manualshive.com logo in svg

Tripp Lite NGI-M05-C1, Owner'S Manual, Page: 165 / 254

Share
Download
Tripp Lite NGI-M05-C1 Owner'S Manual Download Page 165

 

165 

 

 

7.

 

Security 

7.1.

 

IP Source Guard 

IP Source Guard is a security feature that restricts IP traffic on un-trusted Layer 2 ports by 

filtering traffic based on the DHCP snooping binding database or manually configured IP 

source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof 

and use the IP address of another host. Any IP traffic coming into the interface with a 

source IP address other than that assigned (via DHCP or static configuration) will be 

filtered out on the un-trusted Layer 2 ports. 

 

The IP Source Guard feature is enabled in combination with the DHCP snooping feature 

on un-trusted Layer 2 interfaces. It builds and maintains an IP source binding table that is 

learned by DHCP snooping or manually configured (static IP source bindings). An entry 

in the IP source binding table contains the IP address and the associated MAC and VLAN 

numbers. The IP Source Guard is supported on Layer 2 ports only, including access and 

trunk ports. 

 

The IP Source Guard features include below functions: 

1.

 

DHCP Snooping. 

2.

 

DHCP Binding table. 

3.

 

ARP Inspection. 

4.

 

Blacklist Filter. (arp-inspection mac-filter table) 

 

 

7.1.1.

 

DHCP Snooping 

DHCP snooping is a DHCP security feature that provides network security by filtering un-

trusted  DHCP messages and by building and maintaining a DHCP snooping binding 

database, which is also referred to as a DHCP snooping binding table. 

 

DHCP snooping acts like a firewall between un-trusted hosts and DHCP servers. You can 

use DHCP snooping to differentiate between un-trusted interfaces connected to the end 

user and trusted interfaces connected to the DHCP server or another switch. 

 

The DHCP snooping binding database contains the MAC address, the IP address, the lease 

time, the binding type, the VLAN number, and the interface information that corresponds 

to the local un-trusted interfaces of a switch. 

 

When a switch receives a packet on an un-trusted interface and the interface belongs to a 

VLAN in which DHCP snooping is enabled, the switch compares the source MAC address 

and the DHCP client hardware address. If addresses match (the default), the switch 

forwards the packet. If the addresses do not match, the switch drops the packet. 

 

The switch drops a DHCP packet when one of these situations occurs: 

 

A packet from a DHCP server, such as a DHCPOFFER, DHCPACK, DHCPNAK, 

or DHCPLEASEQUERY packet, is received from the un-trusted port. 

Summary of Contents for NGI-M05-C1

Page 1: ...nstallation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communication...

Page 2: ...l object to the terminals Do not stack the chassis on any other equipment If the chassis falls it can cause severe bodily injury and equipment damage An exposed wire lead from a DC input power source...

Page 3: ...sure that the system remains stable The following guidelines are provided to ensure your safety This unit should be mounted at the bottom of the rack if it is the only unit in the rack When mounting t...

Page 4: ...ocation and users and service people who are authorized within the restricted access location are made aware of the hazard A restricted access area can be accessed only through the use of a special to...

Page 5: ...4 4 CLI COMMAND CONCEPT 24 4 5 MANAGEMENT VIA INTERNET BROWSER INTERFACE 26 4 6 SYSTEM INFORMATION 27 4 6 1 CLI CONFIGURATION 27 4 6 2 WEB CONFIGURATION 28 5 BASIC SETTINGS 30 5 1 SYSTEM SETTINGS 30 5...

Page 6: ...FIGURATION 61 6 1 1 1 2 WEB CONFIGURATION 61 6 1 1 2 IP DIFFSERV DSCP 63 6 1 1 2 1 CLI CONFIGURATION 64 6 1 1 2 2 WEB CONFIGURATION 65 6 1 1 3 PRIORITY QUEUE MAPPING 66 6 1 1 3 1 CLI CONFIGURATION 66...

Page 7: ...2 1 2 WEB CONFIGURATIONS 97 6 3 2 2 TAG SETTINGS 99 6 3 2 2 1 CLI CONFIGURATIONS 99 6 3 2 2 2 WEB CONFIGURATIONS 100 6 3 2 3 PORT SETTINGS 101 6 3 2 3 1 CLI CONFIGURATIONS 101 6 3 2 3 2 WEB CONFIGURAT...

Page 8: ...IONS 149 6 11 2 WEB CONFIGURATIONS 150 6 12 STP RSTP 152 6 12 1 GENERAL SETTINGS 157 6 12 1 1 CLI CONFIGURATIONS 157 6 12 1 2 WEB CONFIGURATIONS 158 6 12 2 PORT PARAMETERS 159 6 12 2 1 CLI CONFIGURATI...

Page 9: ...ONFIGURATIONS 194 7 3 2 2 WEB CONFIGURATIONS 195 7 4 PORT SECURITY 197 7 4 1 CLI CONFIGURATIONS 197 7 4 2 WEB CONFIGURATIONS 198 8 MONITOR 199 8 1 ALARM 199 8 1 1 CLI CONFIGURATIONS 199 8 1 2 WEB CONF...

Page 10: ...B CONFIGURATIONS 221 9 1 3 3 SNMPV3 VIEW 222 9 1 3 3 1 CLI CONFIGURATIONS 222 9 1 3 3 2 WEB CONFIGURATIONS 222 9 2 AUTO PROVISION 223 9 2 1 CLI CONFIGURATIONS 224 9 2 2 WEB CONFIGURATIONS 225 9 3 MAIL...

Page 11: ...GURATIONS 243 9 7 2 2 WEB CONFIGURATIONS 243 9 7 3 ONVIF 245 9 7 3 1 CLI CONFIGURATIONS 245 9 7 3 2 WEB CONFIGURATIONS 245 9 8 TOPOLOGY MAP 247 9 8 1 BACKGROUND CONFIGURATION 249 9 8 2 CLIENT SWITCH M...

Page 12: ...ance managed Industrial networks The switch is complied with 4 10 100 1000Base T copper ports to deliver gigabit performance for most demanding industrial applications Two gigabit fiber slots of the s...

Page 13: ...g based VLAN Auto MDI MDI X Network Management Command Line Interface Telnet Web GUI SNMP v1 v2c Management VLAN System log Firmware Upgradable Configuration Upload Download LED SNMP trap and email al...

Page 14: ...pport Reverse polarity protection Support Relay output One with current carrying capacity of 1 A 24VDC System power consumption 10W Mechanical Dimension WxHxD 31 x 136 x 109 5 mm 1 22 x 5 36 x 4 31 in...

Page 15: ...atic MDI MDI X crossover detection that gives true plug and play capability just plug the network cables into the ports and the ports will adjust according to the end node devices The following are re...

Page 16: ...into position to ensure that it is properly seated Check the corresponding port LED on the Switch to be sure that the connection is valid Refer to the LED chart 3 2 Installation The location chosen f...

Page 17: ...working device and check the LED status to confirm the connection is established DIN Rail Installation The NGI M05 C1 has a DIN rail bracket on the back of the Switch Location The NGI M05 C1 can be DI...

Page 18: ...ice is installed in a restricted access location it has a separate protective earthing terminal on the chassis that must be permanently connected to earth ground to adequately ground the chassis and p...

Page 19: ...k the voltage of your power source to make sure that you are using the correct voltage DO NOT use a voltage greater than what is specified on the product label Calculate the maximum possible current i...

Page 20: ...ce Check the front panel LEDs as the device is powered on to verify that the Power LED is lit If not check that the power cable is correctly and securely plugged in Notice Turn off the power before co...

Page 21: ...PWR RPS fails or not available Off No power lost or DIP function is disabled 10 100 1000 Mbps Green Illuminated Copper port speeds at 1000Mbps Off Copper port speeds at 10 100Mbps LNK ACT Green Illum...

Page 22: ...22 OFF Primary power alarm reporting is disabled 2 RPS ON Redundant power alarm reporting is enabled OFF Redundant power alarm reporting is disabled...

Page 23: ...ne of the Ethernet ports Open a Telnet session to the Switch s IP address If this is your first login use the default values Default Management IP Address Setting Default Value IP Address 192 168 0 25...

Page 24: ...interface show This command displays the current port configurations acl show This command displays the current access control profile vlan show This command displays the current VLAN configurations T...

Page 25: ...Ethernet ports L2SWITCH config interface gigaethernet1 0 5 L2SWITCH config if vlan Its command prompt is L2SWITCH config vlan It means these commands can be executed in this command prompt In Configu...

Page 26: ...e factory default IP address for the Switch A login dialog is displayed as shown in the figure Parameter Description User ID Enter the user name Password Enter the password Enter your user name passwo...

Page 27: ...0 information enable show model This command will display information of switch like vendor product mac address serial boot code firmware version etc enable show running config This command displays t...

Page 28: ...el name of the Switch Host name This field displays the name of the Switch Boot Code Version This field displays the boot code version Firmware Version This field displays the version of the firmware...

Page 29: ...field displays the total memory the Switch has and the memory which is currently available Free and occupied Usage Current Time This field displays current date yyyy mm dd and time hh mm ss System Upt...

Page 30: ...0 Default Gateway is 0 0 0 0 Management VLAN is 1 5 1 1 1 CLI Configuration Node Command Description enable show interface eth0 This command displays the eth0 configurations enable configure terminal...

Page 31: ...ew Use DHCPv6 client to get an IP address from DHCPv6 server next_restart The settings will take effect on next system restart Example The procedures to configure an IP address for the Switch To enter...

Page 32: ...server Click Renew to have the Switch re get an IP address from the DHCP server Select Disable if you want to configure the Switch s IP address manually IP Address Configures an IPv4 address for your...

Page 33: ...HCP server Select Disable if you want to configure the Switch s IP address manually Global Address Configure a global IPv6 address for the Switch Default Gateway Set Set an IPv6 default gateway for th...

Page 34: ...6 5 1 2 1 CLI Configuration Node Command Description enable show jumboframe This command displays the current jumbo frame settings enable configure terminal This command changes the mode to config mod...

Page 35: ...time the Switch will adjust the time with the time zone configuration and then configure the time to the Switch 3 If the time server s IP address is not configured the Switch will not send any SNTP re...

Page 36: ...This command sets the end time of the Daylight Saving Time configure time ntp server disable enable This command disables enables the NTP server state configure time ntp server IP_ADDRESS This command...

Page 37: ...enter the system date and time manually New Time Enter the new date in year month and day format and time in hour minute and second format The new date and time then appear in the Current Date and Cu...

Page 38: ...ent 1 A M GMT or UTC So in the European Union you would select Last Sunday March and the last field depends on your time zone In Germany for instance you would select 2 00 because Germany s time zone...

Page 39: ...ters the eth0 interface node to configure the system configurations eth0 management host This command configures a static IP and subnet mask for the system eth0 show The command displays the all of th...

Page 40: ...cription Management Host Settings Management Host This field configures a management host in dotted decimal notation For example 192 168 0 254 Subnet Mask This field configures the number of mask bit...

Page 41: ...elong to a VLAN group sends a packet which is forwarded to a port on the Switch the MAC address of the device is shown on the Switch s MAC Table It also shows whether the MAC address is dynamic learne...

Page 42: ...his may reduce the need for broadcasting 5 2 1 1 CLI Configuration Node Command Description enable show mac address table static dynamic This command displays the current static dynamic unicast addres...

Page 43: ...take effect the settings Refresh Click Refresh to begin configuring this screen afresh Static MAC Table MAC Address This field displays the MAC address of a manually entered MAC address entry VLAN ID...

Page 44: ...pecific port enable configure terminal This command changes the node to configure node configure clear mac address table dynamic This command clears the dynamic address entries 5 2 2 2 Web Configurati...

Page 45: ...ry Port Trunk ID This field displays the port number Trunk ID the MAC address entry is associated It displays CPU if it is the entry for the Switch itself The CPU means that it is the Switch s MAC Tot...

Page 46: ...ing time The range is 20 to 500 or 0 disable Example L2SWITCH config mac address table aging time 200 Success L2SWITCH show mac address table aging time The mac address table aging time is 200 sec 5 2...

Page 47: ...t Mirror function is enabled the Monitor to Port can receive mirrored packets only 4 If a port has been configured as a source port and then user configures the port as a destination port the port wil...

Page 48: ...in this field apply to all ports Use this field only if you want to make some settings the same for all ports Use this field first to set the common settings and then make adjustments on a port by por...

Page 49: ...49 Refresh Click Refresh to begin configuring this screen afresh...

Page 50: ...y to determine whether the device is working right or as a way to pin down a failing node in a network One type of loopback test is performed using a special plug called a wrap plug that is inserted i...

Page 51: ...d later The Switch uses IEEE802 3x flow control in full duplex mode and backpressure flow control in half duplex mode IEEE802 3x flow control is used in full duplex mode to send a pause signal to the...

Page 52: ...is command enables the specific port configure interface range gigabitethernet1 0 PORTLISTS This command enters the if range configure node if range shutdown This command disables the specific ports i...

Page 53: ...53 1000 full 1000Mbps Full duplex force mode 1000 full n 1000Mbps Full duplex auto negotiation mode...

Page 54: ...Full Duplex 10 Mbps Full Duplex Nway 10 Mbps Half Duplex 10 Mbps Half Duplex Nway 100 Mbps Full Duplex 100 Mbps Full Duplex Nway 100 Mbps Half Duplex 100 Mbps Half Duplex Nway 1000 Mbps Full Duplex 10...

Page 55: ...e terminal This command changes the node to configure node configure interface IFNAME This command enters the interface configure node interface show This command displays the current port configurati...

Page 56: ...on Port Settings Port Select a port or a range ports you want to configure on this screen Description Configures a meaningful name for the port s Alias Configures an alias for the port s Apply Click A...

Page 57: ...tatus The field displays the detail port status if the port is blocked by some protocol Uptime The sustained time from last link up Medium Mode The current working medium mode copper or fiber for the...

Page 58: ...e Switch supports 802 1p priority queuing The Switch has 8 priority queues These priority queues are numbered from 7 Class 7 the highest priority queue to 0 Class 0 the lowest priority queue The eight...

Page 59: ...ntrol Information TCI 16 bits 3 bits 1 bit 12 bits TPID 0x8100 Priority CFI VID Tag Protocol Identifier TPID a 16 bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802 1Q ta...

Page 60: ...ved for management Priority Levels PCP Priority Code Point PCP Network Priority Traffic Characteristics 1 0 lowest Background 0 1 Best Effort 2 2 Excellent Effort 3 3 Critical Applications 4 4 Video 1...

Page 61: ...ll be used to determine which of the hardware priority queues the packet is forwarded to Default 0 interface no default priority This command configures the default priority 0 for the specific port 6...

Page 62: ...62 Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh...

Page 63: ...is assigned to a programmable egress queue based on the value of the tagged priority The tagged priority can be designated to any of the available queues Version IHL Type of Service Total Length Ident...

Page 64: ...I ARPANET SATNET and PRNET is given in Service Mappings The Network Control precedence designation is intended to be used within a network only The actual use and control of that designation is up to...

Page 65: ...Over Tag Tag Over DSCP means the 802 1p tag has higher priority than DSCP Priority This field displays each priority level The values range from 0 lowest priority to 7 highest priority Apply Click Ap...

Page 66: ...figures the 802 1p priority mapping to the service queue to default Example L2SWITCH config queue cos map 0 1 Success L2SWITCH config queue cos map 1 2 Success L2SWITCH config queue cos map 2 3 Succes...

Page 67: ...riority to queue mappings to the defaults Priority This field displays each priority level The values range from 0 lowest priority to 7 highest priority Queue ID Select the number of a queue for packe...

Page 68: ...ed only when a port has more traffic than it can handle Queues with larger weights get more service than queues with smaller weights This queuing mechanism is highly efficient in that it divides any a...

Page 69: ...ription Schedule Mode Settings Schedule Mode Select High First SPQ or Weighted Round Robin WRR Note Queue weights can only be changed when Weighted Round Robin is selected High First SPQ Strict Priori...

Page 70: ...he total number of the selected type of packets For example if the broadcast and multicast options are selected the total amount of packets per second for those two types will not exceed the limit val...

Page 71: ...71 configure no storm control type broadcast multicast DLF ports PORTLISTS This command disables the bandwidth limit for broadcast or multicast or DLF packets...

Page 72: ...e Type field per second the Switch can receive per second Type Select Broadcast to specify a limit for the amount of broadcast packets received per second Multicast to specify a limit for the amount o...

Page 73: ...th limit egress 0 62500 ports PORTLISTS This command enables the bandwidth limit for outgoing packets and set the limitation configure no bandwidth limit egress ports PORTLISTS This command disables t...

Page 74: ...s Port Selects a port that you want to configure Ingress Configures the rate limitation for the ingress packets Egress Configures the rate limitation for the egress packets Apply Click Apply to take e...

Page 75: ...Switch The Switch can perform IGMP snooping on up to 4094 VLANs You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on t...

Page 76: ...76 global state is enabled user must enable per VLAN states to enable the IGMP Snooping on the specific VLAN...

Page 77: ...TS This command enables the IGMP snooping function on a VLAN or range of VLANs configure no igmp snooping vlan VLANLISTS This command disables the IGMP snooping function on a VLAN or range of VLANs co...

Page 78: ...IGMP snooping Unknown Multicast Packets Specify the action to perform when the Switch receives an unknown multicast frame Select Drop to discard the frame s Select Flooding to send the frame s to all...

Page 79: ...sage from a subscriber on a receiver port it sends out an IGMP specific query on that port and waits for IGMP group membership reports If no reports are received in a configured time period the receiv...

Page 80: ...uto configure interface range gigabitethernet1 0 POR TLISTS This command enters the if range configure node if range igmp immediate leave This command enables the IGMP Snooping immediate leave functio...

Page 81: ...s the Switch does not use the port as an IGMP query port In this case the Switch does not keep a record of an IGMP router being connected to this port and the Switch does not forward IGMP join or leav...

Page 82: ...82 Immediate Leave The Immediate Leave setting for the specific port Group Limit The current joining group count and the maximum group count...

Page 83: ...mine membership information A General Query is addressed to the all systems multicast group 224 0 0 1 has a Group Address field of 0 and has a Max Response Time of Query Response Interval 6 2 1 3 1 CL...

Page 84: ...e in a vlan or a range of vlan Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh Querier Status State This filed indicates the current global...

Page 85: ...ltering enable disable This command enables disables the IGMP snooping filtering profiles on the Switch configure igmp snooping filtering profile STRING This command creates a filtering profile and en...

Page 86: ...profile Type The field configures the type of action for the profile Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh IGMP Filtering Status P...

Page 87: ...STRING This command creates a filtering profile and enters the IGMP snooping filtering profiles configuration node config igmp Group GROUP_ID start address START ADDR end address END ADDR This comman...

Page 88: ...ations enable configure terminal This command changes the node to configure node configure interface IFNAME This command enters the interface configure node interface igmp snooping filtering profile S...

Page 89: ...le This field selects the profile which you want to activate on the ports Activate on Ports Selects the ports which you want to activate the IGMP Filtering profile Apply Click Apply to take effect the...

Page 90: ...dress space This means that there is ambiguity in delivering packets If two hosts on the same subnet each subscribe to a different multicast group whose address differs only in the first 5 bits Ethern...

Page 91: ...dress Used to send EIGRP routing information to all EIGRP routers on a network segment 224 0 0 13 PIM Version 2 Protocol Independent Multicast 224 0 0 18 Virtual Router Redundancy Protocol 224 0 0 19...

Page 92: ...2 Web Configuration Parameter Description Static Multicast Address Settings VLAN ID Configures the VLAN that you want to configure Group IP Configures the multicast group IP address Source IP Configur...

Page 93: ...rt Example If you want to allow port 1 and port 3 to talk to each other you must configure as below L2SWITCH config interface 1 0 1 L2SWITCH config if port isolation ports 3 L2SWITCH config if exit Al...

Page 94: ...port means it will communicate with the port currently being configured Select All Deselect All Click Select All to mark all ports as egress ports and permit traffic Click Deselect All to unmark all p...

Page 95: ...ithin the type length field of the Ethernet frame and two bytes of TCI Tag Control Information starts after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a singl...

Page 96: ...ows that it is a member of a subnet and that the device should be able to talk to all other members of the subnet by simply sending information to the cable segment The switch is responsible for ident...

Page 97: ...dds a port or a range of ports to the VLAN vlan fixed PORTLISTS This command assigns ports for permanent member of the VLAN vlan no fixed PORTLISTS This command removes all fixed member from the VLAN...

Page 98: ...te multiple port numbers individually by using a comma and by range with a hyphen Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh VLAN List...

Page 99: ...t VLAN configurations vlan tagged PORTLISTS This command assigns ports for tagged member of the VLAN group The ports should be one some of the permanent members of the VLAN vlan no tagged PORTLISTS Th...

Page 100: ...mitted with the VLAN ID Select All Click Select All to mark all member ports as tag ports Deselect All Click Deselect All to mark all member ports as untag ports Apply Click Apply to take effect the s...

Page 101: ...tagged acceptable tagged frame only untagged acceptable untagged frame only interface pvid 1 4094 This command configures a VLAN ID for the port default VLAN ID interface no pvid This command configu...

Page 102: ...or tagged frames on this port This is the default setting Select VLAN Tagged Only to accept only tagged frames on this port All untagged frames will be dropped Select VLAN Untagged Only to accept onl...

Page 103: ...1Q port base VLAN should be created first 6 3 3 1 CLI Configurations Node Command Description enable show mac vlan This command displays the all of the mac vlan configurations enable configure termin...

Page 104: ...onfigures the leading three or more bytes of the MAC address VLAN Configures the VLAN Priority Configures the 802 1Q priority Apply Click Apply to take effect the settings Refresh Click Refresh to beg...

Page 105: ...networks Thus service providers can create their own VLANs without interfering with customer VLANs by using double tagging This allows them to connect customers to ISPs and ASPs Application Service P...

Page 106: ...AN ID Len or Etype Length or Ethernet frame type Data Frame data FCS Frame Check Sequence VLAN Stacking Port Roles Each port can have three VLAN stacking roles Normal Access Port and Tunnel Port Selec...

Page 107: ...This command disable the vlan stacking or enable the vlan stacking with port based or selective on the switch configure vlan stacking tpid table index 2 6 value STRINGS This command configures TPID ta...

Page 108: ...e The TPID table has 6 entries Tunnel TPID Index Selects the table index Tunnel TPID Index Selects the table index Configures the Port TPID Port Selects a port or a range of ports which you want to co...

Page 109: ...g for their VLAN group The service provider can separate these two VLANs within its network by adding tag 100to distinguish customer X and tag 200todistinguish customer Y at edge device A and then str...

Page 110: ...nel tpid index 2 L2SWITCH config interface gigaethernet1 0 5 L2SWITCH config if vlan stacking port based role access L2SWITCH config if vlan stacking spvid 100 L2SWITCH config if vlan stacking priorit...

Page 111: ...ts the priority in port based Q in Q if range vlan stacking port based role tunnel access normal This command sets VLAN stacking port role if range vlan stacking port based spvid 1 4096 This command s...

Page 112: ...112 Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh Action Click Delete to delete the MAC VLAN profile...

Page 113: ...the switch this sequence of events occurs The host DHCP client generates a DHCP request and broadcasts it on the network When the switch receives the DHCP request it adds the option 82 information in...

Page 114: ...ng format And its maximum length is 100 characters The keyword SPACE will be replaced with a space character The other keywords get system configurations from the system and then replace the keyword a...

Page 115: ...Description enable show dhcp options This command displays the DHCP options configurations enable configure terminal This command changes the node to configure node configure dhcp options option82 di...

Page 116: ...the Switch Circuit Frame The frame ID for the circuit sub option Circuit Shelf The shelf ID for the circuit sub option Circuit Slot The slot ID for the circuit sub option Circuit ID String The String...

Page 117: ...the specific port Remote ID String The String of the remote ID sub option information for the specific port Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring th...

Page 118: ...re are some circumstances where unicast addresses will be used A router for such a subnet receives the DHCP broadcasts converts them to unicast with a destination MAC IP address of the configured DHCP...

Page 119: ...N member ports The DHCP Relay in management VLAN should be enabled 6 5 1 CLI Configurations Node Command Description enable show dhcp relay This command displays the current configurations for the DHC...

Page 120: ...WITCH config dhcp relay enable L2SWITCH config dhcp relay vlan 1 L2SWITCH config dhcp helper address 172 20 1 1 6 5 2 Web Configurations Parameter Description DHCP Relay Settings State Enables disable...

Page 121: ...lace its primary connection by the secondary one to connect with the Internet If in any situation the secondary connection also link down device will do nothing Secondary connection only works when pr...

Page 122: ...122...

Page 123: ...e port or a trunk group configure no dual homing primary channel This command removes the dual homing primary channel for the system configure dual homing secondary channel port trunk VALUE This comma...

Page 124: ...you want to configure Group State Enables disables the Dual Homing for a group Primary channel Configures Resets the primary channel for a group The channel can be single port or a trunk group Seconda...

Page 125: ...125 Refresh Click Refresh to begin configuring this screen afresh...

Page 126: ...o upper layer protocols and applications Notice This feature is for Ethernet copper ports only 6 7 1 CLI Configurations Node Command Description enable show interface IFNAME This command displays the...

Page 127: ...3az Energy Efficient Ethernet across all ports Deselect All Click this to disable IEEE 802 3az Energy Efficient Ethernet across all ports Apply Click Apply to take effect the settings Refresh Click Re...

Page 128: ...ocking its end of the RPL The Ethernet rings could support a multi ring ladder network that consists of conjoined Ethernet rings by one or more interconnection points The protection switching mechanis...

Page 129: ...imer expires the ERN checks the port status If the issue still exists the failure is reported If the issue does not exist nothing is reported ERPS revertive and non revertive switching ERPS considers...

Page 130: ...to 2 rings 6 8 1 Ring Settings 6 8 1 1 CLI Configurations Node Command Description enable show erps This command displays the ERPS configurations enable configure terminal This command changes the no...

Page 131: ...ng no revertive This command configures then on revertive mode for the ERPS ring erps ring right port PORTID type owner neighbor normal This command configures the right port and type for the ERPS rin...

Page 132: ...for the ring Version Configures the version for the ring Hold off Timer Configures the Hold off time for the ring The Valid value is from 0 to 10000 ms WTR Timer Configures the WTR time for the ring T...

Page 133: ...long to the vlans in the instance are blocked 6 8 2 1 CLI Configurations Node Command Description enable show erps instance This command displays all of the ERPS instance configurations enable show er...

Page 134: ...om 1 to 31 Control VLAN Configures the control VLAN for the instance The valid value is from 1 to 4094 Data VLAN Configures the data VLAN for the instance The valid value is from 1 to 4094 It can be o...

Page 135: ...unk groups on your Switch 6 9 1 Static Trunk 6 9 1 1 CLI Configurations Node Command Description enable show link aggregation The command displays the current trunk configurations enable configure ter...

Page 136: ...logical link containing multiple ports Select Enable to use this static trunk group Load Balance Configures the load balance algorithm MAC IP for the specific trunk group Member Ports Select the ports...

Page 137: ...ing network topology loops System Priority The switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operati...

Page 138: ...or all ports configure lacp system priority 1 65535 This command configures the system priority for the LACP Note The default value is 32768 configure no lacp system priority This command configures...

Page 139: ...system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an active port using Link Aggregation Control Protocol L...

Page 140: ...LACP internal information for the specific group or all groups enable show lacp neighbor GROUP_ID This command displays the LACP neighbor s information for the specific group or all groups 6 9 3 2 Web...

Page 141: ...he available time period of the neighbor Switch LACP information Port State The direct connected port s state of the neighbor Switch Port Priority The direct connected port s priority of the neighbor...

Page 142: ...back to the same port of the Switch Loop Recovery When the loop detection is enabled the Switch will send one probe packets every two seconds and then listen this packet If it receives the packet at t...

Page 143: ...sables the recovery function on the port interface loop detection recovery time 1 60 This command configures the recovery period time configure interface range gigabitethernet1 0 PORTLISTS This comman...

Page 144: ...rt on which to configure loop detection protection State Select Enable to use the loop detection feature on the Switch Recovery State Select Enable to reactivate the port automatically after the desig...

Page 145: ...ature is enabled Status This field displays if the port is blocked Manual Recovery Clicks Unblock to reactivate the port immediately Recovery State This field displays if the loop recovery feature is...

Page 146: ...s MODBUS base address of Tripp Lite switches is 1001 decimal for Function Code 4 Address Offset Data Type Interpretation Description System Information 0x0000 1 word HEX Vendor ID 0x0b04 0x0001 16 wor...

Page 147: ...yte 0 x 01 Word 1 Hi byte 0 x 02 Word 1 Lo byte 0 x 03 Word 2 Hi byte 0 x 04 Word 2 Lo byte 0 x 05 0x0080 1 word HEX Power 1 PWR Alarm DIP switch 1 need ON 0x0000 no alarm 0x0001 input voltage 44V 0x0...

Page 148: ...Word 1 3456 0x0480 to 0x0493 port 1 to 6 2 words HEX Port 1 to 6 Tx Error Packets Ex port 1 Tx Error Packet Amount 0x87654321 Word 0 8765 Word 1 4321 0x04C0 to 0x04D3 port 1 to 6 2 words HEX Port 1 to...

Page 149: ...1 0x0000 link down 0x0001 forwarding 0x0002 blocking 0x051f 1 word HEX Secondary Port Status of Xpress ring1 0x0000 link down 0x0001 forwarding 0x0002 blocking 0x0520 1 word HEX Primary Port Status of...

Page 150: ...P on the switch 6 11 2 Web Configurations Parameter Description Modbus TCP Settings State Select this option to enable disable the Modbus on the Switch Apply Click Apply to take effect the settings Re...

Page 151: ...151 Download Clicks the Download button to download all of the regisers information to load host...

Page 152: ...ses a topology change first notifies the root bridge and then the root bridge notifies the network Both RSTP and STP flush unwanted learned addresses from the filtering database In STP the port states...

Page 153: ...ue according to the speed of the bridge the slower the media the higher the cost How STP Works After a bridge determines the lowest cost spanning tree with STP it enables the root port and the ports t...

Page 154: ...and sending data normal operation STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop Disabled Not strictly part of STP a network administra...

Page 155: ...e the root device Port Priority Set the port priority in the switch Low numeric value indicates a high priority A port with lower priority is more likely to be blocked by STP if a network loop is dete...

Page 156: ...t Guard feature receives a superior BPDU it moves the port into a root inconsistent state effectively equal to a listening state thus maintaining the current Root Bridge status The port can be moved t...

Page 157: ...ridge times forward delay max age hello time configure no spanning tree algorithm timer This command configures the default values for forward time max age hello time configure spanning tree forward t...

Page 158: ...hat would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 30 seconds Max Age This is the maximum time in seconds the Switch can wait without re...

Page 159: ...spanning tree blocked ports This command displays the spanning tree information for only blocked port s enable show spanning tree port detail PORT_ID This command displays the spanning tree informati...

Page 160: ...bpdu filter function for the specific port if range spanning tree bpduguard disable enable This command configures enables disables the bpdu guard function for the specific port if range spanning tree...

Page 161: ...ity for the specific port Edge Port Configures the port type for the specific port Edge or Non Edge BPDU Filter Enables Disables the BPDU filter function for the specific port BPDU Guard Enables Disab...

Page 162: ...e of the Discarding Blocking Listening Learning Forwarding Disabled Path Cost The port s path cost Priority The port s priority Edge Port The state of the edge function BPDU Filter The state of the BP...

Page 163: ...This Switch may also be the root bridge MAX Age This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Hello Time This is th...

Page 164: ...ot port a new root port is selected from among the Switch ports attached to the network Hello Time This is the time interval in seconds between BPDU Bridge Protocol Data Units configuration message ge...

Page 165: ...list Filter arp inspection mac filter table 7 1 1 DHCP Snooping DHCP snooping is a DHCP security feature that provides network security by filtering un trusted DHCP messages and by building and mainta...

Page 166: ...e Switch discards DHCP packets from un trusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the pa...

Page 167: ...1 4 DHCP Client 1 connect to port 3 DHCP Server connect to port 1 Procedures 1 Default environments A DHCP Client 1 ipconfig release B DHCP Client 1 ipconfig renew DHCP Client 1 can get an IP address...

Page 168: ...1 1 1 DHCP Snooping 7 1 1 1 1 CLI Configurations Node Command Description enable show dhcp snooping This command displays the current DHCP snooping configurations enable configure terminal This comman...

Page 169: ...you want the Switch to enable DHCP snooping on You can designate multiple VLANs individually by using a comma and by range with a hyphen Select Delete and enter the VLAN IDs you no longer want the Sw...

Page 170: ...lt host count is 32 interface dhcp snooping trust This command configures the trust port for the specific port interface no dhcp snooping trust This command configures the un trust port for the specif...

Page 171: ...ify its configurations Trust Configures the specific port if it is a trust port Maximum Host Count Enter the maximum number of hosts 1 32 that are permitted to simultaneously connect to a port Apply C...

Page 172: ...s are configured it means all DHCP server are valid 7 1 1 3 1 CLI Configurations Node Command Description enable show dhcp snooping server This command displays the valid DHCP server IP enable configu...

Page 173: ...one static binding If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding the new static binding replaces the original one 7 1 2 1 Static Entry 7 1 2...

Page 174: ...he settings Refresh Click Refresh to begin configuring this screen afresh Static Binding Table No This field displays a sequential number for each binding Click it to update an existing entry MAC Addr...

Page 175: ...s the dynamic bindings by snooping DHCP packets and from information provided manually in the Static Entry Settings screen 7 1 2 2 1 CLI Configurations Node Command Description enable show dhcp snoopi...

Page 176: ...ms these activities Intercepts all ARP requests and responses on untrusted ports Verifies that each of these intercepted packets has a valid IP to MAC address binding before it updates the local ARP c...

Page 177: ...re arp inspection vlan VLANLISTS This command enables the ARP Inspection function on a VLAN or range of VLANs configure no arp inspection vlan VLANLISTS This command disables the ARP Inspection functi...

Page 178: ...un trusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on un trusted ports in the following situations The sender s information in the ARP p...

Page 179: ...ARP Inspection feature Enabled or Disabled Enabled on VLAN This field displays the VLAN IDs that have ARP Inspection enabled on them This will display None if no VLANs have been set Trusted Ports Thi...

Page 180: ...ink down andARP Inspection was enabled Switch will remove the MAC filter entries learned by this port The maximum entry of the MAC address filter table is 256 When MAC address filter table of ARP Insp...

Page 181: ...egin configuring this screen afresh Filter Table No This field displays a sequential number for each MAC addressfilter MAC Address This field displays the source MAC address in the MAC addressfilter V...

Page 182: ...st priority L2 ACL Support 1 Filter a specific source MAC address Command source mac host MACADDR 2 Filter a specific destination MAC address Command destination mac host MACADDR 3 Filter a range of s...

Page 183: ...nation MAC and mask for the profile acl destination mac MACADDR MACADDR This command configures the destination MAC and mask for the profile acl destination mac MACADDR MACADDR This command configures...

Page 184: ...moves the UDP TCP destination port from the profile acl vlan 1 4094 This command configures the VLAN for the profile acl no vlan This command removes the limitation of the VLAN from the profile acl so...

Page 185: ...Destination MAC Address any Source MAC Address any Ethernet Type any Source IP Address any Destination IP Address any Source Application any Destination Application any 7 2 2 Web Configurations Param...

Page 186: ...rofile will filter the one MAC configured in Destination MAC field Source IP Configures the source IP of the packets for the profile Mask of Source IP Configures the bitmap mask of the source IP of th...

Page 187: ...urce Interface s Configures one or a rage of the source interfaces of the packets for the profile Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen a...

Page 188: ...802 1X port based authentication the supplicant provides credentials such as user name password or digital certificate to the authenticator and the authenticator forwards the credentials to the authen...

Page 189: ...02 1x port the switch assigns clients to a guest VLAN when the switch does not receive a response to its EAP request identity frame or when EAPOL packets are not sent by the client Port Parameters Adm...

Page 190: ...ceptable range for this field is 0 to 65535 seconds Server Timeout The server timeout value is used for timing out the Authentication Server Supp Timeout The supp timeout value is the initialization v...

Page 191: ...ure dot1x accounting clean This command cleans all of the accounting records configure dot1x default This command sets all of the configuration to default settings configure dot1x guest vlan 1 4094 Th...

Page 192: ...onfiguring it on each port Authentication Method Select whether to use Local or RADIUS as the authentication method The Local method of authentication uses the guest and user user groups of the user a...

Page 193: ...n dotted decimal notation UDP Port The default port of a RADIUS server for authentication is 1812 Share Key Specify a password up to 32 alphanumeric characters as the key to be shared between the exte...

Page 194: ...auto force authorized force unauthorized This command configures the port control mode on the port interface dot1x authentication disable enable This command enables disables the 802 1x authenticatio...

Page 195: ...the port when a user has not passed 802 1x port authentication Select In to drop only incoming packets on the port when a user has not passed 802 1x port authentication Re authentication Specify if a...

Page 196: ...has to wait before the next re authentication attempt This will prevent the Switch from becoming overloaded with continuous re authentication attempts from the client The acceptable range for this fie...

Page 197: ...um number of MAC addresses allowed per interface When the limit is exceeded incoming packets with new MAC addresses are dropped It can be use MAC table to check it The static MAC addresses are include...

Page 198: ...ty on the Switch Port Select a port number to configure State Select Enable Disable to permit Port Security on the port Maximum MAC The maximum number of MAC addresses allowed per interface The accept...

Page 199: ...power supply disconnect RPS ON The Switch will send alarm message when the redundant power supply disconnect 8 1 1 CLI Configurations Node Command Description enable show alarm info This command disp...

Page 200: ...nge of ports to display their statistics Rx Packets The field displays the received packet count Tx Packets The field displays the transmitted packet count Rx Bytes The field displays the received byt...

Page 201: ...Unit Select a unit for displaying the port utilization Port Select a port or a range of ports to display their RMON statistics Speed The current port speed Rx Utilization The port receiving traffic u...

Page 202: ...s the RMON statistics enable configure terminal This command changes the node to configure node configure clear rmon statistics IFNAME This command clears one port s or all ports RMON statistics 8 4 2...

Page 203: ...tions Node Command Description enable show sfp info port PORT_ID This command displaysthe SFP information enable show sfp ddmi port PORT_ID This command displaysthe SFP DDMI status 8 5 2 Web Configura...

Page 204: ...d changes the node to configure node configure traffic monitor disable enable This command enables disables the traffic monitor on the Switch configure interface IFNAME This command enters the interfa...

Page 205: ...e traffic monitor on the port bcast Broadcast packets mcast Multicast packets bcast mcast Broadcast packets and Multicast packets if range traffic monitor recovery disable enable This command enables...

Page 206: ...Recover State Enables disables the recovery function for the traffic monitor function on these ports Recovery Time Configures the recovery time for the traffic monitor function on these ports Range 1...

Page 207: ...passwords and are used to define the security parameters of SNMP clients in an SNMP v1 and SNMP v2c environments The default SNMP community is public for both SNMP v1 and SNMP v2c before SNMP v3 is e...

Page 208: ...ure snmp system name STRING This command configures a name for the system The System Name is same as the host name configure no snmp system contact STRING This command resets the contact information f...

Page 209: ...able to not use SNMP on the Switch System Name Type a System Name for the Switch The System Name is same as the host name System Location Type a System Location for the Switch System Contact Type a Sy...

Page 210: ...8 1 102 the system will reset the host ID such as 192 168 1 0 User configures the Community String and the Rights and the Network ID of Trusted Host 0 0 0 0 Subnet Mask 0 0 0 0 It means that all hosts...

Page 211: ...een the SNMP manager and the SNMP agent Rights Select Read Only to allow the SNMP manager using this string to collect information from the Switch Select Read Write to allow the SNMP manager using thi...

Page 212: ...s a password Right This field displays the community string s rights This will be Read Only or Read Write IP Version This field displays the IP type Network ID of Trusted Host This field displays the...

Page 213: ...ons including the IP address version v1 or v2c and community configure snmp trap ipv6 receiver IPADDR v1 v2c COMMUNITY This command configures the trap IPv6 receiver s configurations including the IP...

Page 214: ...tion 9 1 2 2 Event Settings The features allow users to enable disables individual trap notification alarm over heat Trap when system s temperature is too high alarm over load Trap when system is over...

Page 215: ...p trap event dying gasp disable enable This command enables disables the dying gasp trap configure snmp trap event loop detection disable enable This command enables disables the loop detection trap c...

Page 216: ...atures allow users to enable disables port link change trap notification by individual port 9 1 2 3 1 CLI Configurations Node Command Description enable show snmp port link change trap This command di...

Page 217: ...configure interface range gigabitethernet1 0 PORTLISTS This command enters the if range configure node if range snmp port link change trap This command enables the link change trap on the specific po...

Page 218: ...er Description Port Link Change Trap Settings Port Selects a port or a range of ports to configure the port event trap State Enables Disable the port link change trap Port Link Change Trap Status Port...

Page 219: ...write STRINGS notify STRINGS Configures v3 group of non authentication configure snmp group GROUPNAME auth read STRINGS write STRINGS notify STRINGS Configures v3 group of authentication configure snm...

Page 220: ...Security Model This field displays the security model of the group Always displayed v3 User based Security Model USM Security Level This field displays the security level to this group Read View These...

Page 221: ...ated and encrypted Auth Algorithm Select MD5 or SHA Algorithm when security level is auth or priv Auth Password Set the password for this user when security level is auth or priv pass phrases must be...

Page 222: ...3 3 SNMPv3 View 9 1 3 3 1 CLI Configurations Node Command Description enable show snmp view This command displays all snmp v3 view enable configure terminal This command changes the node to configure...

Page 223: ...e or doing firmware upgrade at remote side 1 When the Auto Provision is enabled the Switch will download the auto provision information file from the auto provision server first The file name is follo...

Page 224: ...otherwise wait 24 hours and go back to step 1 9 2 1 CLI Configurations Node Command Description enable show auto provision This command displays the current auto provision configurations configure aut...

Page 225: ...e protocol for file transfer Server IP The field configures the IP format The field configures the IP address of IPv4 or IPv6 User Name FTP user name Password FTP password Folder Path Configurations t...

Page 226: ...SMTP Server Outgoing Messages smtp gmail com SSL 465 smtp gmail com StartTLS 587 POP3 Server Incoming Messages pop gmail com SSL 995 Outlook com Server Authentication Port SMTP Server Outgoing Messag...

Page 227: ...STRINGS server port VALUE This command configures the mail server IP address domain name and the TCP port configure mail alarm server ip domain name STRINGS server port default This command configures...

Page 228: ...ort Specifies the TCP port for the SMTP Account Name Specifies the mail account name Account Password Specifies the mail account password Mail From Specifies the mail sender Mail To Specifies the mail...

Page 229: ...ing config URL PATH This command downloads a new copy of running configuration file from TFTP server Where URL PATH can be ftp user pass 192 168 1 1 file http 192 168 1 1 file tftp 192 168 1 1 file co...

Page 230: ...re a configuration file and then do below command archive download config URL_PATH user default config 2 You can login the system with console Telnet Http And then follow below procedures To setup all...

Page 231: ...ault settings of the Switch Press the Reset button to set the settings to factory default configurations 9 4 2 Firmware 9 4 2 1 CLI Configurations Node Command Description enable configure terminal Th...

Page 232: ...igure archive ipv6 download secondary fw URL PATH This command downloads a new copy of firmware file for secondary image from IPv6 TFTP FTP HTTP server Where URL PATH can be ftp user pass 192 168 1 1...

Page 233: ...boots the system 9 4 3 2 Web Configurations Reboot allows you to restart the Switch without physically turning the power off Follow the steps below to reboot the Switch In the Reboot screen click the...

Page 234: ...mmand enables the http on the Switch configure no http server This command disables the http on the Switch configure http server port VALUE This command configures the TCP port for the HTTP server con...

Page 235: ...es the TCP port for the HTTP service SSH Server State Selects Enable or Disable to enable or disable the SSH service Telnet Server State Selects Enable or Disable to enable or disable the Telnet servi...

Page 236: ...ge with the LEVEL recorded in the Switch enable show syslog server The command displays the syslog server configurations enable configure terminal This command changes the node to configure node confi...

Page 237: ...erver when any new log message occurred Facility Selects the facility level Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh Log Level Select...

Page 238: ...Maximum user account 6 Maximum user name length 32 Maximum password length 32 Default user account for privileged mode admin admin Notices The Switch allows users to create up to 6 user account The us...

Page 239: ...up the user associates admin read and write or normal read only for this user account Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh User A...

Page 240: ...the Simple Network Management Protocol SNMP 9 7 1 1 CLI Configuration Node Command Description enable show lldp This command displays the LLDP configurations enable show lldp neighbor This command dis...

Page 241: ...n the specific port enable Transmit and Receive the LLDP packet on the specific port tx only Transmit the LLDP packet on the specific port only rx only Receive the LLDP packet on the specific port Exa...

Page 242: ...To Live The hold time for the Switch s information Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh LLDP Neighbor Information Local Port The...

Page 243: ...vice configurations enable configure terminal This command changes the node to configure node configure manual registration device type ipcam plc switch pc mac MACADDR ip IPADDR product name STRINGS s...

Page 244: ...e settings Refresh Click Refresh to begin configuring this screen afresh Manual Registration Table Type The kind of devices connected to switch MAC Address The MAC address on the ONVIF device Action W...

Page 245: ...t If one or more ONVIF devices are connected to the same port it displays the last ONVIF device gets connect to it 9 7 3 1 CLI Configurations Node Command Description enable show onvif This command di...

Page 246: ...figuring this screen afresh ONVIF Neighbor Information Port The connected port of the ONVIF device IP Address The IP address of the ONVIF device MAC Address The MAC address on the ONVIF device VLAN ID...

Page 247: ...on the NGI M05 C1 icon it will display information about the NGI M05 C1 Left click the mouse on the NGI M05 C1 icon The browser will connect to the NGI M05 C1 If the neighbor device is a Switch that...

Page 248: ...ic details of the devices connected to the host by placing the cursor on it When there is something wrong with the devices the screen will appear so that you can find the details of events that have g...

Page 249: ...tes that connection is lost with the host 9 8 1 Background Configuration You can upload your company floor layout plan picture in to the background image so that you can identify easily where the swit...

Page 250: ...Preview window will display your select immediately If you click the Upgrade button the file will be download to the Switch and it will be applied on next reboot Color Allow user to select standard c...

Page 251: ...necessary changes after entering suitable username and password 10 MISC 10 1 Cable Test This feature determines the quality of the cables shorts cable impedance mismatch bad connectors termination mi...

Page 252: ...re interface IFNAME This command enters the interface configure node Interface show cable test result This command displays the cable test result Interface cable test start This command starts to test...

Page 253: ...THE USE OF THIS PRODUCT EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Specifically TRIPP LITE is not liable for any costs such as lost profits or revenue loss of equipment loss of use of equipment...

Page 254: ...esidential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense The user must use shielded cables and connectors with thi...

Reviews:

No comments