Advantech EKI-9228G-8CMI Скачать руководство пользователя страница 1

Страница: 1 / 324

User Manual

EKI-9228G Series

1 4xSFP + 8xCombo Port
Full Gigabit L2 Managed Switch

Содержание EKI-9228G-8CMI

Страница 1: ...User Manual EKI 9228G Series 16xRJ45 4xSFP 8xCombo Port Full Gigabit L2 Managed Switch...

Страница 2: ...tion Advantech assumes no liability under the terms of this warranty as a consequence of such events Because of Advantech s high quality control standards and rigorous testing most of our customers ne...

Страница 3: ...case the user will be required to correct the interference at his own expense FCC Class B Note This equipment has been tested and found to comply with the limits for a Class B digital device pursuant...

Страница 4: ...this manual we would welcome comments and constructive criticism Please send all such in writing to support advan tech com Packing List Before setting up the system check that the items listed below...

Страница 5: ...liquid into an opening This may cause fire or electrical shock 13 Never open the equipment For safety reasons the equipment should be opened only by qualified service personnel 14 If one of the follow...

Страница 6: ...e einen Brand bzw elektrischen Schlag aus l sen 13 ffnen Sie niemals das Ger t Das Ger t darf aus Gr nden der elektrischen Sicherheit nur von authorisiertem Servicepersonal ge ffnet werden 14 Wenn fol...

Страница 7: ...om damage To avoid electrical shock always disconnect the power from your PC chassis before you work on it Don t touch any components on the CPU card or other cards while the PC is on Disconnect power...

Страница 8: ...Attaching a Fiber Optic Cable to a Transceiver 12 2 6 2 Removing SFP Modules 12 Figure 2 6 Removing a Fiber Optic Cable to a Transceiver 12 Figure 2 7 Removing an SFP Transceiver 12 2 7 Connecting the...

Страница 9: ...ed Configuration 30 Figure 4 10 System Advanced Configuration DHCP Server Global 31 Figure 4 11 System Advanced Configuration DHCP Server Excluded Addresses 31 Figure 4 12 System Advanced Configuratio...

Страница 10: ...tem Advanced Configuration Link Dependency Group Add 52 Figure 4 40 System Advanced Configuration Protection Denial of Service 53 Figure 4 41 System Advanced Configuration sFlow Agent 54 Figure 4 42 S...

Страница 11: ...anges Configuration Add 76 Figure 4 70 System Advanced Configuration Time Ranges Entry Configuration 77 Figure 4 71 System Advanced Configuration Time Ranges Entry Configuration Add Absolute 77 Figure...

Страница 12: ...ccess Serial 107 Figure 4 109System Management Access CLI Banner 108 Figure 4 110System Management Access HTTP 108 Figure 4 111System Management Access HTTPS 109 Figure 4 112System Management Access S...

Страница 13: ...figuration 150 Figure 4 154Switching DHCP Snooping Base VLAN Configuration Add 150 Figure 4 155Switching DHCP Snooping Base Interface Configuration 151 Figure 4 156Switching DHCP Snooping Base Static...

Страница 14: ...4 188Switching GARP Switch 174 Figure 4 189Switching GARP Port 175 4 4 8 IGMP Snooping 176 Figure 4 190Switching IGMP Snooping Configuration 176 Figure 4 191Switching IGMP Snooping Interface Configur...

Страница 15: ...0 4 4 14 LLDP 200 Figure 4 223Switching LLDP Global 201 Figure 4 224Switching LLDP Interface 201 Figure 4 225Switching LLDP Interface Add 202 Figure 4 226Switching LLDP Local Devices 203 Figure 4 227S...

Страница 16: ...te VLAN Configuration Add VLAN 237 Figure 4 266Switching Private VLAN Association 238 Figure 4 267Switching Private VLAN Interface 238 4 4 25 X Ring Pro 240 Figure 4 268Switching X Ring Pro Configurat...

Страница 17: ...Access Control Lists Configuration 277 Figure 4 308QoS Access Control Lists Configuration Add Rule 278 Figure 4 309QoS Access Control Lists Interfaces 283 Figure 4 310QoS Access Control Lists Interfac...

Страница 18: ...EKI 9228G Series User Manual xviii A 1 Troubleshooting 305...

Страница 19: ...Chapter 1 1Product Overview...

Страница 20: ...352 mm 17 4 x 1 73 x 13 85 LED Display System LED SYS Power 1 Power 2 CFG ALM Port LED Speed Link Activity Environment Operating Temperature 40 85 C 40 185 F Storage Temperature 40 85 C 40 185 F Ambie...

Страница 21: ...for system soft reset 3 sec or factory default reset 5 sec 5 USB port 4 pin female port for FW backup access 6 ETH port 100 1000Base X SFP Port x 4 7 LNK ACT LED Link activity LED 8 SPEED LED Speed LE...

Страница 22: ...on Defined major policies are detected Blink red 1Hz Defined minor policies are detected Blink red 3Hz TBD Blink red 5Hz TBD Off Power off or system alarm is cleared or masked 4 PWR1 Green on Power is...

Страница 23: ...Chapter 2 2Switch Installation...

Страница 24: ...EKI 9228G Series User Manual 6 2 1 Warnings Warning Before working on equipment that is connected to power lines remove any jewelry including rings necklaces and watches Metal objects can heat up when...

Страница 25: ...t the power source from the DC circuit Caution Read the installation instructions before connecting the system to its power source Caution The device must be grounded Never defeat the ground conductor...

Страница 26: ...feet Make sure airflow around the switch and respective vents is unrestricted With out proper airflow the switch can overheat To prevent performance degradation and damage to the switch make sure ther...

Страница 27: ...plying with a flame spread rating of 5VA V2 V1 V0 or equivalent if nonmetallic The interior of the enclosure must be accessible only by the use of a tool Subsequent sections of this publication might...

Страница 28: ...d Suppose that you are connecting devices I and II contrary to electrical signals optical signals do not require a circuit in order to transmit data Consequently one of the optical lines is used to tr...

Страница 29: ...le is seated correctly before sliding the module into the slot A click sounds when it is locked in place Figure 2 4 Installing an SFP Transceiver 6 Remove the protective plug from the SFP transceiver...

Страница 30: ...Modules To disconnect an LC connector use the following guidelines 1 Press down and hold the locking clips on the upper side of the optic cable 2 Pull the optic cable out to release it from the transc...

Страница 31: ...Connector Pin Position Maximum cable length 100 meters 328 ft for 10 100 1000BaseT 2 8 Connecting the Switch to Console Port The industrial switch supports a secondary means of management By connectin...

Страница 32: ...assis ground screw terminal should be tied to the panel or chassis ground A DB9 Connector RJ45 Connector NC 1 Orange White NC 2 Orange 2 3 Green White NC 4 Blue 5 5 Blue White 3 6 Green NC 7 Brown Whi...

Страница 33: ...e paths Do not bundle together wiring with similar electrical characteristics Make sure to separate input and output wiring Label all wiring and cabling to the various devices for more effective manag...

Страница 34: ...o not service equipment or cables during periods of lightning activity Caution Do not service any components unless qualified and authorized to do so Caution Do not block air ventilation holes RELAY2...

Страница 35: ...V1 wire clamp screws and loosen the screws 2 Insert the negative positive DC wires into the V V terminals of PW1 If setting up power redundancy connect PW2 in the same manner 3 Tighten the wire clamp...

Страница 36: ...Chapter 3 3Configuration Utility...

Страница 37: ...f explanation of how RSTP works is given in the Spanning Tree section The switch is capable of communicating with other SNMP capable devices on the network to exchange management information This stat...

Страница 38: ...for network access select Add Menu Address Here to reach the System Settings menu The settings in this menu control the switch s general net work configuration DHCP Enabled Disabled The switch can au...

Страница 39: ...t cable between network interfaces The second local area network standard is 100BASE T which runs at 100Mbps over the same twisted pair Ethernet cable Lastly there is 100BASE F which enables fast Ethe...

Страница 40: ...interface allows for local or remote switch configuration anywhere on the network The interface is designed for use with Internet Explorer 6 0 Chrome Firefox 3 3 1 Preparing for Web Configuration The...

Страница 41: ...Chapter 4 4Managing Switch...

Страница 42: ...e Figure 4 1 Login Screen 4 2 Recommended Practices One of the easiest things to do to help increase the security posture of the network infrastructure is to implement a policy and standard for secure...

Страница 43: ...and port based IEEE 802 1X access to the system An authentication list specifies which authentication method s to use to vali date the credentials of a user who attempts to access the device Several a...

Страница 44: ...s are as follows IAS Uses the local Internal Authentication Server IAS data base for 802 1X port based authentication Deny Denies authentication Enable Uses the locally configured Enable password to v...

Страница 45: ...e default Enable authentication lists as well as any user configured Enable lists To access this page click System AAA Authentication Selection Figure 4 6 System AAA Authentication Selection Item Desc...

Страница 46: ...ers who attempt to access the CLI by using a Telnet ses sion SSH The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a secure shel...

Страница 47: ...s Line The access method s that use the list for accounting user activity The settings for this field are configured on the Accounting Selection page Refresh Click Refresh to update the screen Add Cli...

Страница 48: ...CLI based Console The Exec accounting list and the Commands account ing list to apply to users who access the CLI by using a connec tion to the console port Telnet The Exec accounting list and the Com...

Страница 49: ...onfigurations for clients Conflict Logging Mode Enables or disables the logging mode for IP address conflicts When enabled the system stores information IP address conflicts that are detected by the D...

Страница 50: ...nge of addresses If the excluded address is not part of a range this field shows the same value as the From field When adding a single IP address to exclude you can enter the same address specified in...

Страница 51: ...ion has not been configured Network For a Manual pool indicates the host IP address to assign the client For a Dynamic pool indicates the network base address Lease Time The amount of time the informa...

Страница 52: ...es the client identifier the Client ID field on the DHCP server must contain the same value and the Hardware Address Type field must be set to the appropriate value Otherwise the DHCP server will not...

Страница 53: ...r dynamic pools only Client Name The system name of the client The Client Name should not include the domain name This field is optional Hardware Address Type The protocol type Ethernet or IEEE 802 us...

Страница 54: ...t a TFTP server to download a new image file To configure this field click button in the row To reset the field to the default value click the Reset icon in the row To configure settings for one or mo...

Страница 55: ...ast Domain Name The default domain name to configure for all clients in the selected pool Bootfile Name The name of the default boot image that the client should attempt to download from a specified b...

Страница 56: ...ced Configuration DHCP Server Pool Options Configure Vendor Option The following table describes the items in the previous figure Item Description Option Code The number that uniquely identifies the o...

Страница 57: ...eared To access this page click System Advanced Configuration DHCP Server Statistics Figure 4 20 System Advanced Configuration DHCP Server Statistics Submit Click Submit to save the values Cancel Clic...

Страница 58: ...e message if the DHCP client detects that the IP address offered by the DHCP server is already in use on the network The server then marks the address as unavailable DHCPRELEASE The number of DHCP rel...

Страница 59: ...which is one of the following Gratuitous ARP The DHCP client detected the conflict by broadcasting an ARP request to the address specified in the DHCP offer message sent by the server If the client re...

Страница 60: ...Domain List The list of domain names that have been added to the DNS client s domain list If a DNS query that includes the default domain name is not resolved the DNS client attempts to use the domain...

Страница 61: ...s only available for Dynamic entries Elapsed Time The number of seconds that have passed since the entry was added to the table When the Elapsed Time reaches the Total Time the entry times out and is...

Страница 62: ...gure 4 26 System Advanced Configuration Email Alerts Global The following table describes the items in the previous figure Item Description Type The type of interface to use as the source interface No...

Страница 63: ...g Duration Minutes Determines how frequently the non critical messages are sent to the SMTP server Submit Click Submit to save the values and update the screen Refresh Click Refresh to update the scre...

Страница 64: ...fresh Click Refresh to update the screen Add Click Add to add a new Email server Edit Click Edit to edit the selected entries Remove Click Remove to remove the selected entries Item Description Securi...

Страница 65: ...Time Since Last Email Sent The amount of time in days hours minutes and seconds that has passed since the last email alert was successfully sent Refresh Click Refresh to update the screen Clear Counte...

Страница 66: ...ol CDP ISDP is used to share information between neighboring devices routers bridges access servers and switches To access this page click System Advanced Configuration ISDP Global Figure 4 34 System...

Страница 67: ...interface that is connected to the neighbor The ISDP mes sage was received on this interface IP Address The first network layer address reported in the address TLV of the most recently received ISDP m...

Страница 68: ...his page click System Advanced Configuration ISDP Statistics Figure 4 37 System Advanced Configuration ISDP Statistics The following table describes the items in the previous figure Item Description I...

Страница 69: ...e total number of ISDP version 1 packets transmitted by the device ISDPv2 Packets Received The total number of ISDP version 2 packets received by the device ISDPv2 Packets Transmitted The total number...

Страница 70: ...link up Down Link is down when the above conditions are not true Refresh Click Refresh to update the screen Add Click Add to add a new group Edit Click Edit to edit the selected entries Remove Click R...

Страница 71: ...P Port Enable this option to allow the device to drop packets that have the TCP source port equal to the TCP destination port UDP Port Enable this option to allow the device to drop packets that have...

Страница 72: ...ller than this configured value ICMP Settings ICMP Enable this option to allow the device to drop ICMP packets that have a type set to ECHO_REQ ping and a payload size greater than the ICMP payload si...

Страница 73: ...r which data is displayed or configured Owner String The entity making use of this sFlow receiver table entry If this field is blank the entry is currently unclaimed Time Remaining The time in seconds...

Страница 74: ...be associated with an active sFlow receiver If a receiver expires all pollers associated with the receiver will also expire Poller Interval The maximum number of seconds between successive samples of...

Страница 75: ...sampling rate for packet sampling from this source A sampling rate of 0 disables sampling Maximum Header Size The maximum number of bytes that should be copied from a sampled packet Refresh Click Ref...

Страница 76: ...MPv1 2 Community page When the community names are changed access rights are also changed SNMP Communities are defined only for SNMP v1 and SNMP v2 Use the SNMP Community Configuration page to enable...

Страница 77: ...the group associated with this community entry IP Address Specifies the IP address that can connect with this community Refresh Click Refresh to update the screen Add Community Click Add Community to...

Страница 78: ...d identifies the access the user may connect with Group Name Identifies the Group associated with this Community entry IP Address Specifies the IP address that can connect with this community Submit C...

Страница 79: ...n Add Click Add to add a new SNMP trap receiver Remove Click Remove to remove the selected entries Item Description Host IP Address The IP address of the SNMP management host that will receive traps g...

Страница 80: ...cation Notify Type The type of SNMP notification to send the SNMP management host Trap An SNMP message that notifies the host when a certain event has occurred on the device The message is not acknowl...

Страница 81: ...The type of SNMP notification to send the SNMP management host Inform An SNMP message that notifies the host when a certain event has occurred on the device The message is acknowl edged by the SNMP m...

Страница 82: ...ement system outside of its configured group but an agent can be a member of multiple groups at the same time to allow communication with SNMP managers from different groups Several default SNMP group...

Страница 83: ...No Priv Authentication but no data encryption With this security level users send SNMP messages that use an MD5 key password for authentication but not a DES key password for encryption Auth Priv Aut...

Страница 84: ...but not a DES key password for encryption Auth Priv Authentication and data encryption With this security level users send an MD5 key password for authentication and a DES key password for encryption...

Страница 85: ...er name cannot contain any leading or embedded blanks Group Name A SNMP group is a group to which hosts running the SNMP service belong A group name parameter is simply the name of that group by which...

Страница 86: ...contain any leading or embedded blanks Group Name A SNMP group is a group to which hosts running the SNMP service belong A group name parameter is simply the name of that group by which SNMP communiti...

Страница 87: ...protocol to be used on encrypted messages on behalf of the specified user This parameter is only valid if the Authen tication method parameter is not NONE DES DES protocol will be used None No privac...

Страница 88: ...cription Client Mode Specifies the mode of operation of SNTP Client An SNTP client may operate in one of the following modes Disable SNTP is not operational No SNTP requests are sent from the client n...

Страница 89: ...t before attempting to use the next configured server when configured in unicast mode Number of Servers Configured Specifies the number of current valid unicast server entries configured for this clie...

Страница 90: ...NTP message Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server This is indicated by a stra tum field equal to 0 in a message received from a server S...

Страница 91: ...er that they appear in the table Version Specifies the NTP version running on the server Refresh Click Refresh to update the screen Add Click Add to add a new SNTP server Edit Click Edit to edit the s...

Страница 92: ...e the system clock Last Attempt Time Specifies the local date and time UTC that this SNTP server was last queried Last Attempt Status Specifies the status of the last SNTP request to this server If no...

Страница 93: ...guration Use the Time Range Summary page to create a named time range Each time range can consist of one absolute time entry and or one or more periodic time entries To access this page click System A...

Страница 94: ...r name that identifies this time range A time based ACL rule can reference the name configured in this field Time Range Status Shows whether the time range is Active or Inactive A time range is Inacti...

Страница 95: ...even years Each time entry configuration can have only one Absolute entry Periodic Recurring entry that takes place at fixed intervals This type of entry occurs at the same time on one or more days o...

Страница 96: ...on in the field or by using the scroll bar in the Choose Time window Click Now to use the current time of day Click Done to close the Choose Time window This field can be configured only if the Start...

Страница 97: ...selected option in the Applicable Days field is Days of Week select one or more days on which the entry becomes active To select multiple days hold the CTRL key and select each desired start day Star...

Страница 98: ...sable Summer time is not active and the time does not shift based on the time of year Recurring Summer time occurs at the same time every year The start and end times and dates for the time shift must...

Страница 99: ...s this page click System Advanced Configuration Time Zone Sum mer Time Figure 4 75 System Advanced Configuration Time Zone Summer Time Item Description Time Zone Offset The system clock s offset from...

Страница 100: ...To change the date click the calendar icon to the right of the field select the year from the menu browse to the desired month and click the date Starting Time of Day The time in hours and minutes to...

Страница 101: ...ble describes the items in the previous figure Trap Log Use the System Trap Log page to view the entries in the trap log To access this page click System Advanced Configuration Event Manager Trap Log...

Страница 102: ...overwrite the oldest entries Number of Traps Since Last Reset The number of traps the system has generated since the trap log entries were last cleared either by clicking Clear Log or by resetting th...

Страница 103: ...nfigurable Configured The list has been added by a user Refresh Click Refresh to update the screen Add Click Add to add a new policy list Edit Click Edit to edit the selected entries Item Description...

Страница 104: ...ch event To access this page click System Advanced Configuration Event Manager Severity Configuration Figure 4 81 System Advanced Configuration Event Manager Severity Configuration Item Description Al...

Страница 105: ...te the screen Refresh Click Refresh to update the screen Cancel Click Cancel to restore default value Item Description 802 3x Flow Control Mode The 802 3x flow control mode on the switch IEEE 802 3x f...

Страница 106: ...3 4 3 Erase Startup Use the Erase Startup page to delete the text based configuration file The file is stored in non volatile memory When you click Reset the Erase Startup action is initi ated To acce...

Страница 107: ...l ports through which traffic is switched or routed Item Description Reset Click Reset to initiate the action to erase the text based configuration file stored in non volatile memory after displaying...

Страница 108: ...ients in an administrative domain The Client Identifier string will be displayed beside the check box once DHCP is enabled on the port on which the Client Identifier option is selected This web page w...

Страница 109: ...0 i e byte 0 must have a value of 2 6 A or E for its second digit Management VLAN ID The VLAN ID for the management VLAN Some network administra tors use a management VLAN to isolate system managemen...

Страница 110: ...ntries from the list click button in the heading row Dynamic IPv6 Addresses Lists the IPv6 addresses on the network interface that have been dynamically configured through IPv6 auto configuration or D...

Страница 111: ...following Reachable The neighbor is reachable through the network interface Stale The neighbor is not known to be reachable and the sys tem will begin the process to reach the neighbor Delay The neig...

Страница 112: ...main The Client Identifier string will be displayed beside the check box once DHCP is enabled on the port on which the Client Identifier option is selected This web page will need to be refreshed once...

Страница 113: ...Pv6 server IPv6 Gateway The default gateway for the IPv6 service port interface To configure this field click button in the row To reset the field to the default value click button in the row Static I...

Страница 114: ...ghbor entry is dynamically resolved Local The neighbor entry is a local entry Other The neighbor entry is an unknown entry Is Router Identifies whether the neighbor device is a router The possible val...

Страница 115: ...e up to two software images in permanent storage The dual image feature allows you to upgrade the device without deleting the older software image Item Description IPv6 Address The IPv6 address of a n...

Страница 116: ...the switch Active The code file version of the active image Backup The code file version of the backup image Current Active The image version that is loaded and running on this unit Next Active The i...

Страница 117: ...ose File to browse to the file to transfer After you select the appropriate file click Begin Transfer to launch the HTTP transfer process If a backup image already exists on the device it is overwritt...

Страница 118: ...s experiencing conditions that could lead to system errors if no action is taken Notice 5 The device is experiencing normal but significant conditions Info 6 The device is providing non critical infor...

Страница 119: ...reset The only correlation between any two entries in the event log is the relative amount of time after a system reset that the event occurred Refresh Click Refresh to update the screen Item Descript...

Страница 120: ...to be actively logging or not Port The UDP port on the logging host to which syslog messages are sent Severity Filter Severity level threshold for log messages All log messages with a severity level a...

Страница 121: ...immediately Critical 2 The device is experiencing primary system failures Error 3 The device is experiencing non urgent failures Warning 4 The device is experiencing conditions that could lead to syst...

Страница 122: ...yslog file It also displays the number of messages that were successfully or unsuccessfully relayed to any remote syslog servers configured on the device Local UDP Port The UDP port on the local host...

Страница 123: ...umber of Mes sages The number of log messages currently stored in persistent storage Syslog Messages Received The total number of messages received by the log process This includes messages that are d...

Страница 124: ...is enabled the device command line interface CLI can be accessed through the telnet port Disabling this mode disconnects all existing telnet connections and shuts down the telnet port in the device A...

Страница 125: ...device Maximum Number of Sessions The maximum number of telnet sessions that may be connected to the device simultaneously Allow New Sessions Controls whether new telnet sessions are allowed Setting t...

Страница 126: ...tion in the CLI To create a line break carriage return in the message press the Enter key on the keyboard The line break in the text area will be at the same loca tion in the banner message when viewe...

Страница 127: ...ption HTTPS Admin Mode Enables or disables the HTTPS administrative mode When this mode is enabled the device can be accessed through a web browser using the HTTPS protocol TLS Version 1 Enables or di...

Страница 128: ...ration In Progress An SSL certificate is currently being generated Allows you to download an SSL certificate file from a remote system to the device Note that to download SSL certificate files SSL mus...

Страница 129: ...ltaneously SSH Session Time out minutes The SSH session inactivity timeout value A connected user that does not exhibit any SSH activity for this amount of time is automatically disconnected from the...

Страница 130: ...of characters The password characters are not displayed on the page but are dis guised in a browser specific manner Confirm Password Re enter the new password for the corresponding Line Mode in this f...

Страница 131: ...Number of Lowercase Letters The minimum number of lower case letters that a valid password must contain Minimum Number of Numeric Characters The minimum number of numeric characters that a valid pass...

Страница 132: ...are prohibited Use the plus and minus buttons to perform the following tasks To add a keyword to the list click button type the word to exclude in the Exclude Keyword Name field and click Submit To r...

Страница 133: ...ic ingress egress or both to another port the probe port Probe The port is configured to receive mirrored traffic from one or more source ports Admin Mode The administrative mode of the interface If a...

Страница 134: ...ort LACP When a port is added to a LAG as a static member it neither transmits nor receives LACP PDUs Link Status Indicates whether the link is up or down The link is the physical con nection between...

Страница 135: ...estimated distance from the end of the cable to the failure loca tion NOTE This field displays a value only when the Cable Status is Open or Short otherwise this field is blank Cable Length Meters Th...

Страница 136: ...on the Destination Configuration window opens The following information describes the additional fields avail able in this window Type The type of interface to use as the destination which is one of t...

Страница 137: ...roring session or to select an ACL for flow based mirroring Configure Source Click Configure Source to configure one or more source ports or a VLAN for the mirroring session and to determine which tra...

Страница 138: ...prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Unicast Packets The number of subnetwork unicast packets delivered...

Страница 139: ...ify the interface when managing the device by using SNMP Time Since Counters Last Cleared The amount of time in days hours minutes and seconds that has passed since the statistics for this device were...

Страница 140: ...s the Ethernet header CRC and payload Packet Lengths Received and Trans mitted The table shows how many packets of certain lengths have been received and transmitted by the interface Basic The table s...

Страница 141: ...Since Counters Last Cleared The amount of time in days hours minutes and seconds that has passed since the statistics for this interface were last reset Refresh Click Refresh to update the screen Cle...

Страница 142: ...the DHCPv6 client has sent to any avail able DHCPv6 server to request an extension of its addresses and an update to any other relevant information This message is sent only if the client does not re...

Страница 143: ...istics are not reported to the console or an exter nal server They can be viewed only by using the web interface or by issuing a CLI command Console The statistics are displayed on the console E Mail...

Страница 144: ...tal bandwidth used by the port within the specified time period Congestion The percentage of time within the specified time range that the ports experienced congestion Time Range The name of the perio...

Страница 145: ...Mail The statistics are sent to an e mail address The SNTP server and e mail address information is configured by using the appropriate Email Alerts pages Syslog The statistics are sent to a remote s...

Страница 146: ...gainst the rule Match Criteria Match All Select this option to indicate that all traffic matches the rule and is counted in the statistics This option is exclusive to all other match cri teria so if M...

Страница 147: ...e to any value less than 1024 When multiple network interfaces are supported by a device as is typical of a router either a single ARP cache is used for all interfaces or a separate cache is maintaine...

Страница 148: ...the switch port through which the connection was established or displays as Management if the connection occurred via a non net work port interface if applicable Refresh Click Refresh to update the s...

Страница 149: ...stem Summary Dashboard 60 Seconds The percentage amount of CPU utilization consumed by the corre sponding task in the last 60 seconds 300 Seconds The percentage amount of CPU utilization consumed by t...

Страница 150: ...rts and can not be switched or routed to the operational network Service Port MAC Address The device burned in universally administered media access control MAC address of the service port System Up T...

Страница 151: ...cal interface that allows remote management of the device via any of the front panel switch ports Service Port IP Address The IP address assigned to the service port The service port provides remote m...

Страница 152: ...l number used to identify the device Manufacturer The two octet code that identifies the manufacturer Burned In MAC Address The device burned in universally administered media access control MAC addre...

Страница 153: ...entry and why it is in the table which can be one of the following Static The address has been manually configured and does not age out Learned The address has been automatically learned by the device...

Страница 154: ...of the pass word Disable When configuring a password it is checked against the Strength Check rules configured for passwords Password Expiration Indicates the current expiration date if any of the pa...

Страница 155: ...ers Auth Server Users Add The following table describes the items in the previous figure Password Strength Shows the status of password strength check Encrypted Password Specifies the password encrypt...

Страница 156: ...user name Password Specify the password to associate with the user name if required Confirm Re enter the password to confirm the entry Encrypted Select this option to encrypt the password before it i...

Страница 157: ...the ping packet in bytes Changing the size allows you to troubleshoot connectivity issues with a variety of packet sizes such as large or very large packets Source The source IP address or interface t...

Страница 158: ...prefix of fe80 64 Interface Select the interface on which to issue the Link Local ping request Host Name or IPv6 Address Enter the global or link local IPv6 address or the DNS resolvable host name of...

Страница 159: ...terminates after sending probes that can be layer 3 forwarded this number of times If the destination is further away the TraceRoute will not reach it InitTTL The initial Time To Live TTL This value...

Страница 160: ...29 20 5 246 80 ms 80 ms 80 ms 7 198 20 90 26 70 ms 70 ms 70 ms 8 216 20 255 105 90 ms 70 ms 80 ms 9 63 20 216 155 80 ms 80 ms 90 ms Hop Count 9 Last TTL 9 Test attempt 27 Test Success 27 For each TTL...

Страница 161: ...ils to receive a response for this number of consecutive probes the TraceRoute terminates Interval Seconds Specifies the time between probes in Seconds If a response is not received within this interv...

Страница 162: ...P address of the router that responded to the probes and the response time for each probe If no response is received for probes with a particular TTL the IP address is reported as 0 0 0 0 An error cod...

Страница 163: ...the last address conflict was detected provided the Clear His tory button has not yet been pressed Refresh Click Refresh to update the screen Run Detection Click Run Detection to activate the IP addre...

Страница 164: ...system Trap Log Select this option to transfer the system trap records to a remote system Error Log Select this option to transfer the system error per sistent log which is also known as the event lo...

Страница 165: ...sed user authentication SSH 1 RSA Key File Select this option to transfer an SSH 1 Rivest Shamir Adleman RSA key file to the device SSH key files contain information to authenticate SSH sessions for r...

Страница 166: ...us traffic types e g data or voice based on their latency requirements and give preference to time sensitive traffic Select File If HTTP is the Transfer Protocol browse to the direc tory where the fil...

Страница 167: ...dividually Priority The heading row lists each 802 1p priority value 0 7 and the data in the table shows which traffic class is mapped to the priority value Incoming frames containing the designated 8...

Страница 168: ...Switching DHCP Snooping Base VLAN Configuration Add Figure 4 154 Switching DHCP Snooping Base VLAN Configuration Add The following table describes the items in the previous figure Interface Configurat...

Страница 169: ...gs for one or more interfaces this field identifies each interface that is being configured Trust State The trust state configured on the interface The trust state is one of the following Disabled The...

Страница 170: ...ived on untrusted interfaces If the incoming rate of DHCP packets exceeds the value of this object during the amount of time specified for the burst interval the port will be shutdown You must adminis...

Страница 171: ...e describes the items in the previous figure Persistent Use the DHCP Snooping Persistent Configuration page to configure the persistent location of the DHCP snooping bindings database The bindings dat...

Страница 172: ...y if Remote is selected in the Store field Remote File Name The file name of the DHCP snooping bindings database in which the bindings are stored This field is available only if Remote is selected in...

Страница 173: ...e L2 DHCP relay on individual ports Note that L2 DHCP relay must also be enabled globally on the device To change the DHCP L2 relay settings for one or more interfaces select each entry to modify and...

Страница 174: ...f the following Trusted A trusted interface usually connects to other agents or servers participating in the DHCP interaction e g other L2 or L3 relay agents or servers An interface in this mode alway...

Страница 175: ...VLAN associated with the rest of the data in the row When config uring the settings for one or more VLANs this field identifies each VLAN that is being configured Circuit ID The administrative mode of...

Страница 176: ...clients DHCPv6 server messages are forwarded only through trusted ports To access this page click Switching IPv6 DHCP Snooping Base Global Figure 4 166 Switching IPv6 DHCP Snooping Base Global Item D...

Страница 177: ...es the items in the previous figure To enable a VLAN for IPv6 DHCP snooping Item Description DHCP Snooping Mode The administrative mode of IPv6 DHCP snooping on the device MAC Address Vali dation Enab...

Страница 178: ...messages that pass the initial validation are checked to verify that the source MAC address and the DHCPv6 client hardware address match Where there is a mismatch IPv6 DHCP snooping logs the event wh...

Страница 179: ...considered to be trusted and forwards DHCPv6 server messages without validation Log Invalid Packets The administrative mode of invalid packet logging on the interface When enabled the IPv6 DHCP snoopi...

Страница 180: ...ace where the DHCPv6 client message was received Tentative bindings are completed when IPv6 DHCP snooping learns the client s IPv6 address from a REPLY message on a trusted port DHCP snooping removes...

Страница 181: ...HCPv6 client that sent the message This is the key to the binding database VLAN ID The VLAN ID of the client interface IP Address The IPv6 address assigned to the client by the DHCPv6 server Lease Tim...

Страница 182: ...to configure the same or different TPIDs for different ports 4 4 4 1 Configuration The DVLAN Configuration page allows you to configure the Tag Protocol Identifier TPID to include in frames transmitte...

Страница 183: ...IDs can be selected as the Primary TPID To add Secondary TPIDs to the list click button and select one or more of the following options 802 1Q Tag IEEE 802 1Q customer VLAN tag type represented by the...

Страница 184: ...miscreant sends ARP requests or responses mapping another station s IP address to its own MAC address DAI relies on DHCP snooping DHCP snooping listens to DHCP message exchanges and builds a binding d...

Страница 185: ...e Destination MAC When this option is selected DAI verifies that the target hardware address in the ARP packet equals the destination MAC address in the Ethernet header If the addresses do not match t...

Страница 186: ...the optional DAI settings Edit Click Edit to edit the selected entries Remove Click Remove to disable DAI for the selected entries Item Description VLAN ID Lists each VLAN that has been enabled for DA...

Страница 187: ...ancel Click Cancel to close the window Item Description Item Description Interface The interface associated with the rest of the data in the row In the Edit Interface Configuration window this field i...

Страница 188: ...C address of a system that is permitted to send ARP packets The ARP packet must match on both the Sender IP Address and Sender MAC Address values in the rule to be considered valid Refresh Click Refre...

Страница 189: ...ts The ARP packet must match on both the Sender IP Address and Sender MAC Address values in the rule to be considered valid Sender MAC Address The MAC address of a system that is permitted to send ARP...

Страница 190: ...because a matching DHCP snooping binding entry was found in the DHCP snooping database ACL Permits The number of ARP packets that were forwarded by DAI because the sender IP address and sender MAC ad...

Страница 191: ...ter is received on a port in the Source Members list it is forwarded to a port in the Desti nation Members list If the frame that meets the filter criteria is received on a port that is not in the Sou...

Страница 192: ...iated with the filter The VLAN ID is used with the MAC address to fully identify the frames to filter Source Members The port s included in the inbound filter If a frame with the MAC address and VLAN...

Страница 193: ...ed with the rest of the data in the row When configuring one or more interfaces in the Edit GARP Port Configuration window this field identifies the interfaces that are being configured GVRP Mode The...

Страница 194: ...flooded into net work segments where no node has any interest in receiving the packet While nodes will rarely incur any processing overhead to filter packets addressed to un requested group addresses...

Страница 195: ...value Item Description Item Description Interface The interface associated with the rest of the data in the row When configuring IGMP snooping settings this field identifies the interface s that are b...

Страница 196: ...be immediately removed from the layer 2 for warding table entry upon receiving an IGMP leave message for a mul ticast group without first sending out MAC based general queries Group Membership Interva...

Страница 197: ...e VLAN should wait for a report for a particu lar group on the VLAN before the IGMP snooping feature deletes the VLAN from the group Max Response Time Seconds The number of seconds the VLAN should wai...

Страница 198: ...h is an interface that faces a multicast router or IGMP querier and receives multicast traffic To access this page click Switching IGMP Snooping Multicast Router VLAN Status Figure 4 195 Switching IGM...

Страница 199: ...LAN The Multicast Router VLAN Configuration Menu displays Click a VLAN ID to select it or CTRL click to select multiple VLAN IDs Click the appropriate arrow to move the selected VLAN ID or VLAN IDs to...

Страница 200: ...sages from the switches that want to receive IP multicast traffic The IGMP snooping feature listens to these IGMP reports to establish appropriate forwarding IP Address The snooping querier address to...

Страница 201: ...ng querier IP address Refresh Click Refresh to update the screen Add Click Add to enable the IGMP snooping querier feature on a VLAN Edit Click Edit to edit the selected entries Remove Click Remove to...

Страница 202: ...hat have the snooping querier enabled State The operational state of the IGMP snooping querier on the VLAN which is one of the following Querier The snooping switch is the querier in the VLAN The snoo...

Страница 203: ...o access this page click Switching MLD Snooping Interface Configuration Figure 4 202 Switching MLD Snooping Interface Configuration The following table describes the items in the previous figure Item...

Страница 204: ...r of seconds the interface should wait to receive a query before it is removed from the list of interfaces with multicast routers attached Fast Leave Admin Mode The administrative mode of Fast Leave o...

Страница 205: ...able to snoop MLD packets and determine which network segments should receive multicast packets directed to the group address Group Membership Interval The number of seconds the VLAN should wait for a...

Страница 206: ...led for MLD snooping appear in the menu When modifying MLD snooping settings this field identifies the VLAN that is being configured Group Membership Interval Seconds The number of seconds the VLAN sh...

Страница 207: ...tching MLD Snooping Multicast Router VLAN Status Figure 4 207 Switching MLD Snooping Multicast Router VLAN Status The following table describes the items in the previous figure Item Description Interf...

Страница 208: ...es that are associated with an interface click the VLAN ID to select it or CTRL click to select multiple VLAN IDs Refresh Click Refresh to update the screen Add Click Add to enable VLANs as multicast...

Страница 209: ...the switches that want to receive IP multicast traffic The MLD snooping feature listens to these MLD reports to establish appropriate forwarding IPv6 Address The snooping querier unicast link local IP...

Страница 210: ...s other queriers of the same version in the VLAN the snooping querier moves to the non querier state and stops sending peri odic queries Querier VLAN IPv6 Address The MLD snooping querier unicast link...

Страница 211: ...cal IPv6 address the VLAN uses as the source address in periodic MLD queries sent on the VLAN If this value is not configured the VLAN uses the global MLD snooping querier IPv6 address Submit Click Su...

Страница 212: ...or more than one protocol To access this page click Switching Multicast Forwarding Database Sum mary Figure 4 213 Switching Multicast Forwarding Database Summary The following table describes the item...

Страница 213: ...ator Dynamic The entry has been added to the MFDB as a result of a learning process or protocol Description A text description of this multicast table entry Interface s The list of interfaces that wil...

Страница 214: ...ulticast MAC address associated with the entry in the MFDB Type The type of entry which is one of the following Static The entry has been manually added to the MFDB by an administrator Dynamic The ent...

Страница 215: ...network avoiding duplication of multi cast streams for clients in different VLANs 4 4 13 1 Global Use the MVR Global Configuration page to view and configure the global settings for MVR To access this...

Страница 216: ...on Multicast VLAN A dedicated VLAN used to transfer multicast traffic over the network avoiding duplication of multicast streams for clients in different VLANs Maximum Multicast Groups The maximum num...

Страница 217: ...desired number of groups to be created starting with the entered group address The default contiguous group count is 1 Submit Click Submit to save the values Cancel Click Cancel to close the window I...

Страница 218: ...VLAN Interface is a member of one or more VLANs Not In VLAN Interface is not a member of any VLAN Immediate Leave The MVR immediate leave mode on the interface It can only be con figured on the recei...

Страница 219: ...LDP parameters that are applied to the switch To access this page click Switching LLDP Global Figure 4 223 Switching LLDP Global The following table describes the items in the previous figure 4 4 14 2...

Страница 220: ...LDP Data Units LLDPDUs that advertise the mandatory TLVs and any optional TLVs that are enabled Receive The LLDP receive mode on the interface If the receive mode is enabled the device can receive LLD...

Страница 221: ...tory TLVs and any optional TLVs that are enabled Receive The LLDP receive mode on the interface If the receive mode is enabled the device can receive LLDPDUs from other devices Notify The LLDP remote...

Страница 222: ...The table that shows per interface statistics contains entries only for interfaces that have at least one LLDP setting enabled Item Description Interface The interface associated with the rest of the...

Страница 223: ...liness interval has expired Interface The interface associated with the rest of the data in the row Transmit Total The number of LLDPDUs transmitted by the LLDP agent on the inter face Receive Total T...

Страница 224: ...l Figure 4 229 Switching LLDP MED Global The following table describes the items in the previous figure 4 4 15 2 Interface Use the LLDP MED Interface Summary page to enable LLDP MED mode on an interfa...

Страница 225: ...forward traffic MED Status LLDP MED Mode The administrative status of LLDP MED on the interface When LLDP MED is enabled the transmit and receive function of LLDP is effec tively enabled on the inter...

Страница 226: ...g LLDP MED settings this field identifies the interfaces that are being configured MED Status LLDP MED Mode The administrative status of LLDP MED on the interface When LLDP MED is enabled the transmit...

Страница 227: ...ed together This allows the device to treat the port channel as a single logical link The primary pur pose of a port channel is to increase the bandwidth between two devices Port chan nels can also pr...

Страница 228: ...channel does not send and receive traffic STP Mode The spanning tree protocol STP mode of the port channel When enabled the port channel participates in the STP operation to help pre vent network loo...

Страница 229: ...ysical port include the following Source MAC VLAN Ethertype Incoming Port Destination MAC VLAN Ethertype Incoming Port Source Destination MAC VLAN Ethertype Incoming Port Source IP and Source TCP UDP...

Страница 230: ...nistra tive mode for the port security feature Port security which is also known as port MAC locking allows you to limit the number of source MAC address that can be learned on a port If a port reache...

Страница 231: ...source MAC addresses that can be dynamically learned on an interface If an interface reaches the configured limit any other addresses beyond that limit are not learned and the frames are discarded Fra...

Страница 232: ...amically learned addresses are cleared from the source MAC address table the feature maintains When the link is restored the inter face can once again learn addresses up to the specified limit If stic...

Страница 233: ...unning and saved configura tion if it is not relearned Refresh Click Refresh to update the screen Add Click Add to associate a static MAC address with an interface Remove Click Remove to remove the se...

Страница 234: ...ion The following table describes the items in the previous figure Item Description Interface The interface associated with the rest of the data in the row When converting dynamic addresses to static...

Страница 235: ...t not the end effect chief among the effects is the rapid transitioning of the port to Forwarding The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and re...

Страница 236: ...ntain topology infor mation Force Protocol Ver sion The STP version the device uses which is one of the following IEEE 802 1d Classic STP provides a single path between end stations avoiding and elimi...

Страница 237: ...value increases the probability that the bridge is selected as the root bridge of Associated VLANs The number of VLANs that are mapped to the MSTI This number does not contain any information about th...

Страница 238: ...istratively disabled and is not part of the spanning tree Port Forwarding State Blocking The port discards user traffic and receives but does not send BPDUs During the election process all ports are i...

Страница 239: ...Bridge Priority The value that helps determine which bridge in the spanning tree is elected as the root bridge during STP convergence A lower value increases the probability that the bridge becomes th...

Страница 240: ...hange is in progress on any port assigned to the CST If a change is in progress the value is True other wise it is False Designated Root The bridge identifier of the root bridge for the CST The identi...

Страница 241: ...ves but does not send BPDUs During the election process all ports are in the blocking state The port is blocked to prevent network loops Listening The port sends and receives BPDUs and evaluates infor...

Страница 242: ...ssociated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first swi...

Страница 243: ...N is configured Enabled as the Remote Switched Port Analyzer RSPAN VLAN The RSPAN VLAN is used to carry mirrored traffic from source ports to a destination probe port on a remote device Unknown Multic...

Страница 244: ...y VLAN ID s Use to specify a range and to separate VLAN IDs or VLAN ranges in the list Submit Click Submit to save the values Cancel Click Cancel to close the window Item Description VLAN ID The menu...

Страница 245: ...e in this VLAN unless it receives a GVRP or MVRP request and the device software supports the corresponding protocol This mode is equivalent to registration normal in the IEEE 802 1Q standard Tagging...

Страница 246: ...mes The options include the following Enabled A tagged frame is discarded if this interface is not a member of the VLAN identified by the VLAN ID in the tag Disabled All tagged frames are accepted Unt...

Страница 247: ...in General mode Promiscuous The interface belongs to a primary VLAN and can communicate with all interfaces in the private VLAN including other promiscuous ports community ports and isolated ports Hos...

Страница 248: ...or traffic from mul tiple source ports or from all ports that are members of a VLAN from different net work devices and send the mirrored traffic to a destination port a probe port connected to a netw...

Страница 249: ...VLAN Item Description RSPAN VLAN Click the drop down menu to select the VLAN to use as the RSAN VLAN Submit Click Submit to save the values and update the screen Refresh Click Refresh to update the s...

Страница 250: ...coming untagged packets that have a source IP address within the defined subnetwork are placed in the same VLAN Subnet Mask The subnet mask that defines the network portion of the IP address VLAN ID T...

Страница 251: ...ning multiple protocols PBVLANs can help opti mize network traffic patterns because protocol specific broadcast messages are sent only to hosts that use the protocols specified in the PBVLAN To access...

Страница 252: ...ocol is included in the two byte EtherType field of the frame When adding a PBVLAN you can specify the EtherType hex value or for IP ARP and IPX the protocol keyword Interface The interfaces that are...

Страница 253: ...group If a match is not found the frame is assigned the port VID PVID as its VLAN ID Protocol The protocol or protocols to use as the match criteria for an Ethernet frame The protocol is included in...

Страница 254: ...e two byte EtherType field of ingress Ethernet frames on the PVBLAN Group Interfaces When adding a protocol you can specify the EtherType hex value or for IP ARP and IPX the protocol keyword To config...

Страница 255: ...All ports within a private VLAN share the same primary VLAN Isolated A secondary VLAN that carries traffic from isolated ports to promiscuous ports Only one isolated VLAN can be configured per privat...

Страница 256: ...7 Switching Private VLAN Interface Note Isolated VLANs and Community VLANs are collectively called Second ary VLANs Item Description Primary VLAN The VLAN ID of each VLAN configured as a primary VLAN...

Страница 257: ...icate with other ports in the same community if the secondary VLAN is a community VLAN and with the promiscuous ports or is able to communicate only with the promiscuous ports if the secondary VLAN is...

Страница 258: ...pology The X Ring Pro group denoted as Coupling means it is a switch that is used to inter connect two X Ring Pro networks Interface 1 Specifies the first member interface for the X Ring Pro group The...

Страница 259: ...ical port or LAG Link Aggregation Group port For the X Ring Pro group denoted as Coupling the value is physical port or LAG Link Aggregation Group port or None The value None implies the X Ring Pro gr...

Страница 260: ...t to which the intended recipient responds by unicasting an ARP reply containing its MAC address Once learned the MAC address is used in the destination address field of the layer 2 header prepended t...

Страница 261: ...Summary The following table describes the items in the previous figure To add a new static ARP entry Item Description IP Address The IP address of a network host on a subnet attached to one of the dev...

Страница 262: ...e of the device s routing interfaces MAC Address The unicast MAC address hardware address associated with the net work host Submit Click Submit to save the values Cancel Click Cancel to close the wind...

Страница 263: ...page click Routing IP Configuration Figure 4 275 Routing IP Configuration Item Description Total Entry Count The total number of entries currently in the ARP table The number includes both dynamically...

Страница 264: ...it Burst Size The number of ICMP error messages that can be sent during the burst interval configured in the ICMP Rate Limit Interval field Static Route Prefer ence The default distance preference for...

Страница 265: ...physically up active link IP Address The IP address of the interface Subnet Mask The IP subnet mask for the interface also known as the network mask or netmask It defines the portion of the interface...

Страница 266: ...ffic State The state of the interface which is either Active or Inactive An inter face is considered active if the link is up and the interface is in a for warding state Link Speed Data Rate The physi...

Страница 267: ...network directed broadcast packets A network directed broadcast is a broadcast directed to a specific subnet If this option is selected network directed broadcasts are forwarded If this option is clea...

Страница 268: ...ti nation address was not a local address IpFwdDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route...

Страница 269: ...be fragmented at this entity but could not be e g because their Don t Fragment flag was set IpFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at t...

Страница 270: ...pOutParmProbs The number of ICMP Parameter Problem messages sent IcmpOutSrc Quenchs The number of ICMP Source Quench messages sent IcmpOutRedirects The number of ICMP Redirect messages sent For a host...

Страница 271: ...tion of the address and not the host bits When adding a default route this field is not available Subnet Mask The IP subnet mask also known as the network mask or netmask associated with the network a...

Страница 272: ...k portion of the address and not the host bits When adding a default route this field is not available Subnet Mask The IP subnet mask also known as the network mask or netmask associated with the netw...

Страница 273: ...none of the route s next hops were on a local subnet Note that static routes can fail to be added to the routing table at startup because the routing interfaces are not yet up This counter gets incre...

Страница 274: ...to enable or disable port access control on the system To access this page click Security Port Access Control Configuration Figure 4 283 Security Port Access Control Configuration The following table...

Страница 275: ...RADIUS access reject from the RADIUS server RADIUS timeout or the client itself is 802 1X unaware the client is authenticated and is undisturbed by the failure condition s The reasons for failure are...

Страница 276: ...h is one of the following Auto Force Unauthorized Force Authorized MAC Based N A If the mode is N A port based access control is not applicable to the port If the port is in detached state it cannot p...

Страница 277: ...been redirected to this page this field is read only and displays the interface that was selected on the Port Access Control Port Summary page PAE Capabilities The Port Access Entity PAE role which is...

Страница 278: ...iod Seconds The value in seconds of the timer used for guest VLAN authentica tion Unauthenticated VLAN ID The VLAN ID of the unauthenticated VLAN Hosts that fail the authen tication might be denied ac...

Страница 279: ...nt When authenticating the supplicant provides the pass word associated with the selected User Name Authentication Period Seconds The amount of time the supplicant port waits to receive a challenge fr...

Страница 280: ...ds The value in seconds of the timer used by the authenticator state machine on the port to determine when to send an EAPOL EAP Request Identity frame to the supplicant Guest VLAN ID The VLAN ID for t...

Страница 281: ...ata in the row When viewing detailed information for an interface this field identifies the interface being viewed PAE Capabilities The Port Access Entity PAE role which is one of the following Authen...

Страница 282: ...ewed Logical Interface The logical port number associated with the supplicant that is con nected to the port User Name The name the client uses to identify itself as a supplicant to the authen ticatio...

Страница 283: ...ed Users field are allowed access To move a user from one field to the other click the user to move or CTL click to select multiple users and click the appropriate arrow Refresh Click Refresh to updat...

Страница 284: ...at server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS server equals the sum of retransmit timeout for all configured server...

Страница 285: ...he RADIUS server RADIUS authentication servers that are configured with the same name are members of the same named RADIUS server group RADIUS servers in the same group serve as backups for each other...

Страница 286: ...is the Primary or a Secondary RADIUS authentication server When multiple RADIUS servers have the same Server Name value the RADIUS client attempts to use the primary server first If the primary serve...

Страница 287: ...of RADIUS packets received from the server on the authentication port and dropped for some other reason Refresh Click Refresh to update the screen Details Click Details to open a window and display ad...

Страница 288: ...n the RADIUS client on the device and the RADIUS accounting server The secret specified in this field must match the shared secret configured on the RADIUS accounting server Submit Click Submit to sav...

Страница 289: ...owing table describes the items in the previous figure 4 6 3 TACACS 4 6 3 1 Configuration Use the TACACS Configuration page to setup accounting information and adminis tration control over authenticat...

Страница 290: ...TACACS server The key must match the key configured on the TACACS server Connection Timeout The maximum number of seconds allowed to establish a TCP connec tion between the device and the TACACS serv...

Страница 291: ...for TACACS commu nications between the device and the TACACS server The key must match the encryption used on the TACACS server Connection Timeout The amount of time that passes before the connection...

Страница 292: ...which types of traffic are forwarded or blocked and above all pro vide security for the network There are three main steps to configuring an ACL 1 Create an ACL Use the current page 2 Add rules to th...

Страница 293: ...4 Extended Match criteria can be based on the source and destination addresses source and destination Layer 4 ports and protocol type of IPv4 packets IPv4 Named Match criteria is the same as IPv4 Exte...

Страница 294: ...ACLs classify Layer 3 and Layer 4 IPv4 traffic IPv6 ACLs classify Layer 3 and Layer 4 IPv6 traffic and MAC ACLs classify Layer 2 traffic The ACL types are as follows IPv4 Standard Match criteria is ba...

Страница 295: ...rule in every ACL ACL Type The type of ACL The ACL type determines the criteria that can be used to match packets The type also determines which attributes can be applied to matching traffic IPv4 ACLs...

Страница 296: ...t or frame matches the ACL rule Rule Attributes Each action beyond the basic Permit and Deny actions to perform on the traffic that matches the rule Refresh Click Refresh to update the screen Add Rule...

Страница 297: ...inverse of a subnet mask With a subnet mask the mask has ones 1 s in the bit positions that are used for the network address and has zeros 0 s for the bit posi tions that are not used In contrast a wi...

Страница 298: ...When Established is specified a match occurs if either RST or ACK bits are set in the TCP header This option is available only if the protocol is TCP The function is only available for IPv4 Extended...

Страница 299: ...ss Than Greater Than or Range and specify the port number or keyword TCP port keywords include BGP Domain Echo FTP FTP Data HTTP SMTP Telnet WWW POP2 and POP3 UDP port keywords include Domain Echo NTP...

Страница 300: ...sk specifies which bits in the destination MAC to compare against an Ethernet frame Use F s and zeros in the MAC mask which is in a wildcard format An F means that the bit is not checked and a zero in...

Страница 301: ...sts and the ACL containing this ACL rule is associated with an interface the ACL rule is applied when the time range with specified name becomes active The ACL rule is removed when the time range with...

Страница 302: ...IPv6 addresses source and desti nation Layer 4 ports and protocol type within IPv6 packets Extended MAC Match criteria can be based on the source and destination MAC addresses 802 1p user priority VL...

Страница 303: ...the lowest sequence number is applied first and the other ACLs are applied in ascending numerical order ACL Type The type of ACL The ACL type determines the criteria that can be used to match packets...

Страница 304: ...ation between a VLAN and an ACL Item Description VLAN ID The ID of the VLAN associated with the rest of the data in the row When associating a VLAN with an ACL use this field to select the desired VLA...

Страница 305: ...is serviced depends on how the queue is configured and possibly the amount of traffic present in other queues for that port To access this page click QoS Class of Service Interface Figure 4 314 QoS C...

Страница 306: ...e value the IP DSCP priority designation encoded within packets arriving on the port Shaping Rate The upper limit on how much traffic can leave a port The limit on max imum transmission bandwidth has...

Страница 307: ...cessing Defining this value on a per queue basis allows you to create the desired service characteristics for differ ent types of traffic The options are as follows Weighted Weighted round robin assoc...

Страница 308: ...ed on their priority DSCP or IP precedence This setting applies to the interface if it is configured with a WRED queue management type WRED Maximum Threshold The maximum queue threshold above which al...

Страница 309: ...ribute entries in the table A policy attribute entry attaches various policy attributes to a pol icy class instance Service Table The current and maximum number of service entries in the table A servi...

Страница 310: ...iffServ class Type The class type which is one of the following All All the various match criteria defined for the class should be satisfied for a packet match All signifies the logical AND of all the...

Страница 311: ...ference Class Select this option to reference another class for criteria The match cri teria defined in the referenced class is as match criteria in addition to the match criteria you define for the s...

Страница 312: ...ecimal number Note that this is not a wildcard mask which ACLs use Destination MAC Address Select this option to require a packet s destination MAC address to match the specified MAC address After you...

Страница 313: ...t s destination port number is the same as any destination port number within the range After you select this option use the following fields to configure a destination port keyword destination port n...

Страница 314: ...ocol number to match If you select a keyword you cannot configure a Protocol Value Protocol Value The IANA L4 protocol number value to match Flow Label Select this option to require an IPv6 packet s f...

Страница 315: ...traffic Out The policy is specific to outbound traffic Submit Click Submit to save the values Cancel Click Cancel to close the window Item Description Policy The name of the policy To add a class to...

Страница 316: ...the policy To add a class to the policy remove a class from the policy or configure the policy attributes you must first select its name from the menu Type The traffic flow direction to which the pol...

Страница 317: ...t match the policy class Mirror Interface Select this option to copy the traffic stream to a specified egress port physical or LAG without bypassing normal packet forwarding This action can occur in a...

Страница 318: ...s CoS IP DSCP IP Precedence or Secondary COS This field is available only if one or more classes that meets the color awareness criteria exist Color Exceed Class For color aware policing packets are m...

Страница 319: ...vailable only if one or more classes that meets the color awareness criteria exist Color Exceed Class For color aware policing packets are metered against the PIR Committed Rate Kbps The maximum allow...

Страница 320: ...s it enters the interface Outbound The policy is applied to traffic as it exits the interface Status The status of the policy on the interface A policy is Up if DiffServ is globally enabled and if the...

Страница 321: ...p or Down Refresh Click Refresh to update the screen Item Description Interface The interface associated with the rest of the data in the row The table displays all interfaces that have a DiffServ pol...

Страница 322: ...Appendix A ATroubleshooting...

Страница 323: ...the length of any twisted pair connection does not exceed 100 meters 328 feet R replacement letter for Ohm symbol Diagnosing LED Indicators To assist in identifying problems the switch can be easily...

Страница 324: ...tions are subject to change without notice No part of this publication may be reproduced in any form or by any means electronic photocopying recording or otherwise without prior written permis sion of...

Результаты поиска

Содержание EKI-9228G-8CMI

Отзывы:

Бренды по названию

Популярные бренды

Advantech EKI-9228G-8CMI, Руководство пользователя

Результаты поиска

Содержание EKI-9228G-8CMI

Отзывы:

Бренды по названию

Популярные бренды