Advantech EKI-9512-C0IDW10E Скачать руководство пользователя страница 234 | Manualshive

Страница: 234 / 326

background image

215

EKI-9500 Series User Manual

4.4.17

Port Security

Port Security can be enabled on a per-port basis. When a port is locked, only packets
with allowable source MAC addresses can be forwarded. All other packets are dis-
carded. A MAC address can be defined as allowable by one of two methods: dynam-
ically or statically. Note that both methods are used concurrently when a port is
locked.

Dynamic locking implements a “first arrival” mechanism for Port Security. You specify
how many addresses can be learned on the locked port. If the limit has not been
reached, a packet with an unknown source MAC address is learned and forwarded
normally. Once the limit is reached, no more addresses are learned on the port. Any
packets with source MAC addresses that were not already learned are discarded.
Note that you can effectively disable dynamic locking by setting the number of allow-
able dynamic entries to zero.

Static locking allows you to specify a list of MAC addresses that are allowed on a
port. The behavior of packets is the same as for dynamic locking: only packets with
an allowable source MAC address can be forwarded.

4.4.17.1

Global

Use the Port Security Global Administration page to configure the global administra-
tive mode for the port security feature. Port security, which is also known as port MAC
locking, allows you to limit the number of source MAC address that can be learned on
a port. If a port reaches the configured limit, any other addresses beyond that limit
are not learned, and the frames are discarded. Frames with a source MAC address
that has already been learned will be forwarded. Port security can help secure the
network by preventing unknown devices from forwarding packets into the network.

To access this page, click

Switching

>

Port Security

>

Global

.

Figure 4.239 Switching > Port Security > Global

The following table describes the items in the previous figure.

4.4.17.2

Interface

Use the Port Security Interface Status page to configure the port security feature on a
selected interface.

Refresh

Click

Refresh

to update the screen.

Clear Counters

Click

Clear Counters

to reset the flap counters for all port channels

and member ports to zero.

Item

Description

Item

Description

Port Security Admin
Mode

Enable or disable the global administrative mode for port security. The
port security mode must be enabled both globally and on an interface
to enforce the configured limits for the number of static and dynamic
MAC addresses allowed on that interface.

Submit

Click

Submit

to save the values and update the screen.

Refresh

Click

Refresh

to update the screen.

Cancel

Click

Cancel

to restore default value.

«
...
232
233
234
235
236
...
»

Содержание EKI-9512-C0IDW10E

Страница 1: ...User Manual EKI 9500 Series Full Managed Ethernet Switches...

Страница 2: ...tion Advantech assumes no liability under the terms of this warranty as a consequence of such events Because of Advantech s high quality control standards and rigorous testing most of our customers ne...

Страница 3: ...case the user will be required to correct the interference at his own expense FCC Class B Note This equipment has been tested and found to comply with the limits for a Class B digital device pursuant...

Страница 4: ...vements to this manual we would welcome comments and constructive criticism Please send all such in writing to support advan tech com Packing List Before setting up the system check that the items lis...

Страница 5: ...liquid into an opening This may cause fire or electrical shock 13 Never open the equipment For safety reasons the equipment should be opened only by qualified service personnel 14 If one of the follow...

Страница 6: ...e einen Brand bzw elektrischen Schlag aus l sen 13 ffnen Sie niemals das Ger t Das Ger t darf aus Gr nden der elektrischen Sicherheit nur von authorisiertem Servicepersonal ge ffnet werden 14 Wenn fol...

Страница 7: ...m damage To avoid electrical shock always disconnect the power from your PC chassis before you work on it Don t touch any components on the CPU card or other cards while the PC is on Disconnect power...

Страница 8: ...ance Please have the following information ready before you call Product name and serial number Description of your peripheral attachment Description of your software operating system version applicat...

Страница 9: ...he Power Inputs 14 Figure 2 5 Removing the Protection Cap 15 Figure 2 6 Installing the Power Cable 15 Figure 2 7 Standard M23 6 Pin Male DC Power Input Connector 15 2 5 Connecting the Ethernet Media 1...

Страница 10: ...Excluded Addresses Add 33 Figure 4 13 System Advanced Configuration DHCP Server Pool Summary 33 Figure 4 14 System Advanced Configuration DHCP Server Pool Summary Add 34 Figure 4 15 System Advanced Co...

Страница 11: ...nfiguration sFlow Agent 55 Figure 4 42 System Advanced Configuration sFlow Receiver 56 Figure 4 43 System Advanced Configuration sFlow Poller 56 Figure 4 44 System Advanced Configuration sFlow Poller...

Страница 12: ...olute 78 Figure 4 72 System Advanced Configuration Time Ranges Entry Configuration Add Periodic 79 Figure 4 73 System Advanced Configuration Time Zone Summary 80 Figure 4 74 System Advanced Configurat...

Страница 13: ...111System Management Access HTTPS 109 Figure 4 112System Management Access SSH 111 4 3 9 Passwords 112 Figure 4 113System Passwords Line Password 112 Figure 4 114System Passwords Enable Password 112 F...

Страница 14: ...ure 4 154Switching Class of Service 802 1p 152 4 4 2 DHCP Snooping 152 Figure 4 155Switching DHCP Snooping Base Global 152 Figure 4 156Switching DHCP Snooping Base VLAN Configuration 153 Figure 4 157S...

Страница 15: ...gure 4 187Switching Dynamic ARP Inspection ACL Add Rule 174 Figure 4 188Switching Dynamic ARP Inspection Statistics 174 4 4 6 Filters 175 Figure 4 189Switching Filters MAC Filters 176 Figure 4 190Swit...

Страница 16: ...9Switching Multicast Forwarding Database MLD Snooping 200 Figure 4 220Switching Multicast Forwarding Database Statistics 200 4 4 13 MVR 200 Figure 4 221Switching MVR Global 201 Figure 4 222Switching M...

Страница 17: ...Based VLAN Status 235 Figure 4 263Switching MAC Based VLAN Status Add 236 4 4 23 Protocol Based VLAN 236 Figure 4 264Switching Protocol Based VLAN Status 236 Figure 4 265Switching Protocol Based VLAN...

Страница 18: ...er Summary 275 Figure 4 305Security TACACS Server Summary Add 276 Figure 4 306Security TACACS Server Configuration 276 Figure 4 307Security TACACS Source Interface Configuration 277 4 7 QoS 277 4 7 1...

Страница 19: ...29QoS Diffserv Policy Configuration Add Attribute 301 Figure 4 330QoS Diffserv Service Summary 304 Figure 4 331QoS Diffserv Service Summary Add 305 Figure 4 332QoS Diffserv Service Statistics 305 Figu...

Страница 20: ...Chapter 1 1Product Overview...

Страница 21: ...emp Wide voltage input EKI 9512DP HV EKI 9512 PFIDH10E 12FE PoE wide temp High voltage input EKI 9512DP LV EKI 9512 PFIDL10E 12FE PoE wide temp Low voltage input EKI 9512D WV EKI 9512 CFIDW10E 12FE w...

Страница 22: ...r Input EKI 9516 24 48 72 96 110 Vdc EKI 9516P HV 72 96 110 Vdc EKI 9516P LV 24 48 Vdc EKI 9512 24 48 72 96 110 Vdc EKI 9512P HV 72 96 110 Vdc EKI 9512P LV 24 48 Vdc Certifications Safety EN50155 EN50...

Страница 23: ...aseT X x 4 X coding EKI 9516D 10 100 1000BaseT X x 4 D coding 7 ETH port EKI 9516 10 100 1000BaseT X x 12 X coding EKI 9516D 10 100 1000BaseT X x 12 D coding 8 Mounting screw hole Screw holes x6 used...

Страница 24: ...P HV and EKI 9516DP LV 10 100 1000BaseT X x 4 D coding 7 ETH port EKI 9516P HV and EKI 9516P LV 10 100 1000BaseT X x 12 X coding EKI 9516DP HV and EKI 9516DP LV 10 100 1000BaseT X x 12 D coding 8 Moun...

Страница 25: ...4 X coding EKI 9512D 10 100 1000BaseT X x 4 D coding 7 ETH port EKI 9512 10 100 1000BaseT X x 8 X coding EKI 9512D 10 100 1000BaseT X x 8 D coding 8 Mounting screw hole Screw holes x6 used in the ins...

Страница 26: ...ng EKI 9512DP HV and EKI 9512DP LV 10 100 1000BaseT X x 4 D coding 7 ETH port EKI 9512P HV and EKI 9512P LV 10 100 1000BaseT X x 8 X coding EKI 9512DP HV and EKI 9512DP LV 10 100 1000BaseT X x 8 D cod...

Страница 27: ...ed but unsaved Blink yellow 3Hz TBD Blink yellow 5Hz TBD Off Configuration saved 5 ALM Red on Defined major policies are detected Blink red 1Hz Defined minor policies are detected Blink red 3Hz TBD Bl...

Страница 28: ...Chapter 2 2Switch Installation...

Страница 29: ...arance at the top and bottom and around the exhaust vents 2 1 1 Connecting Hardware These instructions explain how to find a proper location for your Modbus Gateways and how to connect to the network...

Страница 30: ...crews to secure the device Note Make sure the screws dimensions are suitable for use with the device Do not completely tighten the screws into the wall A final adjust ment may be needed before fully s...

Страница 31: ...e into consideration the following guidelines before wiring the device The Terminal Block CN1 is suitable for 12 24 AWG 3 31 0 205 mm2 Torque value 7 lb in The cross sectional area of the earthing con...

Страница 32: ...nications wires through separate con duits Caution Do not disconnect modules or cabling unless the power is first switched off The device only supports the voltage outlined in the type plate Do not us...

Страница 33: ...ter to ensure there is no voltage difference between the power supply s negative output terminal and the grounding point on the switch Pin DN Signal VBUS NC DP GND 1 2 3 4 5 Pin TX Signal RX DSR GND D...

Страница 34: ...0 125 and 250VDC to the DC power connector on the switch The DC input connector is located on the left side of the front panel The power terminals are connected as shown in the following figure They a...

Страница 35: ...ng circular connectors The 10 100 1000BaseT X ports located on the switch s front side are used to connect to Ethernet enabled devices 2 5 1 1 M12 X Coding Connector Pin Assignment Figure 2 8 10 100 1...

Страница 36: ...ernal power is lost either from an external power down condi tion or by the failure of the power supply inside of the EKI 9500 Series 2 6 0 1 Pin Assignment Figure 2 10 Alarm Contact Pin Assignment 2...

Страница 37: ...EKI 9500 Series User Manual 18 2 8 Connecting the USB Terminal 2 8 0 1 Pin Assignment Figure 2 12 M12 Console Pin Assignment Pin Description 1 DN 2 VBUS 3 NC 4 DP 5 GND 2 1 5 3 4...

Страница 38: ...Chapter 3 3Configuration Utility...

Страница 39: ...explanation of how RSTP works is given in the Spanning Tree section The switch is capable of communicating with other SNMP capable devices on the network to exchange management information This stati...

Страница 40: ...for network access select Add Menu Address Here to reach the System Settings menu The settings in this menu control the switch s general net work configuration DHCP Enabled Disabled The switch can au...

Страница 41: ...cable between network interfaces The second local area network standard is 100BASE T which runs at 100Mbps over the same twisted pair Ethernet cable Lastly there is 100BASE F which enables fast Ether...

Страница 42: ...nterface allows for local or remote switch configuration anywhere on the network The interface is designed for use with Internet Explorer 6 0 Chrome Firefox 3 3 1 Preparing for Web Configuration The i...

Страница 43: ...Chapter 4 4Managing Switch...

Страница 44: ...e Figure 4 1 Login Screen 4 2 Recommended Practices One of the easiest things to do to help increase the security posture of the network infrastructure is to implement a policy and standard for secure...

Страница 45: ...nd port based IEEE 802 1X access to the system An authentication list specifies which authentication method s to use to vali date the credentials of a user who attempts to access the device Several au...

Страница 46: ...IAS Uses the local Internal Authentication Server IAS data base for 802 1X port based authentication Deny Denies authentication Enable Uses the locally configured Enable password to verify the user s...

Страница 47: ...menu include the default Enable authentication lists as well as any user configured Enable lists To access this page click System AAA Authentication Selection Figure 4 6 System AAA Authentication Sel...

Страница 48: ...ers who attempt to access the CLI by using a Telnet ses sion SSH The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a secure shel...

Страница 49: ...ld are configured on the Accounting Selection page Refresh Click Refresh to update the screen Add Click Add to add a new accounting list Edit Click Edit to edit the selected entries Item Description A...

Страница 50: ...methods in this section are CLI based Console The Exec accounting list and the Commands account ing list to apply to users who access the CLI by using a connec tion to the console port Telnet The Exe...

Страница 51: ...dministrative mode When enabled the device can be configured to automatically allocate TCP IP configurations for clients Conflict Logging Mode Enables or disables the logging mode for IP address confl...

Страница 52: ...e of addresses this value is the lowest address to exclude To The highest address to exclude in a range of addresses If the excluded address is not part of a range this field shows the same value as t...

Страница 53: ...HCP server can assign the client any available IP address within the pool This type is also known as Auto matic Undefined The pool has been created by using the CLI but the pool information has not be...

Страница 54: ...clients the client identifier is required instead of the hardware address If the cli ent s DHCP request includes the client identifier the Client ID field on the DHCP server must contain the same val...

Страница 55: ...r dynamic pools only Client Name The system name of the client The Client Name should not include the domain name This field is optional Hardware Address Type The protocol type Ethernet or IEEE 802 us...

Страница 56: ...t a TFTP server to download a new image file To configure this field click button in the row To reset the field to the default value click the Reset icon in the row To configure settings for one or mo...

Страница 57: ...e The default domain name to configure for all clients in the selected pool Bootfile Name The name of the default boot image that the client should attempt to download from a specified boot server Opt...

Страница 58: ...System Advanced Configuration DHCP Server Pool Options Configure Vendor Option The following table describes the items in the previous figure Item Description Option Code The number that uniquely ide...

Страница 59: ...ared To access this page click System Advanced Configuration DHCP Server Statistics Figure 4 20 System Advanced Configuration DHCP Server Statistics Submit Click Submit to save the values Cancel Click...

Страница 60: ...e message if the DHCP client detects that the IP address offered by the DHCP server is already in use on the network The server then marks the address as unavailable DHCPRELEASE The number of DHCP rel...

Страница 61: ...hich is one of the following Gratuitous ARP The DHCP client detected the conflict by broadcasting an ARP request to the address specified in the DHCP offer message sent by the server If the client rec...

Страница 62: ...omain List The list of domain names that have been added to the DNS client s domain list If a DNS query that includes the default domain name is not resolved the DNS client attempts to use the domain...

Страница 63: ...only available for Dynamic entries Elapsed Time The number of seconds that have passed since the entry was added to the table When the Elapsed Time reaches the Total Time the entry times out and is r...

Страница 64: ...ure 4 26 System Advanced Configuration Email Alerts Global The following table describes the items in the previous figure Item Description Type The type of interface to use as the source interface Non...

Страница 65: ...g Duration Minutes Determines how frequently the non critical messages are sent to the SMTP server Submit Click Submit to save the values and update the screen Refresh Click Refresh to update the scre...

Страница 66: ...resh Click Refresh to update the screen Add Click Add to add a new Email server Edit Click Edit to edit the selected entries Remove Click Remove to remove the selected entries Item Description Securit...

Страница 67: ...ime Since Last Email Sent The amount of time in days hours minutes and seconds that has passed since the last email alert was successfully sent Refresh Click Refresh to update the screen Clear Counter...

Страница 68: ...l CDP ISDP is used to share information between neighboring devices routers bridges access servers and switches To access this page click System Advanced Configuration ISDP Global Figure 4 34 System A...

Страница 69: ...interface that is connected to the neighbor The ISDP mes sage was received on this interface IP Address The first network layer address reported in the address TLV of the most recently received ISDP m...

Страница 70: ...is page click System Advanced Configuration ISDP Statistics Figure 4 37 System Advanced Configuration ISDP Statistics The following table describes the items in the previous figure Item Description In...

Страница 71: ...e total number of ISDP version 1 packets transmitted by the device ISDPv2 Packets Received The total number of ISDP version 2 packets received by the device ISDPv2 Packets Transmitted The total number...

Страница 72: ...link up Down Link is down when the above conditions are not true Refresh Click Refresh to update the screen Add Click Add to add a new group Edit Click Edit to edit the selected entries Remove Click R...

Страница 73: ...Port Enable this option to allow the device to drop packets that have the TCP source port equal to the TCP destination port UDP Port Enable this option to allow the device to drop packets that have t...

Страница 74: ...ler than this configured value ICMP Settings ICMP Enable this option to allow the device to drop ICMP packets that have a type set to ECHO_REQ ping and a payload size greater than the ICMP payload siz...

Страница 75: ...Owner String The entity making use of this sFlow receiver table entry If this field is blank the entry is currently unclaimed Time Remaining The time in seconds remaining before the sampler is releas...

Страница 76: ...l also expire Poller Interval The maximum number of seconds between successive samples of the counters associated with this data source A sampling interval of 0 disables counter sampling Refresh Click...

Страница 77: ...sampling rate for packet sampling from this source A sampling rate of 0 disables sampling Maximum Header Size The maximum number of bytes that should be copied from a sampled packet Refresh Click Ref...

Страница 78: ...Pv1 2 Community page When the community names are changed access rights are also changed SNMP Communities are defined only for SNMP v1 and SNMP v2 Use the SNMP Community Configuration page to enable S...

Страница 79: ...ted with this community entry IP Address Specifies the IP address that can connect with this community Refresh Click Refresh to update the screen Add Community Click Add Community to add a new SNMP co...

Страница 80: ...in the client and identifies the access the user may connect with Group Name Identifies the Group associated with this Community entry IP Address Specifies the IP address that can connect with this co...

Страница 81: ...Add Click Add to add a new SNMP trap receiver Remove Click Remove to remove the selected entries Item Description Host IP Address The IP address of the SNMP management host that will receive traps ge...

Страница 82: ...cation Notify Type The type of SNMP notification to send the SNMP management host Trap An SNMP message that notifies the host when a certain event has occurred on the device The message is not acknowl...

Страница 83: ...The type of SNMP notification to send the SNMP management host Inform An SNMP message that notifies the host when a certain event has occurred on the device The message is acknowl edged by the SNMP m...

Страница 84: ...ment system outside of its configured group but an agent can be a member of multiple groups at the same time to allow communication with SNMP managers from different groups Several default SNMP groups...

Страница 85: ...cation but no data encryption With this security level users send SNMP messages that use an MD5 key password for authentication but not a DES key password for encryption Auth Priv Authentication and d...

Страница 86: ...or authentication but not a DES key password for encryption Auth Priv Authentication and data encryption With this security level users send an MD5 key password for authentication and a DES key passwo...

Страница 87: ...r name cannot contain any leading or embedded blanks Group Name A SNMP group is a group to which hosts running the SNMP service belong A group name parameter is simply the name of that group by which...

Страница 88: ...contain any leading or embedded blanks Group Name A SNMP group is a group to which hosts running the SNMP service belong A group name parameter is simply the name of that group by which SNMP communiti...

Страница 89: ...protocol to be used on encrypted messages on behalf of the specified user This parameter is only valid if the Authen tication method parameter is not NONE DES DES protocol will be used None No privacy...

Страница 90: ...cription Client Mode Specifies the mode of operation of SNTP Client An SNTP client may operate in one of the following modes Disable SNTP is not operational No SNTP requests are sent from the client n...

Страница 91: ...before attempting to use the next configured server when configured in unicast mode Number of Servers Configured Specifies the number of current valid unicast server entries configured for this clien...

Страница 92: ...NTP message Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server This is indicated by a stra tum field equal to 0 in a message received from a server S...

Страница 93: ...er that they appear in the table Version Specifies the NTP version running on the server Refresh Click Refresh to update the screen Add Click Add to add a new SNTP server Edit Click Edit to edit the s...

Страница 94: ...e the system clock Last Attempt Time Specifies the local date and time UTC that this SNTP server was last queried Last Attempt Status Specifies the status of the last SNTP request to this server If no...

Страница 95: ...guration Use the Time Range Summary page to create a named time range Each time range can consist of one absolute time entry and or one or more periodic time entries To access this page click System A...

Страница 96: ...name that identifies this time range A time based ACL rule can reference the name configured in this field Time Range Status Shows whether the time range is Active or Inactive A time range is Inactiv...

Страница 97: ...even years Each time entry configuration can have only one Absolute entry Periodic Recurring entry that takes place at fixed intervals This type of entry occurs at the same time on one or more days o...

Страница 98: ...on in the field or by using the scroll bar in the Choose Time window Click Now to use the current time of day Click Done to close the Choose Time window This field can be configured only if the Start...

Страница 99: ...selected option in the Applicable Days field is Days of Week select one or more days on which the entry becomes active To select multiple days hold the CTRL key and select each desired start day Star...

Страница 100: ...sable Summer time is not active and the time does not shift based on the time of year Recurring Summer time occurs at the same time every year The start and end times and dates for the time shift must...

Страница 101: ...this page click System Advanced Configuration Time Zone Sum mer Time Figure 4 75 System Advanced Configuration Time Zone Summer Time Item Description Time Zone Offset The system clock s offset from U...

Страница 102: ...To change the date click the calendar icon to the right of the field select the year from the menu browse to the desired month and click the date Starting Time of Day The time in hours and minutes to...

Страница 103: ...ble describes the items in the previous figure Trap Log Use the System Trap Log page to view the entries in the trap log To access this page click System Advanced Configuration Event Manager Trap Log...

Страница 104: ...s generated since the traps were last displayed Displaying the traps by any available method for example uploading the file from the switch or viewing the logs from a terminal interface will cause thi...

Страница 105: ...Item Description List Name The name of the policy list This field can be configured only when adding a new policy list Event Options The method s used to authenticate a user who attempts to access th...

Страница 106: ...The policy list to trigger system alarm relay as always on or off Alarm Relay 2 The policy list to trigger system alarm relay 2 as always on or off Alarm Mail The policy list to send Email Logging The...

Страница 107: ...e click System Configuration Storage Save Figure 4 83 System Configuration Storage Save Item Description 802 3x Flow Control Mode The 802 3x flow control mode on the switch IEEE 802 3x flow control wo...

Страница 108: ...e on the device When you click Submit the copy action takes place immediately and the source file overwrites the destination file Item Description Save Click Save to initiate a save of all system conf...

Страница 109: ...ed or routed To access this page click System Connectivity IPv4 Figure 4 87 System Connectivity IPv4 Item Description Source File Select the configuration file that will overwrite the contents in the...

Страница 110: ...ield displays the IP address that was dynamically acquired if any Subnet Mask The IP subnet mask for the interface If the Network Configuration Protocol is None you can manually configure a static sub...

Страница 111: ...terface IPv6 Stateless Address AutoConfig Mode Sets the IPv6 stateless address auto configuration mode on the net work interface Enabled The network interface can acquire an IPv6 address through IPv6...

Страница 112: ...ugh the network interface MAC Address The MAC address of the neighboring device Type The type of the neighbor entry which is one of the following Static The neighbor entry is manually configured Dynam...

Страница 113: ...in the previous figure Add Click Add to add a new network port IPv6 neighbor Remove Click Remove to remove the selected entries Item Description IPv6 Address The IPv6 address of a neighbor device tha...

Страница 114: ...ess If the Service Port Configuration Protocol is BOOTP or DHCP this field dis plays the IP address that was dynamically acquired if any Subnet Mask The IP subnet mask for the interface If the Service...

Страница 115: ...ault gateway for the IPv6 service port interface To configure this field click button in the row To reset the field to the default value click button in the row Static IPv6 Addresses Lists the manuall...

Страница 116: ...The neighbor device is not a router Neighbor State The current reachability state of the neighboring device which is one of the following Reachable The neighbor is reachable through the service port S...

Страница 117: ...Upgrade page to transfer a new firmware code image to the device select which image to load during the next boot cycle Item Description DHCP Vendor Class ID Mode The VCI administrative mode When the...

Страница 118: ...transfer After you select the appropriate file click Begin Transfer to launch the HTTP transfer process The active image is overwritten by the file that you transfer Backup The backup code file versi...

Страница 119: ...on Log Index The position of the entry within the buffered log file The most recent log message always has a Log Index value of 1 Log Time The time the entry was added to the log Severity The severity...

Страница 120: ...er used to identify the event log entry with the most recent entry listed first lowest number Type The incident category that indicates the cause of the log entry EVENT ERROR etc Filename The source c...

Страница 121: ...encing normal but significant conditions Info 6 The device is providing non critical information Debug 7 The device is providing debug level information Component The component that has issued the log...

Страница 122: ...st name of the remote host to receive log messages Port The UDP port on the logging host to which syslog messages are sent Severity Filter Severity level threshold for log messages All log messages wi...

Страница 123: ...ystem failures Error 3 The device is experiencing non urgent failures Warning 4 The device is experiencing conditions that could lead to system errors if no action is taken Notice 5 The device is expe...

Страница 124: ...the physical port to use as the source interface VLAN ID When the selected Type is VLAN select the VLAN to use as the source interface The menu contains only the VLAN IDs for VLAN routing interfaces S...

Страница 125: ...When this mode is dis abled any feature on the device that uses Java is not available and cannot be viewed by using a web browser Telnet Telnet Server Admin Mode Enables or disables the telnet adminis...

Страница 126: ...value disconnects all existing telnet connections and shuts down the telnet port in the device Telnet Port The TCP port number on which the telnet server listens for requests Existing telnet login ses...

Страница 127: ...Character Size Bits The number of bits in a character This value is always 8 Parity The parity method used on the serial port Stop Bits The number of stop bits per character Flow Control Indicates whe...

Страница 128: ...o both HTTP and HTTPs connections HTTP Port The TCP port number on which the HTTP server listens for requests Existing HTTP login sessions are closed whenever this value is changed All new HTTP sessio...

Страница 129: ...er that HTTPS uses NOTE Before changing this value check your system e g using net stat to make sure the desired port number is not currently being used by any other service HTTPS Session Soft Time Ou...

Страница 130: ...oes not allow connections from clients using the SSH 2 protocol SSH Connections Currently in Use The number of active SSH sessions between remote SSH clients and the SSH server on the device Maximum n...

Страница 131: ...Console Telnet SSH Password Enter the new password for the corresponding Line Mode in this field Be sure the password conforms to the allowed number of characters The password characters are not displ...

Страница 132: ...disables the password strength checking feature Enabling this feature forces the user to configure passwords that comply with the various strong password configuration parameters that are defined on t...

Страница 133: ...keyword checking is case insensitive Additionally a password cannot contain the backwards version of an excluded keyword For example if pass is an excluded keyword passwords such as 23passA2c ssap wor...

Страница 134: ...tratively enabled or disabled Power Management Mode The default setting is Dynamic mode Static according to port power budget Dynamic according to actual real time power consumption System Power Bud g...

Страница 135: ...the rest of the data in the row When configuring PoE settings this field identifies the interface s being con figured Admin Mode Indicates whether PoE is administratively enabled or disabled on the i...

Страница 136: ...main power supply Short PSE port has detected a short circuit condition Overload PD connected to PSE port tried to draw more power than permissible by the hardware Power Denied PSE port has been denie...

Страница 137: ...when managing the device by using SNMP Type The interface type which is one of the following Normal The port is a normal port which means it is not a LAG member or configured for port mirroring Trunk...

Страница 138: ...sends and receives LACP PDUs with its link partner to confirm that the external switch is also configured for link aggregation Disabled The port is supports static LAG configuration only This mode mi...

Страница 139: ...Meters The estimated length of the cable If the cable length cannot be deter mined Unknown is displayed This field shows the range between the shortest estimated length and the longest estimated lengt...

Страница 140: ...mirroring session ID The number of sessions allowed is plat form specific Mode The administrative mode for the selected port mirroring session If the mode is disabled the configured source is not mir...

Страница 141: ...onfigure Session Click Configure Session to configure the administrative mode for a port mirroring session or to select an ACL for flow based mirroring Configure Source Click Configure Source to confi...

Страница 142: ...revent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Unicast Packets The number of subnetwork unicast packets delivered...

Страница 143: ...fy the interface when managing the device by using SNMP Time Since Counters Last Cleared The amount of time in days hours minutes and seconds that has passed since the statistics for this device were...

Страница 144: ...the Ethernet header CRC and payload Packet Lengths Received and Trans mitted The table shows how many packets of certain lengths have been received and transmitted by the interface Basic The table sh...

Страница 145: ...Since Counters Last Cleared The amount of time in days hours minutes and seconds that has passed since the statistics for this interface were last reset Refresh Click Refresh to update the screen Cle...

Страница 146: ...the DHCPv6 client has sent to any avail able DHCPv6 server to request an extension of its addresses and an update to any other relevant information This message is sent only if the client does not rec...

Страница 147: ...stics are not reported to the console or an exter nal server They can be viewed only by using the web interface or by issuing a CLI command Console The statistics are displayed on the console E Mail T...

Страница 148: ...al bandwidth used by the port within the specified time period Congestion The percentage of time within the specified time range that the ports experienced congestion Time Range The name of the period...

Страница 149: ...Mail The statistics are sent to an e mail address The SNTP server and e mail address information is configured by using the appropriate Email Alerts pages Syslog The statistics are sent to a remote sy...

Страница 150: ...gainst the rule Match Criteria Match All Select this option to indicate that all traffic matches the rule and is counted in the statistics This option is exclusive to all other match cri teria so if M...

Страница 151: ...to any value less than 1024 When multiple network interfaces are supported by a device as is typical of a router either a single ARP cache is used for all interfaces or a separate cache is maintained...

Страница 152: ...the switch port through which the connection was established or displays as Management if the connection occurred via a non net work port interface if applicable Refresh Click Refresh to update the s...

Страница 153: ...tem Summary Dashboard 60 Seconds The percentage amount of CPU utilization consumed by the corre sponding task in the last 60 seconds 300 Seconds The percentage amount of CPU utilization consumed by th...

Страница 154: ...rts and can not be switched or routed to the operational network Service Port MAC Address The device burned in universally administered media access control MAC address of the service port System Up T...

Страница 155: ...al interface that allows remote management of the device via any of the front panel switch ports Service Port IP Address The IP address assigned to the service port The service port provides remote ma...

Страница 156: ...l number used to identify the device Manufacturer The two octet code that identifies the manufacturer Burned In MAC Address The device burned in universally administered media access control MAC addre...

Страница 157: ...entry and why it is in the table which can be one of the following Static The address has been manually configured and does not age out Learned The address has been automatically learned by the device...

Страница 158: ...of the pass word Disable When configuring a password it is checked against the Strength Check rules configured for passwords Password Expiration Indicates the current expiration date if any of the pas...

Страница 159: ...rs Auth Server Users Add The following table describes the items in the previous figure Password Strength Shows the status of password strength check Encrypted Password Specifies the password encrypti...

Страница 160: ...user name Password Specify the password to associate with the user name if required Confirm Re enter the password to confirm the entry Encrypted Select this option to encrypt the password before it is...

Страница 161: ...he ping packet in bytes Changing the size allows you to troubleshoot connectivity issues with a variety of packet sizes such as large or very large packets Source The source IP address or interface to...

Страница 162: ...prefix of fe80 64 Interface Select the interface on which to issue the Link Local ping request Host Name or IPv6 Address Enter the global or link local IPv6 address or the DNS resolvable host name of...

Страница 163: ...terminates after sending probes that can be layer 3 forwarded this number of times If the destination is further away the TraceRoute will not reach it InitTTL The initial Time To Live TTL This value...

Страница 164: ...29 20 5 246 80 ms 80 ms 80 ms 7 198 20 90 26 70 ms 70 ms 70 ms 8 216 20 255 105 90 ms 70 ms 80 ms 9 63 20 216 155 80 ms 80 ms 90 ms Hop Count 9 Last TTL 9 Test attempt 27 Test Success 27 For each TTL...

Страница 165: ...ls to receive a response for this number of consecutive probes the TraceRoute terminates Interval Seconds Specifies the time between probes in Seconds If a response is not received within this interva...

Страница 166: ...ter that responded to the probes and the response time for each probe If no response is received for probes with a particular TTL the IP address is reported as 0 0 0 0 An error code may be printed wit...

Страница 167: ...displayed in days hours minutes and seconds since the last address conflict was detected provided the Clear His tory button has not yet been pressed Refresh Click Refresh to update the screen Run Det...

Страница 168: ...system Trap Log Select this option to transfer the system trap records to a remote system Error Log Select this option to transfer the system error per sistent log which is also known as the event lo...

Страница 169: ...sed user authentication SSH 1 RSA Key File Select this option to transfer an SSH 1 Rivest Shamir Adleman RSA key file to the device SSH key files contain information to authenticate SSH sessions for r...

Страница 170: ...s traffic types e g data or voice based on their latency requirements and give preference to time sensitive traffic Select File If HTTP is the Transfer Protocol browse to the direc tory where the file...

Страница 171: ...Priority The heading row lists each 802 1p priority value 0 7 and the data in the table shows which traffic class is mapped to the priority value Incoming frames containing the designated 802 1p prio...

Страница 172: ...llowing table describes the items in the previous figure To enable a VLAN for DHCP snooping Click Switching DHCP Snooping Base VLAN Configuration Add Figure 4 157 Switching DHCP Snooping Base VLAN Con...

Страница 173: ...The interface associated with the rest of the data in the row When configuring the settings for one or more interfaces this field identifies each interface that is being configured Trust State The tru...

Страница 174: ...ived on untrusted interfaces If the incoming rate of DHCP packets exceeds the value of this object during the amount of time specified for the burst interval the port will be shutdown You must adminis...

Страница 175: ...describes the items in the previous figure Persistent Use the DHCP Snooping Persistent Configuration page to configure the persistent location of the DHCP snooping bindings database The bindings data...

Страница 176: ...y if Remote is selected in the Store field Remote File Name The file name of the DHCP snooping bindings database in which the bindings are stored This field is available only if Remote is selected in...

Страница 177: ...e L2 DHCP relay on individual ports Note that L2 DHCP relay must also be enabled globally on the device To change the DHCP L2 relay settings for one or more interfaces select each entry to modify and...

Страница 178: ...f the following Trusted A trusted interface usually connects to other agents or servers participating in the DHCP interaction e g other L2 or L3 relay agents or servers An interface in this mode alway...

Страница 179: ...VLAN associated with the rest of the data in the row When config uring the settings for one or more VLANs this field identifies each VLAN that is being configured Circuit ID The administrative mode of...

Страница 180: ...clients DHCPv6 server messages are forwarded only through trusted ports To access this page click Switching IPv6 DHCP Snooping Base Global Figure 4 169 Switching IPv6 DHCP Snooping Base Global Item De...

Страница 181: ...owing table describes the items in the previous figure Item Description DHCP Snooping Mode The administrative mode of IPv6 DHCP snooping on the device MAC Address Vali dation Enables or Disables the v...

Страница 182: ...do not match the application logs the event when logging of invalid packets is enabled and drops the message If MAC address validation is globally enabled messages that pass the initial validation ar...

Страница 183: ...the binding s inter face is other than the interface where the message was received DHCPv6 packets are dropped when the source MAC address does not match the client hardware address if MAC Address Va...

Страница 184: ...sage was received Tentative bindings are completed when IPv6 DHCP snooping learns the client s IPv6 address from a REPLY message on a trusted port DHCP snooping removes bindings in response to DECLINE...

Страница 185: ...nding database VLAN ID The VLAN ID of the client interface IP Address The IPv6 address assigned to the client by the DHCPv6 server Lease Time The remaining IPv6 address lease time for the client Refre...

Страница 186: ...interface has a VLAN tag S tag removed if one or more tags are present DVLAN also supports up to 4 Tag Protocol Identifier TPID values per switch and the ability to map these values to ports This all...

Страница 187: ...0 IEEE 802 1Q customer VLAN tag type 0x88a8 Virtual Metropolitan Area Network VMAN tag type Custom Tag User defined EtherType value Secondary TPIDs The two byte hex EtherType values available to be co...

Страница 188: ...LAN tag This value identifies the frame as one of the following types 0x8100 IEEE 802 1Q VLAN tag type This value indicates that the frame includes a VLAN tag 0x88a8 Virtual Metropolitan Area Network...

Страница 189: ...the items in the previous figure 4 4 5 2 VLAN Use the Dynamic ARP Inspection VLAN Configuration page to view and configure Dynamic ARP Inspection DAI settings for VLANs When DAI is enabled on a VLAN D...

Страница 190: ...cess control list ACL that the VLAN uses as the filter for ARP packet validation The ARP ACL must already exist on the system to associate it with a DAI enabled VLAN ARP ACLs include permit rules only...

Страница 191: ...do not match any ARP ACL rules are dropped without consulting the DHCP snooping database Disable The ARP packet needs further validation by using the entries in the DHCP Snooping database Submit Click...

Страница 192: ...Switching Dynamic ARP Inspection ACL Add ACL Burst Interval The number of consecutive seconds the interface is monitored for incoming ARP packet rate limit violations Refresh Click Refresh to update t...

Страница 193: ...system that is permitted to send ARP packets The ARP packet must match on both the Sender IP Address and Sender MAC Address values in the rule to be considered valid Sender MAC Address The MAC addres...

Страница 194: ...ender MAC address in the ARP packet did not match any rules in the ARP ACL associated with this VLAN The static flag on this VLAN is enabled which means ARP packets that fail to match an ARP ACL rule...

Страница 195: ...e filter is received on a port in the Source Members list it is forwarded to a port in the Desti nation Members list If the frame that meets the filter criteria is received on a port that is not in th...

Страница 196: ...o fully identify the frames to filter Source Members The port s included in the inbound filter If a frame with the MAC address and VLAN ID combination specified in the filter is received on a port in...

Страница 197: ...istrative mode of GVRP on the system When enabled GVRP can help dynamically manage VLAN memberships on trunk ports GMRP Mode The administrative mode of GMRP on the system When enabled GMRP can help co...

Страница 198: ...e period of time that the multicast packet is flooded The problem of wasting band width is even worse when the LAN segment is not shared for example in Full Duplex links Allowing switches to snoop IGM...

Страница 199: ...ing is administratively enabled IGMP snooping must be enabled globally and on an interface for the interface to be able to snoop IGMP packets to determine which seg ments should receive multicast pack...

Страница 200: ...ociated with the rest of the data in the row When enabling IGMP snooping on a VLAN use this menu to select the desired VLAN Only VLANs that have been configured on the system and are not already enabl...

Страница 201: ...ing for the selected entries Item Description VLAN ID The VLAN associated with the rest of the data in the row When enabling IGMP snooping on a VLAN use this menu to select the desired VLAN Only VLANs...

Страница 202: ...1 and IGMPv2 report suppression mode The device uses IGMP report suppression to limit the membership report traffic sent to multicast capable routers When this mode is enabled the device does not send...

Страница 203: ...VLANs appear in the table VLAN IDs The ID of the VLAN configured as enabled for multicast routing on the associated interface Refresh Click Refresh to update the screen Add Click Add to enable IGMP sn...

Страница 204: ...s multicast router interfaces on the selected port or LAG To disable a VLAN as a multicast router inter face click the VLAN ID to select it or CTRL click to select multiple VLAN IDs Then click the app...

Страница 205: ...ier election pro cess Enabled The IGMP snooping querier on this VLAN participates in the querier election process when it discovers the presence of another querier in the VLAN If the snooping querier...

Страница 206: ...ode for the IGMP snooping querier election pro cess Enabled The IGMP snooping querier on this VLAN participates in the querier election process when it discovers the presence of another querier in the...

Страница 207: ...time interval equal to the configured querier query interval If the snooping switch sees a better querier numerically lower in the VLAN it moves to non querier mode Non Querier The snooping switch is...

Страница 208: ...is field identifies each interface that is being configured Admin Mode The administrative mode of MLD snooping on the interface MLD snooping must be enabled globally and on an interface for the inter...

Страница 209: ...mode for the specified group which is one of the fol lowing Include The receiver has expressed interest in receiving multi cast traffic for the multicast group from the source or sources in the Source...

Страница 210: ...hout first sending out MAC based general queries Refresh Click Refresh to update the screen Add Click Add to enable MLD snooping on a VLAN Edit Click Edit to edit the selected entries Remove Click Rem...

Страница 211: ...ter VLAN status for each interface A multicast router interface faces a multicast router or MLD querier and receives multicast traffic If a multicast router is attached to the switch its existence can...

Страница 212: ...router VLAN information this field shows the interface that is being configured VLAN ID The ID of each VLAN configured as enabled as a multicast router inter face on the associated interface When cha...

Страница 213: ...each VLAN configured as enabled as a multicast router inter face on the associated interface When changing the multicast routing VLAN interfaces that are associated with an interface click the VLAN ID...

Страница 214: ...ocess Enabled The MLD snooping querier on this VLAN participates in the querier election process when it discovers the presence of another querier in the VLAN If the snooping querier finds that the ot...

Страница 215: ...D snooping querier election process Enabled The MLD snooping querier on this VLAN participates in the querier election process when it discovers the presence of another querier in the VLAN If the snoo...

Страница 216: ...in data for more than one protocol To access this page click Switching Multicast Forwarding Database Sum mary Figure 4 216 Switching Multicast Forwarding Database Summary State The operational state o...

Страница 217: ...equests GMRP Generic Address Resolution Protocol GARP Multicast Registration Protocol which helps control the flooding of multi cast traffic by keeping track of group membership information Static Fil...

Страница 218: ...add or remove ports from IPv6 multicast groups by listening to MLD join and leave requests Description A text description of this multicast table entry Interface s The list of interfaces that will fo...

Страница 219: ...dress The multicast MAC address associated with the entry in the MFDB Type The type of entry which is one of the following Static The entry has been manually added to the MFDB by an administrator Dyna...

Страница 220: ...s not learn source ports membership instead all source ports are members of all groups by default MVR does not forward IGMP Joins and Leaves from the hosts to the router Dynamic MVR learns source port...

Страница 221: ...Group The multicast group address Status The status of the group which can be one of the following Active Group has one or more MVR ports participating Inactive Group has no MVR ports participating M...

Страница 222: ...witch It must not be a member of the multicast VLAN None The port is not an MVR port Status The active state of the interface which can be one of the following Active The port has link up and is in th...

Страница 223: ...neighbors per interface The number of such neighbors is limited by the memory constraints A product specific constant defines the maximum number of neighbors supported by the switch There is no restr...

Страница 224: ...Refresh to update the screen Cancel Click Cancel to restore default value Item Description Interface The interface associated with the rest of the data in the row Only inter faces that have at least...

Страница 225: ...erface with the LLDP settings to configure In the Edit LLDP Interface window this field identifies the interface that is being configured Transmit The LLDP advertise transmit mode on the interface If...

Страница 226: ...ditional information about a remote device select the interface that received the LLDP data and click Details System Name Select this option to include the user configured system name in the LLDPDU th...

Страница 227: ...e remote device sent as the Chassis ID TVL This identifies the hardware platform for the remote system Port ID The port on the remote system that transmitted the LLDP data System Name The system name...

Страница 228: ...of the data in the row Transmit Total The number of LLDPDUs transmitted by the LLDP agent on the inter face Receive Total The number of valid LLDPDUs received by this interface while the LLDP agent is...

Страница 229: ...h or router IEEE 802 1 bridge or IEEE 802 11 wireless access point Submit Click Submit to save the values and update the screen Refresh Click Refresh to update the screen Cancel Click Cancel to restor...

Страница 230: ...ove to remove the selected entries Item Description Interface The interface associated with the rest of the data in the row When configuring LLDP MED settings this field identifies the interfaces that...

Страница 231: ...ted together This allows the device to treat the port channel as a single logical link The primary pur Item Description Interface The interface associated with the rest of the data in the row When vie...

Страница 232: ...istrative mode of the port channel When disabled the port channel does not send and receive traffic STP Mode The spanning tree protocol STP mode of the port channel When enabled the port channel parti...

Страница 233: ...ysical port include the following Source MAC VLAN Ethertype Incoming Port Destination MAC VLAN Ethertype Incoming Port Source Destination MAC VLAN Ethertype Incoming Port Source IP and Source TCP UDP...

Страница 234: ...nistra tive mode for the port security feature Port security which is also known as port MAC locking allows you to limit the number of source MAC address that can be learned on a port If a port reache...

Страница 235: ...source MAC addresses that can be dynamically learned on an interface If an interface reaches the configured limit any other addresses beyond that limit are not learned and the frames are discarded Fra...

Страница 236: ...amically learned addresses are cleared from the source MAC address table the feature maintains When the link is restored the inter face can once again learn addresses up to the specified limit If stic...

Страница 237: ...nning and saved configura tion if it is not relearned Refresh Click Refresh to update the screen Add Click Add to associate a static MAC address with an interface Remove Click Remove to remove the sel...

Страница 238: ...on The following table describes the items in the previous figure Item Description Interface The interface associated with the rest of the data in the row When converting dynamic addresses to static a...

Страница 239: ...t not the end effect chief among the effects is the rapid transitioning of the port to Forwarding The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and re...

Страница 240: ...ntain topology infor mation Force Protocol Ver sion The STP version the device uses which is one of the following IEEE 802 1d Classic STP provides a single path between end stations avoiding and elimi...

Страница 241: ...value increases the probability that the bridge is selected as the root bridge of Associated VLANs The number of VLANs that are mapped to the MSTI This number does not contain any information about th...

Страница 242: ...stratively disabled and is not part of the spanning tree Port Forwarding State Blocking The port discards user traffic and receives but does not send BPDUs During the election process all ports are in...

Страница 243: ...ridge Priority The value that helps determine which bridge in the spanning tree is elected as the root bridge during STP convergence A lower value increases the probability that the bridge becomes the...

Страница 244: ...hange is in progress on any port assigned to the CST If a change is in progress the value is True other wise it is False Designated Root The bridge identifier of the root bridge for the CST The identi...

Страница 245: ...es but does not send BPDUs During the election process all ports are in the blocking state The port is blocked to prevent network loops Listening The port sends and receives BPDUs and evaluates inform...

Страница 246: ...sociated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first swit...

Страница 247: ...gured Enabled as the Remote Switched Port Analyzer RSPAN VLAN The RSPAN VLAN is used to carry mirrored traffic from source ports to a destination probe port on a remote device Unknown Multicast Use th...

Страница 248: ...ge Specify VLAN ID s Use to specify a range and to separate VLAN IDs or VLAN ranges in the list Submit Click Submit to save the values Cancel Click Cancel to close the window Item Description VLAN ID...

Страница 249: ...e in this VLAN unless it receives a GVRP or MVRP request and the device software supports the corresponding protocol This mode is equivalent to registration normal in the IEEE 802 1Q standard Tagging...

Страница 250: ...mes The options include the following Enabled A tagged frame is discarded if this interface is not a member of the VLAN identified by the VLAN ID in the tag Disabled All tagged frames are accepted Unt...

Страница 251: ...n General mode Promiscuous The interface belongs to a primary VLAN and can communicate with all interfaces in the private VLAN including other promiscuous ports community ports and isolated ports Host...

Страница 252: ...or traffic from mul tiple source ports or from all ports that are members of a VLAN from different net work devices and send the mirrored traffic to a destination port a probe port connected to a netw...

Страница 253: ...tion RSPAN VLAN Click the drop down menu to select the VLAN to use as the RSAN VLAN Submit Click Submit to save the values and update the screen Refresh Click Refresh to update the screen Cancel Click...

Страница 254: ...cription IP Address The network address for the IP subnet All incoming untagged packets that have a source IP address within the defined subnetwork are placed in the same VLAN Subnet Mask The subnet m...

Страница 255: ...k traffic patterns because protocol specific broadcast messages are sent only to hosts that use the protocols specified in the PBVLAN To access this page click Switching Protocol Based VLAN Status Fig...

Страница 256: ...ocol is included in the two byte EtherType field of the frame When adding a PBVLAN you can specify the EtherType hex value or for IP ARP and IPX the protocol keyword Interface The interfaces that are...

Страница 257: ...group If a match is not found the frame is assigned the port VID PVID as its VLAN ID Protocol The protocol or protocols to use as the match criteria for an Ethernet frame The protocol is included in...

Страница 258: ...two byte EtherType field of ingress Ethernet frames on the PVBLAN Group Interfaces When adding a protocol you can specify the EtherType hex value or for IP ARP and IPX the protocol keyword To configu...

Страница 259: ...All ports within a private VLAN share the same primary VLAN Isolated A secondary VLAN that carries traffic from isolated ports to promiscuous ports Only one isolated VLAN can be configured per private...

Страница 260: ...Switching Private VLAN Interface Note Isolated VLANs and Community VLANs are collectively called Second ary VLANs Item Description Primary VLAN The VLAN ID of each VLAN configured as a primary VLAN I...

Страница 261: ...cate with other ports in the same community if the secondary VLAN is a community VLAN and with the promiscuous ports or is able to communicate only with the promiscuous ports if the secondary VLAN is...

Страница 262: ...pology The X Ring Pro group denoted as Coupling means it is a switch that is used to inter connect two X Ring Pro networks Interface 1 Specifies the first member interface for the X Ring Pro group The...

Страница 263: ...ical port or LAG Link Aggregation Group port For the X Ring Pro group denoted as Coupling the value is physical port or LAG Link Aggregation Group port or None The value None implies the X Ring Pro gr...

Страница 264: ...to which the intended recipient responds by unicasting an ARP reply containing its MAC address Once learned the MAC address is used in the destination address field of the layer 2 header prepended to...

Страница 265: ...ing ARP Table Summary The following table describes the items in the previous figure Item Description IP Address The IP address of a network host on a subnet attached to one of the device s routing in...

Страница 266: ...ware address associated with the net work host Submit Click Submit to save the values Cancel Click Cancel to close the window Item Description Age Time Seconds The amount of time in seconds that a dyn...

Страница 267: ...ctions therefore routing configuration is not required on the Layer 2 device To access this page click Routing IP Configuration Figure 4 278 Routing IP Configuration Item Description Total Entry Count...

Страница 268: ...t Burst Size The number of ICMP error messages that can be sent during the burst interval configured in the ICMP Rate Limit Interval field Static Route Prefer ence The default distance preference for...

Страница 269: ...physically up active link IP Address The IP address of the interface Subnet Mask The IP subnet mask for the interface also known as the network mask or netmask It defines the portion of the interface...

Страница 270: ...fic State The state of the interface which is either Active or Inactive An inter face is considered active if the link is up and the interface is in a for warding state Link Speed Data Rate The physic...

Страница 271: ...etwork directed broadcast packets A network directed broadcast is a broadcast directed to a specific subnet If this option is selected network directed broadcasts are forwarded If this option is clear...

Страница 272: ...i nation address was not a local address IpFwdDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route...

Страница 273: ...be fragmented at this entity but could not be e g because their Don t Fragment flag was set IpFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at t...

Страница 274: ...pOutParmProbs The number of ICMP Parameter Problem messages sent IcmpOutSrc Quenchs The number of ICMP Source Quench messages sent IcmpOutRedirects The number of ICMP Redirect messages sent For a host...

Страница 275: ...e address and not the host bits When adding a default route this field is not available Subnet Mask The IP subnet mask also known as the network mask or netmask associated with the network address The...

Страница 276: ...he network portion of the address and not the host bits When adding a default route this field is not available Subnet Mask The IP subnet mask also known as the network mask or netmask associated with...

Страница 277: ...none of the route s next hops were on a local subnet Note that static routes can fail to be added to the routing table at startup because the routing interfaces are not yet up This counter gets incre...

Страница 278: ...to enable or disable port access control on the system To access this page click Security Port Access Control Configuration Figure 4 286 Security Port Access Control Configuration The following table...

Страница 279: ...ADIUS access reject from the RADIUS server RADIUS timeout or the client itself is 802 1X unaware the client is authenticated and is undisturbed by the failure condition s The reasons for failure are l...

Страница 280: ...h is one of the following Auto Force Unauthorized Force Authorized MAC Based N A If the mode is N A port based access control is not applicable to the port If the port is in detached state it cannot p...

Страница 281: ...been redirected to this page this field is read only and displays the interface that was selected on the Port Access Control Port Summary page PAE Capabilities The Port Access Entity PAE role which is...

Страница 282: ...iod Seconds The value in seconds of the timer used for guest VLAN authentica tion Unauthenticated VLAN ID The VLAN ID of the unauthenticated VLAN Hosts that fail the authen tication might be denied ac...

Страница 283: ...t When authenticating the supplicant provides the pass word associated with the selected User Name Authentication Period Seconds The amount of time the supplicant port waits to receive a challenge fro...

Страница 284: ...ds The value in seconds of the timer used by the authenticator state machine on the port to determine when to send an EAPOL EAP Request Identity frame to the supplicant Guest VLAN ID The VLAN ID for t...

Страница 285: ...ata in the row When viewing detailed information for an interface this field identifies the interface being viewed PAE Capabilities The Port Access Entity PAE role which is one of the following Authen...

Страница 286: ...ewed Logical Interface The logical port number associated with the supplicant that is con nected to the port User Name The name the client uses to identify itself as a supplicant to the authen ticatio...

Страница 287: ...ed Users field are allowed access To move a user from one field to the other click the user to move or CTL click to select multiple users and click the appropriate arrow Refresh Click Refresh to updat...

Страница 288: ...t server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS server equals the sum of retransmit timeout for all configured servers...

Страница 289: ...e RADIUS server RADIUS authentication servers that are configured with the same name are members of the same named RADIUS server group RADIUS servers in the same group serve as backups for each other...

Страница 290: ...is the Primary or a Secondary RADIUS authentication server When multiple RADIUS servers have the same Server Name value the RADIUS client attempts to use the primary server first If the primary server...

Страница 291: ...of RADIUS packets received from the server on the authentication port and dropped for some other reason Refresh Click Refresh to update the screen Details Click Details to open a window and display ad...

Страница 292: ...the RADIUS client on the device and the RADIUS accounting server The secret specified in this field must match the shared secret configured on the RADIUS accounting server Submit Click Submit to save...

Страница 293: ...wing table describes the items in the previous figure 4 6 3 TACACS 4 6 3 1 Configuration Use the TACACS Configuration page to setup accounting information and adminis tration control over authenticati...

Страница 294: ...TACACS server The key must match the key configured on the TACACS server Connection Timeout The maximum number of seconds allowed to establish a TCP connec tion between the device and the TACACS serve...

Страница 295: ...for TACACS commu nications between the device and the TACACS server The key must match the encryption used on the TACACS server Connection Timeout The amount of time that passes before the connection...

Страница 296: ...which types of traffic are forwarded or blocked and above all pro vide security for the network There are three main steps to configuring an ACL 1 Create an ACL Use the current page 2 Add rules to th...

Страница 297: ...d Match criteria can be based on the source and destination addresses source and destination Layer 4 ports and protocol type of IPv4 packets IPv4 Named Match criteria is the same as IPv4 Extended ACLs...

Страница 298: ...ic IPv4 ACLs classify Layer 3 and Layer 4 IPv4 traffic IPv6 ACLs classify Layer 3 and Layer 4 IPv6 traffic and MAC ACLs classify Layer 2 traffic The ACL types are as follows IPv4 Standard Match criter...

Страница 299: ...rule in every ACL ACL Type The type of ACL The ACL type determines the criteria that can be used to match packets The type also determines which attributes can be applied to matching traffic IPv4 ACLs...

Страница 300: ...or frame matches the ACL rule Rule Attributes Each action beyond the basic Permit and Deny actions to perform on the traffic that matches the rule Refresh Click Refresh to update the screen Add Rule...

Страница 301: ...nverse of a subnet mask With a subnet mask the mask has ones 1 s in the bit positions that are used for the network address and has zeros 0 s for the bit posi tions that are not used In contrast a wil...

Страница 302: ...e TCP header When Established is specified a match occurs if either RST or ACK bits are set in the TCP header This option is available only if the protocol is TCP The function is only available for IP...

Страница 303: ...tions Equal Not Equal Less Than Greater Than or Range and specify the port number or keyword TCP port keywords include BGP Domain Echo FTP FTP Data HTTP SMTP Telnet WWW POP2 and POP3 UDP port keywords...

Страница 304: ...address mask specifies which bits in the destination MAC to compare against an Ethernet frame Use F s and zeros in the MAC mask which is in a wildcard format An F means that the bit is not checked an...

Страница 305: ...ts and the ACL containing this ACL rule is associated with an interface the ACL rule is applied when the time range with specified name becomes active The ACL rule is removed when the time range with...

Страница 306: ...IPv6 addresses source and desti nation Layer 4 ports and protocol type within IPv6 packets Extended MAC Match criteria can be based on the source and destination MAC addresses 802 1p user priority VL...

Страница 307: ...the lowest sequence number is applied first and the other ACLs are applied in ascending numerical order ACL Type The type of ACL The ACL type determines the criteria that can be used to match packets...

Страница 308: ...tion between a VLAN and an ACL Item Description VLAN ID The ID of the VLAN associated with the rest of the data in the row When associating a VLAN with an ACL use this field to select the desired VLAN...

Страница 309: ...is serviced depends on how the queue is configured and possibly the amount of traffic present in other queues for that port To access this page click QoS Class of Service Interface Figure 4 317 QoS C...

Страница 310: ...value the IP DSCP priority designation encoded within packets arriving on the port Shaping Rate The upper limit on how much traffic can leave a port The limit on max imum transmission bandwidth has t...

Страница 311: ...essing Defining this value on a per queue basis allows you to create the desired service characteristics for differ ent types of traffic The options are as follows Weighted Weighted round robin associ...

Страница 312: ...ed on their priority DSCP or IP precedence This setting applies to the interface if it is configured with a WRED queue management type WRED Maximum Threshold The maximum queue threshold above which al...

Страница 313: ...in the table A policy attribute entry attaches various policy attributes to a pol icy class instance Service Table The current and maximum number of service entries in the table A service entry associ...

Страница 314: ...ure Item Description Class Enter the name of the DiffServ class Type The class type which is one of the following All All the various match criteria defined for the class should be satisfied for a pac...

Страница 315: ...a match will occur on all packets Reference Class Select this option to reference another class for criteria The match cri teria defined in the referenced class is as match criteria in addition to the...

Страница 316: ...cimal number Note that this is not a wildcard mask which ACLs use Destination MAC Address Select this option to require a packet s destination MAC address to match the specified MAC address After you...

Страница 317: ...s destination port number is the same as any destination port number within the range After you select this option use the following fields to configure a destination port keyword destination port nu...

Страница 318: ...match If you select a keyword you cannot configure a Protocol Value Protocol Value The IANA L4 protocol number value to match Flow Label Select this option to require an IPv6 packet s flow label to ma...

Страница 319: ...name of the policy Type The traffic flow direction to which the policy is applied In The policy is specific to inbound traffic Out The policy is specific to outbound traffic Submit Click Submit to sa...

Страница 320: ...tes to a policy or to change the policy attributes Remove Last Class Click Remove Last Class to remove the most recently associated class from the selected policy Item Description Policy The name of t...

Страница 321: ...traffic stream with the specified IP Precedence value After you select this option use the IP Precedence Value field to select the IP Precedence value to mark in packets that match the policy class Mi...

Страница 322: ...s CoS IP DSCP IP Precedence or Secondary COS This field is available only if one or more classes that meets the color awareness criteria exist Color Exceed Class For color aware policing packets are m...

Страница 323: ...ailable only if one or more classes that meets the color awareness criteria exist Color Exceed Class For color aware policing packets are metered against the PIR Committed Rate Kbps The maximum allowe...

Страница 324: ...s it enters the interface Outbound The policy is applied to traffic as it exits the interface Status The status of the policy on the interface A policy is Up if DiffServ is globally enabled and if the...

Страница 325: ...p or Down Refresh Click Refresh to update the screen Item Description Interface The interface associated with the rest of the data in the row The table displays all interfaces that have a DiffServ pol...

Страница 326: ...tions are subject to change without notice No part of this publication may be reproduced in any form or by any means electronic photocopying recording or otherwise without prior written permis sion of...

Отзывы:

Нет отзывов

Похожие инструкции для EKI-9512-C0IDW10E

DynaGST/2402G GEP-33224T-1

Бренд: UNICOM Страницы: 1

Cleveland Controls RSS-498-013

Бренд: UNICONTROL Electronic Страницы: 2

Бренд: Lantronix Страницы: 2

Бренд: AVLT-Power Страницы: 12

Бренд: AsGa Страницы: 23

Бренд: H3C Страницы: 27

Бренд: Lindy Страницы: 6

Бренд: BZB Gear Страницы: 27

Бренд: Omron Страницы: 31

Бренд: Hamlet Страницы: 2

Бренд: KinAn Страницы: 8

Бренд: Scion-Tech Страницы: 16

Бренд: Datavideo Страницы: 90

Бренд: Quick Страницы: 28

Бренд: Advantage Страницы: 14

Бренд: CYP Страницы: 44

Бренд: Broadcom Страницы: 74

Бренд: IBM Страницы: 40

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды