manualshive.com logo in svg

Linksys Smart Switch LGS3XX, User Manual

The Linksys Smart Switch LGS3XX offers advanced networking capabilities in a user-friendly package. Designed for seamless connectivity, this switch provides exceptional performance and reliability. For complete control and configuration, make sure to download the free User Manual from our website, manualshive.com, to maximize your switch's potential.

Share
Download
background image

72

Table of Contents

Linksys

72

Chapter 12 Security

Security

This section describes device security and access control  The system handles 
various types of security 

This chapter covers the following sections:

 •

Management Security

 •

RADIUS

 •

Network Access Control

 •

Port Security

 

Storm Control

Management Security

The default username/password is admin/admin 

You can assign authentication methods to the various management access 
methods, such as, Telnet, HTTP, and HTTPS  The authentication can be 
performed locally or on a RADIUS server 

User Access & Accounts

The User Access & Accounts page enables entering additional users that are 
permitted to access to the device (read-only or read-write) or changing the 
passwords of existing users 

User authentication occurs in the order that the authentication methods are 
selected  If the first authentication method is not available, the next selected 
method is used  For example, if the selected authentication methods are 
RADIUS and Local, and all configured RADIUS servers are queried in priority 
order and do not reply, the user is authenticated locally 

If an authentication method fails or the user has insufficient privilege level, the 
user is denied access to the device  In other words, if authentication fails at an 
authentication method, the device stops the authentication attempt; it does 
not continue and does not attempt to use the next authentication method 

After adding a user (as described below), the default user is removed from 
the system 

NOTE:
It is not permitted to delete all users  If all users are selected, the Delete 
button is disabled 

To add a new user:
STEP 1  Click Configuration > Security > Management Security > User Access 

& Accounts 

This page displays the users defined in the system  Enter the following fields:

 •

HTTP Service—Select to enable on the device 

 •

HTTP Server Port—Enter the port on which HTTP is enabled 

 •

HTTPS Service—Select to enable on the device 

 •

HTTPS Server Port—Enter the port on which HTTPS is enabled 

 •

Telnet—Select to enable on the device 

STEP 2

 

Click Add to add a new user or click Edit to modify a user 

STEP 3

 

Enter the parameters 

 

User Name—Enter a new username between 0 and 20 characters  UTF-8 
characters are not permitted 

 

Password—Enter a password (UTF-8 characters are not permitted) 

 

Confirm Password—Enter the password again 

STEP 4

 

Click Apply  The user is added to the Running Configuration file of 
the device 

Access Authentication

You can assign authentication methods to the various management access 
methods, such as console, HTTP, and HTTPS  The authentication can be 
performed locally or on a RADIUS server 

User authentication occurs in the order that the authentication methods are 
selected  If the first authentication method is not available, the next selected 
method is used  For example, if the selected authentication methods are 
RADIUS and Local, and all configured RADIUS servers are queried in priority 
order and do not reply, the user is authenticated locally 

Summary of Contents for Smart Switch LGS3XX

Page 1: ...Smart Switch LGS3XX User Guide ...

Page 2: ...10 System Information 10 Management Session Timeout 10 Time 10 Overview 10 System Time 11 SNTP Unicast Server 12 SNMP 14 SNMP Versions and Workflow 14 Feature Configuration 15 Views 16 Groups 17 Users 18 Communities 19 Notification Filters 20 SNMPv1 v2 Notification Recipients 20 SNMPv3 Notification Recipients 21 Logs 22 Log Management 22 Remote Log Servers 23 RAM Log 23 Flash Memory Log 23 Chapter...

Page 3: ...1 Chapter 8 MAC Address Management 53 Dynamic MAC Addresses 53 Static MAC Addresses 53 Reserved MAC Addresses 54 Chapter 9 Multicast 55 Overview 55 Feature Configuration 56 IGMP MLD Snooping 57 Multicast Router Ports 58 Forward All 59 Unregistered Multicast 59 IGMP MLD IP Group Addresses 59 MAC Group Address FDB 60 IP Group Address FDB 60 Chapter 10 IP Interface 62 IPv4 62 Overview 62 IPv4 Interfa...

Page 4: ...ontrol List 86 MAC Based ACL 87 MAC Based ACE 87 IPv4 Based ACL 88 IPv4 Based ACE 88 IPv6 Based ACL 89 IPv6 Based ACE 89 ACL Binding 90 Chapter 14 Quality of Service 91 Overview 92 Feature Configuration 93 Queue Scheduling 93 CoS 802 1p to Queue 94 DSCP to Queue 95 Bandwidth Control 95 Egress Shaping 96 Basic QoS 96 QoS Statistics 97 Chapter 15 Maintenance 97 Reboot 98 File Management 98 Overview ...

Page 5: ...ess bar on the browser and then press Enter NOTE When the device is using the factory default IP address of 192 168 1 251 its power LED flashes continuously When the device is using a DHCP assigned IP address or an administrator configured static IP address the power LED is on solid Logging In The default username is admin and the default password is admin to log in to the Web based GUI STEP 1 Ope...

Page 6: ...guration File Copy page and save the Running Configuration to the Startup Configuration file type on the device Apply Click to apply changes to the Running Configuration on the device If the device is rebooted the Running Configuration is lost unless it is saved to the Startup Configuration file type or another file type Click Save to display the Configuration File Copy page and save the Running C...

Page 7: ...e To configure the device through the menu CLI do the following 1 Log on to the device through telnet The following menu is displayed 2 Enter your user name and password The main menu is displayed 3 Continue configuring the device 4 Click Logout to log out of the CLI menu ...

Page 8: ...Unique vendor identification of the network management subsystem Firmware Version Firmware version number Boot Code Version Boot version number Hardware Version Hardware version number of the device Serial Number Serial number Device Status Fan Status Applicable only to models that have fans The following values are possible OK Fan is operating normally Fail Fan is not operating correctly Date Tim...

Page 9: ... that were received Frames of 128 to 255 Bytes Number of frames containing 128 255 bytes that were received Frames of 256 to 511 Bytes Number of frames containing 256 511 bytes that were received Frames of 512 to 1023 Bytes Number of frames containing 512 1023 bytes that were received Packets of 1024 and More Bytes Number of frames containing 1024 2000 bytes and Jumbo Frames that were received To ...

Page 10: ... framing bits but including FCS octets Jabbers Total number of received packets that were longer than 2000 octets This number excludes frame bits but includes FCS octets that had either a bad FCS Frame Check Sequence with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number Collisions Collisions received Utilization Percentage of current interface tr...

Page 11: ...ndicates the action to be taken when the alarm occurs Alarm counters can be monitored by either absolute values or changes delta in the counter values To enter RMON alarms STEP 1 Click System Status RMON Alarms All previously defined alarms are displayed The fields are described in the Add RMON Alarm page below In addition to those fields the following field appears Counter Value Displays the valu...

Page 12: ...freshed The available options are as follows No Refresh Statistics are not refreshed 15 Sec Statistics are refreshed every 15 seconds 30 Sec Statistics are refreshed every 30 seconds 60 Sec Statistics are refreshed every 60 seconds The Receive Statistics area displays information about incoming packets Unicast Packets Good Unicast packets received Multicast Packets Good Multicast packets received ...

Page 13: ...ion the Quick Start page provides links to the most commonly used pages Link Name on the Page Linked Page Configure User Accounts and Management Access User Access Accounts Configure Device IP Address IPv4 Interface Create VLANs VLANs Configure VLAN Memberships VLAN Memberships Save Your Configuration Configuration File Copy Clicking on the Support link takes you to the device product support page...

Page 14: ...ent Management Session Timeout STEP 2 Select the timeout for the following sessions from the corresponding list The default timeout value is 10 minutes Telnet Session Timeout Select the timeout for a Telnet session HTTP Session Timeout Select the timeout for an HTTP session HTTPs Session Timeout Select the timeout for an HTTPS session STEP 3 Click Apply to set the configuration settings on the dev...

Page 15: ...l configuration of the time zone and DST becomes the Operational time zone and DST only if the dynamic configuration is disabled or fails NOTE The DHCP server must supply DHCP option 100 in order for dynamic time zone configuration to take place SNTP Modes The device can receive the system time from an SNTP server in one of the following ways Client Broadcast Reception passive mode SNTP servers br...

Page 16: ... the DHCP server This acronym appears in the Actual Time field Time Zone Offset Select the difference in hours between Greenwich Mean Time GMT and the local time For example the Time Zone Offset for Paris is GMT 1 while the Time Zone Offset for New York is GMT 5 Time Zone Acronym Enter a user defined name that represents the time zone you have configured This acronym appears in the Actual Time fie...

Page 17: ...going to be identified by its IP address or if you are going to select a well known SNTP server by name from the list NOTE To specify a well known SNTP server the device must be connected to the Internet and configured with a DNS server or configured so that a DNS server is identified by using DHCP See DNS Settings IP Version Select the version of the IP address Version 4 or Version 6 IPv6 Address...

Page 18: ...sure message content Cipher Block Chaining CBC DES is used for encryption Either authentication alone can be enabled on an SNMP message or both authentication and privacy can be enabled on an SNMP message However privacy cannot be enabled without authentication Timeliness Protects against message delay or playback attacks The SNMP agent compares the incoming message time stamp to the message arriv...

Page 19: ...S318P 16 Port Smart Gigabit PoE Switch enterprises 1 linksys 3955 smb 1000 3 18 2 LGS326P 24 Port Smart Gigabit PoE Switch enterprises 1 linksys 3955 smb 1000 3 26 2 The private Object IDs are placed under enterprises 1 linksys 3955 smb 1000 switch01 201 Feature Configuration The Engine ID is used by SNMPv3 entities to uniquely identify them An SNMP agent is considered an authoritative SNMP engine...

Page 20: ... defined by the Object ID OID of the root of the relevant subtrees Either well known names can be used to specify the root of the desired subtree or an OID can be entered see Model OIDs Each subtree is either included or excluded in the view being defined The Views page enables creating and editing SNMP views The default views Default DefaultSuper cannot be changed Views can be attached to groups ...

Page 21: ...thentication Read View Only authenticated users are allowed to read the view By default all users or community of a group can access all the MIB objects A group can be limited to specific view s based on the read write notify authentication and or privacy configurations Authentication Write View Only authenticated users are able to write the view Management access is write for the selected view Au...

Page 22: ...device Engine User is connected to a different SNMP entity besides the local device If the remote Engine ID is defined remote devices receive inform messages but cannot make requests for information Select the remote engine ID Group Name Select the SNMP group to which the SNMP user belongs SNMP groups are defined in the Add Group page NOTE Users who belong to groups which have been deleted remain ...

Page 23: ...V6 type that is visible and reachable from other networks Interface If the IPv6 address type is Link Local select whether it is received through a VLAN or ISATAP IP Address Enter the SNMP management station IP address Community Enter the community name used to authenticate the management station to the device Access Control Select one of the following Basic In this mode there is no connection to a...

Page 24: ...ch SNMP notifications are sent and the types of SNMP notifications that are sent to each destination traps or informs The Add Edit pop ups enable configuring the attributes of the notifications An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred such as a link up down It is also possible to filter certain notifications ...

Page 25: ... list Recipient IP Address Name Enter the IP address or server name of where the traps are sent UDP Port Enter the UDP port used to for notifications on the recipient device Notification Type Select whether to send traps or informs If both are required two recipients must be created User Name Select from the drop down list the user to whom SNMP notifications are sent In order to receive notificati...

Page 26: ...nformation about an event You can select different severity levels for RAM and Flash logs These logs are displayed in the RAM Log page and Flash Memory Log page respectively Selecting a severity level to be stored in a log causes all of the higher severity events to be automatically stored in the log Lower severity events are not stored in the log For example if Warning is selected all severity le...

Page 27: ...er Settings UDP Port Enter the UDP port to which the log messages are sent Facility Select a facility value from which system logs are sent to the remote server Only one facility value can be assigned to a server If a second facility code is assigned the first facility value is overridden Description Enter a server description Minimum Logging Level Select the minimum level of system log messages t...

Page 28: ...es For Jumbo Frames to take effect the device must be rebooted after the feature is enabled STEP 3 To update the port settings select the desired port and click Edit STEP 4 Modify the following parameters Port Select the port number Port Settings Operational Status Displays whether the port is currently up or down If the port is down because of an error the description of the error is displayed Ad...

Page 29: ...Select to connect this device to a station by using a straight through cable Auto Select to configure this device to automatically detect the correct pinouts for the connection to another device Description Enter the port description STEP 5 Click Apply The port settings are written to the Running Configuration file Link Aggregation This section describes how to configure LAGs It covers the followi...

Page 30: ...Disable LACP on the LAG to make it static Assign up to eight member ports to the static LAG in the Port List to the LAG Port Member list Perform these actions in the LAGs page 2 Configure various aspects of the LAG such as speed and flow control by using the Edit LAG page To configure a dynamic LAG perform the following actions 1 Enable LACP on the LAG Assign up to 16 candidates ports to the dynam...

Page 31: ...different from EEE in that Green Ethernet energy detect is enabled on all devices where only the gigabyte ports are enable with EEE The Green Ethernet feature can reduce overall power usage in the following ways Energy Detect Mode In this mode the switch conserves power when the operational status of a port is down Energy Detect Mode is supported on all ports Short Reach Mode This feature provides...

Page 32: ...y without user interaction when it is enabled on the device NOTE If Auto Negotiation is not enabled on a port the EEE is disabled The only exception is if the link speed is 1GB then EEE will still be enabled even though Auto Negotiation is disabled Default Configuration By default 802 3 EEE is enabled globally and per port Interactions Between Features The following describe 802 3 EEE interactions...

Page 33: ...EEE feature EEE Status Whether EEE is currently operating on the local port This is a function of whether it has been enabled Administrative Status whether it has been enabled on the local port and whether it is operational on the local port NOTE The window displays the Short Reach Energy Detect and EEE settings for each port however they are not enabled on any port unless they are also enabled gl...

Page 34: ... power consumed on the port exceeds the port limit the port power is turned off Class Limit Power is limited based on the class of the connected PD For these settings to be active the system must be in PoE Class Limit mode That mode is configured in the PoE Feature Configuration page When the power consumed on the port exceeds the class limit the port power is turned off PoE Priority Example A 48 ...

Page 35: ...s that the device can supply to all the connected PDs Consumed Power Amount of power in watts that is currently being consumed by the PoE ports Available Power Nominal power in watts minus the amount of consumed power STEP 3 Click Apply to save the PoE properties Port Limit Power Mode To configure port limit power mode do the following STEP 1 Click Configuration Port Management PoE Port Limit Powe...

Page 36: ... LLDP MED Network Policy Overview Link Layer Discovery Protocol LLDP is a link layer protocol for directly connected LLDP capable neighbors to advertise themselves and their capabilities LLDP enables network managers to troubleshoot and enhance network management in multi vendor environments LLDP standardizes methods for network devices to advertise themselves to other systems and to store discove...

Page 37: ...ding then LLDPcapable devices can hear each other only if they are in the same VLAN An LLDPcapable device may receive advertisements from more than one device if the LLDPincapable devices flood the LLDP packets Workflows Following are examples of actions that can be performed with the LLDP feature and in a suggested order You can refer to the LLDP CDP section for additional guidelines on LLDP conf...

Page 38: ... 8 through 15 are reserved 802 3 MAC PHY Duplex and bit rate capability and the current duplex and bit rate settings of the sending device It also indicates whether the current settings are due to auto negotiation or manual configuration 802 3 Link Aggregation Whether the link associated with the port on which the LLDP PDU is transmitted can be aggregated It also indicates whether the link is curr...

Page 39: ...tten to the Running Configuration file LLDP Local Information To view the LLDP local port status advertised on a port STEP 1 Click Configuration Port Management Discovery LLDP LLDP Local Information STEP 2 Select the desired port from the Port list This page displays the following groups of fields the actual fields displayed depend on the optional TLVs selected to be advertised Global Chassis ID S...

Page 40: ...ible field values are the following Tagged Indicates the network policy is defined for tagged VLANs Untagged Indicates the network policy is defined for untagged VLANs User Priority Network policy user priority DSCP Network policy DSCP LLDP Neighbor Information The LLDP Neighbor Information page contains information that was received from neighboring devices After timeout based on the value receiv...

Page 41: ...e Hardware Revision Hardware version Firmware Revision Firmware version Software Revision Software version Serial Number Device serial number Manufacturer Name Device manufacturer name Model Name Device model name Asset ID Asset ID Location Information Enter the following data structures in hexadecimal as described in section 10 2 4 of the ANSI TIA 1057 standard Civic Civic or street address Coord...

Page 42: ... VLAN section for details on how the device maintains its voice VLAN To define an LLDP MED network policy STEP 1 Click Configuration Port Management LLDP MED Network This page contains previously created network policies STEP 2 When Network Policy for Voice Application is enabled the device automatically generates and advertises a network policy with the current voice VLAN configuration Go to Voic...

Page 43: ...o the VLAN based on the PVID Port VLAN Identifier configured at the ingress port where the frame is received The frame is discarded at the ingress port if Ingress Filtering is enabled and the ingress port is not a member of the VLAN to which the packet belongs A frame is regarded as priority tagged only if the VID in its VLAN tag is 0 Frames belonging to a VLAN remain within the VLAN This is achie...

Page 44: ...s It is distinct non static non dynamic and all ports are untagged members by default It cannot be deleted It cannot be given a label It cannot be used for any special role such as unauthenticated VLAN or Voice VLAN This is only relevant for OUI enabled voice VLAN If a port is no longer a member of any VLAN the device automatically configures the port as an untagged member of the default VLAN A po...

Page 45: ...e VLAN s Interfaces The Interface Settings page displays and enables configuration of VLAN related parameters for all interfaces To configure the VLAN settings STEP 1 Click Configuration VLAN Management Interface Settings STEP 2 Select an interface type Port or LAG and click Search Ports or LAGs and their VLAN Membership are displayed STEP 3 To configure a Port or LAG select it and click Edit NOTE...

Page 46: ...t the interface mode for the VLAN The options are Access The interface is an untagged member of a single VLAN A port configured in this mode is known as an access port Trunk The interface is an untagged member of one VLAN at most and is a tagged member of zero or more VLANs A port configured in this mode is known as a trunk port General Port The interface can support all functions as defined in th...

Page 47: ... on the port makes the port part of internal VLAN 4095 a reserved VID Excluded The interface is currently not a member of the VLAN This is the default for all the ports and LAGs when the VLAN is newly created Tagged The interface is a tagged member of the VLAN This is not relevant for Access ports Untagged The interface is an untagged member of the VLAN Frames of the VLAN are sent untagged to the ...

Page 48: ... VLAN STEP 2 Click Add STEP 3 Enter the values for the following fields Interface Enter a general interface port LAG through which traffic is received Group ID Select aVLAN group defined in the MAC Based Groups page VLAN ID Select the VLAN to which traffic from the VLAN group is forwarded STEP 4 Click Apply to set the mapping of the VLAN group to the VLAN This mapping does not bind the interface d...

Page 49: ...onfigure the mapping and remarking CoS 802 1p of the voice traffic based on the OUI By default all interfaces are CoS 802 1p trusted The device applies the quality of service based on the CoS 802 1p value found in the voice stream In Auto Voice VLAN you can override the value of the voice streams using advanced QoS For Telephony OUI voice streams you can override the quality of service and optiona...

Page 50: ... assigned per port to the voice packets in one of the following modes All Quality of Service QoS values configured to the Voice VLAN are applied to all of the incoming frames that are received on the interface and are classified to the Voice VLAN Telephony Source MAC Address SRC The QoS values configured for the Voice VLAN are applied to any incoming frame that is classified to the Voice VLAN and ...

Page 51: ...e network topology is naturally tree structured and therefore faster convergence might be possible RSTP is enabled by default Spanning Tree The Spanning Tree page contains parameters for enabling STP or RSTP Use the STP Interface page and RSTP Interface page to configure ports with these modes respectively To set the STP status and global settings do the following STEP 1 Click Configuration Spanni...

Page 52: ...able STP on the port BPDU Handling Select how BPDU packets are managed when STP is disabled on the port or the device BPDUs are used to transmit spanning tree information Use Global Settings Select to use the settings defined in the Spanning Tree page Filtering Filters BPDU packets when Spanning Tree is disabled on an interface Flooding Floods BPDU packets when Spanning Tree is disabled on an inte...

Page 53: ...s STP Mode Select either STP or RSTP Point to Point Status Displays the point to point operational status if the Point to Point Administrative Status is set to Auto Port Role Displays the role of the port that was assigned by STP to provide STP paths The possible roles are as follows Root Lowest cost path to forward packets to the root bridge Designated The interface through which the bridge is co...

Page 54: ...ping the same configuration revision number and the same region name Formatted Font 18 pt Formatted Indent Left 0 Managed Switch Administration Guide 57 Switches intended to be in the same MST region are never separated by switches from another MST region If they are separated the region becomes two separate regions The VLAN to MSTP instance mapping is done in the MSTP Properties page Each VLAN ca...

Page 55: ...on Spanning Tree Management MSTP Instance Interface STEP 2 Enter the parameters MSTP Instance Select the MSTP instance to be configured Interface Type Select whether to display the list of ports or LAGs STEP 3 Click Search The following MSTP parameters for the interfaces on the instance are displayed Interface Select the interface for which the MSTI settings are to be defined Interface Priority Se...

Page 56: ...rt mode is STP Type Displays the MST type of the port Boundary A Boundary port attaches MST bridges to a LAN in a remote region If the port is a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Internal The port is an internal port Designated Bridge ID Displays the ID number of the bridge that connects the link or shared LAN to the roo...

Page 57: ...ses of frames entering the device To prevent this table from overflowing and to make room for new MAC addresses an address is deleted if no corresponding traffic is received for a certain period This period of time is the aging interval Configuring Dynamic MAC Address Aging Time To configure the aging interval for dynamic addresses do the following STEP 1 Click Configuration MAC Address Management...

Page 58: ...The entry in the Reserved MAC Address Table can either specify the reserved MAC address or the reserved MAC address and a frame type To add an entry for a reserved MAC address STEP 1 Configuration Click MAC Address Tables Reserved MAC Addresses STEP 2 Click Add STEP 3 Enter the values for the following fields MAC Address Select the MAC address to be reserved Frame Type Select a frame type based on...

Page 59: ...Multicast stream In this setup the router sends IGMP queries periodically These queries reach the device which in turn floods the queries to the VLAN and also learns the port where there is a Multicast router Mrouter When a host receives the IGMP query message it responds with an IGMP Join message saying that the host wants to receive a specific Multicast stream and optionally from a specific sour...

Page 60: ...the VLAN To selectively forward only to relevant ports and filter drop the Multicast on the rest of the ports enable Bridge Multicast filtering status in the Feature Configuration page If filtering is enabled Multicast frames are forwarded to a subset of the ports in the relevant VLAN as defined in the Multicast Forwarding Data Base Multicast filtering is enforced on all traffic By default such tr...

Page 61: ...s and determines the following Which ports are asking to join which Multicast groups on what VLAN Which ports are connected to Multicast routers Mrouters that are generating IGMP MLD queries Which ports are receiving PIM DVMRP or IGMP MLD query protocols These VLANs are displayed on the IGMP MLD Snooping page Ports asking to join a specific Multicast group issue an IGMP report that specifies which...

Page 62: ...AN ID Select a VLAN on which to configure MLD Snooping MLD Snooping Status Select to enable MLD snooping globally on all interfaces Auto Learn MRouter Ports Select to enable Auto Learn of the Multicast router Immediate Leave Select to enable the switch to remove an interface that sends a leave message from the forwarding table without first sending out MAC based general queries to the interface Wh...

Page 63: ...ort to join a Multicast group None The port is not currently a Forward All port STEP 5 Click Apply The Running Configuration file is updated Unregistered Multicast Multicast frames are generally forwarded to all ports in the VLAN If IGMP MLD Snooping is enabled the device learns about the existence of Multicast groups and monitors which ports have joined which Multicast group Multicast groups can ...

Page 64: ...cast streams based on MAC group addresses and its destination address is a Layer 2 Multicast address the frame is forwarded to all ports that are members of the MAC group address The MAC Group Address FDB page has the following functions Query and view information from the MFDB relating to a specific VLAN ID or a specific MAC address group This data is acquired either dynamically through IGMP MLD ...

Page 65: ...IP group address is the Multicast group ID S G to be displayed If mode is G enter an to indicate that the Multicast group is only defined by destination STEP 3 Click Search The results are displayed in the lower block STEP 4 Click Add to add a static IP Multicast group address STEP 5 Enter the parameters VLAN ID Defines the VLAN ID of the group to be added IP Group Address Define the IP address of...

Page 66: ...n a VLAN is configured to use dynamic IP addresses the device issues DHCPv4 requests until it is assigned an IPv4 address from a DHCPv4 server The management VLAN can be configured with a static or dynamic IP address The IP address assignment rules for the device are as follows Unless the device is configured with a static IP address it issues DHCPv4 requests until a response is received from the ...

Page 67: ... is required to send route a packet to a local device it searches the ARP table to obtain the MAC address of the device The ARP table contains dynamic addresses The device creates dynamic addresses from the ARP packets it receives Dynamic addresses age out after a configured time To define the ARP tables do the following STEP 1 Click Configuration IP Interface IPv4 ARP STEP 2 Enter the parameters ...

Page 68: ... in a tentative state during DAD verification Entering 0 in this field disables duplicate address detection processing on the specified interface Entering 1 in this field indicates a single transmission without follow up transmissions IPv6 Address Auto Configuration Select to enable automatic address configuration from router advertisements sent by neighbors NOTE The device does not support statef...

Page 69: ...ollowing fields for each default router Default Router IPv6 Address Link local IP address of the default router IPv6 Interface Outgoing IPv6 interface where the default router resides State Whether route is reachable or unreachable Type The default router configuration that includes the following options Static The default router was manually added to this table through the Add button Dynamic The ...

Page 70: ...e device This is the IPv6 equivalent of the IPv4 ARP Table When the device needs to communicate with its neighbors the device uses the IPv6 Neighbor Table to determine the MAC addresses based on their IPv6 addresses This page displays the neighbors that were automatically detected Each entry displays to which interface the neighbor is connected the neighbor s IPv6 and MAC addresses the entry type ...

Page 71: ...erence value a lower value means a higher chance of being used Configuration Source Source of the server s IP address static or DHCPv4 or DHCPv6 STEP 3 Up to eight DNS servers can be defined To add a DNS server click Add Enter the parameters IP Version Select Version 6 for IPv6 or Version 4 for IPv4 IPv6 Address Type Select the IPv6 address type if IPv6 is used The options are the following Global...

Page 72: ...when DHCP snooping is disabled Option 82 Insertion Disabled DHCP Relay VLAN with IP Address DHCP Relay VLAN without IP Address Packet arrives without Option 82 Packet arrives with Option 82 Packet arrives without Option 82 Packet arrives with Option 82 Packet is sent without Option 82 Packet is sent with original Option 82 Relay Discards Option 82 Bridge Packet is sent without Option 82 If reply o...

Page 73: ...interfaces only Forwarded to trusted interfaces only DHCPOFFER Filter Forward the packet according to DHCP information If the destination address is unknown the packet is filtered DHCPREQUEST Forward to trusted interfaces only Forward to trusted interfaces only DHCPACK Filter Same as DHCPOFFER and an entry is added to the DHCP Snooping Binding database DHCPNAK Filter Same as DHCPOFFER Remove entry...

Page 74: ...ss Select to verify that the source MAC address of the Layer 2 header matches the client hardware address as appears in the DHCP Header part of the payload on DHCP untrusted ports Backup Database Select to back up the DHCP Snooping Binding database on the device s flash memory DHCP Interfaces DHCP Snooping can be enabled on any interface with an IP Address and on VLANs with or without an IP addres...

Page 75: ...ich a packet is expected MAC Address MAC address of a packet IPv4 Address IP address of a packet Bindings Settings Interface Type of interface on which a packet is expected Type The possible field values are the following Dynamic Entry has limited lease time Static Entry was statically configured Lease Time If the entry is dynamic enter the amount of time that the entry is to be active in the DHCP...

Page 76: ...he next authentication method After adding a user as described below the default user is removed from the system NOTE It is not permitted to delete all users If all users are selected the Delete button is disabled To add a new user STEP 1 Click Configuration Security Management Security User Access Accounts This page displays the users defined in the system Enter the following fields HTTP Service ...

Page 77: ...he device at one time Access profiles consist of one or more rules The rules are executed in order of their priority within the access profile top to bottom Rules are composed of filters that include the following elements Access Methods Methods for accessing and managing the device The authentication method for the selected access method is specified in Management Access Authentication Telnet Hyp...

Page 78: ...o all ports VLANs and LAGs Port Rule applies to ports LAG Rule applies to LAGs VLAN Rule applies to VLANs Source IP Address Select the type of source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork Select one of the following values All Applies to all types of IP addresses User Defined Applies to only those types of IP addresses defined in the f...

Page 79: ...s field is valid for a subnetwork Select one of the following values All Applies to all types of IP addresses User Defined Applies to only those types of IP addresses defined in the fields IP Version Select the supported IP version of the source address IPv6 or IPv4 IP Address Enter the source IP address IP Subnet Mask Select the format for the subnet mask for the source IP address and enter a val...

Page 80: ...he RADIUS serve A key string is used to encrypt communications by using MD5 This overrides the default key string if one has been defined STEP 3 Click Apply The RADIUS default settings for the device are updated in the Running Configuration file To add a RADIUS server click Add STEP 4 Enter the values in the fields for each RADIUS server To use the default values entered in the RADIUS page select ...

Page 81: ...ts 802 1x authentication is a client server model In this model network devices have the following specific roles Client or supplicant Authenticator Authentication server This is described in the figure below A network device can be either a client supplicant an authenticator or both per port Client or Supplicant A client or supplicant is a network device that requests access to the LAN The client...

Page 82: ... page Multi Host Mode A port is authorized if there is at least one authorized client When a port is unauthorized and a guest VLAN is enabled untagged traffic is remapped to the guest VLAN Tagged traffic is dropped unless it belongs to the guest VLAN When a port is authorized untagged and tagged traffic from all hosts connected to the port is bridged based on the static VLAN membership port config...

Page 83: ...work access In this case the switch supports EAP MD5 functionality with the username and password equal to the client MAC address as shown below Figure 2 MAC Based Authentication The method does not have any specific configuration Guest VLAN The guest VLAN provide access to services that do not require the subscribing devices or ports to be 802 1X or MAC based authenticated and authorized The gues...

Page 84: ... Set the Administrative Port Control field to Auto STEP 10 Define the authentication methods STEP 11 Click Apply and the Running Configuration file is updated Workflow 2 To configure 802 1x based authentication STEP 1 Click Configuration Security Network Access Control Port Authentication STEP 2 Select the required port and click Edit STEP 3 Enter the fields required for the port The fields in thi...

Page 85: ... based on the authentication exchange between the device and the client Force Authorized Authorizes the interface without authentication Host Authentication Mode Select one of the following options Multiple Host 802 1x Supports port based authentication with multiple clients per port Multiple Sessions Supports client based authentication with multiple clients per port RADIUS VLAN Assignment Select...

Page 86: ...ast session was authenticated Authentication Method and Port Mode Support The following table shows which combinations of authentication method and port mode are supported Authentication Method Multi host Multi sessions Device in L3 Device in L2 802 1x MAC Legend The port mode also supports the guestVLAN and RADIUS VLAN assignment N S The authentication method does not support the port mode This d...

Page 87: ...less they belong to the guest VLAN or to the unauthenticated VLANs Frames are dropped Frames are dropped unless they belong to the unauthenticatedVLANs Frames are remapped to the RADIUS assignedVLAN Frames are dropped unless they belong to the RADIUSVLAN or to the unauthenticated VLANs Frames are bridged based on the staticVLAN configuration Frames are bridged based on the staticVLAN configuration...

Page 88: ...the Lock Interface can be reinstated The options are as follows Classic Lock Locks the port immediately regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging of MAC addresses are enabled M...

Page 89: ...owards the bandwidth threshold Multicast Broadcast Counts Broadcast and Multicast traffic towards the bandwidth threshold Broadcast Only Counts only Broadcast traffic towards the bandwidth threshold Storm Control Rate Threshold Enter the maximum rate at which unknown packets can be forwarded The default for this threshold is 10 000 for FE devices and 100 000 for GE devices STEP 4 Click Apply Storm...

Page 90: ...NOTE If no match is found to any ACE in all relevant ACLs the packet is dropped as a default action Because of this default drop action you must explicitly add ACEs into the ACL to permit the desired traffic including management traffic such as Telnet HTTP or SNMP that is directed to the device itself For example if you do not want to discard all the packets that do not match the conditions in an ...

Page 91: ...E page To define a MAC based ACL STEP 1 Click Configuration Access Control List MAC Based ACL This page contains a list of all currently defined MAC based ACLs STEP 2 Click Add STEP 3 Enter the name of the new ACL in the ACL Name field ACL names are case sensitive STEP 4 Click Apply The MAC based ACL is saved to the Running Configuration file MAC Based ACE To add rules ACEs to an ACL STEP 1 Click ...

Page 92: ...IP protocol by name for well known protocols or directly by value Source destination ports for TCP UDP traffic Flag values for TCP frames ICMP and IGMP type and code Source destination IP addresses including wildcards DSCP IP precedence value NOTE ACLs are also used as the building elements of flow definitions for per flow QoS handling see QoS Advanced Mode The IPv4 Based ACL page enables adding A...

Page 93: ...tination addresses Destination IP Address Value Enter the IP address to which the destination IP address is to be matched Destination IP Wildcard Mask Enter the mask to define a range of IP addresses Source Port Select one of the following Any Match to all source ports Single Port Enter a single TCP UDP source port to which packets are matched This field is active only if 800 6 TCP or 800 17 UDP i...

Page 94: ... destination IP address Source Port Select one of the following Any Match to all source ports Single Port Enter a single TCP UDP source port to which packets are matched This field is active only if 800 6 TCP or 800 17 UDP is selected in the Select from List drop down menu Destination Port Select one of the available values that are the same as the Source Port field described above NOTE You must s...

Page 95: ...sed ACL Select an IPv4 Based ACL to be bound to the interface IPv6 Based ACL Select an IPv6 Based ACL to be bound to the interface Permit Any Unmatched Packets Select to enable disable this action STEP 6 Click Apply The ACL binding is modified and the Running Configuration file is updated NOTE If no ACL is selected the ACL s that is previously bound to the interface are unbound ...

Page 96: ...Priority Tag VPT 802 1p value in Layer 2 and the Differentiated Service Code Point DSCP value for IPv4 or Traffic Class TC value for IPv6 in Layer 3 When operating in Basic Mode the device trusts this external assigned QoS value The external assigned QoS value of a packet determines its traffic class and QoS The type of header field to be trusted is entered in the Basic QoS page For every value of...

Page 97: ...ode for the system Basic or Disabled as described in the QoS Modes section In addition the default CoS priority for each interface can be defined Feature Configuration To select the QoS mode STEP 1 Click Configuration Quality of Service Feature Configuration STEP 2 Set the QoS mode The following options are available Disable QoS is disabled on the device Basic QoS is enabled on the device in Basic...

Page 98: ...Strict Priority Traffic scheduling for the selected queue and all higher queues is based strictly on the queue priority WRR Traffic scheduling for the selected queue is based on WRR The period time is divided between the WRR queues that are not empty meaning they have descriptors to egress This happens only if strict priority queues are empty WRR Weight If WRR is selected enter the WRR weight assi...

Page 99: ...F12 4 Queue 3 3 4 3 3 2 1 1 DSCP 59 51 43 35 27 19 11 3 Queue 3 3 4 3 3 2 1 1 DSCP 58 50 42 34 AF41 26 AF31 18 AF21 10 AF11 2 Queue 3 3 4 3 3 2 1 1 DSCP 57 49 41 33 25 17 9 1 Queue 3 3 4 3 3 2 1 1 DSCP 56 CS7 48 CS6 40 CS5 32 CS4 24 CS3 16 CS2 8 CS1 0 BE Queue 3 3 4 3 3 2 1 1 The queue 4 is the highest queue and the default classes in the parentheses are defined by IETF To map DSCP to queues STEP ...

Page 100: ... for up to four queues on each interface STEP 4 Select the Interface STEP 5 For each queue that is required enter the following fields Queue x Select to enable egress shaping on queue number x Committed Information Rate Enter the maximum rate CIR in Kbits per second Kbps CIR is the average maximum amount of data that can be sent Committed Burst Size Enter the maximum burst size CBS in bytes CBS is...

Page 101: ...ate Select the time period that passes before the interface Ethernet statistics are refreshed The available options are No Refresh Statistics are not refreshed 15 Sec Statistics are refreshed every 15 seconds 30 Sec Statistics are refreshed every 30 seconds 60 Sec Statistics are refreshed every 60 seconds Counter Set The options are Set 1 Displays the statistics for Set 1 that contains all interfa...

Page 102: ...s process erases the Startup Configuration file and the backup configuration file STEP 3 Click Apply and Reboot The parameters are copied to the Running Configuration file and the stack is rebooted File Management This section describes how system files are managed The following topics are covered Overview Firmware Boot Code Active Firmware Image Configuration Log Configuration File Copy Overview ...

Page 103: ...in Flash memory File Actions The following actions can be performed to manage firmware and configuration files Upgrade the firmware or boot code as described in Overview section View the firmware image currently in use or select the image to be used in the next reboot as described in the Active Firmware Image section Save configuration files on the device to a location on another device as describ...

Page 104: ...TEP 5 Click Apply NOTE When the process is completed the following information is displayed Bytes Transferred How many bites were transferred in the process Status Did the process succeed or fail Error Message Reason for failure of the process Active Firmware Image There are two firmware images stored on the device One of the images is identified as the active image and the other image is identifi...

Page 105: ...le network link A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supported If a link local address exists on the interface this entry replaces the address in the configuration Global The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks Interface Select the...

Page 106: ...nology tests the quality and characteristics of a copper cable attached to a port Cables of up to 140 meters long can be tested These results are displayed in the Test Results block of the Copper Test page DSP based tests are performed on active GE links to measure cable length These results are displayed in the Advanced Information block of the Copper Test page Preconditions to Running the Copper...

Page 107: ...owing STEP 1 Click Maintenance Diagnostics Ping STEP 2 Configure ping by entering the fields Target Select whether to specify the source interface by its IP address or name This field influences the interfaces that are displayed in the Source IP field as described below IPVersion If the source interface is identified by its IP address select either IPv4 or IPv6 to indicate that it will be entered ...

Page 108: ...nication messages Only the existing IP addresses of the type specified in the IP Version field will be displayed Target Name Enter the target host name TTL Enter the maximum number of hops that Traceroute permits This is used to prevent a case where the sent frame gets into an endless loop The Traceroute command terminates when the destination is reached or when this value is reached To use the de...

Page 109: ...lect the analyzer port to where packets are copied A network analyzer such as a PC running Wireshark is connected to this port If a port is identified as an analyzer destination port it remains the analyzer destination port until all entries are removed Source Port Select the source port from where traffic is to be mirrored MirrorType Select whether incoming outgoing or both types of traffic are m...

Page 110: ...2014 Belkin International Inc and or its affiliates All rights reserved BELKIN LINKSYS and many product names and logos are trademarks of the Belkin group of companies Third party trademarks mentioned are the property of their respective owners 8820 01844 Rev B00 ...

Reviews:

No comments

Related manuals for Smart Switch LGS3XX

D-Link Verizon DSL-2750B Setup Manual preview
Verizon DSL-2750B
Brand: D-Link Pages: 6
D-Link DIR-857 Quick Installation Manual preview
DIR-857
Brand: D-Link Pages: 10
D-Link DSL-2740U Quick Installation Manual preview
DSL-2740U
Brand: D-Link Pages: 38
NEC Express5800/E120d-M Getting Started preview
Express5800/E120d-M
Brand: NEC Pages: 2
Panasonic WJ-NV200K Quick Reference Manual preview
WJ-NV200K
Brand: Panasonic Pages: 4
A-Link WNAP4G Quick Installaion Manual preview
WNAP4G
Brand: A-Link Pages: 6
H3C RA100 Installation Manual preview
RA100
Brand: H3C Pages: 34
Patton electronics SMART NODE 4950-NCE Quick Start Manual preview
SMART NODE 4950-NCE
Brand: Patton electronics Pages: 8
Patton electronics NetLink 2960 RAS Datasheet preview
NetLink 2960 RAS
Brand: Patton electronics Pages: 2
Patton electronics 3101RC Specifications preview
3101RC
Brand: Patton electronics Pages: 2
Qlogic iSR6200 Quick Start Manual preview
iSR6200
Brand: Qlogic Pages: 20
Radwin Transportation FiberinMotion Deployment Manual preview
Transportation FiberinMotion
Brand: Radwin Pages: 122
?omtime CT-Router LAN User Manual preview
CT-Router LAN
Brand: ?omtime Pages: 62
D-Link DIR-853/EE Quick Installation Manual preview
DIR-853/EE
Brand: D-Link Pages: 83
QNO 2WAN 3LAN User Manual preview
2WAN 3LAN
Brand: QNO Pages: 106
Face XR18 User Manual preview
XR18
Brand: Face Pages: 8
H3C S12500R-2L Installation, Quick Start preview
S12500R-2L
Brand: H3C Pages: 26
Caimore CM520-86EG User Manual preview
CM520-86EG
Brand: Caimore Pages: 79

Brands by name

Popular brands

Load more brands