manualshive.com logo in svg

Linksys LGS308, User Manual

The Linksys LGS308 is a high-performance 8-port Gigabit Ethernet switch designed for small businesses. For easy setup and troubleshooting, be sure to download the user manual for free from our website. Stay connected and maximize productivity with the Linksys LGS308 switch.

Share
Download
background image

157

 

Multiple Authentication Methods 

If more than one authentication method is enabled on the switch, the following hierarchy of 
authentication methods is applied:  

802.1x Authentication: Highest

MAC-Based Authentication: Lowest

Multiple methods can run at the same time. When one method finishes successfully, the client 
becomes authorized, the methods with lower priority are stopped and the methods with higher 
priority continue. 
When one of the authentication methods running simultaneously fails, the other methods 
continue. 
When an authentication method finishes successfully for a client authenticated by a method with 
a lower priority, the attributes of the new method are applied.When the new method fails, the 
client is left authorized with the old method. 

802.1x-Based Authentication 

The device supports the 802.1x authentication mechanism, as described in the standard, to 
authenticate and authorize 802.1x supplicants. 
The 802.1x-based authenticator relays transparent EAP messages between 
802.1x supplicants and authentication servers. The EAP messages between supplicants and the 
authenticator are encapsulated into the 802.1x messages, and the EAP messages between the 
authenticator and authentication servers are encapsulated into the RADIUS messages. 
This is described in the following: 

MAC-Based Authentication 

MAC-based authentication is an alternative to 802.1X authentication that allows network access 
to devices (such as printers and IP phones) that do not have the 802.1X supplicant capability. 
MAC-based authentication uses the MAC address of the connecting device to grant or deny 
network access. 

This image cannot currently be displayed.

Summary of Contents for LGS308

Page 1: ...1 User Guide SMART SWITCH LGS3XX...

Page 2: ...System Information 20 Management Session Timeout 21 Time 21 SNMP 27 Logs 44 Chapter5 Port Management 50 Ports 50 Link Aggregation 52 Green Ethernet 56 PoE 59 Discovery LLDP 65 Chapter 6 VLAN Managemen...

Page 3: ...Snooping 115 Multicast Router Ports 116 Forward All 117 Unregistered Multicast 118 IGMP MLD IP Group Addresses 120 MAC Group Address FDB 121 IP Group Address FDB 123 Chapter 10 IP Interface 125 IPv4...

Page 4: ...IPv6 Based ACE 176 ACL Binding 178 Chapter 14 Quality of Service 180 Feature Configuration 182 Queue Scheduling 183 CoS 802 1p to Queue 184 DSCP to Queue 186 Bandwidth Control 187 Egress Shaping 188...

Page 5: ...station use the IPv6 global address and not the IPv6 link local address to access the device from your browser Launching the Configuration Utility To open the Web based configuration utility do the fo...

Page 6: ...timeout occurs or you intentionally log out of the system a message appears and the login page appears with a message indicating the logged out state Interface Naming Conventions Within the GUI inter...

Page 7: ...ype Click Save to display the Configuration File Copy page and save the Running Configuration to the Startup Configuration file type on the device Close Click to return to the previous page Any change...

Page 8: ...8 Configuring with Menu Command Line Interface To configure with the device through the menu CLI 1 Log on to the device through telnet 2 Configure the device 3 Click Logout...

Page 9: ...mode System Description A description of the system SystemLocation Physicallocationofthedevice To edit this field go to Configuration System Management System Information System Contact Name of a cont...

Page 10: ...nd time System Uptime Length of time since last reboot RMON RMON Statistics The Statistics page displays detailed information regarding packet sizes and information regarding physical layer errors The...

Page 11: ...packets over 2000 octets received Fragments Number of fragments packets with less than 64 octets excluding framing bits but including Frame Check Sequence octets received Jabbers Total number receive...

Page 12: ...ory Table page that can be viewed by clicking the History button To enter RMON control information 1 Click System Status RMON History 2 Click Add 3 Enter the parameters New History Control Entry Index...

Page 13: ...tatistics were taken from this sample Drop Events Dropped packets due to lack of network resources during the sampling interval This may not represent the exact number of dropped packets but rather th...

Page 14: ...ures the occurrences that trigger an alarm To define RMON events 1 Click System Status RMON Events This page displays previously defined events 2 Click Add 3 Enter the parameters Event Entry Index Dis...

Page 15: ...onfiguration file 5 Click Event Log to display the log of alarms that have occurred and that have been logged see description below RMON Events Logs The Event Log Table page displays the log of events...

Page 16: ...n the Add RMON Alarm page below Counter Value Displays the value of the statistic during the last sampling period 2 Click Add 3 Enter the parameters Alarm Entry Index Displays the alarm entry number I...

Page 17: ...value triggers the falling threshold alarm o Rising and Falling Both rising and falling values trigger the alarm Owner Enter the name of the user or network management system that receives the alarm 4...

Page 18: ...nds o Total Octets Octets received including bad packets and FCS octets but excluding framing bits o Unicast Packets Good Unicast packets received o Multicast Packets Good Multicast packets received o...

Page 19: ...used pages Link Name on the Page Linked Page Configure User Accounts and Management Access User Access Accounts Configure Device IP Address IPv4 Interface Create VLANs VLANs Configure VLAN Memberships...

Page 20: ...name of a contact person System Host Name Select the host name of this device o Default The default host name System Name of these switches is switch123456 where 123456 represents the last three byte...

Page 21: ...tion settings on the device Time Network time synchronization is critical because every aspect of managing securing planning and debugging a network involves determining when events occur Without sync...

Page 22: ...r in one of the following ways Client Broadcast Reception passive mode SNTP servers broadcast the time and the device listens to these broadcasts When the device is in this mode there is no need to de...

Page 23: ...bled or fails Note The DHCP server must supply DHCP option 100 in order for dynamic time zone configuration to take place System Time Use the System Time page to select the system time source If the s...

Page 24: ...m any SNTP servers on the subnet Manual Date Time Set the date and time manually The local time is used when there is no alternate source of time such as an SNTP server Time Zone Time Zone from DHCP S...

Page 25: ...on the same date every year This allows customization of the start and stop of DST Day Day of the week on which DST begins every year Week Week within the month from which DST begins every year Month...

Page 26: ...ing the algorithm described in RFC 2030 Delay Estimated round trip delay of the server s clock relative to the local clock over the network path between them in milliseconds The host determines the va...

Page 27: ...ith the lowest stratum level distance from the reference clock that is reachable The server with the lowest stratum is considered to be the primary server The server with the next lowest stratum is a...

Page 28: ...Pv1 or v2 1 Navigate to the SNMP Communities page and click Add The community can be associated with access rights and a view in Basic mode or with a group in Advanced mode There are two ways to defin...

Page 29: ...P database 2 Optionally define SNMP view s by using the Views page This limits the range of Object IDs available to a community or group 3 Define groups by using the Groups page 4 Define users by usin...

Page 30: ...1000 3 8 1 LGS318 18 Port Smart Gigabit Switch enterprises 1 linksys 3955 smb 1000 3 18 1 LGS326 26 Port Smart Gigabit Switch enterprises 1 linksys 3955 smb 1000 3 26 1 LGS308P 8 Port Smart Gigabit P...

Page 31: ...ault MAC address This engine ID must be unique for the administrative domain so that no two devices in a network have the same engine ID Local information is stored in four MIB variables that are read...

Page 32: ...nd Engine ID To add the IP address of an engine ID 4 Click Add Enter the following fields Remote Engine IP Address Select whether to specify the Engine ID server by IP address or name IP Version Selec...

Page 33: ...ss mode through the Communities page To define SNMP views 1 Click Configuration System Management SNMP Views 2 Click Add to define new views 3 Enter the parameters View Name Enter a view name between...

Page 34: ...s whether the defined object and its subtree are included or excluded in the selected SNMP view Groups In SNMPv1 and SNMPv2 a community string is sent along with the SNMP frames The community string a...

Page 35: ...ication Read View Only authenticated users are allowed to read the view By default all users or community of a group can access all the MIB objects A group can be limited to specific view s based on t...

Page 36: ...enticated but does not encrypt them o Authorized View Select the Read Write and Notify views associated with this group and with the above security level o Authentication and Privacy Authenticates SNM...

Page 37: ...r Database To receive inform messages and request information you must define both a local and remote user o Local User is connected to the local device o Engine User is connected to a different SNMP...

Page 38: ...ted 4 Click Apply to save the settings Communities Access rights in SNMPv1 and SNMPv2 are managed by defining communities in the Communities page The community name is a type of shared password betwee...

Page 39: ...A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supported If a link local address exists on the in...

Page 40: ...fined and the Running Configuration is updated Notification Filters The Notification Filter page enables configuring SNMP notification filters and Object IDs OIDs that are checked After creating a not...

Page 41: ...ted 4 Include or exclude in Object Filter If this is selected the selected MIBs are included in the filter otherwise they are excluded 5 Click Apply The SNMP views are defined and the running configur...

Page 42: ...er IPv4 or IPv6 IPv6 Address Type Select either Link Local or Global o Link Local The IPv6 address uniquely identifies hosts on a single network link A link local address has a prefix of FE80 is not r...

Page 43: ...he IPv6 address uniquely identifies hosts on a single network link A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link l...

Page 44: ...the User page the security level on this screen can be either No Authentication or Authentication Only or Authentication and Privacy The options are o No Authentication Indicates the packet is neithe...

Page 45: ...The event severity levels are listed from the highest severity to the lowest severity 1 Emergency System is not usable 2 Alert Action is needed 3 Critical System is in a critical condition 4 Error Sy...

Page 46: ...e options o None Do not include the origin identifier in SYSLOG messages o Hostname Include the system hostname in SYSLOG messages o IPv4 Address Include the IPv4 address of the sending interface inSY...

Page 47: ...ame o IP Version Select the supported IP version o IPv6 Address Type Select the IPv6 address type if IPv6 is used The options Global The IPv6 address is a global Unicast IPV6 type that is visible and...

Page 48: ...If a second facility code is assigned the first facility value is overridden o Description Enter a server description o Minimum Logging Level Select the minimum level of system log messages to be sent...

Page 49: ...ry in chronological order The minimum severity for logging is configured in the Log Management page Flash logs remain when the device is rebooted You can clear the logs manually Click Configuration Sy...

Page 50: ...ure is enabled 3 To update the port settings select the desired port and click Edit Select Your Port o Port Select the port number from the drop down menu Port settings o Operational Status Displays w...

Page 51: ...tise its transmission speed duplex mode and flow control abilities to the port link partner o Port Speed Port type determines available speeds You can designate this field only when port Auto Negotiat...

Page 52: ...nel LAG LAGs multiply the bandwidth increase port flexibility and provide link redundancy between two devices This switch supports two kinds of LAG Static A LAG is static if the LACP is disabled The p...

Page 53: ...hen a port is added to a LAG the configuration of the LAG is applied to the port When the port is removed from the LAG its original configuration is reapplied Protocols such as Spanning Tree consider...

Page 54: ...red and click Edit Select Your LAG o LAG Select the LAG from the drop down menu LAG Settings o Operational Status Whether the LAG is up or down o Port List Move those ports that are to be assigned to...

Page 55: ...e the available speeds You can designate this field only when port auto negotiation is disabled o Auto Advertisement Select the capabilities to be advertised by the LAG Max Capability All LAG speeds a...

Page 56: ...djusted for various cable lengths If the cable is shorter than 50 meters the device uses less power to send frames over the cable thus saving energy This mode is only supported on RJ45 GE ports it doe...

Page 57: ...hen there is no traffic and this feature is enabled on the port the port is placed in the LPI mode which reduces power consumption dramatically Both sides of a connection device port and connecting de...

Page 58: ...his is supported in GE models only 802 3 EEE Configuration Workflow This section describes how to configure the 802 3 EEE feature and view its counters 1 Ensure that auto negotiation is enabled on the...

Page 59: ...elect a port and click Edit Select Your Port o Port Select a port from the drop down menu Port Settings o Energy Detect Mode Select to enable o Short Reach Mode Select to enable o 802 3 EEE Mode Selec...

Page 60: ...iation the PD specifies its class which is the amount of maximum power that the PD consumes Power Consumption After the classification stage completes the PSE provides power to the PD If the PD suppor...

Page 61: ...versa when the device is operational forces the Powered Device to reboot Maximum port limit allowed as a per port numerical limit in mW Port Limit mode The PoE specific hardware automatically detects...

Page 62: ...r allowed Output power is disabled during power on reboot initialization and system configuration to ensure that PDs are not damaged To configure PoE on the device and monitor current power usage 1 Cl...

Page 63: ...r supply is low For example if the power supply is running at 99 usage and port 1 is prioritized as high but port 3 is prioritized as low port 1 receives power and port 3 might be denied power Power A...

Page 64: ...es power and port 3 might be denied power Class Class configured on this port The classes are shown in the following Class Maximum Power Delivered by Device Port 0 15 4 watt 1 4 0 watt 2 7 0 watt 3 15...

Page 65: ...that provides and accepts information from media endpoint devices such as VoIP phones and video phones Some notes about LLDP configuration LLDP can be enabled or disabled globally or per port The LLD...

Page 66: ...f they are in the same VLAN An LLDP capable device may receive advertisements from more than one device if the LLDP incapable devices flood the LLDP packets Workflows Following are examples of actions...

Page 67: ...he neighbor o power priority Port power priority o power value Port power value 2 Enter the following fields LLDP Status Select to enable LLDP on the device enabled by default LLDP Frame Handling If L...

Page 68: ...or manual configuration o 802 3 Link Aggregation Whether the link associated with the port on which the LLDP PDU is transmitted can be aggregated It also indicates whether the link is currently aggre...

Page 69: ...tion Whether Location TLV is transmitted PoE Whether POE PSE TLV is transmitted Inventory Whether Inventory TLV is transmitted 2 The message at the top of the page indicates whether the generation of...

Page 70: ...l TLVs Note The following fields must be entered in hexadecimal characters in the exact data format that is defined in the LLDP MED standard ANSI TIA 1057_final_for_publication pdf Location Coordinate...

Page 71: ...rt identifier that is shown o Port ID Identifier of port o Port Description Information about the port including manufacturer product name and hardware software version Management Address o Displays t...

Page 72: ...on o Serial Number Device serial number o Manufacturer Name Device manufacturer name o Model Name Device model name o Asset ID Asset ID Location Information o Civic Street address o Coordinates Map co...

Page 73: ...confirm the Global items o MSAP Entry Device Media Service Access Point MSAP entry number Basic Details o Chassis ID Subtype Type of chassis ID for example MAC address o Chassis ID Identifier of the 8...

Page 74: ...Class 1 Indicates a generic endpoint class offering basic LLDP services Endpoint Class 2 Indicates a media endpoint class offering media streaming capabilities as well as all Class 1 features Endpoint...

Page 75: ...k policy user priority o DSCP Network policy DSCP LLDP MED Network Policy LLDP Media Endpoint Discovery LLDP MED is an extension of LLDP that provides the following additional capabilities to support...

Page 76: ...ails on how the device maintains its voice VLAN To define an LLDP MED network policy 1 Click Configuration Port Management Discovery LLDP LLDP MED Network This page contains previously created network...

Page 77: ...f multiple tagged VLANs A port in VLAN Access mode can be part of only one VLAN If it is in General or Trunk mode the port can be part of one or more VLANs VLANs address security and scalability issue...

Page 78: ...o not have direct connectivity to each other over the Ethernet MAC layer Device VLANs can only be created statically Some VLANs can have additional roles including Voice VLAN For more information refe...

Page 79: ...ing on all the ports in the VLAN after saving the configuration and rebooting the device Removes VLAN membership of the ports from the original default VLAN takes effect after reboot Changes the PVID...

Page 80: ...tion VLAN Management VLANs 2 Click Add to add one or more new VLANs The page enables the creation of either a single VLAN or a range of VLANs 3 Enter the following fields for the new VLANs VLAN Select...

Page 81: ...Join VLAN page is displayed 4 Enter the values for the following fields Interface Select a Port LAG Interface VLAN Mode Select the interface mode for the VLAN The options are Access The interface is a...

Page 82: ...Apply The parameters are written to the Running Configuration file Join VLAN When a port is forbidden default VLAN membership that port is not allowed membership in any other VLAN An internal VID of...

Page 83: ...a member of any other VLAN enabling this option on the port makes the port part of internal VLAN 4095 a reserved VID Excluded The interface is currently not a member of the VLAN This is the default f...

Page 84: ...es must be to the same VLAN In other words the PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN Otherwise traffic m...

Page 85: ...er of the VLAN This is the default for all the ports and LAGs when the VLAN is newly created Tagged The interface is a tagged member of the VLAN This is not relevant for Access ports Untagged The inte...

Page 86: ...addresses on the same port The following table describes the availability of MAC based groups in various SKUs Table 1 MAC Based Group Availability SKU System Mode MAC Based Groups S d Smart Layer 2 Y...

Page 87: ...Length Prefix of the MAC address 4 Click Apply The MAC address is assigned to a VLAN group MAC Based VLAN per interface See Table 1 for a description of the availability of this feature Ports LAGs mus...

Page 88: ...the voice VLAN if it receives a packet with a source MAC address matching one of the configured telephony OUIs An OUI is the first three bytes of an Ethernet MAC address For more information about Tel...

Page 89: ...lephony OUI voice streams you can override the class of service and optionally remark the 802 1p of the voice streams by specifying the desired CoS 802 1p values and using the remarking option under T...

Page 90: ...ble automatically adding ports to voice VLAN when OUI packets are received Remark CoS 802 1p Select the enable remarking packets with the CoS 802 1p value Aging Time Enter the time delay to remove a p...

Page 91: ...lick Restore the system recovers the known OUIs 4 Click Apply The OUI is added to the Telephony OUI Table Telephony OUI Interfaces QoS attributes can be assigned per port to the voice packets in one o...

Page 92: ...face Select an interface Telephony OUI VLAN If enabled the interface is a candidate port of the telephony OUI based voice VLAN When packets that match one of the configured telephony OUI are received...

Page 93: ...network topologies to provide faster convergence of the spanning tree This is most effective when the network topology is naturally tree structured and therefore faster convergence might be possible R...

Page 94: ...STP ports The default path cost assigned to an interface varies according to the selected method o Short Specifies the range 1 through 65 535 for port path costs o Long Specifies the range 1 through 2...

Page 95: ...d Delay Set the interval in seconds that a bridge remains in a learning state before forwarding packet Designated Root Bridge ID The bridge priority concatenated with the MAC address of the device Roo...

Page 96: ...PDU packets are managed when STP is disabled on the port or the device BPDUs are used to transmit spanning tree information o Use Global Settings Select to use the settings defined in the Spanning Tre...

Page 97: ...he port can forward traffic and learn new MAC addresses Designated Bridge ID Displays the priority and interface of the selected port Designated Port ID Displays the priority and interface of the sele...

Page 98: ...set to forwarding state when the port link is up Fast Link optimizes the STP protocol convergence The options o Enable Enables Fast Link immediately o Disable Disables Fast Link o Auto Enables Fast L...

Page 99: ...fic and cannot learn MAC addresses o Learning The port is in Learning Mode The port cannot forward traffic however it can learn new MAC addresses o Forwarding The port is in Forwarding Mode The port c...

Page 100: ...switches in addition to instance zero VLAN to MSTP Instance Mapping For two or more switches to be in the same MST region they must have the same VLANs to MST instance mapping the same configuration...

Page 101: ...rties are defined and the Running Configuration file is updated To edit an MSTP instance 1 Click Configuration Spanning Tree Management MSTP Properties 2 Select the MST instance from the MST Instance...

Page 102: ...ed and defined Bridge Priority Set the priority of this bridge for the selected MST instance Designated Root Bridge ID Displays the priority and MAC address of the Root Bridge for the MST instance Roo...

Page 103: ...r the interfaces on the instance are displayed Interface Select the interface for which the MSTI settings are to be defined Interface Priority Set the port priority for the specified interface and MST...

Page 104: ...by a point to point link Backup ports also occur when a LAN has two or more established connections to a shared segment o Disabled The interface does not participate in the Spanning Tree o Boundary Th...

Page 105: ...ions Displays the number of times the port has changed from the Forwarding state to the Blocking state 4 Select an interface and click Edit 5 Enter the parameters 6 Click Apply The Running Configurati...

Page 106: ...or a corresponding matching MAC address in the static or dynamic table If a match is found the frame is marked for egress on the port specified in the table If frames are sent to a MAC address that is...

Page 107: ...ch the table is queried 5 Click Search The Dynamic MAC Address Table is queried and the results are displayed 6 To delete all dynamic MAC addresses click Clear Static MAC Addresses Static MAC addresse...

Page 108: ...nation MAC address that belongs to a reserved range per the IEEE standard the frame can be discarded or bridged The entry in the Reserved MAC Address Table can either specify the reserved MAC address...

Page 109: ...address o All Applies to all packets with the specific MAC address and protocol Action Select one of the following actions to be taken upon receiving a packet that matches the selected criteria o Brid...

Page 110: ...evice with Internet Group Membership Protocol IGMP snooping capabilities and a Multicast client that wants to receive a Multicast stream In this setup the router sends IGMP queries periodically These...

Page 111: ...ource the device adds the registration to its Multicast Forwarding Data Base MFDB IGMP snooping can effectively reduce Multicast traffic from streaming bandwidth intensive IP applications A device usi...

Page 112: ...warding to a smaller subset A common way of representing Multicast membership is the S G notation where S is the single source sending a Multicast stream of data and G is the IPv4 group address If a M...

Page 113: ...IPv6 Multicast Forwarding Select one of the following options By MAC Address Select to enable the MAC address method for forwarding Multicast packets By IPv6 Group Address Select to enable the IPv4 g...

Page 114: ...he VLAN ID on which IGMP snooping is defined IGMP Snooping Status Enable or disable the monitoring of network traffic for the selected VLAN Auto Learn MRouter Ports Select to enable auto learning of t...

Page 115: ...1 Click Configuration Multicast MLD Snooping When MLD Snooping is globally enabled the device monitoring network traffic can determine which hosts have requested to receive Multicast traffic The devi...

Page 116: ...lick Apply The Running Configuration file is updated Multicast Router Ports A Multicast router Mrouter port is a port that connects to a Multicast router The device includes the Multicast router port...

Page 117: ...this port i e MRouter Ports Auto Learn is not enabled on this port None The port is not currently a Multicast router port 4 Click Apply to update the device Forward All The Forward All page enables an...

Page 118: ...Configuration file is updated Unregistered Multicast Multicast frames are generally forwarded to all ports in the VLAN If IGMP Snooping is enabled the device learns about the existence of Multicast gr...

Page 119: ...icast settings 1 Click Configuration Multicast Unregistered Multicast 2 Define the following Interface Type Define whether to display ports or LAGs Interface Settings Displays the forwarding status of...

Page 120: ...the MAC Group Address FDB page but two entries on this page To query for an IP Multicast group 1 Click Configuration Multicast IGMP IP Group Addresses 2 Enter some or all of following query filter cr...

Page 121: ...ed to forward Multicast streams based on MAC group addresses and its destination address is a Layer 2 Multicast address the frame is forwarded to all ports that are members of the MAC group address Th...

Page 122: ...6 Click Apply the MAC Multicast group is saved to the Running Configuration file To configure and display the registration for the interfaces within the group select an address and click Membership T...

Page 123: ...IP address of the sending device If mode is S G enter the sender S This together with the IP group address is the Multicast group ID S G to be displayed If mode is G enter an to indicate that the Mult...

Page 124: ...play ports or LAGs 7 For each interface select its association type Static Attaches the interface to the Multicast group as a static member Dynamic Indicates that the interface was added to the Multic...

Page 125: ...conds it continues to send DHCPDISCOVER queries and adopts the default IPv4 address 192 168 1 251 24 IP address collisions occur when the same IP address is used in the same IP subnet by more than one...

Page 126: ...VLAN Select the Management VLAN used to access the device through telnet or the Web GUI VLAN1 is the default Management VLAN IP Address Type Select one of the following options o Dynamic DHCP Discove...

Page 127: ...ly connected IP subnet is the subnet to which an IPv4 interface of the device is connected When the device is required to send route a packet to a local device it searches the ARP table to obtain the...

Page 128: ...The Internet Protocol version 6 IPv6 is a network layer protocol for packet switched Internet works IPv6 was designed to replace IPv4 the predominantly deployed Internet protocol IPv6 introduces great...

Page 129: ...igned New addresses remain in a tentative state during DAD verification Entering 0 in this field disables duplicate address detection processing on the specified interface Entering 1 in this field ind...

Page 130: ...uely identifies hosts on a single network link A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supp...

Page 131: ...e randomly selects a router from the list The device supports one static IPv6 default router Dynamic default routers are routers that have sent router advertisements to the device IPv6 interface When...

Page 132: ...ute IPv6 address 0 that uses the default router selected from the IPv6 Default Router List to send packets to destination devices that are not in the same IPv6 subnet as the device In addition to the...

Page 133: ...ddress that is a global Unicast IPV6 type that is visible and reachable from other networks o Point to Point A Point to point tunnel Metric Value used for comparing this route to other routes with the...

Page 134: ...figuration IP Interface IPv6 IPv6 Neighbors The following fields are displayed for the neighboring interfaces IPv6 Interface Neighboring IPv6 interface type IPv6 Address IPv6 address of a neighbor MAC...

Page 135: ...lect to designate the device as a DNS client which can resolve DNS names into IP addresses through one or more configured DNS servers Default Domain Name Enter the DNS domain name used to complete unq...

Page 136: ...tively determines the order in which unqualified names are completed during DNS queries 3 Click Apply The DNS server is saved to the Running Configuration file DHCP DHCP snooping provides a security m...

Page 137: ...atures to determine legitimate packet sources DHCP Trusted Ports Ports can be either DHCP trusted or untrusted By default all ports are untrusted To create a port as trusted use the DHCP Snooping Trus...

Page 138: ...r Forward the packet according to DHCP information If the destination address is unknown the packet is filtered DHCPREQUEST Forward to trusted interfaces only Forward to trusted interfaces only DHCPAC...

Page 139: ...g fields DHCP Snooping Select to enable DHCP Snooping Option 82 Passthrough Select to leave foreign Option 82 information when forwarding packets Verify MAC Address Select to verify that the source MA...

Page 140: ...yed for each interface for which the DHCP Snooping is enabled Interface On which DHCP Snooping is enabled or disabled Interface IP Address IP address of the interface on which DHCP Snooping is enabled...

Page 141: ...ed To designate an interface as untrusted go to Interface Settings DHCP Snooping Binding Database Note the following points about maintenance of the DHCP Snooping Binding database The device does not...

Page 142: ...vant search criteria and click Search 2 To add an entry click Add and enter the fields VLAN ID VLAN on which a packet is expected MAC Address MAC address of a packet IPv4 Address IP address of a packe...

Page 143: ...e Settings To configure trusted interfaces Click Configuration IP Network Operation Interface Settings Interface Interface identifier DHCP Snooping Trusted Interface Whether the interface is DHCP Snoo...

Page 144: ...f the selected authentication methods are RADIUS and Local and all configured RADIUS servers are queried in priority order and do not reply the user is authenticated locally If an authentication metho...

Page 145: ...ice 3 Click Add to add a new user or click Edit to modify a user 4 Enter the parameters User Name Enter a new username between 0 and 20 characters UTF 8 characters are not permitted Password Enter a p...

Page 146: ...ds for an access method 1 Click Configuration Security Management Security Management Access Authentication 2 Select an access method from the Application list 3 Use the arrows to move the authenticat...

Page 147: ...vice at one time Access profiles consist of one or more rules The rules are executed in order of their priority within the access profile top to bottom Rules are composed of filters that include the f...

Page 148: ...finished To add additional rules to the profile use the Profile Rules page 1 Click Configuration Security Management Security Access Profile This page displays all of the access profiles active and i...

Page 149: ...and LAGs o Port Rule applies to ports o LAG Rule applies to LAGs o VLAN Rule applies to VLANs Source IP Address Select the type of source IP address to which the access profile applies The Source IP A...

Page 150: ...at are allocated to the IT management center In this way the device can still be managed and has gained another layer of security To add profile rules to an access profile 1 Click Configuration Securi...

Page 151: ...The options are o All Applies to all ports VLANs and LAGs o Port Select the port attached to the rule o LAG Select the LAG attached to the rule o VLAN Select the VLAN attached to the rule Source IP Ad...

Page 152: ...Authentication Provides authentication of regular and 802 1X users logging onto the device by using usernames and user defined passwords Authorization Performed at login After the authentication sessi...

Page 153: ...lure is considered to have occurred Timeout for Reply Enter the number of seconds that the device waits for an answer from the RADIUS server before retrying the query or switching to the next server D...

Page 154: ...g Port Enter the UDP port number of the RADIUS server port for accounting requests Priority Enter the priority of the server The priority determines the order the device attempts to contact the server...

Page 155: ...1x protocol for authentication it runs the supplicant part of the 802 1x protocol and the client part of the EAP protocol Authenticator An authenticator is a network device that provides network serv...

Page 156: ...onfigured in the Host Authentication page Multi Host Mode A port is authorized if there is at least one authorized client When a port is unauthorized and a guest VLAN is enabled untagged traffic is re...

Page 157: ...t authorized with the old method 802 1x Based Authentication The device supports the 802 1x authentication mechanism as described in the standard to authenticate and authorize 802 1x supplicants The 8...

Page 158: ...guest VLAN in Single Host and Multi Host Mode Untagged traffic and tagged traffic belonging to the guest VLAN arriving on an unauthorized port are bridged via the guest VLAN All other traffic is disc...

Page 159: ...uration file is updated 5 Click Configuration Security Network Access Control Port Authentication 6 Select the required port and click Edit 7 Set the Host Authentication mode 8 Select a port and click...

Page 160: ...ntication Enable or disable port based authentication If this is disabled 802 1X is disabled Authentication Method Select the user authentication methods The options are as follows o RADIUS None Perfo...

Page 161: ...e Authorized state such as host authentication it is recommended that you change the port control to Force Authorized before making changes When the configuration is complete return the port control t...

Page 162: ...AN Select to indicate that the usage of a previously defined guest VLAN is enabled for the device Enables using a guest VLAN for unauthorized ports If a guest VLAN is enabled the unauthorized port aut...

Page 163: ...ated on each port MAC Address Displays the supplicant MAC address Port Number of the port VLAN ID VLAN where the host is learned or assigned Session Time Amount of time that the supplicant was logged...

Page 164: ...dropped Frames are dropped unless they belong to the unauthenticated VLANs N S The authentication method does not support the port mode Authenticated Traffic With RADIUS VLAN Without RADIUS VLAN Unta...

Page 165: ...addresses are not subject to aging or relearning Limited Dynamic Lock The device learns MAC addresses up to the configured limit of allowed addresses After the limit is reached the device does not lea...

Page 166: ...current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging of MAC addresses are enabled Maximum Addresses Enter t...

Page 167: ...rate of Broadcast Multicast or Unknown Unicast frames is higher than the user defined threshold frames received beyond the threshold are discarded To define Storm Control 1 Click Configuration Securit...

Page 168: ...Enter the maximum rate at which unknown packets can be forwarded The default for this threshold is 10 000 for FE devices and 100 000 for GE devices 3 Click Apply Storm control is modified and the Runn...

Page 169: ...se of this default drop action you must explicitly add ACEs into the ACL to permit the desired traffic including management traffic such as Telnet HTTP or SNMP that is directed to the device itself Fo...

Page 170: ...ce using the ACL Binding page 2 If the ACL is part of the class map and not bound to an interface then it can be modified 3 If the ACL is part of a class map contained in a policy bound to an interfac...

Page 171: ...Configuration Access Control List MAC based ACE 2 Select an ACL and click Search The ACEs in the ACL are listed 3 Click Add 4 Enter the parameters ACL Name Select the name of the ACL to which an ACE...

Page 172: ...bits where there are 1 s You need to translate the 1 s to a decimal integer and you write 0 for each four zeros In this example since 1111 1111 255 the mask would be written as 0 0 0 255 Source MAC A...

Page 173: ...ncluding wildcards DSCP IP precedence value Note ACLs are also used as the building elements of flow definitions for per flow QoS handling The IPv4 Based ACL page enables adding ACLs to the system The...

Page 174: ...E The options o Permit Forward packets that meet the ACE criteria o Deny Drop packets that meet the ACE criteria o Shutdown Drop packet that meets the ACE criteria and disable the port to which the pa...

Page 175: ...on addresses Destination IP Address Value Enter the IP address to which the destination IP address is to be matched Destination IP Wildcard Mask Enter the mask to define a range of IP addresses Source...

Page 176: ...s all currently defined IPv6 Based ACLs 2 Click Add 3 Enter the name of the new ACL in the ACL Name field The names are case sensitive 4 Click Apply The IPv6 Based ACL is saved to the Running Configur...

Page 177: ...rotocol ID Instead of selecting the name enter the protocol ID Source IP Address Select Any if all source addresses are acceptable or User Defined to enter a source address or range of source addresse...

Page 178: ...he Running Configuration file ACL Binding When an ACL is bound to an interface port LAG or VLAN its ACE rules are applied to packets arriving at that interface Packets that do not match any of the ACE...

Page 179: ...to the interface IPv4 Based ACL Select an IPv4 Based ACL to be bound to the interface IPv6 Based ACL Select an IPv6 Based ACL to be bound to the interface Permit Any Unmatched Packets Select to enable...

Page 180: ...long See Queue Scheduling Other Traffic Class Handling Attribute Applies QoS mechanisms to various classes including bandwidth management QoS Operation When using the QoS feature all traffic of the sa...

Page 181: ...aper and queue setting WRR SP bandwidth setting are reset to default values All other user configurations remain intact QoS Workflow To configure general QoS parameters 1 Choose the QoS mode Basic or...

Page 182: ...the device Basic QoS is enabled on the device in Basic mode 3 Select Port LAG and click Search to display modify all ports LAGs on the device and their CoS information The following fields are displa...

Page 183: ...R In WRR mode the number of packets sent from the queue is proportional to the weight of the queue the higher the weight the more frames are sent For example if there are a maximum of four queues poss...

Page 184: ...s the queue number Scheduling Method Select one of the following options o Strict Priority Traffic scheduling for the selected queue and all higher queues is based strictly on the queue priority o WRR...

Page 185: ...page and bandwidth allocation Bandwidth page it is possible to achieve the desired quality of service in a network The CoS 802 1p to Queue mapping is applicable only if one of the following exists The...

Page 186: ...de and DSCP is the trusted mode Non IP packets are always classified to the best effort queue The following tables describe the default DSCP to queue mapping DSCP 63 55 47 39 31 23 15 7 Queue 3 3 4 3...

Page 187: ...e ingress interface Excess bandwidth above this limit is discarded The following values are entered for egress shaping Committed Information Rate CIR sets the average maximum amount of data allowed to...

Page 188: ...te Enter the maximum bandwidth for the egress interface Egress Committed Burst Size CBS Enter the maximum burst size of data for the egress interface in bytes of data This amount can be sent even if i...

Page 189: ...ximum rate CIR in Kbits per second Kbps CIR is the average maximum amount of data that can be sent Committed Burst Size Enter the maximum burst size CBS in bytes CBS is the maximum burst of data allow...

Page 190: ...d at the edge of the QoS domain To define the Trust configuration 1 Click Configuration Quality of Service Basic QoS 2 Select the Trust Mode while the device is in Basic mode The Trust mode determines...

Page 191: ...before the interface Ethernet statistics are refreshed The available options o No Refresh Statistics are not refreshed o 15 Sec Statistics are refreshed every 15 seconds o 30 Sec Statistics are refre...

Page 192: ...erfaces and queues with a high DP Drop Precedence o Set 2 Displays the statistics for Set 2 that contains all interfaces and queues with a low DP Interface Select the ports for which statistics are di...

Page 193: ...Configuration file and the backup configuration file File Management System files are files that contain configuration information firmware images or boot code Various actions can be performed with th...

Page 194: ...The Startup Configuration is retained in flash memory and is preserved when the device is rebooted At this time the Startup Configuration is copied to RAM and identified as the Running Configuration B...

Page 195: ...atus of the new image to be the active image by using the procedure in the Active Firmware Image section Then boot the device To upgrade or backup a software image 1 Click Maintenance File Management...

Page 196: ...ported If a link local address exists on the interface this entry replaces the address in the configuration o Global The IPv6 address is a global Unicast IPV6 type that is visible and reachable from o...

Page 197: ...Displays the image file that is currently active on the device Version Displays the firmware version of the active image Active Firmware Image After Reboot Displays the image that is active after rebo...

Page 198: ...Running Configuration You can reboot the device by using the process described in the Management Interface section To backup or restore the system configuration file 1 Click Maintenance File Managemen...

Page 199: ...main name of the TFTP server Note If the server is selected by name in the Server Definition there is no need to select the IP version related options 4 Click Apply The file is upgraded or backed up 5...

Page 200: ...n the device is rebooted The following combinations of copying internal file types are allowed From the Running Configuration to the Startup Configuration or Backup Configuration From the Startup Conf...

Page 201: ...n block of the Copper Test page Preconditions to Running the Copper Port Test Before running the test Mandatory Disable Short Reach mode go to Port Management Green Ethernet Properties Optional Disabl...

Page 202: ...Result Error has occurred Distance to Fault Distance from the port to the location on the cable where the fault was discovered Port Operational Status Displays whether port is up or down Note TDR tes...

Page 203: ...to a destination device Ping operates by sending Internet Control Message Protocol ICMP echo request packets to the target host and waiting for an ICMP response sometimes called a pong It measures th...

Page 204: ...the Host Definition Ping Interval Length of time the system waits between ping packets Ping is repeated the number of times configured in the Number of Pings field whether the ping succeeds or not Cho...

Page 205: ...has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supported If a link local address exists on the interface this entry re...

Page 206: ...such as an intrusion detection system A network analyzer connected to the monitoring port processes the data packets for diagnosing debugging and performance monitoring Up to four sources can be mirr...

Page 207: ...yzer port to where packets are copied A network analyzer such as a PC running Wireshark is connected to this port If a port is identified as an analyzer destination port it remains the analyzer destin...

Page 208: ...ort Click Get Support to go to the Linksys Small Business support website Resources available there include setup help frequently asked questions software downloads live chat with technical support an...

Page 209: ...ademarks mentioned are the property of their respective owners Licenses and notices for third party software used in this product may be viewed here http support linksys com en us license Please conta...

Reviews:

No comments

Related manuals for LGS308

3Com Switch 4500 Family Configuration Manual preview
Switch 4500 Family
Brand: 3Com Pages: 742
3Com Switch 7757 Configuration Manual preview
Switch 7757
Brand: 3Com Pages: 940
3Com 4210 Series Release Notes preview
4210 Series
Brand: 3Com Pages: 43
3Com OfficeConnect WX1200 Command Reference Manual preview
OfficeConnect WX1200
Brand: 3Com Pages: 646
UfiSpace S9180-32X Hardware Installation Manual preview
S9180-32X
Brand: UfiSpace Pages: 25
Equip Vision 332702 Manual preview
Vision 332702
Brand: Equip Pages: 10
EtherWAN EX17162A Installation Manual preview
EX17162A
Brand: EtherWAN Pages: 2
EtherWAN EX19164A Installation Manual preview
EX19164A
Brand: EtherWAN Pages: 2
Qvis poeswitch-4 Installation Manual preview
poeswitch-4
Brand: Qvis Pages: 7
Xcellon SH10-10H Manual preview
SH10-10H
Brand: Xcellon Pages: 2
TRENDnet TI-G102 Quick Installation Manual preview
TI-G102
Brand: TRENDnet Pages: 2
WaveSplitter WST-PIP001 Operation Manual preview
WST-PIP001
Brand: WaveSplitter Pages: 35
Larson Electronics EPS-1XPB-1XPL-M1-24V Instruction Manual preview
EPS-1XPB-1XPL-M1-24V
Brand: Larson Electronics Pages: 2
Rosewill RHUB-210 User Manual preview
RHUB-210
Brand: Rosewill Pages: 2
Rose electronics Vista L SERIES Installation And Operation Manual preview
Vista L SERIES
Brand: Rose electronics Pages: 36
Kramer VS-169TP User Manual preview
VS-169TP
Brand: Kramer Pages: 45
hager EG071 User Manual preview
EG071
Brand: hager Pages: 6
Arista 7050 Series Quick Start Manual preview
7050 Series
Brand: Arista Pages: 56

Brands by name

Popular brands

Load more brands