manualshive.com logo in svg

Planet Networking & Communication WGSW-24040, User Manual

Looking for a user manual for the Planet Networking & Communication WGSW-24040? Look no further! You can easily download the free user manual from our website. Get all the information you need to maximize the potential of your product and ensure a smooth networking and communication experience.

Share
Download
background image

User’s Manual of WGSW-24040 / WGSW-24040R 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

                                                                                     

 

   

                                                                                     

 

 

 

 

 

 

Summary of Contents for WGSW-24040

Page 1: ...User s Manual of WGSW 24040 WGSW 24040R 1 ...

Page 2: ...tion against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the use...

Page 3: ... 31 2 1 3 Switch Rear Panel 32 2 2 Install the Switch 33 2 2 1 Desktop Installation 33 2 2 2 Rack Mounting 34 2 2 3 Installing the SFP transceiver 36 2 2 4 Connecting DC Power Supply WGSW 24040R 38 3 SWITCH MANAGEMENT 39 3 1 Requirements 39 3 2 Management Access Overview 40 3 3 Administration Console 40 3 4 Web Management 42 3 5 SNMP Based Network Management 43 4 WEB CONFIGURATION 44 4 1 Main Web ...

Page 4: ...4 4 2 20 Factory Default 75 4 2 21 System Reboot 76 4 3 Simple Network Management Protocol 77 4 3 1 SNMP Overview 77 4 3 2 SNMP System Configuration 78 4 3 3 SNMP Trap Configuration 79 4 3 4 SNMP System Information 81 4 3 5 SNMPv3 Configuration 82 4 3 5 1 SNMPv3 Communities 82 4 3 5 2 SNMPv3 Users 83 4 3 5 3 SNMPv3 Groups 84 4 3 5 4 SNMPv3 Views 85 4 3 5 5 SNMPv3 Access 86 4 4 Port Management 88 4...

Page 5: ...te 127 4 6 11 MAC based VLAN 129 4 6 12 MAC based VLAN Status 130 4 6 13 IP Subnet based VLAN 131 4 6 14 Protocol based VLAN 132 4 6 15 Protocol based VLAN Mambership 134 4 7 Spanning Tree Protocol 136 4 7 1 Theory 136 4 7 2 STP System Configuration 142 4 7 3 Bridge Status 144 4 7 4 CIST Port Configuration 145 4 7 5 MSTI Priorities 148 4 7 6 MSTI Configuration 149 4 7 7 MSTI Ports Configuration 15...

Page 6: ...rs 186 4 9 6 Port Tag Remarking 188 4 9 6 1 QoS Egress Port Tag Remarking 189 4 9 7 Port DSCP 190 4 9 8 DSCP Based QoS 191 4 9 9 DSCP Translation 193 4 9 10 DSCP Classification 194 4 9 11 QoS Control List 195 4 9 11 1 QoS Control Entry Configuration 197 4 9 12 QoS Status 199 4 9 13 Storm Control Configuration 201 4 9 15 QoS Statistics 201 4 9 16 Voice VLAN Configuration 202 4 9 17 Voice VLAN OUI T...

Page 7: ...atus 272 4 12 7 Port Security Detail 274 4 12 8 DHCP Snooping 275 4 12 9 DHCP Snooping Statistics 276 4 12 10 IP Source Guard Configuration 277 4 12 11 IP Source Guard Static Table 279 4 12 12 ARP Inspection 280 4 12 13 ARP Inspection Static Table 281 4 13 Address Table 282 4 13 1 MAC Address Table Configuration 282 4 13 2 MAC Address Table Status 284 4 13 3 Dynamic ARP Inspection Table 285 4 13 4...

Page 8: ... 18 6 RMON Event Status 325 4 18 7 RMON History Configuration 325 4 18 8 RMON History Detail 326 4 18 9 RMON History Status 328 4 18 10 RMON Statistics Configuration 329 4 18 11 RMON Statistics Detail 330 4 18 12 RMON Statistics Status 332 5 COMMAND LINE INTERFACE 335 5 1 Accessing the CLI 335 Logon to the Console 335 Configure IP address 336 5 2 Telnet Login 337 6 Command Line Mode 339 6 1 System...

Page 9: ...6 AUTOCINFIG 351 IPv6 Setup 352 IPv6 Ping 353 IP NTP Configuration 354 IP NTP Mode 354 IP NTP Server Add 355 IP NTP Server IPv6 Add 355 IP NTP Server Delete 356 6 3 Port Management Command 357 Port Configuration 357 Port Mode 357 Port Flow Control 358 Port State 359 Port Maximum Frame 359 Port Power 360 Port Excessive 360 Port Statistics 361 Port VeriPHY 361 Port SFP 362 Port Description 362 6 4 M...

Page 10: ...orbidden Lookup 374 VLAN Lookup 374 VLAN Name Add 375 VLAN Name Delete 376 VLAN Name Lookup 376 VLAN Status 377 6 6 Private VLAN Configuration Command 378 PVLAN Configuration 378 PVLAN Add 378 PVLAN Delete 379 PVLAN Lookup 379 PVLAN Isolate 380 6 7 Security Command 381 Security Switch User Configuration 381 Security Switch User Add 381 Security Switch User Delete 382 Security Switch Privilege Leve...

Page 11: ...rap Mode 395 Security Switch SNMP Trap Version 395 Security Switch SNMP Trap Community 396 Security Switch SNMP Trap Destination 396 Security Switch SNMP Trap IPv6 Destination 397 Security Switch SNMP Trap Authentication Failure 397 Security Switch SNMP Trap Link up 398 Security Switch SNMP Trap Inform Mode 398 Security Switch SNMP Trap Inform Timeout 399 Security Switch SNMP Trap Inform Retry Tim...

Page 12: ...413 Security Switch RMON Alarm Lookup 413 Security Switch RMON Event Add 414 Security Switch RMON Event Delete 414 Security Switch RMON Event Lookup 414 Security Network Psec Switch 415 Security Network Psec Port 415 Security Network Limit Configuration 416 Security Network Limit Mode 416 Security Network Limit Aging 417 Security Network Limit Agetime 418 Security Network Limit Port 418 Security N...

Page 13: ...twork DHCP Relay Statistics 437 Security Network DHCP Snooping Configuration 437 Security Network DHCP Snooping Mode 437 Security Network DHCP Snooping Port Mode 438 Security Network DHCP Snooping Statistics 439 Security Network IP Source Guard Configuration 439 Security Network IP Source Guard Mode 440 Security Network IP Source Guard Port Mode 440 Security Network IP Source Guard Limit 441 Secur...

Page 14: ...55 STP MSTI Map 456 STP MSTI Add 456 STP Port Configuration 457 STP Port Mode 457 STP Port Edge 458 STP Port AutoEdge 458 STP Port P2P 459 STP Port RestrictedRole 459 STP Port RestrictedTcn 460 STP Port bpduGuard 460 STP Port Statistic 461 STP Port Mcheck 461 STP MSTI Port Configuration 462 STP MSTI Port Cost 462 STP MSTI Port Priority 463 6 9 Link Aggregation Command 464 Aggregation Configuration...

Page 15: ...LLDP Info 477 LLDP CDP Aware 477 6 12 LLDPMED Command 478 LLDPMED Configuration 478 LLDPMED Civic 478 LLDPMED ECS 479 LLDPMED Policy Delete 480 LLDPMED Policy Add 480 LLDPMED Port Policy 481 LLDPMED Coordinates 482 LLDPMED Datum 482 LLDPMED Fast 483 LLDPMED Info 483 6 13 Quality of Service Command 484 QoS Configuration 484 QoS Port Classification Class 484 QoS Port Classification DPL 484 QoS Port ...

Page 16: ...ication 494 QoS Port DSCP EgressRemark 495 QoS DSCP Map 495 QoS DSCP Translation 496 QoS DSCP Trust 496 QoS DSCP Classification Mode 496 QoS DSCP Classification MAP 497 QoS DSCP EgressRemap 497 QoS Port Storm Unicast 498 QoS Port Storm Multicast 498 QoS Port Storm Broadcast 499 QoS QCL Add 500 QoS QCL Delete 501 QoS QCL Lookup 501 QoS QCL Status 501 QoS QCL Refresh 502 6 14 Mirror Command 503 Mirr...

Page 17: ...e 513 MVR Status 514 MVR Groups 514 MVR SFM 514 6 19 Voice VLAN Command 516 Voice VLAN Configuration 516 Voice VLAN Mode 517 Voice VLAN ID 518 Voice VLAN Agetime 518 Voice VLAN Traffic Class 519 Voice VLAN OUI Add 519 Voice VLAN OUI Delete 520 Voice VLAN OUI Clear 520 Voice VLAN OUI Lookup 520 Voice VLAN Port Mode 521 Voice VLAN Security 521 Voice VLAN Discovery Protocol 522 6 20 Loop Protect Comm...

Page 18: ...hrottling 532 IPMC Filtering 533 IPMC Router 533 IPMC Status 533 IPMC Groups 534 IPMC Version 534 IPMC SFM 535 IPMC Parameter RV 535 IPMC Parameter QI 536 IPMC Parameter QRI 536 IPMC Parameter LLQI 537 IPMC Parameter URI 537 6 22 sFlow Command 539 sFlow Configuration 539 sFlow Receiver 539 sFlow FlowSampler 539 sFlow CounterPoller 540 sFlow Statistics Receiver 540 sFlow Statistics Samplers 541 6 2...

Page 19: ...AN Configuration 546 VCL IP based VLAN Configuration 546 VCL IP based VLAN Add 546 VCL IP based VLAN Delete 547 6 24 SMTP Command 548 SMTP Configuration 548 SMTP Mode 548 SMTP Server 548 SMTP Auth 549 SMTP Auth_user 549 SMTP Auth_pass 549 SMTP Mail From 550 SMTP Mail Subject 550 SMTP Mail to 1 550 SMTP Mail to 2 550 7 SWITCH OPERATION 552 7 1 Address Table 552 7 2 Learning 552 7 3 Forwarding Filte...

Page 20: ...User s Manual of WGSW 24040 WGSW 24040R APPENDEX B GLOSSARY 558 20 ...

Page 21: ...r damaged please contact your dealer immediately if possible retain the carton including the original packing material and use them against to repack the product in case there is a need to return it to us for repair 1 2 Product Description Cost effective IPv6 Managed Gigabit Switch solution for SMB Nowadays lots of electronic products or mobile devices can browse the Internet which means the need ...

Page 22: ...aggregation the Managed Switch allows the operation of a high speed trunk combining multiple ports up to eight groups of maximum to 8 ports for trunking and it supports fail over as well Excellent Traffic Control The Managed Switch is loaded with powerful traffic management and QoS features to enhance services offered by telecoms The functionality includes QoS features such as wire speed Layer 4 t...

Page 23: ...systems are specifically designed to handle the demands of high tech facilities requiring the highest power integrity available 1 3 How to Use This Manual This User Manual is structured as follows Section 2 INSTALLATION The section explains the functions of the Switch and how to physically install the Managed Switch Section 3 SWITCH MANAGEMENT The section contains the information about the softwar...

Page 24: ...AN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Edge PVE Protocol based VLAN MAC based VLAN Voice VLAN Support Spanning Tree Protocol STP IEEE 802 1d Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Support Link Aggregation 802 3ad Link Aggregation Control Protocol LACP Cisc...

Page 25: ...ed Access Control List ACL MAC Based Access Control List Source MAC IP address binding DHCP Snooping to filter untrusted DHCP messages Dynamic ARP Inspection discards ARP packets with invalid MAC address to IP address binding IP Source Guard prevents IP spoofing attacks IP address access management to prevent unauthorized intruder Management Switch Management Interfaces Console Telnet Command Line...

Page 26: ...ort potential cabling issues Reset button for system reboot or reset to factory default PLANET Smart Discovery Utility for deploy management Redundant Power System WGSW 24040R Only 100 240V AC 48V DC Dual power redundant Active active redundant power failure protection Backup of catastrophic power failure on one supply Fault tolerance and resilience 26 ...

Page 27: ...e 9Kbytes Reset Button 5 sec System reboot 5 sec Factory Default Dimension W x D x H 440 x 200 x 44 5 mm 1U high Weight 2740g LED Power 1000 Link Act and 10 100 Link Act for per Gigabit port 1000 Speed and Link Act for per fiber port Power Requirement 100 240V AC 50 60Hz 48V DC 0 6A Range 36 60V WGSW 24040R Only Power Consumption Max 21 0 watts 71 652BTU ESD Protection 6KV DC Layer 2 Function Basi...

Page 28: ...ier mode support MLD Snooping MLD v1 v2 Snooping up to 255 multicast Groups MLD Querier mode support Access Control List IP Based ACL MAC Based ACL Up to 256 entries SNMP MIBs RFC 1213 MIB II IF MIB RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2933 IGMP STD MIB RFC 341...

Page 29: ...ng IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 RFC 2710 MLD version 1 FRC 3810 MLD version 2 Environment Operating Temperature 0 50 Degree C Relative Humidity 20 95 non condensing Storage Temperature 20 70 Degree C Relative Humidity 20 95 non ...

Page 30: ...l The unit front panel provides a simple interface monitoring the switch Figure 2 1 Figure 2 2 show the front panel of the Managed Switches WGSW 24040 Front Panel Figure 2 1 WGSW 24040 front panel WGSW 24040R Front Panel Figure 2 2 WGSW 24040R front panel Gigabit TP interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters SFP slots 100 1000Base X mini GBIC slot SFP Small Factor Pluggab...

Page 31: ...tem setting Users can use the attached RS 232 cable in the package and connect to the console port on the device After the connection users an run any terminal emulation program Hyper Terminal ProComm Plus Telix Winterm and so on to enter the startup screen of the device 2 1 2 LED Indications The front panel LEDs indicates instant status of port links data activity and system power helps monitor a...

Page 32: ... Switches WGSW 24040 Rear Panel Figure 2 4 Rear panel of WGSW 24040 WGSW 24040R Rear Panel Figure 2 5 Rear panel of WGSW 24040R AC Power Receptacle For compatibility with electric service in most areas of the world the Managed Switch s power supply automatically adjusts to line power in the range 100 240VAC and 50 60 Hz Plug the female end of the power cord firmly into the receptalbe on the rear p...

Page 33: ... the power switch in the OFF position and the DC power is OFF 2 2 Install the Switch This section describes how to install your Managed Switch and make connections to the Managed Switch Please read the following topics and perform the procedures in the order being presented To install your Managed Switch on a desktop or shelf simply complete the following steps 2 2 1 Desktop Installation To instal...

Page 34: ... Switch requires UTP Category 5 network cabling with RJ 45 tips For more information please see the Cabling Specification in Appendix A Step5 Supply power to the Managed Switch Connect one end of the power cable to the Managed Switch Connect the power plug of the power cable to a standard wall outlet When the Managed Switch receives power the Power LED should remain solid Green 2 2 2 Rack Mounting...

Page 35: ... the brackets tightly Step4 Follow the same steps to attach the second bracket to the opposite side Step5 After the brackets are attached to the Managed Switch use suitable screws to securely attach the brackets to the rack as shown in Figure 2 9 Figure 2 9 Mounting Managed Switch in a Rack Step6 Proceeds with the steps 4 and steps 5 of session 2 2 1 Desktop Installation to connect the network cab...

Page 36: ...s MGB GT SFP Port 1000Base T Module MGB SX SFP Port 1000Base SX mini GBIC module MGB LX SFP Port 1000Base LX mini GBIC module MGB L50 SFP Port 1000Base LX mini GBIC module 50KM MGB L70 SFP Port 1000Base LX mini GBIC module 70KM MGB L120 SFP Port 1000Base LX mini GBIC module 120KM MGB LA10 SFP Port 1000Base LX WDM TX 1310nm 10KM MGB LA20 SFP Port 1000Base LX WDM TX 1310nm 20KM MGB LB20 SFP Port 100...

Page 37: ...onnector type To connect to 1000Base LX SFP transceiver use the Single mode fiber cable with one side must be male duplex LC connector type Connect the fiber cable 1 Attach the duplex LC connector on the network cable into the SFP transceiver 2 Connect the other end of the cable to a device switches with SFP installed fiber NIC on a workstation or a Media Converter 3 Check the LNK ACT LED of the S...

Page 38: ...the switch at the input terminal block 1 The size of the three screws in the terminal block is M3 5 2 The terminals are marked V V FG 3 Loosen the three screws so you can slide the DC cable beneath it Insert the DC cable into the connector first and screw it down tight 4 Connect the power cable to the DC power supply After power up or reset the Managed Switch performs a cold start procedure Figure...

Page 39: ...s Overview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations of subscribers running Windows 2000 XP 2003 Vista 7 2008 MAC OS9 or later Linux UNIX or other platform compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Serial Port connect Terminal Above PC with COM Port DB9 ...

Page 40: ... browsers Can be accessed from any location Most visually appealing Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on poor connections SNMP Agent Communicates with switch functions at the MIB level Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Securit...

Page 41: ...itch to the PC After making this connection configure the terminal emulation program to use the following parameters The default parameters are 115200 bps 8 data bits No parity 1 stop bit Figure 3 2 Terminal parameter settings You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reb...

Page 42: ...Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch Figure 3 3 Web management You can then use your Web browser to list and manage the Managed Switch configuration parameters from one central location just as if you were directly conne...

Page 43: ...thod requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only ...

Page 44: ...low Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the SGSW Managed Switch is 192 168 0 100 then the manager PC should be s...

Page 45: ...ng http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login screen Default User name admin Default Password admin After entering the username and password the main screen appears ...

Page 46: ...u access all the commands and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch 2 The changed IP address take effect immediately after click on the Save button you need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this first setup 4 Only accept com...

Page 47: ...reen Panel Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ 45 Ports SFP SFP Ports Main Menu Using the onboard web agent you can define system para...

Page 48: ...User s Manual of WGSW 24040 WGSW 24040R Figure 4 1 5 Managed Switch Main Functions Menu 48 ...

Page 49: ...CP Relay Statistics This page provides statistics for DHCP relay CPU Load This page displays the CPU load using a SVG graph System Log The switch system log information is provided here Detailed Log The switch system detailed log information is provided here Remote Syslog Configure remote syslog on this page SMTP Configuration Configuration SMTP parameters on this page Web Firmware Upgrade This pa...

Page 50: ... System Information System Contact Name The system name configured in Configuration System Information System Name Location The system location configured in Configuration System Information System Location MAC Address The MAC Address of this switch Power Status Indicate AC DC power supply input of this switch Temperature Indicate main chipset temperature System Date The current GMT system time an...

Page 51: ...show the active IP configuration Object Description DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Provide...

Page 52: ...4 2 3 appears Figure 4 2 3 IPv6 Configuration page screenshot The page includes the following fields Object Description Auto Configuration Enable IPv6 auto configuration by checking this box If fails the configured IPv6 address is zero The router may delay responding to a router solicitation for a few seconds the total time needed to complete auto configuration can be significantly longer Address ...

Page 53: ...olon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values Click to...

Page 54: ...5 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Buttons Click to add a new user Add Edit User This page configures a user add edit or delete user Figure 4 2 5 Add Edit User Configuration page screenshot The page includes the following fields Object Description Username A string iden...

Page 55: ...eviously saved values Click to undo any changes made locally and return to the Users Delete the current user This button is not available for new configurations Add new user Once the new user is added the new user entry shown in the Users Configuration page Figure 4 2 6 User Configuration page screenshot After change the default password if you forget the password Please press the Reset button in ...

Page 56: ...ge includes the following fields Object Description Group Name The name identifying the privilege group In most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contains more than one The following description defines these privilege level groups in details 56 ...

Page 57: ...aintenance Debug Only present in CLI Privilege Level Every privilege level group has an authorization level for the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 6 NTP C...

Page 58: ...cimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Buttons Click to save changes Click to undo any changes made locally and revert to previously ...

Page 59: ...rried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done at less t...

Page 60: ...can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definit...

Page 61: ...erver when they are not on the same subnet domain Relay Information Mode Indicates the DHCP relay information mode option operation Possible modes are Enabled Enable DHCP relay information mode operation When enable DHCP relay information mode operation the agent insert specific information option82 into a DHCP message when forwarding to DHCP server and remove it from a DHCP message when transferr...

Page 62: ...r The packets number that relayed from client to server Transmit Error The packets number that errors sending packets to clients Receive from Server The packets number that received packets from server Receive Missing Agent Option The packets number that received packets without agent information options Receive Missing Circuit ID The packets number that received packets which the Circuit ID optio...

Page 63: ...ion Drop Agent Option The packets number that dropped received packets with relay agent information option Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clear all statistics 4 2 10 CPU Load This page displays the CPU load using a SVG graph The load is measured as averaged over the last 100ms 1sec...

Page 64: ...e automatically Automatic refresh occurs every 3 seconds If your browser can not displies anythings in this page please download Adobe SVG tool and install it in your computer 4 2 11 System Log The switch system log information is provided here The System Log screen in Figure 4 2 14 appears Figure 4 2 14 System Log page screenshot 64 ...

Page 65: ...ime of the system log entry Message The message of the system log entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Updates the system log entries starting from the current entry ID Flushes the selected log entries Hides the selected log entries Downloads the selected log entries Updates the system log entries starting from the fir...

Page 66: ...ent entry ID Updates the system log entry to the current entry ID Updates the system log entry to the first available entry ID Updates the system log entry to the previous available entry ID Updates the system log entry to the next available entry ID Updates the system log entry to the last available entry ID Print the system log entry to the current entry ID 4 2 13 Remote Syslog Configure remote ...

Page 67: ... always send out even if the syslog server does not exist Possible modes are Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation Syslog Server IP Indicates the IPv4 host address of syslog server If the switch provide DNS feature it also can be a host name Syslog Level Indicates what kind of message will send to syslog server Possible modes are Info Send inform...

Page 68: ...cation is required when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type the sender s E mail address This address is used for reply e mails E mail Subject Type the subject title of the e mail E mail 1 To E mail 2 To Type the receive...

Page 69: ...age the system would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file upload status 5 Once the software be loaded to the system successfully The following screen appears The system will load the new software after reboot Figure 4 2 19 Software successfully loaded notice screen DO NOT Power OFF the Managed Switch ...

Page 70: ...elds Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmware DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without press the OK button after the image be loaded Or the system won t apply the new firmware User ha...

Page 71: ...configuration Group tags port_table vlan_table etc These tags identify a group of parameters typically a table Parameter tags mode entry etc These tags identify parameters for the specific section module and group The entry tag is used for table entries Configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including synt...

Page 72: ...ile Download screen 2 Chose the file save path in management workstation Figure 4 2 23 File save screen 4 2 18 Configuration Upload This function allows backup and reload the current configuration of the Managed Switch to the local management station The 72 ...

Page 73: ...hot Configuration Upload 1 Click the button of the main page the system would pop up the file selection menu to choose saved configuration Figure 4 2 25 Windows file selection menu popup 2 Select on the configuration file then click the bottom of the browser shows the upload status 3 After down the main screen appears Transfer Completed 73 ...

Page 74: ...ge is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 3 The firmware version and date information may be empty for older firmware releases This does not constitute an error Figure 4 2 26 Software Image Selection page screenshot The page includes the following field...

Page 75: ...ssary The Factory Default screen in Figure 4 2 27 appears Figure 4 2 27 Factory Default page screenshot Buttons Click to reset the configuration to Factory Defaults Click to return to the Port State page without resetting the configuration To reset the Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel about 10 seconds After the device be ...

Page 76: ...the System Reboot screen in Figure 4 2 28 appears Figure 4 2 28 System Reboot page screenshot Buttons Click to reboot the system Click to return to the Port State page without reboot the system You can also check the SYS LED at the front panel to identify the System is load completely or not If the SYS LED is blinking then it is in the firmware load stage if the SYS LED light on you can use the WE...

Page 77: ...ction of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol SNMP Operations SNMP itself is a simple request response protocol NMSs can...

Page 78: ...bled Disable SNMP mode operation Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 Read Community Indicates the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 1...

Page 79: ...Pv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users 4 3 3 SNMP Trap Configuration Configure SNMP trap on this page The SNMP Trap Configuration screen in Figure 4 3 2 appears Figure 4 3 2 SNMP Trap Configuration page screenshot The page includes the following f...

Page 80: ...ty is permitted to generate authentication failure traps Possible modes are Enabled Enable SNMP trap authentication failure Disabled Disable SNMP trap authentication failure Trap Link up and Link down Indicates the SNMP trap link up and link down mode operation Possible modes are Enabled Enable SNMP trap link up and link down mode operation Disabled Disable SNMP trap link up and link down mode ope...

Page 81: ... includes the following fields Object Description System Contact The textual identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Name An administratively assigned name for this managed node By convention this is the node s fully ...

Page 82: ... entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of sour...

Page 83: ...serEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID equal system engine ID then it is local user otherwise it s remote user User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the...

Page 84: ... the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol DES An optional flag to indicate that this user using DES authentication protocol Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new user entry Click ...

Page 85: ...fying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new group entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 3 5 4 SNMPv3 Views Configure SNMPv3 views table on this page The entry index keys are View Name and OID Su...

Page 86: ... The allowed string content is digital number or asterisk Buttons Click to add a new view entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 3 5 5 SNMPv3 Access Configure SNMPv3 accesses table on this page The entry index keys are Group Name Security Model and Security Level The SNMPv3 Access screen in Figure 4 3 8 appears Figure 4 3 8 SNMPv3...

Page 87: ...and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Write View Name The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and the allo...

Page 88: ...ation Display SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Figure 4 4 1 Port Configuration page screenshot The page includes the following fields Object Description Port This is the logical port number for this...

Page 89: ...e determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 bytes Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after...

Page 90: ...ed in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops iscarded due to ingress or egress congestion The number of frames d Filtered The number of received frames filtered by the forwarding process Buttons Cli...

Page 91: ... error counters for receive and transmit The Port Statistics Detail screen in Figure 4 4 3 appears Figure 4 4 3 Detailed Port Statistics Port 1 page screenshot he page includes the following fields Receive Total and Transmit Total T Object Description Rx and Tx Packets f received and transmitted good and bad packets The number o Rx and Tx Octets The number of received and transmitted good and bad ...

Page 92: ...es received with CRC or alignment errors The number Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize The number of long2 frames received with valid CRC Rx Fragments The number of short 1 frames received with invalid CRC Rx Jabber The number of long2 frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process ed maximum ...

Page 93: ...Module Information screen in Figure 4 4 4 appears Figure 4 4 4 SFP Module Information for Switch page screenshot The page includes the following fields Object Description Type Display the type of current SFP module the possible types are 0Base SX 100 1000Base LX 100Base FX Speed P module the speed value or description is get nt vendors SFP modules might shows different Display the spedd of current...

Page 94: ...r port where a frame analyzer can be is and verify connection integrity 4 4 5 Port Mirror ort Mirroring on this page This function o keep close track of switc attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analys Figure 4 4 5 Port Mirror appl...

Page 95: ...led disables mirroring Port The logical port for the settings contained in the same row Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transmitted or frames received are mirrored Mode En...

Page 96: ... mirror port Because of this y transmitted once It is therefore not possible to mirror Tx frames on mode for the selected mirror port is limited to Disabled or Rx only Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 96 ...

Page 97: ... can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supports the following Aggregation links Static LAGs Por...

Page 98: ...o added or deleted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole Enable the link aggregation prior to connecting any cable between the switches to avoid creating a data loop Disconnect all link aggregation port cables or disable the link aggregation ports before removing a port link aggregation to avoid creating a data loop It allows a maximum of ...

Page 99: ...Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the fr...

Page 100: ...ion By default no ports belong to any aggregation group Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 5 2 LACP Configuration Link Aggregation Control Protocol LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device LACP allows switches connected to each other to discover automatically whether a...

Page 101: ...e same partner LACP can form max 12 LLAGs per switch and 2G LAGs per stack Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cann...

Page 102: ...s made locally and revert to previously saved values 4 5 3 LACP System Status This page provides a status overview for all LACP instances The LACP Status page display the current LACP aggregation Groups and LACP Port status The LACP System Status screen in Figure 4 5 5 appears Figure 4 5 5 LACP System Status page screenshot The page includes the following fields Object Description Aggr ID The Aggr...

Page 103: ...e screenshot The page includes the following fields Object Description Port The switch port number LACP Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ...

Page 104: ...matic refresh occurs every 3 seconds 4 5 5 LACP Port Statistics This page provides an overview for LACP statistics for all ports The LACP Port Statistics screen in Figure 4 5 7 appears Figure 4 5 7 LACP Statistics page screenshot The page includes the following fields Object Description Port The switch port number LACP Received Shows how many LACP frames have been sent from each port LACP Transmit...

Page 105: ... 24040R Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for all ports 105 ...

Page 106: ...iquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unaware 3 The Switch s default is to assign all ports ...

Page 107: ...e traffic must pass through a configured Layer 3 link to reach a different VLAN This Managed Switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging IEEE 802 1Q Standard IEEE 80...

Page 108: ...d by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bits 12 bits TPID Tag Protocol Identifier TCI Ta...

Page 109: ...em Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Default VLANs The Sw...

Page 110: ...are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are forwarded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets 4 6 3 VLAN Basic Information The VLAN Basic Informat...

Page 111: ... those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compliant devices on the network to make packet forwarding decisions Untagged Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into those ports If the packet doesn t have an ...

Page 112: ...an therefore be used in MAN applications as a provider bridge aggregating traffic from numerous independent customer LANs into the MAN Metro Access Network space One of the purposes of the provider bridge is to recognize and use VLAN tags so that the VLANs in the MAN space can be used independent of the customers VLANs This is accomplished by adding a VLAN tag with a MAN related VID for frames ent...

Page 113: ...s same as the VLAN ID that the port belong to VLAN group or the untagged traffic will be dropped Ingress Filtering Enable ingress filtering for a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded By default ingress filtering is disabled no checkmark ...

Page 114: ... Customer Port Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network Set Out layer VLAN tag ether type The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel access port 802 1Q Tag 8100 vMAN Tag 88A8 Default 802 1Q Tag The port must be a member of the same VLAN a...

Page 115: ...d to the new entries Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box as To include a port in a forbidden port list check the box as shown To remove or exclude the port from the VLAN make sure the box is unchecked as shown By default no ports are members and for every new VLAN entry all boxes are unchecked Adding a New VLAN Cli...

Page 116: ...lds Object Description VLAN User A VLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID UVID Currently we support following VLAN CLI Web SNMP This are reffered as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Serv...

Page 117: ...t VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users are selected it shall show this information for all the VLAN Users and this is by default VLAN membership allows the frames classified to the VLAN ID to be forwarded on the respective VLAN member ports Buttons Select VLAN Users from this drop down list Auto refresh Che...

Page 118: ...e tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded Frame Type Shows whether the port accepts all frames or only t...

Page 119: ...membership configurations for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each Private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be able ...

Page 120: ...lick OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The Private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new Private VLANs Buttons Click to add new VLAN Click to save changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page a...

Page 121: ...e VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN table T...

Page 122: ...lly and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 4 6 10 VLAN setting example Separate VLAN 802 1Q VLAN Trunk Port Isolate 4 6 10 1 Two separate 802 1Q VLAN The diagram shows how the Managed Switch handle Tagged and Untagged traffic flow for two VLANs VLAN Group 2 an...

Page 123: ...will tag it with a VLAN Tag 2 PC 2 and PC 3 will received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away it tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep as a tagged packet with VLAN Tag 2 Tagged packet entering VLAN 2 5 While PC 3 transmit a tagged packet with VLAN Tag 2 enters ...

Page 124: ...oup Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 10 3 Remove VLAN Member for VLAN 1 Remember to remove the Port 1 Port 6 from VLAN 1 membership since the Port 1 Port 6 had be assigned to VLAN 2 an...

Page 125: ...pe Port 3 VLAN 2 and Port 6 VLAN 3 The Per Port VLAN configuration in Figure 4 6 10 appears Figure 4 6 10 Port 1 Port 6 VLAN Configuration 4 6 10 2 VLAN Trunking between two 802 1Q aware switch The most cases are used for Uplink to other switches VLANs are separated at different switches but they need to access with other switches within the same VLAN group The screen in Figure 4 6 11 appears 125 ...

Page 126: ...two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 10 About the VLAN ports connect to the hosts please refer to 4 6 10 1 examples The following steps will focus on the VLAN Trunk 126 ...

Page 127: ...guration as the following screen in Figure 4 6 13 Figure 4 6 13 The configuration of VLAN Trunk port That is although the VLAN 2 members Port 1 to Port 3 and VLAN 3 members Port 4 to Port 6 also belongs to VLAN 1 But with different PVID settings packets form VLAN 2 or VLAN 3 is not able to access to the other VLAN 6 Repeat Step 1 to 5 setup the VLAN Trunk port at the partner switch and add more VL...

Page 128: ...Port 4 in Isolate port Set Port5 and Port 6 in Promiscuous port The screen in Figure 4 6 15 appears Figure 4 6 15 The configuration of Isolate and Promiscuous port 2 Assign VLAN Member VLAN 1 Port 1 Port 2 Port 5 and Port 3 VLAN 2 Port 3 Port 6 The screen in Figure 4 6 16 appears 128 ...

Page 129: ... and press save The entry will be deleted in the stack MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members A row of check boxes for each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are...

Page 130: ...cally Automatic refresh occurs every 3 seconds Click to refresh the page immediately Updates the table starting from the first entry in the MAC based VLAN Table Updates the table starting with the entry after the last entry currently displayed 4 6 12 MAC based VLAN Status This page shows MAC based VLAN entries configured by various MAC based VLAN users The MAC based VLAN Status screen in Figure 4 ...

Page 131: ...es the index of the entry It is user configurable It s value ranges from 0 256 If a VCE ID is 0 application will auto generate the VCE ID for that entry Deletion and lookup of IP subnet based VLAN are based on VCE ID IP Address Indicates the IP address Mask Length Indicates the network mask length VLAN ID Indicates the VLAN ID VLAN ID can be changed for the existing entries Port Members A row of c...

Page 132: ...refresh the page immediately 4 6 14 Protocol based VLAN This page allows you to add new protocols to Group Name unique for each Group mapping entries as well as allow you to see and delete already mapped entries for the switch The Protocol based VLAN screen in Figure 4 6 20 appears Figure 4 6 20 Protocol to Group Mapping Table page screenshot The page includes the following fields Object Descripti...

Page 133: ...g on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to 0xffff Group Name A valid Group Name is a...

Page 134: ...e you try map to a VLAN must be present in Protocol to Group mapping table and must not be preused by any other existing mapping entry on this page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or...

Page 135: ...SW 24040R Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 135 ...

Page 136: ...ilure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the performance of the network if the Spanning Tree is ...

Page 137: ...at has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transitioned directly from a Blocking state to a Forwarding state could create temporary data loops Ports must wait for new network topology information to propagate throughout the n...

Page 138: ...til the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels On t...

Page 139: ...ded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Default Value Port Priority A relative priority for ea...

Page 140: ...hen setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _ 2 x Hello Time 1 second Port Priority A Port Priority can be from 0 to 240 The lower the number the greater the probability the port will be chosen as the Root Port Port Cost A Port Cost can be set from 0 to 200000000 The lower the number the greater the probability the port will be chosen to forward packets 3 Illustra...

Page 141: ...User s Manual of WGSW 24040 WGSW 24040R Figure 4 7 5 Before Applying the STA Rules In this example only the default STP values are used Figure 4 7 6 After Applying the STA Rules 141 ...

Page 142: ... STP system settings The settings are used by all STP Bridge instances in the Switch or switch Stack The Managed Switch support the following Spanning Tree protocols Compatiable Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree conver...

Page 143: ...40 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 6 to 40 hops Transmit Hold Count The number of ...

Page 144: ... revert to previously saved values 4 7 3 Bridge Status This page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance where the column displays the following information The Bridge Status screen in Figure 4 7 8 appears Figure 4 7 8 STP Bridge Status page screenshot The page includes the following fields Object Description MSTI The ...

Page 145: ...ogy Change occurred Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 4 7 4 CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations and possibly change them as well The CIST Port Configuration screen in Figure 4 7 9 appears 145 ...

Page 146: ...ceived on the port or not Restricted Role If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a cor...

Page 147: ...n below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Table 4 7 1 Recommended STP Pat...

Page 148: ...e 4 7 10 appears Figure 4 7 10 MSTI Priority page screenshot The page includes the following fields Object Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridg...

Page 149: ...inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Configuration screen in Figure 4 7 11 appears Figure 4 7 11 MSTI Configuration page screenshot The page includes the following fields Configuration Identification Object Description 149 ...

Page 150: ...nly be mapped to one MSTI A unused MSTI should just be left empty I e not having any VLANs mapped to it Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 7 MSTI Ports Configuration This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instanti...

Page 151: ...nfiguration Object Description Select MSTI Select the bridge instance and set more detail configuration Figure 4 7 13 MST1 MSTI Port Configuration page screenshot The page includes the following fields MSTx MSTI Port Configuration Object Description 151 ...

Page 152: ...he network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost Buttons Click to set MSTx configuration Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 8 Po...

Page 153: ...lowing values Disabled Learning Forwarding Uptime The time since the bridge port was last initialized Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 4 7 9 Port Statistics This page displays the STP port statistics counters for port physical ports in the currently selected switch The STP Port Stati...

Page 154: ...TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automa...

Page 155: ...uters that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of...

Page 156: ...User s Manual of WGSW 24040 WGSW 24040R Figure 4 8 2 Multicast flooding Figure 4 8 3 IGMP Snooping multicast stream control 156 ...

Page 157: ...P packets enable multicast routers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to...

Page 158: ...itch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support...

Page 159: ...flooding The flooding control takes effect only when IGMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting IGMP SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Leave Proxy Enable Enable IGMP Leave Proxy This feature can ...

Page 160: ...tch will not keep any record of an IGMP router being connected to this port Use this mode when you connect other IGMP multicast servers directly on the non querier Managed Switch and don t want the multicast stream be flood to uplink switch throught the port that connected to the IGMP querier Fast Leave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to w...

Page 161: ...lue is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds QRI Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is...

Page 162: ...ted or denied on the port An IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dr...

Page 163: ...nd Filtering Group of the new entry Click Save Buttons Click to add a new entry to the Group Filtering table Click to save changes Click to undo any changes made locally and revert to previously saved values 4 8 5 IGMP Snooping Status This page provides IGMP Snooping status The IGMP Snooping Status screen in Figure 4 8 8 appears Figure 4 8 8 IGMP Snooping Status page screenshot The page includes t...

Page 164: ...port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicate whether specific port is a router port or not Buttons Click to refresh the page immediately Clears all Statistics counters Auto refresh Automatic refresh occurs every 3 seconds 4 8 6 ...

Page 165: ...ntly displayed 4 8 7 IGMPv3 Information Entries in the IGMP SSM Information Table are shown on this page The IGMP SSM Information Table is sorted first by VLAN ID then by group and then by Port No Diffrent source addresses belong to the same group are treated as single entry Each page shows up to 99 entries from the IGMP SSM Source Specific Multicast Information table default being 20 selected thr...

Page 166: ...or filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 address could be handled by chip or not Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page immediately Updates the table starting with ...

Page 167: ...gistered IPMCv6 Flooding enabled Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled When MLD Snooping is disabled unregistered IPMCv6 traffic flooding is always active in spite of this setting MLD SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address r...

Page 168: ...eave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to which a switch port can belong Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 8 9 MLD Snooping VLAN Configuration Each page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When ...

Page 169: ...s of seconds default query response interval is 100 in tenths of seconds 10 seconds LLQI Last Listener Query Interval The Last Listener Query Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages It is also the Maximum Response Delay used to calculate the Max...

Page 170: ... the MLD join report is dropped MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join reports will be dropped If the action is set to replace the switch randomly removes an existing group and repl...

Page 171: ...ing fields Object Description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Querier Transmitted The number of Transmitted Querier Querier Received The number of Received Querier V1 Reports Rece...

Page 172: ...o refresh the page immediately Clears all Statistics counters Auto refresh Automatic refresh occurs every 3 seconds 4 8 12 MLD Group Information Entries in the MLD Group Table are shown on this page The MLD Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the MLD Group table default being 20 selected through the entries per page input field When first ...

Page 173: ... information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry Each page shows up to 99 entries from the MLD SFM Information table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MLD SFM Inform...

Page 174: ... the table starting with the entry after the last entry currently displayed 4 8 14 MVR The MVR feature enables multicast traffic forwarding on the Multicast VLANs In a multicast television application a PC or a network television or a set top box can receive the multicast stream Multiple set top boxes or PCs can be connected to one subscriber port which is a switch port configured as an MVR receiv...

Page 175: ...screenshot The page includes the following fields Object Description MVR Mode Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group 175 ...

Page 176: ...ized manner The default Priority is 0 LLQI Define the maximun time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership The value is in units of tenths of a seconds The range is from 0 to 31744 The default LLQI is 5 tenths or one half second Interface Channel Setting When the MVR VLAN is created click the Edit symbol to expand the corr...

Page 177: ...igure 4 8 18 MVR Status page screenshot The page includes the following fields Object Description VLAN ID The Multicast VLAN ID IGMP MLD Queries Received The number of Received Queries for IGMP and MLD respectively IGMP MLD Queries Transmitted The number of Transmitted Queries for IGMP and MLD respectively IGMPv1 Joins Received The number of Received IGMPv1 Joins IGMPv2 MLDv1 Reports Received The ...

Page 178: ...ill show the first 20 entries from the beginning of the MVR Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MVR Group Table The MVR Groups Information screen in Figure 4 8 19 appears Figure 4 8 19 MVR Groups Information page screenshot The page includes the following fields Object Description VLAN VLAN ID of the group Groups Group ID of the...

Page 179: ...ng of the MVR SFM Information Table The Start from VLAN and Group Address input fields allow the user to select the starting point in the MVR SFM Information Table The MVR SFM Information screen in Figure 4 8 20 appears Figure 4 8 20 MVR SFM Information page screenshot The page includes the following fields Object Description VLAN ID VLAN ID of the group Group Group address of the group displayed ...

Page 180: ...24040R Refreshes the displayed table starting from the input fields Updates the table starting from the first entry in the MVR SFM Information Table Updates the table starting with the entry after the last entry currently displayed 180 ...

Page 181: ...lassifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP header that are encoded by certain applica...

Page 182: ...e configuration below applies Enable Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flo...

Page 183: ...on settings for all switch ports The Port Classification screen in Figure 4 9 2 appears Figure 4 9 2 QoS Ingress Port Classification page screenshot The page includes the following fields Object Description Port The port number for which the configuration below applies QoS Class Controls the default QoS class i e the QoS class for frames not classified in any other way There is a one to one mappin...

Page 184: ...or untagged frames Tag Class Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode in order to configure the mode and or mapping DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification Buttons Click to save changes Click to undo any chang...

Page 185: ...ttings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1 Mode Shows the scheduling mode for this port Q0 Q5 Shows the weight for this queue and port 4 9 5 Port Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports The Port Shapping screen in Figure 4 9 5 appears 185 ...

Page 186: ... on the port number in order to configure the shapers For more detail please refer to chapter 4 9 5 1 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps 4 9 5 1 QoS Egress Port Schedule and Shapers The Port Scheduler and Shapers for a specific port are configured on this page The QoS Egress Port Schedule and Shaper sscreen in F...

Page 187: ...ed to 1 3300 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth Queue Scheduler Weight Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is se...

Page 188: ...sly saved values Click to undo any changes made locally and return to the previous page 4 9 6 Port Tag Remarking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports The Port Tag Remarking screen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarking page screenshot The page includes the following fields Object Description Port The logical port for the s...

Page 189: ...ode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default DP level Configuration Controls the Drop Precedence level translation table when the mode is set to Mapped The purpose of this table is to reduce the 2 bi...

Page 190: ...ort DSCP screen in Figure 4 9 9 appears Figure 4 9 9 QoS Port DSCP Configuration page screenshot The page includes the following fields Object Description Port The Port coulmn shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration...

Page 191: ...emap DP Unaware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation Egress Remap DP0 ta...

Page 192: ...cludes the following fields Object Description DSCP Maximum number of support ed DSCP values are 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame 192 ...

Page 193: ... Click to undo any changes made locally and revert to previously saved values 4 9 9 DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches DSCP translation can be done in Ingress or Egress The DSCP Translation screen in Figure 4 9 11 appears Figure 4 9 11 DSCP Translation page screenshot 193 ...

Page 194: ...assify Translate DSCP at Ingress side can be translated to any of 0 63 DSCP values Classify Click to enable Classification at Ingress side Egress There is following configurable parameter for Egress side Remap Remap Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Buttons Click to save changes Click to undo any changes made locally and revert to prev...

Page 195: ...0 63 from DSCP menu to map DSCP to corresponding QoS Class and DPL value Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 11 QoS Control List This page shows the QoS Control List QCL which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add...

Page 196: ...dress i e first three octet byte of MAC address DMAC Specify the type of Destination MAC addresses for incoming frame Possible values are Any All types of Destination MAC addresses are allowed Unicast Only Unicast MAC addresses are allowed Multicast Only Multicast MAC addresses are allowed Broadcast Only Broadcast MAC addresses are allowedd The default value is Any VID Indicates VLAN ID either a s...

Page 197: ...es the QCE up the list Moves the QCE down the list Deletes the QCE The lowest plus sign adds a new entry at the bottom of the list of QCL 4 9 11 1 QoS Control Entry Configuration The QCE Configuration screen in Figure 4 9 14 appears Figure 4 9 14 QCE Configuration page screenshot The page includes the following fields Object Description Port Members Check the checkbox button in case you what to ma...

Page 198: ...FFFF or Any but excluding 0x800 IPv4 and 0x86DD IPv6 default value is Any LLC SSAP Address Valid SSAP Source Service Access Point can vary from 0x00 to 0xFF or Any the default value is Any DSAP Address Valid DSAP Destination Service Access Point can vary from 0x00 to 0xFF or Any the default value is Any Control Address Valid Control Address can vary from 0x00 to 0xFF or Any the default value is An...

Page 199: ... or Any specific or port range applicable for IP protocol UDP TCP Action Parameters Class QoS class 0 7 or Default DP Valid Drop Precedence Level can be 0 3 or Default DSCP Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE Buttons Click to save the configuration and move to main QCL page Click to undo any ...

Page 200: ...L and DSCP Class Classified QoS class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple ap...

Page 201: ... 4 9 16 Storm Control Configuration page screenshot The page includes the following fields Object Description Frame Type The settings in a particular row apply to the frame type listed here Unicast Multicast or Broadcast Enable Enable or disable the storm control status for the given frame type Rate The rate unit is packets per second pps Valid values are 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 1...

Page 202: ...tely Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 9 1 Voice VLAN Configuration The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP de...

Page 203: ...cription Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode operation VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and 203 ...

Page 204: ...ocked 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice VLAN security mode operation Port Discovery Protocol Indicates the Voice VLAN port discovery protocol It will only work when auto detect mode is enabled We should enable LLDP feature before configuring discovery protocol to LLDP or Both Changing the discovery protocol to OUI or LLDP wi...

Page 205: ...address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which vendor telephony device it belongs to The allowed string length is 0 to 32 Buttons Click to add a new access management entry Click to save changes Click to undo any changes...

Page 206: ...rmission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if...

Page 207: ...e allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled CPU Forward packet that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU Counter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE i...

Page 208: ... frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is d...

Page 209: ...tomatic refresh occurs every 3 seconds Click to refresh the page any changes made locally will be undone Click to clear the counters Click to remove all ACEs 4 10 3 ACE Configuration Configure an ACE Access Control Entry on this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the ...

Page 210: ...ield for entering an policy value and bitmask appears Policy Value When Specific is selected for the policy filter you can enter a specific policy value The allowed range is 0 to 255 Policy Bitmask When Specific is selected for the policy filter you can enter a specific policy bitmask The allowed range is 0x0 to 0xff Frame Type Select the frame type for this ACE These frame types are mutually excl...

Page 211: ...ot mirrored The default value is Disabled Logging Specify the logging operation of the ACE The allowed values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of the ACE The allowed values are Enabled If a frame matche...

Page 212: ...LAN ID filter status is don t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value Tag Priority Specify the tag priority for this ACE A fr...

Page 213: ...work Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear Target IP Address When Host or Network is selected for the target IP filter you can enter a specific target IP address in dotted decimal notation Target IP Mask When Network is selected for the target IP filter you can enter a specific target IP ma...

Page 214: ...r IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear These fields are explained later in this help file UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear These fields are explained later in this help file TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fiel...

Page 215: ... for the source IP filter you can enter a specific SIP mask in dotted decimal notation DIP Filter Specify the destination IP filter for this ACE Any No destination IP filter is specified Destination IP filter is don t care Host Destination IP filter is set to Host Specify the destination IP address in the DIP Address field that appears Network Destination IP filter is set to Network Specify the de...

Page 216: ...value A field for entering a TCP UDP source value appears TCP UDP Source No When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The...

Page 217: ...ction PSH value for this ACE 0 TCP frames where the PSH field is set must not be able to match this entry 1 TCP frames where the PSH field is set must be able to match this entry Any Any value is allowed don t care TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE 0 TCP frames where the ACK field is set must not be able to match this entry 1 TCP frames where the ACK f...

Page 218: ...rt to previously saved values Return to the previous page 4 10 4 ACL Ports Configuration Configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE The ACL Ports Configuration screen in Figure 4 10 4 appears Figure 4 10 4 ACL Ports Configuration page screenshot The page includes the following fields Object Des...

Page 219: ...lt value is Disabled Logging Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enab...

Page 220: ...n in Figure 4 10 5 appears Figure 4 10 5 ACL Rate Limiter Configuration page screenshot The page includes the following fields Object Description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Unit Specify the rate unit The allowed values are pps packets per second kbps Kbits per second 22...

Page 221: ...User s Manual of WGSW 24040 WGSW 24040R Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 221 ...

Page 222: ...entication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the indu...

Page 223: ...ware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restricts u...

Page 224: ... supported authentication server it is available in Cisco Secure Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device controls the physical access to the network based on the authentication status of the client The switch acts as an intermediar...

Page 225: ...ng bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three at...

Page 226: ... Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized and all frames from the authenticated client are allowed through the port If the authentication fails the port remains in the unauthorized state but authen...

Page 227: ...you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS ...

Page 228: ...R Figure 4 11 4 Network Access Server Configuration page screenshot The page includes the following fields System Configuration Object Description Mode Indicates if NAS is globally enabled or disabled on the switch If globally disabled 228 ...

Page 229: ...s Aging Period This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within...

Page 230: ...signed VLAN Enabled RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming traffic will be classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature The RADIUS Assigned VLAN Enabled checkbox provides...

Page 231: ...me has been received on the port for the life time of the port The value can only be changed if the Guest VLAN option is globally enabled Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description Port The port number for which the configuration below applies Admin State If NAS is globally enabled this selection c...

Page 232: ... AAA configuration page and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server h...

Page 233: ...n exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC bas...

Page 234: ...essfully authenticated If present and valid traffic received on the supplicant s port will be classified to the given QoS Class If re authentication fails or the RADIUS Access Accept packet no longer carries a QoS Class or it s invalid or the supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the admi...

Page 235: ...580 form the basis for the attributes used in identifying a VLAN ID in an Access Accept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for the first set of these attributes that have the same Tag value and fulfil the following requirements if Tag 0 is use...

Page 236: ...s on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back int...

Page 237: ...of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Buttons Click to refresh the page Click to save changes Click to undo any changes made locally and revert to previously saved values 4 11 4 Network Access Overview This page provides an overview of the current NAS port states for the se...

Page 238: ...me from a new client for MAC based authentication QoS Class QoS Class assigned to the port by the RADIUS server if enabled Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to t...

Page 239: ...US server The field is blank if no QoS class is assigned Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Gue...

Page 240: ...sRx The number of EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoffFr amesRx The number of valid EAPOL Logoff frames that have been received by the switch Rx Invalid Type dot1xAuthInvalidEapolF ramesRx The number of EAPOL frames that have been received by the switch in which the frame type is not recognized Rx Invalid Length dot1xAuthEapLengthErr orFramesRx Th...

Page 241: ...ackendAcce ssChallenges 802 1X based Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Backend Server Counters...

Page 242: ... receives a failure message This indicates that the supplicant client has not authenticated to the backend server Tx Responses dot1xAuthBackendResp onses 802 1X based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC ...

Page 243: ...ed The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable Last Supplicant Client Info Identity 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable Selected Counters Object Description Selected Counters The Selected Counters table is visible when the port is one of...

Page 244: ...or unauthenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason the client will remain in the unauthenticated state for Hold Time seconds Last Authentication Shows the date an...

Page 245: ...y selected client s counters 4 11 6 Authentication Server Configuration This page allows you to configure the Authentication Servers The Authentication Server Configuration screen in Figure 4 11 7 appears Figure 4 11 7 Authentication Server Configuration page screenshot 245 ...

Page 246: ... is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured RADIUS Authentication Server Conf...

Page 247: ...etween the RADIUS Accounting Server and the switch TACACS Authentication Server Configuration The table has one row for each TACACS Authentication Server and a number of columns which are Object Description The TACACS Authentication Server number for which the configuration below applies Enabled Enable the TACACS Authentication Server by checking this box IP Address Hostname The IP address or host...

Page 248: ... address and UDP port number in IP Address UDP Port notation of this server State The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X sec...

Page 249: ...US module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled But...

Page 250: ... in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for Object Description RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Packet Counters Rx Access Accepts radiusAuthClientExtA ccessAccepts The number of RADIUS Access Accept packets valid ...

Page 251: ...packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAuthClientExtB adAuthenticators The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server Rx Unknown Types radiusAuthClientExtU nknownTypes ...

Page 252: ...esponse This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Tx Timeouts radiusAuthClientExtT imeouts The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted...

Page 253: ...ndTripTim e The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Servers The statistics map closely to those specified in...

Page 254: ...RADIUS packets that were received from the server on the accounting port and dropped for some other reason Tx Requests radiusAccClientExt Requests The number of RADIUS packets sent to the server This does not include retransmissions Tx Retransmissions radiusAccClientExt Retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server Tx Pending Requests radiusAccClientExt...

Page 255: ...s not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occu...

Page 256: ...form RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed switch In this case field in the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at the Managed Switch s 802 1x system configuration 12345678 at this case 1 Configure the IP Address of remote RADIUS server an...

Page 257: ...r s Manual of WGSW 24040 WGSW 24040R Figure 4 11 11 Windows Server add new RADIUS client setting 3 Assign the client IP address to the Managed switch Figure 4 11 12 Windows Server RADIUS Server setting 257 ...

Page 258: ...re 4 11 13 Windows Server RADIUS Server setting 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration Figure 4 11 14 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then 258 ...

Page 259: ...040 WGSW 24040R Figure 4 11 15 Windows 2003 AD server setting path 7 Enter Active Directory Users and Computers create legal user data the next right click a user what you created to enter properties and what to be noticed 259 ...

Page 260: ... 11 17 Add User Properties screen Set the Ports Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is a uplink port that is connected to another switch Or once the 802 1X stat to work the switch might not be able to access the RADIUS server 260 ...

Page 261: ...ess client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go to Start Control Panel double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting window Figure 4 11 18 4 Select Authentic...

Page 262: ...W 24040R Figure 4 11 19 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue Figure 4 11 20 Windows client popup login request message 262 ...

Page 263: ...User s Manual of WGSW 24040 WGSW 24040R 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 21 263 ...

Page 264: ...t settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module...

Page 265: ...uration Overview page screenshot The page includes the following fields System Configuration Object Description Mode Indicates if Limit Control is globally enabled or disabled on the switchstack If globally disabled other modules may still use the underlying functionality but 265 ...

Page 266: ... be allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration The table h...

Page 267: ...eopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The limit is not yet reached This can be s...

Page 268: ...d Disable access management mode operation Delete Check to delete the entry It will be deleted during the next save Start IP address Indicates the start IP address for the access management entry End IP address Indicates the end IP address for the access management entry HTTP HTTPS Indicates the host can access the switch from HTTP HTTPS interface that the host IP address matched the entry SNMP In...

Page 269: ...ceived packets number from the interface under access management mode is enabled Allow Packets The allowed packets number from the interface under access management mode is enabled Discard Packets The discarded packets number from the interface under access management mode is enabled Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Clic...

Page 270: ... to undo any changes made locally and revert to previously saved values 4 12 5 SSH Configure SSH on this page This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from ...

Page 271: ...wing fields Object Description Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 271 ...

Page 272: ... whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port...

Page 273: ...e Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user mod...

Page 274: ...s VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Adding Shows the date and time when this MAC address was first seen on the port Ag...

Page 275: ...oping on this page The DHCP Snooping Configuration screen in Figure 4 12 8 appears Figure 4 12 8 DHCP Snooping Configuration screen page screenshot The page includes the following fields Object Description Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be...

Page 276: ...cally and revert to previously saved values 4 12 9 DHCP Snooping Statistics This page provides statistics for DHCP snooping The statistics only counter packet under DHCP snooping mode is enabled and relay mode is disabled And it doesn t count the DHCP packets for system DHCP client The DHCP Snooping Port Statistics screen in Figure 4 12 9 appears Figure 4 12 9 DHCP Snooping Port Statistics screen ...

Page 277: ...mitted Rx and Tx Lease Unassigned The number of lease unassigned option 53 with value 11 packets received and transmitted Rx and Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx and Tx Lease Active The number of lease active option 53 with value 13 packets received and transmitted Buttons Auto refresh Check this box to refresh the page automa...

Page 278: ... the Global IP Source Guard or disable the Global IP Source Guard All configured ACEs will be lost when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on giv...

Page 279: ...atic Table This page provides Static IP Source Guard Table The Static IP Source Guard Table screen in Figure 4 12 11 appears Figure 4 12 11 Static IP Source Guard Table screen page screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings I...

Page 280: ...ure is used to block such attacks Only valid ARP requests and responses can go through DUT This page provides ARP Inspection related configuration The ARP Inspection Configuration screen in Figure 4 12 12 appears Figure 4 12 12 ARP Inspection Configuration screen page screenshot The page includes the following fields Object Description Mode of ARP Inspection Enable the Global ARP Inspection or dis...

Page 281: ...s Static ARP Inspection Table The Static ARP Inspection Table screen in Figure 4 12 13 appears Figure 4 12 13 Static ARP Inspection Table screen page screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allowed Source MAC a...

Page 282: ...o contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time 4 13 1 MAC Address Table Configuration The MAC Add...

Page 283: ...one Secure Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static...

Page 284: ...the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refres...

Page 285: ...creen in Figure 4 13 3 appears Figure 4 13 3 Dynamic ARP Inspection Table screenshot Navigating the ARP Inspection Table Each page shows up to 99 entries from the Dynamic ARP Inspection table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic ARP Inspection Table The Start from port add...

Page 286: ...after the last entry currently displayed 4 13 4 Dynamic IP Source Guard Table Entries in the Dynamic IP Source Guard Table are shown on this page The Dynamic IP Source Guard Table is sorted first by port then by VLAN ID then by IP address and then by IP mask The Dynamic IP Source Guard Table screen in Figure 4 13 4 appears Figure 4 13 4 Dynamic IP Source Guard Table screenshot Navigating the ARP I...

Page 287: ...ds Object Description Port The port number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry MAC address The MAC address of the entry IP Address The IP address of the entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refreshes the displayed table starting ...

Page 288: ...s LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details ...

Page 289: ...y information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Default 30 seconds This attribute must comply with the following rule Transmission Interval Hold Time Multiplier 65536 and Transmission Interval 4 Delay Interval Tx Hold Each LLDP frame contains information about how long the information in the LLDP fr...

Page 290: ...he shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds LLDP Port Configuration The LLDP port settings relate to the currently selected stack unit as reflected by the page header Object Description Port The switch port number of the logical LLDP port Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor un...

Page 291: ...s have CDP awareness disabled the switch forwards CDP frames received from neighbour devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded Port Descr Optional TLV When checked the port description is included in LLD...

Page 292: ...hose pieces of information which are specifically relevant to particular endpoint types for example only advertise the voice network policy to permitted voice capable devices both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start i...

Page 293: ... Devices and as such does not apply to links between LAN infrastructure elements including Network Connectivity Devices or other types of links Coordinates Location Object Description Latitude Latitude SHOULD be normalized to within 0 90 degrees with a maximum of 4 digits It is possible to specify the direction to either North of the equator or South of the equator Longitude Longitude SHOULD be no...

Page 294: ...formation Civic Address LCI Object Description Country code The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City City township shi Japan Example Copenhagen City district City division borough city district ward chou Japan Block Neighborhood Neighborhood bloc...

Page 295: ... emergency calling Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality...

Page 296: ...ervices These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling conditional for use in network topologies that require a different policy for the voice signaling than for the voice media This application type should not be advertised if all the same network policies apply as those advertised in the Voi...

Page 297: ...802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN ID VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 L2 Priority L2 Priority is the Layer 2 ...

Page 298: ...tected The LLDP MED Neighbor Information screen in Figure 4 14 3 appears The columns hold the following information Figure 4 14 3 LLDP MED Neighbor Information page screenshot The page includes the following fields Fast start repeat count Object Description Port The port on which the LLDP frame was received Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity...

Page 299: ...not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media End...

Page 300: ...se devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling for use in network topologies that require a different policy for the voice signaling than for the voice media Guest Voice to support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and o...

Page 301: ...Priority Priority is the Layer 2 priority to be used for the specified application type One of eight priority levels 0 through 7 DSCP DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 Contain one of 64 code point values 0 through 63 Auto negotiation Auto negotiation identifies if MAC PHY auto negotiation is supported ...

Page 302: ... unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address Management Address is the ...

Page 303: ...llowing fields Global Counters Object Description Neighbor entries were last changed It also shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot ...

Page 304: ...ained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type valu...

Page 305: ... copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as follow If the link is established on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer If the li...

Page 306: ... 30 seconds Be sure the target IP Address is within the same network subnet of the switch or you had setup the correct gateway IP address Buttons Click to transmit ICMP packets Click to re start diagnostics with PING 4 15 2 IPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Start 5 ICMPv6 packets are transmitted and the sequence num...

Page 307: ...nterval of the ICMP packet Values range from 0 second to 30 seconds Buttons Click to transmit ICMP packets Click to re start diagnostics with PING 4 15 3 Remote IP Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on special port After you press Test 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception...

Page 308: ...e settings Remote IP Address The destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes Result Display the ping result 4 15 4 Cable Diagnostics This page is used for running the Cable Diagnostics Press to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 308 ...

Page 309: ...ic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete The ports belong to the currently selected stack unit as reflected by the page header The VeriPHY Cable Diagnostics screen in Figure 4 15 4 appears Figure 4 15 4 VeriPHY Cable Diagnostics page screenshot The page includes the following fields Object Description Port The port where you are requ...

Page 310: ... Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable pair The resolution is 3 meters Buttons Click to run the diagnostics 310 ...

Page 311: ... function that provides loop protection to prevent broadcast loops in WGSW 24040 4 16 1 Configuration This page allows the user to inspect the current Loop Protection configurations and possibly change them as well screen in Figure 4 16 1 appears Figure 4 16 1 Loop protection configuration page screenshot 311 ...

Page 312: ... until next device restart Port Configuration Object Description Port The switch port number of the port Enable Controls whether loop protection is enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is actively generating loop protection PDU s or whet...

Page 313: ...w monitor system includes sFlow proxy central data collector and sFlow analyzer The sFlow proxy collects data from the switch using sampling technology The sFlow collector is for formatting the sample data statistic which is to be forwarded to the sFlow analyzer which will analyze the sample data and perform corresponding measure according to the result Our switch here acts as the proxy and centra...

Page 314: ...ded into two parts Configuration of the sFlow receiver a k a sFlow collector and configuration of per port flow and counter samplers sFlow configuration is not persisted to non volatile memory which means that a reboot will disable sFlow sampling screen in Figure 4 17 1 appears Figure 4 17 1 sFlow Configuration page screenshot 314 ...

Page 315: ...ppear IP Address Hostname The IP address or hostname of the sFlow receiver Both IPv4 and IPv6 addresses are supported UDP Port The UDP port on which the sFlow receiver listens to sFlow datagrams If set to 0 zero the default port 6343 is used Timeout The number of seconds remaining before sampling stops and the current sFlow owner is released While active the current time left can be updated with a...

Page 316: ...eader size samples may be dropped Counter Poller Enabled Enables disables counter polling on this port Counter Poller Interval With counter polling enabled this specifies the interval in seconds between counter poller samples Buttons See description under Owner Click to refresh the page Note that unsaved changes will be lost Click to save changes Note that sFlow configuration is not persisted to n...

Page 317: ...is field shows the current owner of the sFlow configuration It assumes one of three values as follows If sFlow is currently unconfigured unclaimed Owner contains none If sFlow is currently configured through Web or CLI Owner contains Configured through local management If sFlow is currently configured through SNMP Owner contains a string identifying the sFlow receiver 317 ...

Page 318: ...tal number of counter samples sent to the sFlow receiver Port Statistics Object Description Port The port number for which the following statistics applies Rx and Tx Flow Samples The number of flow samples sent to the sFlow receiver originating from this port Here flow samples are divided into Rx and Tx flow samples where Rx flow samples contains the number of packets that were sampled upon recept...

Page 319: ...generated by RMON Agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 18 1 RMON Alarm Configuration Configure RMON Alarm table on this page The entry index key is ID s...

Page 320: ...OutErrors The The number of outbound packets that could not be transmitted because of errors OutQLen The length of the output packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the sample directly Delta Calculate the difference between samples default Value The value...

Page 321: ...ect Description Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds Value The value of the statistic during the last sampling period Startup Alarm The alarm that may be se...

Page 322: ...ll show the first 20 entries from the beginning of the Alarm table The first displayed will be the one with the lowest ID found in the Alarm table screen in Figure 4 18 3 appears Figure 4 18 3 Port Statistics Overview page screenshot The page includes the following fields Object Description ID Indicates the index of Alarm control entry Interval Indicates the interval in seconds for sampling and co...

Page 323: ...creen in Figure 4 18 4 appears Figure 4 18 4 RMON event configuration page screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Indicates the notification ...

Page 324: ...ously saved values 4 18 5 RMON Event Detail This page provides an overview of RMON event entries screen in Figure 4 18 5 appears Figure 4 18 5 Detailed RMON Event ID page screenshot The page includes the following fields Object Description Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry LogTime Indicates Event log time LogDescription Indicates the ...

Page 325: ... page screenshot The page includes the following fields Object Description Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry LogTime Indicates Event log time LogDescription Indicates the Event description Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 second...

Page 326: ... switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Buckets Indicates the maximum data entries associated this History control entry stored in RMON The range is from 1 to 3600 default value is 50 Buckets Granted The number of data shall be saved in the RMON Buttons Click to ...

Page 327: ...ces Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRCEr...

Page 328: ...18 9 RMON History Status This page provides an overview of RMON History entries Each page shows up to 99 entries from the History table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the History table The first displayed will be the one with the lowest History Index and Sample Index found in th...

Page 329: ...ze The total number of packets received that were longer than 1518 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jabb The number of frames which size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions on this Ethernet segment Utilization The best estimate of the mean physical layer network utili...

Page 330: ...ge is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Buttons Click to add a new community entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 18 11 RMON Statistics Detail This page provides an De...

Page 331: ...uding bad packets broadcast packets and multicast packets received Broad cast The total number of good packets received that were directed to the broadcast address Multi cast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octe...

Page 332: ...mber of packets including bad packets received that were between 512 to 1023 octets in length 1024 1588 The total number of packets including bad packets received that were between 1024 to 1588 octets in length Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 4 18 12 RMON Statistics Status This page...

Page 333: ...ber of packets received that were less than 64 octets Over size The total number of packets received that were longer than 1518 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jabb The number of frames which size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions on this Ethernet segment 64 The to...

Page 334: ...refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID Updates the table starting with the entry after the last entry currently displayed 334 ...

Page 335: ...m This chapter describes how to use the Command Line Interface CLI Logon to the Console Once the terminal has connected to the device power on the Managed Switch the terminal will display that it is running testing procedures Then the following message asks the login username password The factory default password as following and the login screen in Figure 5 1 appears Username admin Password admin...

Page 336: ...nt IP address 1 On WGSW 24040 prompt enter ip configuration 2 The screen displays the current IP address Subnet Mask and Gateway As show in Figure 5 2 Figure 5 2 Show IP information screen Configure IP address 3 On WGSW 24040 prompt enter the following command and press Enter As show in Figure 5 3 WGSW 24040 ip setup 192 168 0 101 255 255 255 0 192 168 0 253 1 The previous command would apply the ...

Page 337: ...settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial por...

Page 338: ...User s Manual of WGSW 24040 WGSW 24040R 338 ...

Page 339: ...vate VLAN Security Security management STP Spanning Tree Protocol Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media QoS Quality of Service Mirror Port mirroring Config Load Save of configuration via TFTP Firmware Download of firmware via TFTP UPnP Universal Plug and Play MVR Multicast VLAN Registration Voice ...

Page 340: ...tion System Contact System Name WGSW 24040 System Location Timezone Offset 0 MAC Address 00 30 4f 11 22 33 System Time 1970 01 01 Thu 00 24 39 00 00 System Uptime 00 24 39 Software Version Beta1205281742 Software Date 2012 05 28T17 42 57 0800 Previous Restart Cold WGSW 24040 System Log Configuration Description Show system log configuration Syntax System Log Configuration Example To display system...

Page 341: ...ersion WGSW 24040 System version Version Beta1205281742 Build Date 2012 05 28T17 42 57 0800 WGSW 24040 System Log Server Mode Description Show or set the system log server mode Syntax System Log Server Mode enable disable Parameters enable Enable system log server mode disable Disable system log server mode default Show system Log server mode Default Setting disable Example To show the log server ...

Page 342: ...digits 0 9 minus sign No blank or space characters are permitted as part of a name The first character must be an alpha character and the first or last character must not be a minus sign Example To set device title WGSW 24040 System name WGSW 24040 LAB System Contact Description Set or show the system contact Syntax System Contact contact Parameters contact System contact string 1 255 Use to clear...

Page 343: ...ing Parameters ip_addr_string IP host address a b c d or a host name string Default Setting empty Example To set log server address WGSW 24040 log server address 192 168 0 21 System Location Description Set or show the system location Syntax System Location location Parameters location System location string 1 255 Use to clear the string In CLI no blank or space characters are permitted as part of...

Page 344: ...slog server Syntax System Log Level info warning error Parameters info Send informations warnings and errors warning Send warnings and errors error Send errors Default Setting info Example To set log level WGSW 24040 log level warning System Timezone Description Set or show the system timezone offset Syntax System Timezone offset Parameters offset Time zone offset in minutes 720 to 720 relative to...

Page 345: ...g ID or range default All entries all Show all levels default info Show informations warning Show warnings error Show errors Example To show system log WGSW 24040 system log lookup Number of entries Info 2 Warning 0 Error 0 All 2 ID Level Time Message 1 Info 1970 01 01 Thu 00 00 02 00 00 Switch just made a cold boot 2 Info 1970 01 01 Thu 00 00 06 00 00 Link up on port 23 WGSW 24040 System Log Clea...

Page 346: ...clear the system log WGSW 24040 system log clear WGSW 24040 System Reboot Description Reboot the system Syntax System Reboot Example To reboot device without changing any of the settings WGSW 24040 system reboot System Restore Default Description Restore factory default configuration Syntax System Restore Default keep_ip Parameters keep_ip Keep IP configuration default Restore full configuration 3...

Page 347: ... not reset IP address WGSW 24040 system restore default keep_ip System Load Description Show current CPU load 100ms 1s and 10s running average in percent zero is idle Syntax System Load Example To show current CPU load WGSW 24040 system load Load average 100ms 1s 10s 1 1 1 347 ...

Page 348: ... 0 IP Router 192 168 0 254 DNS Server 0 0 0 0 VLAN ID 1 DNS Proxy Disabled IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 230 4fff fe11 2233 IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router Active Configuration for IPv6 Static with Stateless IPv6 Address fe80 2 230 4fff fe11 2233 64 Scope Link Status UP RUNNING Enabled MTU 1500 LinkMTU is 1500 IPv6 Address 192 168 0 100 96 Scope G...

Page 349: ...CP sever WGSW 24040 ip dhcp disable IP Setup Description Set or show the IP setup Syntax IP Setup ip_addr ip_mask ip_router vid Parameters ip_addr IP address a b c d default Show IP address ip_mask IP subnet mask a b c d default Show IP mask ip_router IP router a b c d default Show IP router vid VLAN ID 1 4095 default Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP R...

Page 350: ...ult is 56 excluding MAC IP and ICMP headers count PING Count keyword ping_count Transmit ECHO_REQUEST packet count 1 60 Default is 5 interval PING Interval keyword ping_interval Ping interval 0 30 Default is 0 Example WGSW 24040 ip ping 192 168 0 21 PING server 192 168 0 21 60 bytes from 192 168 0 21 icmp_seq 0 time 0ms 60 bytes from 192 168 0 21 icmp_seq 1 time 0ms 60 bytes from 192 168 0 21 icmp...

Page 351: ...Set DNS IP address WGSW 24040 ip dns 168 95 1 1 IP DNS Proxy Description Set or show the IP DNS Proxy mode Syntax IP DNS_Proxy enable disable Parameters enable Enable DNS Proxy disable Disable DNS Proxy Default Setting disable Example Enable DNS proxy function WGSW 24040 ip dns_proxy enable IPv6 AUTOCINFIG Description Set or show the IPv6 AUTOCONFIG mode 351 ...

Page 352: ...mbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 ipv6_prefix IPv6 subnet mask default Show IPv6 prefix ipv6_router IPv6 router default Show IPv6 router IPv6 address is in 128 bit records represented as eight fields of up to four hex...

Page 353: ...ntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 length PING Length keyword ping_length Ping ICMP data length 2 1452 Default is 56 excluding MAC IP and ICMP headers count PING Count keyword ping_count Transmit ECHO_REQUEST packet count 1 60 Default is ...

Page 354: ...Idx Server IP host address a b c d or a host name string 1 pool ntp org 2 europe pool ntp org 3 north america pool ntp org 4 asia pool ntp org 5 oceania pool ntp org IP NTP Mode Description Set or show the NTP mode Syntax IP NTP Mode enable disable Parameters enable Enable NTP mode disable Disable NTP mode default Show NTP mode Default Setting disable Example Enable NTP mode 354 ...

Page 355: ...ion Add NTP server IPv6 entry Syntax IP NTP Server Ipv6 Add server_index server_ipv6 Parameters server_index The server index 1 5 server_ipv6 IPv6 server address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of re...

Page 356: ...ip ntp server ipv6 add 1 2001 7b8 3 2c 123 IP NTP Server Delete Description Delete NTP server entry Syntax IP NTP Server Delete server_index Parameters server_index The server index 1 5 Example To delete NTP server WGSW 24040 ip ntp server delete 1 356 ...

Page 357: ...ample Display port1 4 status WGSW 24040 port configuration 1 4 Port Configuration Port State Mode Flow Control MaxFrame Power Excessive Link Description 1 Enabled Auto Disabled 9600 Disabled Discard Down 2 Enabled Auto Disabled 9600 Disabled Discard Down 3 Enabled Auto Disabled 9600 Disabled Discard Down 4 Enabled Auto Disabled 9600 Disabled Discard Down Port Mode Description Set or show the port ...

Page 358: ...tic media sense 1000x 1000BASE X default Show configured and current mode Default Setting Auto Example Set 10Mbps half duplex speed for port1 WGSW 24040 port mode 1 10hdx Port Flow Control Description Set or show the port flow control mode Syntax Port Flow Control port_list enable disable Parameters port_list Port list or all default All ports enable Enable flow control disable Disable flow contro...

Page 359: ...lt All ports enable Enable port disable Disable port default Show administrative mode Default Setting Enable Example Disable port1 WGSW 24040 port state 1 disable Port Maximum Frame Description Set or show the port maximum frame size Syntax Port MaxFrame port_list max_frame Parameters port_list Port list or all default All ports max_frame Port maximum frame size 1518 9600 default Show maximum fram...

Page 360: ...power control disable Disable all power control actiphy Enable ActiPHY power control dynamic Enable Dynamic power control Default Setting disable Example Disable port power function for port1 4 WGSW 24040 port power 1 4 enable Port Excessive Description Set or show the port excessive collision mode Syntax Port Excessive port_list discard restart Parameters port_list Port list or all default All po...

Page 361: ...ll default All ports command The command parameter takes the following values clear Clear port statistics packets Show packet statistics bytes Show byte statistics errors Show error statistics discards Show discard statistics filtered Show filtered statistics 0 7 Show priority statistics default Show all port statistics up Show ports which are up down Show ports which are down Port VeriPHY Descrip...

Page 362: ...ault All ports Example Show SFP information for port21 22 WGSW 24040 port sfp Port Type Speed Wave Length nm Distance m 21 1000Base LX 1000 Base 1310 10000 22 1000Base LX 1000 Base 1310 10000 Port Description Description Set or show Port Description Syntax Port Description port_list descr_text Parameters port_list Port list or all default All ports descr_text Text of port description Default Setti...

Page 363: ...l ports Example Show Mac address state WGSW 24040 mac configuration 1 MAC Configuration MAC Address 00 30 4f 24 04 d1 MAC Age Time 300 Port Learning 1 Auto MAC Add Description Add MAC address table entry Syntax MAC Add mac_addr port_list vid Parameters mac_addr MAC address xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit port_list Port list or all or none vid VLAN ID...

Page 364: ...x xx or xxxxxxxxxxxx x is a hexadecimal digit vid VLAN ID 1 4095 default 1 Example Delete Mac address 00 30 4F 01 01 02 in vid1 WGSW 24040 mac delete 00 30 4f 01 01 02 1 MAC Lookup Description Lookup MAC address entry Syntax MAC Lookup mac_addr vid Parameters mac_addr MAC address xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit vid VLAN ID 1 4095 default 1 Example Lo...

Page 365: ...ge time Default Setting 300 Example Set agetime value in 30 WGSW 24040 mac agetime 30 MAC Learning Description Set or show the port learn mode Syntax MAC Learning port_list auto disable secure Parameters port_list Port list or all default All ports auto Automatic learning disable Disable learning secure Secure learning default Show learn mode Default Setting Auto Example Set secure learning mode i...

Page 366: ... or xxxxxxxxxxxx x is a hexadecimal digit default MAC address zero vid First VLAN ID 1 4095 default 1 Example Show all of MAC table WGSW 24040 mac dump Type VID MAC Address Ports Static 1 00 30 4f 11 22 33 None CPU Static 1 33 33 00 00 00 01 1 28 CPU Static 1 33 33 00 00 00 02 1 28 CPU Static 1 33 33 ff 11 22 33 1 28 CPU Static 1 33 33 ff a8 00 64 1 28 CPU Dynamic 1 40 61 86 04 18 69 23 Static 1 f...

Page 367: ... port_list Port list or all default All ports Example Set all of MAC statistics WGSW 24040 mac statistics Port Dynamic Addresses 1 0 Total Dynamic Addresses 1 Total Static Addresses 6 MAC Flush Description Flush all learned entries Syntax MAC Flush 367 ...

Page 368: ..._list Port list or all default All ports Example Show VLAN status of port1 WGSW 24040 vlan configuration 1 VLAN Configuration Mode IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type 1 1 Disabled All UnTag Disable N A VID VLAN Name Ports 1 default 1 24 VID VLAN Name Ports VLAN forbidden table is empty VLAV PVID Description Set or show the port VLAN ID 368 ...

Page 369: ...Set PVID2 for port10 WGSW 24040 vlan pvid 10 2 VLAN Frame Type Description Set or show the port VLAN frame type Syntax VLAN FrameType port_list all tagged Parameters port_list Port list or all default All ports all Allow tagged and untagged frames tagged Allow tagged frames only default Show accepted frame types Default Setting All Example Set port10 that allow tagged frames only WGSW 24040 vlan f...

Page 370: ...ingress filtering disable Disable VLAN ingress filtering default Show VLAN ingress filtering Default Setting Disable Example Enable VLAN ingress filtering for port10 WGSW 24040 vlan ingressfilter 10 enable VLAN Mode Description Set or show the VLAN Mode Syntax VLAN Mode portbased dot1q Parameters portbased Port Based VLAN Mode dot1q 802 1Q VLAN Mode default Show VLAN Mode Default Setting IEEE 802 ...

Page 371: ...ype Tagged tagged VLAN Link Type Untagged default Show VLAN link type Default Setting Un tagged Example Enable tagged frame for port2 WGSW 24040 vlan linktype 2 tagged VLAN Q in Q Mode Description Set or show the port Q in Q mode Syntax VLAN QinQ port_list disable man customer Parameters port_list Port list or all default All ports disable Disable Q in Q VLAN Mode man Q in Q MAN Port Mode customer...

Page 372: ...all default All ports man Set out layer VLAN tag ether type MAN dot1q Set out layer VLAN tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Default Setting N A Example Set out layer VLAN tag Ethernet type for port 10 in man Ethernet type WGSW 24040 vlan ethtype 10 man VLAN Add Description Add or modify VLAN entry Syntax VLAN Add vid name port_list Parameters vid name VLAN ID 1 4...

Page 373: ...ble Syntax VLAN Forbidden Add vid name port_list Parameters vid name VLAN ID 1 4095 or VLAN Name port_list Port list or all default All ports Example Frobidden add port1 to port4 in VLAN10 WGSW 24040 vlan forbidden add 10 1 4 VLAN Delete Description Delete VLAN entry Syntax VLAN Delete vid name Parameters vid name VLAN ID 1 4095 or VLAN Name Example Delete VLAN10 WGSW 24040 vlan delete 10 373 ...

Page 374: ...VLAN Forbidden Lookup Description Lookup VLAN Forbidden port entry Syntax VLAN Forbidden Lookup vid name name Parameters vid VLAN ID 1 4095 default Show all VLANs name VLAN name string name VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet VLAN Lookup Description Lookup VLAN entry Syntax VLAN Lookup vid name name combin...

Page 375: ...by NAS mvr Shows the VLANs configured by MVR voice_vlan Shows the VLANs configured by Voice VLAN all Shows all VLANs configuration default combined VLAN Users configuration Example Show VLAN status WGSW 24040 vlan lookup VID VLAN Name Ports 1 default 1 10 VLAN Name Add Description Add VLAN Name to a VLAN ID Mapping Syntax VLAN Name Add name vid Parameters name VLAN name Maximum of 32 characters VL...

Page 376: ...or numbers VLAN name should contain atleast one alphabet Example Delete VLAN name WGSW 24040 vlan name delete test VLAN Name Lookup Description Show VLAN Name table Syntax VLAN Name Lookup name Parameters name VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet Example To show VLAN Name table WGSW 24040 vlan name lookup V...

Page 377: ...guration nas NAS port configuration mvr MVR port configuration voice_vlan Voice VLAN port configuration mstp MSTP port configuration vcl VCL port configuration all All VLAN Users configuration default all VLAN Users configuration Example Show VLAN configuration of port1 WGSW 24040 status 1 Port VLAN User PortType PVID Frame Type Ing Filter Tx Tag UVID Conflicts 1 Static Unaware 1 All Disabled Unta...

Page 378: ...ist Port list or all default All ports Example Show private VLAN configuration WGSW 24040 pvlan configuration Private VLAN Configuration Port Isolation 1 Disabled PVLAN ID Ports 1 1 28 PVLAN Add Description Add or modify Private VLAN entry Syntax PVLAN Add pvlan_id port_list Parameters pvlan_id Private VLAN ID The allowed range for a Private VLAN ID is the same as the switch port number range 378 ...

Page 379: ...eters pvlan_id Private VLAN ID The allowed range for a Private VLAN ID is the same as the switch port number range Example Delete PVLAN10 WGSW 24040 pvlan delete 10 PVLAN Lookup Description Lookup Private VLAN entry Syntax PVLAN Lookup pvlan_id Parameters pvlan_id Private VLAN ID default Show all PVLANs The allowed range for a Private VLAN ID is the same as the switch port number range Example Loo...

Page 380: ...isolation mode Syntax PVLAN Isolate port_list enable disable Parameters port_list Port list or all default All ports enable Enable port isolation disable Disable port isolation default Show port isolation port list Default Setting disable Example Enable isolate for port10 WGSW 24040 pvlan isolate 10 enable 380 ...

Page 381: ...ation User Name Privilege Level admin 15 Security Switch User Add Description Add or modify users entry Syntax Security Switch Users Add user_name password privilege_level Parameters user_name A string identifying the user name that this entry should belong to The allowed string length is 1 32 The valid user name is a combination of letters numbers and underscores password The password for this us...

Page 382: ...his entry should belong to The allowed string length is 1 32 The valid user name is a combination of letters numbers and underscores Example Delete test account WGSW 24040 security switch users delete user Security Switch Privilege Level Configuration Description Show privilege configuration Syntax Security Switch Privilege Level Configuration Example Show privilege level WGSW 24040 security switc...

Page 383: ...10 5 10 Port_Security 5 10 5 10 Ports 5 10 1 10 Private_VLANs 5 10 5 10 Protocol_based_VLAN 5 10 5 10 QoS 5 10 5 10 SFlow 5 10 5 10 SNMP 5 10 5 10 Security 5 10 5 10 Spanning_Tree 5 10 5 10 System 5 10 1 10 Timer 5 10 5 10 UPnP 5 10 5 10 VLANs 5 10 5 10 Voice_VLAN 5 10 5 10 Security Switch Privilege Level Group Description Configure a privilege level group Syntax Security Switch Privilege Level Gr...

Page 384: ... 24040 security switch privilege level group mvr 15 15 15 15 Security Switch Privilege Level Current Description Show the current privilege level Syntax Security Switch Privilege Level Current Default Setting 15 Security Switch Authentication Configuration Description Show Auth configuration Syntax Security Switch Auth Configuration Example Show authentication configuration WGSW 24040 security swi...

Page 385: ...tings for ssh web Settings for web default Set or show the specific client authentication method none Authentication disabled local Use local authentication radius Use remote RADIUS authentication tacacs Use remote TACACS authentication default Show client authentication method enable Enable local authentication if remote authentication fails disable Disable local authentication if remote authenti...

Page 386: ...onfiguration WGSW 24040 security switch ssh configuration SSH Configuration SSH Mode Enable Security Switch SSH Mode Description Set or show the SSH mode Syntax Security Switch SSH Mode enable disable Parameters enable Enable SSH disable Disable SSH default Show SSH mode Default Setting enable Example Enable SSH function WGSW 24040 security switch ssh mode enable 386 ...

Page 387: ...40 security switch https configuration HTTPS Configuration HTTPS Mode Enable HTTPS Redirect Mode Disabled Security Switch HTTPs Mode Description Set or show the HTTPS mode Syntax Security Switch HTTPS Mode enable disable Parameters enable Enable HTTPs disable Disable HTTPs default Show HTTPs mode Default Setting enable Example Enable HTTPs function WGSW 24040 security switch https mode enable 387 ...

Page 388: ...irect disable Disable HTTPs redirect default Show HTTPs redirect mode Default Setting disable Example Enable HTTPs redirect function WGSW 24040 security switch https redirect enable Security Switch Access Configuration Description Show access management configuration Syntax Security Switch Access Configuration Example Show access management configuration WGSW 24040 security switch access configura...

Page 389: ... management disable Disable access management default Show access management mode Default Setting disable Example Enable access management function WGSW 24040 security switch access mode enable Security Switch Access Add Description Add access management entry default Add all supported protocols Syntax Security Switch Access Add access_id start_ip_addr end_ip_addr web snmp telnet Parameters access...

Page 390: ...ach field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 end_ipv6_addr End IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with...

Page 391: ...s management ID 1 WGSW 24040 security switch access delete 1 Security Switch Access Lookup Description Lookup access management entry Syntax Security Switch Access Lookup access_id Parameters access_id entry index 1 16 Example Lookup access management entry WGSW 24040 security switch access lookup 1 Security Switch Access Clear Description Clear access management entry Syntax Security Switch Acces...

Page 392: ...r access management statistics Example Show access management statistics WGSW 24040 security switch access statistics Access Management Statistics HTTP Receive 0 Allow 0 Discard 0 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Receive 0 Allow 0 Discard 0 Security Switch SNMP Configuration Description Show SNMP configuration Syntax Security...

Page 393: ...lt Setting enable Example Disable SNMP mode WGSW 24040 security switch snmp mode disable Security Switch SNMP Version Description Set or show the SNMP protocol version Syntax Security Switch SNMP Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP version Default Setting 2c Example Set SNMP in version 3 WGSW 24040 security switch snmp version 3 393 ...

Page 394: ...t Setting public Example Set SNMP read community private WGSW 24040 security switch snmp read community private Security Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax Security Switch SNMP Write Community community Parameters community Community string Use clear or to clear the string Maximum length allowed is upto 256 characters default Show ...

Page 395: ...s default Show SNMP trap mode Default Setting disable Example Enable SNMP trap mode WGSW 24040 security switch snmp trap mode enable Security Switch SNMP Trap Version Description Set or show the SNMP trap protocol version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP ...

Page 396: ... upto 256 characters default Show SNMP trap community Default Setting public Example Set private value for SNMP trap community WGSW 24040 security switch snmp trap community private Security Switch SNMP Trap Destination Description Set or Show the SNMP trap destination address Syntax Security Switch SNMP Trap Destination ip_addr_string Parameters ip_addr_string IP host address a b c d or a host na...

Page 397: ...ltiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example Set SNMP trap IPv6 destination address for 2001 0001 WGSW 24040 security switch snmp trap ipv6 destination 2001 0001 Security Switch SNMP Trap Authentication Failure Description Set or show the SNMP authentication failure trap mode Syntax Security Switch...

Page 398: ...d link down default Show SNMP trap link up and link down mode Default Setting enable Example Disable SNMP trap link up WGSW 24040 security switch snmp trap link up disable Security Switch SNMP Trap Inform Mode Description Set or show the SNMP trap inform mode Syntax Security Switch SNMP Trap Inform Mode enable disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform defau...

Page 399: ... inform timeout 0 2147 seconds Default Setting 1 Example Set SNMP trap inform timeout in 20sec WGSW 24040 security switch snmp trap inform timeout 20 Security Switch SNMP Trap Inform Retry Times Description Set or show the SNMP trap inform retry times Syntax Security Switch SNMP Trap Inform Retry Times retries Parameters retries SNMP trap inform retransmited times 0 255 default Show SNMP trap info...

Page 400: ...default Show SNMP trap security engine ID probe mode Default Setting enable Example Disable SNMP trap probe security engine ID WGSW 24040 security switch snmp trap probe security engine id disable Security Switch SNMP Trap Security Engine ID Description Set or show SNMP trap security engine ID Syntax Security Switch SNMP Trap Security Engine ID engineid Parameters engineid Engine ID the format may...

Page 401: ...CII characters from 33 to 126 Example Set the SNMP trap security name WGSW 24040 security switch snmp trap security name 12345678 Security Switch SNMP Engine ID Description Set or show SNMPv3 local engine ID Syntax Security Switch SNMP Engine ID engineid Parameters engineid Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string Default Setting 800007e5017f0000...

Page 402: ...w IP mask Example Add SNMPv3 community entry WGSW 24040 security switch snmp community add public 192 168 0 20 255 255 255 0 Security Switch SNMP Community Delete Description Delete SNMPv3 community entry Syntax Security Switch SNMP Community Delete index Parameters index entry index 1 64 Example Delete SNMPv3 community entry WGSW 24040 security switch snmp community delete 3 Security Switch SNMP ...

Page 403: ...e name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 md5 An optional flag to indicate that this user using MD5 authentication protocol The allowed length is 8 32 and the allowed content is ASCII characters from 33 to 126 sha An optional flag to indicate that this user using SHA authentication protocol The allowed length is 8 40 and...

Page 404: ...gineid user_name auth_password priv_password Parameters engineid Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 auth_password A string identifying the aut...

Page 405: ...mpv3 Auth Priv MD5 DES Number of entries 1 Security Switch SNMP Group Add Description Add or modify SNMPv3 group entry The entry index key are security_model and security_name Syntax Security Switch SNMP Group Add security_model security_name group_name Parameters security_model v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM security_name A string identifying the...

Page 406: ...snmpv3 Security Switch SNMP Group Delete Description Delete SNMPv3 group entry Syntax Security Switch SNMP Group Delete index Parameters index entry index 1 64 Example Delete SNMPv3 group entry WGSW 24040 security switch snmp group delete 1 Security Switch SNMP Group Lookup Description Lookup SNMPv3 group entry Syntax Security Switch SNMP Group Lookup index Parameters index entry index 1 64 Exampl...

Page 407: ...meters view_name A string identifying the view name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 included An optional flag to indicate that this view subtree should included excluded An optional flag to indicate that this view subtree should excluded oid_subtree The OID defining the root of the subtree to add to the n...

Page 408: ...meters index entry index 1 64 Example Lookup SNMPv3 view entry WGSW 24040 security switch snmp view lookup Idx View Name View Type OID Subtree 1 default_view included 1 2 snmpv3_viwe included 1 Number of entries 2 Security Switch SNMP Access Add Description Add or modify SNMPv3 access entry The entry index key are group_name security_model and security_level Syntax Security Switch SNMP Access Add ...

Page 409: ...d none privacy AuthPriv Authentication and privacy read_view_name The name of the MIB view defining the MIB objects for which this request may request the current values The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 Example Add SNMPv3 access entry WGSW 24040 security switch snmp access add group_snmpv3 usm authpriv snmpv3_...

Page 410: ...any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of entries 2 Security Switch RMON Statistics Add Description Add or modify RMON Statistics entry The entry index key is stats_id Syntax Security Switch RMON Statistics Add stats_id data_source Parameters stats_id Statistics ID 1 65535 data_source The OID that indicates that the ifIndex in ifEntry The value should be like 1 3 6 1 2 1 2 2...

Page 411: ...dd or modify RMON Hisotry entry The entry index key is history_id Syntax Security Switch RMON History Add history_id data_source interval buckets Parameters history_id History ID 1 65535 data_source The OID that indicates that the ifIndex in ifEntry The value should be like 1 3 6 1 2 1 2 2 1 1 xxx interval Sampling interval 1 3600 default 1800 buckets The maximum data entries associated this Histo...

Page 412: ...rity Switch RMON Alarm Add alarm_id interval alarm_vairable absolute delta rising_threshold rising_event_index falling_threshold falling_event_index rising falling both Parameters alarm_id Alarm ID 1 65535 interval Sampling interval 1 2147483647 default 30 alarm_vairable The MIB OID that need to be referenced 1 3 6 1 2 1 2 2 1 10 xxx ifInOctets 1 3 6 1 2 1 2 2 1 11 xxx ifInUcastPkts 1 3 6 1 2 1 2 ...

Page 413: ...ling_threshold Falling threshold value 2147483648 2147483647 falling_event_index Falling event index 1 65535 rising Trigger alarm when the first value is larger than the rising threshold falling Trigger alarm when the first value is less than the falling threshold both Trigger alarm when the first value is larger than the rising threshold or less than the falling threshold default Security Switch ...

Page 414: ...ate the difference between samples default community Specify the community when trap is sent the string lengh is 0 127 default public description The string for describing this event the string lengh is 0 127 default null string Security Switch RMON Event Delete Description Delete RMON Event entry The entry index key is event_id Syntax Security Switch RMON Event Delete event_id Parameters event_id...

Page 415: ...rt security status WGSW 24040 security network psec switch Users L Limit Control 8 802 1X D DHCP Snooping V Voice VLAN Port Users State MAC Cnt 1 No users 0 Security Network Psec Port Description Show MAC Addresses learned by Port Security Syntax Security Network Psec Port port_list Parameters port_list Port list or all default All ports Example Show MAC address learned on port 1 WGSW 24040 securi...

Page 416: ...ion Syntax Security Network Limit Configuration port_list Parameters port_list Port list or all default All ports Example Show Limit Control configuration WGSW 24040 security network limit configuration Port Security Limit Control Configuration Mode Disabled Aging Disabled Age Period 3600 Port Mode Limit Action 1 Disabled 4 None Security Network Limit Mode Description 416 ...

Page 417: ...of port security limit control Default Setting disable Example Enable the limit mode WGSW 24040 security network limit mode enable Security Network Limit Aging Description Set or show aging state Syntax Security Network Limit Aging enable disable Parameters enable Enable aging disable Disable aging default Show current enabledness of aging Default Setting disable Example Enable limit aging WGSW 24...

Page 418: ...ting 3600 Example Set age time in 100sec WGSW 24040 security network limit agetime 100 Security Network Limit Port Description Set or show per port enabledness Syntax Security Network Limit Port port_list enable disable Parameters port_list Port list or all default All ports enable Enable port security on this port disable Disable port security on this port default Show current port enabledness of...

Page 419: ... Example Set limit in 5 WGSW 24040 security network limit limit 1 10 5 Security Network Limit Action Description Set or show the action involved with exceeding the limit Syntax Security Network Limit Action port_list none trap shut trap_shut Parameters port_list Port list or all default All ports none trap shut trap_shut Action to be taken in case the number of MAC addresses exceeds the limit none...

Page 420: ...urity Network Limit Reopen port_list Parameters port_list Port list or all default All ports Example Reopen port 1 WGSW 24040 security network limit reopen 1 Security Network NAS Configuration Description Show 802 1X configuration Syntax Security Network NAS Configuration port_list Parameters port_list Port list or all default All ports Example Show 802 1X configuration of port 1 WGSW 24040 securi...

Page 421: ...POL Frame Seen Disabled Port Admin State Port State Last Source Last ID 1 Force Authorized Globally Disabled Security Network NAS Mode Description Set or show the global NAS state Syntax Security Network NAS Mode enable disable Parameters enable Globally enable 802 1X disable Globally disable 802 1X default Show current 802 1X global enabledness Default Setting disable Example Enable IEEE802 1X fu...

Page 422: ...ccess is not allowed single Single Host 802 1X Authentication multi Multiple Host 802 1X Authentication macbased Switch authenticates on behalf of the client default Show 802 1X state Default Setting none Example Show the port 1 security state WGSW 24040 security network nas state 1 Port Admin State Port State Last Source Last ID 1 Force Authorized Globally Disabled Security Network NAS Reauthenti...

Page 423: ...riod between reauthentication attempts Syntax Security Network NAS ReauthPeriod reauth_period Parameters reauth_period Period between reauthentication attempts 1 3600 seconds default Show current reauthentication period Default Setting 3600 Example To show the period between reauthentication attempts WGSW 24040 security network nas reauthperiod Security Network NAS EapolTimeout Description Set or ...

Page 424: ...e Description Time in seconds between check for activity on successfully authenticated MAC addresses Syntax Security Network NAS Agetime age_time Parameters age_time Time between checks 10 1000000 seconds default Show current age time Default Setting 300 Example Set NAS age time in 1000sec WGSW 24040 security network nas agetime 1000 Security Network NAS Holdtime Description Time in seconds before...

Page 425: ...sable Parameters global Select the global RADIUS assigned QoS setting port_list Select the per port RADIUS assigned QoS setting default Show current per port RADIUS assigned QoS state enable Enable RADIUS assigned QoS either globally or on one or more ports disable Disable RADIUS assigned QoS either globally or on one or more ports default Show current RADIUS assigned QoS state Default Setting dis...

Page 426: ...per port state of Guest VLAN Unless the global keyword is used the reauth_max and allow_if_eapol_seen parameters will not be unused Syntax Security Network NAS Guest_VLAN global port_list enable disable vid reauth_max allow_if_eapol_seen Parameters global Select the global Guest VLAN setting port_list Select the per port Guest VLAN setting default Show current per port Guest VLAN state enable disa...

Page 427: ...rrent setting Default Setting disable Example Enable NAS guest VLAN WGSW 24040 security network nas guest_vlan enable Security Network NAS Authenticate Description Refresh restart 802 1X authentication process Syntax Security Network NAS Authenticate port_list now Parameters port_list Port list or all default All ports now Force reauthentication immediately default Schedule a reauthentication Exam...

Page 428: ...twork nas statistics 1 Rx Total 0 Tx Total 0 Rx Response Id 0 Tx Request Id 0 Rx Response 0 Tx Request 0 Rx Start 0 Rx Logoff 0 Rx Invalid Type 0 Rx Invalid Length 0 Port 1 Backend Server Statistics Rx Access Challenges 0 Tx Responses 0 Rx Other Requests 0 Rx Auth Successes 0 Rx Auth Failures 0 Security Network ACL Configuration Description Show ACL Configuration Syntax Security Network ACL Config...

Page 429: ...e port_copy Port number for copy of frames or disable logging System logging of frames log log_disable shutdown Shut down ingress port shut shut_disable Example Show ACL action in port 1 WGSW 24040 security network acl action 1 Port Action Rate Limiter Port Copy Mirror Logging Shutdown Counter 1 Permit Disabled Disabled Disabled Disabled Disabled 0 Security Network ACL Policy Description Set or sh...

Page 430: ...ter ace_id is specified and an entry with this ACE ID already exists the ACE will be modified Otherwise a new ACE will be added If the ACE ID is not specified the next available ACE ID will be used If the next ACE ID parameter ace_id_next is specified the ACE will be placed before this ACE in the list If the next ACE ID is not specified the ACE will be placed last in the list If the Switch keyword...

Page 431: ...600 0xFFFF or any but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 smac Source MAC address xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit or any dmac Destination MAC address xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit or any arp ARP keyword sip Source IP address a b c d n or any dip Destination IP address a b c d n or any arp_o...

Page 432: ...ress port shut shut_disable Security Network ACL Delete Description Delete ACE Syntax Security Network ACL Delete ace_id Parameters ace_id ACE ID 1 512 Example Delete ACE 1 WGSW 24040 security network acl delete 1 Security Network ACL Lookup Description Show ACE default All ACEs Syntax Security Network ACL Lookup ace_id Parameters ace_id ACE ID 1 512 Example Lookup ACE 1 WGSW 24040 security networ...

Page 433: ...us combined static loop_protect dhcp upnp arp_inspection ipmc ip_source_guard conflicts Parameters combined Show combined status static Show static user configured status loop_protect Shows the status by Loop Protect dhcp Show DHCP status upnp Show UPnP status arp_inspection Show ARP Inspection status ipmc Show IPMC status ip_source_guard Show IP Source Guard status conflicts Show conflict status ...

Page 434: ... port state Default Setting Enable Security Network DHCP Relay Configuration Description Show DHCP relay configuration Syntax Security Network DHCP Relay Configuration Example Show DHCP relay configuration WGSW 24040 security network dhcp relay configuration DHCP Relay Configuration DHCP Relay Mode Disabled DHCP Relay Server NULL DHCP Relay Information Mode Disabled DHCP Relay Information Policy r...

Page 435: ... broadcast message won t flood for security considered disable Disable DHCP relaly mode default Show flow DHCP relaly mode Default Setting disable Example Enable DHCP relay mode WGSW 24040 security network dhcp relay mode enable Security Network DHCP Relay Server Description Show or set DHCP relay server Syntax Security Network DHCP Relay Server ip_addr Parameters ip_addr IP address a b c d defaul...

Page 436: ...y agent information option mode Default Setting disable Example Enable DHCP relay agent information option mode WGSW 24040 security network dhcp relay information mode enable Security Network DHCP Relay Information Policy Description Set or show the DHCP relay mode When enable DHCP relay information mode operation if agent receive a DHCP message that already contains relay agent information It wil...

Page 437: ...Description Show or clear DHCP relay statistics Syntax Security Network DHCP Relay Statistics clear Parameters clear Clear DHCP relay statistics Example Show DHCP relay statistics WGSW 24040 security network dhcp relay statistics Security Network DHCP Snooping Configuration Description Show DHCP snooping configuration Syntax Security Network DHCP Snooping Configuration Security Network DHCP Snoopi...

Page 438: ... mode WGSW 24040 security network dhcp snooping mode enable Security Network DHCP Snooping Port Mode Description Set or show the DHCP snooping port mode Syntax Security Network DHCP Snooping Port Mode port_list trusted untrusted Parameters port_list Port list or all default All ports trusted Configures the port as trusted sources of the DHCP message untrusted Configures the port as untrusted sourc...

Page 439: ...ecurity network dhcp snooping statistics 1 Port 1 Statistics Rx Discover 0 Tx Discover 0 Rx Offer 0 Tx Offer 0 Rx Request 0 Tx Request 0 Rx Decline 0 Tx Decline 0 Rx ACK 0 Tx ACK 0 Rx NAK 0 Tx NAK 0 Rx Release 0 Tx Release 0 Rx Inform 0 Tx Inform 0 Rx Lease Query 0 Tx Lease Query 0 Rx Lease Unassigned 0 Tx Lease Unassigned 0 Rx Lease Unknown 0 Tx Lease Unknown 0 Rx Lease Active 0 Tx Lease Active 0...

Page 440: ...etting disable Example Enable IP source guard mode WGSW 24040 security network ip source guard mode enable Security Network IP Source Guard Port Mode Description Set or show the IP Source Guard port mode Syntax Security Network IP Source Guard Mode enable disable Parameters enable Enable IP Source Guard disable Disable IP Source Guard Default Setting disable Example Enable IP source guard port mod...

Page 441: ...rity network ip source guard 1 1 Security Network IP Source Guard Entry Description Add or delete IP source guard static entry Syntax Security Network IP Source Guard Entry port_list add delete vid allowed_ip ip_mask Parameters port_list Port list or all default All ports add Add new port IP source guard static entry delete Delete existing port IP source guard static entry vid VLAN ID 1 4095 allow...

Page 442: ... and dynamic entries WGSW 24040 security network ip source guard status Security Network IP Source Guard Translation Description Translate IP source guard dynamic entries into static entries Syntax Security Network IP Source Guard Translation Security Network ARP Inspection Configuration Description Show ARP inspection configuration Syntax Security Network ARP Inspection Configuration Example Show...

Page 443: ...ble ARP inspection mode WGSW 24040 security network arp inspection mode enable Security Network ARP Inspection Port Mode Description Set or show the ARP Inspection port mode Syntax Security Network ARP Inspection Port Mode port_list enable disable Parameters port_list Port list or all default All ports enable Enable ARP Inspection port disable Disable ARP Inspection port default Show ARP Inspectio...

Page 444: ...wed_mac MAC address xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit MAC address allowed for doing ARP request allowed_ip IPv4 address a b c d IP address allowed for doing ARP request Example Add ARP inspection static entry WGSW 24040 security network arp inspection entry 1 add 1 00 30 4f 00 00 11 192 168 0 11 Security Network ARP Inspection Status Description Show A...

Page 445: ...nfiguration Description Show Auth configuration Syntax Security AAA Configuration Example Show Auth configuration WGSW 24040 security aaa configuration AAA Configuration Server Timeout 15 seconds Server Dead Time 300 seconds RADIUS Authentication Server Configuration Server Mode IP Address Secret Port 1 Disabled 1812 2 Disabled 1812 3 Disabled 1812 4 Disabled 1812 5 Disabled 1812 RADIUS Accounting...

Page 446: ...n Server Mode IP Address Secret Port 1 Disabled 49 2 Disabled 49 3 Disabled 49 4 Disabled 49 5 Disabled 49 Security AAA Timeout Description Set or show server timeout Syntax Security AAA Timeout timeout Parameters timeout Server response timeout 3 3600 seconds default Show server timeout configuration Default Setting 15 Example Set 30sec for server timeout WGSW 24040 security aaa timeout 30 446 ...

Page 447: ...IUS authentication server setup Syntax Security AAA RADIUS server_index enable disable ip_addr_string secret server_port Parameters The server index 1 5 default Show RADIUS authentication server configuration enable Enable RADIUS authentication server disable Disable RADIUS authentication server default Show RADIUS server mode ip_addr_string IP host address a b c d or a host name string secret Sec...

Page 448: ...sable Disable RADIUS accounting server default Show RADIUS server mode ip_addr_string IP host address a b c d or a host name string secret Secret shared with external accounting server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed server_port Server UDP port Use 0 to use the default RADIUS port 1813 Example Set RADIUS accounti...

Page 449: ...n server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed server_port Server TCP port Use 0 to use the default TACACS port 49 Example Set TACACS authentication server configuration WGSW 24040 security aaa tacacs 1 enable 192 168 0 20 12345678 49 Security AAA Statistics Description Show RADIUS statistics Syntax Security AAA Statis...

Page 450: ...STP configuration WGSW 24040 stp cofiguration STP Configuration Protocol Version MSTP Max Age 20 Forward Delay 15 Tx Hold Count 6 Max Hop Count 20 BPDU Filtering Disabled BPDU Guard Disabled Error Recovery Disabled STP Version Description Set or show the STP Bridge protocol version Syntax STP Version stp_version Parameters stp_version mstp rstp stp Default Setting MSTP 450 ...

Page 451: ...P Bridge Transmit Hold Count parameter Syntax STP Txhold holdcount Parameters holdcount STP Transmit Hold Count 1 10 Default Setting 6 Example Set STP Tx hold in 10 WGSW 24040 stp txhold 10 STP MaxHops Description Set or show the MSTP Bridge Max Hop Count parameter Syntax STP MaxHops maxhops Parameters maxhops STP BPDU MaxHops 6 40 Default Setting 20 451 ...

Page 452: ... STP MaxAge max_age Parameters max_age STP maximum age time 6 40 and max_age forward_delay 1 2 Default Setting 20 Example Set STP maximum age time in 10 WGSW 24040 stp maxage 10 STP FwdDelay Description Set or show the bridge instance forward delay Syntax STP FwdDelay delay Parameters delay MSTP forward delay 4 30 and max_age forward_delay 1 2 Default Setting 15 Example 452 ...

Page 453: ...me A text string up to 32 characters long Use quotes to embed spaces in name integer Integer value Default Setting Configuration name MAC address Configuration rev 0 Example Set MSTP configuration name and revision WGSW 24040 stp cname 9f_WGSW 24040 1 STP BPDU Filter Description Set or show edge port BPDU Filtering Syntax STP bpduFilter enable disable Parameters enable disable enable or disable BP...

Page 454: ...Parameters enable disable enable or disable BPDU Guard for Edge ports Default Setting Disable Example Set edge port BPDU guard WGSW 24040 stp bpduguard enable STP Recovery Description Set or show edge port error recovery timeout Syntax STP recovery timeout Parameters timeout Time before error disabled ports are reenabled 30 86400 seconds 0 disables default Show recovery timeout Default Setting Dis...

Page 455: ...ll default All ports Example Show STP Bridge status WGSW 24040 stp status CIST Bridge STP Status Bridge ID 80 00 00 30 4F 24 04 D1 Root ID 80 00 00 30 4F 24 04 D1 Root Port Root PathCost 0 Regional Root 80 00 00 30 4F 24 04 D1 Int PathCost 0 Max Hops 20 TC Flag Steady TC Count 0 TC Last Port Port Role State Pri PathCost Edge P2P Uptime 10 DesignatedPort Forwarding 128 20000 Yes Yes 0d 00 10 32 STP...

Page 456: ... 4096 WGSW 24040 stp msti priority 1 4096 STP MSTI Map Description Show or clear MSTP MSTI VLAN mapping configuration Syntax STP Msti Map msti clear Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 Clear Clear VID to MSTI mapping STP MSTI Add Description Add a VLAN single or range to a MSTI Syntax STP Msti Add msti vid range Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 vid ra...

Page 457: ...means aggregations Example Show STP status of Port1 WGSW 24040 stp port configuration 1 Port Mode AdminEdge AutoEdge restrRole restrTcn Point2point 1 Disabled Disabled Enabled Disabled Disabled Auto STP Port Mode Description Set or show the STP enabling for a port Syntax STP Port Mode port_list enable disable Parameters port_list Port list or all Port zero means aggregations Enable Enable MSTP pro...

Page 458: ...ameters port_list Port list or all default All ports Enable Configure MSTP adminEdge to Edge Disable Configure MSTP adminEdge to Non edge Default disable Example Enable STP edge function on port1 WGSW 24040 stp port edge 1 enable STP Port AutoEdge Description Set or show the STP autoEdge port parameter Syntax STP Port AutoEdge port_list enable disable Parameters port_list Port list or all default ...

Page 459: ...tax STP Port P2P port_list enable disable auto Parameters port_list Port list or all default All ports enable Enable MSTP point2point disable Disable MSTP point2point auto Automatic MSTP point2point detection Default auto Example Disable STP P2P function on port1 WGSW 24040 stp port p2p 1 disable STP Port RestrictedRole Description Set or show the MSTP restrictedRole port parameter Syntax STP Port...

Page 460: ...drole 1 enable STP Port RestrictedTcn Description Set or show the MSTP restrictedTcn port parameter Syntax STP Port RestrictedTcn port_list enable disable Parameters port_list Port list or all default All ports enable Enable MSTP restricted TCN disable Disable MSTP restricted TCN Default disable Example Eisable STP restricted TCN on port1 WGSW 24040 stp port restrictedtcn 1 enable STP Port bpduGua...

Page 461: ...WGSW 24040 stp port bpduguard 1 enable STP Port Statistic Description Show STP port statistics Syntax STP Port Statistics port_list clear Parameters port_list Port list or all default All ports clear Clear the selected port statistics Example Show STP port statistics WGSW 24040 stp port statistics Port Rx MSTP Tx MSTP Rx RSTP Tx RSTP Rx STP Tx STP Rx TCN Tx TCN Rx Ill Rx Unk STP Port Mcheck Descri...

Page 462: ...ance configuration Syntax STP Msti Port Configuration msti port_list Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all default All ports Default auto STP MSTI Port Cost Description Set or show the STP port instance path cost Syntax STP Msti Port Cost msti port_list path_cost Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port...

Page 463: ...ost MST7 1 Auto STP MSTI Port Priority Description Set or show the STP port instance priority Syntax STP Msti Port Priority msti port_list priority Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port zero means aggregations priority STP port priority 0 16 32 48 224 240 Default 128 463 ...

Page 464: ...n Aggregation Add Description Add or modify link aggregation Syntax Aggr Add port_list aggr_id Parameters port_list Port list or all default All ports aggr_id Aggregation ID 1 14 Example Add port 1 4 in Group1 WGSW 24040 aggr add 1 4 1 Aggregation Delete Description Delete link aggregation Syntax Aggr Delete aggr_id Parameters aggr_id Aggregation ID 1 14 Example 464 ...

Page 465: ... or show the link aggregation traffic distribution mode Syntax Aggr Mode smac dmac ip port enable disable Parameters smac Source MAC address dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribution Default Setting SMAC Enabled DMAC Disabled IP Enabled Port Ena...

Page 466: ...User s Manual of WGSW 24040 WGSW 24040R WGSW 24040 Aggr mode smac disable 466 ...

Page 467: ...t All ports Example Show LACP configuration WGSW 24040 lacp configuration Port Mode Key Role 1 Disabled Auto Active 2 Disabled Auto Active 3 Disabled Auto Active 4 Disabled Auto Active 5 Disabled Auto Active 6 Disabled Auto Active 7 Disabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active LACP Mode Description Set or show LACP mode Syntax LACP Mode port_list enabl...

Page 468: ...tting disable Example Enable LACP for port1 4 WGSW 24040 lacp mode 1 4 enable LACP Key Description Set or show the LACP key Syntax LACP Key port_list key Parameters port_list Port list or all default All ports key LACP key 1 65535 or auto Default Setting auto Example Set key1 for port1 4 WGSW 24040 lacp key 1 4 1 LACP Priority Description Set or show the LACP prio Syntax 468 ...

Page 469: ...ription Set or show the LACP System prio Syntax LACP System Prio sysprio Parameters sysprio LACP System Prio 0 65535 Default Setting 32768 LACP Role Description Set or show the LACP role Syntax LACP Role port_list active passive Parameters port_list Port list or all default All ports active Initiate LACP negotiation passive Listen for LACP packets default Show LACP role Default Setting 469 ...

Page 470: ...Syntax LACP Status port_list Parameters port_list Port list or all default All ports Example Show LACP status of port1 4 WGSW 24040 lacp status 1 4 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 1 2 Disabled 1 3 Disabled 1 4 Disabled 1 LACP Statistics Description Show LACP Statistics Syntax LACP Statistics port_list clear Parameters 470 ...

Page 471: ...ics 1 4 Port Rx Frames Tx Frames Rx Unknown Rx Illegal 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 LACP Timeout Description Set or show the LACP timeout Syntax LACP Timeout port_list fast slow Parameters port_list Port list or all default All ports fast Fast PDU transmissions fast timeout slow Slow PDU transmissions slow timeout default Show LACP timeout Default Setting fast 471 ...

Page 472: ... 4 LLDP Configuration Interval 30 Hold 3 Tx Delay 2 Reinit Delay 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness 1 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 2 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 3 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 4 Enabled Enabled Enabled Enabled Enabled Enabled Disabled LLDP Mode Descr...

Page 473: ...on Show or Set LLDP Optional TLVs Syntax LLDP Optional_TLV port_list port_descr sys_name sys_descr sys_capa mgmt_addr enable disable Parameters port_list Port list or all default All ports port_descr Description of the port sysm_name System name sys_descr Description of the system sys_capa System capabilities mgmt_addr Master s IP address default Show optional TLV s configuration enable Enables TL...

Page 474: ...ort_descr disable LLDP Interval Description Set or show LLDP Tx interval Syntax LLDP Interval interval Parameters interval LLDP transmission interval 5 32768 Default Setting 30 Example Set transmission interval in 10 WGSW 24040 lldp interval 10 LLDP Hold Description Set or show LLDP Tx hold value Syntax LLDP Hold hold Parameters hold LLDP hold value 2 10 Default Setting 3 474 ...

Page 475: ...on Set or show LLDP Tx delay Syntax LLDP Delay delay Parameters delay LLDP transmission delay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 WGSW 24040 lldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syntax LLDP Reinit reinit Parameters reinit LLDP reinit delay 1 10 Default Setting 2 475 ...

Page 476: ...ports clear Clear LLDP statistics Example Show LLDP Statistics of port 1 WGSW 24040 lldp statistics 1 LLDP global counters Neighbor entries was last changed at 18819 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP local counters Rx Tx Rx Rx Rx TLV Rx TLV Rx TLV Port Frames Frames Errors Discards Err...

Page 477: ...escription Set or show if discovery information from received CDP Cisco Discovery Protocol frames is added to the LLDP neighbor table Syntax LLDP cdp_aware port_list enable disable Parameters port_list Port list or all default All ports enable Enable CDP awareness CDP discovery information is added to the LLDP neighbor table disable Disable CDP awareness default Show CDP awareness configuration 47...

Page 478: ...ll default All ports Example Show LLDP MED configuration of port1 4 WGSW 24040 lldpmed configuration 1 4 LLDP MED Configuration Fast Start Repeast Count 4 Location Coordinates Latitude 0 0000 North Longitude 0 0000 East Altitude 0 0000 meter s Map datum WGS84 Civic Address Location Port Policies 1 none 2 none 3 none 4 none LLDPMED Civic Description Set or show LLDP MED Civic Address Location 478 ...

Page 479: ...ghborhood block street Street leading_street_direction Leading street direction trailing_street_suffix Trailing street suffix str_suf Street Suffix house_no House Number house_no_suffix House number suffix landmark Landmark or vanity address additional_info Additional location information name Bame residence and office occupant zip_code Postal zip code building Building structure apartment Unit ap...

Page 480: ...iority dscp Parameters policy_type The policy_type parameter takes the following values voice Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications voice_signaling Voice Signaling conditional for use i...

Page 481: ...aming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type video_signaling Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media tagged The device is using tagged frames unragged The device is using untag...

Page 482: ...f the prime meridian and negative numbers are West of the prime meridian altitude Altitude 32767 to 32767 Meters or floors with max 4 digits direction The direction parameter takes the following values North North Valid for latitude South South Valid for latitude West West Valid for longitude East East Valid for longitude Meters Meters Valid for altitude Floor Floor Valid for altitude coordinate_v...

Page 483: ...PMED Fast count Parameters count The number of times the fast start LLDPDU are being sent during the activation of the fast start mechanism defined by LLDP MED 1 10 LLDPMED Info Description Show LLDP MED neighbor device information Syntax LLDPMED Info port_list Parameters port_list Port list or all default All ports 483 ...

Page 484: ...e default QoS class If the QoS class has been dynamically changed then the actual QoS class is shown in parentheses after the configured QoS class Syntax QoS Port Classification Class port_list class Parameters port_list Port list or all default All ports class QoS class 0 7 Default Setting 0 Example Set default QoS class in 1 for port 1 WGSW 24040 qos Port Classification Class 1 1 QoS Port Classi...

Page 485: ...cation dpl 1 1 QoS Port Classification Tag Description Set or show if the classification is based on the PCP and DEI values in tagged frames Syntax QoS Port Classification Tag port_list enable disable Parameters port_list Port list or all default All ports enable Enable tag classification disable Disable tag classification default Show tag classification mode Default Setting disable Example Enable...

Page 486: ...lt All ports pcp_list PCP list or all default All PCPs 0 7 dei_list DEI list or all default All DEIs 0 1 class QoS class 0 7 dpl Drop Precedence Level 0 3 QoS Port Classification DSCP Description Set or show if the classification is based on DSCP value in IP frames Syntax QoS Port Classification DSCP port_list enable disable Parameters port_list Port list or all default All ports enable Enable DSC...

Page 487: ...olicer disable Disable port policer default Show port policer mode Default Setting disable Example Enable QoS port policer WGSW 24040 qos Port Policer Mode 1 10 enable QoS Port Policer Rate Description Set or show the port policer rate Syntax QoS Port Policer Rate port_list rate Parameters port_list Port list or all default All ports rate Rate in kbps or fps 100 13200000 Default Setting 500 Exampl...

Page 488: ...ort policer unit Default Setting kbps Example Set the port policer unit in fps WGSW 24040 qos Port Policer unit 1 10 fps QoS Port Policer Flow Control Description Set or show the port policer flow control If policer flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames Syntax QoS Port Policer FlowControl port_list enable disable Parame...

Page 489: ...strict Strict mode weighted Weighted mode default Show port scheduler mode Default Setting strict Example Set the port schedule mode in weighted mode WGSW 24040 qos Port Scheduler Mode 1 10 weighted QoS Port Scheduler Weight Description Set or show the port scheduler weight Syntax QoS Port Scheduler Weight port_list queue_list weight Parameters port_list Port list or all default All ports queue_li...

Page 490: ...able Disable port queue shaper default Show port queue shaper mode Default Setting disable Example Enable port queue shaper for all port queue WGSW 24040 qos Port QueueShaper Mode 1 10 0 7 enable QoS Port QueueShaper Rate Description Set or show the port queue shaper rate Syntax QoS Port QueueShaper Rate port_list queue_list bit_rate Parameters port_list Port list or all default All ports queue_li...

Page 491: ...or all default All queues 0 7 enable Enable use of excess bandwidth disable Disable use of excess bandwidth default Show port queue excess bandwidth mode Default Setting disable Example Enable the port queue excess bandwidth mode WGSW 24040 qos Port QueueShaper Excess 1 10 0 7 enable QoS Port TagRemarking Mode Description Set or show the port tag remarking mode Syntax QoS Port TagRemarking Mode po...

Page 492: ... or show the default PCP This value is used when port tag remarking mode is set to default Syntax QoS Port TagRemarking PCP port_list pcp Parameters port_list Port list or all default All ports pcp Priority Code Point 0 7 Default Setting 0 Example Set the default PCP in 1 WGSW 24040 qos Port TagRemarking PCP 1 10 1 QoS Port TagRemarking DEI Description Set or show the default DEI This value is use...

Page 493: ...0 7 and DP level 0 1 to PCP and DEI Syntax QoS Port TagRemarking Map port_list class_list dpl_list pcp dei Parameters port_list Port list or all default All ports class_list QoS class list or all default All QoS classes 0 7 dpl_list DP level list or all default All DP levels 0 1 pcp Priority Code Point 0 7 dei Drop Eligible Indicator 0 1 QoS Port DSCP Translation Description Set or show DSCP ingre...

Page 494: ...et or show DSCP classification based on QoS class This enables per port to map new DSCP value based on QoS class Syntax QoS Port DSCP Classification port_list none zero selected all Parameters port_list Port list or all default All ports none No DSCP ingress classification zero Classify DSCP if DSCP 0 selected Classify DSCP for which class mode is enable all Classify all DSCP default Show port DSC...

Page 495: ...CP default Show port DSCP egress remarking mode Default Setting disable Example Enable DSCP egress rewrite WGSW 24040 QoS Port DSCP EgressRemark 1 10 enable QoS DSCP Map Description Set or show DSCP mapping table This table is used to map QoS class and DP level based on DSCP value DSCP value used to map QoS class and DPL is either translated DSCP value or incoming frame DSCP value Syntax QoS DSCP ...

Page 496: ...7 EF or AF11 AF43 QoS DSCP Trust Description Set or show trusted DSCP value which is used for QoS classification The DSCP value to be checked for trust is either translated value ifDSCP translation is enabled for the ingress port or incoming frame DSCPvalue if translation is disabled for the port Trusted DSCP value is onlyused for QoS classification Syntax QoS DSCP Trust dscp_list enable disable P...

Page 497: ...ication MAP Description Set or show DSCP ingress classification table This table is used to map DSCP from QoS class and DP level The DSCP which needs to be classified depends on port DSCP classification and DSCP classification mode Incoming frame DSCP may be translated beforeusing the value for classification Syntax QoS DSCP Classification Map class_list dpl_list dscp Parameters class_list QoS cla...

Page 498: ...S Port Storm Unicast port_list enable disable rate kbps fps Parameters port_list Port list or all default All ports enable Enable storm policing of unicast frames disable Disable storm policing of unicast frames rate Rate in kbps or fps 100 13200000 kbps Unit is kilo bits per second fps Unit is frames per second Default Setting disable Example Enable unicast storm control in 2kbps WGSW 24040 QoS P...

Page 499: ...es per second Default Setting disable Example Enable multicast storm control in 2kbps WGSW 24040 QoS Port Storm multicast enable 2 QoS Port Storm Broadcast Description Set or show the broadcast storm rate limiter The limiter will only affect flooded frames i e frames with a VLAN ID DMAC pair not present in the MAC Address table Syntax QoS Storm Broadcast enable disable packet_rate Parameters enabl...

Page 500: ...p fragment sport dport ipv6 protocol sip_v6 dscp sport dport class dp classified_dscp Parameters qce_id QCE ID 1 256 default Next available ID qce_id_next Next QCE ID next_id 1 256 or last port_list Port List port port_list or all default All ports tag Frame tag untag tag any vid VID 1 4095 or any either a specific VID or range of VIDs pcp Priority Code Point specific 0 1 2 3 4 5 6 7 or range 0 1 ...

Page 501: ...n dp DP Level dp 0 3 default basic classification classified_dscp DSCP dscp 0 63 BE CS1 CS7 EF or AF11 AF43 QoS QCL Delete Description Delete QCE entry from QoS Control list Syntax QoS QCL Delete qce_id Parameters qce_id QCE ID 1 256 default Next available ID QoS QCL Lookup Description Lookup QoS Control List Syntax QoS QCL Lookup qce_id Parameters qce_id QCE ID 1 256 default Next available ID QoS...

Page 502: ... status voice_vlan Shows the status by Voice VLAN conflicts Shows all conflict status default Shows the combined status QoS QCL Refresh Description Resolve QCE conflict status Same H W resource is shared by multiple applications and it may not be available even before MAX QCE entry So user can release the resource in use by other applications and use this command to acquire the resource Syntax QoS...

Page 503: ...rameters port_list Port list or all default All ports Example Show mirror configuration WGSW 24040 mirror configuration Mirror Port Description Set or show the mirror port Syntax Mirror Port port disable Parameters port disable Mirror port or disable default Show port Default Setting disable Example Set port 2 for the mirror port WGSW 24040 mirror port 2 503 ...

Page 504: ...ble disable rx tx Parameters port_cpu_list Port list or CPU or all default All ports and CPU enable Enable Rx and Tx mirroring disable Disable Mirroring rx Enable Rx mirroring tx Enable Tx mirroring default Show mirror mode Default Setting disable Example Enable the mirror mode for port 1 4 WGSW 24040 mirror mode 1 4 enable 504 ...

Page 505: ...file_name Parameters ip_server TFTP server IP address a b c d file_name Configuration file name Configuration Load Description Load configuration from TFTP server Syntax Config Load ip_server file_name check Parameters ip_server TFTP server IP address a b c d file_name Configuration file name check Check configuration file only default Check and apply file 505 ...

Page 506: ...s a b c d or a host name string file_name Firmware file name Firmware IPv6 Load Description Load new firmware from IPv6 TFTP server Syntax Firmware IPv6 Load ipv6_server file_name Parameters ipv6_server TFTP server IPv6 address file_name Firmware file name Firmware Information Description Display information about active and alternate firmware images Syntax Firmware Information Firmware Swap Descr...

Page 507: ...User s Manual of WGSW 24040 WGSW 24040R Activate the alternate firmware image Syntax Firmware Swap 507 ...

Page 508: ...le Show UPnP configuration WGSW 24040 upnp configuration UPnP Configuration UPnP Mode Disabled UPnP TTL 4 UPnP Advertising Duration 100 UPnP Mode Description Set or show the UPnP mode Syntax UPnP Mode enable disable Parameters enable Enable UPnP disable Disable UPnP default Show UPnP mode Default Setting disable Example Enable the UPnP mode 508 ...

Page 509: ...fault Setting 4 Example Set the value 10 for TTL value of the IP header in SSDP messages WGSW 24040 upnp ttl 10 UPnP Advertising Duration Description Set or show UPnP Advertising Duration Syntax UPnP Advertising Duration duration Parameters duration duration range 100 86400 default Show UPnP duration range Default Setting 100 Example Set value 1000 for UPnP Advertising Duration WGSW 24040 upnp adv...

Page 510: ...on MVR Mode Disabled Muticast VLAN ID 100 Port Port Mode Port Type Immediate Leave 1 Disabled Receive Disabled 2 Disabled Receive Disabled 3 Disabled Receive Disabled 4 Disabled Receive Disabled 5 Disabled Receive Disabled 6 Disabled Receive Disabled 7 Disabled Receive Disabled 8 Disabled Receive Disabled 9 Disabled Receive Disabled 10 Disabled Receive Disabled MVR Mode Description Set or show the...

Page 511: ... mode enable MVR VLAN Setup Description Set or show per MVR VLAN configuration Syntax MVR VLAN Setup mvid add del upd Name mvr_name Parameters mvid MVR VLAN ID 1 4095 add Add operation del Delete operation upd Update operation name MVR Name keyword mvr_name MVR VLAN name Maximum of 32 characters MVR VLAN Mode Description Set or show per MVR VLAN mode Syntax MVR VLAN Mode vid mvr_name dynamic compa...

Page 512: ...MVR VLAN ID 1 4095 or Name Maximum of 32 characters port_list Port list or all default All ports source MVR source port receiver MVR receiver port inactive Disable MVR default Show MVR port role MVR VLAN LLQI Description Set or show per MVR VLAN LLQI Last Listener Query Interval Syntax MVR VLAN LLQI vid mvr_name mvr_param_llqi Parameters vid mvr_name MVR VLAN ID 1 4095 or Name Maximum of 32 charac...

Page 513: ...bound The boundary IPv4 IPv6 multicast group address for the channel name MVR Name keyword grp_name MVR Channel name Maximum of 32 characters MVR VLAN Priority Description Set or show per MVR VLAN priority and VLAN tag Syntax MVR VLAN Priority vid mvr_name priority tagged untagged Parameters vid mvr_name MVR VLAN ID 1 4095 or Name Maximum of 32 characters priority CoS priority value ranges from 0 ...

Page 514: ...sable Disable Immediate Leave default Show MVR Immediate Leave MVR Status Description Show Clear MVR operational status Syntax MVR Status vid clear Parameters vid VLAN ID 1 4095 clear Clear log MVR Groups Description Show MVR group addresses Syntax MVR Groups vid Parameters vid VLAN ID 1 4095 MVR SFM Description Show SFM including SSM related information for MVR Syntax 514 ...

Page 515: ...User s Manual of WGSW 24040 WGSW 24040R MVR SFM vid port_list Parameters vid VLAN ID 1 4095 port_list Port list or all default All ports 515 ...

Page 516: ...onfiguration V oice VLAN Configuration Voice VLAN Mode Disabled Voice VLAN VLAN ID 1000 Voice VLAN Age Time seconds 86400 Voice VLAN Traffic Class 7 Voice VLAN OUI Table Telephony OUI Description 00 30 4F PLANET phones 00 03 6B Cisco phones 00 0F E2 H3C phones 00 60 B9 Philips and NEC AG phones 00 D0 1E Pingtel phones 00 E0 75 Polycom phones 00 E0 BB 3Com phones 00 01 E3 Siemens AG phones Voice VL...

Page 517: ...abled OUI 9 Disabled Disabled OUI 10 Disabled Disabled OUI Voice VLAN Mode Description Set or show the Voice VLAN mode We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Mode enable disable Parameters enable Enable Voice VLAN mode disable Disable Voice VLAN mode default Show flow Voice VLAN mode Default Setting disable Example Ena...

Page 518: ...t Setting 1000 Example Set ID 2 for Voice VLAN ID WGSW 24040 voice vlan id 2 Voice VLAN Agetime Description Set or show Voice VLAN age time Syntax Voice VLAN Agetime age_time Parameters age_time MAC address age time 10 10000000 default Show age time Default Setting 86400sec Example Set Voice VLAN age time in 100sec WGSW 24040 voice valn agetime 100 518 ...

Page 519: ...e VLAN OUI Add Description Add Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process The maximum entry number is 16 Syntax Voice VLAN OUI Add oui_addr description Parameters oui_addr OUI address xx xx xx The null OUI address isn t allowed description Entry description Use clear or to clear the string No blank or space characters are permitted as part of a contact only in CLI E...

Page 520: ...xx xx The null OUI address isn t allowed Example Delete Voice VLAN OUI entry WGSW 24040 voice vlan oui delete 00 11 22 Voice VLAN OUI Clear Description Clear Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Clear Example Clear Voice VLAN OUI entry WGSW 24040 voice vlan oui clear Voice VLAN OUI Lookup Description Lookup Voice VLAN OUI entry Syntax Voi...

Page 521: ...orts disable Disjoin from Voice VLAN auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VLAN members automatically force Forced join to Voice VLAN default Show Voice VLAN port mode Default Setting disable Example Set auto mode for port 1 4 of Voice VLAN port mode WGSW 24040 voice vlan port mode 1 4 auto Voice VLAN Security Desc...

Page 522: ...ocol Description Set or show the Voice VLAN port discovery protocol mode It only work under auto detect mode is enabled We should enable LLDP feature before configure discovery protocol to LLDP or Both Change discovery protocol to OUI or LLDP will restart auto detect process Syntax Voice VLAN Discovery Protocol port_list oui lldp both Parameters port_list Port list or all default All ports OUI Det...

Page 523: ...t Mode Description Set or show the Loop Protection mode Syntax Loop Protect Mode enable disable Parameters enable Enable Loop Protection disable Disable Loop Protection Default Setting enable Loop Protect Transmit Description Set or show the Loop Protection transmit interval Syntax Loop Protect Transmit transmit time Parameters Transmit time interval 1 10 seconds Default Setting 5 523 ...

Page 524: ...Default Setting 10 Loop Protect Port Configuration Description Show Loop Protection port configuration Syntax Loop Protect Port Configuration port_list Parameters port_list Port list or all default All ports Loop Protect Port Mode Description Set or show the Loop Protection port mode Syntax Loop Protect Port Mode port_list enable disable Parameters port_list Port list or all default All ports enab...

Page 525: ...scription Set or show the Loop Protection port action Syntax Loop Protect Port Action port_list shutdown shut_log log Parameters port_list Port list or all default All ports shutdown Shutdown the port shut_log Shutdown the port and Log event log Only Log the event 525 ...

Page 526: ...for IPv6 MLD igmp IPMC for IPv4 IGMP IPMC Mode Description Set or show the IPMC snooping mode Syntax IPMC Mode mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC snooping disable Disable IPMC snooping default Show global IPMC snooping mode Default Setting disable Example Enable IGMP snooping WGSW 24040 ipmc mode igmp enable 526 ...

Page 527: ...flooding disable Disable IPMC flooding default Show global IPMC flooding mode Default Setting disable Example Enable IGMP flooding WGSW 24040 ipmc flooding igmp enable IPMC Leave Proxy Description Set or show the mode of IPMC Leave Proxy Syntax IPMC Leave Proxy mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC Leave Proxy disable Disable I...

Page 528: ... Proxy Syntax IPMC Proxy mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC Proxy disable Disable IPMC Proxy default Show global IPMC Proxy mode Default Setting disable Example Enable IGMP Proxy WGSW 24040 ipmc proxy igmp enable IPMC SSM Description Set or show the IPMC SSM Range Syntax IPMC SSM mld igmp Range prefix mask_len 528 ...

Page 529: ...4 32 IPv6 8 128 ssm range accordingly IPMC VLAN Add Description Add the IPMC snooping VLAN interface Syntax IPMC VLAN Add mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 IPMC VLAN Delete Description Delete the IPMC snooping VLAN interface Syntax IPMC VLAN Delete mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN...

Page 530: ...VLANs enable Enable MLD snooping disable Disable MLD snooping Default Setting disable Example Enable IGMP snooping state for VLAN 1 WGSW 24040 ipmc state igmp 1 enable IPMC Querier Description Set or show the IPMC snooping querier mode for VLAN Syntax IPMC Querier mld igmp vid enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show al...

Page 531: ...IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs auto v1 v2 v3 auto Auto Compatibility Default Value v1 Forced Compatibility of IGMPv1 or MLDv1 v2 Forced Compatibility of IGMPv2 or MLDv2 v3 Forced Compatibility of IGMPv3 default Show IPMC Interface Compatibility IPMC Fastleave Description Set or show the IPMC snooping fast leave port mode Syntax IPMC Fastl...

Page 532: ...4040 ipmc fastleave igmp 1 10 enable IPMC Throttling Description Set or show the IPMC port throttling status Syntax IPMC Throttling mld igmp port_list limit_group_number Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports 0 No limit 1 10 Group learn limit default Show IPMC Port Throttling Default Setting Unlimited Example Set the max learn...

Page 533: ...ing entry del Del existing port group filtering entry default Show IPMC port group filtering list group_addr IPv4 IPv6 multicast group address accordingly IPMC Router Description Set or show the IPMC snooping router port mode Syntax IPMC Router mld igmp port_list auto fix none Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP port_list Port list or all default All ports auto Enable...

Page 534: ...l VLANs Example Show VLAN 1 IPMC operational status WGSW 24040 ipmc status igmp 1 IPMC Groups Description Show IPMC group addresses accordingly Syntax IPMC Groups mld igmp vid Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs Example Show VLAN 1 IPMC group addresses accordingly WGSW 24040 ipmc groups igmp 1 IPMC Version Description S...

Page 535: ...mc version igmp 1 IPMC SFM Description Show SFM including SSM related information for IPMC Syntax IPMC SFM mld igmp vid port_list Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs port_list Port list or all default All ports IPMC Parameter RV Description Set or show the IPMC Robustness Variable Syntax IPMC Parameter RV mld igmp vid i...

Page 536: ... Query Interval Syntax IPMC Parameter QI mld igmp vid ipmc_param_qi Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs ipmc_param_qi 1 Default Value 125 1 31744 Query Interval in seconds default Show IPMC Interface Query Interval IPMC Parameter QRI Description Set or show the IPMC Query Response Interval Syntax IPMC Parameter QRI mld ...

Page 537: ...d ipmc_param_llqi Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP vid VLAN ID 1 4095 or any default Show all VLANs ipmc_param_llqi 1 Default Value 10 0 31744 Last Listener Query Interval in tenths of seconds default Show IPMC Interface Last Listener Query Interval IPMC Parameter URI Description Set or show the IPMC Unsolicited Report Interval Syntax IPMC Parameter URI mld igmp vi...

Page 538: ...User s Manual of WGSW 24040 WGSW 24040R 1 Default Value 1 0 31744 Unsolicited Report Interval in seconds default Show IPMC Interface Unsolicited Report Interval 538 ...

Page 539: ...he receiver if it is not currently owned by anyone or owned by CLI or Web If this argument is specified the remaining arguments are ignored timeout Receiver timeout measured in seconds The switch decrements the timeout once per second and as long as it is non zero the receiver receives samples Once the timeout reaches 0 the receiver and all its configuration is reset to defaults Valid range is 0 2...

Page 540: ...ible sampling rate 0 disables sampling max_hdr_size Specifies the maximum number of bytes to transmit per flow sample Valid range is 14 200 bytes Default 128 bytes sFlow CounterPoller Description Set or show counter polling interval configuration per port Syntax sFlow CounterPoller port_list interval Parameters port_list Port list or all Default All ports interval Polling interval in range 0 3600 ...

Page 541: ...W 24040 WGSW 24040R sFlow Statistics Samplers Description Get or clear per port statistics Syntax sFlow Statistics Samplers port_list clear Parameters port_list Port list or all Default All ports clear Clear statistics 541 ...

Page 542: ...based VLAN entry Syntax VCL Macvlan Add mac_addr vid port_list Parameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 port_list Port list or all default All ports Example Add 00 11 22 33 44 55 66 in VLAN 20 for all port WGSW 24040 vcl macvlan add 00 11 22 33 44 55 66 20 1 10 VCL MAC based VLAN Delete Description Delete VCL MAC based VLAN entry Syntax VCL Macvlan Del mac_addr Paramete...

Page 543: ...VLAN Add Ethernet II Description Add VCL protocol based VLAN Ethernet II protocol to group mapping Syntax VCL ProtoVlan Protocol Add Eth2 ether_type arp ip ipx at group_id Parameters ether_type arp ip ipx at Ether Type 0x0600 0xFFFF group_id Protocol group ID VCL Protocol based VLAN Add SNAP Description Add VCL protocol based VLAN SNAP protocol to group mapping Syntax VCL ProtoVlan Protocol Add Sn...

Page 544: ...P value 0x00 0xFF group_id Protocol group ID VCL Protocol based VLAN Delete Ethernet II Description Delete VCL protocol based VLAN Ethernet II protocol to group mapping Syntax VCL ProtoVlan Protocol Delete Eth2 ether_type arp ip ipx at Parameters ether_type arp ip ipx at Ether Type 0x0600 0xFFFF VCL Protocol based VLAN Delete SNAP Description Delete VCL protocol based VLAN SNAP protocol to group m...

Page 545: ... DSAP value 0x00 0xFF ssap SSAP value 0x00 0xFF VCL Protocol based VLAN Add Description Add VCL protocol based VLAN group to VLAN mapping Syntax VCL ProtoVlan Vlan Add port_list group_id vid Parameters port_list Port list or all default All ports group_id Protocol group ID vid VLAN ID 1 4095 VCL Protocol based VLAN Delete Description Delete VCL protocol based VLAN group to VLAN mapping Syntax VCL ...

Page 546: ...IP Subnet based VLAN configuration Syntax VCL IPVlan Configuration vce_id Parameters vce_id Unique VCE ID for each VCL entry VCL IP based VLAN Add Description Add or modify VCL IP Subnet based VLAN entry Syntax VCL IPVlan Add vce_id ip_addr_mask vid port_list Parameters vce_id Unique VCE ID for each VCL entry ip_addr_mask Source IP address and mask Format a b c d n vid VLAN ID 1 4095 port_list Por...

Page 547: ...User s Manual of WGSW 24040 WGSW 24040R VCL IP based VLAN Delete Description Delete VCL IP Subnet based VLAN entry Syntax VCL IPVlan Delete vce_id Parameters vce_id Unique VCE ID for each VCL entry 547 ...

Page 548: ...ration SMTP Mode Description Enable or disable SMTP configure Syntax SMTP Mode enable disable Parameters enable Enable SMTP mode disable Disable SMTP mode default Show SMTP mode SMTP Server Description Set or show SMTP server configure Syntax SMTP Server server port Parameters server SMTP server address port SMTP server port 548 ...

Page 549: ...le SMTP authentication default Show SMTP authentication SMTP Auth_user Description Set or show SMTP authentication user name configure Syntax SMTP Auth_user auth_user_text Parameters auth_user_text SMTP authentication user name SMTP Auth_pass Description Set or show SMTP authentication password configure Syntax SMTP Auth_pass auth_pass_text Parameters auth_pass_text SMTP authentication password 54...

Page 550: ...ddress SMTP Mail Subject Description Set or show SMTP E mail subject configure Syntax SMTP Mailsubject mailsubject_text Parameters mailsubject_text SMTP E mail subject SMTP Mail to 1 Description Set or show SMTP E mail 1 to configure Syntax SMTP Mailto1 mailto1_text Parameters mailto1_text SMTP E mail 1 to address SMTP Mail to 2 Description Set or show SMTP E mail 2 to configure 550 ...

Page 551: ...User s Manual of WGSW 24040 WGSW 24040R Syntax SMTP Mailto2 mailto2_text Parameters mailto1_text SMTP E mail 2 to address 551 ...

Page 552: ...this packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network needs efficienc...

Page 553: ...r On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode If attached device is 100Base TX port will set to 10Mbps no auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10Base T Full Duplex 100Mbps no auto negotiation 100Mbps 100Mbps...

Page 554: ...formance will be poor Please also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 100Base TX port link LED is lit but the traffic is irregular Soluti...

Page 555: ... IP Address be changed or forgotten admin password To reset the IP address to the default IP Address 192 168 0 100 or reset the password to default value Press the hardware reset button at the front panel about 10 seconds After the device is rebooted you can login the management WEB interface within the same subnet of 192 168 0 xx Reset 555 ...

Page 556: ...X When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 ...

Page 557: ... White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brow...

Page 558: ...d with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated w...

Page 559: ...rectional in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as...

Page 560: ...ting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP DHCP is an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addre...

Page 561: ...es represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping DHCP Snooping is used to block intruder on the untruste...

Page 562: ...e is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously H HTTP HTTP is an acronym for Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WW...

Page 563: ...ficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X IEEE 802 1X is an IEEE standard for port based Network Access Control It provides authentication to devices attached to a LAN port establishing a point to point connection or preventing access from that port if authentication fails With 802 1X acce...

Page 564: ...rnet Protocol address and this IP address is used to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number is reduced drastically by the practice of webmasters taking addresses in large blocks the bul...

Page 565: ...st connectivity in the network Can be used as a switch criteria by EPS M MAC Table Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured...

Page 566: ...Network Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X NetBIOS NetBIOS is an acronym for Netw...

Page 567: ...tional TLVs is disabled the corresponding information is not included in the LLDP frame OUI OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address P PCP PCP is an acronym for Priority Code Point It is a 3 b...

Page 568: ...forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of e mail and are not to be confused with the Simple Mail Transfer Protocol SMTP You send e mail with SMTP ...

Page 569: ...is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to...

Page 570: ... servers for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Microsoft Windows networking Samba can be installed on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the mast...

Page 571: ... for setting up each switch to perform shortest path forwarding within the stack SSID Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range advertising their SSIDs and can choose one to connect to based on pre configuration or by displaying a list of S...

Page 572: ... message or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP TELNET TELNET is an a...

Page 573: ...P Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units to exc...

Page 574: ...LAN ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality W WEP WEP is an acronym for Wired Equivalent Privacy WEP is a deprecate...

Page 575: ...onal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPS WPS...

Page 576: ...61000 3 2 2006 A2 2009 EN 61000 3 3 2008 EN 55024 1998 A1 2001 A2 2003 IEC 61000 4 2 2008 IEC 61000 4 3 2006 A1 2008 A2 2010 IEC 61000 4 4 2004 A1 2010 IEC 61000 4 5 2005 IEC 61000 4 6 2008 IEC 61000 4 8 2009 IEC 61000 4 11 2004 Responsible for marking this declaration if the Manufacturer Authorized representative established within the EU Authorized representative established within the EU if app...

Reviews:

No comments

Related manuals for WGSW-24040

ABLE 6 Series Installation & Maintenance Instructions preview
6 Series
Brand: ABLE Pages: 5
D-Link TM DES-6500 Command Line Interface Reference Manual preview
TM DES-6500
Brand: D-Link Pages: 267
H3C S3100 Series Command Manual preview
S3100 Series
Brand: H3C Pages: 1089
Datavideo SE-1000 Reference Manual preview
SE-1000
Brand: Datavideo Pages: 4
Datavideo SE-1200MU Quick Start Manual preview
SE-1200MU
Brand: Datavideo Pages: 66
Datavideo DAC-10 Quick Setup preview
DAC-10
Brand: Datavideo Pages: 2
Qlogic SilverStorm 9000 Hardware Installation Manual preview
SilverStorm 9000
Brand: Qlogic Pages: 50
HPM XL770T Product Information preview
XL770T
Brand: HPM Pages: 4
Intermatic T7802BC Supplementary Manual preview
T7802BC
Brand: Intermatic Pages: 1
Eaton Pow-R-Line SPX0361126 Maintenance Manual preview
Pow-R-Line SPX0361126
Brand: Eaton Pages: 584
Eaton Edison Cooper Power Series Installation And Operation Instructions Manual preview
Edison Cooper Power Series
Brand: Eaton Pages: 12
Ruby Tech GS-2108C User Manual preview
GS-2108C
Brand: Ruby Tech Pages: 254
cable matters 202046 Quick Start Manual preview
202046
Brand: cable matters Pages: 8
Inter-m PX-6116 Operation Manual preview
PX-6116
Brand: Inter-m Pages: 12
Stahl 128635 Operating Instructions Manual preview
128635
Brand: Stahl Pages: 29
Microsonic zws-7/CD/QS Operating Instructions preview
zws-7/CD/QS
Brand: Microsonic Pages: 2
NegoRack NR-MSR2701S User Manual preview
NR-MSR2701S
Brand: NegoRack Pages: 41
Generac Power Systems TRANSFER SWITCH Warranty Information Booklet preview
TRANSFER SWITCH
Brand: Generac Power Systems Pages: 1

Brands by name

Popular brands

Load more brands