Planet Networking & Communication LRP-1622CS User Manual Download Page 216

Page: 216 / 350

User’s Manual of LRP-822CS/LRP-1622CS

216

4.9.1.1 Understanding IEEE 802.1X Port-based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized

clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client

connected to a switch port before making available any services offered by the switch or the LAN.

Until the cl

.1X access control allow

over LAN (EAPOL)

traf

ent is connected. After authentic

l traffic can pass through the

port.

This section includes this conceptual information:



Device Roles



Authentication Initiation and Message Exchange



Ports in Authorized and Unauthorized States

network have specific roles as shown below.

ient is authenticated, 802

s only

Extensible Authentication Protocol

fic through the port to which the cli

ation is successful, norma



Device Role

With 802.1X port-based authentication, the devices in the

Figure 4-9-1



Client

—the device (workstation) that requests access to the LAN and switch services and responds to requests from

ant client software such as that offered in the Microsoft

.1X specification.)

the switch. The workstation must be running 802.1X-compli

Windows XP operating system. (The client is the

supplicant

in the IEEE 802

Summary of Contents for LRP-1622CS

Page 1: ......

Page 2: ...esigned to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmfu...

Page 3: ...Rear Panel 27 2 2 Installing the Switch 28 2 2 1 Desktop Installation 28 2 2 2 Rack Mounting 29 2 2 3 Installing the SFP transceiver 30 2 2 4 Installing the Long Reach PoE Communication 33 3 SWITCH MANAGEMENT 37 3 1 Requirements 37 3 2 Management Access Overview 38 3 3 Administration Console 39 3 4 Web Management 40 3 5 SNMP based Network Management 41 3 6 PLANET Smart Discovery Utility 41 4 WEB C...

Page 4: ... 4 2 7 3 SNMP View 69 4 2 7 4 SNMP Access Group 71 4 2 7 5 SNMP Community 72 4 2 7 6 SNMP User 74 4 2 7 7 SNMPv1 2 Notification Recipients 75 4 2 7 9 SNMPv3 Notification Recipients 77 4 2 7 10 SNMP Engine ID 78 4 2 7 11 SNMP Remote Engine ID 79 4 3 Port Management 80 4 3 1 Port Configuration 80 4 3 2 LRP Port Configuration 82 4 3 3 Port Counters 84 4 3 4 Bandwidth Utilization 89 4 3 5 Port Mirrori...

Page 5: ...5 9 Protocol VLAN Port Setting 127 4 5 10 GVRP Setting 129 4 5 11 GVRP Port Setting 131 4 5 12 GVRP VLAN 133 4 5 13 GVRP Statistics 133 4 5 14 VLAN Setting Example 135 4 5 14 1 Two Separate 802 1Q VLANs 135 4 5 14 2 VLAN Trunking between Two 802 1Q Aware Switches 138 4 6 Spanning Tree Protocol 141 4 6 1 Theory 141 4 6 2 STP Global Settings 147 4 6 3 STP Port Setting 149 4 6 4 CIST Instance Setting...

Page 6: ...7 7 Multicast Filter 188 4 7 7 1 Multicast Profile Setting 189 4 7 7 2 IGMP Filter Setting 190 4 7 7 3 MLD Filter Setting 191 4 8 Quality of Service 193 4 8 1 Understand QoS 193 4 8 2 General 194 4 8 2 1 QoS Properties 194 4 8 2 2 QoS Port Settings 195 4 8 2 3 Queue Settings 196 4 8 2 4 CoS Mapping 197 4 8 2 5 DSCP Mapping 199 4 8 2 6 IP Precedence Mapping 201 4 8 3 QoS Basic Mode 202 4 8 3 1 Glob...

Page 7: ...4 9 5 2 SSH 235 4 9 5 3 HTTP 237 4 9 5 4 HTTPs 239 4 9 6 Management Access Method 240 4 9 6 1 Profile Rules 240 4 9 6 2 Access Rules 241 4 9 7 DHCP Snooping 243 4 9 7 1 DHCP Snooping Overview 243 4 9 7 2 Global Setting 244 4 9 7 3 VLAN Setting 245 4 9 7 4 Port Setting 247 4 9 7 5 Statistics 248 4 9 7 6 Database Agent 249 4 9 7 7 Rate Limit 251 4 9 7 8 Option 82 Global Setting 253 4 9 7 9 Option 82...

Page 8: ...ACL 287 4 10 6 IPv6 based ACE 287 4 10 7 ACL Binding 293 4 11 MAC Address Table 294 4 11 1 Static MAC Setting 294 4 11 2 MAC Filtering 295 4 11 3 Dynamic Address Setting 296 4 11 4 Dynamically Learned 297 4 12 LLDP 299 4 12 1 Link Layer Discovery Protocol 299 4 12 2 LLDP Global Setting 299 4 12 3 LLDP Port Setting 302 4 12 4 LLDP Local Device 305 4 12 5 LLDP Remote Device 306 4 12 6 MED Network Po...

Page 9: ...n 332 4 15 3 Power over Ethernet Configuration 332 4 15 4 PoE Schedule 335 4 15 5 PoE Alive Check Configuration 338 4 16 Maintenance 340 4 16 1 Factory Default 340 4 16 2 Reboot Switch 341 4 16 3 Backup Manager 341 4 16 4 Upgrade Manager 342 4 16 5 Dual Image 343 5 SWITCH OPERATION 344 5 1 Address Table 344 5 2 Learning 344 5 3 Forwarding Filtering 344 5 4 Store and Forward 344 5 5 Auto Negotiatio...

Page 10: ...0T 2 port 100 1000X SFP Long Reach PoE over Coaxial Managed Switch LRP Managed Switch is used as an alternative name in this user s manual 1 1 Packet Contents Open the box of the LRP Managed Switch and carefully unpack it The box should contain the following items The LRP Managed Switch x 1 Quick Installation Guide x 1 Rubber Feet x 4 Power Cord x 1 RS232 to RJ45 Console Cable x 1 SFP Dust Cap x 2...

Page 11: ...Long Reach PoE Injector function 2 Gigabit copper ports and 2 extra 100 1000BASE X SFP fiber slots As an advanced PoE switch the PLANET LRP Managed Switch features intelligent PoE functions to improve the availability of critical applications It provides a quick safe and cost effective PoE network solution to upgrading the existing coaxial cable infrastructure from the analog system to the HD IP s...

Page 12: ...rea network with BNC T connector for sharing four nodes per port when needed Built in Unique PoE Functions for Powered Devices Management As a managed PoE switch for surveillance wireless and VoIP networks the PLANET LRP Managed Switch particularly features the following special PoE Management functions to accomplish a highly efficient Long Reach network PD Alive Check Scheduled Power Recycling Po...

Page 13: ...elps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMBs or enterprises save power and money It also increases security by powering off PDs that should not be in use during non business hours PoE Usage Monitoring Via the power usage chart in the web management interface PLANET LRP Managed Switch enables the adminis...

Page 14: ...bps fat pipe and supports fail over as well Also the Link Layer Discovery Protocol LLDP is the Layer 2 Protocol included to help discover basic information about neighboring devices on the local broadcast domain Efficient Traffic Control PLANET LRP Managed Switch is loaded with robust QoS features and powerful traffic management to enhance services to business class data voice and video solutions ...

Page 15: ...by supporting SSH SSL and SNMP v3 connections which encrypt the packet content at each session Flexibility and Long distance Extension Solution PLANET LRP Managed Switch provides two Gigabit TP interfaces supporting 10 100 1000BASE T RJ45 copper to be connected with surveillance network devices such as NVR Video Streaming Server or NAS to facilitate surveillance management Or through another two d...

Page 16: ...he chapter explains how to troubleshoot the LRP Managed Switch Appendix A The section contains cable information of the LRP Managed Switch 1 4 Product Features Physical Port 100Mbps BNC female ports with Long Reach PoE Injector function 2 10 100 1000BASE T Gigabit RJ45 copper ports 2 100 1000BASE X mini GBIC SFP slots RJ45 console interface for switch basic management and setup Long Reach Power ov...

Page 17: ...l MSTP Multiple Spanning Tree Protocol STP BPDU Guard BPDU Filtering and BPDU Forwarding Supports Link Aggregation IEEE 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel static trunk Maximum 4 trunk groups up to 4 ports per trunk group Provides port mirror many to 1 Loop protection to avoid broadcast loops Quality of Service Ingress Egress rate limit per port bandwidth control Sto...

Page 18: ...nagement IPv4 and IPv6 dual stack management Switch management interface Web switch management Telnet command line interface SNMP v1 v2c and v3 SSH SSL secure access User privilege levels control Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment System maintenance Firmware upload download via HTTP TFTP Configuration upload download through Web interface D...

Page 19: ...s max Per port 52V DC 36 watts max Total Power Budget 240 watts max 440 watts max Cabling Coaxial cable 75 ohm RG 6 U cable Recommended Maximum Distance Max 200m with PoE output 1 640ft Max 400m with PoE output 2 624ft Max 1000m with PoE output 3 280ft Max 1200m with data output only 3 937ft Long Reach Ethernet Standard IEEE 1901 Modulation Type Wavelet OFDM Security 128 bit AES encryption Frequen...

Page 20: ...ry on the quality of the copper wire and environmental factors LRP Compatibility LRP 101CE 1 Port 10 100TX PoE PSE 1 Port Coax Long Reach PoE Extender Console 1 x RS232 to RJ45 serial port 115200 8 N 1 Switch Architecture Store and Forward Switch Fabric 9 6Gbps non blocking 11 2Gbps non blocking Address Table 8K entries Shared Data Buffer 4 1 megabits Flow Control IEEE 802 3x pause frame for full ...

Page 21: ...y 802 1Q VLAN tag DSCP field in IP packet Traffic classification based strict priority and WRR Security IEEE 802 1X Port based authentication Built in RADIUS client to co operate with RADIUS server RADIUS TACACS user access authentication IP MAC port binding MAC filter Static MAC address DHCP Snooping and DHCP Option 82 STP BPDU guard BPDU filtering and BPDU forwarding DoS attack prevention ARP in...

Page 22: ...t trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of Service IEEE 802 1Q VLAN tagging IEEE 802 1X Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 RFC 271...

Page 23: ...erface monitoring of the LRP Managed Switch Figures 2 1 1A and 2 1 1B show the front panels of the LRP Managed Switches Front Panel Figure 2 1 1A LRP 822CS Front Panel Front Panel Figure 2 1 1B LRP 1622CS Front Panel Long Reach PoE BNC Interface BNC female port 5C2V RG6 75Ω coaxial cable Up to 1 kilometer Gigabit TP Interface 10 100 1000BASE T Copper RJ45 Twisted pair Up to 100 meters 100 1000BASE...

Page 24: ...minal ProComm Plus Telix Winterm and so on to enter the startup screen of the device Reset Button On the left of the front panel the reset button is designed to reboot the LRP Managed Switch without turning off and on the power The following is the summary table of the Reset button functions Reset Button Pressed and Released Function 5 sec System Reboot Reboot the LRP Managed Switch 5 sec Factory ...

Page 25: ...Fan 2 is down FAN 3 Red Lights to indicate that Fan 3 is down PWR Red Lights to indicate that the PoE Power is down Long Reach PoE Interfaces Port 1 to Port 8 LED Color Function LNK Green Lights To indicate the link through that port is successfully established PoE Orange Lights To indicate the port is providing DC in line power 10 100 1000BASE T Interfaces GE1 to GE2 LED Color Function Lights To ...

Page 26: ...e Switch has power SYS Green Lights to indicate the system is working Off to indicate the system is booting FAN 1 Red Lights to indicate that Fan 1 is down FAN 2 Red Lights to indicate that Fan 2 is down FAN 3 Red Lights to indicate that Fan 3 is down PWR Red Lights to indicate that the PoE Power is down Long Reach PoE Interfaces Port 1 to Port 16 LED Color Function LNK Green Lights To indicate th...

Page 27: ...re 2 1 3 shows the rear panel of these LRP Managed Switches Rear Panel Figure 2 1 3 Rear Panel of LRP 822CS LRP 1622CS AC Power Receptacle For compatibility with electric service in most areas of the world the LRP Managed Switch s power supply automatically adjusts to line power in the range of 100 240V AC at 50 60 Hz Plug the female end of the power cord firmly into the receptacle on the rear pan...

Page 28: ...elf near an AC power source as shown in Figure 2 1 4 Figure 2 1 4 Place the LRP Managed Switch on the desktop Step 3 Keep enough ventilation space between the LRP Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 under specifications Step 4 Connect the LRP Managed Switch to network devices Connect...

Page 29: ... positioned towards the front side Step 2 Attach the rack mount bracket to each side of the LRP Managed Switch with supplied screws attached to the package Figure 2 1 5 shows how to attach brackets to one side of the LRP Managed Switch Figure 2 1 5 Attach Brackets to the LRP Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect scr...

Page 30: ... how to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the LRP Managed Switch as Figure 2 1 7 shows Figure 2 1 7 Plug in the SFP transceiver Approved PLANET SFP Transceivers PLANET LRP Managed Switch supports both single mode and multi mode SFP transceivers...

Page 31: ...ASE BX Transceiver WDM TX 1310nm 20km MFB FB20 SFP Port 100BASE BX Transceiver WDM TX 1550nm 20km It is recommended to use PLANET SFP on the LRP Managed Switch If you insert an SFP transceiver that is not supported the LRP Managed Switch will not recognize it In the installation steps below this Manual uses Gigabit SFP transceiver as an example However the steps for Fast Ethernet SFP transceiver a...

Page 32: ...h some fiber NICs or media converters user has to set the port Link mode to 1000 Force or 100 Force Remove the Transceiver Module 1 Make sure there is no network activity anymore 2 Remove the fiber optic cable gently 3 Lift up the lever of the MGB module and turn it to a horizontal position 4 Pull out the module gently through the lever Figure 2 1 8 How to Pull Out the SFP Transceiver Never pull o...

Page 33: ...Ethernet coaxial extender transceiver are with the same media type 2 Check whether the coaxial cable type matches with the Long Reach Ethernet coaxial extender transceiver requirement To connect to LRP Managed Switch please use the coaxial cable with 75Ω BNC plug with one side being the BNC plug connector type To connect to Long Reach Ethernet coaxial extenders please use the coaxial cable with on...

Page 34: ... coaxial cable from LRP Managed Switch 4 Enable Long Reach Power over Ethernet function for the all LRP ports from WebUI Check the LNK LED of the Long Reach Power over Ethernet interface on the front of the LRP Managed Switch Ensure 5 that the Long Reach Power over Ethernet interface is operating correctly 34 ...

Page 35: ...or the all LRP ports from WebUI 1 Make sure there is no network activity anymore 2 Disable Long Reach Power over Ethernet function Loosen the BNC male connector gently 3 4 Pull out the coaxial cable gently Figure 2 1 8 How to pull out the coaxial cable from LRP Managed Switch 35 ...

Page 36: ...emale connector of the LRP Managed Switch 1 The package contains eight warning stickers which should be stuck on the coaxial cable connector before using PLANET LRP Managed Switch and LRP extender If connected with non PLANET LRP series extender equipment it might cause damage to the equipment 2 After city Do not touch the pin center or connect this end to any non PLANET LRP equipment the LRP PoE ...

Page 37: ...gement Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations running Windows 2000 XP 2003 Vista 7 8 2008 MAC OS9 or later Linux UNIX or other platforms are compatible with TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect Terminal The above PC with COM Port DB9 RS232 or USB to RS232 converter Ethernet Port conn...

Page 38: ... 2000 ME XP operating Secure Must be near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Text based Telnet functionality and built into Windows 95 98 N systems Web Browser Ideal fo Comp r configuring the switch remotely atible with all popular browsers Security can be compromised hackers need only know the IP address and sub...

Page 39: ...minal or a PC equipped with a terminal emu HyperTerminal to the LRP Managed Switch console serial port When using this mana connection configur The default p ole Management s o the administration co lation program such as gement method a straight RS232 to RJ45 cable is required to connect the switch to the PC After making this wing parameters e the terminal emulation program to use the follo arame...

Page 40: ...interface applications directly in your Web browser by entering the IP address of the LRP Managed Switch regardless of the interface through which the as terminal emulation program for connecting to th emulator such as TIP 3 4 Web Management The LR Figure 3 1 3 Web Management You can then use your Web browser to list and manage the LRP Managed Switch configuration parameters from one central locat...

Page 41: ...nagement Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default gets and sets community strings for the LRP Managed Switch are public Figure 3 1 5 SNMP management 6 PLANET Smart Discovery Utility al lanet Smart Discovery Utility 1 Deposit the Planet Smart Discovery Utility in administrator PC...

Page 42: ... ngle device Update Multi use the current setting on multi devices Update All use the current setting on whole devices in the list The same functions mentioned above also can be found in Option tools bar 3 To click the Control Packet Force Broadcast function it allows you to assign a new setting value to the Web Smart Switch under a different IP subnet address 4 Press the Connect to Device button ...

Page 43: ...pplets to use network ports The LRP Managed Switch can be configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address as the LRP Managed Switch or example the default IP address of the LRP Managed Switch is 192 168 0 100 then the manager PC should be set at If you have changed the default IP address of the LRP Managed Switch to 192 168 1 1 with su...

Page 44: ...rd admin or the n the main screen of LRP Managed Switch The login screen username password you have changed via console to logi in Figure 4 1 2 appears Figure 4 1 2 Login screen Default User Name admin Default Password admin After entering the username and password the main screen appears as Figure 4 1 3 Figure 4 1 3 Default Main Page ...

Page 45: ...the commands and statistics the LRP Managed Switch provides It is recommended to use Internet Explore 8 0 or above to access LRP Managed Switch The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface For security reason please change and memorize the new password after this first setup Only accept command in l...

Page 46: ...ys an image of the LRP Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link LRP Ports RJ45 Ports SFP Ports Main Menu Using the onboard Web agent you can define system parameters manage and control the ...

Page 47: ... or reset to default Click to logout the LRP Managed Switch Click to reboot the LRP Managed Switch Click to refresh the page 4 1 1 Save Button This save button allows save startup backu configuration o eset switch in default parameter The screen in igure 4 1 6 appears the running p r r F Figure 4 1 6 Save Button Screenshot ...

Page 48: ...g can be saved from the RAM to FLASH by Source File Running Configuration to Destination File Startup Configuration so that the running configuration sequence becomes the startup uration file which is called configuration save To prevent illicit file upload and easier configuration switch mandates the name of running configuration file to be running config running configuratio saving config Startu...

Page 49: ...The startup configuration file will be loaded automatically across a system reboot 1 Click Save Save Configurations to FLASH to login the Configuration Manager page n 4 1 2 1 Saving Configuration In the LRP Managed Switch the running c sequence of running config can be saved fro running configuration sequence becomes the startup configuration file which is called confi 2 Select Source File Running...

Page 50: ...anaged IPv6 information on this page User Configuration Configure new user name and password on this page Time Settings Configure SNTP on this page Log Management The switch log information is provided here SNMP Management Configure SNMP on this page lps a switch administrator to identify the hardware MAC address software version and system uptime The screens in Figure 4 2 1 Figure 4 2 2 appear to...

Page 51: ...der Date The loader date of this LRP Managed Switch The firmware version of this LRP Managed Switch Firmware Version Firmware Date The firmware date of this LRP Managed Switch System Object ID The system object ID of the LRP Managed Switch System Up Time The period of time the device has been operational PCN HW Version The hardware version of this LRP Managed Switch Buttons Click to edit parameter...

Page 52: ...ero DHCP configured IP address is non zero DHCP w settings will be used The DHCP client w System Name as hostname to provide DNS look IP Address Provide the IP address of this switch in dotted decimal notation Subnet Mask Provide the subnet mask of this switch in dotted decimal notation Gateway Provide the IP address of the router in dotted decimal notation DNS Server 1 2 Provide the IP address of...

Page 53: ...er auto co IPv6 Address Provide the IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses th...

Page 54: ... Description Display the current auto configuration state Auto Configuration IPv6 In Use Address Display the current IPv6 in use address IPv6 In Use Router Display the current in use gateway Display the current IPv6 static address IPv6 Static Address Display the current IPv6 static gateway IPv6 Static Router DHCPv6 Client atus Display the current DHCPv6 client st ...

Page 55: ...ure 4 2 7 appear Configuration T Figure 4 2 6 Local User Information Page Screenshot The page includes the following fields Object Description Username The name identifying the user Maximum length 32 characters Maximum number of users 8 Password Type type for the user The password Password Enter the user s new password here Range 0 32 characters plain text case sensitive Retype Password Please ent...

Page 56: ...Settings 4 2 5 1 System Time age SNTP is an acronym for Simple Netwo ol for synchronizing the clocks of computer systems You can specify SNTP Servers and set nfiguration screens in Figure 4 2 8 Figure 4 2 9 4 Configure SNTP on this p rk Time Protocol a network protoc GMT Time zone The SNTP Co appear Figure 4 2 8 SNTP Setup Page Screenshot The page includes the following fields Object Description E...

Page 57: ...epeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Daylight Saving Time Offset Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Recurring From Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour...

Page 58: ...n Display the current data time Current Data Time Display the current SNTP state SNTP Time Zone Display the current time zone Daylight Saving Time Display the current daylight saving time state Daylight Saving T me Offset fset state i Display the current daylight saving time of From Display the current daylight saving time from To Display the current daylight saving time to ...

Page 59: ... following fields Object Description SNTP Server Address Type the IP address or domain name of the SNTP server Server Port Type the port number of the SNTP Buttons Click to apply changes Figur creenshot he page includes the following fields e 4 2 11 SNTP Server Information Page S T Object Description SNTP Server Address Display the current SNTP server address Server Port Display the current SNTP s...

Page 60: ...e Normal but significant condition such as cold start 4 Warning Warning conditions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Alert Im eded mediate action ne 0 Emergency System unusable 4 2 6 1 Local Log he switch system local log information is provided he...

Page 61: ... following target types are supported Buffered Target the buffer of the local log File Target the file of the local log Severity f the local log entry The following severity types are supported The severity o emerg Emergency level of the system unstable for local log alert Alert level of the immediate action needed for local log crit Critical level of the critical conditions for local log error Er...

Page 62: ... al Log Setting Status Page Screenshot The page includes the following fields re 4 2 15 Loc Object Description Display the current local log state Status Target Display the current local log target Severity Display the current local log severity Action Delete the current status ...

Page 63: ...he Remote Syslog screens in Figure 4 2 16 Figure 4 2 17 appear Figure 4 2 16 Remote Log Target Page Screenshot The page includes the following fields Object Description Server Address Provide the remote syslog IP address of this switch Server Port Provide the port number of remote syslog server Default Port no 514 Severity The severity of the local log entry The following severity types are suppor...

Page 64: ...log Local0 7 local user 0 7 Facility Buttons Click to apply changes Figure 4 2 17 Remote Log Setting Status Page Screenshot The page includes the following fields Object Description Status Display the current remote syslog state Server Info Display the current remote syslog server information Severity Display the current remote syslog severity Facility Display the current remote syslog facility Ac...

Page 65: ...s for log view warning Warning level of the warning conditions for log view notice Notice level of the normal but significant conditions for log view info Informational level of the informational messages for log view debug Debug level of the debugging messages for log view Category The category of the log view includes t1X GVRP IGMP_SNOOPING IPSG L2 LLDP Mirror MLD_SNOOPING Platform PM Port PORT_...

Page 66: ...e 4 2 20 Logging Messages Page Screenshot ds Object Description This is the number for logs No Display the time of log Timestamp Display the category type Category Severity Display the severity type Message Display the log message Buttons Click to clear the log Click to refresh the log ...

Page 67: ...IB modules Networ A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol NMP Operations SNMP itself is a simple request response protocol NMSs can send multiple requests without receiving a response Get Allows the NMS to retrieve an object instance from the agent Set Allows the NMS to set values ...

Page 68: ...21 SNMP Global Setting Page Screenshot The page includes the following fields Object Description Status Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Buttons Click to apply changes Figure 4 2 22 SNMP Information Page Screenshot The page includes the following fields Object Description SNMP Display the current SNMP statu...

Page 69: ...e subtree to add to the named view The allowed string content is digital number or asterisk Subtree OID Mask The bitmask identifies which positions in the specified object identifier are to be regarded as wildcards for the purpose of pattern matching View Type Indicates the view type that this entry should belong to Possible view type are included An optional flag to indicate that this view subtre...

Page 70: ...creenshot The page includes the following fields Object Description View Name Display the current SNMP view name Display the current SNMP subtree OID Subtree OID OID Mask rrent SNMP OID mask Display the cu View Type Display the current SNMP view type Action Delete the view table entry ...

Page 71: ...rved for SNMPv1 v2c Reserved for SNMPv2c V3 Reserved for SNMPv3 or User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are Noauth None authentication and none privacy security levels are assigned to the group auth Authentication and none privacy priv Authentication and privacy Note The Security Level applies to SNNPv3 ...

Page 72: ...me Security Model Display the current security model Security Level Display the current security level Read View Name Display the current read view name Display the current write view name Write View Name Display the current notify view name Notify View Name Action Delete the access group entry 4 2 7 5 SNMP Community n this pa Configure SNMP Community o ge The SNMP Community screens in Figure 4 2 ...

Page 73: ...ying the group name that this entry shou View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 16 Access Right community type operation Possible types are Indicates the SNMP RO Read Only Set access string type in read only mode RW Read Write Set access string type in read write mode Buttons Click to apply changes Figure 4 2 28 Community Sta...

Page 74: ...to Possible security models are NoAuth None authentication and none privacy Auth Authentication and none privacy Priv Authentication and privacy The value of security level cannot be modified if entry already exists That means you must first ensure that the value is set correctly Authentication Protocol Indicates the authentication protocol that this entry should belong to Possible authentication ...

Page 75: ...bject Description User Name Display the current user name Group urrent group Display the c Display the current privilege mode Privilege Mode Authentication Protocol Display the current authentication protocol Display the current encryption protocol Encryption Protocol Display the current access right Access Right Action Delete the user entry 4 2 7 7 SNMPv1 2 Notifica Configure SNMPv1 and 2 notific...

Page 76: ...ket UDP Port Indicates the SNMP trap destination port SNMP Agent will send SNMP message via this port the port range is 1 65535 Indicates the SNMP trap inform timeout The allowed range is 1 to 300 Time Out Indicates the SNMP trap inform retry times The allowed range is 1 to 255 Retries Buttons Click to add a new SNMPv1 2 host entry Figu creenshot he following fields re 4 2 32 SNMPv1 2 Host Status ...

Page 77: ...ation address It allows a valid IP address in Notify Type Set the notify type in traps or informs er string when send SNMP trap packet User Name Indicates the us UDP Port Indicates the SNMP trap destination port SNMP Agent will send SNMP message via this port the port range is 1 65535 Indicates the SNMP trap inform timeout The allowed range is 1 to 300 Time Out Indicates the SNMP trap inform retry...

Page 78: ...pting packets sent to a user on the remote host The SNMPv3 Engine ID Setting screens i 4 2 35 Figure 4 2 3 D security digest for authenticating and encr n Figure 6 appear Figur nshot following fields e 4 2 35 SNMPv3 Engine ID Setting Page Scree The page includes the Object Description Engine ID An octet string identifying the engine ID that this entry should belong to The string must contain an ev...

Page 79: ...Figure Configure SNMPv3 remote Engine ID on t 4 2 38 appear Figure 4 2 37 SNMPv3 Remote Engine ID Setting Page Screenshot The page includes the following fields Object Description Remote IP Address Indicates the SNMP remote engine ID address It allows a valid IP address in dotted decimal notation x y z w Engine ID y should belong to An octet string identifying the engine ID that this entr Buttons ...

Page 80: ...width Utilization Displays current bandwidth utilization Port Mirroring Sets the source and target ports for mirroring Jumbo Frame Sets the jumbo frame on the switch Port Error Disable Configuration Port Error Disabled Status Disables port error status Configures protected ports settings EEE Configures EEE settings Module Information SFP module information uration his page displays current port co...

Page 81: ... Force mode 1000M Setup 1000M Force mode Select any available link duplex for the given switch port Draw the menu bar to selec Duplex t the mode otiation Auto Setup Auto neg Full Force sets Full Duplex mode ex mode Half Force sets Half Dupl Flow Control When section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is u...

Page 82: ...d status of th Duplex rt Display the current duplex status of the po Flow Control Configura n of the port tion Display the current flow control configuratio Flow Control Status Display the current flow control status of the port 4 3 2 LRP Port Configuratio This page displays current LRP port configurations and status Ports can also be configured here The table has one row for each port on the sele...

Page 83: ...ssible state are Enabled Start up the port manually Disabled Shut down the port manually Buttons Click to apply changes Figure 4 3 2B Port Status Page Screenshot The page includes the following fields Object Description Port This is the logical port number for this row Description Click to indicate the port name Enable State Display the current port state Link Status Display the current link statu...

Page 84: ... Figure 4 3 3 5 Figure 4 3 e provide ic and trunk st Figure 4 3 4 Figure 4 3 6 appear Figure 4 3 3 Port MIB Counters Page Screenshot The page includes the following fields Object Description Port Select port number from this drop down list Mode Select port counters mode Option All Interface Ether link RMON Figure 4 3 4 Interface Counters Page Screenshot ...

Page 85: ...nknown kets protocols requested is transmitted ss including those that were discarded or not sent Unicast Pac The total number of packets that higher level to a subnetwork unicast addre Transmit Discarded Packets ber of inbound packets which is chosen to be discarded even though no etected to prevent from being delivered to a higher layer ason for discarding such a packet could be to free up The n...

Page 86: ...more than one collision Deferred Transmissions A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy Late Collision The number of times that a collision is detected later than 512 bit times into the transmission of a packet Excessive Collision A count of frames for which transmission on a particular interface fails due to excess...

Page 87: ... The total number of good frames received that were directed to the broadcast address Note that this does n Multicast Packets The total number of good frames received that were directed to this multicast address CRC Alignment errors FCS or alignment errors Errors The number of CRC alignment Undersize Packets mes received that were less than 64 octets long ere otherwise well The total number of fra...

Page 88: ...FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet segment 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames The total number of...

Page 89: ...the percentag utilization statistics ca g a line graph The Bandwidth Utilization screen in Figure 4 3 7 appears Port Management folder and then the Bandwidth Utilization link Figure 4 3 7 Port Bandwidth Utilization Page Screenshot The page includes the following fields Object Description Refresh Period This shows the period interval between last and next refresh Options 2 sec 5 sec 10 sec IFG Allo...

Page 90: ...erify connection integrity 4 3 5 Port Mirroring Configure port Mirroring on this page This function provides monitoring of network traffic that forwards a copy of each incoming or outgoing packet from one port of a network switch to another port where the packet can be studied It enables t Figure 4 3 8 Port Mirror Application The traffic to be copied to the mirror port is selected as follows All f...

Page 91: ...ation Port Select the port to mirror destination port Allow ingress Frames from ports that have either source RX or destination TX mirroring enabled are mirrored to this port Sniffer TX Ports Frames transmitted from these ports are mirrored to the mirroring port Frames received are not mirrored Sniffer RX Ports Frames received at these ports are mirrored to the mirroring port Frames transmitted ar...

Page 92: ...elect the maximum frame size allowed for the switch port The Jumbo Frame screens in Figure 4 3 11 T Figure 4 3 12 appear F ds igure 4 3 11 Jumbo Frame Setting Page Screenshot The page includes the following fiel Object Description Jumbo Frame Bytes wed range is 64 bytes to 9216 bytes Enter the maximum frame size allowed for the switch port including FCS The allo Buttons Click to apply changes Figu...

Page 93: ... action shuts down the port BPDU Guard Enable or disable the port error disabled function to check status by BPDU guard Self Loop Enable or disable the port error disabled function to check status by self loop Broadcast Flood status by broadcast Enable or disable the port error disabled function to check flood Unknown Multicast Enable or disable the port error disabled function to check status by ...

Page 94: ...Object Description Recovery Interval Display the current recovery interval time BPDU Guard Display the current BPDU guard status Self Loop Display the current self loop status Broadcast Flood Display the current broadcast flood status Unknown Multicast Flood Display the current unknown multicast flood status Unicast Flood ay the current unicast flood status Displ ACL Display the current ACL status...

Page 95: ...r disabled reason of the port Time Left Seconds Display the time left 4 3 9 Protected Ports Overview When a switch port is configured to be a member of protected group also called Private VLAN communication between protected ports within that group c his section Customers connected to an ISP can be members of the protected group but they are not allowed to communicate with Servers in a farm of web...

Page 96: ...The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN table This reduces the ports to which forwarding can be done to just the promiscuous ports wit...

Page 97: ...romiscuous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Unprotected A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting Buttons Click to apply changes Figure 4 3 17 Port Isolation Status Page Screenshot The page includes the following fields Object Description Pr...

Page 98: ...tion mode where the port is negotiated to either 1G or 100 Mbit full duplex mode For ports that are not EEE capa onding EEE checkboxes are grayed out and thus impossible to enable settings relate to eader down for saving power outgoing traffic is stored in a buffer until the port is powered up again Because there are some overhead in turnin l a large burst of traffic can be transmitted Buffering t...

Page 99: ...re is also known as digital optical monitoring DOM You can check the physical or operational status of an SFP module via the SFP Module Information Page This Page shows the operational status such as the transceiver type speed wavelength optical output power optical input power tem oltage in real time You can also use e hyperlink of port no to check the statistics on a specific interface 4 3 11 od...

Page 100: ...llowing fields Object Description Port Select port number from this drop down list e Screenshot The page includes the following fields Figure 4 3 21 Fiber Port Status Pag Object Description OE Present Display the current SFP OE present LOS Display the current SFP LOS ...

Page 101: ...t Description Port The logical port for the settings contained in the same row Temperature Display the current SFP temperature Voltage Display the current SFP voltage Current Display the current SFP current Output Power Display the current SFP output power Input Power Display the current SFP input power Transmit Fault Display the current SFP transmit fault Loss of Signal Display the current SFP lo...

Page 102: ...lly Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links ggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes negotiation speed suplex setting etc The devi rts the following Aggr LAGs Port Trunk regation Control AG negotiate Aggregated Port links with other LACP ted on a diffe...

Page 103: ...nect all link aggregation port cables or disable the link aggregation ports before removing a port link aggregation to avoid creating a data loop It allows a maximum of 8 ports to be aggregated at the same time The LRP Managed Switch supports Gigabit Ethernet ports up to 8 groups If the group is defined as an LACP static link aggregation group then any extra ports selected are placed in a standby ...

Page 104: ...e following fields Object Description Load Balance Select load balance algorithm mode Algorithm MAC Address The MAC address can be used to calculate the port for the frame IP MAC Address The IP and MAC address can be used to calculate the port for the frame Buttons Click to apply changes Figure 4 4 3 LAG Information Page Screenshot he page includes the following fields T Object Description Load Ba...

Page 105: ...pe Indicates the Static Force aggregated selected ports to be a trunk group LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them Port Select port number from this drop down list to establish Link Aggregation s Figure 4 4 5 LAG Management Information Page Screenshot Th...

Page 106: ... Enabled Start up the LAG manually Disabled Shut down the LAG manually Speed Select any available link speed for the given switch port Draw the menu bar to select the mode Auto Set up Auto negotiation Auto 10M Set up 10M Auto negotiation Auto 100M Set up 100M Auto negotiation Auto 1000M Set up 1000M Auto negotiation Auto 10 100M Set up 10 100M Auto negotiation 10M Set up 10M Force mode 100M Set up...

Page 107: ...4 4 7 LAG Port Status Page Screenshot The page includes the following fields Object Description LAG The LAG for the settings contained in the same row Description rrent description Display the cu Port Type Display the current port type Enable State Display the current enable state Speed Display the current speed Duplex Display the current duplex mode Flow Control Config Display the current flow co...

Page 108: ...ge includes the following fields Object Description System Priority A value which is used to identify the active LACP The LRP Managed Switch with the lowest value has the highest priority and is selected as the active LACP peer of the trunk group Buttons Click to apply changes F enshot he page includes the following fields igure 4 4 9 LACP Information Page Scre T Object Description Syst Priority D...

Page 109: ...et LACP port setting Priority The Priority controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role ower number means greater priority L Timeout The Timeout controls the period between BPDU transmissions Short will transmit LACP packets eac...

Page 110: ...e displays LAG status The LAG Status screens in Figure 4 4 12 Figure 4 4 13 appear T Figure 4 4 12 LAG Status Page Screenshot he page includes the following fields T Object Description LAG lay the current trunk entry Disp Name Display the current LAG name Type Display the current trunk type Link State Display the current link state Active Member Display the current active member Standby Member Dis...

Page 111: ...eive state machine status of the port INIT means the port is in initialize state PORTds means port disabled state EXPR means expired state DFLT means defaulted state CRRNT means current state LACPds means LACP disabled state PrdTx LACP periodic transmission state machine status of the port RD means the port is in no periodic state eriodic state riodic state ic TX state no P FstPRD means fast p Slw...

Page 112: ...ual of LRP 822CS LRP 1622CS 112 The contents could be true or false If the contents are false the web will show _ if the contents are true the Web shows A T G S C D F and E ent respectively Expired for each cont ...

Page 113: ...each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated is a network topology configur la L p V 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership pack...

Page 114: ...ces to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP ad...

Page 115: ...ated by a value of 0x8100 in the Ether Type field When a packet s Ether Type field is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet d is he VID is 12 bits long 4094 unique V...

Page 116: ...The factory lt setting ns all ports on the Switch to w VLAN are configured in Port based mode their respective member ports are removed from the default Packets that are tagged are c device to another with the VLAN information intact This allows 802 1Q VLAN to span ne network if all network devices are 802 1Q compliant Every physical port on a sw defined on the switch all ports are then assigned t...

Page 117: ... that does not supp ng ort VLAN taggi VLAN Classification e f the frame connect Untagged VLANs e user When the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns th frame to an associated VLAN based on the default VLAN ID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast dom...

Page 118: ...LAN ID Buttons Click to apply changes Figure 4 5 2 Management VLAN State Page Screenshot The page includes the following fields Object Description Management VLAN Display the current management VLAN 4 5 4 Create VLAN Create delete VLAN on this page The screens in Figure 4 5 3 Figure 4 5 4 appear Figure 4 5 3 VLAN Setting Page Screenshot ...

Page 119: ...AN ID entry VLAN Name Display the current VLAN ID name Display the current VLAN ID type VLAN Type Modify Click to modify VLAN configuration 4 5 5 Interface Settings This page is used for configuring the LRP Managed Switch port VLAN The VLAN per Port Configuration Page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Configurati...

Page 120: ... Leave port is tagged Frame remains tagged Tag is inserted Leave port is untagged Tag is removed Frame remain untagged Table 4 5 1 Ingress Egress Port with VLAN VID Tag Untag Table IEEE 802 1Q Tunneling Q in is desig affic for multiple customers across their networks maintain cus nfigurations even when different customers use the same internal VLAN IDs This is accomplished by inserting Service Pro...

Page 121: ...isabled for the particular Interface Setting Status screens in Figure 4 5 5 Figure 4 5 6 appear traffic from numerous inde nt customer LANs etro Access Network sp ge is to recognize and use VLAN tags so that the VLANs in the MAN s add the MAN When leaving the MAN the tag is This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the ...

Page 122: ... the VLAN ID that the port belongs to VLAN group or the untagged traffic will be dropped The range for the PVID is 1 4094 parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded Options All Accepted Type Determines whether the port accepts all frames or only tagged frames This Tag Only Untag Only By default the field is se...

Page 123: ...Setting Pa Object Description Port number of the logical port The switch port Interface VLAN Mode LAN mode i D s la the current interface V p y PVID Display the current PVID Accepted Frame Type Display the current access frame type Ingress Filtering Display the current ingress filtering Display the current uplink mode Uplink TPID Display the current TPID ...

Page 124: ...rt Interface VLAN Mode e Display the current interface VLAN mod Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk Memb Forbidden Interface is forbidden from automatically joining the VLAN via GVRP Excluded Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Tagged Interface is a member ...

Page 125: ...n overview of membership status for VLAN users The VLAN Membership Status screen in Figure 4 5 8 appears Figure 4 5 8 enshot owing fields Port VLAN Membership Table Page Scre The page includes the foll Object Description Port The switch po r of the logical port rt numbe Display the current VLAN mode Mode Administrative VLANs e cu Display th rrent administrative VLANs Operational VLANs Display the ...

Page 126: ...mbers at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the Protocol VLAN Configuration page 3 Then map the protocol for each interface to the appropriate VLAN using the Protocol VLAN Port Configuration page This page allows you to configure protocol based VLAN Group Setting The protocol based VLAN screens in Figure 4 5 9 Figure 4 5 10 appear The n...

Page 127: ...wing fields T Object Description Group ID Display the current group ID Frame Type Display the current frame type Protocol Value Display the current protocol value Delete Click to delete the group ID entry This page allows you to map an already configured Group Name to a VLAN port for the switch The Protocol VLAN Port Setting S n Figure 4 5 11 2 appear 4 5 9 Protocol VLAN Port Setting tate screens ...

Page 128: ...s drop down list to protocol VLAN group VLAN VLAN ID assigned to the Special Protocol VLAN Group Buttons Click to add protocol VLAN port entry Figu State Page Screenshot The page includes the following fields re 4 5 12 Protocol VLAN Port Object Description Port y the curren Displa t port Group ID Display the current group ID VLAN ID Display the current VLAN ID Delete Click to delete the group ID e...

Page 129: ...defines VLAN members o work y configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN regis which extend beyond the local switch he GVRP Global Setting Information screens in Figure 4 5 13 Figure 4 5 14 appear VLANs are dynamicall tration and to support VLANs T Figure 4 5 13 GVRP Global Setting Page Screenshot ...

Page 130: ...t after a Leave or LeaveAll message has been issued the applicants can rejoin before the port actually leaves the group Range 45 32760 centiseconds Default 60 centiseconds LeaveAll Timeout The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traf...

Page 131: ...gn protocol VLAN port GV ontrols whether GVRP is enabled or disabled on port RP Enabled C Registration Mode By default GVRP ports are in normal registration mode These ports use GVRP join messages from neighboring switches to prune the VLANs running across the 802 1Q trunk link If the device on the other side is not capable of sending GVRP messages or if you do not want to allow the switch to prun...

Page 132: ... Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Enable Status rent GVRP port state Display the cur Registration Mode Display the current registration mode VLAN Creation Status Display the current VLAN creation status ...

Page 133: ...ember Ports Display the current member ports Dynamic Ports Display the current dynamic ports VLAN Type Display the current VLAN type 4 5 13 GVRP Statistics screens in Figure 4 5 18 Figure 4 5 19 appear The GVRP Port Statistics and Error Statistics Figure 4 5 18 GVRP Port Statistics Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical ...

Page 134: ... Port Error Statistics Page Screenshot elds The page includes the following fi Object Description Port The switch port number of the logical port Invalid Protocol ID Display the current invalid protocol ID Invalid Attribute Type Display the current invalid attribute type Invalid Attribute Value Display the current invalid attribute value Invalid Attribute Length Display the current invalid attribu...

Page 135: ...ort configuration of the LRP Managed Switches 4 5 14 VLAN setting le 802 1Q VLAN Trunk 4 5 14 1 Two Separate 8 VLANs T rams Figure 4 5 20 Two Separate VLAN Diag VLAN Group VID Untagged Members Tagged Members VLAN Group 1 N A 1 Port 7 Port 8 VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 Port 5 Port 6 Table 4 5 2 VLAN and Port Configuration The scenario described as follows Untagg 1 Whil...

Page 136: ...e packet leaves Port 1 and Port 2 it will be stripped away its tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmits an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will receive the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away its tag becoming an untagged packet 3 While the packet...

Page 137: ...D to each port Port 1 Port 2 and Port 3 VLAN Mode Hybrid PVID 2 Port 4 Port 5 and Port 6 VLAN Mode Hybrid PVID 3 3 Port 1 2 Untagged Port 3 Tagged Port 4 6 Excluded Assign Tagged Untagged to each port VLAN ID 2 VLAN ID 3 Port 4 5 Untagged Port 6 Tagged Port 1 3 Excluded ...

Page 138: ... different switches but they need to access other s e 4 5 21 appears 4 5 14 2 VLAN Trunking between Two 80 t cases they are used for Uplink to other switches VLAN witches within the same VLAN group The screen in Figur Setup steps 1 te VLAN Group 2 and 3 p 2 and group 3 Crea Add VLAN grou ...

Page 139: ... port Port 1 Port 2 and Port 3 VLAN Mode Hybrid PVID 2 Port 4 Port 5 and Port 6 VLAN Mode Hybrid PVID 3 Port 7 VLAN Mode Hybrid PVID 1 3 Assign Tagged Untagged to each port VLAN ID 1 Port 1 6 Untagged Port 7 Excluded VLAN ID 2 Port 1 2 Untagged Port 3 7 Tagged Port 4 6 Excluded ...

Page 140: ...User s Manual of LRP 822CS LRP 1622CS 140 VLAN ID 3 Port 4 5 Untagged Port 6 7 Tagged Port 1 3 Excluded ...

Page 141: ...y link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the performance of the network if the Spanning...

Page 142: ...he port to go back to the blocking state Learning the port is adding addresses to its forwarding database but not yet forwarding packets Forwarding the port is forwarding packets Disabled the port only responds to network management messages and must return to the blocking state first port transitions from one state to another as follows ing to listening or to disabled The path cost to the root fr...

Page 143: ...e configured each port stabilizes to the forwarding or blocking state No packets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port STP Operation Levels The Switch allows for two levels of operation the switch level and the port level T consisting of links between one or more switches The port level constructs a spanning tree consis...

Page 144: ...t time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Default Value Port Priority A relative priority for each port lower numbers give a higher priority and a greater chance of a given port being elected as t...

Page 145: ...n be from 0 to 240 The lower the number the greater the probability the port will be chosen as Port Co t Cost c 0 to 200000000 The lower the num the probability the port will be chosen kets 3 Illustration of STP A simple il e bel ticipate some major network problems If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch e...

Page 146: ...User s Manual of LRP 822CS LRP 1622CS 146 Figure 4 6 2 Before Applying the STA Rules only the default STP values are used In this example Figure 4 6 3 After Applying the STA Rules ...

Page 147: ...T port setting MST Instance Setting Configures each MST instance setting MST Port Setting Configures per port MST setting STP Statistics Displays the STP statistics 4 6 2 STP Global Settings This page allows you to configure STP sy P Bridge instances in the Switch The RP Managed Switch support the following Spanning Tree Protocols Compatible Spanning Tree Protocol STP Provides a single path betwee...

Page 148: ...with slower media Therefore lower values should be assigned to ports attached to faster media and higher values assigned to p Force Version The STP protocol version setting Valid values are STP Compatible RSTP Operation and MSTP Operation Configuration Name Identifier used to identify the configuration currently being used Configuration Revision Identifier used to identify the configuration curren...

Page 149: ... STP Port Configuration Page Screenshot Object Description Port Select Select port number from this drop down list E Auto Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active to...

Page 150: ...BPDU format RSTP or STP compatible to send on the selected interfaces Default Disabled Change Notification BPDUs it will automa Buttons Click to apply changes By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method ...

Page 151: ...STP Path Costs Figure 4 6 7 STP Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical STP port Admin Enable Display the current STP port mode status External Cost y the cur Displa rent external cost Edge Port Display the current edg status e port BPDU Filter splay the cur filter configur Di rent BPDU ation BPDU Guard Displa...

Page 152: ...bridge address of the switch forms a Bridge Identifier Max Hops This defines the initial value of remaining Hops for MSTI information generated at of an MSTI region It defines how many bridges a root bridge can in the range 6 to 40 hops the boundary distribute its BPDU information Valid values are Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to e mode Valid v...

Page 153: ...out the BPDU packet to check STP current status Enter a value between 1 through 10 Buttons Click to apply changes Figu shot The page includes the following fields re 4 6 9 CIST Instance Information Page Screen Object Description Priority Display the current CIST priority Max Hop Display the current max hop Display the current forward delay Forward Delay Max Age Display the current max age Tx Hold ...

Page 154: ...This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 Internal Path Cost 0 Auto etting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The ed when establishing the active topology of the network Lower warding ports i...

Page 155: ...e current internal path cost oper Display the current designated root bridge Designated Root Bridge Display the current external root cost External Root Cost Display the current regional root bridge Regional Root Bridge Internal Root Cost Display the current internal root cost Designated Bridge Display the current designated bridge Int Display the current internal port path cost ernal Port Path Co...

Page 156: ...he following fields Object Description Allow to assign MSTI ID The range for the MSTI ID is 1 15 MSTI ID VLAN List 1 4096 Allow to assign VLAN list to special MSTI ID The range for the VLAN list is 1 4094 Priority Contro e better priority The dge ated with the 6 byte MAC s ls the bridge priority Lower numerical values hav bri priority plus the MSTI instance number concaten addre s of the switch fo...

Page 157: ...fields Object Description MSTI Display the current MSTI entry Status Display the current MSTI status VLAN List Display the current VLAN list VLAN Count Display the current VLAN count Priority Display the current MSTI priority Figure 4 6 14 MST Instance Status Page Screenshot ...

Page 158: ...current designated ro Internal Root Cost Display the current internal root cost Designated Bridge dge Display the current designated bri Root Port Display the current root port Max Age Display the current max age Forward Delay Display the current forward delay Remaining Hops Display the current remaining hops Last Topology Change Display the current last topology change ...

Page 159: ...appear Figure 4 6 15 MST Port Configuration Page Screenshot The page includes the following fields Object Description MST ID Enter the special MST ID to configure path cost and priority Port Select Select port number from this drop down list Priority Controls the port priority This can be used to control priority of ports having identical port cost Internal Path Cost 0 Auto Controls the path cost ...

Page 160: ... Priority Port ID Display the current identifier priority port ID Internal Path Cost r ation operation Conf Ope Display the current internal path cost configur Regional Root Bridge gional root bridge Display the current re Internal Root Cost Display the current internal root cost Display the current designated bridge Designated Bridge Display the current internal path cost Internal Path Cost Port ...

Page 161: ...n Port The switch port number of the logical STP port Configuration BPDUs ved Display the current configuration BPDUs received Recei TCN BPDUs Received Display the current TCN BPDUs received MSTP BPDUs Display the current MSTP BPDUs received Received Configuration BPDUs Display the configuration BPDUs transmitted Transmitted TCN BPDUs Transmitted mitted Display the current TCN BPDUs trans MSTP BPD...

Page 162: ...st Filter Configures multicast filter 4 7 1 Properties his page provides multicast properties related configuration n screen in Figure 4 7 1 Figure 4 7 2 appear 4 7 Multicast This section has the following items T The multicast Properties and Informatio Figure 4 7 1 Properties Setting Page Screenshot The page includes the following fields Object Description Unknown Multica Action st Unknown multic...

Page 163: ...ation Page Screenshot The page includes the following fields Object Description Unknown Multicast Action Display the current unknown multicast action status Forward Method For IPv4 Display the current IPv4 multicast forward method Forward Method For IPv6 Display the current IPv6 multicast forward method ...

Page 164: ...embers of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multic queried This router then keeps ack of the membership of the multicast groups that have active members The information received from IGMP is th...

Page 165: ...User s Manual of LRP 822CS LRP 1622CS 165 Figure 4 7 4 Multicast Flooding Figure 4 7 5 IGMP Snooping Multicast Stream Control ...

Page 166: ...GMP packets enable multicast routers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants ...

Page 167: ...hey want to receive multicast traffic If there is more than one rou tch o g one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast ier ter swi n the LAN performing IP multicastin switch router to ensure that it will continue to receive the multicast service Multicast routers use this in...

Page 168: ...he following fields Object Description IGMP Snooping Status Enable or disable the IGMP snooping The default value is Disabled IGMP Snooping Version Sets the IGMP Snooping operation version Possible versions are v2 Set IGMP Snooping supported IGMP version 2 v3 Set IGMP Snooping supported IGMP version 3 IGMP Snooping Report Suppression Limits ulticast capable routers When you disable report suppress...

Page 169: ... the current entry number Entry No VLAN ID Display the current VLAN ID IGMP Snooping Operation Status Display the current IGMP snooping operation status Router Ports Auto Learn ning Display the current router ports auto lear Query Robustness y robustness Display the current quer Query Interval sec Display the current query interval Query Max Response Interval sec Display the current query max resp...

Page 170: ...e Enable or disable the querier state The default value is Disabled Querier Version er version for compatibility with other devices on the network Sets the queri Version 2 or 3 Default 2 Buttons Click to apply changes Figure 4 7 11 IGMP Querier Status Page Screenshot owing fields The page includes the foll Object Description VLAN ID Display the current VLAN ID Querier State Display the current que...

Page 171: ... traffic can only be forwarded to ports within that VLAN he IGMP Static Group configuration screens in Figure 4 7 12 Figure 4 7 13 appear 4 7 2 3 IGMP Static Group Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in abo T Fig MP Static Group Page Screenshot he page includes the following fields ure 4 7 12 Add IG T Object Description V Selec...

Page 172: ... Group Table This page provides Multicast Database The IGMP Group Table screen in Figure 4 7 14 appears Figure 4 7 14 IGMP Group Table Page Screenshot following fields The page includes the Object Description VLAN ID Display the current VID Group IP Address Display multicast IP address for a specific multicast service Member Port Display the current member port types displayed include Static or Dy...

Page 173: ... you nfigure the interface and a sp supported by the attached route can ensure that multicast traffic is pass Managed Switch Figure 4 7 15 Add Router Port Page Screenshot The page includes the following fields Object Description VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Type Sets the Router port type The types of Router port as below Stat...

Page 174: ...ete the group ID entry 4 7 2 6 IGMP Router Table his page provides Router Table The Dynamic Static and Forbidden Router Table screens in Figure 4 7 17 Figure 4 7 18 T Figure 4 7 19 appear Fig The page includes the following fiel ure 4 7 17 Dynamic Router Table Page Screenshot ds Object Description VLAN ID Display the current VLAN ID Port Display the current dynamic router ports Expiry Time Sec Dis...

Page 175: ...rent port mask Fig 19 Forbid shot he page includes the following fields ure 4 7 den Router Table Page Screen T Object Description VLAN ID Display the current VLAN ID Display the current port mask Port Mask 4 7 2 7 IGMP Forward All This page provides IGMP Forward All The Forward All screen in Figure 4 7 20 appears Figure 4 7 20 Forward All Setting Page Screenshot ...

Page 176: ...face Forbidden Interface is forbidden from automatically joining the IGMP via MVR None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Membership Static Interface is a member of the IGMP Buttons Click to apply changes ping Static his page provides IGMP Snooping Statics The IGMP Snooping Statics screen in Figure 4 7 20 appears 4 7 3 I...

Page 177: ... RX Display current general query RX Special Group Query R Display current special group query RX X Special Group Source Query RX Display current special group source query RX Leave TX Display current leave TX Report TX Display current report TX General Query TX Display current general query TX Special Group Query TX Display current special group query TX Special Group Source Query TX Display curr...

Page 178: ... following fields The page includes the Object Description MLD Snooping Status The default value is Disabled Enable or disable the MLD snooping MLD Snooping Version Sets the MLD Snooping operation version Possible versions are v1 Set MLD Snooping supported MLD version 1 v2 Set MLD Snooping supported MLD version 2 MLD Snooping Report Suppression Limits the membership report traffic sent to multicas...

Page 179: ...y the current entry number VLAN ID Display the current VLAN ID MLD Snooping Operation Disp Status lay the current MLD snooping operation status Router Ports Auto Learn Display the current router ports auto learning Query Robustness ess Display the current query robustn Query Interval sec Display the current query interval Query Max Response Inter Display the current query max response interval val...

Page 180: ...from this drop down list VLAN ID Group IP Address The IP address for a specific multicast service Select port number from this drop down list Member Ports Buttons Click to add IGMP router port entry Figure 4 7 25 MLD Static Groups Page Screenshot llowing fields The page includes the fo Object Description VLAN ID Display the current VLAN ID Group IPv6 Address s Display the current group IPv6 addres...

Page 181: ...ected options Life Sec Display the current life 4 7 4 4 MLD Router Setting Depending on your network connections MLD snooping may not always be able to locate the MLD querier Therefore if the MLD querier is a known multicast router switch connected over the network to an interface port or trunk on your LRP Managed Switch you can manually configure the interface and a specified VLAN to join all the...

Page 182: ...er ports A router port is a port on the Ethernet ice or MLD querier switch that leads towards the Layer 3 multicast dev Forbid Port Select Specify which ports un act as router ports Buttons Click to add MLD router port entry F rt Status Page Screenshot he page includes the following fields igure 4 7 28 Router Po T Object Description VLAN ID Display the current VLAN ID Static Ports Display the curr...

Page 183: ...er Table Page Screenshot The page includes the following Object Description VLAN ID Display the current VLAN ID the current dynamic router ports Port Display Expiry Time Sec Display the current expiry time Figure 4 7 30 Static Router Table Page Screenshot The pag s the following fields e include Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask Figure 4...

Page 184: ...ting Page Screenshot owing fields igure 4 7 32 F The page includes the foll Object Description VLAN ID Select VLAN ID from this drop down list to assign MLD membership Port The switch port number of the logical port Select MLD membership for each interface Forbidden Interface is forbidden from automatically joining the MLD via MVR None Interface is not a member of the VLAN Packets associated with ...

Page 185: ...g Page Screenshot The page includes the following fields Object Description Total RX Display the current total RX Valid RX Display the current valid RX Invalid RX Display the current invalid RX Other RX Display the current other RX Leave RX u Display the c rrent leave RX Report RX he cu Display t rrent report RX General Query RX the cur Display rent general query RX Special Group Query Display the...

Page 186: ...urrent leave TX Report TX Display the current report TX General Query TX Display the current general query TX Special Group Query TX Display the current special group query TX Special Group Source Query TX Display the current special group source query TX Buttons Click to clear the MLD Snooping Statistics Click to refresh the MLD Snooping Statistics ...

Page 187: ...gure 4 7 34 Figure 4 7 35 appear ing sets a maxi d ny any new multicast jo group and replaces it wi ticast group t e multicast throttling number to limit t on mber of multicast groups an interface can j Figure 4 7 34 Max Groups and Action Setting Page Screenshot The page includes the following fields Object Description IP Type Select IPv4 or IPv6 from this drop down list Port Select Select port nu...

Page 188: ...are checked against the filter profile If a requested rmitted the multic the multicast join report is dropped When you have created a Multicast pro to filter and set the access mode Command Usage Each profile has only one access mode either permit or deny ess mode is set to permit multicast join reports are processed when a multicast group falls within the controlled When the access mode is set to...

Page 189: ...ps to include in the profile Specify a multicast group range by entering a start IP address Group to Specifies multicast groups to include in the profile Specify a multicast group range by entering an end IP address Sets the access mode of the profile either permit or deny Action Permit Multicast join reports are processed when a multicast group falls within the controlled range Deny When the acce...

Page 190: ...dify Click to edit parameter Click to delete the MLD IGMP profile entry 4 7 7 2 IGMP Filter Setting Figure 4 7 38 Figure 4 7 39 appear The Filter Setting and Status screens in Figure 4 7 38 Filter Setting Page Screenshot he following fiel The page includes t ds Object Description Port Select ct port nu Sele mber from this drop down list Filter Profile ID Select filter profile ID from this drop dow...

Page 191: ...delete the IGMP filter profile entry The Filter Setting and Status screens in Figure 4 7 40 Figure 4 7 41 appear 4 7 7 3 MLD Filter Setting Figure 4 7 40 Filter Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number from this drop down list Filter Profile ID ofile ID from this drop down list Select filter pr Buttons Click to apply changes F...

Page 192: ...92 The page includes the following fields Object Description Port Display the current port Filter Profile ID Display the current filter profile ID Action Click to display detail profile parameter Click to delete the MLD filter profile entry ...

Page 193: ...network you need to carry out the following actions 1 Define a service level to determine the priority that will be applied to traffic 2 Apply a classifier to determine how the incoming traffic will be classified and thus treated by the Switch 3 Create a QoS profile which associates a service level and a classifier 4 Apply a QoS profile to a port s The QoS page of the LRP Managed Switch contains t...

Page 194: ... 8 1 Figure 4 8 2 appear Figure 4 8 1 QoS Global Setting Page Screenshot The page includes the following fields Object Description QoS Mode Enable or disable QoS mode Buttons Click to apply changes Figure 4 8 2 QoS Information Page Screenshot The page includes the following fields Object Description QoS Mode Display the current QoS mode ...

Page 195: ...hot The page includes the following fields Object Description Port Select mber from this drop down list Select port nu CoS Value Select CoS value from this drop down list Remark CoS Disable or enable remark CoS Remark DSCP Disable or enable remark DSCP R Disable or enable remark IP Precedence emark IP Precedence Buttons Click to apply changes Figure 4 8 3 QoS Port Status Page Screenshot ...

Page 196: ... Remark DSCP Display the current remark DSCP Remark IP Precedence Display the current remark IP precedence 4 8 2 3 Queue Settings The Que and Information scre 8 4 Figure 4 8 5 appear ue Table ens in Figure 4 Figure 4 8 4 Queue Table Page Screenshot The page includes the following fields Object Description Queue Display the current queue ID Strict Priority Controls whether the scheduler mode is Str...

Page 197: ...Display the current bandwidth for each queu Buttons Click to apply changes Figure 4 8 5 Queue Information Page Screenshot The page includes the following fields Object Description Information Name Display the current queue method information Information Value Display the current queue value information 4 8 2 4 CoS Mapping The CoS to Queue and Queue to CoS Mapping screens in Figure 4 8 6 Figure 4 8...

Page 198: ... Queue value from this drop down list Class of Service Select CoS value from this drop down list Buttons Click to apply changes Figure 4 8 7 CoS Mapping Page Screenshot The page includes the following fields Object Description CoS Display the current CoS value Mapping to Queue Display the current mapping to queue ...

Page 199: ...ping The DSCP to Queue and Queue to DSCP Mapping screens in Figure 4 8 8 Figure 4 8 9 appear Figure 4 8 8 DSCP to Queue and Queue to DSCP Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value from this drop down list DSCP Select DSCP value from this drop down list Buttons Click to apply changes ...

Page 200: ... Mapping Page Screenshot The page includes the following fields Object Description DSCP Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to DSCP Display the current mapping to DSCP ...

Page 201: ...creens in Figure 4 8 10 Figure 4 8 11 appear Figure 4 8 10 IP Precedence to Queue and Queue to IP Precedence Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value from this drop down list IP Precedence Select IP Precedence value from this drop down list Buttons Click to apply changes ...

Page 202: ... the current mapping to queue Queue Display the current queue value Mapping to IP Precedence Display the current mapping to IP Precedence 4 8 3 QoS Basic Mode 4 8 3 1 Global Settings The Basic Mode Global Settings and QoS Information screens in Figure 4 8 12 Figure 4 8 13 appear Figure 4 8 12 Basic Mode Global Settings Page Screenshot The page includes the following fields Object Description Trust...

Page 203: ...t Description Trust Mode rrent QoS mode Display the cu 4 8 3 2 Port Settings tatus scree The QoS Port Setting and S ns in Figure 4 8 14 Figure 4 8 15 appear Figure 4 8 14 Basic Mode Global Settings Page Screenshot The page includes the following fields Object Description Select port number from this drop down list Port Enable or disable the trust mode Trust Mode ...

Page 204: ...ion Port The switch port number of the logical port Trust Mode Display the current trust type 8 4 Rate Limit e switch port on this page s Bandwidth Con ect the ingres Bandwidth Control Setting and Status screens in igure 4 8 16 Figure 4 8 17 appear 4 Configure the switch port rate limit for th 4 8 4 1 Ingres trol This page provides to sel s bandwidth preamble The Ingress F ...

Page 205: ...the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 17 Ingress Bandwidth Control Status Page Screenshot he page includes the following fields T Object Description Port The switch port number of the logical port Ingress Rate Limit Kbps...

Page 206: ...Control Settings Page Screenshot The page includes the following fields 8 18 Egress B Object Description Port n list Select port number from this drop dow State Enable or disable the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 19 ...

Page 207: ...and Status screens in Figure 4 8 20 Figure 4 8 21 appear Figure 4 8 20 ings Page Screenshot The page includes the following fields Egress Queue Bandwidth Sett Object Description Port Select port number from this drop down list Queue Select queue number from this drop down list S Enable or disable the port rate policer The default value is Disabled tate CIR Kbps Configure the CIR for the port polic...

Page 208: ...22CS 208 uttons B Click to apply changes Figure 4 8 21 Egress Queue Status Page Screenshot s the following fields The page include Object Description Queue ID Display the current queue ID Rate Limit Kbps Display the current rate limit ...

Page 209: ... to Voice VLAN when relocated physically The greatest advantage of the VLAN is the equipment can be automatically placed into Voice VLAN according to its voice traffic which will be transmitted at specified priority Meanwhile when voice equipment is physically relocated it still belongs to the Voice VLAN without any fur er configuration modification which is h port 4 th because it is based on voic...

Page 210: ...de operation Disabled Disable Voice VLAN mode operation Voice VLA ID etc The allowed range is 1 to 4095 N ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR VID PV Remark CoS 802 1p Select 802 1p value from this drop down list Enable or disable 802 1p remark 1p Remark Aging Ti...

Page 211: ...t voice VLAN state Voice VLAN ID Display the current voice VLAN ID Remark CoS 802 1p Display the current remark CoS 802 1p 1p Remark Display the current 1p remark Aging Display the current aging time 4 8 5 3 Telephony OUI MAC Setting onfigure VOICE VLAN OUI table on this Page The Telephony OUI MAC Setting screens in Figure 4 8 24 Figure 4 8 25 ppear C a Figure 4 8 24 Voice VLAN OUI Settings Page S...

Page 212: ...rmat is xx xx xx x is a hexadecimal digit Description User defined text that identifies the VoIP devices Buttons Click to add voice VLAN OUI setting Figure 4 8 25 Voice VLAN OUI Group Page Screenshot The page includes the following fields Object Description OUI Address Display the current OUI address Description Display the current description Modify Click to edit voice VLAN OUI group parameter Cl...

Page 213: ...UI MAC Setting screens in wo VLANs on the switch the IP phone sh re the voice VLAN ID correctly It should be configured through its own GUI The Figure 4 8 26 Figure 4 8 27 appear Figure 4 8 26 Voice VLAN Port Setting Page Screenshot The page includes the following fields Object Description Port Select port number for this drop down list State Enable or disable the voice VLAN port setting The defau...

Page 214: ...anual of LRP 822CS LRP 1622CS 214 The page includes the following fields Object Description Port The switch port number of the logical port State Display the current state CoS Mode Display the current CoS mode ...

Page 215: ...mber on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EA...

Page 216: ...ass through the port This section includes this conceptual information Device Roles Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States s network have specific roles as shown below ient is authenticated 802 s only Extensible Authentication Protocol fic through the port to which the cli ation is successful norma Device Role With 802 1X port based authenticatio...

Page 217: ...sing the dot1x port control auto interface configuration command the switch must initiate authentication when it determines that the port link state transitions from down to up It then sends an EAP request identity frame to the client to request its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of ...

Page 218: ...from the server after the specified number of attempts authentication fails If the link state of a port transitions from up to down or if an EAPOL logoff frame is received the port returns to the state While in this state the port disallows all ingress and e successfully authenticated the port transitions to the authorized state allowing all traffic for the client to flow normally authentication p...

Page 219: ...e Security 802 1X Access Control 802 1X Setting page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below The 802 1X Setting and Information screens in Figure 4 9 3 Figure 4 9 4 appear Figure 4 9 3 802 1X Setting Page Screenshot The page includes the following fields Object Description 802 1X Indicates if NAS is glo...

Page 220: ...hentication mode The following modes are available No Authentication Authentication Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without authentication In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed ...

Page 221: ... values are in the range 30 to 65535 seconds Quiet Period Sets time to keep silent on supplicant authentication failure Supplicant Period Sets the interval for the supplicant to re transmit EAP request identify frame Maximum Request Retries The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this...

Page 222: ... with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is enabled the port will now be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleared if the port link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to ...

Page 223: ...after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN When unchecked the ability to move to the Guest VLAN i...

Page 224: ...o apply changes Figure 4 9 8 Guest VLAN Status Page Screenshot The page includes the following fields Object Description The switch port number of the logical port Port Name Display the current state Enable State In Guest VLAN t guest VLAN Display the curren ...

Page 225: ...e Display the current user name Port Display the current port number Session Time Display the current session time Authentication Method Display the current authentication method MAC Address Display the current MAC address 4 9 2 RADIUS Server This page is to configure the RADIUS Settings screens in Figure 4 9 10 igure 4 9 11 Figure 4 9 12 appears server connection session parameters The RADIUS F F...

Page 226: ...onsidered to be dead Dead Time n 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually t a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configure...

Page 227: ...es before it is considered to be dead The Timeout which can be set to a number between 1 and 30 seconds is the maximum time to wait for a reply from a server If the server does n this timeframe we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope wi R Timeout is the number of seconds...

Page 228: ...cct Port Display the current key Key Display the current timeout Timeout Retries Display the current retry times Priority Display the current priority Dead Time Display the current dead time Usage Type Display the current usage type Modify Click to edit login authentication list parameter Click to delete login authentication list entry rver This page is to configure the RAD sion parameters The RAD...

Page 229: ...acters long is shared between the TACACS switch Key String server and the Timeout for Reply es in the range 1 to 30 a TACACS request is s not responding If the server has not responded ered to be dead Retransmit is the number of tim retransmitted to a server that i after the last retransmit it is consid Buttons Click to apply changes Figure 4 9 14 New RADIUS Server Page Screenshot ...

Page 230: ...cation Server and the switch The number of seconds the switch waits for a reply from the server before it quest Server Timeout resends the re Server Priority Set the server priority Buttons Click to add RADIUS server setting Figure 4 9 15 Login Authentication List Page Screenshot The page includes the following fields Object Description IP Address Display the current IP address Port Display the cu...

Page 231: ...access the network through the LRP Managed Switch Accounting for users that access management interfaces on the LRP Managed Switch through the console and Telnet Accounting for commands that users enter at specific CLI privilege levels Authorization of users that access management interfaces on the LRP Managed Switch through the console and Telnet To configure AAA on the LRP Man 1 Configure RADIUS...

Page 232: ... List Name Defines a name for the authentication list Method 1 4 Set the login authentication method Empty None Local TACACS RADIUS Enable Buttons Click to add authentication list Figure 4 9 18 Login Authentication List Screenshot The page includes the following fields Object Description List Name Display the current list name Method List Display the current method list Modify Click to edit login ...

Page 233: ...ion List Name Defines a name for the authentication list Method 1 3 Set the login authentication method Empty None Enable TACACS RADIUS Buttons Click to add authentication list Figure 4 9 20 Login Authentication List Screenshot The page includes the following fields Object Description List Name Display the current list name Method List Display the current method list Modify Click to edit login aut...

Page 234: ...ings Page Screenshot The page includes the following fields Object Description Telnet Service Disable or enable Telnet service Login Authentication List Select login authentication list from this drop down list Enable Authentication List Select enable authentication list from this drop down list Set the session timeout value Session Timeout Set the password retry count value Password Retry Count S...

Page 235: ...lnet session count Count 4 9 5 2 SSH Configure SSH on this page This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the por ed learning In this mode frames from unknown MAC addresses are passed on to the port security mod her to allow...

Page 236: ...vice Disable or enable SSH service SSH Ser Login Authentication List down list Select login authentication list from this drop Enable Authentication List Select enable authentication list from this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Time Set the silent time value Buttons Click to apply changes Click to disconn...

Page 237: ...rent login authen Enable Authentication List Display the current enable authentication list Session Timeout Display the current session timeout Password Retry Count Display the current password retry count Silent Time Display the current silent time Current SSH Session Count Display the current SSH session count 4 9 5 3 HTTP The HTTP Settings and Information screens in Figure 4 9 25 Figure 4 9 26 ...

Page 238: ...ication list from this drop down list Session Timeout Set the session timeout value Buttons Click to apply changes Figure 4 9 26 HTTP Information Page Screenshot fields The page includes the following Object Description e Displ HTTP Servic ay the current HTTP service Display the current login authentication list Login Authentication List Session Timeout Display the current session timeout ...

Page 239: ...e or enable HTTPs service Login Authentication List Select login authentication list from this drop down list Session Timeout Set the session timeout value uttons B Click to apply changes Figure 4 9 28 HTTPs Information Page Screenshot The page includes the following fields Object Description HTTPs Service Display the current HTTPs service Login Authentication List Display the current login authen...

Page 240: ...le name Priority 1 65535 Set priority The allowed value is from 1 to 65535 Management Method Indicates the host can access the switch from HTTP HTTPs telnet SSH SNMP All interface that the host IP address matched the entry Action An IP address can contain any combination of permit or deny rules Default Permit rules Sets the access mode of the profile either permit or deny Port Select port from thi...

Page 241: ... Display the current source IPv4 address Source IPv4 Mask Display the current source IPv4 mask Source IPv6 Display the current source IPv6 address Display the current source IPv6 prefix Source IPv6 Prefix Modify Click to edit profile rule parameter Click to delete profile rule entry 4 9 4 9 6 2 Access Rules The access profile screens in Figure 31 Figure 4 9 32 appear Figure 4 9 31 Access Profile P...

Page 242: ...2 uttons B Click to apply changes Fi reenshot e following fields gure 4 9 32 Access Profile Table Page Sc The page includes th Object Description Access Profile y the curren Displa t access profile Delete Click to delete access profile entry ...

Page 243: ... DHCP snooping is used to filter DHCP messages received on a non secure interface from outside the network or firewall When DHCP snooping is enabled globally and enabled on a VLAN interface DHCP messages received on an untrusted interface from a device not listed in the DHCP snooping table will be dropped Table entries are only learned for trusted interfaces An entry is added or removed dynamicall...

Page 244: ... disabled all dynamic bindings are removed from the binding table Additional considerations when the switch itself is a DHCP client The port s through which the switch submits a client request to the DHCP server must be configured as trusted Note that the switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch send...

Page 245: ...formation Page Screenshot he page includes the following fields T Object Description DHCP Snooping Display the current DHCP snooping status 4 9 7 3 VLAN Setting Command Usage When DHCP snooping is enabled globally on the switch and enabled on the specified VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When the DHCP snooping is globally disabled DHCP snooping c...

Page 246: ...ping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation Buttons Click to apply changes Figure 4 9 36 DHCP Snooping VLAN Setting Page Screenshot The page includes the follo...

Page 247: ...with this port are Set all ports connected to DHCP servers within the local network or firewall to trusted state Set all other ports outside the local n r firewall to untrusted The DHCP Snooping Port Setting screens in Figure 4 9 37 Figure 4 9 38 appear removed etwork o state Figure 4 9 37 DHCP Snooping Port Setting Page Screenshot he page includes the following fields T Object Description Port Se...

Page 248: ...includes the following fields Object Description Port The switch port number of the logical port Type Display the current type Display the current chaddr check Chaddr Check ics ing Statistics screen i 4 9 7 5 Statist The DHCP Snoop n Figure 4 9 39 appears Figure 4 9 39 DHCP Snooping Statistics Page Screenshot ...

Page 249: ...h entry is the number of bytes from the start of the file to end of the entry Each entry is 72 bytes followed by a space and then the checksum value To keep the bindings when the switch reloads you must use the DHCP snooping database agent If the agent is disabled dynamic ARP or IP source guard is enabled and the DHCP snooping binding database has dynamic bindings the switch loses its connectivity...

Page 250: ... Snooping Database Setting Page Screenshot The page includes the following fields Object Description Database Type Select database type File Name The name of file image Fill in your remote server IP address Remote Server Write Delay Specify the duration for which the transfer should be delayed after the binding database changes The range is from 15 to 86400 seconds The default is 300 seconds 5 min...

Page 251: ...play the current file name Remote Server rrent remote server Display the cu Write Delay Display the current write delay Timeout Display the current timeout 4 9 7 7 Rate Limit ooping the swi DHCP Rate Limit Setting and Config sc ure 4 9 42 Figure 4 9 43 appear After enabling DHCP sn tch will monitor all the DHCP messages and implement software transmission The reens in Fig Figure 4 9 42 DHCP Rate L...

Page 252: ...fine Rate Limit pps Configure the rate limit for the port policer The default value is unlimited Valid values are in the range 1 to 300 Buttons Click to apply changes Figure 4 9 43 DHCP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Rate Limit pps Display the current rate limit ...

Page 253: ...y information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in switch it means switch ID The parameter of port_no is th...

Page 254: ...tion 82 then the system will drop it without processing keep mode means that the system will keep the original option 82 segment in the message and forward it to the server to process replace mode means that the system will replace the option 82 segment in the existing message with its own option 82 and forward the message to the server to process Option 82 Port Setting screens in Figure 4 9 46 Fi...

Page 255: ...n port Allow Untrusted Select modes from this drop down list The following modes are available Drop Keep Replace Buttons Click to apply changes Figure 4 9 47 Option 82 Global Setting Page Screenshot The page includes the following fields Object Description The switch port number of the logical port Port Enable Display the current status Allow Untrusted Display the current untrusted mode ...

Page 256: ...ge Screenshot The page includes the following fields Figure Object Description Port Select port for this drop down list VLAN Indicates the ID of this particular VLAN Circuit ID Set the option1 Circuit ID content of option 82 added by DHCP request packets Buttons Click to apply changes Figure 4 9 49 Option 82 Port Circuit ID Setting Page Screenshot The page includes the following fields Object Desc...

Page 257: ...tworks by poisoning the ARP cac A Dynamic ARP prevents the untrusted ARP packets based on the DHCP Snooping Database 4 9 8 1 Global Setting DAI Setting and Information screens in Figure 4 9 50 Figure 4 9 51 appear Figure 4 9 50 DAI Setting Page Screenshot he page includes the following fields T Object Description D le the Global Dynamic ARP Inspection or disable the Global ARP Inspection AI Enab B...

Page 258: ...ludes the following fields Object Description VLAN ID Indicates the ID of this particular VLAN Status Enables Dynamic ARP Inspection on the specified VLAN Options Enable Disable Buttons Click to apply changes Figure 4 9 53 DAI VLAN Setting Page Screenshot The page includes the following fields Object Description Display the current VLAN list VLAN List Status Display the current status ...

Page 259: ...C address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses When enabled packets with different MAC addresses are classified as invalid and are dropped Enable or disable Dst Mac Chk Enable or disable to checks the destination MAC address in the Ethernet header against the target MAC address in ARP body This check is per...

Page 260: ... includes the following fields Object Description The switch port number of the logical port Port Display the current port type Type Src Mac Chk Display the current Src Mac Chk status Display the current Dst Mac Chk status Dst Mac Chk Display the current IP Chk status IP Chk IP Allow Zero Display the current IP allow zero status ...

Page 261: ...he switch port number of the logical port Port Forwarded rrent forwarded Display the cu Source MAC Failures Display the current source MAC failures Dest MAC Failures C failures Display the current source MA SIP Validation Failures s Display the current SIP Validation failure DIP Validation Failures s Display the current DIP Validation failure IP MAC Mismatch tch failures Failures Display the curre...

Page 262: ...g fields Object Description Select port from this drop down list Port State Set default or user define Configure the rate limit for the port policer The default value is unlimited Rate Limit pps Buttons Click to apply changes Figure 4 9 58 ARP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Rate Limit pps ...

Page 263: ...up the key attributes including IP address MAC address and VLAN tag of the packet in the binding entries of the IP source guard If there is a matching entry the port will forward the packet Otherwise the port will abandon the packet IP source guard filters packets bas MAC port binding entry C port binding entry 4 9 9 IP Source G IP Source Guard is a secure feature used to restrict IP traffic on DH...

Page 264: ...re 4 9 60 IP Source Guard Port Setting Page Screenshot The page includes the following fields Object Description Port Select port from this drop down list Status Enable or disable the IP source guard Verify Source Configures the switch to filter inbound traffic based IP address or IP address and MAC address None Disables IP source guard filtering on the LRP Managed Switch IP Enables traffic filter...

Page 265: ...umber of the logical port Status nt status Display the curre Display the current verify source Verify Source Display the current max binding entry Max Binding Entry Current Binding Entry Display the current binding entry 9 9 2 Binding Table he IP Source Guard Static Binding Entry and Table Status screens in Figure 4 9 62 Figure 4 9 63 appear 4 T Figure 4 9 62 IP Source Guard Static Binding Entry P...

Page 266: ... allowed Buttons Click to add authentication list Figure 4 9 63 IP Source Guard Binding Table Status Page Screenshot The pag s the following fields e include Object Description Port Display the current port VLAN ID Display the current VLAN Display the current MAC address MAC Address IP Address Display the current IP Address Type Display the current entry type Display the current lease time Lease T...

Page 267: ... 4 9 64 Port Security Setting Page Screenshot The page incl owing fields udes the foll Object Description Port Select port from this drop down list Security Enable or disable the port security Mac L2 Entry addresses that can be secured on this port If the ing action is taken The switch is born with a total number of MAC addresses from which all ports ress is seen on a Port Security enabled port Si...

Page 268: ...card If Limit 1 MAC addresses is seen on the port it will trigger the action that do not learn the new MAC and drop the package Buttons Click to apply changes F The page includes the following fields igure 4 9 65 Port Security Status Page Screenshot Object Description The switch port number of the logical port Port Name Enable State security status Display the current per port Display the current ...

Page 269: ...er from attacks such as DoS The heck allows the user to drop matched packets based on specified conditions The security features provide several simple and effective protections against Dos attacks while acting no influence on the linear forwarding performance of the switch 4 9 11 1 Global DoS Setting The Global DoS Setting and Information screens in Figure 4 9 66 Figure 4 9 67 appear h is a simpl...

Page 270: ...includes the following fields Object Description DMAC SMAC Enable or disable DoS check mode by DMAC SMAC Land Enable or disable DoS check mode by land UDP Blat Enable or disable DoS check mode by UDP blat TCP Blat Enable or disable DoS check mode by TCP blat POD Enable or disable DoS check mode by POD ...

Page 271: ...ck mode by smurf attack TCP Min Hdr Size Enable or disable DoS check mode by TCP min hdr size TCP SYN SPORT 1024 Enable or disable DoS check mode by TCP syn sport 1024 Null Scan Attack Enable or disable DoS check mode by null scan attack X mas Scan Attack Enable or disable DoS check mode by X mas scan attack TCP SYN FIN Attack Enable or disable DoS check mode by TCP syn fin attack TCP SYN RST Atta...

Page 272: ...IPv6 Ping Max Size Display the current IPv6 ping max size status Smurf Attack Display the current smurf attack status TCP Min Header Length Display the current TCP min header length TCP SYN SPORT 1024 Display the current TCP syn status Null Scan Attack Display the current null scan attack status X mas Scan Attack Display the current X mas scan attack status TCP SYN FIN Attack Display the current T...

Page 273: ...rt from this drop down list DoS Protection Enable or disable per port DoS protection Buttons Click to apply changes Figure 4 9 68 Port Security Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port DoS Protection Display the current DoS protection ...

Page 274: ...oded fram ames with a VLAN ID DMAC pair not pres 4 9 12 1 ontrol Global Setting and Figure 4 9 69 Storm Control Global Setting Page Screenshot The page includes the following fields Object Description Unit Controls the unit of measure for the storm control rate as pps or bps The default value is bps Preamble IFG Set the excluded or included interframe gap Buttons Click to apply changes Figure 4 e ...

Page 275: ...n Unicast storm rate control The configuration indicates the Fig orm Control Setting Page Screenshot The page includes the following fields ure 4 9 71 St Object Description Port Select port for this drop down list Port State Enable or disable the storm control status for the given storm type Action Configures the action performed when storm control is over rate on a port Valid values are Shutdown ...

Page 276: ...ct Description Port The switch port number of the logical port Display the current port state Port State Broadcast Kbps pps rent broadcast storm control rate Display the cur Unknown Multicast Kbps pps ast storm control rate Display the current unknown multic Unknown Unicast ps Display the current unknown unicast storm control rate Kbps p Display the current action Action ...

Page 277: ...ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application The ACL page contains links to th MAC based ACL Configure MAC based ACL setting Add Edit Delete the MAC based ACE Access Control Entry setting IPv4 based ACL Configure IPv4 based ACL setting I...

Page 278: ...ields Object Description Delete Click to delete ACL name entry 4 10 2 MAC based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you select The MAC based ACE screens in Figure 4 10 3 Figure 4 10 4 appear F enshot igure 4 10 3 MAC based ACE Page Scre ...

Page 279: ...mes where SHA is not equal to the DA MAC address 1 ARP frames where SHA is equal to the DA MAC address SA MAC Specify the source MAC filter for this ACE Any No SA MAC filter is specified User Defined If you want to filter a specific source MAC address with this ACE choose this value A field for entering a SA MAC value appears SA MAC Value When User Defined is selected for the SA MAC filter you can...

Page 280: ... MAC Address Display the current destination MAC address Destination MAC Address Mask ress mask Display the current destination MAC add Source MAC Address Display the current source MAC address Source MAC Address Mask Display the current source MAC address mask Display the current VLAN ID VLAN ID 802 1p Display the current 802 1p value 802 1p Mask Display the current 802 1p mask Display the curren...

Page 281: ... 10 5 IPv4 based ACL Page Screenshot The page includes the following fields Object Description ACL Name Crea list te a name from IPv4 based ACL Buttons Click to add ACL name list Fig hot wing fields ure 4 10 6 ACL Table Page Screens The page includes the follo Object Description Delete Click to delete ACL name entry 10 4 IPv4 based ACE An ACE consists of several parameters Different parameter opti...

Page 282: ...User s Manual of LRP 822CS LRP 1622CS 282 Figure 4 10 7 IP based ACE Page Screenshot ...

Page 283: ...ce IP address The legal format is xxx xxx xxx xxx A frame that hits this ACE matches this source IP address value Source IP Wildcard Mask When User Defined is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation Destination IP Address Specify the Destination IP address filter for this ACE Any No destination IP address filter is specified User Defined If yo...

Page 284: ...t value appears UGR Specify the TCP Urgent Pointer field significant URG value for this ACE Set TCP frames where the URG field is set must be able to match this entry Unset TCP frames where the URG field is set must not be able to match this entry Don t Care Any value is allowed don t care ACK Specify the TCP Acknowledgment field significant ACK value for this ACE Set TCP frames where the ACK fiel...

Page 285: ...this DSCP value filter a specific IP recedence with this ACE you can IP recedence value IP Recedence If you want to enter a specific IP recedence value A field for entering an appe P reced lue ars The allowed range is 0 to 7 A frame that hits this ACE matches this I ence va ICMP Specify the ICMP for this ACE CMP is specified destination port status is don t care Any No specific I List If you want ...

Page 286: ...ress wildcard mask Source IP Address Wildcard Mask Destination IP Addre tination IP address ss Display the current des Destination IP Address Wildcard Mask address wildcard mask Display the current destination IP Display the current source port range Source Port Range Display the current destination port range Destination Port Range Display the current flag set Flag Set DSCP current DSCP Display t...

Page 287: ...0 9 IPv6 based ACL Page Screenshot The page includes the following fields Object Description ACL Name Create a name from IPv6 based ACL list Buttons Click to add ACL name list Figure 4 10 10 ACL Table Page Screenshot following fields The page includes the Object Description Delete Click to delete ACL name entry 4 10 6 IPv6 based ACE An ACE consists of several parameters ent parame n the frame type...

Page 288: ...User s Manual of LRP 822CS LRP 1622CS 288 Figure 4 10 11 IP based ACE Page Screenshot ...

Page 289: ...e that hits this ACE matches this source IP address value Source IP Prefix Length When User Defined is selected for the source IP filter you can enter a specific SIP prefix length in dotted decimal notation Destination IP Address Specify the Destination IP address filter for this ACE Any No destination IP address filter is specified User Defined If you want to filter a specific destination IP addr...

Page 290: ...tion port range val entering a destination port value appears UGR Specify the TCP Urgent Pointer field significant URG value for this ACE Set TCP frames where the URG field is set must be able to match this entry Unset TCP frames where the URG field is set must not be able to match this entry Don t Care Any value is allowed don t care ACK Specify the TCP Acknowledgment field significant ACK value ...

Page 291: ... A frame that hits this ACE matches this DSCP value IP Recedence If you want to filter a specific IP recedence with this ACE you n e ca nter a specific IP recedence value A field for entering a IP recedence value The allowed range is 0 to 7 A frame that hits this ACE appears matches this IP recedence value ICMP Specify the ICMP for this ACE Any No specific ICMP is specified destination port status...

Page 292: ... address wildcard mask Source IP Address Wildcard Mask Destination IP Address Display the current destination IP address Destination IP Addre rd Mask ss wildcard mask ss Display the current destination IP addre Wildca Source Port Range Display the current source port range Display the current destination port range Destination Port Range Display the current flag set Flag Set Display the current DS...

Page 293: ...ription Binding Port list Select port from this drop down ACL Select p down list Select ACL list from this dro Buttons Click to apply changes F enshot following fields igure 4 10 14 ACL Binding Table Page Scre The page includes the Object Description Port The switch port number of the logical port MAC ACL Display the current MAC ACL IPv4 ACL Display the current IPv4 ACL IPv6 ACL y the cur Displa r...

Page 294: ... MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age time 11 1 Static MAC Setting wn in this table The MAC table is sorted first by VLAN ID and then by MAC address The Static MAC Setting screens in Figu gure 4 11 2 appear 4 11 MAC Addres Switching of frames is based upon the DMAC address contained in th...

Page 295: ... Port Display the current port Delete Click to delete static MAC status entry 4 11 2 MAC Filtering By filtering MAC address the switch can easily filter the pre configured MAC address and reduce the un safety The Static MAC Setting screens in Figure 4 11 3 Figure 4 11 4 appear Figure 4 11 3 MAC Filtering Setting Page Screenshot he page includes the following fields T Object Description MAC Address...

Page 296: ... The VLAN ID for the entry Delete Click to delete static MAC status entry By default dynamic entries are removed from the MAC table after 300 seconds The Dynamic Address Setting Status screens 4 11 3 Dynamic Address Setting in Figure 4 11 5 Figure 4 11 6 appear Figure 4 11 5 Dynamic Addresses Setting Page Screenshot he page includes the following fields T Object Description Aging Time which a lear...

Page 297: ...ic MAC Table The Dynamically Learned MAC Table is shown on this page The MAC Table is sorted first by VLAN ID and then by MAC igure 4 11 6 Figure 4 11 7 appear D address The Dynamically Learned screens in F Figure 4 11 6 Dynamically Learned Page Screenshot The page includes the following fields Object Description Select port from this drop down list Port VLAN rom this drop down list Select VLAN f ...

Page 298: ...t Flushes all dynamic entries Figure 4 11 7 MAC Address Information Page Screenshot Object Description MAC Address The MAC address of the entry VLAN The VLAN ID of the entry Indicates whether the entry is a static or dynamic entry Type The ports that are members of the entry Port Buttons Click to add dynamic MAC address to static MAC address ...

Page 299: ... MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simplify troublesho rate network topology 4 12 2 LLDP Setting This page allows the user to inspect and config...

Page 300: ...lay When a port is disabled LLDP is disabled or the switch is rebooted a LLDP shutdown frame is transmitted to the neighboring units signaling that the LLDP information isn t valid anymore TX Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds Transmit Delay If some configuration is changed e g the IP address a ...

Page 301: ...ent LLDP status Display the current LLDP PDU disable action LLDP PDU Disable Action Transmission Interval Display the current transmission interval Holdtime Multiplier Display the current holdtime multiplier Reinitialization Delay Display the current reinitialization delay Transmit Delay Display the current transmit delay LLDP MED Fast Start Repeat Count Di MED Fast Start Repeat Count splay the cu...

Page 302: ...Select port from this drop down list Enables LLDP messages transmit and receive modes for LLDP Protocol Data Units Options RX only State TX only Tx RX Disabled Port Select Select port from this drop down list Optional TLV Select Configures the information included in the TLV field of advertised messages System Name When checked the System Name is included in LLDP information transmitted Port Descr...

Page 303: ...included in LLDP information transmitted Management Address When checked the Management Address is included in LLDP information transmitted 802 1 PVID When checked the 802 1 PVID is included in LLDP information transmitted Buttons Click to apply changes Figure 4 12 4 LLDP Port Status Page Screenshot The page includes the following fields Object Description Port rt The switch port number of the log...

Page 304: ...fields e 4 12 5 VLAN Name TLV Selecti The page Object Description Port Select Select port from this drop down list VLAN Select Select VLAN from this drop down list Buttons Click to apply changes LLDP Port VLAN TLV Status Page Screenshot The page includes the following fields Figure 4 12 6 Object Description Port The switch port number of the logical port Selected VLAN Display the current selected ...

Page 305: ...4 12 8 appear Figure 4 12 7 Local Device Summary Page Screenshot The page includes the following fields Object Description Chassis ID Subtype Display the current chassis ID subtype Chassis ID Display the current chassis ID System Name Display the current system name System Description Display the current system description Capabilities Supported Display the current capabilities supported Capabilit...

Page 306: ...l port LLDP Status rrent LLDP status Display the cu LLDP MED Status Display the current LLDP MED Status 4 12 5 LLDP Remote Device This page provides a status overview for all LLDP remote devices The displayed table contains a row for each port on which an L P Remot pears L DP neighbor is detected The LLD e Device screen in Figure 4 12 9 ap Figure 4 12 9 LLDP Remote Device Page Screenshot ...

Page 307: ...e Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Port ID Subtype Display the current port ID subtype Port ID The Remote Port ID is the identification of the neighbor port System Name System Name is the name advertised by the neighbor unit Time to Live Display the current time to live Buttons Click to delete LLDP remote device entry Click to refresh LLDP remote device...

Page 308: ...t policies per application type LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Conne...

Page 309: ... and enhanced security by isolation from data applications Voice Signaling for use in network topologies that require a different policy for the voice signaling than for the voice media This application type should not be application policy advertised if all the same network policies apply as those advertised in the Voice Guest Voice support a separate limited feature set voice service for guest u...

Page 310: ...advertised in the Video Conferencing application policy VLAN ID VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 Tag Tag indicating whether the specified application type is using a tagged or an AN d frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 In this are ignored and only the DSCP value has relevance ng the IEEE 802 1Q tagged frame format 2 ...

Page 311: ... Display the current application Application Display the current VLAN ID VLAN ID VLAN Tag Display the current VLAN tag status L2 Priority ority Display the current L2 pri Display the current DSCP value DSCP Value Buttons Click to delete LLDP MED 4 12 7 MED Port Setting nfiguration Port Setti network policy table entry The Port LLDP MED Co ng Table screens in Figure 4 12 12 Figure 4 12 13 appear Fi...

Page 312: ...adation or complete service disruption his option advertises location identification details details useful for inventory management such as manufacturer model software version and other Network Policy This option advertises network policy co Location T Inventory This option advertises device pertinent information MED Network Policy Select MED network policy from this drop down list Buttons Click ...

Page 313: ...onfiguration Page Screenshot The page includes the following fiel Object Description Port Select port from this drop down list L A string identifying the Location Coordinate that this entry should belong to ocation Coordinate Location Civic Address A string identifying the Location Civic Address that this entry should belong to Location ESC ELIN A string identifying the Location ESC ELIN that this...

Page 314: ...he current ESC ELIN 4 12 8 LLDP Overloading The LLDP Port Overloading screen in Figure 4 12 16 appears Figure 4 12 16 LLDP Port Overloading Table Page Screenshot The page includes the following fields Object Description Interface The switch port number of the logical port Total Bytes Total number of bytes of LLDP information that is normally sent in a packet Left to Send Bytes Total number of avai...

Page 315: ...ded Optional TLVs MED Inventory Displays if the mandatory group of TLVs was transmitted or overloaded 802 1 TLVs Displays if the 802 1 TLVs were transmitted or overloaded 4 12 9 LLDP Statistics Use the LLDP Device Statistics screen to general statistics for LLDP capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces The LLDP Global and...

Page 316: ...nted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table ntained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out when the Chassis ID or Remote Port ID is not already co The number of received LLDP frames containing some kind of err...

Page 317: ...nctions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the cat5 twisted pair cabling There might be two statuses as follows twisted pair interface in 1000BASE T mode the Cable Diagnostics can run without disruption of the link or of any data transfer is established in 100 0BASE T the Cable Diagnostics causes the li...

Page 318: ...udes the f Object Description Select port from this drop down list Port Buttons Click to run the diagnostics Figure 4 13 2 Test Results Page Screenshot The page includes the following fields Object Description Port The port where you are requesting Cable Diagnostics Channel A D Display the current channel status Cable Length A D Display the current cable length Result Display the test result ...

Page 319: ...packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 13 3 appears Figure 4 13 3 ICMP Ping Page Screenshot owing fields The page includes the foll Object Description IP Address The destination IP Address s to se...

Page 320: ...nd roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMPv6 Ping screen i Figure 4 13 4 appears Figure 4 13 4 ICMPv6 Ping Page Screenshot The page includes the following fields Object Description IP Address The destination IPv6 Address Count Number of echo requests to send Interval in se...

Page 321: ...t of all events generated by RMON Agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 14 1 RMON Statistics This page provides a detail of a specific RMON statistics en...

Page 322: ...ctets Oversize Packets The total number of packets received that were longer than 1518 octets Fragments The number of frames which size is less than 64 octets received with invalid CRC Jabbers The number of frames which size is larger than 64 octets received with invalid CRC Collisions The best estimate of the total number of collisions on this Ethernet segment 64 Byte Frame The total number of pa...

Page 323: ...fication of the event the possible types are octets received on the interface including framing none The total number of characters packets delivered to a higher layer protocol log The number of uni cast SNMP Trap The number of broad cast and multi cast packets delivered to a higher layer protocol ts Log and Trap The number of inbound packets that are discarded even the packe are normal Community ...

Page 324: ...description Last Sent Time Display the current last sent time Owner Display the current event owner Action Click to delete RMON event entry 4 14 3 RMON Event Log an overview of e 4 14 4 appears This page provides RMON Event Log The RMON Event Log Table screen in Figur t Log Table Page Screenshot The page includes the foll Figure 4 14 4 RMON Even owing fields Object Description Select Index index f...

Page 325: ...ex of the alarm entry Sample Port Select port from this drop down list Sample Variable sible variables are Indicates the particular variable to be sampled the pos DropEvents The total number of events in which packets were dropped due to lack of resources Octets The number of received and transmitted good and bad bytes g bits Includes FCS but excludes framin The total number of frames bad broadcas...

Page 326: ...e total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets Pkts64to172Octets The total number of frames including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but including FCS octets Pkts158to255Octets The total number of frames inclu...

Page 327: ...sed Falling Event Specify an owner for the alarm Owner Buttons Click to apply changes Figure 4 14 6 RMON Alarm Status Page Screenshot The page includes the following fields Object Description Indicates the index of Alarm control entry Index Display the current sample port Sample Port Display the current sample variable Sample Variable Display the current interval Sample Interval Display the curren...

Page 328: ...rop down list to create the ne Index Indicates the index of the history entry Sample Port Select port from this drop down list Bucket Requested Indicates the maximum data entries associated this History control entry stored in nge is from 1 to 50 default value is 50 RMON The ra Interval ng the history statistics data The alue is 1800 seconds Indicates the interval in seconds for sampli range is fr...

Page 329: ...ested Interval Display the current interval Owner Display the current owner Action Click to delete RMON history entry 4 14 6 RMON History Log his page provides a detail of RMON history entries screen in Figure 4 14 9 appears T Fig ge Screenshot The page includes the following fields ure 4 14 9 RMON History Status Pa Object Description Index Select history index from this drop down list History But...

Page 330: ... AP group for the enterpris ut the power socket li P Managed Switch makes the installation of cameras or WLAN APs ficient Mana e Witho mitation the LR easier and more ef PoE Power Budget list for LRP ged Switch Model Name PoE Budget 25 degrees C PoE Budget 50 degrees C LRP 822CS 240 watts 200 watts LRP 1622CS 380 watts 440 watts Figure 4 16 1 Power over Ethernet Status ...

Page 331: ...reless AP and any 802 3af at complied powered device PD A NET Long Re The follo roved PLANET Long Reac nders is correct at the time of publica pproved PLA ach PoE Extenders wing list of app h PoE exte tion Long Reach Ethernet Coaxial Extenders LRP 101CE 1 Port 10 100TX PoE PSE 1 Port Coax Long Reach PoE Extender It is recommended to use PLANET Long Reach Ethernet coaxial extenders on the LRP Manag...

Page 332: ...rts are shut down when total reserved power exceeds the amount of power that the power supply can deliver 4 15 2 System Configuration g power is applied from a power source PSU po which are connected to ports Under some conditions the total output powe e power provided by the PSU The system with a PSU is capable of supplying less mption of all the PoE ports in the system In order to maintain the f...

Page 333: ...mode Users allow to assign how much PoE power to each port and the system will reserve PoE power to PD Temperature Threshold Allows setting over temperature protection threshold value If the system temperature is overly high the system will lower the total PoE power budget automatically PoE Temperature Display the PoE Chip Temperature This section displays the PoE Power Usage of Current Power Cons...

Page 334: ...total power budget In this case the port with the lowest priority will be turned off and offer The Priority represe named Low High and Critical power for the port of higher priority Current Used mA The Power Used shows how much current the PD currently is using Power Used W rently is using The Power Used shows how much power the PD cur Power Allocation It can limit the port PoE supply watts Per po...

Page 335: ...ime intervals and it is a powerful function to help SMB or Enterprise save power and money This page allows the use schedule and scheduled power recycling lance the Managed PoE switch is certainly applicable to construc including VoIP and Wire r the trend of energy saving worldwide and contributing to th itch can effectively contr you to enable or disabl Scheduled Power Recycling The Managed PoE s...

Page 336: ... Configuration and select Schedule mode from per port PoE Mode option to enable you to indicate which schedule profile could be applied to the PoE port Object Description Profile Set the schedule profile mode Possible profiles are Profile1 Profile2 Profile3 Profile4 Week Day Allows user to set week day for defining PoE function by enabling it on the day Start Hour Allows user to set what hour PoE ...

Page 337: ... This function offers administrator to reboot PoE device at an indicated time if administrator has this kind of requirement Reboot Only Allows user to reboot PoE function by PoE reboot schedule Please note that if administrator enables this function PoE schedule will not set time to profile This function is just for PoE port to reset at an indicated time Reboot Hour Allows user to set what hour Po...

Page 338: ...eliability and reduces administrato 4 15 5 PoE Alive figuration he PoE Switch can be c and without response the P is going to restart PoE port power and bring the PD back to work It will greatly enhan r management burden This page pro igure PD Alive Check The screen in Figure 4 16 5 appears vides you with how to conf Figure 4 15 5 PD Alive Check Configuration Screenshot ...

Page 339: ...tinuously the PoE port will be reset Action Allows user to set which action will be applied if the PD is without any response The PoE Switch offers the following 3 actions PD Reboot It means system will reset the PoE port that is connected to the PD PD Reboot Alarm It means system will reset the PoE port and issue an Alarm It means system will issue an alarm message via Syslog SMTP alarm message v...

Page 340: ...on this page u can restart the switch on thi n rmally u can back up the switch configuration u can upgrade Dual Image lect active or backup image on this page 4 16 1 Factory witch on this page Only the IP configuratio at no restart is necessary The Factory Default screen in Figure 4 15 1 appears and clic efaults Figure 4 15 1 Factory Default Page Screenshot nd rebooted the system will load the def...

Page 341: ...age Screenshot anager his function allows backup of the current image or configuration of the LRP Managed Switch to the local management station he Backup Manager screen in Figure 4 16 3 appears 4 16 3 Backup M T T Figure 4 16 3 Backup Manager Page Screenshot he page includes the following fields T Object Description Backup Method Select backup method from this drop down list Server IP Fill in you...

Page 342: ... 4 appears 4 16 4 Upgrade Manag Figure 4 16 4 Upgrade Manager Page Screenshot The page includes the following fields Object Description Upgrade Method Select upgrade method from this drop down list Server IP Fill in your TFTP server IP address File Name The name of firmware image or configuration Select upgrade type Upgrade Type Image Select active or backup image Buttons Click to upgrade image or...

Page 343: ...ure 4 16 5 Figure 4 16 6 appear 4 16 5 Dual Image Figure 4 15 5 Dual Image Configuration Page Screenshot The page includes the following fields Object Description Active Image Select the active or backup image Buttons Click to apply active image Figure 4 16 6 Dual Image Information Page Screenshot he page includes the following fields T Object Description Flash Partition Display the current flash ...

Page 344: ...nd Forward Ethernet Switching stores the incoming frame in an internal buffer and does the complete error checking before transmission Therefore no error packets occur It is the best choice when a network needs efficiency and stability The Ethernet Switch scans the destination address from the packet header searches the routing table provided for the incoming port and forwards the packet only if r...

Page 345: ...t This is done by detecting the evices are connected Both 10BASE T and 100BASE TX devices can connect with the port in either half or full duplex mode 5 5 Auto Negotiation modes and speeds when both d If attached device is 100BASE TX port will set to 10Mbps without auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10BASE T full duplex 100Mbps without auto negotiation 100Mbps 100Mbps w...

Page 346: ...ble is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 100BASE TX port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting Switch does no...

Page 347: ...User s Manual of LRP 822CS LRP 1622CS 347 connecting a different device in place of the switch power 4 If that device works refer to the next step 5 If that device does not work check the AC ...

Page 348: ...our 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight through or crossover cable necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to ny Ethernet devices without making a crossover cable The following table and diagram show the standard RJ45 receptacle onnector and their pin assignments is A 2 10 100Mbp W is a...

Page 349: ...Orange 3 White Green 4 Blue 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 8 Brown 5 White Blue 6 Green 7 White Brown 5 White Blue 6 Green 7 White Brown Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange ge 3 White 4 5 W Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown 2 Oran Green Blue hite Blue 6 Green 7 W...

Page 350: ...EN 61000 3 2 2006 A1 2009 A2 2009 EN 61000 3 3 2008 EN 55024 2010 EN 61000 4 2 2009 EN 61000 4 3 2006 A2 2010 EN 61000 4 4 2012 EN 61000 4 5 2006 EN 61000 4 6 2009 EN 61000 4 8 2010 EN 61000 4 11 2004 EN60950 1 2006 A11 2009 A1 2010 A12 2011 A2 2013 Responsible for marking this declaration if the Manufacturer Authorized representative established within the EU Authorized representative established...

Search results

Summary of Contents for LRP-1622CS

Reviews:

Planet Networking & Communication LRP-1622CS, User Manual, Page: 216 / 350

Search results

Summary of Contents for LRP-1622CS

Reviews: