background image

 

 

Figure 4-5.3.3:  The RADIUS Configuration

 

 

 
Figure 4-5.3.4:  The RADIUS Accounting Configuration

 

 

 

Figure 4-5.3.4:  The  Authentication Configuration 

 

 

Parameter description: 

 

Timeout : 

The Timeout, which can be set to a number between 3 and 3600 seconds, is the maximum 

time to wait for a reply from a server. 
If the server does not reply within this timeframe, we will consider it to be dead and 

continue with the next enabled server (if any). 
RADIUS servers are using the UDP  protocol, which is unreliable by design. In order to 

cope with lost frames, the timeout interval is divided into 3 subintervals of equal length. If a 

reply is not received within the subinterval, the request is transmitted again. This algorithm 

causes the RADIUS server to be queried up to 3 times before it is considered to be dead.  

 

Dead Time : 

The Dead Time, which can be set to a number between 0 and 3600 seconds, is the period 

Summary of Contents for WPoE-2426

Page 1: ... 26 Port L2 PoE Plus Managed Switch User s Manual Release 1 0 2012 Welltech Technology Co Ltd All rights reserved All brand and product names are trademarks or registered trademarks of their respective companies ...

Page 2: ... the Customer Support Warranty booklet included with the product A copy of the specific warranty terms applicable to your Manufacture products and replacement parts can be obtained from your Manufacture Sales and Service Office authorized dealer Disclaimer Manufacture Technology does not warrant that the hardware will work properly in all environments and applications and marks no warranty and rep...

Page 3: ...ect to the Following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation CE mark Warning This is a Class A device In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures NOTE Emphasizes important i...

Page 4: ...E 9 2 2 1 Manual 9 2 2 2 NTP 11 2 3 ACCOUNT 12 2 3 1 Users 12 2 3 2 Privilege Level 14 2 4 IP 17 2 4 1 IPV4 17 2 4 2 IPV6 19 2 5 SYSLOG 20 2 5 1 Configuration 20 2 5 2 Log 21 2 5 3 Detailed Log 22 2 6 SNMP 23 2 6 1 System 23 2 6 2 Communities 24 2 6 3 Users 25 2 6 4 Groups 27 2 6 5 Views 28 2 6 6 Access 30 2 6 7 Trap 32 CHAPTER 3 CONFIGURATION 34 3 1 PORT 34 3 1 1 Configuration 34 3 1 2 Port Descr...

Page 5: ... LLDP Neighbors 103 3 8 3 LLDP MED Configuration 105 3 8 4 LLDP MED Neighbours 111 3 8 5 EEE 114 3 8 6 Port Statistics 116 3 9 POE 118 3 9 1 Configuration 118 3 9 2 Status 120 3 10 FILTERING DATA BASE 121 3 10 1 Configuration 121 3 10 2 Dynamic MAC Table 123 3 11 VLAN 125 3 11 1 VLAN Membership 125 3 11 2 Ports 127 3 11 3 Switch Status 129 3 11 4 Port Status 130 3 11 5 Private VLANs 132 3 11 5 1 P...

Page 6: ...22 TRAP EVENT SEVERITY 193 3 23 SMTP CONFIGURATION 194 3 24 UPNP 195 3 25 LOOP DETECTION 196 3 25 1 Configuration 196 CHAPTER 4 SECURITY 198 4 1 IP SOURCE GUARD 198 4 1 1 Configuration 198 4 1 2 Static Table 200 4 1 3 Dynamic Table 201 4 2 ARP INSPECTION 202 4 2 1 Configuration 202 4 2 2 Static Table 204 4 2 3 Dynamic Table 205 4 3 DHCP SNOOPING 206 4 3 1 Configuration 206 4 3 2 Statistics 208 4 4...

Page 7: ...faults 249 5 3 2 Save Start 249 5 3 3 Save User 250 5 3 4 Restore User 250 5 4 EXPORT IMPORT 251 5 4 1 Export Config 251 5 4 2 Import Config 252 5 5 DIAGNOSTICS 253 5 5 1 Ping 253 5 5 2 Ping6 254 5 5 3 VeriPHY 255 A GLOSSARY OF WEB BASED MANAGEMENT 256 A 256 C 257 D 257 E 258 F 259 H 259 I 259 L 261 M 261 N 262 O 263 P 263 Q 264 R 265 S 265 T 266 U 267 V 267 ...

Page 8: ......

Page 9: ...ications protect your sensitive information and optimize your network bandwidth to deliver information and applications more effectively It provides the ideal combination of affordability and capabilities for entry level networking includes small business or enterprise application and helps you create a more efficient better connected workforce WPoE 2426 Web Managed Switches provide 26 ports in a ...

Page 10: ...and then click the Login button The login process now is completed In this login menu you have to input the complete username and password respectively the WPoE 2426 will not give you a shortcut to username automatically This looks inconvenient but safer In the WPoE 2426 it supports a simple user management function allowing only one administrator to configure the system at the same time If there ...

Page 11: ...h the Switch default IP is 192 168 1 1 Figure 1 The login page NOTE If you need to configuration the function or parameter then you can refer the detail in the User Guide Or you could access to the Switch and click the help under the web GUI and the switch will pop up the simple help content to teach you how to set the parameters ...

Page 12: ...Publication date August 2012 Revision 1 0 Welltech Technology Co Ltd 2 WPoE 2426 web help function ...

Page 13: ...nections CABLING GUIDELINES The RJ 45 ports on the switch support automatic MDI MDI X pin out configuration so you can use standard straight through twisted pair cables to connect to any other network device PCs servers switches routers or hubs and VoIP devices such as IP Phone ATA and FXS FXO Gateway See Appendix B for further information on cabling CAUTION Do not plug a phone jack connector RJ 1...

Page 14: ......

Page 15: ... the switch panel corresponding to each port will light green 1000 Mbps or amber 100 Mbps to indicate that the connection is valid NETWORK WIRING CONNECTIONS Today the punch down block is an integral part of many of the newer equipment racks It is actually part of the patch panel Instructions for making connections in the wiring closet with this type of equipment are as follows Step1 Attach one en...

Page 16: ...ion Hardware Mechanical Version Serial Number Host IP Address Host Mac Address Device Port RAM Size and Flash Size With this information you will know the software version used MAC address serial number how many ports are available and so on This is helpful while malfunctioning 2 1 1 Information The switch system information is provided here Web interface To configure System Information in the web...

Page 17: ... The time accumulated since this switch is powered up Its format is day hour minute second BIOS version The version of the BIOS in this switch Firmware version The firmware version in this switch Hardware Mechanical version The version of Hardware and Mechanical The figure before the hyphen is the version of electronic hardware the one after the hyphen is the version of mechanical Serial number Th...

Page 18: ...Publication date August 2012 Revision 1 0 Welltech Technology Co Ltd 6 To display the device s maximum frame size information ...

Page 19: ...ntact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Name An administrative assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Z a z digits 0 9 minus sign No space characters are permitted as part of a name The first charact...

Page 20: ...e SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG Web interface To configure System Information in the web interface 1 Click System System Information CPU Load 2 Display the CPU Load on the screen 3 Click Auto refresh Figure 2 1 3 CPU Load Parameter description Auto refresh To evoke...

Page 21: ...Provide the time zone offset relative to UTC GMT The offset is given in minutes east of GMT The valid range is from 720 to 720 minutes Daylight Saving Daylight saving is adopted in some countries If set it will adjust the time lag or in advance in unit of hours according to the starting date and the ending date For example if you set the day light saving to be 1 hour When the time passed over the ...

Page 22: ... GMT The valid range is from 1 to 1440 minutes The default is 60 minutes Daylight Savings Type Provide the Daylight savings type selection You can select By Dates or Recurring two types for Daylight saving type From To configure when Daylight saving start date and time the format is YYYY MM DD HH MM To To configure when Daylight saving end date and time the format is YYYY MM DD HH MM NOTE The unde...

Page 23: ...the correct time The switch supports configurable time zone from 12 to 13 steps 1 hour Default Time zone 8 Hrs Web Interface To configure Time in the web interface 1 Click SYSTEM NTP 2 Specify the Time parameter in manual parameters 3 Click Save Figure 2 2 2 The NTP configuration Parameter description Server 1 to 5 Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit reco...

Page 24: ... unable to be deleted In addition up to 4 guest accounts can be created 2 3 1 Users This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser Web Interface To configure Account in the web interface 1 Click SYSTEM Account Users 2 Click Add new user 3 Specify the User Name parameter 4 Click Save Figure2 3 ...

Page 25: ...hould be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 1...

Page 26: ...gation Diagnostics EEE GARP GVRP IP IPMC Snooping LACP LLDP LLDP MED MAC Table MRP MVR MVRP Maintenance Mirroring POE Ports Private VLANs QoS SMTP SNMP Security Spanning Tree System Trap Event VCL VLANs Voice VLAN Privilege Levels from 1 to 15 Web Interface To configure Privilege Level in the web interface 1 Click SYSTEM Account Privilege Level 2 Specify the Privilege parameter 3 Click Save ...

Page 27: ... but a few of them contains more than one The following description defines these privilege level groups in details System Contact Name Location Time zone and Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and ...

Page 28: ...rs Privilege Levels and everything in Maintenance Privilege Levels Every group has an authorization Privilege level for the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics User Privilege should be same or greater than the authorization Privilege level to have the access to that gro...

Page 29: ... a new version of the Internet Protocol IPv6 which would have 128 bits Internet Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet 2 4 1 IPV4 The IPv4 address for the switch could be obtained via DHCP Server for VLAN 1 To manually configure an address you need to change the swit...

Page 30: ...rovide the IP address of this switch in dotted decimal notation IP Mask Provide the IP mask of this switch dotted decimal notation IP Router Provide the IP address of the router in dotted decimal notation SNTP Server Provide the IP address of the SNTP Server in dotted decimal notation DNS Server Provide the IP address of the DNS Server in dotted decimal notation VLAN ID Provide the managed VLAN ID...

Page 31: ... few seconds the total time needed to complete auto configuration can be significantly longer Address Provide the IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple...

Page 32: ...Evoke the Syslog to enable it 4 Click Save Figure2 5 1 The System Log configuration Parameter description Server Mode Indicates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a con...

Page 33: ...automatically Level Level of the system log entry The following level types are supported Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels ID ID 1 of the system log entry Time It will display the log recorded by device time The time of the system log entry Message It will display the log detail message The message of the...

Page 34: ... detailed log configuration in the web interface 1 Click Syslog Detailed Log 2 Display the log information Figure2 5 3 The Detailed System Log Information Parameter description ID The ID 1 of the system log entry Message The detailed message of the system log entry Upper right icon Refresh clear You can click them for refresh the system log or clear them by manual others for next up page or entry ...

Page 35: ...B counters will be ignored 2 6 1 System This section describes how to configure SNMP System on the switch This function is used to configure SNMP settings community name trap host and public traps as well as the throttle of SNMP A SNMP manager must pass the authentication by identifying both community names then it can access the MIB information of the target device So both parties must have the s...

Page 36: ...igure2 6 2 The SNMPv1 v2 Communities Security Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMP...

Page 37: ...ame that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The value of security level cannot ...

Page 38: ...e For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is ASCII characters from 33 to 126 Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols are None No privacy protocol DES An optional flag to indicate that this user uses DES authenticat...

Page 39: ...on Parameter description Delete Check to delete the entry It will be deleted during the next save Security Model Indicates the security model that this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is...

Page 40: ...lick Reset Figure 2 6 5 The SNMP Views Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 View Type Indicates the view type that this entry should belong to Possible vi...

Page 41: ...e OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Save To click the Save icon to save the configuration to ROM ...

Page 42: ...fy the SNMP Access parameters 4 Click Save 5 If you want to modify or clear the setting then click Reset Figure 2 6 6 The SNMP Access Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII charact...

Page 43: ...iew Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Write View Name The name of the MIB view defining the MIB objects for which this request may potentially set new values The allowed string length is 1 to 32 and the allowed content is ASCII c...

Page 44: ...setting 1 Click SNMP Trap 2 Display the SNMP Trap Hosts information table 3 Choice an entry to display and modify the detail parameters or click delete button to delete the trap hosts entry Figure 2 6 7 The SNMP Trap Host Configuration Parameters description Delete Check Delete entry then check Save button the entry will be deleted Trap Version You may choose v1 v2c or v3 trap Server IP To assign ...

Page 45: ...nds of choices NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Authentication Protocol You can choose MD5 or SHA for authentication Authentication Password The length of MD5 Authentication Password is restricted to 8 32 The length of SHA Authentication Password is restricted to 8 40 Privacy Protocol You can set DES encry...

Page 46: ...the switch Monitor the ports content or status in the function 3 1 1 Configuration This chapter describes how to view the current port configuration and how to configure ports to non default settings including Linkup Linkdown Speed Current and configured Flow Control Current Rx Current Tx and Configured Maximum Frame Size Excessive Collision Mode Power Control Web Interface To configure an Current...

Page 47: ...d Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions default Restart...

Page 48: ...onfigure an Port Description in the web interface 1 Click Configuration Port then Port Description 2 Specify the detail Port alias or description an alphanumeric string describing the full name and version identification for the system s hardware type software version and networking application 3 Click Save Figure 3 1 2 The Port Configuration Parameter description Port This is the logical port num...

Page 49: ...description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of recei...

Page 50: ... want to show the detailed Port statistic overview 3 If you want to auto refresh the information then you need to evoke the Auto refresh 4 Click Refresh to refresh the port detailed statistics or clear all information when you click Clear Figure 3 1 4 The Port Detail Statistics Overview Parameter description Auto refresh To evoke the auto refresh to refresh the Port Statistics information automati...

Page 51: ...e number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frame received with valid CRC Rx Oversize The number of long 2 frames received with valid CRC Rx Fragments The number of short 1 frame received with invalid CRC Rx Jabber The number of long 2 frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Short ...

Page 52: ...ormation then you need to evoke the Auto refresh 3 Click Refresh to refresh the Queuing Counters or clear all information when you click Clear Figure 3 1 5 The Queuing Counters Overview Parameter description Port The logical port for the settings contained in the same row Qn Qn is the Queue number QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted pack...

Page 53: ...ctor Type Display the connector type for instance UTP SC ST LC and so on Fiber Type Display the fiber mode for instance Multi Mode Single Mode Tx Central Wavelength Display the fiber optical transmitting central wavelength for instance 850nm 1310nm 1550nm and so on Baud Rate Display the maximum baud rate of the fiber module supported for instance 10M 100M 1G and so on Vendor OUI Display the Manufa...

Page 54: ...anufacturer Date Code Show the date of this SFP module was made Temperature Show the current temperature of SFP module Vcc Show the working DC voltage of SFP module Mon1 Bias mA Show the Bias current of SFP module Mon2 TX PWR Show the transmit power of SFP module Mon3 RX PWR Show the receiver power of SFP module ...

Page 55: ...r a port Instead it was queued until 3000 bytes of data are ready to be transmitted In order not to introduce a large delay in case that data less than 3000 bytes shall be transmitted data are always transmitted after 48 us giving a maximum latency of 48 us the wakeup time It is possible to minimize the latency for specific frames by mapping the frames to a specific queue done with QOS and then ma...

Page 56: ...e switch port number of the logical EEE port EEE Enabled Controls whether EEE is enabled for this switch port EEE Urgent Queues Queues set will activate transmission of frames as soon as any data is available Otherwise the queue will postpone the transmission until 3000 bytes are ready to be transmitted Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to p...

Page 57: ...L parameters ACE of the each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE Web Interface To configure the ACL Ports Configuration in the web interface 1 Click Configuration ACL then Ports 2 To scroll the specific parameter value to select the correct value for port ACL setting 3 Click the save to save the setting 4 If you want to cancel ...

Page 58: ...d The default value is Disabled Logging Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed valu...

Page 59: ...pps or kbps 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the reset button It will revert to previous saved values Figure 3 2 2 The ACL Rate Limiter Configuration Parameter description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Unit Spe...

Page 60: ...r of ACEs is 256 on each switch Click on the lowest plus sign to add a new ACE to the list The reserved ACEs used for internal protocol cannot be edited or deleted the order sequence cannot be changed an the priority is highest Web Interface To configure Access Control List in the web interface 1 Click Configuration ACL then Configuration 2 Click the button to add a new ACL or use the other ACL mo...

Page 61: ...led Port Copy Indicates the port copy operation of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled or a specific port number When Disabled was displayed the port copy operation was disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are no...

Page 62: ...adds a new entry at the bottom of the ACE listings Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values Auto refresh To evoke the auto refresh to refresh the information automatically Upper right icon Refresh clear Remove All You can click them for refresh the ACL configuration or clear them by manual Others remove all to clean up all ...

Page 63: ... match ingress ports with a specific policy Port The ACE will match a specific ingress port Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames...

Page 64: ...cket that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU Counter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware limitations Auto refresh To evoke the auto refresh to refresh the information automatically...

Page 65: ...tic Trunk Ports using Static Trunk as their trunk method can choose their unique Static GroupID to form a logic trunked port The benefit of using Static Trunk method is that a port can immediately become a member of a trunk group without any handshaking with its peer port This is also a disadvantage because the peer ports of your static trunk group may not know that they should be aggregate togeth...

Page 66: ...rame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Aggregation Group Configuration Locality Indicates the aggregation group type This field is only valid for switches Global The group members may reside on different units The device supports two 8 port global aggregations Local The group members reside on the same unit Each local...

Page 67: ...change them as well An LACP trunk group with more than one ready member ports is a real trunked group An LACP trunk group with only one or less than one ready member ports is not a real trunked group Web Interface To configure the Trunk Aggregation LACP parameters in the web interface 1 Click Configuration LACP Configuration 2 Evoke to enable or disable the LACP on the port of the switch Scroll th...

Page 68: ...1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wai...

Page 69: ...us Parameter description Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local Ports Shows which ports are a part of...

Page 70: ...Port Status Figure 3 3 2 3 The LACP Status Parameter description Port The switch port number LACP Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports ...

Page 71: ... Auto refresh To evoke the auto refresh to refresh the information automatically Upper right icon Refresh You can click them for refresh the LACP port status information by manual ...

Page 72: ...en you need to evoke the Auto refresh 3 Click Refresh to refresh the LACP Statistics Figure 3 3 2 4 The LACP Statistics Parameter description Port The switch port number LACP Received Shows how many LACP frames have been received at each port LACP Transmitted Shows how many LACP frames have been sent from each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each...

Page 73: ... disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Maximum Age the bridge assumes that t...

Page 74: ... Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds and MaxAge must be FwdDelay 1 2 Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region...

Page 75: ...bled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time to pass before a port in the error disabled state can be enabled Valid values are between 30 and 86400 seconds 24 hours Buttons Save Click to save changes Rese...

Page 76: ...well Web Interface To configure the Spanning Tree MSTI Mapping parameters in the web interface 1 Click Configuration Spanning Tree MSTI Mapping 2 Specify the configuration identification parameters in the field Specify the VLANs Mapped blank field 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values...

Page 77: ... mapped VLANs Mapped The list of VLANs mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just be left empty i e not having any VLANs Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 78: ...To configure the Spanning Tree MSTI Priorities parameters in the web interface 1 Click Configuration Spanning Tree MSTI Priorities 2 Scroll the Priority maximum is 240 Default is 128 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 4 3 The MSTI Configuration Parameter description MSTI T...

Page 79: ...uration 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 4 4 The STP CIST Port Configuration Parameter description Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Path Cost Controls the path cost incurred by the port Th...

Page 80: ...ion of the network influence the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also known as Root Guard Restricted TCN If enabled it causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanni...

Page 81: ... physical and aggregated ports Web Interface To configure the Spanning Tree MSTI Port Configuration parameters in the web interface 1 Click Configuration Spanning Tree MSTI Ports 2 Scroll to select the MST1 or other MSTI Port 3 Click Get to set the detail parameters of the MSTI Ports 4 Scroll to set all parameters of the MSTI Port configuration 5 Click the save to save the setting 6 If you want to...

Page 82: ...ser defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Buttons Save Click to save changes Reset...

Page 83: ...Bridges status Parameter description MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the current elected root bridge Root Port The switch port current assigned the root port role Root Cost Root Path Cost For the Root Bridge it is zero For all other Bridges it is the sum of the Port Path Costs on...

Page 84: ...the Auto refresh 3 Click Refresh to refresh the STP Bridges Figure 3 4 7 The STP Port status Parameter description Port The switch port number of the logical STP port CIST Role The current STP port role of the CIST port The port role can be one of the following values AlternatePort Backup Port RootPort DesignatedPort Disabled CIST State The current STP port state of the CIST port The port state ca...

Page 85: ...witch port number of the logical STP port MSTP The number of MSTP Configuration BPDU s received transmitted on the port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The num...

Page 86: ...multicast group before The packets will be discarded by the IGMP Snooping if the user transmits multicast packets to the multicast group that had not been built up in advance IGMP mode enables the switch to issue IGMP function that you enable IGMP proxy or snooping on the switch which connects to a router closer to the root of the tree This interface is the upstream interface The router on the ups...

Page 87: ...sary join and leave messages to the router side Port It shows the physical Port index of switch Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP query If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leave Enable the fast leave on ...

Page 88: ...eld 3 Click the refresh to update the data or click or to display previous entry or next entry 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 5 2 The IGMP Snooping VLAN Configuration Parameter description VLAN ID It displays the VLAN ID of the entry Snooping Enabled Enable the per VLA...

Page 89: ...ths of seconds default last member query interval is 10 in tenths of seconds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Buttons Save Click to save changes Reset Click to undo any changes made locall...

Page 90: ...ss to a multicast group is applied to a switch port the IGMP join report requesting the stream of IP multicast traffic is dropped and the port is not allowed to receive IP multicast traffic from that group If the filtering action permits access to the multicast group the IGMP report from the port is forwarded for normal processing IGMP filtering controls only IGMP membership join reports and has n...

Page 91: ...le the IGMP Snooping Port Group Filtering function Filtering Groups The IP Multicast Group will be filtered Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 92: ...eb interface 1 Click Configuration IGMP Snooping Status 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh the IGMP Snooping Status 4 Click Clear to clear the IGMP Snooping Status Figure 3 5 4 The IGMP Snooping Status Parameter description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Wo...

Page 93: ... number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh clear You can click them for refresh the Status or clear them by manual ...

Page 94: ...e information then you need to evoke the Auto refresh 3 Click Refresh to refresh an entry of the IGMP Snooping Groups Information 4 Click or to move to previous or next entry Figure 3 5 5 The IGMP Snooping Groups Information Parameter description Navigating the IGMP Group Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP Group Table It uses th...

Page 95: ...s also Web Interface To display the IGMPv3 IPv4 SSM Information in the web interface 1 Click Configuration IGMP Snooping IPv4 SSM Information 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh an entry of the IGMPv3 IPv4 SSM Information 4 Click or to move to previous or next entry Figure 3 6 6 The IGMPv3 IPv4 SSM Information Parameter d...

Page 96: ...s basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh You can click them for refresh the IGMP Group Status ...

Page 97: ...s a function of the application software not of MLD When MLD snooping is enabled on a VLAN the switch acts to minimize unnecessary multicast traffic If the switch receives multicast traffic destined for a given multicast address it forwards that traffic only to ports on the VLAN that have MLD hosts for that address It drops that traffic for ports on the VLAN that have no MLD hosts 3 6 1 Basic Conf...

Page 98: ...unregistered IPMCv6 traffic flooding may lead to failure of Neighbor Discovery MLD SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address Using IPv6 Address range Proxy Enabled Enable MLD Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Port The Port index ...

Page 99: ...s towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Throttling Enable to limit the number of multicast groups to which a switch port can belong Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 100: ... or next entry Figure 3 7 2 The MLD Snooping VLAN Configuration Parameter description VLAN ID The VLAN ID of the entry Snooping Enabled Enable the per VLAN MLD Snooping Only up to 32 VLANs can be selected MLD Querier A router sends MLD Query messages onto a particular link This Router is called the Querier Enable the MLD Querier in the VLAN Compatibility Compatibility is maintained by hosts and ro...

Page 101: ... Multicast Address and Source Specific Query messages The allowed range is 0 to 31744 in tenths of seconds default last listener query interval is 10 in tenths of seconds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a node s initial report of interest in a multicast address The allowed range is 0 to 31744 seconds default unsolicited re...

Page 102: ...ing Group 3 Specify the Filtering Groups with entries per page 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 7 3 The MLD Snooping Port Group Filtering Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save Port The logical port fo...

Page 103: ...ng Status 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh an entry of the MLD Snooping Status Information 4 Click Clear to clear the MLD Snooping Status Figure 3 6 4 The MLD Snooping Status Parameter description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version curren...

Page 104: ...ber of Received V1 Reports V2 Reports Received The number of Received V2 Reports V1 Leaves Received The number of Received V1 Leaves Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh You can click them for refresh the IGMP Group Status by manual others for next up page or entry ...

Page 105: ...ps Information Parameter description Navigating the MLD Group Table Each page shows up to 99 entries from the MLD Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MLD Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD Grou...

Page 106: ...elltech Technology Co Ltd 94 Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh You can click them for refresh the IGMP Group Status by manual others for next up page or entry ...

Page 107: ...point in the MLDv2 Information Table Web Interface To display the MLDv2 IPv6 SSM Information in the web interface 1 Click Configuration MLD Snooping IPv6 SSM Information 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh a entry of the MLDv2 IPv6 SSM Information 4 Click or to move to previous or next entry Figure 3 6 6 The IPv6 SSM Info...

Page 108: ...message to Switch A and join the appropriate multicast Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports 3 7 1 Configuration The section describes user could set the MVR basic Configuration and some parameters in the switch Web Interface To configure the MLD Snooping Port Group Configuration in the web interface 1 Click Configuration MVR C...

Page 109: ...D Specify the Multicast VLAN ID Mode Enable MVR on the port Type Specify the MVR port type on the port Immediate Leave Enable the fast leave on the port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 110: ...n 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 To Click the Refresh to refresh an entry of the MVR Groups Information 4 Click or to move to previous or next entry Figure 3 7 2 The MVR Groups Information Parameter description MVR Group Table Columns VLAN ID VLAN ID of the group Groups Group ID of the group displayed Port Members Ports under this group Auto...

Page 111: ...try of the MVR Statistics Information 4 Click or to move to previous or next entry Figure 3 7 3 The MVR Statistics Information Parameter description VLAN ID The Multicast VLAN ID V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Auto re...

Page 112: ...ghbors on an IEEE 802 local area network principally wired Ethernet The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in standards document IEEE 802 1AB 3 8 1 LLDP Configuration You can do the LLDP configuration per port and the detail parameters the settings will take effect immediately This page allows the user to inspect and co...

Page 113: ...ds LLDP Port Configuration The LLDP port settings relate to the current selected as reflected by the page header Port The switch port number of the logical LLDP port Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information ...

Page 114: ...n CDP awareness on a port is disabled the CDP information isn t removed immediately but gets when the hold time is exceeded Port Descr Optional TLV When checked the port description is included in LLDP information transmitted Sys Name Optional TLV When checked the system name is included in LLDP information transmitted Sys Descr Optional TLV When checked the system description is included in LLDP ...

Page 115: ... the table will show No LLDP neighbour information found Parameter description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbour s LLDP frames Remote Port ID The Remote Port ID is the identification of the neighbour port System Name System Name is the name advertised by the neighbour unit Port Description Port Description is t...

Page 116: ...escription advertised by the neighbour unit Management Address Management Address is the neighbour unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbour s IP address Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click the...

Page 117: ...net PoE end points Inventory management allowing network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions serial or asset number This page allows you to configure the LLDP MED This function applies to VoIP devices which support LLDP MED Web Interface To configure LLDP MED 1 Click LLDP MED Configuration 2 Modify Fast start...

Page 118: ...he recommended value is 4 times given that 4 LLDP frames with a 1 second interval will be transmitted when an LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements inc...

Page 119: ...pan Example Copenhagen City district City division borough city district ward chou Japan Block Neighbourhood Neighbourhood block Street Street Example Poppelvej Leading street direction Leading street direction Example N Trailing street suffix Trailing street suffix Example SW Street suffix Street suffix Example Ave Platz House no House number Example 21 House no suffix House number suffix Example...

Page 120: ...nly intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 This network policy is potentially advertised and associated with multiple sets...

Page 121: ...low then the L2 priority field is ignored and only the DSCP value has relevance 6 Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services 7 Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require s...

Page 122: ...pe Tag VLAN ID L2 Priority and DSCP for the new policy Click Save Port Policies Configuration Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration Port The port number to which the configuration applies Policy Id The set of policies that shall apply to a given port The set of p...

Page 123: ... LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint Device Definition LL...

Page 124: ...ious Generic Endpoint Class I and Media Endpoint Class II classes and are extended to include aspects related to end user devices Example product categories expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this cla...

Page 125: ...application type is currently unknown Defined The network policy is defined TAG TAG is indicative of whether the specified application type is using a tagged or an untagged VLAN Can be Tagged or Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN I...

Page 126: ...maximum time that transmit path can hold off sending data after reassertion of LPI Rx Tw The link partner s time that receiver would like the transmitter to holdoff to allow time for the receiver to wake from sleep Fallback Receive Tw The link partner s fallback receive Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely...

Page 127: ...ation exchanged via LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the LLDP Neighbors informa...

Page 128: ...r to clear all counters Figure 3 8 6 The LLDP Port Statistics information Parameter description Global Counters Neighbour entries were last changed at It also shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbours Entries Added Shows the number of new entries added since switch reboot Total Neighbours Entries ...

Page 129: ...emoved from the table when a given port s link is down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of or...

Page 130: ...AN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply 3 9 1 Configuration This page allows the user to inspect and configure the current PoE port settings and show all PoE Supply Watts Web Interface ToconfigurePowerOverEthernetinthewebinterface 1 Clickconfiguration 2 SpecifytheReservedPowerdeterminedand PowerManagement ode Speci...

Page 131: ...sents the ports priority There are three levels of power priority named Low High and Critical The priority is used in the case where the remote devices require more power than the power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the highest port number Maximum Power The Maximum Power value contains a numerical value that indicates...

Page 132: ... The classification current describes the amount of power the PD will require during normal operation Power Requested The Power Requested shows the requested amount of power the PD wants to be reserved Power Allocated The Power Allocated shows the amount of power the switch has allocated for the PD Power Used The Power Used shows how much power the PD currently is using Current Used The Power Used...

Page 133: ...ipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age time 3 10 1 Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and co...

Page 134: ... learned all other frames are dropped NOTE Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in...

Page 135: ... or a dynamic entry VLAN The VLAN ID of the entry MAC address The MAC address of the entry Port Members The ports that are members of the entry Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the MAC address entries by manual or press clear to clean up the MAC table Others press or ...

Page 136: ...12 Revision 1 0 Welltech Technology Co Ltd 124 33 33 FF 73 01 29 Destination MAC for IPv6 Neighbor Solicitation reference IPv6 DAD JPG 33 33 FF A8 01 01 your switch MAC address for IPv6 global IP FF FF FF FF FF FF for Broadcast ...

Page 137: ...elected switch unit switch can be monitored and modified here Up to 4096 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN Web Interface To configure VLAN membership configuration in the web interface 1 Click VLAN membership Configuration 2 Specify Management VLAN ID 0 4094 3 Click Save Figure 3 11 1 The VLAN Membership Conf...

Page 138: ...he VLAN is enabled on the selected switch unit when you click on Save The VLAN is thereafter present on the other switch units but with no port members The check box is greyed out when VLAN is displayed on other switches but user can add member ports to it A VLAN without any port members on any unit will be deleted when you click Save The button can be used to undo the addition of new VLANs Button...

Page 139: ...t the Role of each port as Access Trunk or Hybrid Web Interface To configure VLAN Port configuration in the web interface 1 Click VLAN Port Configuration 2 Specify the VLAN Port Configuration parameters 3 Click Save Figure 3 11 2 The VLAN Port Configuration Parameter description Ethertype for Custom S ports This field specifies the ether type used for Custom S ports This is a global setting for al...

Page 140: ...rded By default the field is set to All Port VLAN Mode Configures the Port VLAN Mode The allowed values are None or Specific This parameter affects VLAN ingress and egress processing If None is selected a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches If Specific the default value is selected ...

Page 141: ...gistration Protocol GVRP allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MST...

Page 142: ...d values are 1 through 4095 The default value is 1 Port Type Shows the Port Type Port type can be any of Unaware C port S port Custom S port If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not removed C port is Custom Port S port is Service port Custom S port is S port with Custom TPID Ingress Filtering Shows the ingress filtering on a port This parameter affects...

Page 143: ... set VLAN membership or VLAN port configuration the following conflicts can occur Functional Conflicts between features Conflicts due to hardware limitation Direct conflict between user modules Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the VLAN Port Status information by manual ...

Page 144: ...e VLAN but it can be a member of multiple Private VLANs Web Interface To configure Private VLAN configuration in the web interface 1 Click add new Private VLAN configuration 2 Specify the Private VLAN ID and Port Members 3 Click Save Figure 3 11 5 1 The Private VLAN Membership Configuration Parameter description Delete To delete a private VLAN entry check this box The entry will be deleted during ...

Page 145: ... based upon the destination address on the data packet The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or non protected port This page is used for enabling or disabling port isolation on ports in a Private VLAN A port member of a VLAN can be isolated to other isolated ports on the same...

Page 146: ...e to use the resources in the old VLAN On the other hand if Port A and Port B belong to the same VLAN after terminal devices access the network through Port B they will have access to the same resources as those accessing the network through Port A do which brings security issues To provide user access and ensure data security in the mean time the MAC based VLAN technology is developed MAC based V...

Page 147: ...cked Adding a New MAC based VLAN Click to add a new MAC based VLAN entry An empty row is added to the table and the MAC based VLAN entry can be configured as needed Any unicast MAC address can be configured for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled on the selected switch unit wh...

Page 148: ... Display MAC based VLAN configured in the web interface 1 Click MAC based VLAN Status 2 Specify the Static NAS Combined 3 Display MAC based information Figure 3 11 6 2 The MAC based VLAN Membership Status for User Static Parameter description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Auto refresh To evoke the auto refr...

Page 149: ...nt SAP fields SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier spaces It is used with IEEE 802 3 IEEE 802 4 IEEE 802 5 IEEE 802 11 and other IEEE 802 physical network layers as well as with non IEEE 802 physical network layers such as FDDI that use 802 2 LLC 3 11 7 1 Protocol to Group This page allows you to add new protocols to ...

Page 150: ...UI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than ...

Page 151: ...llowed Whatever Group name you try to map to a VLAN must be presented in Protocol to Group mapping table and must not be presented by any other existing mapping entry on this page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a ma...

Page 152: ...lick to undo any changes made locally and revert to previous saved values Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the Protocol Group Mapping information by manual ...

Page 153: ... classify and schedule network traffic It is recommended that there are two VLANs on a port at least one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI Web Interface To configure Voice VLAN in the web interface 1 Select Enabled in the Voice VLAN Configuration 2 Specify VLAN I...

Page 154: ... the port mode isn t equal disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN Port Security Indicat...

Page 155: ...ned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which vendor telephony device it belongs to The allowed string length is 0 to 32 Add New entry Click to add a new entry in Voice VLAN OUI table An empty row is added to the table the Telephony OUI Description Buttons Save Cl...

Page 156: ... of a GARP application component and a GARP Information Declaration GID component associated with each port or the switch The propagation of information between GARP participants for the same application in a bridge is carried out by the GARP Information Propagation GIP component Protocol exchanges take place between GARP participants by means of LLC Type 1 services using the group MAC address and...

Page 157: ... Leave Timer is 600ms Leave All Timer The default value for Leave All Timer is 10000ms Application Currently only supported application is GVRP Attribute Type Currently only supported Attribute Type is VLAN GARP Applicant This configuration is used to configure the Applicant state machine behavior for GARP on a particular port locally normal participant In this mode the Applicant state machine wil...

Page 158: ...ay the GARP Counter information 3 Click Refresh to modify the GARP statistics information Figure 3 13 2 The GARP Port Statistics Parameter description Port The Port column shows the list of all ports for which per port GARP statistics are shown Peer MAC Peer MAC is MAC address of the neighbour Switch from with GARP frame is received Failed Count Explain Failed count here Auto refresh To evoke the ...

Page 159: ...tries for each VLAN and propagate these information to other GVRP aware devices to setup and update their knowledge database the set of VLANs associated with current active members and through which ports these members can be reached 3 14 1 Configuration This page allows you to configure the basic GVRP Configuration settings for all switch ports The settings relate to the current selected unit as ...

Page 160: ...to Enable GVRP mode on this port The default value of configuration is disable 2 GVRP rrole This configuration is used to configure restricted role on an interface Disable Select to Disable GVRP rrole on this port Enable Select to Enable GVRP rrole on this port The default configuration is disable Auto refresh To evoke the auto refresh icon then the device will refresh the information automaticall...

Page 161: ... Counter information 3 Click Refresh to modify the GVRP statistics information Figure 3 14 2 The GVRP Port Statistics Parameter description Port The Port column shows the list of ports for which you can see port counters and statistics Join Tx Count explain Join tx Count here Leave Tx Count explain Leave Tx Count here Auto refresh To evoke the auto refresh icon then the device will refresh the inf...

Page 162: ...ation Two Applications are defined to register VLANs MVRP and Group MAC addresses MMRP 3 15 1 Configuration This page allows you to configure the basic MRP Configuration settings for all switch ports The settings relate to the current selected unit as reflected by the page header Web Interface To configure MRP Port Configuration in the web interface 1 Click MRP configure 2 Specify MRP Configuratio...

Page 163: ...licant state machine behaviour for MRP on a perticular port locally normal participant In this mode the Applicant state machine will operate normally in MRP protocol exchanges non participant In this mode the Applicant state machine will not participate in the protocol operation The default configuration is normal participant Periodic Tx This configuration is used to configure transmission mode an...

Page 164: ...RP Counter information 3 Click Refresh to modify the MRP statistics information Figure 3 15 2 The MRP Port Statistics Parameter description Port The Port column shows the list of all ports for which per port MRP statistics are shown Peer MAC Peer MAC is MAC address of the neighbour Switch from with MRP frame is received Failed Count explain Failed count here Auto refresh To evoke the auto refresh ...

Page 165: ...ration This page allows you to configure the basic MVRP Configuration settings for all switch ports The settings relate to the current selected unit as reflected by the page header Web Interface To configure MVRP Port Configuration in the web interface 1 Click MVRP configure 2 Specify MVRP Configuration Parameters 3 Click Save Figure 3 16 1 The MVRP Global Configuration Parameter description MVRP ...

Page 166: ...ault value of configuration is disable 2 MVRP rrole This configuration is used to configure restricted role on an interface Disable Select to Disable MVRP rrole on this port Enable Select to Enable MVRP rrole on this port The default configuration is disable Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click...

Page 167: ...ion 3 Click Refresh to modify the MVRP statistics information Figure 3 16 2 The MVRP Port Statistics Parameter description Port The Port column shows the list of ports for which you can see port counters and statistics Join Tx Count explain Join tx Count here Leave Tx Count explain Leave Tx Count here Auto refresh To evoke the auto refresh icon then the device will refresh the information automati...

Page 168: ...S class The switch support advanced memory control mechanisms providing excellent performance of all QoS classes under any traffic scenario including jumbo frame A super priority queue with dedicated memory and strict highest priority in the arbitration The ingress super priority queue allows traffic recognized as CPU traffic to be received and queued for transmission to the CPU even when all the ...

Page 169: ...es made locally and revert to previous saved values NOTE DP level Every incoming frame is classified to a Drop Precedence Level DP level which is used throughout the device for providing congestion control guarantees to the frame according to what was configured for that specific DP level PCP PCP is an acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q fr...

Page 170: ...ideo usually maintains a steady rate of traffic Web Interface To display the QoS Port Schedulers in the web interface 1 Click Configuration QoS Port Policing 2 Evoke which port need to enable the QoS Ingress Port Policers and type the Rate limit condition 3 Scroll to select the Rate limit Unit with kbps Mbps fps and kfps 4 Click Save to save the configuration Figure 3 17 2 The QoS Ingress Port Pol...

Page 171: ... value for this port the default is 500 Unit To scroll to select what unit of rate includes kbps Mbps fps and kfps The default is kbps Flow Control To evoke to enable or disable flow control on port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 172: ... for all switch ports and the ports belong to the current selected unit as reflected by the page header Web Interface To display the QoS Port Schedulers in the web interface 1 Click Configuration QoS Port Schedulers 2 Display the QoS Egress Port Schedulers Figure 3 17 3 The QoS Egress Port Schedules Click the Port index to set the QoS Egress Port Schedulers ...

Page 173: ...Rate Controls the rate for the queue shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth Queue Scheduler Weight Controls ...

Page 174: ...enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons Save Click to save changes Reset Click to undo any changes made loca...

Page 175: ...il information ot the ports belong to the current selected unit as reflected by the page header Web Interface To display the QoS Port Shapers in the web interface 1 Click Configuration QoS Port Shapers 2 Display the QoS Egress Port Shapers Figure 3 17 4 The QoS Egress Port Shapers Click the Port index to set the QoS Egress Port Shapers ...

Page 176: ... or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or...

Page 177: ...Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons Save Click to...

Page 178: ...rt Tag Remarking Figure 3 17 5 The Port Tag Remarking Parameter description Port The logical port for the settings contained in the same row Click on the port number in order to configure tag remarking Mode Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Tag Remarking Mode To...

Page 179: ...apped Use mapped versions of QoS class and DP level Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values Cancel Click to cancel the changes ...

Page 180: ...b interface 1 Click Configuration QoS Port DSCP 2 Evoke to enable or disable the Ingress Translate and Scroll the Classify Parameter configuration 3 Scroll to select Egress Rewrite parameters 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 17 6 The QoS Port DSCP Configuration Parameter...

Page 181: ...ed DSCP is 0 Selected Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP All Classify all DSCP Egress Port Egress Rewriting can be one of below parameters Disable No Egress rewrite Enable Rewrite enable without remapped Remap DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Buttons Save Click to...

Page 182: ...switches Web Interface To configure the DSCP Based QoS Ingress Classification parameters in the web interface 1 Click Configuration QoS DSCP Based QoS 2 Evoke to enable or disable the DSCP for Trust 3 Scroll to select QoS Class and DPL parameters 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values ...

Page 183: ...DSCP values are 64 Trust Click to check if the DSCP value is trusted QoS Class QoS Class value can be any of 0 7 DPL Drop Precedence Level 0 3 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 184: ... Egress Web Interface To configure the DSCP Translation parameters in the web interface 1 Click Configuration QoS DSCP Translation 2 Scroll to set the Ingress Translate and Egress Remap DP0 and Remap DP1 Parameters 3 Evoke to enable or disable Classify 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved v...

Page 185: ...Classification at Ingress side Egress There are following configurable parameters for Egress side 1 Remap DP0 Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 2 Remap DP1 Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 There is following configurable parameter for Egress side Remap Select the DSCP valu...

Page 186: ...e DSCP Parameters 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 17 9 The DSCP Classification Configuration Parameter description QoS Class Available QoS Class value ranges from 0 to 7 The QoS Class 0 7 can be mapped to followed parameters DPL Drop Precedence Level 0 1 can be configur...

Page 187: ...join the QCE rules 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 17 10 The QoS Control List Configuration Parameter description QCE Indicates the index of QCE Port Indicates the list of ports configured with the QCE Frame Type Indicates the type of frame to look for incoming frames P...

Page 188: ...n action taken on ingress frame if parameters configured are matched with the frame s contents There are three action fields Class DPL and DSCP Class Classified QoS Class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified w...

Page 189: ... address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF...

Page 190: ...Publication date August 2012 Revision 1 0 Welltech Technology Co Ltd 178 Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 191: ... user QCE Indicates the index of QCE Frame Type Indicates the type of frame to look for incoming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed LLC Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames Port Indicates ...

Page 192: ...tus as Yes otherwise it is always No Please note that conflict can be resolved by releasing the resource required by the QCE and pressing Refresh button Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Resolve Conflict Click it to resolve the conflict issue Upper right icon Refresh You can click them for refresh the QCL information by manual ...

Page 193: ...l 3 Scroll to set the Rate Parameters 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 17 12 The Storm Control Configuration Parameter description Frame Type The settings in a particular row apply to the frame type listed here Unicast Multicast or Broadcast Enable Enable or disable the ...

Page 194: ...erature exceeds the configured thermal protection temperature ports will be turned off in order to decrease the power consumption It is possible to arrange the ports with different priorities Each priority can be given a temperature at which the corresponding ports shall be turned off Web Interface To configure the Thermal Protection in the web interface 1 Click Configuration Thermal Protection Co...

Page 195: ...on to trigger the thermal protect NOTE The temperature means the MAC and PHY chipset s TA temperature not PSU device temperature or environment temperature Please don t set environment temperature limitation value Port priorities The priority the port belongs to It allows user to what priority criterion to trigger Port to be turned off via thermal protection Buttons Save Click to save changes Rese...

Page 196: ...Figure 3 18 2 The Thermal Protection status Parameter description Port Indicates the list of physical Port Temperature Shows the current chip temperature in degrees Celsius NOTE The temperature means the MAC and PHY chipset s TA temperature not PSU device temperature or environment temperature Port Status To display the Port status includes link up or link down Auto refresh To evoke the auto refre...

Page 197: ...evert to previous saved values Figure 3 19 1 The sFlow Collector Configuration Parameter description Receiver Id The Receiver ID input fields allow the user to select the receiver ID Indicates the ID of this particular sFlow Receiver Currently one ID is supported as one collector is supported IP Type A drop down list to select the type of IP of Collector is displayed By default IPv4 is the type of...

Page 198: ...ops sending the samples It is through the management the value is set before it expires The value accepted is within the range of 0 2147483647 By default it is set to 0 Datagram Size It is the maximum UDP datagram size to send out the sFlow samples to the receiver The value accepted is within the range of 200 1500 bytes The default is 1400 bytes Buttons Save Click to save changes Reset Click to un...

Page 199: ...able accuracy Web Interface To configure the sFlow Agent in the web interface 1 Click Configuration sFlow Agent sampler 2 click the to edit the sFlow sampler parameters 3 Scroll to Sample Type to choice with None Tx Rx or All 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 19 2 The sFl...

Page 200: ...s Max Hdr Size Configured size of the header of the sampled frame Polling Interval Configured polling interval for the counter sampling Buttons Edits the Data source sampler configuration Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values Cancel Click to cancel to clear up what your setting Auto refresh To evoke the auto refresh icon then th...

Page 201: ...nnect to 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 20 1 The Easy Port Configuration Parameter description Port Members To evoke which Port wants to enable the Easy Port function Role To scroll to select what kind device you want to connect and implement with the Easy Port setting...

Page 202: ...as trap shutdown or trap shutdown Port Security limit To set the Port security limit the default is 1 Port Security limit To set the Port security limit It means you can set how many devices MAC address will allow to access the port the default is 1 Spanning Tree Admin Edge To scroll to enable or disable the Spanning Tree Admin Edge function on the Easy Port Spanning Tree BPDU Guard To scroll to e...

Page 203: ...ace To configure the Mirror in the web interface 1 Click Configuration Mirroring 2 Scroll to select Port to mirror on which port 3 Scroll to disabled enable TX Only and RX Only to set the Port mirror mode 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 21 1 The Mirror Configuration Par...

Page 204: ...the mirror port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored on the mirror port NOTE For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx o...

Page 205: ...ion 2 Scroll to select the Group name and Severity Level 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 22 1 The Trap Event Severity Configuration Parameter description Group Name The field describes the Trap Event determination Severity Level To scroll to select the event type with E...

Page 206: ...cel the setting then you need to click the Reset button It will revert to previous saved values Figure 3 23 1 The SMTP Configuration Parameter description These parameters are displayed on the SMTP Configuration page Mail Server Specify the IP Address of the server transferring your email Username Specify the username on the mail server Password Specify the password on the mail server Sender To se...

Page 207: ...bled Disable UPnP mode operation When the mode is enabled two ACEs are added automatically to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control ...

Page 208: ...ooping path and take off the looping path then select the resume the locked port and click on Resume to turn on the locked ports 3 25 1 Configuration The section describes how to set Loop Detection Web Interface To configure the Loop detection parameters in the web interface 1 Click Configuration Loop detection Configuration 2 Evoke to select enable or disable the port loop detection 5 Click the s...

Page 209: ...pen port will be locked If Loop did not happen port maintains Unlocked Locked Port Resume When Port No is chosen enable port s Loop detection and the port detects loop happen the port will be locked When choosing Resume port locked will be opened and turned into unlocked If not choosing Resume Port remains locked Buttons Save Click to save changes Reset Click to undo any changes made locally and r...

Page 210: ...rd configure to enable or disable with the Port of the switch 4 1 1 Configuration This section describes how to configure IP Source Guard setting including Mode Enabled and Disabled Maximum Dynamic Clients 0 1 2 Unlimited Web Interface To configure an IP Source Guard Configuration in the web interface 1 Select Enabled in the Mode of IP Source Guard Configuration 2 Select Enabled of the specific po...

Page 211: ...on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients that can be learned on given port This value can be 0 1 2 or unlimited If the port mode is enabled and the value of max dynamic client is equal to 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port Buttons S...

Page 212: ...Click Save Figure 4 1 2 The Static IP Source Guard Table Parameter description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings IP Address Allowed Source IP address IP Mask It can be used for calculating the allowed network with IP address MAC address Allowed Source MAC address Adding new entry Clic...

Page 213: ...IP Address and entries per page 2 Checked Auto reflash Figure 4 1 3 The Dynamic Table Parameter description Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the IP traffic is permitted IP Address User IP address of the entry MAC Address Source MAC address Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper...

Page 214: ...RP table 4 2 1 Configuration This section describes how to configure ARP Inspection setting including Mode Enabled and Disabled Port Enabled and Disabled Web Interface To configure an ARP Inspection Configuration in the web interface 1 Select Enabled in the Mode of ARP Inspection Configuration 2 Select Enabled of the specific port in the Mode of Port Mode Configuration 3 Click Save Figure 4 2 1 Th...

Page 215: ...RP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 216: ...n the entry 3 Click Save Figure 4 2 2 The Static ARP Inspection Table Parameter description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Adding new entry Click to add a new e...

Page 217: ... port VLAN ID MAC Address IP Address and entries per page 2 Checked Auto reflash Figure 4 2 3 The Dynamic ARP Inspection Table Parameter description Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the ARP traffic is permitted MAC Address User MAC address of the entry IP Address User IP address of the entry Auto refresh To evoke the auto refresh icon then the de...

Page 218: ...rt Mode Configuration Trusted Untrusted Web Interface To configure a DHCP Snooping in the web interface 1 Select Enabled in the Mode of DHCP Snooping Configuration 2 Select Trusted of the specific port in the Mode of Port Mode Configuration 3 Click Save Figure 4 3 1 The DHCP Snooping Configuration Parameter description Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Ena...

Page 219: ...ort mode Possible port modes are Trusted Configures the port as trusted source of the DHCP messages Untrusted Configures the port as untrusted source of the DHCP messages Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 220: ... Tx Offer The number of offer option 53 with value 2 packets received and transmitted Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK op...

Page 221: ... The number of lease active option 53 with value 13 packets received and transmitted Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the DHCP Snooping Port Statistics by manual others for clear to clean up the entries ...

Page 222: ...Parameter description Relay Mode Indicates the DHCP relay mode operation Possible modes are Enabled Enable DHCP relay mode operation When DHCP relay mode operation is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain And the DHCP broadcast message won t be flooded for security considerations Disabled Disable DHCP r...

Page 223: ...nly works under DHCP if relay information operation mode is enabled Possible policies are Replace Replace the original relay information when a DHCP message that already contains it is received Keep Keep the original relay information when a DHCP message that already contains it is received Drop Drop the package when a DHCP message that already contains relay information is received Buttons Save C...

Page 224: ...sent to clients Receive from Server The number of packets received from server Receive Missing Agent Option The number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID option missing Receive Missing Remote ID The number of packets received with the Remote ID option missing Receive Bad Circuit ID The number of packet...

Page 225: ... number of packets whose relay agent information was retained Drop Agent Option The number of packets that were dropped which were received with relay agent information Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the DHCP Relay Statistics by manual others for clear to clean up t...

Page 226: ...ration consists of two sections a system and a port wide Web Interface To configure a System Configuration of Network Access Server in the web interface 1 Select Enabled in the Mode of Network Access Server Configuration 2 Checked Re authentication Enabled 3 Set Re authentication Period Default is 3600 seconds 4 Set EAPOL Timeout Default is 30 seconds 5 Set Aging Period Default is 300 seconds 6 Se...

Page 227: ...rt Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in an 802 1X based mode this is...

Page 228: ... access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN Whe...

Page 229: ...e switch uses it to open up or block traffic on the switch port connected to the supplicant NOTE Suppose two backend servers are enabled and the server timeout is configured to X seconds using the AAA configuration page and suppose that the first server in the list is current down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it w...

Page 230: ...y a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so t...

Page 231: ...ediately reverted to the original VLAN ID which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X For trouble shooting VLAN assignments use the Monitor VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port...

Page 232: ...ort mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in Force Authorized or a single s...

Page 233: ...e state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name ...

Page 234: ...assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the NAS Switch Statu...

Page 235: ...tate of the port Refer to NAS Port State for a description of the individual states QoS Class The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read m...

Page 236: ...dentity Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This column is not available for MAC based Auth MAC Address For Multi 802 1X this column holds the MAC address of the attac...

Page 237: ...authentication of the client successful as well as unsuccessful Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the NAS Statistics by manual Others you can click clear to clean up all entries ...

Page 238: ... in the Failback to Local Authorization 3 Select Enabled in the Account To configure a RADIUS Authentication Server Configuration of AAA in the web interface Check Enabled 2 Specify IP address or Hostname for Radius Server 3 Specify Authentication Port for Radius Server Default is 1812 4 Specify the Secret with Radius Server To configure a RADIUS Accounting Server Configuration of AAA in the web i...

Page 239: ...imeframe we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried ...

Page 240: ...set to 0 zero the default port 1812 is used on the RADIUS Authentication Server Secret The secret up to 29 characters long shared between the RADIUS Authentication Server and the switch RADIUS Accounting Server Configuration The table has one row for each RADIUS Accounting Server and a number of columns which are The RADIUS Accounting Server number for which the configuration below applies Enabled...

Page 241: ...o use on the TACACS Authentication Server If the port is set to 0 zero the default port 49 is used on the TACACS Authentication Server Secret The secret up to 29 characters long shared between the TACACS Authentication Server and the switch Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values ...

Page 242: ...he server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled wh...

Page 243: ...but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right ic...

Page 244: ...B Web Interface To configure a RADIUS Details Configuration in the web interface 1 Specify Port which want to check 2 Checked Auto refresh Figure 4 6 3 The RADIUS Authentication Statistics Server Parameter description Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the RADIUS Statis...

Page 245: ...interface by limiting and identifying MAC addresses Web Interface To configure a System Configuration of Limit Control in the web interface 1 Select Enabled in the Mode of System Configuration 2 Checked Aging Enabled 3 Set Aging Period Default is 3600 seconds To configure a Port Configuration of Limit Control in the web interface 1 Select Enabled in the Mode of Port Configuration 2 Specify the max...

Page 246: ...frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration The table has one row for each port on the selected switch and a number of columns which are Port The port number to which the configuration below applies Mode Controls whether Limit Control is enabled on this port Both this and the ...

Page 247: ...ll actions Limit Reached Indicates that the limit is reached on this port This state can only be shown if Action is set to None or Trap Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap Shutdown Re open Button If a port is shutdown by this module you may reopen it by clicking this button which will only be en...

Page 248: ...the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status Web Interface To configure a Port Security Switch Status Configuration in the web int...

Page 249: ...that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count Current Limit The two columns indicate the numb...

Page 250: ...AC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Addition Shows the date and time when this MAC address was first seen on ...

Page 251: ...he web interface 1 Select Enabled in the Mode of Access Management Configuration 2 Click Add new entry 3 Specify the Start IP Address End IP Address 4 Checked Access Management method HTTP HTTPS SNMP and TELNET SSH in the entry 5 Click Save Figure 4 8 1 The Access Management Configuration Parameter description Mode Indicates the access management mode operation Possible modes are Enabled Enable ac...

Page 252: ... entry SNMP Indicates that the host can access the switch from SNMP interface if the host IP address matches the IP address range provided in the entry TELNET SSH Indicates that the host can access the switch from TELNET SSH interface if the host IP address matches the IP address range provided in the entry Buttons Save Click to save changes Reset Click to undo any changes made locally and revert ...

Page 253: ...eived Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access management mode is enabled Discarded Packets Number of discarded packets from the interface when access management mode is enabled Auto refresh To evoke the auto refresh icon then the device will refresh the information automati...

Page 254: ... secure encrypted communication Web Interface To configure a SSH Configuration in the web interface 1 Select Enabled in the Mode of SSH Configuration 2 Click Save Figure 4 9 1 The SSH Configuration Parameter description Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Save Click to save changes Reset Click to und...

Page 255: ...TPS Configuration 2 Select Enabled in the Automatic Redirect of HTTPS Configuration 3 Click Save Figure 4 10 1 The HTTPS Configuration Parameter description Mode Indicates the HTTPS mode operation Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation Automatically redirect web browser to HTTPS whe...

Page 256: ...client for which the configuration below applies Authentication Method Authentication Method can be set to one of the following values none authentication is disabled and login is not possible local use the local user database on the switch for authentication radius use a remote RADIUS server for authentication tacacs use a remote TACACS server for authentication Fallback Enable fallback to local ...

Page 257: ...ch for any maintenance needs Any configuration files or scripts that you saved in the switch should still be available afterwards Web Interface To configure a Restart Device Configuration in the web interface 1 Chick Restart Device 2 Click Yes Figure 5 1 1 The Restart Device Parameter description Restart Device You can restart the switch on this page After restart the switch will boot normally But...

Page 258: ...L and filename Upload Click the Upload button then the switch will start to upload the firmware from firmware stored location PC or Server NOTE This page facilitates an update of the firmware controlling the switch Uploading software will update all managed switches to the location of a software image and click After the software image is uploaded a page announces that the firmware update is initi...

Page 259: ... Selection in the web interface 1 Chick Activate Alternate Image 2 Click yes to complete firmware selection Figure 5 2 2 The Firmware Selection Parameter description Activate Alternate Image Click to use the alternate image This button may be disabled depending on system state Cancel Cancel activating the backup image Navigates away from this page Image The flash index name of the firmware image T...

Page 260: ...se the Activate Alternate Image button is also disabled 2 If the alternate image is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 3 The firmware version and date information may be empty for older firmware releases This does not constitute an error ...

Page 261: ...lts Configuration in the web interface 1 Chick Factory Defaults 2 Click Yes Figure 5 3 1 The Factory Defaults Parameter description Buttons Yes Click to Yes button to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the configuration 5 3 2 Save Start This section describes how to save the Switch Start configuration Any current configuration fi...

Page 262: ...es Figure 5 3 3 The Save as Backup Configuration Parameter description Buttons Save Click the Save button to save current setting as Backup Configuration 5 3 4 Restore User This section describes how to restore users information back to the switch Any current configuration files will be restored via XML format Web Interface To configure a Restore User Configuration in the web interface 1 Chick Res...

Page 263: ... export the Switch Configuration for maintenance needs Any current configuration files will be exported as XML format Web Interface To configure an Export Config Configuration in the web interface 1 Chick Save configuration 2 Save the file in your device Figure 5 4 1 The Restore the Backup Configuration Parameter description Save Click the Save button to store the Configuration to the PC or Server...

Page 264: ...s XML format Web Interface To configure an Import Config Configuration in the web interface 1 Chick Browser to select the config file in you device 2 Click Upload Figure 5 4 2 The Import Config Parameter description Browse Click the Browse button to search the Configuration URL and filename Upload Click the Upload button then the switch will start to upload the configuration from configuration sto...

Page 265: ...ss of device what you want to ping it Ping Size To set the ICMP Packet size to ping the other device Start Click the Start button then the switch will start to ping the device using ICMP packet size what set on the switch After you press 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses...

Page 266: ...rt Click the Start button then the switch will start to ping the device using ICMPv6 packet size what set on the switch After you press 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING server 10 10 132 20 64 bytes from 10 10 ...

Page 267: ... of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is completed Web Interface To configure a VeriPHY Cable Diagnostics Configuration in the web interface 1 Specify Port which want to check 2 Click Start Figure 5 5 3 The VeriPHY Parameter descript...

Page 268: ... Policy 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the Web page help text to get further information for each of them The maximum number of ACEs is 64 ACL Ports The ACL Ports configuration is used to assign a P...

Page 269: ...a OAM frame transmitted from a MEP to it s peer MEP and used to implement CC functionality CDP CDP is an acronym for Cisco Discovery Protocol D DEI DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering bi...

Page 270: ...meter of module_id is the third byte for the module ID in standalone switch it always equal 0 The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a b...

Page 271: ...TP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands The other main standard that controls how the World Wide Web works is HTML which covers how Web pages are formatted and displayed Any Web server machine contains in addition to the Web page files it can serve an HTTP daemon a program that is designed to wait f...

Page 272: ...IMAP clients use to communicate with the servers and SMTP is the protocol used to transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves your email messages on the server rather than downloading them to your comput...

Page 273: ...of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management Sys...

Page 274: ...VLANs The main reason for using MVR is to save bandwidth by preventing duplicate multicast streams being sent in the core network instead the stream s are received on the MVR VLAN and forwarded to the VLANs where hosts have requested it them Wikipedia N NAS NAS is an acronym for Network Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to th...

Page 275: ...r the 802 1Q frame It is also known as User Priority PD PD is an acronym for Powered Device In a PoE system the power is delivered from a PSE power sourcing equipment to a remote device The remote device is called a PD PHY PHY is an abbreviation for Physical Interface Transceiver and is the device that implement the Ethernet physical layer IEEE 802 3 PING ping is a program that sends a series of p...

Page 276: ...Private VLAN In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN PTP PTP is an acronym for Precision Time Protocol a network protocol for synchronizing the clocks of computer systems Q QCE QCE is an acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID There are six QCE frame types Etherne...

Page 277: ...he NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the message of any length Shaper A shaper can limit the bandwidth of transmitted frames It is located after the ingress queues SMTP SMTP is an acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Tr...

Page 278: ...twork clock frequency synchronized Not to be confused with real time clock synchronized IEEE 1588 T TACACS TACACS is an acronym for Terminal Access Controller Access Control System Plus It is a networking protocol which provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authori...

Page 279: ... port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP User Priority User Priority is a 3 bit field storing the priority level for the 802 1Q fr...

Page 280: ...ed to the provider port with a double VLAN tag VLAN ID VLAN ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality ...

Reviews: