EtherWAN EX26262 Скачать руководство пользователя страница 112

Страница: 112 / 326

HAPTER

| Configuring the Switch

Configuring Security

– 112 –

VLAN interface, DHCP messages received on an untrusted interface

from a device not listed in the DHCP snooping table will be dropped.

◆

Table entries are only learned for trusted interfaces. An entry is added

or removed dynamically to the DHCP snooping table when a client

receives or releases an IP address from a DHCP server. Each entry

includes a MAC address, IP address, lease time, VLAN identifier, and

port identifier.

◆

When DHCP snooping is enabled, DHCP messages entering an

untrusted interface are filtered based upon dynamic entries learned via

DHCP snooping.

◆

Filtering rules are implemented as follows:

■

If the global DHCP snooping is disabled, all DHCP packets are

forwarded.

■

If DHCP snooping is enabled globally, all DHCP packets are

forwarded for a trusted port. If the received packet is a DHCP ACK

message, a dynamic DHCP snooping entry is also added to the

binding table.

■

If DHCP snooping is enabled globally, but the port is not trusted, it

is processed as follows:

■

If the DHCP packet is a reply packet from a DHCP server

(including OFFER, ACK or NAK messages), the packet is

dropped.

■

If a DHCP DECLINE or RELEASE message is received from a

client, the switch forwards the packet only if the corresponding

entry is found in the binding table.

■

If a DHCP DISCOVER, REQUEST or INFORM message is received

from a client, the packet is forwarded.

■

If the DHCP packet is not a recognizable type, it is dropped.

■

If a DHCP packet from a client passes the filtering criteria above, it

will only be forwarded to trusted ports in the same VLAN.

■

If a DHCP packet is from server is received on a trusted port, it will

be forwarded to both trusted and untrusted ports in the same VLAN.

■

If the DHCP snooping is globally disabled, all dynamic bindings are

removed from the binding table.

■

Additional considerations when the switch itself is a DHCP client –

The port(s) through which the switch submits a client request to the

DHCP server must be configured as trusted. Note that the switch

will not add a dynamic entry for itself to the binding table when it

receives an ACK message from a DHCP server. Also, when the

switch sends out DHCP client packets for itself, no filtering takes

place. However, when the switch receives any messages from a

Содержание EX26262

Страница 1: ...Layer 2 Gigabit PoE Ethernet Switch Management Guide...

Страница 2: ......

Страница 3: ...MANAGEMENT GUIDE...

Страница 4: ......

Страница 5: ...ur attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that...

Страница 6: ...6 ABOUT THIS GUIDE...

Страница 7: ...N II WEB CONFIGURATION 33 3 USING THE WEB INTERFACE 35 Navigating the Web Browser Interface 35 Home Page 35 Configuration Options 36 Panel Display 36 Main Menu 37 4 CONFIGURING THE SWITCH 47 Configuri...

Страница 8: ...g DHCP Snooping 111 Configuring DHCP Relay and Option 82 Information 114 Configuring IP Source Guard 115 Configuring ARP Inspection 119 Specifying Authentication Servers 122 Creating Trunk Groups 124...

Страница 9: ...based VLANs 183 Protocol VLANs 184 Configuring Protocol VLAN Groups 185 Mapping Protocol Groups to Ports 186 Configuring IP Subnet based VLANs 187 Managing VoIP Traffic 189 Configuring VoIP Traffic 1...

Страница 10: ...ion About Learned MAC Addresses 236 Displaying Port Status for Authentication Services 237 Displaying Port Statistics for 802 1X or Remote Authentication Service 238 Displaying ACL Status 242 Displayi...

Страница 11: ...oping Information 271 Showing MLD Snooping Status 271 Showing MLD Snooping Group Information 272 Showing IPv6 SFM Information 273 Displaying LLDP Information 274 Displaying LLDP Neighbor Information 2...

Страница 12: ...Saving Configuration Settings 298 Restoring Configuration Settings 298 SECTION III APPENDICES 301 A SOFTWARE SPECIFICATIONS 303 Software Features 303 Management Features 304 Standards 305 Management I...

Страница 13: ...14 Authentication Server Operation 65 Figure 15 Authentication Method for Management Access 66 Figure 16 SSH Configuration 67 Figure 17 HTTPS Configuration 69 Figure 18 Access Management Configuratio...

Страница 14: ...panning Tree Internal Spanning Tree 133 Figure 48 STA Bridge Configuration 136 Figure 49 Adding a VLAN to an MST Instance 138 Figure 50 Configuring STA Bridge Priorities 139 Figure 51 STP RSTP CIST Po...

Страница 15: ...Displaying Port Tag Remarking Mode 201 Figure 83 Configuring Port Tag Remarking Mode 202 Figure 84 Configuring Port DSCP Translation and Rewriting 204 Figure 85 Configuring DSCP based QoS Ingress Clas...

Страница 16: ...gure 119 RMON History Overview 255 Figure 120 RMON Alarm Overview 256 Figure 121 RMON Event Overview 256 Figure 122 LACP System Status 257 Figure 123 LACP Port Status 258 Figure 124 LACP Port Statisti...

Страница 17: ...able 283 Figure 146 Showing VLAN Members 285 Figure 147 Showing VLAN Port Status 286 Figure 148 Showing MAC based VLAN Membership Status 287 Figure 149 Showing sFlow Statistics 289 Figure 150 ICMP Pin...

Страница 18: ...18 FIGURES...

Страница 19: ...upport 68 Table 6 SNMP Security Models and Levels 71 Table 7 Dynamic QoS Profiles 93 Table 8 QCE Modification Buttons 105 Table 9 Recommended STA Path Cost Range 140 Table 10 Recommended STA Path Cost...

Страница 20: ...20 TABLES...

Страница 21: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 22: ...22 SECTION I Getting Started...

Страница 23: ...Port Authentication Port Security DHCP Snooping with Option 82 relay information IP Source Guard Access Control Lists Supports up to 256 rules DHCP Client DNS Client and Proxy service Port Configurati...

Страница 24: ...S priority queueing ensures the minimum delay for moving real time multimedia data across the network While multicast filtering provides support for real time network applications Some of the manageme...

Страница 25: ...E LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of...

Страница 26: ...ed by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol will choose a single path and disable al...

Страница 27: ...ecified interfaces based on protocol type IEEE 802 1Q TUNNELING QINQ This feature is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used...

Страница 28: ...ery to manage multicast group registration for IPv4 traffic and MLD Snooping for IPv6 traffic It also supports Multicast VLAN Registration MVR which allows common multicast traffic such as television...

Страница 29: ...king LACP all ports Disabled Storm Protection Status Broadcast Enabled 1 kpps Multicast disabled Unknown unicast disabled Status Enabled RSTP Defaults RSTP standard Spanning Tree Algorithm Edge Ports...

Страница 30: ...10 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 DHCP Client Disabled Snooping Disabled DNS Proxy service Disabled Multicast Filtering IGMP Snooping Snooping Disabled Querier Disabled MLD Snoopin...

Страница 31: ...ve addresses that start 192 168 1 x If the PC and switch are not on the same subnet you must manually set the PC s IP address to 192 168 1 x where x is any number from 1 to 254 except 10 4 Open your w...

Страница 32: ...32 CHAPTER 2 Initial Switch Configuration logging out To change the password click Security and then Users Select root from the User Configuration list fill in the Password fields and then click Save...

Страница 33: ...detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 35 Configuring the Switch on page 47 Monitoring the Switch...

Страница 34: ...34 SECTION II Web Configuration...

Страница 35: ...face you must first enter a user name and password The administrator has Read Write access to all configuration parameters and statistics The default user name for the administrator is root The defaul...

Страница 36: ...n Action Save Sets specified values to the system Reset Cancels specified values and restores current values prior to pressing Save Logs out of the management interface Displays help for the selected...

Страница 37: ...ime 53 Log Configures the logging of messages to a remote logging process specifies the remote log server and limits the type of system log messages sent 55 Ports Configures port connection settings 5...

Страница 38: ...transmit data after maximum latency expires regardless queue length 57 Ports2 Configures port connection settings 58 Security 60 Switch 60 Users Configures user names passwords and access levels 61 Pr...

Страница 39: ...n the IP Source Guard table or dynamic entries in the DHCP Snooping table 115 Configuration Enables IP source guard and sets the maximum number of clients that can learned dynamically 115 Static Table...

Страница 40: ...specified port 162 LLDP Link Layer Discovery Protocol 162 LLDP Configures global LLDP timing parameters and port specific TLV attributes 163 LLDP MED Configures LLDP MED attributes including device l...

Страница 41: ...bandwidth and port shaper 199 Port Tag Remarking Provides overview of QoS Egress Port Tag Remarking also sets the remarking mode classified PCP DEI values default PCP DEI values or mapped versions of...

Страница 42: ...hows global and port settings for IEEE 802 1X Switch Shows port status for authentication services including 802 1X security state last source address used for authentication and last ID 237 Port Disp...

Страница 43: ...ration 265 Statistics Shows statistics for IGMP protocol messages used by MVR 265 MVR Channel Groups Shows information about the interfaces associated with multicast groups assigned to the MVR VLAN 26...

Страница 44: ...AN Membership Shows the current port members for all VLANs configured by a selected software module 284 VLAN Port Shows the VLAN attributes of port members for all VLANs configured by a selected softw...

Страница 45: ...on the management station 298 Upload Restores configuration settings from a file on the management station 298 1 The Basic Configuration menu is a subset of Advanced Configuration The following config...

Страница 46: ...46 CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface...

Страница 47: ...ETERS These parameters are displayed System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters...

Страница 48: ...ined via DHCP by default If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 1 10 and subnet mask 255 255 255 0 You can manually configure a specific...

Страница 49: ...abase based on previous responses to DNS queries forwarded on behalf of attached clients If the required information is not in the local database the switch forwards the DNS query to a DNS server stor...

Страница 50: ...n manually configure a link local address by entering the full address with the network prefix FE80 To connect to a larger network with multiple subnets you must configure a global unicast address The...

Страница 51: ...its specifies that the first six colon separated values comprise the network portion of the address Router Sets the IPv6 address of the default next hop router An IPv6 default gateway must be defined...

Страница 52: ...the switch periodically sends a request for a time update to a configured time server You can configure up to five time server IP addresses The switch will attempt to poll each server in the configur...

Страница 53: ...ht and mornings have less This is known as Daylight Savings Time or Summer Time Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn PATH Basic Ad...

Страница 54: ...ime basis From Start time for summer time To End time for summer time Offset The number of minutes to add during Daylight Saving Time Range 1 1440 WEB INTERFACE To set the time zone or Daylight Saving...

Страница 55: ...ge to send log messages to syslog servers or other management stations You can also limit the event messages sent to specified types PATH Basic Advanced Configuration System Log COMMAND USAGE When rem...

Страница 56: ...rver which will be sent syslog messages Syslog Level Limits log messages that are sent to the remote syslog server for the specified types Messages options include the following Info Send informations...

Страница 57: ...circuits powered up when traffic is transmitted The devices can exchange information about the device wakeup time using LLDP protocol To maximize power savings the circuit is not started as soon as da...

Страница 58: ...ETERS These parameters are displayed Link Indicates if the link is up or down Speed Sets the port speed and duplex mode using auto negotiation or manual selection The following options are supported D...

Страница 59: ...port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment att...

Страница 60: ...r the Secure Socket Layer SSL static configuration of client addresses and SNMP General Security Measures Network menu This switch supports many methods of segregating traffic for clients attached to...

Страница 61: ...which provides read only access and privilege level 10 which also provides read write access To perform system maintenance software upload factory defaults etc the user s privilege level should be se...

Страница 62: ...GURING USER PRIVILEGE LEVELS Use the Privilege Levels page to set the privilege level required to read or configure specific software modules or system settings PATH Advanced Configuration Security Sw...

Страница 63: ...l group can be configured to access the following modules or system settings Configuration Read only Configuration Execute Read write Status Statistics Read only and Status Statistics Read write e g c...

Страница 64: ...d on the switch or can be controlled with a RADIUS or TACACS remote access authentication server Note that the RADIUS servers used to authenticate client access for IEEE 802 1X port authentication are...

Страница 65: ...ss the network through the switch This accounting can be used to provide reports auditing and billing for services that users have accessed By default management access is always checked against the a...

Страница 66: ...ication method Options None Local RADIUS TACACS Default Local Selecting the option None disables access through the specified management interface Fallback Uses the local user database for authenticat...

Страница 67: ...for management via the SSH protocol The switch supports both SSH Version 1 5 and 2 0 clients SSH service on this switch only supports password authentication The password can be authenticated either l...

Страница 68: ...d connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The following web browsers and operating syste...

Страница 69: ...ed Configuration Security Switch Access Management PARAMETERS These parameters are displayed Mode Enables or disables filtering of management access based on configured IP addresses Default Disabled S...

Страница 70: ...e These objects are defined in a Management Information Base MIB that provides a standard presentation of the information controlled by the agent SNMP defines both the format of the MIB specifications...

Страница 71: ...riv private default_rw_group default_view default_view Community string only v2c noAuth NoPriv user defined user defined user defined user defined Community string only v3 noAuth NoPriv user defined d...

Страница 72: ...D The SNMPv3 engine ID Range 10 64 hex digits excluding a string of all 0 s or all F s Default 800007e5017f000001 An SNMPv3 engine is an independent SNMP agent that resides on the switch This engine p...

Страница 73: ...ement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a res...

Страница 74: ...uration Security Switch SNMP System 2 In the SNMP System Configuration table set the Mode to Enabled to enable SNMP service on the switch specify the SNMP version to use change the community access st...

Страница 75: ...to authorize access by SNMP v1 and v2c clients should be listed in the SNMPv3 Communities Configuration table For security reasons you should consider removing the default strings PATH Advanced Confi...

Страница 76: ...these strings for security reasons 3 Add any new community strings required for SNMPv1 or v2 clients that need to access the switch along with the source address and address mask for each client 4 Cl...

Страница 77: ...of user connecting to the SNMP agent Range 1 32 characters ASCII characters 33 126 only Security Level The security level assigned to the user NoAuth NoPriv There is no authentication or encryption us...

Страница 78: ...odel The user security model Options SNMP v1 v2c or the User based Security Model usm Security Name The name of a user connecting to the SNMP agent Range 1 32 characters ASCII characters 33 126 only T...

Страница 79: ...ct user access to specified portions of the MIB tree The predefined view default_view includes access to the entire MIB tree CLI REFERENCES SNMP Commands on page 330 PARAMETERS These parameters are di...

Страница 80: ...rity Switch SNMP Access PARAMETERS These parameters are displayed Group Name The name of the SNMP group Range 1 32 characters ASCII characters 33 126 only Security Model The user security model Option...

Страница 81: ...nect to the management agent it will continue to perform any specified tasks and pass data back to the management station the next time it is contacted The switch supports mini RMON which consists of...

Страница 82: ...Configuration CONFIGURING RMON HISTORY SAMPLES Use the RMON History Configuration page to collect statistics on a physical interface to monitor network utilization packet types and errors A historica...

Страница 83: ...ling interval and maximum number of buckets requested 4 Click Save Figure 26 RMON History Configuration CONFIGURING RMON ALARMS Use the RMON Alarm Configuration page to define specific criteria that w...

Страница 84: ...he thresholds Value The value of the statistic during the last sampling period Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the threshold...

Страница 85: ...event will be generated Range 1 65535 WEB INTERFACE To configure an RMON alarm 1 Click Advanced Configuration Security Switch RMON Alarm 2 Click Add New Entry 3 Enter an index number the polling inter...

Страница 86: ...e SNMP trap configuration page see Setting SNMPv3 Community Access Strings on page 75 prior to configuring it here Range 0 127 characters Last Event Time The value of sysUpTime when an event was last...

Страница 87: ...rity will use the shortest requested aging period of all modules that use this functionality Range 10 10 000 000 seconds Default 3600 seconds Port Configuration Port Port identifier Mode Controls whet...

Страница 88: ...ontrol is either globally disabled or disabled on the port Ready The limit is not yet reached This can be shown for all Actions Limit Reached Indicates that the limit is reached on this port This stat...

Страница 89: ...02 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication Access to all switch ports...

Страница 90: ...sed authentication is MD5 The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials and responds with an ac...

Страница 91: ...nabled or disabled on the switch If globally disabled all ports are allowed to forward frames Reauthentication Enabled Sets clients to be re authenticated after an interval specified by the Re authent...

Страница 92: ...itch will ignore new frames coming from the client during the hold time RADIUS Assigned QoS Enabled RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming...

Страница 93: ...e by using a semicolon to separate each profile For example the attribute service policy in pp1 rate limit input 100 specifies that the diffserv profile name is pp1 and the ingress rate limit profile...

Страница 94: ...ings determine whether RADIUS assigned VLAN is enabled for that port When unchecked RADIUS server assigned VLAN is disabled for all ports When RADIUS Assigned VLAN is both globally enabled and enabled...

Страница 95: ...s are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick wa...

Страница 96: ...ransmits an EAPOL Request Identity frame without receiving a response before adding a port to the Guest VLAN The value can only be changed if the Guest VLAN option is globally enabled Range 1 255 Allo...

Страница 97: ...ast MAC address as the destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Co...

Страница 98: ...ically learned on this port are removed from the common address table Authenticated MAC addresses are stored as dynamic entries in the switch s secure MAC address table Configured static MAC addresses...

Страница 99: ...MAC Based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules reauthentication to whenever the quiet period of the port runs out EAPOL based...

Страница 100: ...matches a permit rule or dropped as soon as it matches a deny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting co...

Страница 101: ...ring Local Port Mirroring on page 212 ACL based port mirroring set by this parameter and port mirroring set on the general Mirror Configuration page are implemented independently To use ACL based mirr...

Страница 102: ...L will be applied 4 Click Save Figure 32 ACL Port Configuration CONFIGURING RATE LIMITERS Use the ACL Rate Limiter Configuration page to define the rate limits applied to a port as configured either t...

Страница 103: ...ltering rules for an ACL policy for a specific port or for all ports Rules applied to a port take effect immediately while those defined for a policy must be mapped to one or more ports using the ACL...

Страница 104: ...rotocol type TTL IP fragment IP option flag source destination IP VLAN ID VLAN priority PARAMETERS These parameters are displayed ACCESS CONTROL LIST CONFIGURATION Ingress Port The ingress port of the...

Страница 105: ...r filter for this ACE Any No policy filter is specified i e don t care Specific If you want to filter a specific policy with this ACE choose this value Two fields for entering an policy value and bitm...

Страница 106: ...ress Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Network specifies the sender IP address and sender IP mask in the SIP Address and SIP Ma...

Страница 107: ...owed 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Default Any IPv4 MAC Parameters DMAC Filt...

Страница 108: ...st match this entry Default Any TCP PSH Specifies the TCP Push Function PSH value for this rule Options Any any value is allowed 0 TCP frames where the PSH field is set must not match this entry 1 TCP...

Страница 109: ...on IP mask in the DIP Address and DIP Mask fields Default Any Response to take when a rule is matched Action Permits or denies a frame based on whether it matches an ACL rule Default Permit Rate Limit...

Страница 110: ...B INTERFACE To configure an Access Control List for a port or a policy 1 Click Advanced Configuration Security Network ACL Access Control List 2 Click the button to add a new ACL or use the other ACL...

Страница 111: ...c bindings configured with IP Source Guard DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port related information to a DHCP server This informa...

Страница 112: ...CP packet is a reply packet from a DHCP server including OFFER ACK or NAK messages the packet is dropped If a DHCP DECLINE or RELEASE message is received from a client the switch forwards the packet o...

Страница 113: ...rwarded to trusted ports and reply packets only allowed from trusted ports Default Disabled Port Port identifier Mode Enables or disables a port as a trusted source of DHCP messages Default Trusted WE...

Страница 114: ...o which they are connected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire...

Страница 115: ...ddress of a neighbor to access the network CONFIGURING GLOBAL AND PORT SETTINGS FOR IP SOURCE GUARD Use the IP Source Guard Configuration page to filter traffic on an insecure port which receives mess...

Страница 116: ...inding the packet will be forwarded If IP source guard if enabled on an interface for which IP source bindings have not yet been configured neither by static configuration in the IP source guard bindi...

Страница 117: ...Source Guard CONFIGURING STATIC BINDINGS FOR IP SOURCE GUARD Use the Static IP Source Guard Table to bind a static address to a port Table entries include a port identifier VLAN identifier IP address...

Страница 118: ...o static IP source guard binding Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed Port The port to which a static entry is bound VLAN ID ID of a config...

Страница 119: ...tion is controlled on a global and port basis By default ARP Inspection is disabled both globally and on all ports If ARP Inspection is globally enabled then it becomes active only on the ports where...

Страница 120: ...Default Disabled Translate dynamic to static Click to translate all dynamic entries to static entries Port Mode Configuration Port Port identifier Mode Enables Dynamic ARP Inspection on a given port O...

Страница 121: ...packets to any entries specified in the static ARP table If no static entry matches the packets then the DHCP snooping bindings database determines their validity PATH Advanced Configuration Security...

Страница 122: ...equest Range 3 3600 seconds Default 15 seconds Dead Time The time after which the switch considers an authentication server to be dead if it does not reply Range 0 3600 seconds Default 300 seconds Set...

Страница 123: ...ement access in the web interface 1 Click Advanced Configuration Security AAA 2 Configure the authentication method for management client types the common server timing parameters and address UDP port...

Страница 124: ...he standby ports will automatically be activated to replace it USAGE GUIDELINES Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a...

Страница 125: ...te a balanced load across all links in a trunk the switch uses a hash algorithm to calculate an output link number in the trunk However depending on the device to which a trunk is connected and the tr...

Страница 126: ...ent hosts Do not use this mode for switch to server trunk links where the destination IP address is the same for all traffic One of the defaults TCP UDP Port Number All traffic with the same source an...

Страница 127: ...target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically be assigned the next available tr...

Страница 128: ...Default Auto Select the Specific option to manually configure a key Use the Auto selection to automatically set the key based on the actual link speed where 10Mb 1 100Mb 2 and 1Gb 3 Role Configures a...

Страница 129: ...ection USAGE GUIDELINES The default settings for the control frame transmit interval and recover time may be adjusted to improve performance for your specific environment The response mode may also ne...

Страница 130: ...iguration Port Port identifier Enable Enables loopback detection on a port Default Enabled Action Configures the response to take when a loop is detected on a port Options Shutdown Port Shutdown Port...

Страница 131: ...1D RSTP Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s STP STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router...

Страница 132: ...e number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to ch...

Страница 133: ...t of the running spanning tree algorithm between switches that support the STP RSTP MSTP protocols Once you specify the VLANs to include in a Multiple Spanning Tree Instance MSTI the protocol will aut...

Страница 134: ...lowing for faster convergence of a new topology for the failed instance To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP conf...

Страница 135: ...becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Note that references to ports in this section mean...

Страница 136: ...uthorized device The BPDU guard feature provides a secure response to invalid configurations because an administrator must manually enable the port Default Disabled Port Error Recovery Controls whethe...

Страница 137: ...l area of your network However remember that you must configure all bridges that exist within the same MSTI Region with the same set of instances and the same instance on each bridge with the same set...

Страница 138: ...pped VLANs to assign to this MST instance The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI Range 1 4094 WEB INTERFACE To add VLAN groups to an MSTP instance 1...

Страница 139: ...16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 Default 128 Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the ST...

Страница 140: ...ration settings can be applied to all trunks STP Enabled Sets the interface to enable STA disable STA or disable STA with BPDU transparency Default Enabled BPDU transparency is commonly used to suppor...

Страница 141: ...e highest priority the port with lowest numeric identifier will be enabled Range 0 240 in steps of 16 Default 128 Admin Edge Fast Forwarding You can enable this option if an interface is attached to a...

Страница 142: ...eceiving BPDUs It can prevent loops by shutting down an port when a BPDU is received instead of putting it into the spanning tree discarding state The BPDU guard feature provides a secure response to...

Страница 143: ...ns interfaces which includes both ports and trunks PATH Basic Advanced Configuration Spanning Tree MSTI Ports PARAMETERS These parameters are displayed Port Port identifier This field is not applicabl...

Страница 144: ...MSTI Port Configuration MULTICAST VLAN REGISTRATION Multicast VLAN Registration MVR is a protocol that controls access to a single network wide VLAN most commonly used for transmitting multicast traff...

Страница 145: ...SAGE General Configuration Guidelines for MVR 1 Enable MVR globally on the switch and select the MVR VLAN 2 Set the interfaces that will join the MVR as source ports or receiver ports 3 If you are sur...

Страница 146: ...c MVR allows dynamic MVR membership reports on source ports This is the default Compatible MVR membership reports are forbidden on source ports Tagging Specifies whether the traversed IGMP MLD control...

Страница 147: ...an MVR receiver Just remember that only IGMP version 2 or 3 hosts can issue multicast leave messages If a version 1 host is receiving multicast traffic the switch can only remove the interface from th...

Страница 148: ...able set of hosts Only IGMP version 2 or 3 hosts can issue multicast join or leave messages If MVR must be configured for an IGMP version 1 host the multicast groups must be statically assigned using...

Страница 149: ...SNOOPING Multicasting is used to support real time applications such as videoconferencing or streaming audio A multicast server does not have to establish a separate connection with each client It mer...

Страница 150: ...to all ports and possibly disrupting network performance If multicast routing is not supported on other switches in your network you can use IGMP Snooping and IGMP Query to monitor IGMP service reques...

Страница 151: ...est service from a specific source for a multicast service these sources are all placed in the Include list and traffic is forwarded to the hosts from each of these sources IGMPv3 hosts may also reque...

Страница 152: ...terfaces within the switch Fast Leave Immediately deletes a member port of a multicast service if a leave packet is received at that port Default Disabled The switch can be configured to immediately d...

Страница 153: ...TINGS FOR IGMP SNOOPING AND QUERY Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping and query for a VLAN interface PATH Advanced Configuration IPMC IGMP Snooping VLAN Configurat...

Страница 154: ...dicating that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 the maximum...

Страница 155: ...ult 1 second WEB INTERFACE To configure VLAN settings for IGMP snooping and query 1 Click Configuration IPMC IGMP Snooping VLAN Configuration 2 Adjust the IGMP settings as required 3 Click Save Figure...

Страница 156: ...ts with users that want to receive it This reduces the flooding of IPv6 multicast packets in the specified VLANs This switch supports MLD protocol version 1 MLDv1 control packets include Listener Quer...

Страница 157: ...ies are learned If no router port is configured in the attached VLAN and Unregistered IPMCv6 Flooding is disabled any subsequent multicast traffic not found in the table is dropped otherwise it is flo...

Страница 158: ...Disabled If MLD snooping cannot locate the MLD querier you can manually designate a port which is connected to a known MLD querier i e a multicast router switch This interface will then join all the...

Страница 159: ...global and port related settings for MLD Snooping 1 Click Configuration IPMC MLD Snooping Basic Configuration 2 Adjust the MLD settings as required 3 Click Save Figure 59 Configuring Global and Port r...

Страница 160: ...Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network Range MLD Auto Forced MLDv1 Forced MLDv2 De...

Страница 161: ...e the group by sending out an MLD group specific or group and source specific query message and starts a timer If no reports are received before the timer expires the group record is deleted and a rep...

Страница 162: ...port are checked against the these groups If a requested multicast group is denied the MLD report is dropped WEB INTERFACE To configure MLD Snooping Port Group Filtering 1 Click Configuration IPMC ML...

Страница 163: ...agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner TTL in seconds is based on the following rule Transmission Interval Tr...

Страница 164: ...r devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch When CDP awareness for a port is disabled the CDP information is not removed immediately but will b...

Страница 165: ...enterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual...

Страница 166: ...in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Con...

Страница 167: ...Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Pr...

Страница 168: ...y Call Service e g 911 and others such as defined by TIA or NENA ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN t...

Страница 169: ...uto generated and will be used when selecting the polices that will be mapped to the specific ports Application Type Intended use of the application types Voice For use by dedicated IP Telephony hands...

Страница 170: ...E 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame for...

Страница 171: ...CE To configure LLDP MED TLVs 1 Click Configuration LLDP MED 2 Modify any of the timing parameters as required 3 Set the fast start repeat count descriptive information for the end point device and po...

Страница 172: ...normally It then sends a second PoE Plus pulse that causes an 802 3at PD to respond as a Class 4 device and draw Class 4 current Afterwards the switch exchanges information with the PD such as duty cy...

Страница 173: ...the port will reserve power using the class mode In this mode the Maximum Power fields have no effect For all modes if a port uses more power than the power reserved for that port it is shut down Powe...

Страница 174: ...est priority will be turn off starting from the port with the highest port number Maximum Power The maximum power that can be delivered to a remote device Range 0 34 2 Watts depending on the PoE mode...

Страница 175: ...ntry is discarded Range 10 1000000 seconds Default 300 seconds MAC Table Learning Auto Learning is done automatically as soon as a frame with an unknown source MAC address is received This is the defa...

Страница 176: ...not be written to the address table Port Members Port identifier WEB INTERFACE To configure the MAC Address Table 1 Click Configuration MAC Table 2 Change the address aging time if required 3 Specify...

Страница 177: ...IP subnets VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN feature...

Страница 178: ...ort Members Port identifier Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VL...

Страница 179: ...ass these frames on to the VLAN indicated in the outer tag It will not strip the outer tag nor change any components of the tag other than the EtherType field Port Port identifier Port Type Configures...

Страница 180: ...itted from the port The assigned VLAN ID can be based on the ingress tag for tagged frames or the default PVID for untagged ingress frames Note that this mode is normally used for ports connected to V...

Страница 181: ...nk ports and can not communicate with any other ports on the switch except for the uplink ports Ports assigned to both a private VLAN and an 802 1Q VLAN are designated as uplink ports and can communic...

Страница 182: ...ACE To configure VLAN port members for private VLANs 1 Click Configuration Private VLANs PVLAN Membership 2 Add or delete members of any existing PVLAN or click Add New Private VLAN and mark the port...

Страница 183: ...ddresses When MAC based VLAN classification is enabled untagged frames received by a port are assigned to the VLAN which is mapped to the frame s source MAC address When no MAC address is matched unta...

Страница 184: ...annot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This...

Страница 185: ...fields displayed depend on the selected frame type Ethernet EtherType value Range 0x0600 0xffff Default 0x0800 LLC Includes the DSAP Destination Service Access Point and SSAP Source Service Access Poi...

Страница 186: ...S Use the Group Name to VLAN Mapping Table to map a protocol group to a VLAN for each interface that will participate in the group PATH Advanced Configuration VCL Protocol based VLANs Group to VLAN CO...

Страница 187: ...LAN to which the protocol traffic will be forwarded 4 Select the ports which will be assigned to this protocol VLAN 5 Click Save Figure 72 Assigning Ports to Protocol VLANs CONFIGURING IP SUBNET BASED...

Страница 188: ...annot be a broadcast or multicast IP address When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last PARA...

Страница 189: ...sly affect voice quality The switch allows you to specify a Voice VLAN for the network and set a service priority for the VoIP traffic VoIP traffic can be detected on switch ports by using the source...

Страница 190: ...rt The port will not detect VoIP traffic or be added to the Voice VLAN Auto3 The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port You must select a met...

Страница 191: ...OUI table lookup and LLDP are used to detect VoIP traffic on a port This option only works when the detection mode is set to Auto LLDP should also be enabled before setting the discovery protocol to...

Страница 192: ...nges to the OUI table will restart the auto detection process for attached VoIP devices PATH Advanced Configuration Voice VLAN OUI PARAMETERS These parameters are displayed Telephony OUI Specifies a g...

Страница 193: ...ckets in a port s high priority queue will be transmitted before those in the lower priority queues You can set the default priority for each interface the queuing mode and queue weights The switch al...

Страница 194: ...rt Classification see page 204 QoS Ingress Port Tag Classification Tag Classification Sets classification mode for tagged frames on this port Disabled Uses the default QoS class and DP level for tagge...

Страница 195: ...es 1 Click Advanced Configuration QoS Port Classification 2 Click on the value displayed in the Tag Class field 3 Set the tag classification mode to Disabled to use the default QoS class and DP level...

Страница 196: ...ded without any changes PATH Advanced Configuration QoS Port Policing PARAMETERS These parameters are displayed Port Port identifier Enabled Enables or disables port policing on a port Rate Controls t...

Страница 197: ...ach queue Options Strict Weighted Default Strict DWRR services the queues in a manner similar to WRR but the next queue is serviced only when the queue s Deficit Counter becomes smaller than the packe...

Страница 198: ...per The default value is 500 This value is restricted to 100 1000000 kbps or 1 3300 Mbps Unit Controls the unit of measure for the port shaper rate as kbps or Mbps Default kbps WEB INTERFACE To show a...

Страница 199: ...oS Egress Port Shapers including the rate for each queue and port Click on any of the entries in the Port field to configure egress queue mode queue shaper rate and access to excess bandwidth and port...

Страница 200: ...hapers CONFIGURING PORT REMARKING MODE Use the QoS Egress Port Tag Remarking page to show an overview of QoS Egress Port Tag Remarking mode Click on any of the entries in the Port field to configure t...

Страница 201: ...arks matching egress frames with the specified Priority Code Point or User Priority value Range 0 7 Default 0 DEI Remarks matching egress frames with the specified Drop Eligible Indicator Range 0 1 De...

Страница 202: ...CHAPTER 4 Configuring the Switch Quality of Service 202 Figure 83 Configuring Port Tag Remarking Mode...

Страница 203: ...see page 205 All Classify all DSCP Egress Rewrite Configures port egress rewriting of DSCP values Disable Egress rewriting is not performed Enable Egress rewriting is performed without remapping Rema...

Страница 204: ...es with trusted DSCP values are mapped to a specific QoS class and drop level DPL Frames with untrusted DSCP values are treated as non IP frames QoS Class QoS value to which the corresponding DSCP val...

Страница 205: ...s ingress translation of DSCP values based on the specified classification method Ingress Classify Enable Classification at ingress side as defined in the QoS Port DSCP Configuration table see page 20...

Страница 206: ...ce level PATH Advanced Configuration QoS DSCP Classification PARAMETERS These parameters are displayed QoS Class DPL Shows the mapping options for QoS class values and DP drop precedence levels DSCP D...

Страница 207: ...ss drop precedence level and DSCP value defined by that entry Traffic not matching any of the QCEs are classified to the default QoS Class for the port PATH Advanced Configuration QoS QoS Control List...

Страница 208: ...he following buttons are used to edit or move the QCEs Table 12 QCE Modification Buttons Button Description Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the Q...

Страница 209: ...nd a Protocol ID Options for PID Any Specific 0x00 0xffff Default Any If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNA...

Страница 210: ...e frame s content If a frame matches the QCE the following actions will be taken Class Classified QoS Class If a frame matches the QCE it will be put in the queue corresponding to the specified QoS cl...

Страница 211: ...ams are not well designed or properly configured Traffic storms caused by any of these problems can severely degrade performance or bring your network to a complete halt You can protect your network f...

Страница 212: ...m control for unknown unicast broadcast or multicast traffic by marking the Status box next to the required frame type 3 Select the control rate as a function of 2n pps i e a value with no suffix for...

Страница 213: ...Port identifier Source Sets the source port from which traffic will be mirrored Select one of these options Disabled No frames are mirrored from this port Both Frames received and transmitted on this...

Страница 214: ...t RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSPAN VLAN through IEEE 802 1Q trunk or hybrid ports that carry it to any RSPAN destination...

Страница 215: ...figured as an RSPAN source intermediate or destination type static and dynamic trunks are not allowed A port can only be configured as one type of RSPAN interface source intermediate or destination On...

Страница 216: ...tch through which mirrored traffic is passed on to the RSPAN VLAN The reflector port only applies to Source switch type MAC Table learning and STP must be disabled on the reflector port Port Port Iden...

Страница 217: ...tion Mirroring RSPAN 2 Set the Mode to Enabled and the Type to Intermediate 3 Select the intermediate ports through which all mirrored traffic will be forwarded to other switches 4 Click Save Figure 9...

Страница 218: ...step in UPnP networking is discovery When a device is added to the network the UPnP discovery protocol allows that device to broadcast its services to control points on the network Similarly when a co...

Страница 219: ...entry and select Properties to display a list of device attributes advertised through UPnP PATH Advanced Configuration UPnP PARAMETERS These parameters are displayed Mode Enables disables UPnP on the...

Страница 220: ...ved even at high traffic levels As the Collector receives streams from the various sFlow agents other switches or routers throughout the network a timely network wide picture of utilization and traffi...

Страница 221: ...DP port timeout maximum datagram size sampling rate and maximum header size While active the current time left can be updated by clicking the Refresh button If locally managed the timeout can be chang...

Страница 222: ...ng the Switch Configuring sFlow WEB INTERFACE To configure flow sampling 1 Click Advanced Configuration sFlow 2 Set the parameters for flow receiver flow sampler and counter poller 3 Click Save Figure...

Страница 223: ...splaying the device name location and contact information PATH Monitor System Information PARAMETERS These parameters are displayed System To configure the following items see Configuring System Infor...

Страница 224: ...ation Figure 97 System Information DISPLAYING CPU UTILIZATION Use the CPU Load page to display information on CPU utilization The load is averaged over the last 100ms 1sec and 10 seconds intervals The...

Страница 225: ...the logged system and event messages PATH Monitor System Log PARAMETERS These parameters are displayed Display Filter Level Specifies the type of log messages to display Info Informational messages on...

Страница 226: ...isplay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entri...

Страница 227: ...TS You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the number of p...

Страница 228: ...r of frames received with errors and the number of incomplete transmissions Drops Received Transmitted The number of frames discarded due to ingress or egress congestion Filtered Received The number o...

Страница 229: ...ntry index Frame Type Indicates the type of frame to look for in incoming frames Possible frame types are Any Ethernet LLC SNAP IPv4 IPv6 Port Port identifier Action Indicates the classification actio...

Страница 230: ...s a faulty port or unusually heavy loading All values displayed have been accumulated since the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by defau...

Страница 231: ...han 64 octets long excluding framing bits but including FCS octets and were otherwise well formed Rx Oversize The total number of frames received that were longer than the configured maximum frame len...

Страница 232: ...232 CHAPTER 5 Monitoring the Switch Displaying Information About Ports WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 105 Detailed Port Statistics...

Страница 233: ...Management Statistics USAGE GUIDELINES Statistics will only be displayed on this page if access management is enabled on the Access Management Configuration menu see page 69 and traffic matching one...

Страница 234: ...es to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules that may request port security services and on...

Страница 235: ...ed on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count The two columns indicate the number of currently learned MAC addresses forwarding as well as...

Страница 236: ...ive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blo...

Страница 237: ...frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received...

Страница 238: ...RADIUS Authentication Server PATH Monitor Security Network NAS Port PARAMETERS These parameters are displayed Port State Admin State The port s current administrative state Refer to NAS Admin State f...

Страница 239: ...number of EAPOL frames of any type that have been transmitted by the switch Request ID The number of EAPOL Request Identity frames that have been transmitted by the switch Requests The number of vali...

Страница 240: ...Server Counters Responses 802 1X based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communicat...

Страница 241: ...AC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attach...

Страница 242: ...es the ACL user see Configuring User Privilege Levels on page 62 for a list of software modules Ingress Port Indicates the ingress port to which the ACE applies Possible values are Any The ACE will ma...

Страница 243: ...is 1 to 15 Port Redirect Indicates the port redirect operation implemented by the ACE Frames matching the ACE are redirected to the listed port Mirror Indicates the port mirror operation implemented...

Страница 244: ...mber of ACK option 53 with value 5 packets received and transmitted Rx Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx Tx Release The number of release option 53 wi...

Страница 245: ...number of packets relayed from the client to the server Transmit Error The number of packets containing errors that were sent to clients Receive from Server The number of packets received from the ser...

Страница 246: ...s relay information Keep Agent Option The number of packets received where the DHCP client packet information was retained Drop Agent Option The number of packets that were dropped because they alread...

Страница 247: ...ntries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per p...

Страница 248: ...umber of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet...

Страница 249: ...rmed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Bad Authenticators The number...

Страница 250: ...onds left Access attempts were made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the dead time expires The num...

Страница 251: ...server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other Info IP Address IP address and UDP port for the accounting serve...

Страница 252: ...ring the Switch Displaying Information on Authentication Servers WEB INTERFACE To display statistics for configured authentication and accounting servers click Monitor Security AAA RADIUS Details Figu...

Страница 253: ...events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of pa...

Страница 254: ...statistics on a physical interface including network utilization packet types and errors PATH Monitor Security Switch RMON History PARAMETERS These parameters are displayed History Index Index of Hist...

Страница 255: ...sampling the selected variable and calculating the value to be compared against the thresholds For more information see Configuring RMON Alarms on page 83 Value The value of the statistic during the l...

Страница 256: ...ch RMON Alarm Figure 120 RMON Alarm Overview DISPLAYING RMON EVENT SETTINGS Use the RMON Alarm Event page to display configured event settings PATH Monitor Security Switch RMON Event PARAMETERS These...

Страница 257: ...oup LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Partner Priority This priority is used to determine LAG membership and to id...

Страница 258: ...he LACP protocol i e its MAC address Partner Port The partner port connected to this local port Partner Priority The partner port priority used to select a backup link WEB INTERFACE To display LACP st...

Страница 259: ...conditions PATH Monitor Loop Protection PARAMETERS These parameters are displayed Port Port identifier Action Configured port action i e the response to take when a loop is detected on a port Transmi...

Страница 260: ...s are displayed STA Bridges MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC addre...

Страница 261: ...gured during a one second interval CIST Ports Aggregations State Port Port Identifier Port ID The port identifier as used by the RSTP protocol This consists of the priority part and the logical port i...

Страница 262: ...es a connection to exactly one other bridge The flag may be automatically computed or explicitly configured The point to point properties of a port affect how fast it can transition RSTP states Uptime...

Страница 263: ...topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is an alternate or backup port that may provide connectivi...

Страница 264: ...rotocol packets crossing each port PATH Monitor Spanning Tree Port Statistics PARAMETERS These parameters are displayed Port Port Identifier MSTP The number of MSTP Configuration BPDU s received trans...

Страница 265: ...tor MVR Statistics PARAMETERS These parameters are displayed VLAN ID Identifier of the VLAN that serves as the channel for streaming multicast services using MVR IGMP MLD Queries Received Number of re...

Страница 266: ...ETERS These parameters are displayed Statistics VLAN ID Identifier of the VLAN that serves as the channel for streaming multicast services using MVR V1 Reports Received The number of IGMP V1 reports r...

Страница 267: ...ARAMETERS These parameters are displayed VLAN ID VLAN identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN I...

Страница 268: ...stream multicast router switch PATH Monitor IPMC IGMP Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version IGMP version used by the switch when...

Страница 269: ...an interface on this switch WEB INTERFACE To display IGMP snooping status information click Monitor IGMP Snooping Status Figure 133 IGMP Snooping Status SHOWING IGMP SNOOPING GROUP INFORMATION Use th...

Страница 270: ...TERS These parameters are displayed VLAN ID VLAN identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID por...

Страница 271: ...orts connected to an upstream multicast router switch PATH Monitor IPMC MLD Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version MLD version use...

Страница 272: ...o an interface on this switch WEB INTERFACE To display MLD snooping status information click Monitor MLD Snooping Status Figure 136 MLD Snooping Status SHOWING MLD SNOOPING GROUP INFORMATION Use the M...

Страница 273: ...S These parameters are displayed VLAN ID VLAN Identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID port n...

Страница 274: ...t devices connected directly to the switch s ports which are advertising information through LLDP PATH Monitor LLDP Neighbors PARAMETERS These parameters are displayed Local Port The local port to whi...

Страница 275: ...The IPv4 address of the remote device If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement If the neighbor device allows m...

Страница 276: ...any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of TIA 1057 applicable to both Media Endpoints Class II and Generic Endpoints Class I...

Страница 277: ...information embedded L2 switch support inventory management Capabilities The neighbor unit s LLDP MED capabilities LLDP MED capabilities Network Policy Location Identification Extended Power via MDI P...

Страница 278: ...ved Power Source The Source represents the power source being utilized by a PSE or PD device For a PSE device it can run on its Primary Power Source or Backup Power Source If it is unknown what power...

Страница 279: ...nk partner s fallback receive Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discrete levels for savings this...

Страница 280: ...y LLDP neighbor EEE information click Monitor LLDP EEE Figure 142 LLDP Neighbor EEE Information DISPLAYING LLDP PORT STATISTICS Use the LLDP Port Statistics page to display statistics on LLDP global c...

Страница 281: ...s as well as any specific usage rules defined for the particular Type Length Value TLV TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs If a TLV is malformed it...

Страница 282: ...mum power it will use The PD classes include Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested Amount of power...

Страница 283: ...ut fields allow you to select the starting point in the table Type Indicates whether the entry is static or dynamic Dynamic MAC addresses are learned by monitoring the source address for traffic enter...

Страница 284: ...Web or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server MVR Eliminates the need to duplicate multicast traffic...

Страница 285: ...ption of the software modules that use VLAN management services Port Port Identifier PVID The native VLAN assigned to untagged frames entering this port Port Type Shows whether or not a port processes...

Страница 286: ...us click Monitor VLANs VLAN Port 2 Select a software module from the drop down list on the right side of the page Figure 147 Showing VLAN Port Status DISPLAYING INFORMATION ABOUT MAC BASED VLANS Use t...

Страница 287: ...ATION ABOUT FLOW SAMPLING Use the sFlow Statistics page to display information on sampled traffic including the owner receiver address remaining sampling time and statistics for UDP control packets an...

Страница 288: ...ge Diagnostics Ping Ping6 Flow Samples The total number of flow samples sent to the sFlow receiver Counter Samples The total number of counter samples sent to the sFlow receiver Port Statistics Port P...

Страница 289: ...289 CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling WEB INTERFACE 1 To display information on sampled traffic click Monitor sFlow Figure 149 Showing sFlow Statistics...

Страница 290: ...290 CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling...

Страница 291: ...IPv4 address consists of 4 numbers 0 to 255 separated by periods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the app...

Страница 292: ...an IPv4 or IPv6 Address After you press Start the sequence number and round trip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are recei...

Страница 293: ...faults that can occur on Category 5 twisted pair cabling WEB INTERFACE To run cable diagnostics 1 Click Diagnostics VeriPHY 2 Select all ports or indicate a specific port for testing 3 Click Start If...

Страница 294: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 294...

Страница 295: ...aving configuration settings and resetting the switch RESTARTING THE SWITCH Use the Restart Device page to restart the switch PATH Maintenance Restart Device WEB INTERFACE To restart the switch 1 Clic...

Страница 296: ...1 Click Maintenance Factory Defaults 2 Click Yes The factory defaults are immediately restored which means that no reboot is necessary Figure 153 Factory Defaults UPGRADING FIRMWARE Use the Software...

Страница 297: ...a frequency of 10 Hz while the firmware update is in progress Do not reset or power off the device at this time or the switch may fail to function afterwards Figure 154 Software Upload ACTIVATING THE...

Страница 298: ...Click Maintenance Configuration Save 2 Click the Save configuration button 3 Specify the directory and name of the file under which to save the current configuration settings The configuration file i...

Страница 299: ...tion Files WEB INTERFACE To restore your current configuration settings 1 Click Maintenance Configuration Upload 2 Click the Browse button and select the configuration file 3 Click the Upload button t...

Страница 300: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 300...

Страница 301: ...301 SECTION III APPENDICES This section provides additional information and includes these items Software Specifications on page 303 Troubleshooting on page 307 License Information on page 309...

Страница 302: ...302 SECTION III Appendices...

Страница 303: ...0 Mbps at half full duplex 1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast...

Страница 304: ...traffic policing and egress traffic shaping MULTICAST FILTERING IGMP Snooping IPv4 MLD Snooping IPv6 Multicast VLAN Registration ADDITIONAL FEATURES DHCP Client Relay Option 82 DNS Client Proxy Flow S...

Страница 305: ...E 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging ARP RFC 826 DHCP Client RFC 2131 DHCPv6 Cl...

Страница 306: ...636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q Quality of Service MIB RAD...

Страница 307: ...e port you are using has not been disabled Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be s...

Страница 308: ...switch follow these steps 1 Enable logging 2 Set the error messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages...

Страница 309: ...copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and...

Страница 310: ...u distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License...

Страница 311: ...s These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Страница 312: ...ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two...

Страница 313: ...according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DHCP Dynamic Host Control Protocol Provides a framework for passing...

Страница 314: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Страница 315: ...1S An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1W An IEEE standard for the Rapid Spanning Tree Protocol RSTP which...

Страница 316: ...by this switch can pass multicast traffic along to participating hosts IP PRECEDENCE The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority l...

Страница 317: ...egion and prevents VLAN members from being segmented from the rest of the group MULTICAST SWITCHING A process whereby the switch filters incoming multicast frames for services for which no attached ho...

Страница 318: ...rity of one flow or limiting the priority of another flow RADIUS Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to...

Страница 319: ...T Defines a remote communication facility for interfacing to a terminal device over TCP IP TFTP Trivial File Transfer Protocol A TCP IP protocol commonly used for software downloads UDP User Datagram...

Страница 320: ...GLOSSARY 320...

Страница 321: ...ormation option policy 114 DHCP snooping 111 DNS server 49 Domain Name Service See DNS downloading software 296 using HTTP 296 using TFTP 296 drop precedence QoS 194 DSCP classification QoS 206 rewrit...

Страница 322: ...m name 164 LLDP MED 166 logging syslog traps 56 to syslog servers 56 log in web interface 35 logon authentication 61 encryption keys 122 RADIUS client 122 RADIUS server 122 settings 122 TACACS client...

Страница 323: ...utonegotiation 58 broadcast storm threshold 211 capabilities 58 configuring 58 duplex mode 58 flow control 59 mirroring local traffic 212 mirroring remote traffic 214 multicast storm threshold 211 spe...

Страница 324: ...ting 53 system information configuring 47 displaying 223 system logs 225 displaying 225 system software alternate image 297 downloading 296 T TACACS logon authentication 64 122 settings 122 Telnet SSH...

Страница 325: ......

Страница 326: ......

Результаты поиска

Содержание EX26262

Отзывы:

Бренды по названию

Популярные бренды

EtherWAN EX26262, Руководство по управлению

Результаты поиска

Содержание EX26262

Отзывы:

Бренды по названию

Популярные бренды