LevelOne GEP-5070 User Manual Download Page 94

Page: 94 / 318

HAPTER

| Configuring the Switch

Configuring Security

– 94 –

password in the subsequent EAP exchange with the RADIUS server.

The 6-byte MAC address is converted to a string on the following

form “xx-xx-xx-xx-xx-xx”, that is, a dash (-) is used as separator

between the lower-cased hexadecimal digits. The switch only

supports the MD5-Challenge authentication method, so the RADIUS

server must be configured accordingly.
When authentication is complete, the RADIUS server sends a

success or failure indication, which in turn causes the switch to open

up or block traffic for that particular client, using the Port Security

module. Only then will frames from the client be forwarded on the

switch. There are no EAPOL frames involved in this authentication,

and therefore, MAC-based Authentication has nothing to do with the

802.1X standard.
The advantage of MAC-based authentication over port-based

802.1X is that several clients can be connected to the same port

(e.g. through a 3rd party switch or a hub) and still require individual

authentication, and that the clients don't need special supplicant

software to authenticate. The advantage of MAC-based

authentication over 802.1X-based authentication is that the clients

don't need special supplicant software to authenticate. The

disadvantage is that MAC addresses can be spoofed by malicious

users - equipment whose MAC address is a valid RADIUS user can

be used by anyone. Also, only the MD5-Challenge method is

supported. The maximum number of clients that can be attached to

a port can be limited using the Port Security Limit Control

functionality.

Further Guidelines for Port Admin State

■

Port Admin state can only be set to Force-Authorized for ports

participating in the Spanning Tree algorithm (see

page 135

■

When 802.1X authentication is enabled on a port, the MAC address

learning function for this interface is disabled, and the addresses

dynamically learned on this port are removed from the common

address table.

■

Authenticated MAC addresses are stored as dynamic entries in the

switch's secure MAC address table. Configured static MAC addresses

are added to the secure address table when seen on a switch port

(see

page 170

). Static addresses are treated as authenticated

without sending a request to a RADIUS server.

■

When port status changes to down, all MAC addresses are cleared

from the secure MAC address table. Static VLAN assignments are

not restored.

◆

RADIUS-Assigned QoS Enabled

- Enables or disables this feature for

a given port. Refer to the description of this feature under the System

Configuration section.

◆

RADIUS-Assigned VLAN Enabled

- Enables or disables this feature

for a given port. Refer to the description of this feature under the

System Configuration section.

Summary of Contents for GEP-5070

Page 1: ...GEP 5070 48 GE PoE Plus 2 GE SFP L2 Managed Switch User Manual V1 0...

Page 2: ......

Page 3: ...USER MANUAL GEP 5070 Layer 2 Gigabit Ethernet Switch with 48 10 100 1000BASE T PoE Plus Ports RJ 45 and 2 Gigabit Ethernet SFP Ports GEP 5070 E042013 ST R01...

Page 4: ......

Page 5: ...our attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that...

Page 6: ...ABOUT THIS GUIDE 6...

Page 7: ...N II WEB CONFIGURATION 33 3 USING THE WEB INTERFACE 35 Navigating the Web Browser Interface 35 Home Page 35 Configuration Options 36 Panel Display 36 Main Menu 36 4 CONFIGURING THE SWITCH 45 Configuri...

Page 8: ...DHCP Snooping 107 Configuring DHCP Relay and Option 82 Information 109 Configuring IP Source Guard 111 Configuring ARP Inspection 114 Specifying Authentication Servers 117 Creating Trunk Groups 119 C...

Page 9: ...VLANs 177 Protocol VLANs 179 Configuring Protocol VLAN Groups 179 Mapping Protocol Groups to Ports 181 Configuring IP Subnet based VLANs 182 Managing VoIP Traffic 183 Configuring VoIP Traffic 184 Conf...

Page 10: ...nagement Statistics 229 Displaying Information About Switch Settings for Port Security 230 Displaying Information About Learned MAC Addresses 231 Displaying Port Status for Authentication Services 232...

Page 11: ...ng IGMP Snooping Group Information 263 Showing IPv4 SFM Information 263 Showing MLD Snooping Information 264 Showing MLD Snooping Status 264 Showing MLD Snooping Group Information 266 Showing IPv6 SFM...

Page 12: ...tion Files 290 Saving Configuration Settings 290 Restoring Configuration Settings 290 SECTION III APPENDICES 293 A SOFTWARE SPECIFICATIONS 295 Software Features 295 Management Features 296 Standards 2...

Page 13: ...14 Authentication Server Operation 62 Figure 15 Authentication Method for Management Access 63 Figure 16 SSH Configuration 64 Figure 17 HTTPS Configuration 66 Figure 18 Access Management Configuratio...

Page 14: ...anning Tree Internal Spanning Tree 128 Figure 48 STA Bridge Configuration 132 Figure 49 Adding a VLAN to an MST Instance 134 Figure 50 Configuring STA Bridge Priorities 135 Figure 51 STP RSTP CIST Por...

Page 15: ...ure 82 Configuring Port DSCP Translation and Rewriting 196 Figure 83 Configuring DSCP based QoS Ingress Classification 197 Figure 84 Configuring DSCP Translation and Re mapping 198 Figure 85 Mapping D...

Page 16: ...gure 119 RMON History Overview 250 Figure 120 RMON Alarm Overview 251 Figure 121 RMON Event Overview 251 Figure 122 LACP System Status 252 Figure 123 LACP Port Status 253 Figure 124 LACP Port Statisti...

Page 17: ...ble 277 Figure 146 Showing VLAN Members 278 Figure 147 Showing VLAN Port Status 279 Figure 148 Showing MAC based VLAN Membership Status 280 Figure 149 Showing sFlow Statistics 282 Figure 150 ICMP Ping...

Page 18: ...FIGURES 18...

Page 19: ...upport 65 Table 6 SNMP Security Models and Levels 68 Table 7 Dynamic QoS Profiles 89 Table 8 QCE Modification Buttons 100 Table 9 Recommended STA Path Cost Range 136 Table 10 Recommended STA Path Cost...

Page 20: ...TABLES 20...

Page 21: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Page 22: ...SECTION I Getting Started 22...

Page 23: ...y DHCP Snooping with Option 82 relay information IP Source Guard Access Control Lists Supports up to 512 rules DHCP Client DNS Client and Proxy service Port Configuration Speed duplex mode flow contro...

Page 24: ...authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request use...

Page 25: ...E LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of...

Page 26: ...ed by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol will choose a single path and disable al...

Page 27: ...ecified interfaces based on protocol type IEEE 802 1Q TUNNELING QINQ This feature is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used...

Page 28: ...ses IGMP Snooping and Query to manage multicast group registration for IPv4 traffic and MLD Snooping for IPv6 traffic It also supports Multicast VLAN Registration MVR which allows common multicast tra...

Page 29: ...t Enabled 1 kpps Multicast disabled Unknown unicast disabled Spanning Tree Algorithm Status Enabled RSTP Defaults RSTP standard Edge Ports Enabled Address Table Aging Time 300 seconds Virtual LANs Def...

Page 30: ...ent Disabled Snooping Disabled DNS Proxy service Disabled Multicast Filtering IGMP Snooping Snooping Disabled Querier Disabled MLD Snooping Disabled Multicast VLAN Registration Disabled System Log con...

Page 31: ...ave addresses that start 192 168 1 x If the PC and switch are not on the same subnet you must manually set the PC s IP address to 192 168 1 x where x is any number from 1 to 254 except 10 4 Open your...

Page 32: ...CHAPTER 2 Initial Switch Configuration 32 logging out To change the password click Security and then Users Select admin from the User Configuration list fill in the Password fields and then click Save...

Page 33: ...detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 35 Configuring the Switch on page 45 Monitoring the Switch...

Page 34: ...SECTION II Web Configuration 34...

Page 35: ...the web browser interface you must first enter a user name and password The administrator has Read Write access to all configuration parameters and statistics The default user name and password for t...

Page 36: ...an define system parameters manage and control the switch and all its ports or monitor network conditions The following table briefly describes the selections available from this program Table 3 Web P...

Page 37: ...e mirroring 207 Advanced Configuration System2 Information Configures system contact name and location 45 IP Configures IPv4 and SNTP settings 46 IPv6 Configures IPv6 and SNTP settings 48 NTP Enables...

Page 38: ...Configures global and port settings for IEEE 802 1X 85 ACL Access Control Lists 96 Ports Assigns ACL rate limiter and other parameters to ports 96 Rate Limiters Configures rate limit policies 98 Acce...

Page 39: ...Protocol Snooping 145 Basic Configuration Configures global and port settings for multicast filtering 145 VLAN Configuration Configures IGMP snooping per VLAN interface 149 Port Group Filtering Confi...

Page 40: ...ames entering the ingress queue of specified ports 188 Port Scheduler Provides overview of QoS Egress Port Schedulers including the queue mode and weight also configures egress queue mode queue shaper...

Page 41: ...Control List entries 225 Detailed Statistics Shows detailed Ethernet port statistics 226 Security 229 Access Management Statistics Displays the number of packets used to manage the switch via HTTP HT...

Page 42: ...Shows all logged events 251 LACP Link Aggregation Control Protocol 252 System Status Displays administration key and associated local ports for each partner 252 Port Status Displays administration key...

Page 43: ...Energy Efficient Ethernet information advertised through LLDP messages 272 Port Statistics Displays statistics for all connected remote devices and statistics for LLDP protocol packets crossing each p...

Page 44: ...es in the switch and allows you to revert to the alternate image 289 Configuration 290 Save Saves configuration settings to a file on the management station 290 Upload Restores configuration settings...

Page 45: ...ETERS These parameters are displayed System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters...

Page 46: ...ined via DHCP by default If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 1 1 and subnet mask 255 255 255 0 You can manually configure a specific...

Page 47: ...ame Server to which client requests for mapping host names to IP addresses are forwarded IP DNS Proxy Configuration DNS Proxy If enabled the switch maintains a local database based on previous respons...

Page 48: ...ros required to fill the undefined fields When configuring a link local address note that the prefix length is fixed at 64 bits and the host portion of the default address is based on the modified EUI...

Page 49: ...f the address comprise the prefix i e the network portion of the address Default 96 bits Note that the default prefix length of 96 bits specifies that the first six colon separated values comprise the...

Page 50: ...the switch periodically sends a request for a time update to a configured time server You can configure up to five time server IP addresses The switch will attempt to poll each server in the configur...

Page 51: ...t and mornings have less This is known as Daylight Savings Time or Summer Time Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn PATH Basic Adv...

Page 52: ...summer time To End time for summer time Offset The number of minutes to add during Daylight Saving Time Range 1 1440 WEB INTERFACE To set the time zone or Daylight Savings Time 1 Click Configuration S...

Page 53: ...ot exist PARAMETERS These parameters are displayed Server Mode Enables disables the logging of debug or error messages to the remote logging process Default Disabled Server Address Specifies the IPv4...

Page 54: ...must agree upon the value of the wakeup time in order to make sure that both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devices can exchange i...

Page 55: ...or manual selection The following options are supported Disabled Disables the interface You can disable an interface due to abnormal behavior e g excessive collisions and then re enable it after the p...

Page 56: ...tually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Maximum Frame Size Sets the maximum transfer unit for tra...

Page 57: ...on the switch or remote authentication of users via a RADIUS or TACACS server Additional authentication methods includes Secure Shell SSH Secure Hypertext Transfer Protocol HTTPS over the Secure Sock...

Page 58: ...soon as possible and store it in a safe place The administrator has a privilege level of 15 with access to all process groups and full control over the device If the privilege level is set to any oth...

Page 59: ...ctions except for maintenance and debugging 10 read and write access of all system functions except for maintenance and debugging 15 read and write access of all system functions including maintenance...

Page 60: ...erything except for VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privileg...

Page 61: ...RADIUS or TACACS remote access authentication server Note that the RADIUS servers used to authenticate client access for IEEE 802 1X port authentication are also configured on this page see page 85 R...

Page 62: ...authentication method and the corresponding parameters for the remote authentication protocol on the Network Access Server Configuration page Local and remote logon authentication can be used to contr...

Page 63: ...ication method Options None Local RADIUS TACACS Default Local Selecting the option None disables access through the specified management interface Fallback Uses the local user database for authenticat...

Page 64: ...or management via the SSH protocol The switch supports both SSH Version 1 5 and 2 0 clients SSH service on this switch only supports password authentication The password can be authenticated either lo...

Page 65: ...r encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Mozilla Firefox 2 0...

Page 66: ...ch Access Management PARAMETERS These parameters are displayed Mode Enables or disables filtering of management access based on configured IP addresses Default Disabled Start IP Address The starting a...

Page 67: ...by the agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions...

Page 68: ...es or disables SNMP service Default Disabled Table 6 SNMP Security Models and Levels Model Level Community String Group Read View Write View Security v1 noAuth NoPriv public default_ro_group default_v...

Page 69: ...against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engin...

Page 70: ...raffic You should consider these effects when deciding whether to issue notifications as traps or informs Trap Inform Timeout The number of seconds to wait for an acknowledgment before resending an in...

Page 71: ...ice on the switch specify the SNMP version to use change the community access strings if required and set the engine ID if SNMP version 3 is used 3 In the SNMP Trap Configuration table enable the Trap...

Page 72: ...nly Default public private For SNMPv3 these strings are treated as a Security Name and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 Groups Configuration table see Configuring SNMPv...

Page 73: ...vice where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using t...

Page 74: ...NMPv3 groups An SNMPv3 group defines the access policy for assigned users restricting them to specific read and write views as defined on the SNMPv3 Access Configuration page page 76 You can use the p...

Page 75: ...he those configured in the SNMPv3 Users Configuration menu 5 Enter a group name Note that the views assigned to a group must be specified on the SNMP Accesses Configuration menu see page 76 6 Click Sa...

Page 76: ...PV3 GROUP ACCESS RIGHTS Use the SNMPv3 Access Configuration page to assign portions of the MIB tree to which each SNMPv3 group is granted access You can assign more than one view to a group to specify...

Page 77: ...n independently perform a wide range of tasks significantly reducing network management traffic It can continuously run diagnostics and log information on network performance If an event is triggered...

Page 78: ...ons and frames of various sizes PARAMETERS The following parameters are displayed ID Index to this entry Range 1 65535 Data Source Port identifier WEB INTERFACE To enable regular sampling of statistic...

Page 79: ...tilization PARAMETERS The following parameters are displayed ID Index to this entry Range 1 65535 Data Source Port identifier Interval The polling interval Range 1 3600 seconds Default 1800 seconds Bu...

Page 80: ...sampled Only variables of the type ifEntry n n may be sampled Note that ifEntry n uniquely defines the MIB variable and ifEntry n n defines the MIB variable plus the ifIndex For example 1 3 6 1 2 1 2...

Page 81: ...erated Range 1 65535 Falling Threshold If the current value is less than the falling threshold and the last sample value was greater than this threshold then an alarm will be generated After a falling...

Page 82: ...settings for event logging see Configuring Remote Log Messages on page 53 snmptrap Sends a trap message to all configured trap managers see Configuring SNMP System and Trap Settings on page 68 logandt...

Page 83: ...ging as discussed under Aging Period With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such fram...

Page 84: ...new addresses will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port...

Page 85: ...open and easy access to network resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intru...

Page 86: ...MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security However note that the only encryption method supported by...

Page 87: ...he user to have special 802 1X software installed on his system The switch uses the client s MAC address to authenticate against the backend server However note that intruders can create counterfeit M...

Page 88: ...t enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication does not cause direct communication between the switch and the client so this will no...

Page 89: ...cept packet Only the first occurrence of the attribute in the packet will be considered To be valid all 8 octets in the attribute s value must be identical and consist of ASCII characters in the range...

Page 90: ...er is denied access While a port has an assigned dynamic QoS profile any manual QoS configuration changes only take effect after all users have logged off the port RADIUS Assigned VLAN Enabled RADIUS...

Page 91: ...used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Privat...

Page 92: ...OL Success frame after entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the...

Page 93: ...ted on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast...

Page 94: ...e The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The...

Page 95: ...client authentication using one of the methods described below Note that the restart buttons are only enabled when the switch s authentication mode is globally enabled under System Configuration and t...

Page 96: ...eny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to another port or to the system log...

Page 97: ...rameter on the ACL Ports Configuration page Then open the Mirror Configuration page set the Port to mirror on field to the required destination port and leave the Mode field Disabled Logging Enables l...

Page 98: ...l List Configuration menu page 99 PATH Advanced Configuration Security Network ACL Rate Limiters PARAMETERS These parameters are displayed Rate Limiter ID Rate limiter identifier Range 0 14 Default 1...

Page 99: ...order from top to bottom A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the frame is accepted The maximum number of ACL r...

Page 100: ...ame to match Action Shows whether a frame is permitted or denied when it matches an ACL rule Rate Limiter Shows if rate limiting will be enabled or disabled when matching frames are found Port Redirec...

Page 101: ...C address Options Any Specific user defined Default Any DMAC Filter The type of destination MAC address Options Any MC multicast BC broadcast UC unicast Specific user defined Default Any Ethernet Type...

Page 102: ...ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Default Any RARP DMAC Match Specifies whether frames can be matched according to their target...

Page 103: ...ode of an ICMP packet to filter for this rule Options Any Specific 0 255 Default Any UDP Parameters Source Port Filter Specifies the UDP source filter for this rule Options Any Specific 0 65535 Range...

Page 104: ...d 0 TCP frames where the URG field is set must not match this entry 1 TCP frames where the URG field is set must match this entry Default Any IP TTL Specifies the time to Live settings for this rule O...

Page 105: ...ter and port mirroring set on the general Mirror Configuration page are implemented independently To use ACL based mirroring enable the Mirror parameter on the ACE Configuration page Then open the Mir...

Page 106: ...ttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 When editing an entry on the ACE Configuration page note that the items displayed depend on v...

Page 107: ...rusted interface from a device not listed in the DHCP snooping table will be dropped Table entries are only learned for trusted interfaces An entry is added or removed dynamically to the DHCP snooping...

Page 108: ...a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when t...

Page 109: ...the DHCP response to the client DHCP also provides a mechanism for sending information about the switch and its DHCP clients to the DHCP server Known as DHCP Option 82 it allows compatible DHCP serve...

Page 110: ...ts the DHCP relay policy for DHCP client packets that include Option 82 information Replace Overwrites the DHCP client packet information with the switch s relay information This is the default Keep R...

Page 111: ...all entries in the DHCP Snooping binding table and IP Source Guard Static Table If no matching entry is found the packet is dropped NOTE Multicast addresses cannot be used by IP Source Guard When ena...

Page 112: ...en both Global Mode and Port Mode on a given port are enabled will ARP Inspection take effect on a given port Default Disabled Max Dynamic Clients Specifies the maximum number of dynamic clients that...

Page 113: ...s learned via DHCP snooping are configured by the DHCP server itself Static bindings are processed as follows If there is no entry with the same VLAN ID and MAC address a new entry is added to the sta...

Page 114: ...provides protection against ARP traffic with invalid MAC to IP address bindings which forms the basis for certain man in the middle attacks This is accomplished by intercepting all ARP requests and r...

Page 115: ...l not affect the ARP Inspection configuration of any ports When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual ports These configuration changes wi...

Page 116: ...ION Use the Static ARP Inspection Table to bind a static address to a port Table entries include a port identifier VLAN identifier source MAC address in ARP request packets and source IP address in AR...

Page 117: ...l management access based on a list of user names and passwords configured on a RADIUS or TACACS remote access authentication server and to authenticate client access for IEEE 802 1X port authenticati...

Page 118: ...f authentication server used for authentication messages Range 1 65535 Default 0 If the UDP port is set to 0 zero the switch will use 1812 for RADIUS authentication servers 1813 for RADIUS accounting...

Page 119: ...configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can automatically negotiate a trunked link with LACP conf...

Page 120: ...ings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added or del...

Page 121: ...ll be assigned The following options are supported Source MAC Address All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk...

Page 122: ...identifier Port Members Port identifier WEB INTERFACE To configure a static trunk 1 Click Configuration Aggregation Static 2 Select one or more load balancing methods to apply to the configured trunk...

Page 123: ...f an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will be shown on the LACP System Status page page 252 and LACP...

Page 124: ...U interval to 30 seconds Default Fast Fast Specifies a fast timeout of 3 seconds Slow Specifies a slow timeout of 90 seconds Prio If a link goes down LACP port priority is used to select a backup link...

Page 125: ...anged once you determine what kind of packets are being looped back Loopback detection must be enabled both globally and on an interface for loopback detection to take effect PARAMETERS These paramete...

Page 126: ...tions Shutdown Port Shutdown Port and Log Log Only Tx Mode Controls whether the port is actively generating loop protection PDUs or whether it is just passively looking for looped PDUs Default Enabled...

Page 127: ...ng a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root por...

Page 128: ...aining all commonly configured MSTP bridges Figure 46 MSTP Region Internal Spanning Tree Multiple Spanning Tree An MST Region consists of a group of interconnected bridges that have the same MST Confi...

Page 129: ...rating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol1 RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynami...

Page 130: ...t device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 128 Range...

Page 131: ...lt 6 Advanced Settings Edge Port BPDU Filtering BPDU filtering allows you to avoid transmitting BPDUs on configured edge ports that are connected to end nodes By default STA sends BPDUs to all ports r...

Page 132: ...rovides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a...

Page 133: ...e2 The name for this MSTI Maximum length 32 characters Default switch s MAC address Configuration Revision2 The revision for this MSTI Range 0 65535 Default 0 MSTI Mapping MSTI Instance identifier to...

Page 134: ...nfigure Range CIST MIST1 7 Priority The priority of a spanning tree instance Range 0 240 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53284 57344 61...

Page 135: ...ports of the same media type to indicate the preferred path edge port to indicate if the attached device can support fast forwarding or link type to indicate a point to point connection or shared medi...

Page 136: ...e path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority...

Page 137: ...is can cause a lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influencing the spanning tree active topology pos...

Page 138: ...a point to point link while a half duplex interface is assumed to be on a shared link Forced True A point to point connection to exactly one other bridge Forced False A shared connection to two or mor...

Page 139: ...d and duplex mode used on each port and configures the path cost according to the values shown in Table 9 Table 10 and Table 11 Priority Defines the priority used for this port in the Spanning Tree Al...

Page 140: ...rovided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong Even though common multicast streams are passed onto different VLAN groups from the MVR V...

Page 141: ...st data associated with an MVR group is sent from all designated source ports to all receiver ports that have registered to receive data from that multicast group Default Disabled VLAN Interface Setti...

Page 142: ...the MVR operational mode for any port MVR must also be globally enabled on the switch for this setting to take effect MVR only needs to be enabled on a receiver port if there are subscribers receiving...

Page 143: ...ontrol whether or not membership reports are sent from source ports specify whether or not control frames are tagged with the MVR ID set the priority and last member query interval 4 Optionally enable...

Page 144: ...the address to indicate the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is reserved PARAMETERS These parameters are displayed VLAN ID Displays th...

Page 145: ...lticast traffic and query messages may not be received by the switch In this case Layer 2 IGMP Query can be used to actively ask the attached hosts if they want to receive a specific multicast service...

Page 146: ...and Unregistered IPMC Flooding is disabled any subsequent multicast traffic not found in the table is dropped otherwise it is flooded throughout the VLAN IGMP SSM Range The Source Specific Multicast R...

Page 147: ...e switch will generate and send a group specific GS query to the member port which received the leave message and then start the last member query timer for that port When the conditions in the preced...

Page 148: ...r querier will send a GS query message when an IGMPv2 v3 group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the spec...

Page 149: ...ed the switch will monitor network traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic Default Enabled When IGMP snooping is enabled globally the per VLA...

Page 150: ...ral Queries are sent by the Querier Range 1 255 seconds Default 125 seconds An MLD general query message is sent by the switch at the interval specified by this attribute When this message is received...

Page 151: ...FIGURING IGMP FILTERING Use the IGMP Snooping Port Group Filtering Configuration page to filter specific multicast traffic In certain switch applications the administrator may want to control the mult...

Page 152: ...his switch supports MLD protocol version 1 MLDv1 control packets include Listener Query Listener Report and Listener Done messages equivalent to IGMPv2 query report and leave messages Remember that IG...

Page 153: ...stered IPMCv6 Flooding is disabled any subsequent multicast traffic not found in the table is dropped otherwise it is flooded throughout the VLAN MLD SSM Range The Source Specific Multicast Range allo...

Page 154: ...nsolicited multicast listener done report to the all routers address FF02 2 for MLDv1 Port Related Configuration Port Port identifier Router Port Sets a port to function as a router port which leads t...

Page 155: ...ets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port any new MLD listener reports will be dropped WEB INTERFACE To conf...

Page 156: ...s this IPv6 address as the query source address The querier will not start or will disable itself after having started if it detects an IPv6 multicast router on the network Compatibility Compatibility...

Page 157: ...en the leave message is received by the switch it checks to see if this host is the last to leave the group by sending out an MLD group specific or group and source specific query message and starts a...

Page 158: ...port are checked against the these groups If a requested multicast group is denied the MLD report is dropped WEB INTERFACE To configure MLD Snooping Port Group Filtering 1 Click Configuration IPMC ML...

Page 159: ...agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner TTL in seconds is based on the following rule Transmission Interval Tr...

Page 160: ...r devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch When CDP awareness for a port is disabled the CDP information is not removed immediately but will b...

Page 161: ...nterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual...

Page 162: ...in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Con...

Page 163: ...Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Pr...

Page 164: ...Call Service e g 911 and others such as defined by TIA or NENA ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN tr...

Page 165: ...uto generated and will be used when selecting the polices that will be mapped to the specific ports Application Type Intended use of the application types Voice For use by dedicated IP Telephony hands...

Page 166: ...802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame form...

Page 167: ...the Power Over Ethernet Configuration page to set the maximum PoE power provided to a port the maximum power budget for the switch power available to all RJ 45 ports the port PoE operating mode power...

Page 168: ...be controlled within the switch s power budget Port power can be automatically turned on and off for connected devices and a per port power priority can be set so that the switch never exceeds its pow...

Page 169: ...f power that the power supply can deliver or if the actual power consumption for a given port exceeds the power reserved for that port The ports are shut down according to port priority If two ports h...

Page 170: ...3 Specify the port PoE operating mode port power allocation priority and the port power budget 4 Click Save Figure 64 Configuring PoE Settings CONFIGURING THE MAC ADDRESS TABLE Use the MAC Address Tab...

Page 171: ...nt link will be lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface NOTE If the learning mode for a given port in the MAC Learning Ta...

Page 172: ...ed anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to...

Page 173: ...GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you...

Page 174: ...orts PARAMETERS These parameters are displayed Ethertype for Custom S ports When Port Type is set to S custom port the EtherType also called the Tag Protocol Identifier or TPID of all frames received...

Page 175: ...f ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded If ingress filtering is disabled and a port receives frames tagge...

Page 176: ...are devices including the destination host the switch should first strip off the VLAN tag before forwarding the frame Port VLAN ID VLAN ID assigned to untagged frames received on the interface Range 1...

Page 177: ...re displayed Port Number Port identifier WEB INTERFACE To configure isolated ports 1 Click Configuration Private VLANs Port Isolation 2 Mark the ports which are to be isolated from each other 3 Click...

Page 178: ...C address which is to be mapped to a specific VLAN The MAC address must be specified in the format xx xx xx xx xx xx VLAN ID VLAN to which ingress traffic matching the specified source MAC address is...

Page 179: ...want to use page 173 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for e...

Page 180: ...0x0600 0xffff and if value of the OUI is other than 00 00 00 then valid value of the PID will be any value from 0x0000 to 0xffff Group Name The name assigned to the Protocol VLAN Group This name must...

Page 181: ...rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the...

Page 182: ...no IP subnet is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID PATH Advanced Configuration VCL IP Subnet based VLAN COMMAND USAGE Each IP subnet can be ma...

Page 183: ...ic Traffic isolation can provide higher voice quality by preventing excessive packet delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of...

Page 184: ...ers on page 174 Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port Range 10 10 000 000 seconds Default 86400 seconds Traffic Clas...

Page 185: ...OUI numbers are assigned to manufacturers and form the first three octets of a device MAC address MAC address OUI numbers must be configured in the Telephony OUI list so that the switch recognizes th...

Page 186: ...equipment can be configured on the switch so that traffic from these devices is recognized as VoIP NOTE Making any changes to the OUI table will restart the auto detection process for attached VoIP d...

Page 187: ...e manner in which an individual device handles traffic is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end Quality of S...

Page 188: ...ssified in any other way Range 0 1 Default 0 DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification see page 196 WEB INTERFACE To set the basic QoS parameters for a port 1 Click Advance...

Page 189: ...kbps Flow Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames WEB INTERFACE To configure ingress port policing 1 Click Adva...

Page 190: ...eues 7 and 8 Queue Shaper Controls whether queue shaping is enabled for this queue on this port Enable Enables or disables queue shaping Default Disabled Rate Controls the rate for the queue shaper Th...

Page 191: ...s WEB INTERFACE To show an overview of the queue mode and weight used by egress ports 1 Click Configuration QoS Port Scheduler 2 Click on any enter under the Port field to configure the Port Scheduler...

Page 192: ...igure egress queue mode queue shaper rate and access to excess bandwidth and port shaper PATH Advanced Configuration QoS Port Shaper PARAMETERS These parameters are displayed Displaying QoS Egress Por...

Page 193: ...fied PCP DEI values default PCP DEI values or mapped versions of QoS class and drop priority PATH Advanced Configuration QoS Port Tag Remarking PARAMETERS These parameters are displayed Displaying Por...

Page 194: ...I Remarks matching egress frames with the specified Drop Eligible Indicator Range 0 1 Default 0 WEB INTERFACE To show the QoS Egress Port Tag Remarking mode used for each port 1 Click Advanced Configu...

Page 195: ...iguration page to configure ingress translation and classification settings and egress re writing of DSCP values PATH Advanced Configuration QoS Port DSCP PARAMETERS These parameters are displayed Por...

Page 196: ...mapped DSCP value is either taken from the DSCP Translation table Egress Remap DP0 or DP1 field see page 198 Remap DP Unaware Frame with DSCP from analyzer is remapped and remarked with the remapped D...

Page 197: ...rames QoS Class QoS value to which the corresponding DSCP value is classified for ingress processing Range 0 7 Default 0 DPL Drop Precedence Level to which the corresponding DSCP value is classified f...

Page 198: ...Ingress Translate Enables ingress translation of DSCP values based on the specified classification method Ingress Classify Enable Classification at ingress side as defined in the QoS Port DSCP Config...

Page 199: ...CP Classification 2 Map key DSCP values to a corresponding QoS class 3 Click Save Figure 85 Mapping DSCP to QoS CONFIGURING QOS CONTROL LISTS Use the QoS Control List Configuration page to configure Q...

Page 200: ...Eligible Indicator Options 0 1 or Any Action Indicates the classification action taken on ingress frame if the configured parameters are matched in the frame s content If a frame matches the QCE the f...

Page 201: ...ound in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX LLC Link Logical Control includes the following settings SSAP Address Source Service Access Point address Options Any...

Page 202: ...it smaller than the original packet s size DSCP Diffserv Code Point value Options Any specific value of 0 63 BE CS1 CS7 EF or AF11 AF43 or Range Default Any IPv6 IPv6 frame type includes the following...

Page 203: ...ue or left unchanged Options 0 63 BE CS1 CS7 Default not changed Default setting Default WEB INTERFACE To configure QoS Control Lists 1 Click Advanced Configuration QoS QoS Control List 2 Click the bu...

Page 204: ...st multicast or unknown unicast traffic Any packets exceeding the specified threshold will then be dropped Note that the limit specified on this page applies to each port PATH Configuration QoS Storm...

Page 205: ...s or resending them at the same rate If a significant percentage of the network s traffic employs these protocols it is not advisable to enable RED PATH Configuration QoS WRED PARAMETERS These paramet...

Page 206: ...ESTION MANAGEMENT Use the Congestion Management page to specify whether or not to forward traffic when the destination port is congested Note that congestion Management does not apply to priority 6 an...

Page 207: ...ed on the Mirroring RSPAN Configuration page mirroring will occur regardless of any configuration settings made on the ACL Ports Configuration page see Filtering Traffic with Access Control Lists on p...

Page 208: ...ation port to which all mirrored traffic will be sent 5 Click Save Figure 90 Mirror Configuration CONFIGURING REMOTE PORT MIRRORING Use the Mirroring RSPAN Configuration page to mirror traffic from re...

Page 209: ...tch on the Mirroring RSPAN configuration page by specifying switch type Destination the RSPAN VLAN intermediate ports and the destination port s where the mirrored traffic will be received RSPAN Limit...

Page 210: ...y mirrored traffic Source port s reflector port and intermediate port s are located on this switch Intermediate Specifies this device as an intermediate switch transparently passing mirrored traffic f...

Page 211: ...tination port can still send and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned WEB INTERFACE To configure remote port mirroring for an RSPAN source sw...

Page 212: ...lick Save Figure 93 Mirror Configuration Intermediate To configure remote port mirroring for an RSPAN destination switch 1 Click Basic Advanced Configuration Mirroring RSPAN 2 Set the Mode to Enabled...

Page 213: ...evice s description from the URL provided by the device in the discovery message After a control point has retrieved a description of the device it can send actions to the device s service To do this...

Page 214: ...half of the advertising duration minus 30 seconds Range 100 86400 seconds Default 100 seconds WEB INTERFACE To configure UPnP 1 Click Configuration UPnP 2 Enable or disable UPnP then set the TTL and a...

Page 215: ...ATH Advanced Configuration UPnP PARAMETERS These parameters are displayed Receiver Configuration Owner sFlow can be configured in two ways Through local management using the Web interface or through S...

Page 216: ...ld be set to a value that avoids fragmentation of the sFlow datagrams Range 200 1468 bytes Default 1400 bytes Port Configuration Port Port identifier Flow Sampler The following parameters apply to flo...

Page 217: ...CHAPTER 4 Configuring the Switch Configuring sFlow 217 Figure 96 sFlow Configuration...

Page 218: ...CHAPTER 4 Configuring the Switch Configuring sFlow 218...

Page 219: ...g the device name location and contact information PATH Monitor System Information PARAMETERS These parameters are displayed System To configure the following items see Configuring System Information...

Page 220: ...ation DISPLAYING CPU UTILIZATION Use the CPU Load page to display information on CPU utilization The load is averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed...

Page 221: ...the logged system and event messages PATH Monitor System Log PARAMETERS These parameters are displayed Display Filter Level Specifies the type of log messages to display Info Informational messages on...

Page 222: ...splay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entrie...

Page 223: ...S You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the number of pa...

Page 224: ...nsmitted Errors Received Transmitted The number of frames received with errors and the number of incomplete transmissions Drops Received Transmitted The number of frames discarded due to ingress or eg...

Page 225: ...ing entry of this QCE The information displayed in this field depends on the option selected in the drop down list at the top of this page Combined Static Voice VLAN Conflict QCE QoS Control Entry ind...

Page 226: ...solved Figure 104 QoS Control List Status DISPLAYING DETAILED PORT STATISTICS Use the Detailed Port Statistics page to display detailed statistics on network traffic This information can be used to id...

Page 227: ...received with CRC or alignment errors Rx Undersize The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed...

Page 228: ...CHAPTER 5 Monitoring the Switch Displaying Information About Ports 228 WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 105 Detailed Port Statistics...

Page 229: ...Management Statistics USAGE GUIDELINES Statistics will only be displayed on this page if access management is enabled on the Access Management Configuration menu see page 66 and traffic matching one o...

Page 230: ...es to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules that may request port security services and on...

Page 231: ...m number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on...

Page 232: ...aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown WEB INTERFACE To display information about the MAC address learning through the Port Security...

Page 233: ...RADIUS assigned is appended to the VLAN ID Refer to RADIUS Assigned VLAN Enabled for a description of this attribute see page 85 If the port is moved to the Guest VLAN Guest is appended to the VLAN ID...

Page 234: ...to the Guest VLAN Guest is appended to the VLAN ID Refer to Guest VLAN Enabled for a description of this attribute see page 85 Port Counters Receive EAPOL Counters Total The number of valid EAPOL fra...

Page 235: ...hallenges received from the backend server for this port left most table or client right most table Other Requests 802 1X based Counts the number of times that the switch sends an EAP Request packet f...

Page 236: ...s the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table...

Page 237: ...n list Figure 110 NAS Statistics for Specified Port DISPLAYING ACL STATUS Use the ACL Status page to show the status for different security modules which use ACL filtering including ingress port frame...

Page 238: ...hich are not ICMP UDP or TCP Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicat...

Page 239: ...ber of ACK option 53 with value 5 packets received and transmitted Rx Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx Tx Release The number of release option 53 wit...

Page 240: ...number of packets relayed from the client to the server Transmit Error The number of packets containing errors that were sent to clients Receive from Server The number of packets received from the ser...

Page 241: ...s relay information Keep Agent Option The number of packets received where the DHCP client packet information was retained Drop Agent Option The number of packets that were dropped because they alread...

Page 242: ...tries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per pa...

Page 243: ...mber of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet...

Page 244: ...formed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Bad Authenticators The numb...

Page 245: ...onds left Access attempts were made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the dead time expires The num...

Page 246: ...server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other Info IP Address IP address and UDP port for the accounting serve...

Page 247: ...RMON to display information on RMON statistics alarms and event responses DISPLAYING RMON STATISTICS Use the RMON Statistics Status Overview page to view a broad range of interface statistics includin...

Page 248: ...Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but including FC...

Page 249: ...Security Switch RMON History PARAMETERS These parameters are displayed History Index Index of History control entry Sample Index Index of the data entry associated with the control entry Sample Start...

Page 250: ...and falling threshold Variable MIB object to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds For more information se...

Page 251: ...hreshold WEB INTERFACE To display RMON alarm settings click Monitor Security Switch RMON Alarm Figure 120 RMON Alarm Overview DISPLAYING RMON EVENT SETTINGS Use the RMON Alarm Event page to display co...

Page 252: ...Aggr ID The Aggregation ID associated with this Link Aggregation Group LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Last Cha...

Page 253: ...he LACP protocol i e its MAC address Partner Port The partner port connected to this local port Partner Priority The partner port priority used to select a backup link WEB INTERFACE To display LACP st...

Page 254: ...e parameters are displayed Port Port identifier Action Configured port action i e the response to take when a loop is detected on a port Transmit Configured port transmit mode i e whether the port is...

Page 255: ...itch has been accepted as the root device Root Port The number of the port on this switch that is closest to the root This switch communicates with the root device through this port If there is no roo...

Page 256: ...isplays the current state of this port in the Spanning Tree Blocking Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an i...

Page 257: ...e Status To display detailed information on a single STP bridge instance along with port state for all active ports associated 1 Click Monitor Spanning Tree Bridge Status 2 Click on an entry in the ST...

Page 258: ...orward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the...

Page 259: ...display information on spanning port statistics click Monitor Spanning Tree Port Statistics Figure 129 Spanning Tree Port Statistics DISPLAYING MVR INFORMATION Use the monitor pages for MVR to display...

Page 260: ...messages used by MVR and to shows information about the interfaces associated with multicast groups assigned to the MVR VLAN PATH Monitor MVR Group Information PARAMETERS These parameters are displaye...

Page 261: ...p The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID port number and Group Address It can be either Include or Exclude S...

Page 262: ...er Host Version IGMP version used when used by this switch when serving as a host in IGMP proxy mode Querier Status Shows the Querier status as ACTIVE or IDLE When enabled the switch can serve as the...

Page 263: ...ers are displayed VLAN ID VLAN Identifier Groups The IP address for a specific multicast service Port Members The ports assigned to the listed VLAN which propagate a specific multicast service WEB INT...

Page 264: ...pe It can be either Allow or Deny Hardware Filter Switch Indicates whether the data plane destined to the specific group address from the source IPv4 address can be handled by the chip or not WEB INTE...

Page 265: ...nsible for asking hosts if they want to receive multicast traffic Queries Transmitted The number of transmitted Querier messages Queries Received The number of received Querier messages V1 Reports Rec...

Page 266: ...Figure 137 MLD Snooping Group Information SHOWING IPV6 SFM INFORMATION Use the MLD SFM Information page to display MLD Source Filtered Multicast information including group filtering mode include or e...

Page 267: ...or Information page to display information about devices connected directly to the switch s ports which are advertising information through LLDP PATH Monitor LLDP Neighbors PARAMETERS These parameters...

Page 268: ...out LLDP neighbors click Monitor LLDP Neighbors Figure 139 LLDP Neighbor Information DISPLAYING LLDP MED NEIGHBOR INFORMATION Use the LLDP MED Neighbor Information page to display information about a...

Page 269: ...both Media Endpoints Class II and Generic Endpoints Class I LLDP MED Generic Endpoint Class I Applicable to all endpoint products that require the base LLDP discovery services defined in TIA 1057 howe...

Page 270: ...under Configuring LLDP MED TLVs on page 162 Policy This field displays one of the following values Unknown The network policy for the specified application type is currently unknown Defined The netwo...

Page 271: ...ORMATION Use the LLDP Neighbor Power Over Ethernet Information page to display the status of all LLDP PoE neighbors including power device type PSE or PD source of power power priority and maximum req...

Page 272: ...page to displays Energy Efficient Ethernet information advertised through LLDP messages PATH Monitor LLDP EEE PARAMETERS These parameters are displayed Local Port The port on this switch which receiv...

Page 273: ...ia LLDP Resolved Rx Tw The resolved Rx Tw for this link not the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE in...

Page 274: ...mes Number of LLDP PDUs received Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded Number of frames discarded because they did not conform to the general vali...

Page 275: ...r and current used and PoE priority PATH Monitor PoE PARAMETERS These parameters are displayed Local Port The port on this switch which received the LLDP frame PD class Each PD is classified according...

Page 276: ...address entries associated with the CPU and each port PATH Monitor MAC Address Table PARAMETERS These parameters are displayed Start from VLAN and MAC address with entries per page These input fields...

Page 277: ...t services to configure VLAN membership and VLAN port settings such as the PVID or untagged VLAN ID This switch supports the following VLAN user modules Static Ports statically assigned to a VLAN thro...

Page 278: ...r to the preceding section for a description of the software modules that use VLAN management services PATH Monitor VLANs VLAN Port PARAMETERS These parameters are displayed VLAN User A software modul...

Page 279: ...et s behavior at the egress side If the VID of Ethernet frames leaving a port match the UVID these frames will be sent untagged Conflicts Shows whether conflicts exist or not When a software module re...

Page 280: ...r Combined Includes all entries MAC Address A source MAC address which is mapped to a specific VLAN VLAN ID VLAN to which ingress traffic matching the specified source MAC address is forwarded Port Me...

Page 281: ...the sFlow receiver Tx Errors The number of UDP datagrams that has failed transmission The most common source of errors is invalid sFlow receiver IP host name configuration To diagnose paste the recei...

Page 282: ...CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling 282 WEB INTERFACE 1 To display information on sampled traffic click Monitor sFlow Figure 149 Showing sFlow Statistics...

Page 283: ...IPv4 address consists of 4 numbers 0 to 255 separated by periods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the app...

Page 284: ...IPv4 or IPv6 Address 284 After you press Start the sequence number and round trip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are recei...

Page 285: ...faults that can occur on Category 5 twisted pair cabling WEB INTERFACE To run cable diagnostics 1 Click Diagnostics VeriPHY 2 Select all ports or indicate a specific port for testing 3 Click Start If...

Page 286: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 286...

Page 287: ...aving configuration settings and resetting the switch RESTARTING THE SWITCH Use the Restart Device page to restart the switch PATH Maintenance Restart Device WEB INTERFACE To restart the switch 1 Clic...

Page 288: ...ance Restart Device WEB INTERFACE To restore factory defaults 1 Click Maintenance Factory Defaults 2 Click Yes The factory defaults are immediately restored which means that no reboot is necessary Fig...

Page 289: ...ront LED flashes Green Off at a frequency of 10 Hz while the firmware update is in progress Do not reset or power off the device at this time or the switch may fail to function afterwards Figure 154 S...

Page 290: ...the file under which to save the current configuration settings The configuration file is in XML format The configuration parameters are represented as attribute values When saving the configuration...

Page 291: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 291 Figure 157 Configuration Upload...

Page 292: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 292...

Page 293: ...293 SECTION III APPENDICES This section provides additional information and includes these items Software Specifications on page 295 Troubleshooting on page 299 License Information on page 301...

Page 294: ...SECTION III Appendices 294...

Page 295: ...ull duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a crit...

Page 296: ...ts DSCP remarking ingress traffic policing and egress traffic shaping MULTICAST FILTERING IGMP Snooping IPv4 MLD Snooping IPv6 Multicast VLAN Registration ADDITIONAL FEATURES DHCP Client Relay Option...

Page 297: ...EEE 802 1p Priority tags IEEE 802 1Q 2005 VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protoco...

Page 298: ...RFC 2065 IPV6 ICMP MIB RFC 2066 IPV6 TCP MIB RFC 2052 IPV6 UDP MIB RFC 2054 MAU MIB RFC 3636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB...

Page 299: ...t been disabled Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station...

Page 300: ...witch follow these steps 1 Enable logging 2 Set the error messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages...

Page 301: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Page 302: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Page 303: ...These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Page 304: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Page 305: ...according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DHCP Dynamic Host Control Protocol Provides a framework for passing...

Page 306: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Page 307: ...1S An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1W An IEEE standard for the Rapid Spanning Tree Protocol RSTP which...

Page 308: ...by this switch can pass multicast traffic along to participating hosts IP PRECEDENCE The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority l...

Page 309: ...egion and prevents VLAN members from being segmented from the rest of the group MULTICAST SWITCHING A process whereby the switch filters incoming multicast frames for services for which no attached ho...

Page 310: ...rity of one flow or limiting the priority of another flow RADIUS Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to...

Page 311: ...T Defines a remote communication facility for interfacing to a terminal device over TCP IP TFTP Trivial File Transfer Protocol A TCP IP protocol commonly used for software downloads UDP User Datagram...

Page 312: ...GLOSSARY 312...

Page 313: ...46 relay information option 110 relay information option policy 110 DHCP snooping 107 DNS server 47 Domain Name Service See DNS downloading software 288 using HTTP 288 using TFTP 288 drop precedence Q...

Page 314: ...D 162 logging syslog traps 53 to syslog servers 53 log in web interface 35 logon authentication 58 encryption keys 118 RADIUS client 118 RADIUS server 118 settings 117 118 TACACS client 61 TACACS serv...

Page 315: ...on 181 public key 64 Q QCE quality control list entry 200 QCL status monitoring 225 QoS 187 class 188 control lists 199 drop precedence 188 DSCP classification 199 DSCP rewriting 195 DSCP translation...

Page 316: ...setting 51 time setting 50 trap destination 69 trap manager 69 troubleshooting 299 trunk configuration 120 123 LACP 123 static 120 Type Length Value See LLDP TLV See LLDP MED TLV U unknown unicast sto...

Page 317: ......

Page 318: ...GEP 5070 E042013 ST R01...

Search results

Summary of Contents for GEP-5070

Reviews:

Related manuals for GEP-5070

Brands by name

Popular brands

LevelOne GEP-5070, User Manual

Search results

Summary of Contents for GEP-5070

Reviews:

Related manuals for GEP-5070

Brands by name

Popular brands