AFi SM10P Скачать руководство пользователя страница 233 | Manualshive

Страница: 233 / 277

AFi SM10P Скачать руководство пользователя страница 233

221

Publication date: Mar., 2012

Revision A1

• Force Unauthorized

• Port-based 802.1X

• Single 802.1X

• Multi 802.1X



Backend Server Counters :

These backend (RADIUS) frame counters are available for the following administrative
states:

• Port-based 802.1X

• Single 802.1X

• Multi 802.1X

• MAC-based Auth.



Last Supplicant/Client Info :

Information about the last supplicant/client that attempted to authenticate. This information
is available for the following administrative states:

• Port-based 802.1X

• Single 802.1X

• Multi 802.1X

• MAC-based Auth.

Selected Counters



Selected Counters :

The Selected Counters table is visible when the port is in one of the following
administrative states:

• Multi 802.1X

• MAC-based Auth.

The table is identical to and is placed next to the Port Counters table, and will be empty if
no MAC address is currently selected. To populate the table, select one of the attached
MAC Addresses from the table below.

Attached MAC Addresses



Identity :

Shows the identity of the supplicant, as received in the Response Identity EAPOL frame.
Clicking the link causes the supplicant's EAPOL and Backend Server counters to be shown
in the Selected Counters table. If no supplicants are attached, it shows No supplicants
attached.

This column is not available for MAC-based Auth.



MAC Address :

For Multi 802.1X, this column holds the MAC address of the attached supplicant.For MAC-
based Auth., this column holds the MAC address of the attached client.

Clicking the link causes the client's Backend Server counters to be shown in the Selected
Counters table. If no clients are attached, it shows No clients attached.

VLAN ID

This column holds the VLAN ID that the corresponding client is currently secured through the
Port Security module.



State :

The client can either be authenticated or unauthenticated. In the authenticated state, it is
allowed to forward frames on the port, and in the unauthenticated state, it is blocked. As
long as the backend server hasn't successfully authenticated the client, it is
unauthenticated. If an authentication fails for one or the other reason, the client will remain

«
...
231
232
233
234
235
...
»

Содержание SM10P

Страница 1: ...SM10P Port 10 100 1000Base T 2 RJ 45 100 1000 SFP Combo Port Managed Switch User Guide Rev A1 19 Mar 12 ...

Страница 2: ...nformation ready Product serial number and revision Date of purchase Vendor or place of purchase You can reach Transition Networks technical support at E mail techsupport transition com Transition Networks 10900 Red Circle Drive Minnetonka MN 55344 United States of America Telephone 1 800 526 9267 Fax 1 952 941 2322 http www transition com info Transition com Copyright 2012 Transition Networks ...

Страница 3: ...agement functions of the SM10P Audience The Manual is intended for use by network administrators who are responsible for operating and maintaining network equipment consequently it assumes a basic working knowledge of general switch functions the Internet Protocol IP and Simple Network Management Protocol SNMP ii Publication date Feb 2012 ...

Страница 4: ...3 1 Users 12 2 3 2 Privitege Level 14 2 4 IP 17 2 4 1 IPV4 17 2 4 2 IPV6 19 2 5 SYSLOG 21 2 5 1 Configuration 21 2 5 2 Log 22 2 5 3 Detailed Log 23 2 6 SNMP 24 2 6 1 System 24 2 6 2 Communities 26 2 6 3 Users 27 2 6 4 Groups 29 2 6 5 Views 30 2 6 6 Access 32 2 6 7 Tarp 34 CHAPTER 3 CONFIGURATION 36 3 1 PORT 36 3 1 1 Configuration 36 3 1 2 Port Description 38 3 1 3 Traffic Overview 39 3 1 4 Detaile...

Страница 5: ...104 3 8 3 LLDP MED Configuration 106 3 8 4 LLDP MED Neighbours 112 3 8 5 EEE 115 3 8 6 Port Statistics 117 3 9 FILTERING DATABASE 119 3 9 1 Configuration 119 3 9 2 Dynamic MAC Table 121 3 10 VLAN 123 3 10 1 VLAN Membership 123 3 10 2 Ports 125 3 10 3 Switch Status 128 3 10 4 Port Status 129 3 10 5 Private VLANs 131 3 10 5 1 Private VLANs Membership 131 3 10 5 2 Port Isolation 132 3 10 6 MAC based ...

Страница 6: ...Static Table 197 4 1 3 Dynamic Table 198 4 2 ARP INSPRCTION 199 4 2 1 Configuration 199 4 2 2 Static Table 200 4 2 3 Dynamic Table 202 4 3 DHCP SNOOPING 203 4 3 1 Configuration 203 4 3 2 Statistics 204 4 4 DHCP RELAY 206 4 4 1 Configuration 206 4 4 2 Statistics 208 4 5 NAS 210 4 5 1 Configuration 210 4 5 2 Switch Status 218 4 5 3 Port Status 220 4 6AAA 223 4 6 1 Configuration 223 4 6 2 Radius Over...

Страница 7: ...XPORT IMPORT 248 5 4 1 Export Config 248 5 4 2 Import Config 249 5 5 DIAGMOSTICS 250 5 5 1 Ping 250 5 5 2 Ping6 251 5 5 3 VeriPHY 252 A GLOSSARY OF WEB BASED MANAGEMENT 253 A 253 C 254 D 254 E 256 F 256 H 256 I 257 L 258 M 258 N 259 O 260 P 260 Q 261 R 262 S 262 T 263 U 264 V 264 vii Publication date Mar 2012 ...

Страница 8: ...Revision A1 Revision History Date Revision 03 20 2012 A1 viii Publication date Mar 2012 ...

Страница 9: ...udes small business or enterprise application and helps you create a more efficient better connected workforce SM10P Managed Switch provides 10 ports in a single device the specification is highlighted as follows L2 features provide better manageability security QoS and performance High port count design with all Gigabit Ethernet ports Support guest VLAN voice VLAN Port based tag based and Protoco...

Страница 10: ... in order to login and access authentication The default username is admin and password is admin For the first time to use please enter the default username and password and then click the Login button In the SM10P it supports a simple user management function allowing only one administrator to configure the system at the same time If there are two or more users using administrator s identity it w...

Страница 11: ...168 1 77 Figure 1 The login page NOTE If you need to configuration the function or parameter then you can refer the detail in the User Guide Or you could access to the Switch and click the help under the web GUI and the switch will pop up the simple help content to teach you how to set the parameters Publication date Mar 2012 Revision A1 ...

Страница 12: ...itch is designed to be connected to 10 100 or 1000Mbps network cards in PCs and servers as well as to other switches and hubs It may also be connected to remote devices using optional SFP transceivers TWISTED PAIR DEVICES Publication date Mar 2012 Revision A1 ...

Страница 13: ...ough twisted pair cables to connect to any other network device PCs servers switches routers or hubs See Appendix B for further information on cabling CAUTION Do not plug a phone jack connector into an RJ 45 port This will damage the switch Use only twisted pair cables with RJ 45 connectors that conform to FCC standards CONNECTING TO PCS SERVERS HUBS AND SWITCHES Step1 Attach one end of a twisted ...

Страница 14: ......

Страница 15: ...ED on the switch corresponding to each port will light green 1000 Mbps or amber 100 Mbps to indicate that the connection is valid NETWORK WIRING CONNECTIONS Today the punch down block is an integral part of many of the newer equipment racks It is actually part of the patch panel Instructions for making connections in the wiring closet with this type of equipment follows Step1 Attach one end of a p...

Страница 16: ...rmware Version Hardware Mechanical Version Serial Number Host IP Address Host Mac Address Device Port RAM Size Flash Size and With this information you will know the software version used MAC address serial number how many ports good and so on This is helpful while malfunctioning 2 1 1 Information The switch system information is provided here Web interface To configure System Information in the w...

Страница 17: ...s minutes seconds year System up time The time accumulated since this switch is powered up Its format is day hour minute second BIOS version The version of the BIOS in this switch Firmware version The firmware version in this switch Hardware Mechanical version The version of Hardware and Mechanical The figure before the hyphen is the version of electronic hardware the one after the hyphen is the v...

Страница 18: ...6 Publication date Mar 2012 Revision A1 To display the device s transmit hardware priority queue information Maximum Frame size To display the device s maximum frame size information ...

Страница 19: ...nformation on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of ...

Страница 20: ...support Specifically at the time of writing Microsoft Internet Explorer will need to have a plug in installed to support SVG Web interface To configure System Information in the web interface 1 Click System System Information CPU Load 2 Display the CPU Load on the screen 3 Click Auto refresh Figure 2 1 3 CPU Load Parameter description Auto refresh To evoke the auto refresh icon then the device wil...

Страница 21: ...SM10P time clock source Local Time Show the current time of the system Time Zone Offset Provide the time zone offset relative to UTC GMT The offset is given in minutes east of GMT The valid range is from 720 to 720 minutes Daylight Saving Daylight saving is adopted in some countries If set it will adjust the time lag or in advance in unit of hours according to the starting date and the ending date...

Страница 22: ... in minutes east of GMT The valid range is from 1 to 1440 minutes default is 60 mins Daylight Savings Type Provide the Daylight savings type selection You can select By Dates or Recurring two type for Daylight saving type From To configure when Daylight saving start date and time the format is YYYY MM DD HH MM To To configure when Daylight saving end date and time the format is YYYY MM DD HH MM NO...

Страница 23: ...ct time The switch supports configurable time zone from 12 to 13 step 1 hour Default Time zone 8 Hrs Web Interface To configure Time in the web interface 1 Click SYSTEM NTP 2 Specify the Time parameter in manual parameters 3 Click Save Figure 2 2 2 The NTP configuration Parameter description Server 1to 5 Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represe...

Страница 24: ...uest accounts can be created 2 3 1 Users This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser Web Interface To configure Account in the web interface 1 Click SYSTEM Account Users 2 Click Add new user 3 Specify the User Name parameter 4 Click Save Figure2 3 1 The Users Account configuration Parameter...

Страница 25: ...l User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator accou...

Страница 26: ...C Snooping LACP LLDP LLDP MED MAC Table MRP MVR MVRP Maintenance Mirroring POE Ports Private VLANs QoS SMTP SNMP Security Spanning Tree System Trap Event VCL VLANs Voice VLAN Privilege Levels form 1 to 15 Web Interface To configure Privilege Level in the web interface 1 Click SYSTEM Account Privilege Level 2 Specify the Privilege parameter 3 Click Save Figure2 3 2 The Privilege Level configuration...

Страница 27: ... than one The following description defines these privilege level groups in details System Contact Name Location Timezone Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance System Reboot Sys...

Страница 28: ...e Privilege Levels Every group has an authorization Privilege level for the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics User Privilege should be same or greater than the authorization Privilege level to have the access to that group ...

Страница 29: ...stantial movement to adopt a new version of the Internet Protocol IPv6 which would have 128 bits Internet Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet 2 4 1 IPV4 The IPv4 address for the switch could be obtained via DHCP Server for VLAN 1 To manually configure an address y...

Страница 30: ...e IP address of this switch in dotted decimal notation IP Mask Provide the IP mask of this switch dotted decimal notation IP Router Provide the IP address of the router in dotted decimal notation SNTP Server Provide the IP address of the SNTP Server in dotted decimal notation DNS Server Provide the IP address of the DNS Server in dotted decimal notation VLAN ID Provide the managed VLAN ID The allo...

Страница 31: ...r solicitation for a few seconds the total time needed to complete auto configuration can be significantly longer Address Provide the IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of r...

Страница 32: ...20 Publication date Mar 2012 Revision A1 ...

Страница 33: ...to enable it 4 Click Save Figure2 5 1 The System Log configuration Parameter description Server Mode Indicates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless proto...

Страница 34: ...will refresh the log automatically Level level of the system log entry The following level types are supported Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels ID ID 1 of the system log entry Time It will display the log record by device time The time of the system log entry Message It will display the log detail message...

Страница 35: ...onfiguration in the web interface 1 Click Syslog Detailed Log 2 Display the log information Figure2 5 3 The Detailed System Log Information Parameter description ID The ID 1 of the system log entry Message The detailed message of the system log entry Upper right icon Refresh clear You can click them for refresh the system log or clear them by manual others for next up page or entry ...

Страница 36: ...munity Name Trap Host IP Address Trap and all MIB counters will be ignored 2 6 1 System This section describes how to configure SNMP System on the switch This function is used to configure SNMP settings community name trap host and public traps as well as the throttle of SNMP A SNMP manager must pass the authentication by identifying both community names then it can access the MIB information of t...

Страница 37: ...25 Publication date Mar 2012 Revision A1 can t input 00 IF change the Engine ID that will clear all original user ...

Страница 38: ...NMPv1 v2 Communities Security Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c co...

Страница 39: ... the next save User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authen...

Страница 40: ...ation password phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is ASCII characters from 33 to 126 Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols are None No privacy protocol DES An optional flag to indicate that this user ...

Страница 41: ...P Groups Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save Security Model Indicates the security model that this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allo...

Страница 42: ...t to modify or clear the setting then click Reset Figure 2 6 5 The SNMP Views Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 View Type Indicates the view type that ...

Страница 43: ...nd it s OID subtree should overstep the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Save To click the Save icon to save the configuration to ROM ...

Страница 44: ...ss parameters 4 Click Save 5 If you want to modify or clear the setting then click Reset Figure 2 6 6 The SNMP Accesses Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to...

Страница 45: ...on and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 Write View Name The name of the MIB view defining the MIB objects for which this request may potentially set new values The allowed string length is 1 to 32 and the allow...

Страница 46: ...tting 1 Click SNMP Trap 2 Display the SNMP Trap Hosts information table 3 Choice a entry to display and modify the detail parameters or click delete button to delete the trap hosts entry Figure 2 6 7 The SNMP Trap Host Configuration Parameters description Delete Check Delete entry then check Save button the entry will be delete Trap Version You may choose v1 v2c or v3 trap Server IP To assign the ...

Страница 47: ...Security Level There are three kinds of choices NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Authentication Protocol You can choose MD5 or SHA for authentication Authentication Password The length of MD5 Authentication Password is restricted to 8 32 The length of SHA Authentication Password is restricted to 8 40 Priva...

Страница 48: ...tor the ports content or status in the function 3 1 1 Configuration This chapter describes how to view the current port configuration and how to configure ports to non default settings including Linkup Linkdown Speed Current and configured Flow Control Current Rx Current Tx and Configured Maximum Frame Size Excessive Collision Mode Power Control Web Interface To configure an Current Port Configura...

Страница 49: ...ransmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collis...

Страница 50: ... Description in the web interface 1 Click Configuration Port then Port Description 2 Specify the detail Port alias or description an alphanumeric string describing the full name and version identification for the system s hardware type software version and networking application 3 Click Save Figure 3 1 2 The Port Configuration Parameter description Port This is the logical port number for this row...

Страница 51: ... Overview Parameter description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered...

Страница 52: ... the detailed Port statistica overview 3 If you want to auto refresh the information then you need to evoke the Auto refresh 4 Click Refresh to refresh the port detailed statistics or clear all information when you click Clear Figure 3 1 4 The Port Detail Statisitcs Overview Parameter description Auto refresh To evoke the auto refresh to refresh the Port Statistics information automatically Upper ...

Страница 53: ...Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize The number of long 2 frames received with valid CRC Rx Fragments The number of short 1 frames received with invalid CRC Rx Jabber The number of long 2 frames received with invalid CRC Rx Filtered The number of received frames filtered by the forw...

Страница 54: ...need to evoke the Auto refresh 3 Click Refresh to refresh the Queuing Counters or clear all information when you click Clear Figure 3 1 5 The Queuing Counters Overview Parameter description Port The logical port for the settings contained in the same row Qn Qn is the Queue number QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Auto...

Страница 55: ...he SFP Information Overview Parameter description Connector Type Display the connector type for instance UTP SC ST LC and so on Fiber Type Display the fiber mode for instance Multi Mode Single Mode Tx Central Wavelength Display the fiber optical transmitting central wavelength for instance 850nm 1310nm 1550nm and so on Baud Rate Display the maximum baud rate of the fiber module supported for insta...

Страница 56: ...mber assigned by the manufacturer Date Code Show the date this SFP module was made Temperature Show the current temperature of SFP module Vcc Show the working DC voltage of SFP module Mon1 Bias mA Show the Bias current of SFP module Mon2 TX PWR Show the transmit power of SFP module Mon3 RX PWR Show the receiver power of SFP module ...

Страница 57: ... ready for a port but is instead queued until 3000 bytes of data are ready to be transmitted For not introducing a large delay in case that data less then 3000 bytes shall be transmitted data are always transmitted after 48 us giving a maximum latency of 48 us the wakeup time If desired it is possible to minimize the latency for specific frames by mapping the frames to a specific queue done with Q...

Страница 58: ...r of the logical EEE port EEE Enabled Controls whether EEE is enabled for this switch port EEE Urgent Queues Queues set will activate transition of frames as soon as any data is available Otherwise the queue will postpone the transmission until 3000 bytes are ready to be transmitted Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved value...

Страница 59: ...describes how to configure the ACL parameters ACE of the each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE Web Interface To configure the ACL Ports Configuration in the web interface 1 Click Configuration ACL then Ports 2 To scroll the specific parameter value to select the correct value for port ACL setting 3 Click the save to save the...

Страница 60: ...e default value is Disabled Logging Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values a...

Страница 61: ...roll the Unit with pps or kbps 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the reset button It will revert to previously saved values Figure 3 2 2 The ACL Rate Limiter Configuration Parameter description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The allowed values are 0 3276700 in pps or 0 100 200 300 100...

Страница 62: ...on each switch Click on the lowest plus sign to add a new ACE to the list The reserved ACEs used for internal protocol cannot be edited or deleted the order sequence cannot be changed an the priority is highest Web Interface To configure Access Control List in the web interface 1 Click Configuration ACL then Configuration 2 Click the button to add a new ACL or use the other ACL modification button...

Страница 63: ...n Disabled is displayed the rate limiter operation is disabled Port Copy Indicates the port copy operation of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port copy operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port...

Страница 64: ...E The lowest plus sign adds a new entry at the bottom of the ACE listings Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh To evoke the auto refresh to refresh the information automatically Upper right icon Refresh clear Remove All You can click them for refresh the ACL configuration or clear them by manual Others re...

Страница 65: ...port of the ACE Possible values are Any The ACE will match any ingress port Policy The ACE will match ingress ports with a specific policy Port The ACE will match a specific ingress port Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by I...

Страница 66: ... not mirrored The default value is Disabled CPU Forward packet that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU Counter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware limitations Auto refresh To evoke...

Страница 67: ...gregation 3 3 1 1 Static Trunk Ports using Static Trunk as their trunk method can choose their unique Static GroupID to form a logic trunked port The benefit of using Static Trunk method is that a port can immediately become a member of a trunk group without any handshaking with its peer port This is also a disadvantage because the peer ports of your static trunk group may not know that they shoul...

Страница 68: ...ble the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Aggregation Group Configuration Locality Indicates the aggregation group type This field is only valid for switches Global The group members may reside on different units The device supports two 8 port global aggregations Local The group members reside on the same unit Each local aggregation may ...

Страница 69: ...e them as well An LACP trunk group with more than one ready member ports is a real trunked group An LACP trunk group with only one or less than one ready member ports is not a real trunked group Web Interface To configure the Trunk Aggregation LACP parameters in the web interface 1 Click Configuration LACP Configuration 2 Evoke to enable or disable the LACP on the port of the switch Scroll the Key...

Страница 70: ... as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak ...

Страница 71: ... The LACP System Status Parameter description Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local Ports Shows whic...

Страница 72: ...ns that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group ID...

Страница 73: ...evoke the Auto refresh 3 Click Refresh to refresh the LACP Statistics Figure 3 3 2 4 The LACP Statistics Parameter description Port The switch port number LACP Received Shows how many LACP frames have been received at each port LACP Transmitted Shows how many LACP frames have been sent from each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Auto refr...

Страница 74: ...designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Maximum Age the b...

Страница 75: ...g used in STP compatible mode Valid values are in the range 4 to 30 seconds Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds and MaxAge must be FwdDelay 1 2 Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how man...

Страница 76: ...in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time to pass before a port in the error disabled state can be enabled Valid values are between 30 and 86400 seconds 24 hours Buttons Save Click to ...

Страница 77: ...e To configure the Spanning Tree MSTI Mapping parameters in the web interface 1 Click Configuration Spanning Tree MSTI Mapping 2 Specify the configuration identification parameters in the field Specify the VLANs Mapped blank field 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 4 2 T...

Страница 78: ...VLANs not explicitly mapped VLANs Mapped The list of VLANs mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just be left empty I e not having any VLANs Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 79: ...Spanning Tree MSTI Priorities parameters in the web interface 1 Click Configuration Spanning Tree MSTI Priorities 2 Scroll the Priority maximum is 240 Default is 128 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 4 3 The MSTI Configuration Parameter description MSTI The bridge insta...

Страница 80: ...e the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 4 4 The STP CIST Port Configuration Parameter description Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Path Cost Controls the path cost incurred by the port The Auto setting will set the p...

Страница 81: ...ause those bridges are not under the full control of the administrator This feature is also known as Root Guard Restricted TCN If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned statio...

Страница 82: ...panning Tree MSTI Port Configuration parameters in the web interface 1 Click Configuration Spanning Tree MSTI Ports 2 Scroll to select the MST1 or other MSTI Port 3 Click Get to set the detail parameters of the MSTI Ports 4 Scroll to set all parameters of the MSTI Port configuration 5 Click the save to save the setting 6 If you want to cancel the setting then you need to click the Reset button It ...

Страница 83: ... network Lower path cost ports are chosen as forwarding ports in favour of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 84: ... Figure 3 4 6 The STP Bridges status Parameter description MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge it is zero For all other Bridges it is the sum...

Страница 85: ...fresh 3 Click Refresh to refresh the STP Bridges Figure 3 4 7 The STP Port status Parameter description Port The switch port number of the logical STP port CIST Role The current STP port role of the CIST port The port role can be one of the following values AlternatePort Backup Port RootPort DesignatedPort Disabled CIST State The current STP port state of the CIST port The port state can be one of...

Страница 86: ...ter description Port The switch port number of the logical STP port MSTP The number of MSTP Configuration BPDU s received transmitted on the port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port...

Страница 87: ...75 Publication date Mar 2012 Revision A1 ...

Страница 88: ...efore The packets will be discarded by the IGMP Snooping if the user transmits multicast packets to the multicast group that had not been built up in advance IGMP mode enables the switch to issue IGMP function that you enable IGMP proxy or snooping on the switch which connects to a router closer to the root of the tree This interface is the upstream interface The router on the upstream interface s...

Страница 89: ... forwarding unnecessary join and leave messages to the router side Port It shows the physical Port index of switch Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leave Enab...

Страница 90: ...efresh to update the data or click or to display previous entry or next entry 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 5 2 The IGMP Snooping VLAN Configuration Parameter description VLAN ID It displays the VLAN ID of the entry Snooping Enabled Enable the per VLAN IGMP Snooping...

Страница 91: ... 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Buttons Save Click to save changes Reset Click to undo any c...

Страница 92: ...ast group is applied to a switch port the IGMP join report requesting the stream of IP multicast traffic is dropped and the port is not allowed to receive IP multicast traffic from that group If the filtering action permits access to the multicast group the IGMP report from the port is forwarded for normal processing IGMP filtering controls only IGMP membership join reports and has no relationship...

Страница 93: ... evoke the port enable the IGMP Snooping Port Group Filtering function Filtering Groups The IP Multicast Group that will be filtered Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 94: ...want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh the IGMP Snooping Status 4 Click Clear to clear the IGMP Snooping Status Figure 3 5 4 The IGMP Snooping Status Parameter description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier sta...

Страница 95: ...V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh clear You can click them for refresh the Status or clear them by manual ...

Страница 96: ...n then you need to evoke the Auto refresh 3 Click Refresh to refresh a entry of the IGMP Snooping Groups Information 4 Click or to move to previous or next entry Figure 3 5 5 The IGMP Snooping Groups Information Parameter description Navigating the IGMP Group Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP Group Table The will use the last e...

Страница 97: ...ry IP multicast addresses also Web Interface To display the IGMPv3 IPv4 SSM Information in the web interface 1 Click Configuration IGMP Snooping IPv4 SSM Information 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh a entry of the IGMPv3 IPv4 SSM Information 4 Click or to move to previous or next entry Figure 3 6 6 The IGMPv3 IPv4 SSM ...

Страница 98: ...can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh You can click them for refresh the IGMP Group Status by manual o...

Страница 99: ...se Note that this is a function of the application software not of MLD When MLD snooping is enabled on a VLAN the switch acts to minimize unnecessary multicast traffic If the switch receives multicast traffic destined for a given multicast address it forwards that traffic only to ports on the VLAN that have MLD hosts for that address It drops that traffic for ports on the VLAN that have no MLD hos...

Страница 100: ... feature can be used to avoid forwarding unnecessary join and leave messages to the router side Port The Port index what you enable or disable the MLD Snooping function Fast Leave To evoke to enable the fast leave on the port Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggreg...

Страница 101: ...tion Parameter description VLAN ID The VLAN ID of the entry Snooping Enabled Enable the per VLAN MLD Snooping Only up to 32 VLANs can be selected MLD Querier A router sends MLD Query messages onto a particular link This Router is called the Querier Enable the MLD Querier in the VLAN Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions ...

Страница 102: ...rce Specific Query messages The allowed range is 0 to 31744 in tenths of seconds default last listener query interval is 10 in tenths of seconds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a node s initial report of interest in a multicast address The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second ...

Страница 103: ...ify the Filtering Groups with entries per page 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 7 3 The MLD Snooping Port Group Filtering Configuration Parameter description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings...

Страница 104: ...o refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh a entry of the MLD Snooping Status Information 4 Click Clear to clear the MLD Snooping Status Figure 3 6 4 The MLD Snooping Status Parameter description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Show the Que...

Страница 105: ...ved V2 Reports V1 Leaves Received The number of Received V1 Leaves Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh You can click them for refresh the IGMP Group Status by manual others for next up page or entry ...

Страница 106: ...e MLD Snooping Groups Information Parameter description Navigating the MLD Group Table Each page shows up to 99 entries from the MLD Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MLD Group Table The Start from VLAN and group input fields allow the user to select the starting po...

Страница 107: ...2 Revision A1 Auto refresh To evoke the auto refresh icon then the device will refresh the log automatically Upper right icon Refresh You can click them for refresh the IGMP Group Status by manual others for next up page or entry ...

Страница 108: ...select the starting point in the MLDv2 Information Table Web Interface To display the MLDv2 IPv6 SSM Information in the web interface 1 Click Configuration MLD Snooping IPv6 SSM Information 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh a entry of the MLDv2 IPv6 SSM Information 4 Click or to move to previous or next entry Figure 3 6...

Страница 109: ...receive multicast data to and from the multicast VLAN are called MVR source ports 3 7 1 Configuration The section describes user could set the MVR basic Configuration and some parameters in the switch Web Interface To configure the MLD Snooping Port Group Configuration in the web interface 1 Click Configuration MVR Configuration 2 Scroll the MVR mode to enable or disable and Scroll to set all para...

Страница 110: ...012 Revision A1 Type Specify the MVR port type on the port Immediate Leave Enable the fast leave on the port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 111: ... to auto refresh the information then you need to evoke the Auto refresh 3 To Click the Refresh to refresh a entry of the MVR Groups Information 4 Click or to move to previous or next entry Figure 3 7 2 The MVR Groups Information Parameter description MVR Group Table Columns VLAN ID VLAN ID of the group Groups Group ID of the group displayed Port Members Ports under this group Auto refresh To evok...

Страница 112: ...efresh to refresh a entry of the MVR Statistics Information 4 Click or to move to previous or next entry Figure 3 7 3 The MVR Statistics Information Parameter description VLAN ID The Multicast VLAN ID V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Rece...

Страница 113: ...rmally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in standards document IEEE 802 1AB 3 8 1 LLDP Configuration You can per port to do the LLDP configuration and the detail parameters the settings will take effect immediately This page allows the user to inspect and configure the current LLDP port settings Web Interface To configure LLDP 1 Click LLDP...

Страница 114: ...P mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP...

Страница 115: ...en checked the port description is included in LLDP information transmitted Sys Name Optional TLV When checked the system name is included in LLDP information transmitted Sys Descr Optional TLV When checked the system description is included in LLDP information transmitted Sys Capa Optional TLV When checked the system capability is included in LLDP information transmitted Mgmt Addr Optional TLV Wh...

Страница 116: ...rk without any device supports LLDP then the table will show No LLDP neighbour information found Parameter description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbour s LLDP frames Remote Port ID The Remote Port ID is the identification of the neighbour port System Name System Name is the name advertised by the neighbour uni...

Страница 117: ...t description advertised by the neighbour unit Management Address Management Address is the neighbour unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbour s IP address Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click ...

Страница 118: ...t of Power over Ethernet PoE end points Inventory management allowing network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions serial or asset number This page allows you to configure the LLDP MED This function applies to VoIP devices which support LLDP MED Web Interface To configure LLDP MED 1 Click LLDP MED Configuratio...

Страница 119: ...ibility of the neighbours receiving the LLDP frame With Fast start repeat count it is possible to specify the number of times the fast start transmission would be repeated The recommended value is 4 times given that 4 LLDP frames with a 1 second interval will be transmitted when an LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is...

Страница 120: ... Location Configuration Information Civic Address LCI Country code The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City City township shi Japan Example Copenhagen City district City division borough city district ward chou Japan Block Neighbourhood Neighbour...

Страница 121: ...s the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies are only intended ...

Страница 122: ...oice Signalling conditional for use in network topologies that require a different policy for the guest voice signalling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy 5 Softphone Voice for use by softphone applications on typical data centric devices such as PCs or lapto...

Страница 123: ... node behaviour for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 Adding a new policy Click to add a new policy Specify the Application type Tag VLAN ID L2 Priority and DSCP for the new policy Click Save Port Policies Configuration Every port may adver...

Страница 124: ...ED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that suppo...

Страница 125: ... definition is applicable to all endpoint products that act as end user communication appliances supporting IP media Capabilities include all of the capabilities defined for the previous Generic Endpoint Class I and Media Endpoint Class II classes and are extended to include aspects related to end user devices Example product categories expected to adhere to this class include but are not limited ...

Страница 126: ...ed by the device Can be either Defined or Unknown Unknown The network policy for the specified application type is currently unknown Defined The network policy is defined TAG TAG is indicative of whether the specified application type is using a tagged or an untagged VLAN Can be Tagged or Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as de...

Страница 127: ...t transmit path can hold off sending data after reassertion of LPI Rx Tw The link partner s time that receiver would like the transmitter to holdoff to allow time for the receiver to wake from sleep Fallback Receive Tw The link partner s fallback receive Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discret...

Страница 128: ...k based on EEE information exchanged via LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the L...

Страница 129: ...ers Neighbour entries were last changed at It also shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected Total Neighbours Entries Added Shows the number of new entries added since switch reboot Total Neighbours Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbours Entries Dropped Shows t...

Страница 130: ...frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally received TLVs Age Outs Each LLDP frame contains informati...

Страница 131: ... shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age time 3 9 1 Configuration The MAC Address Table is configured on this page Set timeouts for entries...

Страница 132: ...d all other frames are dropped NOTE Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in this t...

Страница 133: ...ddress of the entry Port Members The ports that are members of the entry Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the MAC address entries by manual or press clear to clean up the MAC table Others press or to upper or down page of the table NOTE 00 40 C7 73 01 29 your switch M...

Страница 134: ...122 Publication date Mar 2012 Revision A1 ...

Страница 135: ...ship configuration for the selected switch unit switch can be monitored and modified here Up to 4096 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN Web Interface To configure VLAN membership configuration in the web interface 1 Click VLAN membership Configuration 2 Specify Management VLAN ID 0 4094 3 Click Save Figure 3 1...

Страница 136: ... enabled on the selected switch unit when you click on Save The VLAN is thereafter present on the other switch units but with no port members The check box is greyed out when VLAN is displayed on other switches but user can add member ports to it A VLAN without any port members on any unit will be deleted when you click Save The button can be used to undo the addition of new VLANs Buttons Save Cli...

Страница 137: ...LAN Port configuration in the web interface 1 Click VLAN Port Configuration 2 Specify the VLAN Port Configuration parameters 3 Click Save Figure 3 10 2 The VLAN Port Configuration Parameter description Ethertype for Custom S ports This field specifies the ether type of the frame used for Custom S ports This is a global setting for all the Custom S ports Custom Ethertype enables the user to change ...

Страница 138: ...e port and forwarded However if the TPID of tagged frame is not 0x89A8 ex 0x8100 the tagged frame will be discarded The TPID of frame transmitted by S port will be set to 0x88A8 S custom port when the port received untagged frames an untagged frame obtain a tag and is forwarded when the port received tagged frames if an tagged frame with TPID 0x88A8 it is accepted by the port and forwarded However...

Страница 139: ...y Trunk all tagged frames with any tag value are transmitted Access The tag of any tagged frame will be removed to become an untagged frame These untagged frames will be transmitted PVID Configures the Port VLAN identifier The allowed values are 1 through 4094 The default value is 1 When the port received a untagged frame the port will give a tag to it based on the value of PVID and the frame beco...

Страница 140: ...VRP GARP VLAN Registration Protocol GVRP allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single mu...

Страница 141: ...Port Type Port type can be any of Unaware C port S port Custom S port If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not removed C port is Customer Port S port is Service port Custom S port is S port with Custom TPID Ingress Filtering Shows the ingress filtering on a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingr...

Страница 142: ... configuration the following conflicts can occur Functional Conflicts between features Conflicts due to hardware limitation Direct conflict between user modules Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the VLAN Port Status information by manual ...

Страница 143: ... be a member of multiple Private VLANs Web Interface To configure Private VLAN configuration in the web interface 1 Click add new Private VLAN configuration 2 Specify the Private VLAN ID and Port Members 3 Click Save Figure 3 10 5 1 The Private VLAN Membership Configuration Parameter description Delete To delete a private VLAN entry check this box The entry will be deleted during the next save Pri...

Страница 144: ...ed for the data packet based upon the destination address on the data packet The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or non protected port This page is used for enabling or disabling port isolation on ports in a Private VLAN A port member of a VLAN can be isolated to other isol...

Страница 145: ...esources in the old VLAN On the other hand if Port A and Port B belong to the same VLAN after terminal devices access the network through Port B they will have access to the same resources as those accessing the network through Port A do which brings security issues To provide user access and ensure data security in the mean time the MAC based VLAN technology is developed MAC based VLANs group VLA...

Страница 146: ... all boxes are unchecked Adding a New MAC based VLAN Click to add a new MAC based VLAN entry An empty row is added to the table and the MAC based VLAN entry can be configured as needed Any unicast MAC address can be configured for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled on the sel...

Страница 147: ...sed VLAN configured in the web interface 1 Click MAC based VLAN Status 2 Specify the Staic NAS Combined 3 Display MAC based information Figure 3 10 6 2 The MAC based VLAN Membership Status for User Static Parameter description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Auto refresh To evoke the auto refresh icon then th...

Страница 148: ...8 bit 802 2 Service Access Point SAP fields SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier spaces It is used with IEEE 802 3 IEEE 802 4 IEEE 802 5 IEEE 802 11 and other IEEE 802 physical network layers as well as with non IEEE 802 physical network layers such as FDDI that use 802 2 LLC 3 10 7 1 Protocol to Group This page allow...

Страница 149: ...exadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 0...

Страница 150: ...of atmost 16 characters which consists of a combination of alphabets a z or A Z and integers 0 9 no special character is allowed whichever Group name you try map to a VLAN must be present in Protocol to Group mapping table and must not be preused by any other existing mapping entry on this page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Memb...

Страница 151: ... used to undo the addition of new entry Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the Protocol Group Mapping information by manual ...

Страница 152: ...hedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI Web Interface To configure Voice VLAN in the web interface 1 Select Enabled in the Voice VLAN Configuration 2 Specify VLAN ID Aging Time Traffic Class...

Страница 153: ...ature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN Port Security Indicates the Voice VLAN port security mode When the function is e...

Страница 154: ...unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which vendor telephony device it belongs to The allowed string length is 0 to 32 Add New entry Click to add a new entry in Voice VLAN OUI table An empty row is added to the table the Telephony OUI Desc...

Страница 155: ...opagation of information between GARP participants for the same application in a bridge is carried out by the GARP Information Propagation GIP component Protocol exchanges take place between GARP participants by means of LLC Type 1 services using the group MAC address and PDU format defined for the GARP application concerned 3 12 1 Configuration This page allows you to configure the basic GARP Con...

Страница 156: ...tion Currently only supported application is GVRP Attribute Type Currently only supported Attribute Type is VLAN GARP Applicant This configuration is used to configure the Applicant state machine behaviour for GARP on a perticular port locally normal participant In this mode the Applicant state machine will operate normally in GARP protocol exchanges non participant In this mode the Applicant stat...

Страница 157: ...nter information 3 Click Refresh to modify the GARP statistics information Figure 3 12 2 The GARP Port Statistics Parameter description Port The Port coulmn shows the list of all ports for which per port GARP statistics are shown Peer MAC Peer MAC is MAC address of the neighbour Switch from with GARP frame is received Failed Count explain Failed count here Auto refresh To evoke the auto refresh ic...

Страница 158: ...evices to setup and update their knowledge database the set of VLANs associated with currently active members and through which ports these members can be reached 3 13 1 Configuration This page allows you to configure the basic GVRP Configuration settings for all switch ports The settings relate to the currently selected unit as reflected by the page header Web Interface To configure GVRP Port Con...

Страница 159: ... is used to configure restricted role on an interface Disable Select to Disable GVRP rrole on this port Enable Select to Enable GVRP rrole on this port The default configuration is disable Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the GVRP Global configuration information by manual ...

Страница 160: ...nt to display the GVRP Counter information 3 Click Refresh to modify the GVRP statistics information Figure 3 13 2 The GVRP Port Statistics Parameter description Port The Port coulmn shows the list of ports for which you can see port counters and statistics Join Tx Count explain Join tx Count here Leave Tx Count explain Leave Tx Count here Auto refresh To evoke the auto refresh icon then the devic...

Страница 161: ...es under any traffic scenario including jumbo frame A super priority queue with dedicated memory and strict highest priority in the arbitration The ingress super priority queue allows traffic recognized as CPU traffic to be received and queued for transmission to the CPU even when all the QoS class queues are congested 3 14 1 Port Classification The section allows you to configure the basic QoS In...

Страница 162: ...Every incoming frame is classified to a Drop Precedence Level DP level which is used throughout the device for providing congestion control guarantees to the frame according to what was configured for that specific DP level PCP PCP is an acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame DEI DEI is an acronym for Drop Eligible Indicator It is a 1 bi...

Страница 163: ... the Rate limit condition 3 Scroll to select the Rate limit Unit with kbps Mbps fps and kfps 4 Click Save to save the configuration Figure 3 14 2 The QoS Ingress Port Policers Configuration Parameter description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers Enabled To evoke which Port you need to enable the QoS Ingres...

Страница 164: ...ports and the ports belong to the currently selected unit as reflected by the page header Web Interface To display the QoS Port Schedulers in the web interface 1 Click Configuration QoS Port Schedulers 2 Display the QoS Egress Port Schedulers Figure 3 14 3 The QoS Egress Port Schedules Click the Port index to set the QoS Egress Port Schedulers ...

Страница 165: ...on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use excess bandwidth...

Страница 166: ...ed for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons Save Click to save changes Reset Click to undo any changes made locally a...

Страница 167: ...r could get all detail information ot the ports belong to the currently selected unit as reflected by the page header Web Interface To display the QoS Port Shapers in the web interface 1 Click Configuration QoS Port Shapers 2 Display the QoS Egress Port Shapers Figure 3 14 4 The QoS Egress Port Shapers Click the Port index to set the QoS Egress Port Shapers ...

Страница 168: ... this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The defau...

Страница 169: ... is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps B...

Страница 170: ...r the settings contained in the same row Click on the port number in order to configure tag remarking Mode Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Tag Remarking Mode To scroll to select the tag remarking mode for this port Classified Use classified PCP DEI values Defa...

Страница 171: ...croll to select Egress Rewrite parameters 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 14 6 The QoS Port DSCP Configuration Parameter description Port The Port coulmn shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings y...

Страница 172: ... specific DSCP All Classify all DSCP Egress Port Egress Rewriting can be one of below parameters Disable No Egress rewrite Enable Rewrite enable without remapped Remap DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 173: ...erface To configure the DSCP Based QoS Ingress Classification parameters in the web interface 1 Click Configuration QoS DSCP Based QoS 2 Evoke to enable or disable the DSCP for Trust 3 Scroll to select QoS Class and DPL parameters 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 14 7 ...

Страница 174: ...umber of support ed DSCP values are 64 Trust Click to check if the DSCP value is trusted QoS Class QoS Class value can be any of 0 7 DPL Drop Precedence Level 0 3 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 175: ...nfigure the DSCP Translation parameters in the web interface 1 Click Configuration QoS DSCP Translation 2 Scroll to set the Ingress Translate and Egress Remap DP0 and Remap DP1 Parameters 3 Evoke to enable or disable Classify 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 14 8 The D...

Страница 176: ...o enable Classification at Ingress side Egress There are following configurable parameters for Egress side 1 Remap DP0 Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 2 Remap DP1 Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 There is following configurable parameter for Egress side Remap Select the ...

Страница 177: ...ers 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 14 9 The DSCP Classification Configuration Parameter description QoS Class Available QoS Class value ranges from 0 to 7 QoS Class 0 7 can be mapped to followed parameters DPL Drop Precedence Level 0 1 can be configured for all avail...

Страница 178: ...Click the to add a new QoS Control List 3 Scroll all parameters and evoke the Port Member to join the QCE rules 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 14 10 The QoS Control List Configuration Parameter description QCE Indicates the index of QCE Port Indicates the list of por...

Страница 179: ...e note that conflict can be resolved by releaseing the resource required by the QCE and pressing Refresh button Action Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS Class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if ...

Страница 180: ...efault value is Any 4 SNAP PID Valid PID a k a ethernet type can have value within 0x00 0xFFFF or Any default value is Any 5 IPv4 Protocol IP protocol number 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read f...

Страница 181: ...ss class 0 7 default basic classification DP Valid DP Level can be 0 3 default basic classification DSCP Valid dscp value can be 0 63 BE CS1 CS7 EF or AF11 AF43 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 182: ...on Figure 3 14 11 The QoS Control List Status Parameter description User Indicates the QCL user QCE Indicates the index of QCE Frame Type Indicates the type of frame to look for incomming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed LLC Only SNAP frames are allowed IPv4 T...

Страница 183: ...CE may not available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releaseing the resource required by the QCE and pressing Refresh button Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Resolve Conflict Click it to resolve the confict issue Upper right icon Refresh You can ...

Страница 184: ...enable storm control 3 Scroll to set the Rate Parameters 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 14 12 The Storm Control Configuration Parameter description Frame Type The settings in a particular row apply to the frame type listed here Unicast Multicast or Broadcast Enable E...

Страница 185: ... to decrease the power consumption It is possible to arrange the ports with different priorities Each priority can be given a temperature at which the corresponding ports shall be turned off Web Interface To configure the Thermal Protection in the web interface 1 Click Configuration Thermal Protection Configuration 2 Specify the temperature in the priority 0 to 3 3 Scroll to set the Priority 4 Cli...

Страница 186: ... means the MAC and PHY chipset s TA temperature not PSU device temperature or environment temperature Please don t set environment temperature limitation value Port priorities The priority the port belongs to It allows user to what priority criterion to trigger Port be turned off via thermal protection Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to pr...

Страница 187: ...e Thermal Protection status Parameter description Port Indicates the list of physical Port Temperature Shows the current chip temperature in degrees Celsius NOTE The temperature means the MAC and PHY chipset s TA temperature not PSU device temperature or environment temperature Port Status To display the Port status includes link up or link down Auto refresh To evoke the auto refresh icon then the...

Страница 188: ... setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 16 1 The sFlow Collector Configuration Parameter description Receiver Id The Receiver ID input fields allow the user to select the receiver ID Indicates the ID of this particular sFlow Receiver Currently one ID is supported as one collector is supported IP Type A ...

Страница 189: ...lector receives samples Once it is expired the sampler stops sending the samples It is through the management the value is set before it expires The value accepted is within the range of 0 2147483647 By default it is set to 0 Datagram Size It is the maximum UDP datagram size to send out the sFlow samples to the receiver The value accepted is within the range of 200 1500 bytes The default is 1400 b...

Страница 190: ...Agent in the web interface 1 Click Configuration sFlow Agent sampler 2 click the to edit the sFlow sampler parameters 3 Scroll to Sample Type to choice with None Tx Rx or All 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 16 2 The sFlow sampler Configuration Parameter description sF...

Страница 191: ...gured polling interval for the counter sampling Buttons Edits the Data source sampler configuration Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Click to cancel to clear up what your setting Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can c...

Страница 192: ... parameters in the web interface 1 Click Configuration Loop Protection Configuration 2 Evoke to select enable or disable the port loop Protection 5 Click the save to save the setting 6 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 17 1 The Loop Detection Configuration Parameter description Enable Loop Protection Control...

Страница 193: ... the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is actively generating loop protection PDU s or whether it is just passively looking for looped PDU s Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 194: ...e record of Loop protection Figure 3 17 2 The Loop Protection Status Parameter description Port The switch port number of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of ...

Страница 195: ...iguration Single IP 2 Set the parameters 3 Scroll to Role for what mode you want to set on the Single IP with disable Master Slave 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 18 1 The Single IP Configuration Parameter description Mode The parameter lets you to disable the SIP fun...

Страница 196: ...184 Publication date Mar 2012 Revision A1 ...

Страница 197: ...u know how many slave devices connect to the SIP group Model name The parameter lets you to know what kind device join to this SIP group MAC Address The parameter lets you to know what device s MAC address and join to this SIP group Buttons Refresh Click to refresh the page immediately Auto Refresh Check this box to enable an automatic refresh of the page at regular intervals NOTE When you click t...

Страница 198: ...ency and high performance Web Interface To configure the Easy Port in the web interface 1 Click Configuration Easy Port 2 Set the parameters 3 Scroll to Role for what kind device you want to set on the Easy Port and connect to 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 19 1 The ...

Страница 199: ...et Port Security limit to allow how many device can access the port via MAC address Port Security Action To scroll to select when the device wasn t allow to access then switch action as trap shutdown or trap shutdown Port Security limit To set the Port security limit the default is 1 Port Security limit To set the Port security limit It means you can set how many device MAC address will allow to a...

Страница 200: ...ure the Mirror in the web interface 1 Click Configuration Mirroring 2 Scroll to select Port to mirror on which port 3 Scroll to disabled enable TX Only and RX Only to set the Port mirror mode 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 20 1 The Mirror Configuration Parameter desc...

Страница 201: ...Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored on the mirror port NOTE For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only Buttons Save Click to save changes Reset Clic...

Страница 202: ...d Web Interface To configure the Trap Event Severity Configuration in the web interface 1 Click Configuration Trap Event Severity Configuration 2 Scroll to select the Group name and Severity Level 3 Click the save to save the setting 4 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 21 1 The Trap Event Severity Configurat...

Страница 203: ...191 Publication date Mar 2012 Revision A1 ...

Страница 204: ... Specify the parameters in each blank field 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved values Figure 3 22 1 The SMTP Configuration Parameter description These parameters are displayed on the SMTP Configuration page Mail Server Specify the IP Address of the server transferring your email Usernam...

Страница 205: ...P mode operation Disabled Disable UPnP mode operation When the mode is enabled two ACEs are added automatically to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a cont...

Страница 206: ...194 Publication date Mar 2012 Revision A1 ...

Страница 207: ...enable or disable with the Port of the switch 4 1 1 Configuration This section describes how to configure IP Source Guard setting including Mode Enabled and Disabled Maximum Dynamic Clients 0 1 2 Unlimited Web Interface To configure an IP Source Guard Configuration in the web interface 1 Select Enabled in the Mode of IP Source Guard Configuration 2 Select Enabled of the specific port in the Mode o...

Страница 208: ... Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients that can be learned on given port This value can be 0 1 2 or unlimited If the port mode is enabled and the value of max dynamic client is equal to 0 it means only allow the IP packets forwarding that are matched in static entries on the spe...

Страница 209: ...e 4 1 2 The Static IP Source Guard Table Parameter description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings IP Address Allowed Source IP address IP Mask It can be used for calculating the allowed network with IP address MAC address Allowed Source MAC address Adding new entry Click to add a new e...

Страница 210: ...art from port VLAN ID IP Address and entrie per page 2 Checked Auto reflash Figure 4 1 3 The Dynamic Table Parameter description Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the IP traffic is permitted IP Address User IP address of the entry MAC Address Source MAC address Auto refresh To evoke the auto refresh icon then the device will refresh the informatio...

Страница 211: ...e 1 Select Enabled in the Mode of ARP Inspection Configuration 2 Select Enabled of the specific port in the Mode of Port Mode Configuration 3 Click Save Figure 4 2 1 The ARP Inspection Configuration Parameter description Mode of ARP Inspection Configuration Enable the Global ARP Inspection or disable the Global ARP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports...

Страница 212: ...ick Save Figure 4 2 2 The Static ARP Inspection Table Parameter description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Adding new entry Click to add a new entry to the Stat...

Страница 213: ...201 Publication date Mar 2012 Revision A1 ...

Страница 214: ...Specify the Start from port VLAN ID MAC Address IP Address and entire per page 2 Checked Auto reflash Figure 4 2 3 The Dynamic ARP Inspection Table Parameter description Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the ARP traffic is permitted MAC Address User MAC address of the entry IP Address User IP address of the entry Auto refresh To evoke the auto ref...

Страница 215: ...the Mode of Port Mode Configuration 3 Click Save Figure 4 3 1 The DHCP Snooping Configuration Parameter description Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports Disabled D...

Страница 216: ...er option 53 with value 2 packets received and transmitted Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packet...

Страница 217: ...e Active The number of lease active option 53 with value 13 packets received and transmitted Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the DHCP Snooping Port Statistics by manual others for clear to clean up the entries ...

Страница 218: ...The DHCP Relay Statistics Parameter description Relay Mode Indicates the DHCP relay mode operation Possible modes are Enabled Enable DHCP relay mode operation When DHCP relay mode operation is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain And the DHCP broadcast message won t be flooded for security consideratio...

Страница 219: ...ns relay agent information it will enforce the policy And it only works under DHCP if relay information operation mode is enabled Possible policies are Replace Replace the original relay information when a DHCP message that already contains it is received Keep Keep the original relay information when a DHCP message that already contains it is received Drop Drop the package when a DHCP message that...

Страница 220: ... Receive from Server The number of packets received from server Receive Missing Agent Option The number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID option missing Receive Missing Remote ID The number of packets received with the Remote ID option missing Receive Bad Circuit ID The number of packets whose Circuit...

Страница 221: ...Keep Agent Option The number of packets whose relay agent information was retained Drop Agent Option The number of packets that were dropped which were received with relay agent information Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the DHCP Relay Statistics by manual others fo...

Страница 222: ...of two sections a system and a port wide Web Interface To configure a System Configuration of Netwrok Access Server in the web interface 1 Select Enabled in the Mode of Netwrok Access Server Configuration 2 Checked Reauthentication Enabled 3 Set Reauthentication Period Default is 3600 seconds 4 Set EAPOL Timeout Default is 30 seconds 5 Set Aging Peroid Default is 300 seconds 6 Set Hold Time Defaul...

Страница 223: ...odule uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in an 802 1X b...

Страница 224: ... 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN When unchecked the ...

Страница 225: ...ication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant NOTE Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the AAA configuration page and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retr...

Страница 226: ...rame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challen...

Страница 227: ...ise no longer present on the port the port s VLAN ID is immediately reverted to the original VLAN ID which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X For trouble shooting VLAN assignments use the Monitor VLANs VLAN Membership and VLAN Port pages These pages show...

Страница 228: ...t according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in Force Auth...

Страница 229: ...217 Publication date Mar 2012 Revision A1 ...

Страница 230: ... description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the mos...

Страница 231: ...ad more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can click them for refresh the NAS Switch Status by manual ...

Страница 232: ...values Port State The current state of the port Refer to NAS Port State for a description of the individual states QoS Class The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is...

Страница 233: ...ty Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This column is not available for MAC based Auth MAC Address For Multi 802 1X this column holds the MAC address of the attached s...

Страница 234: ...and time of the last authentication of the client successful as well as unsuccessful Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the NAS Statistics by manual Others you can click clear to clean up all entries ...

Страница 235: ...k to Local Authorization 3 Select Enabled in the Account To configure a RADIUS Authentication Server Configuration of AAA in the web interface Check Enabled 2 Specify IP address or Hostname for Radius Server 3 Specify Authentication Port for Radius Server Default is 1812 4 Specify the Secret with Radius Server To configure a RADIUS Accounting Server Configuration of AAA in the web interface 1 Chec...

Страница 236: ...esign In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which...

Страница 237: ... which are The RADIUS Accounting Server number for which the configuration below applies Enabled Enable the RADIUS Accounting Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Accounting Server IP address is expressed in dotted decimal notation Port The UDP port to use on the RADIUS Accounting Server If the port is set to 0 zero the default port 1813 is used ...

Страница 238: ... used on the TACACS Authentication Server Secret The secret up to 29 characters long shared between the TACACS Authentication Server and the switch Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Страница 239: ...ut IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left bef...

Страница 240: ...ly within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh You can...

Страница 241: ... To configure a RADIUS Details Configuration in the web interface 1 Specify Port which want to check 2 Checked Auto refresh Figure 4 6 3 The RADIUS Authentication Statistics Server Parameter description Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Clear You can click them for refresh the RADIUS Statistics informatio...

Страница 242: ...ation of Limit Control in the web interface 1 Select Enabled in the Mode of System Configuration 2 Checked Aging Enabled 3 Set Aging Period Default is 3600 seconds To configure a Port Configuration of Limit Control in the web interface 1 Select Enabled in the Mode of Port Configuration 2 Specify the maximum number of MAC addresses in the Limit of Port Configuration 3 Set Ation Trap Shutdown Trap S...

Страница 243: ...guration below applies Mode Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Enabled for Limit Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port Limit The maximum number of MAC addresses that can be secured on this port This number cannot exceed 1024...

Страница 244: ...ndicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap Shutdown Re open Button If a port is shutdown by this module you may reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shutdown in the Action section NOTE That clicking the reopen button causes the page to be ref...

Страница 245: ...s to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status Web Interface To configure a Port Security Switch Status Configuration in the web interface 1 Checked Auto reflash Figure 4 7 2 The Port Security Switch Status Parameter description User Module Legend The legend...

Страница 246: ...urity service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number o...

Страница 247: ...ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hol...

Страница 248: ...To configure a Access Management Configuration in the web interface 1 Select Enabled in the Mode of Access Management Configuration 2 Click Add new entry 3 Specify the Start IP Address End IP Address 4 Checked Access Managemnet method HTTP HTTPS SNMP and TELNET SSH in the entry 5 Click Save Figure 4 8 1 The Access Management Configuration Parameter description Mode Indicates the access management ...

Страница 249: ...rovided in the entry SNMP Indicates that the host can access the switch from SNMP interface if the host IP address matches the IP address range provided in the entry TELNET SSH Indicates that the host can access the switch from TELNET SSH interface if the host IP address matches the IP address range provided in the entry Buttons Save Click to save changes Reset Click to undo any changes made local...

Страница 250: ...access the switch Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access management mode is enabled Discarded Packets Number of discarded packets from the interface when access management mode is enabled Auto refresh To evoke the auto refresh icon then the device will refresh the...

Страница 251: ...ommunication Web Interface To configure a SSH Configuration in the web interface 1 Select Enabled in the Mode of SSH Configuration 2 Click Save Figure 4 9 1 The SSH Configuration Parameter description Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Save Click to save changes Reset Click to undo any changes made ...

Страница 252: ...led in the Mode of HTTPS Configuration 2 Select Enabled in the Automatic Redirect of HTTPS Configuration 3 Click Save Figure 4 10 1 The HTTPS Configuration Parameter description Mode Indicates the HTTPS mode operation Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation Automatically redirect web...

Страница 253: ...the configuration below applies Authentication Method Authentication Method can be set to one of the following values none authentication is disabled and login is not possible local use the local user database on the switch for authentication radius use a remote RADIUS server for authentication tacacs use a remote TACACS server for authentication Fallback Enable fallback to local authentication by...

Страница 254: ...s how to restart switch for any maintenance needs Any configuration files or scripts that you saved in the switch should still be available afterwards Web Interface To configure a Restart Device Configuration in the web interface 1 Chick Restart Device 2 Click Yes Figure 5 1 1 The Restart Device Parameter description Restart Device You can restart the switch on this page After restart the switch w...

Страница 255: ...pload Click the Upload button then the switch will start to upload the firmware from firmware stored location PC or Server NOTE This page facilitates an update of the firmware controlling the switch Uploading software will update all managed switches to the location of a software image and click After the software image is uploaded a page announces that the firmware update is initiated After about...

Страница 256: ... configure a Firmware Selection in the web interface 1 Chick Activate Alternate Image 2 Click yes to complete firmware selection Figure 5 2 2 The Firmware Selection Parameter description Activate Alternate Image Click to use the alternate image This button may be disabled depending on system state Cancel Cancel activating the backup image Navigates away from this page Image The flash index name of...

Страница 257: ... Alternate Image button is also disabled 2 If the alternate image is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 3 The firmware version and date information may be empty for older firmware releases This does not constitute an error ...

Страница 258: ...es Web Interface To configure a Factory Defaults Configuration in the web interface 1 Chick Factory Defaults 2 Click Yes Figure 5 3 1 The Factory Defaults Parameter description Buttons Yes Click to Yes button to reset the configuration to Factory Defaults No Click to to return to the Port State page without resetting the configuration 5 3 2 Save Start This section describes how to save the Switch ...

Страница 259: ... 3 3 The Save as Backup Configuration Parameter description Buttons Save Click the Save button to save current setting as Backup Configuration 5 3 4 Restore User This section describes how to restore users information back to the switch Any current configuration files will be restored via XML format Web Interface To configure a Restore User Configuration in the web interface 1 Chick Restore User 2...

Страница 260: ...iles will be exported as XML format 5 4 1 Export Config This section describes to export the Swith Configuration for maintenance needs Any current configuration files will be exported as XML format Web Interface To configure a Export Config Configuration in the web interface 1 Chick Save configuration 2 Save the file in your device Figure 5 4 1 The Restore the Backup Configuration ...

Страница 261: ...es will be exported as XML format Web Interface To configure an Import Config Configuration in the web interface 1 Chick Browser to select the config file in you device 2 Click Upload Figure 5 4 2 The Import Config Parameter description Browse Click the Browse button to search the Configuration URL and filename Upload Click the Upload button then the switch will start to upload the configuration f...

Страница 262: ...s To set the IP Address of device what you want to ping it Ping Size To set the ICMP Packet size to ping the other device Start Click the Start button then the switch will start to ping the device using ICMP packet size what set on the switch After you press 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automati...

Страница 263: ...art button then the switch will start to ping the device using ICMPv6 packet size what set on the switch After you press 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq...

Страница 264: ...y accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Web Interface To configure a VeriPHY Cable Diagnostics Configuration in the web interface 1 Specify Port which want to check 2 Click Start Figure 5 5 3 The VeriPH...

Страница 265: ...d with a Policy 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the Web page help text to get further information for each of them The maximum number of ACEs is 64 ACL Ports The ACL Ports configuration is used to as...

Страница 266: ...y transmitting CCM frames to a peer MEP CCM is an acronym for Continuity Check Message It is a OAM frame transmitted from a MEP to it s peer MEP and used to implement CC functionality CDP is an acronym for Cisco Discovery Protocol DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES is an acronym for Data Encryption Standard It provides a complete description of a ...

Страница 267: ...wo bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of the switch device when...

Страница 268: ...the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands The other main standard that controls how the World Wide Web works is HTML which covers how Web pages are formatted and displayed Any Web server machine contains in addition to the Web page files it can serve an HTTP daemon a program t...

Страница 269: ...ol that IMAP clients use to communicate with the servers and SMTP is the protocol used to transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves your email messages on the server rather than downloading them to you...

Страница 270: ... to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this pr...

Страница 271: ...ad of using a separate protocol MVR Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANs The main reason for using MVR is to save bandwidth by preventing duplicate multicast streams being sent in the core network instead the stream s are received on the MVR VLAN and forwarded to the VLANs where ho...

Страница 272: ...ned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address P PCP PCP is an acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame It is also known as User Priority PD PD is an acronym for Powered Device In a PoE system the power is delivered from a PSE power sour...

Страница 273: ...and a mail handler receives it on your recipient s behalf Then the mail is read using POP or IMAP IMAP4 and POP3 are the two most prevalent Internet standard protocols for e mail retrieval Virtually all modern e mail clients and servers support both Private VLAN In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN PTP PTP is...

Страница 274: ...uced an evolution of STP the Rapid Spanning Tree Protocol which provides for faster spanning tree convergence after a topology change Standard IEEE 802 1D 2004 now incorporates RSTP and obsoletes STP while at the same time being backwards compatible with STP S SHA SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S Federal ...

Страница 275: ...antee confidentiality Wikipedia SSM SSM In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication STP Spanning Tree Protocol is an OSI layer 2 protocol which ensures a loop free topology for any bridged LAN The original STP protocol is now obsolete by RSTP SyncE SyncE Is an abbreviation for Synchronous Ethernet This functionality is used to make a networ...

Страница 276: ...ocol IP Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units ...

Страница 277: ...ique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to the provider port with a double VLAN tag VLAN ID VLAN ID is a 12 bit field specifying the VLAN to which the...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды