background image

User’s  Manual  of  IGS-20040MT 

 

4.10.5 ACL Rate Limiter Configuration 

Configure the rate limiter for the ACL of the switch.   

The ACL Rate Limiter Configuration screen in 

Figure 4-10-5

 appears. 

 

Figure 4-10-5:

 ACL Rate Limiter Configuration Page Screenshot 

 

The Page includes the following fields: 

Object 

Description 

The rate limiter ID for the settings contained in the same row. 

 

Rate Limiter ID

 

The allowed values are: 

0-3276700

 in pps or 

0, 100, 200, 300, ..., 1000000

 in kbps. 

 

Rate (pps)

 

 

Unit

 

Specify the rate unit. The allowed values are:   

 

pps

: packets per second.   

 

kbps

: Kbits per second. 

All 

means all ports will have one specific setting.   

Buttons 

: Click to apply changes   

: Click to undo any changes made locally and revert to previously saved values.

 

 
 

234 

 

Summary of Contents for IGS-20040MT

Page 1: ......

Page 2: ...igned to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and...

Page 3: ...ch Upper Panel 26 2 1 5 Wiring the Fault Alarm Contact 27 2 1 6 Wiring the Digital Input Output 28 2 2 Install the Industrial Managed Switch 30 2 2 1 Installation Steps 30 2 2 2 DIN Rail Mounting 31 2...

Page 4: ...figuration 74 4 2 16 Digital Input Output 75 4 2 17 Fault Alarm 76 4 2 18 Web Firmware Upgrade 78 4 2 19 TFTP Firmware Upgrade 79 4 2 20 Save Startup Config 80 4 2 21 Configuration Download 80 4 2 22...

Page 5: ...2 1Q VLAN 116 4 6 3 VLAN Port Configuration 119 4 6 4 VLAN Membership Status 125 4 6 5 VLAN Port Status 127 4 6 6 Private VLAN 128 4 6 7 Port Isolation 130 4 6 8 VLAN setting example 132 4 6 8 1 Two S...

Page 6: ...rt Group Filtering 181 4 8 13 MLD Snooping Status 182 4 8 14 MLD Group Information 184 4 8 15 MLDv2 Information 185 4 8 16 MVR Multicaset VLAN Registration 186 4 8 17 MVR Status 189 4 8 18 MVR Groups...

Page 7: ...11 4 Network Access Overview 251 4 11 5 Network Access Statistics 252 4 11 6 RADIUS 259 4 11 7 TACACS 261 4 11 8 RADIUS Overview 262 4 11 9 RADIUS Details 264 4 11 10 Windows Platform RADIUS Server C...

Page 8: ...Protection 326 4 16 1 Configuration 326 4 16 2 Loop Protection Status 328 4 17 RMON 329 4 17 1 RMON Alarm Configuration 329 4 17 2 RMON Alarm Status 331 4 17 3 RMON Event Configuration 332 4 17 4 RMON...

Page 9: ...2 Learning 358 5 3 Forwarding Filtering 358 5 4 Store and Forward 358 5 5 Auto Negotiation 359 6 TROUBLESHOOTING 360 APPENDIX A Networking Connection 361 A 1 Switch s Data RJ45 Pin Assignments 1000Mbp...

Page 10: ...al Managed Switch is used as an alternative name in this user s manual 1 1 Packet Contents Open the box of the Industrial Managed Switch and carefully unpack it The box should contain the following it...

Page 11: ...re topology the IGS 20040MT provides user friendly but advanced IPv6 IPv4 management interfaces and abundant L2 L4 switching functions It is the best investment for industrial business expanding or up...

Page 12: ...Input and Digital Output for External Alarm The IGS 20040MT supports Digital Input and Digital Output on its upper panel The external alarm enables users to use Digital Input to detect external devic...

Page 13: ...lexible management and simpler networking application User friendly Secure Management For efficient management the IGS 20040MT is equipped with console Web and SNMP management interfaces With the buil...

Page 14: ...ules meaning the administrator now can flexibly choose the suitable SFP transceiver according to the transmission distance or the transmission speed required to extend the network efficiently 1588 Tim...

Page 15: ...ction of the Industrial Managed Switch Section 4 WEB CONFIGURATION The section explains how to manage the Industrial Managed Switch by Web interface Section 5 SWITCH OPERATION The chapter explains how...

Page 16: ...s into auto alarm system Transfers alarm to IP network via email and SNMP trap Layer 2 Features High performance of Store and Forward architecture and runt CRC filtering eliminates erroneous packets t...

Page 17: ...ing Multicast Supports IPv4 IGMP Snooping v1 v2 and v3 Supports IPv6 MLD Snooping v1 and v2 Querier mode support IGMP Snooping port filtering MLD Snooping port filtering MVR Multicast VLAN Registratio...

Page 18: ...HTTP TFTP Reset button for system reboot or reset to factory default Dual Images DHCP Relay and DHCP Option82 User Privilege levels control NTP Network Time Protocol Link Layer Discovery Protocol LLD...

Page 19: ...tection 6KV DC EFT Protection 6KV DC Enclosure IP30 aluminum case Installation DIN rail kit and wall mount kit Connector Removable 6 pin terminal block for power input Pin 1 2 for Power 1 Pin 3 4 for...

Page 20: ...ed VLAN Protocol based VLAN Voice VLAN MVR Multicast VLAN Registration Up to 255 VLAN groups out of 4095 VLAN IDs Link Aggregation IEEE 802 3ad LACP Static Trunk Support 10 groups of 8 Port trunk supp...

Page 21: ...e FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000Base T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spannin...

Page 22: ...This section describes the hardware features of Industrial Managed Switch For easier management and control of the Industrial Managed Switch familiarize yourself with its display indicators and ports...

Page 23: ...0 50 70 120 kilometers single mode fiber Console Port The console port is an RJ45 port connector It is an interface for connecting a terminal directly Through the console port it provides rich diagnos...

Page 24: ...re 2 2 Reset button of Industrial Managed Switch Reset Button Pressed and Released Function 5 sec System Reboot Reboot the Industrial Managed Switch 5 sec Factory Default Reset the Industrial Managed...

Page 25: ...LNK ACT Green Blink Indicates that the switch is actively sending or receiving data over that port Light Indicates the port is running in 10 100Mbps speed and successfully established 10 100 LNK ACT O...

Page 26: ...into contacts 1 and 2 for DC Power 1 or 5 and 6 for DC Power 2 Figure 2 3 IGS 20040MT Upper Panel 2 Tighten the wire clamp screws for preventing the wires from loosening 1 2 3 4 5 6 DC 1 DC 2 Figure...

Page 27: ...the power failure or port link failure available for managed model The following illustration shows an application example for wiring the fault alarm contacts Insert the wires into the fault alarm co...

Page 28: ...Output Please follow the steps below to insert wire 1 The IGS 20040MT offers two DI and DO groups 1 and 2 are DI groups 3 and 4 are DO groups and 5 and 6 are GND ground Figure 2 5 Wiring the Redundan...

Page 29: ...gy shows how to wire DI0 and DI1 Figure 2 7 Wires DI0 and DI1 to Open Detector 4 There are two Digital Output groups for you to sense IGS 20040MT port failure or power failure and issue a high or low...

Page 30: ...for wall mount plate installation 3 To hang the Industrial Managed Switch on the DIN Rail track or wall 4 Power on the Industrial Managed Switch Please refer to the Wiring the Power Inputs section for...

Page 31: ...tall the Industrial Managed Switch DIN rail mounting and wall mount plate mounting Please read the following topics and perform the procedures in the order being presented Follow all the DIN rail inst...

Page 32: ...GS 20040MT Step 3 Check whether the DIN rail is tightly on the track Please refer to the following procedures to remove the Industrial Managed Switch from the track Step 4 Lightly remove the DIN rail...

Page 33: ...rom the Industrial Managed Switch Use the screwdriver to loosen the screws to remove the DIN rail Step 2 Place the wall mount plate on the rear panel of the Industrial Managed Switch Step 3 Use the sc...

Page 34: ...n of unshielded twisted pair cable UTP The IEEE 802 3 802 3u 802 3ab Fast Gigabit Ethernet standard requires Category 5 UTP for 100Mbps 100Base TX 10Base T networks can use Cat 3 4 5 or 1000Base T use...

Page 35: ...list of approved PLANET SFP transceivers is correct at the time of publication Fast Ethernet Transceiver 100Base X SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength nm Operating...

Page 36: ...LC Single Mode 70km 1550nm 40 75 Gigabit Ethernet Transceiver 1000Base BX Single Fiber Bi Directional SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength TX Wavelength RX Operatin...

Page 37: ...ation or a media converter 3 Check the LNK ACT LED of the SFP slot on the front of the Industrial Managed Switch Ensure that the SFP transceiver is operating correctly 100Base FX Before connecting the...

Page 38: ...if available to disable the port in advance 2 Remove the fiber optic cable gently 3 Turn the lever of the MGB MFB module to a horizontal position 4 Pull out the module gently through the lever Figure...

Page 39: ...cess Overview Remote Telnet Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstation running Windows XP 2003 Vista Windows 7 MAC OS X Linux Fedora...

Page 40: ...e near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Remote Telnet Text based Telnet functionality built into Windows XP 2003...

Page 41: ...access the Industrial Managed Switch remote telnet interface from personal computer or workstation in the same Ethernet environment as long as you know the current IP address of the Industrial Manage...

Page 42: ...ort regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A works...

Page 43: ...User s Manual of IGS 20040MT 43 Figure 3 2 Remote Telnet Interface Main Screen of Industrial Managed Switch...

Page 44: ...for the Industrial Managed Switch you can access the Industrial Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Industrial Managed Switch Fi...

Page 45: ...ustrial Managed Switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community...

Page 46: ...net Smart Discovery Utility 1 Open the Planet Smart Discovery Utility in administrator PC 2 Run this utility and the following screen appears Figure 3 6 Planet Smart Discovery Utility Screen If there...

Page 47: ...above are shown below Update Device use current setting on one single device Update Multi use current setting on choose multi devices Update All use current setting on whole devices in the list The sa...

Page 48: ...lets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Industrial Managed Switch can be configured through an Ethernet connection ma...

Page 49: ...100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Industrial...

Page 50: ...nds and statistics the Industrial Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Industrial Managed Switch 2 The changed IP address takes effect immediately...

Page 51: ...d Switch s Web browser interface to configure and manage it Main Functions Menu Copper Port Link Status SFP Port Link Status Help Button Figure 4 1 4 Main Page Main Screen Panel Display The web agent...

Page 52: ...the Industrial Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can set up the Industrial Managed Switch by selecting the functions those listed...

Page 53: ...istics for DHCP relay CPU Load This page displays the CPU load using an SVG graph System Log The Managed Switch system log information is provided here Detailed Log The Managed Switch system detailed...

Page 54: ...n System Name Name The system location configured in Configuration System Information System Location Location The MAC Address of this Industrial Managed Switch MAC Address The Power 1 and Power 2 ON...

Page 55: ...r of interfaces supported is 128 and the maximum number of routes is 32 The screen in Figure 4 2 2 appears Figure 4 2 2 IP Configuration Page Screenshot The current column is used to show the active I...

Page 56: ...a DHCP lease IPv4 DHCP Current Lease For DHCP interfaces with an active lease this column show the current interface address as provided by the DHCP server Address Provide the IP address of this Indu...

Page 57: ...ick to undo any changes made locally and revert to previously saved values 4 2 3 IP Status IP Status displays the status of the IP protocol layer The status is defined by the IP interfaces the IP rout...

Page 58: ...ase login web interface with new user name and password the screen in Figure 4 2 4 appears Figure 4 2 4 Users Configuration Page Screenshot The Page includes the following fields Object Description Us...

Page 59: ...rd Password again Please enter the user s new password here again to confirm Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can acce...

Page 60: ...rivilege level 10 for a standard user account and privilege level 5 for a guest account Once the new user is added the new user entry is shown on the Users Configuration Page Figure 4 2 6 User Configu...

Page 61: ...e login web interface with new user name and password and the screen in Figure 4 2 7 appears Figure 4 2 7 Privilege Levels Configuration Page Screenshot The Page includes the following fields Object D...

Page 62: ...vels and everything in Maintenance Debug Only present in CLI Privilege Level Every privilege level group has an authorization level for the following sub groups Configuration read only Configuration e...

Page 63: ...d For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also...

Page 64: ...nge Up to 16 characters Acronym Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disa...

Page 65: ...nP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and ent...

Page 66: ...hin the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done at less than one...

Page 67: ...length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes representing the VLAN ID The parameter of module_id is the third byte for the module ID in standalone...

Page 68: ...enabling DHCP relay information mode operation if agent receives a DHCP message that already contains relay agent information It will enforce the policy And it only works under DHCP relay information...

Page 69: ...circuit ID Receive Bad Remote ID The packets number whose Remote ID does not match known remote ID Client Statistics Object Description The packets number that is relayed from server to client Transmi...

Page 70: ...support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG...

Page 71: ...he system log Error Error level of the system log All All levels Clear Level To clear the system log entry level The following level types are supported Info Information level of the system log Warnin...

Page 72: ...iled Log screen in Figure 4 2 16 appears Figure 4 2 16 Detailed Log Page Screenshot The Page includes the following fields Object Description The ID 1 of the system log entry ID The message of the sys...

Page 73: ...to sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent out even if the syslog server does not exist Possible modes are Enabled...

Page 74: ...Controls whether SMTP Authentication is enabled If authentication is required when an e mail is sent Type the user name for the SMTP server if Authentication is Enable Authentication User Name Type t...

Page 75: ...The page includes the following fields Object Description Enable Check the Enable checkbox to enable Digital Input output function Uncheck the Enable checkbox to disable Digital input output function...

Page 76: ...s if Digital Output has detected these events then Digitial Output would be triggered according to the setting of Condition Allows user to choose which power module that needs to be monitored Power Al...

Page 77: ...cord is sending System log or SNMP Trap or both Record Controls whether Port Fail or Power Fail or both for fault detecting Action Controls whether DC1 or DC2 or both for fault detecting Power Alarm C...

Page 78: ...tem would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file with upload status 5 Once the software is loaded to the...

Page 79: ...2 23 appears Figure 4 2 23 TFTP Firmware Update Page Screenshot The Page includes the following fields Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The name...

Page 80: ...RAM based or stored in flash on the switch There are three system files running config A virtual file that represents the currently active configuration on the switch This file is volatile startup co...

Page 81: ...urrent configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system f...

Page 82: ...igure 4 2 29 Configuration Delete Page Screenshot 4 2 25 Image Select This Page provides information about the active and alternate backup firmware images in the device and allows you to revert to the...

Page 83: ...firmware image Version The date where the firmware was produced Date Buttons Click to use the alternate image This button may be disabled depending on system state 4 2 26 Factory Default You can rese...

Page 84: ...The Reboot Page enables the device to be rebooted from a remote location Once the Reboot button is pressed users have to re login the Web interface for about 60 seconds later as the System Reboot scr...

Page 85: ...displays substantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elements They collect and st...

Page 86: ...igure SNMP on this Page System Configuration Configure SNMP trap on this Page Trap Configuration The system information is provided here System Information Configure SNMPv3 communities table on this P...

Page 87: ...f source addresses can be used to restrict source subnet Write Community Indicates the community write access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowe...

Page 88: ...g Indicates which trap Configuration s name for configuring The allowed string length is 0 to 255 and the allowed content is ASCII characters from 33 to 126 Trap Mode Indicates the SNMP trap mode oper...

Page 89: ...ity engine ID mode of operation Trap Security Engine ID Indicates the SNMP trap security engine ID SNMPv3 sends traps and informs using USM for authentication and privacy A unique engine ID for these...

Page 90: ...255 and the allowed content is the ASCII characters from 32 to 126 System Contact An administratively assigned name for this managed node By convention this is the node s fully qualified domain name...

Page 91: ...community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as securit...

Page 92: ...s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communica...

Page 93: ...ndicates the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol DES An optional flag to indicate that this user using DES authentication protoco...

Page 94: ...string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new group...

Page 95: ...view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk OID Subtree Buttons Click to add a new view entry Click to apply changes Click to undo any changes made...

Page 96: ...ication and none privacy Auth Priv Authentication and privacy The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to...

Page 97: ...t statistics Port Statistics Detail Display SFP information SFP Module Information Sets the source and target ports for mirroring Port Mirror 4 4 1 Port Configuration This Page displays current port c...

Page 98: ...cted that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx...

Page 99: ...packets per port Packets The number of received and transmitted bytes per port Bytes The number of frames received in error and the number of incomplete transmissions per port Errors The number of fra...

Page 100: ...Port Statistics Port 1 Page Screenshot The Page includes the following fields Receive Total and Transmit Total Object Description The number of received and transmitted good and bad packets Rx and Tx...

Page 101: ...received frames filtered by the forwarding process Rx Filtered 1 Short frames are frames that are smaller than 64 bytes 2 Long frames are frames that are longer than the configured maximum frame leng...

Page 102: ...alue is obtained from the SFP module Use this column to check if the wavelength values of two nodes match while the fiber connection fails Wave Length nm Distance m Display the support distance of cur...

Page 103: ...in accordance with your warning temperature setting and allows users to record message out via SNMP Trap Auto refresh Check this box to enable an automatic refresh of the Page at regular intervals Cli...

Page 104: ...rror port where a frame analyzer can be attached to analyze the frame flow The Industrial Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol...

Page 105: ...d to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transm...

Page 106: ...assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically...

Page 107: ...leted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole Enable the link aggregation prior to connecting any cable between the switches to avoid creating...

Page 108: ...MAC address or uncheck to disable By default Source MAC Address is enabled The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destin...

Page 109: ...rts belong to any aggregation group Port Members Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 5 2 LACP Configuration Link Aggregation C...

Page 110: ...partner LACP can form max 12 LAGs per switch and 2G LAGs per stack Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10M...

Page 111: ...l wait for 30 seconds before sending a LACP packet Timeout The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parame...

Page 112: ...on ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id The system ID MAC address of the aggregation partner Partner System ID The key that th...

Page 113: ...port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP...

Page 114: ...7 LACP Statistics Page Screenshot The Page includes the following fields Object Description The switch port number Port Shows how many LACP frames have been sent from each port LACP Received Shows ho...

Page 115: ...s is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Industrial Manag...

Page 116: ...d Switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VL...

Page 117: ...rmation originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bit 12 bits TPID Tag Protocol Identifier TCI Tag Control Information 2 bytes 2 bytes Preamble D...

Page 118: ...ted to a tag aware device the packet should be tagged Default VLANs The Switch initially configures one VLAN VID 1 called default The factory default setting assigns all ports on the Switch to the def...

Page 119: ...nderstand nomenclature of the Switch IEEE 802 1Q Tagged and Untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged Ports with tagging enabled will put the VID number...

Page 120: ...d could easily exceed the maximum VLAN limit of 4096 The Industrial Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic fr...

Page 121: ...ll VLANs specified in the Allowed VLANs field By default only VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specif...

Page 122: ...dd the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged and C tagged fra...

Page 123: ...VLANs are in the range 1 through 4095 default being 1 On ingress frames get classified to the Port VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on...

Page 124: ...a VLAN that the port is not a member of are accepted and forwarded to the switch engine However the port will never transmit frames classified to VLANs that it is not a member of Ingress Acceptance Hy...

Page 125: ...o mark such VLANs as forbidden on the port in question The syntax is identical to the syntax used in the Enabled VLANs field By default the field is left blank which means that the port may become a m...

Page 126: ...be displayed If a port is included in a Forbidden port list an image will be displayed If a port is included in a Forbidden port list and dynamic VLAN user register VLAN on same Forbidden port then c...

Page 127: ...mes received on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Show the ingre...

Page 128: ...tomatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately 4 6 6 Private VLAN The Private VLAN membership configurations for the switch can be monitored and modified he...

Page 129: ...e VLAN to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number ra...

Page 130: ...abase servers on the inside segment but are not allowed to communicate with each other For private VLANs to be applied the switch must first be configured for standard VLAN operation When this is in p...

Page 131: ...rt member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN The Port Isolation screen in Figure 4 6 7 appears Figure 4 6 7 Port Isolation Configuration Page Screensho...

Page 132: ...etwork traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 8 appears and Table 4 6 9 describes the port configuration of the Industrial Managed Swit...

Page 133: ...ripped away it tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will receiv...

Page 134: ...column Change Port 6 Mode as Trunk and select Egress Tagging as Tag All and Type 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 11 appears Figure 4 6 11 Check VLAN 2 and...

Page 135: ...dd two VLANs VLAN 2 and VLAN 3 For Type 1 3 in Allowed Access VLANs column the 1 3 includes VLAN1 and 2 and 3 Figure 4 6 13 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID to each port VLAN 2 Port...

Page 136: ...overlaps both VLAN 2 and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member port 5 Specify Port 7 to...

Page 137: ...ted and promiscuous ports and the each PC is not able to access the isolated port of each other s PCs But they all need to access with the same server AP Printer This section will show you how to conf...

Page 138: ...d VLAN enties can be configured here This Page allows for adding and deleting MAC based VLAN entries and assigning the entries to different ports This Page shows only static entries The MAC based VLAN...

Page 139: ...MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled when you click on Save A MAC based VLAN witho...

Page 140: ...tes the VLAN ID VLAN ID Port members of the MAC based VLAN entry Port Members Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to re...

Page 141: ...AN check the box To remove or exclude the port from the IP subnet based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Port Members Click Add New Entry...

Page 142: ...ve one of the following values 1 Ethernet 2 LLC 3 SNAP Note On changing the Frame type field valid value of the following text field will vary depending on the new frame type you selected Value Valid...

Page 143: ...ue of PID will be any value from 0x0000 to 0xffff Group Name A valid Group Name is a unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integer...

Page 144: ...g entry on this Page Group Name Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 VLAN ID A row of check boxes for each port is displayed for each Group Name to VL...

Page 145: ...cked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users Howeve...

Page 146: ...not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass thr...

Page 147: ...pt BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the...

Page 148: ...ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting f...

Page 149: ...the following formulas when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _ 2 x Hello Time 1 second Port Priority A Port Priority can be from 0 to 240 The lower the number...

Page 150: ...User s Manual of IGS 20040MT and Port Cost settings is however relatively straight forward Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used 150...

Page 151: ...configure STP system settings The settings are used by all STP Bridge instances in the Switch or Switch Stack The Industrial Managed Switch support the following Spanning Tree protocols Compatibility...

Page 152: ...Message Age 2 1 Maximum 30 Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Default 20 Minimum The higher o...

Page 153: ...e the system uses the RSTP 802 1w to be compatible and to co work with another STP 802 1D s BPDU control packet Buttons Click to apply changes Click to undo any changes made locally and revert to prev...

Page 154: ...dge instance Topology Flag Topology Change Last The time since last Topology Change occurred Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seco...

Page 155: ...ort or not AutoEdge If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alterna...

Page 156: ...w Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set...

Page 157: ...4 7 7 appears Figure 4 7 7 MSTI Priority Page Screenshot The Page includes the following fields Object Description The bridge instance The CIST is the default instance which is always active MSTI Cont...

Page 158: ...creenshot The Page includes the following fields Configuration Identification Object Description Configuration Name The name identifiying the VLAN to MSTI mapping Bridges must share the name and revis...

Page 159: ...allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port f...

Page 160: ...d using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports ar...

Page 161: ...ields Object Description Port The switch port number of the logical STP port CIST Role The current STP port role of the ICST port The port role can be one of the following values AlternatePort BackupP...

Page 162: ...eceived transmitted on the port MSTP The number of RSTP Configuration BPDU s received transmitted on the port RSTP The number of legacy STP Configuration BPDU s received transmitted on the port STP Th...

Page 163: ...that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for m...

Page 164: ...User s Manual of IGS 20040MT Figure 4 8 2 Multicast Flooding Figure 4 8 3 IGMP Snooping Multicast Stream Control 164...

Page 165: ...keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host...

Page 166: ...raffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagat...

Page 167: ...ing the next save Delete The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be...

Page 168: ...rs Figure 4 8 6 IPMC Profile Address Configuration Page The Page includes the following fields Object Description Check to delete the entry The designated entry will be deleted during the next save De...

Page 169: ...file Address Configuration Updates the table starting with the entry after the last entry currently displayed 4 8 4 IGMP Snooping Configuration This Page provides IGMP Snooping related configuration T...

Page 170: ...Switch forwards IGMP join or leave packets to an IGMP router port Auto Select Auto to have the Industrial Managed Switch automatically uses the port as IGMP Router port if the port receives IGMP quer...

Page 171: ...Delete The VLAN ID of the entry VLAN ID IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected Querier Election Enable the IGMP Querier election in the VLAN Disabl...

Page 172: ...conds LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed ran...

Page 173: ...dresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP j...

Page 174: ...ic port Summary about the designated profile will be shown by clicking the view button Filtering Profile Buttons Click to apply changes Click to undo any changes made locally and revert to previously...

Page 175: ...orts Received The number of Received V3 Reports The number of Received V2 Leave V2 Leave Received Display which ports act as router ports A router port is a port on the Ethernet switch that leads towa...

Page 176: ...fields allow the user to select the starting point in the IGMP Group Table The IGMP Groups Information screen in Figure 4 8 11 appears Figure 4 8 9 IGMP Snooping Groups Information Page Screenshot Th...

Page 177: ...e 4 8 12 IGMP SSM Information Page Screenshot The Page includes the following fields Object Description VLAN ID of the group VLAN ID Group address of the group displayed Group Switch port number Port...

Page 178: ...nregistered IPMCv6 Flooding enabled Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled When MLD Snooping is disabled unregistered IPMCv6 tr...

Page 179: ...nges made locally and revert to previously saved values 4 8 11 MLD Snooping VLAN Configuration Each Page shows up to 99 entries from the VLAN table default being 20 selected through the entries per Pa...

Page 180: ...lculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds QRI LLQ...

Page 181: ...ne profile can be assigned to a port When enabled MLD join reports received on the port are checked against the filter profile If a requested multicast group is permitted the MLD join report is forwar...

Page 182: ...profile will be shown by clicking the view button Filtering Group Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 13 MLD Snooping Status...

Page 183: ...d The number of Received V2 Reports V1 Leave Received The number of Received V1 Leaves Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads tow...

Page 184: ...roup input fields allow the user to select the starting point in the MLD Group Table The MLD Groups Informatino screen in Figure 4 8 17 appears Figure 4 8 17 MLD Snooping Groups Information Page Scree...

Page 185: ...in Figure 4 8 18 appears Figure 4 8 18 MLD SSM Information Page Screenshot The Page includes the following fields Object Description VLAN ID of the group VLAN ID Group address of the group displayed...

Page 186: ...gured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that s...

Page 187: ...Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group table is full Delete Check to delete...

Page 188: ...agged or Tagged with MVR VID The default is Tagged Tagging Specify how the traversed IGMP MLD control frames will be sent in prioritized manner The default Priority is 0 Priority Define the maximun ti...

Page 189: ...This Page provides MVR status The MVR Status screen in Figure 4 8 20 appears Figure 4 8 20 MVR Status Page Screenshot The Page includes the following fields Object Description The Multicast VLAN ID VL...

Page 190: ...ning of the MVR Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MVR Group Table The MVR Groups Information screen in Figure 4 8 21 appears Fig...

Page 191: ...Figure 4 8 22 appears Figure 4 8 22 MVR SFM Information Page Screenshot The Page includes the following fields Object Description VLAN ID of the group VLAN ID Group address of the group displayed Gro...

Page 192: ...fier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups...

Page 193: ...icer is enabled on this switch port Rate Controls the rate for the policer This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or...

Page 194: ...he default class of service All frames are classified to a CoS There is a one to one mapping between CoS queue and priority A CoS of 0 zero has the lowest priority If the port is VLAN aware and the fr...

Page 195: ...he port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value All means all ports will have one spec...

Page 196: ...Figure 4 9 3 QoS Egress Port Schedule Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port numbe...

Page 197: ...Egress Port Shapers Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to con...

Page 198: ...g fields Object Description Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Schedule Mode Queue Shaper Enable Controls whether the queue shaper is enabled for th...

Page 199: ...t to Weighted Queue Scheduler Percent Controls whether the port shaper is enabled for this switch port Port Shaper Enable Port Shaper Rate Controls the rate for the port shaper This value is restricte...

Page 200: ...ing Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure tag remark...

Page 201: ...de Controls the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level PCP DEI Configuration...

Page 202: ...gure 4 9 8 QoS Port DSCP Configuration Page Screenshot The Page includes the following fields Object Description The Port coulmn shows the list of ports for which you can configure dscp ingress and eg...

Page 203: ...t Egress Rewriting can be one of All means all ports will have one specific setting Disable No Egress rewrite Enable Rewrite enabled without remapping Remap DP Unaware DSCP from analyzer is remapped a...

Page 204: ...ress Classification Page Screenshot The Page includes the following fields Object Description Maximum number of support ed DSCP values are 64 DSCP Controls whether a specific DSCP value is trusted Onl...

Page 205: ...10 DSCP Translation Page Screenshot The Page includes the following fields Object Description Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 DSCP Ingress Ingr...

Page 206: ...m select menu to which you want to remap DSCP value ranges form 0 to 63 Remap DP0 Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Remap DP1 Buttons Cli...

Page 207: ...QCL which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The QoS Control L...

Page 208: ...the type of frame to look for incomming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames...

Page 209: ...ibed as below DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any SMAC Source MAC address 24 MS bits OUI or Any Tag Value of Tag field can be Any Untag or Ta...

Page 210: ...Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit b...

Page 211: ...default classified value is not modified by this QCE Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Return to the previous Page without sa...

Page 212: ...hes the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will b...

Page 213: ...creen in Figure 4 9 15 appears Figure 4 9 15 Storm Control Configuration Page Screenshot The Page includes the following fields Object Description The port number for which the configuration below app...

Page 214: ...Page includes the following fields Object Description The logical port for the settings contained in the same row Port There are 8 QoS queues per port Q0 is the lowest priority queue Q0 Q7 The number...

Page 215: ...re connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure 4 9 18 app...

Page 216: ...LAN port mode Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN m...

Page 217: ...n Delete Check to delete the entry It will be deleted during the next save Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters l...

Page 218: ...permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter op...

Page 219: ...The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to...

Page 220: ...c ingress port Policy Bitmask Indicates the policy number and bitmask of the ACE Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE...

Page 221: ...received on the port are not mirrored The default value is Disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Co...

Page 222: ...ss Port Select the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the...

Page 223: ...h be enabled EVC Policer ID Select which EVC policer ID to apply on this ACE The allowed values are Disabled or the values 1 through 256 Port Redirect Frames that hit the ACE are redirected to the por...

Page 224: ...specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears When Specific is selected for the DMAC filter you can enter a specific destination MAC addre...

Page 225: ...IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Add...

Page 226: ...e is allowed don t care IP Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1 1 ARP RARP f...

Page 227: ...FRAG OFFSET field is greater than zero must not be able to match this entry Yes IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any...

Page 228: ...es Extra fields for defining ICMP parameters will appear These fields are explained later in this help file UDP Select UDP to filter IPv6 UDP protocol frames Extra fields for defining UDP parameters w...

Page 229: ...er status is don t care Specific If you want to filter a specific ICMP filter with this ACE you can enter a specific ICMP value A field for entering an ICMP value appears ICMP Type Value When Specific...

Page 230: ...nation filter with this ACE you can enter a specific TCP UDP destination value A field for entering a TCP UDP destination value appears Range If you want to filter a specific range TCP UDP destination...

Page 231: ...significant URG value for this ACE 0 TCP frames where the URG field is set must not be able to match this entry 1 TCP frames where the URG field is set must be able to match this entry Any Any value i...

Page 232: ...lt value is 0 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply on this port The allowed values are Dis...

Page 233: ...ze and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut...

Page 234: ...des the following fields Object Description The rate limiter ID for the settings contained in the same row Rate Limiter ID The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Rate...

Page 235: ...ntication is completed the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block tra...

Page 236: ...are or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management acc...

Page 237: ...re Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 80...

Page 238: ...frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the netw...

Page 239: ...cause no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication se...

Page 240: ...d revert to previously saved values 4 11 3 Network Access Server Configuration This Page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X s...

Page 241: ...led If checked successfully authenticated supplicants clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to d...

Page 242: ...ds If reauthentication is enabled and the port is in a 802 1X based mode this is not so criticial since supplicants that are no longer attached to the port will get removed upon the next reauthenticat...

Page 243: ...abled checkbox provides a quick way to globally enable disable RADIUS server assigned VLAN functionality When checked the individual ports ditto setting determine whether RADIUS assigned VLAN is enabl...

Page 244: ...ly enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes...

Page 245: ...se the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout shou...

Page 246: ...be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the ind...

Page 247: ...Access Accept packet no longer carries a QoS Class or it s invalid or the supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class...

Page 248: ...cept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for...

Page 249: ...s on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and...

Page 250: ...or successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthe...

Page 251: ...ve state Refer to NAS Admin State for a description of possible values Admin State The current state of the port Refer to NAS Port State for a description of the individual states Port State The sourc...

Page 252: ...5 Network Access Statistics This Page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RA...

Page 253: ...horized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X Direction Name IEEE Name Description Rx Total dot1xAuthEapolFrames Rx The number of valid EAPOL frames of any type that have bee...

Page 254: ...mitted by the switch Tx Request ID dot1xAuthEapolReqIdFr amesTx The number of EAPOL Request Identity frames that have been transmitted by the switch Tx Requests dot1xAuthEapolReqFra mesTx The number o...

Page 255: ...icates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAuth Successes 802 1X and MAC based Counts the number of times that the switch receives a...

Page 256: ...ation is available for the following administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Name IEEE Name Description MAC Address dot1xAuthLastEapolF rameSource The MAC add...

Page 257: ...attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters tabl...

Page 258: ...rs for the selected port This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client w...

Page 259: ...meout Retransmit is the number of times in the range 1 to 1000 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is cons...

Page 260: ...Object Description To delete a RADIUS server entry check this box The entry will be deleted during the next Save Delete The IP address or hostname of the RADIUS server Hostname The UDP port to use on...

Page 261: ...dead Timeout Dead Time The Dead Time which can be set to a number between 0 to 1440 minutes is the period during which the switch will not send new requests to a server that has failed to respond to a...

Page 262: ...use the global key Key Buttons Click to add a new TACACS server An empty row is added to the table and the TACACS server can be configured as needed Up to 5 servers are supported Click to undo the ad...

Page 263: ...is only reachable when more than one server is enabled RADIUS Accounting Server Status Overview Object Description The RADIUS server number Click to navigate to detailed statistics for this server Th...

Page 264: ...g for Server Overview Page Screenshot The Page includes the following fields RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB...

Page 265: ...formed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not...

Page 266: ...timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmissio...

Page 267: ...han one server is enabled Round Trip Time radiusAuthClient ExtRoundTripTim e The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request tha...

Page 268: ...e received from the server on the accounting port Rx Packets Dropped radiusAccClientExt PacketsDropped The number of RADIUS packets that were received from the server on the accounting port and droppe...

Page 269: ...of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and r...

Page 270: ...g Requests counter will not be cleared by this operation 4 11 10 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Industrial Managed Switch...

Page 271: ...Add New RADIUS Client on the Windows 2003 server Figure 4 11 12 Windows Server Add New RADIUS Client Setting 3 Assign the client IP address to the Industrial Managed Switch Figure 4 11 13 Windows Ser...

Page 272: ...4 11 14 Windows Server RADIUS Server Setting 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration Figure 4 11 15 802 1x Port Configuration 6 Create user data The establishment...

Page 273: ...GS 20040MT Figure 4 11 16 Windows 2003 AD Server Setting Path 7 Enter Active Directory Users and Computers create legal user data next right click a user what you created to enter properties and what...

Page 274: ...Add User Properties Screen Set the Port Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is an uplink port that is connected to another switch Or once...

Page 275: ...ent i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go to St...

Page 276: ...ure 4 11 20 7 Click OK 8 When client has associated with the Industrial Managed Switch a user authentication notice appears in system tray Click on the notice to continue Figure 4 11 21 Windows Client...

Page 277: ...User s Manual of IGS 20040MT 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 22 277...

Page 278: ...settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum...

Page 279: ...ly disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled Mode Aging Enabled If checked secured MAC addresses are subject to aging as...

Page 280: ...esponding resources are freed on the switch Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description The port num...

Page 281: ...n State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled...

Page 282: ...tion Check to delete the entry It will be deleted during the next apply Delete Indicates the VLAN ID for the access management entry VLAN ID Indicates the start IP address for the access management en...

Page 283: ...allowed remote host can access the switch Interface The received packets number from the interface under access management mode is enabled Receive Packets The allowed packets number from the interfac...

Page 284: ...Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation It only significant if HTTPS mode Enabled i...

Page 285: ...to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module deci...

Page 286: ...w this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one cho...

Page 287: ...ity service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user modu...

Page 288: ...he Page includes the following fields Object Description MAC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses...

Page 289: ...ock intruder on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on...

Page 290: ...operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Indicates...

Page 291: ...refresh the Page automatically Automatic refresh occurs every 3 seconds It will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No m...

Page 292: ...s enabled Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Port Mode Configuration M...

Page 293: ...11 appears Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The Page includes the following fields Object Description Check to delete the entry It will be deleted during the next sav...

Page 294: ...ing the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields will upon a Refresh button click assu...

Page 295: ...pection related configuration The ARP Inspection Configuration screen in Figure 4 12 13 appears Figure 4 12 13 ARP Inspection Configuration Screen Page Screenshot The Page includes the following field...

Page 296: ...nspection will refer to the VLAN setting Possible setting of Check VLAN are Enabled Enable check VLAN operation Disabled Disable check VLAN operation Only the Global Mode and Port Mode on a given port...

Page 297: ...e settings VLAN ID Allowed Source MAC address in ARP request packets MAC Address Allowed Source IP address in ARP request packets IP Address Buttons Click to add a new entry to the Static ARP Inspecti...

Page 298: ...lowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is show...

Page 299: ...he MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC...

Page 300: ...used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or...

Page 301: ...th the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refre...

Page 302: ...efresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Updates the table starting from...

Page 303: ...e and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpo...

Page 304: ...re the default TTL is 4 30 120 seconds Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the val...

Page 305: ...n the LLDP neighbours table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field Both the CDP and LLDP support system capabil...

Page 306: ...ount Object Description Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general In a...

Page 307: ...nsmission would be repeated The recommended value is 4 times given that 4 LLDP frames with a 1 second interval will be transmitted when an LLDP frame with new information is received It should be note...

Page 308: ...Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on water sea ocean Civic Addr...

Page 309: ...ce ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit stri...

Page 310: ...titude of network policies that frequently run on an aggregated link interior to the LAN Object Description Check to delete the policy It will be deleted during the next save Delete Policy ID ID for t...

Page 311: ...onditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network policies...

Page 312: ...es for the same network policies based on the authenticated user identity or port configuration Object Description The port number for which the configuration applies Port The set of policies that sha...

Page 313: ...Class is defined to build upon the capabilities defined for the previous Endpoint Device Class Fore example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also sup...

Page 314: ...at directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management LLDP M...

Page 315: ...ation type is using a tagged or an untagged VLAN Can be Tagged ot Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 200...

Page 316: ...in Figure 4 14 4 appears Figure 4 14 4 LLDP Neighbor Information Page Screenshot The Page includes the following fields Object Description The port on which the LLDP frame was received Local Port The...

Page 317: ...This could for instance hold the neighbor s IP address Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 sec...

Page 318: ...mber of LLDP frames received on the port Rx Frames The number of received LLDP frames containing some kind of error Rx Errors If an LLDP frame is received on a port and the switch s internal table has...

Page 319: ...s Click to refresh the Page immediately Clears the local counters All counters including global counters are cleared upon reboot Auto refresh Check this box to refresh the Page automatically Automatic...

Page 320: ...issues The Industrial Managed Switch transmit ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests o...

Page 321: ...eived or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears Figure 4 15 1 ICMP Ping Page Screenshot The Page includes the following fields Object Description The destination IP Addre...

Page 322: ...a reply The Page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMPv6 Ping screen in Figure 4 15 2 appears Figure 4 15 2 ICMPv6 Ping Page Screenshot...

Page 323: ...e transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The Page refreshes automatically until responses to all packets are received or until a timeout occurs...

Page 324: ...5 seconds If all ports are selected this can take approximately 15 seconds When completed the Page refreshes automatically and you can view the cable diagnostics results in the cable status table Note...

Page 325: ...n Open pair Short Shorted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair c...

Page 326: ...itch 4 16 1 Configuration This Page allows the user to inspect the current Loop Protection configurations and possibly change them as well screen in Figure 4 17 1 appears Figure 4 17 1 Loop Protection...

Page 327: ...until next device restart Shutdown Time Port Configuration Object Description The switch port number of the port Port Controls whether loop protection is enabled on this switch port Enable Configures...

Page 328: ...port number of the logical port Port The currently configured port action Action The currently configured port transmit mode Transmit The number of loops detected on this port Loops The current loop...

Page 329: ...ntation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upo...

Page 330: ...utput packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the sample...

Page 331: ...ing the rising and falling threshold Interval Indicates the particular variable to be sampled Variable The method of sampling the selected variable and calculating the value to be compared against the...

Page 332: ...of the event the possible types are none The total number of octets received on the interface including framing characters log The number of uni cast packets delivered to a higher layer protocol snmpt...

Page 333: ...RMON Event Overview Page Screenshot The Page includes the following fields Object Description Indicates the index of the event entry Event Index Indicates the index of the log entry Log Index Indicate...

Page 334: ...ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sa...

Page 335: ...packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were di...

Page 336: ...ly displayed 4 17 7 RMON Statistics Configuration Configure RMON Statistics table on this Page The entry index key is ID screen in Figure 4 17 7 appears Figure 4 17 7 RMON Statistics Configuration Pag...

Page 337: ...ets were dropped by the probe due to lack of resources Drop The total number of octets of data including those in bad packets received on the network Octets The total number of packets including bad p...

Page 338: ...packets including bad packets received that were between 256 to 511 octets in length 256 511 The total number of packets including bad packets received that were between 512 to 1023 octets in length 5...

Page 339: ...E 1588 is designed for local systems requiring accuracies beyond those attainable using NTP It is also designed for applications that cannot bear the cost of a GPS receiver at each node or for which G...

Page 340: ...Device Type In a unicast Slave only clock you also need configure which master clocks to request Announce and Sync messages from See Unicast Slave configuration VLAN Tag Enable Enables the VLAN taggi...

Page 341: ...k Identity Dom Clock domain 0 127 Clock Quality The clock quality is determined by the system and holds 3 parts Clock Class Clock Accuracy and OffsetScaledLog Variance as defined in IEEE1588 The Clock...

Page 342: ...t It is observed parent offset scaled log variance Var Observed Parent Clock Phase Change Rate i e the slave clocks rate offset compared to the master unit ns per s Change Rate Grand Master Identity C...

Page 343: ...eriod for the sync message Comm State The state of the communication with the master possible values are IDLE The entry is not in use INIT Announce is sent to the master Waiting for a response CONN Th...

Page 344: ...function and two ports should be assigned as the member ports in the ERPS Only one switch in the Ring group would be set as the RPL owner switch that one port would be blocked called owner port and P...

Page 345: ...EVC Domain Flow Instance is a EVC Mpls Future use Mode MEP This is a Maintenance Entity End Point MIP This is a Maintenance Entity Intermediate Point Direction Ingress This is a Ingress down MEP monit...

Page 346: ...ge allows the user to inspect and configure the current MEP Instance screen in Figure 4 19 2 appears Figure 4 19 2 Detail MEP configuration page screenshot The page includes the following fields Insta...

Page 347: ...P ID MEP Id Fault Cause indicating that a CCM is received with a lower level than the configured for this MEP cLevel Fault Cause indicating that a CCM is received with a MEG ID different from configur...

Page 348: ...s transmitted as Multi cast Class 1 Enable Priority The priority to be inserted as PCP bits in TAG if any In case of enable of Continuity Check and Loss Measurement both implemented on SW based CCM Pr...

Page 349: ...smitted as R APS this is for ERPS L APS APS PDU is transmitted as L APS this is for ELPS This is the last octet of the transmitted and expected RAPS multi cast MAC In G 8031 03 2010 a RAPS multi cast...

Page 350: ...Port 1 SF MEP is associated with this instance Port 1 SF MEP The Port 0 APS PDU handling MEP Port 0 APS MEP The Port 1 APS PDU handling MEP As only one APS MEP is associated with interconnected sub r...

Page 351: ...on The ID of the Protection group ERPS ID See help on ERPS create WEB Port 0 See help on ERPS create WEB Port 1 See help on ERPS create WEB Port 0 SF MEP See help on ERPS create WEB Port 1 SF MEP See...

Page 352: ...causing a protection switch has cleared the traffic channel is restored to the working transport entity i e blocked on the RPL In Non Revertive mode the traffic channel continues to use the RPL if it...

Page 353: ...conds WTR Remaining APS is received on the working flow RPL Un blocked RAPS PDU is not received from the other end No APS Received Block status for Port 0 Both traffic and R APS block status R APS cha...

Page 354: ...The page includes the following fields Object Description Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 All Switch Numbers The switch where you are req...

Page 355: ...tch ID Port MEP ID RPL Type VLAN Group Port 1 1 None 3001 Switch 1 Port 2 2 Owner 3001 Port 1 4 None 3001 Switch 2 Port 2 3 Neighbour 3001 Port 1 6 None 3001 Switch 3 Port 2 5 None 3001 Table 4 2 ERPS...

Page 356: ...2 directly don t connect to port 1 2 Logging on the Switch 2 and click Ring Ring Wizard Set All Switch Number 3 and Number ID 2 click Next button to set the ERPS configuration for Switch 2 Set MEP3 Po...

Page 357: ...gether in the ring topology before configuring the end of ERPS Follow the configuration or ERPS wizard to connect the Switch 1 2 3 together to establish ERPS application MEP2 MEP3 Switch1 Port2 Switch...

Page 358: ...then this packet will be filtered Thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward In...

Page 359: ...ssible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and cap...

Page 360: ...also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed...

Page 361: ...10 100Base TX When connecting your Switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That m...

Page 362: ...Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown SIDE 2 8 Brown Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 2 3 4 5 6...

Page 363: ...the manual ACL configuration ACL Access Control List The web Page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on o...

Page 364: ...al in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for hig...

Page 365: ...ta converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both encipherin...

Page 366: ...esent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the fourth by...

Page 367: ...runed from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when m...

Page 368: ...ies or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X IEEE 802 1X is an IEEE standard for port based Network...

Page 369: ...otocol address and this IP address is used to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 b...

Page 370: ...ectivity in the network Can be used as a switch criteria by EPS M MAC Table Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC address...

Page 371: ...k Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied cr...

Page 372: ...TLVs is disabled the corresponding information is not included in the LLDP frame OUI OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor...

Page 373: ...service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail on the server and for organizing it in folders on the serve...

Page 374: ...thod to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay...

Page 375: ...s for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Microsoft...

Page 376: ...tting up each switch to perform shortest path forwarding within the stack SSID Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A c...

Page 377: ...ge or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembli...

Page 378: ...e TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses...

Page 379: ...is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we...

Page 380: ...nterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed compu...

Page 381: ...000 3 2 2006 A2 2009 EN 61000 3 3 2008 EN 55024 2010 EN 61000 4 2 2009 EN 61000 4 3 2006 A2 2010 EN 61000 4 4 2012 EN 61000 4 5 2006 EN 61000 4 6 2009 EN 61000 4 8 2010 EN 61000 4 11 2004 Responsible...

Reviews: