manualshive.com logo in svg

WoMaster DS410, User Manual

Share
Download
WoMaster DS410 User Manual Download Page 48

 

48 

 

encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it. 

When authentication is complete, the RADIUS server sends a special packet containing a success or failure 

indication. Besides forwarding this decision to the supplicant, the switch uses it to open up or block traffic on 

the switch port connected to the supplicant. 

 

Note: 

Suppose two backend servers are enabled and that the server timeout is configured to X seconds 

(using the AAA configuration page), and suppose that the first server in the list is currently down (but not 

considered dead). Now, if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds, then 

it will never get authenticated, because the switch will cancel on-going backend authentication server 

requests whenever it receives a new EAPOL Start frame from the supplicant. And since the server hasn't yet 

failed (because the X seconds haven't expired), the same server will be contacted upon the next backend 

authentication server request from the switch. This scenario will loop forever. Therefore, the server timeout 

should be smaller than the supplicant's EAPOL Start frame retransmission rate. 

MAC-based Auth.

 

Unlike 802.1X, MAC-based authentication is not a standard, but merely a best-practices method adopted by 

the industry. In MAC-based authentication, users are called clients, and the switch acts as the supplicant on 

behalf of clients. The initial frame (any kind of frame) sent by a client is snooped by the switch, which in turn 

uses the client's MAC address as both username and password in the subsequent EAP exchange with the 

RADIUS server. The 6-byte MAC address is converted to a string on the following form "xx-xx-xx-xx-xx-xx", 

that is, a dash (-) is used as separator between the lower-cased hexadecimal digits. The switch only supports 

the MD5-Challenge authentication method, so the RADIUS server must be configured accordingly. 

When authentication is complete, the RADIUS server sends a success or failure indication, which in turn 

causes the switch to open up or block traffic for that particular client, using the Port Security module. Only 

then will frames from the client be forwarded on the switch. There are no EAPOL frames involved in this 

authentication, and therefore, MAC-based Authentication has nothing to do with the 802.1X standard. 

The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected 

to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and 

that the clients don't need special supplicant software to authenticate. The disadvantage is that MAC 

addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be 

used by anyone. Also, only the MD5-Challenge method is supported. The maximum number of clients that 

can be attached to a port can be limited using the Port Security Limit Control functionality. 

Port State 

The current state of the port. It can undertake one of the following values: 

Globally Disabled:

 NAS is globally disabled. 

Link Down:

 NAS is globally enabled, but there is no link on the port. 

Authorized:

 The port is in Force Authorized or a single-supplicant mode and the supplicant is authorized. 

Unauthorized:

 The port is in Force Unauthorized or a single-supplicant mode and the supplicant is not 

successfully authorized by the RADIUS server. 

X Auth/Y Unauth:

 The port is in a multi-supplicant mode. Currently X clients are authorized and Y are 

unauthorized. 

Restart 

Two buttons are available for each row. The buttons are only enabled when authentication is globally 

enabled and the port's Admin State is in an EAPOL-based or MAC-basedmode. 

Clicking these buttons will not cause settings changed on the page to take effect. 

Reauthenticate:

 Schedules a reauthentication whenever the quiet-period of the port runs out (EAPOL-based 

authentication). For MAC-based authentication, reauthentication will be attempted immediately. 

The button only has effect for successfully authenticated clients on the port and will not cause the clients to 

get temporarily unauthorized. 

Reinitialize:

 Forces a reinitialization of the clients on the port and thereby a reauthentication immediately. 

The clients will transfer to the unauthorized state while the reauthentication is in progress. 

 

 

Summary of Contents for DS410

Page 1: ...COVER DS410F Industrial 10 port Full Gigabit L2 Managed Fiber Ethernet Switch Nov 23 2018 V 1 0 WOM ASIA Co Ltd 1F No 185 3 Kewang Rd Longtan Dist Taoyuan 325 Taiwan ...

Page 2: ...o provide for every possible contingency met in the process of installation operation or maintenance Should further information be required or should particular problem arise which are not covered sufficiently for the user s purposes the matter should be referred to WoMaster Users must be aware that updates and amendments will be made from time to time to add new information and or correct possibl...

Page 3: ...NG 12 3 DEVICE INTERFACE MANAGEMENT 13 3 1 CONFIGURATION 22 3 1 1 SYSTEM 22 3 1 2 GREEN ETHERNET 28 3 1 3 THERMAL PROTECTION 30 3 1 4 PORTS 31 3 1 5 SECURITY 33 3 1 6 AGGREGATION 63 3 1 7 LOOP PROTECTION 67 3 1 8 SPANNING TREE 68 3 1 9 IPMC 71 3 1 10 LLDP 73 3 1 11 MAC TABLE 75 3 1 12 VLAN 77 3 1 13 PRIVATE VLANS 82 3 1 14 QoS 83 3 1 14 1 QOSCLASSIFICATION 84 3 1 14 2 POLICERS 84 3 1 14 3 SHAPERS ...

Page 4: ...3 2 5 SECURITY 130 3 2 6 AGGREGATION 131 3 2 7 LOOP PROTECTION 132 3 2 8 SPANNING TREE 133 3 2 9 IPMC 137 3 2 10 LLDP 139 3 2 11 MAC ADDRESS 145 3 2 12 VLANS 146 3 3 DIAGNOSTICS 149 3 3 1 PING IPv4 149 3 3 2 TRACEROUTE IPv4 151 3 3 3 VeryPHY 153 3 4 MAINTANANCE 153 3 4 1 RESTART 154 3 4 2 FACTORY DEFAULT 154 3 4 3 SOFTWARE 155 3 4 4 CONFIGURATION 156 3 5 FRONT PANEL 159 ...

Page 5: ...tic Monitoring type SFP transceivers also equipped the switch for diagnosing transmission problem through maintenance and debugging of the signal quality WoMaster managed switch is designed to provide faster secure and more stable network One advantage that makes it a powerful switch is that it supports network redundancy protocols technologies such as Rapid Spanning Tree Protocol RSTP IEC 61000 6...

Page 6: ...GMP Snooping v2 Port classification Port policing Port scheduler Port shaping QoS control list WRED Port Security ACL Loop Protection Advanced Security System IEEE 802 1X RADIUS Management IP Management VLAN SSL Redundancy Technology Rapid Spanning Tree Protocol RSTP Various configuration paths including Web GUI CLI and SNMP LLDP topology control 10 60V wide power range design with redundant power...

Page 7: ... INSTALLATION This chapter introduces hardware and contains information on installation and configuration procedures 2 1 HARDWARE DIMENSION Dimensions of DS410F DS410 65 x 155 x 120 W x H x D without DIN Rail Clip ...

Page 8: ...0 it is included 6 ports 10 100 1000M SFP 2 ports 100 1000M SFP RJ45 Combo 2 ports 100 1000M RJ45 System LED USB for configuration firmware management RJ 45 diagnostic console 2 x 4 pin terminal block connector 4 pin for power inputs 2 pin for digital input and 2 pin for alarm relay output and 1 chassis grounding screw On the rear side of switch there is DIN rail clip attached DS410F DS410 ...

Page 9: ...ntact on the terminal block connector 2 Tighten the wire clamp screws to prevent the power wires from being loosened 3 Connect the power wires to suitable AC DC Switching type power supply The input DC voltage should be in the range of 10VDC to DC 60V DC WARNING Turn off AC power input source before connecting the Power to the terminal block connectors for safety purpose Don not turn on the source...

Page 10: ...ts form a close circuit when a user configured event is triggered If a user configured event does not occur the fault circuit remains opened The fault conditions such as power failure Ethernet port link break or other pre defined events which can be configured in the switch Screw the DO wire tightly after digital output wire is connected NOTE The relay contact only supports 0 5 A current DC 24V Do...

Page 11: ...or open trigger switch for control cabinet The switch s Digital Input accepts DC signal and can receive Digital High Level input DC 11V 30V and Digital Low Level input DC 0V 10V Here are the steps to wire the Digital Input STEP 1 Insert the negative and positive wires into the terminals respectively STEP 2 To keep the wires from pulling loose tighten the wire clamp screws on the front of the termi...

Page 12: ...or better durability 2 6 DIN RAIL MOUNTING The EN50022 DIN Rail plate should already attached at the back panel of the switch screwed tightly If you need to reattach the DIN Rail attachment plate to the switch make sure the plate is situated towards the top as shown by the following figures To mount the switch on DIN Rail track do the following instruction 1 Insert the top side of DIN Rail track i...

Page 13: ...tor the managed switch only For the CLI management interface please refers to the CLI Command User Manual PREPARATION FOR WEB INTERFACE MANAGEMENT WoMaster provides Web interface management that allows user through standard web browser such as Microsoft Internet Explorer or Mozilla or Google Chrome to access and configure the switch management on the network 1 Plug the DC power to the switch and c...

Page 14: ...rd admin SSH Secure Shell WoMaster managed SWITCH also supports SSH console User can remotely connect to the switch by command line interface The SSH connection can secure all the configuration commands user sent to the switch SSH is a client server architecture while the switch is the SSH server When user wants to make SSH connection with the switch user should download the SSH client tool first ...

Page 15: ...115200 Then click on Open to start the SSH session console 2 After it user can see the CLI command screen is pop up 3 Type the Switch Login name and its Password The default settings are admin admin 4 All the commands user sees in Putty are the same as the CLI commands user sees via RS232 console The next chapter will introduce in detail how to use command line to configure some features in the sw...

Page 16: ...opy Copy from source to destination delete Delete one file in flash file system dir Directory of all files in flash file system disable Turn off privileged commands do To run exec commands in the configuration mode dot1x IEEE Standard for port based Network Access Control enable Turn on privileged commands exit Exit from EXEC mode firmware Firmware upgrade swap help Description of the interactive ...

Page 17: ... Exit from current mode green ethernet Green Ethernet Power reduction help Description of the interactive help system hostname Set system s network name interface Select an interface to configure ip IPv4 configurations lacp LACP settings line Configure a terminal line lldp LLDP configurations logging System logging message loop protect Loop protection configuration mac MAC table entries configurat...

Page 18: ...ggregation Create an aggregation description Description of the interface do To run exec commands in the configuration mode dot1x IEEE Standard for port based Network Access Control duplex Interface duplex end Go back to EXEC mode excessive restart Restart backoff algorithm after 16 collisions No excessive restart means discard frame after 16 collisions exit Exit from current mode flowcontrol Traf...

Page 19: ...terface Configuration In this mode User can configure port related settings config if LLAG VLAN Interface Configuration In this mode User can configure settings for specific LLAG VLAN config if Here are some useful commands for User to see these available commands Save User time in typing and avoid typing error Press to see all the available commands in this mode It helps User to see the next comm...

Page 20: ... Alert message when multiple users want to configure the switch If the administrator is in configuration mode then the Web users can t change the settings This managed switch allows only one administrator to configure the switch at a time config a aaa Authentication Authorization and Accounting access Access management access list Access list aggregation Aggregation mode co tab configure copy conf...

Page 21: ...ns User can use all of the standard web browser to configure and access the switch on the network This web management has 4 big configuration functions Configuration This section will cover all of the configuration features for this switch Monitor This section will cover all of the monitoring sections include the traffic QoS Security Aggregation spanning tree LLDP VLAN and etc Diagnostics This sec...

Page 22: ...s 3 1 14 QoS 3 1 15 Mirroring 3 1 1 SYSTEM Information section this section shows the basic information from the switch to make it easier to identify different switches that are connected to User network The figure below shows the interface of the Information section Information The switch system information is provided here System Contact The textual identification of the contact person for this ...

Page 23: ... Offset Provide the timezone offset relative to UTC GMT The offset is given in minutes east of GMT The valid range is from 1439 to 1439 minutes Buttons Submit Click to submit changes Reset Click to undo any changes made locally and revert to previously saved values IP Configuration This IP Configuration page allows user to configure the device IP Address and in this page user able to set the IP Ad...

Page 24: ... client is enabled and the client identifier type is ascii the ASCII string will be used in the DHCP option 61 field IPv4 DHCP Client Identifier HEX The hexadecimal string of DHCP client identifier When DHCPv4 client is enabled and the client identifier type hex the hexadecimal value will be used in the DHCP option 61 field IPv4 DHCP Hostname The hostname of DHCP client If DHCPv4 client is enabled...

Page 25: ...ess that must match in order to qualify for this route Valid values are between 0 and 32 bits Only a default route will have a mask length of 0 as it will match anything Gateway The IP address of the IP gateway Valid format is dotted decimal notation Distance Only for IPv4 The distance value of route entry is used to provide the priority information of the routing protocols to routers When there a...

Page 26: ...does not exist Possible modes are Enabled Enable server mode operation Disabled Disable server mode operation Server Address Indicates the IPv4 host address of syslog server If the switch provide DNS feature it also can be a domain name Syslog Level Indicates what kind of message will send to syslog server Possible modes are Error Send the specific messages which severity code is less or equal tha...

Page 27: ...e A check box is provided for each port of a Port Link Failure When checked port link failure will trigger relay status to on When unchecked port link failure will not trigger relay status to on By default port link failure is disabled on all ports Buttons Submit Click to submit changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 28: ...and transmitting device has all circuits powered up when traffic is transmitted The devices can exchange wakeup time information using the LLDP protocol EEE works for ports in auto negotiation mode where the port is negotiated to either 1G or 100 Mbit full duplex mode For ports that are not EEE capable the corresponding EEE checkboxes are grayed out and thus impossible to enable EEE for When a por...

Page 29: ... savings the circuit isn t started at once transmit data is ready for a port but is instead queued until a burst of data is ready to be transmitted This will give some traffic latency If desired it is possible to minimize the latency for specific frames by mapping the frames to a specific queue done with QOS and then mark the queue as an urgent queue When an urgent queue gets data to be transmitte...

Page 30: ...ase the power consumption It is possible to arrange the ports with different groups Each group can be given a temperature at which the corresponding ports shall be turned off Temperature settings for groups The temperature at which the ports with the corresponding group will be turned off Temperatures between 0 and 255 C are supported Port groups The group the port belongs to 4 groups are supporte...

Page 31: ... full duplex mode 1Gbps FDX Forces the port in 1Gbps full duplex SFP_Auto_AMS Automatically determines the speed of the SFP Note There is no standardized way to do SFP auto detect so here it is done by reading the SFP rom Due to the missing standardized way of doing SFP auto detect some SFPs might not be detectable The port is set in AMS mode Cu port is set in Auto mode 100 FX SFP port in 100 FX s...

Page 32: ...port Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS The range is 1518 10240 bytes Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions default Restart Restart back off algorithm after 16 collisions Frame Length Check Configures if frames with incorrect frame length in the EtherType Length field shal...

Page 33: ...ch via one of the management client interfaces The table has one row for each client type and a number of columns which are Client The management client for which the configuration below applies Methods Method can be set to one of the following values no Authentication is disabled and login is not possible local Use the local user database on the switch for authentication radius Use remote RADIUS ...

Page 34: ...he HTTPS connection manually for this case Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Certificate Maintain The operation of certificate maintenance Possible operations are None No operation Delete Delete the current certificate Upload Upload a certificate PEM file Possible methods are Web Browser or URL Generate Generate a new sel...

Page 35: ...h secure HTTP certificate is generating Buttons Submit Click to submit changes Reset Click to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page Any changes made locally will be undone Access Management Configuration Configure access management table on this page The maximum number of entries is 16 If the application s type match any one of the ac...

Page 36: ...vert to previously saved values SNMP System Configure SNMP on this page Mode Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Engine ID Indicates the SNMPv3 engine ID The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed Only users on ...

Page 37: ...ap supported version Possible versions are SNMPv1 Set SNMP trap supported version 1 SNMPv2c Set SNMP trap supported version 2c SNMPv3 Set SNMP trap supported version 3 Destination Address Indicates the SNMP trap destination address It allow a valid IP address in dotted decimal notation x y z w Destination port Indicates the SNMP trap destination port SNMP Agent will send SNMP message via this port...

Page 38: ...OID of linkUp and linkDown A valid subset OID is one or more digital number 0 4294967295 or asterisk which are separated by dots The first character must not begin withasterisk and the maximum of OID count must not exceed 128 Buttons Add New Entry Click to add a new entry The maximum entry count is 32 Submit Click to submit changes Reset Click to undo any changes made locally and revert to previou...

Page 39: ...4 but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Model VACM for access control For the USM entry the usmUserEngineID and usmUserName are the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID...

Page 40: ...h is 8 to 40 The allowed content is ASCII characters from 33 to 126 Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols are None No privacy protocol DES An optional flag to indicate that this user uses DES authentication protocol AES An optional flag to indicate that this user uses AES authentication protocol Privacy Password A string identif...

Page 41: ...ion Configure SNMPv3 view table on this page The entry index keys are View Name and OID Subtree Delete Check to delete the entry It will be deleted during the next save View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 View Type Indicates the view type that this entry should ...

Page 42: ... any Any security model accepted v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The name of the MIB view de...

Page 43: ...43 Reset Click to undo any changes made locally and revert to previously saved values ...

Page 44: ...00 seconds with a default of 3600 seconds To understand why aging may be desired consider the following scenario Suppose an end host is connected to a 3rd party switch or hub which in turn is connected to a port on this switch on which Port Security is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers down If it wasn t for...

Page 45: ... the MAC table when the hold time expires At most Violation Limit MAC addresses can be marked as violating at any given time Shutdown If Limit is reached one additional MAC address will cause the port to be shut down This implies that all secured MAC addresses be removed from the port and no new addresses be learned There are three ways to re open the port 1 In the Configuration Ports page s Confi...

Page 46: ...n 802 1X authentications The NAS configuration consists of two sections a system and a port wide System Configuration Mode Indicates if NAS is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames Reauthentication Enabled If checked successfully authenticated supplicants clients are reauthenticated after the interval specified by the Reauthentic...

Page 47: ...number between 10 and 1000000 seconds Port Configuration The table has one row for each port on the switch and a number of columns which are Port The port number for which the configuration below applies Admin State If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success...

Page 48: ... traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g t...

Page 49: ...is port The allowed values are 0 through 63 The default value is 0 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply on this port The allowed values are Disabled or the values 1 through 16 The default value is Disabled Port Redirect Select which port frames are redirected on The allowed values are Disa...

Page 50: ...lues are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled Note The shutdown feature only works when the packet length is less than 1518 without VLAN tags State Specify the port state of this port The allowed values are Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disa...

Page 51: ...00 1000000 in kbps Unit Specify the rate unit The allowed values are pps packets per second kbps Kbits per second Buttons Submit Click to submit changes Reset Click to undo any changes made locally and revert to previously saved values Access Control List This page shows the Access Control List ACL which is made up of the ACEs defined on this switch Each row describes the ACE that is defined The m...

Page 52: ...4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Filter Frames matching the ACE are filtered Rate Limiter Indicates the rate limiter number of the ACE Th...

Page 53: ...this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type selected A frame that hits this ACE matches the configuration that is defined here Ingress Port Select the ingress port for which this ACE appl...

Page 54: ...hat hits this ACE is granted permission for the ACE operation Deny The frame that hits this ACE is dropped Filter Frames matching the ACE are filtered Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The rate...

Page 55: ...ust be multicast BC Frame must be broadcast UC Frame must be unicast Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears DMAC Value When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hex...

Page 56: ... address and sender IP mask in the SIP Address and SIP Mask fields that appear Sender IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Notice the invalid IP address configuration is acceptable too for example 0 0 0 0 Normally an ACE with invalid IP address will explicitly adding deny action Sender IP Mask Whe...

Page 57: ...where the HLD is equal to Ethernet 1 Any Any value is allowed don t care Ethernet Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is not equal to IP 0x800 1 ARP RARP frames where the PRO is equal to IP 0x800 Any Any value is allowed don t care IP Parameters The IP parameters can be configured when Frame Type ...

Page 58: ...s field that appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation Notice the invalid IP address configuration is acceptable too for example 0 0 0 0 Normally an ACE with...

Page 59: ...nd source IPv6 mask in the SIP Address fields that appear SIP Address When Specific is selected for the source IPv6 filter you can enter a specific SIPv6 address The field only supported last 32 bits for IPv6 address SIP BitMask When Specific is selected for the source IPv6 filter you can enter a specific SIPv6 mask The field only supported last 32 bits for IPv6 address Notice the usage of bitmask...

Page 60: ...ected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Destination Filter Specify the TCP UDP destination filter for this ACE Any No TCP UDP destination filter is specified TCP UDP destination filter status is don t care Specific If you want to filter a specific TCP...

Page 61: ...t must be able to match this entry Any Any value is allowed don t care TCP URG Specify the TCP Urgent Pointer field significant URG value for this ACE 0 TCP frames where the URG field is set must not be able to match this entry 1 TCP frames where the URG field is set must be able to match this entry Any Any value is allowed don t care Ethernet Type Parameters The Ethernet Type parameters can be co...

Page 62: ... new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Deadtime to a value greater than 0 zero will enable this feature but only if more than one server has been configured Change Secret Key Specify to change the secret key or not When Yes is selected for the...

Page 63: ...w is added to the table and the RADIUS server can be configured as needed Up to 5 servers are supported The button can be used to undo the addition of the new server Buttons Submit Click to submit changes Reset Click to undo any changes made locally and revert to previously saved values 3 1 6 AGGREGATION This document provides examples on how to configure Link Aggregation Control Protocol LACP AGG...

Page 64: ...y forwards traffic while the other remains in standby mode The port in standby mode does not forward any frames other than BPDUs The LACP state of the standby port is in no sync state If the active port goes down the standby port takes over When the failed port becomes operational it takes over the frame forwarding unless configured not to non revertive operation LACP State Information The states ...

Page 65: ... lacp internal details Port The local port State The active inactive state of this port Key The key of this port same as group id Priority The LACP priority of this port Activ Timeo u Aggrege Synchro Collect Distrib Defau Expired Booleans The LACP protocol state seen from the actor the local unit Statistics The following snippet shows the statistics of the aggregation group show lacp statistics Po...

Page 66: ...he aggregation mode This is a global parameter and affects all aggregations These mode parameters can be combined Note Any change in the aggregation mode stops all forwarding until the key is fully setup config aggregation mode dmac Destination MAC affects the distribution ip IP address affects the distribution port IP port affects the distribution smac Source MAC affects the distribution config a...

Page 67: ...ach port Valid values are 1 to 10 seconds Default value is 5 seconds Shutdown Time The period in seconds for which a port will be kept disabled in the event of a loop is detected and the port action shuts down the port Valid values are 0 to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart Default value is 180 seconds Port Configuration Port The switch port ...

Page 68: ...tance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Hello Time The interval between sending STP BPDU s Valid values are in the range 1 to 10 seconds default is 2 seconds Note Changing this parameter from the default value is not recommended and may have adverse effects on your network Forward Delay The delay used by STP Bridges to transit Root and Designat...

Page 69: ...able itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Erro...

Page 70: ...le automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not Restricted Role If enabled causes the port not to be selected as Root Port for the CIST even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning...

Page 71: ...MP Snooping Unregistered IPMCv4 Flooding Enabled Enable unregistered IPMCv4 traffic flooding The flooding control takes effect only when IGMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer ...

Page 72: ...nterface creation you need to enter IP configuration page to setup IP interface first System IP Add IP interface VLAN ID The VLAN ID of the entry IGMP Snooping Enabled Enable the per VLAN IGMP Snooping Up to 8 VLANs can be selected for IGMP Snooping Querier Election Enable to join IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier Querier Address Define the IPv4 address as sou...

Page 73: ...conds Valid values are restricted to 2 10 times Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds Tx Reinit When a interface is disabled LLDP is disabled or the...

Page 74: ...om neighbors Port Descr Optional TLV When checked the port description is included in LLDP information transmitted Sys Name Optional TLV When checked the system name is included in LLDP information transmitted Sys Descr Optional TLV When checked the system description is included in LLDP information transmitted Sys Capa Optional TLV When checked the system capability is included in LLDP informatio...

Page 75: ... learning mode for a given port is greyed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Each port can do learning based upon the following settings Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done Secure Only static MAC ent...

Page 76: ...le Configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The MAC table is sorted first by VLAN ID and then by MAC address Delete Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the ent...

Page 77: ...rs Ethertype for Custom S ports This field specifies the ethertype TPID specified in hexadecimal used for Custom S ports The setting is in force for all ports whose Port Type is set to S Custom Port Port VLAN Configuration Port This is the logical port number of this row Mode The port mode default is Access determines the fundamental behavior of the port in question A port can be in one of three m...

Page 78: ...rough 4095 default being 1 On ingress frames get classified to the Port VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the port but the frame is priority tagged VLAN ID 0 On egress frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN The Port VLAN is called an Access VLAN for ports in Ac...

Page 79: ...iority custom S tagged frames C tagged frames are initially considered untagged and will therefore not be discarded Later on in the ingress classification process they will get classified to the VLAN embedded in the tag instead of the port VLAN ID Ingress Filtering Hybrid ports allow for changing ingress filtering Access and Trunk ports always have ingress filtering enabled If ingress filtering is...

Page 80: ...changes made locally and revert to previously saved values SVL Shared VLAN Learning Shared VLAN Learning allows for frames initially classified to a particular VLAN based on Port VLAN ID or VLAN tag information be bridged on a shared VLAN In SVL two or more VLANs are grouped to share common source address information in the MAC table The common entry in the MAC table is identified by a Filter ID F...

Page 81: ... be displayed if one VLAN is grouped into two or more FIDs All VLANs must map to a particular FID and by default VLAN x maps to FID x This implies that if FID x is defined then VLAN x is implicitly a member of FID x unless it is specified for another FID If FID x doesn t exist a confirmation message will be displayed asking whether to continue adding VLAN x implicitly to FID x Buttons Add FID Add ...

Page 82: ...This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANs Delete To delete a private VLAN entry check this box The entry will ...

Page 83: ...lly and revert to previously saved values 3 1 14 QoS QoS is a mechanism for providing different priorities to different applications users or data flows or to guarantee a certain level of performance for a data flow All incoming frames are classified into a Class of Service CoS which is used in the queue system when the assigning resources in the arbitration from ingress to egress queues and in th...

Page 84: ...chieved using bandwidth shapers Shapers can be configured at queue level or at a port level 3 1 14 4 SCHEDULINGALGORITHM Two types of scheduling are possible on the device at a port level Strict Priority All queues follow strict priorityscheduling Deficit Weighted Round Robin DWRR Scheduling is based on the weights configured for each queue Configuration is present to select the number of queues w...

Page 85: ...reated to control the rewriting of packets at egress Values such as PCP DEI and DSCP can be updated based on the classified key values CoSID CoSID DPL DSCP or DSCP DPL In order to use an Egress Map it must first be created and configured Configuration consists of the following parameters Key This classified value s to use for lookup Actions Which kinds of values to rewrite in the packet Mappings T...

Page 86: ...tion for that port Example Map PCP 0 and DEI 0 to CoS 2 and DPL 0 Map PCP 0 and DEI 1 to CoS 3 and DPL 1 on Port 2 Configuring Ingress Port TagClassification UsingWebGUI In order to configure the mapping from PCP 0 and DEI 0 to CoS 2 and DPL 0 and mapping from PCP 0 and DEI 1 to CoS 3 and DPL 1 on Port 2 please perform to the following steps 1 Click Configuration QoS Port Classification 2 On the P...

Page 87: ...e updated with the classified values at the ingress By default the PCP and DEI values are set to classifiedvalues Default PCP and DEI values on the egress frames are updated to default values defined per port Mapped PCP and DEI values on the egress frames are updated based on the tag remarking CoS DPL to PCP DEI mapping per port Example Set Default PCP to 5 and DEI to 0 on Port 3 Setting Up PCP Po...

Page 88: ...orm the following steps 1 Click Configuration QoS Port Tag Remarking 2 On the Port Tag Remarking page click the Port Number corresponding to the port and enter the parameters as shown in the following illustration Set Up CoS and DPL for Mapped Tag Remarking The equivalent ICLI commands are configure terminal config interface GigabitEthernet 1 2 Set Tag Remarking to Mapped config if qos tag remark ...

Page 89: ...sificationtable Classify all DSCP Rewrite on Egress No Egress rewrite Rewrite enabled without remapping Remap DSCP with DP unaware Remap DSCP with DP aware Example DSCP Only Trusted to QoS Class DPL classification at ingress on Port 2 Configuring DSCP to QoS Classification UsingWebGUI To configure DSCP only trusted to QoS Class DPL classification at ingress on Port 2 perform the following steps 1 ...

Page 90: ...CP Trust for DSCP at Port2 config interface GigabitEthernet1 2 config if qos trust dscp config if exit Map DSCP Values 4 and 5 to QoS Class 6 config qos map dscp cos 4 cos 6 dpl 0 config qos map dscp cos 5 cos 6 dpl 0 config end Example Translate DSCP at ingress on Port 2 and rewrite enabled on Port 3 ...

Page 91: ...n QoS Port DSCP and select the Translate option Config DSCP Ingress Translation and DSCP Egress Rewrite 3 Click Configuration QoS DSCP Translation and configure translation mapping as shown in the following illustration Set Up Ingress Translation Map for DSCP The equivalent ICLI commands are configure terminal Enable DSCP Translate at ingress on Port 2 config interface GigabitEthernet 1 2 config i...

Page 92: ...lassify only DSCP as 0 at ingress on Port 2 and rewrite enabled on Port 3 perform the following steps 1 Click Configuration QoS Port Classification and select the DSCP Based options as shown in the following illustration Enable DSCP Based QoS for DSCP 0 Classification and DSCP Rewrite 2 Click Configuration QoS Port DSCP and set the Ingress values as shown in the following illustration Set Up DSCP ...

Page 93: ...os dscp translate config if exit Create Ingress DSCP Translation Map config qos map dscp ingress translation 0 to 7 config qos map dscp ingress translation 1 to 5 Note Only DSCP 0 will be rewritten as these are only classified Enable DSCP Remark at egress on Port 3 config interface GigabitEthernet 1 3 config if qos trust dscp config if qos dscp remark rewrite config if exit config end Example Clas...

Page 94: ...ss Classification and DSCP Egress Rewrite 3 Click Configuration QoS DSCP Translation and configure translation mapping as shown in the following illustration Set Up Ingress Translation Map for Selected DSCP The equivalent ICLI commands are configure terminal Enable DSCP classification for selected DSCP values at ingress Port2 config interface GigabitEthernet 1 2 config if qos trust dscp config if ...

Page 95: ...rt 3 perform the following steps 1 Click Configuration QoS Port Classification and select the DSCP Based option as shown in the following illustration Enable All DSCP Classification and DSCP Rewrite 2 Click Configuration QoS Port DSCP and set the values as shown in the followingillustration Set Up All DSCP Ingress Classification and DSCP Egress Rewrite The equivalent ICLI commands are configure te...

Page 96: ...ort Classification and select the DSCP Based option as shown in the following illustration Enable All DSCP Classification and DSCP Egress Remap 2 Click Configuration QoS DSCP Classification and set the values as shown in the following illustration Map QoS DP to DSCP Classification 3 Click Configuration QoS Port DSCP and set the values as shown in the followingillustration Set Up All DSCP Ingress C...

Page 97: ...able DSCP rewrite with DSCP Remap on Port 3 config interface GigabitEthernet 1 3 config if qos dscp remark remap config if end Advanced QoS QCLs Advanced QoS classification can be done by checking fields from Layer 2 to Layer 4 and mapping them to CoS PCP DEI and DSCP values Example Match on a particular Destination MAC on Port 2 and map these to CoS 5 Mapping a Particular MAC Destination to CoS U...

Page 98: ...apping a Particular VLAN Tag and PCP Range to CoS Using WebGUI Tomatch on a particular VLAN Tag and PCP range on Port 2 and map these to CoS 6 and also to map these frames to PCP 6 and DEI 0 perform the following steps 1 Click Configuration QoS QoS Control List and click the Add QCE to end of list icon The QCE Configuration page opens Create QCE Entry for Mapping VLAN Tag and PCP 2 On the QCE Conf...

Page 99: ...t 2 and map these to CoS 7 DP 1 and DSCP 9 perform the following steps 1 Click Configuration QoS QoS Control List and click the Add QCE to End of List icon The QCE Configuration page opens Create QCE Entry for Mapping MAC Address IP and UDP Port 2 On the QCE Configuration page set the appropriate values as shown in the followingillustration Map Frame With Specifc MAC IP and UDP Port to CoS DP and ...

Page 100: ... ICLI commands are configure terminal Enable Policer on Port 2 with a rate set to 2 Mbps config interface GigabitEthernet 1 2 config if qos policer 2 mbps flowcontrol config if end Example Enable policer on Port 2 and set the policer rate to 200 Fps The units are frames per second Configuring Policer Rate Fps on a Port Using WebGUI To configure the policer on Port 2 and set the policer rate to 200...

Page 101: ...onfigure terminal Enable Policer on Queue 2 at Port 2 with a rate set to 20Mbps config interface GigabitEthernet 1 2 config if qos queue policer queue 2 20 mbps config if end Shapers Port Shapers Enable shapers at port level to shape the egress traffic Example Enable shaper on Port 3 and set the shaping rate to 4 Mbps Configuring Shaping Rate Mbps on aPort Using WebGUI To enable a shaper on Port 3...

Page 102: ...ates on Port 3 and configure queue shapers to measure the data rate instead of the line rate Configuring Queue Shaper to Measure Data Rate UsingWebGUI To configure shaping on Queue 3 and Queue 4 at different rates on Port 3 and to configure queue shapers to measure the data rate instead of the line rate perform the following steps 1 Click Configuration QoS Port Shaping 2 On the Port Shaping page c...

Page 103: ...dulers DWRR Example Set the scheduling mode to DWRR 6 Queues Weighted on Port 3 with the following weights Queue0 40 Queue1 40 Queue2 20 Queue3 20 Queue4 20 and Queue5 20 Configuring Scheduling Mode to DWRR UsingWebGUI To configure Scheduling Mode to DWRR on Port 3 with the following weights Queue0 40 Queue1 40 Queue2 20 Queue3 20 Queue4 20 and Queue5 20 perform the following steps 1 Click Configu...

Page 104: ...n WRED Example Configure WRED on Group 1 Queue 4 and DPL 1 with a Minimum Threshold of 10 and Maximum Threshold of 50 Maximum Threshold unit is Drop Probability Configuring WRED with Drop Probability Threshold UsingWebGUI To configure WRED on Group 1 Queue 4 and DPL 1 with a Minimum Threshold of 10 and Maximum Threshold of 50 maximum Threshold unit is Drop Probability perform the following step Cl...

Page 105: ... of 10 and Maximum Threshold of 90 Maximum Threshold unit is Fill Level Assign Ports 1 and 2 to WRED Group 2 Configuring WRED with Fill Level Threshold UsingWebGUI To configure WRED on Group 2 Queue 5 DPL 1 with a Minimum Threshold of 10 and Maximum Threshold of 90 maximum Threshold unit is Fill Level perform the following steps 1 Click configuration QoS WRED and configure WRED as shown in the fol...

Page 106: ...ion QOS Storm Policing and configure storm policer as shown in the following illustration Per System Unicast Storm Policing The equivalent ICLI commands are configure terminal config qos storm unicast 1 kfps Example Apply a port storm policer of 1 Mbps on Broadcast frames on Port 2 Configuring Port Storm Policer 1 Mbps UsingWebGUI To configure storm policer of 1 Mbps on Broadcast frames on Port 2 ...

Page 107: ...s with PCP 0 3 are mapped to CoS 0 and CoSID 0 defaultmapping Tagged frames with PCP 4 7 are mapped to CoS 1 and CoSID 1 1 To create a new Ingress map click Configuration QOS Ingress Map and click the Add New Map icon Create QoS Ingress Map Entry for PCP Key Type 2 Enter the configuration details as shown in the following illustration Set Up QoS Ingress Map with PCP Key Type 3 Click Submit QoS Ing...

Page 108: ... more information see Advanced QoS QCLs page 14 that matches all packets from all ports where the destination MAC address is multicast associate it with Ingress Map 20 Associate PCP QoS Ingress Map with QCE The equivalent ICLI commands are configure terminal config qos map ingress 20 config qos map ingress action cos class config qos map ingress map pcp 4 to class 1 cos1 ...

Page 109: ... Example Create Ingress Map 21 with the following properties IP frames with DSCP 46 Expedited Forwarding are mapped to CoS 5 and CoSID1 IP frames with all other DSCP values are mapped to CoS 0 and CoSID 0 defaultmapping Configuring Ingress Map 21 UsingWebGUI To configure Ingress Map 21 with the following properties perform the following steps IP frames with DSCP 46 expedited forwarding are mapped ...

Page 110: ... config qos map ingress 21 config qos map ingress key dscp config qos map ingress action cos class config qos map ingress map dscp 46 to class 1 cos5 config qos map ingress end Associate port 3 and 4 with Ingress Map 21 configure terminal config interface GigabitEthernet 1 3 4 config if qos ingress map 21 config if end Egress Map Example Create Egress Map 40 with the required properties Set PCP to...

Page 111: ...ocreate a new Egress Map click Configuration QOS Egress Map and click the Add New Map icon Create QoS Egress Map Entry 2 Enter the configuration as shown in the following illustration Set Up QoS Egress Map with CoSID Key Type 3 Click Submit QoS Egress Map CoSID Key Type Summary 4 Click the Map ID 40 link and add a single entry in the CoS ID table by clicking the Add NewMap icon Expand QoS Egress M...

Page 112: ...erminal config qos map egress 40 config qos map ingress action dscp pcp config qos map ingress map class 1 to dscp 46 pcp7 config qos map ingress end Associate port 1 and 2 with Egress Map 40 configure terminal config interface GigabitEthernet 1 1 2 config if qos egress map 40 config if end ...

Page 113: ... want to get the tagged mirrored traffic you have to set VLAN egress tagging as Tag All on the reflector port On the other hand if you want to get untagged mirrored traffic you have to set VLAN egress tagging as Untag ALL on the reflector port Session Select session id to configure Mode To Enabled Disabled the mirror or Remote Mirroring function Type Select switch type Mirror The switch is running...

Page 114: ...Mirroring If you want to monitor some VLANs on the switch you can set the selected VLANs on this field Note1 The Mirroring session shall have either ports or VLANs as sources but not both Remote Mirroring Port Configuration The following table is used for port role selecting Port The logical port for the settings contained in the same row Source Select mirror mode Disabled Neither frames transmitt...

Page 115: ...sabled disabled ipmc igmpsnp Critical un conflict ipmc mldsnp Critical un conflict lacp Low o disabled lldp Low o disabled mac learning Critical disabled disabled disabled mstp Critical disabled o disabled mvr Critical un conflict nas Critical authorized authorized authorized psec Critical disabled disabled disabled qos Critical unlimited unlimited unlimited upnp Low o disabled mac based vlan Crit...

Page 116: ...ystem Name Location The system location configured in Configuration System Information System Location MAC Address The MAC Address of this switch Chip ID System Date The current GMT system time and date The system time is obtained through the Timing server running on the switch if any System Uptime The period of time the device has been operational Software Version The software version of this swi...

Page 117: ...tion of system LED Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every second Refresh Click to refresh the page Clear Clear the selected error status of system LED CPU LOAD This page displays the CPU load using an SVG graph The load is measured as averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed and the las...

Page 118: ...the IP protocol layer The status is defined by the IP interfaces the IPv6 routes and the neighbor cache ARP cache status IP Interfaces Interface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Status The status flags of the interface and or address IPv6 Routes Network The destination IPv6 network o...

Page 119: ...age will show the beginning entries of this table The Start from ID input field allow the user to change the starting point in this table Clicking the Refresh button will update the displayed table starting from that or the closest next entry match In addition these input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same sta...

Page 120: ...he table entries starting from the first available entry If the first entry of the table is displayed the button is disabled Updates the table entries ending at the entry prior to the first entry currently displayed If the first entry of the table is displayed the button is disabled Updates the table entries starting from the entry next to the last entry currently displayed If the last entry of th...

Page 121: ...the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over System Log Information Entry Columns ID The identification of the system log entry Level The level of the system log entry Info The system log entry is belonged information level Warning The system log entry is ...

Page 122: ...ntry ID Updates the system log entry to the first available entry ID Updates the system log entry to the previous available entry ID Updates the system log entry to the next available entry ID Updates the system log entry to the last available entry ID RELAY OUTPUT STATUS This page displays the relay output status the ports of the switch Relay status The switch relay status Port The switch port nu...

Page 123: ... cap Shows if the port is EEE capable EEE Enable Shows if EEE is enabled for the port reflects the settings at the Port Power Savings configuration page LP EEE cap Shows if the link partner is EEE capable EEE In power save Shows if the system is currently saving power due to EEE When EEE is enabled the system will powered down if no frame has been received or transmitted in 5 uSec Actiphy Savings ...

Page 124: ...to inspect status information related to thermal protection Port The switch port number Temperature Shows the current chip temperature in degrees Celsius Port Status Shows if the port is thermally protected link is down or if the port is operating normally ...

Page 125: ...witch ports The displayed counters are Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion F...

Page 126: ...QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear Clears the counters for all ports QoS Control List QCL This page shows the QCL status by different QCL users Each row desc...

Page 127: ...ue Policy Classify ACL Policy number Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen that resources required to add a QCE may not be available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on pressing Resolve...

Page 128: ...The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and tra...

Page 129: ... Undersize The number of short1 frames received with valid CRC Rx Oversize The number of long2 frames received with valid CRC Rx Fragments The number of short1 frames received with invalid CRC Rx Jabber The number of long2 frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process 1 Short frames are frames that are smaller than 64 bytes 2 Long fra...

Page 130: ...ment Interface The interface type through which the remote host can access the switch Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access management mode is enabled Discarded Packets Number of discarded packets from the interface when access management mode is enabled Buttons ...

Page 131: ... instance Name Name of the Aggregation group ID Type Type of the Aggregation group Static or LACP Speed Speed of the Aggregation group Configured ports Configured member ports of the Aggregation group Aggregated ports Aggregated member ports of the Aggregation group Buttons Refresh Click to refresh the page immediately Auto refresh Automatic refresh occurs every 3 seconds ...

Page 132: ...The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Refresh Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular inter...

Page 133: ...t role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Regional Root The Bridge ID of the currently elected regional root bridge inside the MSTP region of this bridge For the CIST instance only Internal Root Cost The Regional Root Path Cost For the Regional Root Bridge this is zero For al...

Page 134: ... cost This will either be a value computed from the Auto setting or any explicitly configured value Edge The current STP port operational Edge Flag An Edge Port is a switch port to which no Bridges are attached The flag may be automatically computed or explicitly configured Each Edge Port transits directly to the Forwarding Port State since there is no possibility of it participating in a loop Poi...

Page 135: ... of the following values DiscardingLearning Forwarding Uptime The time since the bridge port was last initialized Buttons Refresh Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Port Statistics This page displays the STP port statistics counters of bridge ports in the switch The STP port statistics counter...

Page 136: ...Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Refresh Click to refresh the page immediately Clear Click to reset the counters Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds ...

Page 137: ...erier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Queries Transmitted The number of Transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Re...

Page 138: ...GMP Group Table is sorted first by VLAN ID and then by group Navigating the IGMP Group Table Each page shows up to 99 entries from the IGMP Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the IGMP Group Table The Start from VLAN and group input fields allow the user to select the sta...

Page 139: ...or capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management ...

Page 140: ...lity is followed by If the capability is disabled the capability is followed by Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbor s IP address Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds ...

Page 141: ...receiver to wake from sleep Fallback Receive Tw The link partner s fallback receives Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discrete levels for savings this provides the transmitter with additional information that it may use for a more efficient allocation Systems that do not implement this option d...

Page 142: ... exchanged via LLDP EEE in Sync Shows whether the switch and the link partner have agreed on wake times Red Switch and link partner have not agreed on wakeup times Green Switch and link partner have agreed on wakeup times Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page Port Statistics This page provide...

Page 143: ...al Counters The displayed table contains a row for each interface The columns hold the following information Local Interface The interface on which LLDP frames are received or transmitted Tx Frames The number of LLDP frames transmitted on the interface Rx Frames The number of LLDP frames received on the interface Rx Errors The number of received LLDP frames containing some kind of error Frames Dis...

Page 144: ... discarded and counted Age Outs Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Clear If checked the counters for the specific interface are cleared when Clear is pressed Buttons Auto refresh Check this box to refresh th...

Page 145: ...ntries and is sorted first by VLAN ID then by MAC address Navigating the MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in th...

Page 146: ...N services to configure VLAN memberships on the fly The drop down list on the right allows for selecting between showing VLAN memberships as configured by an administrator Admin or as configured by one of these internal software modules The Combined entry will show a combination of the administrator and internal software modules configuration and basically reflects what is actually configured in h...

Page 147: ...odules Select VLAN Users from this drop down list Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Ports This page provides VLAN Port Status VLAN User Various internal software modules may use VLAN services to configure VLAN port configuration on the fly The drop down list on the right allows for se...

Page 148: ... will show the VLAN ID the user wants to tag or untag on egress The field is empty if not overridden by the selected user Conflicts Two users may have conflicting requirements to a port s configuration For instance one user may require all frames to be tagged on egress while another requires all frames to be untagged on egress Since both users cannot win this gives rise to a conflict which is solv...

Page 149: ...nd is connected Ping uses Internet Control Message Protocol ICMP packets The PING Request is the packet from the origin computer and the PING Reply is the packet response from the target This page allows you to issue ICMP IPv4 PING packets to troubleshoot IP connectivity issues You can configure the following parameters for the test Hostname or IP Address The address of the destination host either...

Page 150: ...ic selection based on routing configuration Note You may only specify either the VID or the IP Address for the source interface Quiet only print result Checking this option will not print the result of each ping request but will only show the final result After you press ICMP packets are transmitted and the sequence number and round trip time are displayed upon reception of a reply The amount of d...

Page 151: ...st TTL Value Determines the value of the Time To Live TTL field in the IPv4 header in the first packet sent The default number is 1 The valid range is 1 30 Max TTL Value Determines the maximum value of the Time To Live TTL field in the IPv4 header If this value is reached before the specified remote host is reached the test stops The default number is 30 The valid range is 1 255 VID for Source Int...

Page 152: ...ault value is 0 The valid range is 0 255 Number of Probes Per Hop Determines the number of probes packets sent for each hop The default value is 3 The valid range is 1 60 Response Timeout Determines the number of seconds to wait for a reply to a sent request The default number is 3 The valid range is 1 86400 Max TTL Value Determines the maximum value of the Time To Live TTL field in the IPv4 heade...

Page 153: ... table Note that VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Port The port where you are requesting VeriPHY Cable Diagnostics Cable Status Port Port number Pair The status of the cable pair OK...

Page 154: ...nfiguration is retained The new configuration is available immediately which means that no restart is necessary Yes Click to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the configuration Note Restoring factory default can also be performed by making a physical loopback between port 1 and port 2 within the first minute from switch reboot I...

Page 155: ...il to function afterwards Image Select This page provides information about the active and alternate backup firmware images in the device and allows you to revert to the alternate image The web page displays two tables with information about the active and alternate firmware images Note 1 In case the active firmware image is the alternate image only the Active Image table is shown In this case the...

Page 156: ... or stored in flash on the switch The available files are running config A virtual file that represents the currently active configuration on the switch This file is volatile startup config The startup configuration for the switch read at boot time If this file doesn t exist at boot time the switch will start up in default configuration default config A read only file with vendor specific configur...

Page 157: ...to upload select the destination file on the target and then click Upload Configuration If the destination is running config the file will be applied to the switch configuration This can be done in two ways Replace mode The current configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the flash file system is full ...

Page 158: ...o activate and click Activate Configuration This will initiate the process of completely replacing the existing configuration with that of the selected file Delete It is possible to delete any of the writable files stored in flash including startup config If this is done and the switch is rebooted without a prior Save operation this effectively resets the switch to default configuration ...

Page 159: ...r to see the port status of the switch Shown as below Click Refresh to refresh the Port State user can check the Auto refresh to refresh the page automatically HOME LOGOUT HELP This help button provide the general information for the configuration page ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands