi...

Page 44: ...savings the circuit is not started as soon as data is ready to be transmitted from a port but instead waits until 3000 bytes of data is queued at the port To avoid introducing a large delay when the q...

Page 45: ...time has passed 4 Click Save 4 3 Thermal Protection Use the Thermal Protection Configuration page to set temperature priority levels and assign those priorities for port shut down if exceeded PATH Co...

Page 46: ...shut down a port Range 0 3 WEB INTERFACE To configure the thermal protection 1 Click Configuration Thermal Protection 2 Select the circuits which will use EEE 3 Set the temperature threshold for each...

Page 47: ...be negotiated between the link partners based on their advertised capabilities 1Gbps FDX Supports 1 Gbps full duplex operation 100Mbps FDX Supports 100 Mbps full duplex operation 100Mbps HDX Supports...

Page 48: ...eding the maximum frame size are dropped Range 9600 1518 bytes Default 9600 bytes Excessive Collision Mode Sets the response to take when excessive transmit collisions are detected on a port Discard D...

Page 49: ...hat only authorized clients gain access to the network Private VLANs and port based authentication using IEEE 802 1X are commonly used for these purposes In addition to these methods several other opt...

Page 50: ...et to 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account PARAMETERS These parameters...

Page 51: ...ege Levels page to set the privilege level required to read or configure specific software modules or system settings PATH Configuration Security Switch Privilege Levels Figure 13 Configuring Privileg...

Page 52: ...modules or system settings Configuration Read only Configuration Execute Read write Status Statistics Read only and Status Statistics Read write e g clearing statistics The default settings provide f...

Page 53: ...stem Plus TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server cont...

Page 54: ...tion methods used for the authentication process must also be configured or negotiated between the authentication server and logon client This switch can pass authentication messages between the serve...

Page 55: ...ement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH...

Page 56: ...e switch supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions PARAMETERS These parameters are displayed Mode Allows you to e...

Page 57: ...ient and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The...

Page 58: ...Access Management Configuration Use the Access Management Configuration page to create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the...

Page 59: ...d HTTP or over HTTPS which uses the Secure Socket Layer SSL protocol to provide an encrypted connection SNMP Filters IP addresses for access through SNMP TELNET SSH Filters IP addresses for access thr...

Page 60: ...traffic passing through its ports A network management station can access this information using software such as HP OpenView Access to the onboard agent from clients using SNMP v1 and v2c is control...

Page 61: ...r defined Provides user authentication via MD5 or SHA algorithms v3 Auth Priv user defined user defined user defined user defined Provides user authentication via MD5 or SHA algorithms and data privac...

Page 62: ...racters ASCII characters 33 126 only Default private This parameter only applies to SNMPv1 and SNMPv2c SNMPv3 uses the User based Security Model USM for authentication and privacy This community strin...

Page 63: ...down Issues a notification message whenever a port link is established or broken Default Enabled Trap Inform Mode Enables or disables sending notifications as inform messages Note that this option is...

Page 64: ...iguring SNMPv3 Users on page 65 WEB INTERFACE To configure SNMP system and trap settings 1 Click Configuration Security Switch SNMP System 2 In the SNMP System Configuration table set the Mode to Enab...

Page 65: ...low access to the SNMP agent Range 1 32 characters ASCII characters 33 126 only Default public private For SNMPv3 these strings are treated as a Security Name and are mapped as an SNMPv1 or SNMPv2 com...

Page 66: ...H Configuration Security Switch SNMP Users Figure 21 SNMPv3 User Configuration PARAMETERS These parameters are displayed Engine ID The engine identifier for the SNMP agent on the remote device where t...

Page 67: ...ers for MD5 8 40 characters for SHA Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Options None DES Default DES Privacy Password A string identif...

Page 68: ...or SNMPv3 the switch displays the names configured with the local engine ID in the SNMPv3 Users Configuration menu To modify an entry for USM the current entry must first be deleted Group Name The na...

Page 69: ...23 SNMPv3 View Configuration PARAMETERS These parameters are displayed View Name The name of the SNMP view Range 1 32 characters ASCII characters 33 126 only View Type Indicates if the object identif...

Page 70: ...w name view type and OID subtree 4 Click Save Configuring SNMPV3 Group Access Rights Use the SNMPv3 Access Configuration page to assign portions of the MIB tree to which each SNMPv3 group is granted a...

Page 71: ...t for SNMPv3 Auth NoPriv SNMP communications use authentication but the data is not encrypted Auth Priv SNMP communications use both authentication and encryption Read View Name The configured view fo...

Page 72: ...xt save ID Indicates the index of the entry The range is from 1 to 65 535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for ex...

Page 73: ...1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 se...

Page 74: ...riables are InOctets The total number of octets received on the interface including framing characters InUcastPkts The number of uni cast packets delivered to a higher layer protocol InNUcastPkts The...

Page 75: ...iod Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are RisingTrigger alarm when the first value is lar...

Page 76: ...the notification of the event the possible types are none The total number of octets received on the interface including framing characters log The number of uni cast packets delivered to a higher la...

Page 77: ...ty Limit Control Configuration page to limit the number of users accessing a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the maximum number of us...

Page 78: ...Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port Limit The maximum number of MAC addresses that can...

Page 79: ...utton causes the page to be refreshed so non committed changes will be lost WEB INTERFACE To configure port limit controls 1 Click Configuration Security Network Limit Control 2 Set the system configu...

Page 80: ...80 authentication from any point within the network...

Page 81: ...EEE 802 1X to pass authentication messages can be MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security However...

Page 82: ...Vista Windows XP and in Windows 2000 with Service Pack 4 To support these encryption methods in Windows 95 and 98 you can use the AEGIS dot1x client or other comparable client software MAC based auth...

Page 83: ...Sets the time the switch waits for a supplicant response during an authentication session before retransmitting a Request Identify EAPOL packet Range 1 255 seconds Default 30 seconds Aging Period The...

Page 84: ...ch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid traffic received on...

Page 85: ...gnores the map ip dscp profile When authentication is successful the dynamic QoS information may not be passed from the RADIUS server due to one of the following conditions authentication result remai...

Page 86: ...e classified and switched on the RADIUS assigned VLAN ID If re authentication fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it s invalid or the supplicant is otherwise no lon...

Page 87: ...uration Guest VLAN Operation When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reaut...

Page 88: ...POL Success frame when the port link comes up This forces the port to grant access to all clients either dot1x aware or otherwise This is the default setting Force Unauthorized The switch will send on...

Page 89: ...cimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or f...

Page 90: ...ere is no link on the port Authorized The port is in Force Authorized mode or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized mode or a single...

Page 91: ...ed as soon as it matches a deny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to anoth...

Page 92: ...t Disabled To use this function Action must be set to Deny for the local port Mirror Mirrors matching frames from this port Default Disabled To use this function the destination port to which traffic...

Page 93: ...cy configured on the ACE Configuration page specify the responses to invoke when a matching frame is seen including the filter mode copying matching frames to another port logging matching frames or s...

Page 94: ...lt pps WEB INTERFACE To configure rate limits which can be applied to a port 1 Click Configuration Security Network ACL Rate Limiters 2 For any of the rate limiters select the maximum ingress rate tha...

Page 95: ...VLAN priority Ethernet type based on Ethernet type value MAC address VLAN ID VLAN priority ARP based on ARP RARP type request reply sender target IP hardware address matches ARP RARP MAC address ARP...

Page 96: ...he rules defined for this ACL The following buttons are used to edit or move the ACL entry ACE Table 9 QCE Modification Buttons Button Description Inserts a new ACE before the current row Edits the AC...

Page 97: ...ress Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Network specifies the sender IP address and sender IP mask in the SIP Address and SIP Ma...

Page 98: ...ecifies the IP protocol to filter for this rule Options Any ICMP UDP TCP Other Default Any The following additional fields are displayed when these protocol filters are selected ICMP Parameters ICMP T...

Page 99: ...ule Options Any any value is allowed Non zero IPv4 frames with a TTL field greater than zero must match this entry Zero IPv4 frames with a TTL field greater than zero must not match this entry Default...

Page 100: ...Shutdown Shuts down a port when a macthing frame is seen Default Disabled Counter Shows he number of frames which have matched any of the rules defined for this ACL VLAN Parameters 802 1Q Tagged Spec...

Page 101: ...ration Security Network DHCP Snooping Figure 35 DHCP Snooping Configuration COMMAND USAGE DHCP Snooping Process Network traffic may be disrupted when malicious DHCP messages are received from an outsi...

Page 102: ...client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both truste...

Page 103: ...and sends a DHCP response back to the switch The switch then broadcasts the DHCP response to the client DHCP also provides a mechanism for sending information about the switch and its DHCP clients to...

Page 104: ...ackets that include Option 82 information Replace Overwrites the DHCP client packet information with the switch s relay information This is the default Keep Retains the client s DHCP information Drop...

Page 105: ...e source IP address and MAC address pairs found in the DHCP Snooping table or based upon static entries configured in the IP Source Guard Table PATH Configuration Security Network IP Source Guard Conf...

Page 106: ...or DHCP packets PARAMETERS These parameters are displayed Global Mode Enables or disables IP Source Guard globally on the switch All configured ACEs will be lost when enabled Default Disabled Note DHC...

Page 107: ...onfigured by the DHCP server itself Static bindings are processed as follows If there is no entry with the same VLAN ID and MAC address a new entry is added to the static IP source guard binding table...

Page 108: ...otocol packets It provides protection against ARP traffic with invalid MAC to IP address bindings which forms the basis for certain man in the middle attacks This is accomplished by intercepting all A...

Page 109: ...global ARP Inspection will not affect the ARP Inspection configuration of any ports When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual ports Thes...

Page 110: ...Only when both Global Mode and Port Mode on a given port are enabled will ARP Inspection be enabled on a given port Default Disabled WEB INTERFACE To configure global and port settings for ARP Inspec...

Page 111: ...packets then the DHCP snooping bindings database determines their validity PATH Configuration Security Network ARP Inspection Static Table Figure 40 Configuring Static Bindings for ARP Inspection PARA...

Page 112: ...authentication server and to authenticate client access for IEEE 802 1X port authentication Note This guide assumes that RADIUS and TACACS servers have already been configured to support AAA The conf...

Page 113: ...ro will cause the authentication server to be ignored until the Dead Time has expired However if only one server is enabled it will never be considered dead RADIUS TACACS Server Configuration Enabled...

Page 114: ...nel standard On the other hand LACP configured ports can automatically negotiate a trunked link with LACP configured ports on another device You can configure any number of ports on the switch to use...

Page 115: ...le when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk Static Trunks Configuration Use the Aggregation Mode Configuration page to configure...

Page 116: ...method to apply to all trunks on the switch If more than one option is selected each factor is used in the hash algorithm to determine the port member within the trunk to which a frame will be assign...

Page 117: ...re load balancing methods to apply to the configured trunks 3 Assign port members to each trunk that will be used 4 Click Save LACP Configuration Use the LACP Port Configuration page to enable LACP on...

Page 118: ...tiation mode Aggregation Mode Configuration located under the Static Aggregation menu see Configuring Static Trunks on page 112 also applies to LACP PARAMETERS These parameters are displayed Port Port...

Page 119: ...tion Figure 44 Global Configuration for Loop Protection PARAMETERS These parameters are displayed General Settings Enable Loop Protection Controls whether loop protections is enabled as a whole Transm...

Page 120: ...pliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link g...

Page 121: ...by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports in...

Page 122: ...communications with STP or RSTP nodes in the global network Figure 47 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a singl...

Page 123: ...nce for the entire network If multiple VLANs are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members Whe...

Page 124: ...ning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the new mode temporarily disrupting user traffic PARAMETERS These parameters are displ...

Page 125: ...Transmit Hold Count The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Range 1 10 Default 6 Max Hop Count The maximum number of hops all...

Page 126: ...ion is also cleared by a system reboot Port Error Recovery Timeout The time that has to pass before a port in the error disabled state can be enabled Range 30 86400 seconds or 24 hours WEB INTERFACE T...

Page 127: ...eral area of your network However remember that you must configure all bridges that exist within the same MSTI Region with the same set of instances and the same instance on each bridge with the same...

Page 128: ...s to assign to this MST instance The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI Range 1 4094 WEB INTERFACE To add VLAN groups to an MSTP instance 1 Click Con...

Page 129: ...the 6 byte MAC address of the switch forms a Bridge Identifier WEB INTERFACE To add VLAN groups to an MSTP instance 1 Click Configuration Spanning Tree MSTI Priorities 2 Set the bridge priority for t...

Page 130: ...U tunneling passing BPDUs across a service provider s network without any changes thereby combining remote network segments into a single spanning tree As implemented on this switch BPDU ransparency a...

Page 131: ...001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10...

Page 132: ...spanning tree priority Such a port will be selected as an Alternate Port after the Root Port has been selected If set this can cause a lack of spanning tree connectivity It can be set by a network ad...

Page 133: ...link while a half duplex interface is assumed to be on a shared link Forced True A point to point connection to exactly one other bridge Forced False A shared connection to two or more bridges WEB IN...

Page 134: ...12 Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be...

Page 135: ...antly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN This makes it possible to support common multicast services over a w...

Page 136: ...136 Figure 53 MVR Concept PATH Configuration MVR Figure 54 MVR Configuration COMMAND USAGE General Configuration Guidelines for MVR 1 Enable MVR globally on the switch and select the MVR VLAN...

Page 137: ...he channel for streaming multicast services using MVR MVR source ports should be configured as members of the MVR VLAN but MVR receiver ports should not be manually configured as members of this VLAN...

Page 138: ...educes the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed on to...

Page 139: ...ng the traffic to all ports and possibly disrupting network performance If multicast routing is not supported on other switches in your network you can use IGMP Snooping and IGMP Query to monitor IGMP...

Page 140: ...the querier When the switch is a non querier the receiving port is not the last dynamic member port in the group the receiving port is not a router port and no IGMPv1 member port exists in the group...

Page 141: ...pecific GS query to that interface If Fast Leave is not used a multicast router or querier will send a GS query message when an IGMPv2 v3 group leave message is received The router querier stops forwa...

Page 142: ...d When enabled the switch will monitor network traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic Default Enabled When IGMP snooping is enabled globally...

Page 143: ...vers build an MLD report for the multicast groups they have joined QRI The Query Response Interval is the Max Response Time advertised in periodic General Queries The QRI applies when the switch is se...

Page 144: ...to end users for example an IP TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement by denying access to specified multicast services on a switch port...

Page 145: ...ort and leave messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same time Basic Configuration for MLD Snooping Use the MLD Snooping...

Page 146: ...he table used to store multicast entries for MLD snooping is filled no new entries are learned If no router port is configured in the attached VLAN and Unregistered IPMCv6 Flooding is disabled any sub...

Page 147: ...ier you can manually designate a port which is connected to a known MLD querier i e a multicast router switch This interface will then join all the current multicast groups supported by the attached r...

Page 148: ...reached on a port any new MLD listener reports will be dropped WEB INTERFACE To configure global and port related settings for MLD Snooping 1 Click Configuration IPMC MLD Snooping Basic Configuration...

Page 149: ...ing started if it detects an IPv6 multicast router on the network RV The Robustness Variable allows tuning for the expected packet loss on a network A port will be removed from receiving a multicast s...

Page 150: ...e but may generate more burst traffic This attribute will take effect only if MLD snooping proxy reporting is enabled see page 141 URI The Unsolicited Report Interval specifies how often the upstream...

Page 151: ...eived on a port are checked against the these groups If a requested multicast group is denied the MLD report is dropped WEB INTERFACE To configure MLD Snooping Port Group Filtering 1 Click Configurati...

Page 152: ...d and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it...

Page 153: ...orted in each transmission This attribute must comply with the rule 4 Transmission Delay Transmission Interval Tx Reinit Configures the delay before attempting to re initialize after LLDP ports are di...

Page 154: ...re type software operating system and networking software Sys Capa The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The in...

Page 155: ...managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details Both LLDP and LL...

Page 156: ...is possible to specify the number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP f...

Page 157: ...le Copenhagen City District City division borough city district ward chou Japan Block Neighborhood Neighborhood block Street Street Example Poppelvej Leading street direction Leading street direction...

Page 158: ...th multiple sets of application types supported on a given port The application types specifically addressed are Voice Guest Voice Softphone Voice Video Conferencing Streaming Video Control Signaling...

Page 159: ...y broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying o...

Page 160: ...PoE power provided to a port the maximum power budget for the switch power available to all RJ 45 ports the port PoE operating mode power allocation priority and the maximum power allocated to each po...

Page 161: ...If the power required by a device exceeds the power budget of the port or the whole switch power is not supplied Ports can be set to one of four power priority levels critical high medium or low To c...

Page 162: ...wn the ports Actual Consumption Ports are shut down when actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a g...

Page 163: ...which port power is shut down and the switch s overall power budget 3 Specify the port PoE operating mode port power allocation priority and the port power budget 4 Click Save PoE Scheduling This pag...

Page 164: ...WEB INTERFACE To configure global and port specific PoE scheduling 1 Click Configuration PoE Scheduling 2 Select the port for PoE scheduling and click GET 3 Enable Disable the PoE scheduling mode and...

Page 165: ...g It takes about 1 second to check each port and about 9 seconds for one cycle interval Interval Number 1 9sec 2 18sec 3 27sec 4 36sec 6 54sec 8 72sec 12 108sec 16 144sec Failure Action The Failure Ac...

Page 166: ...figuration page to configure dynamic address learning or to assign static addresses to specific ports Switches store the addresses for all known devices This information is used to pass traffic direct...

Page 167: ...ning mode for a given port in the MAC Learning Table is grayed out another software module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Bas...

Page 168: ...168...

Page 169: ...tly provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 256 VLANs based...

Page 170: ...be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to commu...

Page 171: ...le independent customers over the same medium using double tagged frames When Port Type is set to S port or S custom port the port will change the EtherType of all frames received to indicate that dou...

Page 172: ...pes any received frames that are untagged are assigned to the default VLAN When set to receive only tagged frames all untagged frames received on the interface are discarded Option All Tagged Untagged...

Page 173: ...switch except for the uplink ports Ports assigned to both a private VLAN and an 802 1Q VLAN are designated as uplink ports and can communicate with any downlink ports within the same private VLAN to w...

Page 174: ...TERFACE To configure VLAN port members for private VLANs 1 Click Configuration Private VLANs PVLAN Membership 2 Add or delete members of any existing PVLAN or click Add New Private VLAN and mark the p...

Page 175: ...based VLAN Membership Configuration page to configure VLAN based on MAC addresses The MAC based VLAN feature assigns VLAN IDs to ingress untagged frames according to the source MAC addresses When MAC...

Page 176: ...ress must be specified in the format xx xxxx xx xx xx VLAN ID VLAN to which ingress traffic matching the specified source MAC address is forwarded Range 1 4093 Port Members The ports assigned to this...

Page 177: ...gure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use Although not mandatory we suggest configuring a separate VLAN for each major protocol runni...

Page 178: ...alue assigned by that organization to the protocol running on top of SNAP In other words if value of the OUI field is 00 00 00 then value of the PID will be etherType 0x0600 0xffff and if value of the...

Page 179: ...y protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed accord...

Page 180: ...isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth it needs VLAN isolation...

Page 181: ...ee Setting an IP Address on page 42 the MVR VLAN or the native VLAN assigned to any port see Configuring VLAN Attributes for Port Members on page 166 Aging Time The time after which a port is removed...

Page 182: ...MAC addresses configured in the Telephony OUI list or through LLDP which is used to discover VoIP devices attached to the switch Packets received from non VoIP sources are dropped Default Disabled Di...

Page 183: ...he first three octets of device MAC addresses The MAC OUI numbers for VoIP equipment can be configured on the switch so that traffic from these devices is recognized as VoIP Note Making any changes to...

Page 184: ...o end Quality of Service QoS solution This section describes how to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch provides fou...

Page 185: ...frames Range 0 7 Default 0 DEI Controls the default Drop Eligible Indicator for untagged frames Range 0 1 Default 0 Tag Class Shows classification mode for tagged frames on this port Disabled Uses th...

Page 186: ...1 Click Configuration QoS Port Classification 2 Set any of the ingress port QoS classification parameters 3 Click Save To configure tag classification for tagged frames 1 Click Configuration QoS Port...

Page 187: ...1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control is enabled and the port is i...

Page 188: ...e Port field to configure egress queue mode queue shaper rate and access to excess bandwidth and port shaper PATH Configuration QoS Port Scheduler Figure 78 Displaying Egress Port Schedulers Figure 79...

Page 189: ...ueue shaper The default value is 500 This value is restricted to 100 1000000 kbps or 1 3300 Mbps Unit Unit of measure for the queue shaper rate as kbps or Mbps Default kbps Excess Controls whether the...

Page 190: ...2 Click on any of the entries in the Port field 3 Set the scheduler mode the queue shaper queue scheduler when the scheduler mode is set to Weighted and the port shaper 4 Click Save Configuring Egres...

Page 191: ...WEB INTERFACE To show an overview of the rate for each queue and port 1 Click Configuration QoS Port Shaper 2 Click on any enter under the Port field to configure the Port Scheduler and Shaper Configu...

Page 192: ...the classified QoS class values and DP levels drop precedence to PCP DEI values QoS class DP level Shows the mapping options for QoS class values and DP levels drop precedence PCP Remarks matching egr...

Page 193: ...ess Classify Specifies the classification method Disable No Ingress DSCP Classification is performed DSCP 0 Classify if incoming DSCP is 0 Selected Classify only selected DSCP for which classification...

Page 194: ...translation and classification settings and egress re writing of DSCP values 1 Click Configuration QoS Port DSCP 2 Set the required ingress translation and egress re writing parameters 3 Click Save C...

Page 195: ...ence Level to which the corresponding DSCP value is classified for ingress processing Range 0 1 where 1 is the higher drop priority Default 0 WEB INTERFACE To configure DSCP based QoS ingress classifi...

Page 196: ...n the QoS Port DSCP Configuration table Egress Remap DP0 Re maps DP0 field to selected DSCP value DP0 indicates a drop precedence with a low priority Egress Remap DP1 Re maps DP1 field to selected DSC...

Page 197: ...yed QoS class DPL Shows the mapping options for QoS class values and DP drop precedence levels DSCP DSCP value Range 0 63 WEB INTERFACE To map DSCP values to a QoS class and drop precedence level 1 Cl...

Page 198: ...displayed QoS Control List QCE Quality Control Entry index Port Port identifier Frame Type Indicates the type of frame to look for in incoming SMAC The OUI field of the source MAC address i e the firs...

Page 199: ...Priority Code Point User Priority Options a specific value of 0 1 2 3 4 5 6 7 a range of 0 1 2 3 4 5 6 7 0 3 4 7 or Any Default 0 DEI Drop Eligible Indicator Options 0 1 or Any SMAC The OUI field of t...

Page 200: ...settings Protocol IP protocol number Options Any UDP TCP or Other 0 255 Source IP Source IP address Options Any Specific To configure a specific source IP address enter both the address and mask form...

Page 201: ...buttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 When editing an entry on the QCE Configuration page specify the relevant criteria to be ma...

Page 202: ...1 2 4 8 16 32 64 128 256 512 or 1 2 4 8 16 32 64 128 256 512 1024 Kpps Default 2 pps Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps tr...

Page 203: ...abled on the Mirror Configuration page by setting the destination port in the Port to mirror on field and enabling the Mode for any port mirroring will occur regardless of any configuration settings m...

Page 204: ...device s description from the URL provided by the device in the discovery message After a control point has retrieved a description of the device it can send actions to the device s service To do thi...

Page 205: ...Discover Protocol SSDP packets which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch Due to the unreliable nature of UDP th...

Page 206: ...Web or CLI interface or through SNMP This read only field shows the owner of the current sFlow configuration and assumes values as follows If sFlow is currently unconfigured unclaimed Owner contains n...

Page 207: ...numbers for which the Flow configuration below applied Flow Sampler Enabler Enables disables flow sampling on this port Flow Sampler Sampling Rate The statistical sampling rate for packet sampling Se...

Page 208: ...s table 5 1 System You can use the System menu to display a basic description of the switch log messages or statistics on traffic used in managing the switch Displaying System Information Use the Syst...

Page 209: ...34 Hardware MAC Address The physical layer address for this switch Time System Date The current system time and date The time is obtained through an SNTP Server if configured see Setting an IP Addres...

Page 210: ...lable Vector Graphics format Consult SVG Wiki for more information on browser support Depending on your browser version Microsoft Internet Explorer will need to have a plugin installed to support SVG...

Page 211: ...Warning Warning conditions Error Error conditions All All levels Start from ID The error ID from which to start the display with entries per page The number of entries to display per page Table Headin...

Page 212: ...essages updates the system log entries starting from the first available entry ID updates the system log entries ending at the last entry currently displayed updates the system log entries starting fr...

Page 213: ...al Protection Figure 95 Thermal Protection Status PARAMETERS These parameters are displayed Local Port Port identifier Temperature The temperature of the switch ASIC Shows if a port link is operating...

Page 214: ...ts processed by each service queue or detailed statistics on port traffic Displaying Port Status Use the Port State Overview page to display port status at the front panel of the switch Clicking on th...

Page 215: ...mber of packets received and transmitted Bytes Received Transmitted The number of bytes received and transmitted Errors Received Transmitted The number of frames received with errors and the number of...

Page 216: ...s are displayed Port Port identifier Q Receive Transmit The number of packets received and transmitted through the indicated queue WEB INTERFACE To display the queue counters click Monitor Ports QoS S...

Page 217: ...taken Class Classified QoS Class If a frame matches the QCE it will be put in the queue corresponding to the specified QoS class DP The drop precedence level will be set to the specified value DSCP Th...

Page 218: ...er second Statistics are refreshed every 60 seconds by default PATH Monitor Ports Detailed Statistics Figure 100 Detailed Port Statistics PARAMETERS These parameters are displayed Receive Transmit Tot...

Page 219: ...otherwise well formed Rx Oversize The total number of frames received that were longer than the configured maximum frame length for this port excluding framing bits but including FCS octets and were o...

Page 220: ...enabled on the Access Management Configuration menu and traffic matching one of the entries is detected PARAMETERS These parameters are displayed Interface Network protocols used to manage the switch...

Page 221: ...curity on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to...

Page 222: ...user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that...

Page 223: ...rding In the blocked state it will not be allowed to transmit or receive traffic Time Added Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user modul...

Page 224: ...port number Click to navigate to detailed NAS statistics for this port Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values see page 78 Po...

Page 225: ...st is appended to the VLAN ID Refer to Guest VLAN Enabled for a description of this attribute see page 78 WEB INTERFACE To display port status for authentication services click Monitor Security Networ...

Page 226: ...to the VLAN ID Refer to Guest VLAN Enabled for a description of this attribute see page 78 Port Counters Receive EAPOL Counters Total The number of valid EAPOL frames of any type that have been recei...

Page 227: ...has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Other Requests 802 1X based Counts th...

Page 228: ...ical to and is placed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table Attached M...

Page 229: ...d Time seconds Last Authentication Shows the date and time of the last authentication of the client successful as well as unsuccessful WEB INTERFACE To display port Statistics for 802 1X or Remote Aut...

Page 230: ...Pv4 frames with UDP protocol IPv4 TCP ACE will match IPv4 frames with TCP protocol IPv4 Other ACE will match IPv4 frames which are not ICMP UDP or TCP Action Indicates the forwarding action of the ACE...

Page 231: ...Statistics Figure 107 DHCP Snooping Statistics PARAMETERS These parameters are displayed Rx Tx Discover The number of discover option 53 with value 1 packets received and transmitted Rx Tx Offer The n...

Page 232: ...1 packets received and transmitted Rx Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx Tx Lease Active The number of lease active option 53 with...

Page 233: ...th the Circuit ID option missing Receive Missing Remote ID The number of packets that were received with the Remote ID option missing Receive Bad Circuit ID The number of packets with a Circuit ID opt...

Page 234: ...Relay Statistics Displaying ARP Inspection Open the Dynamic ARP Inspection Table to display address entries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 9...

Page 235: ...ning of the Dynamic IP Source Guard Table PATH Monitor Security Network IP Source Guard Figure 110 Dynamic IP Source Guard Table WEB INTERFACE To display the Dynamic IP Source Guard Table click Monito...

Page 236: ...ess attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the de...

Page 237: ...ed from this server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Bad...

Page 238: ...made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the dead time expires The number of seconds left before thi...

Page 239: ...es Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module i...

Page 240: ...nt in the Statistics table button will update the table starting from the next closest Statistics table match will use the last entry of the currently displayed entry as a basis for the next lookup Wh...

Page 241: ...that were less than 64 octets Over size The total number of packets received that were longer than 1518 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jab...

Page 242: ...History table button will update the table starting from the next closest Statistics table match will use the last entry of the currently displayed entry as a basis for the next lookup When the end i...

Page 243: ...ess than 64 octets Oversize The total number of packets received that were longer than 1518 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jabb The number...

Page 244: ...rently displayed PATH Monitor Security Switch RMON Alarm Figure 115 RMON Alarm Overview PARAMETERS These parameters are displayed ID Indicates the index of Alarm control entry Interval Indicates the i...

Page 245: ...e The Start from Event Index and Log Index allows the user to select the starting point in the Event table button will update the table starting from the next closest Statistics table match will use t...

Page 246: ...tes the Event description 5 5 Link Aggregation Control Protocol LACP Use the monitor pages for LACP to display information on LACP configuration settings the functional status of participating ports a...

Page 247: ...s assigned to this LAG Last Changed The time since this LAG changed Local Ports Shows the local ports that are a part of this LAG WEB INTERFACE To display an overview of LACP groups active on this swi...

Page 248: ...ion port Note that only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this LAG Partner System ID LAG partner s system ID assigned by the LACP protocol i e its M...

Page 249: ...of LACP frames sent from each port LACP Received The number of LACP frames received at each port Discarded The number of unknown or illegal LACP frames that have been discarded at each port WEB INTER...

Page 250: ...h port number Action The current action of the currently configured port Transmit Transmit mode of the currently configured port Loops The number of loops detected on this port Status The current loop...

Page 251: ...and statistics on spanning tree protocol packets Displaying STP Bridge Status Use the Bridge Status page to display STA information on the global bridge i e this switch and individual ports PATH Moni...

Page 252: ...ailed information on the selected entry The following additional information is displayed Bridge Instance The Bridge instance CIST MST1 Regional Root The Bridge ID of the currently elected regional ro...

Page 253: ...tomatically computed or explicitly configured Each Edge Port transitions directly to the Forwarding Port State since there is no possibility of it participating in a loop Point2Point Indicates a conne...

Page 254: ...rt within the Spanning Tree Blocking Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay...

Page 255: ...mitted on a port STP The number of legacy STP Configuration BPDU s received transmitted on a port TCN The number of legacy Topology Change Notification BPDU s received transmitted on a port Discarded...

Page 256: ...or streaming services MVR IGMP MLD Queries Received The number of received queries for IGMP and MLD IGMP MLD Queries Transmitted The number of transmitted queries for IGMP and MLD IGMPv1 Joins Receive...

Page 257: ...annels Groups Information Table PATH Monitor MVR MVR Channel Groups Figure 126 MVR Channels Group Information PARAMETERS The Start from VLAN and Group Address input fields allow the user to select the...

Page 258: ...allow the user to select the starting point in the MVR SFM Information Table VLAN ID The VLAN ID of the group Groups The groups ID of the group displayed Port The switch port number Mode Indicate the...

Page 259: ...n upstream multicast router switch PATH Monitor IPMC IGMP Snooping Status Figure 128 IGMP Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version I...

Page 260: ...of received IGMP Version 2 leave reports Router Port Port Port Identifier Status Ports connected to multicast routers may be dynamically discovered by this switch or statically assigned to an interfac...

Page 261: ...e also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as si...

Page 262: ...e addresses belong to the same group are treated as single entry Type Indicates the Type It can be either Allow or Deny WEB INTERFACE To display IGMP SFM Information click Monitor IPMC IGMP Snooping I...

Page 263: ...ible for asking hosts if they want to receive multicast traffic Queries Transmitted The number of transmitted Querier messages Queries Received The number of received Querier messages V1 Reports Recei...

Page 264: ...IP address for a specific multicast service Port Members The ports assigned to the listed VLAN which propagate a specific multicast service WEB INTERFACE To display the port members of each service g...

Page 265: ...number and Group Address It can be either Include or Exclude Source Address IP Address of the source Currently the system limits the total number of IP source addresses for filtering to be 128 Differe...

Page 266: ...parameters are displayed Local Port The local port to which a remote LLDP capable device is attached Chassis ID An octet string indicating the specific identifier for the particular chassis in this sy...

Page 267: ...ould be the MAC address for the CPU or for the port sending this advertisement If the neighbor device allows management access clicking on an entry in this field will re direct the web browser to the...

Page 268: ...following Each LLDP MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class For example will any LLDP MED Endpoint Device claiming compliance...

Page 269: ...end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision...

Page 270: ...ying LLDP Neighbour PoE Information Use the LLDP Neighbour Power Over Ethernet Information page to display the status of all LLDP PoE neighbours including power device type PSE or PD source of power p...

Page 271: ...ee levels of power priority The three levels Critical High and Low If the power priority is unknown this is indicated as Unknown Maximum Power The maximum power in watts required by a PD device from a...

Page 272: ...ho Tx Tw value The respective echo values shall be defined as the local link partner s reflection echo of the remote link partner s respective values When a local link partner receives its echoed valu...

Page 273: ...s the number of new entries added since the switch was rebooted and for which the remote TTL has not yet expired Total Neighbors Entries Deleted The number of LLDP neighbors which have been removed fr...

Page 274: ...s of information known as TLVs If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizatio...

Page 275: ...eceived the LLDP frame PD class Each PD is classified according to the maximum power it will use The PD classes include Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3...

Page 276: ...nfiguration PoE Scheduling Status Use the Scheduling Status to display the status for all PoE ports PATH Monitor PoE Scheduling Figure 140 PoE Scheduling Status PARAMETERS These parameters are display...

Page 277: ...number of interval for IP checking It takes about 1 second to check each port and about 9 seconds for one cycle interval Interval Number 1 9sec 2 18sec 3 27sec 4 36sec 6 54sec 8 72sec 12 108sec 16 14...

Page 278: ...tal Log Total Log indicates the total number of ping checking for each port Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for all port...

Page 279: ...nput fields allow you to select the starting point in the table Type Indicates whether the entry is static or dynamic Dynamic MAC addresses are learned by monitoring the source address for traffic ent...

Page 280: ...ing VLAN user modules Static Ports statically assigned to a VLAN through the CLI Web or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenticator and...

Page 281: ...preceding section for a description of the software modules that use VLAN management services PATH Monitor VLANs VLAN Port Figure 144 Displayinging VLAN Port Status PARAMETERS These parameters are di...

Page 282: ...e discarded Tx Tag Shows egress filtering fame status indicating whether frames are transmitted as tagged or untagged UVID Shows the untagged VLAN ID A port s UVID determines the packet s behavior at...

Page 283: ...odules Static MAC addresses statically assigned to a VLAN and member port through the CLI Web or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenti...

Page 284: ...SNMP Owner contains a string identifying the sFlow receiver IP Address Hostname The IP address or hostname of the sFlow receiver Time Out The number of seconds remaining before sampling stops and the...

Page 285: ...amples here are divided into Rx and Tx flow samples where Rx flow samples contains the number of packets that were sampled upon reception ingress on the port and Tx flow samples contains the number of...

Page 286: ...P packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space the ICMP header The page refreshes automatically until responses to all packets are received or until a timeo...

Page 287: ...ception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING server 10 10 132 20 56 bytes of data 64 bytes from 10 10 132 20 icmp_seq...

Page 288: ...reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PATH Diagnostics Ping6 Figure 148 ICMPv6 Ping PARAMETERS These parameters ar...

Page 289: ...from 0 second to 30 seconds WEB INTERFACE To ping another device on the network 1 Click Diagnostics Ping6 2 Enter the IPv6 address of the target device 3 Specify the packet size 4 Click Start After yo...

Page 290: ...cables 7 140 meters long Ports will be linked down while running VeriPHY Therefore running VeriPHY on a management port will cause the switch to stop responding until testing is completed PATH Diagno...

Page 291: ...guration settings and resetting the switch 7 1 Restarting the Switch Use the Restart Device page to restart the switch PATH Maintenance Restart Device Figure 150 Restart Device WEB INTERFACE To restar...

Page 292: ...P Address will be reset to their factory defaults PATH Maintenance Factory Defaults Figure 151 Factory Defaults REFERENCES Please refer Appendix B 3 Factory Default Reset on page 299 WEB INTERFACE To...

Page 293: ...hile the firmware is being updated Web access appears to be defunct The front LED flashes Green Off at a frequency of 10 Hz while the firmware update is in progress Do not reset or power off the devic...

Page 294: ...named image bk Version The version of the firmware image Date The date where the firmware was produced WEB INTERFACE To upgrade firmware 1 Click Maintenance Software Upload 2 Click the Browse button a...

Page 295: ...intenance Configuration Save 2 Click the Save configuration button 3 Specify the directory and name of the file under which to save the current configuration settings The configuration file is in XML...

Page 296: ...n Upload WEB INTERFACE To restore your current configuration settings 1 Click Maintenance Configuration Upload 2 Click the Browse button and select the configuration file 3 Click the Upload button to...

Page 297: ...N III APPENDICES This section provides additional appendices and includes these items A Software Specifications on page 298 B Troubleshooting on page 302 C License Information on page 307 D Glossary o...

Page 298: ...LIMITS Input limits per port manual setting or ACL PORT TRUNKING Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol SPANNING TREE ALGORITHM Spanning Tree Prot...

Page 299: ...ent to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event A 3 Standards ANSI TIA 1057 LLDP for Media Endpoint Discovery LLDP MED IEEE 802 1AB Link Layer Discovery Protocol IEEE 802 1ad...

Page 300: ...SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 A 4 Management Information Bases MIB Bridge MIB RFC 4188 DHCP Option for Civic Addresses Configuration Information RFC 4776 Differentiated Services MIB RFC...

Page 301: ...ridge MIB RFC 2674Q Quality of Service MIB RADIUS Accounting Server MIB RFC 4670 RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implemen...

Page 302: ...t resumes normally Table 15 Troubleshooting Chart Symptom Action Cannot connect using a web browser or SNMP software Be sure the switch is powered up Check network cabling between the management stati...

Page 303: ...configure the switch through PC web browser To find out the IP address information for your computer please run Command Line window in WinNT 2000 XP and enter ipconfig or enter winipcfg in Win9x For e...

Page 304: ...ow showing the status of the current network connection If there is no network status icon on the task bar please go to the Start Settings Network Local Area Connection of the Window task bar s Start...

Page 305: ...enter the following for computer s IP IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Gateway 192 168 1 1 Click Ok after finish entering the IP Now you will be able to access the switch by entering...

Page 306: ...Step 3 Turn On the PoE Switch Step 4 The LED indicators of Port 1 2 will be ON first and then OFF in 2 3 seconds Step 5 The LED indicators of Port 1 2 will be ON again in 2 3 seconds This indicates th...

Page 307: ...arantee your freedom to share and change free software to make sure the software is free for all its users This General Public License applies to most of the Free Software Foundation s software and to...

Page 308: ...ch program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim o...

Page 309: ...am the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus i...

Page 310: ...r rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 6 You are not required to accept this License since you have not signed i...

Page 311: ...eographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if...

Page 312: ...REPAIR OR CORRECTION 2 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED AB...

Page 313: ...CP is based on the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options DHCP OPTION 82 A relay option for sending i...

Page 314: ...s long and may be constructed in the EUI 64 format The modified EUI 64 format interface ID is derived from a 48 bit link layer address by inserting the hexadecimal number FFFE between the upper three...

Page 315: ...links Now incorporated in IEEE 802 3 2002 IGMP Internet Group Management Protocol A protocol through which hosts can register with their local router for multicast services If there is more than one...

Page 316: ...capabilities and configuration settings MD5 MD5 Message Digest is an algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm...

Page 317: ...and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links PRIVATE VLANS Private VLANs provide port based security and isolatio...

Page 318: ...ch STA Spanning Tree Algorithm is a technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data alon...

Page 319: ...y accurate atomic time The UTC does not have daylight saving time VLAN Virtual LAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical loca...

Reviews:

No comments