manualshive.com logo in svg

Weidmüller IE-SW-L3-SL28M, Manual

Share
Download
Weidmüller IE-SW-L3-SL28M Manual Download Page 197

User Manual Managed Switches 

195

 

requests sent from the switch. The maximum number 
of supplicants that can be attached to a port can be 
limited using the Port Security Limit 
Control functionality. 
• MAC-based Auth: Unlike port-based 802.1X, 
MAC-based authentication is not a standard, but 
merely a best-practices method adopted by the 
industry. In MAC-based authentication, users are 
called clients, and the switch acts as the supplicant on 
behalf of clients. The initial frame (any kind of frame) 
sent by a client is snooped by the switch, which in turn 
uses the client's MAC address as both username and 
password in the subsequent EAP exchange with the 
RADIUS server. The switch only supports 
the MD5-Challenge authentication method, so the 
RADIUS server must be configured accordingly. 
When authentication is complete, the RADIUS server 
sends a success or failure indication, which in turn 
causes the switch to open up or block traffic for that 
particular client. The advantage of MAC-based 
authentication over 802.1X-based authentication is 
that the clients don't need special supplicant software 
to authenticate. The disadvantage is that MAC 
addresses can be spoofed by malicious users - 
equipment whose MAC address is a valid RADIUS 
user can be used by anyone. Also, only the 
MD5-Challenge method is supported. The maximum 
number of clients that can be attached to a port can be 
limited using the Port Security Limit Control 
functionality. 

RADIUS-Assigned QoS Enabled 

Setting 

Description 

Factory 
Default 

Check / Uncheck 

When RADIUS-Assigned QoS is both globally 
enabled and enabled (checked) on a given port, the 
switch reacts to QoS Class information carried in the 
RADIUS Access-Accept packet transmitted by the 
RADIUS server when a supplicant is successfully 
authenticated. If present and valid, traffic received on 
the supplicant's port will be classified to the given QoS 
Class. This option is only available for single-client 
modes (Port-based 802.1X and Single 802.1X). 

Unchecked 

 

 

 

 

 

Summary of Contents for IE-SW-L3-SL28M

Page 1: ...Industrial Ethernet IEC 61850 3 Switches Manual for IE SW SL28M and IE SW L3 SL28M of SubstationLine Third Edition October 2022...

Page 2: ...r reserves the right to make improvements and or changes to this manual or to the products and or the programs described in this manual at any time Information provided in this manual is intended to b...

Page 3: ...L3 SL28M 14 3 3 3 IP Status 18 3 3 4 Access Management 20 3 3 4 1 Login Methods 20 3 3 4 2 Authentication Methods 21 3 3 4 3 Access Security 23 3 3 4 4 Access Statistics 24 3 3 5 Users 25 3 3 5 1 Conf...

Page 4: ...DHCP Relay Agent Option 82 60 3 5 2 1 DHCP Relay Configuration 60 3 5 2 2 DHCP Relay Statistics 61 3 5 3 DHCP Snooping 62 3 5 3 1 DHCP Snooping Configuration 62 3 5 3 2 DHCP Snooping Table 64 3 5 3 3...

Page 5: ...ion 110 3 8 6 SNMP View Configuration 111 3 8 7 SNMP Access Configuration 112 3 9 RMON 113 3 9 1 RMON Statistics Configuration 113 3 9 2 RMON History Configuration 114 3 9 3 RMON Alarm Configuration 1...

Page 6: ...P Source Guard Table 169 3 12 3 Access Control List ACL 169 3 12 3 1 ACL Ports Configuration 170 3 12 3 2 ACL Rate Limiter Configuration 171 3 12 3 3 ACL Configuration 172 3 12 3 4 ACL Status 183 3 12...

Page 7: ...toring 213 3 14 6 System Log Information 216 3 14 7 VeriPHY Cable Diagnostics 217 3 14 8 SFP Monitor 217 3 14 9 SFP Type 218 3 14 10 Ping and Ping6 219 3 15 PTP Synchronization 219 3 15 1 PTP Clock Co...

Page 8: ...ally designed to operate in harsh environments like Substations thanks to its IEC 61850 3 and IEEE 1613 compliance The product comes with an IP30 rugged case redundant power supply alarm relay and wid...

Page 9: ...82 o DHCP Relay Layer 3 functionality only IE SW L3 SL28M model o Routing between all ports VLAN routing o Static routing o Dynamic routing RIPv2 o VRRP for redundant default gateway of all hosts in a...

Page 10: ...led NOTE To use the Switch s management and monitoring functions from a PC host connected to the same LAN as the switch you must make sure that the PC host and the Switch are on the same logical subne...

Page 11: ...tput relay will remain in its original position Use the menu tree in the left navigation panel to open the function pages to access each of Ethernet Switch s functions NOTE The pages of the Web interf...

Page 12: ...rn the user that the security certificate was issued by a company they have not chosen to trust Select Continue to this website to enter the Weidm ller switch s web browser interface and access the we...

Page 13: ...tailed description of the unit Description of type System Location Setting Description Factory Default Max 255 characters This option is useful for differentiating between the locations of different u...

Page 14: ...e set manually Disabled Enabled The Weidm ller switch s IP address will be assigned automatically by the network s DHCPv4 server The DHCPv4 client will announce the configured System Name as hostname...

Page 15: ...number of bits prefix length Valid values are between 0 and 30 bits for an IPv4 address If DHCP is enabled this field configures the fallback address network mask The field may be left blank if IPv4 o...

Page 16: ...roups of contiguous zeros but it can appear only once System accepts the valid IPv6 unicast address only except IPv4 Compatible address and IPv4 Mapped address This field may be left blank if IPv6 ope...

Page 17: ...resses to different VLANs with hardware routing between them The button Add Interface has to be used to create a new IP interface The user has to fill the parameters described below and can delete any...

Page 18: ...m ller Switch Assigns the Weidm ller Switch s IPv4 address on a TCP IP network If DHCP is enabled this field configures the fallback address The field may be left blank if IPv4 operation on the interf...

Page 19: ...cimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contigu...

Page 20: ...r IPv6 It defines how many bits of an IP address must match in order to qualify for this route Valid values are between 0 and 32 bits IPv4 128 IPv6 Only a default route will have a mask length of 0 as...

Page 21: ...he current address of the interface of the given type Status The status flags of the interface and or address IP Routes Network The destination IP network or host address of this route Gateway The gat...

Page 22: ...abled Web Interface Access Setting Description Factory Default Only HTTP HTTPS mode operation disabled and web access only HTTP HTTP HTTPS Only HTTPS HTTP mode operation disabled and web access only H...

Page 23: ...Authentication Methods The Authentication Methods option allows the administrator to configure how a user is authenticated when he logs into the switch via one of the management client interfaces Auth...

Page 24: ...r to limit the CLI commands available to a user For each client type console telnet and ssh the following parameters can be programmed Method Setting Description Factory Default no Command authorizati...

Page 25: ...ng Unchecked 3 3 4 3 Access Security In this option the user can program the allowed IP addresses that can access to the management of the switch Access Management A table of up to 16 different entrie...

Page 26: ...ess range provided in the entry Unchecked SNMP Setting Description Factory Default Check Uncheck The host can access the switch from SNMP interface if the host IP address matches the IP address range...

Page 27: ...ional users delete existing users and configure different privilege levels for each created user 3 3 5 1 Configuration This page provides an overview of the current users Currently the only way to log...

Page 28: ...uld be the same or greater than the group privilege level to have the access of that group By default the group privilege level of 5 has the read only access and the privilege level of 10 has the read...

Page 29: ...groups in details System Contact Name Location Timezone Daylight Saving Time Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTP...

Page 30: ...on page lets users set the time date and other settings An explanation of each setting is given below the figure NOTE The Weidm ller switch does not have a real time clock The user must update the Cur...

Page 31: ...mezone Setting Description Factory Default User selectable time zone Specifies the time zone which is used to determine the local time offset from GMT Greenwich Mean Time GMT Greenwich Mean Time Serve...

Page 32: ...ration page is only available in the IE SW L3 SL28M model VRRP Virtual Router Redundancy Protocol is a protocol that allows to group several Layer 3 switches Routers as a unique Virtual Router that wi...

Page 33: ...P groups is created and then then the virtual IP address of the VRRP group is mapped to the virtual MAC address In this method the hosts don t need to update the gateway IP and MAC mapping entry when...

Page 34: ...itch The priority value determines which layer 3 switch router becomes the VRRP master Highest priority is 254 and lowest is 1 100 Adver Intv Setting Description Factory Default 1 to 2147483647 Number...

Page 35: ...ate Setting Description Factory Default No setting display Indicates the role of the Layer 3 switch in the VRRP group Master or Backup None Virtual MAC Setting Description Factory Default No setting d...

Page 36: ...on users are able to view each switch s neighbor list which is reported by its network neighbors Most importantly enabling the LLDP function allows a Network Management Software to automatically displ...

Page 37: ...ew LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value 2 sec Tx Reinit Sett...

Page 38: ...ame is included in LLDP information transmitted Checked Sys Descr Setting Description Factory Default Check Uncheck Optional TLV When checked the system description is included in LLDP information tra...

Page 39: ...Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS Cable Device 8 Station Only 9 Reserved When a capability is enabled a will be displayed If the capability is disabled a will...

Page 40: ...the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LLDP...

Page 41: ...TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded If an LLDP frame is received with an organizationally TLV but the TLV is not supported the TLV is counted...

Page 42: ...d by default To enable Ethernet IP select Enable in Mode and then click Apply The user can get the EDS Electronic Data Sheet File in in the Weidm ller Online Product Catalogue Select or search for dev...

Page 43: ...tion The startup configuration of the switch read at boot time If this file does not exist at boot time the switch will start up in default configuration Default Configuration A read only file with ve...

Page 44: ...r to enable or disable the use of this IE EBR MODULE RS232 ALM module in the switch Backup Option Setting Description Factory Default Disabled Enabled When Enabled the IE EBR MODULE RS232 ALM can be u...

Page 45: ...rent port configurations Ports can also be configured here Description Setting Description Factory Default Max 256 characters Name of the port Example Main Busbar Protection Relay None Link Setting De...

Page 46: ...to detect so in the switch is done by reading the SFP ROM Due to the missing standardized way of autodetection in SFP transceivers some of them may not be detectable 100 Mbps FDX SFP Forces the SFP po...

Page 47: ...uding FCS 9600 bytes Excessive Collision Mode Setting Description Factory Default Discard Restart Configures the port transmission behavior with collisions Discard Discard frame after 16 collisions Re...

Page 48: ...its Gives you more flexibility in setting up your network connections since the bandwidth of a link can be increased Provides redundancy if one link is broken the remaining trunked ports share the tra...

Page 49: ...ed TCP UDP Port Number Setting Description Factory Default Check Uncheck When enabled theTCP UDP port number is used to calculate the destination port for the frame Checked Static Aggregation Group Co...

Page 50: ...the standard This page allows the user to enable LACP functions to group ports together to form single virtual links and change associated settings thereby increasing the bandwidth between the switch...

Page 51: ...packet from a partner speak if spoken to Active Timeout Setting Description Factory Default Fast Slow Controls the period between BPDU transmissions Fast LACP packets are transmitted every second Slow...

Page 52: ...f LACP status of all ports The displayed table contains information about the different LACP parameters of each port Port The switch port number LACP Yes means LACP is enabled and the port link is up...

Page 53: ...ws how many LACP frames have been sent from each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port 3 4 2 6 Aggregation Status This page is used to see the s...

Page 54: ...oop Protection Avoid maintenance installation crews from mistakenly placing one cable on the same switch generating a loop problem 3 4 3 1 Configuration This page allows the user to enable the Loop Pr...

Page 55: ...ory Default Check Uncheck Controls whether loop protection is enabled in this port It is also necessary to enable the function in the General Setting section Checked Action Setting Description Factory...

Page 56: ...up IP addresses the Weidm ller switch comes equipped with DHCP server When enabled the Weidm ller switch can assign specific IP addresses automatically to connected devices that are equipped with DHC...

Page 57: ...ctory Default VLAN range Indicate the VLAN range in which DHCP server is enabled or disabled None 3 5 1 2 DHCP Server Pool Configuration This page manages DHCP pools According to the DHCP pool DHCP se...

Page 58: ...Description Factory Default Subnet mask Display the subnet mask of the DHCP address pool If is displayed it means not defined Lease Time Setting Description Factory Default Time in days hours minutes...

Page 59: ...ing Counters Automatic Binding Number of bindings with network type pools c Manual Binding Number of bindings that administrator assigns an IP address to a client That is the pool is of host type Expi...

Page 60: ...to service the binding In the page can also be found several buttons with the following functions Refresh Click to refresh the page immediately The Auto refresh check refreshes the page automatically...

Page 61: ...DHCP address pool DHCP Mode Setting Description Factory Default Enabled Disabled Enable or Disable DHCP server in the port It is also necessary to Enable DHCP server mode in Mode Configuration page D...

Page 62: ...n 82 information contains 2 sub options Circuit ID and Remote ID which define the relationship between end device IP and the DHCP Option 82 server The Circuit ID is a 4 byte number generated by the Et...

Page 63: ...g Description Factory Default Replace Keep Drop Indicates the DHCP relay information option policy When DHCP relay information mode is enabled if the agent receives a DHCP message that already contain...

Page 64: ...of packets relayed from the server to the client Transmit Error The number of packets that resulted in errors while being sent to server Receive from Client The number of packets received from the cl...

Page 65: ...quest messages will be forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disables DHCP snooping mode operation Disabled Port Mode Configuration Setting Description Fa...

Page 66: ...ynamic DHCP snooping Table The MAC address and VLAN input fields allow the user to select the starting point in the Dynamic DHCP snooping Table MAC Address User MAC address of the entry VLAN ID VLAN I...

Page 67: ...mitted Rx Discarded Checksum Error The number of discard packets that IP UDP checksum is error Rx Discarded from Untrusted The number of discard packets that are coming from untrusted ports 3 6 Redund...

Page 68: ...y O Ring protocol you can optimize communication redundancy and achieve a faster recovery time on the network In the O Ring protocol one switch has to be the master of the network and then automatical...

Page 69: ...time of about 10 ms resulting in a ring recovery time of around 30 ms As both methods are running concurrently a ring topology change will be initiated based on the error condition which will be trig...

Page 70: ...ets will be stopped triggering a network topology change of the RSTP network and both Dual Homing connections will become forwarding lines NOTE Only for two switches of an O Ring network the Homing po...

Page 71: ...able Do not select this Switch as Master Status Description Factory Default This switch is a Ring Master Switch programmed as Master This switch is Not a Ring Master This switch is Not a Ring Master S...

Page 72: ...ms MRP in Weidm ller Ethernet Switches In MRP only the role MRC Client is supported It needs to be considered that this redundancy protocol can be configured and applied as independent instances eith...

Page 73: ...and the path is blocked 3 6 3 The O Chain Concept O Chain is an advanced software technology that offers a highly flexible method for providing a redundant network extension to any kind of existing sw...

Page 74: ...ed to an RSTP network For a connection to an RSTP network the overall time for topology update after the chain is broken can be estimated as the calculated healing time of the used RSTP redundancy set...

Page 75: ...rt the state on both sides will change to link down Recovery time for O Chain connected to any non redundant Daisy Chain network or to a proprietary 3rd party network For connections to unmanaged swit...

Page 76: ...ransmission in this port Discarding The port is connected to a backup path and the path is blocked Edge Port Setting Description Factory Default Check Configure a port of the daisy Chain as edge port...

Page 77: ...on uses bridge instead of switch STP 802 1D is a bridge based system that is used to implement parallel paths for network traffic STP uses a loop detection process to Locate and then disable less effi...

Page 78: ...h Bridge B 3 6 4 2 How STP Works When enabled STP determines the most appropriate path for traffic through a network The way it does this is outlined in the sections below STP Requirements Before STP...

Page 79: ...ath Cost from that segment If several bridges have the same Root Path Cost the one with the lowest Bridge Identifier becomes the Designated Bridge Traffic transmitted in the direction of the Root Brid...

Page 80: ...route through bridges C and B costs 200 C to B 100 B to A 100 The route through bridges Y and B costs 300 Y to B 200 B to A 100 The Designated Bridge Port for LAN Segment 3 is port 2 on bridge C Diffe...

Page 81: ...STP i e all VLANs that are not members of particular MSTIs are members of the CIST Also the spanning tree that runs between MST regions is the CIST The following figure shows an example of an STP RSTP...

Page 82: ...e priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the prio...

Page 83: ...e its BPDU information 20 Transmit Hold Count Setting Description Factory Default Numerical value input by user 1 to 10 The number of BPDUs a bridge port can send per second When exceeded transmission...

Page 84: ...ogrammed if the redundancy protocol programmed is MSTP It is not applicable to STP RSTP The page allows the user to inspect and change the current MST Configuration Name the Revision level and the map...

Page 85: ...pty ex without any mapped VLANs None 3 6 4 5 MSTI Priorities NOTE This page only has to be programmed if the redundancy protocol programmed is MSTP It is not applicable to STP RSTP The page allows the...

Page 86: ...P RSTP is enabled on this switch port Unchecked Path Cost Setting Description Factory Default Auto Specific Configures the path cost incurred by the port Auto will set the path cost according to the p...

Page 87: ...t after the root port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network infl...

Page 88: ...t 3 6 4 7 MSTI Ports NOTE This page only has to be programmed if the redundancy protocol programmed is MSTP It is not applicable to STP RSTP This page allows the user to inspect and change the current...

Page 89: ...P bridge instances The displayed table contains a row for each STP bridge instance where the column displays the information that can be seen in the screen below MSTI The bridge instance This is also...

Page 90: ...contributed to the paths towards the spanning tree root which include this port It can be a value assigned by the Auto setting or any explicitly configured value Edge The current STP port operational...

Page 91: ...ternatePort BackupPort RootPort DesignatedPort Disabled Non STP CIST State The current STP port state of the CIST port The port state can be one of the following values Disabled Learning Forwarding Up...

Page 92: ...number of legacy Topology Change Notifications BPDUs transmitted received on the port Discarded Unknown The number of unknown Spanning Tree BPDUs received and discarded on the port Discarded Illegal T...

Page 93: ...ller switch increases the efficiency of your network by dividing the LAN into logical segments as opposed to physical segments In general VLANs are easier to manage 3 7 1 The Virtual LAN VLAN Concept...

Page 94: ...communicate with each other VLANs Your Weidm ller switch provides support for VLANs using IEEE Std 802 1Q 1998 This standard allows traffic from multiple VLANs to be carried across one physical link T...

Page 95: ...onal information that allows a switch to determine which VLAN the port belongs If a frame is carrying the additional information it is known as a tagged frame To carry multiple VLANs across a single p...

Page 96: ...actory Default Hexadecimal value between 0x600 and FFFF This field specifies the ethertype TPID used for Custom S ports The setting is in force for all ports whose Port Type is set to S Custom Port 88...

Page 97: ...s member of may be limited by the use of Allowed VLANs Ingress filtering can be controlled Ingress acceptance of frames and configuration of egress tagging can be configured independently ATTENTION Fo...

Page 98: ...onfigured to accept Tagged Only frames see Ingress Acceptance below frames without this TPID are dropped If frames must be tagged on egress they will be tagged with an S tag This port type can only be...

Page 99: ...fied to the Port VLAN or not are transmitted with a tag Untag All All frames whether classified to the Port VLAN or not are transmitted without a tag Only available for Hybrid ports Allowed VLANs Sett...

Page 100: ...figuration and basically reflects what is actually configured in hardware Combined The table displayed on the page shows the port members of each programmed VLAN ID VLAN ID VLAN ID for which the Port...

Page 101: ...dules configuration and basically reflects what is actually configured in hardware If a given software modules hasn t overridden any of the port settings the text No data exists for the selected user...

Page 102: ...ivate VLANs can be added or deleted and port members of each private VLAN can also be added or removed Private VLANs are based on the source port mask and there are no connections to VLANs This means...

Page 103: ...ck A check box is provided for each port of a private VLAN When checked port isolation is enabled for that port When unchecked port isolation is disabled for that port Unchecked 3 7 2 6 GVRP Configura...

Page 104: ...Default Numerical value between 1000 and 5000 hundreds of sec GVRP protocol timer 1000 Max VLANs Setting Description Factory Default Numerical value between 1 and 4094 The maximum number of VLANs supp...

Page 105: ...SNMP agent and manager Protocol version UI Setting Authentication Encryption Method SNMP V1 V2c V1 V2c Read Community Community string No Uses a community string match for authentication V1 V2c Write...

Page 106: ...objects using this community string The field only suits to SNMPv1 and SNMPv2c If SNMPv3 is used this setting has to be made using the option SNMP Community public Write Community SNMPv1 and SNMP v2c...

Page 107: ...This page allows the user to configure the general SNMP traps Mode Setting Description Factory Default Disabled Enabled Enables or disables SNMP traps in the switch Disabled Pressing the button Add Ne...

Page 108: ...Indicates the community access string when sending SNMP trap packets public Trap Destination Address Setting Description Factory Default IP address Indicates the SNMP trap destination address It allo...

Page 109: ...string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed Disabled Trap Security Name Setting Description Factory Defa...

Page 110: ...mmunity Press the button Add New Entry to create a new Community Community Setting Description Factory Default Max 32 characters Indicates the community access string to permit access to SNMP agent No...

Page 111: ...the usmUserEngineID and usmUserName are the entry keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remot...

Page 112: ...vacy Password Setting Description Factory Default String between 8 and 32 characters A string identifying the encryption pass phrase None 3 8 5 SNMP Groups Configuration This page allows the user to c...

Page 113: ...ne Group Table Group Name Setting Description Factory Default Max 32 characters A string identifying the name of the Group None 3 8 6 SNMP View Configuration NOTE This page only has to be configured i...

Page 114: ...in the switch This page allows the user to configure SNMPv3 accesses table The entry index keys are Group Name Security Model and Security Level Two default views are already created but is possible t...

Page 115: ...s It should be one of the created views in the SNMP Views Configuration option None Write View Name Setting Description Factory Default Max 32 characters The name of the MIB View defining the MIB obje...

Page 116: ...h ID 1 For example if we want to monitor switch 3 port 5 the value is 2000005 None 3 9 2 RMON History Configuration The user can configure RMON History table on this page Press the button Add New Entr...

Page 117: ...new entry to define RMON alarms ID Setting Description Factory Default Numeric value between 1 and 65535 Indicates the index of the entry None Interval Setting Description Factory Default Time between...

Page 118: ...normal OutErrors The number of outbound packets that could not be transmitted because of errors OutQLen The length of the output packet queue in packets Sample Type Setting Description Factory Defaul...

Page 119: ...tting Description Factory Default Numeric value between 231 and 231 1 Falling threshold value 0 Falling Index Setting Description Factory Default Numeric value between 1 and 65535 Falling event index...

Page 120: ...vent entry last generated an event None 3 9 5 RMON Statistics Status This page provides an overview of RMON Statistics entries The page shows up to 99 entries from the Statistics table default being 2...

Page 121: ...C Coll The best estimate of the total number of collisions on this Ethernet segment 64 Bytes The total number of packets including bad packets received that were 64 octets in length 65 127 The total n...

Page 122: ...4 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Under size The t...

Page 123: ...is first set to valid Rising Threshold Rising threshold value Rising Index Rising threshold index Filing Threshold Falling threshold value Falling Index Falling event index 3 9 8 RMON Event Status Thi...

Page 124: ...ical or business critical applications Provide predictable throughput for multimedia applications such as video conferencing or voice over IP and minimize traffic delay and jitter Improve network perf...

Page 125: ...hat map to user defined service levels allowing you to establish more control over network traffic The advantages of DiffServ over IEEE 802 1D are You can configure how you want your switch to treat s...

Page 126: ...riority traffic As each packet arrives in the Weidm ller switch it passes through any ingress processing which includes classification marking re marking and is then sorted into the appropriate queue...

Page 127: ...cription Factory Default Numeric value Controls the rate for the global storm policer This value is restricted to 1 13128072 when Unit is fps or kbps and 1 13128 when Unit is kfps or Mbps The rate is...

Page 128: ...ng Description Factory Default 0 to 7 Controls the default class of service All frames are classified to a CoS There is a one to one mapping between CoS queue and priority A CoS of 0 zero has the lowe...

Page 129: ...tag Otherwise the frame is classified to this default PCP value 0 DEI Setting Description Factory Default 0 to 1 Controls the default drop eligible indicator DEI value All frames are classified to a...

Page 130: ...stination The IP MAC address mode specifies whether the QoS Control List QCL classification must be based on source SMAC SIP or destination DMAC DIP addresses on this port Accordingly Source Enables S...

Page 131: ...Mapped Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of CoS and DPL Disabled 3 10 4 Port DSCP This...

Page 132: ...DSCP is 0 Selected Classify only selected DSCP for which classification is enabled as specified in DSCP translation window for the specific DSCP All Classify all DSCP Disable Egress Rewrite Setting D...

Page 133: ...k Check to enable the policer on the switch port Unchecked Rate Setting Description Factory Default Numerical value Configures the rate of each policer This value is restricted to 1 to 13128072 when t...

Page 134: ...measure for each policer rate kbps Flow Control Setting Description Factory Default Check Uncheck If enabled and the port is in Flow Control mode then pause frames are sent instead of being discarded...

Page 135: ...the nearest value supported by the queue policer This field is only shown if the queue policer is enabled 500 Unit Setting Description Factory Default kbps Mbps Controls the unit of measure for the q...

Page 136: ...User Manual Managed Switches 134 When clicking on any port number a new page is loaded to configure the Scheduler and Shapers for that specific port of the switch...

Page 137: ...shaper It can only be programmed if queue shaper is enabled 500 Queue Shaper Unit Setting Description Factory Default kbps Mbps Controls the unit of measure for the queue shaper rate It can only be pr...

Page 138: ...and 1 13128 when Unit is Mbps The rate is internally rounded up to the nearest value supported by the port shaper 500 Queue Shaper Unit Setting Description Factory Default kbps Mbps Controls the unit...

Page 139: ...user to display and configure the basic DSCP based QoS Ingress Classification settings for the switch For the 64 DSCP values is possible to set Trust Setting Description Factory Default Check Uncheck...

Page 140: ...wer precedence level when congestion occurs 0 3 10 10 DSCP Translation This page allows the user to configure QoS DSCP translation settings for the switches DSCP translation can be done in Ingress or...

Page 141: ...on at ingress side Unchecked Egress Remap Setting Description Factory Default 0 to 63 Controls the remapping The user can select the DSCP value from a selected menu to which is desired to remap 0 to 6...

Page 142: ...Default 0 to 63 Select the classified DSCP value for frames 0 3 10 12 QoS Control List This page shows the QoS Control List which is made up of the QCEs QoS Control Entry Each row describes a QCE that...

Page 143: ...Any Key Parameters SMAC Setting Description Factory Default Any Specific Indicates the source MAC address for incoming frames Any All types of SMAC addresses are allowed Specific Type the specific sou...

Page 144: ...P Destination Service Access Point can vary from 0x00 to 0xFF or Any SSAP address Valid SSAP Source Service Access Point can vary from 0x00 to 0xFF or Any Control Valid Control field can vary from 0x0...

Page 145: ...ues or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 Any Action Parameters Indicate the classification action taken on ingress frame if the parameters configured in the QC...

Page 146: ...tus This page shows the QCL Quality of Service Control List status by different QCL users Each row describes the QCE Quality of Service Control Entry that is defined The maximum number of QCEs is 256...

Page 147: ...column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays Yes if there is a HW conflict related with the created QCE Otherwise d...

Page 148: ...icasts are often used for video conferencing since high volumes of traffic must be sent to several end stations at the same time but where broadcasting the traffic to all end stations would cause a su...

Page 149: ...ulticast group and then configure its filters accordingly Querier Mode Querier mode allows the Weidm ller switch to work as the Querier if it has the lowest IP address on the subnetwork to which it be...

Page 150: ...eeds to forward the packet to the router When the router receives the report packet it registers that the LAN or VLAN requires traffic for the multicast groups When the router forwards traffic for the...

Page 151: ...groups in the address range Assign valid IPv4 multicast address as prefix with a prefix length from 4 to 32 for the range 232 0 0 0 8 Leave Proxy Enabled Setting Description Factory Default Check Unc...

Page 152: ...put field When first visited the web page will show the first 20 entries from the beginning of the VLAN table The first displayed will be the one with the lowest VLAN ID found in the VLAN table The St...

Page 153: ...ing on the versions of IGMP operating on hosts and routers within a network IGMP Auto PRI Setting Description Factory Default 0 to 7 Priority of Interface It indicates the IGMP control frame priority...

Page 154: ...Default 1 to 31774 sec Unsolicited Report Interval It is the time between repetitions of a host s initial report of membership in a group 1 3 11 4 IGMP Snooping Status This page provides IGMP Snoopin...

Page 155: ...splayed table starting from that or the next closest IGMP Group table match The following information can be displayed on the page VLAN ID VLAN ID of the group Groups Group address of the group displa...

Page 156: ...urce address for filtering per group is 8 When there is not any source filtering address the text None is shown in the Source Address field Type Indicates the Type It can be either Allow or Deny Hardw...

Page 157: ...y the access control on IP multicast streams It is allowed to create at maximum 64 Profiles with a maximum of 128 corresponding rules for each Global Profile Mode Setting Description Factory Default E...

Page 158: ...le Address Configuration None 3 11 9 IPMC Profile Address Configuration This page provides address range settings used in IPMC profile The address entry is used to specify the address range that will...

Page 159: ...P traffic Access control according IEEE 802 1X The IEEE 802 1X standard defines a protocol for client server based access control and authentication The protocol restricts unauthorized clients from co...

Page 160: ...Failure frame to the supplicant 3 The RADIUS server sends a RADIUS Access Challenge which contains an EAP Request with an authentication type to the authenticator to ask for the password from the clie...

Page 161: ...Disabled Mode Setting Description Factory Default Scan Binding Shutdown The Mode configuration is only possible when Device Binding function is enabled The possible states for each port are Device Bi...

Page 162: ...l monitor the device against DDOS Distributed Denial of Service attack The Status column indicates the alive check status Analyzing Analyze the packet throughput for initialization Running Function re...

Page 163: ...Setting Description Factory Default IP address Specify Alias IP address Keep 0 0 0 0 if the device doesn t have alias IP address None 3 12 1 2 Alive Check This page provides additional configuration...

Page 164: ...ossible to enable the Alive Check option Binding function is enabled in the Device Binding page Disabled Action Setting Description Factory Default Link Change Only Log it Shut Down the Port Indicates...

Page 165: ...DDOS Distributed Denial of Service Prevention related configuration options The switch could monitor the ingress packets and do some actions when DDOS attack happened on any specific port Mode Setting...

Page 166: ...er If the packed type is TCP or UDP the socket number has to be specified It is possible to specify a range from Low to High If the socket number is one fill the same number in fields Low and High 80...

Page 167: ...ction ready Attacked DDOS attack happened Disabled 3 12 1 4 Device Description From this option it can be specified a description and a location for each port to help administrators differentiate betw...

Page 168: ...ription of the device connected to the port None 3 12 1 5 Stream Check This page provides additional configuration options for the Stream Check function on each port Mode Setting Description Factory D...

Page 169: ...nt Disabled Status Setting Description Factory Default Information only Indicates the Stream Check status Disabled Normal The stream is normal Low The stream is getting low Disabled 3 12 2 IP Source G...

Page 170: ...Disable the IP Source Guard function in each specific port of the switch Disabled Max Dynamic Clients Setting Description Factory Default Unlimited 0 1 2 Specifies the maximum number of dynamic clien...

Page 171: ...ng the Refresh button will update the displayed table starting from that or the next closest IGMP Group table match The following information can be displayed on the page Port Switch port number for w...

Page 172: ...ach port of the switch are Policy ID Setting Description Factory Default 0 to 255 Indicate the policy ID to apply to this port 0 Action Setting Description Factory Default Permit Deny Select whether f...

Page 173: ...nsider that the System Log memory size and logging rate is limited Disabled Shutdown Setting Description Factory Default Enabled Disabled Specifies the port shut down operation of this port Enabled If...

Page 174: ...ding Port mirroring cannot be edited or deleted the order sequence cannot be changed and the priority is highest The information displayed on the page is summarized in the following table ACE Indicate...

Page 175: ...cted to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled Mirror Indicates the mirror operation of the ACE Fr...

Page 176: ...this this ACE Any Any frame can match this ACE Ethernet type Only Ethernet type frames can match this ACE The IEEE 802 3 describes the value of Length Type Field specifications to be greater than or e...

Page 177: ...ranted permission for the ACE operation Deny The frame that hits this ACE is dropped Permit Rate Limiter ID Setting Description Factory Default Disabled 1 to 16 Specify the rate limiter in number of b...

Page 178: ...ACE Any No DMAC address filter is specified MC Frame must be multicast BC Frame must be broadcast UC Frame must be unicast Specific A field for entering the DMAC address appears Any EtherType Filter...

Page 179: ...Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear Any Target IP Filter Setting Description Factory Default...

Page 180: ...t 0x06 or the PLN is not equal to IPv4 0x04 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 Any IP Setting Description Factory Default Any 0 1 Specify wheth...

Page 181: ...atch this entry Any IP Fragment Setting Description Factory Default Any Yes No Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragme...

Page 182: ...s If the type of frame selected is IPv6 several additional parameters can be programmed Next Header Filter Setting Description Factory Default Any Other ICMP UDP TCP Specify the IPv6 next header filte...

Page 183: ...value 0 to 255 appears Any TCP UDP parameters If the type of frame selected is IPv4 TCP IPv4 UDP IPv6 TCP or IPv6 UDP several additional parameters can be programmed TCP UDP Source Port Filter Setting...

Page 184: ...ield is set must not be able to match this entry 1 TCP frames where the SYN field is set must be able to match this entry Any TCP RST Setting Description Factory Default Any 0 1 Specify the TCP Reset...

Page 185: ...ent ACL users Each row describes the main information about each ACE that is defined The maximum number of ACEs is 256 on each switch The table displayed on the page shows the following information Us...

Page 186: ...also provide the login option through Remote Access Dial In User Service RADIUS or Terminal Access Controller Access Control System Plus TACACS The RADIUS and TACACS mechanisms are centralized AAA Au...

Page 187: ...feature but only if more than one server has been configured 0 Key Setting Description Factory Default Max 63 characters The secret key shared between the RADIUS server and the switch None NAS IP Add...

Page 188: ...ation 1812 Acct Port Setting Description Factory Default Port The UDP port to use on the RADIUS server for accounting Set to 0 to disable accounting 1813 Timeout Setting Description Factory Default 1...

Page 189: ...d new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dea...

Page 190: ...blank will use the global key None 3 12 4 3 RADIUS Overview This page provides an overview of the status of the RADIUS servers configured in the switch The table displayed on the page shows the follo...

Page 191: ...ng Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not r...

Page 192: ...network 3 12 5 1 Network Access Server NAS Configuration This page allows the user to configure the IEEE 802 1X and MAC based authentication system and port settings The NAS configuration consists of...

Page 193: ...ration described below global settings Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for a...

Page 194: ...the client during the hold time 10 RADIUS Assigned QoS Enabled Setting Description Factory Default Check Uncheck The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enable disabl...

Page 195: ...switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is gl...

Page 196: ...the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access e...

Page 197: ...ses the switch to open up or block traffic for that particular client The advantage of MAC based authentication over 802 1X based authentication is that the clients don t need special supplicant softw...

Page 198: ...e switch considers moving the port into the Guest VLAN according to the following rules When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If t...

Page 199: ...tons Reauthenticate and Reinitialize are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode T...

Page 200: ...in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID 3 12 5 3 Network Access Server NAS Statist...

Page 201: ...iption Factory Default Enabled Disabled Enable or Disable the Global limit control on the switch Disabled Aging Enabled Setting Description Factory Default Check Uncheck If checked secured MAC address...

Page 202: ...he following actions None Do not allow more than Limit MAC addresses on the port but take no further action Trap If the limit number is exceeded on the port an SNMP trap will be sent If Aging is disab...

Page 203: ...to Shutdown or Trap Shutdown Disabled The Reopen button can be used to reopen a specific port that has been shut down due to exceeding the defined limit 3 12 6 2 Port Security Status When port securit...

Page 204: ...abled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security State...

Page 205: ...n the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blocked state until the hold time measured in seconds expires If all user modules have decided...

Page 206: ...events take place Configuring Relay Warning Events Settings Alarm event types can be divided into two basic groups Power Failure and Port Link Down Broken You can configure which events are related to...

Page 207: ...pposing device shuts down 3 13 2 Configuring Email Warning The SMTP Setting function uses e mail to alert the user when certain user configured events take place Two basic steps are required to set up...

Page 208: ...eidm ller switch is rebooted Power Status Weidm ller switch is powered up or down SNMP Authentication Failure Incorrect SNMP authentication O Ring Topology Change If the Master of the O Ring has chang...

Page 209: ...g Description Factory Default Max of 45 characters Subject of the email that will be sent Automated Email Alert Authentication Setting Description Factory Default Check Uncheck Check if the SMTP serve...

Page 210: ...everity code is less or equal than Informational 6 Error Send the specific messages which severity code is less or equal than Error 3 Warning Send the specific messages which severity code is less or...

Page 211: ...le Automatic Aging Unchecked Aging time Setting Description Factory Default 10 to 1000000 sec Configure specific aging time 300 MAC Table Learning Port Members Setting Description Factory Default Auto...

Page 212: ...le can contain up to 64 entries The Delete button can be used to undo the addition of new static MAC entries VLAN ID Setting Description Factory Default 1 to 4095 The VLAN ID of the entry 1 MAC Addres...

Page 213: ...he entry 3 14 3 Port Statistics Overview This page provides an overview of general traffic statistics for all switch ports The table shown on the page includes the following information Port The port...

Page 214: ...Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes including FCS but excluding framing bits Rx and Tx Uni...

Page 215: ...e forwarding process Transmit Error Counters Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions The...

Page 216: ...Disabled Enable or disable the Mirroring or Remote mirroring function Disabled Type Setting Description Factory Default Mirror The source port s and destination port are located on this switch Mirror...

Page 217: ...pure copper ports Port 1 Source VLAN s Configuration Setting Description Factory Default 1 to 4095 The switch can support VLAN based mirroring If you want to monitor some VLANs on the switch you can...

Page 218: ...nt in the Event Log table Clicking the Refresh button will update the displayed table starting from that or the next closest Event Log table match In the Syslog are defined four different levels for t...

Page 219: ...ir Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B...

Page 220: ...rom the fiber optic cable in mW dBm The amount of light being received from the fiber optic cable in dBm Besides monitoring the SFP status it is also possible to configure a high temperature warning t...

Page 221: ...tion IEEE Std 1588 2008 specifies the second generation of the Precision Time Protocol PTP which is also known as PTPv2 or 1588v2 This is capable of very accurate time synchronization by using special...

Page 222: ...k details 0 Device Type Setting Description Factory Default Inactive Ord Bound P2pTransp E2eTransp Mastronly Slaveonly Indicates the Type of the Clock Instance There are five Device Types Ord Bound Cl...

Page 223: ...ge describes all the parameters that can be adjusted for each PTP port Local Clock Current Time Shows the actual PTP time with nanosecond resolution and the actual clock adjustment method depending on...

Page 224: ...played and configured Unicast Slave Configuration When operating in IPv4 Unicast mode the slave is configured up to 5 master IP addresses The slave then requests Announce messages from all the configu...

Page 225: ...possible types are Transparent Clock End to End or Peer to Peer Boundary Clock Master only or Slave only Port The ports configured for that clock instance 3 16 Save Manage Configuration After changin...

Page 226: ...ation to factory defaults It is also possible to define different actions for the reset button located in the front of the switch Reset to Factory Defaults The user has the possibility to restore to f...

Page 227: ...naged Switches 225 3 18 System Reboot This function is used to restart the Ethernet Switch 3 19 License Information This page shows Weidm ller s declaration for used Open Source Software GNU General P...

Page 228: ...and Hardware Installation Guide Download via Product Catalogue Online Catalogue Download latest Firmware version Private MIB file PROFINET GSDML file EtherNet IP EDS file or Documentation http www wei...

Page 229: ...12 0x2233 Power 1 0x0058 88 Word 1 0x0000 Off 0x0001 On Power 2 0x0059 89 Word 1 0x0000 Off 0x0001 On Fault LED Status 0x005a 90 Word 1 0x0000 Off 0x0001 On IP Address 0x0090 144 String 16 Eg 192 168...

Page 230: ...oot Bridge RSTP Port 1 to 6 Status 0x3200 12800 Word 1 0x0000 Port Disabled 0x0001 Not RSTP Port 0x0002 Link Down 0x0003 Blocked 0x0004 Learning 0x0005 Forwarding 0xFFFF RSTP Not Enable O Ring Master...

Page 231: ...User Manual Managed Switches 229 0xFFFF Not Enabled O Chain 2nd Port Status 0x3702 14082 Word 1 0x0002 Link Down 0x0003 Blocked 0x0005 Forwarding 0xFFFF Not Enabled...

Reviews:

No comments

Brands by name

Popular brands

Load more brands