manualshive.com logo in svg

FibroLAN Falcon-RX/812/G/A, Руководство пользователя, Страница: 115 / 333

Поделиться
Скачать
FibroLAN Falcon-RX/812/G/A Скачать руководство пользователя страница 115

Falcon R-Class  |  User Guide 

115 

IP address, name, and the supplicant's port number on the switch. EAP 
is very flexible, in that it allows for different authentication methods, 
likeMD5-Challenge,PEAP,  and  TLS.  The  important  thing  is  that  the 
authenticator  (the  switch)  does  not  need  to  know  which 
authentication method the supplicant and the authentication server 
are using, or how many information exchange frames are needed for 
a particular method. The switch simply encapsulates the EAP part of 
the frame into the relevant type (EAPOL or RADIUS) and forwards it. 
When authentication is complete, the RADIUS server sends a special 
packet containing a success or failure indication. Besides forwarding 
this  decision  to  the  supplicant,  the  switch  uses  it  to  open  or  block 
traffic on the switch port connected to the supplicant. 

Note: Suppose two backend servers are enabled and that the server 
timeout  is  configured  to  X  seconds  (using  the  AAA  configuration 
page) and suppose that the first server in the list is currently down 
(but not considered dead). Now, if the supplicant retransmits EAPOL 
Start frames at a rate faster than X seconds, then it will never get 
authenticated,  because  the  switch  will  cancel  on-going  backend 
authentication server requests whenever it receives a new EAPOL 
Start frame from the supplicant. And since the server  has not yet 
failed (because the X seconds have not expired), the same server will 
be contacted upon the next backend authentication server request 
from  the  switch.  This  scenario  will  loop  forever.  Therefore,  the 
server timeout should be smaller than the supplicant's EAPOL Start 
frame retransmission rate. 

Single 802.1X 

In port-based 802.1X authentication, once a supplicant is successfully 
authenticated on a port, the whole port is opened for network traffic. 
This allows other clients connected to the port (for instance through 
a hub) to piggy-back on the successfully authenticated client and get 
network  access  even  though  they  really  are  not  authenticated.  To 
overcome this security breach, use the Single 802.1X variant. 

Single 802.1X is not an IEEE standard, but features many of the same 
characteristics as does  port-based 802.1X. In Single 802.1X, at most 
one supplicant can get authenticated on the port at a time. Normal 
EAPOL frames are used in the communication between the supplicant 
and the switch. If more than one supplicant is connected to a port, the 
one that comes first when the port's link comes up will be the first one 
considered. 

If that supplicant does not provide valid credentials within a certain 
amount  of  time,  another  supplicant  will  get  a  chance.  Once  a 
supplicant  is successfully authenticated, only that supplicant  will be 
allowed access. This is the most secure of all the supported modes. In 
this mode, the Port Security module is used to secure a supplicant's 
MAC address once successfully authenticated 

Содержание Falcon-RX/812/G/A

Страница 1: ...Falcon R Class User Guide Falcon RX Software version 8 0 20 www fibrolan com...

Страница 2: ...ritten permission from Fibrolan Ltd Special Notes The R Class series includes various Falcon RX models Please refer to the Alphabetical Glossary of terms and definitions for clarification of the termi...

Страница 3: ...ame Processing Overview 18 4 3 System Information 19 System Information Configuration 19 IP Configuration 19 IP Interfaces 21 IP Routes 23 NTP Configuration 23 Time Zone 26 System Log Configuration 28...

Страница 4: ...uthentication Server Configuration AAA 141 4 9 SyncCenter Configuration 150 Overview 150 Mode Configuration 150 Sync Source Configuration 150 SyncCenter Visual Indicators 152 Sync Output 152 Source Se...

Страница 5: ...MLD Snooping VLAN Configuration 205 MLD Snooping Status 207 MLD Snooping Groups Information 209 MLD SFM Information 209 4 17 Link Aggregation 210 Common Aggregation Configuration 211 Aggregation Group...

Страница 6: ...Server Binding IP 271 DHCP Server Declined IP 272 DHCP Detailed Statistics Port 1 272 5 3 Simple Network Management Protocol SNMP 275 SNMP System Configuration 275 Trap Configuration 276 Trap Source C...

Страница 7: ...ftware Image Select 302 7 4 Configuration Management 304 Save startup configuration 304 Download Configuration 304 Upload Configuration 304 Activate 305 Delete 305 7 5 Power Supply Overview 306 AC Pow...

Страница 8: ...speed Copper management port is included All ports can operate at full wire speed with a total forwarding capacity of 200Gbps The system offers advanced Quality of Service QoS features including class...

Страница 9: ...D 1 4 Typical Applications 5G Fronthaul Backhaul Convergence Evolved mobile networks requires high level of synchronization to operate The required accuracy level increases as the networks further ev...

Страница 10: ...ty in production which dictates specific requirement for synchronization In such environment where man and machine coexist and work together side by side all actions must be coordinated and mutually a...

Страница 11: ...Falcon R Class User Guide 11 2 System Description 2 1 Block Diagram Figure 2 1 R Class functional block diagram...

Страница 12: ...PS Console RJ 45 RS 232 115 200Bd CLI Cisco like OAM IEEE802 3ah when connected to third party edge switch that supports the standard Management integration Integration with 3rd party network manageme...

Страница 13: ...1731 data plane support several functions of this standard require HW based support These functions are o Loss measurement o Delay measurement o Delay variation measurement Linear Ethernet Protection...

Страница 14: ...ct required cables to ports twisted pair RJ45 Ethernet and fiber Ethernet SFPs 6 Verify that the ports Link and Speed LEDs are lit per connected interfaces 7 Configure the selected device via the cons...

Страница 15: ...oots up 3 The system prompts you to log in Default username moose Default password 1234 Note if you experiment difficulty in the connection contact Fibrolan support International support Fibrolan com...

Страница 16: ...or Displays a variety of statuses from the device and other device info that enable system administrator to following up and check if the device is working properly Diagnostics Includes tools to diagn...

Страница 17: ...configuration section Displays detailed data for the selected from one of the functionality menus Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 second...

Страница 18: ...fication the frames are passed to the Policer If the Policer is not selected the frames pass untouched From the Policer the frames enter the Ingress Queue Some prioritization algorithms are used to ha...

Страница 19: ...ct person for this managed node together with information on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Name...

Страница 20: ...t address of the DNS Server in dotted decimal notation Make sure the configured DNS server could be reachable e g via PING for activating DNS service Configured IPv6 Explicitly provide the valid IPv6...

Страница 21: ...C address will be used in the DHCP option 61 field IPv4 DHCP Client Identifier ASCII The ASCII string of DHCP client identifier When DHCPv4 client is enabled and the client identifier type is ascii th...

Страница 22: ...28 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example 2001 1 90 The symbol is a special syntax that can be used as a shorthand way...

Страница 23: ...istance Only for IPv4 The distance value of route entry is used to provide the priority information of the routing protocols to routers When there are two or more different routing protocols are invol...

Страница 24: ...t Configuration Table 4 5 NTP Client Configuration Parameters Client Configuration Mode Indicates the NTP Client operation mode Possible modes are Enabled Enable NTP mode operation Disabled Disable NT...

Страница 25: ...erver Configuration Parameters Client Configuration Mode Indicates the NTP Client operation mode Possible modes are Enabled Enable NTP mode operation Disabled Disable NTP mode operation Server ID Up t...

Страница 26: ...cation to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disable to disable the Daylight Saving Time configuration Defau...

Страница 27: ...t the ending hour Minutes Select the ending minute Offset settings Offset Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Non Recurring Configurations Start time setting...

Страница 28: ...provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled Enable server mode operation Disabled Disable server mode operation...

Страница 29: ...ration Parameters Event Index Event Unique Name of the Event Severity Indicates the severity of the event Notice Info Warning Enable Disable Enable Event Change will take effect on all checked interfa...

Страница 30: ...e port Configured Speed Selects available link speed for the given switch port Only speeds supported by the specific port are shown Possible speeds are Disabled Disables the switch port operation Auto...

Страница 31: ...ty that is advertised to the link partner When a fixed speed setting is selected traffic that is what is selected Current Rx This column indicates whether pause frames on the port are obeyed Current T...

Страница 32: ...sulated in the payload of the frame If frame length check is enabled frames with payload size less than 1536 bytes are dropped if the EtherType Length field doesn t match the actual payload length If...

Страница 33: ...ype Indicates module Type Range Indicates the SFP s nominal optical range Wavelength Indicates the SFP wavelength separately for transmit and receive Serial Indicates the SFP s serial number SFP Opera...

Страница 34: ...r device RX Power Module s allowed receive optical power range dBm TX Power Module s allowed transmit optical power range dBm Temperature Module s allowed internal temperature range Bias Current Modul...

Страница 35: ...Overview Parameters Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes...

Страница 36: ...conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch QCL is an acronym for QoS Control List It is the list table of Q...

Страница 37: ...y ACL Policy number Ingress Map Classify Ingress Map ID Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen that the resources required...

Страница 38: ...ved and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received...

Страница 39: ...output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Green Ethernet This page allows the user to configure the port power savings features EEE is...

Страница 40: ...if the traffic can be buffered up until a large burst of traffic can be transmitted Buffering traffic will give some latency in the traffic Note For Port Power Savings refer to Port Power Savings Conf...

Страница 41: ...equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame wi...

Страница 42: ...ning is done automatically as soon as a frame with an unknown SMAC is received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped Note Make sure that t...

Страница 43: ...entry Click to Add New Static Entry to add a new entry to the static MAC table Specify the VLAN ID MAC address and port members for the new entry Click Save Monitoring the MAC Address Table Entries in...

Страница 44: ...lue of the first displayed entry allowing for continuous refresh with the same start address The button will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the nex...

Страница 45: ...same VLAN must be forwarded through a router VLANs are essentially Layer 2 constructs whereas IP subnets are Layer 3 constructs In a LAN employing VLANs a one to one relationship often exists between...

Страница 46: ...l create VLANs 1 10 11 12 13 200 and 300 1 10 13 200 300 Spaces are allowed in between the delimiters Ethertype for Custom S ports This field specifies the ethertype TPID specified in hexadecimal used...

Страница 47: ...ult is Access determines the fundamental behavior of the port in question A port can be in one of three modes as described below Whenever a particular mode is selected the remaining fields in that row...

Страница 48: ...uration is set to untag Port VLAN The Port VLAN is called an Access VLAN for ports in Access mode and Native VLAN for ports in Trunk or Hybrid mode Port Type Ports in hybrid mode allow for changing th...

Страница 49: ...ames are transmitted with the relevant tag Tag All All frames whether classified to the Port VLAN or not are transmitted with a tag Untag All All frames whether classified to the Port VLAN or not are...

Страница 50: ...t in the VLAN Table Clicking the Refresh button will update the displayed table starting from that or the closest next VLAN Table match The will use the last entry of the currently displayed VLAN entr...

Страница 51: ...Status for Combined Users Table 4 25 VLAN Port Status for Combined Users Parameters Port The logical port for the settings contained in the same row Port Type Shows the port type Unaware C Port S Por...

Страница 52: ...membership status of VLAN users VLAN User Various internal software modules may use VLAN services to configure VLAN memberships on the fly The drop down list on the right allows for selecting between...

Страница 53: ...ll be displayed If a port is in the forbidden port list and at the same time attempted included in the VLAN the following image will be displayed The port will not be a member of the VLAN in this case...

Страница 54: ...into Groups identified by the Group ID This way a port is configured to use several VLAN Translation mappings easily by simply configuring it to use a given group Then the number of possible groups in...

Страница 55: ...an be configured to use the same group A valid Group ID is an integer value from 1 to 10 Note By default each port is set to use the group with Group ID equal to the port number For example port 1 is...

Страница 56: ...implementation of transparent L2 service for high numbers of customers Determination of which service to assign a frame to can be based on Ingress port All frames received on a specific ingress port...

Страница 57: ...box To remove or exclude the port from the private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Add a New Private VLAN Click to add a new private VLA...

Страница 58: ...te To delete a MAC to VLAN ID mapping entry check this box and press save The entry will be deleted in the stack MAC Address Indicates the MAC address of the mapping VLAN ID Indicates the VLAN ID the...

Страница 59: ...d the valid value of the following text field will vary depending on the new frame type you selected Value Valid value that can be entered in this text field depends on the option selected from the pr...

Страница 60: ...combination of alphabets a z or A Z and integers 0 9 Note Special characters and underscores _ are not allowed Adding a New Group to VLAN mapping entry Click Add New Entry to add a new entry in the ma...

Страница 61: ...e mapped A valid VLAN ID ranges from 1 to 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in the mapping check the box To rem...

Страница 62: ...port is displayed for each IP subnet to VLAN ID mapping entry To include a port in a mapping simply check the box To remove or exclude the port from the mapping make sure the box is unchecked By defau...

Страница 63: ...e must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode oper...

Страница 64: ...n parameters Port Configuration Port The logical port for the settings contained in the same row Mode Indicates the Voice VLAN port mode Possible modes are Disabled Disjoin from Voice VLAN Auto Enable...

Страница 65: ...DP or Both Changing the discovery protocol to OUI or LLDP will restart auto detect process Possible discovery protocols are OUI Detect telephony device by OUI address LLDP Detect telephony device by L...

Страница 66: ...opriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximum 4 MVR VLANs with corresp...

Страница 67: ...given it should contain at least one alphabet MVR VLAN name can be edited for the existing MVR VLAN entries or it can be added to the new entries IGMP Address Define the IPv4 address as source addres...

Страница 68: ...ogical port for the settings Port Role Configure an MVR port of the designated MVR VLAN as one of the following roles Inactive The designated port does not participate MVR operations Source Configure...

Страница 69: ...ping Fast Leave processing allows the switch to remove an interface from the forwarding table entry without first sending out group specific queries to the interface The VLAN interface is pruned from...

Страница 70: ...Joins Received The number of Received IGMPv1 Join s IGMPv2 MLDv1 Reports Received The number of Received IGMPv2 Join s and MLDv1 Report s respectively IGMPv3 MLDv2 Reports Received The number of Rece...

Страница 71: ...tion Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will us...

Страница 72: ...When first visited the web page will show the first 20 entries from the beginning of the MVR SFM Information table Clicking the Refresh button will update the displayed table starting from that or th...

Страница 73: ...is function is performed in the Scheduler block on the egress side The egress scheduler supports both Strict Priority scheduling and Weighted Fair Queuing WFQ Each egress port has 8 queues Classificat...

Страница 74: ...me is classified to the default DPL The classified DPL can be overruled by a QCL entry PCP Controls the default PCP Priority Code Point All frames are classified to a PCP entry If the port is VLAN awa...

Страница 75: ...ingress queue Web GUI Configuration QoS Port Policing Figure 4 48 QoS Ingress Port Policers Table 4 45 QoS Ingress Port Policers Parameters Port The port number for which the configuration below appli...

Страница 76: ...ess Queue Policers Config parameters Port The port number for which the configuration below applies Enable Enable or disable the queue policer for this switch port Rate Controls the rate for the queue...

Страница 77: ...Port Schedulers Parameters Port The logical port for the settings contained in the same row Click on the port number to configure the schedulers Mode Shows the scheduling mode for this port Qn Shows...

Страница 78: ...for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Queue Shaper Unit Controls the unit of...

Страница 79: ...ontrols the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Port Shaper Rate type The rate type of the port shaper The allowed values are Line Specify that this shap...

Страница 80: ...per is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it...

Страница 81: ...stricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default va...

Страница 82: ...for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Qos Port DSCP Configuration This section allows you to c...

Страница 83: ...slate To Enable the Ingress Translation click the checkbox Classify Classification for a port has 4 different values Disable No Ingress DSCP Classification DSCP 0 Classify if incoming or translated if...

Страница 84: ...sed QoS Ingress Classification This section allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches Web GUI Configuration QoS DSCP Based QoS Figure 4 57 D...

Страница 85: ...untrusted DSCP values are treated as a non IP frame QoS Class QoS class value can be any of 0 7 DPL Drop Precedence Level 0 1 Every incoming frame is classified to a Drop Precedence Level DP level wh...

Страница 86: ...Falcon R Class User Guide 86 Web GUI Configuration QoS DSCP Translation Figure 4 58 DSCP Translation...

Страница 87: ...SCP values 2 Classify Click to enable Classification at Ingress side Egress There are the following configurable Parameters for Egress side Remap Select the DSCP value from select menu to which you wa...

Страница 88: ...ged frames The default value is Any VID Indicates VLAN ID either a specific VID or range of VIDs VID can be in the range 1 4095 or Any PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 5...

Страница 89: ...Web GUI Configuration QoS DSCP Translation Figure 4 60 QCE Parameters displays Table 4 56 QCE Configuration Parameters Port Members Check the checkbox button to include the port in the QCL entry By de...

Страница 90: ...types are explained below 1 Any Allow all types of frames 2 Ether Type Ether Type Valid Ethernet type can have a value within 0x600 0xFFFF or Any but excluding 0x800 IPv4 and 0x86DD IPv6 3 LLC SSAP A...

Страница 91: ...rop Precedence Level 0 1 or Default DSCP DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 or Default PCP PCP 0 7 or Default Note PCP and DEI cannot be set individually DEI DEI 0 1 or Default Policy ACL Policy num...

Страница 92: ...he rate in bits per second which the Policer is allowing to pass through when only excess resources are available EBS Excess Burst Size the burst size in bytes allowed for the excess bucket Figure 4 6...

Страница 93: ...e or disable the global storm policer for the given frame type Rate Controls the rate for the global storm policer This value is restricted to 10 13128147 when Unit is fps or kbps and 1 13128 when Uni...

Страница 94: ...switch port Rate Controls the rate for the port storm policer This value is restricted to 10 13128147 when Unit is fps or kbps and 1 13128 when Unit is kfps or Mbps The rate is internally rounded up...

Страница 95: ...tion Table 4 59 User Configuration Parameters Username The name identifying the user Privilege level The privilege level of the user The allowed range is 0 to 15 If the privilege level value is 15 it...

Страница 96: ...aracters including Space is accepted Privilege level The privilege level of the user The allowed range is 0 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fu...

Страница 97: ...f the privilege levels Web GUI Configuration Security Switch Privelege Levels Figure 4 65 Privilege Level Configuration Table 4 61 Privilege Configuration Level Parameters Group Name The name identify...

Страница 98: ...to 15 where 0 is lowest level and 15 is highest level Every group has an authorization Privilege level for the following sub groups configuration read only configuration execute read write status stat...

Страница 99: ...LI commands available to a user Client The management client for which the configuration below applies Method Method can be set to one of the following values no Command authorization is disabled User...

Страница 100: ...ons Web servers and browsers should take in response to various commands For example when you enter a URL in your browser this sends an HTTP command to the Web server directing to fetch and transmit t...

Страница 101: ...he current certificate Upload Upload a certificate PEM file Possible methods are Web Browser or URL Generate Generate a new self signed RSA certificate Certificate Pass Phrase Enter the pass phrase in...

Страница 102: ...ess Management Figure 4 69 Access Management Configuration display Table 4 65 Access Management Configuration parameters Mode Indicates the access management mode operation Possible modes are Enabled...

Страница 103: ...etwork Security includes the following subjects MAC Limit Port Security switch and Port Security port status Network Access Server NAS Access Control List ACL IP Source Guard ARP Inspection 4 8 2 1 MA...

Страница 104: ...Configuration Parameters Global Configuration Mode Indicates if Limit Control is globally enabled or disabled on the switch If globally disabled other modules may still use the underlying functionalit...

Страница 105: ...esources are freed on the switch Hold Time The hold time measured in seconds is used to determine how long a MAC address is held in the MAC table if it has been found to violate the limit Valid range...

Страница 106: ...ct Sticky Enables sticky learning of MAC addresses on this port When the port is in sticky mode all MAC addresses that would otherwise have been learned as dynamic are learned as sticky Sticky MAC add...

Страница 107: ...comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresse...

Страница 108: ...ull name of a module that may request Port Security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table see below Port Status The table...

Страница 109: ...and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re openedon the Limit Control configuration Webpage Mac Count Current...

Страница 110: ...would otherwise have been learned as dynamic are learned as sticky Sticky entries are part of the running config and can therefore be saved to startup config An important aspect of sticky MAC address...

Страница 111: ...oes not require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create count...

Страница 112: ...s parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in an 802 1X based mode this is not so critical since...

Страница 113: ...RADIUS assigned VLAN is enabled on that port When unchecked RADIUS server assigned VLAN is disabled on all ports Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network acces...

Страница 114: ...ill be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallo...

Страница 115: ...has not yet failed because the X seconds have not expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefor...

Страница 116: ...icant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP...

Страница 117: ...be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 7 which translates into the desired QoS Cl...

Страница 118: ...ubleshooting VLAN assignments use the VLANs VLAN Membership Status and VLAN Port Status pages These pages show which modules have temporarily overridden the current Port VLAN configuration Guest VLAN...

Страница 119: ...Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Restart Two buttons are available for each row The buttons are only enabled when authentication...

Страница 120: ...ied in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authenti...

Страница 121: ...f the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs at previous section System Configuration If the port is moved to the Gue...

Страница 122: ...nvalid Tx Total dot1xAuthEapolFramesTx The number of EAPOL frames of any type that have been transmitted by the switch Tx Request ID dot1xAuthEapolReqIdFra mesTx The number of EAPOL Request Identity f...

Страница 123: ...er of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend server Tx Responses dot1xAuthBackend Responses 802 1X based Counts...

Страница 124: ...above Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Attached MAC Addresses Identity...

Страница 125: ...nsuccessful Buttons The port select box determines which port is affected when clicking the buttons Clear This button is available in the following modes Force Authorized Force Unauthorized Port based...

Страница 126: ...are Disabled or the values 1 through 16 The default value is Disabled Port Redirect Select which port frames are redirected on The allowed values are Disabled or a specific port number The default val...

Страница 127: ...by changing the volatile port configuration of the ACL user module Disabled To close ports by changing the volatile port configuration of the ACL user module The default value is Enabled Counter Count...

Страница 128: ...ll match a specific ingress port Policy Bitmask Indicates the policy number and bitmask of the ACE Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame t...

Страница 129: ...y a frame Modification Button The lowest plus sign adds a new entry at the bottom of the ACE listings By checking this box you access additional displays ACE configuration VLAN Parameters Note Refer t...

Страница 130: ...policy with this ACE choose this value Two field for entering a policy value and bitmask appears Frame Type Select the frame type for this ACE These frames are mutually exclusive Any Any frame can mat...

Страница 131: ...mirror port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled Logging Specify the logging ope...

Страница 132: ...ID number appears Tag Priority Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is 0 to 7 or range 0 1 2 3 4 5 6 7 0 3 and 4 7 The v...

Страница 133: ...e ACE may be forwarded and learned Deny Frames matching the ACE are dropped Filter Frames matching the ACE are filtered Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1...

Страница 134: ...on provides the related IP Source Guard configurations Web GUI Configuration Security Network IP Source Guard Configuration Figure 4 82 IP Source Guard Configuration Table 4 78 IP Source Guard Configu...

Страница 135: ...ss Buttons Add New Entry Click to add a new entry to the Static IP Source Guard table 4 8 2 14 Dynamic IP Source Guard Table Entries in the Dynamic IP Source Guard Table are shown on this page The Dyn...

Страница 136: ...on Protocol ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as an Ethernet address ARP allows a host to communicate w...

Страница 137: ...tion Configuration Mode of ARP Inspection Configuration Enable the Global ARP Inspection or disable the Global ARP Inspection Port Mode Configuration Port Mode Configuration Specify ARP Inspection is...

Страница 138: ...setting of Check VLAN are Enabled Enable check VLAN operation Disabled Disable check VLAN operation Only if the Global Mode and Port Mode on a given port are enabled and the setting of Check VLAN is...

Страница 139: ...ited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow th...

Страница 140: ...ARP Inspection Table Web GUI Monitor Security Network ARP Inspection Dynamic Table Entries in the Dynamic ARP Inspection Table are shown on this page The Dynamic ARP Inspection Table contains up to 2...

Страница 141: ...the Dynamic ARP Inspection Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic ARP Inspection Table match In addition the two input fields...

Страница 142: ...s field is left blank the IP address of the outgoing interface is used NAS IPv6 Address Attribute 95 The IPv6 address to be used as attribute 95 in RADIUS Access Request packets If this field is left...

Страница 143: ...f the server Authentication Port UDP port number for authentication Authentication Status The current status of the server This field takes one of the following values Disabled The server is disabled...

Страница 144: ...a networking protocol which provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication...

Страница 145: ...global timeout value Leaving it blank will use the global timeout value Change Secret Key Specify to change the secret key or not When the checkbox is checked you can change the setting overrides the...

Страница 146: ...epts radiusAuthClientExtAccessA ccepts The number of RADIUS Access Accept packets valid or invalid received from the server Rx Access Rejects radiusAuthClientExtAccessR ejects The number of RADIUS Acc...

Страница 147: ...sts The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented d...

Страница 148: ...es radiusAccClientExtResp onses The number of RADIUS packets valid or invalid received from the server Rx Malformed Responses radiusAccClientExtMalf ormedResponses The number of malformed RADIUS packe...

Страница 149: ...ues Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIU...

Страница 150: ...the Hybrid mode allows each domain to operate independently of the others e g as a BC with both PTP and SyncE Mode Configuration This section enables the configuration of the device s clocking system...

Страница 151: ...stance number etc State The status of the sync source This indicator displays the following states Green The source provides a valid reference clock Red indicates failure of the source Orange Source q...

Страница 152: ...system is in Holdover state Yellow indicates Free running internal clock state Green Yellow blinking Lock Acquisition Blue Green blinking Holdover Recovery Output arrows Visualization of outputs dist...

Страница 153: ...source is automatically selected based on priority and state When higher priority source that previously failed is valid again no switchover will take place Forced HoldOver the system will be synchro...

Страница 154: ...n Figure 4 99 Time Attributes Configuration Table 4 94 Time Attributes Configuration parameters Holdover Configuration UTC to TAI Value in seconds of difference between UTC and TAI Mode Options suppor...

Страница 155: ...s the sync source type and port instance the system is currently locked to e g PTP GPS etc Offset from GNSS nSec N A Time in State The time that has passed since the last system sync state change Time...

Страница 156: ...UI Monitor Timing SyncCenter Status Figure 4 102 Monitoring SyncCenter Status displays The following displays allow us to monitor the SyncCenter status and activity Sync Sources and Visual Indicators...

Страница 157: ...r is not running i e system stable Amber means timer is currently running and Grey indicates WTR is disabled WTR Time Indicates the time left before the WTR timer expires when running Clear button All...

Страница 158: ...GNSS antenna When Manual is selected it is possible to directly configure the cable delay Velocity Factor Set the Velocity Factor VF of the antenna cable Length Set the length of the antenna cable in...

Страница 159: ...eived by the GNSS in degrees Altitude Indicates the current altitude as received by the GNSS in meters Offsets 1PPS Indicates the current estimated 1PPS time error the GNSS is generating in nsec Offse...

Страница 160: ...Gen When it lights red the GNSS cannot generate 1PPS signal Satellite Status Figure 4 107 Satellite Status Table 4 102 Satellite Status parameters Satellite PNR The PRN satellite number of the tracke...

Страница 161: ...Common Buttons GNSS Config Sky View Sat Counts are direct links to the respective pages Figure 4 109 Common buttons of GNSS webpages GNSS Receiver Info Figure 4 110 GNSS Antenna Cable Status Table 4 1...

Страница 162: ...which the satellite is displayed The elevation angle is represented by the distance from the center 90 degrees to the edge of the sky map circle 0 degrees Each satellite icon is positioned according t...

Страница 163: ...w Time axis duration can be 15 minutes 1 minute resolution or 24 hours 15 minutes resolution Show only good above threshold satellites or all visible tracked ones Common Buttons Send Report send repor...

Страница 164: ...establishes the clock sources The device internal state logic clock selector monitors all reference clocks and automatically selects the best available reference clock based on configured priority an...

Страница 165: ...and frame pulses with a frequency accuracy equal to the frequency accuracy of the input reference clock The generated clock and frames pulse outputs comply with specifications as described in Telcord...

Страница 166: ...or slave clock The OC sends and receive PTP messages It supports the synchronization mechanism Boundary clock has multiple physical ports to the network and can be used as an intermediate stage device...

Страница 167: ...p Transp clock s Device Type is Peer to Peer Transparent Clock 3 E2e Transp clock s Device Type is End to End Transparent Clock 4 Master Only clock s Device Type is Master Only 5 Slave Only clock s De...

Страница 168: ...2 5 Clock Parent Data Set The clock parent data set is defined in the IEEE 1588 standard The parent data set is dynamic Figure 4 118 Clock Type and Profile Table 4 112 Clock Type and Profile Parent Po...

Страница 169: ...g True if two step Sync events and Pdelay_Resp events are used Ports The total number of physical ports in the node Clock Identity It shows unique clock identifier Dom Clock domain 0 127 Clock Quality...

Страница 170: ...r Enable on State Table 4 114 Master Enable on State Free Run In Free Run state PTP can be set to Disable Enable Rule 0 Lock Acquisition In Lock Acquisition state PTP can be set to Disable Enable Rule...

Страница 171: ...represented as 0 Leap Type The type of leap event i e leap59 or leap61 Buttons Apply Hit to apply the clock instance settings to the running config Reset Hit to reset the new clock instance parameter...

Страница 172: ...icates the Instance of a particular Clock Instance 0 3 ClkDom HW Domain Refers to Clock HW Domain Device Type Indicates the Type of the Clock Instance There are five Clock Types Boundary clock s Type...

Страница 173: ...t PTP over Ethernet multicast ip4multi PTP over IPv4 multicast ip4uni PTP over IPv4 unicast VID VLAN Identifier used for tagging the PTP frames Note Packets are tagged if the port is configured for vl...

Страница 174: ...Indicates Master is NOT enabled for PTP transmission UtcOffset In systems whose epoch is UTC it is the offset between TAI and UTC Valid When true the value of currentUtcOffset is valid leap59 When tru...

Страница 175: ...instance IP Address The slave s IP address Port The master s port number MAC Address The MAC address of the slave or the gateway s Status Sync Indicates Sync messages are transmitted to the slave Ann...

Страница 176: ...tandard which specifies SyncE slave clocks ITU T G8264 standard that describes the specifications of Ethernet Synchronization Messaging Channel ESMC In Synchronous mode of operation the Synchronous Et...

Страница 177: ...yncE enables the transport of slave synchronization signals within the entire network The EEC devices are defined as Ethernet Equipment Slave clocks Ethernet interfaces are also able to generate their...

Страница 178: ...ut quality level in Holdover state PRC SSUB SSUA EEC1 DNU Figure 4 128 SyncE Port Configuration Table 4 121 SyncE Port Configuration Parameters SyncE Ports Port The port number to configure SSM Enable...

Страница 179: ...of the SyncE configuration of the applicable Ethernet ports Web GUI Monitor Timing SyncE Figure 4 129 SyncE Status Table 4 122 SyncE Status Parameters SyncE Status SSM Option Select Display the syste...

Страница 180: ...SSM Event Counter displaying the number of transmitted SSM Event messages Rx SSM Status Enable and disable of SSM functionality on this port Rx SSM Quality Level Monitoring of the received SSM QL on...

Страница 181: ...input or output Output Type Set the port s output type and frequency Applicable when the port is set to Output Input Type Set the port s input type and frequency Applicable when the port is set to Inp...

Страница 182: ...Direction Indicates whether the Sync port s direction is Input or Output Output Type Indicates the Sync port s Output type Input Indicates the Sync port s Input type Quality Option Indicates the Sync...

Страница 183: ...mprovements in topology change detection notification and flushing of the learn tables 802 1s Multiple Instance Spanning Tree A newer version supporting more than a single topology each instance group...

Страница 184: ...en any two nodes in a spanning tree instance An instance includes a unique set of VLANs belongs to a specific spanning tree region and creates a separate per instance forwarding topology A region may...

Страница 185: ...on Assume we have tree switches in a region configured with VLANs grouped in two instances as follows VLAN1 10 20 30 mapped to Instance 1 VLAN2 11 21 31 mapped to Instance 2 The logical topologies sho...

Страница 186: ...nt R Class series devices allows STP RSTP MSTP system settings configuration as detailed below Web GUI Configuration Spanning Tree Bridge Settings Figure 4 132 STP Bridge Configuration Table 4 126 STP...

Страница 187: ...how many bridges a root bridge can distribute its BPDU information to Valid values are in the range 6 to 40 hops Transmit Hold Count The number of BPDU s a bridge port can send per second When exceed...

Страница 188: ...me is at most 32 characters Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI Mapping MSTI The bridge instance The CIST is not...

Страница 189: ...of VLANs The CIST is the default instance which is always active Priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number conca...

Страница 190: ...d start as being set or cleared The initial operEdge state when a port is initialized AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdg...

Страница 191: ...d or forced either true or false Transition to the forwarding state is faster for point to point LANs than for shared media MSTI Port Configuration This section allows the user to inspect the current...

Страница 192: ...overview of all STP bridge instances Web GUI Monitor Spanning Tree Bridge Status Figure 4 137 STP Bridges Table 4 131 STP Bridges Parameters MSTI The Bridge Instance CIST also a link to the STP Detail...

Страница 193: ...l root bridge inside the MSTP region of this bridge For the CIST instance only Internal Root Cost The Regional Root Path Cost For the Regional Root Bridge this is zero For all other CIST instances in...

Страница 194: ...o Bridges are attached The flag may be automatically computed or explicitly configured Each Edge Port transits directly to the Forwarding Port State since there is no possibility of it participating i...

Страница 195: ...the STP port statistics counters of bridge ports in the switch Web GUI Monitor Spanning Tree Port Statistics Figure 4 140 STP Statistics Table 4 134 STP Statistics Parameters Port The switch port numb...

Страница 196: ...icast list for that group When the R Class series snoops an IGMP Leave it removes the host s port from the table entry The following sections explain and demonstrate in detail IGMP snooping support us...

Страница 197: ...Falcon R Class User Guide 197 Web GUI Configuration IPMC IGMP Snooping Basic Configuration Figure 4 141 IGMP Snooping Configurations...

Страница 198: ...outer port the whole aggregation will act as a router port Fast Leave Enables the fast leave on the port Multicast snooping Fast Leave processing allows the switch to remove an interface from the forw...

Страница 199: ...pre defined value By default this value will be 192 0 2 1 Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts...

Страница 200: ...ions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Buttons Add New IGMP VLAN Click to add new IGMP VLAN Sp...

Страница 201: ...multicast streams Profile Management Button You can inspect the rules of the designated profile by using the following button List the rules associated with the designated profile IGMP Snooping Statu...

Страница 202: ...e are shown on this section The IGMP Group Table is sorted first by VLAN ID and then by group Navigating the IGMP Group Table Each page shows up to 99 entries from the IGMP Group table default being 2...

Страница 203: ...able Clicking Refresh the button will update the displayed table starting from that or the closest next IGMP SFM Information Table match In addition the two input fields will upon a button click assum...

Страница 204: ...s an acronym for Multicast Listener Discovery for Ipv6 MLD is used by Ipv6 routers to discover multicast listeners on a directly attached link much as IGMP is used in Ipv4 The protocol is embedded in...

Страница 205: ...ct as a router port Fast Leave Enable the fast leave on the port System will remove group record and stop forwarding data upon receiving the MLDv1 leave message without sending last member query messa...

Страница 206: ...is 1 to 255 default robustness variable value is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default que...

Страница 207: ...Snooping Port Group Filtering Configuration Parameters Port The logical port for the settings Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about t...

Страница 208: ...Transmitted The number of Transmitted Queries Querier Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Report...

Страница 209: ...he currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Web GUI Configuration IPMC MLD...

Страница 210: ...e Source Address IP Address of the source Currently system limits the total number of IPv6 source addresses for filtering per group is 8 Type Indicates the Type It can be either Allow or Deny Hardware...

Страница 211: ...e two devices to detect multiple links between themselves and the combine them into a single logical link Common Aggregation Configuration The aggregation hash code contributor settings are global has...

Страница 212: ...settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button...

Страница 213: ...CP Figure 4 155 LACP Configuration Table 4 148 LACP Port Parameters Port The switch port number LACP Show whether LACP is currently enabled on this switch port Timeout The Timeout controls the period...

Страница 214: ...e of the Aggregation group Static or LACP Speed Speed of the Aggregation group Configured ports Configured member ports of the Aggregation group Aggregated ports Aggregated member ports of the Aggrega...

Страница 215: ...nternal Status Figure 4 158 LACP Internal Status Table 4 152 LACP Internal Status Parameters Internal Status This page provides a status overview for the LACP internal i e local system status for all...

Страница 216: ...LACP Neighbor Status Table 4 153 LACP Neighbor Status Parameters Neighbor Status This page provides a status overview for the LACP neighbor status for all ports Only ports that are part of an LACP gro...

Страница 217: ...faulted Show if the Actor s Receive machine is using Defaulted operational Partner information Expired Show if that the Actor s Receive machine is in the EXPIRED state 4 17 5 4 Port Statistics Web GUI...

Страница 218: ...ct new link connectivity associations and correlate link endpoint attributes between these network elements Once successful link correlations have been determined autonomous notifications of these cor...

Страница 219: ...the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds LLDP Interface Configuration Interface The switch interface name of the logical LLDP interface Mode Select...

Страница 220: ...hold time is exceeded CDP is an acronym for Cisco Discovery Protocol Optional TLVs TLV is an acronym for Type Length Value A LLDP frame can contain multiple pieces of information Each of these pieces...

Страница 221: ...Falcon R Class User Guide 221 Web GUI Configuration LLDP LLDP MED Figure 4 162 LLDP MED Configuration displays...

Страница 222: ...ormation as fast as possible to new neighbors Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended to repeat the fast start transmission multiple...

Страница 223: ...etwork Connectivity Device it is possible to configure it to act as an Endpoint Device and thereby start the LLDP MED information exchange In the case where two Network Connectivity Devices are connec...

Страница 224: ...n of 250 characters 1 A non empty civic address location will use 2 extra characters in addition to the civic address location text 2 The 2 letter country code is not part of the 250 characters limita...

Страница 225: ...t issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies are only intended for use with applications that have specific real time network policy req...

Страница 226: ...lication type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy 5 Softphone Voice for use by softphone applications on typical d...

Страница 227: ...DSCP value as defined in RFC 2475 Adding a new policy Click to Add New Policy to add a new policy Specify the Application type Tag VLAN ID L2 Priority and DSCP for the new policy Click Save The numbe...

Страница 228: ...The possible capabilities are Other Repeater Bridge WLAN Access Point Router Telephone DOCSIS cable device Station only Reserved When a capability is Enabled the capability is followed by When a capab...

Страница 229: ...fined for the previous Endpoint Device Class For example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also support all aspects of TIA 1057 applicable to Generic E...

Страница 230: ...ion Extended Power via MDI PSE Extended Power via MDI PD Inventory Reserved Application Type Application Type indicating the primary function of the application s defined for this network policy adver...

Страница 231: ...VID of the ingress port is used instead Priority Priority is the Layer 2 priority to be used for the specified application type One of the eight priority levels 0 through 7 DSCP DSCP is the DSCP value...

Страница 232: ...e for a more efficient allocation Systems that do not implement this option default the value to be the same as that of the Receive Tw_sys_tx Echo Tx Tw The link partner s fallback receives Tw The res...

Страница 233: ...160 Port Statistic Parameters Global Counters Clear Global counters If checked the global counters are cleared when Clear is pressed Neighbor entries were last changed Shows the time for the last entr...

Страница 234: ...n type of value Org Discarded If LLDP frame is received with an organizationally TLV but the TLV is not supported the TLV is discarded and counted Age Outs Each LLDP frame contains information about h...

Страница 235: ...rent link faults Event notification is delivered to the link partner when one of these events is detected on the link Frame Error events Frame Period Error events Symbol Period Error events Event Seco...

Страница 236: ...nce the Discovery process completes Active DTE s are permitted to send any OAMPDU while connected to a remote OAM peer entity in Active mode Active DTE s operates in a limited respect if the remote OA...

Страница 237: ...ent Configuration for selected port Parameters Port The switch port number Event Name Name of the Link Event which is being configured Error Window Represents the window period in the order of 1 sec f...

Страница 238: ...total number of OAM frames received and transmitted for the selected port Discontinuities of these counters can occur at re initialization of the management system Web GUI Configuration Link OAM Even...

Страница 239: ...ace Rx and Tx Variable Response A count of the number of Variable Response OAMPDUs received and transmitted on this interface Rx and Tx Org Specific PDU s A count of the number of Organization Specifi...

Страница 240: ...vice is forwarding non OAMPDUs to higher sublayer When in loopback Device is looping back non OAMPDUs to the lower sublayer When in discarding state Device is discarding non OAMPDUs Organizational Uni...

Страница 241: ...t field indicates the duration of the period in terms of 100 ms intervals 1 The default value is one second 2 The lower bound is one second 3 The upper bound is one minute Frame error event threshold...

Страница 242: ...w This eight octet field indicates the number of symbols in the period Symbol Period Error Event Threshold This eight octet field indicates the number of errored symbols in the period is required to b...

Страница 243: ...sum of errored frame seconds that have been detected since the OAM sublayer was reset Total Error Frame Seconds Summary Events This four octet field indicates the number of Errored Frame Seconds Summa...

Страница 244: ...RMON History Configuration Configure RMON History table on this section The entry index key is ID Web GUI Configuration RMON History Figure 4 175 RMON History Configuration Table 4 167 RMON History Co...

Страница 245: ...kets delivered to a higher layer protocol InDiscards The number of inbound packets that are discarded even the packets are normal InErrors The number of inbound packets that contained errors preventin...

Страница 246: ...83647 Falling Index Falling event index 1 65535 RMON Event Configuration Configure RMON Event table on this section The entry index key is ID Web GUI Configuration RMON Event Figure 4 177 RMON Event C...

Страница 247: ...otection configurations and possibly change them as well Web GUI Configuration Loop Protection Figure 4 178 Loop Protection Configuration Table 4 170 Loop Protection Configuration Parameters General S...

Страница 248: ...conds Port Configuration Port The switch port number of the port Enable Controls whether Loop Protection is enabled on this switch port Action Configures the action performed when a loop is detected o...

Страница 249: ...tly configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current Loop Protection status of the port Loop Whether a loo...

Страница 250: ...VRP Global config Figure 4 180 GVRP Configuration display Table 4 172 GVRP Configuration parameters GVRP Configuration Enable GVRP globally The GVRP feature is globally enabled by setting the check ma...

Страница 251: ...ams to a central network traffic monitoring server This central server is called an sFlow receiver or sFlow collector Additional information can be found at http sflow org sFlow Configuration displays...

Страница 252: ...gement If sFlow is currently configured through SNMP Owner contains a string identifying the sFlow receiver If sFlow is configured through SNMP all controls except for the Release button are disabled...

Страница 253: ...Flow Sampler Max Header The maximum number of bytes that should be copied from a sampled packet to the sFlow datagram Valid range is 14 to 200 bytes with default being 128 bytes To have room for any f...

Страница 254: ...current sFlow owner is released Tx Successes The number of UDP datagrams successfully sent to the sFlow receiver Tx Errors The number of UDP datagrams that has failed transmission The most common sour...

Страница 255: ...of unidirectional links Its functionality is to provide mechanisms useful for detecting one way connections before they create a loop or other protocol malfunction RFC 5171 specifies a way at data lin...

Страница 256: ...n the advertisement phase and are determined to be bidirectional The range is from 7 to 90 seconds Default value is 7 seconds Currently default time interval is supported due to lack of detailed infor...

Страница 257: ...mation Figure 5 1 System Information Table 5 1 System Information Parameters Contact The system contact configured in Configuration System Information System Contact Name The system name configured in...

Страница 258: ...Status Figure 5 2 System Status Table 5 2 System Status Parameters System Status Time The current GMT system time and date The system time is obtained through the Timing server running on the switch...

Страница 259: ...conds intervals The last 120 samples are graphed and the last numbers are displayed as text as well To display the SVG graph your browser must support the SVG format Consult the SVG Wiki for more info...

Страница 260: ...dress type of the entry This may be LINK IPv4 or IPv6 Address The current address of the interface of the given type Status The status flags of the interface and or address IP Routes Network The desti...

Страница 261: ...entification of the system log entry Level The level of the system log entry Info The system log entry is belonged information level Warning The system log entry is belonged warning level Error The sy...

Страница 262: ...g from that or the closest next entry match In addition these input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same...

Страница 263: ...ss pool management is done by the server and not by a human network administrator Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requ...

Страница 264: ...irst and second VLAN ID or both On the other hand if you want to disable existed VLAN range then you can follow the steps 1 Press Add VLAN Range to add a new VLAN range 2 Input the VLAN range that you...

Страница 265: ...r Pool Figure 5 10 DHCP Server Pool Configuration Table 5 9 DHCP Server Pool Configuration Parameters Pool Setting Add or delete pools Adding a pool and giving a name is to create a new pool with defa...

Страница 266: ...not defined Reserved Only If on Ip addresses obtainable from the pool are limited to those entered into the reserved entries table Lease Time Display lease time of the pool DHCP Snooping Configuration...

Страница 267: ...server will be listed in this table except for local VLAN interface IP addresses Entries in the Dynamic DHCP snooping Table are shown on this section Web GUI Monitor DHCP Snooping Table Figure 5 12 D...

Страница 268: ...rface IP address and PVID Port VLAN ID correctly Web GUI Configuration DHCP Relay Figure 5 13 DHCP Relay Configuration Table 5 12 DHCP Relay Configuration Parameters Relay Mode Indicates the DHCP rela...

Страница 269: ...received Keep Keep the original relay information when a DHCP message that already contains it is received Drop Drop the package when a DHCP message that already contains relay information is received...

Страница 270: ...nsmit Error The number of packets that resulted in error while being sent to servers Receive from Client The number of received packets from server Receive Agent Option The number of received packets...

Страница 271: ...t type Expired Binding Number of bindings that their lease time expired or they are cleared from Automatic Manual type bindings DHCP Message Received Counters DISCOVER Number of DHCP DISCOVER messages...

Страница 272: ...lick to clear all Automatic bindings and change them to Expired bindings Clear Manual Click to clear all Manual bindings and change them to Expired bindings Clear Expired Click to clear all Expired bi...

Страница 273: ...K The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx and Tx Release The number of rele...

Страница 274: ...ide 274 DHCP Detailed Statistics Port 1 Rx Discarded checksum error The number of discard packet that IP UDP checksum is error Rx Discarded from Untrusted The number of discarded packet that are comin...

Страница 275: ...ation SNMPv3 Access Configuration SNMP System Configuration Web GUI Configuration SNMP System Figure 5 19 SNMP System Configuration display Table 5 18 SNMP System Configuration Parameters SNMP System...

Страница 276: ...the allowed content is ASCII characters from 33 to 126 Mode Indicate the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation V...

Страница 277: ...on Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Security Eng...

Страница 278: ...Name Indicates the name for the entry Type The filter type for the entry Possible types are Included An optional flag to indicate a trap is sent for the given trap source is matched Excluded An option...

Страница 279: ...uration SNMP Users Figure 5 23 SNMPv3 User Configuration Table 5 22 SNMPv3 User Configuration Parameters SNMPv3 User Configuration Delete Check to delete the entry It will be deleted during the next s...

Страница 280: ...odified if the entry already exists That means must first ensure that the value is set correctly Authentication Password A string identifying the authentication password phrase For MD5 authentication...

Страница 281: ...g identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the...

Страница 282: ...ee to be added to the named view The allowed OID length is 1 to 128 The allowed string content is a digital number or an asterisk SNMPv3 Access Configuration Configure SNMPv3 accesses table The entry...

Страница 283: ...and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is the A...

Страница 284: ...riety of MIBs Future software versions will extend this list adding support for new features Note In order to retrieve the required MIB you must access Fibrolan Web site Support section To download th...

Страница 285: ...X XX XX XX IP address of the R Class series The Telnet screen prompts for a username and password Username moose Password 1234 SSH Configuration Secure Shell or SSH is a network protocol that allows e...

Страница 286: ...following severity types are supported Informational Information level of the system log Warning Warning level of the system log Notice Made to help the memory Enable Disable Enable Event Change will...

Страница 287: ...Parameters Username The name identifying the user This is also a link to Add Edit User display Privilege level The privilege level of the user The allowed range is 1 to 15 If the privilege level value...

Страница 288: ...s granted the fully control of the device But others value must refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that...

Страница 289: ...guration To access the related setup go to Authentication Method Configuration Authentication Servers Configuration This section allows the user to configure the different RADIUS Authentication Server...

Страница 290: ...nt table Clicking the Refresh button will update the displayed table starting from that or the next closest Event table match The will use the last entry of the currently displayed entry as a basis fo...

Страница 291: ...127 octets in length 128 255 The total number of packets including bad packets received that were between 128 to 255 octets in length 256 511 The total number of packets including bad packets receive...

Страница 292: ...s Multicast The total number of good packets received that were directed to a multicast address CECErrors The total number of packets received that had a length excluding framing bits but including FC...

Страница 293: ...t may be sent when this entry is first set to valid Rising Threshold Rising threshold value Rising Index Rising event index Falling Threshold Falling threshold value Falling Index Falling event index...

Страница 294: ...ows the user to select the starting point in the Event table Clicking the Refresh button will update the displayed table starting from that or the next closest Event table match The will use the last...

Страница 295: ...pe ICMP ECHO_REPLY will always be 8 bytes more than the requested data space the ICMP header The page refreshes automatically until responses to all packets are received or until a timeout occurs PING...

Страница 296: ...LAN interface as the source interface Leave this field empty for automatic selection based on routing configuration Note You may only specify either the VID or the IP Address for the source interface...

Страница 297: ...4 ms 64 bytes from 172 16 1 1 seq 3 ttl 64 time 1 699 ms 64 bytes from 172 16 1 1 seq 4 ttl 64 time 1 916 ms 172 16 1 1 ping statistics 5 packets transmitted 5 packets received 0 packet loss round tri...

Страница 298: ...nds Egress Interface Only for IPv6 The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and will be effective only when the corresponding IP...

Страница 299: ...ou can view the cable diagnostics results in the cable status table Note that VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY...

Страница 300: ...oss pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in me...

Страница 301: ...eters Yes Click to restart device No Click to return to the Port State page without restarting 7 2 Factory Defaults You can reset the configuration of the switch Only the IP configuration is retained...

Страница 302: ...file_name rbf All a combined file Select File Browse to the location of the image file and click Select Start Upgrade Click to start the upgrade After the image is uploaded a page announces that the...

Страница 303: ...age The file name of the firmware image from when the image was last updated Version The version of the firmware image Date The date where the firmware was produced Buttons Activate Alternate Image Cl...

Страница 304: ...when the system is restored to default settings Up to 31 other files typically used for configuration backups or alternative configurations Save startup configuration This copies running config to st...

Страница 305: ...fig and 32 other files usually including startup config it is not possible to create new files Instead an existing file must be overwritten or another file must be deleted Activate It is possible to a...

Страница 306: ...40 VAC 50 60 Hz There is no ON OFF switch on the device When the power is connected to the device the device is ON This will be indicated by the Power PWR LED lit green on the front panel The PS is ra...

Страница 307: ...the front panel Note The earthen conductor of power cord must be grounded 20 to 60VDC Power Connection The rear panel is equipped with a suitable screw connection ST connector Figure 7 10 Falcon RX se...

Страница 308: ...r eyes and must be handled with special care When not in use keep the fiber optic connector closed using its protective cover Never stare directly into the fiber optic connector of a powered device or...

Страница 309: ...r this warranty only from the reseller from which you have purchased the device however you may refer directly to Fibrolan Ltd To claim the warranty you should provide a reasonable proof that the rese...

Страница 310: ...tinuity Check Message CDP Cisco Discovery Protocol CE Customer Edge Equipment CFM Connectivity Fault Management IEEE 802 1ag CIR Committed Insured Rate CLI Command Line Interface CLNP Connectionless N...

Страница 311: ...net Virtual Connection EVPL Ethernet Virtual Private Line FD Frame Delay FDV Frame delay variation FDX Full Duplex FEF Far End Fault FP Fault Propagation FTP File Transfer Protocol FTTB Broadband Acce...

Страница 312: ...ETF Internet Engineering Task Force ITU T International Telecommunication Union Telecommunication IEEE 802 1X IEEE Standard for port based Network Access Control MLD Interior Gateway Media Protocol In...

Страница 313: ...A Media Access Maintenance Association MAC Media Access Control MAC Address Media Access Control Address hardware address MAC layer address physical address MA Maintenance Association MA Micro Agent a...

Страница 314: ...rface Card NMS Network Management System NTP Network Time Protocol NTU Network Termination Unit NU Node Unit OA Operation and Administration OAM Operation Administration Management ODI Open Data link...

Страница 315: ...ocol RMON Remote Monitoring RSTP Rapid Spanning Tree Protocol IEEE 802 1w Rx Receive SFP Small Form factor Pluggable SLA Service Level Management SLE Subscriber Link Emulation SMAC Source MAC address...

Страница 316: ...TLV ToS It is an acronym for Type of Service It is implemented as the IPv4 ToS priority control It is fully decoded to determine the priority from the 6 bit ToS field in the IP header TrTCM Two rate...

Страница 317: ...gh there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated with a Policy 1 ingress...

Страница 318: ...with other hosts when only the Internet address of its neighbors is known Before using IP the host sends a broadcast ARP request containing the Internet address of the desired destination system ARP...

Страница 319: ...ning it a unique IP address DHCP Relay DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain The DHCP option 82 ena...

Страница 320: ...t the device for providing congestion control guarantees to the frame according to what was configured for that specific DP level A DP level of 0 zero corresponds to Committed Green frames and a DP le...

Страница 321: ...Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as pa...

Страница 322: ...ng data across an internet network IP is a best effort system which means that no packet of information sent over is assured to reach its destination in the same condition it was sent Each device conn...

Страница 323: ...recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Networ...

Страница 324: ...are received on the MVR VLAN and forwarded to the VLANs where hosts have requested it them Wikipedia NAS NAS is an acronym for Network Access Server The NAS is meant to act as a gateway to guard acces...

Страница 325: ...address which forms the first 24 bits of a MAC address PCP PCP is an acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame It is also known as User Priori...

Страница 326: ...e confused with the Simple Mail Transfer Protocol SMTP You send e mail with SMTP and a mail handler receives it on your recipient s behalf Then the mail is read using POP or IMAP IMAP4 and POP3 are th...

Страница 327: ...nd business solution Therefore QoS is the set of techniques to manage network resources QoS class Every incoming frame is classified to a QoS class which is used throughout the device for providing qu...

Страница 328: ...NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the mes...

Страница 329: ...sed by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authenticatio...

Страница 330: ...sage is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WW...

Страница 331: ...ided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that u...

Страница 332: ...802 11b 802 11a dual band etc The term is promulgated by the Wi Fi Alliance WPA WPA is an acronym for Wi Fi Protected Access It was created in response to several serious weaknesses researchers had fo...

Страница 333: ...ork The goal of the WPS protocol is to simplify the process of connecting any home device to the wireless network Wikipedia WRED WRED is an acronym for Weighted Random Early Detection It is an active...

Отзывы:

Нет отзывов