manualshive.com logo in svg

ORiNG IGPS-9080, User Manual

The ORiNG IGPS-9080 user manual is available for free download on our website. This manual provides detailed instructions on how to use and program your IGPS-9080 device. Get your hands on this essential manual to maximize the potential of your product. Download it from manualshive.com.

Share
Download
background image

IGPS-9080 Series User Manual

ORing Industrial Networking Corp

123

man-in-the-middle, forwarding requests and responses between the supplicant and the

authentication server. Frames sent between the supplicant and the switch are special 802.1X

frames, known as EAPOL (EAP Over LANs) frames which encapsulate EAP PDUs (RFC3748).

Frames sent between the switch and the RADIUS server are RADIUS packets. RADIUS

packets also encapsulate EAP PDUs together with other attributes like the switch's IP address,

name, and the supplicant's port number on the switch. EAP is very flexible as it allows for

different authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is

that the authenticator (the switch) does not need to know which authentication method the

supplicant and the authentication server are using, or how many information exchange frames

are needed for a particular method. The switch simply encapsulates the EAP part of the frame

into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a

success or failure indication. Besides forwarding the result to the supplicant, the switch uses it

to open up or block traffic on the switch port connected to the supplicant.

Note: in an environment where two backend servers are enabled, the server timeout is

configured to X seconds (using the authentication configuration page), and the first server in

the list is currently down (but not considered dead), if the supplicant retransmits EAPOL Start

frames at a rate faster than X seconds, it will never be authenticated because the switch will

cancel on-going backend authentication server requests whenever it receives a new EAPOL

Start frame from the supplicant. Since the server has not failed (because the X seconds have

not expired), the same server will be contacted when the next backend authentication server

request from the switch. This scenario will loop forever. Therefore, the server timeout should

be smaller than the supplicant's EAPOL Start frame retransmission rate.

Overview of MAC-Based Authentication

Unlike 802.1X, MAC-based authentication is not a standard, but merely a best-practices

method adopted by the industry. In MAC-based authentication, users are called clients, and

the switch acts as the supplicant on behalf of clients. The initial frame (any kind of frame) sent

by a client is snooped by the switch, which in turn uses the client's MAC address as both

username and password in the subsequent EAP exchange with the RADIUS server. The

6-byte MAC address is converted to a string in the following form "xx-xx-xx-xx-xx-xx", that is, a

dash (-) is used as separator between the lower-cased hexadecimal digits. The switch only

supports the MD5-Challenge authentication method, so the RADIUS server must be

configured accordingly.

When authentication is complete, the RADIUS server sends a success or failure indication,

which in turn causes the switch to open up or block traffic for that particular client, using static

entries into the MAC Table. Only then will frames from the client be forwarded on the switch.

Summary of Contents for IGPS-9080

Page 1: ...rp I IG GP PS S 9 90 08 80 0 S Se er ri ie es s I In nd du us st tr ri ia al l M Ma an na ag ge ed d E Et th he er rn ne et t S Sw wi it tc ch h U Us se er r M Ma an nu ua al l V Ve er rs si io on n 1...

Page 2: ...enses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORi...

Page 3: ...nel 10 Hardware Installation 11 3 1 DIN Rail Installation 11 3 2 Wall Mounting 12 3 3 Wiring 13 3 3 1 Grounding 14 3 3 2 Fault Relay 14 3 3 3 Redundant Power Inputs 14 3 4 Connection 14 3 4 1 Cables 1...

Page 4: ...Dynamic Client List 48 5 2 3 Client List 48 5 2 4 Relay Agent 49 5 3 Port Setting 51 5 3 1 Port Control 51 5 3 2 Port Trunk 53 5 3 4 Loop Gourd 57 5 4 VLAN 58 5 4 1 VLAN Membership 58 5 4 2 Port Confi...

Page 5: ...CL Status 93 5 7 Multicast 94 5 7 1 IGMP Snooping 94 5 7 2 VLAN Configurations of IGMP Snooping 95 5 7 3 IGMP Snooping Status 96 5 7 4 Groups Information of IGMP Snooping 97 5 8 Security 98 5 8 1 Remo...

Page 6: ...0 5 Cable Diagnostics 143 5 10 6 SFP Monitor 144 5 10 7 Ping 144 IPv6 Ping 145 5 11 Synchronization 145 5 12 PoE 148 5 12 1 Configurations 148 5 12 2 Status 150 5 13 Troubleshooting 151 5 13 1 Factory...

Page 7: ...e device can be managed centrally via ORing s proprietary Open Vision platform as well as via Web based interfaces Telnet and console CLI 1 2 Software Features Supports Open Ring interoperates with ot...

Page 8: ...ia Web based Telnet Console CLI and Windows utility Open Vision Supports LLDP Protocol 1 3 Hardware Specifications Redundant DC power inputs 8 x 10 100 1000Base T X P S E ports 1 x console port Operat...

Page 9: ...4VDC power inputs IGPS 9080 NP 24V Standard functions with P S E 24VDC power inputs but without IEEE 1588v2 clock synchronization support The device provides the following ports on the front panel The...

Page 10: ...Fault Amber On Errors occur i e power failure or port malfunctioning P O E Green On Power transmitted via Ethernet cable 10 100 1000Base T X Fast Ethernet ports LNK ACT Green On Port is linked Blinki...

Page 11: ...ets of screw holes The two sets placed in triangular patterns on both ends of the rear panel are used for wall mounting red boxes in the figure below and the set of four holes in the middle are used f...

Page 12: ...t allows you to fasten the switch to a DIN Rail Installing the switch on the DIN Rail is easy DIN Rail Measurement Unit mm Installing the switch on the DIN rail is easy First screw the Din rail kit on...

Page 13: ...h can be fixed to the wall via a wall mount panel which can be found in the package Wall Mount Kit Measurement Unit mm To mount the switch onto the wall follow the steps 1 Screw the two pieces of wall...

Page 14: ...slide the switch down before tightening the screw Note Instead of screwing the screws in all the way leave about 2 mm to allow room for sliding the wall mount panel between the wall and the screws 3 3...

Page 15: ...the ground connection from the ground screw to the grounding surface prior to connecting devices 3 3 2 Fault Relay The two sets of relay contacts of the 6 pin terminal block connector are used to det...

Page 16: ...eiving data 10 100 Base T X P S E RJ 45 Port Pin Assignments Pin Number Assignment 1 TD with PoE Power input 2 TD with PoE Power input 3 RD with PoE Power input 6 RD with PoE Power input 1000 Base T P...

Page 17: ...and signs represent the polarity of the wires that make up each wire pair RS 232 console port wiring The device can be managed via console ports using a RS 232 cable which can be found in the package...

Page 18: ...n about the port setting please refer to 4 1 2 Configurations 3 Connect the last switch to the first switch to form a ring topology Coupling Ring If you already have two O Ring topologies and would li...

Page 19: ...ct as the main path while the other will act as the backup path Dual Homing If you want to connect your ring topology to a RSTP network environment you can use dual homing Choose two switches Switch A...

Page 20: ...m the chain Switch A B that you want to connect to the O Ring and connect them to the switches in the ring Switch C D 2 In correspondence to the port connected to the ring configure an edge port for b...

Page 21: ...time of less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation and up to 250 nodes The ring protocols identify one switch as the master of...

Page 22: ...de a big ring into two smaller rings to avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Ports for connecting multiple rings A coupling...

Page 23: ...enables the network to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment...

Page 24: ...in ring configuration to recover from failure rapidly to ensure seamless data transmission A MRP ring IEC 62439 can support up to 50 devices and will enable a back up link in 80ms adjustable to max 20...

Page 25: ...f the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds and MaxAge must be FwdDelay 1 2 Maximum Hop Count This defines the initial value of...

Page 26: ...the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI configuration named a...

Page 27: ...ge instance priority configurations and possibly change them as well Label Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge pri...

Page 28: ...cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000...

Page 29: ...It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control...

Page 30: ...recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forward...

Page 31: ...rrently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Pa...

Page 32: ...kupPort RootPort DesignatedPort State The current STP port state of the CIST port The port state can be one of the following values Blocking Learning Forwarding Uptime The time since the bridge port w...

Page 33: ...umber of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Click to refresh the page immed...

Page 34: ...Networking Corp 33 Label Description Active Activate fast recovery mode port Ports can be set to 8 priorities Only the port with the highest priority will be the active port 1st Priority is the highe...

Page 35: ...er friendly viewing screen Note By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for networ...

Page 36: ...e management interface shows links to various settings Clicking on the links will bring you to individual configuration pages 5 1 Basic Settings The Basic Settings page allows you to configure the bas...

Page 37: ...al identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are...

Page 38: ...er database on the switch is used for authentication Radius a remote RADIUS server is used for authentication Fallback Check to enable fallback to local authentication If none of the configured authen...

Page 39: ...efault IP is 192 168 10 1 IP Mask Assigns the subnet mask of the IP address If DHCP client function is enabled you do not need to assign the subnet mask IP Router Assigns the network gateway for the s...

Page 40: ...ial syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192...

Page 41: ...p to 16 alpha numeric characters and can contain _ or Daylight Saving Time Configuration Label Description Daylight Saving Time This is used to set the clock forward or backward according to the confi...

Page 42: ...month Hours Select the starting hour Minutes Select the starting minute End Time Settings Label Description Week Select the ending week number Day Select the ending day Month Select the ending month...

Page 43: ...ble HTTPS Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 8 SSH SSH Secure Shell is a cryptographic network protocol intended for secu...

Page 44: ...ll be applied Mode Indicates the selected LLDP mode Rx only the switch will not send out LLDP information but LLDP information from its neighbors will be analyzed Tx only the switch will drop LLDP inf...

Page 45: ...1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS Cable Device 8 Station Only 9 Reserved When a capability is enabled a will be displayed If the capability is disabled a wi...

Page 46: ...of entries deleted due to expired time to live Local Counters Label Description Local Port The port that receives or transmits LLDP frames Tx Frames The number of LLDP frames transmitted on the port...

Page 47: ...e age out counter will be incremented Refresh Click to refresh the page immediately Clear Click to clear the local counters All counters including global counters are cleared upon reboot Auto refresh...

Page 48: ...es DHCP server functions By enabling DHCP the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients 5 2 1 Basic Settings This page allows...

Page 49: ...y in the following table You can select the entries and add them to a static table by clicking Add to static Table 5 2 3 Client List You can assign a specific IP address within the dynamic IP range to...

Page 50: ...d to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain Relay Information Mode Indicates the existing DHCP relay information mode The for...

Page 51: ...e containing the information is received Drop drop the package when a DHCP message containing the information is received The relay statistics shows the information of relayed packets of the switch La...

Page 52: ...packets containing relay agent information Replace Agent Option The number of packets replaced when received messages contain relay agent information Keep Agent Option The number of packets whose rela...

Page 53: ...nt Tx indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last auto negotiation You can check the Configured column to use flow contro...

Page 54: ...rce MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Addr...

Page 55: ...the ports must be in the same speed in each group 5 3 3 LACP LACP Link Aggregation Control Protocol trunks are similar to static port trunks but they are more flexible because LACP is compliant with...

Page 56: ...tivity status Active will transmit LACP packets every second while Passive will wait for a LACP packet from a partner speak if spoken to Save Click to save changes Reset Click to undo changes made loc...

Page 57: ...ion group unless other ports are removed The LACP status is disabled Key The key assigned to the port Only ports with the same key can be aggregated Aggr ID The aggregation ID assigned to the aggregat...

Page 58: ...P frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals Clear Click to clear the counters for a...

Page 59: ...rotection functions as a whole Action Configures the action to take when a loop is detected Valid values include Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is ac...

Page 60: ...check as needed to modify the entry Add New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Valid values for a VLAN ID are 1 through 4095 Af...

Page 61: ...l frames are classified to the port VLAN ID and tags are not removed Ingress Filtering Enable ingress filtering on a port by checking the box This parameter affects VLAN ingress processing If ingress...

Page 62: ...ues is 1 through 4095 The default value is 1 Note The port must be a member of the same VLAN as the port VLAN ID Tx Tag Determines egress tagging of a port Untag_pvid all VLANs except the configured P...

Page 63: ...of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not 0x88A8 ex 0x8100 it will be discarded The TPID of a frame transmitted by S port will be set to 0x88A8 S custom port When the port re...

Page 64: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 63...

Page 65: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 64...

Page 66: ...ries User Manual ORing Industrial Networking Corp 65 Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Below are the swi...

Page 67: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 66 VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Page 68: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 67 VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Page 69: ...N QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN 9000 Series Port 1 VLAN Settings VLAN ID Settings When setting the managemen...

Page 70: ...N ID or destination MAC address A port must be a member of both a VLAN and a private VLAN to be able to forward packets This page allows you to configure private VLAN memberships for the switch By def...

Page 71: ...The private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new private VLANs A private VLAN is defined as a pairing of a primary VLAN with a secondary VLAN...

Page 72: ...ring length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be...

Page 73: ...rs from 33 to 126 are allowed Trap Destination Address Indicates the SNMP trap destination address Trap Destination IPv6 Address Provides the trap destination IPv6 address of this switch IPv6 address...

Page 74: ...ty Configurations You can define access to the SNMP data on your devices by creating one or more SNMP communities An SNMP community is the group that devices and management stations running SNMP belon...

Page 75: ...Model VACM for access control For the USM entry the usmUserEngineID and usmUserName are the entry keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can als...

Page 76: ...allowed Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols include None no privacy protocol DES an optional flag to indicate that this user is...

Page 77: ...should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Group Name A string identifying the group name that this entry should belong to The allowed s...

Page 78: ...ry OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 5 5 6 SNMP Access Configura...

Page 79: ...flood the LAN creating excessive traffic and degrading network performance Errors in the protocol stack implementation mistakes in network configuration or users issuing a denial of service attack ca...

Page 80: ...mes in higher priority queues receive a bigger slice of bandwidth than those in a lower priority queue Label Description Port The port number for which the configuration below applies QoS Class Contro...

Page 81: ...from the PCP and DEI value in the tag Otherwise the frame is classified to the default DP level The classified DP level can be overruled by a QCL entry PCP Controls the default PCP value All frames ar...

Page 82: ...ck on the port number to configure tag remarking Mode Shows the tag remarking mode for this port Classified use classified PCP DEI values Default use default PCP DEI values Mapped use mapped versions...

Page 83: ...ion Classify includes four values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify only selected DSCP whose classification is ena...

Page 84: ...r limiting the rate of traffic streams thereby controlling the maximum rate of traffic sent or received on an interface When the traffic rate exceeds the configured maximum rate policing drops or rema...

Page 85: ...Configures the unit of measurement for each queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled 5 6 7 Scheduling and...

Page 86: ...Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper...

Page 87: ...ghted scheduling will deliver traffic on a rotating basis It can guarantee each queue s minimum bandwidth based on their bandwidth weight when there is traffic congestion Only when a port has more tra...

Page 88: ...duler Mode is set to Weighted Queue Scheduler Percent Shows the weight of the queue in percentage This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Check to enable p...

Page 89: ...the interface This value must be less than the maximum bandwidth for that interface Label Description Port The switch port number to which the following settings will be applied Click on the port numb...

Page 90: ...value ranges from 0 to 63 Ingress Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Transl...

Page 91: ...rom 0 to 63 5 6 12 DSCP Classification This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value Label Description QoS Class Actual QoS class DPL Actual Drop P...

Page 92: ...of VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 a range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator can be any of values between 0 and 1 or Any SMAC Source MAC A...

Page 93: ...ft to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11...

Page 94: ...d at each queue Label Description Port The switch port number to which the following settings will be applied Qn There are 8 QoS queues per port Q0 is the lowest priority Rx Tx The number of received...

Page 95: ...QCE then DP level will set to a value displayed under DPL column DSCP if a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays the conflict...

Page 96: ...whole aggregation will act as a router port Fast Leave Check to enable fast leave on the port 5 7 2 VLAN Configurations of IGMP Snooping If a VLAN is not IGMP snooping enabled it floods multicast dat...

Page 97: ...se the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Label De...

Page 98: ...umber of received V2 reports V3 Reports Receive The number of received V3 reports V2 Leave Receive The number of received V2 leave packets Refresh Click to refresh the page immediately Clear Clear all...

Page 99: ...l Security allows you to limit remote access to the management interface When enabled requests of the client which is not in the allowed list will be rejected Label Description Port Port number of the...

Page 100: ...ns IP MAC automatically but no binding function Binding enables binding Under this mode any IP MAC that does not match the entry will not be allowed to access the network Shutdown shuts down the port...

Page 101: ...IP address of the device Device MAC Address Specifies MAC address of the device Advanced Configurations Alias IP Address This page provides alias IP address configuration Some devices might have more...

Page 102: ...n monitor ingress packets and perform actions when DDoS attack occurred on this port When network traffic from a specific device increases significantly in a short period of time the switch will lock...

Page 103: ...the same number in the low and high fields Filter If packet type is UDP or TCP please choose the socket direction Destination Source Action Indicates the action to take when DDOS attacks occur Possibl...

Page 104: ...era IP Phone Access Point PC PLC Network Video Recorder Location Address Indicates location information of the device The information can be used for Google Mapping Description Device descriptions Str...

Page 105: ...icates the action to take when the stream gets low Possible actions are no action Log it simply logs the event 5 8 3 ACL An ACL Access Control List is a list of permissions attached to an object An AC...

Page 106: ...to The allowed values are Disabled or a specific port number The default value is Disabled Logging Specifies the logging operation of the port The allowed values are Enabled frames received on the por...

Page 107: ...which vary with the frame type you have selected Label Description Ingress Port Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this po...

Page 108: ...red in the system log Disabled frames matching the ACE are not logged Please note that system log memory capacity and logging rate is limited Shutdown Specifies the shutdown operation of the ACE The a...

Page 109: ...mat is xx xx xx xx xx xx Frames matching the ACE will use this DMAC value Label Description VLAN ID Filter Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter st...

Page 110: ...se refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear For more details of these fields please refer to the help file IP Prot...

Page 111: ...IP address and source IP mask in the SIP Address and SIP Mask fields that appear SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted de...

Page 112: ...specified sender IP filter is don t care Host sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network sender IP filter is set to Network Specify th...

Page 113: ...rames where THA is equal to the SMAC address Any any value is allowed don t care IP Ethernet Length Specifies whether frames will meet the action according to their ARP RARP hardware address length HL...

Page 114: ...d for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE An...

Page 115: ...selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source value TCP UDP Source Range W...

Page 116: ...s where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any value is allowed don t care TCP SYN Specifies the TCP...

Page 117: ...er This page allows you to configure common settings for an authentication server Label Description Timeout The timeout which can be set to a number between 3 and 3600 seconds is the maximum time to w...

Page 118: ...ss If a match is not found or a problem is found with the user s credentials the server returns a reject message to deny access The NAD then establishes or terminates the user s connection The NAD may...

Page 119: ...expressed in dotted decimal notation Port The UDP port to use on the RADIUS accounting server If the port is set to 0 zero the default port 1813 is used on the RADIUS accounting server Secret The sec...

Page 120: ...nabled but IP communication is not yet up and running Ready the server is enabled IP communications are built and the RADIUS module is ready to accept access attempts Dead X seconds left access attemp...

Page 121: ...seconds left accounting attempts are made to this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires...

Page 122: ...tworking Corp 121 Other Info This section contains information about the state of the server and the latest round trip time Label Description Packet Counters RADIUS accounting server packet counters T...

Page 123: ...prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more backend servers RADIUS determine whether the user is allowed access to the netw...

Page 124: ...urrently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it will never be authenticated because the switch will cancel on going backend au...

Page 125: ...n be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challenge method is supported 802 1X and MAC Based authentication configuratio...

Page 126: ...ule needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period...

Page 127: ...ween the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packe...

Page 128: ...a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Single 802 1X variant...

Page 129: ...e sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wak...

Page 130: ...quipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited usin...

Page 131: ...NAS port statuses Label Description Port The switch port number Click to navigate to detailed 802 1X statistics of each port Admin State The port s current administrative state Refer to NAS Admin Sta...

Page 132: ...displayed Label Description Admin State The port s current administrative state Refer to NAS Admin State for more details regarding each value Port State The current state of the port Refer to NAS Por...

Page 133: ...r the following administrative states 802 1X MAC based Auth 5 9 Alerts 5 9 1 Fault Alarm When any selected fault event happens the Fault LED on the switch panel will light up and the electric relay wi...

Page 134: ...hem As Syslog messages are UDP based the sender and receiver will not be aware of it if the packet is lost due to network disconnection and no UDP packet will be resent Label Description Server Mode I...

Page 135: ...s a protocol for transmitting e mails across the Internet By setting up SMTP alert the device will send a notification e mail when a user defined event occurs Label Description E mail Alarm Enables or...

Page 136: ...will gray out if SYSLOG or SMTP is disabled Label Description System Cold Start Sends out alerts when the system is restarted Power Status Sends out alerts when power is up or down SNMP Authentication...

Page 137: ...tablet will age out after a configured aging time Such entries can be added by learning or manual configuration Aging Configuration Aging enables the switch to track only active MAC addresses on the...

Page 138: ...received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped Note make sure the link used for managing the switch is added to the static Mac table befo...

Page 139: ...d the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Star...

Page 140: ...in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding...

Page 141: ...mitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad br...

Page 142: ...me length configured for this port 5 10 3 Port Mirroring Port mirroring function will copy the traffic of one port to another port on the same switch to allow the network analyzer attached to the mirr...

Page 143: ...mirror Tx frames to the mirror port In this case mode for the selected mirror port is limited to Disabled or Rx nly 5 10 4 System Log Information This page provides switch system log information Labe...

Page 144: ...the port from the drop down list and click Start to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page...

Page 145: ...up event alarms through DDM Web interface 5 10 7 Ping This command sends ICMP echo request packets to another node on the network Using the ping command you can see if another site on the network can...

Page 146: ...llowing properties of the issued ICMP packets Label Description IP Address The destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 to 1400 bytes IPv6 Ping PING6 se...

Page 147: ...al Enable The box allows you to configure external clock output The following values are possible True enable external clock output False disable external clock output VCXO_Enable The box allows you t...

Page 148: ...ed This parameter applies only to a slave In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay req...

Page 149: ...he amount of power that each port reserves The allocated reserved power for each port power device is specified in the Maximum Power field Class each port automatically determines how much power to re...

Page 150: ...rimary and Backup Power Source Some switches support two PoE power supplies One is used as primary power source and one as a backup If the switch does not support backup power supply only the primary...

Page 151: ...wer consumed by the PD This setting includes five classes Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested Sho...

Page 152: ...owered down PoE turned OFF the power device is turned off Invalid PD the power device is detected but is not working correctly 5 13 Troubleshooting 5 13 1 Factory Defaults This function is to force th...

Page 153: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 152 Label Description Yes Click to reboot device No Click to return to the Port State page without rebooting...

Page 154: ...witch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable...

Page 155: ...nual ORing Industrial Networking Corp 154 Step 3 Select a COM port in the drop down list Step 4 A pop up window that indicates COM port properties appears including bits per second data bits parity st...

Page 156: ...sole login screen will appear Use the keyboard to enter the Username and Password same as the password for Web browsers then press Enter CLI Management by Telnet You can can use TELNETto configure the...

Page 157: ...dmin Follow the steps below to access console via Telnet Step 1 Telnet to the IP address of the switch from the Run window by inputingcommands or from the MS DOS prompt as below Step 2 The Login scree...

Page 158: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 157 Commander Groups...

Page 159: ...isable Setup ip_addr ip_mask ip_router vid Ping ip_addr_string ping_length SNTP ip_addr_string Port port Configuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx sfp_auto_...

Page 160: ...l PortType port_list unaware c port s port s custom port EtypeCustomSport etype Add vid name ports_list Forbidden Add vid name port_list Delete vid name Forbidden Delete vid name Forbidden Lookup vid...

Page 161: ...radius enable disable Security Switch SSH Security switch ssh Configuration Mode enable disable Security Switch HTTPS Security switch ssh Configuration Mode enable disable Security Switch RMON Securi...

Page 162: ...rized macbased Reauthentication enable disable ReauthPeriod reauth_period EapolTimeout eapol_timeout Agetime age_time Holdtime hold_time Authenticate port_list now Statistics port_list clear eapol rad...

Page 163: ...Security Network DHCP Security Network DHCP Configuration Mode enable disable Server ip_addr Information Mode enable disable Information Policy replace keep drop Statistics clear Security Network AAA...

Page 164: ...e Port AutoEdge port_list enable disable Port P2P port_list enable disable auto Port RestrictedRole port_list enable disable Port RestrictedTcn port_list enable disable Port bpduGuard port_list enable...

Page 165: ...al_res lldp_res lldp_con Maximum_Power port_list port_power Status Primary_Supply supply_power QoS QoS DSCP Map dscp_list class dpl DSCP Translation dscp_list trans_dscp DSCP Trust dscp_list enable di...

Page 166: ...able rx tx Dot1x Dot1x Configuration port_list Mode enable disable State port_list macbased auto authorized unauthorized Authenticate port_list now Reauthentication enable disable Period reauth_period...

Page 167: ...c dmac arp sip dip smac arp_opcode arp_flags ip sip dip protocol ip_flags icmp sip dip icmp_type icmp_code ip_flags udp sip dip sport dport ip_flags tcp sip dip sport dport ip_flags tcp_flags permit d...

Page 168: ...d User Lookup index Group Add security_model security_name group_name Group Delete index Group Lookup index View Add view_name included excluded oid_subtree View Delete index View Lookup index Access...

Page 169: ...UniConfig clockinst index duration ip_addr ForeignMasters clockinst port_list EgressLatency show clear MasterTableUnicast clockinst ExtClockMode one_pps_mode ext_enable clockfreq vcxo_enable OnePpsAc...

Page 170: ...rFailure pwr1 pwr2 pwr3 enable disable Event Event Configuration Syslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable disable Syslog RingTopology...

Page 171: ...isable 1stUplinkPort port 2ndUplinkPort port EdgePort 1st 2nd none RCS RCS Mode enable disable Add ip_addr port_list web_on web_off telnet_on telnet_off snmp_on snmp_off Del index Configuration FastRe...

Page 172: ...tion port_list do_nothing link_change shutdown only_log reboot_device Port Alive Status port_list Port Stream Mode port_list enable disable Port Stream Action port_list do_nothing only_log Port Stream...

Page 173: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 172 Parameter MRP_LNKdownT value Parameter MRP_LNKupT value Parameter MRP_LNKNRmax value Modbus Modbus Status Mode enable disable...

Page 174: ...Properties Switching latency 7 us Switching bandwidth 16Gbps Max Number of Available VLANs 256 IGMP multicast groups 128 for each VLAN Port rate limiting User Define Jumbo frame Up to 9 6K Bytes Secur...

Page 175: ...d Power Redundant Input power Dual DC inputs 50 57VDC on 6 pin terminal block Dual DC inputs 12 57VDC on 6 pin terminal block Power consumption Typ PoE output not included 11 Watts 11 Watts 12 Watts 1...

Reviews:

No comments

Related manuals for IGPS-9080

Painless Performance Products 50201 Installation Instructions preview
50201
Brand: Painless Performance Products Pages: 2
Hama 11800 Operating Instruction preview
11800
Brand: Hama Pages: 5
3Com SuperStack 3 4900 Datasheet preview
SuperStack 3 4900
Brand: 3Com Pages: 2
IBM BNT Installation Manual preview
BNT
Brand: IBM Pages: 88
Neol ePowerSwitch 8M+R2 User Manual preview
ePowerSwitch 8M+R2
Brand: Neol Pages: 74
Xantech AC1 Installation Instructions preview
AC1
Brand: Xantech Pages: 2
AVE 8PSWT Specification preview
8PSWT
Brand: AVE Pages: 2
hager TS 204 User Instruction preview
TS 204
Brand: hager Pages: 2
Optex OAM-DUAL T Operation Manual preview
OAM-DUAL T
Brand: Optex Pages: 2
Hall Research Technologies KVMC-UH-8 User Manual preview
KVMC-UH-8
Brand: Hall Research Technologies Pages: 9
NETGEAR GS316P Installation Manual preview
GS316P
Brand: NETGEAR Pages: 8
Black Box LGB5028A Installation Manual preview
LGB5028A
Brand: Black Box Pages: 44
OnQ Technologies 8 Port 10/100 Ethernet Switch Installation Instructions Manual preview
8 Port 10/100 Ethernet Switch
Brand: OnQ Technologies Pages: 14
Linksys SRW224 - 10/100 - Gigabit Switch Specifications preview
SRW224 - 10/100 - Gigabit Switch
Brand: Linksys Pages: 2
ATEN Master View CS-172 User Manual preview
Master View CS-172
Brand: ATEN Pages: 1
Wyrestorm SW-740-TX Quick Start Manual preview
SW-740-TX
Brand: Wyrestorm Pages: 4
H-Tronic TSM 125 Manual preview
TSM 125
Brand: H-Tronic Pages: 36
EMTEST UCS 500 N7 Manual preview
UCS 500 N7
Brand: EMTEST Pages: 99

Brands by name

Popular brands

Load more brands