HPE OfficeConnect 1920S 24G series Скачать руководство пользователя страница 155

Страница: 155 / 209

Advanced Security Configuration

155

Table 84. Advanced Security Configuration Fields

Click

Apply

to save any changes for the current boot session. The changes take effect immediately but

are not retained across a switch reset unless you click

Save Configuration

Field

Description

Auto DoS Features

Auto DoS

Enable this option to enable all the DoS prevention mechanisms with default values. Enabling

this feature makes all the fields in the remainder of the table inaccessible (grayed-out). When

disabled, you can individually turn on and off the DoS features and change their default

values. This feature and all the individual DoS protections are disabled by default.

Prevent Land Attack

Enable this option to drop packets for which the source IP address equals the destination IP

address.

Prevent TCP Blat Attack

Enable this option to drop packets for which the TCP source port equals the TCP destination

port.

Prevent UDP Blat Attack

Enable this option to drop packets that have a UDP source port equal to the UDP destination

port.

Prevent Invalid TCP Flags

Attack

Enable this option to drop packets that have TCP Flags SYN and FIN set.

Prevent TCP Fragment

Attack

Enable this option to drop IP packets that have an IP fragment offset equal to 1.

Check First Fragment Only

Enable this option to drop packets that have a TCP header smaller than the minimum TCP

header size, which is hard-coded to 20 bytes.

Prevent Smurf Attack

Enable this option to drop ICMP Echo packets (ping) that are sent to a broadcast IP address.

Prevent Ping Flood Attack

Enable this option to prevent ping flooding by limiting the number of ICMP ping packets.

Prevent SYN Flood Attack

Enable this option to limit the rate of TCP connection requests so that they are not received

faster than they can be processed.

ICMP Settings

ICMP

Enable this option to allow the device to drop ICMP packets that have a type set to

ECHO_REQ (ping) and a payload size greater than the ICMP payload size configured in the

Max ICMPv4 Size or Max ICMPv6 Size fields.

Max ICMPv4 Size

The maximum allowed ICMPv4 packet size. If ICMP DoS prevention is enabled, the device

will drop ICMPv4 ping packets that have a size greater then this configured maximum

ICMPv4 packet size.

ICMPv6

Enable this option to allow the device to drop ICMP packets that have a type set to

ECHO_REQ (ping) and a payload size greater than the ICMP payload size configured in the

Max ICMPv6 Size field

Max ICMPv6 Size

The maximum allowed IPv6 ICMP packet size. If ICMP DoS prevention is enabled, the switch

will drop IPv6 ICMP ping packets that have a size greater than this configured maximum

ICMPv6 packet size.

ICMP Fragment

Enable this option to allow the device to drop fragmented ICMP packets.

Содержание OfficeConnect 1920S 24G series

Страница 1: ...E OfficeConnect 1920S 8G Switch JL380A HPE OfficeConnect 1920S 24G Switch JL381A HPE OfficeConnect 1920S 48G Switch JL382A HPE OfficeConnect 1920S 8G PPoE 65W Switch JL383A HPE OfficeConnect 1920S 24G PPoE 185W Switch JL384A HPE OfficeConnect 1920S 24G PoE 370W Switch JL385A HPE OfficeConnect 1920S 48G PPoE 370W Switch JL386A Part Number 5200 2836a Published June 2017 Edition 2 ...

Страница 2: ...are registered trademarks of Oracle and or its affiliates Open Source Code Notice This product includes code licensed under the GNU General Public License the GNU Lesser General Public License and or certain other open source licenses A complete machine readable copy of the source code corresponding to such code is available upon request This offer is valid to anyone in receipt of this information...

Страница 3: ...eatures 14 Common Page Elements 15 Saving Changes 15 Graphical Switch 15 Port Configuration and Summary 16 System LEDs 16 Port Status Indicator 16 2 Dashboard 17 3 Setup Network 19 Get Connected 19 HTTPS Configuration 22 System Time Pages 24 System Time 24 Time Configuration 25 Time Zone Configuration 27 Daylight Saving Time Configuration 28 User Accounts 30 Configuration 30 Adding a User Account ...

Страница 4: ...ning Tree MSTP Port Summary 49 Viewing MSTP Port Details or Editing MSTP Port Settings 50 CST Configuration 52 CST Port Summary 54 Viewing CST Port Details or Editing CST Port Settings 55 Spanning Tree Statistics 58 Auto Recovery Configuration 59 Loop Protection 61 Loop Protection Status 61 Loop Protection Configuration 62 Configuring Loop Protection Settings on Interfaces 63 IGMP Snooping 65 SNMP...

Страница 5: ... Name 80 Configuring Interfaces as VLAN Members 80 VLAN Port Configuration 82 Auto Voice VLAN Configuration 83 6 Trunks 85 Trunk Configuration 86 Modifying Trunk Settings 87 Trunk Statistics 88 7 Link Layer Discovery Protocol LLDP and LLDP MED 89 LLDP Global Configuration 89 LLDP Local Device Summary 91 Displaying Port Details 92 LLDP Remote Device Summary 93 LLDP Global Statistics 94 LLDP MED Glo...

Страница 6: ...ng a Route 121 Route Table 122 DHCP Relay 123 DHCP Relay Global Configuration 123 Adding a DHCP Server 124 Removing a DHCP Server 124 DHCP Relay VLAN Interface Configuration 124 Adding a DHCP Server 125 Removing a Relay Interface 125 DHCP Relay Statistics 126 Configuring ARP 127 ARP Table Summary 128 Adding a Static ARP Entry 129 Removing an ARP Entry 129 ARP Table Configuration 130 ARP Table Stat...

Страница 7: ...the Trust Mode and Shaping Rate on an Interface 151 CoS Interface Queue Configuration 152 Configuring CoS Queue Settings 153 11 Security 154 Advanced Security Configuration 154 RADIUS Settings 156 RADIUS Configuration 156 Adding a RADIUS Server 158 Changing RADIUS Server Settings 158 Removing a RADIUS Server 159 RADIUS Server Statistics 159 RADIUS Accounting Server Status 161 Adding a RADIUS Accou...

Страница 8: ...ash Log 184 Log Configuration 185 Ping 187 Ping IPv4 187 Ping IPv6 188 Traceroute 190 Traceroute IPv4 190 Traceroute IPv6 192 Reboot Switch 194 Factory Defaults 195 Support File 196 Locator 197 MAC Table 198 14 Maintenance Pages 200 Dual Image Configuration 200 Backup and Update Manager 201 Backing Up Files 201 Updating Files 203 A Support and other resources 206 Accessing Hewlett Packard Enterpri...

Страница 9: ...Contents 9 B Warranty information 209 Warranty information 209 ...

Страница 10: ...esumed About Your Switch Manual Set The switch manual set includes the following HPE OfficeConnect 1920S Switch Series Quick Setup Guide and Safety Regulatory Infor mation a printed guide shipped with your switch Provides illustrations for basic installation and setup Also includes product specifications as well as safety and regulatory statements and stan dards supported by the switch HPE OfficeC...

Страница 11: ...web session timeout 1 Hr 168 Hrs Trunk configuration 8 port switch 4 Trunk configuration 24 port switch 8 Trunk configuration 48 port switch 16 Trunk membership ports 8 port switch 4 Trunk membership ports 24 port switch 4 Trunk membership ports 48 port switch 8 VLANs 256 VLAN IDs 1 4093 VLAN priority levels 0 7 ACLs IPv4 and MAC 50 Configurable rules per list 2 ACL rules per interface 10 CoS queu...

Страница 12: ...e same subnet as the switch For example set it to IP address 192 168 1 2 mask 255 255 255 0 4 Enter the IP address 192 168 1 1 in the web browser See page 13 for web browser requirements Thereafter use the web interface to configure a different IP address or configure the switch as a DHCP client so that it receives a dynamically assigned IP address from the network After the switch is able to comm...

Страница 13: ...has been set and then click Log In By default the username is admin and there is no password After the initial log on the administra tor may configure a password Figure 1 Login Page Operating System Browser Windows 7 Internet Explorer 9 10 Firefox 38 2 1 40 0 3 41 0 b1 beta Chrome 44 0 2403 45 0 2454 46 0 beta Windows 8 8 1 Internet Explorer 11 included in base OS 8 1 Firefox 38 2 1 40 0 3 41 0 b1...

Страница 14: ...en you click Dashboard in the navigation pane See Dashboard on page 17 for more information You can click the Setup Network link beneath Dashboard to display the Get Connected page which you use to set up a management connection to the switch See Get Connected on page 19 for more information The graphical switch displays summary information for the switch LEDs and port status For informa tion on t...

Страница 15: ...guration file in RAM Unless you save them to system flash memory the changes will be lost if the system reboots To save them perma nently click on the upper right side of the page Note that when there are unsaved changes the button displays a file image A page displays to confirm that you want to save followed by a page that confirms that the operation was completed successfully Graphical Switch T...

Страница 16: ... has occurred other than during self test Blinking slowly The locator function has been enabled to help physically locate the switch On If continuously on no firmware was detected upon boot up Off The locator function is disabled and the switch is operating properly Port Status Indicator Each port in the device view is visually represented by one of five different state images Port State Image Des...

Страница 17: ...ch as the configurable switch name and description the IP address for management access and the software and operating system versions This page also shows resource usage statistics This page is displayed when you first log on or when you click Dashboard in the navigation pane Figure 4 Dashboard Page NOTE The Logged In Users fields display only if more than one user is logged into the system ...

Страница 18: ...maximum of 255 alpha numeric characters including hyphens commas and spaces are allowed This field is blank by default System Object ID The base object ID for the switch s enterprise MIB System Up Time The time in days hours and minutes since the last switch reboot Current Time The current time in hours minutes and seconds as configured 24 or 12 hr AM PM format by the user Date The current date in...

Страница 19: ...n be selected as the management port for the network interface The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or forwarded except that for the management port the port VLAN ID PVID will be the management VLAN To display the Get Connected page click Setup Network Get Connected In ...

Страница 20: ...n this field The default IP address is 192 168 1 1 Note A broadcast multicast or network IP address should not be entered in this field Subnet Mask The IPv4 subnet address to be used The default IP subnet address is 255 255 255 0 Gateway Address The IPv4 gateway address to be used When in doubt set this to be the same as the default gateway address used by your PC MAC Address The hardware MAC addr...

Страница 21: ...93 All ports are members of VLAN 1 by default the administrator may want to create a different VLAN to assign as the management VLAN and associate it with a management port see the next field A VLAN that does not have any member ports either tagged or untagged cannot be configured as the management VLAN When the network protocol is configured to be DHCP any change in the configured management VLAN...

Страница 22: ...cts access to the web UI but also impacts the following protocols DHCP SNMP SNTP and TFTP Field Description HTTPS Admin Mode Enables or disables the HTTPS administrative mode When this mode is enabled the device can be accessed through a web browser using the HTTPS protocol TLS Version 1 Enables or disables Transport Layer Security Version 1 0 When this option is enabled communication between the ...

Страница 23: ...on the device Absent Certificate is not available on the device Generation In Progress An SSL certificate is currently being generated Download Certificates Button Allows you to download an SSL certificate file from a remote system to the device Note that to download SSL certificate files SSL must be administratively disabled Generate Certificate Button Generates an SSL certificate to use for secu...

Страница 24: ...ation pane and ensure that the Clock tab is selected Figure 7 System Time Page Table 4 System Time Fields Field Description Current Time Time The current time This value is determined by an SNTP server When SNTP is disabled the system time increments from 00 00 00 1 Jan 1970 which is set at bootup Date The current date Time Source The source from which the time and date is obtained SNTP The time h...

Страница 25: ...k System Time in the navigation pane and click the Time tab Time Zone Time Zone The currently set time zone The default is GMT Greenwich Mean Time Dublin Edinburgh Lisbon London Acronym The acronym for the time zone if one is configured on the system e g PST EDT Daylight Saving Time Daylight Saving Time Shows whether Daylight Saving Time DST is enabled and the mode of operation No Daylight Saving ...

Страница 26: ...e Configuration fields are available for configuration SNTP Configuration SNTP Client Select Enabled or Disabled default to configure the SNTP client mode When disabled the system time increments from 00 00 00 1 Jan 1970 which is set at bootup SNTP NTP Server Specify the IPv4 address of the SNTP server to which requests should be sent Server Port Specify the server s UDP port for SNTP The range is...

Страница 27: ...m the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid Version Not Supported The SNTP protocol version supported by the server is not com patible with the version supported by the switch client Server Unsynchronized The SNTP server is not synchronized with its peers This is indicated via the leap indicator field in the SNTP message Blocked The SNTP server indicated th...

Страница 28: ...ime DST occurs within your time zone When configured the system time adjusts automatically one hour forward at the start of the DST period and one hour backward at the end To display the Daylight Saving Time page click Setup Network System Time in the navigation pane and click the Daylight Saving Time tab Figure 10 Daylight Saving Time Configuration Page ...

Страница 29: ...ry forward to subsequent years When a DST mode is enabled the clock will be adjusted one hour forward at the start of the DST period and one hour backward at the end Date Range Set the following to indicate when the change to DST occurs and when it ends These fields are editable when Non Recurring is selected as the DST mode Start End Date Use the calendar to set the day month and year when the ch...

Страница 30: ...isting user Field Description Username A unique ID or name used to identify this user account Access Level Indicates the access or privilege level for this user The options are Read Write The user can view and modify the configuration Read Only The user can view the configuration but cannot modify any fields Suspended The user exists but is not permitted to log on to the device Lockout Status Prov...

Страница 31: ...greater than eight characters and can be up to 64 characters in length and are case sensitive Confirm Enter the password again to confirm that you entered it correctly This field will not display but will show asterisks or dots based on the browser you use Access Level Indicates the access or privilege level for this user The options are Read Write The user can view and modify the configuration Re...

Страница 32: ...ngs To change user information select the username with the information to change and click Edit Update the fields as needed and click Apply Figure 13 Edit Existing User Page Removing a User Account To remove any of the user accounts select one or more users to remove Click Remove to delete the selected users You must confirm the action before the user is deleted ...

Страница 33: ... name that identifies the user account Connection From Identifies the administrative system that is the source of the connection For remote connections this field shows the IP address of the administrative system For local connections through the console port this field shows the communication standard for the serial connection Idle Time Shows the amount of time in hours minutes and seconds that t...

Страница 34: ...ord Manager in the navigation menu Figure 15 Password Manager Page Table 10 Password Manager Fields Field Description Rules Configuration Minimum Length Passwords must have at least this many characters 0 to 64 Aging days The number of days that a user password is valid from the time the password is set Once a password expires the user is required to enter a new password at the next login History ...

Страница 35: ...ch as or a password must include Maximum Number of Repeated Characters Specify the maximum number of repeated characters a password is allowed to include An example of four repeated characters is aaaa Maximum Number of Consecutive Characters Specify the maximum number of consecutive characters a password is allowed to include An example of four consecutive characters is abcd Minimum Character Clas...

Страница 36: ...he interface type which can be one of the following Normal The port is a normal port which means it is not a Link Aggregation Group LAG member or configured for port mirroring All ports are normal ports by default Trunk Member The port is a member of a trunk Mirrored The port is configured to mirror its traffic ingress egress or both to another port the probe port Probe The port is configured to r...

Страница 37: ...he Destination MAC the Ethernet Encapsulation or the Ethernet FC Edit Port Configuration Page Additional Fields Link Trap The physical speed Mbps at which the port is operating If no link is present this field is empty Port Description The current description if any associated with the interface to help identify it Storm Control Limits Broadcast Storm Recovery Level Specifies the broadcast storm c...

Страница 38: ...ol mode and threshold for the port Unicast storm control limits the amount of unicast frames accepted and forwarded by the switch If the unicast traffic on the Ethernet port exceeds the configured threshold the system blocks discards the unicast traffic Limits are defined as percentages or Packets Per Second pps The menu specifies the unicast storm recovery action to take if a unicast storm is det...

Страница 39: ...on Interface The port or trunk ID Received Packets w o Error The count of packets received on the port without any packet errors Received Packets with Error The count of packets received on the port with errors Broadcast Received Packets The count of broadcast packets received on the port Transmitted Packets w o Error The number of packets transmitted out of that port without any packet errors Tra...

Страница 40: ...evice a network protocol analyzer is typically connected to the port Multiple switch ports can be configured as source ports with each port mirrored to the same destination Port Mirroring Configuration To display the Port Mirroring page click Switching Port Mirroring in the navigation pane Figure 19 Port Mirroring Page CAUTION When configuring port mirroring avoid oversubscribing the destination p...

Страница 41: ...ed port mirroring session If the mode is disabled the configured source is not mirroring traffic to the destination Destination Port The switch port to which packets will be mirrored Typically a network protocol analyzer is connected to this port Interface If port configured as a interface or probe port This port receives traffic from all configured source ports None The destination is not configu...

Страница 42: ...ce is not configured VLAN Traffic to and from a configured VLAN is mirrored In other words all the packets sent and received on all the physical ports that are members of the VLAN are mirrored Interface Traffic is mirrored from one or more physical ports on the device VLAN ID The VLAN to use as the source Traffic from all physical ports that are members of this VLAN is mirrored This field is avail...

Страница 43: ... None to remove the configuration from a port 4 If Interface is selected from the Type field specify the port number of the interface to receive mir rored traffic 5 Click Apply to apply the changes to the system Removing Source Ports from a Session 1 From the Port Mirroring page select the Session ID for of the port mirroring session to configure 2 Select one or more source ports to remove from th...

Страница 44: ...bled the configured source is not mirroring traffic to the destination Probe Port The interface that receives traffic from all configured source ports Src VLAN The VLAN configured to mirror traffic to the destination You can configure one source VLAN per session The source VLAN can also be a remote VLAN Mirrored Port The ports configured to mirror traffic to the destination You can configure multi...

Страница 45: ...ed by default and can be enabled globally on all switch ports To display the Flow Control page click Switching Flow Control in the navigation pane Figure 24 Flow Control Page Select Enabled to use flow control on the switch If you change this setting click Apply to update the switch configuration The change takes effect immediately but is not retained across a switch reset unless you click Save Co...

Страница 46: ... support STP versions IEEE 802 1D STP and 802 1w Rapid STP or RSTP RSTP reduces the convergence time for network topology changes to about 3 to 5 seconds from the 30 seconds or more for the IEEE 802 1D STP standard RSTP is intended as a complete replacement for STP but can still interoperate with switches running the STP protocol by automatically reconfiguring ports to STP compliant mode if they d...

Страница 47: ...n tages of RSTP and also supports multiple spanning tree instances to efficiently channel VLAN traffic over different interfaces MSTP is compatible with both RSTP and STP Configuration Name The name of the MSTP region Each switch that participates in the same MSTP region must share the same Configuration Name Configuration Revision Level and MST to VLAN mappings Configuration Revision Level The re...

Страница 48: ...the probability that the bridge is selected as the root bridge of Associated VLANs The number of VLANs that are mapped to the MSTI This number does not contain any information about the VLAN IDs that are mapped to the instance Bridge Identifier A unique value that is automatically generated based on the bridge priority value of the MSTI and the base MAC address of the bridge When electing the root...

Страница 49: ... the root bridge Backup A blocked port that has a redundant path to the same network segment as another port on the bridge Master The port on a bridge within an MST instance that links the MST instance to other STP regions Disabled The port is administratively disabled and is not part of the spanning tree Port Forwarding State Blocking The port discards user traffic and receives but does not send ...

Страница 50: ...ce and the interface to view and then click Details The fields on the Edit MSTP Port page and Details of MSTP Port Entry page are the same Figure 28 Edit MSTP Port Page Table 18 Spanning Tree MSTP Port Edit and Details Fields Port Priority The priority for the port within the MSTI This value is used in determining which port on a switch becomes the root port when two ports have the same least cost...

Страница 51: ...rning The port learns the MAC addresses of frames it receives and begins to popu late the MAC address table This state occurs during network convergence and is the second state in transitioning to the forwarding state Forwarding The port sends and receives user traffic Disabled The port is administratively disabled and is not part of the spanning tree Port Role The role of the port within the MST ...

Страница 52: ...lds Field Description Bridge Priority The value that helps determine which bridge in the spanning tree is elected as the root bridge during STP convergence A lower value increases the probability that the bridge becomes the root bridge Bridge Max Age The amount of time a bridge waits before implementing a topological change Bridge Hello Time The amount of time the root bridge waits between sending...

Страница 53: ... time that has passed since the topology of the spanning tree has changed since the device was last reset Topology Change Count The number of times the topology of the spanning tree has changed Topology Change Indicates whether a topology change is in progress on any port assigned to the CST If a change is in progress the value is True otherwise it is False Designated Root The bridge identifier of...

Страница 54: ...the least cost path to the root bridge on its segment Alternate A blocked port that has an alternate path to the root bridge Backup A blocked port that has a redundant path to the same network segment as another port on the bridge Master The port on a bridge within an MST instance that links the MST instance to other STP regions Disabled The port is administratively disabled and is not part of the...

Страница 55: ... face s role in the CST topology select the interface to view and then click Details The fields on the Edit CSST Port Entry page and Details of CST Port Entry page are the same Figure 31 Edit CST Port Entry Page Port Priority The priority for the port within the CST This value is used in determining which port on a switch becomes the root port when two ports have the same least cost path to the ro...

Страница 56: ...ffect can disable edge ports that receive BPDU packets This prevents a new device from entering the existing STP topology Thus devices that were originally not a part of STP are not allowed to influence the STP topology Port ID A unique value that is automatically generated based on the port priority value and the interface index Port Up Time Since Counters Last Cleared The amount of time that the...

Страница 57: ...ate and does not forward any frames Loop Guard When enabled Loop Guard prevents an interface from erroneously transitioning from blocking state to forwarding when the interface stops receiving BPDUs The port is marked as being in loop inconsistent state In this state the interface does not forward frames TCN Guard When enabled TCN Guard restricts the interface from propagating any topology change ...

Страница 58: ...s Page Table 22 Spanning Tree Statistics Fields Field Description Interface The port or trunk associated with the rest of the data in the row STP BPDUs Rx The number of classic STP IEEE 802 1d BPDUs received by the interface STP BPDUs Tx The number of classic STP BPDUs sent by the interface RSTP BPDUs Rx The number of RSTP IEEE 802 1w BPDUs received by the interface RSTP BPDUs Tx The number of RST...

Страница 59: ... received on the port until it is either manually enabled by the administrator or re enabled by the Auto Recovery feature The Auto Recovery feature will automatically re enable a diagnostically disabled port when the error conditions that caused the port to be disabled are no longer detected The switch utilizes a configu rable Auto Recovery timer to periodically check the error condition at set in...

Страница 60: ...agnostically disabled state When BPDU Rate Limit Auto Recovery is enabled the port will be enabled once the configured Recovery Time expires If the port continues to receive BPDUs at a rate greater than or equal to 12 17 BPDUs per second for three consecutive seconds that port will be disabled again BPDU Rate Limit Auto Recovery is disabled by default Interface Status Interface The interface that ...

Страница 61: ...A6 When an interface receives a loop protection PDU it compares the source MAC address with its own If the MAC addresses match a loop is detected and a configured action is taken which may include shutting down the port for a specified period An interface can be configured to receive and take action in response to loop protection PDUs but not to send out the PDUs itself Ports on which loop protect...

Страница 62: ...gured period This is the default Shutdown Port and Log The event will be logged and the port is shut down for the con figured period Log Only The event will be logged and the port remains operational Tx Mode Indicates whether the interface is configured Enabled to send out loop protection protocol data units PDUs to actively detect loops When disabled the interface does not send out loop protectio...

Страница 63: ...t Loop Protection Port Configuration Page Field Description Loop Protection Select Enabled or Disabled to administratively enable or disable this feature globally on the switch This feature is disabled by default Transmission Time The interval at which the switch sends loop protection PDUs on interfaces that are enabled to send them The range is 1 to 10 seconds and the default is 5 seconds Shutdow...

Страница 64: ...ed on static trunks but cannot be enabled on trunks that are dynamically formed through LACP Action Select the action to occur when a loop is detected on a port with loop protection enabled Shutdown Port The port will be shut down for the configured period This is the default selection Shutdown Port and Log The event will be logged and the port it shut down for the con figured period Log Only The ...

Страница 65: ... network performance When enabled the switch supports IGMPv1 and IGMPv2 To enable IGMP snooping and view global status information click Switching IGMP Snooping in the navigation pane Figure 37 IGMP Snooping Page Table 27 IGMP Snooping Fields If you change the Admin Mode click Apply to save the changes for the current boot session The changes take effect immediately but are not retained across a s...

Страница 66: ...er Security Model USM is defined for SNMPv3 and includes Authentication Provides data integrity and data origin authentication Privacy Protects against disclosure of message content Cipher Block Chaining CBC is used for encryption Either authentication is enabled on an SNMP message or both authentication and privacy are enabled on an SNMP message However privacy cannot be enabled without authenti ...

Страница 67: ...that associates Communities and Groups for a specific access type Group Name Identifies the Group associated with this Community entry Community Access Specifies the access control policy for the community The default access privileges are as follows DefaultRead Access to the entire MIB tree except to SNMP configuration objects DefaultWrite Access to the entire MIB tree except to SNMP configuratio...

Страница 68: ...ick Apply To add a new SNMP community group click Add Community Group The Add New Community Group screen appears Figure 40 Add SNMP Community Group Page Configure the community group fields and click Apply Removing an SNMP Community or Community Group To remove an SNMP community or community group select each item to delete and click Remove You must confirm the action before the entries are remove...

Страница 69: ...that includes the SNMP management host and the SNMP agent on the device Notify Type The type of SNMP notification to send the SNMP management host Inform An SNMP message that notifies the host when a certain event has occurred on the device The message is acknowledged by the SNMP management host This type of notification is not available for SNMPv1 Trap An SNMP message that notifies the host when ...

Страница 70: ... click Remove You must con firm the action before the entries are removed from the page SNMP 3 Trap Receivers Use the SNMP v3 Trap Receivers page to configure settings for each SNMPv3 management host that will receive notifications about traps generated by the device The SNMP management host is also known as the SNMP trap receiver To access the Trap Receiver v3 Configuration page click Switching S...

Страница 71: ...essage is not acknowledged by the SNMP management host Security Level The security level associated with the SNMP user which is one of the following No Auth No Priv No authentication and no data encryption no security Auth No Priv Authentication but no data encryption With this security level users send SNMP messages that use an MD5 key password for authentication but not a DES key password for en...

Страница 72: ...from a management system outside of its config ured group but an agent can be a member of multiple groups at the same time to allow communication with SNMP managers from different groups Several default SNMP groups are preconfigured on the system To access the Access Control Group page click Switching SNMP in the navigation pane and then click the Access Control Group tab Figure 45 Access Control ...

Страница 73: ...thentication but not a DES key password for encryption Auth Priv Authentication and data encryption With this security level users send an MD5 key password for authentication and a DES key password for encryption Read The level of read access rights for the group The menu includes the available SNMP views When adding a group select the check box to allow the field to be configured then select the ...

Страница 74: ... Add New SNMP User page Specify whether the engine ID for the SNMP v3 agent is local or remote If the agent is local the engine ID is automatically generated If the agent is remote you must specify the engine ID Engine ID Each SNMPv3 agent has an engine ID that uniquely identifies the agent in the device If given this entry will be used only for packets whose engine id is this This field takes an ...

Страница 75: ...rameter is only valid if the value in the Authentication Method field is not None None No privacy protocol will be used DES DES protocol will be used This option requires an authentication key of 1 32 hexadecimal characters DES Key DES protocol will be used This option requires an authentication key of 32 characters if MD5 is selected or 48 characters if SHA is selected Authentication Key Add New ...

Страница 76: ...o complete access privileges To access the SNMP View Entry page click System Advanced Configuration SNMP View Entry in the navigation menu Figure 49 SNMP View Entry Page Table 33 SNMP View Entry Fields Field Description View Name The name that identifies the SNMP view OID Tree The ASN 1 subtree to be included or excluded from the view View Type Type of access granted to the specified ASN 1 subtree...

Страница 77: ...ppears Figure 50 Add New View Configure the required fields and click Apply Removing an SNMP View To remove one or more SNMP views select each view to delete and click Remove Only user config ured views can be removed You must confirm the action before the entries are removed from the page ...

Страница 78: ...d station may omit the tag or the VLAN por tion of the tag in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID A given port may handle traffic for more than one VLAN but it can only sup port one default VLAN ID HPE OfficeConnect 1920S series switches support up to 256 VLANs Viewing VLAN Status and Adding VLANs Use the VLAN Status...

Страница 79: ...eate up to 256 VLANs Field Description VLAN ID The numerical VLAN identifier VID assigned to the VLAN from 1 to 4093 Note VLAN 0 VID 0x000 in a frame is reserved and is used to indicate that the frame does not belong to any VLAN In this case the 802 1Q tag specifies only a priority and the value is referred to as a priority tag Name A user configurable name that identifies the VLAN If no name is s...

Страница 80: ...iguration page specify the new name consisting of 0 to 32 alphanumeric char acters and click Apply Configuring Interfaces as VLAN Members By default all ports and trunks are assigned membership in the default VLAN VLAN 1 If you create additional VLANs you can add interfaces as members of the new VLANs and configure VLAN tagging settings for the interfaces You can also modify interface memberships ...

Страница 81: ...owing Tagged The port is a tagged member of the selected VLAN When frames in this VLAN are forwarded on this port the VLAN ID will be included in the frame s Ethernet header Untagged The port is an untagged member of the selected VLAN When frames in this VLAN are forwarded on this port the VLAN ID will not be included in the frame s Ether net header NOTE Consider the following guidelines when edit...

Страница 82: ... the Port VLAN ID PVID In a tagged frame the VLAN is identified by the VLAN ID in the tag Acceptable Frame Types Indicates how the interface handles untagged and priority tagged frames Admit All Untagged and priority tagged frames received on the interface are accepted and assigned the value of the Port VLAN ID for this interface Only Tagged The interface discards any untagged or priority tagged f...

Страница 83: ... as well as the per port settings When Voice VLAN is configured on a port that receives both voice and data traffic it can help ensure that the voice traffic has priority To display the Auto Voice VLAN Configuration page click Switching Auto Voice VLAN in the navi gation pane Figure 56 Auto Voice VLAN Configuration Page Table 37 Auto Voice VLAN Configuration Fields Field Description Voice VLAN Adm...

Страница 84: ... ignores the 802 1p priority value in the Ethernet frames it receives from connected devices Disabled The port trusts the priority value in the received frame Voice VLAN Interface Mode Indicates how an IP phone connected to the port should send voice traffic VLAN ID Forward voice traffic in the specified voice VLAN 802 1p Tag voice traffic with the specified 802 1p priority value None Use the sett...

Страница 85: ... static trunk interface does not require a partner system to be able to aggregate its member ports From a system perspective a Trunk is treated as a physical port A Trunk and a physical port use the same configuration parameters for administrative enable disable port priority and path cost A trunk failure of one or more of the links does not stop traffic in any manner Upon failure the flows mapped...

Страница 86: ...ata Units LACPDUs with links in the trunk The PDUs contain infor mation about each link and enable the trunk to maintain them Static Static trunks are assigned to a bundle by the administrator Members do not exchange LACPDUs A static trunk does not require a partner system to be able to aggregate its member ports This is the default port type Note that the loop protection feature is not supported ...

Страница 87: ...k is a static trunk When disabled the trunk type is Dynamic Load Balance The hashing algorithm used to distribute traffic load among the physical ports of the trunk while preserving the per flow packet order The hashing algorithm uses various packet attributes to determine the outgoing physical port The following sets of packet attributes can be used to compute the hashing algorithm Source MAC VLA...

Страница 88: ... the currently selected trunk The changes take effect immediately Trunk Statistics The Trunk Statistics page displays the flap count for each trunk A flap occurs when a trunk interface or trunk member port goes down To display the Trunk page click Trunks Statistics in the navigation pane Figure 59 Trunk Statistics Page Table 40 Trunk Statistics Fields You can click Clear Counters to reset the flap...

Страница 89: ...tions implementing the LLDP transmit function and LLDP DUs are received and processed by stations implementing the receive function The transmit and receive functions can be enabled and disabled separately per port By default both functions are enabled on all ports LLDP MED is an extension of the LLDP standard LLDP MED uses LLDP s organizationally specific Type Length Value TLV extensions and defi...

Страница 90: ...lization Delay Specify the number of seconds to wait before attempting to re initialize LLDP on a port after the LLDP operating mode on the port changes The range is from 1 to 10 seconds and the default is 2 seconds Notification Interval Specify the minimum number of seconds to wait between transmissions of remote data change notifications The range is from 5 to 3600 seconds and the default is 5 s...

Страница 91: ... box to disabled the associated feature To modify settings on all interfaces click Edit All LLDP Local Device Summary Use the LLDP Local Device Summary page to view LLDP information for switch interfaces To display this page click LLDP Local Devices in the navigation pane Figure 62 LLDP Local Device Summary Page ...

Страница 92: ...The hardware platform identifier for the device Chassis ID Subtype The type of information used to identify the chassis Capabilities Supported The primary function s the device supports Capabilities Enabled The primary function s the device supports that are enabled Interface Description Interface The interface ID Port ID The port identifier which is the physical address associated with the interf...

Страница 93: ...System Description The device description which includes information about the product model and platform Management Address The address such as an IP address associated with the management interface of the device Management Address Type The protocol type or standard associated with the management address Field Description Interface The HPE OfficeConnect 1920S interface that received the LLDP data...

Страница 94: ...tation Capabilities Enabled The capabilities on the remote device that are enabled System ID The reported management IP or MAC addresses of the remote device Field Description Global Statistics Insertions The number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been inserted into tables associated with the remote systems Deletions The number ...

Страница 95: ...hen an entry was created modified or deleted in the tables associated with the remote system Interface Statistics Interface The interface ID Transmitted Frames The number of LLDP frames transmitted on the interface Received Frames The number of valid LLDP frames received on the interface Discarded Frames The number of LLDP frames the interface discarded for any reason Errors The number of invalid ...

Страница 96: ... Protocol Media Endpoint Discovery LLDP MED settings click LLDP MED Configuration in the navigation pane Figure 66 LLDP MED Global Configuration Page The following global settings display Table 47 LLDP MED Global Configuration Fields If you change the Fast Start Repeat Count click Apply to save any changes for the current boot ses sion The changes take effect immediately but are not retained acros...

Страница 97: ...he interface When enabled the LLDP MED transmit and receive functions are effectively enabled on the interface This feature is enabled by default Notification Status Indicates whether LLDP MED topology change notifications are enabled or disabled on the interface This feature is disabled by default Operational Status Indicates whether the interface is configured to transmit TLVs To transmit TLVs t...

Страница 98: ...ertised by the switch interfaces when they are enabled for LLDP MED To display this page click LLDP MED Local Devices in the navigation pane Figure 68 LLDP MED Local Device Summary Page Table 49 LLDP MED Local Device Summary Fields Field Description Interface The trunk or port ID Port ID The interface identifier which is its physical address ...

Страница 99: ... Description Interface The local interface that has received LLDP MED data units from remote devices Remote ID The client identifier assigned to the remote system that sent the LLDP MED data unit Device Class The MED Classification advertised by the TLV from the remote device The following three classifications represent the actual endpoints Class I Generic for example IP Communication Controller ...

Страница 100: ...Device Information Page The following additional fields appear on the LLDP MED Remote Device Information page Field Description Capability Information Supported Capabilities The supported capabilities that were received in the MED TLV on this interface Enabled Capabilities The supported capabilities on the remote device that are also enabled Device Class The MED Classification advertised by the TL...

Страница 101: ...Ns Inventory Information This section describes the information in the inventory TLVs received in the LLDP MED frames on this interface Hardware Revision The hardware version advertised by the remote device Firmware Revision The firmware version advertised by the remote device Software Revision The software version advertised by the remote device Serial Number The serial number advertised by the r...

Страница 102: ...ds when the PD is actu ally in use PoE Capabilities The HPE OfficeConnect 1920S PoE enabled switches support the original PoE specification IEEE 802 3af and the PoE Plus specification IEEE 802 1at IEEE 802 3af enables providing up to 15 4W of power over a PoE port whereas PoE Plus enables providing up to 30W of power Table 51 shows which ports on each switch support PoE and PoE Plus along with the...

Страница 103: ... but no ports are delivering power Faulty The PoE functionality is not operational Total Power Watts The total power in watts that can be provided by the switch Power Consumption Watts The amount of power in watts currently being consumed by connected PoE devices Power Management Mode Select the method by which the PoE controller determines supplied power Possible values are Static The power alloc...

Страница 104: ...priority ports Possible values are High Low and None None is the lowest priority and the default for all ports Schedule The scheduled time if any when source power is available on this port Options are None Source power is available at all times subject to the port priority This is the default selection Schedule 1 Source power is available during the configured first schedule Schedule 2 Source pow...

Страница 105: ...ction User The power limit is user defined overriding the LLDP information When set to User the specified power limit also displays next to this value When High Power Mode is enabled the maximum value is 30W When High Power Mode is disabled the maximum value is 15 4W The Power Limit field is available on the Edit PoE Port Configuration page Status The status of the port as a provider of power over...

Страница 106: ...p to 15 4W of power Max Configurable Power If the Power Limit Type for the port is User user defined this field displays the configured power limit If the Power Limit type is set to Class then Class displays Class If the Power Limit Type is set to Class this field displays the class of the connected device as learned in LLDP messages Possible values are Unknown and Class 0 through Class 4 A higher...

Страница 107: ... for the selected schedule Field Description Schedule Select Schedule 1 or Schedule 2 to display information on time periods configured for the schedule if any Entry Type The type of time period entry which is one of the following Absolute A single time period that occurs once or has an undefined start or end period The duration of an absolute entry can be hours days or even years Each time entry ...

Страница 108: ...e This field can be configured only when the Start Time option is selected Starting Time of Day Specify the time of day that the entry becomes active by entering the information in the field or by using the scroll bar in the Choose Time window which displays when you click the field You can click Now to use the current time of day Click Done to close the window End Time Select this option to confi...

Страница 109: ...riod becomes active The days are autoselected to correspond to your choice in the Applicable Days field If you selected Days of Week you can hold down the Ctrl key to select multiple days Starting Time of Day Specify the time of day that the entry becomes active by entering the information in the field or by using the scroll bar in the Choose Time window which displays when you click the field You...

Страница 110: ...identifies the interface being viewed Status Indicates whether the interface is capable of routing IP packets Up or cannot route packets Down For the status to be Up the routing mode and administrative mode for the interface must be enabled Additionally the interface must have an IP address and be physically up active link IP Address The IP address of the interface Subnet Mask The IP subnet mask f...

Страница 111: ... level protocols Encapsulation Type The link layer encapsulation type for packets transmitted from the interface which can be either Ethernet or SNAP Forward Net Directed Broadcasts Indicates how the interface handles network directed broadcast packets A network directed broadcast is a broadcast directed to a specific subnet The possible values are as follows Enabled Network directed broadcasts ar...

Страница 112: ...ble The device acts as a Layer 2 bridge and switches traffic between interfaces The device does not perform any internetwork routing ICMP Echo Replies Select Enable or Disable from the drop down menu If you select Enable then only the router can send ECHO replies By default ICMP Echo Replies are sent for echo requests ICMP Redirects Select this option to allow the device to send ICMP Redirect mess...

Страница 113: ...ch This is a read only value Maximum Routes The maximum number of routes routing table size supported by the switch Global Default Gateway The IP address of the default gateway for the device If the destination IP address in a packet does not match any routes in the routing table the packet is sent to the default gateway The gateway specified in this field is more preferred than a default gateway ...

Страница 114: ... Type The type of interface that can be configured for routing Interface Enables list of all non loopback interfaces that can be configured for routing VLAN Enables list of all VLANs that can be configured for routing VLAN The menu contains all VLANs that can be configured for routing To configure routing settings for a VLAN select it from the menu and then configure the rest of the settings on th...

Страница 115: ...n this field read only after it is acquired If this field is blank the IP Address Configuration Method might be None or the method might be DHCP and the interface is unable to lease an address Subnet Mask The IP subnet mask for the interface also known as the network mask or netmask This field can be configured only when the selected IP Address Configuration Method is Manual MAC Address The burned...

Страница 116: ...is allowed to send ICMP Destination Unreachable message to a host if the intended destination cannot be reached for some reason If this option is clear the interface will not send ICMP Destination Unreachable messages to inform the host about the error in reaching the intended destination ICMP Redirects When this option is selected the interface is allowed to send ICMP Redirect messages The device...

Страница 117: ...s for transmission Note that this counter does not include any datagrams counted in ipForwDatagrams IpOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this discret...

Страница 118: ...tity attempted to send Note that this counter includes all those counted by icmpOutErrors IcmpOutErrors The number of ICMP messages which this entity did not send due to problems discovered within ICMP such as a lack of buffers This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram In some implementations there may be no t...

Страница 119: ...le 63 IP Route Summary Fields Field Description Route Types Connected Routes The total number of connected routes in the IP routing table Static Routes The total number of static routes in the IP routing table Total Routes The total number of routes in the routing table Route Table Counters Best Routes High The number of best routes currently in the routing table This number only counts the best r...

Страница 120: ...ed to the routing table at startup because the routing interfaces are not yet up This counter gets incremented in this case The static routes are added to the routing table when the routing interfaces come up Invalid Route Adds The number of routes that failed to be added to the routing table because the route was invalid A log message is written for each of these failures Failed Route Adds The nu...

Страница 121: ...s page Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration Removing a Route To remove one or more configured routes select each route to delete and click Remove Field Description Network Address The IP route prefix for the destination Subnet Mask Also referred to as the subnet network mask this indicates the portion of the IP interfac...

Страница 122: ...k Also referred to as the subnet network mask this indicates the portion of the IP interface address that identifies the attached network Protocol This field tells which protocol created the specified route The possibilities are one of the following Local Static Default Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards t...

Страница 123: ...y Global Configuration page click Routing DHCP Relay in the navigation pane and ensure that the Global tab is selected Figure 86 DHCP Relay Global Configuration Page Table 66 DHCP Relay Global Configuration Fields If you change the administrative mode of the feature click Apply to update the switch configuration Your changes take effect immediately but are not retained across a switch reset unless...

Страница 124: ...he DHCP Relay VLAN Interface Configuration page to add view or delete the DHCP relay con figuration on a selected routing interface To display the DHCP Relay VLAN Interface Configuration page click Routing DHCP Relay in the navigation pane and click the VLAN Interface Configuration tab Figure 88 DHCP Relay VLAN Interface Configuration Page NOTE DHCP relay can be configured on an VLAN or interface ...

Страница 125: ...ce or VLAN should send packets 3 Click Apply Removing a Relay Interface To remove the DHCP relay capabilities from one or more VLANs or interfaces select each interface and click Remove Field Description Interface The routing interface that has the DHCP relay feature configured UDP Destination Port The destination UDP port number of UDP packets to be relayed Server Address The IPv4 address of the ...

Страница 126: ...of DHCP responses received from the DHCP server This count only includes messages that the DHCP server unicasts to the relay agent for relay to the client DHCP server messages relayed Specifies the number of DHCP server messages relayed to a client UDP client messages received The number of valid UDP packets received This count includes DHCP messages and all other protocols relayed Conditions are ...

Страница 127: ...he sender s IP and MAC address in their respective ARP cache The ARP response being unicast is normally seen only by the requester who stores the sender information in its ARP cache Newer information always replaces existing content in the ARP cache The number of supported ARP entries is platform dependent Devices can be moved in a network which means the IP address that was at one time associated...

Страница 128: ...C Address The unicast MAC address hardware address associated with the network host When adding a static ARP entry specify the MAC address to associate with the IP address in the entry Interface The routing interface associated with the ARP entry The network host is associated with the device through this interface Type The ARP entry type Dynamic An ARP entry that has been learned by the router Ga...

Страница 129: ...tic ARP Entry dialog box opens Figure 92 Add Static ARP Entry Page 2 Specify the IP address and its associated MAC address 3 Click Apply Removing an ARP Entry To delete one or more ARP entries select each entry to delete and click Remove Note that ARP entries designated as Local cannot be removed ...

Страница 130: ... click Save Configuration Field Description Age Time The amount of time in seconds that a dynamic ARP entry remains in the ARP table before aging out Response Time The amount of time in seconds that the device waits for an ARP response to an ARP request that it sends Retries The maximum number of times an ARP request will be retried after an ARP response is not received The number includes the ini...

Страница 131: ...ly learned entries and statically configured entries Peak Total Entries The highest value reached by the Total Entry Count This value is reset whenever the ARP table Cache Size configuration parameter is changed Active Static Entries The total number of active ARP entries in the ARP table that were statically configured After a static ARP entry is configured it might not become active until certai...

Страница 132: ...re applied per interface and each interface supports a maximum of 10 rules To configure an ACL 1 Create an IPv4 based or MAC based rule and assign a unique ACL ID see Access Control List Summary 2 Define the rules which can identify protocols source and destination IP and MAC addresses and other packet matching criteria see Access Control List Interface Summary 3 Use the ID number to assign the AC...

Страница 133: ...e also determines which attributes can be applied to matching traffic IPv4 ACLs classify Layer 3 and Layer 4 IPv4 traffic IPv6 ACLs classify Layer 3 and Layer 4 IPv6 traffic and MAC ACLs classify Layer 2 traffic The ACL types are as follows IPv4 Standard Match criteria is based on the source address of IPv4 packets IPv4 Extended Match criteria can be based on the source and destination addresses s...

Страница 134: ...on page click QoS Access Control Lists in the navi gation pane and click the Configuration tab Figure 97 Access Control List Configuration Page Table 73 Access Control List Configuration Fields Field Description ACL Identifier The menu contains the ID for each ACL that exists on the system Before you add or remove a rule you must select the ID of the ACL from the menu Sequence Number The number th...

Страница 135: ...pe of IPv4 packets IPv4 Named Match criteria is the same as IPv4 Extended ACLs but the ACL ID can be an alphanumeric name instead of a number Extended MAC Match criteria can be based on the source and destination MAC addresses 802 1p user priority VLAN ID and EtherType value within Ethernet frames Status Indicates whether the ACL is active If the ACL is a time based ACL that includes a time range ...

Страница 136: ...lear Source IP Address Wildcard Mask The source port IP address in the packet and source IP wildcard mask in the second field to compare to the IP address in a packet header Wild card masks determines which bits in the IP address are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all of the bits are import...

Страница 137: ... interface to use for the action Redirect Allows traffic that matches a rule to be redirected to the selected interface instead of being processed on the original port The redirect function and mirror function are mutually exclusive Mirror Provides the ability to mirror traffic that matches a rule to the selected interface Mirroring is similar to the redirect function except that in flow based mir...

Страница 138: ...4 ACL Page 3 Specify a sequence number to indicate the position of a rule within the ACL 4 Specify the action for the rule Permit The packet or frame is forwarded Deny The packet or frame is dropped 5 Specify the match criteria and rule attributes shown in Table 75 6 Click Apply ...

Страница 139: ...to the IP address in a packet header Wild card masks determines which bits in the IP address are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all of the bits are important Wildcard masking for ACLs operates differently from a subnet mask A wildcard mask is in essence the inverse of a subnet mask With a s...

Страница 140: ...IP TOS field in a packet is defined as all eight bits of the Service Type octet in the IP header For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a TOS Bits value of 0xA0 and a TOS Mask of 0xFF TOS Bits Requires the bits in a packet s TOS field to match the two digit hexadeci mal number entered in this field TOS Mask The bit posit...

Страница 141: ...ch Criteria Every When this option is selected all packets will match the rule and will be either permitted or denied This option is exclusive to all other match criteria so if Every is selected no other match criteria can be configured To configure specific match criteria this option must be clear CoS The 802 1p user priority value to match within the Ethernet frame EtherType The EtherType value ...

Страница 142: ...F means that the bit is not checked and a zero in a bit position means that the data must equal the value given for that bit For example if the MAC address is aa_bb_cc_dd_ee_ff and the mask is 00_00_ff_ff_ff_ff all MAC addresses with aa_bb_xx_xx_xx_xx result in a match where x is any hexadecimal number VLAN The VLAN ID to match within the Ethernet frame Rule Attributes Assign Queue The number that...

Страница 143: ... ACL to an interface 1 Click Add The Access Control List Interface Configuration page appears Field Description Interface The interface that has an associated ACL Direction Indicates whether the packet is checked against the rules in an ACL when it is received on an interface Inbound or after it has been received routed and is ready to exit an interface Outbound Sequence Number The order the ACL i...

Страница 144: ...h the interface or interfaces 5 Click Apply Removing an Association Between an ACL and an Interface To remove one or more ACL interface associations select each entry to delete and click Remove Access Control List VLAN Summary Use this page to associate one or more ACLs with one or more VLANs on the device To display the Access Control List VLAN Summary page click QoS Access Control Lists VLANs in...

Страница 145: ...ID The ID of the VLAN associated with the rest of the data in the row When associating a VLAN with an ACL use this field to select the desired VLAN Direction Indicates whether the packet is checked against the rules in an ACL when it is received on a VLAN Inbound or after it has been received routed and is ready to exit a VLAN Outbound Sequence Number The order the ACL is applied to traffic on the...

Страница 146: ...traffic and MAC ACLs classify Layer 2 traffic The ACL types are as follows IPv4 Standard Match criteria is based on the source address of the IPv4 packets IPv4 Extended Match criteria can be based on the source and destination addresses source and destination Layer 4 ports and protocol type of the IPv4 packets IPv4 Named Match criteria is the same as IPv4 Extended ACLs but the ACL ID can be an alp...

Страница 147: ...ic based on the 802 1p tag attached to the L2 frame Each port on the switch has multiple queues to give preference to certain packets over others based on the class of service CoS criteria you specify When a packet is queued for transmission in a port the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port I...

Страница 148: ...terface associated with the rest of the data in the row The Global entry represents the common settings for all interfaces unless specifically overridden individually Priority The heading row lists each 802 1p priority value 0 7 and the data in the table shows which traffic class is mapped to the priority value Incoming frames containing the designated 802 1p priority value are mapped to the corre...

Страница 149: ...on Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration DSCP CoS Global Mapping Configuration Use the DSCP CoS Global Mapping Configuration page to map an IP DSCP value to an internal traffic class To display the DSCP CoS Global Mapping Configuration page click QoS Class of Service in the navigation pane and then click the DSCP tab NOT...

Страница 150: ...t retained across a switch reset unless you click Save Configuration Field Description IP DSCP Values Lists the IP DSCP values to which you can map an internal traffic class The values range from 0 63 Traffic Class The traffic class is the hardware queue for a port Higher traffic class values indicate a higher queue position Before traffic in a lower queue is sent it must wait for traffic in highe...

Страница 151: ...ace to be affected by the Interface Shaping Rate Select Global to apply a rate to all interfaces Select an individual port to override the global setting Trust Mode The trust mode for ingress traffic on the interface which is one of the following untrusted The interface ignores any priority designations encoded in incoming packets and instead sends the packets to a traffic queue based on the ingre...

Страница 152: ...onfigur ing switch egress queues User configurable parameters control the amount of bandwidth used by the queue the queue depth during times of congestion and the scheduling of packet transmission from the set of all queues on a port Each port has its own CoS queue related configuration The configuration process is simplified by allowing each CoS queue parameter to be configured glob ally or per p...

Страница 153: ...figuring the Minimum Bandwidth for a queue in the selected interface Queue ID The queue to be configured on the interface selected from the Interface menu Minimum Bandwidth Specify the minimum guaranteed bandwidth allocated to the selected queue on the interface Setting this value higher than its corresponding Maximum Bandwidth automatically increases the maximum to the same value The default valu...

Страница 154: ...s an attempt to saturate the switch with external communication requests to prevent the switch from performing efficiently or at all You can enable Auto DoS protection that prevents common types of DoS attacks The ICMP security options help prevent the device and the network from attacks that involve issues with the ICMP echo request packets pings that the device receives To display the Advanced S...

Страница 155: ... Fragment Only Enable this option to drop packets that have a TCP header smaller than the minimum TCP header size which is hard coded to 20 bytes Prevent Smurf Attack Enable this option to drop ICMP Echo packets ping that are sent to a broadcast IP address Prevent Ping Flood Attack Enable this option to prevent ping flooding by limiting the number of ICMP ping packets Prevent SYN Flood Attack Enab...

Страница 156: ...ion pane and ensure that the Configuration tab is selected Figure 114 RADIUS Configuration Page Table 85 RADIUS Configuration Fields Field Description Global RADIUS Settings 802 1X Authentication Mode Specifies whether the IEEE 802 1X authentication mode on the switch is enabled or disabled When this setting is selected and port based authentication is enabled for the device RADIUS will be used fo...

Страница 157: ...r the authentication server group True The server is the current server for the authentication server group False The server is a secondary server When the switch sends a RADIUS request to the named server the request is directed to the server selected as the current server Initially the primary server is selected as the current server If the primary server fails one of the other servers becomes t...

Страница 158: ...information about the RADIUS server 3 Click Apply to update the switch configuration Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration Changing RADIUS Server Settings To change settings for an existing RADIUS server 1 Select the RADIUS server to configure 2 Click Edit The Edit RADIUS Server page appears Figure 116 Edit RADIUS Server...

Страница 159: ...IUS Server Statistics Page Table 86 RADIUS Server Statistics Fields Field Description IP Address Host Name The IP address or host name of the RADIUS server associated with the rest of the data in the row When viewing the detailed statistics for a RADIUS server this field identifies the RADIUS server Round Trip Time The time interval in hundredths of a second between the most recent Access Reply Ac...

Страница 160: ...missions The number of RADIUS Access Request packets that had to be retransmitted to the server because the initial Access Request packet failed to be successfully delivered Access Accepts The number of RADIUS Access Accept packets including both valid and invalid packets that were received from the server Access Challenges The number of RADIUS Access Challenge packets including both valid and inv...

Страница 161: ...of the RADIUS accounting server Host names must be resolvable by DNS and are composed of a series of labels separated by dots Port Number The UDP port on the RAIDUS accounting server to which the local RADIUS client sends request packets Secret Configured Indicates whether the shared secret for this server has been configured To reset the shared secret to an unconfigured state click the reset icon...

Страница 162: ...hanges take effect immediately but are not retained across a switch reset unless you click Save Configuration Changing RADIUS Accounting Server Settings To change settings for an existing RADIUS accounting server 1 Select the RADIUS accounting server to configure 2 Click Edit The Edit RADIUS Accounting Server page appears Figure 120 Edit RADIUS Accounting Server Page 3 Update the RADIUS accounting...

Страница 163: ... Name The IP address or host name of the RADIUS accounting server associated with the rest of the data in the row When viewing the detailed statistics for a RADIUS accounting server this field identifies the server Round Trip Time Displays the time interval in hundredths of a second between the most recent Accounting Response and the Accounting Request that matched it from this RADIUS accounting s...

Страница 164: ...scription Accounting Retransmissions The number of RADIUS Accounting Request packets retransmitted to the server Accounting Responses The number of RADIUS packets received on the accounting port from the server Timeouts The number of accounting timeouts to this server Malformed Access Responses The number of malformed RADIUS Accounting Response packets received from the server Malformed packets in...

Страница 165: ...pecifies the external server for example the RADIUS server that per forms the authentication on behalf of the authenticator and indicates whether the user is autho rized to access system services Port Access Control Configuration Use this page to configure the global Port Access Control settings on the device The port based access control feature uses IEEE 802 1X to enable the authentication of sy...

Страница 166: ...f the switch is allowed to place a port in a RADIUS assigned VLAN A port s VLAN assignment is determined by the first supplicant that is authenticated on the port Dynamic VLAN Creation Mode The administrative mode of dynamic VLAN creation on the device If RADIUS assigned VLANs are enabled the RADIUS server is expected to include the VLAN ID in the 802 1X tunnel attributes of its response message t...

Страница 167: ...nt or host to the authentication server If the server successfully authenticates the supplicant the port allows access Supplicant The port must be granted permission by the authentication server before it can access the remote authenticator port Control Mode The port based access control mode configured on the port which is one of the following Auto The port is unauthorized until a successful auth...

Страница 168: ...the 802 1X process that controls the interaction between the 802 1X client on the local system and the remote authentication server The state can be one of the following Request Response Success Fail Timeout Initialize Idle Initialize Icon Click the Initialize icon to reset the 802 1X state machine on the associated interface to the initialization state Traffic sent to and from the port is blocked...

Страница 169: ...he interface that was selected on the Port Access Control Port Summary page PAE Capabilities The Port Access Entity PAE role which is one of the following Authenticator The port enforces authentication and passes authentication information from a remote supplicant client or host to the authentication server If the server suc cessfully authenticates the supplicant the port allows access Supplicant ...

Страница 170: ... this field is 0 the guest VLAN facility is disabled Guest VLAN Period The value in seconds of the timer used for guest VLAN authentication Unauthenticated VLAN ID The VLAN ID of the unauthenticated VLAN Hosts that fail the authentication might be denied access to the network or placed on a VLAN created for unauthenticated clients This VLAN might be configured with limited network access To set th...

Страница 171: ... require cli ent port based authentication to be able to send and receive traffic Username The name the port uses to identify itself as a supplicant to the authenticator port The menu includes the users that are configured for system management When authenticating the supplicant provides the password associated with the selected User Name Authentication Period The amount of time the supplicant por...

Страница 172: ...mation for an interface this field identifies the interface being viewed PAE Capabilities The Port Access Entity PAE role which is one of the following Authenticator The port enforces authentication and passes authentication informa tion from a remote supplicant similar to a client or host to the authentication server If the server successfully authenticates the supplicant the port allows access S...

Страница 173: ... sent from an authentication server to the client to request authentication information This field is displayed only if the interface is configured as an authenticator EAPOL Start Frames Transmitted The total number of EAPOL Start frames the interface has sent to a remote authenticator EAPOL Start frames are sent by a supplicant to initiate the 802 1X authentication process when it connects to the...

Страница 174: ...al port number associated with the supplicant that is connected to the port User Name The name the client uses to identify itself as a supplicant to the authentication server Supp MAC Address The MAC address of the supplicant that is connected to the port Session Time The amount of time that has passed since the connected supplicant was granted access to the network through the authenticator port ...

Страница 175: ...ory log click Clear History Field Description Interface The interface associated with the rest of the data in the row Only interfaces that have entries in the log history are listed Time Stamp The absolute time when the authentication event took place VLAN Assigned The ID of the VLAN the supplicant was placed in as a result of the authentication process VLAN Assigned Reason The reason why the auth...

Страница 176: ...n Use this page to configure and view protected ports groups To access the Protected Ports Configuration page click Security Protected Ports in the navigation pane Figure 127 Protected Ports Configuration Page Table 96 Protected Ports Configuration Fields Creating a Protected Ports Group To create a protected ports group and add ports to the group 1 Click Add The Add Group page appears Field Descr...

Страница 177: ...s field To select multiple interfaces Ctrl click each interface or use Shift click to select a contiguous range of interfaces 4 Click Apply Editing a Protected Ports Group To change the name or the port members for an existing group select the group to update and click Edit Removing a Protected Ports Group To remove one or more protected ports groups select each entry to delete and click Remove Yo...

Страница 178: ... Configuration Status page see Port Status on page 36 If the interface continues to encounter excessive traffic it may be placed back into the diagnostically disabled state and the interface will be disabled link down Storm Control functionality is applicable only to the physical interfaces Use the Storm Control Configuration page to configure the storm control administrative mode and to set the A...

Страница 179: ...he interface which is diagnostically disabled If no interfaces are in the diagnostically disabled state the table is blank Admin Mode The administrative mode of the interface Port Status Indicates whether the link is up or down The link is the physical connection between the port and the interface on another device Reason If device detects an error condition for an interface then the device puts t...

Страница 180: ...nabled and the port link is down the PHY automatically goes down for a short period of time The port wakes up when it senses activity on the link This feature enables saving power consumption when no link partner is present This feature is disabled by default Low Power Idle EEE EEE Energy Efficient Ethernet is designed to save power by turning off network ports that are not passing traffic When th...

Страница 181: ...n watts x hours due to the Energy Efficient Ethernet feature Estimated Power Savings The estimated percentage of power conserved on all ports due to the Energy Efficient Ethernet feature For example 10 means that the device required 10 less power Current Power Consumption The estimated power consumption by all ports Per Port Status Interface The interface ID The table displays all interfaces that ...

Страница 182: ...eup time is negotiated with the link partner Yes or No Rx Wakeup time The Rx wakeup time in effect for the port if negotiated by LLDP otherwise a dash displays Tx Wakeup time The Tx wakeup time in effect for the port if negotiated by LLDP otherwise a dash displays Field Description ...

Страница 183: ...ximum size the oldest message is deleted from the RAM when a new message is added If the system restarts all messages are cleared The Log page displays the 200 most recent system messages such as configuration failures and user ses sions The newest log entry by default is displayed at the bottom of the list To display the Log page click Diagnostics Log in the navigation pane Figure 132 Buffered Lo...

Страница 184: ...y so that it is preserved upon reboot When the switch is reset to factory defaults all crash log information is erased Field Description Log Index The log number Log Time Time at which the log was entered in the table Severity The severity level associated with the log message The severity can be one of the following Emergency The device is unusable Alert Action must be taken immediately Critical ...

Страница 185: ...chive Log Configuration The HPE OfficeConnect 1920S series switch software supports logging system messages to the buff ered log file or forwarding messages over the network using the Syslog protocol Syslog messages can be captured by a designated host on the network that is running a Syslog daemon You can use the Log Configuration page to configure buffered log and Syslog settings To display the ...

Страница 186: ...stem error of a specified operation Notice Notifies the user of a system error Info Provides the user with system information This is the default filter level Debug An internal note to reconcile programming code SysLog Configuration SysLog Host Enables and disables logging to configured syslog hosts When the syslog admin mode is disabled the device does not relay logs to syslog hosts and no messag...

Страница 187: ...s Ping in the navigation pane and ensure the IPv4 tab is selected Figure 135 Ping IPv4 Page Table 102 Ping IPv4 Fields Field Description IP Address Specify the IP address you want to reach Count Specify the number of packets to send The range is 1 to 15 packets and the default is 3 packets Interval Specify the delay between ping packets The range is from 1 to 60 seconds and the default is 3 second...

Страница 188: ...as the source option Interface The interface to use when sending a ping request This field is enabled when Interface is selected as the source option The default interface to use is the network port Status The current status of the ping test which can be one of the following Not Started The ping test has not been initiated since viewing the page In Progress The ping test has been initiated and is ...

Страница 189: ...default is 3 packets Interval Specify the delay between ping packets The range is from 1 to 60 seconds and the default is 3 seconds Size Specify the size of the ping packet to be sent Changing the size allows you to troubleshoot connectivity issues with a variety of packet sizes such as large or very large packets The range is from 0 to 13000 bytes and the default is 0 bytes Interface The interfac...

Страница 190: ...dress or hostname When you initiate the traceroute command by clicking the Start button the device sends a series of traceroute probes toward the destination The results list the IP address of each layer 3 device a probe passes through until it reaches its destination or fails to reach its destination and is discarded The information you enter on this page is not saved as part of the device config...

Страница 191: ...er to be used in probe packets The port number should be a port that the target host is not listening on so that when the probe reaches the destination it responds with an ICMP Port Unreachable message Size The size of probe payload in bytes Source The source to use when sending the traceroute which can be one of the following None No source is required IP Address Use the IP address specified in t...

Страница 192: ... 138 Traceroute IPv6 Page Table 105 Traceroute IPv6 Fields Field Description IPv6 Address The IPv6 address of the system to attempt to reach Probes Per Hop Traceroute works by sending UDP packets with increasing Time To Live TTL values Specify the number of probes sent with each TTL MaxTTL The maximum Time To Live TTL The traceroute terminates after sending probes that can be layer 3 forwarded thi...

Страница 193: ...hould be a port that the target host is not listening on so that when the probe reaches the destination it responds with an ICMP Port Unreachable message Size The size of probe payload in bytes Interface The source interface to use when sending the traceroute which is the network port Results The results of the traceroute are displayed Field Description ...

Страница 194: ...dress may change upon restart you will need to determine the address before logging back in to the management utility To display the Reboot Switch page click Diagnostics Reboot Switch Figure 139 Reboot Switch Page Click Reboot to reboot the switch If the device configuration has changed but has not been saved the following window appears after you click Reboot This window provides the opportunity ...

Страница 195: ...cquire its IP address the address may change upon restart you will need to determine the address before logging back in to the management utility To display the Factory Defaults page click Diagnostics Factory Defaults Figure 141 Reset Configuration Page Click Reset to restore the system to the default settings CAUTION It is recommended that you back up the current configuration file prior to resto...

Страница 196: ...ct information along with date and time information Device Information Software and OS versions System Resource Usage CPU and memory usage data Image Status and Image Description The active and backup image status and versions Buffered Log and Configuration Messages and logging configuration details Syslog Configuration Syslog status and remote port and address information Time Configuration and T...

Страница 197: ...es EEE Configuration Global and per port enable disable status and power con sumption data PoE Configuration On switches that support PoE global and per port configuration and sched ule settings You can click Save As to save the Support File page content The Support File page is saved as HTML and is named support_file html by default Locator When you need to physically locate the switch you can us...

Страница 198: ...sses that match your entry Field Description Maximum Entries Supported The maximum number of MAC address entries that can be learned on the switch MAC Address Aging Interval The MAC address table forwarding database contains static entries which never age out and dynamically learned entries which are removed if they are not updated within a given time Specify the number of seconds a dynamic addres...

Страница 199: ...llowing Learned The address has been automatically learned by the switch and can age out when it is not in use Dynamic addresses are learned by examining information in incom ing Ethernet frames Management The burned in MAC address of the switch Self The MAC address belongs to one of the physical interfaces on the switch Other The address was added dynamically through an unidentified protocol or m...

Страница 200: ...ance Dual Image Configuration Figure 145 Dual Image Configuration Page Table 107 Dual Image Configuration Fields Click Apply to save your changes to the switch IMPORTANT If you configure a description for the active and or backup firmware image the descrip tion will not be cleared if you reset the switch to the factory default settings Field Description Image Status This section lists the current ...

Страница 201: ... remote system This is the page you use to update the switch firmware Files can be backed up and updated using HTTP TFTP or SFTP To display this page click Maintenance Backup and Update Manager in the navigation pane Figure 146 File Transfer Page Backing Up Files To back up a file click in the Backup column in the HTTP TFTP or SFTP row The HTTP Backup File TFTP Backup File or SFTP File Upload page...

Страница 202: ...vent log and the buffered log in RAM Server Address TFTP SFTP only Enter the IP address of the TFTP server File Name TFTP SFTP only Enter the path on the server where you want to put the file followed by the name to be applied to the file as it is saved This can differ from the actual file name on the switch The path can be 0 to 160 characters and the file name can be 1 to 32 characters The file n...

Страница 203: ...s errors the update will be stopped Backup Configuration Select this option to update the stored backup configuration file If the file has errors the update will be stopped SSL Trusted Root Certificate PEM File A PEM encoded SSL certificate that has been digitally signed by a certificate authority SSL Server Certificate PEM File A PEM encoded SSL certificate that has been signed by another server ...

Страница 204: ...ate File Page Digital Signature Verification For the Backup Code you can select this option to have the switch verify the file download with a digital signature Digital signature verification is applied to backup code only Status Status information on the update process Field Description ...

Страница 205: ...ile name are separated by a slash The file name can have ASCII printable characters excluding the following Username For SFTP transfer if the server requires authentication specify the user name for remote login to the server that will receive the file Password For SFTP transfer if the server requires authentication specify the password for remote login to the server that will receive the file Dig...

Страница 206: ...ftware products provide a mechanism for accessing software updates through the prod uct interface Review your product documentation to identify the recommended software update method To download product updates go to either of the following Hewlett Packard Enterprise Support Center Get connected with updates page www hpe com support e updates Software Depot website www hpe com support softwaredepo...

Страница 207: ...CSR programs allow you to repair your product If a CSR part needs to be replaced it will be shipped directly to you so that you can install it at your conve nience Some parts do not qualify for CSR Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR For more information about CSR contact your local service provider or go to the CSR...

Страница 208: ...ocumentation send any errors suggestions or comments to Documentation Feedback docsfeedback hpe com When submitting your feedback include the document title part number edi tion and publication date located on the front cover of the document For online help content include the product name product version help edition and publication date located on the legal notices page ...

Страница 209: ...cts available at www hpe com support Safety Compliance EnterpriseProducts Warranty information HPE ProLiant and x86 Servers and Options http www hpe com support ProLiantServers Warranties HPE Enterprise Servers http www hpe com support EnterpriseServers Warranties HPE Storage Products http www hpe com support Storage Warranties HPE Networking Products http www hpe com support Networking Warranties...

Результаты поиска

Содержание OfficeConnect 1920S 24G series

Отзывы:

Похожие инструкции для OfficeConnect 1920S 24G series

Бренды по названию

Популярные бренды

HPE OfficeConnect 1920S 24G series, Руководство по управлению и настройке

Результаты поиска

Содержание OfficeConnect 1920S 24G series

Отзывы:

Похожие инструкции для OfficeConnect 1920S 24G series

Бренды по названию

Популярные бренды