background image

3. Create a new ACL Entry rule under this ACL profile (SrcMAC: 13 and DesMAC: 11).

4. Bind this ACL profile to a GE port (PORT3).
5. Save the entry.

Case 1: ACL for MAC Address

ISW Application Guides

46

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide

Содержание ISW 2-10/100T

Страница 1: ...ISW Series Managed Industrial Ethernet Switch Hardware Installation User Guide ISW 4 10 100P 2 10 100T 2 SFPISW 4GbP 2GbT 2 SFPISW 8 10 100P 4 SFPISW 8GbP 4 SFP 9034965 02 Rev AA November 2020...

Страница 2: ...works and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks Inc in the United States and or other countries All other names including any product names mentioned in...

Страница 3: ...onnection 23 Console Connection 24 System Reset 25 Connecting Logging in to the Switch 26 Web Browser Support 26 Monitoring the Ethernet Interface 27 Upgrading and Downgrading Software 27 Resetting Co...

Страница 4: ...ower over Ethernet PoE Application Guide 74 Reserved Power Determination 74 Power Management Mode 75 Other PoE Parameters 76 PoE Power Scheduling Reset 77 Regulatory and Compliance Information 81 Fede...

Страница 5: ...n pertains to a specific hardware product the product name is used When features functions and operations are the same across an entire product family such as ExtremeSwitching switches or SLX routers...

Страница 6: ...square brackets are optional Default responses to system prompts are enclosed in square brackets x y z A choice of required parameters is enclosed in curly brackets separated by vertical bars You mus...

Страница 7: ...failure A description of any actions already taken to resolve the problem A description of your network environment such as layout cable type other relevant environmental information Network load at t...

Страница 8: ...n do so in three ways In a web browser select the feedback icon and complete the online feedback form Access the feedback form at https www extremenetworks com documentation feedback Email us at docum...

Страница 9: ...roviding a more reliable and better quality services This guide covers installation for the following Industrial Switches ISW 4 10 100P 2 10 100T 2 SFP ISW 8 10 100P 4 SFP ISW 4GBP 2GBT 2 SFP ISW 8GBP...

Страница 10: ...Faceplate and Panels Figure 1 4 Port PoE Series Faceplate Faceplate and Panels Industrial Series Switch Overview 10 ISW Series Managed Industrial Ethernet Switch Hardware Installation User Guide...

Страница 11: ...and Alarm Gigabit Ethernet Copper Ports RJ45 Gigabit Ethernet SFP ports SFP Slots POE LED POE port status RR RS LED Device info status Industrial Series Switch Overview Faceplate and Panels ISW Serie...

Страница 12: ...er line disconnect or does not have supply power Alarm On Red Alarm event occurs Off No alarm Copper ports Link Act On Green Ethernet link up but no traffic is detected Flashing Green Ethernet link up...

Страница 13: ...ff No Redundant Master is enabled in the system RS Redundant Status On 1 If any Ring port links are down the RS LED will be ON 2 If the device has any of Redundant Master Ring Master Ring Coupling Bac...

Страница 14: ...L2 wire speed non blocking switching engine MAC addresses 8K Jumbo frames 9K Bytes Copper RJ45 Ports Speed 10 100 1000 Mbps Technical Specifications Industrial Series Switch Overview 14 ISW Series Ma...

Страница 15: ...EEE 802 1ad Double Tagging Q in Q Multicast protocols IGMP Internet Group Management Protocol v1 v2 IGMP snooping and querying Immediate leave and leave proxy Throttling and filtering LLDP Link Layer...

Страница 16: ...ing Option 82 NTP SNTP Simple Network Time Protocol Yes Environmental Compliances Operating temperature range 40 to 75 C cold startup at 40 C Storage temperature range 40 to 85 C Humidity non condensi...

Страница 17: ...ode 255 RADIUS Remote Authentication Dial In User Service Server 5 TACACS Server 5 MAC based VLAN Entry 256 IP subnet based VLAN Entry 128 Protocol based VLAN Group 125 Voice VLAN OUI 16 QCE 256 IP In...

Страница 18: ...cting Logging in to the Switch on page 26 Monitoring the Ethernet Interface on page 27 Upgrading and Downgrading Software on page 27 Resetting Configuration Defaults via CLI Command on page 27 Resetti...

Страница 19: ...ting the ISW Wall Attach the wall mounting plates with the screws provided in the accessory kit Installing Industrial Switches Mounting the ISW Wall ISW Series Managed Industrial Ethernet Switch Hardw...

Страница 20: ...er Ethernet cable To connect the ISW copper port to an Ethernet device use UTP Unshielded Twisted Pair or STP Shielded Twisted Pair Ethernet cables The pin assignment of RJ45 connector is shown in Fig...

Страница 21: ...ivers have options of multimode single mode long haul or special application transceivers Prepare a proper SFP module and install it into the optical port Then you can connect fiber optics cabling tha...

Страница 22: ...gy Do not power up the laser product without connecting the laser to the optical fiber and putting the cover in position as laser outputs will emit infrared laser light at this point Connecting the Et...

Страница 23: ...being loosened Note The DC power should be connected to a well fused power supply Figure 8 Power Supplies Power Connector 6P Terminal Block Input DC 12 58V PWR1 Power Input 1 PWR2 Power Input 2 ALM A...

Страница 24: ...e switch use the supplied RJ45 male connector to RS232 DB9 female connector Connect the RJ45 connector to the switch s Console port shown in Figure 10 and then connect the DB9 connector to the PC COM...

Страница 25: ...igure 11 Figure 11 Console Cable Pin Assignment System Reset The Reset button is provided to reboot the system without the need to remove power Under normal circumstances you will not have to use it H...

Страница 26: ...the switch through the web interface see the ISW Series Managed Industrial Ethernet Switch Web Configuration Guide Web Browser Support Internet Explorer IE 7 or newer version with the following defaul...

Страница 27: ...ing the upload process do not cold warm start device Instead wait for auto reboot and then the upgrade can complete Resetting Configuration Defaults via CLI Command If you want to reset the configurat...

Страница 28: ...tion If you want to reset all configurations to the default 3 Go to Maintenance Configuration Activate 4 Select default config and then click Activate Configuration 5 Change PC s IP address belong to...

Страница 29: ...ded within that VLAN and multicast frames and unknown unicast frames are flooded only to ports in the same VLAN VLAN Application Guide Example 1 Default VLAN Settings Each port in the ISW has a config...

Страница 30: ...the untagged packet is marked tagged as it leaves the ISW through Port 2 which is configured as a tagged member of VLAN100 The untagged packet remains unchanged as it leaves the ISW through Port 7 whi...

Страница 31: ...packets from Port 1 to Port 2 and Port 7 The ISW should tag it with VID 100 The packet has access to Port2 and Port 7 The outgoing packet is stripped of its tag to leave Port 7 as an untagged packet...

Страница 32: ...100 switchport mode trunk exit Example 3 IEEE 802 1Q Tagging ISW is able to construct Layer 2 broadcast domain by identifying VLAN ID specified by IEEE 802 1Q It forwards a frame between bridge ports...

Страница 33: ...o Port 2 and Port 7 The ISW should tag it with VID 200 The packet only has access to Port7 The outgoing packet on Port 7 is stripped of its tag as an untagged packet c Transmit unicast packets with VL...

Страница 34: ...ace GigabitEthernet 1 7 switchport access vlan 100 switchport trunk allowed vlan 1 200 switchport trunk vlan tag native switchport mode trunk exit Security Application Guide ACL Access Control List fu...

Страница 35: ...MAC address or both When it filters on both MAC address packets coincident with both rules will take effect In other words it does not do filter if it only coincident with one rule If you want to filt...

Страница 36: ...ot pass through all packets but ACL entry of the profile binding Case 1 h Because the default ACL Rule of GE port is Deny Queue Mapping action has no sense We do not do this case Case 1 i Because the...

Страница 37: ...bitEthernet 1 4 policy 1 vid 4 frametype etype smac 00 00 00 00 00 11 action deny exit interface GigabitEthernet 1 3 switchport trunk allowed vlan 4 5 switchport trunk vlan tag native interface Gigabi...

Страница 38: ...he second to create a new ACL Profile after the first one profile name DenySomeMac 3 Create a new ACL Entry rule under this ACL profile Deny SrcMAC 13 and DesMAC 11 4 Bind this ACL profile to a GE por...

Страница 39: ...et 1 4 switchport trunk allowed vlan 4 5 switchport trunk vlan tag nativevlan 4 exit Configuring One directional MAC Address with CoS Marking Action one VLAN and don t care Ether Type Web UI 1 Navigat...

Страница 40: ...Commands access list ace 1 next 2 ingress interface GigabitEthernet 1 4 policy 1 vid 4 frametype etype smac 00 00 00 00 00 11 action deny exit interface GigabitEthernet 1 3 switchport trunk allowed v...

Страница 41: ...ecurity Network ACL Access Control List 2 Create a new ACL Profile profile name CopyFrameTest 3 Create a new ACL Entry rule under this ACL profile SrcMAC 13 and DesMAC 11 4 Set analyzer port to enable...

Страница 42: ...k allowed vlan 4 5 switchport trunk vlan tag native interface GigabitEthernet 1 4 switchport trunk allowed vlan 4 5 switchport trunk vlan tag native exit Configuring One directional MAC Address with O...

Страница 43: ...gabitEthernet 1 4 policy 3 tag tagged vid 4 frametype etype smac 00 00 00 00 00 11 exit interface GigabitEthernet 1 3 switchport trunk allowed vlan 4 5 switchport trunk vlan tag native interface Gigab...

Страница 44: ...rity Network ACL Access Control List 2 Create a new ACL Profile profile name AllowSomeMac 3 Create a new ACL Entry rule under this ACL profile allow SrcMAC 13 and DesMAC 11 4 Bind this ACL profile to...

Страница 45: ...ort trunk allowed vlan 4 5 switchport trunk vlan tag native interface GigabitEthernet 1 4 switchport trunk allowed vlan 4 5 switchport trunk vlan tag native exit Configuring One directional MAC Addres...

Страница 46: ...r this ACL profile SrcMAC 13 and DesMAC 11 4 Bind this ACL profile to a GE port PORT3 5 Save the entry Case 1 ACL for MAC Address ISW Application Guides 46 ISW Series Managed Industrial Ethernet Switc...

Страница 47: ...directional MAC Address with Copy Frame Action don t care VLAN Ether Type CLI Commands access list ace 5 next 6 ingress interface GigabitEthernet 1 3 policy 5 frametype etype smac 00 00 00 00 00 13 dm...

Страница 48: ...4 destination L4 port and 5 UDP or TCP Protocol You can select to filter on 1 4 for all or some specific values but it should select exact one Protocol from UDP or TCP When it filters on both directi...

Страница 49: ...ng slave Ring it could be master or slave When role is ring master one ring port is forward port and another is block port The block port is redundant port It is blocked in normal state When role is r...

Страница 50: ...cing chain member both ring ports are member port Both ring ports are forwarded in normal state Note 1 Enable group1 before configure group2 as coupling 2 When group1 or group2 is enabled the configur...

Страница 51: ...one device supports a three ring index including Ring Chain single ring dual ring coupling dual homing chain and balancing chain Note 1 Enable group1 before configure group2 as coupling 2 When group1...

Страница 52: ...on RingV2 2 Enable Index1 and select role as Ring Master 3 Select one port as a Forward Port and another as Block Port Configuring Ringv2 Web UI ISW Application Guides 52 ISW Series Managed Industrial...

Страница 53: ...e Coupling Primary 1 Navigate to Configuration RingV2 2 Enable Index1 and select role as Ring Slave 3 Select two ports as Forward Ports 4 Enable Index2 and select role as Coupling Primary 5 Select one...

Страница 54: ...3 Select two ports as Forward Ports 4 Enable Index2 and select role as Coupling Backup 5 Select one port as a Backup Port Configuring Dual Homing 1 Navigate to Configuration RingV2 Configuring Ringv2...

Страница 55: ...d the other as Backup Port Chain Configuration Configuring Chain Member 1 Navigate to Configuration RingV2 2 Disable Index1 and Index2 and then enable Index3 3 Select role as Chain Member 4 Select two...

Страница 56: ...ble Index1 and Index2 and then enable Index3 3 Select role as Chain Head 4 Select a member port and a head port for this chain head switch Chain Configuration ISW Application Guides 56 ISW Series Mana...

Страница 57: ...Balance Chain Configuration Configuring Balance Chain Central Block 1 Navigate to Configuration RingV2 2 Disable Index1 and Index2 and then enable Index3 3 Select role as Balancing Chain Central Block...

Страница 58: ...Index2 and then enable Index3 3 Select role as Balancing Chain Terminal 1 or 2 4 Select a member port and a terminal port for this balancing chain terminal switch Balance Chain Configuration ISW Appl...

Страница 59: ...uling methods on each port Please find the detail reference on ISW user manual Default Priority and Queue mapping is as follows Priority0 Priority1 Priority2 Priority3 Priority4 Priority5 Priority6 Pr...

Страница 60: ...Mac 00 00 00 00 20 02 Src Mac 00 00 00 00 10 02 Vlan 100 Vlan prio 7 Send rate 100Mbps Packet length 1518bytes Web Management 1 Navigate to Configuration Ports 2 Set port 2 link speed to 100Mbps full...

Страница 61: ...ort trunk vlan tag native switchport mode trunk Example 2 SPQ with Shaping We send two Streams Stream0 Stream1 from port1 to port 2 Both streams each have 100 Mbps Stream0 includes VLAN Priority0 Stre...

Страница 62: ...st Mac 00 00 00 00 10 01 Src Mac 00 00 00 00 20 01 Vlan 100 Vlan prio 0 Send rate 10Mbps Packet length 1518bytes Stream4 for Learning Dst Mac 00 00 00 00 10 02 Src Mac 00 00 00 00 20 02 Vlan 100 Vlan...

Страница 63: ...schedule mode Strict Priority and set shaping rate for queue 0 and queue 7 as below ISW Application Guides Application Examples ISW Series Managed Industrial Ethernet Switch Hardware Installation User...

Страница 64: ...switchport trunk allowed vlan 1 100 switchport trunk vlan tag native switchport mode trunk qos queue shaper queue 0 80000 qos queue shaper queue 7 20000 Application Examples ISW Application Guides 64...

Страница 65: ...e IP multicast specification like ICMP Internet Control Message Protocol for unicast connections IGMP can be used for online video and gaming and allows more efficient use of resources when supporting...

Страница 66: ...Example 1 ISW Application Guides 66 ISW Series Managed Industrial Ethernet Switch Hardware Installation User Guide...

Страница 67: ...Flooding Enabled check box 4 If Multicast stream is from L3 switch then the uplink port must be Router Port Note If an aggregation member port is selected as a router port the whole aggregation will a...

Страница 68: ...iguration IPMC VLAN Configuration 6 Select the Snooping Enabled check box 7 Set VLAN ID of port14 Example 2 ISW Application Guides 68 ISW Series Managed Industrial Ethernet Switch Hardware Installatio...

Страница 69: ...14 be vlan200 member port 3 Navigate to Configuration IPMC VLAN Configuration 4 Select the Snooping Enable check box 5 Set VLAN ID of port14 6 If there is no querier on the L3 switch you have to selec...

Страница 70: ...rol for an Ethernet port it should be authenticated before using any service from the network 802 1x Configuration Overview Configuring RADIUS Server 1 Prepare a Linux PC with RADIUS Remote Authentica...

Страница 71: ...2 Select the IEEE802 1x Authentication Enable check box and then set EAP type to MD5 Challenge Authentication Behavior Supplicant should pass authentication process in order to use any service After s...

Страница 72: ...curity Network NAS 2 Select Enabled mode to enable authentication 3 Set port1 and port2 as Port based 802 1x 4 Navigate to Configuration Security AAA RADIUS 802 1x Configuration Overview ISW Applicati...

Страница 73: ...restart authentication after each Reauth Period when authentication success and ReAuth option is enabled 2 Quiet Period ISW will wait QuietPeriod to restart authentication process again when authenti...

Страница 74: ...function on a port at certain time Maximum five time can be created in a week Reserved Power Determination There are three modes for configuring how the ports PDs may reserve power Class Mode In this...

Страница 75: ...agement Mode There are two modes for configuring when to shut down the ports Actual Consumption In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount...

Страница 76: ...her PoE Parameters PoE Power Supply For being able to determine the amount of power the PD may use it must be defined what amount of power a power source can deliver Valid values are in the range 0 to...

Страница 77: ...Power The Maximum Power value contains a numerical value that indicates the maximum power in watts that can be delivered to a remote device PoE Power Scheduling Reset The power scheduling is used to c...

Страница 78: ...ontrol the power reset time on PoE port It is allowed to create at maximum five entries for each PoE port PoE Example 1 1 Parameter Setting Reserved Power determined Class Power Management Mode Actual...

Страница 79: ...ameter Setting Reserved Power determined Allocation Power Management Mode Reserved Power Primary Power Supply 138 W all port reserved power 2 Port Maximum Power Port 1 30 W Port 2 Port8 15 4 W Total 1...

Страница 80: ...Because power has reserved for each port in advance each powered device can use power budget of its corresponding port without exceeding its maximum power PoE Power Scheduling Reset ISW Application Gu...

Страница 81: ...the user will be required to correct the interference at his own expense Warning Changes or modifications made to this device which are not expressly approved by the party responsible for compliance c...

Страница 82: ...ty EN61000 6 4 Ind Emissions EN 61000 3 2 2014 EN 61000 3 3 2013 RCM Australia MSIP KCC Korea BSMI Taiwan Korea EMC Statement KCC BSMI EMC Statement Taiwan This is a Class A product In a domestic envi...

Страница 83: ...f images BSS Basic Service Set is a wireless topology consisting of one access point connected to a wired network and a set of wireless devices Also called an infrastructure network See also IBSS Inde...

Страница 84: ...then requests the identity of the user and transmits that identity to an authentication server such as RADIUS The server asks the access point for proof of identity which the access point gets from th...

Страница 85: ...so called Michael is part of WPA and TKIP The MIC is an additional 8 byte code inserted before the standard 4 byte ICV appended in by standard WEP to the 802 11 message This greatly increases the diff...

Страница 86: ...s used to synchronize the system clocks throughout the network An extension of NTP SNTP can usually operate with a single server and allows for IPv6 addressing SSL Secure Socket Layer is a protocol fo...

Отзывы: