manualshive.com logo in svg

Planet XGSW-28040HP, User Manual

Share
Download
Planet XGSW-28040HP User Manual Download Page 245

User’s  Manual  of  XGSW-28040HP 

 

 

245 

 

Selected Counters

 

Object 

Description 

 

Selected Counters 

The Selected Counters table is visible when the port is one of the following 

administrative states: 

■ 

Multi 802.1X 

■ 

MAC-based Auth

The table is identical to and is placed next to the Port Counters table, and will be empty if 

no MAC address is currently selected. To populate the table, select one of the attached 

MAC Addresses from the table below. 

 

Attached MAC Address

 

Object 

Description 

 

Identity 

Shows the identity of the supplicant, as received in the Response Identity EAPOL frame.

Clicking the link causes the supplicant's EAPOL and Backend Server counters to be 

shown in the Selected Counters table. If no supplicants are attached, it shows No 

supplicants attached. 

This column is not available for MAC-based Auth. 

 

MAC Address 

For Multi 802.1X, this column holds the MAC address of the attached supplicant. 

For MAC-based Auth., this column holds the MAC address of the attached client. 

Clicking the link causes the client's Backend Server counters to be shown in the 

Selected Counters table. If no clients are attached, it shows No clients attached.   

 

VLAN ID 

This column holds the VLAN ID that the corresponding client is currently secured 

through the Port Security module. 

 

State 

The client can either be authenticated or unauthenticated. In the authenticated state, it is 

allowed to forward frames on the port, and in the unauthenticated state, it is blocked. As 

long as the backend server hasn't successfully authenticated the client, it is 

unauthenticated. If an authentication fails for one or the other reason, the client will 

remain in the unauthenticated state for Hold Time seconds. 

 

Last Authentication 

Shows the date and time of the last authentication of the client (successful as well as 

unsuccessful). 

 

Buttons 

Auto-refresh 

: Check this box to refresh the Page automatically. Automatic refresh occurs every 3 seconds. 

Click to refresh the Page immediately. 

: This button is available in the following modes: 

• Force Authorized 

Summary of Contents for XGSW-28040HP

Page 1: ......

Page 2: ...de reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not install...

Page 3: ...ons 23 2 1 3 Switch Rear Panel 25 2 2 Installing the Switch 26 2 2 1 Desktop Installation 26 2 2 2 Rack Mounting 27 2 2 3 Installing the SFP SFP Transceiver 28 3 SWITCH MANAGEMENT 32 3 1 Requirements...

Page 4: ...Configuration Upload 67 4 2 21 Configuration Activate 67 4 2 22 Configuration Delete 68 4 2 23 Image Select 68 4 2 24 Factory Default 69 4 2 25 System Reboot 70 4 3 Simple Network Management Protocol...

Page 5: ...ng between two 802 1Q aware switches 120 4 6 8 3 Port Isolate 123 4 6 9 MAC based VLAN 124 4 6 10 MAC based VLAN Status 125 4 6 11 Protocol based VLAN 126 4 6 12 Protocol based VLAN Membership 128 4 7...

Page 6: ...rt Policing 180 4 9 3 Port Classification 181 4 9 4 Port Scheduler 183 4 9 5 Port Shaping 184 4 9 5 1 QoS Egress Port Schedule and Shapers 185 4 9 6 Port Tag Remarking 186 4 9 6 1 QoS Egress Port Tag...

Page 7: ...Port Limit Control 266 4 12 2 Access Management 270 4 12 3 Access Management Statistics 271 4 12 4 HTTPs 272 4 12 5 SSH 272 4 12 6 Port Security Status 273 4 12 7 Port Security Detail 276 4 12 8 DHCP...

Page 8: ...e Check Configuration 326 4 16 10 Port Power Consumption 328 4 17 Loop Protection 329 4 17 1 Configuration 329 4 17 2 Loop Protection Status 331 4 18 RMON 332 4 18 1 RMON Alarm Configuration 332 4 18...

Page 9: ...4 Store and Forward 357 5 5 Auto Negotiation 358 6 Power over Ethernet Overview 359 7 TROUBLESHOOTING 361 APPENDIX A Networking Connection 362 A 1 PoE RJ 45 Port Pin Assignments 362 A 2 Switch s Data...

Page 10: ...Layer3 IPv4 IPv6 Static Routing Managed Switch is used as an alternative name in this user s manual 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contai...

Page 11: ...the transmission speed required to extend the network efficiently With its 4 port 10G Ethernet link capability the XGSW 28040HP provides broad bandwidth and powerful processing capacity Centralized P...

Page 12: ...ert Though most NVR or camera management software offers SMTP email alert function the XGSW 28040HP further provides event alert function to help to diagnose the abnormal device owing to whether or no...

Page 13: ...P constructs the IPv6 FTTx edge network IPv4 and IPv6 VLAN Routing for Secure and Flexible Management To help customers stay on top of their businesses the XGSW 28040HP switch not only provides ultra...

Page 14: ...e Management The XGSW 28040HP Managed Switch is equipped with console WEB and SNMP management interfaces With the built in Web based management interface the XGSW 28040HP offers an easy to use platfor...

Page 15: ...f the Managed Switch Section 4 WEB CONFIGURATION The section explains how to manage the Managed Switch by Web interface Section 5 SWITCH OPERATION The chapter explains how to do the switch operation o...

Page 16: ...etween ports Remote power feeding up to 100 meters PoE Management Total PoE power budget control Per port PoE function enable disable PoE Port Power feeding priority Per PoE port power limitation PD c...

Page 17: ...Rate Limit per port bandwidth control 8 priority queues on all switch ports Traffic classification IEEE 802 1p CoS TOS DSCP IP Precedence of IPv4 IPv6 packets IP TCP UDP port number Typical network ap...

Page 18: ...statistics alarms and events IPv6 Address NTP management Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment Firmware upload download via HTTP TFTP DHCP Relay...

Page 19: ...for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default Dimensions W x D x H 440 x 300 x 44 5 mm 1U height Weight 4887g LED System PWR Green SYS Green Ring Green...

Page 20: ...id Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol QoS Traffic classification based Strict priority and WRR 8 Level priority for switching Port Number 802 1p priority 802 1Q VL...

Page 21: ...t IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1D Spanning tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple spanning tree protocol I...

Page 22: ...RJ 45 Twist Pair Up to 100 meters SFP slot 100 1000Base X mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meters to 2km multi mode fiber up to above 10 20 30 40 50 70 120 kilome...

Page 23: ...cations The front panel LEDs indicate instant status of power and system status fan status port links PoE in use and data activity they help monitor and troubleshoot when needed Figure 2 1 2 shows the...

Page 24: ...indicate the port is successfully established at 1000Mbps 1000 LNK ACT Green Blink To indicate that the Switch is actively sending or receiving data over that port Lights To indicate the port is succ...

Page 25: ...V AC and 50 60 Hz Plug the female end of the power cord firmly into the receptalbe on the rear panel of the Managed Switch Plug the other end of the power cord into an electric service outlet and the...

Page 26: ...esktop or the shelf near an AC power source as shown in Figure 2 2 1 Figure 2 2 1 Place the Managed Switch on the Desktop Step 3 Keep enough ventilation space between the Managed Switch and the surrou...

Page 27: ...itioned towards the front side Step 2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 2 2 shows how to attach brackets to one sid...

Page 28: ...power to the Managed Switch 2 2 3 Installing the SFP SFP Transceiver The sections describe how to insert an SFP SFP transceiver into an SFP SFP slot The SFP SFP transceivers are hot pluggable and hot...

Page 29: ...avelength RX Operating Temp MFB FA20 100 WDM LC Single Mode 20km 1310nm 1550nm 0 60 MFB FB20 100 WDM LC Single Mode 20km 1550nm 1310nm 0 60 MFB TFA20 100 WDM LC Single Mode 20km 1310nm 1550nm 40 75 MF...

Page 30: ...e 60km 1310nm 1550nm 40 75 MGB TLB60 1000 WDM LC Single Mode 60km 1550nm 1310nm 40 75 10Gigabit Ethernet Transceiver 10GBase X SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength n...

Page 31: ...h some fiber NICs or Media Converters user has to set the port Link mode to 10GForce 1000 Force or 100 Force Remove the Transceiver Module 1 Make sure there is no network activity anymore 2 Remove the...

Page 32: ...rview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations running Windows 2000 XP 2003 Vista 7 8 2008 MAC OS9 or later...

Page 33: ...nctionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near the switch or use dial up connection Not convenient for remote users Modem connection may pro...

Page 34: ...itch s console serial port Figure 3 1 1 Console Management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emul...

Page 35: ...aged Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your I...

Page 36: ...nt Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default getting and setting community strin...

Page 37: ...ption for the devices 2 After setup is completed press Update Device Update Multi or Update All button to take effect The meaning of the 3 buttons above are shown as below Update Device use current se...

Page 38: ...configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192...

Page 39: ...creen in Figure 4 1 2 appears Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen appears as shown in Figure 4 1 3 Figure...

Page 40: ...4 1 Main Web Page The Managed Switch provides a Web based browser interface for configuring and managing it This interface allows you to access the Managed Switch using the Web browser of your choice...

Page 41: ...s manage and control the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can set up the Managed Switch by selecting the functions those listed i...

Page 42: ...his Page provides statistics for DHCP relay CPU Load This Page displays the CPU load using an SVG graph System Log The Managed Switch system log information is provided here Detailed Log The Managed S...

Page 43: ...figured in SNMP System Information System Name Location The system location configured in SNMP System Information System Location MAC Address The MAC Address of this Managed Switch Temperature Indicat...

Page 44: ...IP configuration Object Description Mode Configure whether the IP stack should act as a Host or a Router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed...

Page 45: ...bits for a IPv4 address Address Provide the IP address of this Managed Switch A IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating...

Page 46: ...he entry This may be LINK or IPv4 Address The current address of the interface of the given type IP Interfaces Status The status flags of the interface and or address Network The destination IP networ...

Page 47: ...ser The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege...

Page 48: ...fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By...

Page 49: ...4 2 6 User Configuration Page Screenshot If you forget the new password after changing the default password please press the Reset button on the front panel of the Managed Switch for over 10 seconds...

Page 50: ...ivilege levels After setup is completed please press Apply button to take effect Please login web interface with new user name and password and the screen in Figure 4 2 7 appears Figure 4 2 7 Privileg...

Page 51: ...Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every privile...

Page 52: ...a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it ca...

Page 53: ...e zone Range Up to 16 characters Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Dis...

Page 54: ...y and revert to previously saved values 4 2 8 UPnP Configure UPnP on this Page UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simpli...

Page 55: ...ment message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it...

Page 56: ...in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes representing the VLAN ID The parameter of module_id is the third byte for the module ID in standal...

Page 57: ...When enabling DHCP relay information mode operation if agent receives a DHCP message that already contains relay agent information It will enforce the policy And it only works under DHCP relay informa...

Page 58: ...Receive Bad Remote ID The packets number that the Remote ID option did not match known Remote ID Client Statistics Object Description Transmit to Client The packets number that relayed packets from se...

Page 59: ...st support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support S...

Page 60: ...system log Error Error level of the system log All All levels Clear Level To clear the system log entry level The following level types are supported Info Information level of the system log Warning...

Page 61: ...ed Log screen in Figure 4 2 16 appears Figure 4 2 15 Detailed Log Page Screenshot The Page includes the following fields Object Description ID The ID 1 of the system log entry Message The message of t...

Page 62: ...back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled E...

Page 63: ...ation Controls whether SMTP authentication is enabled If authentication is required when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable A...

Page 64: ...the system would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file with upload status 5 Once the software is loade...

Page 65: ...4 2 21 appears Figure 4 2 20 TFTP Firmware Update Page Screenshot The Page includes the following fields Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The n...

Page 66: ...RAM based or stored in flash on the switch There are three system files running config A virtual file that represents the currently active configuration on the switch This file is volatile startup co...

Page 67: ...current configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system...

Page 68: ...ow Figure 4 2 27 Configuration Delete Page Screenshot 4 2 23 Image Select This Page provides information about the active and alternate backup firmware images in the device and allows you to revert to...

Page 69: ...he version of the firmware image Date The date where the firmware was produced Buttons Click to use the alternate image This button may be disabled depending on system state 4 2 24 Factory Default You...

Page 70: ...m Reboot The Reboot Page enables the device to be rebooted from a remote location Once the Reboot button is pressed user have to re login the WEB interface about 60 seconds later the System Reboot scr...

Page 71: ...lor displays substantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elements They collect and...

Page 72: ...SNMP trap on this Page System Information The system information is provided here SNMPv3 Communities Configure SNMPv3 communities table on this Page SNMPv3 Users Configure SNMPv3 users table on this...

Page 73: ...unity Indicates the community write access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is appli...

Page 74: ...lowed content is ASCII characters from 33 to 126 Trap Mode Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation T...

Page 75: ...onds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Trap Probe Security Engine I...

Page 76: ...fields Object Description System Contact The textual identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 t...

Page 77: ...try It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII chara...

Page 78: ...try s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can commun...

Page 79: ...ol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol DES An optional flag to indicate that this user using DES authentication pro...

Page 80: ...A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new gro...

Page 81: ...o the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Buttons Click to add a new view entry Click to apply changes Click to undo any changes made...

Page 82: ...ication and none privacy Auth Priv Authentication and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string...

Page 83: ...Information Display SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This Page displays current port configurations Ports can also be configured her...

Page 84: ...s selected that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx...

Page 85: ...transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The num...

Page 86: ...iled Port Statistics Port 1 Page Screenshot The Page includes the following fields Receive Total and Transmit Total Object Description Rx and Tx Packets The number of received and transmitted good and...

Page 87: ...er of short frames received with invalid CRC Rx Jabber The number of long frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Short frames are...

Page 88: ...4 SFP Module Information for Switch Page Screenshot The Page includes the following fields Object Description Type Display the type of current SFP module the possible types are 10GBase SR 10GBase LR...

Page 89: ...ut via SNMP Trap Auto refresh Check this box to enable an automatic refresh of the Page at regular intervals Click to apply changes Click to undo any changes made locally and revert to previously save...

Page 90: ...e copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destinat...

Page 91: ...mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames rec...

Page 92: ...ber types provided they operate at the same speed Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggrega...

Page 93: ...Link aggregation Configuration menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that The ports used in a link aggregation must all be of the sa...

Page 94: ...rts for IPv4 packets Normally all 5 contributions to the aggregation code should be enabled to obtain the best traffic distribution among the link aggregation member ports Each link aggregation may co...

Page 95: ...the destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Static Aggregation Group Configuration The Aggrega...

Page 96: ...orts located on a different device LACP allows switches connected to each other to discover automatically whether any ports are member of the same LAG This Page allows the user to inspect the current...

Page 97: ...gation group while ports with different keys cannot The default setting is Auto Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait f...

Page 98: ...ation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key...

Page 99: ...d the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s...

Page 100: ...LACP Statistics Page Screenshot The Page includes the following fields Object Description Port The switch port number LACP Received Shows how many LACP frames have been sent from each port LACP Transm...

Page 101: ...he broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing...

Page 102: ...ch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Pa...

Page 103: ...information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bit 12 bits TPID Tag Protocol Identifier TCI Tag Control Information 2 bytes 2 bytes Preamb...

Page 104: ...onnected to a tag aware device the packet should be tagged Default VLANs The Switch initially configures one VLAN VID 1 called default The factory default setting assigns all ports on the Switch to th...

Page 105: ...derstand nomenclature of the Switch IEEE 802 1Q Tagged and Untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged Tagged Ports with tagging enabled will put the VID...

Page 106: ...VLAN limit of 4096 The Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic from numerous independent customer LANs into t...

Page 107: ...ld By default only VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specified with a dash separating the lower and up...

Page 108: ...r of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged and C tagged frames Discards all frames that are not classified to the Access VLAN On egress all frames classifie...

Page 109: ...iority tagged VLAN ID 0 On egress frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN The Port VLAN is called an Access VLAN for ports in Acc...

Page 110: ...low for changing the type of frames that are accepted on ingress Tagged and Untagged Both tagged and untagged frames are accepted Tagged Only Only tagged frames are accepted on ingress Untagged frames...

Page 111: ...come a member of all possible VLANs The port must be a member of the same VLAN as the Port VLAN ID Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved...

Page 112: ...ort is included in a Forbidden port list an image will be displayed If a port is included in a Forbidden port list and dynamic VLAN user register VLAN on same Forbidden port then conflict port will be...

Page 113: ...port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress...

Page 114: ...c refresh occurs every 3 seconds Click to refresh the Page immediately 4 6 6 Private VLAN The Private VLAN membership configurations for the switch can be monitored and modified here Private VLANs can...

Page 115: ...message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The Private VLAN is enabled when you click Save The Delete button can be used to...

Page 116: ...VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promisc...

Page 117: ...VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Buttons Click to apply changes Click...

Page 118: ...ate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 8 appears and Table 4 6 9 describes the port configuration of the Managed Switches F...

Page 119: ...ipped away it tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will receive...

Page 120: ...ANs column Change Port 6 Mode as Trunk and Selects Egress Tagging as Tag All and Types 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 11 appears Figure 4 6 11 Check VLAN 2...

Page 121: ...up Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Figure 4 6 13 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2...

Page 122: ...ping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member port...

Page 123: ...ed and promiscuous ports and the each PC is not able to access the isolated port of each other s PCs But they all need to access with the same server AP Printer This section will show you how to confi...

Page 124: ...ed here This Page allows for adding and deleting MAC based VLAN entries and assigning the entries to different ports This Page shows only static entries The MAC based VLAN screen in Figure 4 6 18 appe...

Page 125: ...nabled when you click on Save A MAC based VLAN without any port members will be deleted when you click Save The Delete button can be used to undo the addition of new MAC based VLANs Buttons Click to a...

Page 126: ...h Group mapping entries as well as allow you to see and delete already mapped entries for the switch The Protocol based VLAN screen in Figure 4 6 20 appears Figure 4 6 20 Protocol to Group Mapping Tab...

Page 127: ...is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of P...

Page 128: ...existing mapping entry on this Page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each...

Page 129: ...blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users Ho...

Page 130: ...might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pas...

Page 131: ...pt BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the...

Page 132: ...and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states wait...

Page 133: ...n setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _ 2 x Hello Time 1 second Port Priority A Port Priority can be from 0 to 240 The lower the number the greater the probabilit...

Page 134: ...User s Manual of XGSW 28040HP 134 Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used Figure 4 7 3 After Applying the STA Rules...

Page 135: ...TP system settings The settings are used by all STP Bridge instances in the Switch or Switch Stack The Managed Switch support the following Spanning Tree protocols Compatiable Spanning Tree Protocol S...

Page 136: ...2 1 Maximum 30 Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Default 20 Minimum The higher of 6 or 2 x H...

Page 137: ...control packet Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 7 3 Bridge Status This Page provides a status overview for all STP bridge i...

Page 138: ...to refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately 4 7 4 CIST Port Configuration This Page allows the user to in...

Page 139: ...has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set...

Page 140: ...E 8021w standard exceeds 65 535 the default is set to 65 535 Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2...

Page 141: ...creenshot The Page includes the following fields Object Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numeric...

Page 142: ...eenshot The Page includes the following fields Configuration Identification Object Description Configuration Name The name identifiying the VLAN to MSTI mapping Bridges must share the name and revisio...

Page 143: ...lows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for...

Page 144: ...STP CIST and MSTI port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Usin...

Page 145: ...y and revert to previously saved values 4 7 8 Port Status This Page displays the STP CIST port status for port physical ports in the currently selected switch The STP Port Status screen in Figure 4 7...

Page 146: ...tatistics This Page displays the STP port statistics counters for port physical ports in the currently selected switch The STP Port Statistics screen in Figure 4 7 12 appears Figure 4 7 12 STP Statist...

Page 147: ...of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Auto refresh Automatic refres...

Page 148: ...ers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group f...

Page 149: ...User s Manual of XGSW 28040HP 149 Figure 4 8 2 Multicast Flooding Figure 4 8 3 IGMP Snooping Multicast Stream Control...

Page 150: ...s to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A...

Page 151: ...traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propaga...

Page 152: ...leted during the next save Profile Name The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one al...

Page 153: ...ure 4 8 6 appears Figure 4 8 6 IPMC Profile Address Configuration Page The Page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted d...

Page 154: ...fields Updates the table starting from the first entry in the IPMC Profile Address Configuration Updates the table starting with the entry after the last entry currently displayed 4 8 4 IGMP Snooping...

Page 155: ...hernet switch that leads towards the Layer 3 multicast device or IGMP querier The Switch forwards IGMP join or leave packets to an IGMP router port Auto Select Auto to have the Managed Switch automati...

Page 156: ...e next save VLAN ID The VLAN ID of the entry IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected Querier Election Enable the IGMP Querier election in the VLAN Di...

Page 157: ...10 seconds LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowe...

Page 158: ...file can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded...

Page 159: ...ew button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 7 IGMP Snooping Status This Page provides IGMP Snooping status The IGMP Snoopi...

Page 160: ...s the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicate whether specific port is a router po...

Page 161: ...in the IGMP SSM Information Table are shown on this Page The IGMP SSM Information Table is sorted first by VLAN ID then by group and then by Port No Diffrent source addresses belong to the same group...

Page 162: ...ber of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address fro...

Page 163: ...gure 4 8 13 MLD Snooping Configuration Page Screenshot The Page includes the following fields Object Description Snooping Enabled Enable the Global MLD Snooping Unregistered IPMCv6 Flooding enabled En...

Page 164: ...as a router port The allowed selection is Auto Fix Fone default compatibility value is Auto Fast Leave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to whi...

Page 165: ...tness variable value is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds...

Page 166: ...o assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses but only one...

Page 167: ...ings Filtering Group Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply chan...

Page 168: ...er Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Querier Transmitted The number of Transmitted Querier Querier Received The numb...

Page 169: ...tion Entries in the MLD Group Table are shown on this Page The MLD Group Table is sorted first by VLAN ID and then by group Each Page shows up to 99 entries from the MLD Group table default being 20 s...

Page 170: ...to 99 entries from the MLD SFM Information table default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginning of...

Page 171: ...c group address from the source IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the input fields...

Page 172: ...configured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports t...

Page 173: ...ject Description MVR Mode Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding cont...

Page 174: ...mpatible mode MVR membership reports are forbidden on source ports The default is Dynamic mode Tagging Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged with MVR...

Page 175: ...t Buttons Click to add new MVR VLAN Specify the VID and configure the new entry Click Save Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 17 MV...

Page 176: ...le is sorted first by VLAN ID and then by group Each Page shows up to 99 entries from the MVR Group table default being 20 selected through the entries per Page input field When first visited the web...

Page 177: ...addresses belong to the same group are treated as single entry Each Page shows up to 99 entries from the MVR SFM Information Table default being 20 selected through the entries per Page input field Wh...

Page 178: ...Source Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 IPv6 addres...

Page 179: ...assifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then gro...

Page 180: ...e policer is enabled on this switch port Rate Controls the rate for the policer This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbp...

Page 181: ...ds Object Description Port The port number for which the configuration below applies CoS Controls the default class of service All frames are classified to a CoS There is a one to one mapping between...

Page 182: ...d to the PCP value in the tag Otherwise the frame is classified to the default PCP value DEI Controls the default DEI value All frames are classified to a DEI value If the port is VLAN aware and the f...

Page 183: ...ars Figure 4 9 3 QoS Egress Port Schedule Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port n...

Page 184: ...QoS Egress Port Shapers Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to...

Page 185: ...ode is Strict Priority or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the q...

Page 186: ...e is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps The default value is 500 Port Shaper Unit Controls the unit of measure for the port shaper ra...

Page 187: ...configured on this Page The QoS Egress Port Tag Remarking sscreen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarking Page Screenshot The Page includes the following fields Object Descr...

Page 188: ...The Port coulmn shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for ind...

Page 189: ...er is remapped and frame is remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and...

Page 190: ...S Ingress Classification Page Screenshot The Page includes the following fields Object Description DSCP Maximum number of support ed DSCP values are 64 Trust Controls whether a specific DSCP value is...

Page 191: ...tion screen in Figure 4 9 10 appears Figure 4 9 10 DSCP Translation Page Screenshot The Page includes the following fields Object Description DSCP Maximum number of supported DSCP values are 64 and va...

Page 192: ...to remap DSCP value ranges form 0 to 63 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 10 DSCP Classification This Page allows you to m...

Page 193: ...QoS Control List screen in Figure 4 9 12 appears Figure 4 9 12 QoS Control List Configuration Page Screenshot The Page includes the following fields Object Description QCE Indicates the index of QCE...

Page 194: ...type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE wil...

Page 195: ...iscribed as below DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any SMAC Source MAC address 24 MS bits OUI or Any Tag Value of Tag field can be Any Untag o...

Page 196: ...decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP I...

Page 197: ...ers Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch The QoS Co...

Page 198: ...a QCE may not be available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on...

Page 199: ...l is enabled on this switch port Rate Controls the rate for the storm control The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 13...

Page 200: ...hich the configuration below applies Enable Controls whether RED is enabled for this queue Min Threshold Controls the lower RED threshold If the average queue filling level is below this threshold the...

Page 201: ...ed with Drop Precedence Level 0 are never dropped Min Threshold is the average queue filling level where the queues randomly start dropping frames The drop probability for frames marked with Drop Prec...

Page 202: ...The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Q0 Q7 There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx...

Page 203: ...nd schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID...

Page 204: ...tes the Voice VLAN traffic class All traffic on Voice VLAN will apply this class Mode Indicates the Voice VLAN port mode Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detec...

Page 205: ...iption Delete Check to delete the entry It will be deleted during the next save Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 charact...

Page 206: ...cess permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different paramet...

Page 207: ...rt Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displa...

Page 208: ...ues are All The ACE will match all ingress port Port The ACE will match a specific ingress port Policy Bitmask Indicates the policy number and bitmask of the ACE Frame Type Indicates the frame type of...

Page 209: ...disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts...

Page 210: ...ct the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the policy numb...

Page 211: ...wed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same...

Page 212: ...filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears DMAC Value When Specific is selected for the DMAC filter you can enter a specific de...

Page 213: ...der IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IP Mask When Network is selected for the sender IP...

Page 214: ...value is allowed don t care Ethernet Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 1 A...

Page 215: ...E No IPv4 frames where the options flag is set must not be able to match this entry Yes IPv4 frames where the options flag is set must be able to match this entry Any Any value is allowed don t care S...

Page 216: ...lds for defining TCP parameters will appear These fields are explained later in this help file Next Header Value When Specific is selected for the IPv6 next header value you can enter a specific value...

Page 217: ...ange is 0 to 255 A frame that hits this ACE matches this ICMP value ICMP Code Filter Specify the ICMP code filter for this ACE Any No ICMP code filter is specified ICMP code filter status is don t car...

Page 218: ...P destination range value A field for entering a TCP UDP destination value appears TCP UDP Destination Number When Specific is selected for the TCP UDP destination filter you can enter a specific TCP...

Page 219: ...here the URG field is set must be able to match this entry Any Any value is allowed don t care Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is...

Page 220: ...The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Action Select whether forwardi...

Page 221: ...s received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The allowed values are Enabled To reopen po...

Page 222: ...s Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot The Page includes the following fields Object Description Rate Limiter ID The rate limiter ID for the settings contained in the same row...

Page 223: ...tication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traff...

Page 224: ...re or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management acce...

Page 225: ...Secure Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Swit...

Page 226: ...tity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the...

Page 227: ...ecause no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication s...

Page 228: ...ly and revert to previously saved values 4 11 3 Network Access Server Configuration This Page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802...

Page 229: ...Access Server Configuration Page Screenshot The Page includes the following fields System Configuration Object Description Mode Indicates if NAS is globally enabled or disabled on the switch If globa...

Page 230: ...ing applies to the following modes i e modes using the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module t...

Page 231: ...rt When unchecked RADIUS server assigned QoS Class is disabled for all ports RADIUS Assigned VLAN Enabled RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully au...

Page 232: ...nly enter the Guest VLAN if an EAPOL frame has not been received on the port for the life time of the port If enabled checked the switch will consider entering the Guest VLAN even if an EAPOL frame ha...

Page 233: ...dication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two backend servers are enabled a...

Page 234: ...tion MAC address for EAPOL frames sent from the switch towards the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch u...

Page 235: ...only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality RADIUS Assigned QoS Enabled W...

Page 236: ...y be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X For trouble shooting...

Page 237: ...d the switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleared if the port link goes down or the port s Admin State is changed and...

Page 238: ...ill not cause settings changed on the Page to take effect Reauthenticate Schedules a reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based authent...

Page 239: ...te The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based...

Page 240: ...ed ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed The Network Access Statistics screen in Figu...

Page 241: ...ot1xAuthEapolFrames Rx The number of valid EAPOL frames of any type that have been received by the switch Rx Response ID dot1xAuthEapolRespId FramesRx The number of valid EAPOL Response Identity frame...

Page 242: ...that have been transmitted by the switch Tx Requests dot1xAuthEapolReqFra mesTx The number of valid EAPOL Request frames other than Request Identity frames that have been transmitted by the switch Th...

Page 243: ...ot1xAuthBackendAuth Successes 802 1X and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the b...

Page 244: ...nistrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Name IEEE Name Description MAC Address dot1xAuthLastEapolF rameSource The MAC address of the last supplicant client VLAN I...

Page 245: ...based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached...

Page 246: ...rs and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear only the currently...

Page 247: ...only if more than one server has been configured Key The secret key up to 63 characters long shared between the RADIUS server and the switch NAS IP Address The IPv4 address to be used as attribute 4...

Page 248: ...ill use the global key Buttons Click to add a new RADIUS server An empty row is added to the table and the RADIUS server can be configured as needed Up to 5 servers are supported Click to undo the add...

Page 249: ...ver has been configured Key The secret key up to 63 characters long shared between the TACACS server and the switch Server Configuration The table has one row for each TACACS server and a number of co...

Page 250: ...following fields RADIUS Authentication Server Status Overview Object Description The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP po...

Page 251: ...ver This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communica...

Page 252: ...nting for Server Overview Page Screenshot The Page includes the following fields RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client...

Page 253: ...malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are...

Page 254: ...t yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransm...

Page 255: ...ore than one server is enabled Round Trip Time radiusAuthClient ExtRoundTripTim e The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Reques...

Page 256: ...were received from the server on the accounting port Rx Packets Dropped radiusAccClientExt PacketsDropped The number of RADIUS packets that were received from the server on the accounting port and dr...

Page 257: ...one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up...

Page 258: ...server The Pending Requests counter will not be cleared by this operation 4 11 10 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed s...

Page 259: ...40HP 259 2 Add New RADIUS Cleint on the Windows 2003 server Figure 4 11 12 Windows Server Add New RADIUS Client Setting 3 Assign the client IP address to the Managed Switch Figure 4 11 13 Windows Serv...

Page 260: ...4 11 14 Windows Server RADIUS Server Setting 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration Figure 4 11 15 802 1x Port Configuration 6 Create user data The establishment...

Page 261: ...GSW 28040HP 261 Figure 4 11 16 Windows 2003 AD Server Setting Path 7 Enter Active Directory Users and Computers create legal user data next right click a user what you created to enter properties and...

Page 262: ...18 Add User Properties Screen Set the Port Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is an uplink port that is connected to another switch Or o...

Page 263: ...s client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go...

Page 264: ...HP 264 Figure 4 11 20 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue Figure 4 11 21 Windows Client...

Page 265: ...User s Manual of XGSW 28040HP 265 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 22...

Page 266: ...settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum n...

Page 267: ...System Configuration Object Description Mode Indicates if Limit Control is globally enabled or disabled on the switchstack If globally disabled other modules may still use the underlying functionalit...

Page 268: ...the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disc...

Page 269: ...ntrol on the port or the switch 3 Click the Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This col...

Page 270: ...ot The Page includes the following fields Object Description Mode Indicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable acc...

Page 271: ...12 3 Access Management Statistics Overview Page Screenshot The Page includes the following fields Object Description Interface The interface that allowed remote host can access the switch Receive Pac...

Page 272: ...Redirect are enabled or redirects web browser to an HTTP connection when both are disabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operatio...

Page 273: ...urity Status This Page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has e...

Page 274: ...at may request Port Security services Object Description User Module Name The full name of a module that may request Port Security services Abbr A one letter abbreviation of the user module This is us...

Page 275: ...at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least th...

Page 276: ...ot The Page includes the following fields Object Description MAC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addre...

Page 277: ...o block intruder on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping...

Page 278: ...HCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHC...

Page 279: ...een Page Screenshot Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds It will use the last entry of the currently displayed table as a basi...

Page 280: ...Global IP Source Guard All configured ACEs will be lost when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on...

Page 281: ...urce Guard Table The Static IP Source Guard Table screen in Figure 4 12 11 appears Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The Page includes the following fields Object Desc...

Page 282: ...vices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This Page provides ARP Inspection re...

Page 283: ...k VLAN is disabled When the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting And the setting of Check VLAN is enabled the log type of ARP Inspection will...

Page 284: ...llowing fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allow...

Page 285: ...ss of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no...

Page 286: ...for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by c...

Page 287: ...owest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displ...

Page 288: ...Inspection Table Screenshot Navigating the ARP Inspection Table Each Page shows up to 99 entries from the Dynamic ARP Inspection table default being 20 selected through the entries per Page input fiel...

Page 289: ...dates the table starting with the entry after the last entry currently displayed 4 13 4 Dynamic IP Source Guard Table Entries in the Dynamic IP Source Guard Table are shown on this Page The Dynamic IP...

Page 290: ...he button to start over The Page includes the following fields Object Description Port The port number for which the status applies Click the port number to see the status for this particular port VLA...

Page 291: ...store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing e...

Page 292: ...erefore the default TTL is 4 30 120 seconds Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least th...

Page 293: ...wn in the LLDP neighbours table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field Both the CDP and LLDP support system cap...

Page 294: ...owing fields Fast start repeat count Object Description Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect...

Page 295: ...count it is possible to specify the number of times the fast start transmission would be repeated The recommended value is 4 times given that 4 LLDP frames with a 1 second interval will be transmitte...

Page 296: ...Datum NAD83 MLLW NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referenc...

Page 297: ...Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consis...

Page 298: ...e multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description Delete Check to delete the policy It will be deleted during the next save Policy ID ID...

Page 299: ...ing conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network pol...

Page 300: ...ributes for the same network policies based on the authenticated user identity or port configuration Object Description Port The port number for which the configuration applies Policy ID The set of po...

Page 301: ...vice Class is defined to build upon the capabilities defined for the previous Endpoint Device Class Fore example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also...

Page 302: ...es that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management L...

Page 303: ...pplication type is using a tagged or an untagged VLAN Can be Tagged ot Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1...

Page 304: ...creen in Figure 4 14 4 appears Figure 4 14 4 LLDP Neighbor Information Page Screenshot The Page includes the following fields Object Description Local Port The port on which the LLDP frame was receive...

Page 305: ...ement This could for instance hold the neighbor s IP address Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every...

Page 306: ...Frames The number of LLDP frames received on the port Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch...

Page 307: ...ttons Click to refresh the Page immediately Clears the local counters All counters including global counters are cleared upon reboot Auto refresh Check this box to refresh the Page automatically Autom...

Page 308: ...issues The Managed Switch transmit ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests on copper ca...

Page 309: ...ckets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears Figure 4 15 1 ICMP Ping Page Screenshot The Page includes the following fields Object Description IP Address...

Page 310: ...he Page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Egress Interface...

Page 311: ...reception of a reply The Page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Figure 4 15 3 Remote IP Ping T...

Page 312: ...ompleted the Page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and...

Page 313: ...r Open Open pair Short Shorted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross p...

Page 314: ...installation of cameras or WLAN AP more easily and efficiently Figure 4 16 1 Power over Ethernet Status 4 16 1 Power over Ethernet Powered Device 3 5 Watts Voice over IP phones Enterprise can install...

Page 315: ...supply unit over the LAN infrastructure to powered devices PDs which are connected to ports Under some conditions the total output power required by PDs can exceed the maximum available power provide...

Page 316: ...power limit mode It is hardware limited Allocation mode In this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port PD is specified in th...

Page 317: ...E port provided power to the PDs XGSW 28040HP available maximum value is 440 Temperature Threshold Allows setting over temperature protection threshold value It system temperature was over it then sys...

Page 318: ...Interval Configuration Screenshot The PoE port will start up after the whole system program has finished running The page includes the following fields Object Description Sequential Power up Option Al...

Page 319: ...on Screenshot The page includes the following fields Object Description PoE Mode There are three modes for PoE mode Enable enable PoE function Disable disable PoE function Schedule enable PoE function...

Page 320: ...when total power consumption has been over total power budget In this case the port with the lowest priority will be turn off and offer power for the port of higher priority Power Allocation It can l...

Page 321: ...User s Manual of XGSW 28040HP 321 Figure 4 16 5 PoE Status Screenshot...

Page 322: ...the total watts usage of Managed PoE Switch Local Port This is the logical port number for this row PD Class Displays the class of the PD attached to the port as established by the classification pro...

Page 323: ...mental protection on the Earth the Managed PoE switch can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disabl...

Page 324: ...file mode Possible profiles are Profile1 Profile2 Profile3 Profile4 Week Day Allows user to set week day for defining PoE function should be enabled on the day Start Hour Allows user to set what hour...

Page 325: ...hedule Buttons click to add new rule Click to apply changes Check to delete the entry 4 16 8 LLDP PoE Neighbours This page provides a status overview for all LLDP PoE neighbors The displayed table con...

Page 326: ...Once the PD stops working and without response the XGSW 28040HP PoE Switch is going to restart PoE port port power and bring the PD back to work It will greatly enhance the reliability and reduces adm...

Page 327: ...ll be reset Action Allows user to set which action will be apply if the PD witout any response WGSW 48040HP PoE Switch offers 3 actions as following PD Reboot It menas system will reset the PoE port t...

Page 328: ...328 4 16 10 Port Power Consumption This page allows user to see the usage of individual PoE Port The screen in Figure 4 16 10 appears Figure 4 16 10 Port Power Consumption Screenshot Buttons Click to...

Page 329: ...ction that provides loop protection to prevent broadcast loops in Managed Switch 4 17 1 Configuration This Page allows the user to inspect the current Loop Protection configurations and possibly chang...

Page 330: ...port Valid values are 0 to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart Port Configuration Object Description Port The switch port number of the port Enabl...

Page 331: ...itch port number of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current...

Page 332: ...plementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alert...

Page 333: ...the output packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the s...

Page 334: ...ing and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be com...

Page 335: ...ion of the event the possible types are none The total number of octets received on the interface including framing characters log The number of uni cast packets delivered to a higher layer protocol s...

Page 336: ...8 5 RMON Event Overview Page Screenshot The Page includes the following fields Object Description Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry LogT...

Page 337: ...port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds f...

Page 338: ...dcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that we...

Page 339: ...tly displayed 4 18 7 RMON Statistics Configuration Configure RMON Statistics table on this Page The entry index key is ID screen in Figure 4 18 8 appears Figure 4 18 8 RMON Statistics Configuration Pa...

Page 340: ...hich packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of packets includ...

Page 341: ...umber of packets including bad packets received that were between 256 to 511 octets in length 512 1023 The total number of packets including bad packets received that were between 512 to 1023 octets i...

Page 342: ...and two ports should be assigned as the member ports in the ERPS Only one switch in the Ring group would be set as the RPL owner switch in which one port called owner port would be blocked and PRL nei...

Page 343: ...here as screen in Figure 4 19 1 is shown below Figure 4 19 1 MEP configuration page screenshot The page includes the following fields Object Description Delete This box is used to mark an MEP for dele...

Page 344: ...monitoring egress traffic on Residence Port Residence Port The port where MEP is monitoring see Direction Level The MEG level of this MEP Flow Instance The MEP is related to this flow See Domain Tagge...

Page 345: ...uration page screenshot The page includes the following fields Instance Data Object Description MEP Instance The ID of the MEP Domain See help on MEP create WEB Mode See help on MEP create WEB Directi...

Page 346: ...ed for this MEP cMEP Fault Cause indicating that a CCM is received with an MEP ID different from all Peer MEP ID configured for this MEP cAIS Fault Cause indicating that AIS PDU is received cLCK Fault...

Page 347: ...eriod as described in Y 1731 This value has the following uses The transmission rate of the CCM PDU Fault Cause cLOC is declared if no CCM PDU has been received within 3 5 periods see cLOC Fault Cause...

Page 348: ...lue for this last octet is 01 and the usage of other values is for further study Buttons Click to go to Fault Management page Click to go to Performance Monitor page Click to refresh the page immediat...

Page 349: ...terconnected sub ring without virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 APS MEP is associated with this instance Ring Type Type of Protecti...

Page 350: ...SF MEP See help on ERPS create WEB Port 1 SF MEP See help on ERPS create WEB Port 0 APS MEP See help on ERPS create WEB Port 1 APS MEP See help on ERPS create WEB Ring Type Type of Protected ring It c...

Page 351: ...the traffic channel is restored to the working transport entity i e blocked on the RPL In Non Revertive mode the traffic channel continues to use the RPL if it is not failed after a protection switch...

Page 352: ...timeout in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is not received from the other end Port 0 Block Status Block status for Port 0 Both traffic and R AP...

Page 353: ...shot The page includes the following fields Object Description All Switch Numbers Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 Number ID The switch wh...

Page 354: ...Switch ID Port MEP ID RPL Type VLAN Group Port 1 1 None 3001 Switch 1 Port 2 2 Owner 3001 Port 1 4 None 3001 Switch 2 Port 2 3 Neighbour 3001 Port 1 6 None 3001 Switch 3 Port 2 5 None 3001 Table 4 2 E...

Page 355: ...itch 2 directly don t connect to port 1 2 Log in on the Switch 2 and click Ring Ring Wizard Set All Switch Number 3 and Number ID 2 click Next button to set the ERPS configuration for Switch 2 Set MEP...

Page 356: ...gether in the ring topology before configuring the end of ERPS Follow the configuration or ERPS wizard to connect the Switch 1 2 3 together to establish ERPS application MEP2 MEP3 Switch1 Port2 Switch...

Page 357: ...s packet comes in then this packet will be filtered Thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Sto...

Page 358: ...tically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both dev...

Page 359: ...ed Source Equipment PSE and the Powered Device PD The PSE is either an End Span or a Mid Span while the PD is a PoE enabled terminal such as IP Phones Wireless LAN etc Power can be delivered over data...

Page 360: ...rnet pairs are transformer coupled at each end it is possible to apply DC power to the center tap of the isolation transformer without upsetting the data transfer In this mode of operation the pair on...

Page 361: ...f the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cab...

Page 362: ...nd the scope of this standard A 3 10 100Mbps 10 100Base TX When connecting your Switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the Swi...

Page 363: ...hite Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 2 3 4 5 6 7...

Page 364: ...the manual ACL configuration ACL Access Control List The web Page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on o...

Page 365: ...al in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for hig...

Page 366: ...ng data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both encip...

Page 367: ...represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the four...

Page 368: ...is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even wh...

Page 369: ...culties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X IEEE 802 1X is an IEEE standard for port based Net...

Page 370: ...et Protocol address and this IP address is used to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has...

Page 371: ...connectivity in the network Can be used as a switch criteria by EPS M MAC Table Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC ad...

Page 372: ...twork Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplie...

Page 373: ...onal TLVs is disabled the corresponding information is not included in the LLDP frame OUI OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a ven...

Page 374: ...rward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail on the server and for organizing it in folders on the...

Page 375: ...a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and d...

Page 376: ...ervers for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Micro...

Page 377: ...or setting up each switch to perform shortest path forwarding within the stack SSID Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attac...

Page 378: ...essage or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reasse...

Page 379: ...Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that...

Page 380: ...N ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN...

Page 381: ...nterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed compu...

Page 382: ...A1 2009 A2 2009 EN 61000 3 3 2008 EN 55024 2010 EN 61000 4 2 2009 EN 61000 4 3 2006 A1 2008 A2 2010 EN 61000 4 4 2010 2012 EN 61000 4 5 2006 EN 61000 4 6 2009 EN 61000 4 8 2010 EN 61000 4 11 2004 Res...

Reviews:

No comments

Brands by name

Popular brands

Load more brands