manualshive.com logo in svg

Comnet CNXE2GE2TX8MSPOE, Инструкция по установке и эксплуатации

Установочный и операционный руководство для Comnet CNXE2GE2TX8MSPOE доступны для скачивания бесплатно на нашем веб-сайте. Это руководство поможет вам установить и использовать продукт по максимуму его возможностей. Скачайте его с manualshive.com прямо сейчас!

Поделиться
Скачать
background image

INS_CNXE2GE2TX8MSPOE     11 Jan 2021     PAGE 158

INSTALLATION AND OPERATION MANUAL 

CNXE2GE2TX8MSPOE

TECH SUPPORT: 1.888.678.9427

6.8.8 NAS (802.1x) 

Configure the IEEE 802.1X and MAC-based authentication system and port settings. 

The IEEE 802.1X standard defines a port-based access control procedure that prevents 
unauthorized access to a network by requiring users to first submit credentials for authentication. 
One or more central servers (the backend servers) determine whether the user is allowed 
access to the network. These backend (RADIUS) servers are configured on the authentication 
configuration page. 

MAC-based authentication allows for authentication of more than one user on the same port, and 
does not require the users to have special 802.1X software installed on their system. The switch 
uses the users' MAC addresses to authenticate against the backend server. As intruders can create 
counterfeit MAC addresses, MAC-based authentication is less secure than 802.1X authentication. 

Overview of 802.1X (Port-Based) Authentication 

In an 802.1X network environment, the user is called the supplicant, the switch is the authenticator, 
and the RADIUS server is the authentication server. The switch acts as the man-in-the-middle, 
forwarding requests and responses between the supplicant and the authentication server. Frames 
sent between the supplicant and the switch are special 802.1X frames, known as EAPOL (EAP 
Over LANs) frames which encapsulate EAP PDUs (RFC3748). Frames sent between the switch and 
the RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP PDUs together 
with other attributes like the switch’s IP address, name, and the supplicant’s port number on the 
switch. EAP is very flexible as it allows for different authentication methods, like MD5-Challenge, 
PEAP, and TLS. The important thing is that the authenticator (the switch) does not need to know 
which authentication method the supplicant and the authentication server are using, or how many 
information exchange frames are needed for a particular method. The switch simply encapsulates 
the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it. 

When authentication is complete, the RADIUS server sends a special packet containing a success 
or failure indication. Besides forwarding the result to the supplicant, the switch uses it to open up 
or block traffic on the switch port connected to the supplicant. 

Note: in an environment where two backend servers are enabled, the server timeout is configured 
to X seconds (using the authentication configuration page), and the first server in the list is 
currently down (but not considered dead), if the supplicant retransmits EAPOL Start frames at a 
rate faster than X seconds, it will never be authenticated because the switch will cancel on-going 
backend authentication server requests whenever it receives a new EAPOL Start frame from 
the supplicant. Since the server has not failed (because the X seconds have not expired), the 
same server will be contacted when the next backend authentication server request from the 
switch. This scenario will loop forever. Therefore, the server timeout should be smaller than the 
supplicant’s EAPOL Start frame retransmission rate. 

Содержание CNXE2GE2TX8MSPOE

Страница 1: ...features eight 10 100 1000BASE TX ports supporting IEEE 802 2af at PSE with a total power budget of 240 watts with a maximum of thirty watts per port to provide power in a PoE application It also prov...

Страница 2: ...ardware Overview 11 3 1 Front Panel 11 3 2 Front Panel LEDs 12 3 3 Top View Panel 13 Hardware Installation 14 4 1 Wiring 14 4 1 1 Fault Relay 14 4 1 2 Redundant Power Inputs 14 4 2 Connection 15 4 2 1...

Страница 3: ...6 1 12 ModbusTCP 61 6 1 13 Ethernet IP 61 6 1 14 Backup Restore Configurations 62 6 1 15 Firmware Update 63 6 2 DHCP 64 6 2 1 DHCP Server 64 6 2 2 DHCP Relay 69 6 2 3 DHCP Snooping 71 6 3 Port Setting...

Страница 4: ...nd Shapers 114 6 6 8 Port Scheduler 116 6 6 9 Port Shaping 116 6 6 10 DSCP Based QoS 118 6 6 11 DSCP Translation 119 6 6 12 DSCP Classification 120 6 6 13 QoS Control List 121 6 6 14 QoS Counters 123...

Страница 5: ...187 6 10 7 SFP Type 187 6 10 8 Ping 188 6 11 Power over Ethernet PoE 190 6 11 1 Configuration 190 6 11 2 Status 192 6 12 Configuration 194 6 12 1 Activate 194 6 12 2 Delete 194 6 13 Save 194 6 14 Tro...

Страница 6: ...ompatible ComNet SFP modules These network managed layer 2 switches are compatible with any IEEE802 3 compliant Ethernet device 1 2 Software Features Supports C Ring recovery time 30ms and MSTP RSTP S...

Страница 7: ...48VDC power inputs 8 x 10 100 1000Base T X ports POE 30W 2 x 1G 10GBase X SFP sockets 2 x 100 1G 2 5GBase X SFP sockets 1 x console port Operating temperature 20 to 60 C 2 5G 10G SFP or 40 to 75 C 1G...

Страница 8: ...STALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 Hardware Overview 2 1 Installing Switch on DIN Rail Each switch has a DIN Rail kit pre installed on rear panel Mount CNXE2G...

Страница 9: ...2021 PAGE 9 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 2 2 Wall Mounting Installation Each switch includes an optional wall mount panel Install wall mount panel CNX...

Страница 10: ...2 x 100 1G 2 5G TG SFP Port 2 x 1G 10G Copper Port 8 x 10 100 1000Base T X Console RJ 45 connecter to manage switch via RS 232 2 3 4 5 6 7 10 11 13 12 8 9 1 1 LED for PWR When lit indicates PWR UP 2 L...

Страница 11: ...anel LEDs LED Color Status Description PWR Green On DC power module up PW1 Green On DC power module 1 activated PW2 Green On DC Power module 2 activated R M Green On Ring Master Ring Green On Ring ena...

Страница 12: ...PAGE 12 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 3 3 Top View Panel The bottom panel components of CNXE2GE2TX8MSPOE are as shown below 1 Terminal block includes P...

Страница 13: ...haracteristics should be routed separately 6 You can use the type of signal transmitted through a wire to determine which wires should be kept separate The rule of thumb is that wiring sharing similar...

Страница 14: ...the following table for cable specifications Cable Types and Specifications Cable Type Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 100BASE TX Cat 5 100 ohm UTP 100 m 328 ft...

Страница 15: ...X MDI MDI X Pin Assignments Pin Number MDI port MDI X port 1 TD transmit RD receive 2 TD transmit RD receive 3 RD receive TD transmit 4 Not used Not used 5 Not used Not used 6 RD receive TD transmit 7...

Страница 16: ...e should be connected the PC while the other end of the cable RJ 45 connector should be connected to the console port of the switch PC pin out male assignment RS 232 with DB9 female connector DB9 to R...

Страница 17: ...cy capabilities through the following steps Connect each switch to form a daisy chain using an Ethernet cable Set one of the connected switches to be the master and make sure the port setting of each...

Страница 18: ...ring For example Select switches A and B from Ring 1 and switches C and D from Ring 2 Link port 1 of switch A to port 2 of switch C Link port 1 of switch B to port 2 of switch D Enable Coupling Ring...

Страница 19: ...ring topology to a RSTP network environment using dual homing Choose switches A B from the ring for connecting to the switches in the RSTP network core switches The connection of one of the switches...

Страница 20: ...eliability of the network 5 1 C Ring 5 1 1 Introduction C Ring recovery time of less than 10 milliseconds and up to 250 nodes The ring protocols identify one switch as the master of the network and th...

Страница 21: ...ort when the switch is ring master Coupling Ring Check to enable Coupling Ring Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes affecting all switches It is...

Страница 22: ...e SF MEP is associated with interconnected sub ring without virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 SF MEP is associated with this instan...

Страница 23: ...port Port 1 is configured as 0 for interconnected sub ring 0 in this field indicates that no Port 1 is associated with this instance Port 0 SF MEP The Port 0 Signal Fail reporting MEP Port 1 SF MEP Th...

Страница 24: ...tive mode the traffic channel continues to use the RPL if it is not failed after a protection switch condition has cleared VLAN config VLAN configuration of the Protection Group Click on the VLAN Conf...

Страница 25: ...in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is not received from the other end Port 0 Block Status Block status for Port 0 Both traffic and R APS block...

Страница 26: ...a New VLAN Click Add New Entry to add a new VLAN ID Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected switch unit when you click on Save A VLAN without any port members...

Страница 27: ...seconds RSTP can shorten the time to 5 to 6 seconds Label Description Protocol Version The version of the STP protocol Valid values include STP RSTP and MSTP Forward Delay The delay used by STP bridge...

Страница 28: ...lf upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatical...

Страница 29: ...virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before MSTI port confi...

Страница 30: ...dge instance priority Label Description MSTI The bridge instance CIST is the default instance which is always active Priority Indicates bridge priority The lower the value the higher the priority The...

Страница 31: ...rts The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above OpenEdge setate flag A flag indicating whether the port is connected di...

Страница 32: ...et by a network administrator to prevent bridges outside a core region of the network from causing address flushing in that region because those bridges are not under the full control of the administr...

Страница 33: ...with slower media Path cost takes precedence over port priority The value will control the path cost incurred by the port Auto will set the path cost as appropriate by the physical link speed using t...

Страница 34: ...means this switch has been accepted as the root device of the Spanning Tree network Root Cost the path cost from the root port on this switch to the root device The cost for the root bridge is zero Fo...

Страница 35: ...Displays the current state of this port in the Spanning Tree Path Cost The path cost of the port contributed to the paths towards the spanning tree root which include this port It can be a value assig...

Страница 36: ...port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fail or are removed CIST State Displays the current state of this port in the Spanning Tree...

Страница 37: ...ceived transmitted on a port RSTP the number of RSTP Configuration BPDUs received transmitted on a port RTP the number of legacy STP Configuration BPDU s received transmitted on a port TCN the number...

Страница 38: ...viewing screen ATTENTION By default IE5 0 or later version does not allow Java applets to open sockets You need to modify the browser settings in order to enable Java applets for network ports Prepar...

Страница 39: ...XE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 After logging in you can see the information of the switch as below On the left hand side of the management interface shows links to various settings You can...

Страница 40: ...of the name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Description Description of the device S...

Страница 41: ...the switch via one of the management client interfaces Label Description Client The management client for which the configuration below applies Methods Method can be set to one of the following value...

Страница 42: ...cription Client The management client for which the configuration below applies Methods Method can be set to one of the following values no Command authorization is disabled User is granted access to...

Страница 43: ...he management client for which the configuration below applies Methods Method can be set to one of the following values no Accounting is disabled tacacs Use remote TACACS server s for accounting Cmd L...

Страница 44: ...ding space are accepted Privilege Level The privilege level of the user The allowed range is 0 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control o...

Страница 45: ...anagement Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance C...

Страница 46: ...seconds IPv4 DHCP Current Lease For DHCP interfaces with an active lease this column show the current interface address as provided by the DHCP server IPv4 Address The IPv4 address of the interface i...

Страница 47: ...IPv6 network mask in number of bits prefix length Valid values are between 1 and 128 bits for an IPv6 address This field may be left blank if IPv6 operation on the interface is not desired Resolving...

Страница 48: ...erface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Status The status flags of the interface and...

Страница 49: ...e Configuration Daylight Saving Time Mode Enable or disable daylight saving time function This is used to set the clock forward or backward according to the configurations set below for a defined dayl...

Страница 50: ...rd ADT Alaskan Daylight 8 hours 4 am ALA Alaskan Standard 9 hours 3 am HAW Hawaiian Standard 10 hours 2 am Nome Alaska 11 hours 1 am CET Central European FWT French Winter MET Middle European MEWT Mid...

Страница 51: ...owser may not allow redirection due to security considerations unless the switch certificate is trusted to the browser You need to initialize the HTTPS connection manually for this case Certificate Ma...

Страница 52: ...ERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 1 8 SSH Configure the SSH mode on this page Label Description Mode Enable or disable SSH Save Click to save changes Reset Click to undo an...

Страница 53: ...sidered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values must be between 2 10 times Tx Delay When a setting is changed e g the IP address a new...

Страница 54: ...send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors Port Descr...

Страница 55: ...f the neighbor port System Name The name advertised by the neighbor Port Description The description of the port advertised by the neighbor System Capabilities Description of the neighbor s capabiliti...

Страница 56: ...d the global counters are cleared when Clear is pressed Neighbor entries were last changed Shows the time when the last entry was last deleted or added It also shows the time elapsed since the last ch...

Страница 57: ...le if Chassis ID or Remote Port ID is not included in the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Disca...

Страница 58: ...erver Otherwise the switch will only record the time from the factory default set at the last bootup When the NTP client is enabled the switch regularly sends a request for a time update to a configur...

Страница 59: ...Es are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration ca...

Страница 60: ...Disalble Modbus TCP function 6 1 13 Ethernet IP EtherNet IP adapts the Common Industrial Protocol to standard Ethernet EtherNet IP is one of the leading industrial protocols in the United States and...

Страница 61: ...INS_CNXE2GE2TX8MSPOE 11 Jan 2021 PAGE 61 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 1 14 Backup Restore Configurations Save view or load switch configurations...

Страница 62: ...INS_CNXE2GE2TX8MSPOE 11 Jan 2021 PAGE 62 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 1 15 Firmware Update Update the firmware of the switch...

Страница 63: ...78 9427 6 2 DHCP 6 2 1 DHCP Server Configure global mode and VLAN mode to enable disable DHCP server per system and per VLAN Mode Label Description Global Mode Mode Configure the operation mode per sy...

Страница 64: ...range input the VLAN range that you want to disable choose Mode to be Disabled press Save to apply the change Then you will see the disabled VLAN range is removed from the DHCP Server mode configurati...

Страница 65: ...configure the detail settings you can click the pool name to go into the configuration page Type Display which type of the pool is Network the pool defines a pool of IP addresses to service more than...

Страница 66: ...ools Manual Binding Number of bindings that administrator assigns an IP address to a client That is the pool is of host type Expired Binding Number of bindings that their lease time expired or they ar...

Страница 67: ...IP IP address allocated to DHCP client Type Type of binding Possible types are Automatic Manual Expired State State of binding Possible states are Committed Allocated Expired Pool Name The pool that g...

Страница 68: ...characters are the module ID In stand alone devices the module ID always equals to 0 in stacked devices it means switch ID The last two characters are the port number For example 00030108 means the D...

Страница 69: ...kets received with the Remote ID option missing Receive Bad Circuit ID The number of packets whose Circuit ID do not match the known circuit ID Receive Bad Remote ID The number of packets whose Remote...

Страница 70: ...s are Enabled Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted po...

Страница 71: ...the DHCP server will be listed in this table except for local VLAN interface IP addresses Entries in the Dynamic DHCP snooping Table are shown on this page Label Description MAC Address User MAC addr...

Страница 72: ...packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and tra...

Страница 73: ...Mbps HDX Forces the cu port in 10Mbps half duplex mode 10Mbps FDX Forces the cu port in 10Mbps full duplex mode 100Mbps HDX Forces the cu port in 100Mbps half duplex mode 100Mbps FDX Forces the cu por...

Страница 74: ...abled on a port then flow control on a priority level is enabled Through the Priority field range one or more of priorities can be configured e g 0 3 7 which equals 0 1 2 3 7 PFC is not supported thro...

Страница 75: ...onfigurations Label Description Source MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Addr...

Страница 76: ...rmal means no aggregation Only one group ID is valid per port Port Members Lists each switch port for each group ID Select a radio button to include a port in an aggregation or clear the radio button...

Страница 77: ...aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group Key The Key value varies with the...

Страница 78: ...tem ID System ID MAC address of the aggregation partner Partner Key When connecting the device to other manufactures devices you may need to configure LACP partner key Partner key is the operational k...

Страница 79: ...wn Backup means the port cannot join in the aggregation group unless other ports are removed The LACP status is disabled Key The key assigned to the port Only ports with the same key can be aggregated...

Страница 80: ...Description Port Switch port number LACP Transmitted The number of LACP frames sent from each port LACP Received The number of LACP frames received at each port Discarded The number of unknown or ille...

Страница 81: ...otection PDU sent on each port The valid value is 1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled when a loop is detected shutting down the port The valid va...

Страница 82: ...sent between switches Global VLAN Configuration Label Description Allowed Access VLANs This field shows the allowed Access VLANs i e it only affects ports configured as Access ports Ports in other mod...

Страница 83: ...ified to the Access VLAN On egress all frames are transmitted untagged Trunk Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switches Trunk por...

Страница 84: ...If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with a C tag S Port On ingress frames with a VLAN tag with...

Страница 85: ...t are transmitted with a tag Untag All All frames whether classified to the Port VLAN or not are transmitted without a tag This option is only available for ports in Hybrid mode Allowed VLANs Ports in...

Страница 86: ...y one of these internal software modules The Combined entry will show a combination of the administrator and internal software modules configuration and basically reflects what is actually configured...

Страница 87: ...the same row Port Type Shows the port type Unaware C Port S Port S Custom Port that a given user wants to configure on the port The field is empty if not overridden by the selected user Ingress Filter...

Страница 88: ...software module The Combined user reflects what is actually configured in hardware 6 4 4 Private VLAN Monitor and modify the private VLAN membership configuration for the switch Private VLANs can be a...

Страница 89: ...mpty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are no...

Страница 90: ...le VRRP Globally The GVRP feature is globally enabled by setting the check mark in the checkbox named Enable GVRP and pressing the Save button GVRP Protocol Timers Join time is a value in the range of...

Страница 91: ...a port for GVRP operation This configuration can be performed either before or after GVRP is configured globally the protocol operation will be the same Label Description Port The logical port that is...

Страница 92: ...255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMP...

Страница 93: ...I characters from 33 to 126 Trap Mode Indicates existing SNMP trap mode Possible modes include Enabled enable SNMP trap mode Disabled disable SNMP trap mode Trap Version Indicates the supported SNMP t...

Страница 94: ...nge is 1 65535 Trap Inform Mode Indicates the SNMP trap inform mode Possible modes include Enabled enable SNMP trap inform mode Disabled disable SNMP trap inform mode Trap Inform Timeout seconds Confi...

Страница 95: ...the Interface group s traps Possible traps are Indicates that the SNMP entity is permitted to generate authentication failure traps Possible modes are Link Up Enable disable Link up trap Link Down En...

Страница 96: ...e The entry index key is Community Label Description Delete Check to delete the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3...

Страница 97: ...the user name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Security Level Indicates the security model that this entry sho...

Страница 98: ...Configurations Configure SNMPv3 group table The entry index keys are Security Model and Security Name Label Description Delete Check to delete the entry It will be deleted during the next save Securi...

Страница 99: ...32 and only ASCII characters from 33 to 126 are allowed View Type Indicates the view type that this entry should belong to Possible view types include Included an optional flag to indicate that this v...

Страница 100: ...ecurity models include any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that thi...

Страница 101: ...y Configuration Label Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the po...

Страница 102: ...ed because of the unknown or un support protocol OutOctets The number of octets transmitted out of the interface including framing characters OutUcastPkts The number of uni cast packets that request t...

Страница 103: ...ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Indicates the notification of the event the...

Страница 104: ...on integral number of octets Alignment Error Under size The total number of packets received that were less than 64 octets Over size The total number of packets received that were longer than 1518 oct...

Страница 105: ...e broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Error The total number of packets received that had a length excluding framing bit...

Страница 106: ...ng the selected variable and calculating the value to be compared against the thresholds Value The value of the statistic during the last sampling period Startup Alarm The alarm that may be sent when...

Страница 107: ...cond or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Note frames sent to the CPU of the switch are alw...

Страница 108: ...class that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default QoS class The classified QoS class can be overruled by a QCL entry Note if the default QoS c...

Страница 109: ...and DEI for tagged frames Click on the mode to configure the mode and or mapping Note this setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always cl...

Страница 110: ...ion DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific DSCP Al...

Страница 111: ...able the policer for individual switch ports Rate Configures the rate of each policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps or fps and is restricted...

Страница 112: ...nable queue policer for individual switch ports Rate Configures the rate of each queue policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and is restrict...

Страница 113: ...000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate for each queue shaper The default value is 500 This value is restricted to 10...

Страница 114: ...fault value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use excess bandwidth...

Страница 115: ...Port The switch port number to which the following settings will be applied Click on the port number to configure the schedulers Mode Shows the scheduling mode for this port Qn Shows the weight for t...

Страница 116: ...INS_CNXE2GE2TX8MSPOE 11 Jan 2021 PAGE 116 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427...

Страница 117: ...fication settings for all switches Label Description DSCP Maximum number of supported DSCP values is 64 Trust Check to trust a specific DSCP value Only frames with trusted DSCP values are mapped to a...

Страница 118: ...new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate DSCP can be translated to any of 0 63 DSCP values 2 Classify check to...

Страница 119: ...UAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 6 12 DSCP Classification Configure the mapping of QoS class and Drop Precedence Level to DSCP value Label Description QoS Class Actual QoS class DPL...

Страница 120: ...ons include Tag value of tag can be Any Untag or Tag VID valid value of VLAN ID can be any value from 1 to 4095 Any user can enter either a specific value or a range of VIDs PCP Priority Code Point ca...

Страница 121: ...om left to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or...

Страница 122: ...427 6 6 14 QoS Counters This page provides the statistics of individual queues for all switch ports Label Description Port The switch port number to which the following settings will be applied Qn The...

Страница 123: ...frames IPv6 the QCE will match only IPV6 frames Port Indicates the list of ports configured with the QCE Action Indicates the classification action taken on ingress frame if parameters configured are...

Страница 124: ...ass for which the configuration below applies DPL The Drop Precedence Level for which the configuration below applies Enable Controls whether RED is enabled for this entry Min Controls the lower RED f...

Страница 125: ...bility when the fill level is just below 100 If Max Unit is Fill Level the red line Max controls the fill level where drop probability reaches 100 This configuration makes it possible to reserve a por...

Страница 126: ...n the SSM service model for the groups in the address range Assign valid IPv4 multicast address as prefix with a prefix length from 4 to 32 for the range Leaver Proxy Enabled Enable IGMP Leave Proxy T...

Страница 127: ...able Check to enable IGMP snooping for individual VLAN Up to 32 VLANs can be selected Querier Election Enable to join IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier Querier Ad...

Страница 128: ...allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the...

Страница 129: ...tus as ACTIVE or IDLE Querier Receive The number of transmitted Querier V1 Reports Receive The number of received V1 reports V2 Reports Receive The number of received V2 reports V3 Reports Receive The...

Страница 130: ...1 888 678 9427 Groups Information of IGMP Snooping Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group Label Description VLAN ID Th...

Страница 131: ...Label Description VLAN ID The VLAN ID of the group Groups The group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Ad...

Страница 132: ...The logical port for the settings Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view but...

Страница 133: ...e check status Possible statuses are disable Got Reply receive ping reply from device meaning the device is still alive Lost Reply not receiving ping reply from device meaning the device might have be...

Страница 134: ...ld specify the other IP address here Label Description Alias IP Address Specifies alias IP address Keep 0 0 0 0 if the device does not have an alias IP address Alive Check You can use ping commands to...

Страница 135: ...cast ingress packets RX Multicast multicast ingress packets RX Broadcast broadcast ingress packets TCP TCP ingress packets UDP UDP ingress packets Socket Number If packet type is UDP or TCP please spe...

Страница 136: ...s and ready for next move Attacked DDOS attacks occur Device Description This page allows you to configure device description settings Label Description Type Indicates device types Possible types are...

Страница 137: ...LATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 Mode Enables or disables stream monitoring of the port Action Indicates the action to take when the stream gets low Possible ac...

Страница 138: ...s management entry Start IP Address The start IP address for the access management entry End IP Address The end IP address for the access management entry HTTP HTTPS The host can access the switch fro...

Страница 139: ...tries to use the IP address of its neighbor You can enable IP source guard when DHCP snooping is enabled on an untrusted interface With this function enabled the switch blocks all IP traffic received...

Страница 140: ...or the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Dynamic Table This page shows entries in the Dynamic IP Source Guard table The default value is 20 The Start...

Страница 141: ...1 to 15 The default value is Disabled Port Redirect Indicates the port redirect operation implemented by the ACE Frames matching the ACE are redirected to the listed port Mirror Select which port fram...

Страница 142: ...te limiter for the ACL of the switch Label Description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The rate unit is packet per second pps which can be configure...

Страница 143: ...l to 0600 hexadecimal ARP only ARP frames can match the ACE Notice the ARP frames will not match the ACE with Ethernet type IPv4 only IPv4 frames can match the ACE Notice the IPv4 frames will not matc...

Страница 144: ...for the SMAC filter you can enter a specific source MAC address The valid format is xx xx xx xx xx xx Frames matching the ACE will use this SMAC value DMAC Filter Specifies the destination MAC filter...

Страница 145: ...ilter a specific VLAN ID with the ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number T...

Страница 146: ...tocol Value Specific allows you to enter a specific value The allowed range is 0 to 255 Frames matching the ACE will use this IP protocol value IP TTL Specifies the time to live settings for the ACE Z...

Страница 147: ...dotted decimal notation SIP Mask When Network is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation DIP Filter Specifies the destination IP filter for the...

Страница 148: ...Sender IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IP Mask When Network is selected for the sender...

Страница 149: ...6 and the PLN is equal to IPv4 0x04 must not match this entry 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed...

Страница 150: ...s selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for t...

Страница 151: ...fic TCP UDP source range value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source value TCP UDP Destination Filter Specifies the TCP UDP destination filter for the A...

Страница 152: ...try Any any value is allowed don t care TCP PSH Specifies the TCP PSH push function value for the ACE 0 TCP frames where the PSH field is set must not be able to match this entry 1 TCP frames where th...

Страница 153: ...ead Retransmit The number of times the switch tries to connect to a RADIUS server Dead Time The dead time which can be set to a number between 0 and 3600 seconds is the period during which the switch...

Страница 154: ...The authentication port which specifies the UDP port used to connect the RADIUS server for authentication The default is 1812 Acct Port The UDP port to use on the RADIUS accounting server If the port...

Страница 155: ...gain This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead Dead Time The dead time which can be set to a number between 0 and 3600 seconds is the perio...

Страница 156: ...notation of the server Status The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not y...

Страница 157: ...AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 RADIUS Details This page shows the access statistics of the authentication and accounting servers Use the server drop down list to swi...

Страница 158: ...IUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexi...

Страница 159: ...e RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for t...

Страница 160: ...device is plugged into a switch port For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the cli...

Страница 161: ...r request times out according to the timeout specified on the Configuration Security AAA page the client is put on hold in Unauthorized state The hold timer does not count during an on going authentic...

Страница 162: ...going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant Since the server has not failed because the X seconds have not expired the same server wi...

Страница 163: ...n users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC...

Страница 164: ...y X clients are authorized and Y are unauthorized Restart Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in a...

Страница 165: ...each value Port State The current state of the port Refer to NAS Port State for more details regarding each value Last Source The source MAC address carried in the most recently received EAPOL frame...

Страница 166: ...US Authentication Server statistics is showed Use the port drop down list to select which port details to be displayed Label Description Admin State The port s current administrative state Refer to NA...

Страница 167: ...ion Backend Server Counters These backend RADIUS frame counters are available for the following administrative states 802 1X MAC based Auth Last Supplicant Client Info Information about the last suppl...

Страница 168: ...oS class for which the configuration below applies DPL The Drop Precedence Level for which the configuration below applies Enable Controls whether RED is enabled for this entry Min Controls the lower...

Страница 169: ...responding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period Aging Period You can specify the aging period in seconds The Aging P...

Страница 170: ...the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values...

Страница 171: ...known MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addre...

Страница 172: ...to transmit or receive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it w...

Страница 173: ...STALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 9 Warning 6 9 1 Fault Alarm When any selected fault event happens the Fault LED on the switch panel will light up and the...

Страница 174: ...rver will not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server doe...

Страница 175: ...that the checkbox cannot be checked when SYSLOG or SMTP is disabled Label Description System Cold Start Sends out alerts when the system is restarted Power Status Sends out alerts when power is up or...

Страница 176: ...or entries in the dynamic MAC table and configure the static MAC table here Aging Configuration By default dynamic entries are removed from the MAC after 300 seconds This removal is called aging You c...

Страница 177: ...re the port to dynamically learn the MAC address based upon the following settings Label Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No lea...

Страница 178: ...ches The MAC table is sorted first by VLAN ID and then by MAC address Label Description Delete Check to delete an entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Ad...

Страница 179: ...played will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN fields allow the user to select the starting point in the MAC table...

Страница 180: ...the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Auto...

Страница 181: ...received or transmitted on this port that have an opcode indicating a PAUSE operation Rx Drops The number of frames dropped due to insufficient receive buffer or egress congestion Rx CRC Alignment The...

Страница 182: ...re mirrored to this port Disabled option disables mirroring Label Description Mode Enable or disable this function Type Mirror the switch is running on mirror mode The source port s and destination po...

Страница 183: ...red on the Intermediate Destination port Rx only Frames received on this port are mirrored on the Intermediate Destination port Frames transmitted are not mirrored Tx only Frames transmitted on this p...

Страница 184: ...ssages Warning Log warning messages Error Log error messages All Log all messages Time The time of the system log entry Message The MAC address of the switch Auto refresh Check this box to enable an a...

Страница 185: ...efreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY diagnostics is only accurate for cables 7 140 meters long 10 and 100 Mbps ports will b...

Страница 186: ...gital Diagnostic Monitoring function can measure the temperature of the apparatus helping you monitor the status of connection and detect errors immediately You can manage and set up event alarms thro...

Страница 187: ...y until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes...

Страница 188: ...X8MSPOE 11 Jan 2021 PAGE 188 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 IPv6 Ping PING6 server 192 168 10 1 sendto sendto sendto sendto sendto Sent 5 packets receiv...

Страница 189: ...over Ethernet PoE 6 11 1 Configuration Power over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable It could for example be used for powering IP telephones w...

Страница 190: ...the reserved power for that port The ports are shut down according to the ports priority If two ports have the same priority the port with the highest port number is shut down Reserved Power In this...

Страница 191: ...Each PD is classified according to a class that defines the maximum power the PD will use The PD Class shows the PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Cl...

Страница 192: ...for the port PoE turned OFF PoE disabled PoE is disabled by user PoE turned OFF Power budget exceeded The total requested or used power by the PDs exceeds the maximum power the Power Supply can delive...

Страница 193: ...CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 12 Configuration Activate or delete configuration files Simply select the files to be activated or deleted and press the button 6 12 1 Activate 6 12 2 D...

Страница 194: ...age Only the IP configuration is retained Label Description Yes Click to reset the configuration to factory defaults No Click to return to the Port State page without resetting 6 14 2 Restart Device R...

Страница 195: ...l Protocol IEEE 802 1p for COS Class of Service IEEE 802 1Q for VLAN Tagging IEEE 802 1d for STP Spanning Tree Protocol IEEE 802 1w for RSTP Rapid Spanning Tree Protocol IEEE 802 1s for MSTP Multiple...

Страница 196: ...ient Relay SMTP Client Modbus TCP NTP server client UPnP QoS TOS Diffserv supported CoS Application based QoS IP based bandwidth management Network Redundancy C Ring O Chain MRP NOTE STP RSTP MSTP IEE...

Страница 197: ...resent Physical Characteristic Enclosure IP 30 Dimension W x D x H 74 3 W x 125 D x 153 6 H mm 2 93 x 4 92 x 6 05 inches Weight g 1078 g Environmental Storage Temperature 40 to 85 C 40 to 185 F Operat...

Страница 198: ...ng Protection Switching Example Configuration Introduction This section shows how to configure the Ethernet Ring Protection Switching ERPS for ComNet switches using the Web GUI and the CLI commands Th...

Страница 199: ...to avoid creating a loop The web client is connected to switch 1 3 To avoid conflict with ERPS disable spanning tree on all switches if it is enabled 4 Enable VLAN tag aware on all three switches In V...

Страница 200: ...MAC can remain empty because it will be learned by receiving the CCM from the peer side On ComNet switches before they are learned the CCM frame rate cannot be changed to above 100 sec If known enter...

Страница 201: ...switch 2 Figure 5 Switch 2 Port 1 and 2 MEP Configuration 2 Edit MEP1 of switch 2 by clicking 1 under Instance of the MEP table Configure the MEP as shown and click Save or Apply Figure 6 Switch 2 ME...

Страница 202: ...t 1 and 2 of switch 3 Figure 8 Switch 3 Port 1 and 2 MEP Configuration 2 Edit MEP1 of switch 3 by clicking 1 under Instance of the MEP table Configure the MEP as shown and click Save or Apply Figure 9...

Страница 203: ...ew Protection Group Switch 1 Configuration 2 Edit ERPS1 by clicking 1 Set the configuration as shown and click Save or Apply Figure 12 ERPS 1 Switch 1 Configuration 3 Click VLAN Config to edit the pro...

Страница 204: ...tch 2 the RPL Neighbor 1 On switch 2 click ERPS followed by Add New Protection Group Figure 15 Add New Protection Group Switch 2 Configuration 2 Edit ERPS1 by clicking 1 Configure the device as shown...

Страница 205: ...g ERPS on Switch 3 1 On switch 3 click ERPS followed by Add New Protection Group Figure 18 Add New Protection Group Switch3 2 Edit ERPS1 by clicking 1 No action is required on switch 3 Keep the RPL ow...

Страница 206: ...1 888 678 9427 Ethernet Ring Protection Switching Configuration Verifying ERPS 1 Change the CCM rate starting from switch 3 Click on MEP 2 and then use the frame rate pull down to select 300 f sec Fig...

Страница 207: ...MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 3 Change the CCM rate on switch 1 Click on MEP 1 and then use the frame rate pull down to select 300 f sec Figure 23 Edit MEP 1 CCM Rate Switch 1 4...

Страница 208: ...MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 5 Change the CCM rate on switch 2 Click on MEP 1 and then use the frame rate pull down to select 300 f sec Figure 25 Edit MEP 1 CCM Rate Switch 2 6...

Страница 209: ...7 On Switch 1 check ERPS status by clicking ERPS to ensure normal link status Figure 27 Switch 1 ERPS Status 8 Disconnect the normal link for switch 1 and switch 3 Figure 28 Disconnect Normal Link 9 R...

Страница 210: ...2GE2TX8MSPOE 11 Jan 2021 PAGE 210 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 10 After WTR timeout and clicking Refresh it should show as Idle Figure 30 Refresh ERPS...

Страница 211: ...ICLI Initial Switch Configuration The following commands disable STP and LLDP and they enable C Port on Port 1 and 2 on all switches Configure port 1 2 interface GigabitEthernet 1 1 2 set C Port switc...

Страница 212: ...r mep mep 1 peer mep id 5 enable ccm default is 1FPS mep 1 cc 0 enable RAPS mep 1 aps 0 raps mep 2 down domain port flow 2 level 0 interface GigabitEthernet 1 2 mep 2 mep id 2 mep 2 vid 3001 mep 2 pee...

Страница 213: ...thernet 1 1 mep 1 mep id 3 mep 1 vid 3001 mep 1 peer mep id 2 mep 1 cc 0 mep 1 aps 0 raps mep 2 down domain port flow 2 level 0 interface GigabitEthernet 1 2 mep 2 mep id 4 mep 2 vid 3001 mep 2 peer m...

Страница 214: ...rnet 1 2 mep 2 mep id 6 mep 2 vid 3001 mep 2 peer mep id 4 mep 2 cc 0 mep 2 aps 0 raps erps 1 major port0 interface GigabitEthernet 1 1 port1 interface GigabitEthernet 1 2 erps 1 mep port0 sf 1 aps 1...

Страница 215: ...RATE DRIVE DANBURY CT 06810 USA T 203 796 5300 F 203 796 5303 TECH SUPPORT 1 888 678 9427 INFO COMNET NET 8 TURNBERRY PARK ROAD GILDERSOME MORLEY LEEDS UK LS27 7LE T 44 0 113 307 6400 F 44 0 113 253 7...

Отзывы:

Нет отзывов

Похожие инструкции для CNXE2GE2TX8MSPOE

Gefen HD-441 User Manual preview
HD-441
Бренд: Gefen Страницы: 11
D-Link xStack DES-3500 Series Cli Manual preview
xStack DES-3500 Series
Бренд: D-Link Страницы: 260
D-Link DXS-3600 Series Reference Manual preview
DXS-3600 Series
Бренд: D-Link Страницы: 48
D-Link DXS-3400 SERIES Quick Start Manual preview
DXS-3400 SERIES
Бренд: D-Link Страницы: 3
D-Link Web Smart Switch DGS-1210-16 Product Manual preview
Web Smart Switch DGS-1210-16
Бренд: D-Link Страницы: 71
D-Link DGS-1016A Datasheet preview
DGS-1016A
Бренд: D-Link Страницы: 3
D-Link DGS-1100-26MP Getting Started Manual preview
DGS-1100-26MP
Бренд: D-Link Страницы: 56
D-Link xStack DES-3800 Series Cli Manual preview
xStack DES-3800 Series
Бренд: D-Link Страницы: 326
D-Link xStack DES-3526 Cli Manual preview
xStack DES-3526
Бренд: D-Link Страницы: 222
D-Link DGS-1008G Quick Install Manual preview
DGS-1008G
Бренд: D-Link Страницы: 2
D-Link DXS-1210 Series Manual preview
DXS-1210 Series
Бренд: D-Link Страницы: 20
Eaton Cutler-Hammer Quick Start Instructions preview
Cutler-Hammer
Бренд: Eaton Страницы: 8
Vector MZ3-FA-V01 Manual preview
MZ3-FA-V01
Бренд: Vector Страницы: 6
TRENDnet TE100-S5 Lühike Paigaldusjuhend preview
TE100-S5
Бренд: TRENDnet Страницы: 11
Ihse Draco tera compact 480 Series User Manual preview
Draco tera compact 480 Series
Бренд: Ihse Страницы: 244
H-Tronic TS 1000 Instruction Manual preview
TS 1000
Бренд: H-Tronic Страницы: 15
WTI IPS-400 User Manual preview
IPS-400
Бренд: WTI Страницы: 56
Lindy 32320 User Manual preview
32320
Бренд: Lindy Страницы: 12

Бренды по названию

Популярные бренды

Загрузить еще бренды