Home
/
ORiNG
/
TES-3080-M12 Series
/
User Manual

ORiNG TES-3080-M12 Series, User Manual

Share

Page: 68 / 111

ORiNG TES-3080-M12 Series User Manual Download Page 68

TES-3080-M12(-BP2) User Manual

ORing Industrial Networking Corp

67

5.9.4 802.1x

The IEEE 802.1X standard defines a port-based access control procedure that prevents
unauthorized access to a network by requiring users to first submit credentials for
authentication. One or more backend servers (RADIUS

)

determine whether the user is allowed

access to the network.

In an 802.1X network environment, the user is called the supplicant, the switch is the
authenticator, and the RADIUS server is the authentication server. The switch acts as the
man-in-the-middle, forwarding requests and responses between the supplicant and the
authentication server. Frames sent between the supplicant and the switch are special 802.1X
frames, known as EAPOL (EAP Over LANs) frames which encapsulate EAP PDUs. Frames
sent between the switch and the RADIUS server are RADIUS packets. RADIUS packets also
encapsulate EAP PDUs together with other attributes like the switch's IP address, name, and
the supplicant's port number on the switch. EAP is very flexible as it allows for different
authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is that the
authenticator (the switch) does not need to know which authentication method the supplicant
and the authentication server are using, or how many information exchange frames are
needed for a particular method. The switch simply encapsulates the EAP part of the frame into
the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a
success or failure indication. Besides forwarding the result to the supplicant, the switch uses it
to open up or block traffic on the switch port connected to the supplicant.

Note: in an environment where two backend servers are enabled, the server timeout is
configured to X seconds (using the authentication configuration page), and the first server in
the list is currently down (but not considered dead), if the supplicant retransmits EAPOL Start
frames at a rate faster than X seconds, it will never be authenticated because the switch will
cancel on-going backend authentication server requests whenever it receives a new EAPOL
Start frame from the supplicant. Since the server has not failed (because the X seconds have
not expired), the same server will be contacted when the next backend authentication server
request from the switch. This scenario will loop forever. Therefore, the server timeout should
be smaller than the supplicant's EAPOL Start frame retransmission rate.

«
...
66
67
68
69
70
...
»

Summary of Contents for TES-3080-M12 Series

Page 1: ...IE ES S I In nd du us st tr ri ia al l M Ma an na ag ge ed d E Et th he er rn ne et t S Sw wi it tc ch he es s U Us se er r M Ma an nu ua al l V Ve er rs si io on n 4 4 1 1 D DE EC C 2 20 02 21 1 h ht...

Page 2: ...expenses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to...

Page 3: ...3 2 Wiring 11 3 2 1 Grounding 12 3 2 2 Relay Output 12 3 2 3 Power Input 12 3 3 Cables 12 3 3 1 Ethernet Connection 12 3 3 2 Console Port 13 3 3 3 O Ring O Chain 13 Redundancy 17 4 1 O Ring 17 4 1 1 I...

Page 4: ...ooping 45 5 3 2 MVR 46 5 3 3 Static Multicast Filtering 46 5 4 Port Setting 47 5 4 1 Port Control 48 5 4 2 Port Status 48 5 4 3 Port Alias 48 5 4 4 Rate Limit 49 5 4 5 Port Trunk 49 5 4 6 Loop Guard 5...

Page 5: ...ce Management 84 6 1 Commands Set List System Commands Set 89 6 2 Commands Set List Port Commands Set 91 6 3 Commands Set List Trunk command set 94 6 4 Commands Set List VLAN command set 95 6 5 Comman...

Page 6: ...e can be managed centrally by ORing s Open Vision software 1 2 Software Features Supports O Ring Recovery time 10ms over 250 units connection Supports O Chain to allow multiple redundant network rings...

Page 7: ...anual ORing Industrial Networking Corp 6 Wall mounting enabled Wide Operating Temperature 40 to 75o C Storage Temperature 40 to 85o C Operating Humidity 5 to 95 non condensing Casing IP 30 Dimensions...

Page 8: ...e T X Ethernet ports in 4 pin D coded M12 female connectors Console 1 x console port Baud rate setting 9600bps 8 N 1 in 5 pin A coded M12 female connector Relay Output 1 x 24VDC 3A in 5 pin A coded M1...

Page 9: ...Fault Red On Errors occur power failure or port link down 10 100Base T X Ports LNK ACT Green On Port is linked Blinking Transmitting data DPX COL Amber On Port running in full duplex mode Blinking Col...

Page 10: ...TES 3080 M12 BP2 User Manual ORing Industrial Networking Corp 9 bypass ports that ensure constant network connectivity during power failure...

Page 11: ...he steps below to install the device on the wall Step 1 Hold the Switch upright against the wall Step 2 Insert four screws through the large opening of the keyhole shaped apertures at the top and bott...

Page 12: ...imum ratings the wiring could overheat causing serious damage to your equipment 4 Use separate paths to route wiring for power and devices If power wiring and device wiring paths must cross make sure...

Page 13: ...form an open circuit when an event is triggered 3 2 3 Power Input The switch provides two sets of power supply on a M23 5 pin female connector to enable power input Step 1 Insert a power cable to the...

Page 14: ...nector Below is the pin assignment for Ethernet ports 4 Pin Port Definition 3 3 2 Console Port 3 3 3 O Ring O Chain O RING You can connect three or more switches to form a ring topology to gain networ...

Page 15: ...for example switch A and B from Ring 1 and switch C and D from ring 2 Decide which port on each switch to be used as the coupling port and then link them together for example port 1 of switch A to po...

Page 16: ...when the primary path connection fails O Chain When connecting multiple O Rings to meet your expansion demand you can create an O Chain topology through the following steps 1 Select two switches from...

Page 17: ...TES 3080 M12 BP2 User Manual ORing Industrial Networking Corp 16...

Page 18: ...less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation and up to 250 nodes The ring protocols identify one switch as the master of the net...

Page 19: ...n divide a big ring into two smaller rings to avoid network topology changes affecting all switches It is a good method for connecting two rings Couple Port Ports for connecting multiple rings A coupl...

Page 20: ...enables the network to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment...

Page 21: ...up 4 3 Bypass 4 3 1 Introduction Bypass provides reliable and uninterrupted connections of inline network devices when any of the devices encounter hardware failure such as power outage Figure 1 show...

Page 22: ...he backup link will be activated immediately when one of the links is down thereby ensuring uninterrupted data transmission However if any inline device fails the network will be disconnected see belo...

Page 23: ...tworking Corp 22 Fast Ethernet Networks Fiber Networks When a link between two switches fails following the breakdown of the switch the backup link will be activated Data will then be transmitted via...

Page 24: ...s must be within the maximum length otherwise transmission will fail 4 4 MRP Only for special request 4 4 1 Introduction MRP Media Redundancy Protocol is an industry standard for high availability Eth...

Page 25: ...id Spanning Tree Protocol and MSTP Multiple Spanning Tree Protocol are designed to prevent network loops and provide network redundancy Network loops occur frequently in large networks as when two or...

Page 26: ...connected to RSTP device needs to specify edge port The user must specify the edge port according to topology of network RSTP Bridge Setting Label Description RSTP mode Enables or disables RSTP mode...

Page 27: ...t the BPDU packet to check RSTP current status The time is measured in seconds and the valid value is between 1 and 10 Forwarding Delay Time 4 30 The time of a port waits before changing from RSTP lea...

Page 28: ...eans P2P disabling Transiting to forwarding state is faster for point to point LANs than for shared media Admin Edge Specify whether this port is an edge port or a nonedge port An edge port is not con...

Page 29: ...cted as root port for CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an alternate port after the root port has been selected If set spanning tre...

Page 30: ...tual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before MSTI port configur...

Page 31: ...The value must be a multiple of 4096 according to the protocol standard rule Max Age Time 6 40 The number of seconds a bridge waits without receiving Spanning tree Protocol configuration messages befo...

Page 32: ...r set to true or false manually True means P2P enabling False means P2P disabling Transiting to forwarding state is faster for point to point LANs than for shared media Admin Edge Specify whether this...

Page 33: ...rt The port number which you want to configure Priority 0 240 Decides the priority of ports to be blocked in the LAN The valid value is between 0 and 240 and must be a multiple of 16 Path Cost 1 20000...

Page 34: ...tworking Corp 33 Label Description Active Activate fast recovery mode Port 01 08 Ports can be set to 8 priorities Only the port with the highest priority will be the active port 1st Priority is the hi...

Page 35: ...o enhances access speed and provides a user friendly viewing screen Note By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately i...

Page 36: ...ation of the switch as below On the left hand side of the management interface shows links to various settings Clicking on the links will bring you to individual configuration pages On the right hand...

Page 37: ...set 3rd floor The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are allowed System Contact The textual identification of the contact person for this managed node together...

Page 38: ...he system password required to access the web pages or log in from CLI Label Description User name The account name you use to log into the system the default is admin New Password The new system pass...

Page 39: ...P server will assign an IP address to the switch and it will be displayed in this column The default IP is 192 168 10 1 Subnet Mask Assigns the subnet mask of the IP address If DHCP client function is...

Page 40: ...Jan Dec Day 1 31 28 System Time Specify the hour minute and second of the system clock hh mm ss Hour 0 24 Minute 0 59 Second 0 59 SNTP SNTP Simple Network Time Protocol is a protocol able to synchron...

Page 41: ...ll vary each year Daylight Saving Offset Configures the offset time Apply Click to apply the changes The following table lists different location time zones for your reference Local Time Zone Conversi...

Page 42: ...CCT China Coast USSR Zone 7 8 hours 8 pm JST Japan Standard USSR Zone 8 9 hours 9 pm EAST East Australian Standard GST Guam Standard USSR Zone 9 10 hours 10 pm IDLE International Date Line NZST New Z...

Page 43: ...tion LLDP Protocol Enables or disables LLDP function LLDP Interval The interval of resending LLDP 30 seconds by default Apply Click to apply the configurations Help Shows help file Neighbor info table...

Page 44: ...irmware automatically Before updating make sure you have your TFTP server ready and the firmware image and configuration files are on the TFTP server 5 2 6 Backup Restore You can save current values f...

Page 45: ...save the configuration file to your your PC instead of a TFTP server Restore Click to restore the configurations Form Local PC You can use the file stored on a local PC instead of from the TFTP serve...

Page 46: ...his conserves bandwidth by allowing the switch to send multicast traffic to only those interfaces that are connected to hosts that want to receive the traffic instead of flooding the traffic to all in...

Page 47: ...E Indicates the MVR type of the port Inactive means the port is not participating in any MVR groups Immediate Leave Check to enables immediate leave function Immediate leave reduces the length of time...

Page 48: ...255 255 255 Member Ports Check the box next to the port number to include them as member ports in the specific multicast group Add Click to add the ports to the IP multicast list Delete Deletes an en...

Page 49: ...Security Enabling port security will disable MAC address learning in this port Thus only the frames with MAC addresses in the port security list will be forwarded otherwise will be discarded Auto Dete...

Page 50: ...ate for incoming traffic Egress The transmission rate for outgoing traffic Apply Click to activate the configurations 5 4 5 Port Trunk A port trunk is a group of ports that have been grouped together...

Page 51: ...rts will automatically negotiate a trunk with LACP configured ports on another device Work Port The total number of active ports in a dynamic trunk group The default value of works ports is Max In a d...

Page 52: ...y preventing the loop attack from affecting other network devices Label Description Active Check to enable Loop Guard Port Status Indicates the enabled disabled status of the port 5 5 VLAN 5 5 1 VLAN...

Page 53: ...ports Management VLAN ID The VLAN ID for the entry Link type Three link types are available Access Link An access link connects a VLAN unaware device to the port of a VLAN aware bridge All frames on a...

Page 54: ...tch Apply Click to set the configurations 5 5 2 Port Based Packets can only be sent to members in the same VLAN group All unselected ports will be treated as belonging to another single VLAN If port b...

Page 55: ...can transmit data based on its importance thereby ensuring mission critical applications such as VoIP and video teleconferencing have sufficient bandwidth for transmission when the network is congeste...

Page 56: ...utput priority is determined by COS and TOS but TOS first QOS policy Using the 8 4 2 1 weight fair queue scheme the output queues will use an 8 4 2 1 ratio to transmit packets from the highest to lowe...

Page 57: ...802 1p COS Class of Service also known as 802 1p is a parameter for differentiating the types of payloads contained in the packet to be transmitted CoS operates only on 802 1Q VLAN Ethernet at Layer...

Page 58: ...Differentiated Services Code Point The output priority of a packet can be determined by this field and the supported priority value ranges from 0 to 63 DSCP supports four priority queues High Middle L...

Page 59: ...e lowest IP address in the range is considered the start IP address For example if the range is from 192 168 1 100 to 192 168 1 200 192 168 1 100 will be the start IP address High IP Address The end o...

Page 60: ...ign a specific IP address within the dynamic IP range to a specific port When a device is connected to the port and requests for dynamic IP assigning the switch will assign the IP address that has pre...

Page 61: ...DHCP client to server packet is received It is intended for use by agents in relaying DHCP responses back to the proper circuit Apply Click to apply the configurations 5 8 SNMP SNMP Simple Network Ma...

Page 62: ...ability is often public The default management or write community string is often private Do not leave the community string to public on any of your SNMP agents Since anyone with SNMP manager software...

Page 63: ...n Server IP The IP address of the server to receive traps Community The community string for authentication Trap Version The trap version V1 and V2c are supported Add Click to add the trap sever to th...

Page 64: ...TES 3080 M12 BP2 User Manual ORing Industrial Networking Corp 63...

Page 65: ...User ID the name of the user to be added to the table Group Name the name of the group Click Add after inputting the information Access Table The Access table lists the access rights and restrictions...

Page 66: ...ocol 5 9 1 IP Security By setting up a secure IP list only IP addresses in the list can manage the switch according to the management mode you have specified WEB Telnet SNMP etc Label Description Mode...

Page 67: ...can block specific devices from network access by creating a MAC blacklist MAC blacklists will prevent traffic from forwarding to specific MAC addresses in the list Any frames forwarding to the MAC a...

Page 68: ...switch does not need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch s...

Page 69: ...sts Shared Key A key shared between the switch and authentication server NAS Identifier A string used to identify the switch Quiet Period The time interval between authentication failure and the start...

Page 70: ...authorized mode of each port can be set in the following dialog Label Description Port Authorize Mode Reject force the port to be unauthorized Accept force the port to be authorized Authorize the sta...

Page 71: ...ore implementing further actions Security performs security actions without scanning the information of the connected device Apply Click to apply the configurations Help Shows help file Allow List By...

Page 72: ...regarding the rule you have set Monitor List You can create a monitor list to monitor IP traffic of individual ports automatically 5 10 Warning The switch supports several alerting methods including f...

Page 73: ...nd receiver will not be aware of it if the packet is lost due to network disconnection and no UDP packet will be resent Label Description Syslog Mode Disable disables SYSLOG Client Only logs in to a l...

Page 74: ...the alert Authentication Username the authentication username Password the authentication password Confirm Password re enter password Recipient E mail Address The recipient s e mail address A mail al...

Page 75: ...ing topology change Sends alerts when O Ring topology changes Port Event Sends alerts when the port meets a specified condition Available options include Disable disables alert function Link Up sends...

Page 76: ...Entries in a MAC address table fall into two types dynamic and static entries Entries in a static MAC table are added or removed manually and cannot age out by themselves Entries in a dynamic MAC tabl...

Page 77: ...ayed out it means another module is in control of the mode and thus the user cannot change the configurations An example of such a module is MAC Based authentication under 802 1X Label Description Por...

Page 78: ...t TX Bad Packet The number of bad packets sent by this port RX GOOD Packet The number of good packets received by this port RX Bad Packet The number of bad packets received by this port TX Abort Packe...

Page 79: ...cted before a new FCS is added to a modified frame If the original FCS is invalid the new FCS is made invalid too and this counter is incremented InUnicasts The number of good frames received that hav...

Page 80: ...sent from this MAC address OutUnicasts The number of frames sent with a Unicast destination MAC address Excessive The number frames dropped in the transmitted MAC address because the frame experiences...

Page 81: ...licable in half duplex only Port Monitoring The switch supports several types of port monitoring including TX egress only RX ingress only and both TX RX monitoring TX monitoring sends any data that eg...

Page 82: ...s the number of broadcast packets RX Multicast calculates the number of multicast packets RX Unicast calculates the number of unicast packets RX Non Unicast calculates the total number of multicast an...

Page 83: ...ntil responses to all packets are received or until a timeout occurs Label Description IP Address Enter the IP address that you want to detect Active Click to send ICMP packets 5 12 Save Configuration...

Page 84: ...is to force the switch back to the original factory settings You can decide to keep current IP address settings or username password by checking in the boxes 5 14 System Reboot You can reset the stack...

Page 85: ...telnet to manage the switch by CLI CLI Management by RS 232 Serial Console 9600 8 none 1 Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45...

Page 86: ...TES 3080 M12 BP2 User Manual ORing Industrial Networking Corp 85 Step 2 Input a name for the new connection Step 3 Select a COM port in the drop down list...

Page 87: ...p up window that indicates COM port properties appears including bits per second data bits parity stop bits and flow control Step 5 The console login screen will appear Use the keyboard to enter the U...

Page 88: ...55 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin Follow the steps below to access console via Telnet Step 1 Telnet to the IP address of the switch from the Run window by inpu...

Page 89: ...splay advance function status save configures Global configuration Enter the configure command while in privileged EXEC mode switch co nfig To exit to privileged EXEC mode enter exit or end Use this m...

Page 90: ...m name System Name G Configure system name switch config system name xxx system location System Location G Set switch system location string switch config system location xxx system description System...

Page 91: ...ss for IP pool switch config dhcpserver highip 192 168 1 50 dhcpserver subnetmask Subnet mask G Configure subnet mask for DHCP clients switch config dhcpserver subnetmask 255 255 255 0 dhcpserver gate...

Page 92: ...y function switch config no security no security http G Disable IP security of HTTP server switch config no security http no security telnet G Disable IP security of telnet server switch config no sec...

Page 93: ...e to accept all frame switch config interface fastEthernet 2 switch config if bandwidth type all bandwidth type broadcast multicast floo ded unicast I Set interface ingress limit frame type to accept...

Page 94: ...e Enable Disable I Use the state interface configuration command to specify the state mode of operation for Ethernet ports Use the disable form of this command to disable the port switch config interf...

Page 95: ...nk group with LACP active GroupID 1to3 Port list Member port list This parameter could be a port range ex 1 4 or a port list separate by a comma ex 2 3 6 Workport The amount of work ports this value c...

Page 96: ...ssign a access link for VLAN by port if the port belong to a trunk group this command can t be applied switch vlan vlan 802 1q port 3 access link untag 33 vlan 8021q port PortNumber trunk link tag Tag...

Page 97: ...ink untag 5 tag 6 8 show vlan VID or show vlan V Show VLAN information switch vlan show vlan 23 6 5 Commands Set List Spanning Tree command set TPS 3082GT BP1 Commands Level Description Example spanni...

Page 98: ...panning tree forward time global configuration command to set the forwarding time for the specified spanning tree instances The forwarding time determines how long each of the listening and learning s...

Page 99: ...p admin p2p Auto stp admin edge True False I Admin Edge of STP priority on this interface switch config interface fastEthernet 2 switch config if stp admin edge True stp admin non stp True False I Adm...

Page 100: ...n of QoS configuration switch show qos no qos G Disable QoS function switch config no qos 6 7 Commands Set List IGMP command set TPS 3082GT BP1 Commands Level Description Example igmp enable G Enable...

Page 101: ...Show filter MAC address table switch show mac address table filter no mac address table static hwaddr MAC I Remove an entry of MAC address table of interface static switch config interface fastEtherne...

Page 102: ...tion switch show snmp show snmp server P Show specified trap server information switch show snmp server no snmp community strings Community G Remove the specified community switch config no snmp commu...

Page 103: ...set TPS 3082GT BP1 Commands Level Description Example 8021x enable G Use the 802 1x global configuration command to enable 802 1x protocols switch config 8021x enable 8021x system radiousip IP address...

Page 104: ...nfig 8021x misc quietperiod 10 8021x misc txperiod sec G Use the 802 1x misc TX period global configuration command to set the TX period switch config 8021x misc txperiod 5 8021x misc supportimeout se...

Page 105: ...2 1x properties and also the port sates switch show 8021x no 8021x G Disable 802 1x function switch config no 8021x 6 12 Commands Set List TFTP command set TPS 3082GT BP1 Commands Level Description De...

Page 106: ...able G Enable SMTP function switch config smtp enable smtp serverip IP address G Configure SMTP server IP switch config smtp serverip 192 168 1 5 smtp authentication G Enable SMTP authentication switc...

Page 107: ...d start event type switch config no event device cold start no event authentication failure G Disable Authentication failure event typ switch config no event authentication failure no event O Ring top...

Page 108: ...on is inactive this command can t be applied switch config sntp daylight offset 3 sntp ip IP G Set SNTP server IP if SNTP function is inactive this command can t be applied switch config sntp ip 192 1...

Page 109: ...figure 1st 2nd Ring Port switch config ring ringport 7 8 Ring couplingport Coupling Port G Configure Coupling Port switch config ring couplingport 1 Ring controlport Control Port G Configure Control P...

Page 110: ...secure network traffic Supports Q in Q VLAN for performance security to expand the VLAN space Radius centralized password management SNMP v1 v2c v3 encrypted authentication and access security Softwar...

Page 111: ...r 95 Watts Overload Current Protection Present Reverse Polarity Protection Present Physical Characteristic Enclosure IP 30 Dimension W x D x H 125 W x 65 D x 196 H mm 4 92 W x 2 56 D x 7 72 H inch Wei...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands