manualshive.com logo in svg

Atop EH9711 Series, Руководство пользователя

Поделиться
Скачать
Atop EH9711 Series Скачать руководство пользователя страница 60

Industrial Managed 
Ethernet Switch – EH9711 

User Manual 

 

 

Page 

60

 of 

223

 

 

This feature provides access control on a port basis. There are two types of authentications: 

IEEE 802.1X

 and 

MAC-based

The  802.1X  supports 

Port-based  802.1X

  authentication  type.  The  following  three  terms  are  used  in  the  802.1X  context: 

Supplicant

,

 Authenticator, 

and the 

Authentication server

. The Supplicant is the client (PC) with some 801.1X software, where 

the Authenticator is the switch, and the Authentication server is such as a RADIUS server. The supplicant/client is connected 
to the authenticator/switch on some port, and the authenticator can reach an authentication server. The idea is that the supplicant 
wants access to the port, so it sends an 

Extensible Authentication Protocol over LAN

 (EAPoL) message to the authenticator, 

which in turn asks the authenticator server if this supplicant can be accepted. Then the authenticator opens the port for the 
supplicant, and communication can begin. Depending on how the authenticator is configured, this process behaves in different 
ways.  

In 

Port-based 802.1X

, if the supplicant S is on network N (connected to the authenticator on Port A) and S opens Port A, then 

everyone on network N will have access. However, only the supplicant that opened the port on the authenticator is allowed to 
transmit and receive packets. This is done through the MAC address of the supplicant.  

A  supplicant  can  be  seen  as  a  combination  of  a  client  and  a  supplicant  component  (that  takes  care  of  negotiating  the  port 
opening when the client transmits the first packet). This embedded supplicant component then uses the MAC address of the 
client as the username and password in the form aa-bb-cc-dd-ee-ff. This has the advantage that the client does not need to have 
supplicant software.  
 
The 

Configuration

Security

Network

NAS

 (Network Access Server) webpage as shown in Figure 2.54 allows the user 

to configure the IEEE 802.1X and MAC-based authentication system and port settings. The NAS configuration consists of two 
sections: a system- (

System Configuration

) and a port-wide (

Port Configuration

). Table 2.35 provides detailed descriptions 

of options for both System Configuration and Port Configuration.   

 

Figure 2.54 Webpage

 

to Configure Network NAS

 

 

Table 2.35 Descriptions of Network NAS 

Label 

Description 

Factory Default 

System Configuration 

Mode 

Indicates if NAS is globally enabled or disabled on the switch. If globally 
disabled, all ports are allowed forwarding of frames. 

Disabled 

Reauthentication 
Enabled 

If checked, successfully authenticated supplicants/clients are 
reauthenticated after the interval specified by the Reauthentication Period. 
Reauthentication for 802.1X-enabled ports can be used to detect if a new 

Unclicked 

Содержание EH9711 Series

Страница 1: ...rial Managed Ethernet Switch User Manual V0 4 October 21th 2022 This PDF Document contains internal hyperlinks for ease of navigation For example click on any item listed in the Table of Contents to g...

Страница 2: ...Ethernet Switch EH9711 User Manual Page 2 of 223 Published by Atop Technologies Inc 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Tel 886 3 550 8137 Fax 886 3 550 8131 w...

Страница 3: ...n subsequent editions Suggestions for improvement are welcome All other product s names referenced herein are registered trademarks of their respective companies Preface This manual contains some adva...

Страница 4: ...5 Security 37 2 5 1 Switch 37 2 5 2 Network 56 2 5 3 AAA 82 2 6 Aggregation 85 2 6 1 Common 86 2 6 2 Groups 86 2 6 3 LACP 87 2 7 Spanning Tree 88 2 7 1 Bridge Settings 89 2 7 2 MSTI Mapping 90 2 7 3 M...

Страница 5: ...4 Routing Info Base 161 3 1 5 IPv6 Routing Info Base 162 3 1 6 Log 163 3 1 7 Detailed Log 164 3 1 8 Power Status 165 3 1 9 Digital Input 165 3 2 Ports 165 3 2 1 State 165 3 2 2 Traffic Overview 166 3...

Страница 6: ...e 2 5 System Information Configuration Webpage 17 Figure 2 6 Webpage to Configure System s IP Information 18 Figure 2 7 Webpage to Configure System s IP Configuration 19 Figure 2 8 Webpage to Configur...

Страница 7: ...gure Network Port Security MAC Addresses 59 Figure 2 54 Webpage to Configure Network NAS 60 Figure 2 55 Access Control List s Submenus 66 Figure 2 56 Webpage to Configure Network ACL Ports 66 Figure 2...

Страница 8: ...re 2 110 Traffic Mirroring Operation 135 Figure 2 111 Webpage to Configure Mirroring 136 Figure 2 112 Webpage to Detailed Configure Mirroring for Session ID 137 Figure 2 113 Webpage to Configure PTP 1...

Страница 9: ...bpage to Monitor LLDP Neighbour Information 199 Figure 3 53 Webpage to Monitor LLDP Global and Statistics Local Counters 200 Figure 3 54 Webpage to Monitor PTP External Clock Mode and Clock Configurat...

Страница 10: ...SNMP Trap Source Configurations 47 Table 2 24 Descriptions of SNMP Community Configurations 48 Table 2 25 Descriptions of SNMP Users 49 Table 2 26 Descriptions of SNMP Groups 50 Table 2 27 Descriptio...

Страница 11: ...onfiguration 115 Table 2 81 Descriptions of Group name to VLAN Mapping Table Configuration 116 Table 2 82 Descriptions of IP Subnet based VLAN Configuration 117 Table 2 83 Descriptions of Port Classif...

Страница 12: ...0 Monitoring Descriptions of Aggregation Status 189 Table 3 31 Monitoring Descriptions of LACP System Status 190 Table 3 32 Monitoring Descriptions of LACP Internal Port Status 190 Table 3 33 Monitori...

Страница 13: ...al switch is designed to perform in harsh industrial environments i e extreme temperature high humidity dusty air potential high impact or the presence of potentially high static charges Atop s manage...

Страница 14: ...rm Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Virtual Local Area Network VLAN IEEE 802 1x Extensible Authentication Protocol EAP Remote Authentic...

Страница 15: ...h s functions It is recommended to use Microsoft Edge 103 Firefox 44 Chrome 48 or later versions Below is a list of default factory settings This information will be used during the login process Make...

Страница 16: ...e enter the new username and password again until it is correct Or users can simply click the Cancel button to forfeit the process 5 If the login process was success the user will be presented with th...

Страница 17: ...naged switch model Please click the Save button to update the information on the switch Clicking on the Reset button will undo any changes made locally and revert to previously save values Table 2 1 s...

Страница 18: ...guration part is related to how the managed switch will be operated as Host The IP Interfaces part is related to IP Address configuration and DHCP configuration for both IPv4 and IPv6 Finally the IP R...

Страница 19: ...interface a provided DNS server should be preferred From any DHCPv6 interfaces The first DNS server offered from a DHCPv6 lease to a DHCPv6 enabled interface will be used From this DHCPv6 interface S...

Страница 20: ...Address The IPv4 address of the interface in dotted decimal notation If DHCP is enabled this field configures the fall back address The field may be left blank if IPv4 operation on the interface is n...

Страница 21: ...ng IPv6 interface is valid If the IPv6 gateway address is link local it must specify the next hop VLAN for the gateway If the IPv6 gateway address is not link local system ignores the next hop VLAN fo...

Страница 22: ...n address of NTP Server Switch will locate the 4th NTP Server if the 3rd NTP Server fails to connect NULL Server 5 Sets the fifth IP or Domain address of NTP Server Switch will locate the 5th NTP Serv...

Страница 23: ...that the daylight saving will be repeated only on the specified years Table 2 8 summarizes the descriptions of options in daylight saving time configuration Note Daylight Saving Time In certain region...

Страница 24: ...g hour Minutes Select the starting minute End time settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes Select the e...

Страница 25: ...tch provides DNS feature it also can be a domain name NULL Syslog Level Indicates what kind of message will send to syslog server Possible modes are Error Send the specific messages which severity cod...

Страница 26: ...nge back to the previously saved values Figure 2 14 Webpage to Configure System Alert Table 2 10 summarizes the Power Status Alarm event selection Table 2 10 Descriptions of Power Status Alarm Event S...

Страница 27: ...the subject of email so that it can be easily distinguishable from the other e mails At last users can edit e mail addresses of all four recipients in the order shown in the e mail After entering all...

Страница 28: ...mail address NULL E mail Address of 3rd Recipient Set the third receiver s E mail address NULL E mail Address of 4th Recipient Set the fourth receiver s E mail address NULL Save Save these modificatio...

Страница 29: ...ield will show down Configured Selects any available link speed for the given switch port Only speeds supported by the specific port is shown Possible speeds are Disabled Disables the switch port oper...

Страница 30: ...tings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed NOTICE The 100FX standa...

Страница 31: ...lem users may use the Holdoff timer If the fault occurs the fault is not immediately sent to ERPS until the Holdoff timer expires If an RPL owner port is unblocked due to a link or node recovery after...

Страница 32: ...lush PDUs whenever this sub ring s topology changes Port0 Port1 Interface Interface index of ring protection Port0 Port1 Port0 Port1 SF Selects whether Signal Fail SF comes from the link state of a gi...

Страница 33: ...whether the ring referenced by Interconnect Instance shall propagate R APS flush PDUs whenever this sub ring s topology changes Unclicked Port If Port0 Select which port on the managed switch will be...

Страница 34: ...n to return to the previous page any changes made locally will be undone 2 4 DHCPv4 Atop s EH9711 managed switch can act as a DHCPv4 Dynamic Host Configuration Protocol over IP version 4 server in the...

Страница 35: ...allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Disabled Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures...

Страница 36: ...e not in the same subnet domain And the DHCP broadcast message won t be flooded for security considerations Disabled Disable DHCP relay mode operation Disabled Relay Server Enter an IPv4 address of th...

Страница 37: ...enus for each of these main security configuration parts as shown in Figure 2 24 Figure 2 24 Configuration Security Menu 2 5 1 Switch The first submenu under Configuration Security is the Switch menu...

Страница 38: ...he read write access When users first enter this Users Configuration webpage users will see an overview of the current users The user overview webpage consists of User Name and Privilege Level columns...

Страница 39: ...31 The valid user name allows letters numbers and underscores NULL Password The password of the user The allowed string length is 0 to 31 Any printable characters including space is accepted NULL Pass...

Страница 40: ...me Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection IP source guard IP Everything except ping Port Everyth...

Страница 41: ...ation Method configuration and Accounting Method Configuration webpage as shown in Figure 2 30 In the Authentication Method Configuration users can configure how a user is authenticated when he she lo...

Страница 42: ...entication it is recommended to configure secondary authentication as local This will enable the management client to login via the local user database if none of the configured authentication servers...

Страница 43: ...Mode Automatic Redirect Certificate Maintain and Certificate Status In the Mode field users can select Enabled Disabled the HTTPs mode In the Automatic Redirect field users can select to Enabled Disab...

Страница 44: ...d to the browser You need to initialize the HTTPS connection manually for this case Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Disab...

Страница 45: ...Atop s managed switch support SNMP and can be configured in this section In this submenu SNMP system can be configured as shown in Figure 2 34 There are two fields here Mode and Engine ID In Mode use...

Страница 46: ...n 3 Destination Address Indicates the SNMP trap destination address It allows a valid IPv4 address in dotted decimal notation x y z w It also allows a valid hostname A valid hostname is a string drawn...

Страница 47: ...values Table 2 23 provides descriptions of the SNMP Trap Source Configurations Figure 2 37 Webpage to Configure SNMP Trap Sources Figure 2 38 Adding New Entry to SNMP Trap Sources Table 2 23 Descript...

Страница 48: ...ues Typically an SNMP agent which is a network management software module residing on the managed switch can access all objects with read all only permissions using the string public Another setting e...

Страница 49: ...entry It will be deleted during the next save Engine ID An octet string identifying the engine ID that this entry should belong to The string must contain an even number in hexadecimal format with nu...

Страница 50: ...and the allowed content is ASCII characters from 33 to 126 Null 2 5 1 11 SNMP Groups Figure 2 42 shows SNMPv3 Group Configuration webpage It contains SNMPv3 group table The entry index keys are Securi...

Страница 51: ...Type Indicates the view type that this entry should belong to Possible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indi...

Страница 52: ...d no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy NoAuth NoPriv Read View Name The name of the MIB view defining the MIB objects for which this request may re...

Страница 53: ...witch the value must add 1000000 switch ID 1 for example if the port is switch 3 port 5 the value is 2000005 1 3 6 1 2 1 2 2 1 1 0 2 5 1 15 RMON History Figure 2 47 shows RMON Remote Network Monitorin...

Страница 54: ...try index key is ID for RMON alarm table Click Add New Entry button to add a new RMON alarm entry to the table as shown in Figure 2 49 Table 2 31 describes the column labels of the RMON alarm table Pl...

Страница 55: ...Start up Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are RisingTrigger alarm when the first value is larger...

Страница 56: ...of menus under the Security Network Under this section the users can setup security for port network access server NAS access control list ACL IP source guard and ARP Address Resolution Protocol inspe...

Страница 57: ...n turn is connected to a port on this switch on which Port Security is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers dow...

Страница 58: ...change on the port 3 Boot the switch Protect Violation Limit The maximum number of MAC addresses that can be marked as violating on this port This number cannot exceed 1023 Default is 4 It is only use...

Страница 59: ...the MAC address table if present and the running config Notice that dynamic entries may be removed all together on an interface through Monitor Security Port Security Switch and one by one through Mon...

Страница 60: ...e port on the authenticator is allowed to transmit and receive packets This is done through the MAC address of the supplicant A supplicant can be seen as a combination of a client and a supplicant com...

Страница 61: ...between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry 300 Hold Time This setting applies to...

Страница 62: ...onsiders whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not bee...

Страница 63: ...by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the fo...

Страница 64: ...inistrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X For trouble shooting VLAN assignments use th...

Страница 65: ...state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in F...

Страница 66: ...cted in Figure 2 56 The ACL Ports configuration is used to assign a Policy ID to an ingress port This is useful to group ports to obey the same traffic rules Traffic Policy is created under the Access...

Страница 67: ...and the System Log memory size and logging rate is limited Disabled Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the por...

Страница 68: ...the end of the table a set of parameters are listed as three tables under the ACE Configuration webpage as shown in Figure 2 59 In Figure 2 58 users can select auto refresh option by checking the Auto...

Страница 69: ...t ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Any Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching t...

Страница 70: ...rt Select the ingress port for which this ACE applies All The ACE applies to all port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the poli...

Страница 71: ...the logging message doesn t include the 4 bytes CRC information The allowed values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Not...

Страница 72: ...Any Table 2 42 Description of ACL Configuration with ARP Parameters Label Description Factory Default ARP RARP Specify the available ARP RARP opcode OP flag for this ACE Any No ARP RARP OP flag is spe...

Страница 73: ...hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames where the HLN is not equal to Ethernet 0x06 or the PLN is not equal to IPv4 0x04 1 ARP RARP frames where the HLN...

Страница 74: ...appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear Any SIP Address When Host or Network is selected...

Страница 75: ...ast 32 bits For example if the SIPv6 address is 2001 3 and the SIPv6 bitmask is 0xFFFFFFFE bit 0 is don t care bit then SIPv6 address 2001 2 and 2001 3 are applied to this rule Hop Limit Specify the h...

Страница 76: ...e The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP UDP Destination Range When Range is selected for the TCP UDP destination filter you can enter a...

Страница 77: ...Type value The allowed range is 0x600 to 0xFFFF but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 A frame that hits this ACE matches this EtherType value 2 5 2 7 IP Source Guard IP Source Guard is a...

Страница 78: ...ew entry to the IP Soruce Guard table as shown in Figure 2 61 The maximum number of rules is 112 on the switch Table 2 49 summarizes the column labels for Static IP Source Guard Table Figure 2 61 Webp...

Страница 79: ...nfigure Network ARP Inspection Port Table 2 50 Descriptions of ARP Inspection Port Configuration Label Description Factory Default ARP Inspection Configuration Mode Enable the Global ARP Inspection or...

Страница 80: ...hange the number of visible entries through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed wil...

Страница 81: ...labels of Static ARP Inspection Table Figure 2 65 Webpage to Configure Network ARP Inspection Static Table Table 2 52 Descriptions of Static ARP Inspection Table Label Description Factory Default Del...

Страница 82: ...ss User IP address of the entry 0 0 0 0 Translate to static Select the checkbox to translate the entry to static entry Click Save button to save changes Click Reset button to undo any changes made loc...

Страница 83: ...protocol for authentication and authorization It is a distributed security system that secures remote access to networks and network services against unauthorized access The RADIUS specification is de...

Страница 84: ...you can change the setting overrides the global key Leaving it blank will use the global key Null After clicking on the Add New Server button to add a new RADIUS server an empty row is added to the ta...

Страница 85: ...delete a TACACS server entry check this box The entry will be deleted during the next Save Hostname The IPv4 IPv6 address or hostname of the TACACS server Null Port The TCP port to use on the TACACS...

Страница 86: ...AC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled Unche...

Страница 87: ...Save button to save changes Click Reset button to undo any changes made locally and revert to previously saved values 2 6 3 LACP The users have an option to enable Link Aggregation Control Protocol LA...

Страница 88: ...etwork when there are multiple connections or redundant paths between two network switches or at least two ports are connected on both sides of the two network switches The switching loop can create a...

Страница 89: ...dant links The following subsections describe how to setup the spanning tree protocol STP rapid spanning tree protocol RSTP and Multiple Spanning Tree Protocol MSTP The Spanning Tree menu consists of...

Страница 90: ...to 40 hops 20 Transmit Hold Count The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per se...

Страница 91: ...T s MAC address Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 0 MSTI Mapping MSTI The bridge instances The CIST is not available...

Страница 92: ...ce which is always active Priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of...

Страница 93: ...perEdge true than for other ports The value of this flag is based on AdminEdge and AutoEdge fields This flag is displayed as Edge in Monitor Spanning Tree STP Detailed Bridge Status Non Edge Auto Edge...

Страница 94: ...r Spanning Tree STP Detailed Bridge Status Non Edge Auto Edge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU...

Страница 95: ...78 The updated page contains MSTI port settings for physical and aggregated ports Table 2 64 summarizes the descriptions of MSTI Port Configuration Figure 2 77 Webpage to Configure MSTI of Spanning Tr...

Страница 96: ...Figure 2 79 Configuration IPMC Menu 2 8 1 IGMP Snooping IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol mu...

Страница 97: ...ve Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Unclicked Proxy Enabled Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary j...

Страница 98: ...Non Querier Checked Querier Address Define the IPv4 address as source address used in IP header for IGMP Querier election When the Querier address is not set system uses IPv4 management address of th...

Страница 99: ...n a directly attached link much as IGMP is used in IPv4 The protocol is embedded in ICMPv6 instead of using a separate protocol 2 8 2 1 Basic Configuration MLD Snooping Basic Configuration webpage pro...

Страница 100: ...s connected to the specific port Unclicked Throttling Enable to limit the number of multicast groups to which a switch port can belong unlimited Click Save button to save changes Click Reset button to...

Страница 101: ...ed into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted int...

Страница 102: ...out how long time the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10...

Страница 103: ...rt of the LLDP These capabilities are shown as others in the LLDP neighbours table If all interfaces have CDP awareness disabled the switch forwards CDP frames received from neighbour devices If at le...

Страница 104: ...in the system These packets are then processed by the clock selection algorithm and used to select the best clock The transmitted frame is generated based on the QL value of the selected clock source...

Страница 105: ...ly In order to recover clock from port it must be negotiated to Slave mode In order to distribute clock the port must be negotiated to Master mode This different ANEG modes can be activated on a Clock...

Страница 106: ...ree Run Clock Source The clock source locked to when clock selector is in locked state LOL Clock selector has raised the Los Of Lock alarm DHOLD Clock selector has not yet calculated the holdover freq...

Страница 107: ...shown in Figure 2 86 The user can set timeouts for entries called ageing time in the dynamic MAC Table and configure the static MAC table The MAC Address Table Configuration webpage consists of four p...

Страница 108: ...save VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Add...

Страница 109: ...bpage allows the user to control VLAN configuration on the switch The page is divided into a global section and a per port configuration section as shown in Figure 2 88 Table 2 76 and Table 2 77 provi...

Страница 110: ...LAN may add the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN a k a Access VLAN which by default is 1 Accepts untagged a...

Страница 111: ...treated like frames with an S tag If the S port is configured to accept Untagged Only frames S tagged frames will be discarded except for priority S tagged frames C tagged frames are initially consid...

Страница 112: ...s of Access ports can only be member of one VLAN the Access VLAN The field s syntax is identical to the syntax used in the Enabled VLANs field By default a Trunk or Hybrid port will become member of a...

Страница 113: ...specified with a dash separating the lower and upper bound The following example will map VLANs 1 10 11 12 13 200 and 300 1 10 13 200 300 Spaces are allowed in between the delimiters The range of val...

Страница 114: ...rt from the mapping make sure the box is unchecked By default no ports are members and all boxes are unchecked Click Add New Entry button to add a new MAC to VLAN ID mapping entry An empty row is adde...

Страница 115: ...two different sub values a OUI OUI Organizationally Unique Identifier is a parameter in the format of xx xxxx where each pair xx in the string is a hexadecimal value ranging between 0x00 and 0xff b P...

Страница 116: ...as the port lists of these mappings are mutually exclusive e g Group1 can be mapped to VID 1 on port 1 and to VID 2 on port 2 Null VLAN ID Indicates the VLAN ID to which the Group Name will be mapped...

Страница 117: ...gs The maximum possible IP subnet to VLAN ID mappings is limited to 128 Click Save button to save the setting configuration Click Reset button to keep to the original setting Check the Auto refresh bo...

Страница 118: ...he frame is classified to a DPL that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default DPL The classified DPL can be overruled by a QCL entry 0 PCP Contr...

Страница 119: ...her the QoS Control List QCL classification must be based on source SMAC SIP or destination DMAC DIP addresses on this port This parameter is only used when the key type is Normal The allowed values a...

Страница 120: ...check the corresponding boxes in the table in Figure 2 96 Table 2 85 describes the labels in QoS Ingress Queue Policer Table Figure 2 96 Webpage to Configure Queue Policing of QoS Table 2 85 Descript...

Страница 121: ...S Table 2 86 Descriptions of Port Scheduler Configuration of QoS Label Description Factory Default Port The logical port for the settings contained in the same row Click on the port number in order to...

Страница 122: ...is internally rounded up to the nearest value supported by the queue shaper 500 Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps Kbps Rate type The rate type of the queue sh...

Страница 123: ...ade locally and return to the previous page 2 14 5 Port Shaping This webpage provides an overview of QoS Egress Port Shapers for all switch ports as shown in Figure 2 99 Table 2 88 describes the label...

Страница 124: ...nit is kbps and 1 3281 when Unit is Mbps The rate is internally rounded up to the nearest value supported by the queue shaper 500 Unit Controls the unit of measure for the queue shaper rate as kbps or...

Страница 125: ...previously saved values Click Back button to undo any changes made locally and return to the previous page 2 14 6 Port Tag Remarking This webpage provides an overview of QoS Egress Port Tag Remarking...

Страница 126: ...fferentiated Service Code Point DSCP Configuration settings for all switch ports The QoS Port DSCP Configuration table is shown in Figure 2 103 The user can change the setting of either or both ingres...

Страница 127: ...taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyser is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped...

Страница 128: ...f supported DSCP values is 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level DPL Frames with...

Страница 129: ...ted DSCP values are 64 and valid DSCP value ranges from 0 to 63 Ingress Translate Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map Translate DSCP a...

Страница 130: ...ified DSCP value 0 63 for Drop Precedence Level 1 0 Click Save button to save the setting configuration Click Reset button to keep to the original setting 2 14 11 QoS Control List The QoS Control List...

Страница 131: ...DMAC Tag Indicates tag type Possible values are Any Match tagged and untagged frames Untagged Match untagged frames Tagged Match tagged frames C Tagged Match C tagged frames S Tagged Match S tagged f...

Страница 132: ...its the QCE Moves the QCE up the list Moves the QCE down the list Deletes the QCE The lowest plus sign adds a new entry at the bottom of the QCE listings Figure 2 108 Adding New QCE Configuration Tabl...

Страница 133: ...w all types of frames EtherType Ether Type Valid Ether Type can be 0x600 0xFFFF excluding 0x800 IPv4 and 0x86DD IPv6 or Any LLC DSAP Address Valid DSAP Destination Service Access Point can vary from 0...

Страница 134: ...Storm Policing Configuration of QoS Label Description Factory Default Frame Type The frame type for which the configuration below applies Enable Enable or disable the global storm policer for the giv...

Страница 135: ...ng is enabled the traffic analyser is attached directly to the port of the same router that is configured to receive a copy of every packet that host A sends This port is called a traffic mirroring po...

Страница 136: ...rt The logical port for the settings contained in the same row Source select mirror mode Disabled Neither frames transmitted nor frames received are mirrored Both Frames received and frames transmitte...

Страница 137: ...net network include Low cost and easy setup in existing Ethernet networks Limited bandwidth is required for PTP data packets In an Ethernet network switches provide a full duplex communication path be...

Страница 138: ...k and client clock device to determine the delay measurement Then PTP measures the exact message transmit and receive times and uses these times to calculate the communication path delay PTP then adju...

Страница 139: ...s Master Only 5 Slave Only clock s Device Type is Slave Only Ord bound Profile Indicates the profile used by the clock No Profile Click Add New PTP Clock button to create a new clock instance Click Sa...

Страница 140: ...information can then pass along its own statically configured VLANs in addition to ones learned from its neighbor For loop avoidance switch cannot send dynamically learned VLAN information out the sam...

Страница 141: ...tions of GVRP PortConfiguration Label Description Factory Default Port The logical port that is to be configured Mode Mode can be either Disabled or GVRP enabled These values turn the GVRP feature off...

Страница 142: ...D to work both devices on the link must support UDLD and have it enabled on respective ports Each switch port configured for UDLD sends UDLD protocol packets that contain the port s own device port ID...

Страница 143: ...ge interval of 7 seconds It takes Treconvergence max_age 2x forward_delay for the STP to reconverge in case of unidirectional link failure With the default timers it takes 20 2x7 34 seconds It is reco...

Страница 144: ...ctional detected ports will get shutdown To bring back the ports up need to disable UDLD on that port Disable Click Save button to save the setting configuration Click Reset button to undo any changes...

Страница 145: ...riod time Hr The backup Periodic time setting 720 Click Save button to save the setting configuration Click Reset button to undo any changes made locally and revert to previously saved values 2 21 Mod...

Страница 146: ...ownload html The Modbus Poll 64 bit version 9 2 2 Build 1343 was used in this document Atop does not provide this software to the users Tutorial of Modbus read and write examples are illustrated below...

Страница 147: ...4 Select Modbus TCP IP as the Connection mode and enter the switch s IP address inside the Remote Modbus Server s IP Address or Node Name field at the bottom as shown in Figure 2 121 The Port number s...

Страница 148: ...us Poll 6 Set Display mode of the selected cells in previous step to HEX hexadecimal by selecting Display pull down menu and choosing the Hex as shown in Figure 2 123 Figure 2 123 Set Display Mode to...

Страница 149: ...ition 8 Enter the Slave ID in the Modbus Poll function as shown in Figure 2 125 which should match the Modbus Address 1 entered in Figure 2 118 Figure 2 125 Slave ID in the Modbus Poll Function is set...

Страница 150: ...150 of 223 Figure 2 126 Set Code 03 in the Modbus Poll Function 10 Set starting Address to 81 and Quantity to 2 as shown in Figure 2 127 Figure 2 127 Setup Starting Address and Quantity in Modbus Pol...

Страница 151: ...s 0x0A 0x00 0x32 0x01 which means that the switch s IP is 10 0 50 1 as shown in Figure 2 128 Write Registers This example shows how to clear the switch s Port Count Statistics Figure 2 129 Mapping Tab...

Страница 152: ...131 Click on Function 06 in the Modbus Poll 3 Set Address to 256 and Value HEX to 1 as shown in Figure 2 132 then click Send button Figure 2 132 Use Modbus Poll to Clear Switch s Port Count 4 Check Po...

Страница 153: ...byte d Word 3 Lo byte Word 4 Hi byte S Word 4 Lo byte w Word 5 Hi byte i Word 5 Lo byte t Word 6 Hi byte c Word 6 Lo byte h Word 7 Hi byte Word 7 Lo byte E Word 8 Hi byte H Word 8 Lo byte 9 Word 9 Hi...

Страница 154: ...0x0001 1 0x0002 2 0x0034 52 1 word R Flow Control 0x0000 None Power Information 0x0040 64 1 word R Power Status Power 1 OK Hi byte 0x01 Power 1 Fail Hi byte 0x00 Power 2 OK Low byte 0x01 Power 2 Fail...

Страница 155: ...1 Word 0 Hi byte 0xA8 Word 0 Lo byte 0x5F Word 1 Hi byte 0x01 Word 1 Lo byte 0x01 System Status Clear 0x0100 256 1 word W Clear Port Statistics 0x0001 Do clear action 0x0101 257 1 word W Clear Relay...

Страница 156: ...e Port 6 Status Word 3 Hi byte Port 7 Status Word 3 Lo byte Port 8 Status Word 4 Hi byte Port 9 Status Word 4 Lo byte Port 10 Status 0x1060 4192 5 words R Port Duplex Status half duplex 0x00 Status fu...

Страница 157: ...rt 5 good packets Word 20 21 22 23 Port 6 good packets Word 24 25 26 27 Port 7 good packets Word 28 29 30 31 Port 8 good packets Word 32 33 34 35 Port 9 good packets Word 36 37 38 39 Port 10 good pack...

Страница 158: ...9 Port 10 good packets 0x1600 5632 40 words R Count of Bad Packets of RX Ex Port 1 gets 0x2EEEE1FFFF bad packets of RX Word 0 of Port 1 0x0000 Word 1 of Port 1 0x002E Word 2 of Port 1 0xEEE1 Word 3 of...

Страница 159: ...tact configured in Configuration System Information System Contact Null Name The system name configured in Configuration System Information System Name Null Location The system location configured in...

Страница 160: ...0ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult...

Страница 161: ...The IPv4 IPv6 address of the entry Link Address The Link MAC address for which a binding to the IP address given exist Check the Auto refresh box to refresh the page automatically The automatic refres...

Страница 162: ...ntry of the table is displayed the button is disabled Updates the table entries ending at the entry prior to the first entry currently displayed If the first entry of the table is displayed the button...

Страница 163: ...ently displayed If the first entry of the table is displayed the button is disabled Updates the table entries starting from the entry next to the last entry currently displayed If the last entry of th...

Страница 164: ...m log entry is belonged information level Warning The system log entry is belonged warning level Error The system log entry is belonged error level Time The occurred time of the system log entry Messa...

Страница 165: ...e device There are two or three powers Power1 Power 2 and Power3 and the power state can be either On and Off Some models support two powers and some models support three powers Figure 3 9 Webpage to...

Страница 166: ...c Overview of Ports Table 3 7 Monitoring Descriptions of Traffic Overview of Ports Label Description Factory Default Port The logical port for the settings contained in the same row Port Number Packet...

Страница 167: ...lick Clear button to clears the counters for all ports Click Refresh button to refresh the page immediately 3 2 4 QCL Status This webpage in Figure 3 14 shows the QoS Control List QCL status by differ...

Страница 168: ...receive and transmit and the error counters for receive and transmit Descriptions of statistics labels are summarized in Table 3 10 Figure 3 15 Webpage to Monitor Detailed Port Statistics SNAP Match...

Страница 169: ...received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive...

Страница 170: ...reset counters and issue commands Oper The operational state of ERPS instance Active Disabled or Internal error Warning Operational warnings of ERPS instance No warnings There are warnings use tooltip...

Страница 171: ...rs This shows a number of counters useful for debug purpose The Counter type column indicate the counted frame attribute ERPS Command No request There is no active local command on this instance Issui...

Страница 172: ...for continuous refresh with the same start address The will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown...

Страница 173: ...while being sent to clients Receive from Server The number of packets received from server Receive Missing Agent Option The number of packets received without agent information options Receive Missing...

Страница 174: ...the MAC Label Description Rx and Tx Discover The number of discover option 53 with value 1 packets received and transmitted Rx and Tx Offer The number of offer option 53 with value 2 packets received...

Страница 175: ...r for which the status applies Click the port number to see the status for this particular port Users Each of the user modules has a column that shows whether that module has enabled Port Security or...

Страница 176: ...s indicate the number of currently learned MAC addresses forwarding as well as blocked the number of violating MAC address only counting in Restrict mode and the maximum number of MAC addresses that c...

Страница 177: ...still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is d...

Страница 178: ...bout Guest VLANs Configuration Security Network NAS Port Counters EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthoriz...

Страница 179: ...authenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the...

Страница 180: ...end is reached the text No more entries is shown in the displayed table Use the button to start over Figure 3 27 Webpage to Monitor Dynamic ARP Inspection Table Table 3 21 Monitoring Descriptions of D...

Страница 181: ...resh the page automatically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the page immediately Click Clear button to flush all dynamic entries Click to update the table star...

Страница 182: ...he server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when m...

Страница 183: ...RADIUS authentication server Pending Requests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when...

Страница 184: ...eceived from the server Access Challenges The number of RADIUS Access Challenge packets valid or invalid received from the server Malformed Access Responses The number of malformed RADIUS Access Respo...

Страница 185: ...equest packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept...

Страница 186: ...the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broad cast The total number of good packets received that were directed to the broa...

Страница 187: ...f events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of p...

Страница 188: ...e number of the inbound packets that were discarded because of the unknown or un support protocol OutOctets The number of octets transmitted out of the interface including framing characters OutUcastP...

Страница 189: ...tatus Check the Auto refresh box to refresh the page automatically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the page immediately Label Description Event Index Indicates...

Страница 190: ...internal i e local system status for all ports Only ports that are part of an LACP group are shown For details on the shown parameters please refer to IEEE 801 AX 2014 Figure 3 38 Webpage to Monitor L...

Страница 191: ...e identity of the LAG is consistent with the System ID and operational Key information transmitted Collecting Show if collection of incoming frames on this link is enabled Distributing Show if distrib...

Страница 192: ...rver The Pending Requests counter will not be cleared by this operation 3 7 Spanning Tree 3 7 1 Bridge Status This page provides a status overview of all STP bridge instances Figure 3 41 Webpage to Mo...

Страница 193: ...itch Label Description Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root C...

Страница 194: ...oping status Label Description Port The switch port number of the logical STP port Transmitted Received MSTP The number of MSTP BPDU s received transmitted on the port Transmitted Received RSTP The nu...

Страница 195: ...Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed table as a basis L...

Страница 196: ...o update the table starting from the first entry in the MVR Channels Groups Information Table Click to updates the table starting with the entry after the last entry currently displayed 3 8 1 3 IPv4 S...

Страница 197: ...umber Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently the maximum number...

Страница 198: ...ry currently displayed 3 8 2 3 IPv6 SFM Information Entries in the MLD SFM Information Table are shown on this page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source...

Страница 199: ...ptions of LLDP Neighbour Information Label Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per...

Страница 200: ...bility is followed by Management Address The neighbour unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbour s...

Страница 201: ...ew entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given interface s link is down an LLDP shutdown frame is...

Страница 202: ...ck s Device Type is Master Only 5 Slave Only Clock s Device Type is Slave Only Port List Shows the ports configured for that Clock Instance Label Description SyncCount A counter that increments every...

Страница 203: ...the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Figure 3 55...

Страница 204: ...s Click Buttons to select VLAN Users from this drop down list Check the Auto refresh box to refresh the page automatically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the...

Страница 205: ...n by the selected user Frame Type Shows the acceptable frame types All Tagged Untagged that a given user wants to configure on the port The field is empty if not overridden by the selected user Port V...

Страница 206: ...led Display DDMI detailed information on this page DDMI is an acronym for Digital Diagnostics Monitoring Interface It provides an enhanced digital diagnostic monitoring interface for optical transceiv...

Страница 207: ...dicates SFP vendor name Part Number Indicates part number provided by SFP vendor Serial Number Indicates serial number provided by SFP vendor Revision Indicates revision level for part number provided...

Страница 208: ...matically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the page immediately Label Description Detailed UDLD Status UDLD Admin State The current port state of the logical po...

Страница 209: ...ernet Control Message Protocol packet to troubleshoot IP connectivity issues Note that this utility is only for IPv4 address The Ping utility for IPv6 will be provided in the next subsection Figure 4...

Страница 210: ...Note You may only specify either the Source Port Number or the IP Address for the source interface IP Address for Source Interface This field can be used to force the test to use a specific local inte...

Страница 211: ...version 6 network as shown in Figure 4 5 After entering the IP address or hostname click Start button to run the Ping IPv6 function An example of successful ping result is shown in Figure 4 6 while a...

Страница 212: ...ld empty for automatic selection based on routing configuration Note You may only specify either the Source Port Number or the IP Address for the source interface IP Address for Source Interface This...

Страница 213: ...l try to probe If this value is reached before the specified remote host is reached the test stops The default value is 30 The valid range is 1 255 VID for source Interface This field can be used to f...

Страница 214: ...umber of Probes Per Hop Specifies the number of probe packets sent for each hop which is the number of queries per intermediate host or gateway The default value is 3 packets The valid range is 1 60 R...

Страница 215: ...specify either the VID or the IP Address for the source interface Print Numeric Addresses By default the traceroute command will print out hop information using a reverse DNS lookup for the acquired h...

Страница 216: ...tion of the device The following sections will describe each submenu under the Maintenance menu Figure 5 1 Maintenance Menu 5 1 Restart Device To restart the managed switch or device through the WebUI...

Страница 217: ...ne the user will be presented with a message as showed in Figure 5 5 The new configuration will be available immediately and no restart is necessary Note that if the user selects the No button the web...

Страница 218: ...l display a message stating that the firmware update is initiated After a duration of approximately one minute the firmware will finish update and the switch will be restarted Warning While the firmwa...

Страница 219: ...st at boot time the switch will start up in its default configuration default config A read only file with vendor specific configuration This file is read when the system is restored to default settin...

Страница 220: ...this web page the user can upload a local configuration file on the user s computer to the managed switch using web browser This will be useful when the user would like to use a backup configuration...

Страница 221: ...uploaded file is merged into running config If the flash file system is full i e contains default config and 32 other files usually including startup config it is not possible to create new files Then...

Страница 222: ...ame by checking on the radio button in front of that file under the File Name table Then click on the Delete Configuration File button Note that a pop up window will be prompted for a confirmation by...

Страница 223: ...ies Inc www atoponline com TAIWAN HEADQUARTER and INTERNATIONAL SALES 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Tel 886 3 550 8137 Fax 886 3 550 8131 sales atop com t...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды