Planet GS-5220 Series User Manual Download Page 1

Page: 1 / 568

User’s Manual of GS-5220 LCD Series

GS-5220 Series

L2+ Gigabit/10 Gigabit

Managed LCD Switch

Summary of Contents for GS-5220 Series

Page 1: ...User s Manual of GS 5220 LCD Series 1 GS 5220 Series L2 Gigabit 10 Gigabit Managed LCD Switch ...

Page 2: ...me without notice If you find information in this manual that is incorrect misleading or incomplete we would appreciate your comments and suggestions FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipmen...

Page 3: ...rical and electronic equipment end users of electrical and electronic equipment should understand the meaning of the crossed out wheeled bin symbol Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately Revision PLANET GS 5220 LCD Series User s Manual Model GS 5220 LCD LCD Series Revision 1 0 November 2017 Part No EM GS 5220 LCD series _v1 0 ...

Page 4: ...cifications 36 2 INSTALLATION 55 2 1 Hardware Description 55 2 1 1 Switch Front Panel 55 2 1 2 LED Indications 60 2 1 3 Switch Rear Panel 74 2 2 Installing the Switch 77 2 2 1 Desktop Installation 77 2 2 2 Rack Mounting 78 2 2 3 Installing the SFP SFP Transceiver 80 3 SWITCH MANAGEMENT 85 3 1 Requirements 85 3 2 Management Access Overview 87 3 3 Administration Console 88 3 4 Web Management 89 ...

Page 5: ...P Configuration 102 4 2 3 IP Status 106 4 2 4 Users Configuration 107 4 2 5 Privilege Levels 112 4 2 6 NTP Configuration 114 4 2 7 Time Configuration 115 4 2 8 UPnP 118 4 2 9 DHCP Relay 120 4 2 10 DHCP Relay Statistics 122 4 2 11 CPU Load 125 4 2 12 System Log 126 4 2 13 Detailed Log 128 4 2 14 Remote Syslog 129 4 2 15 SMTP Configuration 131 4 2 16 Web Firmware Upgrade 132 4 2 17 TFTP Firmware Upg...

Page 6: ... 2 25 System Reboot 140 4 3 Simple Network Management Protocol 142 4 3 1 SNMP Overview 142 4 3 2 SNMP System Configuration 144 4 3 3 SNMP Trap Configuration 146 4 3 4 SNMP System Information 149 4 3 5 SNMPv3 Configuration 150 4 3 5 1 SNMPv3 Communities 150 4 3 5 2 SNMPv3 Users 152 4 3 5 3 SNMPv3 Groups 154 4 3 5 4 SNMPv3 Views 156 4 3 5 5 SNMPv3 Access 157 4 4 Port Management 160 4 4 1 Port Config...

Page 7: ...4 LACP Port Status 182 4 5 5 LACP Port Statistics 183 4 6 VLAN 185 4 6 1 VLAN Overview 185 4 6 2 IEEE 802 1Q VLAN 186 4 6 3 VLAN Port Configuration 191 4 6 4 VLAN Membership Status 201 4 6 5 VLAN Port Status 203 4 6 6 Port Isolation 206 4 6 7 VLAN setting example 209 4 6 7 1 Two Separate 802 1Q VLANs 209 4 6 7 2 VLAN Trunking between two 802 1Q aware switches 212 4 6 7 3 Port Isolate 215 4 6 8 MAC...

Page 8: ... MSTI Configuration 244 4 7 7 MSTI Ports Configuration 246 4 7 8 Port Status 248 4 7 9 Port Statistics 250 4 8 Multicast 252 4 8 1 IGMP Snooping 252 4 8 2 Profile Table 258 4 8 3 Address Entry 259 4 8 4 IGMP Snooping Configuration 261 4 8 5 IGMP Snooping VLAN Configuration 265 4 8 6 IGMP Snooping Port Group Filtering 268 4 8 7 IGMP Snooping Status 269 4 8 8 IGMP Group Information 271 4 8 9 IGMPv3 ...

Page 9: ... 8 17 MVR Status 289 4 8 18 MVR Groups Information 290 4 8 19 MVR SFM Information 292 4 9 Quality of Service 294 4 9 1 Understanding QoS 294 4 9 2 Port Policing 295 4 9 3 Port Classification 297 4 9 4 Port Scheduler 299 4 9 5 Port Shaping 300 4 9 5 1 QoS Egress Port Schedule and Shapers 301 4 9 6 Port Tag Remarking 303 4 9 6 1 QoS Egress Port Tag Remarking 304 4 9 7 Port DSCP 305 4 9 8 DSCP based ...

Page 10: ...ess Control Lists 331 4 10 1 Access Control List Status 331 4 10 2 Access Control List Configuration 334 4 10 3 ACE Configuration 337 4 10 4 ACL Ports Configuration 356 4 10 5 ACL Rate Limiter Configuration 359 4 11 Authentication 361 4 11 1 Understanding IEEE 802 1X Port based Authentication 363 4 11 2 Authentication Configuration 367 4 11 3 Network Access Server Configuration 368 4 11 4 Network ...

Page 11: ...12 3 Access Management Statistics 430 4 12 4 HTTPs 432 4 12 5 SSH 434 4 12 6 Port Security Status 435 4 12 7 Port Security Detail 439 4 12 8 DHCP Snooping 440 4 12 9 Snooping Table 443 4 12 10 IP Source Guard Configuration 444 4 12 11 IP Source Guard Static Table 446 4 12 12 ARP Inspection 448 4 12 13 ARP Inspection Static Table 450 4 12 14 Dynamic ARP Inspection Table 451 4 13 Address Table 453 4...

Page 12: ...4 15 Network Diagnostics 483 4 15 1 Ping 485 4 15 2 IPv6 Ping 486 4 15 3 Remote IP Ping Test 488 4 15 4 Cable Diagnostics 489 4 16 Power over Ethernet 492 4 16 1 Power over Ethernet Powered Device 493 4 16 2 System Configuration 495 4 16 3 Power Over Ethernet Configuration 496 4 16 4 Port Sequential 499 4 16 5 Port Configuration 500 4 16 6 PoE Status 503 4 16 7 PoE Schedule 505 4 16 8 LLDP PoE Nei...

Page 13: ...4 RMON Event Status 521 4 18 5 RMON History Configuration 523 4 18 6 RMON History Status 524 4 18 7 RMON Statistics Configuration 526 4 18 8 RMON Statistics Status 527 4 19 LCD 530 4 19 1 LCD Management 530 4 20 ONVIF 532 4 20 1 ONVIF Device Search 532 4 20 2 ONVIF Device List 534 4 20 3 Map Upload Edit 536 4 20 4 Floor Map 537 5 SWITCH OPERATION 538 5 1 Address Table 538 5 2 Learning 538 5 3 Forw...

Page 14: ...es 14 5 4 Store and Forward 538 5 5 Auto Negotiation 539 6 TROUBLESHOOTING 540 APPENDIX A Networking Connection 542 A 1 Switch s Data RJ45 Pin Assignments 1000Mbps 1000BASE T 542 A 2 10 100Mbps 10 100BASE TX 542 APPENDIX B GLOSSARY 545 ...

Page 15: ...GS 5220 24T4XVR 24 4 GS 5220 16P2XV 16 16 2 300 GS 5220 16P2XVR 16 16 2 300 GS 5220 24P4XV 24 24 4 400 GS 5220 24P4XVR 24 24 4 400 GS 5220 24PL4XV 24 24 4 600 GS 5220 24P4LXVR 24 24 4 600 GS 5220 16UP2XV 16 16 2 400 GS 5220 16UP2XVR 16 16 2 400 GS 5220 24UP4XV 24 24 4 400 GS 5220 24UP4XVR 24 24 4 400 GS 5220 24UPL4XV 24 24 4 600 GS 5220 24UPL4XVR 24 24 4 600 Managed Switch is used as an alternativ...

Page 16: ...5220 16P2XVR 2 GS 5220 24P4XV 4 GS 5220 24P4XVR 4 GS 5220 24PL4XV 4 GS 5220 24P4LXVR 4 GS 5220 16UP2XV 2 GS 5220 16UP2XVR 2 GS 5220 24UP4XV 4 GS 5220 24UP4XVR 4 GS 5220 24UPL4XV 4 GS 5220 24UPL4XVR 4 If any of these are missing or damaged please contact your dealer immediately if possible retain the carton including the original packing material and use them again to repack the product in case the...

Page 17: ...rove the availability of critical business applications They provide IPv6 IPv4 dual stack management and built in L2 L4 Gigabit switching engine along with 16 24 10 100 1000BASE T ports featuring 36 75 watt Ultra PoE and 2 4 additional 10Gigabit SFP ports With a total power budget of up to 220 400 600 watts for different kinds of PoE applications the GS 5220 Series with LCD Touch Screen provides a...

Page 18: ...User s Manual of GS 5220 LCD Series 18 ...

Page 19: ...reatly promote management efficiency in large scale network such as enterprises hotels shopping malls government buildings and other public areas and feature the following special management and status functions IP address VLAN and QoS configuration PoE management and status Port management and status SFP information Troubleshooting cable diagnostic and remote IP ping Maintenance reboot factory de...

Page 20: ...the GS 5220 Series with the LCD Touch Screen GUI clients just need one click to search and show all of the ONVIF devices via network application In addition clients can upload floor images to the switch series making the deployments of surveillance and other devices easy for planning and inspection purposes Moreover clients can get real time surveillance s information and online offline status The...

Page 21: ...P be it end span Pins 1 2 3 and 6 or mid span Pins 4 5 7 and 8 they provide the capability to source up to 75 watts of power by using all the four pairs of standard Cat 5e 6 Ethernet cabling In the new 4 pair system two PSE controllers will be used to power both the data pairs and the spare pairs They can offer more PoE applications such as PoE PTZ speed dome Any network device that needs higher P...

Page 22: ...IP networks the GS 5220 Series with LCD Touch Screen features the following special PoE management functions PD alive check Scheduled power recycling PoE schedule PoE usage monitoring Intelligent Powered Device Alive Check The GS 5220 Series with LCD Touch Screen can be configured to monitor connected PD powered device status in real time via ping action Once the PD stops working and responding th...

Page 23: ... 5220 Series with LCD Touch Screen allows each of the connected PoE IP cameras or PoE wireless access points to reboot at a specified time each week Therefore they will reduce the chance of IP camera or AP crash resulting from buffer overflow PoE Schedule for Energy Saving Under the trend of energy saving worldwide and contributing to environmental protection the GS 5220 Series with LCD Touch Scre...

Page 24: ...iciency of the facilities Cost effective 10Gbps Uplink Capacity 10G Ethernet is a big leap in the evolution of Ethernet The two four 10G SFP slots of the GS 5220 Series with LCD Touch Screen support dual speed 10GBASE SR LR or 1000BASE SX LX meaning the administrator now can flexibly choose the suitable SFP SFP transceiver according to the transmission distance or the transmission speed required t...

Page 25: ...sing a low noise design and an effective ventilation system They support the smart fan technology that automatically controls the speed of the built in fan to reduce noise and maintain the temperature of the PoE switch for optimal power output capability The GS 5220 Series with LCD Touch Screen is able to operate reliably stably and quietly in any environment without affecting its performance Solu...

Page 26: ...ature which allows to cross over different VLANs and different IP addresses for the purpose of having a highly secure flexible management and simpler networking application Robust Layer 2 Features The GS 5220 series can be programmed for advanced switch management functions such as dynamic port link aggregation Q in Q VLAN Multiple Spanning Tree Protocol MSTP Layer 2 4 QoS bandwidth control and IG...

Page 27: ... ARP packets with invalid MAC address The network administrator can now construct highly secure corporate networks with considerably less time and effort than before User friendly Secure Management For efficient management the GS 5220 managed switch series is equipped with console web and SNMP management interfaces With the built in web based management interface the GS 5220 series offers an easy ...

Page 28: ... with LCD Touch Screen supports SFP DDM Digital Diagnostic Monitor function that greatly helps network administrator to easily monitor real time parameters of the SFP and SFP transceivers such as optical output power optical input power temperature laser bias current and transceiver supply voltage ...

Page 29: ...on of the Managed Switch Section 4 WEB CONFIGURATION The section explains how to manage the Managed Switch by Web interface Section 5 SWITCH OPERATION The chapter explains how to do the switch operation of the Managed Switch Section 6 POWER over ETHERNET OVERVIEW The chapter introduces the IEEE 802 3af 802 3at PoE standard and PoE provision of the Managed Switch Section 7 TROUBLESHOOTING The chapt...

Page 30: ...Port GS 5220 16P2XV R GS 5220 24P L 4XV R 16 24 10 100 1000BASE T Gigabit RJ45 copper ports with 16 24 port IEEE 802 3af at PoE injector 2 4 10GBASE SR LR SFP slots compatible with 1000BASE SX LX BX SFP RJ45 console interface for switch basic management and setup Ultra Power over Ethernet GS 5220 16UP2XV R GS 5220 24UP L 4XV R Complies with IEEE 802 3at Power over Ethernet Plus end span mid span P...

Page 31: ... span PSE Backward compatible with IEEE 802 3af Power over Ethernet Up to 16 24 ports of IEEE 802 3af IEEE 802 3at devices powered Supports PoE power up to 36 watts for each PoE port Auto detects powered device PD Circuit protection prevents power interference between ports Remote power feeding up to 100 meters PoE management Total PoE power budget control Per port PoE function enable disable PoE ...

Page 32: ...VLAN Edge PVE Protocol based VLAN MAC based VLAN Voice VLAN Supports Spanning Tree Protocol IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Supports Link Aggregation 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel static trunk Maximum 14 trunk groups up to 4 ports per trunk g...

Page 33: ...ueues on all switch ports Traffic classification IEEE 802 1p CoS TOS DSCP IP precedence of IPv4 IPv6 packets IP TCP UDP port number Typical network application Strict priority and Weighted Round Robin WRR CoS policies Supports QoS and In Out bandwidth control on each port Traffic policing on the switch port DSCP remarking Multicast Supports IGMP snooping v1 v2 and v3 Supports MLD snooping v1 and v...

Page 34: ...P messages Dynamic ARP Inspection discards ARP packets with invalid MAC address to IP address binding IP Source Guard prevents IP spoofing attacks IP address access management to prevent unauthorized intruder Management IPv4 and IPv6 dual stack management Switch Management Interfaces Console Telnet Command Line Interface Web switch management SNMP v1 v2c and v3 switch management SSH SSL secure acc...

Page 35: ...ect and report potential cabling issues SMTP Syslog remote alarm Four RMON groups history statistics alarms and events SNMP trap for interface Link Up and Link Down notification System Log PLANET Smart Discovery Utility for deployment management Smart fan with speed control Redundant Power System GS 5220 16T2XVR GS 5220 24T4XVR GS 5220 16 U P2XVR GS 5220 24 U P L 4XVR Redundant 100 240V AC 36 60V ...

Page 36: ...c 72Gbps non blocking 128Gbps non blocking Throughput 53 57Mpps 64Bytes 95 23Mpps 64Bytes Address Table 16K entries automatic source address learning and aging Shared Data Buffer 32M bits Flow Control IEEE 802 3x pause frame for full duplex Back pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default Dimensions W x D x H 440 x 200 x 56 mm 1 25U height ...

Page 37: ...egation IEEE 802 3ad LACP static trunk 12 groups with 8 port per trunk Spanning Tree Protocol IEEE 802 1D Spanning Tree Protocol STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP QoS Traffic classification based strict priority and WRR 8 level priority for switching Port number 802 1p priority 802 1Q VLAN tag DSCP ToS field in IP packet IGMP Snoopin...

Page 38: ...P Frameworks MIB RFC 4292 IP Forward MIB RFC 4293 IP MIB RFC 4836 MAU MIB IEEE 802 1X PAE LLDP Standards Conformance Regulatory Compliance FCC Part 15 Class A CE Standards Compliance IEEE 802 3 10BASE T IEEE 802 3u 100BASE TX 100BASE FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3ae 10Gb s Ethernet IEEE 802 3x flow control and back pressure IEEE 802 3ad port trunk with LACP IEEE...

Page 39: ... and Forward Switch Fabric 128Gbps non blocking Throughput 95 23Mpps 64Bytes Address Table 16K entries automatic source address learning and aging Shared Data Buffer 32M bits Flow Control IEEE 802 3x pause frame for full duplex Back pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default Dimensions W x D x H 440 x 300 x 56 mm 1 25U height Weight 4635g ...

Page 40: ... Mid span UPoE PoE Power Output Per port 54V DC 75 watts max Per port 52V DC 75 watts max Power Pin Assignment End span 1 2 3 6 Mid span 4 5 7 8 UPoE 1 2 3 6 4 5 7 8 PoE Power Budget 400 watts max 600 watts max PoE Ability PD 15 watts 24 units 24 units PoE Ability PD 30 watts 13 units 20 units PoE Ability PD 60 watts 6 units 10 units Layer 2 Management Functions Port Configuration Port disable ena...

Page 41: ...d WRR 8 level priority for switching Port number 802 1p priority 802 1Q VLAN tag DSCP ToS field in IP packet IGMP Snooping IGMP v1 v2 v3 snooping up to 255 multicast groups IGMP querier mode support MLD Snooping MLD v1 v2 snooping up to 255 multicast groups MLD querier mode support Access Control List IP based ACL MAC based ACL Up to 256 entries Bandwidth Control Per port bandwidth control Ingress...

Page 42: ... LX IEEE 802 3ab Gigabit 1000T IEEE 802 3ae 10Gb s Ethernet IEEE 802 3x flow control and back pressure IEEE 802 3ad port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of Service IEEE 802 1Q VLAN tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP IEEE 802 3af Power over...

Page 43: ...ps 64Bytes Address Table 16K entries automatic source address learning and aging Shared Data Buffer 32M bits Flow Control IEEE 802 3x pause frame for full duplex Back pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default Dimensions W x D x H 440 x 300 x 56 mm 1 25U height Weight 4635g 4675g 5339g 5439g LED System SYS Green AC PWR Green DC Green GS 52...

Page 44: ... Power Pin Assignment End span 1 2 3 6 PoE Power Budget 400 watts max 600 watts max PoE Ability PD 7 watts 24 units 24 units PoE Ability PD 15 watts 24 units 24 units PoE Ability PD 30 watts 13 units 20 units Layer 2 Management Functions Port Configuration Port disable enable Auto negotiation 10 100 1000Mbps full and half duplex mode selection Flow control disable enable Port Status Display each p...

Page 45: ...oping IGMP v1 v2 v3 snooping up to 255 multicast groups IGMP querier mode support MLD Snooping MLD v1 v2 snooping up to 255 multicast groups MLD querier mode support Access Control List IP based ACL MAC based ACL Up to 256 entries Bandwidth Control Per port bandwidth control Ingress 100Kbps 1000Mbps Egress 100Kbps 1000Mbps Layer 3 Functions IP Interfaces Max 8 VLAN interfaces Routing Table Max 32 ...

Page 46: ... IEEE 802 3ab Gigabit 1000T IEEE 802 3ae 10Gb s Ethernet IEEE 802 3x flow control and back pressure IEEE 802 3ad port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of Service IEEE 802 1Q VLAN tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP IEEE 802 3af Power over Et...

Page 47: ... IEEE 802 3x pause frame for full duplex Back pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default Dimensions W x D x H 440 x 300 x 56 mm 1 25U height Weight 4558g 4658g LED System SYS Green AC PWR Green DC Green GS 5220 16UP2XVR Only Fan1 2 3 Alert Red PoE PWR Alert Red PoE Ethernet Interfaces Port 1 to Port 16 bt PoE Green af at PoE Orange Etherne...

Page 48: ...nable Auto negotiation 10 100 1000Mbps full and half duplex mode selection Flow control disable enable Port Status Display each port s speed duplex mode link status flow control status auto negotiation status trunk status Port Mirroring TX RX Both Many to 1 monitor VLAN 802 1Q tagged based VLAN Q in Q tunneling Private VLAN Edge PVE MAC based VLAN Protocol based VLAN Voice VLAN MVR Multicast VLAN ...

Page 49: ...ps Layer 3 Functions IP Interfaces Max 8 VLAN interfaces Routing Table Max 32 routing entries Routing Protocols IPv4 software static routing IPv6 software static routing Management Basic Management Interfaces Console Telnet Web browser SNMP v1 v2c 2 4 inch color LCD touch screen Secure Management Interfaces SSH SSL SNMP v3 SNMP MIBs RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 286...

Page 50: ...t Power over Ethernet Plus IEEE 802 3bt 4 pair Power over Ethernet RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP v1 RFC 2236 IGMP v2 RFC 3376 IGMP v3 RFC 2710 MLD v1 FRC 3810 MLD v2 Environment Operating Temperature 0 50 degrees C Relative Humidity 5 95 non condensing Storage Temperature 10 70 degrees C Relative Humidity 5 95 non condensing Product GS 5220 16P2XV GS ...

Page 51: ...t Interfaces Port 1 to Port 16 PoE in use Orange Ethernet Interfaces Port 1 to Port 16 1000 LNK ACT Green 10 100 LNK ACT Orange 1 10G SFP Interfaces Port 17 to Port 18 1G Green 10G Orange Power Consumption Max 271 watts 924 69 BTU AC Max 271 watts 924 69 BTU DC Max 36 6 watts 124 88 BTU Power Requirements AC AC 100 240V 50 60Hz 2 6A Power Requirements DC DC 36 60V 2A ESD Protection 6KV DC Fan 3 sm...

Page 52: ...AN MVR Multicast VLAN registration Up to 255 VLAN groups out of 4095 VLAN IDs Link Aggregation IEEE 802 3ad LACP static trunk 9 groups with 2 port per trunk Spanning Tree Protocol IEEE 802 1D Spanning Tree Protocol STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP QoS Traffic classification based strict priority and WRR 8 level priority for switchin...

Page 53: ...rfaces Console Telnet Web browser SNMP v1 v2c 2 4 inch color LCD touch screen Secure Management Interfaces SSH SSL SNMP v3 SNMP MIBs RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Groups 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2863 IF MIB RFC 2933 IGMP STD MIB RFC 3411 SNMP Frameworks MIB RFC 4292 IP...

Page 54: ...ocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of Service IEEE 802 1Q VLAN tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP IEEE 802 3af Power over Ethernet IEEE 802 3at Power over Ethernet Plus RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP v1 RFC 2236 IGMP v2 RFC 3376 IGMP v3 RFC 2710 MLD v1 FRC 3810 MLD v2 Environment Op...

Page 55: ...l illustrations in this chapter display the unit LED indicators Before connecting any network device to the Managed Switch please read this chapter completely 2 1 Hardware Description 2 1 1 Switch Front Panel The front panel provides a simple interface monitoring the Managed Switch Figures 2 1 1 to 2 1 12 show the front panels of the Managed Switches GS 5220 16T2XV Front Panel Figure 2 1 1 Front P...

Page 56: ...Panel Figure 2 1 3 Front Panel of GS 5220 24T4XV GS 5220 24T4XVR Front Panel Figure 2 1 4 Front Panel of GS 5220 24T4XVR GS 5220 16P2XV Front Panel Figure 2 1 5 Front Panel of GS 5220 16P2XV GS 5220 16P2XVR Front Panel Figure 2 1 6 Front Panel of GS 5220 16P2XVR ...

Page 57: ...nel Figure 2 1 7 Front Panel of GS 5220 16UP2XV GS 5220 16UP2XVR Front Panel Figure 2 1 8 Front Panel of GS 5220 16UP2XVR GS 5220 24P4XV Front Panel Figure 2 1 9 Front Panel of GS 5220 24P4XV GS 5220 24P4XVR Front Panel Figure 2 1 10 Front Panel of GS 5220 24P4XVR ...

Page 58: ... Figure 2 1 11 Front Panel of GS 5220 24PL4XV GS 5220 24PL4XVR Front Panel Figure 2 1 12 Front Panel of GS 5220 24PL4XVR GS 5220 24UP4XV Front Panel Figure 2 1 13 Front Panel of GS 5220 24UP4XV GS 5220 24UP4XVR Front Panel Figure 2 1 14 Front Panel of GS 5220 24UP4XVR ...

Page 59: ...P slot 10GBASE SR LR mini GBIC slot SFP Small Factor Pluggable Plus Transceiver module supports from 300 meters multi mode fiber up to 10 kilometers single mode fiber Console port The console port is a RJ45 port connector It is an interface for connecting a terminal directly Through the console port it provides rich diagnostic information including IP address setting factory reset port management ...

Page 60: ... Managed Switch 5 sec Factory Default Reset the Managed Switch to Factory Default configuration The Managed Switch will then reboot and load the default settings as shown below Default Username admin Default Password admin Default IP Address 192 168 0 100 Subnet Mask 255 255 255 0 Default Gateway 192 168 0 254 The reset button of GS 5220 LCD Series is located at the front of the switch 2 1 2 LED I...

Page 61: ...e the system is working Off to indicate the system is booting 10 100 1000BASE T Interfaces Port 1 to Port 16 LED Color Function Ethernet Green Lights To indicate that the port is operating at 1000Mbps Blinks To indicate that the switch is actively sending or receiving data over that port Orange Lights To indicate that the port is operating at 10 100Mbps Blinks To indicate that the switch is active...

Page 62: ...l Figure 2 1 20 GS 5220 24T4XVR LED on Front Panel System GS 5220 24T4XV LED Color Function PWR Green Lights to indicate that the Switch has power SYS Green Lights to indicate the system is working Off to indicate the system is booting System GS 5220 24T4XVR LED Color Function AC Green Lights to indicate that the Switch has power from AC DC Green Lights to indicate that the Switch has power from D...

Page 63: ...actively sending or receiving data over that port 1 10GBASE SR LR SFP Interfaces Port 25 to Port 28 LED Color Function 10G Orange Lights To indicate that the port is operating at 10Gbps Blinks To indicate that the switch is actively sending or receiving data over that port 1000 Green Lights To indicate that the port is operating at 1000Mbps Blinks To indicate that the switch is actively sending or...

Page 64: ...YS Green Lights to indicate the system is working Off to indicate the system is booting FAN 1 Red Lights to indicate that FAN1 is down FAN 2 Red Lights to indicate that FAN2 is down FAN 3 Red Lights to indicate that FAN3 is down PoE PWR Red Lights to indicate that the PoE power is down 10 100 1000BASE T Interfaces Port 1 to Port 16 LED Color Function Ethernet Green Lights To indicate that the port...

Page 65: ...ely sending or receiving data over that port GS 5220 24P4XV GS 5220 24P4XVR LED Indication Figure 2 1 23 GS 5220 24P4XV LED on Front Panel Figure 2 1 24 GS 5220 24P4XVR LED on Front Panel System Alert GS 5220 24P4XV LED Color Function PWR Green Lights to indicate that the Switch has power SYS Green Lights to indicate the system is working Off to indicate the system is booting FAN 1 Red Lights to i...

Page 66: ... that the port is operating at 1000Mbps Blinks To indicate that the switch is actively sending or receiving data over that port Orange Lights To indicate that the port is operating at 10 100Mbps Blinks To indicate that the switch is actively sending or receiving data over that port PoE Orange Lights To indicate the port is providing DC in line power Off To indicate the connected device is not a Po...

Page 67: ...m is booting FAN 1 Red Lights to indicate that FAN1 is down FAN 2 Red Lights to indicate that FAN2 is down FAN 3 Red Lights to indicate that FAN3 is down PoE PWR Red Lights to indicate that the PoE power is down System Alert GS 5220 24PL4XVR LED Color Function AC Green Lights to indicate that the Switch has power from AC DC Green Lights to indicate that the Switch has power from DC SYS Green Light...

Page 68: ...tch is actively sending or receiving data over that port PoE Orange Lights To indicate the port is providing DC in line power Off To indicate the connected device is not a PoE Powered Device PD 1 10GBASE SR LR SFP Interfaces Port 25 to Port 28 LED Color Function 10G Orange Lights To indicate that the port is operating at 10Gbps Blinks To indicate that the switch is actively sending or receiving da...

Page 69: ... down FAN 3 Red Lights to indicate that FAN3 is down PoE PWR Red Lights to indicate that the PoE power is down System Alert GS 5220 16UP2XVR LED Color Function AC Green Lights to indicate that the Switch has power from AC DC Green Lights to indicate that the Switch has power from DC SYS Green Lights to indicate the system is working Off to indicate the system is booting FAN 1 Red Lights to indicat...

Page 70: ...e Off To indicate the connected device is not a PoE Powered Device PD Orange Lights To indicate the port is providing DC in line power with End span Mid span mode Off To indicate the connected device is not a PoE Powered Device PD 1 10GBASE SR LR SFP Interfaces Port 17 to Port 18 LED Color Function 10G Orange Lights To indicate that the port is operating at 10Gbps Blinks To indicate that the switc...

Page 71: ...lor Function AC Green Lights to indicate that the Switch has power from AC DC Green Lights to indicate that the Switch has power from DC SYS Green Lights to indicate the system is working Off to indicate the system is booting FAN 1 Red Lights to indicate that FAN1 is down FAN 2 Red Lights to indicate that FAN2 is down FAN 3 Red Lights to indicate that FAN3 is down PoE PWR Red Lights to indicate th...

Page 72: ...cate the connected device is not a PoE Powered Device PD 1 10GBASE SR LR SFP Interfaces Port 25 to Port 28 LED Color Function 10G Orange Lights To indicate that the port is operating at 10Gbps Blinks To indicate that the switch is actively sending or receiving data over that port 1000 Green Lights To indicate that the port is operating at 1000Mbps Blinks To indicate that the switch is actively sen...

Page 73: ...AN 1 Red Lights to indicate that FAN1 is down FAN 2 Red Lights to indicate that FAN2 is down FAN 3 Red Lights to indicate that FAN3 is down PoE PWR Red Lights to indicate that the PoE power is down 10 100 1000BASE T Interfaces Port 1 to Port 24 LED Color Function Ethernet Green Lights To indicate that the port is operating at 1000Mbps Blinks To indicate that the switch is actively sending or recei...

Page 74: ...ch is actively sending or receiving data over that port 2 1 3 Switch Rear Panel The rear panel of the Managed Switch consists of the AC DC inlet power socket Figures 2 1 33 to 2 1 34 show the rear panels of the Managed Switches GS 5220 16T2XV 16P2XV 24P4XV 24PL4XV 16UP2XV 24UP4XV 24UPL4XV Rear Panel Figure 2 1 33 Rear Panel of GS 5220 16T2XV 16P2XV 24P4XV 24PL4XV 16UP2XV 24UP4XV 24UPL4XV GS 5220 2...

Page 75: ...der using UPS Uninterrupted Power Supply for your device It will prevent you from network data loss or network downtime In some areas installing a surge suppression device may also help to protect your Managed Switch from being damaged by unregulated surge or current to the Switch or the power adapter DC Power Connector The following GS 5220 series supports redundant power system PoE not included ...

Page 76: ...re 2 1 35 Rear Panel of GS 5220 Redundant Power Models Warning Before connecting the DC power cable to the input terminal block of the GS 5220 redundant power models make sure that the power switch is in the OFF position and the DC power is OFF ...

Page 77: ... Installation To install the Managed Switch on desktop or shelf please follow these steps Step 1 Attach the rubber feet to the recessed areas on the bottom of the Managed Switch Step 2 Place the Managed Switch on the desktop or the shelf near an AC power source as shown in Figure 2 2 1 Figure 2 2 1 Place the Managed Switch on the Desktop Step 3 Keep enough ventilation space between the Managed Swi...

Page 78: ...p 5 Supply power to the Managed Switch Connect one end of the power cable to the Managed Switch Connect the power plug of the power cable to a standard wall outlet When the Managed Switch receives power the Power LED should remain solid Green 2 2 2 Rack Mounting To install the Managed Switch in a 19 inch standard rack please follow the instructions described below Step 1 Place the Managed Switch o...

Page 79: ...parts by using incorrect screws would invalidate the warranty Step 3 Secure the brackets tightly Step 4 Follow the same steps to attach the second bracket to the opposite side Step 5 After the brackets are attached to the Managed Switch use suitable screws to securely attach the brackets to the rack as shown in Figure 2 2 3 Figure 2 2 3 Mounting Managed Switch in a Rack ...

Page 80: ...ransceiver to from any SFP SFP port without having to power down the Managed Switch as the Figure 2 2 4 shows Figure 2 2 4 Plug in the SFP SFP Transceiver Approved PLANET SFP SFP Transceivers PLANET Managed Switch supports both single mode and multi mode SFP SFP transceivers The following list of approved PLANET SFP SFP transceivers is correct at the time of publication Gigabit Ethernet Transceive...

Page 81: ...Connector Interface Fiber Mode Distance Wavelength TX RX Operating Temp MGB LA10 1000 WDM LC Single Mode 10km 1310nm 1550nm 0 60 degrees C MGB LB10 1000 WDM LC Single Mode 10km 1550nm 1310nm 0 60 degrees C MGB LA20 1000 WDM LC Single Mode 20km 1310nm 1550nm 0 60 degrees C MGB LB20 1000 WDM LC Single Mode 20km 1550nm 1310nm 0 60 degrees C MGB LA40 1000 WDM LC Single Mode 40km 1310nm 1550nm 0 60 deg...

Page 82: ...m 0 60 degrees C 10Gbps SFP 10GBASE BX Single Fiber Bi directional SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength TX Wavelength RX Operating Temp MTB LA20 MTB LB20 10G WDM LC Single Mode 20km 1270nm 1330nm 0 60 degrees C 10G WDM LC Single Mode 20km 1330nm 1270nm 0 60 degrees C MTB LA40 MTB LB40 10G WDM LC Single Mode 40km 1270nm 1330nm 0 60 degrees C 10G WDM LC Single Mode...

Page 83: ...one side being the male duplex LC connector type Connect the Fiber Cable 1 Insert the duplex LC connector into the SFP SFP transceiver 2 Connect the other end of the cable to a device with SFP SFP transceiver installed 3 Check the LNK ACT LED of the SFP SFP slot on the front of the Managed Switch Ensure that the SFP SFP transceiver is operating correctly 4 Check the Link mode of the SFP SFP port i...

Page 84: ...How to Pull Out the SFP SFP Transceiver Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP SFP module slot of the Managed Switch ...

Page 85: ...g topics Requirements Management Access Overview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations running Windows 2000 XP 2003 Vista 7 8 10 2008 MAC OS9 or later or Linux UNIX or other platforms compatible with TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect T...

Page 86: ...User s Manual of GS 5220 LCD Series 86 It is recommended to use Internet Explore 7 0 or above to access Managed Switch ...

Page 87: ...t functionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be com...

Page 88: ...tosh or workstation connected to the Managed Switch s console serial port Figure 3 1 1 Console Management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight DB9 RS232 cable is required to...

Page 89: ...e associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 3 4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft In...

Page 90: ... external SNMP based application to configure and manage the Managed Switch such as SNMP Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set communit...

Page 91: ...vironment the Planet Smart Discovery Utility from user s manual CD ROM is an ideal solution The following installation instructions are to guide you to running the Planet Smart Discovery Utility 1 Deposit the Planet Smart Discovery Utility in administrator PC 2 Run this utility as the following screen appears Figure 3 1 6 Planet Smart Discovery Utility Screen ...

Page 92: ... from the devices such as MAC address device name firmware version and device IP subnet address It can also assign new password IP subnet address and description to the devices 2 After setup is completed press the Update Device Update Multi or Update All button to take effect The functions of the 3 buttons above are shown below Update Device use current setting on one single device Update Multi us...

Page 93: ...oadcast function it allows you to assign a new setting value to the Web Smart Switch under a different IP subnet address 4 Press the Connect to Device button and the Web login screen appears in Figure 3 1 4 5 Press the Exit button to shut down the Planet Smart Discovery Utility ...

Page 94: ...oes not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection making sure the manager PC must be set to the same IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC shou...

Page 95: ... follows http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen ap...

Page 96: ...access all the commands and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch 2 The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this first setup 4 Only accept c...

Page 97: ...witch s Web browser interface to configure and manage it Figure 4 1 4 Web Main Page Panel Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port status are illustrated as follows State Disabled Down Link RJ45 Ports ...

Page 98: ...eters manage and control the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can set up the Managed Switch by selecting the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Managed Switch Main Functions Menu ...

Page 99: ...current users Currently the only way to login as another user on the web server is to close and reopen the browser Privilege Levels This page provides an overview of the privilege levels NTP Configuration Configure NTP server on this page Time Configuration Configure time parameter on this page UPnP Configure UPnP on this page DHCP Relay Configure DHCP Relay on this page DHCP Relay Statistics This...

Page 100: ... Configure Upload You can upload the files to the switch Configure Activate You can activate the configuration file present on the switch ConfigureDelete You can delete the writable files which are stored in flash Image Select Configure active or alternate firmware on this page Factory Default You can reset the configuration of the Managed Switch on this page Only the IP configuration is retained ...

Page 101: ...ime The screen in Figure 4 2 1 appears Figure 4 2 1 System Information Page Screenshot The page includes the following fields Object Description Contact The system contact configured in SNMP System Information System Contact Name The system name configured in SNMP System Information System Name Location The system location configured in SNMP System Information System Location MAC Address The MAC A...

Page 102: ...tware Date The date when the Managed Switch software was produced Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page any changes made locally will be undone 4 2 2 IP Configuration The IP Configuration includes the IP Configuration IP Interface and IP Routes The configured column is used to view or change the IP c...

Page 103: ... The current column is used to show the active IP configuration Object Description IP Configurations Mode Configure whether the IP stack should act as a Host or a Router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed between all interfaces ...

Page 104: ... DNS server and reply as a DNS resolver to the client devices on the network IP Address Delete Select this option to delete an existing IP interface VLAN The VLAN associated with the IP interface Only ports in this VLAN will be able to access the IP interface This field is only available for input when creating a new interface IPv4 DHCP Enabled Enable the DHCP client by checking this box Fallback ...

Page 105: ...alid format is dotted decimal notation or a valid IPv6 notation A default route can use the value 0 0 0 0 or IPv6 notation Mask Length The destination IP network or host mask in number of bits prefix length Gateway The IP address of the IP gateway Valid format is dotted decimal notation or a valid IPv6 notation Gateway and Network must be of the same type Next Hop VLAN The VLAN ID VID of the speci...

Page 106: ... Figure 4 2 3 appears Figure 4 2 3 IP Status Page Screenshot The page includes the following fields Object Description IP Interfaces Interface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Status The status flags of the interface and or address IP Routes Network The destination IP network or host...

Page 107: ...ry 3 seconds Click to refresh the page 4 2 4 Users Configuration This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser After setup is completed press the Apply button to take effect Please login web interface with new user name and password the screen in Figure 4 2 4 appears Figure 4 2 4 Users Config...

Page 108: ... the group privilege level to have the access to that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc needs user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user accoun...

Page 109: ... Description Username A string identifying the user name that this entry should belong to The allowed string length is 1 to 31 The valid user name is a combination of letters numbers and underscores Password The password of the user The allowed string length is 1 to 31 Password again Please enter the user s new password here again to confirm ...

Page 110: ...vel 10 has the read write access And the system maintenance software upload factory defaults and etc needs user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved value...

Page 111: ...w password after changing the default password please press the Reset button on the front panel of the Managed Switch for over 10 seconds and then release it The current setting including VLAN will be lost and the Managed Switch will restore to the default mode ...

Page 112: ...privilege levels After setup is completed please press the Apply button to take effect Please login web interface with new user name and password and the screen in Figure 4 2 7 appears Figure 4 2 7 Privilege Levels Configuration Page Screenshot The page includes the following fields Object Description ...

Page 113: ...tion and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every privilege level group has an authorization level for the fo...

Page 114: ...ossible modes are Enabled Enable NTP mode operation When enabling NTP mode operation the agent forward and transfer NTP messages between the clients and the server when they are not on the same subnet domain Disabled Disable NTP mode operation Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits w...

Page 115: ...ration Configure Time Zone on this page A Time Zone is a region that has a uniform standard time for legal commercial and social purposes It is convenient for areas in close commercial or other communication to keep the same time so time zones tend to follow the boundaries of countries and their subdivisions The Time Zone Configuration screen in Figure 4 2 9 appears ...

Page 116: ...ncludes the following fields Object Description Time Zone Lists various Time Zones worldwide Select appropriate Time Zone from the drop down and click Save to set Acronym User can set the acronym of the time zone This is a User configurable acronym to identify the time zone Range Up to 16 characters ...

Page 117: ...ng Time duration for single time configuration Default Disabled Start Time Settings Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute End Time Settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes Select ...

Page 118: ...ponents The UPnP Configuration screen in Figure 4 2 10 appears Figure 4 2 10 UPnP Configuration Page Screenshot The page includes the following fields Object Description Mode Indicates the UPnP operation mode Possible modes are Enabled Enable UPnP mode operation Disabled Disable UPnP mode operation When the mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU The AC...

Page 119: ...o longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done at less than one half of the advertising duration In the implementation the switch sends SSDP messages periodically at the interval one half of the advertising duration minus 30 seconds Valid values are in the range 100 to 86400 Buttons Click to apply changes Clic...

Page 120: ...ion works by setting two sub options Circuit ID option 1 Remote ID option 2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no ...

Page 121: ...n Relay Server Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not on the same subnet domain Relay Information Mode Indicates the DHCP relay information mode option operation Possible modes are Enabled Enable DHCP relay information mode operation When enabling DHCP relay information mode op...

Page 122: ...sible policies are Replace Replace the original relay information when receiving a DHCP message that already contains it Keep Keep the original relay information when receiving a DHCP message that already contains it Drop Drop the package when receiving a DHCP message that already contains relay information Buttons Click to apply changes Click to undo any changes made locally and revert to previou...

Page 123: ...mber that received packets from server Receive Missing Agent Option The packets number that received packets without agent information options Receive Missing Circuit ID The packets number that received packets whose the Circuit ID option was missing Receive Missing Remote ID The packets number that received packets whose Remote ID option was missing Receive Bad Circuit ID The packets number whose...

Page 124: ...mber that received packets with relay agent information option Replace Agent Option The packets number that replaced received packets with relay agent information option Keep Agent Option The packets number that kept received packets with relay agent information option Drop Agent Option The packets number that dropped received packets with relay agent information option Buttons Auto refresh Check ...

Page 125: ...ser must support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 14 appears Figure 4 2 14 CPU Load Page Screenshot Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seco...

Page 126: ...5 appears Figure 4 2 15 System Log Page Screenshot The page includes the following fields Object Description ID The ID 1 of the system log entry Level The level of the system log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels ...

Page 127: ...fresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Updates the system log entries starting from the current entry ID Flushes the selected log entries Hides the selected log entries Downloads the selected log entries Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entry currently...

Page 128: ... includes the following fields Object Description ID The ID 1 of the system log entry Message The message of the system log entry Buttons Download the system log entry to the current entry ID Updates the system log entry to the current entry ID Updates the system log entry to the first available entry ID Updates the system log entry to the previous available entry ID Updates the system log entry t...

Page 129: ...ode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enab...

Page 130: ...hat kind of message will send to syslog server Possible modes are Info Send information warnings and errors Warning Send warnings and errors Error Send errors Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 131: ...n SMTP Mode Controls whether SMTP is enabled on this switch SMTP Server Type the SMTP server name or the IP address of the SMTP server SMTP Port Set port number of SMTP service SMTP Authentication Controls whether SMTP authentication is enabled if authentication is required when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enabled Authentic...

Page 132: ...nges Click to undo any changes made locally and revert to previously saved values 4 2 16 Web Firmware Upgrade This page facilitates an update of the firmware controlling the switch The Web Firmware Upgrade screen in Figure 4 2 19 appears Figure 4 2 19 Web Firmware Upgrade Page Screenshot To open Firmware Upgrade screen perform the following 1 Click System Web Firmware Upgrade 2 The Firmware Upgrad...

Page 133: ...naged Switch until the update progress is complete Do not quit the Firmware Upgrade page without pressing the OK button after the image is loaded Or the system won t apply the new firmware User has to repeat the firmware upgrade processes 4 2 17 TFTP Firmware Upgrade The Firmware Upgrade page provides the functions to allow a user to update the Managed Switch firmware from the TFTP server in the n...

Page 134: ...rver IP address Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmware DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without pressing the OK button after the image is loaded Or the system won t apply the new firmware User has to repeat the firmware upgrade processes ...

Page 135: ...ion Download The switch stores its configuration in a number of text files in CLI format The files are either virtual RAM based or stored in flash on the switch There are three system files running config A virtual file that represents the currently active configuration on the switch This file is volatile startup config The startup configuration for the switch read at boot time default config A re...

Page 136: ...nfig on the switch Please refer to the Figure 4 2 24 shown below Figure 4 2 24 Configuration Download Page Screenshot 4 2 20 Configuration Upload Configuration Upload page allows the upload the running config and startup config on the switch Please refer to the Figure 4 2 25 shown below Figure 4 2 25 Configuration Upload Page Screenshot ...

Page 137: ...le to create new files but an existing file must be overwritten or another deleted first 4 2 21 Configure Activate Thje Configure Activate page allows to activate the startup config and default config files present on the switch Please refer to the Figure 4 2 26 shown below Figure 4 2 26 Configuration Activate Page Screenshot It is possible to activate any of the configuration files present on the...

Page 138: ...e images in the device and allows you to revert to the alternate image The web page displays two tables with information about the active and alternate firmware images The Image Select screen in Figure 4 2 28 appears In case the active firmware image is the alternate image only the Active Image table is shown In this case the Activate Alternate Image button is also disabled 1 If the alternate imag...

Page 139: ...age The name of primary preferred image is image the alternate image is named image bk Version The version of the firmware image Date The date when the firmware was produced Buttons Click to use the alternate image This button may be disabled depending on system state 4 2 24 Factory Default You can reset the configuration of the Managed Switch on this page Only the IP configuration is retained The...

Page 140: ...ithout resetting the configuration To reset the Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel about 10 seconds After the device is rebooted you can login the management Web interface within the same subnet of 192 168 0 xx 4 2 25 System Reboot The Reboot page enables the device to be rebooted from a remote location Once the Reboot butt...

Page 141: ...ick to return to the Port State page without rebooting the system You can also check the SYS LED on the front panel to identify whether the System is loaded completely or not If the SYS LED is blinking then it is in the firmware load stage if the SYS LED light is on you can use the Web browser to login the Managed Switch ...

Page 142: ...ons that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fast CPUs megapixel color displays substantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elements They collect and store management information such as the number of error...

Page 143: ...device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are Write private Read public Use the SNMP Menu to display or configure the Managed Switch s SNMP function This section has the following items System Configuration Configure SNMP on this page Trap Configuration Co...

Page 144: ...Figure 4 3 1 SNMP System Configuration Page Screenshot The page includes the following fields Object Description Mode Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SN...

Page 145: ...te access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c commun...

Page 146: ... 146 4 3 3 SNMP Trap Configuration Configure SNMP trap on this page The SNMP Trap Configuration screen in Figure 4 3 2 appears Figure 4 3 2 SNMP Trap Configuration Page Screenshot The page includes the following fields Object Description ...

Page 147: ... Trap Community Indicates the community access string when send SNMP trap packet The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 Trap Destination Address Indicates the SNMP trap destination address Trap Destination Port Indicates the SNMP trap destination port SNMP Agent will send SNMP message via this port the port range is 1 65535 Trap Inform ...

Page 148: ...eld is used The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed Trap Security Name Indicates the SNMP trap security name SNMPv3 traps and informs using USM for authentication and privacy A unique security name is needed when traps and informs are enabled System Enable disable that the Interface group s traps...

Page 149: ... Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 3 4 SNMP System Information The switch system information is provided here The SNMP System Information screen in Figure 4 3 3 appears Figure 4 3 3 System Information Configuration Page Screenshot The page includes the following fields Object Description ...

Page 150: ...habet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters fro...

Page 151: ...ed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of source addresses can be used to restrict source subnet when combined with source mask Source Mask Indicates the SNMP access source address mask Buttons Click to add a new community e...

Page 152: ...between 10 and 64 but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Model VACM for access control For the USM entry the usmUserEngineID and usmUserName are the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of ...

Page 153: ... that this entry should belong to Possible authentication protocol are None None authentication protocol MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if entry already exist That means must first ensure that the value is set correctly ...

Page 154: ...er uses AES authentication protocol Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new user entry Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 3 5 3 SNMPv3 Groups Configure SNMPv3 groups table on this page...

Page 155: ...ould belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong to The allo...

Page 156: ...index keys are View Name and OID Subtree The SNMPv3 Views screen in Figure 4 3 7 appears Figure 4 3 7 SNMPv3 Views Configuration Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the a...

Page 157: ...ry which view type is included and it s OID subtree overstep the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Buttons Click to add a new view entry Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 3 5 5...

Page 158: ... 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Security Model Indicates the security model that this entry should belong to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security mo...

Page 159: ...wed content is the ASCII characters from 33 to 126 Write View Name The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new access entry Click to apply changes Click to undo any changes made locally and revert to previously sa...

Page 160: ...s Port Statistics Detail Lists Ethernet and RMON port statistics SFP Module Information Display SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Figure 4 4 1 Port Configuration Page Screenshot The page includes the...

Page 161: ...ps Full Duplex mode 100Mbps HDX Force sets 100Mbps Half Duplex mode 100Mbps FDX Force sets 100Mbps Full Duplex mode 1Gbps FDX Force sets 10000Mbps Full Duplex mode Auto Fiber 10G Set up 10G fiber port for negotiation automatically Disable Shut down the port manually Adv Duplex When duplex is set as auto i e auto negotiation the port will only advertise the specified duplex as either Fdx or Hdxto t...

Page 162: ... flow control This setting is related to the setting for Configured Link Speed PFC When PFC 802 1Qbb Priority Flow Control is enabled on a port then flow control on a priority level is enabled Through the Priority field range one or more of priorities can be configured e g 0 3 7 which equals 0 1 2 3 7 PFC is not supported through auto negotiation PFC and Flowcontrol cannot both be enabled on the s...

Page 163: ...payload of the frame If frame length check is enabled frames with payload size less than 1536 bytes are dropped if the EtherType Length field doesn t match the actually payload length If frame length check is disabled frames are not dropped due to frame length mismatch Note No drop counters count frames dropped due to frame length mismatch When setting each port to run at 100M Full 100M Half 10M F...

Page 164: ...isplayed counters are Object Description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion...

Page 165: ...o enable an automatic refresh of the page at regular intervals 4 4 3 Detailed Port Statistics This page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit The Det...

Page 166: ...elds Receive Total and Transmit Total Object Description Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes including FCS but excluding framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets ...

Page 167: ...ber of received and transmitted packets per input and output queue Receive Error Counters Object Description Rx Drops The number of frames dropped due to lack of receive buffers or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short frames received with valid CRC Rx Oversize The number of long frames received with valid CRC...

Page 168: ...o enable an automatic refresh of the page at regular intervals 4 4 4 SFP Module Information The WGSW 48040HP has supported the SFP module with digital diagnostics monitoring DDM function This feature is also known as digital optical monitoring DOM You can check the physical or operational status of an SFP module via the SFP Module Information page This page shows the operational status such as the...

Page 169: ... Display the speed of current SFP module the speed value or description is got from the SFP module Different vendors SFP modules might show different speed information Wave Length nm Display the wavelength of current SFP module the wavelength value is got from the SFP module Use this column to check if the wavelength values of two nodes are matched while the fiber connection failed Distance m Disp...

Page 170: ... SFP DDM module TX power dBm SFP DDM Module Only Display the TX power of current SFP DDM module the TX power value is got from the SFP DDM module RX power dBm SFP DDM Module Only Display the RX power of current SFP DDM module the RX power value is got from the SFP DDM module Buttons SFP Monitor Event Alert send trap Warning Temperature degrees C Check SFP Monitor Event Alert box it will be in acco...

Page 171: ...anager to keep close track of switch performance and alter it if necessary To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic anal...

Page 172: ... in Figure 4 4 8 appears Figure 4 4 8 Mirror Configuration Page Screenshot The page includes the following fields Object Description Port to mirror on Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled disables mirroring Port The logical port for the settings contained in the same row Mode Select mirror mode ...

Page 173: ...ed Disabled Neither frames transmitted or frames received are mirrored Both Frames received and frames transmitted are mirrored to the mirror port For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only Buttons Click to apply changes Click to undo any ch...

Page 174: ... Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supports the following Aggregation link...

Page 175: ...2 3ad standard Port link aggregations can be used to increase the bandwidth of a network connection or to ensure fault recovery Link aggregation lets you group up to 4 consecutive ports into a single dedicated connection between any two the Switch or other Layer 2 switches However before making any physical connections between devices use the Link aggregation Configuration menu to specify the link...

Page 176: ...P static link aggregation group then any extra ports selected are placed in a standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregation group then the number of ports must be the same as the group member ports The aggregation code ensures that frames belonging to the same frame flow for example a TCP connection are always forwarded on th...

Page 177: ...e Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destin...

Page 178: ...me Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Static Aggregation Group Configuration The Aggregation Group Configuration screen in Figure 4 5 3 appears Figure 4 5 3 Aggregation Group Configuration Page Screenshot The page includes the following fields Object Description ...

Page 179: ...efault no ports belong to any aggregation group Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 5 2 LACP Configuration Link Aggregation Control Protocol LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device LACP allows switches connected to each other to discover automatically whether any port...

Page 180: ...rt LACP will form an aggregation when 2 or more ports are connected to the same partner Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with differ...

Page 181: ...e priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower number means greater priority Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 5 3 LACP System Status This page provides a stat...

Page 182: ...y that the partner has assigned to this aggregation ID Partner Priority The priority of the aggregation partner Last Changed The time since this aggregation changed Local Ports Shows which ports are a part of this aggregation for this switch Buttons Click to refresh the page immediately Auto refresh Automatic refresh occurs every 3 seconds 4 5 4 LACP Port Status This page provides a status overvie...

Page 183: ...atus is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group Partner System ID The partner s System ID MAC address Partner Port The partner s port number connected to this port Partner Priority The partner s port priority Buttons Click to refresh the page immediately Auto refresh Automatic refre...

Page 184: ...r LACP Received Shows how many LACP frames have been sent from each port LACP Transmitted Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for all ports ...

Page 185: ... each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network...

Page 186: ... VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices...

Page 187: ...dcast multicast and unicast packets from unknown sources VLAN can also provide a level of security to your network IEEE 802 1Q VLAN will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recognize VLAN tags in packet headers The ta...

Page 188: ... 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bit 12 bits TPID Tag Protocol Identifier TCI Tag Control Information 2 bytes 2 bytes Preamble Destination Address Source Address VLAN TAG Ethernet Type Data ...

Page 189: ...is PVID in so far as VLAN are concerned Tagged packets are forwarded according to the VID contained within the tag Tagged packets are also assigned a PVID but the PVID is not used to make packet forwarding decisions the VID is Tag aware switches must keep a table to relate PVID within the switch to VID on the network The switch will compare the VID of a packet to be transmitted to the VID of the p...

Page 190: ...t the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs th...

Page 191: ...groups or subnets 4 6 3 VLAN Port Configuration This page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Configuration page All untagged packets arriving to the device are tagged by the ports PVID Understand nomenclature of the Switch IE...

Page 192: ...g Q in Q IEEE 802 1Q Tunneling Q in Q is designed for service providers carrying traffic for multiple customers across their networks Q in Q tunneling is used to maintain customer specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs This is accomplished by inserting Service Provider VLAN SPVLAN tags into the customer s frames when they ente...

Page 193: ...ted VID for frames entering the MAN When leaving the MAN the tag is stripped and the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service pr...

Page 194: ...ANs field By default only VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specified with a dash separating the lower and upper bound The following example will create VLANs 1 10 11 12 13 200 and 300 1 10 13 200 300 Spaces are allowed in between the delimiters Ethertype for Custom S ports This field specifies the et...

Page 195: ... to end stations Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged and C tagged frames Discards all frames that are not classified to the Access VLAN On egress all frames classified to the Access VLAN are transmitted untagged Ot...

Page 196: ... classified to the Port VLAN a k a Native VLAN get tagged on egress Frames classified to the Port VLAN do not get C tagged on egress Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress Hybrid Hybrid ports resemble trunk ports in many ways but adds additional port configuration features In addition to the characteristics described for trunk ports...

Page 197: ...rt VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the port but the frame is priority tagged VLAN ID 0 On egress frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN The Port VLAN is called an Access VLAN for ports in Access mode and Native VLAN for ports in Trunk or Hybrid mode ...

Page 198: ...e tag If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with a C tag S Port On ingress frames with a VLAN tag with TPID 0x8100 or 0x88A8 get classified to the VLAN ID embedded in the tag If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress the...

Page 199: ...ames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine However the port will never transmit frames classified to VLANs that it is not a member of Ingress Acceptance Hybrid ports allow for changing the type of frames that are accepted on ingress Tagged and Untagged Both tagged and untagged frames are accepted Tagged Only Only tagged frames are acc...

Page 200: ...ANs they are allowed to become members of The field s syntax is identical to the syntax used in the Enabled VLANs field By default a Trunk or Hybrid port will become member of all VLANs and is therefore set to 1 4095 The field may be left empty which means that the port will not become member of any VLANs Forbidden VLANs A port may be configured to never be member of one or more VLANs This is part...

Page 201: ...ndo any changes made locally and revert to previously saved values 4 6 4 VLAN Membership Status This page provides an overview of membership status for VLAN users The VLAN Membership Status screen in Figure 4 6 4 appears Figure 4 6 4 VLAN Membership Status for Static User Page Screenshot The page includes the following fields Object Description ...

Page 202: ...s control of virtual local area networks VLANs within a larger network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN Port Members A row of check boxes for each port ...

Page 203: ...lassified to the VLAN ID to be forwarded on the respective VLAN member ports Buttons Select VLAN Users from this drop down list Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID Updates the table starting ...

Page 204: ...f VLAN awareness is enabled the tag is removed from tagged frames received on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress p...

Page 205: ...d VLAN ID Shows UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side Conflicts Shows status of Conflicts whether exists or Not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur Functional Conflicts between feature Conflicts due to hardware limitation Direct conflict between user modules Buttons Se...

Page 206: ...cation examples are provided in this section Customers connected to an ISP can be members of the same VLAN but they are not allowed to communicate with each other within that VLAN Servers in a farm of web servers in a Demilitarized Zone DMZ are allowed to communicate with the outside world and with database servers on the inside segment but are not allowed to communicate with each other ...

Page 207: ...ive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN table This reduces the ports to wh...

Page 208: ...solation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately ...

Page 209: ...e Managed Switch handle Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLAN Each VLAN isolate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 7 appears and Table 4 6 8 describes the port configuration of the Managed Switches Figure 4 6 7 Two Separate VLANs Diagram ...

Page 210: ... the packet leaves Port 3 it will keep as a tagged packet with VLAN Tag 2 Tagged packet entering VLAN 2 5 While PC 3 transmit a tagged packet with VLAN Tag 2 enters Port 3 PC 1 and PC 2 will received the packet through Port 1 and Port 2 6 While the packet leaves Port 1 and Port 2 it will be stripped away it tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmit an un...

Page 211: ...ss VLANs column the 1 3 is including VLAN1 and 2 and 3 Figure 4 6 8 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 52 Figure 4 6 9 Change Port VLAN of Port 1 3 to be VLAN2 and Port VLAN of Port 4 6 to be VLAN3 ...

Page 212: ... Selects Egress Tagging as Tag All and Types 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 10 appears Figure 4 6 10 Check VLAN 2 and 3 Members on VLAN Membership Page 4 6 7 2 VLAN Trunking between two 802 1Q aware switches The most cases are used for Uplink to other switches VLANs are separated at different switches but they need to access with other switches within t...

Page 213: ...king Diagram Setup steps 1 Add VLAN Group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Figure 4 6 12 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2 Port 1 Port 2 and Port 3 ...

Page 214: ...uration 1 Specify Port 7 to be the 802 1Q VLAN Trunk port 2 Assign Port 7 to both VLAN 2 and VLAN 3 at the VLAN Member configuration page 3 Define a VLAN 1 as a Public Area that overlapping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member port 5 Specify Port...

Page 215: ...r VLAN 6 Repeat Steps 1 to 6 set up the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk repeat Steps 1 to 3 to assign the Trunk port to the VLANs 4 6 7 3 Port Isolate The diagram shows how the Managed Switch handles isolated and promiscuous ports and the each PC is not able to access the isolated port of each other s PCs But they all need to access with the same ser...

Page 216: ...20 LCD Series 216 Setup steps 1 Assign Port Mode Set Port 1 Port 4 in Isolate port Set Port5 and Port 6 in Promiscuous port The screen in Figure 4 6 17 appears Figure 4 6 17 The Configuration of Isolated and Promiscuous Port ...

Page 217: ...d VLAN Membership Configuration Page Screenshot The page includes the following fields Object Description Delete To delete a MAC based VLAN entry check this box and press save MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members A row of check boxes for each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or ...

Page 218: ...ill be deleted when you click Save The Delete button can be used to undo the addition of new MAC based VLANs Buttons Click to add a new MAC based VLAN entry Click to apply changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Up...

Page 219: ... Screenshot The page includes the following fields Object Description Delete To delete a Protocol to Group Name map entry check this box The entry will be deleted on the switch during the next Save Frame Type Frame Type can have one of the following values 1 Ethernet 2 LLC 3 SNAP Note On changing the Frame type field valid value of the following text field will vary depending on the new frame type...

Page 220: ...nally Unique Identifier is value in format of xx xx xx where each pair xx in string is a hexadecimal value ranges from 0x00 0xff b PID If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running o...

Page 221: ... new entry in mapping table Click to apply changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 4 6 10 Protocol based VLAN Membership This page allows you to map a already configured Group Name to a VLAN for the switch The Grou...

Page 222: ... 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or exclude the port from the mapping make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding a New Group to VLAN mapping entry Click Add New Entry to add a new entry in mapping table An empty row...

Page 223: ...Duplicated links are blocked from use and become standby links The protocol allows for the duplicate links to be used in the event of a failure of the primary link Once the Spanning Tree Protocol is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished auto...

Page 224: ... The path cost to the root from the transmitting port The port identifier of the transmitting port The switch sends BPDUs to communicate and construct the spanning tree topology All switches connected to the LAN on which the packet is transmitted will receive the BPDU BPDUs are not directly forwarded by the switch but the receiving switch uses the information in the frame to calculate a BPDU and i...

Page 225: ... Blocking state to a Forwarding state could create temporary data loops Ports must wait for new network topology information to propagate throughout the network before starting to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topo...

Page 226: ...m listening to learning or to disabled From learning to forwarding or to disabled From forwarding to disabled From disabled to blocking Figure 4 7 1 STP Port State Transitions You can modify each port state by using management software When you enable STP every port on every switch in the network goes through the blocking state and then transitions through the states of listening and ...

Page 227: ...ls The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels On the switch level STP calculates the Bridge Identifier for each switch and then sets th...

Page 228: ...numbers give a higher priority and a greater chance of a given switch being elected as the root bridge 32768 Hello Time The length of time between broadcasts of the hello message by the switch 2 seconds Maximum Age Timer Measures the age of a received BPDU for a port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The am...

Page 229: ...ters The Switch s factory default setting should cover the majority of installations However it is advisable to keep the default settings as set at the factory unless it is absolutely necessary The user changeable parameters in the Switch are as follows Priority A Priority for the switch can be set from 0 to 65535 0 is equal to the highest Priority Hello Time The Hello Time can be from 1 to 10 sec...

Page 230: ...to 200000000 The lower the number the greater the probability the port will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in the below diagram In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch...

Page 231: ... switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however relatively straight forward Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used ...

Page 232: ...between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link 4 7 2 STP System Configuration This page allows you to configure STP system settings The settings are used by all STP Bridge instances in ...

Page 233: ...ines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree The STP System Configuration screen in Figure 4 7 4 appears Figure 4 7 4 STP Bridge Configuration Page Screenshot The page includes the...

Page 234: ...TP RSTP bridge Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds De...

Page 235: ...pology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time that has to pass before a port in the error disabled state can be enabled Valid values are b...

Page 236: ...Object Description MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least c...

Page 237: ...fresh occurs every 3 seconds Click to refresh the page immediately 4 7 4 CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations and possibly change them as well The CIST Port Configuration screen in Figure 4 7 6 appears Figure 4 7 6 STP CIST Port Configuration Page Screenshot ...

Page 238: ... used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 AdminEdge Controls whether the operEdge flag shoul...

Page 239: ...connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or the physical link state of the attache...

Page 240: ... When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Table 4 7 1 Recommended STP Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2...

Page 241: ... Table 4 7 2 Recommended STP Path Costs Port Type Link Type IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 2 000 000 1 000 000 500 000 Fast Ethernet Half Duplex Full Duplex Trunk 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 10 000 5 000 Table 4 7 3 Default STP Path Costs ...

Page 242: ... in Figure 4 7 7 appears Figure 4 7 7 MSTI Priority Page Screenshot The page includes the following fields Object Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms ...

Page 243: ...User s Manual of GS 5220 LCD Series 243 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 244: ...TI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Configuration screen in Figure 4 7 8 appears Figure 4 7 8 MSTI Configuration Page Screenshot ...

Page 245: ...ration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI Mapping Object Description MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to on...

Page 246: ...red and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are global The MSTI Port Configuration screen in Figure 4 7 9 Figure 4 7 10 appears Figure 4 7 9 MSTI Port Configuration Page Screenshot The page includes the following fields MST...

Page 247: ... Series 247 Figure 4 7 10 MST1 MSTI Port Configuration Page Screenshot The page includes the following fields MSTx MSTI Port Configuration Object Description Port The switch port number of the corresponding STP CIST and MSTI port ...

Page 248: ...re chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost Buttons Click to set MSTx configuration Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 7 8 Port Status This page displays the ...

Page 249: ...one of the following values AlternatePort BackupPort RootPort DesignatedPort Disable CIST State The current STP port state of the CIST port The port state can be one of the following values Disabled Learning Forwarding Uptime The time since the bridge port was last initialized Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refr...

Page 250: ...mber of the logical RSTP port MSTP The number of MSTP Configuration BPDU s received transmitted on the port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unkno...

Page 251: ...User s Manual of GS 5220 LCD Series 251 Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for all ports ...

Page 252: ...o inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of...

Page 253: ...User s Manual of GS 5220 LCD Series 253 Figure 4 8 1 Multicast Service ...

Page 254: ...User s Manual of GS 5220 LCD Series 254 Figure 4 8 2 Multicast Flooding ...

Page 255: ...t any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query ...

Page 256: ...send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network...

Page 257: ...witch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to suppor...

Page 258: ...e 4 8 5 IPMC Profile Configuration Page The page includes the following fields Object Description Global Profile Mode Enable Disable the Global IPMC Profile System starts to do filtering based on profile settings only when the global profile mode is enabled Delete Check to delete the entry The designated entry will be deleted during the next save Profile Name The name used for indexing the profile...

Page 259: ...nage or inspect the rules of the designated profile by using the following buttons List the rules associated with the designated profile Adjust the rules associated with the designated profile Buttons Click to add new IPMC profile Specify the name and configure the new entry Click Save Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 3 Address...

Page 260: ...ed for indexing the address entry table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Start Address The starting IPv4 IPv6 Multicast Group Address that will be used as an address range End Address The ending IPv4 IPv6 Multicast Group Address that will be used as an address range Buttons Click to add new add...

Page 261: ...put fields Updates the table starting from the first entry in the IPMC Profile Address Configuration Updates the table starting with the entry after the last entry currently displayed 4 8 4 IGMP Snooping Configuration This page provides IGMP Snooping related configuration The IGMP Snooping Configuration screen in Figure 4 8 7 appears Figure 4 8 7 IGMP Snooping Configuration Page Screenshot ...

Page 262: ...ping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting IGMP SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Leave Proxy Enable Enable IGMP Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enable Enabl...

Page 263: ... IGMP Router port Use this mode when you connect an IGMP multicast server or IP camera which applied with multicast protocol to the port None The Managed Switch will not use the specified port as an IGMP Router port The Managed Switch will not keep any record of an IGMP router being connected to this port Use this mode when you connect other IGMP multicast servers directly on the non querier Manag...

Page 264: ...User s Manual of GS 5220 LCD Series 264 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 265: ...he VLAN input fields allow the user to select the starting point in the VLAN Table The IGMP Snooping VLAN Configuration screen in Figure 4 8 8 appears Figure 4 8 8 IGMP Snooping VLAN Configuration Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted during the next save VLAN ID The VLAN ID of the entry IGMP ...

Page 266: ...erating on hosts and routers within a network The allowed selection is IGMP Auto Forced IGMPv1 Forced IGMPv2 Forced IGMPv3 Default compatibility value is IGMP Auto PRI PRI Priority of Interface It indicates the IGMP control frame priority level generated by the system These values can be used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest default interfa...

Page 267: ...conds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Buttons Refreshes the displayed table starting from the VLAN input fields Updates the table starting from the first entry in the VLAN Table i e the e...

Page 268: ...ticast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at th...

Page 269: ...g condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 7 IGMP Snooping Status This page provides IGMP Snooping status The IGMP Snooping Status screen in Figure 4 8 10 appears Figure 4 8 10 IGMP Snooping Status Page Screenshot ...

Page 270: ...s Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leave Received The number of Received V2 Leave Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic denotes the s...

Page 271: ...default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the IGMP Group Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP Group Table The IGMP Groups Information screen in Figure 4 8 11 appears Figure 4 8 9 IGMP Snooping Groups Information Page Scree...

Page 272: ... this page The IGMP SSM Information Table is sorted first by VLAN ID then by group and then by Port No Diffrent source addresses belong to the same group are treated as single entry Each page shows up to 99 entries from the IGMP SSM Source Specific Multicast Information table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 e...

Page 273: ...de or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 address could be handled by chip or not Buttons Auto refresh Check this box to enable an au...

Page 274: ...layed 4 8 10 MLD Snooping Configuration This page provides MLD Snooping related configuration The MLD Snooping Configuration screen in Figure 4 8 13 appears Figure 4 8 13 MLD Snooping Configuration Page Screenshot The page includes the following fields Object Description Snooping Enabled Enable the Global MLD Snooping ...

Page 275: ...eave messages to the router side Proxy Enable Enable MLD Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggreg...

Page 276: ...N input fields allow the user to select the starting point in the VLAN Table The MLD Snooping VLAN Configuration screen in Figure 4 8 14 appears Figure 4 8 14 IGMP Snooping VLAN Configuration Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted during the next save VLAN ID The VLAN ID of the entry MLD Snoopi...

Page 277: ...erval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds QRI Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of sec...

Page 278: ...ccess to specified multicast services on a switch port and MLD throttling limits the number of simultaneous multicast groups a port can join MLD filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a po...

Page 279: ...ion Port The logical port for the settings Filtering Group Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 13 MLD Snooping Status This page provides MLD Snooping status The IGMP Snoopi...

Page 280: ...try Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Querier Transmitted The number of Transmitted Querier Querier Received The number of Received Querier V1 Reports Received The number of Received V1 Reports ...

Page 281: ...tatus Indicates whether specific port is a router port or not Buttons Click to refresh the page immediately Clears all Statistics counters Auto refresh Automatic refresh occurs every 3 seconds 4 8 14 MLD Group Information Entries in the MLD Group Table are shown on this page The MLD Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the MLD Group table d...

Page 282: ...ting with the entry after the last entry currently displayed 4 8 15 MLDv2 Information Entries in the MLD SFM Information Table are shown on this page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated a...

Page 283: ...of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Fil...

Page 284: ...sion application a PC or a network television or a set top box can receive the multicast stream Multiple set top boxes or PCs can be connected to one subscriber port which is a switch port configured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send an...

Page 285: ...User s Manual of GS 5220 LCD Series 285 This page provides MVR related configuration The MVR screen in Figure 4 8 19 appears ...

Page 286: ...nshot The page includes the following fields Object Description MVR Mode Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group table is full ...

Page 287: ...ss as source address used in IP header for IGMP control frames The default IGMP address is not set 0 0 0 0 When the IGMP address is not set system uses IPv4 management address of the IP interface associated with this VLAN When the IPv4 management address is not set system uses the first available IPv4 management address Otherwise system uses a pre defined value By default this value will be 192 0 ...

Page 288: ...ess Port The logical port for the settings Port Role Configure an MVR port of the designated MVR VLAN as one of the following roles Inactive The designated port does not participate MVR operations Source Configure uplink ports that receive and send multicast data as source ports Subscribers cannot be directly connected to source ports Receiver Configure a port as a receiver port if it is a subscri...

Page 289: ...us This page provides MVR status The MVR Status screen in Figure 4 8 20 appears Figure 4 8 20 MVR Status Page Screenshot The page includes the following fields Object Description VLAN ID The Multicast VLAN ID IGMP MLD Queries Received The number of Received Queries for IGMP and MLD respectively IGMP MLD Queries Transmitted The number of Transmitted Queries for IGMP and MLD respectively IGMPv1 Join...

Page 290: ...rs Auto refresh Automatic refresh occurs every 3 seconds 4 8 18 MVR Groups Information Entries in the MVR Group Table are shown on this page The MVR Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the MVR Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from t...

Page 291: ...up Groups Group ID of the group displayed Port Members Ports under this group Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the input fields Updates the table starting from the first entry in the MVR Channels Groups Information Table Updates the table starting with the entry after the last entry currently displayed ...

Page 292: ...o 99 entries from the MVR SFM Information Table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MVR SFM Information Table The Start from VLAN and Group Address input fields allow the user to select the starting point in the MVR SFM Information Table The MVR SFM Information screen in Figure 4...

Page 293: ...e is no any source filtering address the text None is shown in the Source Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting...

Page 294: ...ssigning priorities to traffic for example to set higher priorities to time critical or business critical applications Applying security policy through traffic filtering Provide predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter Improve performance for specific types of traffic and preserve performance as the amount of traf...

Page 295: ...assigned to a port s Rules comprises a service level and a classifier to define how the Switch will treat certain types of traffic Rules are associated with a QoS Profile see above To implement QoS on your network you need to carry out the following actions 1 Define a service level to determine the priority that will be applied to traffic 2 Apply a classifier to determine how the incoming traffic ...

Page 296: ...abled on this switch port Rate Controls the rate for the policer This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps The default value is 500 Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control is enabled and the port is in flow control mo...

Page 297: ...ort Classification This page allows you to configure the basic QoS Ingress Classification settings for all switch ports The Port Classification screen in Figure 4 9 2 appears Figure 4 9 2 QoS Ingress Port Classification Page Screenshot The page includes the following fields Object Description Port The port number for which the configuration below applies ...

Page 298: ...CoS can be overruled by a QCL entry Note If the default CoS has been dynamically changed then the actual default CoS is shown in parentheses after the configured default CoS DPL Controls the default drop precedence level All frames are classified to a drop precedence level If the port is VLAN aware and the frame is tagged then the frame is classified to a DPL that is equal to the DEI value in the ...

Page 299: ...appears Figure 4 9 3 QoS Egress Port Schedule Page Screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1 Mode Shows the scheduling mode for this port Q0 Q5 Shows the weight for this queue and port ...

Page 300: ...9 4 QoS Egress Port Shapers Page Screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers For more details please refer to chapter 4 9 5 1 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps ...

Page 301: ...Port Schedule and Shaper screen in Figure 4 9 5 appears Figure 4 9 5 QoS Egress Port Schedule and Shapers Page Screenshot The page includes the following fields Object Description Schedule Mode Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port ...

Page 302: ... weight for this queue This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted The default value is 17 Queue Scheduler Percent Shows the weight in percent for this queue This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate f...

Page 303: ... to previously saved values Click to undo any changes made locally and return to the previous page 4 9 6 Port Tag Remarking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports The Port Tag Remarking screen in Figure 4 9 6 appears Figure 4 9 6 QoS Egress Port Tag Remarking Page Screenshot ...

Page 304: ...de Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level 4 9 6 1 QoS Egress Port Tag Remarking The QoS Egress Port Tag Remarking for a specific port are configured on this page The QoS Egress Port Tag Remarking screen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarki...

Page 305: ... and DEI values used when the mode is set to Default QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS class DP level to PCP DEI values when the mode is set to Mapped Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 7 Port DSCP This page allows you to configure the basic QoS Port DSCP Configuration settin...

Page 306: ...ort The Port column shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress Translate Classify Translate To Enable the Ingress Translation click the checkbox ...

Page 307: ...ress rewrite Enable Rewrite enable without remapped Remap DP Unaware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is eithe...

Page 308: ...basic QoS DSCP based QoS Ingress Classification settings for all switches The DSCP based QoS screen in Figure 4 9 9 appears Figure 4 9 9 DSCP based QoS Ingress Classification Page Screenshot The page includes the following fields Object Description DSCP Maximum number of supported DSCP values are 64 ...

Page 309: ...mes with untrusted DSCP values are treated as a non IP frame QoS Class QoS Class value can be any of 0 7 DPL Drop Precedence Level 0 1 4 9 9 DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches DSCP translation can be done in Ingress or Egress The DSCP Translation screen in Figure 4 9 10 appears Figure 4 9 10 DSCP Translation Page Screenshot ...

Page 310: ...map There are two configuration parameters for DSCP Translation Translate Classify Translate DSCP at Ingress side can be translated to any of 0 63 DSCP values Classify Click to enable Classification at Ingress side Egress There is following configurable parameter for Egress side Remap Remap DP Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Buttons ...

Page 311: ...in Figure 4 9 11 appears Figure 4 9 11 DSCP Classification Page Screenshot The page includes the following fields Object Description QoS Class Available QoS Class value ranges from 0 to 7 QoS Class 0 7 can be mapped to followed parameters DPL Actual Drop Precedence Level DSCP Select DSCP value 0 63 from DSCP menu to map DSCP to corresponding QoS Class and DPL value ...

Page 312: ...de up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The QoS Control List screen in Figure 4 9 12 appears Figure 4 9 12 QoS Control List Configuration Page Screenshot The page includes the following fields Object Description QCE Indicates the index of QCE Port Indicates the list of por...

Page 313: ...ny SMAC Displays the OUI field of Source MAC address i e first three octet byte of MAC address Tag Type Indicates tag type Possible values are Any Match tagged and untagged frames Untagged Match untagged frames Tagged Match tagged frames The default value is Any VID Indicates VLAN ID either a specific VID or range of VIDs VID can be in the range 1 4095 or Any PCP Priority Code Point Valid value PC...

Page 314: ...tch only IPV6 frames Action Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS class DPL Classified Drop Precedence Level DSCP Classified DSCP value Modification Buttons You can modify each QCE in the table using the following buttons Inserts a new QCE before ...

Page 315: ...CE Configuration screen in Figure 4 9 13 appears Figure 4 9 13 QCE Configuration Page Screenshot The page includes the following fields Object Description Port Members Check the checkbox button in case you what to make any port member of the QCL entry By default all ports will be checked ...

Page 316: ...enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any Frame Type Frame Type can have any of the following values 1 Any 2 Ethernet 3 LLC 4 SNAP 5 IPv4 6 IPv6 Note all frame types are explained below Any Allow a...

Page 317: ...P or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values a...

Page 318: ...or IP protocol UDP TCP Action Parameters Class QoS class 0 7 or Default DPL Valid Drop Precedence Level can be 0 3 or Default DSCP Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Return to the prev...

Page 319: ...he QCL user QCE Indicates the index of QCE Port Indicates the list of ports configured with the QCE Frame Type Indicates the type of frame to look for incoming frames Possible frame types are Any The QCE will match all frame types Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV...

Page 320: ...yed under DSCP column Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen that resources required to add a QCE may not be available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on pressing Resolve Conflict butto...

Page 321: ...ect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen in Figure 4 9 15 appears Figure 4 9 15 Storm Control Configuration Page Screenshot The page includes the following fields Object Description Port The port...

Page 322: ...s kbps Mbps fps or kfps The default value is kbps Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 14 WRED This page allows you to configure the Random Early Detection RED settings for queue 0 to 5 RED cannot be applied to queue 6 and 7 Through different RED configuration for the queues QoS classes it is possible to obtain Weighted Ran...

Page 323: ... 1 Controls the drop probability for frames marked with Drop Precedence Level 1 when the average queue filling level is 100 This value is restricted to 0 100 Max DP2 Controls the drop probability for frames marked with Drop Precedence Level 2 when the average queue filling level is 100 This value is restricted to 0 100 Max DP3 Controls the drop probability for frames marked with Drop Precedence Le...

Page 324: ...reshold is the average queue filling level where the queues randomly start dropping frames The drop probability for frames marked with Drop Precedence Level n increases linearly from zero at Min Threshold average queue filling level to Max DP n at 100 average queue filling level Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 325: ...shot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Q0 Q7 There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Buttons Click to refresh the page immediately Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh ...

Page 326: ...ic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure 4 9 18 appears Figure 4 9 18 Voice VLAN Configuration Page Screenshot The page includes the following fields Object Descript...

Page 327: ...llowed range is 1 to 4095 Aging Time Indicates the Voice VLAN secure learning age time The allowed range is 10 to 10000000 seconds It used when security mode or auto detect mode is enabled In other cases it will based hardware age time The actual age time will be situated in the age_time 2 age_time interval Traffic Class Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply t...

Page 328: ...isabled Disable Voice VLAN security mode operation Port Discovery Protocol Indicates the Voice VLAN port discovery protocol It will only work when auto detect mode is enabled We should enable LLDP feature before configuring discovery protocol to LLDP or Both Changing the discovery protocol to OUI or LLDP will restart auto detect process Possible discovery protocols are OUI Detect telephony device ...

Page 329: ...N OUI Table Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it...

Page 330: ...User s Manual of GS 5220 LCD Series 330 Buttons Click to add a new access management entry Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 331: ...with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also co...

Page 332: ...lues are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv...

Page 333: ...bled is displayed the port redirect operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled CPU Forward packet that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU Counter The co...

Page 334: ... ACEs used for internal protocol cannot be edited or deleted the order sequence cannot be changed and the priority is highest The Access Control List Configuration screen in Figure 4 10 2 appears Figure 4 10 2 Access Control List Configuration Page Screenshot The page includes the following fields Object Description Ingress Port Indicates the ingress port of the ACE Possible values are All The ACE...

Page 335: ...IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled ...

Page 336: ...serts a new ACE before the current row Edits the ACE row Moves the ACE up the list Moves the ACE down the list Deletes the ACE The lowest plus sign adds a new entry at the bottom of the ACE listings Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page any changes made locally will be undone Click to clear the count...

Page 337: ... Different parameter options are displayed depending on the frame type selected A frame that hits this ACE matches the configuration that is defined here The ACE Configuration screen in Figure 4 10 3 appears Figure 4 10 3 ACE Configuration Page Screenshot The page includes the following fields Object Description Ingress Port Select the ingress port for which this ACE applies Any The ACE applies to...

Page 338: ...r you can enter a specific policy bitmask The allowed range is 0x0 to 0xff Frame Type Select the frame type for this ACE These frame types are mutually exclusive Any Any frame can match this ACE Ethernet Type Only Ethernet Type frames can match this ACE The IEEE 802 3 describes the value of Length Type Field specifications to be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP O...

Page 339: ...es that the port redirect operation is disabled Logging Specify the logging operation of the ACE The allowed values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Note The logging feature only works when the packet length is less than 1518 without VLAN tags and the System Log memory size and logging rate is limited Shutdown Specify ...

Page 340: ...x xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this SMAC value DMAC Filter Specify the destination MAC filter for this ACE Any No DMAC filter is specified DMAC filter status is don t care MC Frame must be multicast BC Frame must be broadcast UC Frame must be unicast Specific If you want to filter a specific destination MAC address with this...

Page 341: ...1 to 4095 A frame that hits this ACE matches this VLAN ID value Tag Priority Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is 0 to 7 The value Any means that no tag priority is specified tag priority is don t care ARP Parameters The ARP parameters can be configured when Frame Type ARP is selected Object Description ARP RARP Spec...

Page 342: ...he sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear Sender IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IP Mask When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation Target IP Filter Specify the ta...

Page 343: ... SHA is equal to the SMAC address Any Any value is allowed don t care RARP Target MAC Match Specify whether frames can hit the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address Any Any value is allowed don t care IP Ethernet Length Specify whether frames can hit the acti...

Page 344: ...e the HLD is equal to Ethernet 1 Any Any value is allowed don t care Ethernet Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 1 ARP RARP frames where the PRO is equal to IP 0x800 Any Any value is allowed don t care IP Parameters The IP parameters can be configured when Frame Type IPv4 is ...

Page 345: ...for defining UDP parameters will appear These fields are explained later in this help file TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fields are explained later in this help file IP Protocol Value When Specific is selected for the IP protocol value you can enter a specific value The allowed range is 0 to 255 A frame that hits this A...

Page 346: ...flag is set must not be able to match this entry Yes IPv4 frames where the options flag is set must be able to match this entry Any Any value is allowed don t care SIP Filter Specify the source IP filter for this ACE Any No source IP filter is specified Source IP filter is don t care Host Source IP filter is set to Host Specify the source IP address in the SIP Address field that appears Network So...

Page 347: ...ield that appears Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear DIP Address When Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation DIP Mask When Network is selected for the destination IP filter you can enter a speci...

Page 348: ...ined later in this help file TCP Select TCP to filter IPv6 TCP protocol frames Extra fields for defining TCP parameters will appear These fields are explained later in this help file Next Header Value When Specific is selected for the IPv6 next header value you can enter a specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IPv6 protocol value SIP Filter Specify th...

Page 349: ...are bit then SIPv6 address 2001 2 and 2001 3 are applied to this rule Hop Limit Specify the hop limit settings for this ACE zero IPv6 frames with a hop limit field greater than zero must not be able to match this entry non zero IPv6 frames with a hop limit field greater than zero must be able to match this entry Any Any value is allowed don t care ICMP Parameters Object Description ICMP Type Filte...

Page 350: ...s ACE Any No ICMP code filter is specified ICMP code filter status is don t care Specific If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears ICMP Code Value When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 A frame that hits t...

Page 351: ...The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Destination Filter Specify the TCP UDP destination filter for this ACE Any No TC...

Page 352: ... The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP FIN Specify the TCP No more data from sender FIN value for this ACE 0 TCP frames where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any Any value is allowed don t care TCP SYN Specify the TCP Synchronize sequenc...

Page 353: ...Specify the TCP Push Function PSH value for this ACE 0 TCP frames where the PSH field is set must not be able to match this entry 1 TCP frames where the PSH field is set must be able to match this entry Any Any value is allowed don t care TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE 0 TCP frames where the ACK field is set must not be able to match this entry 1 TC...

Page 354: ...et Type is selected Object Description EtherType Filter Specify the Ethernet type filter for this ACE Any No EtherType filter is specified EtherType filter status is don t care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears Ethernet Type Value When Specific is selected for the EtherTyp...

Page 355: ...User s Manual of GS 5220 LCD Series 355 Click to apply changes Click to undo any changes made locally and revert to previously saved values Return to the previous page ...

Page 356: ...ts Configuration screen in Figure 4 10 4 appears Figure 4 10 4 ACL Ports Configuration Page Screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Action Select whether forwarding is permitted Permit or denied D...

Page 357: ...the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate are limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is...

Page 358: ...Counts the number of frames that match this ACE Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Click to refresh the page any changes made locally will be undone Click to clear the counters ...

Page 359: ... Rate Limiter Configuration screen in Figure 4 10 5 appears Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot The page includes the following fields Object Description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate pps The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps ...

Page 360: ...User s Manual of GS 5220 LCD Series 360 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 361: ...te EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how ...

Page 362: ...over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challen...

Page 363: ...ation server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN Until the client is authenticated 802 1X access control allows only Extensible Authentication Protocol over LAN EAPOL traffic through the port to which the client is connected After authentication is successful normal traffic can pass through the port This section...

Page 364: ...tication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial In User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only...

Page 365: ...iate authentication If you enable authentication on a port by using the dot1x port control auto interface configuration command the switch must initiate authentication when it determines that the port link state transitions from down to up It then sends an EAP request identity frame to the client to request its identity typically the switch sends an initial identity request frame followed by one o...

Page 366: ...for 802 1X protocol packets When a client is successfully authenticated the port transitions to the authorized state allowing all traffic for the client to flow normally If a client that does not support 802 1X is connected to an unauthorized 802 1X port the switch requests the client s identity In this situation the client does not respond to the request the port remains in the unauthorized state...

Page 367: ...onse is received from the server after the specified number of attempts authentication fails and network access is not granted When a client logs off it sends an EAPOL logoff message causing the switch port to transition to the unauthorized state If the link state of a port transitions from up to down or if an EAPOL logoff frame is received the port returns to the unauthorized state 4 11 2 Authent...

Page 368: ...are offline In this case the next method is tried Each method is tried from left to right and continues until a method either approves or rejects a user If a remote server is used for primary authentication it is recommended to configure secondary authentication as local This will enable the management client to login via the local user database if none of the configured authentication servers are...

Page 369: ...ts overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create counterfeit MAC addresses which makes MAC based aut...

Page 370: ...o detect if a new device is plugged into a switch port or if a supplicant is no longer attached For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port Reauthentication Period Determines the period in seconds after which...

Page 371: ...me This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in a 802 1X based mode this is not so critical since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthentication is not enabled the only way to free resources is by agi...

Page 372: ...ill ignore new frames coming from the client during the hold time The Hold Time can be set to a number between 10 and 1000000 seconds RADIUS Assigned QoS Enabled RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch The RADIUS server must be configured to transmit special RADIUS att...

Page 373: ...etwork access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VL...

Page 374: ...e row for each port and a number of columns which are Object Description Port The port number for which the configuration below applies Admin State If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will b...

Page 375: ...forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the AAA configuration...

Page 376: ...s within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard bu...

Page 377: ...ed hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on t...

Page 378: ... Accept packet no longer carries a QoS Class or it s invalid or the supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X RADIUS attributes us...

Page 379: ...d This option is only available for single client modes i e Port based 802 1X Single 802 1X For troubleshooting VLAN assignments refer to the Monitor VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in ide...

Page 380: ... Max Reauth Count and no EAPOL frames have been received meanwhile the switch considers entering the Guest VLAN The interval between transmission of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is enabled the port will now be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been ...

Page 381: ... if EAPOL Seen is disabled Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in Force Authorized or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized or a single supplicant mod...

Page 382: ... runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unau...

Page 383: ...ject Description Port The switch port number Click to navigate to detailed NAS statistics for this port Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received E...

Page 384: ... server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 4 11 5 Network Access Statistics This page provides ...

Page 385: ...efer to NAS Port State for a description of the individual states QoS Class The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS a...

Page 386: ...802 1X Direction Name IEEE Name Description Rx Total dot1xAuthEapolFram esRx The number of valid EAPOL frames of any type that have been received by the switch Rx Response ID dot1xAuthEapolRespI dFramesRx The number of valid EAPOL Response Identity frames that have been received by the switch Rx Responses dot1xAuthEapolResp FramesRx The number of valid EAPOL response frames other than Response Ide...

Page 387: ... The number of EAPOL frames that have been received by the switch in which the frame type is not recognized Rx Invalid Lengt h dot1xAuthEapLength ErrorFramesRx The number of EAPOL frames that have been received by the switch in which the Packet Body Length field is invalid Tx Total dot1xAuthEapolFram esTx The number of EAPOL frames of any type that have been transmitted by the switch Tx Request ID...

Page 388: ...OL Request frames other than Request Identity frames that have been transmitted by the switch Backend Server Counters These backend RADIUS frame counters are available for the following administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Direction Name IEEE Name Description ...

Page 389: ...icates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Rx Other Requests dot1xAuthBackendOt herRequestsToSuppli cant 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the bac...

Page 390: ...switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Rx Auth Failures dot1xAuthBackendAu thFails 802 1X and MAC based Counts the number of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend server ...

Page 391: ... retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the following administrative sta...

Page 392: ...ersion 802 1X based The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable Identity 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable Selected Counters Object Description Selected Counters The Selected Counters table is visible when the port is one of the follow...

Page 393: ...e attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module State The client ca...

Page 394: ...orized Force Unauthorized Port based 802 1X Single 802 1X Click to clear the counters for the selected port This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to cle...

Page 395: ...re 4 11 7 appears Figure 4 11 7 RADIUS Server Configuration Page Screenshot The page includes the following fields Global Configuration These setting are common for all of the RADIUS Servers Object Description Timeout Timeout is the number of seconds in the range 1 to 1000 to wait for a reply from a RADIUS server before retransmitting the request ...

Page 396: ...n 0 zero will enable this feature but only if more than one server has been configured Key The secret key up to 63 characters long shared between the RADIUS server and the switch NAS IP Address The IPv4 address to be used as attribute 4 in RADIUS Access Request packets If this field is left blank the IP address of the outgoing interface is used NAS IPv6 Address The IPv6 address to be used as attri...

Page 397: ...alue Retransmit This optional setting overrides the global retransmit value Leaving it blank will use the global retransmit value Key This optional setting overrides the global key Leaving it blank will use the global key Buttons Click to add a new RADIUS server An empty row is added to the table and the RADIUS server can be configured as needed Up to 5 servers are supported Click to undo the addi...

Page 398: ... a reply from a TACACS server before it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 to 1440 minutes is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time...

Page 399: ... the TACACS server Port The TCP port to use on the TACACS server for authentication Timeout This optional setting overrides the global timeout value Leaving it blank will use the global timeout value Key This optional setting overrides the global key Leaving it blank will use the global key Buttons Click to add a new TACACS server An empty row is added to the table and the TACACS server can be con...

Page 400: ...counting Server Overview screen in Figure 4 11 9 appears Figure 4 11 9 RADIUS Authentication Accounting Server Overview Page Screenshot The page includes the following fields RADIUS Authentication Server Status Overview Object Description The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation o...

Page 401: ...nds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Server Status Overview Object Description The RAD...

Page 402: ...y to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Buttons Auto refresh...

Page 403: ... Server Overview screen in Figure 4 11 10 appears Figure 4 11 10 RADIUS Authentication Accounting for Server Overview Screenshot The page includes the following fields RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for ...

Page 404: ...tEx tAccessRejects The number of RADIUS Access Reject packets valid or invalid received from the server Rx Access Challenges radiusAuthClientEx tAccessChallenges The number of RADIUS Access Challenge packets valid or invalid received from the server Rx Malformed Access Responses radiusAuthClientEx tMalformedAccess Responses The number of malformed RADIUS Access Response packets received from the s...

Page 405: ...on the authentication port and dropped for some other reason Rx Packets Dropped radiusAuthClientEx tPacketsDropped The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason Tx Access Requests radiusAuthClientEx tAccessRequests The number of RADIUS Access Request packets sent to the server This does not include retransmissions Tx Ac...

Page 406: ...Access Reject Access Challenge timeout or retransmission Tx Timeouts radiusAuthClientEx tTimeouts The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other I...

Page 407: ...re made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip Time radiusAuthClie ntExtRoundTrip Time The time interval measured in milliseconds ...

Page 408: ...irectio n Name RFC4670 Name Description Rx Responses radiusAccClientEx tResponses The number of RADIUS packets valid or invalid received from the server Rx Malformed Responses radiusAccClientEx tMalformedResp onses The number of malformed RADIUS packets received from the server Malformed packets include packets with an invalid length Bad authenticators or unknown types are not included as malforme...

Page 409: ...me other reason Tx Requests radiusAccClientEx tRequests The number of RADIUS packets sent to the server This does not include retransmissions Tx Retransmissions radiusAccClientEx tRetransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server Tx Pending Requests radiusAccClientEx tPendingRequest s The number of RADIUS packets destined for the server that have not yet ti...

Page 410: ...to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other Info This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description IP Address IP address and UDP port for the accounting server in question ...

Page 411: ...s enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state i...

Page 412: ...matically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for the selected server The Pending Requests counter will not be cleared by this operation 4 11 10 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed switch In this case field in the default IP Address of the Managed Switch w...

Page 413: ...User s Manual of GS 5220 LCD Series 413 Figure 4 11 11 RADIUS Server Configuration Screenshot ...

Page 414: ...ser s Manual of GS 5220 LCD Series 414 2 Add New RADIUS Client on the Windows 2003 server Figure 4 11 12 Windows Server Add New RADIUS Client Setting 3 Assign the client IP address to the Managed Switch ...

Page 415: ...User s Manual of GS 5220 LCD Series 415 Figure 4 11 13 Windows Server RADIUS Server Setting 4 The shared secret key should be as same as the key configured on the Managed Switch ...

Page 416: ...etting 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration Figure 4 11 15 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then ...

Page 417: ...5220 LCD Series 417 Figure 4 11 16 Windows 2003 AD Server Setting Path 7 Enter Active Directory Users and Computers create legal user data next right click a user what you created to enter properties and what to be noticed ...

Page 418: ...User s Manual of GS 5220 LCD Series 418 Figure 4 11 17 Add User Properties Screen Figure 4 11 18 Add User Properties Screen ...

Page 419: ... systems windows 98SE ME 2000 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sampl...

Page 420: ...GS 5220 LCD Series 420 Figure 4 11 19 4 Select Authentication tab 5 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type ...

Page 421: ...User s Manual of GS 5220 LCD Series 421 Figure 4 11 20 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue ...

Page 422: ...S 5220 LCD Series 422 Figure 4 11 21 Windows Client Popup Login Request Message 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 22 ...

Page 423: ...rt settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer modul...

Page 424: ... System Configuration Object Description Mode Indicates if Limit Control is globally enabled or disabled on the switch If globally disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period ...

Page 425: ...ted to a port on this switch on which Limit Control is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers down If it wasn t for aging the end host would still take up resources on this switch and will be allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets s...

Page 426: ... on a given port Limit The maximum number of MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken The switch is born with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configur...

Page 427: ...t gets exceeded Shutdown If Limit 1 MAC addresses is seen on the port shut down the port This implies that all secured MAC addresses will be removed from the port and no new will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Boot the switch 2 Disable and re enab...

Page 428: ...r Trap Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap Shutdown Re open Button If a port is shutdown by this module you may reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shutdown in the Action section Note that clicking the reopen button causes t...

Page 429: ...llowing fields Object Description Mode Indicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable access management mode operation Delete Check to delete the entry It will be deleted during the next apply VLAN ID Indicates the VLAN ID for the access management entry Start IP address Indicates the start IP address for the acces...

Page 430: ...to add a new access management entry Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 3 Access Management Statistics This page provides statistics for access management The Access Management Statistics screen in Figure 4 12 3 appears Figure 4 12 3 Access Management Statistics Overview Page Screenshot The page includes the following fields Obj...

Page 431: ...he allowed packets number from the interface under access management mode is enabled Discard Packets The discarded packets number from the interface under access management mode is enabled Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears all statistics ...

Page 432: ...n will automatically redirect web browser to an HTTP connection Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation It only significant if HTTPS mode Enabled is selected Automatically redirects web browser to an HTTPS connection when both HTTPS mode and Automatic Redirect are enabled or redirect...

Page 433: ...User s Manual of GS 5220 LCD Series 433 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 434: ...w this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status The SSH ...

Page 435: ...or software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be block...

Page 436: ... following fields User Module Legend The legend shows all user modules that may request Port Security services Object Description User Module Name The full name of a module that may request Port Security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table ...

Page 437: ...t security State Shows the current state of the port It can take one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has in...

Page 438: ...er of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the port the Limit column will show a dash Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately ...

Page 439: ...he forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The Port Security Detail screen in Figure 4 12 7 appears Figure 4 12 7 Port Security Detail Screen Page Screenshot The page includes the following fields Object Description MAC Address VLAN ID The MAC ...

Page 440: ... that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown 4 12 8 DHCP Snooping DHCP Snooping is used to block intruder on the untrusted port...

Page 441: ...User s Manual of GS 5220 LCD Series 441 Configure DHCP Snooping on this page The DHCP Snooping Configuration screen in Figure 4 12 8 appears ...

Page 442: ...elds Object Description Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation ...

Page 443: ...y changes made locally and revert to previously saved values 4 12 9 Snooping Table This page display the dynamic IP assigned information after DHCP Snooping mode is disabled All DHCP clients obtained the dynamic IP address from the DHCP server will be listed in this table except for local VLAN interface IP addresses Entries in the Dynamic DHCP snooping Table are shown on this page The Dynamic DHCP...

Page 444: ...own in the displayed table To start over 4 12 10 IP Source Guard Configuration IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host This page provides IP Sou...

Page 445: ...ption Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard All configured ACEs will be lost when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port ...

Page 446: ...Buttons Click to translate all dynamic entries to static entries Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 11 IP Source Guard Static Table This page provides Static IP Source Guard Table The Static IP Source Guard Table screen in Figure 4 12 11 appears Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The page includes...

Page 447: ...for the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Buttons Click to add a new entry to the Static IP Source Guard table Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 448: ...2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page provides ARP Inspection related configuration The ARP Inspection Configuration screen in Figure 4 12 12 appears Figure 4 12 12 ARP Inspection Configuration Screen Page Screenshot The page includes the following fields Object Description ...

Page 449: ...ble the setting of Check VLAN The default setting of Check VLAN is disabled When the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting And the setting of Check VLAN is enabled the log type of ARP Inspection will refer to the VLAN setting Possible setting of Check VLAN are Enabled Enable check VLAN operation Disabled Disable check VLAN operation Only th...

Page 450: ...is page provides Static ARP Inspection Table The Static ARP Inspection Table screen in Figure 4 12 13 appears Figure 4 12 13 Static ARP Inspection Table Screen Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allow...

Page 451: ...s page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address The Dynamic ARP Inspection Table screen in Figure 4 12 14 appears Figure 4 12 14 Dynamic ARP Inspection Table Screenshot Navigating the ARP Inspection Table Each page shows up to 99 entries from the Dynamic ARP Inspection table default being 20 ...

Page 452: ...ed the text No more entries is shown in the displayed table Use the button to start over The page includes the following fields Object Description Port The port number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry IP Address The IP address of the entry Buttons Auto refresh Chec...

Page 453: ...ress and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time 4 13 1 MAC Tab...

Page 454: ...nds MAC Table Learning If the learning mode for a given port is grayed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Object Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done Secure Only static MAC entries are lea...

Page 455: ... It will be deleted during the next save VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Adding a New Static Entry Click to add a new entry to the static MAC table Specify the VLAN ID MAC address and port members for the new entry Click Save Buttons Click t...

Page 456: ...hrough the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update t...

Page 457: ... entry is a static or dynamic entry VLAN The VLAN ID of the entry MAC Address The MAC address of the entry Port Members The ports that are members of the entry Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Updates the table starting from the first entry in the MA...

Page 458: ... to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED infor...

Page 459: ...ch LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times TTL in seconds is based on the following rule Transmission Interval Holdtime Multiplier 65536 Therefore the default TTL is 4 30 120 seconds Tx Delay If some confi...

Page 460: ...n The LLDP port settings relate to the switch as reflected by the page header Object Description Port The switch port number of the logical LLDP port Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The swi...

Page 461: ...ontain multiple addresses but only the first address is shown in the LLDP neighbours table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighb...

Page 462: ...Capabilities Optional TLV When checked the system capability is included in LLDP information transmitted Management Address Optional TLV When checked the management address is included in LLDP information transmitted Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 14 3 LLDP MED Configuration This page allows you to configure the LLDP ME...

Page 463: ...User s Manual of GS 5220 LCD Series 463 Figure 4 14 2 LLDPMED Configuration Page Screenshot The page includes the following fields Fast start repeat count Object Description ...

Page 464: ...work Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbour has been detected in order share LLDP MED information as fast as possible to new neighbours Because there is a risk of an LLDP frame being lost during transmissio...

Page 465: ...he prime meridian or West of the prime meridian Altitude Altitude SHOULD be normalized to within 32767 to 32767 with a maximum of 4 digits It is possible to select between two altitude types floors or meters Meters Representing meters of Altitude defined by the vertical datum specified Floors Representing altitude in a form more relevant in buildings which have different floor to floor dimensions ...

Page 466: ...ican Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on water sea ocean Civic Address Location IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Object Description Country code The two letter ISO 3166 country code in capital ASCII letters Ex...

Page 467: ...itional location info Example South Wing Name Name residence and office occupant Example Flemming Jahn Zip code Postal zip code Example 2791 Building Building structure Example Low Library Apartment Unit Apartment suite Example Apt 42 Floor Floor Example 4 Room no Room number Example 450F Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post o...

Page 468: ...apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy ...

Page 469: ...ts on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior ...

Page 470: ...ce services Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy Softphone Voice for use by softphone applications on typical data centric devices such ...

Page 471: ... format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN ID VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application type L2 Priority may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined...

Page 472: ...t of policies that shall apply for a given port The set of policies is selected by checkmarking the checkboxes that corresponds to the policies Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 14 4 LLDP MED Neighbor This page provides a status overview for all LLDP MED neighbors The displayed table contains a row for each port on which a...

Page 473: ...f GS 5220 LCD Series 473 Figure 4 14 3 LLDP MED Neighbor Information Page Screenshot The page includes the following fields Fast start repeat count Object Description Port The port on which the LLDP frame was received ...

Page 474: ...oint Device category the LLDP MED scheme is broken into further Endpoint Device Classes as defined in the following Each LLDP MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class Fore example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also support all aspects of TIA 1057 applicable to Generic Endp...

Page 475: ...lities LLDP MED Capabilities describes the neighbor unit s LLDP MED capabilities The possible capabilities are 1 LLDP MED capabilities 2 Network Policy 3 Location Identification 4 Extended Power via MDI PSE 5 Extended Power via MDI PD 6 Inventory 7 Reserved ...

Page 476: ...tors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Signaling for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops Video Conferencing for use by dedicated V...

Page 477: ...d frame format VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead Pri...

Page 478: ...otiation Auto negotiation Capabilities Auto negotiation Capabilities shows the link partners MAC PHY capabilities Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 4 14 5 Neighbor This page provides a status overview for all LLDP neighbors The displayed table contains a row for each port on which an ...

Page 479: ...me is the name advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Mana...

Page 480: ...currently selected switch The LLDP Statistics screen in Figure 4 14 5 appears Figure 4 14 5 LLDP Statistics Page Screenshot The page includes the following fields Global Counters Object Description Neighbor entries were last changed It also shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbors Entries Added Sh...

Page 481: ...mber of LLDP frames received on the port Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote P...

Page 482: ...is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Buttons Click to refresh the page immediately Clears the local counters All counters including global counters are cleared upon reboot Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds ...

Page 483: ...ping and IPv6 ping allow you to issue ICMP PING packets to troubleshoot IP connectivity issues The Managed Switch transmit ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a var...

Page 484: ...r s Manual of GS 5220 LCD Series 484 After the diagnostics are finished the link is reestablished And the following functions are available Coupling between cable pairs Cable pair termination Cable Length ...

Page 485: ...l packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears Figure 4 15 1 ICMP Ping Page Screenshot The page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Be sure the target IP Address is within the same network subnet of the Managed Sw...

Page 486: ...Figure 4 15 2 ICMPv6 Ping Page Screenshot The page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Egress Interface The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and will be effective only when the correspo...

Page 487: ...User s Manual of GS 5220 LCD Series 487 Buttons Click to transmit ICMP packets Click to re start diagnostics with PING ...

Page 488: ...pon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Figure 4 15 3 Remote IP Ping Test Page Screenshot The page includes the following fields Object Description Port The logical port for the settings Remote IP Address The destination IP Address Ping Size The payload size of the ...

Page 489: ...nds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnostic on a 10 or 100 Mbps man...

Page 490: ...LCD Series 490 Figure 4 15 4 VeriPHY Cable Diagnostics Page Screenshot The page includes the following fields Object Description Port The port where you are requesting Cable Diagnostics Description Display per port description ...

Page 491: ...rt B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable pair The resolution is 3 meters Buttons Click to run the diag...

Page 492: ...em IP Camera system AP group for the enterprise For instance 16 24 cameras APs can be easily installed around the corners of the company for surveillance demands or a wireless roaming environment in the office can be built Without the power socket limitation the GS 5220 Ultra PoE PoE Series Switch makes the installation of cameras or WLAN AP easier and more efficient Figure 4 16 1 Power over Ether...

Page 493: ...ameras can be installed at enterprises museums campuses hospitals banks etc without worrying about electrical outlets 3 12 watts PoE Splitter PoE Splitter split the PoE 56V DC over the Ethernet cable into 5 12V DC power output It frees the device deployment from restrictions due to power outlet locations which eliminate the costs for additional AC wiring and reduces the installation time 3 25 watt...

Page 494: ...s railway stations warehouses airports and production facilities for the most demanding outdoor surveillance applications No electricians are needed to install AC sockets Since the PoE port of GS 5220 LCD series supports 52 54V DC PoE power output please check and assure the powered device s PD acceptable DC power range is from 52 54V DC otherwise it will damage the PD ...

Page 495: ...ng as the aggregated power of the system is lower than the power level at which additional PDs cannot be connected When this value is exceeded ports will be deactivated according to user defined priorities The power budget is managed according to the following user definable parameters maximum available power ports priority maximum allowable power per port Reserved Power determined by There are fi...

Page 496: ...rved powered exceeds the amount of power that the power supply can deliver In this mode the port power will not be turned on if the PD requests more available power LLDP mode In this mode the ports of PoE power are managed and determined by LLDP Media Protocol 4 16 3 Power Over Ethernet Configuration This section allows the user to inspect and configure the current PoE configuration settings as Fi...

Page 497: ...e System offers PoE power according to PD real power consumption Power Supply Budget W Set limit value of the total PoE port providing power to the PDs GS 5220 16P2XV and GS 5220 16P2XVR available maximum value is 300 watts GS 5220 24P4XV and GS 5220 24P4XVR GS 5220 16UP2XV and GS 5220 16UP2XVR GS 5220 24UP4XV and GS 5220 24UP4XVR available maximum value is 400 watts GS 5220 24PL4XV and GS 5220 24...

Page 498: ...el The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes A PD will return to Class 0 to 4 in accordance with the maximum power draw as specified by Table 4 16 1 Class Usage Range of maximum power used by the PD Class Description 0 Default 12 95 watts or to 15 4 watts for AF mode 25 5 watts or to 3...

Page 499: ...t up after the whole system program has finished running The page includes the following fields Object Description Sequential Power up Option Allows user to enable or disable Sequential Power up function Sequential Power up Interval Allows user to configure the PoE Port Start Up interval time Sequential Power up Port Option There are two modes for Starting Up the PoE Port By Port The PoE Port will...

Page 500: ...on This section allows the user to inspect and configure the current PoE port settings as Figure 4 16 4 shows Figure 4 16 4 Power over Ethernet Configuration Screenshot The page includes the following fields Object Description PoE Mode There are three modes for PoE mode Enable enable PoE function Disable disable PoE function Schedule enable PoE function in schedule mode ...

Page 501: ...turn Pins 4 5 pair 1 in both T568A and T568B form one side of the DC supply and pins 7 8 pair 4 in both T568A and T568B provide the return Priority The Priority represents PoE ports priority There are three levels of power priority named Low High and Critical The priority is used in case the total power consumption is over the total power budget In this case the port with the lowest priority will ...

Page 502: ...User s Manual of GS 5220 LCD Series 502 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 503: ...and current status for all PoE ports The screen in Figure 4 16 5 appears Figure 4 16 5 PoE Status Screenshot The page includes the following fields Object Description Sequential Power On Displays the current sequential power on mode System Power Budget Displays the maximum PoE power budget Operation Mode Displays the current PoE operation mode ...

Page 504: ...nit Local Port This is the logical port number for this row PD Class Displays the class of the PD attached to the port as established by the classification process Class 0 is the default for PDs The PD is powered based on PoE Class level if system is working in Classification mode A PD will return Class to 0 to 4 in accordance with the maximum power drawn as specified by Table 4 16 1 Power Used W ...

Page 505: ...tributing to the environmental protection on the Earth the Managed PoE switch can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMBs or enterprises save power and budget Scheduled Power Recycling ...

Page 506: ...User s Manual of GS 5220 LCD Series 506 The screen in Figure 4 16 6 appears Figure 4 16 6 PoE Schedule Screenshot ...

Page 507: ...what minute PoE function starts when enabled End Hour Allows user to set at what hour PoE function ends when disabled End Min Allows user to set at what minute PoE function ends when disabled Reboot Enable Allows user to enable or disable whole PoE port reboot by PoE reboot schedule Please note that if you want PoE schedule and PoE reboot schedule to work at the same time please use this function ...

Page 508: ...ual of GS 5220 LCD Series 508 Reboot Min Allows user to set at what minute PoE reboots This function is only for PoE reboot schedule Buttons click to add new rule Click to apply changes Click to delete the entry ...

Page 509: ...e following information The screen in Figure 4 16 7 appears Figure 4 16 7 LLDP PoE Neighbour Screenshot Please note that administrator has to enable LLDP port from LLDP configuration please refer to the following example The screen in Figure 4 16 8 appears To enable LLDP function from port1 to port3 administrator has to plug a PD that supports PoE LLDP function and then administrator is going to s...

Page 510: ...User s Manual of GS 5220 LCD Series 510 Figure 4 16 8 LLDP Configuration Screenshot ...

Page 511: ...es loop protection to prevent broadcast loops in Managed Switch 4 17 1 Configuration This page allows the user to inspect the current Loop Protection configurations and possibly change them as well as screen in Figure 4 17 1 appears Figure 4 17 1 Loop Protection Configuration Page Screenshot The page includes the following fields ...

Page 512: ...s are 0 to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart Port Configuration Object Description Port The switch port number of the port Enable Controls whether loop protection is enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Cont...

Page 513: ...d Switch port number of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Click to refresh the page immediately A...

Page 514: ... available from statistics Alarm Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON agent records Event A list of all events generated by RMON agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the...

Page 515: ...S 5220 LCD Series 515 ID Indicates the index of the entry The range is from 1 to 65535 Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold The range is from 1 to 2 31 1 ...

Page 516: ...f inbound packets that contains errors preventing them from being deliverable to a higher layer protocol InUnknownProtos the number of the inbound packets that is discarded because of the unknown or un support protocol OutOctets The number of octets transmitted out of the interface including framing characters OutUcastPkts The number of uni cast packets that requests to transmit OutNUcastPkts The ...

Page 517: ...ds possible sample types are RisingTrigger alarm when the first value is larger than the rising threshold FallingTrigger alarm when the first value is less than the falling threshold RisingOrFallingTrigger alarm when the first value is larger than the rising threshold or less than the falling threshold default Rising Threshold Rising threshold value 2147483648 2147483647 Rising Index Rising event ...

Page 518: ...re 4 18 2 appears Figure 4 18 2 RMON Alarm Overview Page Screenshot The page includes the following fields Object Description ID Indicates the index of Alarm control entry Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calcula...

Page 519: ...the first entry in the Alarm Table i e the entry with the lowest ID Updates the table starting with the entry after the last entry currently displayed 4 18 3 RMON Event Configuration Configure RMON Event table on this page The entry index key is ID screen in Figure 4 18 3 appears Figure 4 18 4 RMON Event Configuration Page Screenshot The page includes the following fields Object Description Delete...

Page 520: ...yer protocol snmptrap The number of broad cast and multi cast packets delivered to a higher layer protocol logandtrap The number of inbound packets that are discarded even the packets are normal Community Specify the community when trap is sent the string length is from 0 to 127 default is public Event Last Time Indicates the value of sysUpTime at the time this event entry last generated an event ...

Page 521: ...isplayed will be the one with the lowest Event Index and Log Index found in the Event table screen in Figure 4 18 5 appears Figure 4 18 5 RMON Event Overview Page Screenshot The page includes the following fields Object Description Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry Logtime Indicates Event log time Log Description Indicates the Event d...

Page 522: ...table starting from the first entry in the Alarm Table i e the entry with the lowest ID Updates the table starting with the entry after the last entry currently displayed Updates the table starting with the entry after the last entry currently displayed ...

Page 523: ...the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Buckets Indicates the maximum data entries associated this History control entry stored in RMON The range is from 1 to 3600 default value is 50 Buckets Grant...

Page 524: ...l entry Sample Start The value of sysUpTime at the start of the interval over which this sample was measured Drop The total number of events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets...

Page 525: ...e size is less than 64 octets received with invalid CRC Jabb The number of frames whose size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions in this Ethernet segment Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent Buttons Click to refre...

Page 526: ...tion Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored Buttons Click to add a new community entry Click to apply changes Click to undo any changes made locally and revert to pr...

Page 527: ...reen in Figure 4 18 9 appears Figure 4 18 9 RMON Statistics Status Overview Page Screenshot The page includes the following fields Object Description ID Indicates the index of Statistics entry Data Source ifIndex The port ID which wants to be monitored Drop The total number of events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data inclu...

Page 528: ...tets received with invalid CRC Coll The best estimate of the total number of collisions in this Ethernet segment 64 Bytes The total number of packets including bad packets received that were 64 octets in length 65 127 The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 The total number of packets including bad packets received that were b...

Page 529: ... Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID Updates the table starting with the entry after the last entry currently displayed ...

Page 530: ... LCD Enable allows user enable LCD panel Disable allows user to disable LCD panel Touch Screen Enable allows user enable touch screen feature Disable allows user to disable touch screen feature Backlight Timeout Enable allows user enable panel backlight timeout time feature Disable allows user to disable panel backlight timeout time feature Backlight Timeout Time All user to setup backlight timeou...

Page 531: ...lay in next time system rebooting Time Interval Allows user to input time interval for page refresh Please note that shorter time interval will cause high CPU load so we suggest using default setting 10 seconds Color Scheme Allows user to replace LCD background color Uses this feature user has to save configuration and reboot system Pin Number It is password For security reason when user changed c...

Page 532: ...y between network video products regardless of manufacturer 4 20 1 ONVIF Device Search Entries in the ONVIF Devices Table are shown on this page The ONVIF Devices Table can sorted first by VLAN ID Model MAC Addreen then by IP Address The ONVIF Devices Table screen in Figure 4 20 1 appears Figure 4 20 1 ONVIF Devices Table Status Page Screenshot Navigating the ONVIF Devices Table The Start from MAC...

Page 533: ...e s Model Name of the entry IP Address The ONVIF Device s IP Address of the entry MAC Address The ONVIF Device s MAC address of the entry VLAN The ONVIF Device s VLAN ID of the entry Select Device Allows to tick for selecting ONVIF Devices for adding into ONVIF List Table Buttons Click to search the connecting ONVIF devices Click to apply changes Click to undo any changes made locally and revert t...

Page 534: ... from the beginning of the ONVIF Device List table screen in Figure 4 20 2 appears Figure 4 20 2 ONVIF Device List Page Screenshot The page includes the following fields Object Description Login Optional Allows for filling one set of User name and Password Port This is the logical port number for this row Status Red The ONVIF device is not active Green The ONVIF device is active The ONVIF Device s...

Page 535: ...three actions Access Clicks for accessing into the ONVIF device s WEBUI Reboot Clicks for rebooting the ONVIF device Delete Clicks for deleting the ONVIF device from ONVIF Device List Buttons Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 30 seconds Updates the ONVIF device entries press to the first page Updates t...

Page 536: ...Edit Page Screenshot The page includes the following fields Object Description MAP Select Allows to select Map1 2 3 for uploading Map Description Indicates the map s description File size Shows Map s size File Allows to choose and browse specific map file from laptop device Preview Map The Preview use of Map Current Map The Current use of Map Buttons Click to choose the file Click to upload the fi...

Page 537: ...Device List and it also can modify the e Map s Zoom and Scale screen in Figure 4 20 4 appears Figure 4 20 4 Floor Map Page Screenshot The page includes the following fields Object Description Summary Information Shows the number of Online and Offline ONVIF cameras Map Control Allows to choose Location of Map1 2 3 and zoom in out of Map Device List Allows to select ONVIF devices ...

Page 538: ...t a different port from this packet comes in the Managed Switch will forward this packet to the port where this destination address is located according to the information from address table But if the destination address is located at the same port with this packet comes in then this packet will be filtered thereby increasing the network throughput and availability 5 4 Store and Forward Store and...

Page 539: ...work The Managed Switch performs Store and Fforward therefore no error packets occur More reliably it reduces the re transmission rate No packet loss will occur 5 5 Auto Negotiation The STP ports on the Switch have built in Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This i...

Page 540: ... the other port Solution Please check the VLAN settings trunk settings or port enabled disabled status Performance is bad Solution Check the full duplex status of the Managed Switch If the Managed Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1...

Page 541: ...uto negotiation may not recognize this type of full duplex setting Switch does not power up Solution 1 AC power cord is not inserted or faulty 2 Check that the AC power cord is inserted correctly 3 Replace the power cord if the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the switch 4 If that device works refer to the next step 5...

Page 542: ...00Mbps 10 100BASE TX When connecting your Switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ45 receptacle connector and their pin assign...

Page 543: ...RJ45 pin assignment 21 3 6 1 2 3 6 21 3 6 The standard RJ45 receptacle connector There are 8 wires on a standard UTP STP cable and each wire is color coded The following shows the pin allocation and color of straight through cable and crossover cable connection ...

Page 544: ... Brown 8 Brown SIDE 2 Crossover Cable SIDE 1 SIDE 2 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown SIDE 2 Figure A 1 Straight through and Crossover Cable Please make sure your connected cables are with the same pin assignment and co...

Page 545: ...cess rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are ...

Page 546: ...ers On this page you can configure the rate limiters There can be 15 different rate limiters each ranging from 1 to 1024K packets per second Under Ports and Access Control List you can assign a Rate Limiter ID to the ACE s or ingress port s AES AES is an acronym for Advanced Encryption Standard The encryption key protocol is applied in 802 1x standard to improve WLAN security It is an encryption s...

Page 547: ...destination system ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through the switch device Auto Negotiation Auto negotiation is the process where two different devices establish the m...

Page 548: ...onym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices on a network DHCP used by networked computers clients to obtain IP addresses and other parameters such as the default gateway subnet mask and IP addresses of DNS servers from a DHCP server The DHCP server ensures that all IP addresses are unique for example no IP address is assigned to ...

Page 549: ...dule_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of the sw...

Page 550: ...ergy Efficient Ethernet defined in IEEE 802 3az EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame F FTP FTP is an acronym for File Transfer Protocol It is a trans...

Page 551: ...splayed Any Web server machine contains in addition to the web page files it can serve an HTTP daemon a program that is designed to wait for HTTP requests and handle them when they arrive The Web browser is an HTTP client sending requests to server machines An HTTP client initiates a request by establishing a Transmission Control Protocol TCP connection to a particular port on a remote host port 8...

Page 552: ...rts can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network IGMP IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multic...

Page 553: ... Area Network WAN is given an Internet Protocol address and this IP address is used to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number is reduced drastically by the practice of webmasters taking...

Page 554: ...bilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management...

Page 555: ...oint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 MD5 MD5 is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm Mirroring For debugging network problems or monitoring network traffic the swi...

Page 556: ...s an acronym for Network Basic Input Output System It is a program that allows applications on separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and transport services described in the Op...

Page 557: ...al TLVs If an optional TLV is disabled the corresponding information is not included in the LLDP frame OUI OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of an MAC address P PCP PCP is an acronym for Priority Code P...

Page 558: ...ocol for email clients to retrieve email messages from a mail server POP3 is designed to delete mail on the server as soon as the user has downloaded it However some implementations allow users or an administrator to specify that mail be saved for some period of time POP can be thought of as a store and forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides ...

Page 559: ... with a particular QCE ID There are six QCE frame types Ethernet Type VLAN UDP TCP Port DSCP TOS and Tag Priority Frames can be classified by one of 4 different QoS classes Low Normal Medium and High for individual application QCL QCL is an acronym for QoS Control List It is the list table of QCEs containing QoS control entries that classify to a specific QoS class on specific traffic objects Each...

Page 560: ...as configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the complement of ARP RADIUS RADIUS is an acronym for Remote...

Page 561: ... on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the master browser on the network so that it would appear in the listing of hosts in Microsoft Windows Neighborhood Network SHA SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S F...

Page 562: ...ams as transport layer SPROUT Stack Protocol using ROUting Technology An advanced protocol for almost instantaneous discovery of topology changes within a stack as well as election of a master switch SPROUT also calculates parameters for setting up each switch to perform shortest path forwarding within the stack SSID Service Set Identifier is a name used to identify the particular 802 11 wireless ...

Page 563: ...tworked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority Tag Priority is a 3 bit field storing the priority level for the 802 1Q frame TCP TCP is an acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The...

Page 564: ...t user can enter commands through the Telnet program just as if they were entering commands directly on the server console TFTP TFTP is an acronym for Trivial File Transfer Protocol It is transfer protocol that uses the User Datagram Protocol UDP and provides file writing and reading but it does not provides directory service and security features Toss Toss is an acronym for Type of Service It is ...

Page 565: ...age has arrived and is in the right order Network applications that want to save processing time because they have very small data units to exchange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications t...

Page 566: ...AN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to the provider port with a double VLAN tag VLAN ID VLAN ID is a 12 bit field specif...

Page 567: ...cronym for Wi Fi Protected Access Pre Shared Key WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In...

Page 568: ...Weighted Random Early Detection It is an active queue management mechanism that provides preferential treatment of higher priority frames when traffic builds up within a queue A frame s DP level is used as input to WRED A higher DP level assigned to a frame results in a higher probability that the frame is dropped during times of congestion WTR WTR is an acronym for Wait To Restore This is the tim...

Search results

Summary of Contents for GS-5220 Series

Reviews:

Brands by name

Popular brands

Planet GS-5220 Series, User Manual

Search results

Summary of Contents for GS-5220 Series

Reviews:

Brands by name

Popular brands