manualshive.com logo in svg

Intelligent network solutions 561112, Руководство пользователя

Поделиться
Скачать
Intelligent network solutions 561112 Скачать руководство пользователя страница 77

Chapter

 

3:

 

Web

 

Management

 

Security

 ‐ 

Network

 ‐ 

NAS

 

(Network

 

Access

 

Server)

 

 

Intelinet

 

48

Port

 

Gigabit

 

Ethernet

 

PoE+

 

 

Managed

 

Switch

 

User

 

Manual

 

|

 

77

 

 

3.1.5.10.

 

Security

 ‐ 

Network

 ‐ 

NAS

 

(Network

 

Access

 

Server)

 

 

This

 

page

 

allows

 

you

 

to

 

configure

 

the

 

IEEE

 

802.1X

 

and

 

MAC

based

 

authentication

 

system

 

and

 

port

 

settings.

 

The

 

IEEE

 

802.1X

 

standard

 

defines

 

a

 

port

based

 

access

 

control

 

procedure

 

that

 

prevents

 

unauthorized

 

access

 

to

 

a

 

network

 

by

 

requiring

 

users

 

to

 

first

 

submit

 

credentials

 

for

 

authentication.

 

One

 

or

 

more

 

central

 

servers,

 

the

 

backend

 

servers,

 

determine

 

whether

 

the

 

user

 

is

 

allowed

 

access

 

to

 

the

 

network.

 

These

 

backend

 

(RADIUS)

 

servers

 

are

 

configured

 

on

 

the

 

"Configuration

Security

AAA"

 

page.

 

The

 

IEEE802.1X

 

standard

 

defines

 

port

based

 

operation,

 

but

 

non

standard

 

variants

 

overcome

 

security

 

limitations

 

as

 

shall

 

be

 

explored

 

below.

   

MAC

based

 

authentication

 

allows

 

for

 

authentication

 

of

 

more

 

than

 

one

 

user

 

on

 

the

 

same

 

port,

 

and

 

doesn't

 

require

 

the

 

user

 

to

 

have

 

special

 

802.1X

 

supplicant

 

software

 

installed

 

on

 

his

 

system.

 

The

 

switch

 

uses

 

the

 

user's

 

MAC

 

address

 

to

 

authenticate

 

against

 

the

 

backend

 

server.

 

Intruders

 

can

 

create

 

counterfeit

 

MAC

 

addresses,

 

which

 

makes

 

MAC

based

 

authentication

 

less

 

secure

 

than

 

802.1X

 

authentication.

 

The

 

NAS

 

configuration

 

consists

 

of

 

two

 

sections,

 

a

 

system

‐ 

and

 

a

 

port

wide.

 

System

 

Configuration

 

Mode

 

Indicates

 

if

 

NAS

 

is

 

globally

 

enabled

 

or

 

disabled

 

on

 

the

 

stack.

 

If

 

globally

 

disabled,

 

all

 

ports

 

are

 

allowed

 

forwarding

 

of

 

frames.

 

Re

authentication

 

Enabled

 

If

 

checked,

 

successfully

 

authenticated

 

supplicants/clients

 

are

 

re

authenticated

 

after

 

the

 

interval

 

specified

 

by

 

the

 

Re

authentication

 

Period.

 

Re

authentication

 

for

 

802.1X

enabled

 

ports

 

can

 

be

 

used

 

to

 

detect

 

if

 

a

 

new

 

device

 

is

 

plugged

 

into

 

a

 

switch

 

port

 

or

 

if

 

a

 

supplicant

 

is

 

no

 

longer

 

attached.

 

Содержание 561112

Страница 1: ...48 PORT GIGABIT ETHERNET POE LAYER2 MANAGED SWITCH WITH 10 GBE UPLINK USER MANUAL Model 561112...

Страница 2: ...ere is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning...

Страница 3: ...Web Management Configure 24 3 1 1 Configuration System 26 3 1 1 1 System Information 26 3 1 1 2 System IP 27 3 1 1 3 System NTP 31 3 1 1 4 System Time 32 3 1 1 5 System Log 34 3 1 2 Configuration Gre...

Страница 4: ...imit Control 73 3 1 5 10 Security Network NAS Network Access Server 77 3 1 5 11 Security Network ACL 90 3 1 5 11 1 Security Network ACL Ports 90 3 1 5 11 2 Security Network ACL Rate Limiter 92 3 1 5 1...

Страница 5: ...1 11 2 2 IPMC MLD Snooping VLAN Configuration 149 3 1 11 2 3 IPMC MLD Snooping Port Group Filtering 151 3 1 12 Configuration LLDP 152 3 1 12 1 LLDP LLDP 152 3 1 12 2 LLDP LLDP MED 155 3 1 13 Configur...

Страница 6: ...GVRP Global Config 211 3 1 22 2 GVRP Port Config 212 3 1 23 Configuration sFlow 213 3 2 Web Management Monitor 216 3 2 1 Monitor System 216 3 2 1 1 System Information 216 3 2 1 2 System CPU Load 218 3...

Страница 7: ...2 5 3 2 Security AAA RADIUS Details 262 3 2 5 4 Security Switch RMON 266 3 2 5 4 1 Security Switch RMON Statistics 266 3 2 5 4 2 Security Switch RMON History 269 3 2 5 4 3 Security Switch RMON Alarm 2...

Страница 8: ...2 11 5 LLDP Port Statistics 309 3 2 12 Monitor PoE 311 3 2 13 Monitor MAC Table 314 3 2 14 Monitor VLANs 317 3 2 14 1 VLANs VLAN Membership 317 3 2 14 2 VLANs VLAN Ports 319 3 2 15 Monitor sFlow 321 3...

Страница 9: ...Before You Begin This section contains introductory information which includes Intended Readers Icons for Note Caution and Warning Product Package Contents...

Страница 10: ...and terminologies Icons for Note Caution and Warning To install configure use and maintain this product properly please pay attention when you see these icons in this manual A Note icon indicates impo...

Страница 11: ...stall this product please check and verify the contents of the product package which should include the following items One Network Switch One Power Cord One User Manual CD One pair Rack mount kit 8 S...

Страница 12: ...roduct Overview This section will give you an overview of this product including its feature functions and hardware software specifications Product Brief Description Product Specification Hardware Des...

Страница 13: ...etter performance and efficiency 2 10 Gigabit SFP Open Slots The switch equips with 2 10G SFP open slots as the uplink ports the 10G uplink design provides an excellent solution for expanding your net...

Страница 14: ...apability on PD PD Alive Check PD Classification Power Management per port Enable Disable PoE Per Port Priority Setting Per Port Power Level Setting Per Port Overloading Protection L2 Features Auto ne...

Страница 15: ...2 L3 L4 IP Source Guard RADIUS Authentication Authorization Accounting TACACS HTTP SSL Secure Web SSH v2 0 Secured Telnet Session MAC IP Filter Management Command Line Interface CLI Web Based Manageme...

Страница 16: ...802 3af Power over Ethernet PoE IEEE 802 3at Power over Ethernet PoE IEEE 802 3az Energy Efficient Ethernet EEE IEEE 802 3x Flow Control IEEE 802 1Q VLAN IEEE802 1v Protocol VLAN IEEE 802 1p Class of...

Страница 17: ...The LED Indicators present real time information of systematic operation status Each of the switch s RJ45 port has two LEDs the green LED indicates RJ45 connection status data link and the amber LED i...

Страница 18: ...t Specification Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 18 Rear Panel The rear panel of the Full Management PoE switch contains 2 ventilation fans a power switch and a...

Страница 19: ...100 ohm Max 100m 100 Base TX 2 pair UTP STP CAT 5 cable EIA TIA 568 100 ohm Max 100m 1000 Base T 4 pair UTP STP CAT 5 cable EIA TIA 568 100 ohm Max 100m PoE To delivery power properly it is recommende...

Страница 20: ...Chapter 2 Preparing for Management In Preparing for Management This section will guide your how to manage this product via management web page Preparation for Web Interface...

Страница 21: ...y 1 Verify that the network interface card NIC of your PC is operational and properly installed and that your operating system supports TCP IP protocol 2 Connect your PC with the switch via an RJ45 ca...

Страница 22: ...linet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 22 6 The web browser will prompt you to sign in The default username password for the configuration web page is admin 1234 For more...

Страница 23: ...face You can make all settings and monitor system status with this management web page Configuration Monitor options included in the management web page can be divided into the following 4 categories...

Страница 24: ...here to prevent network loop Spanning Tree Spanning Tree Protocol is a network designed to ensure a loop free network and provide redundant links that serve as automatic backup paths if an active link...

Страница 25: ...ty of Service which allows you to control the network priority which packet gets top priority to transmit and which gets low priority via IEEE 802 1p or DSCP Mirroring For purposes such as network dia...

Страница 26: ...h By convention this is the switch s fully qualified domain name A domain name is a text string drawn from the alphabet A Z a z digits 0 9 minus sign No space characters are permitted as part of a nam...

Страница 27: ...his setting controls the DNS name resolution done by the switch The following modes are supported From any DHCP interfaces The first DNS server offered from a DHCP lease to a DHCP enabled interface wi...

Страница 28: ...s obtained Legal values are 0 to 4294967295 seconds IPv4 DHCP Current Lease For DHCP interfaces with an active lease this column show the current interface address as provided by the DHCP server IPv4...

Страница 29: ...in number of bits prefix length It defines how much of a network address that must match in order to qualify for this route Valid values are between 0 and 32 bits respectively 128 for IPv6 routes Only...

Страница 30: ...ter 3 Web Management Web Management Configure Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 30 Reset Click to undo any changes made locally and revert to previously saved va...

Страница 31: ...ess is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be...

Страница 32: ...to identify the time zone You can use up to 16 alphanumeric characters and punctuations such as _ and Daylight Saving Time Configuration When enabled the switch will set the clock forward or backward...

Страница 33: ...the starting hour Minutes Select the starting minute End time settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes S...

Страница 34: ...The system log packet will always send out even if the system log server does not exist Possible modes are Enabled Enable server mode operation Disabled Disable server mode operation Server Address I...

Страница 35: ...pushbutton and a 4 high tower of LEDs is placed next to the front Ethernet port LEDs The pushbutton selects between four different port LED modes indicated by the 4 high LED mode tower After 30 secon...

Страница 36: ...shall be set to a new intensity If no intensity is specified for the next hour the intensity is set to default intensity Intensity The LEDs intensity 100 Full power 0 LED off Maintenance Maintenance...

Страница 37: ...at both the receiving and transmitting device has all circuits powered up when traffic is transmitted The devices can exchange wakeup time information using the LLDP protocol EEE works for ports in au...

Страница 38: ...g the power for a port when there is no link The port is power up for short moment in order to determine if cable is inserted PerfectReach Cable length power savings enabled PerfectReach works by dete...

Страница 39: ...ration Auto Cu port auto negotiating speed with the link partner and selects the highest speed that is compatible with the link partner 10Mbps HDX Forces the cu port in 10Mbps half duplex mode 10Mbps...

Страница 40: ...aximum Frame Size Enter the maximum frame size allowed for the switch port including FCS Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions d...

Страница 41: ...ode to enable disable DHCP server per VLAN VLAN Range Indicate the VLAN range in which DHCP server is enabled or disabled The first VLAN ID must be smaller than or equal to the second VLAN ID BUT if t...

Страница 42: ...nual 42 Mode Indicate the the operation mode per VLAN Possible modes are Enabled Enable DHCP server per VLAN Disabled Disable DHCP server pre VLAN Buttons Add VLAN Range Click to add a new VLAN range...

Страница 43: ...dresses IP Range Define the IP range to be excluded IP addresses The first excluded IP must be smaller than or equal to the second excluded IP BUT if the IP range contains only 1 excluded IP then you...

Страница 44: ...configuration page Name Configure the pool name that accepts all printable characters except white space If you want to configure the detail settings you can click the pool name to go into the configu...

Страница 45: ...Gigabit Ethernet PoE Layer2 Managed Switch User Manual 45 Lease Time Display lease time of the pool Buttons Add New Pool Click to add a new DHCP pool Save Click to save changes Reset Click to undo any...

Страница 46: ...operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration...

Страница 47: ...And the DHCP broadcast message won t be flooded for security considerations Disabled Disable DHCP relay mode operation Relay Server Indicates the DHCP relay server IP address Relay Information Mode In...

Страница 48: ...relay agent information it will enforce the policy The Replace policy is invalid when relay information mode is disabled Possible policies are Replace Replace the original relay information when a DHC...

Страница 49: ...o click on the link to configure user account Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is grant...

Страница 50: ...need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5...

Страница 51: ...efines these privilege level groups in details System Contact Name Location Timezone Daylight Saving Time Log Security Authentication System Access Management Port contains Dot1x port MAC based and th...

Страница 52: ...the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics User Privilege should be same...

Страница 53: ...tication is disabled and login is not possible Local use the local user database on the stack for authentication RADIUS use a remote RADIUS server for authentication TACACS use a remote TACACS server...

Страница 54: ...Configure SSH on this page Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Save Click to save changes Reset Clic...

Страница 55: ...modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation Automatically redirects web browser to an HTTPS conn...

Страница 56: ...he start IP address for the access management entry End IP address Indicates the end IP address for the access management entry HTTP HTTPS Indicates that the host can access the switch from HTTP HTTPS...

Страница 57: ...Chapter 3 Web Management Security Switch Privilege Level Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 57...

Страница 58: ...ion is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2...

Страница 59: ...eration Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap support...

Страница 60: ...operation Disabled Disable SNMP trap link up and link down mode operation Trap Inform Mode Indicates the SNMP trap inform mode operation Possible modes are Enabled Enable SNMP trap inform mode operat...

Страница 61: ...itch User Manual 61 Indicates the SNMP trap security name SNMPv3 traps and informs using USM for authentication and privacy A unique security name is needed when traps and informs are enabled Buttons...

Страница 62: ...h is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP...

Страница 63: ...erName are the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which thi...

Страница 64: ...ssword A string identifying the authentication password phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40...

Страница 65: ...usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII character...

Страница 66: ...ible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded In general if a view...

Страница 67: ...es the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication an...

Страница 68: ...te the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switc...

Страница 69: ...add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 defau...

Страница 70: ...tocol InDiscards The number of inbound packets that are discarded even the packets are normal InErrors The number of inbound packets that contained errors preventing them from being deliverable to a h...

Страница 71: ...alarm when the first value is larger than the rising threshold FallingTrigger alarm when the first value is less than the falling threshold RisingOrFallingTrigger alarm when the first value is larger...

Страница 72: ...eceived on the interface including framing characters Log The number of uni cast packets delivered to a higher layer protocol snmptrap The number of broad cast and multi cast packets delivered to a hi...

Страница 73: ...ber of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module Por...

Страница 74: ...forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and...

Страница 75: ...Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as s...

Страница 76: ...Chapter 3 Web Management Security Network Limit Control Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 76...

Страница 77: ...limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software...

Страница 78: ...ddresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in...

Страница 79: ...r RADIUS assigned QoS Class is enabled on that port When unchecked RADIUS server assigned QoS Class is disabled on all ports RADIUS Assigned VLAN Enabled RADIUS assigned VLAN provides a means to centr...

Страница 80: ...Chapter 3 Web Management Security Network NAS Network Access Server Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 80 ports...

Страница 81: ...The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received o...

Страница 82: ...tication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed networ...

Страница 83: ...e that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated...

Страница 84: ...nts that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1...

Страница 85: ...ginal QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802...

Страница 86: ...used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for the first set of these attributes tha...

Страница 87: ...Chapter 3 Web Management Security Network NAS Network Access Server Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 87 configuration...

Страница 88: ...n the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if...

Страница 89: ...d immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the...

Страница 90: ...ge header Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Action Select w...

Страница 91: ...are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The allowed values...

Страница 92: ...1 5 11 2 Security Network ACL Rate Limiter Configure the rate limiter for the ACL of the switch Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The allowed values a...

Страница 93: ...ess port Policy Bitmask Indicates the policy number and bitmask of the ACE Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will m...

Страница 94: ...e number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits t...

Страница 95: ...o all port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the policy number filter for this ACE Any No policy filter is specified policy filt...

Страница 96: ...anted permission for the ACE operation Deny The frame that hits this ACE is dropped Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that t...

Страница 97: ...ess The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this SMAC value DMAC Filter Specify the destination MAC filte...

Страница 98: ...r a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The...

Страница 99: ...OP is don t care Request Frame must have ARP Request or RARP Request OP flag set Reply Frame must have ARP Reply or RARP Reply OP flag Sender IP Filter Specify the sender IP filter for this ACE Any No...

Страница 100: ...IP mask in dotted decimal notation ARP Sender MAC Match Specify whether frames can hit the action according to their sender hardware address field SHA settings 0 ARP frames where SHA is not equal to...

Страница 101: ...HRD settings 0 ARP RARP frames where the HLD is not equal to Ethernet 1 1 ARP RARP frames where the HLD is equal to Ethernet 1 Any Any value is allowed don t care Ethernet Specify whether frames can...

Страница 102: ...defining UDP parameters will appear These fields are explained later in this help file TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fiel...

Страница 103: ...ecify the source IP address in the SIP Address field that appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields tha...

Страница 104: ...t Security Network DHCP Relay Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 104 When Network is selected for the destination IP filter you can enter a specific DIP mask in d...

Страница 105: ...c is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP value ICMP Code Filter Specify the ICMP code filter for...

Страница 106: ...ific TCP UDP source range value A field for entering a TCP UDP source value appears TCP UDP Source No When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source va...

Страница 107: ...ACE matches this TCP UDP destination value TCP FIN Specify the TCP No more data from sender FIN value for this ACE 0 TCP frames where the FIN field is set must not be able to match this entry 1 TCP fr...

Страница 108: ...e ACK field is set must not be able to match this entry 1 TCP frames where the ACK field is set must be able to match this entry Any Any value is allowed don t care TCP URG Specify the TCP Urgent Poin...

Страница 109: ...care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears Ethernet Type Value When Specific...

Страница 110: ...ration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify...

Страница 111: ...he entry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings IP Address Allowed Source IP address IP Mask It can be used for calculating...

Страница 112: ...on Mode of ARP Inspection Configuration Enable the Global ARP Inspection or disable the Global ARP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Gl...

Страница 113: ...ry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan id for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed...

Страница 114: ...ble by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again T...

Страница 115: ...ch the configuration below applies Enabled Enable the RADIUS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Authentication Server IP address is...

Страница 116: ...which the configuration below applies Enabled Enable the RADIUS Accounting Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Accounting Server IP address is exp...

Страница 117: ...CS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the TACACS Authentication Server IP address is expressed in dotted decimal notation Port The TCP port to...

Страница 118: ...t Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address o...

Страница 119: ...may consist of up to 16 members Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Me...

Страница 120: ...ACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form max 12 LLAGs per switch and 2 GLAGs per stack Key The Key value in...

Страница 121: ...Chapter 3 Web Management Aggregation LACP Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 121 Passive will wait for a LACP packet from a partner speak if spoken to...

Страница 122: ...will wait for 30 seconds before sending a LACP packet Prio The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this param...

Страница 123: ...eral Settings Enable Loop Protection Controls whether loop protections is enabled as a whole Transmission Time The interval between each loop protection PDU sent on each port valid values are 1 to 10...

Страница 124: ...enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port...

Страница 125: ...y Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identif...

Страница 126: ...ol whether a port explicitly configured as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU T...

Страница 127: ...cation Configuration Name The name identifying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning...

Страница 128: ...can be given as a single xx xx being between 1 and 4094 VLAN or a range xx yy each of which must be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just...

Страница 129: ...nfigurations and possibly change them as well MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numeric values have better pr...

Страница 130: ...ct the current STP CIST port configurations and possibly change them as well This page contains settings for physical and aggregated ports The aggregation settings are stack global The STP port settin...

Страница 131: ...n a port is initialized AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port o...

Страница 132: ...A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well Point to Point Controls whether the port connects to a point to point LAN rather t...

Страница 133: ...s page allows the user to inspect the current STP MSTI port configurations and possibly change them as well An MSTI port is a virtual port which is instantiated separately for each active CIST physica...

Страница 134: ...by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The pa...

Страница 135: ...ble the Global IPMC Profile System starts to do filtering based on profile settings only when the global profile mode is enabled Delete Check to delete the entry The designated entry will be deleted d...

Страница 136: ...l be shown by clicking the view button You can manage or inspect the rules of the designated profile by using the following buttons Navigate List the rules associated with the designated profile Edit...

Страница 137: ...which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Start Address The starting IPv4 IPv6 Multicast Group Address that will be used as an address...

Страница 138: ...n a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to...

Страница 139: ...the maximum time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership The value is in units of tenths of a seconds The range is from 0 to...

Страница 140: ...with management VLAN ports Select the port role by clicking the Role symbol to switch the setting Immediate Leave Enable the fast leave on the port Buttons Add New NVR VLAN Click to add new MVR VLAN...

Страница 141: ...annel Name Indicate the name of the Channel of the specific Multicast VLAN Maximum length of the Channel Name string is 32 Channel Name can only contain alphabets or numbers Channel name should contai...

Страница 142: ...configuration is related to the currently selected stack unit as reflected by the page header Snooping Enabled Enable the Global IGMP Snooping Unregistered IPMCv4 Flooding Enabled Enable unregistered...

Страница 143: ...oin and leave messages to the router side Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP que...

Страница 144: ...om that or the next closest VLAN Table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in th...

Страница 145: ...he time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in t...

Страница 146: ...rt The logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Add New Filtering Group Click Add New Filtering Group button to add a new entry to the Group Filterin...

Страница 147: ...D Snooping Unregistered IPMCv6 Flooding Enabled Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled When MLD Snooping is disabled unregister...

Страница 148: ...the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leav...

Страница 149: ...of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over MLD Snooping VLAN Table Co...

Страница 150: ...onse Delay used to calculate the Maximum Response Code inserted into Multicast Address and Source Specific Query messages The allowed range is 0 to 31744 in tenths of seconds default last listener que...

Страница 151: ...t The logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Add New Filtering Group Click Add New Filtering Group button to add a new entry to the Group Filtering...

Страница 152: ...is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered...

Страница 153: ...neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP informa...

Страница 154: ...witch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded Port Descr Optional TLV When checked the port descript...

Страница 155: ...LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start interaction be...

Страница 156: ...ator or South of the equator Longitude Longitude SHOULD be normalized to within 0 180 degrees with a maximum of 4 digits It is possible to specify the direction to either East of the prime meridian or...

Страница 157: ...Chapter 3 Web Management LLDP LLDP MED Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 157 water which would use Datum NAD83 MLLW...

Страница 158: ...ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City City township shi Ja...

Страница 159: ...ple 12345 Additional code Additional code Example 1320300003 Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Emergency Call Service Emergency Call Serv...

Страница 160: ...ate network policy for the media types above A large network may support multiple VoIP policies across the entire organization and different policies per application type LLDP MED allows multiple poli...

Страница 161: ...ed for use with an untagged VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance 6 Video Conferencing for use by dedicated Video Conferencing equipmen...

Страница 162: ...alues 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 Adding a new policy Click Add New Policy to add a new policy Specify the Application type Tag VLAN ID L2...

Страница 163: ...ss mode In this mode each port automatically determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Four different port classes exis...

Страница 164: ...requests more power than available from the power supply Power Supply Configuration Primary and Backup Power Source Some switches support having two PoE power supplies One is used as primary power sou...

Страница 165: ...devices requires more power than the power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the highest port number Maximum Power The Maxi...

Страница 166: ...ed aging Configure aging time by entering a value here in seconds The allowed range is 10 to 1000000 seconds Disable the automatic aging of dynamic entries by checking the Disable automatic aging chec...

Страница 167: ...n this table The static MAC table can contain 64 entries The maximum of 64 entries is for the whole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address Delete Che...

Страница 168: ...select the starting point in the VLAN Table Clicking the Refresh button will update the displayed table starting from that or the closest next VLAN Table match The will use the last entry of the curre...

Страница 169: ...VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected stack switch unit when you click on Save The VLAN is thereafter present on the other...

Страница 170: ...ing on a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is d...

Страница 171: ...ID a VLAN tag with the classified VLAN ID is inserted in the frame Port VLAN ID Configures the VLAN identifier for the port The allowed values are from 1 through 4095 The default value is 1 Note The...

Страница 172: ...e currently selected stack unit as reflected by the page header This feature works across the stack Configuration Port Members A check box is provided for each port of a private VLAN When checked port...

Страница 173: ...nclude a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding...

Страница 174: ...do any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the pa...

Страница 175: ...owing text field will vary depending on the new frame type you selected Value Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type select...

Страница 176: ...unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 Note special character and underscore _ are not allowed Adding a New Group to V...

Страница 177: ...h Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check...

Страница 178: ...k Length Indicates the network mask length VLAN ID Indicates the VLAN ID VLAN ID can be changed for the existing entries Port Members A row of check boxes for each port is displayed for each IP subnet...

Страница 179: ...r2 Managed Switch User Manual 179 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page...

Страница 180: ...e VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disab...

Страница 181: ...Web Management Voice VLAN Configuration Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 181 Indicates the Voice VLAN traffic class All traffic on the Voice VLAN will apply th...

Страница 182: ...resses in the Voice VLAN will be blocked for 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice VLAN security mode operation Port Discovery Pro...

Страница 183: ...leted during the next save Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexad...

Страница 184: ...ls the default QoS class All frames are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN a...

Страница 185: ...rt is VLAN aware and the frame is tagged then the frame is classified to a DP level that is equal to the DEI value in the tag Otherwise the frame is classified to the default DP level The classified D...

Страница 186: ...er the policer is enabled on this switch port Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted...

Страница 187: ...s an overview of QoS Egress Port Schedulers for all switch ports The ports belong to the currently selected stack unit as reflected by the page header Port The logical port for the settings contained...

Страница 188: ...ueue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbp...

Страница 189: ...this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the...

Страница 190: ...ueue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbp...

Страница 191: ...this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the...

Страница 192: ...of QoS Egress Port Shapers for all switch ports The ports belong to the currently selected stack unit as reflected by the page header Port The logical port for the settings contained in the same row C...

Страница 193: ...eue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps...

Страница 194: ...his switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the U...

Страница 195: ...eue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps...

Страница 196: ...his switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the U...

Страница 197: ...rking for all switch ports The ports belong to the currently selected stack unit as reflected by the page header Port The logical port for the settings contained in the same row Click on the port numb...

Страница 198: ...t Tag Remarking for a specific port are configured on this page Mode Controls the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Us...

Страница 199: ...to reduce the 2 bit classified DP level to a 1 bit DP level used in the QoS class DP level to PCP DEI mapping process QoS class DP level to PCP DEI Mapping Controls the mapping of the classified QoS...

Страница 200: ...ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress...

Страница 201: ...1 Egress Port Egress Rewriting can be one of Disable No Egress rewrite Enable Rewrite enabled without remapping Remap DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Butt...

Страница 202: ...DSCP Maximum number of supported DSCP values are 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence...

Страница 203: ...e DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate 2 Classify 1 Translate DSCP at Ingres...

Страница 204: ...tion This page allows you to configure the mapping of QoS class to DSCP value The settings relate to the currently selected stack unit as reflected by the page header QoS Class Actual QoS class DSCP S...

Страница 205: ...ed by the page header Port The port number for which the configuration below applies Enabled Controls whether the storm control is enabled on this switch port Rate Controls the rate for the storm cont...

Страница 206: ...ow applies Enable Controls whether RED is enabled for this queue Min Threshold Controls the lower RED threshold If the average queue filling level is below this threshold the drop probability is zero...

Страница 207: ...he average queue filling level is 100 Frames marked with Drop Precedence Level 0 are never dropped Min Threshold is the average queue filling level where the queues randomly start dropping frames The...

Страница 208: ...s received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Port to mirror to Port to mirror also known as...

Страница 209: ...e mirror port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored on the mirror port Note...

Страница 210: ...ertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive an SSDP advertisement message from this switch If a contr...

Страница 211: ...is a value in the range 1 20 in the units of centi seconds i e in units of one hundredth of a second The default is 20 Leave time is a value in the range 60 300 in the units of centi seconds i e in un...

Страница 212: ...Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 212 3 1 22 2 GVRP Port Config This page allows you to enable a port for GVRP Button Save Click to save changes Reset Click to undo any chan...

Страница 213: ...ough local management using the Web or CLI interface or through SNMP This read only field shows the owner of the current sFlow configuration and assumes values as follows If sFlow is currently unconfi...

Страница 214: ...t to a value that avoids fragmentation of the sFlow datagrams Valid range is 200 to 1468 bytes with default being 1400 bytes Port Configuration Port The port number for which the configuration below a...

Страница 215: ...cifies the interval in seconds between counter poller samples Buttons Release See description under Owner Refresh Click to refresh the page Note that unsaved changes will be lost Save Click to save ch...

Страница 216: ...act The system contact configured in Configuration System Information System Contact Name The system name configured in Configuration System Information System Name Location The system location config...

Страница 217: ...igabit Ethernet PoE Layer2 Managed Switch User Manual 217 Software Date The date when the switch software was produced Buttons Auto refresh Check this box to refresh the page automatically Automatic r...

Страница 218: ...onds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult the SVG Wiki for m...

Страница 219: ...cache ARP cache status IP Interfaces Interface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Stat...

Страница 220: ...net PoE Layer2 Managed Switch User Manual 220 The Link MAC address for which a binding to the IP address given exist Buttons Refresh Click to refresh the page immediately Auto refresh Check this box t...

Страница 221: ...l All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 se...

Страница 222: ...ere ID The ID 1 of the system log entry Message The detailed message of the system log entry Buttons Refresh Updates the system log entry to the current entry ID Updates the system log entry to the fi...

Страница 223: ...hows if EEE is enabled for the port reflects the settings at the Port Power Savings configuration page LP EEE cap Shows if the link partner is EEE capable EEE In power save Shows if the system is curr...

Страница 224: ...ts 3 2 3 1 Ports State This page provides an overview of the current switch port states The port states are illustrated as follows Status Disabled Down Link RJ45 ports SFP ports X2 ports Buttons Auto...

Страница 225: ...he same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of...

Страница 226: ...Chapter 3 Web Management Ports Traffic Overview Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 226...

Страница 227: ...urrently selected stack unit as reflected by the page header Port The logical port for the settings contained in the same row Qn There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx T...

Страница 228: ...s are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit Receive Total and Transmit Total Rx and Tx Packets The number of re...

Страница 229: ...ack of receive buffers or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize Th...

Страница 230: ...tch User Manual 230 Buttons Refresh Click to refresh the page immediately Clear Clears the counters for the selected port Auto refresh Check this box to refresh the page automatically Automatic refres...

Страница 231: ...splay counters of various databases Pool Number of pools Excluded IP Address Number of excluded IP address ranges Declined IP Address Number of seclined IP addresses Binding Counters Display counters...

Страница 232: ...sages received RELEASE Number of DHCP RELEASE messages received INFORM Number of DHCP INFORM messages received DHCP Message Sent Counters Display counters of DHCP messages sent by DHCP server OFFER Nu...

Страница 233: ...enerates the binding Server ID Server IP address to service the binding Buttons Refresh Click to refresh the page immediately Auto refresh Check this box to refresh the page automatically Automatic re...

Страница 234: ...3 DHCP Server Declined IP This page displays declined IP addresses Declined IP Addresses Display IP addresses declined by DHCP clients Declined IP List of IP addresses declined Buttons Auto refresh Ch...

Страница 235: ...ddress and VLAN input fields allows the user to select the starting point in the Dynamic DHCP snooping Table Clicking the Refresh button will update the displayed table starting from that or the close...

Страница 236: ...is box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the input fields Clear Flushes all dynamic entries Updates the tab...

Страница 237: ...number of packets received without agent information options Receive Missing Circuit ID The number of packets received with the Circuit ID option missing Receive Missing Remote ID The number of packet...

Страница 238: ...r of packets which were replaced with relay agent information option Keep Agent Option The number of packets whose relay agent information was retained Drop Agent Option The number of packets that wer...

Страница 239: ...smitted Rx and Tx Offer The number of offer option 53 with value 2 packets received and transmitted Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted Rx a...

Страница 240: ...3 Web Management DHCP Detailed Statistics Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 240 The number of lease unassigned option 53 with value 11 packets received and tran...

Страница 241: ...mber of lease active option 53 with value 13 packets received and transmitted Rx Discarded checksum error The number of discard packet that IP UDP checksum is error Rx Discarded from Untrusted The num...

Страница 242: ...ost can access the switch Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access...

Страница 243: ...ames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set i...

Страница 244: ...r modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached...

Страница 245: ...ecurity Switch Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 245 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 secon...

Страница 246: ...N ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwardin...

Страница 247: ...min State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in...

Страница 248: ...he field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If...

Страница 249: ...lected by the table header Port State Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer t...

Страница 250: ...8 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 250 Port Counters EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Fo...

Страница 251: ...Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 251 Backend Server Counters These backend RADIUS frame counters are available for the following administrative states Port base...

Страница 252: ...port is in one of the following administrative states Multi 802 1X MAC based Auth The table is identical to and is placed next to the Port Counters table and will be empty if no MAC address is curren...

Страница 253: ...the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason the client will remain in the unauthenticated state for Hol...

Страница 254: ...values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP...

Страница 255: ...CE to CPU Counter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to...

Страница 256: ...tart from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspection Table Clicking the Refresh button will update the displaye...

Страница 257: ...eck this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the input fields Clear Flushes all dynamic entries Updates t...

Страница 258: ...e Dynamic IP Source Guard Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields...

Страница 259: ...Guard Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 259 Updates the table starting from the first entry in the Dynamic IP Source Guard Table Updates the table starting with...

Страница 260: ...us of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled...

Страница 261: ...y The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not...

Страница 262: ...provides detailed statistics for a particular RADIUS server RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server se...

Страница 263: ...Chapter 3 Web Management Security AAA RADIUS Details Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 263...

Страница 264: ...tion about the state of the server and the latest round trip time RADIUS Accounting Statistics The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use the server sele...

Страница 265: ...e server and the latest round trip time Buttons The server select box determines which server is affected by clicking the buttons Auto refresh Check this box to refresh the page automatically Automati...

Страница 266: ...ton will update the displayed table starting from that or the next closest Statistics table match The button will use the last entry of the currently displayed entry as a basis for the next lookup Whe...

Страница 267: ...ts received with invalid CRC Jabb The number of frames which size is larger than 64 octets received with invalid CRC Coll The best estimate of the total number of collisions on this Ethernet segment 6...

Страница 268: ...ns Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Updates the table starting from the first entry...

Страница 269: ...losest History table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table...

Страница 270: ...18 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jabb The number of frames which size is larger than 64 octets received with invalid CRC Coll The best es...

Страница 271: ...ton will update the displayed table starting from that or the next closest Alarm table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is...

Страница 272: ...alling Index Falling event index Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Updates th...

Страница 273: ...e Clicking the Refresh button will update the displayed table starting from that or the next closest Event table match The will use the last entry of the currently displayed entry as a basis for the n...

Страница 274: ...Chapter 3 Web Management Security Switch RMON Events Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 274...

Страница 275: ...id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID La...

Страница 276: ...he port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate toge...

Страница 277: ...Chapter 3 Web Management LACP Port Status Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 277 Refresh Click to refresh the page...

Страница 278: ...ts Port The switch port number LACP Received Shows how many LACP frames have been received at each port LACP Transmitted Shows how many LACP frames have been sent from each port Discarded Shows how ma...

Страница 279: ...of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection...

Страница 280: ...Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root...

Страница 281: ...f RSTP BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received...

Страница 282: ...er of RSTP BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s recei...

Страница 283: ...Queries Transmitted The number of Transmitted Queries for IGMP and MLD respectively IGMPv1 Joins Received The number of Received IGMPv1 Join s IGMPv2 MLDv1 Report s Received The number of Received IG...

Страница 284: ...VR Channels Groups Information Table Clicking the Refresh button will update the displayed table starting from that or the closest next MVR Channels Groups Information Table match In addition the two...

Страница 285: ...ter 3 Web Management MVR MVR Channel Groups Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 285 Updates the table starting with the entry after the last entry currently displa...

Страница 286: ...ning of the MVR SFM Information Table The Start from VLAN and Group Address input fields allow the user to select the starting point in the MVR SFM Information Table Clicking the Refresh button will u...

Страница 287: ...Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 IPv6 address could...

Страница 288: ...AN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific...

Страница 289: ...cast device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configur...

Страница 290: ...fresh button will update the displayed table starting from that or the closest next IGMP Group Table match In addition the two input fields will upon a Refresh button click assume the value of the fir...

Страница 291: ...Chapter 3 Web Management IPMC IGMP Snooping Groups Information Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 291...

Страница 292: ...rmation Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP SFM Information Table Clicking the Refresh button will update the displayed table start...

Страница 293: ...Switch Indicates whether data plane destined to the specific group address from the source IPv4 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds R...

Страница 294: ...ly Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Queries Transmitted The num...

Страница 295: ...router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicate whether s...

Страница 296: ...sh button will update the displayed table starting from that or the closest next MLD Group Table match In addition the two input fields will upon a Refresh button click assume the value of the first d...

Страница 297: ...irst 20 entries from the beginning of the MLD SFM Information Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD SFM Information Table Clicking the...

Страница 298: ...the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv6 address could be handled by chip or not Buttons...

Страница 299: ...is ID is the identification of the neighbour s LLDP frames Port ID The Port ID is the identification of the neighbour port Port Description Port Description is the port description advertised by the n...

Страница 300: ...Management Address is the neighbour unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbour s IP address Buttons...

Страница 301: ...Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TI...

Страница 302: ...reaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services defined in this...

Страница 303: ...supporting interactive voice services 4 Guest Voice Signaling for use in network topologies that require a different policy for the guest voice Signaling than for the guest voice media 5 Softphone Voi...

Страница 304: ...port is used instead Priority Priority is the Layer 2 priority to be used for the specified application type One of the eight priority levels 0 through 7 DSCP DSCP is the DSCP value to be used to pro...

Страница 305: ...urce If it is unknown whether the PSE device is using its Primary Power Source or its Backup Power Source it is indicated as Unknown If the device is a PD device it can either run on its local power s...

Страница 306: ...d Switch User Manual 306 The maximum allowed value is 102 3 W If the device indicates value higher than 102 3 W it is represented as reserved Buttons Auto refresh Check this box to refresh the page au...

Страница 307: ...ime that receiver would like the transmitter to hold off to allow time for the receiver to wake from sleep Fallback Receive Tw The link partner s fallback receive Tw A receiving link partner may infor...

Страница 308: ...LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE...

Страница 309: ...d since the last change was detected Total Neighbours Entries Added Shows the number of new entries added since switch reboot Total Neighbours Entries Deleted Shows the number of new entries deleted s...

Страница 310: ...received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and d...

Страница 311: ...a class that defines the maximum power the PD will use The PD Class shows the PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max po...

Страница 312: ...Chapter 3 Web Management Monitor PoE Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 312 Current Used The Power Used shows how much current the PD currently is using...

Страница 313: ...isabled by user PoE turned OFF Power budget exceeded The total requested or used power by the PDs exceeds the maximum power the Power Supply can deliver and port s with the lowest priority is are powe...

Страница 314: ...in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting fro...

Страница 315: ...Chapter 3 Web Management Monitor MAC Table Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 315 The VLAN ID of the entry...

Страница 316: ...refresh Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Clear Flushes all dynamic entries Updates the tabl...

Страница 317: ...the following image will be displayed If a port is in the forbidden port list the following image will be displayed If a port is in the forbidden port list and at the same time attempted included in t...

Страница 318: ...rt Gigabit Ethernet PoE Layer2 Managed Switch User Manual 318 Buttons Select VLAN Users from this drop down list Auto refresh Check this box to refresh the page automatically Automatic refresh occurs...

Страница 319: ...as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server Voice VLAN Voice VLAN is a VLAN configured specially...

Страница 320: ...whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded Tx T...

Страница 321: ...ntains Configured through local management If sFlow is currently configured through SNMP Owner contains a string identifying the sFlow receiver IP Address Hostname The IP address or hostname of the sF...

Страница 322: ...rt Here flow samples are divided into Rx and Tx flow samples where Rx flow samples contains the number of packets that were sampled upon reception ingress on the port and Tx flow samples contains the...

Страница 323: ...uested data space the ICMP header The page refreshes automatically until responses to all packets are received or until a timeout occurs PING server 10 10 132 20 56 bytes of data 64 bytes from 10 10 1...

Страница 324: ...eb Management Diagnostics Ping Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 324 Buttons Start Click to start transmitting ICMP packets New Ping Click to re start diagnostic...

Страница 325: ...bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2 time 0ms 64 bytes from 10 10 132 20 icmp_seq 3 time 0ms 64 bytes from...

Страница 326: ...140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is compl...

Страница 327: ...nt Diagnostics VeriPHY Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 327 Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable pair The r...

Страница 328: ...maintenance such rebooting the PoE switch reset all settings except Switch s IP address back to default value updating switch firmware or upload download all system settings 3 4 1 Maintenance Restart...

Страница 329: ...ately which means that no restart is necessary Buttons Yes Click to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the configuration Note Resto...

Страница 330: ...s Choose File Click this button to choose the firmware file Update Click this button to start upload the firmware The system will inform you when the new firmware is uploaded to the switch After updat...

Страница 331: ...Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 331 3 4 3 Maintenance Configuration 3 4 3 1 Configuration Save You can save all the current setting values as a file in XML format Buttons...

Страница 332: ...ad Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 332 3 4 3 2 Configuration Load Buttons Choose File Click this button to choose the configuration file that you ve saved Uplo...

Страница 333: ...n within the product s operating temperature range may cause malfunctions DO NOT install this product in a location near any sources of water or liquid DO NOT stack this product with other network dev...

Страница 334: ...l guide you to set the IP address properly in a Microsoft Windows 8 environment Setting IP address in other Microsoft operating system such as Windows Vista or Windows 7 is quite the same and can be r...

Страница 335: ...hernet PoE Layer2 Managed Switch User Manual 335 3 An Ethernet Status window will pop up Please click on the Properties button as shown in the figure down below 4 An Ethernet Properties window will po...

Страница 336: ...ress and subnet mask as shown in the figure down below By default your product s IP address should be 192 168 2 1 You can set any IP address as long as it s not the same with your product s IP address...

Страница 337: ...Appendix B IP Configuration for Your PC Intelinet 48 Port Gigabit Ethernet PoE Layer2 Managed Switch User Manual 337...

Страница 338: ...or the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to...

Страница 339: ...r ingress port s Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability ARP ARP is an acronym for Ad...

Страница 340: ...nd client while the first client s assignment is valid its lease has not expired Therefore IP address pool management is done by the server and not by a human network administrator Dynamic addressing...

Страница 341: ...ystem It stores and associates many types of information with domain names Most importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For ex...

Страница 342: ...imultaneously This processing applies to IGMP and MLD H HTTP HTTP is an acronym for Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW H...

Страница 343: ...out routing difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X IEEE 802 1X is an IEEE standard f...

Страница 344: ...ing data across an internet network IP is a best effort system which means that no packet of information sent over is assured to reach its destination in the same condition it was sent Each device con...

Страница 345: ...LLDP is an IEEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the s...

Страница 346: ...matically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age ti...

Страница 347: ...ome TLVs it is configurable if the switch shall include the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLVs is disabled the corresponding information is not included in...

Страница 348: ...It could for example be used for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply Policer A...

Страница 349: ...e voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS i...

Страница 350: ...or Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail me...

Страница 351: ...onym for Terminal Acess Controller Access Control System Plus It is a networking protocol which provides access control for routers network access servers and other networked computing devices via one...

Страница 352: ...not provide directory service and security features ToS ToS is an acronym for Type of Service It is implemented as the IPv4 ToS priority control It is fully decoded to determine the priority from the...

Страница 353: ...ict communication between switch ports VLANs can be used for the following applications VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and memb...

Страница 354: ...ed Switch User Manual 354 Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice dat...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды