manualshive.com logo in svg

Atop EH75 series, Руководство пользователя, Страница: 160 / 191

Поделиться
Скачать
Atop EH75 series Скачать руководство пользователя страница 160

Industrial Managed 
Ethernet Switch 

User Manual 

錯誤

使用

 [

常用

引標籤將

 Heading 

1,Product Manual 

套用到您想要在此處

顯示的文字。

 

 
 

Page 

160

 of 

191

 

 

 

2.20.4  Denial of Service 

Denial of Service (DoS) is a malicious attempt to make a machine or network resource unavailable to its intended 
users,  such  as  to  temporarily  or  indefinitely  interrupt  or  suspend  services  of  a  host  connected  to  the  Internet. 
EH75XX industrial managed switch is designed so that uses can filter out various types of attack as shown in Denial 
of Service setting webpage (Figure 2.186). The followings are some vulnerable attacks that can be prevented by 
the EH75XX switch function.

 

 

 

Figure 2.186 Denial of Service Setting Webpage 

 
First is the Local Area Network (LAND) DoS attack

LAND is a layer 4 DoS attack in which the attacker sets the 

source and destination information of a TCP segment to be the same

Specifically, TCP SYN packet is created such 

that the source IP and port are set to be the same as the destination address and port, which in turn is set to point 
to  an  open  port  on  a  Victim

’s machine

A  vulnerable  machine  would  receive  such  a  message  and  reply  to  the 

destination address effectively sending the packet for reprocessing  in an infinite loop

A  vulnerable machine  will 

crash and freeze due to the packet being repeatedly processed by the TCP stack

To enable/disable the protection 

against the Local Area Network (LAND) DoS attack, click 

Enabled

 box on LAND packet (SID=DID) function. 

 

Second is the First Fragment attack. 
 
 
Thrid attack is called Min TCP Hdr Size attack. 

 
Fourth vulnerability attack is TCP fragmentation attacks also known as tear drop attack, which is targeting TCP

/

IP 

reassembly  mechanism,  preventing  them  from  putting  together  fragmented  data  packets

As  a  result,  the  data 

packets overlap and quickly overwhelm the victim

s servers, causing them to fail

To enable

/

disable the protection 

against the TCP fragment DoS attack, click 

Enabled

 box on TCP Fragment function

However, to set the mitigation 

method, some certain inputs are needed to set rules of filtering

For example, whether the first fragment is allowed 

or not and the minimum TCP header size that is allowed

In some datalink protocols such as Ethernet, only the first 

fragment  contains  the  full  upper  layer  header,  meaning  that  other  fragments  look  like  beheaded  datagrams

No 

additional  overhead  imposed  over  network  because  all  fragments  contains  their  own  IP  header

Only  the  first 

fragment contains the ICMP header and all remaining fragments are generated without the ICMP header

.  

 

 

Содержание EH75 series

Страница 1: ...thernet Switch User Manual V1 8 November 1st 2020 This PDF Document contains internal hyperlinks for ease of navigation Series covered by this manual EH75XX The user interface on these products may be...

Страница 2: ...f 191 For example click on any item listed in the Table of Contents to go to that page Published by Atop Technologies Inc 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Te...

Страница 3: ...bsequent editions Suggestions for improvement are welcome All other product s names referenced herein are registered trademarks of their respective companies Preface This manual contains some advanced...

Страница 4: ...Setting 31 2 3 5 Ping 32 2 3 6 Ping6 33 2 3 7 Mirror Port 35 2 3 8 System Time 36 2 3 9 Modbus Setting 37 2 3 10Precision Time Protocol PTP 45 2 3 11Secure Shell SSH 47 2 3 12Telnet 48 2 3 13HTTPS 48...

Страница 5: ...d 117 2 14 4ARP Spoof Prevention Setting 120 2 14 5DHCP Snooping 121 2 14 6ACL 122 2 14 7Dynamic ARP Inspection 125 2 15 ERPS Ring 127 2 15 1ERPS Setting 128 2 15 2iA Ring Settings 133 2 15 3C Ring Co...

Страница 6: ...17 Figure 2 6 Example of error notification on blocked account 18 Figure 2 7 Notification on recording of unauthorized login 18 Figure 2 8 Default Web Interface 19 Figure 2 9 Basic Information Dropdo...

Страница 7: ...page 48 Figure 2 52 HTTPS Setting Webpage 49 Figure 2 53 DIP Switch Status Webpage 49 Figure 2 54 QoS Dropdown Menu 50 Figure 2 55 QoS Setting Webpage 51 Figure 2 56 Mapping Table of CoS Webpage 52 Fi...

Страница 8: ...02 1Q VLAN Dropdown Menu 104 Figure 2 115 802 1Q VLAN s Setting Webpage 105 Figure 2 116 802 1Q VLAN PVID Setting Webpage 106 Figure 2 117 802 1Q VLAN Table Webpage 107 Figure 2 118 Example of 802 1Q...

Страница 9: ...Dropdown Menu 146 Figure 2 166 UDLD Setting Webpage 147 Figure 2 167 Error Message when no UDLD VLANs was configured 148 Figure 2 168 UDLD Port Info Webpage 148 Figure 2 169 Example of UDLD Port Info...

Страница 10: ...etting 46 Table 2 10 Description of PTP Port Setting 47 Table 2 11 Priority queue descriptions 52 Table 2 12 Descriptions of Storm Control 54 Table 2 13 Descriptions of Limiting Parameters 54 Table 2...

Страница 11: ...31 Table 2 53 Descriptions of iA Ring Setting 135 Table 2 54 Descriptions of Compatible Ring Setting 136 Table 2 55 Descriptions of U Ring Setting 139 Table 2 56 Descriptions of Compatible Chain Setti...

Страница 12: ...fortable office environment However an industrial switch is designed to perform in harsh industrial environments i e extreme temperature high humidity dusty air potential high impact or the presence o...

Страница 13: ...PTP v2 sw Transparent and Boundary Clock Port Mirroring Quality of Service QoS Traffic Regulation Link Aggregation Control Protocol LACP Medium Access Control MAC Filter Generic Attribute Registratio...

Страница 14: ...s are recommended to use the web browser method to configure the system because of its user friendly interface 2 1 Web based Management Basics Users can access the managed switch easily usingtheir web...

Страница 15: ...w Figure 2 1 IP Address for Web based Setting 3 If it is the first time that the users access the managed switch the web the browser such as Google Chrome may detect that the switch does not have a va...

Страница 16: ...to the managed switch at IP address 10 0 50 1 5 After preceeding through the invalid certificate warning and clicking on the Proceed to 10 0 50 1 unsafe hyperlink a login page will be presented shown...

Страница 17: ...dure will not succeed if the login was done more than 30 seconds after the login page was first accessed The notification page is shown in Figure 2 5 The user can click on the Try again button to acce...

Страница 18: ...ve for more than 5 minutes the user will be logged out automatically Figure 2 7 Notification on recording of unauthorized login After the login process the main interface will show up as shown in Figu...

Страница 19: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 19 of 191 Figure 2 8 Default Web Interface...

Страница 20: ...ix subsections as shown in the left panel of Figure 2 9 Figure 2 9 Basic Information Dropdown Menu 2 2 1 System Info This subsection provides basic system information of Atop s industrial managed swit...

Страница 21: ...ation can help identify one specific switch among all other devices in the network that supports SNMP Please click on the Update button to update the information on the switch Figure 2 11 shows System...

Страница 22: ...rameters of a serial console s connection which can be used by a console software such as Tera Term Figure 2 12 below shows an example of the serial console s connection parameters Figure 2 12 Setting...

Страница 23: ...els 45 57VDC should be supplied under 802 3af mode and 51 57VDC should be supplied under 802 3at mode For instance the EHG7508 4PoE 4SFP has the following three power ratings 9 57VDC with a maximum cu...

Страница 24: ...temperature log cannot be reset by the users Note that the information is not automatically update Information provided in this webpage will help the users to monitor the status of the industrial man...

Страница 25: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 25 of 191 Figure 2 15 User Temperature Log Figure 2 16 System Temperature Log...

Страница 26: ...access right has only read permission If the user with administration access right would like to delete any account the user can select the account that would like to be deleted and click Delete butt...

Страница 27: ...passwords have not been changed over the last 30 days Figure 2 19 shows the pop up notification for changing the password Figure 2 18 Account Setting Webpage Figure 2 19 Notification of old password 2...

Страница 28: ...n the local authentication fails Figure 2 21 shows the setting parameters for authentication server while Table 2 3 summarizes the authentication server settings For the RADIUS and TACACS comparison p...

Страница 29: ...is refered to Network Access Server or the EH75XX Managed Switch in this case NAS is a client of RADIUS server Depicts an example of a user called admin1 with Cleartext Password attribute of default1...

Страница 30: ...each update so the new network settings can take effect The user will need to manually update the new IP address in the URL field of the web browser if the IP address of the managed switch is changed...

Страница 31: ...l have to enter the Global Unicast Address Prefix Length and Gateway The Manual DNS option also requires the users to fill in the Primary DNS and Secondary DNS addresses The lower portion of the page...

Страница 32: ...hecking this box user must manually provide Primary and Secondary DNS addresses for IPv6 Note that when this option is checked the next two fields will become active for setting Unchecked Primary DNS...

Страница 33: ...stration IP Setting as shown in Section 2 3 3 2 3 6 Ping6 Ping6 is a corresponding network diagnostic utility for testing reachability between a destination device and the managed switch in IPv6 netwo...

Страница 34: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 34 of 191 Figure 2 30 Example of Successful Ping6 Result...

Страница 35: ...ons are summarized in Table 2 7 Figure 2 31 Mirror Port Webpage Note Overflow will occur if the total throughput of the monitoring ports exceeds what the mirror port can support Table 2 7 Description...

Страница 36: ...Time Protocol SNTP by checking the Enable SNTP option see note below for explanation Then the users must enter the NTP Server 1 and NTP Server 2 which will be used as the reference servers to synchro...

Страница 37: ...and one hour is usually shifted forward or backward SNTP Simple Network Time Protocol is used to synchronize the computer systems clockswith a standard NTP server Examples of two NTP servers are time...

Страница 38: ...cted to your target switch Modbus Slave over Ethernet network 2 Launch Modbus Poll in the supervising computer Note a registration key may be required for a long term use of Modbus Poll after 30 day e...

Страница 39: ...s Poll Connection Setup 5 On the window Mbpoll1 select multiple cells from row 0 to row 2 by clicking on cells in second column of row 0 and row 2 while holding the shift key as shown in Figure 2 37 F...

Страница 40: ...al Page 40 of 191 down menu and choosing the Hex as shown in Figure 2 38 Figure 2 38 Set Display Mode to Hex in Modbus Poll 7 Click on the Setup pull down menu and choose Read Write Definition as show...

Страница 41: ...e Modbus Poll function as shown in Figure 2 40 which should match the Modbus Address 1 entered in Figure 2 33 in Section 2 3 9 Modbus Setting Figure 2 40 Slave ID in the Modbus Poll Function is set to...

Страница 42: ...03 in the Modbus Poll Function 10 Set starting Address to 81 and Quantity to 2 as shown in Figure 2 42 Figure 2 42 Setup Starting Address and Quantity in Modbus Poll 11 Click OK button to read the IP...

Страница 43: ...witch s Port Count Statistics Figure 2 44 Mapping Table of Modbus Address for Clearing Port Statistics 1 Check the switch s Port TX RX counts in Port Statistics page described in Section 2 5 4 as show...

Страница 44: ...oduct Manual Page 44 of 191 Figure 2 47 Use Modbus Poll to Clear Switch s Port Count 4 Check Port Statistics described in Section 2 5 4 in the managed switch s Web UI as shown in Figure 2 48 The packe...

Страница 45: ...an configure PTP and check its status The lower part of Figure 2 49 allows the users to enable or disable the PTP function per port and check their current status To enable PTP on the managed switch p...

Страница 46: ...ebpage example taken from EH75XX series Table 2 9 Description of PTP Setting Label Description Factory Default State Enabled Disable the PTP function This is the main option that needs to be enabled s...

Страница 47: ...hm BMCA 0 highest priority 255 lowest priority 128 UTC Offset Coordinated Universal Time UTC offset value 0 Offset to Master The offset time to the master clock None Grandmaster UUID The Grandmaster U...

Страница 48: ...lgorithms for integrity checking Examples of secure hash functions algorithms which are MAC algorithms in SSH version 2 are the Message Digest algorithm5 MD5 and Secure Hash Algorithm 1 SHA 1 6 Suppor...

Страница 49: ...the option to update it on the managed switch Figure 2 52 HTTPS Setting Webpage 2 3 14 DIP Switch This subsection reports the status of the DIP switch on the top of managed switch s housing Figure 2 5...

Страница 50: ...before packets in Q6 and packets in Q6 will all be sent first before packets in Q5 and so on in this order Weighted Round Robin WRR is the simplest approximation of generalized processor sharing GPS I...

Страница 51: ...oS only or Both 802 1p CoS and DiffServ For 802 1p CoS only switch only checks Layer 2 L2 802 1p CoS priority bits whilefor DiffServ switch checks DiffServ Code Point DSCP for header mapping The defau...

Страница 52: ...ty queue from Q0 to Q7 that a specific Ethernet frame needs to be assigned into 2 4 1 3 DSCP Mapping DiffServ ToS stands for Differentiated Services Type of Services It is a networking architecture th...

Страница 53: ...priority and 0 is the lowest priority After assigning any new priority to a DSCP please click the Update button at the bottom of the page to allow the new mapping to take effect Figure 2 57 Mapping Ta...

Страница 54: ...g data rate of storm packets that can be controlled for each Port which are DLF Multicast and Broadcast Note that the value must be in multiples of 64kbps See notes below for the detailed description...

Страница 55: ...5 Port related settings Atop s industrial managed switch provides full control on all of its network interfaces In this section the users can enable or disable each port and set preferred physical la...

Страница 56: ...tion Each port can set the Flow Control mechanism to either On or Off on the sixth column This flow control will be useful to avoid packet loss when there is a network congestion However the Flow Cont...

Страница 57: ...transmission rates for the incoming Ingress traffic Note that the unit is in kilo bits per second Kbps 0 Disabled Egress Sets limits on its transmission rates for the incoming Ingress traffic Note th...

Страница 58: ...istics The Port Statistics are summarized in this webpage as shown in Figure 2 63 The users can use this subsection to help them diagnose the problem such as link quality of each port The key statisti...

Страница 59: ...at the electrical power is delivered along with data over the Ethernet cables This will be useful for the end devices that are located in the area that has no power supply and the users can save addit...

Страница 60: ...ged Ethernet Switch User Manual Heading 1 Product Manual Page 60 of 191 Figure 2 65 PoE Setting Webpage example on EH7506 4PoE 2SFP Note that the number of ports depends of the EH model of the user s...

Страница 61: ...Figure 2 66 PoE Status Webpage example on EHG7508 8PoE Table 2 16 Descriptions of PoE Status Label Description Factory Default Port Port number Enable Status Enable or Disable PoE function Enable Pow...

Страница 62: ...efault Detect Total Power Value Set the total power value in Wattswhich will trigger alarm event Note that the value 0 means that the alarm event will not trigger 0 Enable Check the box s to enable al...

Страница 63: ...unication Figure 2 68 shows the Trunking dropdown menu Figure 2 68Trunking Dropdown Menu 2 7 1 Trunking Setting In this subsection the user can create new trunking assignment s and remove existing tru...

Страница 64: ...LACP packets will be sent within a multicast group MAC address If LACP finds a device on the other end of the link that also has LACP enabled it will also independently send packets along the same li...

Страница 65: ...are summarized in Table 2 18 Table 2 18 Descriptions of Trunking Settings Label Description Group ID Up to 8 trunk groupscan be created Trk1 TrkXX Note that it is not possible to mix Fast Ethernet po...

Страница 66: ...us provides information per port which are port number status of LACP group ID and LACP partner Table 2 19 explains the descriptions of LACP status To change system priority enter the desired number i...

Страница 67: ...dress age out manually Note that the age out period is a duration of time that a learned MAC address will be maintained in the MAC address table before it was removed to save the memory The MAC addres...

Страница 68: ...ss which can be either Unicast or Multicast MAC Address Step 2 Specify VLAN ID VLAN Step 3 Select the ports to apply this static MAC address Use Ctrl key to add more than one port Step 4 Click on Add...

Страница 69: ...dressby clicking on this button Remove Click on this button to remove existing static MAC address in the table 2 8 2 MAC Filter As discussed earlier the managed switch also allows users to set MAC fil...

Страница 70: ...onds in the following field Note that the default value of age out timeis 300seconds In the managed switch a MAC address table is stored in the memory to map a MAC address and a port number to forward...

Страница 71: ...descriptions of the MAC Address table are summarized in Table 2 22 Figure 2 76 MAC Table Webpage Note The static multicast address can be set from Add Static MAC Section 2 8 1 in Unicast Multicast MA...

Страница 72: ...er end stations and switches that can be reached at a given time Specific rules are used to modify set of participants in the network topology or so called reachability tree GVRP GARP VLAN Registratio...

Страница 73: ...oup Table 2 9 2 GARP Setting Figure 2 79 shows GARP Setting webpage where different Timers Join Leave and LeaveAll can be set All devices that are exchanging attributes must set these timers to the sa...

Страница 74: ...VRP is enabled the switch which is an end node of a network needs to add static VLANs locally Others switches can dynamically learn the rest of the VLANs configured elsewhere in the network via GVRP F...

Страница 75: ...tatistics Clears all GVRP statistics counts Clears the record 2 9 4 GMRP Setting The users can use this subsection to enable GMRP and enable GMRP for all ports or specified port s and trunking group s...

Страница 76: ...ble or disable GMRP by enabling the checkbox To enables GMRP the switch must be in 802 1q VLAN mode Disabled Port You can enable or disable GMRP on specified ports by clicking the corresponding checkb...

Страница 77: ...he links of the managed switch which do not need them Therefore IGMP snooping enables the managed switch to only forward multicast traffic to the links that have requested it For IPv6 network Multicas...

Страница 78: ...lay the port that is connected to multicast router NOTE IGMP Proxy works as an intermediate server as shown in Figure 2 86 When it receives a membership query message from the router it sends a member...

Страница 79: ...iew the number of IGMP packets in different categories Rx Total Rx Valid Rx Invalid Rx General Queries Tx General Queries Rx Group Specific Queries Tx Group Specific Queries Rx Leaves Tx Leaves Rx Rep...

Страница 80: ...r of IGMP s Membership General Query packets received by the managed switch Tx General Queries Number of IGMP s Membership General Query packets transmitted by the managed switch Rx Group Specific Que...

Страница 81: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 81 of 191...

Страница 82: ...rmation on each table please click on the Refresh button Figure 2 89 IGMP s IP Multicast Table Webpage Figure 2 90 shows examples of IGMP membership table and IP multicast table Note that the display...

Страница 83: ...number 2 3 and 6 in the group The following procedures outline how to add a new IP multicast group For example an IP multicast group address is224 1 1 1 and the joining ports are Port1 Port2 and Port5...

Страница 84: ...ast listeners Note that MLD is an asymmetric protocol in which it specifies different behaviours for multicast liteners and for routers or managed switches in our case The MLD section which is under t...

Страница 85: ...260 seconds Fifth the user can specify the amount of time that a multicast group will remain in the switch after the switch receives a done message of the multicast group without receiving a node lis...

Страница 86: ...rticular entry The Reports column displays the number of group reports for that multcast group The Port Listener column lists the Port number for each entry To get the latest update information on eac...

Страница 87: ...ber of MLD s Membership General Query packets transmitted by the managed switch Rx Group Specific Queries Number of MLD s Membership Group Specific Query packets received by the managed switch Tx Grou...

Страница 88: ...k parameters The Atop s managed switch support SNMP and can be configured in this section SNMP setting has four categories under the same webpage and its dropdown menu is shown in Figure 2 98 which ar...

Страница 89: ...only or read write all For example in our default setting as shown in Figure 2 100 an SNMP agent which is a network management software module residing on the managed switch can access all objects wit...

Страница 90: ...ode after sending SNMP inform requests switch will resends inform request if it does not receive response within 10 seconds The switch will try to re send three times This option allows users to confi...

Страница 91: ...n or User Then the authentication password with a maximum length of 31 characters has to be entered in the Auth Password field and re entered again in the Confirmed Password field Note that if no pass...

Страница 92: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 92 of 191 Confirmed Key Re type the Encryption Key NULL...

Страница 93: ...d by IEEE 802 1D 2004 is also supported in ATOP s managed switches It is an evolution of the STP but it is still backwards compatible with standard STP RSTP has the advantage over the STP When there i...

Страница 94: ...behind the Enabled option The users can fine tune the Priority Maximum Age Hello Time and Forward Delay Additonally the BPDU Guard option can also be enabled by checking the box behind the BPDU Guard...

Страница 95: ...2 Forward Delay Specify the time spent in the listening and learning states in seconds The value is in between 4 to 30 15 Max Hops Only for MSTP The value is between 1 to 255 120 Revision Level Only f...

Страница 96: ...r port Setting for STP and RSTP 2 12 2 Bridge Info Bridge Info information provides the statistical value of spanning tree protocol as shown in Figure 2 108 The information is further divided into two...

Страница 97: ...User Manual Heading 1 Product Manual Page 97 of 191 Table 2 34 and Table 2 35 summarize the descriptions of each entry in the root information table and topology information table respectively Figure...

Страница 98: ...e duration that the switch will be in learning and listening states before a link begins forwarding 0 Table 2 35 Bridge Topology Information Label Description Factory Default Root Port A forwarding po...

Страница 99: ...port Path Cost Config Setting path cost default 0 meaning that using the system default value depending on link speed 0 Actual The actual value path cost For STP and RSTP please see Note 1 below and T...

Страница 100: ...rity 4 bits ID Interface number 12 bits The default port priority is 128 2 12 4 MSTP Instance MSTP enables the grouping and mapping of VLANs to different spanning tree instances Therefore an MST Insta...

Страница 101: ...lue from 1 to 63 CIST VID Enter a value for VLAN ID between 1 to 4094 Priority Enter a value for priority value for the managed switch between 0 61440 The lower value means the higher priority If the...

Страница 102: ...ely through software Also VLAN provides extra security because devices within a VLAN group can only communicate with other devices in the same group For the same reason VLAN can help to control networ...

Страница 103: ...efault value is VID 1 Note that the ID can be the number from 1 to 4096 If the users change the management VLAN ID to other number please click the Update button to set it on the managed switch Figure...

Страница 104: ...sh the frame from untagged frames The next 3 bits is the Tag control information TCI field which refers to the IEEE 802 1p class of service and maps to the frame priority level The next one bit is the...

Страница 105: ...AN ID that will be added in static VLAN table in the switch The VLAN ID is in the range 2 4094 Dependent Member Ports Configure the port to this specific VID All Ports Tagged Ports Configure the port...

Страница 106: ...er the desired PVID value between 2 to 4094 Please click Update button to allow the configuration to take effect on the switch Table 2 41 summarizes the PVID Setting s descriptions Figure 2 116 802 1Q...

Страница 107: ...c Member Ports Indicate the member ports to this VID This entry is created by GVRP discussed in Section 2 9 3 Dependent Dynamic Tagged Ports Indicate the member ports whose outgoing packet is tagged D...

Страница 108: ...LAN For the protocol based VLAN the switch supports 3 Ethernet packet frame types Ethernet II 802 3 LLC and 802 3 SNAP It uses the EtherType field Protocol ID in these frames to assign a VLAN ID for e...

Страница 109: ...g Webpage 2 13 4 2 Group to VLAN Settings The users can add or modify Group ID and for each port or multiple ports in this menu option as shown in Figure 2 121 Group to VLAN Setting is used to map the...

Страница 110: ...ol List ACL Dynamic ARP Inspection DAI Figure 2 122 shows the dropdown menu for security section on the managed switch Figure 2 122 Security Dropdown Menu 2 14 1 Port Security Port Security or static...

Страница 111: ...y Setting Webpage 2 14 1 2 Port Security Add Static MAC The Add Static white list MAC webpage is depicted in Figure 2 124 The users can create a list of MAC address that will be allowed to access the...

Страница 112: ...ial In User Service as the authentication server Authenticator The Authenticator is a network device i e the EH75XX Industrial Managed Switch that acts as a proxy between the supplicant and the authen...

Страница 113: ...The users then have to enter all the required fields to configure the 802 1X Setting which are the IP address of RADIUS server the RADIUS server s port number RADIUS server s accounting port number N...

Страница 114: ...er The range is 0 65535 1813 NAS Identifier Specify the identifier string for 802 1X Network Access Server NAS Max of 30 characters Managed Switch Shared Key A shared key between the managed switch an...

Страница 115: ...scription Factory Default Quiet Period Waiting time between requests when the authorization has failed Range from 10 to 65535 seconds 60 Tx Period Waiting time for the supplicant s EAP response packet...

Страница 116: ...a table display the current status of authorization mode and state of each port on the managed switch To enable the 802 1X security on any of the port s click one of the port or press Ctrl key and cl...

Страница 117: ...rd Dropdown Menu 2 14 3 1 IP Verify Source Setting The IP Verify Source is a dynamic IP Source Guard that creates a Layer 2 packet filtering on each port of the EH75XX The filter types can be IP or IP...

Страница 118: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 118 of 191 Figure 2 130 IP Verify Source Setting Webpage...

Страница 119: ...ive filtering is shown in Figure 2 132 Figure 2 131 IP Verify Source Status Webpage Figure 2 132 Example of IP Verify Source Status 2 14 3 3 IP Source Binding The IP Source Binding is a static IP Sour...

Страница 120: ...rk to link or map the malicious Ethernet MAC address to a legitimate IP address of a victim host node When ARP Spoof Prevention is enabled on EH75XX series the ARP spoof prevention table must also be...

Страница 121: ...on the Remove button for the corresponding entry in the table To remove all of the entries from the table please click on the Remove all button under the ARP Spoof Prevention Table 2 14 5 DHCP Snoopi...

Страница 122: ...ayer The numbers of matching rules can be at most 128 However the main important rules that are mostly exercise are follows Rules for filtering by MAC layer includes MAC address VLAN ID or Ether type...

Страница 123: ...n the Mask its relative bit in the IP address will be compared If the Mask is 0 0 0 0 then this condition is always accepted If the Mask is empty it is considered equal to the Mask of 255 255 255 255...

Страница 124: ...he item value is between 0 65535 Source or Destination IP Addresses IP address are the fields of the IPv4 header The Mask item is a bit mask for comparing range For every non zero bits in the Mask its...

Страница 125: ...ty is as 255 255 255 255 NONE TCP UDP Source Port 0 65535 NONE TCP UDP Destination Port 0 65535 NONE TOS 0 63 NONE Port 1 2 3 4 5 6 7 8 NONE Action Deny Permit NONE The user can Add Modify or Remove e...

Страница 126: ...enable DAI check the Enabled box for DAI option inside the DAI with DHCP box as shown in Figure 2 139 Then check the box under the Trust column for corresponding Port number to configure that port num...

Страница 127: ...ernet Ring using two independent links i e two ways In the Ethernet ring loops can be avoided by guaranteeing that traffic may flow on all but one of the ring links at any time This particular link is...

Страница 128: ...s Enabled checkbox 3 Optionally if the users want the switch to periodically check the status of the neighboring switches on the ring topology using heartbeat packets then the user can check the UERP...

Страница 129: ...e Note This function affects the recovery time to more than 20 ms Disabled Heartbeat Interval Set the Heartbeat Interval Range from 50 to 10000 milliseconds 50 ms RAPS VLAN Create the ring by specifyi...

Страница 130: ...he RPL Port2 RPL Owner Choose to enable Owner Function Disabled RPL Port Select the Owner Port which is either West Port or East Port or None None WTR Timer Set the wait to restore WTR time of the rin...

Страница 131: ...can configure ARPS VLAN Setting according to Table 2 52 Table 2 52 Setting Configuration for Switch A B C and D EHX7XXX A B C D RAPS VLAN 8 8 8 8 ERPS RAPS Enabled Enabled Enabled Enabled West Port 1...

Страница 132: ...en press Update button for the changes to take effect Figure 2 146 Example of Switch A s ERPS settings 5 On Switch A Click Configure button on RAPS VLAN and input settings as shown in Figure 2 147 Fig...

Страница 133: ...ll automatically block Port 8 to prevent a network loop Figure 2 149 Switch A s ERPS state 9 From here on the users can add another bridge between the two managed switches 2 15 2 iA Ring Settings The...

Страница 134: ...2 151 to setup the iA Ring 1 Enable the iA Ring by selecting Enabled from the dropdown list 2 Choose whether the current managed switch is going to be the Ring Master by enabling the Ring Master opti...

Страница 135: ...Webpage Table 2 53 Descriptions of iA Ring Setting Label Description Factory Default iA Ring Enable iA Ring or disable iA Ring Disabled Ring Master Enabled Master Mode Disabled Slave Mode Disabled 1s...

Страница 136: ...ing Port from the dropdown list 3 Select the 2nd Ring Port from the dropdown list 4 Click on the Update button to save the change and allow the configuration to take effect Note that the lower part of...

Страница 137: ...ample 1 of Two Wireless Bridge U ring Example made on EH7520 Second example is illustrated in Figure 2 154 where there are also two EH75XX managed switches On each switch it is connected to two wired...

Страница 138: ...r by enabling the Ring Master option 3 Select the 1st Ring Port from the dropdown list 4 Select the 2nd Ring Port from the dropdown list 5 Optionally set the Heartbeat Expire period which could be bet...

Страница 139: ...e that uses the chain network topology and links the two ends two network devices such as industrial managed switches of the chain to a common LAN This can also be viewed as a form of Ring Topology Th...

Страница 140: ...ing to be the Head Member or Tail of the chain from the dropdown list of Role State 3 If the current switch is the Head switch then select the Head Port from the dropdown list and select the Member Po...

Страница 141: ...d suitable for Industrial Ethernet applications It allows rings of Ethernet switches to overcome any single failure with recovery time much faster than those achievable by Spanning Tree Protocol It su...

Страница 142: ...setting up the MRP Ring on the managed switch Figure 2 158 Example of MRP VLAN Entry Table 2 57 Description of MRP Setting Webpage Label Description Factory Default VLAN MRP Ring VLAN ID Depend Role...

Страница 143: ...he managed switch there may be an error message popping up as shown in Figure 2 160 Therefore the users should disable the ERPS Ring Section 2 15 1 and DIP Switch Control Section 2 3 13 first before s...

Страница 144: ...logy discovery inventory management emergency services VLAN assignment and inline power supply Link Layer Discovery Protocol LLDP section consists of LLDP Setting and LLDP Neighbors as shown in Figure...

Страница 145: ...Figure 2 163 The Neighbor Information table contains Chassis ID Port ID Port Description System Name System Description and Management Address on each Port of the managed switch The users can click on...

Страница 146: ...l that can be used to prevent Layer 2 switching loops in the network The network loop problem usually occurs in Spanning Tree network topology miswiring or malfunction of the network interface UDLD is...

Страница 147: ...r between 30 and 86400 seconds This interval is a time for the switch to try to bring an UDLD port that was disabled back from a reset state The default value is 120 seconds Note that typically UDLD c...

Страница 148: ...ormation about VLAN ID Port Link State and Neighbor Information in each entry The Neighbor Information also consists of Device ID Device Name Port ID and Hello interval An example of UDLD entry is dep...

Страница 149: ...The webpage also displays the Device Name as shown in Figure 2 172 The PROFINET s Packet Priority can also be enabled on this webpage and priority Queue number can also be chosen from the dropdown li...

Страница 150: ...tting section Figure 2 174 Client IP Setting Dropdown Menu 2 19 1 DHCP Relay Agent A DHCP relay agent is a small program that relays DHCP BOOTP messages between clients and servers on different subnet...

Страница 151: ...will remove the option 82 information from the response packet and forward it to the client The Option 82 Type field in Figure 2 175 can be chosen from IP MAC Client ID or Other in the dropdown list...

Страница 152: ...tting or reboot the system device Figure 2 177 shows all the dropdown menus under the System section Figure 2 177 System Dropdown Menu It is important for network administrators to know what s happeni...

Страница 153: ...ble 2 61 Descriptions of System Log Settings Label Description Factory Default EnableLog Event to Flash Checked Saving log event into flash memory The flash memory can keep the log event files even if...

Страница 154: ...te of theoccurred event Time Indicate the time stamp that this event occurred Startup Time Indicate how long the system managed switch has been up since this event occurred Level Indicate the level of...

Страница 155: ...erall functionalities of the switch This webpage allows the users to configure how each type of the event warnings will be sent or notify the users For link status and power status event warnings ther...

Страница 156: ...Disable Disables alarm function Power On Sends an alarm when power is turned on Power Off Sends an alarm when power is turned off Disabled In System Log event warning the user can only send notificati...

Страница 157: ...o remove only the Relay Alarm or click on the Clear All Warning Events to remove all entries in the Warning Events table Figure 2 182 Warning Event Webpage An example of Warning Events table is shown...

Страница 158: ...m can send an alarm message to users by E mail Here the users will be allowed to modify E mail related settings for sending the system event warnings or alarms Port State Power Status and System Log a...

Страница 159: ...encryption mechanism for communication with the SMTP Server Disable Unchecked Username Set the user name or account name to login Max 31 characters NULL Password Set the account password for login Ma...

Страница 160: ...processing in an infinite loop A vulnerable machine will crash and freeze due to the packet being repeatedly processed by the TCP stack To enable disable the protection against the Local Area Network...

Страница 161: ...ulting in server unavailability To enable disable the protection against the ICMP DoS attack click Enabled box on ICMP function Table 2 68 provides descriptions of the Denial of Service Setting Table...

Страница 162: ...me during the firmware upgrade Figure 2 188 Firmware Update Webpage 2 20 6 1 TFTP Trivial File Transfer Protocol TFTP is designed to be small and easy to implement The users are allowed to upload conf...

Страница 163: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 163 of 191 click on the Update button to set this feature Figure 2 189 Backup Restore Configuration via TFTP...

Страница 164: ...upload Switch configuration to the remote TFTP server Option 66 67 Enable this option to allow the managed switch to learn of TFTP Server Name and the filename to be used from a DHCP packet Disable U...

Страница 165: ...hassis Please contact Atop Technologies to obtain the cable is needed This method is similar to the web browser one The options are the same so users can take the same procedures as those examples in...

Страница 166: ...ileges Users with operator privileges may only view the information while those with manager privileges are allowed to view information and configure settings Operator and manager privileges are initi...

Страница 167: ...scription of the keywords Switch config ip Address Set IP address and subnet mask default gateway Set default gateway IP address dns Set DNS IP address Users may use the Tab key to do keyword auto com...

Страница 168: ...also used by the web user interface web browser method of configuration 3 4 Command Example The serial console is another method to add delete change configuration same as the web browser method These...

Страница 169: ...nd in Chapter 2 of this manual Table 3 2 Descriptions of Administrative Commands for Setting Up Command Description sntp IP add before utc after utc 0 24 hours Starts SNTP service no dhcp Enable or di...

Страница 170: ...Set forward delay time to20 seconds Spanning tree hello time 1 10 Set hello time in seconds Spanning tree maximum age 6 40 Set the maximum age of the spanning tree in seconds Spanning tree priority 0...

Страница 171: ...ting System Note that only users with administrator admin access right as configured in Section 2 3 1 can use telnet to login to the device 4 2 Telnet Log in After the command line terminal is opened...

Страница 172: ...ar to the serial console methods Please refer to Chapter 3 for more information on configuration 4 4 Commands in the Privileged Mode When users do not know the commands to use for the command line con...

Страница 173: ...ocol copy Copy configuration cring Compatible Ring configuration disable Turn off the privileged mode command dscp mapping DSCP mapping information dhcp DHCP information dot1x 802 1x information dipsw...

Страница 174: ...n port Port information ping Send ICMP ECHO_REQUEST to network hosts ptp PTP information qos QoS information radius server Radius server information show Show information of the current running system...

Страница 175: ...he first icon called Rescan on the icon bar to search for the device connected to the same subnet as the Device Management Utility Figure 5 2 Depicts the Search icon Figure 5 2 Rescan Search Icon To p...

Страница 176: ...shown in Figure 5 5 The users can enable the DHCP options by checking the box in front of DHCP Obtain an IP automatically option This will allow the device to get its new IP address and other network...

Страница 177: ...P address was change the users may need to search for the device again using the Rescan icon or the first icon on the icon bar 5 2 Topology Diagram Device management Utility comes with a visualization...

Страница 178: ...mber and the MAC address of the device that is currently connecting to the EH75XX switch Please select Show Information menu under the File pulldown menu Figure 5 9 shows the result of additional info...

Страница 179: ...der the Firmware pulldown menu can also perform this task Figure 5 10 Upgrade from Disk Firmware Update Icon Figure 5 11 shows the dialog for Download Firmware from Disk The window displays the curren...

Страница 180: ...which are not going to a local partner are sent to the gateway The gateway takes care of communication with the remote network IEEE Institute of Electrical and Electronics Engineers IGMP Internet Grou...

Страница 181: ...y of Service RADIUS Remote Authentication Dial In User Service is an authentication and monitoring protocol on the application level for authentication integrity protection and accounting for network...

Страница 182: ...e d Word 3 Lo byte Word 4 Hi byte S Word 4 Lo byte w Word 5 Hi byte i Word 5 Lo byte t Word 6 Hi byte c Word 6 Lo byte h Word 7 Hi byte Word 7 Lo byte E Word 8 Hi byte H Word 8 Lo byte 7 Word 9 Hi byt...

Страница 183: ...OK Hi byte 0x01 Power 1 Fail Hi byte 0x00 Power 2 OK Low byte 0x01 Power 2 Fail Low byte 0x00 IP Information 0x0050 80 1 word R DHCP Status 0x0000 Disabled 0x0001 Enabled 0x0051 81 2 words R IP Addres...

Страница 184: ...ation 0x0600 1536 64 words R 5st Warning Event Information Port Status 0x1000 4096 5 words R Port Status 0x0000 Disabled 0x0001 Enabled Word 0 Hi byte Port 1 Status Word 0 Lo byte Port 2 Status Word 1...

Страница 185: ...80 4224 5 words R Port Flow Control Status disabled 0x00 Status enabled 0x01 Word 0 Hi byte Port 1 Status Word 0 Lo byte Port 2 Status Word 1 Hi byte Port 3 Status Word 1 Lo byte Port 4 Status Word 2...

Страница 186: ...ort 1 0xFFFF Word 0 1 2 3 Port 1 good packets Word 4 5 6 7 Port 2 good packets Word 8 9 10 11 Port 3 good packets Word 12 13 14 15 Port 4 good packets Word 16 17 18 19 Port 5 good packets Word 20 21 2...

Страница 187: ...RX Word 0 of Port 1 0x0000 Word 1 of Port 1 0x002E Word 2 of Port 1 0xEEE1 Word 3 of Port 1 0xFFFF Word 0 1 2 3 Port 1 good packets Word 4 5 6 7 Port 2 good packets Word 8 9 10 11 Port 3 good packets...

Страница 188: ...t Ex 3st West Port Port 2 Word 2 0x0002 0x0001 Port 1 0x0002 Port 2 0x000A Port 10 0x000C Trk1 0x000D Trk2 0x000E Trk3 0x000F Virtual Channel 0x00FF VLAN ID exist but no West Port be Selected 0xFFFF E...

Страница 189: ...rd 0 1st VLAN ID East Port Status Word 1 2st VLAN ID East Port Status Word 2 3st VLAN ID East Port Status Word 3 4st VLAN ID East Port Status Word 4 5st VLAN ID East Port Status 0x2270 8816 5 words R...

Страница 190: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 190 of 191 0x000A Port 10 0xFFFF iA Ring not enable...

Страница 191: ...ogies Inc www atoponline com TAIWAN HEADQUARTER and INTERNATIONAL SALES 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Tel 886 3 550 8137 Fax 886 3 550 8131 sales atop com...

Отзывы:

Нет отзывов