manualshive.com logo in svg

Niveo NGSM48T2, User Manual

Share
Download
Niveo NGSM48T2 User Manual Download Page 77

Chapter 3: Featuring Configuration 

– Web UI 

Featuring Configuration 

– Web UI

 

 

NGSM48T2  User  Manual  |  77 

features many of the same characteristics.In Multi 802.1X, one or more supplicants 

can get authenticated on the same port at the same time. Each supplicant is 

authenticated individually and secured in the MAC table using the Port Security 

module. 

  In Multi 802.1X it is not possible to use the multicast BPDU MAC address as 

destination MAC address for EAPOL frames sent from the switch towards the 

supplicant, since that would cause all supplicants attached to the port to reply to 

requests sent from the switch. Instead, the switch uses the supplicant's MAC 

address, which is obtained from the first EAPOL Start or EAPOL Response Identity 

frame sent by the supplicant. An exception to this is when no supplicants are 

attached. In this case, the switch sends EAPOL Request Identity frames using the 

BPDU multicast MAC address as destination - to wake up any supplicants that might 

be on the port. 

  The maximum number of supplicants that can be attached to a port can be limited 

using the Port Security Limit Control functionality.MAC-based Auth. 

  Unlike port-based 802.1X, MAC-based authentication is not a standard, but merely 

a best-practices method adopted by the industry. In MAC-based authentication, 

users are called clients, and the switch acts as the supplicant on behalf of clients. 

The initial frame (any kind of frame) sent by a client is snooped by the switch, which 

in turn uses the client's MAC address as both username and password in the 

subsequent EAP exchange with the RADIUS server. The 6-byte MAC address is 

converted to a string on the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is 

used as separator between the lower-cased hexadecimal digits. The switch only 

supports the MD5-Challenge authentication method, so the RADIUS server must be 

configured accordingly. 

  When authentication is complete, the RADIUS server sends a success or failure 

indication, which in turn causes the switch to open up or block traffic for that 

particular client, using the Port-Security module. Only then will frames from the client 

be forwarded on the switch. There are no EAPOL frames involved in this 

authentication, and therefore, MAC-based Authentication has nothing to do with the 

802.1X standard. 

The advantage of MAC-based authentication over 802.1X-based authentication is 

that the clients don't need special supplicant software to authenticate. The 

disadvantage is that MAC addresses can be spoofed by malicious users - 

Summary of Contents for NGSM48T2

Page 1: ...Version 1 0 NGSM48T2 48 Port 10 100 1000Base T 2 10 Gigabit SFP Ports Layer 2 Full Management Switch User Manual...

Page 2: ...interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on...

Page 3: ...Featuring Configuration Web UI 26 System Configuration 27 System Information 27 IP Configuration 28 IPv6 Configuration 30 NTP Configuration 32 Time Configuration 33 System Log Configuration 35 Power...

Page 4: ...STI Priorities 119 Spanning Tree CIST Ports 120 Spanning Tree MSTI Ports 123 MVR Multicast VLAN Registration 124 IPMC IP Multicast 126 IGMP Snooping Configuration 126 Basic Configuration 126 IGMP Snoo...

Page 5: ...CP based QoS Ingress Classification 177 QoS DSCP Translation 178 QoS DSCP Classification 180 QoS Control List Configuration 181 QoS Storm Control Configuration 184 Mirroring Configuration 185 UPnP Con...

Page 6: ...tion 262 System Detailed Log 263 Monitor Port State 264 Port State 264 Traffic Overview 265 QoS Statistics 266 QCL Status 267 Detailed Port Statistics 269 Monitor Security 271 Security Access Manageme...

Page 7: ...tics 333 Dynamic MAC Table 335 VLAN Membership Status 337 VCL MAC Based VLAN Status 341 sFlow 342 Diagnostic 343 Ping 343 Ping6 344 VeriPHY Cable Diagnostic 345 Maintenance 347 Restart Device 347 Fact...

Page 8: ...NGSM48T2 User Manual 8 Before Starting In Before Starting This section contains introductory information which includes Intended Readers Icons for Note Caution and Warning Product Package Contents...

Page 9: ...management and terminologies Icons for Note Caution and Warning To install configure use and maintain this product properly please pay attention when you see these icons in this manual A Note icon ind...

Page 10: ...check and verify the contents of the product package which should include the following items One Network Switch One Power Cord One User Manual CD One pair Rack mount kit 8 Screws Note If any item lis...

Page 11: ...verview In Product Overview This section will give you an overview of this product including its feature functions and hardware software specifications Product Brief Description Product Specification...

Page 12: ...with better performance and efficiency 2 10 Gigabit SFP Open Slots The switch equips with 2 10G SFP open slots as the uplink ports the 10G uplink design provides an excellent solution for expanding yo...

Page 13: ...ured The port binding allows to bind specific MAC address to the port only the MAC has the privilege to access the network The 802 1X port based Access Control every user should be authorized first wh...

Page 14: ...Rapid Spanning Tree IEEE 802 1s Multiple Spanning Tree IEEE 802 3ad Link Aggregation Control Protocol LACP IEEE802 1v Protocol VLAN IEEE 802 1AB LLDP Link Layer Discovery Protocol IEEE 802 1X Access C...

Page 15: ...ggregation IEEE 802 3ad with LACP 26 trunks up to 8 port per trunk Static Trunk 26 trunks up to 8 port per trunk Max Group 26 Max Ports Group 8 IGMP Snooping IGMP Snooping v1 v2 v3 IPv6 MLD Snooping v...

Page 16: ...t Command Line Interface CLI Web Based Management Telnet Access Management Filtering SNMP WEB SSH TELNET SNMP v1 v2c v3 RMON RMON 1 2 3 9 groups DHCP Client Relay Option82 Snooping Event Error Log Loc...

Page 17: ...ic operation status Each of the switch s RJ45 port has two LEDs the green LED indicates RJ45 connection status data link Also port 49 and port 50 SFP Ports has their own LEDs that indicate data link s...

Page 18: ...elow 10 Base T 2 pair UTP STP Cat 3 4 5 cable EIA TIA 568 100 ohm Max 100m 100 Base TX 2 pair UTP STP Cat 5 cable EIA TIA 568 100 ohm Max 100m 1000 Base T 4 pair UTP STP Cat 5 cable EIA TIA 568 100 oh...

Page 19: ...re the switch via RS232 console cable if you don t attach your admin PC to your network or if you lose network connection to your switch It wouldn t be affected by network performance This is so calle...

Page 20: ...ose the COM name 4 Select correct serial settings The serial settings of the switch are as below Baud Rate 115200 Parity None Data Bit 8 Stop Bit 1 5 After connected you can see Switch login request 6...

Page 21: ...Chapter 2 Preparing for Management Preparing for Management NGSM48T2 User Manual 21 Figure 3 2 Putty Configuration Figure 3 3 Putty Login Screen...

Page 22: ...your Switch is properly installed on your network and that every PC on this network can access the switch via the web browser 1 Verify that your network interface card NIC is operational and that you...

Page 23: ...will appear next 9 Key in the password Default user name and password are both admin If you can t login the switch the following steps can help you to identify the problem 1 Switch to DOS command mode...

Page 24: ...SSH console can be treated as secured Telnet connection need to enable the SSH feature in Security Switch SSH Tradition way for Telnet Connection 1 Go to Start Run cmd And then press Enter 2 Type the...

Page 25: ...on in the popup screen Press Yes to accept the Security Alert If you choose Telnet connection there is no such cipher information and window It goes to next step directly 3 After few seconds the Telne...

Page 26: ...Configuration Web UI The switch provides abundant software features after login the switch you can start configuring the settings or monitoring the status This is one question market on the right top...

Page 27: ...s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an al...

Page 28: ...s will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Provide the IP address of this switch in dotted decimal notation IP Mask Provide th...

Page 29: ...turing Configuration Web UI NGSM48T2 User Manual 29 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Renew Click to renew DHCP This...

Page 30: ...e fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It can also represen...

Page 31: ...Chapter 3 Featuring Configuration Web UI Featuring Configuration Web UI NGSM48T2 User Manual 31 AUTOCONF is enabled...

Page 32: ...NTP messages between the clients and the server when they are not on the same subnet domain Disable NTP mode operation Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 12...

Page 33: ...ht saving time Time Zone Here you can use the scroll down menu to set the time zone where your switch is located Acronym Here you can input the Time Zone Abbreviations You can input up to 16 character...

Page 34: ...4 Offset Settings Offset is the difference in hours and minutes from Coordinated Universal Time UTC for a particular place and date Here you can set the offset time in minutes Buttons Save Click to sa...

Page 35: ...the cause of the issues The switch Web UI allows you to Enable the Syslog Server assign the IP address and assign the syslog level Server Mode Indicates the server mode operation When the mode operati...

Page 36: ...slog Level Indicates what kind of message will send to syslog server Possible modes are Info Send information warnings and errors Warning Send warnings and errors Error Send errors Buttons Save Click...

Page 37: ...smitted all circuits are powered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 us for 1Gbit links and 30 us for other link speeds EEE devices must ag...

Page 38: ...QOS and then mark the queue as an urgent queue When an urgent queue gets data to be transmitted the circuits will be powered up at once and the latency will be reduced to the wakeup time Port The swit...

Page 39: ...link state is displayed graphically Green indicates the link is up and red that it is down Current Link Speed Provides the current link speed of the port Ex 1Gfdx 1G indicates the Gigabit Speed fdx in...

Page 40: ...mum Frame Size Enter the maximum frame size allowed for the switch port including FCS The switch supports up to 9K Jumbo Frame Excessive Collision Mode Configure port transmit collision behavior Disca...

Page 41: ...tly the only way to login as another user on the web server is to close and reopen the browser This page configures a user This is also a link to Add User Edit User Add New User Edit User Click Add Ne...

Page 42: ...same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write acc...

Page 43: ...most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contains more than one The table down below lists the functions that can be set here in the privil...

Page 44: ...or clearing of statistics User Privilege should be same or greater than the authorization Privilege level to have the access to that group Insufficient Privilege Level If you login with lower level pr...

Page 45: ...set to one of the following values none authentication is disabled and login is not possible local use the local user database on the switch for authentication RADIUS use a remote RADIUS server for au...

Page 46: ...switch by SSH you should install SSH client on you computer such as PuTTy console tool In the switch side the switch acts as SSH server for user login and you can Enable or Disable SSH on this page Pl...

Page 47: ...his page allows you to configure HTTPS mode Mode Indicates the HTTPS mode operation Possible modes are Enable Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indic...

Page 48: ...access to the switch Example of the below figure only the IP Addresses range from 192 168 2 101 to 192 168 2 200 can access the switch s management interface The available services are HTTP HTTPS SNMP...

Page 49: ...P address matches the IP address range provided in the entry TELNET SSH Indicates that the host can access the switch from TELNET SSH interface if the host IP address matches the IP address range prov...

Page 50: ...versions are SNMPv1 Set SNMP supported version 1 SNMPv2c Set SNMP supported version 2c SNMPv3 Set SNMP supported version 3 Read Community Indicates the community read access string to permit access to...

Page 51: ...able It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a particular range of source addresses can be used to restrict so...

Page 52: ...y Indicates the community access string when sending SNMP trap packet The allowed string length is 0 to 255 and the allowed content is ASCII characters from 33 to 126 Trap Destination Address Indicate...

Page 53: ...rm retry times The allowed range is 0 to 255 Trap Probe Security Engine ID Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enable Enable SNMP trap probe security...

Page 54: ...access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2...

Page 55: ...ne ID and usm User Name are the entry s keys In a simple agent usm User Engine ID is always that agent s own snmp Engine ID value The value can also take the value of the snmp Engine ID of a remote SN...

Page 56: ...ing identifying the authentication password phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed...

Page 57: ...1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to...

Page 58: ...uld belong to Possible view types are Included An optional flag to indicate that this view sub tree should be included excluded An optional flag to indicate that this view sub tree should be excluded...

Page 59: ...hould belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Model Indicates the security model that this entry should belong to Possible se...

Page 60: ...to 32 and the allowed content is ASCII characters from 33 to 126 Write View Name The name of the MIB view defining the MIB objects for which this request may potentially set new values The allowed str...

Page 61: ...Packets dropped packets sent bytes sent octets broadcast packets multicast packets CRC errors undersize packets oversize packets fragments jabbers collisions and counters for packets ranging from 64...

Page 62: ...deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 100...

Page 63: ...the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from...

Page 64: ...InNUcastPkts The number of broad cast and multi cast packets delivered to a higher layer protocol InDiscards The number of inbound packets that are discarded even the packets are normal InErrors The n...

Page 65: ...the thresholds possible sample types are Rising Trigger alarm when the first value is larger than the rising threshold Falling Trigger alarm when the first value is less than the falling threshold Ri...

Page 66: ...mber of octets received on the interface including framing characters Log The number of uni cast packets delivered to a higher layer protocol Snmptrap The number of broad cast and multi cast packets d...

Page 67: ...users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an...

Page 68: ...period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be desired consider the following scenario Suppos...

Page 69: ...may happen that a configured maximum cannot be granted if the remaining ports have already used all available MAC addresses Action If Limit is reached the switch can take one of the following actions...

Page 70: ...n is set to None or Trap Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap Shutdown Re open Button If a port i...

Page 71: ...allowed access to the network These backend RADIUS servers are configured on the Configuration Security AAA page The IEEE802 1X standard defines port based operation but non standard variants overcom...

Page 72: ...ed This is only active if the Reauthentication Enabled checkbox is checked Valid values are in the range 1 to 3600 seconds EAPOL Timeout Determines the time for retransmission of Request Identity EAPO...

Page 73: ...a number between 10 and 1000000 seconds RADIUS Assigned QoS Enabled RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticate...

Page 74: ...led on all ports Guest VLAN ID This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid va...

Page 75: ...ased 802 1X In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle for...

Page 76: ...t should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole po...

Page 77: ...802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant...

Page 78: ...o the given QoS Class If re authentication fails or the RADIUS Access Accept packet no longer carries a QoS Class or it s invalid or the supplicant is otherwise no longer present on the port the port...

Page 79: ...t affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X For trouble shooting VLAN assignments use the Monitor VLANs VLAN Membership an...

Page 80: ...Request Identity frames is configured with EAPOL Timeout If Allow guest VLAN if EAPOL Seen is enabled the port will now be placed in the Guest VLAN If disabled the switch will first check its history...

Page 81: ...e buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page...

Page 82: ...to this port The allowed values are 0 through 255 The default value is 0 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which r...

Page 83: ...m Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Dis...

Page 84: ...witch Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The allowed values are 0 3276700 in pps Or 0 100 200 300 1000000 in kbps Unit Specify the rate unit The allowe...

Page 85: ...tmask of the ACE Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based...

Page 86: ...Frames received on the port are not mirrored The default value is Disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Acc...

Page 87: ...plies to all port Port n The ACE applies to this port number where n is the number of the switch port You can select one port or select multiple ports for the entry Policy Filter Specify the policy nu...

Page 88: ...0600 hexadecimal ARP Only ARP frames can match this ACE Notice the ARP frames won t match the ACE with ethernet type IPv4 Only IPv4 frames can match this ACE Notice the IPv4 frames won t match the AC...

Page 89: ...Port shut down is disabled for the ACE Counter The counter indicates the number of times the ACE was hit by a frame MAC Parameters SMAC Filter Only displayed when the frame type is Ethernet Type or AR...

Page 90: ...his value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hit...

Page 91: ...an enter a specific sender IP mask in dotted decimal notation Target IP Filter Specify the target IP filter for this specific ACE Any No target IP filter is specified Target IP filter is don t care Ho...

Page 92: ...ames where the HLN is not equal to Ethernet 0x06 or the PLN is not equal to IPv4 0x04 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 Any Any value is allow...

Page 93: ...efining TCP parameters will appear These fields are explained later in this help file IP Protocol Value When Specific is selected for the IP protocol value you can enter a specific value The allowed r...

Page 94: ...Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation SIP Mask When Network is selected for the source IP filter you can ent...

Page 95: ...e value A field for entering an ICMP code value appears ICMP Code Value When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 A fram...

Page 96: ...er you can enter a specific TCP UDP destination value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP UDP Destination Range When Range is selected...

Page 97: ...care TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE 0 TCP frames where the ACK field is set must not be able to match this entry 1 TCP frames where the ACK field is s...

Page 98: ...HCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port M...

Page 99: ...subnet domain Relay Information Mode Indicates the DHCP relay information mode option operation The option 82 circuit ID format as vlan_id module_id port_no The first four characters represent the VL...

Page 100: ...the policy And it only works under DHCP if relay information operation mode is enabled Possible policies are Replace Replace the original relay information when a DHCP message that already contains it...

Page 101: ...hich ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients that can...

Page 102: ...l port for the settings VLAN ID The vlan id for the settings IP Address Allowed Source IP address usedMAC address Allowed Source MAC address Adding new entry Click to add a new entry to the Static IP...

Page 103: ...P Inspection or disable the Global ARP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Insp...

Page 104: ...VLAND ID The vlan id for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Adding new entry Click to add a new ent...

Page 105: ...d 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this timeframe we will consider it to be dead and continue with the next enabled server if any...

Page 106: ...conds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a serve...

Page 107: ...ault port 1812 is used on the RADIUS Authentication Server Secret The secret up to 29 characters long shared between the RADIUS Authentication Server and the switch RADIUS Accounting Server Configurat...

Page 108: ...tication Server by checking this box IP Address Hostname The IP address or hostname of the TACACS Authentication Server IP address is expressed in dotted decimal notation Port The TCP port to use on t...

Page 109: ...group The aggregation hash mode settings are global whereas the aggregation group relate to the currently selected stack unit as reflected by the page header Hash Code Contributors Source MAC Address...

Page 110: ...for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a rad...

Page 111: ...lows the user to inspect the current LACP port configurations and possibly change them as well Port The switch port number LACP Enabled Controls whether LACP is enabled on this switch port LACP will f...

Page 112: ...Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot Role The Role shows the LACP act...

Page 113: ...en the switch do detect the network loop After the port is shutdown it may hard to manually reconnect it so that there is a shutdown time timeout design can help re enable the port link automatically...

Page 114: ...ed when a loop is detected on a port The valid values are Shutdown Port Shutdown the port until the Shutdown Time timeout Shutdown Port and Log Shutdown the port and log the status Log Only Only log t...

Page 115: ...vide an independent spanning tree for different VLANs With the Spanning Tree and VLAN mapping each VLAN has its own root and blocking path the STP region size becomes lower the convergence time of top...

Page 116: ...ch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority of the STP RSTP bridge Forward Delay The delay used by STP Bridges to transit Root and D...

Page 117: ...whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery...

Page 118: ...re spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI M...

Page 119: ...bly change them as well MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numeric values have better priority The bridge prio...

Page 120: ...the page header Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Path Cost Controls the path cost incurred by the port The Auto sett...

Page 121: ...es the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has bee...

Page 122: ...ng error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well Point2Point Controls whether the port connects to a point to point LAN rather than to a shared...

Page 123: ...tings also relate to the currently selected stack unit as reflected by the page header Port The switch port number of the corresponding STP CIST and MSTI port Path Cost Controls the path cost incurred...

Page 124: ...r after MVR enabled the client subscriber VLANs are registered to the same source VLAN then there is only one source stream will be delivered to the registered VLANs This page provides MVR related con...

Page 125: ...Enable Disable the Global MVR VLAN ID Specify the Multicast VLAN ID Mode Enable MVR on the port Type Specify the MVR port type on the port Immediate Leave Enable the fast leave on the port Buttons Sav...

Page 126: ...2 devices to manage and control multicast groups By listening to and analyzing IGMP messages a Layer 2 device running IGMP Snooping establishes mappings between ports and multicast MAC addresses and f...

Page 127: ...wards the Layer 3 multicast device or MLD querier Normally the router port is the uplink port to the upper L3 Router or IGMP Querier For example in below figure the green port of the 2 switches are Ro...

Page 128: ...nfiguration Web UI NGSM48T2 User Manual 128 Throttling Enable to limit the number of multicast groups to which a switch port can belong Buttons Save Click to save changes Reset Click to undo any chang...

Page 129: ...e will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over...

Page 130: ...nted by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 se...

Page 131: ...he logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Adding New Filtering Group Click to add a new entry to the Group Filtering table Specify the Port and Fil...

Page 132: ...able unregistered IPMCv6 traffic flooding Please note that disabling unregistered IPMCv6 traffic flooding may lead to failure of Neighbor Discovery SSM Range SSM Source Specific Multicast Range allows...

Page 133: ...48T2 User Manual 133 Fast Leave Enable the fast leave on the port Throttling Enable to limit the number of multicast groups to which a switch port can belong Buttons Save Click to save changes Reset C...

Page 134: ...lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over MLD Snooping VLAN Table Columns VLAN ID The VLAN ID of the entry MLD Snooping Enab...

Page 135: ...Done messages It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address and Source Specific Query messages The allowed range is 0 to 31744 in te...

Page 136: ...entry It will be deleted during the next save Port The logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Adding New Filtering Group Click to add a new entry t...

Page 137: ...rrent LLDP port settings LLDP Configuration Tx Interval The switch periodically transmits LLDP frames to its neighbors for having the network discovery information up to date The interval between each...

Page 138: ...tion received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will se...

Page 139: ...erminated by the switch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded Port Descr Optional TLV When checked...

Page 140: ...em integrity issues that can come with inappropriate knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application laye...

Page 141: ...he equator or south of the equator Longitude Longitude Should be normalized to within 0 180 degrees with a maximum of 4 digits It is possible to specify the direction the either East of the prime meri...

Page 142: ...on Information Civic Address LCI Country code The two letter ISO 3166 Country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture Coun...

Page 143: ...mple 450F Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O Box Example 12345 Additional code Additional code Example 13203000...

Page 144: ...ntended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are 1 Layer 2 VLAN I...

Page 145: ...nerated and shall be used when selecting the polices that shall be mapped to the specific ports Application Type Intended use of the application types 1 Voice for use by dedicated IP Telephony handset...

Page 146: ...th buffering would not be an intended use of this application type 8 Video Signalling conditional for use in network topologies that require a separate policy for the video signalling than for the vid...

Page 147: ...A value of 0 represents use of the default DSCP value as defined in RFC 2475 Adding a new policy Click to add a new policy Specify the Application type Tag VLAN ID L2 Priority and DSCP for the new po...

Page 148: ...ure aging time by entering a value here in seconds for example Age time seconds The allowed range is 10 to 1000000 seconds Disable the automatic aging of dynamic entries by checking Disable automatic...

Page 149: ...o secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configur...

Page 150: ...ndicate which ports are members of the entry Check or uncheck as needed to modify the entry Adding a New Static Entry Click to add a new entry to the static MAC table Specify the VLAN ID MAC address a...

Page 151: ...w you configuring the switch settings VLAN Membership Configuration The VLAN membership configuration for theswitch can be monitored and modified here Up to 4096 VLANs are supported This page allows f...

Page 152: ...Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box as To include a port in a forbidden port list check the box as shown To remove or ex...

Page 153: ...k to save changes Reset Click to undo any changes made locally and revert to previously saved values Refreshes Refreshes the displayed the table starting from the VLAND ID input fields Updates the tab...

Page 154: ...S ports Port This is the logical port number of this row Port Type Port can be one of the following types Unaware Customer port C port Service port S port Custom Service port S custom port If Port Typ...

Page 155: ...ecific the default value is selected a Port VLAN ID can be configured see below Untagged frames received on the port are classified to the Port VLAN ID If VLAN awareness is disabled all frames receive...

Page 156: ...s in the same Community The switch ports assigned to an Isolated VLAN can send traffic to the primary VLAN but CANNOT see traffic from other devices in the same Isolated VLAN In this section the switc...

Page 157: ...t no ports are members and all boxes are unchecked Adding a New Private VLAN Click to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The...

Page 158: ...d Private VLAN The port settings relate to the currently selected stack unit as reflected by the page header This feature works across the stack Configuration Port Members A check box is provided for...

Page 159: ...yed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are membe...

Page 160: ...k to undo any changes made locally and revert to previously saved values Refreshes Refreshes the displayed the table starting from the VLAND ID input fields Updates the table starting from the first e...

Page 161: ...e Frame Type can have one of the following values 1 Ethernet 2 LLC 3 SNAP Note On changing the Frame type field valid value of the following text field will vary depending on the new frame type you se...

Page 162: ...nning on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value...

Page 163: ...nd must not be preused by any other existing mapping entry on this page VLAD ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes...

Page 164: ...s the IP address Mask Length Indicates the network mask length VLAN ID Indicates the VLAN ID VLAN ID can be changed for the existing entries Port Members A row of check boxes for each port is displaye...

Page 165: ...T2 User Manual 165 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically A...

Page 166: ...he switch the IP phone should configure the voice VLAND ID correctly It should be configured through its own GUI Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before we ena...

Page 167: ...ures the Voice VLAN members automatically Forced Force join to Voice VLAN Port Security The Voice VLAN port security mode When the function is enabled all non telephonic MAC addresses in the Voice VLA...

Page 168: ...ed to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which vendor telephony de...

Page 169: ...der The displayed settings are Port The port number for which the configuration below applies QoS class Controls the default QoS class i e the QoS class for frames not classified in any other way Ther...

Page 170: ...abled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode in order to configure the mode and or mapping DSCP Based Click...

Page 171: ...number for which the configuration below applies Enabled Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restr...

Page 172: ...rt Schedulers for all switch ports The ports belong to the currently selected stack unit as reflected by the page header The displayed settings are Port The logical port for the settings contained in...

Page 173: ...for all switch ports The ports belong to the currently selected stack unit as reflected by the page header The displayed settings are Port The logical port for the settings contained in the same row...

Page 174: ...orts belong to the currently selected stack unit as reflected by the page header The displayed settings are Port The logical port for the settings contained in the same row Click on the port number in...

Page 175: ...dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in In...

Page 176: ...DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depend...

Page 177: ...ngs are DSCP Maximum number of supported DSCP values are 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QOs class and Drop Pre...

Page 178: ...ress The displayed settings are DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 Ingress Ingress side DSCP can be first translated to new DSCP before using...

Page 179: ...with DP level 0 2 Remap DP1 Controls the remapping for frames with DP level 1 1 Remap DP0 Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 2 Remap DP1 S...

Page 180: ...s and Drop Precedence Level to DSCP value The settings relate to the currently selected stack unit as reflected by the page header The displayed settings are QoS Class Actual QoS class DPL Actual Drop...

Page 181: ...Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match o...

Page 182: ...t may happen that resources required to add a QCE may not available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the re...

Page 183: ...in the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down the list Deletes the QCE The lowest plus sign adds a new en...

Page 184: ...witch Note Frames which are sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited to this rate The management VLAN is confi...

Page 185: ...rt also known as egress or destination mirroring Port to mirror on Port to mirror also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mir...

Page 186: ...rrored on the mirror port Note For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on the mirror port Because of this mode for the selected mirror port i...

Page 187: ...on The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive an SSDP advertisement message from this switch If a control point does n...

Page 188: ...pecified sFlow collector the IP Address you assigned in the switch UI The sFlow collector analyzes the sFlow packets and displays the result sFlow has the following two sampling mechanisms Flow sampli...

Page 189: ...type sampling rate maximum header size Sampler Type Configured sampler type on the port and could be any of the types None RX TX ALL Default value is none Sampling Rate Configured sampling rate on th...

Page 190: ...n Feature Configuration CLI The Command Line Interface CLI is the user interface to the switch s embedded software system You can view the system information show the status configure the switch and r...

Page 191: ...r to go to root level Type logout in root level to leave the command line interface Click Enter key after finish the command Click Up key to repeat the previous commands Commands may be abbreviated e...

Page 192: ...n system Type up to move up one level or to go to root level System System Contact Syntax System Name name Parameters name System name string 1 255 Example Contact Name Orwell System contact Orwell Sy...

Page 193: ...eters offset Time zone offset in minutes 720 to 720 relative to UTC Example Time Zone 100 switch System time 100 IP Configuration IP Group Enter the IP Configuration Group switch ip Type up to move up...

Page 194: ...below command Syntax IP NTP Server Add server_index ip_addr_string IP NTP Server Ipv6 Add server_index server_ipv6 IP NTP Server Delete server_index Example switch IP ntp ser add 1 192 168 100 1 swit...

Page 195: ...x IP IPv6 AUTOCONFIG enable disable IP IPv6 Setup ipv6_addr ipv6_prefix ipv6_router IP IPv6 State ipv6_addr enable disable IP IPv6 Ping6 ipv6_addr Length ping_length Count ping_count Interval ping_int...

Page 196: ...erver Address Setting Syntax Type the NTP Server address settings by below command IP NTP Server Add server_index ip_addr_string IP NTP Server Ipv6 Add server_index server_ipv6 IP NTP Server Delete se...

Page 197: ...g server mode en Server Address Syntax System Log Server Address ip_addr_string Example switch System log server add 192 168 2 100 Syslog Level Syntax System Log Level info warning error Information s...

Page 198: ...ion CLI Featuring Configuration CLI NGSM48T2 User Manual 198 System Log Configuration switch System log conf System Log Configuration System Log Server Mode Enabled System Log Server Address 192 168 2...

Page 199: ...imer 2 30 Maintenance Syntax led_power maintenance maintenance_time on_at_errors leave_at_errors Parameters maintenance_time Time in seconds 0 65535 that the LEDs shall be turned on when any port chan...

Page 200: ...All ports enable Enable EEE disable Disable EEE Example Enable Port 1 5 EEE mode 1 5 en Urgent Queue of Port Syntax EEE Urgent_queues port_list queue_list Parameters port_list Port list or all defaul...

Page 201: ...e After port 1 disabled the port can t access the switch Port state 1 en Port state 1 dis Link Speed and Duplex Syntax Port Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx sfp_auto_ams 100 0x_am...

Page 202: ...rt maxf 1 24 9600 Port Status Port Status Port conf 1 2 Port Configuration Port State Mode Flow Control MaxFrame Power Excessive Link 1 Enabled Auto Disabled 9600 Disabled Discard Down 2 Enabled Auto...

Page 203: ...Discard 1Gfdx 3 Enabled Auto Disabled 9600 Disabled Discard Down Status of Link UP ports switch Port conf all up Port Configuration Port State Mode Flow Control MaxFrame Power Excessive Link 2 Enable...

Page 204: ...SH Secure Shell Security Switch HTTPS Hypertext Transfer Protocol over Secure Socket Layer Security Switch Access Access management Security Switch SNMP Simple Network Management Protocol Security Swi...

Page 205: ...ers del Orwell User Name Database Security Switch users conf Users Configuration User Name Privilege Level admin 15 Orwell 15 Privilege Level Syntax Security Switch Privilege Level Group group_name cr...

Page 206: ...ug 15 15 15 15 Diagnostics 5 10 5 10 Authentication Method Syntax Security Switch Auth Method console telnet ssh web none local radius tacacs enable disable Example Configure Telnet Authentication met...

Page 207: ...disable Security Switch https mode en Security Switch https mode dis Security Switch HTTPS Redirect enable disable Security Switch https mode en Must enabled HTTPS Security Switch https redi en Resul...

Page 208: ...1 2c 3 Security Switch SNMP Read Community community Security Switch SNMP Write Community community Example Security Switch snmp mode en Security Switch snmp ver 2c Security Switch SNMP read com abc...

Page 209: ...ap Mode enable disable Security Switch SNMP Trap Version 1 2c 3 Security Switch SNMP Trap Community community Security Switch SNMP Trap Destination ip_addr_string Security Switch SNMP Trap IPv6 Destin...

Page 210: ...en Security Switch SNMP trap info mode en Security Switch SNMP trap info time 5 Security Switch SNMP trap info ret times 5 Result Trap Authentication Failure Enabled Trap Link up and Link down Enable...

Page 211: ...tics Add stats_id data_source Security Switch RMON Statistics Delete stats_id Security Switch RMON Statistics Lookup stats_id Histroy Security Switch RMON History Add history_id data_source interval b...

Page 212: ...twork Limit Mode enable disable Security Network Limit Aging enable disable Security Network Limit Agetime age_time Example Security Network limit mode enable Security Network limit agin enable Securi...

Page 213: ...n enable disable Time Settings Security Network NAS ReauthPeriod reauth_period Security Network NAS EapolTimeout eapol_timeout Security Network NAS Agetime age_time Security Network NAS Holdtime hold_...

Page 214: ...MAC_Based Authentication Example Security Network nas state 2 auto ACL Access Control List ACL Port Configuration Syntax Security Network ACL Action port_list permit deny rate_limiter port_redirect m...

Page 215: ...led Enabled Enabled 0 Rate Limiter Syntax Security Network ACL Rate rate_limiter_list rate_unit rate Parameters rate_limiter_list Rate limiter list 1 16 default All rate limiters rate_unit IP flags pp...

Page 216: ..._limiter port_redirect mirror logging shutdown Parameters ace_id ACE ID 1 256 default Next available ID ace_id_next Next ACE ID 1 256 default Add ACE last port Port ACE keyword port_list Port list or...

Page 217: ...s IP flags ttl options fragment 0 1 any icmp ICMP keyword icmp_type ICMP type number 0 255 or any icmp_code ICMP code number 0 255 or any udp UDP keyword sport Source UDP TCP port range 0 65535 or any...

Page 218: ...Snooping Syntax Security Network DHCP Snooping Mode enable disable Security Network DHCP Snooping Port Mode port_list trusted untrusted Security Network DHCP Snooping Statistics port_list clear Exampl...

Page 219: ...enable disable Security Network IP Source Guard Port Mode port_list enable disable Security Network IP Source Guard limit port_list dynamic_entry_limit unlimited Security Network IP Source Guard Entr...

Page 220: ...n Configuration Security Network ARP Inspection Mode enable disable Security Network ARP Inspection Port Mode port_list enable disable Security Network ARP Inspection Entry port_list add delete vid al...

Page 221: ...x enable disable ip_addr_string secret server_port Example Security aaa radi 1 en 192 168 2 200 password 1812 RADIUS Accounting Server Syntax Security AAA ACCT_RADIUS server_index enable disable ip_ad...

Page 222: ...ss Secret Port 1 Enabled 192 168 2 200 1812 2 Disabled 1812 3 Disabled 1812 4 Disabled 1812 5 Disabled 1812 RADIUS Accounting Server Configuration Server Mode IP Address Secret Port 1 Enabled 192 168...

Page 223: ...Chapter 4 Feature Configuration CLI Featuring Configuration CLI NGSM48T2 User Manual 223 4 Disabled 49 5 Disabled 49 Security...

Page 224: ...Group 1 aggr add 5 8 1 aggr del 1 Delete the group 1 Hash Code Contributors Syntax Aggr Mode smac dmac ip port enable disable smac Source MAC Address dmac Destination MAC Address ip IP Address port T...

Page 225: ...NGSM48T2 User Manual 225 LACP Key port_list key LACP Role port_list active passive LACP Status port_list LACP Statistics port_list clear Example Configure port 5 8 to a LACP group lacp mode 5 8 en Mod...

Page 226: ...me Example loop protect mode en Transmission Time loop protect trans 10 10 seconds Shutdown Time loop protect shut 200 200 seconds Port Configuration Loop Protection Port Configuration Syntax Loop Pro...

Page 227: ...n mstp rstp stp Example STP ver rstp Bridge Priority Syntax STP Msti Priority msti priority Example STP msti pri MSTI Bridge Priority CIST 32768 STP msti pri 4096 The available priority parameter incl...

Page 228: ...holdcount Valid values are in the range 1 to 10 BPDU s per second Advanced Setting Syntax STP bpduFilter enable disable STP bpduGuard enable disable STP recovery timeout After recovery timeout time is...

Page 229: ...uard port_list enable disable STP Port Statistics port_list clear Example STP port mode 1 24 dis Disable STP on port 1 24 STP port edge 1 24 en Enable Edge port on port 1 24 STP port autoedge 1 24 en...

Page 230: ...Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port zero means aggregations priority STP port priority 0 16 32 48 224 240 Example Configure CIST 0 Port Priority...

Page 231: ...etup 2 add Name Source2 MVR Port Role Syntax MVR VLAN Port vid mvr_name port_list source receiver inactive Example Port 2 Source Port Port 6 7 Receiver Port MVR vlan port 2 2 source MVR vlan port 2 6...

Page 232: ...of Source2 VID 2 Source Port 2 Receiver Port 6 7 Inactive Port 1 3 5 8 26 Channel Setting of Source2 VID 2 Empty Channel Table MVR Immediate Leave Setting Port Immediate Leave 1 Enabled 2 Enabled 3 E...

Page 233: ...d Syntax IPMC Flooding mld igmp enable disable Example IPMC flood igmp en IGMP SSM Range Source Specific Multicast Syntax IPMC SSM mld igmp Range prefix mask_len Example IPMC ssm igmp range 239 0 0 0...

Page 234: ...iguration Syntax IPMC State mld igmp vid enable disable IPMC Querier mld igmp vid enable disable IPMC Compatibility mld igmp vid auto v1 v2 v3 IPMC Parameter RV mld igmp vid ipmc_param_rv IPMC Paramet...

Page 235: ...Chapter 4 Feature Configuration CLI Featuring Configuration CLI NGSM48T2 User Manual 235 mld igmp in the syntax The IP Address should be IPv6 format for sure...

Page 236: ...delay 2 LLDP reini 2 LLDP Mode Syntax LLDP Mode port_list enable disable rx tx rx RX Only tx TX Only Example Enable LLDP on Ports LLDP mode 1 10 en Port 1 10 are enabled LLDP mode 1 26 en Port 1 26 ar...

Page 237: ...ature Configuration CLI Featuring Configuration CLI NGSM48T2 User Manual 237 LLDP option 1 3 port en LLDP option 1 3 sys_name en LLDP option 1 3 sys_desc en LLDP option 1 3 sys_capa en LLDP option 1 3...

Page 238: ...C age 100 change aging time to 100 seconds the aging time range is 10 1000000 MAC age 0 0 Disable Aging time MAC Learning Configuration Syntax MAC Learning port_list auto disable secure Example MAC le...

Page 239: ...Chapter 4 Feature Configuration CLI Featuring Configuration CLI NGSM48T2 User Manual 239 VID MAC Address Ports 1 00 10 15 02 25 2a 1 5 1 0b 16 21 2c 37 42 1 10...

Page 240: ...e vid Example VLAN add 3 5 8 Add port 5 8 to VLAN 3 VLAN name add vlan3 3 vlan3 is the name of VLAN 3 Port Configuration Syntax VLAN FrameType port_list all tagged untagged VLAN IngressFilter port_lis...

Page 241: ...iguration PVLAN Configuration Syntax PVLAN Configuration port_list PVLAN Add pvlan_id port_list PVLAN Delete pvlan_id PVLAN Lookup pvlan_id PVLAN Isolate port_list enable disable Example PVLAN add 10...

Page 242: ...2334455 10 1 4 Result VCL Macvlan conf MAC Address VID Ports 00 0b 16 21 2c 37 10 1 4 Protocol based VLAN Configuration Protocol to Group Syntax VCL ProtoVlan Protocol Add Eth2 ether_type arp ip ipx a...

Page 243: ...8 E1 10 5 8 IP Subnet based VLAN Configuration IP Subnet based VLAN Configuration Syntax VCL IPVlan Add vce_id ip_addr_mask vid port_list Parameters vce_id Unique VCE ID for each VCL entry ip_addr_ma...

Page 244: ...mode en Voice vlan id 100 Voice vlan age 86400 Voice vlan traff class 7 Result Voice VLAN Configuration Voice VLAN Mode Enabled Voice VLAN VLAN ID 100 Voice VLAN Age Time seconds 86400 Voice VLAN Traf...

Page 245: ...VLAN OUI Add oui_addr description Voice VLAN OUI Delete oui_addr Voice VLAN OUI Clear Voice VLAN OUI Lookup oui_addr Example Voice VLAN oui add 00 12 08 hello Result Voice VLAN oui lookup Voice VLAN...

Page 246: ...p_list dei_list class dpl QoS Port Classification DSCP port_list enable disable Range of the Value class QoS class 0 7 dpl Drop Precedence Level 0 1 pcp Priority Code Point 0 7 dei Drop Eligible Indic...

Page 247: ...QoS Port Policer mode 1 2 en QoS Port Policer rate 1 2 300 QoS Port Policer unit 1 2 kbps QoS Port Policer flow 1 2 en Port Scheduler Syntax Syntax QoS Port Scheduler Mode port_list strict weighted Ex...

Page 248: ...Port QueueShaper Mode port_list queue_list enable disable QoS Port QueueShaper Rate port_list queue_list bit_rate QoS Port QueueShaper Excess port_list queue_list enable disable Parameters port_list...

Page 249: ...ced QoS setting please follow the DSCP table of upper access core switch to configure the table The table of the whole network must be unified Storm Configuration Strom Control Syntax QoS Storm Unicas...

Page 250: ...re Command Line Mirroring Configuration Mirror Configuration Syntax Mirror Port port disable Mirror Mode port_cpu_list enable disable rx tx Example Mirror port 5 Mirror mode 6 8 en Result Mirror Confi...

Page 251: ...eature Command Line UPnP Configuration UPnp Configuration Syntax UPnP Configuration UPnP Mode enable disable UPnP TTL ttl UPnP AdvertisingDuration duration Example UPnP mode en UPnP ttl 5 Default 4 UP...

Page 252: ...6343 1400 Result Receiver Configuration Owner none Receiver 192 168 2 100 UDP Port 6343 Max Datagram 1400 bytes Time left 0 seconds Receiver Release sFlow receiver Port Configuration Syntax sFlow Rec...

Page 253: ...figuration CLI NGSM48T2 User Manual 253 rate 10 max size 128 sFlow coun 1 2 5 Enable CounterPoller of port 1 2 and set interval to 5 sFlow statistic sample 1 2 Per Port Statistics Port Rx Flow Samples...

Page 254: ...ount keyword ping_count Transmit ECHO_REQUEST packet count 1 60 Default is 5 interval PING Interval keyword ping_interval Ping interval 0 30 Default is 0 Example Ping IP 192 168 2 100 IP ping 192 168...

Page 255: ...ion CLI NGSM48T2 User Manual 255 switch IP ipv6 ping6 2001 DB8 250 8bff fee8 f800 VeriPHY Syntax Port VeriPHY port_list Example Port veriphy 24 Starting VeriPHY please wait Port Pair A Length Pair B L...

Page 256: ...xample Software Firmware Firmware Version Firmware Swapping Firmware Update Syntax Firmware Information Firmware Swap Firmware Load ip_addr_string file_name Parameters of Firmware Load ip_addr_string...

Page 257: ...te 1 The switch process the firmware upgrading through TFTP protocol When running firmware upgrading please open the TFTP tool as TFTP server for the switch For example TFTPd32 is a freeware TFTP serv...

Page 258: ...Web Configuration Monitor Diagnostic Maintenance In Web Configuration Monitor Diagnostic Maintenance The following chapter will guide you to this switch s configuration webpage regarding to Monitor D...

Page 259: ...in Configuration System Information System Name Location The system location configured in Configuration System Information System Location MAC Address The MAC Address of this switch Chip ID The Chip...

Page 260: ...nance Monitor Diagnostic Maintenance NGSM48T2 User Manual 260 Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any...

Page 261: ...s The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult the SVG Wiki for more informati...

Page 262: ...ll All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refr...

Page 263: ...this box to enable an automatic refresh of the page at regular intervals Refresh Updates the system log entries starting from the current entry ID Clear Flushes all system log entries Updates the sys...

Page 264: ...e provides an overview of the current switch port states The port states are illustrated as follows RJ45 ports SFP ports State Disabled Down Link Buttons Auto refresh Check this box to refresh the pag...

Page 265: ...transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The num...

Page 266: ...yed counters are Port The logical port for the settings contained in the same row Qn There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packet...

Page 267: ...et Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only...

Page 268: ...herwise it is always No Please note that conflict can be resolved by releaseing the H W resources required to add QCL entry on pressing Resolve Conflict button Buttons Select the QCL status from this...

Page 269: ...eive Total and Transmit Total Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes Includes FCS but...

Page 270: ...frames received with valid CRC Rx Fragments The number of short 1 frames received with invalid CRC Rx Jabber The number of long 2 frames received with invalid CRC Rx Filtered The number of received fr...

Page 271: ...ch Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access management mode is ena...

Page 272: ...sks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MA...

Page 273: ...nknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addr...

Page 274: ...port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it...

Page 275: ...al 275 Security Network NAS This page provides an overview of the current NAS port states Port The switch port number Click to navigate to detailed NAS statistics for this port Admin State The port s...

Page 276: ...ed to the port by the RADIUS server if enabled Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the R...

Page 277: ...1X Multi 802 1X EAPOL Counters Direction Name IEEE Name Description Rx Total dot1xAuthEapolFramesRx The number of valid EAPOL frames of any type that have been received by the switch Rx Response ID do...

Page 278: ...mesTx The number of valid EAPOL Request frames other than Request Identity frames that have been transmitted by the switch Backend Server Counters These backend RADIUS frame counters are available for...

Page 279: ...at the supplicant client has successfully authenticated to the backend server Rx Auth Failures dot1xAuthBackendAuthFails 802 1X and MAC based Counts the number of times that the switch receives a fail...

Page 280: ...02 1X MAC based Auth Last Supplicant Client Info Name IEEE Name Description MAC Address dot1xAuthLastEapolFrameSource The MAC address of the last supplicant client VLAN ID The VLAN ID on which the las...

Page 281: ...hed it shows No supplicants attached This column is not available for MAC based Auth MAC Address For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this c...

Page 282: ...page at regular intervals Click to refresh the page immediately This button is available in the following modes Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Click to clear the c...

Page 283: ...atch all ingress port Port The ACE will match a specific ingress port Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match...

Page 284: ...is displayed the port copy operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on th...

Page 285: ...received and transmitted Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and tr...

Page 286: ...and Tx Lease Active The number of lease active option 53 with value 13 packets received and transmitted Buttons Auto refresh Click this box to enable an automatic refresh of the page at regular inter...

Page 287: ...nt Option The number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID option missing Receive Missing Remote ID The nu...

Page 288: ...ains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address Navigating the ARP Inspection Table Each page shows up to 99 entries from the Dynamic ARP...

Page 289: ...tted MAC Address User MAC address of the entry IP Address User IP address of the entry Buttons Auto refresh Click this box to enable an automatic refresh of the page at regular intervals Refresh Click...

Page 290: ...he Start from port address VLAN and IP address input fields allow the user to select the starting point in the Dynamic IP Source Guard Table Clicking the button will update the displayed table startin...

Page 291: ...to refresh Click this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately Clear Flushes all dynamic entries Updates the table starting fro...

Page 292: ...led Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attemp...

Page 293: ...and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporar...

Page 294: ...t counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Rx Access Accepts radiusAuthClientExtAccess Accepts The number of RADIUS Access Accept packets vali...

Page 295: ...packets that were received from the server on the authentication port and dropped for some other reason Tx Access Requests Radius AuthClientExtAccess Requests The number of RADIUS Access Request pack...

Page 296: ...nabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configur...

Page 297: ...nses radiusAccClientExtRespons es The number of RADIUS packets valid or invalid received from the server Rx Malformed Responses radiusAccClientExtMalform edResponses The number of malformed RADIUS pac...

Page 298: ...r the server that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission Tx Timeouts r...

Page 299: ...s only reachable when more than one server is enabled Round Trip Time radiusAccClientExtRoun dTripTime The time interval measured in milliseconds between the most recent Response and the Request that...

Page 300: ...n bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broad cast The total number of good packets received that...

Page 301: ...including bad packets received that were between 65 to 127 octets in length 128 255 The total number of packets including bad packets received that were between 128 to 255 octets in length 256 511 The...

Page 302: ...sources Drops The total number of events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the ne...

Page 303: ...64 octets received with invalid CRC Jabb The number of frames which size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions on this Ethernet se...

Page 304: ...g and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the threshold...

Page 305: ...t entries The displayed fields are Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry Log TIme Indicates Event log time Log Description Indicates the Eve...

Page 306: ...id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Las...

Page 307: ...means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can ag...

Page 308: ...eived Shows how many LACP frames have been received at each port LACP Transmitted Shows how many LACP frames have been sent from each port Discarded Shows how many unknown or illegal LACP frames have...

Page 309: ...port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the p...

Page 310: ...dge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge i...

Page 311: ...t STP port role of the CIST port The port role can be one of the following values AlternatePort BackupPort RootPort DesignatedPort Disabled CIST State The current STP port state of the CIST port The p...

Page 312: ...er of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notificatio...

Page 313: ...1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Receiv...

Page 314: ...om that or the closest next MVR Group Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with t...

Page 315: ...uerier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Queri...

Page 316: ...t leads towards the Layer 3 multicast device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both den...

Page 317: ...N and group input fields allow the user to select the starting point in the IGMP Group Table Clicking the Refresh button will update the displayed table starting from that or the closest next IGMP Gro...

Page 318: ...refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Refreshes the displayed table starting from the input fields Updates the table starting with the first en...

Page 319: ...IGMP SFM Information Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP SFM Information Table Clicking the Refresh button will update the displaye...

Page 320: ...to be 128 Type Indicates the Type It can be either Allow or Deny Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Refreshes the displayed ta...

Page 321: ...1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V1 Leaves Received The number of Received V1 Leaves Router Port Display which ports act as ro...

Page 322: ...king the Refresh button will update the displayed table starting from that or the next closest MLD Group Table match In addition the two input fields will upon a Refresh button click assume the value...

Page 323: ...t visited the web page will show the first 20 entries from the beginning of the MLD SFM Information Table The Start from VLAN and group input fields allow the user to select the starting point in the...

Page 324: ...ly system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Buttons Auto refresh Check this box to enable an automatic refre...

Page 325: ...on of the neighbor s LLDP frames Remote Port ID The Remote Port ID is the identification of the neighbor port System Name System Name is the name advertised by the neighbor unit Port Description Port...

Page 326: ...Address is the neighbor unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbor s IP address Buttons Refresh Clic...

Page 327: ...he following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB...

Page 328: ...bilities include all of the capabilities defined for the previous Generic Endpoint Class Class I and are extended to include aspects related to media streaming Example product categories expected to a...

Page 329: ...voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications 2 Voice Signalling for use in network topologies...

Page 330: ...d or an untagged VLAN Can be Tagged or Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is usin...

Page 331: ...ayed table contains a row for each port The columns hold the following information Local Port The port on which LLDP frames are received or transmitted Tx Tw The link parther s maximum time that trans...

Page 332: ...nk partners request was based on stale information Echo Rx Tw The link partner s Echo Rx Tw value Resolved Tx Tw The resolved Tx Tw for this link Note NOT the link parther The resolved value that is t...

Page 333: ...last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch re...

Page 334: ...hen the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs...

Page 335: ...and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the button will update the displayed table starting from that or the closest next MAC Table match In additio...

Page 336: ...the page at regular intervals Refresh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Clear Flushes all dynamic entries Updates the table starting from the...

Page 337: ...ports on a VLAN bridged network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicas...

Page 338: ...from that or the closest next VLAN Table match The will use the last entry of the currently displayed VLAN entry as a basis for the next lookup When the end is reached the text No more entries is sho...

Page 339: ...rotocol MVRP allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating fro...

Page 340: ...ccepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded Tx Tag Shows egress fi...

Page 341: ...ers Currently we support following VLAN User types CLI Web SNMP These are referred to as static NAS NAS provides port based authentication which involves communications between a Supplicant Authentica...

Page 342: ...he sampled datagram for analysis The attributes associated with the flow sampling are sampler type sampling rate maximum header size Counter Sampling Counter sampling performs periodic time based samp...

Page 343: ...ption of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs ICMP Ping Output Result PING server 192 168 2 100 56 bytes of data 64 bytes from...

Page 344: ...all packets are received or until a timeout occurs ICMPv6 Ping Output PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes f...

Page 345: ...ccurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop re...

Page 346: ...agnostic Maintenance Monitor Diagnostic Maintenance NGSM48T2 User Manual 346 Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in mete...

Page 347: ...tory Defaults You can reset the configuration of the switch on this page Only the IP configuration is retained The new configuration is available immediately which means that no restart is necessary Y...

Page 348: ...he Browse command Click Upload to start the process After the software image is uploaded a page announces that the firmware update is initiated After about a minute the firmware is updated and the swi...

Page 349: ...d 2 If the alternate image is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and a...

Page 350: ...odule controlling specific parts of the configuration Group tags port table vlan table etc These tags identify a group of parameters typically a table Parameter tags mode entry etc These tags identify...

Page 351: ...ce Monitor Diagnostic Maintenance NGSM48T2 User Manual 351 mac global switch sid 1 mac entry port 1 24 learn mode auto entry mac switch configuration Save Click to save the configuration file Upload C...

Page 352: ...changes even within the product s operating temperature range may cause malfunctions DO NOT install this product in a location near any sources of water or liquid DO NOT stack this product with other...

Page 353: ...tion will guide you to set the IP address properly in a Microsoft Windows 8 environment Setting IP address in other Microsoft operating system such as Windows Vista or Windows 7 is quite the same and...

Page 354: ...SM48T2 User Manual 354 3 An Ethernet Status window will pop up Please click on the Properties button as shown in the figure down below 4 An Ethernet Properties window will pop up Please double click o...

Page 355: ...own in the figure down below By default your product s IP address should be 192 168 2 1 You can set any IP address as long as it s not the same with your product s IP address and is in the same networ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands