Interlogix NS3500-28T-4S Скачать руководство пользователя страница 221

Страница: 221 / 363

221



DoS



Strom Control

4.9.1 802.1X

Overview of 802.1X (Port-based) Authentication

In the 802.1X-world, the user is called the supplicant, the switch is the authenticator, and the RADIUS server is the

authentication server. The switch acts as the man-in-the-middle, forwarding requests and responses between the

supplicant and the authentication server. Frames sent between the supplicant and the switch are special 802.1X

frames, known as

EAPOL (EAP Over LANs)

frames. EAPOL frames encapsulate

EAP PDU

s (RFC3748). Frames

sent between the switch and the RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP PDUs

together with other attributes like the switch's IP address, name, and the supplicant's port number on the switch. EAP

is very flexible, in that it allows for different authentication methods, like

MD5-Challenge

PEAP

, and

TLS

. The

important thing is that the authenticator (the switch) doesn't need to know which authentication method the supplicant

and the authentication server are using, or how many information exchange frames are needed for a particular method.

The switch simply encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a success or failure indication.

Besides forwarding this decision to the supplicant, the switch uses it to open up or block traffic on the switch port

connected to the supplicant.

Overview of User Authentication

It is allowed to configure the Managed Switch to authenticate users logging into the system for management access

using local or remote authentication methods, such as telnet and Web browser. This Managed Switch provides secure

network management access using the following options:



Remote Authentication Dial-in User Service (RADIUS)



Terminal Access Controller Access Control System Plus ()



Local user name and Priviledge Level control

4.9.1.1 Understanding IEEE 802.1X Port-based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts

unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server

authenticates each client connected to a switch port before making available any services offered by the switch or the

Содержание NS3500-28T-4S

Страница 1: ...NS3500 28T 4S User Manual P N 1072835 REV 00 01 ISS 14JUL14 ...

Страница 2: ...e FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications You are cautioned that any changes or modific...

Страница 3: ... 1 Desktop Installation 23 2 2 2 Rack Mounting 24 2 2 3 Installing the SFP transceiver 25 3 SWITCH MANAGEMENT 29 3 1 REQUIREMENTS 29 3 2 MANAGEMENT ACCESS OVERVIEW 30 3 3 ADMINISTRATION CONSOLE 31 3 4 WEB MANAGEMENT 32 3 5 SNMP BASED NETWORK MANAGEMENT 33 4 WEB CONFIGURATION 34 4 1 MAIN WEB PAGE 37 4 1 1 Save Button 38 4 1 2 Configuration Manager 39 4 1 2 1 Saving Configuration 40 4 2 SYSTEM 42 4 ...

Страница 4: ...Notification Recipients 70 4 2 7 9 SNMPv3 Notification Recipients 72 4 2 7 10 SNMP Engine ID 73 4 2 7 11 SNMP Remote Engine ID 74 4 3 PORT MANAGEMENT 76 4 3 1 Port Configuration 76 4 3 2 Port Counters 79 4 3 3 Bandwidth Utilization 84 4 3 4 Port Mirroring 85 4 3 6 Jumbo Frame 87 4 3 7 Port Error Disabled Configuration 88 4 3 8 Port Error Disabled 90 4 3 9 Protected Ports 91 4 3 10 EEE 94 4 4 LINK ...

Страница 5: ...LANs 132 4 5 14 2 VLAN Trunking between two 802 1Q aware switch 136 4 6 SPANNING TREE PROTOCOL 139 4 6 1 Theory 139 4 6 2 STP Global Settings 147 4 6 3 STP Port Setting 149 4 6 4 CIST Instance Setting 152 4 6 5 CIST Port Setting 155 4 6 6 MST Instance Configuration 157 4 6 7 MST Port Setting 160 4 6 8 STP Statistics 162 4 7 MULTICAST 163 4 7 1 Properties 163 4 7 2 IGMP Snooping 164 4 7 2 1 IGMP Se...

Страница 6: ...nd QoS 197 4 8 2 1 QoS Properties 198 4 8 2 2 QoS Port Settings 199 4 8 2 3 Queue Settings 200 4 8 2 4 CoS Mapping 202 4 8 2 5 DSCP Mapping 204 4 8 2 6 IP Precedence Mapping 206 4 8 3 QoS Basic Mode 208 4 8 3 1 Global Settings 208 4 8 3 2 Port Settings 209 4 8 4 Rate Limit 210 4 8 4 1 Ingress Bandwidth Control 211 4 8 4 2 Egress Bandwidth Control 212 4 8 4 3 Egress Queue 214 4 8 5 Voice VLAN 215 4...

Страница 7: ...ile Rules 248 4 9 6 2 Access Rules 250 4 9 7 DHCP Snooping 252 4 9 7 1 DHCP Snooping Overview 252 4 9 7 2 Global Setting 254 4 9 7 3 VLAN Setting 256 4 9 7 4 Port Setting 257 4 9 7 5 Statistics 259 4 9 7 6 Database Agent 261 4 9 7 7 Rate Limit 263 4 9 7 8 Option82 Global Setting 264 4 9 7 9 Option82 Port Setting 266 4 9 7 10 Option82 Circuit ID Setting 267 4 9 8 Dynamic ARP Inspection 268 4 9 8 1 ...

Страница 8: ...E 302 4 10 7 ACL Binding 309 4 11 MAC ADDRESS TABLE 310 4 11 1 Static MAC Setting 310 4 11 2 MAC Filtering 311 4 11 3 Dynamic Address Setting 312 4 11 4 Dynamic Learned 313 4 12 LLDP 316 4 12 1 Link Layer Discovery Protocol 316 4 12 2 LLDP Global Setting 316 4 12 3 LLDP Port Setting 319 4 12 4 LLDP Local Device 322 4 12 5 LLDP Remove Device 324 4 12 6 MED Network Policy 325 4 12 7 MED Port Setting...

Страница 9: ...MAINTENANCE 353 4 15 1 Factory Default 353 4 15 2 Reboot Switch 354 4 15 3 Backup Manager 355 4 15 4 Upgrade Manager 355 5 SWITCH OPERATION 357 5 1 ADDRESS TABLE 357 5 2 LEARNING 357 5 3 FORWARDING FILTERING 357 5 4 STORE AND FORWARD 357 5 5 AUTO NEGOTIATION 358 6 TROUBLESHOOTING 359 APPENDIX A 361 A 1 SWITCH S RJ 45 PIN ASSIGNMENTS 361 A 2 10 100MBPS 10 100BASE TX 361 ...

Страница 10: ... NS3500 28T 4S 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items The Managed Switch x 1 Quick Installation Guide x 1 Rubber Feet x 4 Power Cord x 1 RS 232 to RJ 45 Console Cable x 1 SFP Dust Cap x 4 Rack mount Accessory Kit x 1 If any item is found missing or damaged please contact your local reseller for replacement ...

Страница 11: ...the demand of IPv6 management Gigabit Ethernet Switch It supports both IPv4 and IPv6 management functions and can work with original network structure It provides advanced Layer 2 to Layer 4 data switching and Quality of Service traffic control Access Control List network access control and authentication and Secure Management features to protect building automation network connectivity with relia...

Страница 12: ...cal output power optical input power temperature laser bias current and transceiver supply voltage 1 3 How to Use This Manual This User Manual is structured as follows Section 2 INSTALLATION The section explains the functions of the Switch and how to physically install the Managed Switch Section 3 SWITCH MANAGEMENT The section contains the information about the software function of the Managed Swi...

Страница 13: ...g eliminates erroneous packets to optimize the network bandwidth Supports VLAN IEEE 802 1Q tagged VLAN Provider Bridging VLAN Q in Q support IEEE 802 1ad Protocol VLAN Voice VLAN Private VLAN Management VLAN GVRP Supports Spanning Tree Protocol STP Spanning Tree Protocol RSTP Rapid Spanning Tree Protocol MSTP Multiple Spanning Tree Protocol STP BPDU Guard BPDU Filtering and BPDU Forwarding Support...

Страница 14: ... port filtering MLD Snooping port filtering Security Authentication IEEE 802 1X Port based network access authentication Built in RADIUS client to co operate with the RADIUS servers RADIUS TACACS login user access authentication Access Control List IPv4 IPv6 IP based ACL MAC based ACL MAC Security Static MAC MAC Filtering Port Security for Source MAC address entries filtering DHCP Snooping to filt...

Страница 15: ...ment System Maintenance Firmware upload download via HTTP TFTP Configuration upload download through Web interface Dual Images Hardware reset button for system reboot or reset to factory default SNTP Network Time Protocol Cable Diagnostics Link Layer Discovery Protocol LLDP Protocol and LLDP MED SNMP trap for interface Link Up and Link Down notification Event message logging to remote Syslog serve...

Страница 16: ...k pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory Default LED System Power Green Sys Green 10 100 1000T RJ45 Interfaces Port 1 to Port 28 1000Mbps Orange LNK ACT Green 100 1000Mbps SFP Interfaces Port 25 to Port 28 1000Mbps Orange LNK ACT Green Thermal Fan Fan less design No Fan Power Requirement AC 100 240V 50 60Hz Auto sensing ESD Protection 6KV DC P...

Страница 17: ...assification based Strict priority and WRR Security IEEE 802 1X Port based authentication Built in RADIUS client to co operate with RADIUS server RADIUS TACACS user access authentication IP MAC port binding MAC Filter Static MAC Address DHCP Snooping and DHCP Option82 STP BPDU Guard BPDU Filtering and BPDU Forwarding DoS Attack Prevention ARP Inspection IP Source Guard Management Functions Basic M...

Страница 18: ...EE 802 1s Multiple Spanning Tree protocol IEEE 802 1p Class of Service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP IEEE 802 3af Power over Ethernet IEEE 802 3at High Power over Ethernet RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 RFC 2710 MLD version 1 RFC 3810 ...

Страница 19: ...h Front Panel The front panel provides a simple interface monitoring the Managed Switch Figure 2 1 1 shows the front panel of the Managed Switch Front Panel Figure 2 1 1 NS3500 28T 4S front panel Gigabit TP Interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters 100 1000Base X SFP Slots Each of the SFP Small Form factor Pluggable slot supports Dual speed 1000Base SX LX or 100Base FX F...

Страница 20: ...is designed for reboot the Managed Switch without turn off and on the power The following is the summary table of Reset button functions Reset Button Pressed and Released Function 5 sec System Reboot Reboot the Managed Switch 5 sec Factory Default Reset the Managed Switch to Factory Default configuration The Managed Switch will then reboot and load the default settings as below Default Username ad...

Страница 21: ...bps If LNK ACT LED Off indicate that the port is link down 100 1000Base X SFP interfaces LED Color Function Lights To indicate the link through that port is successfully established LNK ACT Green Blink To indicate that the switch is actively sending or receiving data over that port Lights To indicate that the port is operating at 1000Mbps 1000 Orange Off If LNK ACT LED light indicate that the port...

Страница 22: ...d into an electric service outlet and the power will be ready Power Notice The device is a power required device which means it will not work till it is powered If your networks should be active all the time please consider using UPS Uninterrupted Power Supply for your device It will prevent you from network data loss or network downtime Power Notice In some areas installing a surge suppression de...

Страница 23: ...er source as shown in Figure 2 1 4 Figure 2 1 4 Place the Managed Switch on the desktop Step3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and specifications Step4 Connect the Managed Switch to network devices Connect one end of a standard network cab...

Страница 24: ...ep2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 1 5 shows how to attach brackets to one side of the Managed Switch Figure 2 1 5 Attach Brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty Step3 Secure the...

Страница 25: ...an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Managed Switch as the Figure 2 1 7 shows Figure 2 1 7 Plug in the SFP transceiver Approved INTERLOGIX SFP Transceivers Managed Switch supports both Single mode and Multi mode SFP transceiver The following list of ...

Страница 26: ...sceiver 100Base X SFP Gigabit Ethernet Transceiver 1000Base X SFP It is recommended to use INTERLOGIX SFP on the Managed Switch If you insert an SFP transceiver that is not supported the Managed Switch will not recognize it ...

Страница 27: ...uplex LC connector into the SFP transceiver 2 Connect the other end of the cable to a device with SFP transceiver installed 3 Check the LNK ACT LED of the SFP slot on the front of the Managed Switch Ensure that the SFP transceiver is operating correctly 4 Check the Link mode of the SFP port if the link fails To function with some fiber NICs or Media Converters user has to set the port Link mode to...

Страница 28: ...t the SFP Transceiver Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP module slot of the Managed Switch ...

Страница 29: ...ion Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations running Windows 2000 XP 2003 Vista 7 8 2008 MAC OS9 or later Linux UNIX or other platforms are compatible with TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect Terminal The above PC with COM Port DB9 RS 232 or USB to RS 232...

Страница 30: ...d HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be compromised hackers n...

Страница 31: ...on connected to the Managed Switch s console port Figure 3 1 1 Console Management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight RS 232 to RJ 45 cable is required to connect the switc...

Страница 32: ...d A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 3 4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up...

Страница 33: ...gure and manage the Managed Switch such as SNMPc Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management...

Страница 34: ...to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address as the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet ma...

Страница 35: ...anged via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login screen Default User name admin Default Password admin After entering the username and password the main screen appears as Figure 4 1 3 Figure 4 1 3 Default Main Page Now you can use the Web management interface to continue the switch management or manage the Managed Switch by We...

Страница 36: ...o use Internet Explorer 8 0 or above to access Managed Switch The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface For security reason please change and memorize the new password after this first setup Only accept command in lowercase letter under web interface ...

Страница 37: ...ser interface to configure and manage it Figure 4 1 4 Main Page Panel Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ 45 Ports SFP Ports Main Func...

Страница 38: ...by select the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Managed Switch Main Functions Menu Buttons Click to save changes or reset to default Click to logout the Managed Switch Click to reboot the Managed Switch Click to refresh the page 4 1 1 Save Button This save button allows save the running startup backup configuration or reset switch in defaul...

Страница 39: ...ger The system file folder contains configuration settings The screen in Figure 4 1 7 appears Figure 4 1 7 Save Button screenshot The page includes the following fields Object Description Running Configuration Refers to the running configuration sequence use in the switch In switch the running configuration file stores in the RAM In the current version the running configuration sequence running co...

Страница 40: ...onfiguration is empty in FLASH please save the backup configuration first by Maintenance Backup Manager Buttons Click to save configuration 4 1 2 1 Saving Configuration In the Managed Switch the running configuration file stores in the RAM In the current version the running configuration sequence of running config can be saved from the RAM to FLASH by Save Configurations to FLASH function so that ...

Страница 41: ...41 3 Press the Apply button to save running configuration to startup configuration ...

Страница 42: ...nfiguration Configure new user name password on this page Time Settings Configure SNTP on this page Log Management The switch log information is provided here SNMP Management Configure SNMP on this page 4 2 1 System Information The System Info page provides information for the current device information System Info page helps a switch administrator to identify the hardware MAC address software ver...

Страница 43: ...naged Switch Firmware Date The firmware date of this Managed Switch System Object ID The system object ID of the Managed Switch System Up Time The period of time the device has been operational PCN HW Version The hardware version of this Managed Switch Buttons Click to edit parameter 4 2 2 IP Configurations The IP Configuration includes the IP Address Subnet Mask and Gateway The Configured column ...

Страница 44: ...zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Provide the IP address of this switch in dotted decimal notation Subnet Mask Provide the subnet mask of this switch dotted decimal notation Gateway Provide the IP...

Страница 45: ...gure 4 2 4 Figure 4 2 5 appear Figure 4 2 4 IPv6 Address Setting page screenshot The page includes the following fields Object Description Auto Configuration Enable IPv6 auto configuration by checking this box If fails the configured IPv6 address is zero The router may delay responding to a router solicitation for a few seconds the total time needed to complete auto configuration can be significan...

Страница 46: ...representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 DHCPv6 Client To enable this Managed Switch to accept a configuration from a Dynamic Host Configuration Protocol version 6 DHCPv6 server By default the Managed Switch does not perform DHCPv6 client actions DHCPv6 clients request the delegation of ...

Страница 47: ... Router Display the current in use gateway IPv6 Static Address Display the current IPv6 static address IPv6 Static Router Display the current IPv6 static gateway DHCPv6 Client Display the current DHCPv6 client status ...

Страница 48: ...appear Figure 4 2 6 Local User Information Page Screenshot The page includes the following fields Object Description Username The name identifying the user Maximum length 32 characters Maximum number of users 8 Password Type The password type for the user Password Enter the user s new password here Range 0 32 characters plain text case sensitive Retype Password Please enter the user s new password...

Страница 49: ...Click to modify the local user entry Delete the current user 4 2 5 Time Settings 4 2 5 1 System Time Configure SNTP on this page SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems You can specify SNTP Servers and set GMT Time zone The SNTP Configuration screens in Figure 4 2 8 Figure 4 2 9 appear Figure 4 2 8 SNTP Setup Page Scre...

Страница 50: ...rding to the configurations set below for a defined Daylight Saving Time duration Select Disable to disable the Daylight Saving Time configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Daylight Saving Time Offset Enter...

Страница 51: ...Select the starting month Hours Select the starting hour Minutes Select the starting minute Buttons Click to apply changes Figure 4 2 9 Time Information Page Screenshot The page includes the following fields Object Description Current Data Time Display the current data time SNTP Display the current SNTP state Time Zone Display the current time zone Daylight Saving Time Display the current daylight...

Страница 52: ...P Server Settings The SNTP Server Configuration screens in Figure 4 2 10 Figure 4 2 11 appear Figure 4 2 10 SNTP Setup Page Screenshot The page includes the following fields Object Description SNTP Server Address Type the IP address or domain name of the SNTP server Server Port Type the port number of the SNTP Buttons Click to apply changes Figure 4 2 11 SNTP Server Information Page Screenshot ...

Страница 53: ...53 The page includes the following fields Object Description SNTP Server Address Display the current SNTP server address Server Port Display the current SNTP server port ...

Страница 54: ...ut significant condition such as cold start 4 Warning Warning conditions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Alert Immediate action needed 0 Emergency System unusable 4 2 6 1 Local Log The switch system local log information is provided here The loca...

Страница 55: ...Local Log The switch system local log information is provided here The local Log screens in Figure 4 2 14 Figure 4 2 15 appear Figure 4 2 14 Local Log Target Setting Page Screenshot The page includes the following fields Object Description Target The target of the local log entry The following target types are supported Buffered Target the buffer of the local log File Target the file of the local ...

Страница 56: ...of the informational messages for local log debug Debug level of the debugging messages for local log Buttons Click to apply changes Figure 4 2 15 Local Log Setting Status Page Screenshot The page includes the following fields Object Description Status Display the current local log state Target Display the current local log target Severity Display the current local log severity Action Delete the c...

Страница 57: ...rovide the port number of remote syslog server Default Port no 514 Severity The severity of the local log entry The following severity types are supported emerg Emergency level of the system unusable for local log alert Alert level of the immediate action needed for local log crit Critical level of the critical conditions for local log error Error level of the error conditions for local log warnin...

Страница 58: ...Page Screenshot The page includes the following fields Object Description Status Display the current remote syslog state Server Info Display the current remote syslog server information Severity Display the current remote syslog severity Facility Display the current remote syslog facility Action Delete the remote server entry 4 2 6 4 Log Message The switch log view is provided here The Log View sc...

Страница 59: ...al level of the critical conditions for log view error Error level of the error conditions for log view warning Warning level of the warning conditions for log view notice Notice level of the normal but significant conditions for log view info Informational level of the informational messages for log view debug Debug level of the debugging messages for log view Category The category of the log vie...

Страница 60: ...egory Total Entries Display the current log entries Figure 4 2 20 Logging Messages Page Screenshot The page includes the following fields Object Description No This is the number for logs Timestamp Display the time of log Category Display the category type Severity Display the severity type Message Display the log message Buttons Click to clear the log Click to refresh the log ...

Страница 61: ... such as the number of error packets received by a network element Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community...

Страница 62: ...ng Page Screenshot The page includes the following fields Object Description Status Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Buttons Click to apply changes Figure 4 2 22 SNMP Information Page Screenshot The page includes the following fields Object Description SNMP Display the current SNMP status ...

Страница 63: ...the named view The allowed string content is digital number or asterisk Subtree OID Mask The bitmask identifies which positions in the specified object identifier are to be regarded as wildcards for the purpose of pattern matching View Type Indicates the view type that this entry should belong to Possible view type are included An optional flag to indicate that this view subtree should be included...

Страница 64: ...lay the current SNMP OID mask View Type Display the current SNMP view type Action Delete the view table entry 4 2 7 4 SNMP Access Group Configure SNMPv3 access group on this page The entry index keys are Group Name Security Model and Security Level The SNMPv3 Access Group Setting screens in Figure 4 2 25 Figure 4 2 26 appear Figure 4 2 25 SNMPv3 Access Group Setting Page Screenshot The page includ...

Страница 65: ...e privacy security levels are assigned to the group auth Authentication and none privacy priv Authentication and privacy Note The Security Level applies to SNNPv3 only Read View Name Read view name is the name of the view in which you can only view the contents of the agent The allowed string length is 1 to 16 Write View Name Write view name is the name of the view in which you enter data and conf...

Страница 66: ... group name Security Model Display the current security model Security Level Display the current security level Read View Name Display the current read view name Write View Name Display the current write view name Notify View Name Display the current notify view name Action Delete the access group entry ...

Страница 67: ...ommunity supported mode Possible versions are Basic Set SNMP community mode supported version 1 and 2c Advanced Set SNMP community mode supported version 3 Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 16 View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 16 Access Right...

Страница 68: ...Pv3 user is defined by a unique name Users must be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view The entry index key is User Name The SNMPv3 User Setting screens in Figure 4 2 29 Figure 4 2 30 appear Figure 4 2 29 SNMPv3 Users Configuration Page Screenshot The page includes the following fields Object Des...

Страница 69: ...at this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if entry already exist That means you must first ensure that the value is set correctly Authentication Password A string identifying the authentication pass phrase For both MD5 and SHA authentication protocol the allowed str...

Страница 70: ...ication Protocol Display the current authentication protocol Encryption Protocol Display the current encryption protocol Access Right Display the current access right Action Delete the user entry 4 2 7 7 SNMPv1 2 Notification Recipients Configure SNMPv1 and 2 notification recipients on this page The SNMPv1 2 Notification Recipients screens in Figure 4 2 31 Figure 4 2 32 appear Figure 4 2 31 SNMPv1...

Страница 71: ...dicates the community access string when send SNMP trap packet UDP Port Indicates the SNMP trap destination port SNMP Agent will send SNMP message via this port the port range is 1 65535 Time Out Indicates the SNMP trap inform timeout The allowed range is 1 to 300 Retries Indicates the SNMP trap informs retry times The allowed range is 1 to 255 Buttons Click to add a new SNMPv1 2 host entry Figure...

Страница 72: ...fields Object Description Server Address Indicates the SNMP trap destination address It allows a valid IP address in dotted decimal notation x y z w It can also represent a legally valid IPv4 address For example 192 1 2 34 Notify Type Set the notify type in traps or informs User Name Indicates the user string when send SNMP trap packet UDP Port Indicates the SNMP trap destination port SNMP Agent w...

Страница 73: ...rt Time Out Display the current time out Retries Display the current retry times Action Delete the SNMPv3 host entry 4 2 7 10 SNMP Engine ID Configure SNMPv3 Engine ID on this page The entry index key is Engine ID The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The SNMPv3 Engine ID Setting screens in Figure 4 2...

Страница 74: ...lick to apply changes Figure 4 2 36 SNMPv3 Engine ID Status Page Screenshot The page includes the following fields Object Description User Default Display the current status Engine ID Display the current engine ID 4 2 7 11 SNMP Remote Engine ID Configure SNMPv3 remote Engine ID on this page The SNMPv3 Remote Engine ID Setting screens in Figure 4 2 37 Figure 4 2 38 appear Figure 4 2 37 SNMPv3 Remot...

Страница 75: ...x y z w Engine ID An octet string identifying the engine ID that this entry should belong to Buttons Click to apply changes Figure 4 2 38 SNMPv3 Remote Engine ID Status Page Screenshot The page includes the following fields Object Description Remote IP Address Display the current remote IP address Engine ID Display the current engine ID Action Delete the remote IP address entry ...

Страница 76: ...isable Configuration Configures port error disable settings Port Error Disabled Status Disable port error status Protected Ports Configures protected ports settings EEE Configures EEE settings SFP Module Information Display SFP module information 4 3 1 Port Configuration This page displays current port configurations and status Ports can also be configured here The table has one row for each port ...

Страница 77: ...x Select any available link duplex for the given switch port Draw the menu bar to select the mode Auto Setup Auto negotiation Full Force sets Full Duplex mode Half Force sets Half Duplex mode Flow Control When Auto Speed is selected for a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used Curren...

Страница 78: ... indicate the port name Enable State Display the current port state Link Status Display the current link status Speed Display the current speed status of the port Duplex Display the current duplex status of the port Flow Control Configuration Display the current flow control configuration of the port Flow Control Status Display the current flow control status of the port ...

Страница 79: ...he Port Statistics screens in Figure 4 3 3 Figure 4 3 4 Figure 4 3 5 Figure 4 3 6 appear Figure 4 3 3 Port MIB Counters Page Screenshot The page includes the following fields Object Description Port Select port number for this drop down list Mode Select port counters mode Option All Interface Ether link RMON ...

Страница 80: ... Packets The total number of packets that higher level protocols requested is transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Discards Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding suc...

Страница 81: ...ltiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Deferred Transmissions A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy Late Collision The number of times that a collision is detected later than 512 bit times into the transmission of a packet ...

Страница 82: ...se frames Figure 4 3 6 RMON Counters Page Screenshot Object Description Drop Events The total number of events in which packets were dropped due to lack of resources Octets The total number of octets received and transmitted on the interface including framing characters Packets The total number of packets received and transmitted on the interface Broadcast Packets The total number of good frames r...

Страница 83: ... were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error Jabbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet segment 64 Bytes Frames The ...

Страница 84: ...idth Utilization screen in Figure 4 3 7 appears To view the port utilization click on the Port Management folder and then the Bandwidth Utilization link Figure 4 3 7 Port Bandwidth Utilization Page Screenshot The page includes the following fields Object Description Refresh Period This shows the period interval between last and next refresh Options 2 sec 5 sec 10 sec IFG Allow user to enable or di...

Страница 85: ...a frame analyzer can be attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Figure 4 3 8 Port Mirror Application The traffic to be copied to the mirror port is selected as follows All frames received on a g...

Страница 86: ...estination Port Select the port to mirror destination port Allow ingress Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Sniffer TX Ports Frames transmitted from these ports are mirrored to the mirroring port Frames received are not mirrored Sniffer RX Ports Frames received at these ports are mirrored to the mirroring port Frames transmitt...

Страница 87: ...current TX ports Source RX Port Display the current RX ports 4 3 6 Jumbo Frame This page provides to select the maximum frame size allowed for the switch port The Jumbo Frame screen in Figure 4 3 11 Figure 4 3 12 appear Figure 4 3 11 Jumbo Frame Setting Page Screenshot The page includes the following fields Object Description Jumbo Frame Bytes Enter the maximum frame size allowed for the switch po...

Страница 88: ...following fields Object Description Jumbo Display the current maximum frame size 4 3 7 Port Error Disabled Configuration This page provides to set port error disable function The Port Error Disable Configuration screens in Figure 4 3 13 Figure 4 3 14 appear Figure 4 3 13 Error Disabled Recovery Page Screenshot ...

Страница 89: ...heck status by broadcast flood Unknown Multicast Flood Enable or disable the port error disabled function to check status by unknown multicast flood Unicast Flood Enable or disable the port error disabled function to check status by unicast flood ACL Enable or disable the port error disabled function to check status by ACL Port Security Violation Enable or disable the port error disabled function ...

Страница 90: ...he current unknown multicast flood status Unicast Flood Display the current unicast flood status ACL Display the current ACL status Port Security Violation Display the current port security violation status DHCP Rate Limit Display the current DHCP rate limit status ARP Rate Limit Display the current ARP rate limit status 4 3 8 Port Error Disabled This page provides disable that transitions a port ...

Страница 91: ...a member of protected group also called Private VLAN communication between protected ports within that group can be prevented Two application examples are provided in this section Customers connected to an ISP can be members of the protected group but they are not allowed to communicate with each other within that VLAN Servers in a farm of web servers in a Demilitarized Zone DMZ are allowed to com...

Страница 92: ... from which traffic can only be forwarded to promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the pri...

Страница 93: ...ist Select port number for this drop down list Port Type Displays protected port types Protected A single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Unprotected A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting B...

Страница 94: ...ircuits powered up when traffic is transmitted The devices can exchange wakeup time information using the LLDP protocol EEE works for ports in auto negotiation mode where the port is negotiated to either 1G or 100 Mbit full duplex mode For ports that are not EEE capable the corresponding EEE checkboxes are grayed out and thus impossible to enable EEE for The EEE port settings relate to the current...

Страница 95: ...this drop down list Enable Enable or disable the EEE function Buttons Click to apply changes Figure 4 3 19 Port Isolation Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port EEE State Display the current EEE state ...

Страница 96: ...an be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supports the following Aggregation links Static LAGs Port ...

Страница 97: ...k connection or to ensure fault recovery Link aggregation lets you group up to 8 consecutive ports into a single dedicated connection between any two the Switch or other Layer 2 switches However before making any physical connections between devices use the Link aggregation Configuration menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that T...

Страница 98: ...d at the same time The Managed Switch support Gigabit Ethernet ports up to 8 groups If the group is defined as a LACP static link aggregationing group then any extra ports selected are placed in a standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregationing group then the number of ports must be the same as the group member ports Use the...

Страница 99: ...Object Description Load Balance Algorithm Select load balance algorithm mode MAC Address The MAC address can be used to calculate the port for the frame IP MAC Address The IP and MAC address can be used to calculate the port for the frame Buttons Click to apply changes Figure 4 4 3 LAG Information Page Screenshot The page includes the following fields Object Description Load Balance Algorithm Disp...

Страница 100: ...ption LAG Select LAG number for this drop down list Name Indicates the per LAG name Type Indicates the trunk type Static Force aggregared selected ports to be a trunk group LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them Ports Select port number for this drop dow...

Страница 101: ...elds Object Description LAG The LAG for the settings contained in the same row Name Display the current name Type Display the current type Link State Display the link state Active Member Display the active member Standby Member Display the standby member Modify Click to modify LAG configuration ...

Страница 102: ...y Disabled Shutdown the LAG manually Speed Select any available link speed for the given switch port Draw the menu bar to select the mode Auto Setup Auto negotiation Auto 10M Setup 10M Auto negotiation Auto 100M Setup 100M Auto negotiation Auto 1000M Setup 1000M Auto negotiation Auto 10 100M Setup 10 100M Auto negotiation 10M Setup 10M Force mode 100M Setup 100M Force mode 1000M Setup 1000M Force ...

Страница 103: ...ured Link Speed Buttons Click to apply changes Figure 4 4 7 LAG Port Status Page Screenshot The page includes the following fields Object Description LAG The LAG for the settings contained in the same row Description Display the current description Port Type Display the current port type Enable State Display the current enable state Speed Display the current speed Duplex Display the current duplex...

Страница 104: ...following fields Object Description System Priority A value which is used to identify the active LACP The Managed Switch with the lowest value has the highest priority and is selected as the active LACP peer of the trunk group Buttons Click to apply changes Figure 4 4 9 LACP Information Page Screenshot The page includes the following fields Object Description System Priority Display the current sy...

Страница 105: ...ist to set LACP port setting Priority The Prio controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower number means greater priority Timeout The Timeout controls the period between BPDU transmissions Short will transmit LACP packets ...

Страница 106: ...ription Port Name The switch port number of the logical port Priority Display the current LACP priority parameter Timeout Display the current timeout parameter 4 4 6 LAG Status This page displays LAG status The LAG Status screens in Figure 4 4 12 Figure 4 4 13 appear Figure 4 4 12 LAG Status Page Screenshot ...

Страница 107: ...play the current trunk ID Port Display the current port number PartnerSysId The system ID of link partner This field would be updated when the port receives LACP PDU from link partner PnKey Port key of partner This field would be updated when the port receives LACP PDU from link partner AtKey Port key of actor The key is designed to be the same as trunk ID Sel LACP selection logic status of the po...

Страница 108: ...state field of LACP PDU description The field from left to right describes LACP_Activity LACP_Timeout Aggregation Synchronization Collecting Distributing Defaulted and Expired The contents could be true or false If the contents are false the web shows _ if the contents are true the web shows A T G S C D F and E for each content respectively PnState The partner state field of LACP PDU description T...

Страница 109: ...en ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily VLAN can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains A VLAN is a collection of end nodes grouped by logic instead of physical location End nodes that frequently communicate with each other are assigned to the same VLAN regardless of wher...

Страница 110: ...e VLAN port Port to VLAN Configures the VLAN membership Port VLAN Membership Display the VLAN membership Protocol VLAN Group Setting Configures the protocol VLAN group Protocol VLAN Port Setting Configures the protocol VLAN port setting GVRP Setting Configures GVRP global setting GVRP Port Setting Configurs GVRP port setting GVRP VLAN Display the GVRP VLAN database GVRP Statistics Display the GVRP...

Страница 111: ... on the network are IEEE 802 1Q compliant VLAN allow a network to be segmented in order to reduce the size of broadcast domains All packets entering a VLAN will only be forwarded to the stations over IEEE 802 1Q enabled switches that are members of that VLAN and this includes broadcast multicast and unicast packets from unknown sources VLAN can also provide a level of security to your network IEEE...

Страница 112: ... Identifier TCI Tag Control Information 2 bytes 2 bytes Preamble Destination Address Source Address VLAN TAG Ethernet Type Data FCS 6 bytes 6 bytes 4 bytes 2 bytes 46 1500 bytes 4 bytes The Ether Type and VLAN ID are inserted after the MAC source address but before the original Ether Type Length or Logical Link Control Because the packet is now a bit longer than it was originally the Cyclic Redund...

Страница 113: ...ision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Default VLANs The Switch initially configures one VLAN VID 1 called default The f...

Страница 114: ... among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate fr...

Страница 115: ...te Page Screenshot The page includes the following fields Object Description Management VLAN Display the current management VLAN 4 5 4 Create VLAN Create delete VLAN on this page The screens in Figure 4 5 3 Figure 4 5 4 appear Figure 4 5 3 VLAN Setting Page Screenshot ...

Страница 116: ...escription VLAN ID Display the current VLAN ID entry VLAN Name Display the current VLAN ID name VLAN Type Display the current VLAN ID type Modify Click to modify VLAN configuraiton 4 5 5 Interface Settings This Page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration Page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is co...

Страница 117: ...Frame is tagged Income Frame is untagged Leave port is tagged Frame remains tagged Tag is inserted Leave port is untagged Tag is removed Frame remain untagged Table 4 5 1 Ingress Egress Port with VLAN VID Tag Untag Table IEEE 802 1Q Tunneling Q in Q IEEE 802 1Q Tunneling QinQ is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used to m...

Страница 118: ...stomer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service provider tags In cases where a given service VLAN only has two member ports on the switch the learning can be disabl...

Страница 119: ...ed traffic will be dropped The range for the PVID is 1 4094 Accepted Type Determines whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded Options All Tag Only Untag Only By default the field is set to All Ingress Filtering If ingress filtering is enabled che...

Страница 120: ...rt The switch port number of the logical port Interface VLAN Mode Display the current interface VLAN mode PVID Display the current PVID Accepted Frame Type Display the current access frame type Ingress Filtering Display the current ingress filtering Uplink Display the current uplink mode TPID Display the current TPID ...

Страница 121: ...f the logical port Interface VLAN Mode Display the current interface VLAN mode Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk Forbidden Interface is forbidden from automatically joining the VLAN via GVRP Excluded Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Tagged Interface is...

Страница 122: ...is Page provides an overview of membership status for VLAN users The VLAN Membership Status screen in Figure 4 5 8 appears Figure 4 5 8 Port VLAN Membership Table Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Mode Display the current VLAN mode Administrative VLANs Display the current administrative VLANs Operational VLANs ...

Страница 123: ...port its VLAN membership can then be determined based on the protocol type being used by the inbound packets Command Usage To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a pr...

Страница 124: ... type you selected Protocol Value 0x0600 0xFFFE Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu Valid values for frame type ranges from 0x0600 0xfffe Buttons Click to apply changes Figure 4 5 10 Protocol VLAN Group State Page Screenshot The page includes the following fields Object Description Group ID Display the c...

Страница 125: ...ge includes the following fields Object Description Port Select port for this drop down list to assign protocol VLAN port Group Select group ID for this drop down list to protocol VLAN group VLAN VLAN ID assigned to the Special Protocol VLAN Group Buttons Click to add protocol VLAN port entry Figure 4 5 12 Protocol VLAN Port State Page Screenshot The page includes the following fields Object Descr...

Страница 126: ...ormation in order to register VLAN members on ports across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch The GVRP Global Setting Informations screens in Figure 4 5 13 Figure 4 5 14 appear ...

Страница 127: ...more than twice the join time This ensures that after a Leave or LeaveAll message has been issued the applicants can rejoin before the port actually leaves the group Range 45 32760 centiseconds Default 60 centiseconds LeaveAll Timeout The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group This interval should be considerably larger than...

Страница 128: ...isplay the current GVRP status Join Timeout Display the current join timeout parameter Leave Timeout Display the current leave timeout parameter LeaveAll Timeout Display the current leaveall timeout parameter 4 5 11 GVRP Port Setting The GVRP Port Setting Status screen in Figure 4 5 15 Figure 4 5 16 appear Figure 4 5 15 GVRP Global Setting Page Screenshot ...

Страница 129: ... the other side is not capable of sending GVRP messages or if you do not want to allow the switch to prune any of the VLANs use the fixed mode Fixed mode ports will forward for all VLANs that exist in the switch database Ports in forbidden mode forward only for VLAN 1 VLAN Creation GVRP can dynamically create VLANs on switches for trunking purposes By enabling GVRP dynamic VLAN creation a switch w...

Страница 130: ...AN The GVRP VLAN Database screen in Figure 4 5 17 appears Figure 4 5 17 GVRP VLAN Database Status Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Member Ports Display the current member ports Dynamic Ports Display the current dynamic ports VLAN Type Display the current VLAN type 4 5 13 GVRP Statistics The GVRP Port Statistics and Error ...

Страница 131: ...l port Join Empty Rx Tx Display the current join empty TX RX packets Empty Rx Tx Display the current empty TX RX packets Leave Empty Rx Tx Display the current leave empty TX RX packets Join In Rx Tx Display the current join in TX RX packets Leave In Rx Tx Display the current leave in TX RX packets LeaveAll Rx Tx Display the current leaveall TX RX packets ...

Страница 132: ...d attribute length Invalid Event Display the current invalid event Buttons Click to clear the GVRP Error Statistics Click to refresh the GVRP Error Statistics 4 5 14 VLAN setting example Separate VLANs 802 1Q VLAN Trunk 4 5 14 1 Two separate 802 1Q VLANs The diagram shows how the Managed Switch handle Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLANs ...

Страница 133: ...cenario described as follows Untagged packet entering VLAN 2 1 While PC 1 transmit an untagged packet enters Port 1 the Managed Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away it tag becoming an untagged packet 4 While the packet leaves Port 3 it w...

Страница 134: ...tag it with a VLAN Tag 3 PC 5 and PC 6 will received the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away it tag becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 In this example VLAN Group 1 is set as default VLAN but only focuses on VLAN 2 and VLAN 3 traffic flow Setup steps 1 Create VLAN Group 2...

Страница 135: ...135 3 Assign Tagged Untagged for each port VLAN ID 2 Port 1 2 Untagged Port 3 Tagged Port 4 6 Excluded VLAN ID 3 Port 4 5 Untagged Port 6 Tagged Port 1 3 Excluded ...

Страница 136: ...two 802 1Q aware switch The most cases are used for Uplink to other switches VLANs are separated at different switches but they need to access with other switches within the same VLAN group The screen in Figure 4 5 21 appears Setup steps ...

Страница 137: ... and group 3 2 Assign VLAN mode and PVID for each port Port 1 Port 2 and Port 3 VLAN Mode Hybrid PVID 2 Port 4 Port 5 and Port 6 VLAN Mode Hybrid PVID 3 Port 7 VLAN Mode Hybrid PVID 1 3 Assign Tagged Untagged for each port VLAN ID 1 Port 1 6 Untagged ...

Страница 138: ...138 Port 7 Excluded VLAN ID 2 Port 1 2 Untagged Port 3 7 Tagged Port 4 6 Excluded VLAN ID 3 Port 4 5 Untagged Port 6 7 Tagged Port 1 3 Excluded ...

Страница 139: ...ing Tree Protocol is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and pr...

Страница 140: ...ot switch Ports included in the STP are selected Creating a Stable STP Topology It is to make the root port a fastest link If all switches have STP enabled with default settings the switch with the lowest MAC address in the network will become the root switch By increasing the priority lowering the priority number of the best switch STP can be forced to select the best switch as the root switch Wh...

Страница 141: ...its forwarding database but not yet forwarding packets Forwarding the port is forwarding packets Disabled the port only responds to network management messages and must return to the blocking state first A port transitions from one state to another as follows From initialization switch boot to blocking From blocking to listening or to disabled From listening to learning or to disabled From learnin...

Страница 142: ...nd then sets the Root Bridge and the Designated Bridges On the port level STP sets the Root Port and the Designated Ports The following are the user configurable STP parameters for the switch level Parameter Description Default Value Bridge Identifier Not user configurable except by setting priority below A combination of the User set priority and the switch s MAC address The Bridge Identifier con...

Страница 143: ... majority of installations However it is advisable to keep the default settings as set at the factory unless it is absolutely necessary The user changeable parameters in the Switch are as follows Priority A Priority for the switch can be set from 0 to 65535 0 is equal to the highest Priority Hello Time The Hello Time can be from 1 to 10 seconds This is the interval between two transmissions of BPD...

Страница 144: ...pate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure In this example STP breaks the loop by blocking the connection between switch B and C The...

Страница 145: ...145 Figure 4 6 2 Before Applying the STA Rules In this example only the default STP values are used ...

Страница 146: ...00 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link This section has the following items STP Global Setting Configures STP system settings STP Port Setting Configuration per port STP settings CIST Instance Setting Configure system configurati...

Страница 147: ...ion to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree The STP Global Settings screens in Figure 4 6 4 Figure 4 6 5 appear Figure 4 6 4 Global Settings Page Screenshot The page includes the following fiel...

Страница 148: ... values allowed are between 0 and 65535 The default value is 0 Buttons Click to apply changes Figure 4 6 5 STP Information Page Screenshot The page includes the following fields Object Description STP Display the current STP state BPDU Forward Display the current BPDU forward mode Cost Method Display the current cost method Force Version Display the current force version Configuration Name Display...

Страница 149: ...network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Edge Port Controls whether the operEdge flag should start as beeing set or cleared The initial operEdge state when a port is initialized BPDU Filter Control whether a port explicitly configured as Edge will transmit and receive BPDUs BPDU Guard Control whethe...

Страница 150: ...rt and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit...

Страница 151: ...Figure 4 6 7 STP Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical STP port Admin Enable Display the current STP port mode status External Cost Display the current external cost Edge Port Display the current edge port status BPDU Filter Display the current BPDU filter configuration BPDU Guard Display the current BPDU gu...

Страница 152: ... MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority of the STP RSTP bridge Max Hops This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 6 to 40 ho...

Страница 153: ...en exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Hello Time The time that controls the switch to send out the BPDU packet to check STP current status Enter a value between 1 through 10 Buttons Click to apply changes Figure 4 6 9 CIST Instance Information Page Screenshot The page includes the following fields Object Description Priori...

Страница 154: ...154 Max Age Display the current Max age Tx Hold Count Display the current Tx hold count Hello Time Display the current hello time ...

Страница 155: ...control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 Internal Path Cost 0 Auto Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the act...

Страница 156: ...e current external path cost conf oper Internal Path Cost Conf Oper Display the current internal path cost oper Designated Root Bridge Display the current designated root bridge External Root Cost Display the current external root cost Regional Root Bridge Display the current regional root bridge Internal Root Cost Display the current internal root cost Designated Bridge Display the current design...

Страница 157: ...Figure 4 6 12 Figure 4 6 13 Figure 4 6 14 appear Figure 4 6 12 MST Instance Setting Page Screenshot The page includes the following fields Object Description MSTI ID Allow assign MSTI ID The range for the MSTI ID is 1 15 VLAN List 1 4096 Allow assign VLAN list for special MSTI ID The range for the VLAN list is 1 4094 Priority Controls the bridge priority Lower numerical values have better priority...

Страница 158: ... Display the current MSTI entry Status Display the current MSTI status VLAN List Display the current VLAN list VLAN Count Display the current VLAN count Priority Display the current MSTI priority Figure 4 6 14 MST Instance Status Page Screenshot The page includes the following fields Object Description MSTI ID Display the MSTI ID ...

Страница 159: ...ternal root cost Designated Bridge Display the current designated bridge Root Port Display the current root port Max Age Display the current max age Forward Delay Display the current forward delay Remaining Hops Display the current remaininging hops Last Topology Change Display the current last topology change ...

Страница 160: ...Port Configuration Page Screenshot The page includes the following fields Object Description MST ID Enter the special MST ID to configure path cost priority Port Select Select port number for this drop down list Priority Controls the port priority This can be used to control priority of ports having identical port cost Internal Path Cost 0 Auto Controls the path cost incurred by the port The Auto ...

Страница 161: ...lay the current indentifier priority port ID Internal Path Cost Conf Oper Display the current internal path cost configuration operation Regional Root Bridge Display the current regional root bridget Internal Root Cost Display the current internal root cost Designated Bridge Display the current designated bridge Internal Path Cost Display the current internal path cost Port Role Display the curren...

Страница 162: ...ort number of the logical STP port Configuration BPDUs Received Display the current configuration BPDUs received TCN BPDUs Received Display the current TCN BPDUs received MSTP BPDUs Received Display the current MSTP BPDUs received Configuration BPDUs Transmitted Display the configuration BPDUs transmitted TCN BPDUs Transmitted Display the current TCN BPDUs transmitted MSTP BPDUs Transmitted Displa...

Страница 163: ...t throttling setting Multicast Filter Configures multicast filter 4 7 1 Properties This page provides multicast properties related configuration The multicast Properties and Information screen in Figure 4 7 1 Figure 4 7 2 appear Figure 4 7 1 Properties Setting Page Screenshot The page includes the following fields Object Description Unknow Multicast Action Unknown multicast traffic method Drop flo...

Страница 164: ...pose of IGMP Snooping is to limit the forwarding of multicast frames to only ports that are a member of the multicast group About the Internet Group Management Protocol IGMP Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to commun...

Страница 165: ...er can check using IGMP to see if there is at least one member of a multicast group on a given subnet work If there are no members on a sub network packets will not be forwarded to that sub network Figure 4 7 3 Multicast Service ...

Страница 166: ...166 Figure 4 7 4 Multicast Flooding ...

Страница 167: ...ovides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query ...

Страница 168: ... it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live ...

Страница 169: ...e requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet 4 7 2 1 IGMP Setting This page provides IGMP Snooping related configuration Most of the settings are global whereas the Router Port co...

Страница 170: ...sible versions are v2 Set IGMP Snooping supported IGMP version 2 v3 Set IGMP Snooping supported IGMP version 3 IGMP Snooping Report Suppression Limits the membership report traffic sent to multicast capable routers When you disable report suppression all IGMP reports are sent as is to multicast capable routers The default is enabled Buttons Click to apply changes Figure 4 7 8 IGMP Snooping Informa...

Страница 171: ... ID Display the current VLAN ID IGMP Snooping Operation Status Display the current IGMP snooping operation status Router Ports Auto Learn Display the current router ports auto learning Query Robustness Display the current query robustness Query Interval sec Display the current query interval Query Max Response Interval sec Display the current query max response interval Last Member Query conut Dis...

Страница 172: ...shot The page includes the following fields Object Description VLAN ID Select VLAN ID for this drop down list Querier State Enable or disable the querier state The default value is Disabled Querier Version Sets the querier version for compatibility with other devices on the network Version 2 or 3 Default 2 Buttons Click to apply changes Figure 4 7 11 IGMP Querier Status Page Screenshot ...

Страница 173: ...escribed in above sections For certain applications that require tighter control you may need to statically configure a multicast service on the Managed Switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specif...

Страница 174: ... Member Ports Select port number for this drop down list Buttons Click to add IGMP router port entry Figure 4 7 13 IGMP Static Groups Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Group IP Address Display the current group IP address Member Ports Display the current member ports Modify Click to edit parameter ...

Страница 175: ...elected options Life Sec Display the current life 4 7 2 5 IGMP Router Setting Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your Managed Switch you can manually configure the interface and a specified VLAN to join all t...

Страница 176: ...tatic Forbid Static Ports Select Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Forbid Port Select Specify which ports un act as router ports Buttons Click to add IGMP router port entry Figure 4 7 16 Router Port Status Page Screenshot The page includes the following fields Object Description VLA...

Страница 177: ... in Figure 4 7 17 Figure 4 7 18 Figure 4 7 19 appear Figure 4 7 17 Dynamic Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Display the current dynamic router ports Expiry Time Sec Display the current expiry time Figure 4 7 18 Static Router Table Page Screenshot The page includes the following fields Object Description ...

Страница 178: ...owing fields Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask 4 7 2 7 IGMP Forward All This page provides IGMP Forward All The Forward All screen in Figure 4 7 20 appears Figure 4 7 20 Forward All Setting Page Screenshot The page includes the following fields Object Description ...

Страница 179: ...atically joining the IGMP via MVR None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Membership Static Interface is a member of the IGMP Buttons Click to apply changes 4 7 3 IGMP Snooping Statics This page provides IGMP Snooping Statics The IGMP Snooping Statics screen in Figure 4 7 20 appears Figure 4 7 20 Forward All Setting Page...

Страница 180: ...neral query RX Special Group Query RX Display current special group query RX Special Group Source Query RX Display current special group source query RX Leave TX Display current leave TX Report TX Display current report TX General Query TX Display current general query TX Special Group Query TX Display current special group query TX Special Group Source Query TX Display current special group sourc...

Страница 181: ...eenshot The page includes the following fields Object Description MLD Snooping Status Enable or disable the MLD snooping The default value is Disabled MLD Snooping Version Sets the MLD Snooping operation version Possible versions are v1 Set MLD Snooping supported MLD version 1 v2 Set MLD Snooping supported MLD version 2 MLD Snooping Report Suppression Limits the membership report traffic sent to m...

Страница 182: ...ort Suppression Display the current MLD snooping report suppression Figure 4 7 23 MLD Snooping Table Page Screenshot The page includes the following fields Object Description Entry No Display the current entry number VLAN ID Display the current VLAN ID MLD Snooping Operation Status Display the current MLD snooping operation status Router Ports Auto Learn Display the current router ports auto learn...

Страница 183: ...ave Display the current immediate leave Modify Click to edit parameter 4 7 4 2 MLD Static Group The MLD Static Group configuration screens in Figure 4 7 24 Figure 4 7 25 appear Figure 4 7 24 Add MLD Static Group Page Screenshot The page includes the following fields Object Description VLAN ID Select VLAN ID for this drop down list Group IP Address The IP address for a specific multicast service Me...

Страница 184: ... the current member ports Modify Click to edit parameter 4 7 4 3 MLD Group Table This page provides MLD Group Table The MLD Group Table screen in Figure 4 7 26 appears Figure 4 7 26 MLD Group Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VID Group IP Address Display multicast IP address for a specific multicast service Member Port Displ...

Страница 185: ...tached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the Managed Switch The MLD Router Setting screens in Figure 4 7 27 Figure 4 7 28 appear Figure 4 7 27 Add Router Port Page Screenshot The page includes the following fields Object Description VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Ty...

Страница 186: ...s Forbidden Ports Display the current forbidden ports Modify Click to edit parameter Click to delete the group ID entry 4 7 4 5 MLD Router Table This page provides Router Table The Dynamic Static and Forbidden Router Table screens in Figure 4 7 29 Figure 4 7 30 Figure 4 7 31 appear Figure 4 7 29 Dynamic Router Table Page Screenshot The page includes the following fields Object Description VLAN ID ...

Страница 187: ...Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask Figure 4 7 31 Forbidden Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask 4 7 4 6 MLD Forward All This page provides MLD Forward All The Forward All screen in Figure 4 7 32 appears ...

Страница 188: ...membership Port The switch port number of the logical port Select MLD membership for each interface Forbidden Interface is forbidden from automatically joining the MLD via MVR None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Membership Static Interface is a member of the MLD Buttons Click to apply changes ...

Страница 189: ...rd All Setting Page Screenshot The page includes the following fields Object Description Total RX Display current total RX Valid RX Display current valid RX Invalid RX Display current invalid RX Other RX Display current other RX Leave RX Display current leave RX Report RX Display current report RX General Query RX Display current general query RX ...

Страница 190: ... TX Display current leave TX Report TX Display current report TX General Query TX Display current general query TX Special Group Query TX Display current special group query TX Special Group Source Query TX Display current special group source query TX Buttons Click to clear the MLD Snooping Statistics Click to refresh the MLD Snooping Statistics ...

Страница 191: ... set the multicast throttling number to limit the number of multicast groups an interface can join at the same time The MAX Group and Information screens in Figure 4 7 34 Figure 4 7 35 appear Figure 4 7 34 Max Groups and Action Setting Page Screenshot The page includes the following fields Object Description IP Type Select IPv4 or IPv6 for this drop down list Port Select Select port number for thi...

Страница 192: ...is requirement by restricting access to specified multicast services on a switch port Multicast filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A multicast filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled multicast join reports rece...

Страница 193: ...gure 4 7 37 appear Figure 4 7 36 Add Profile Setting Page Screenshot The page includes the following fields Object Description IP Type Select IPv4 or IPv6 for this drop down list Profile Index Indicates the ID of this particular profile Group from Specifies multicast groups to include in the profile Specify a multicast group range by entering a start IP address Group to Specifies multicast groups ...

Страница 194: ...Screenshot The page includes the following fields Object Description Index Display the current index IP Type Display the current IP Type Group from Display the current group from Group to Display the current group to Action Display the current action Modify Click to edit parameter Click to delete the MLD IGMP profile entry 4 7 7 2 IGMP Filter Setting The Filter Setting and Status screens in Figure...

Страница 195: ...ile ID Select filter profile ID for this drop down list Buttons Click to apply changes Figure 4 7 39 Port Filter Status Page Screenshot The page includes the following fields Object Description Port Display the current port Filter Profile ID Display the current filter profile ID Action Click to display detail profile parameter Click to delete the IGMP filter profile entry ...

Страница 196: ...lowing fields Object Description Port Select Select port number for this drop down list Filter Profile ID Select filter profile ID for this drop down list Buttons Click to apply changes Figure 4 7 41 Port Filter Status Page Screenshot The page includes the following fields Object Description Port Display the current port Filter Profile ID Display the current filter profile ID ...

Страница 197: ...o Control a wide variety of network traffic by Classifying traffic based on packet attributes Assigning priorities to traffic for example to set higher priorities to time critical or business critical applications Applying security policy through traffic filtering Provide predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter I...

Страница 198: ...Base Priority Mode Any packet received from the specify high priority port will treated as a high priority packet The Managed Switch supports eight priority level queue the queue service rate is based on the WRR Weight Round Robin and WFQ Weighted Fair Queuing alorithm The WRR ratio of high priority and low priority can be set to 4 1 and 8 1 4 8 2 General 4 8 2 1 QoS Properties The QoS Global Sett...

Страница 199: ...gs The QoS Port Settings and Status screen in Figure 4 8 2 Figure 4 8 3 appear Figure 4 8 2 QoS Port Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number for this drop down list CoS Value Select CoS value for this drop down list Remark CoS Disable or enable remark CoS Remark DSCP Disable or enable remark DSCP ...

Страница 200: ...lowing fields Object Description Port The switch port number of the logical port CoS Value Display the current CoS value Remark CoS Display the current remark CoS Remark DSCP Display the current remark DSCP Remark IP Precedence Display the current remark IP precedence 4 8 2 3 Queue Settings The Queue Table and Information screens in Figure 4 8 4 Figure 4 8 5 appear ...

Страница 201: ...ther the scheduler mode is Strict Priority on this switch port WRR Controls whether the scheduler mode is Weighted on this switch port Weight Controls the weight for this queue This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted of WRR Bandwidth Display the current bandwith for each queue Buttons Click to apply changes ...

Страница 202: ... Display the current queue vlaue information 4 8 2 4 CoS Mapping The CoS to Queue and Queue to CoS Mapping screens in Figure 4 8 6 Figure 4 8 7 appear Figure 4 8 6 CoS to Queue and Queue to CoS Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value for this drop down list Class of Service Select CoS value for this drop down list Buttons ...

Страница 203: ...g Page Screenshot The page includes the following fields Object Description CoS Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to CoS Display the current mapping to CoS ...

Страница 204: ...gure 4 8 8 Figure 4 8 9 appear Figure 4 8 8 DSCP to Queue and Queue to DSCP Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value for this drop down list DSCP Select DSCP value for this drop down list Buttons Click to apply changes ...

Страница 205: ...nshot The page includes the following fields Object Description DSCP Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to DSCP Display the current mapping to DSCP ...

Страница 206: ... 8 10 Figure 4 8 11 appear Figure 4 8 10 IP Precedence to Queue and Queue to IP Precedence Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value for this drop down list IP Precedence Select IP Precedence value for this drop down list Buttons Click to apply changes ...

Страница 207: ... page includes the following fields Object Description IP Precedence Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to IP Precedence Display the current mapping to IP Precedence ...

Страница 208: ... Mode Global Settings and QoS Information screen in Figure 4 8 12 Figure 4 8 13 appear Figure 4 8 12 Basic Mode Global Settings Page Screenshot The page includes the following fields Object Description Trust Mode Set the QoS mode Buttons Click to apply changes ...

Страница 209: ... the current QoS mode 4 8 3 2 Port Settings The QoS Port Setting and Status screen in Figure 4 8 14 Figure 4 8 15 appear Figure 4 8 14 Basic Mode Global Settings Page Screenshot The page includes the following fields Object Description Port Select port number for this drop down list Trust Mode Enable or disable the trust mode ...

Страница 210: ... Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Trust Mode Display the current trust type 4 8 4 Rate Limit Configure the switch port rate limit for the switch port on this page ...

Страница 211: ...trol Settings Page Screenshot The page includes the following fields Object Description Port Select port number for this drop down list State Enable or disable the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 17 Ingress Bandwidth C...

Страница 212: ...e The Egress Bandwidth Control Setting and Status screens in Figure 4 8 18 Figure 4 8 19 appear Figure 4 8 18 Egress Bandwidth Control Settings Page Screenshot The page includes the following fields Object Description Port Select port number for this drop down list State Enable or disable the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The defa...

Страница 213: ...ges Figure 4 8 19 Egress Bandwidth Control Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Egress Rate Limit Kbps Display the current egress rate limit ...

Страница 214: ...ollowing fields Object Description Port Select port number for this drop down list Queue Select queue number for this drop down list State Enable or disable the port rate policer The default value is Disabled CIR Kbps Configure the CIR for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 21 Egress Queue Status Page...

Страница 215: ...ment OUI Organizationally Unique Identifier will be considered the voice data traffic and transmitted to the Voice VLAN The configuration is based on MAC address acquiring a mechanism in which every voice equipment transmitting information through the network has got its unique MAC address VLAN will trace the address belongs to specified MAC By This means VLAN allows the voice equipment always bel...

Страница 216: ...hrough its own GUI This page provides to select the ingress bandwidth preamble The Ingress Bandwidth Control Setting Status screen in Figure 4 8 22 Figure 4 8 23 appears Figure 4 8 22 Properites Page Screenshot The page includes the following fields Object Description Voice VLAN State Indicates the Voice VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the ...

Страница 217: ...IP traffic is no longer received on the port Default 1440 minutes Buttons Click to apply changes Figure 4 8 23 Properites Page Screenshot The page includes the following fields Object Description Voice VLAN State Display the current voice VLAN state Voice VLAN ID Display the current voice VLAN ID Remark CoS 802 1p Display the current remark CoS 802 1p 1p remark Display the current 1p remark Aging ...

Страница 218: ...enshot The page includes the following fields Object Description OUI Address A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description User defined text that identifies the VoIP devices Buttons Click to add voice VLAN OUI setting Figure 4 8 25 Voice VLAN OUI Group Page Scre...

Страница 219: ...ecommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Telephony OUI MAC Setting screens in Figure 4 8 26 Figure 4 8 27 appear Figure 4 8 26 Voice VLAN Port Setting Page Screenshot The page includes the following fields Object Desc...

Страница 220: ...the current state CoS Mode Display the current CoS mode 4 9 Security This section is to control the access of the Managed Switch including the user access and management control The Security Page contains links to the following main topics 802 1x Radius Server TACACS Server AAA Access Management Access Method DHCP Snooping Dynamic ARP Inspection IP Source Gurad Port Security ...

Страница 221: ...rticular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of...

Страница 222: ...entication Initiation and Message Exchange Ports in Authorized and Unauthorized States Device Roles With 802 1X port based authentication the devices in the network have specific roles as shown below Figure 4 9 1 Client the device workstation that requests access to the LAN and switch services and responds to requests from the switch The workstation must be running 802 1X compliant client software...

Страница 223: ...ning EAP frame is re encapsulated in the RADIUS format The EAP frames are not modified or examined during encapsulation and the authentication server must support EAP within the native frame format When the switch receives frames from the authentication server the server s frame header is removed leaving the EAP frame which is then encapsulated for Ethernet and sent to the client Authentication In...

Страница 224: ...itch port state determines whether or not the client is granted access to the network The port starts in the unauthorized state While in this state the port disallows all ingress and egress traffic except for 802 1X protocol packets When a client is successfully authenticated the port transitions to the authorized state allowing all traffic for the client to flow normally If a client that does not...

Страница 225: ... the unauthorized state If the link state of a port transitions from up to down or if an EAPOL logoff frame is received the port returns to the unauthorized state 4 9 1 2 802 1X Setting This page allows you to configure the IEEE 802 1X authentication system The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to fi...

Страница 226: ...ge Screenshot The page includes the following fields Object Description 802 1X Display the current 802 1X state 4 9 1 3 802 1X Port Setting This page allows you to configure the IEEE 802 1X Port Setting The 802 1X Port Setting screens in Figure 4 9 5 Figure 4 9 6 appear ...

Страница 227: ...one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Reauthentication Enable If checked successfully authenticated supplicants clients are reauthenticated...

Страница 228: ... Sets time to keep silent on supplicant authentication failure Supplicant Period Sets the interval for the supplicant to re transmit EAP request identify frame Maximun Request Retries The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN ...

Страница 229: ...eceived in the meantime the switch considers entering the Guest VLAN The interval between transmission of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is enabled the port will now be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleare...

Страница 230: ...et to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid values are in the range 1 4094 Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN ...

Страница 231: ... only available for EAPOL based modes i e Port based 802 1X Buttons Click to apply changes Figure 4 9 8 Guest VLAN Status Page Screenshot The page includes the following fields Object Description Port Name The switch port number of the logical port Enable State Display the current state In Guest VLAN Display the current guest VLAN 4 9 1 5 Authenticed Host The Authenticated Host Table screen in Fig...

Страница 232: ...d Display the current authentication method MAC Address Display the current MAC address 4 9 2 RADIUS Server This page is to configure the RADIUS server connection session parameters The RADIUS Settings screens in Figure 4 9 10 Figure 4 9 11 Figure 4 9 12 appears Figure 4 9 10 Use Default Parameters Page Screenshot The page includes the following fields Object Description Retries Timeout is the num...

Страница 233: ...0 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured Key String The secret ke...

Страница 234: ... are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead Retries Timeout is the number of seconds in the range ...

Страница 235: ...ay the current key Timeout Display the current timeout Retries Display the cunnent retry times Priority Display the current priority Dead Time Display the current dead time Usage Type Display the current usage type Modufy Click to edit login authentication list parameter Click to delete login authentication list entry 4 9 3 TACACS Server This page is to configure the RADIUS server connection sessi...

Страница 236: ...the TACACS server and the switch Timeout for Reply Retransmit is the number of times in the range 1 to 30 a TACACS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Buttons Click to apply changes Figure 4 9 14 New Radius Server Page Screenshot The page includes the following fields ...

Страница 237: ...eout The number of seconds the switch waits for a reply from the server before it resends the request Server Priority Set the server priority Buttons Click to add Radius server setting Figure 4 9 15 Login Authentication List Page Screenshot The page includes the following fields Object Description IP Address Display the current IP address Port Display the current port Key Display the current key T...

Страница 238: ... defined group if there is no response the second server will be tried and so on If at any point a pass or fail is returned the process stops The Managed Switch supports the following AAA features Accounting for IEEE 802 1X authenticated users that access the network through the Managed Switch Accounting for users that access management interfaces on the Managed Switch through the console and Teln...

Страница 239: ...e 4 9 4 1 Login List This page is to login list parameters The authentication list screen in Figure 4 9 17 Figure 4 9 18 appears Figure 4 9 17 New Authentication List Screenshot The page includes the following fields Object Description List Name Defines a name for the authentication list Method 1 4 Set the login authentication method Empty None Local TACACS RADIUS Enable Buttons Click to add authe...

Страница 240: ...hentication list entry 4 9 4 2 Enable List This page is to login list parameters The authentication list screens in Figure 4 9 19 Figure 4 9 20 appear Figure 4 9 19 New Authentication List Screenshot The page includes the following fields Object Description List Name Defines a name for the authentication list Method 1 3 Set the login authentication method Empty None Enable TACACS RADIUS Buttons Cl...

Страница 241: ...splay the current method list Modify Click to edit login authentication list parameter Click to delete login authentication list entry 4 9 5 Access This section is to control the access of the Managed Switch including the different access methods Telnet SSH HTTP and HTTPs 4 9 5 1 Telnet The Telnat Settings and Information screen in Figure 4 9 21 Figure 4 9 22 appear ...

Страница 242: ...ntication List Select login authentication list for this drop down list Enable Authentication List Select enable authentication list for this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Time Set the silent time value Buttons Click to apply changes Click to disconnect telnet communication ...

Страница 243: ... enable authentication list Session Timeout Display the current session timeout Password Retry Count Display the current password retry count Silent Time Display the current silent time Current Telent Session Count Display the current telnet session count 4 9 5 2 SSH Configure SSH on this Page This Page shows the Port Security status Port Security is a module with no direct configuration Configura...

Страница 244: ... blocked until that user module decides otherwise The SSH Settings and Information screens in Figure 4 9 23 Figure 4 9 24 appear Figure 4 9 23 SSH Settings Page Screenshot The page includes the following fields Object Description SSH Service Disable or enable SSH service Login Authentication List Select login authentication list for this drop down list Enable Authentication List Select enable auth...

Страница 245: ...uthentication list Enable Authentication List Display the current enable authentication list Session Timeout Display the current session timeout Password Retry Count Display the current password retry count Silent Time Display the current silent time Current SSH Session Count Display the current SSH session count 4 9 5 3 HTTP The HTTP Settings and Information screens in Figure 4 9 25 Figure 4 9 26...

Страница 246: ...ng fields Object Description HTTP Service Disable or enable HTTP service Login Authentication List Select login authentication list for this drop down list Session Timeout Set the session timeout value Buttons Click to apply changes Figure 4 9 26 HTTP Information Page Screenshot ...

Страница 247: ...session timeout 4 9 5 4 HTTPs The HTTPs Settings and Information screen in Figure 4 9 27 Figure 4 9 28 appear Figure 4 9 27 HTTPs Settings Page Screenshot The page includes the following fields Object Description HTTPs Service Disable or enable HTTPs service Login Authentication List Select login authentication list for this drop down list Session Timeout Set the session timeout value Buttons Clic...

Страница 248: ...rrent HTTPs service Login Authentication List Display the current login authentication list Session Timeout Display the current session timeout 4 9 6 Management Access Method 4 9 6 1 Profile Rules The Profile Rule Table Setting and Table screens in Figure 4 9 29 Figure 4 9 30 appear Figure 4 9 29 Profile Rule Table Setting Page Screenshot ...

Страница 249: ...tion An IP address can contain any combination of permit or deny rules Default Permit rules Sets the access mode of the profile either permit or deny Port Select port for this drop down list IP Source Indicates the IP address for the access management entry Buttons Click to apply changes Figure 4 9 30 Profile Rule Table Page Screenshot The page includes the following fields Object Description Acce...

Страница 250: ... Display the current source IPv6 prefix Modify Click to edit profile rule parameter Click to delete profile rule entry 4 9 6 2 Access Rules The access profile screens in Figure 4 9 31 Figure 4 9 32 appear Figure 4 9 31 Access Profile Page Screenshot The page includes the following fields Object Description Access Profile Select access profile for this drop down list Buttons Click to apply changes ...

Страница 251: ...251 The page includes the following fields Object Description Access Profile Display the current access profile Delete Click to delete access profile entry ...

Страница 252: ...disrupted when malicious DHCP messages are received from an outside source DHCP snooping is used to filter DHCP messages received on a non secure interface from outside the network or firewall When DHCP snooping is enabled globally and enabled on a VLAN interface DHCP messages received on an untrusted interface from a device not listed in the DHCP snooping table will be dropped Table entries are o...

Страница 253: ...LINE or RELEASE message the packet is forwarded if MAC address verification is disabled However if MAC address verification is enabled then the packet will only be forwarded if the client s hardware address stored in the DHCP packet is the same as the source MAC address in the Ethernet header If the DHCP packet is not a recognizable type it is dropped If a DHCP packet from a client passes the filt...

Страница 254: ...Figure 4 9 34 appear Figure 4 9 33 DHCP Snooping Setting Page Screenshot The page includes the following fields Object Description DHCP Snooping Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted por...

Страница 255: ...255 The page includes the following fields Object Description DHCP Snooping Display the current DHCP snooping status ...

Страница 256: ...VLAN all dynamic bindings learned for this VLAN are removed from the binding table The DHCP Snooping VLAN Setting screens in Figure 4 9 35 Figure 4 9 36 appear Figure 4 9 35 DHCP Snooping VLAN Setting Page Screenshot The page includes the following fields Object Description VLAN List Indicates the ID of this particular VLAN Status Indicates the DHCP snooping mode operation Possible modes are Enabl...

Страница 257: ...terface is an interface that is configured to receive messages from outside the network or firewall When DHCP snooping enabled both globally and on a VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP serve...

Страница 258: ...e Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message Chaddr Check Indicates that the Chaddr check function is enabled on selected port Chaddr Client hardware address Buttons Click to apply changes Figure 4 9 38 DHCP Snooping Port Setting Page Screenshot The page includes the following fie...

Страница 259: ...rs Figure 4 9 39 DHCP Snooping Statistics Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Forwarded Display the current forwarded Chaddr Check Dropped Display the chaddr check dropped Untrust Port Dropped Display untrust port dropped Untrust Port with Option82 Dropped Display untrust port with option82 dropped Invaild Droppe...

Страница 260: ...260 Buttons Click to clear the statistics Click to refresh the statistics ...

Страница 261: ...database has dynamic bindings the switch loses its connectivity If the agent is disabled and only DHCP snooping is enabled the switch does not lose its connectivity but DHCP snooping might not prevent DCHP spoofing attacks The database agent stores the bindings in a file at a configured location When reloading the switch reads the binding file to build the DHCP snooping binding database The switch...

Страница 262: ...econds The default is 300 seconds 5 minutes Timeout Specify when to stop the database transfer process after the binding database changes The range is from 0 to 86400 Use 0 for an infinite duration The default is 300 seconds 5 minutes Buttons Click to apply changes Figure 4 9 41 DHCP Snooping Database Information Page Screenshot The page includes the following fields Object Description Database Ty...

Страница 263: ... Rate Limit Setting and Config screens in Figure 4 9 42 Figure 4 9 43 appear Figure 4 9 42 DHCP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list State Set default or user define Rate Limit pps Configure the rate limit for the port policer The default value is unlimited Valid values are in the range 1 to 300 Button...

Страница 264: ... clients on DHCP services such as IP Spoofing Client Identifier Spoofing MAC Address Spoofing and Address Exhaustion The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP s...

Страница 265: ...r enabling DHCP snooping the switch will monitor all the DHCP messages and implement software transmission The DHCP Rate Limit Setting and Config screens in Figure 4 9 44 Figure 4 9 45 appear Figure 4 9 44 Option82 Global Setting Page Screenshot The page includes the following fields Object Description State Set the option2 remote ID option content of option 82 added by DHCP request packets Defaul...

Страница 266: ...ion82 segment in the message and forward it to the server to process replace mode means that the system will replace the option 82 segment in the existing message with its own option 82 and forward the message to the server to process Option82 Port Setting screens in Figure 4 9 46 Figure 4 9 47 appear Figure 4 9 46 Option82 Global Setting Page Screenshot The page includes the following fields Obje...

Страница 267: ...t Enable Display the current status Allow Untrusted Display the current untrusted mode 4 9 7 10 Option82 Circuit ID Setting Set creation method for option82 users can define the parameters of circute id suboption by themselves Option82 Circuit ID Setting screens in Figure 4 9 48 Figure 4 9 49 appear Figure 4 9 48 Option82 Port Circuit ID Setting Page Screenshot ...

Страница 268: ...reenshot The page includes the following fields Object Description Port Display the current port VLAN Display the current VLAN Circuit ID Display the current circuit ID 4 9 8 Dynamic ARP Inspection Dynamic ARP Inspection DAI is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block ...

Страница 269: ...g and Information screens in Figure 4 9 50 Figure 4 9 51 appear Figure 4 9 50 DAI Setting Page Screenshot The page includes the following fields Object Description DAI Enable the Global Dynamic ARP Inspection or disable the Global ARP Inspection Buttons Click to apply changes Figure 4 9 51 DAI Information Page Screenshot ...

Страница 270: ...igure 4 9 52 Figure 4 9 53 appear Figure 4 9 52 DAI VLAN Setting Page Screenshot The page includes the following fields Object Description VLAN ID Indicates the ID of this particular VLAN Status Enables Dynamic ARP Inspection on the specified VLAN Options Enable Disable Buttons Click to apply changes Figure 4 9 53 DAI VLAN Setting Page Screenshot ...

Страница 271: ...which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Default All interfaces are untrusted Src Mac Chk Enable or disable to checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses When enabled packets with different MAC addre...

Страница 272: ...able or disable to checks all zero IP addresses Buttons Click to apply changes Figure 4 9 55 DAI Port Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Type Display the current port type Src Mac Chk Display the current Src Mac Chk status Dst Mac Chk Display the current Dst Mac Chk status IP Chk Display the current IP C...

Страница 273: ...ject Description Port The switch port number of the logical port Forwarded Display the current forwarded Source MAC Failures Display the current source MAC failures Dest MAC Failures Display the current source MAC failures SIP Validation Failures Display the current SIP Validation failures DIP Validation Failures Display the current DIP Validation failures IP MAC Mismatch Failures Display the curr...

Страница 274: ... Figure 4 9 57 Figure 4 9 58 appear Figure 4 9 57 ARP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list State Set default or user define Rate Limit pps Configure the rate limit for the port policer The default value is unlimited Buttons Click to apply changes ...

Страница 275: ... Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host After receiving a packet the port looks up the key attributes including IP address MAC address and VLAN tag of the packet in the binding entries of the IP source guard If there is a matching entry the port will forward the packet Otherwise the port...

Страница 276: ...raffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host The IP Source Guard Port Setting and Information screens in Figure 4 9 60 Figure 4 9 61 appear Figure 4 9 60 IP Source Guard Port Setting Page Screenshot ...

Страница 277: ...h IP Enables traffic filtering based on IP addresses stored in the binding table IP and MAC Enables traffic filtering based on IP addresses and corresponding MAC addresses stored in the binding table Max Binding Entry The maximum number of IP source guard that can be secured on this port Buttons Click to apply changes Figure 4 9 61 IP Source Guard Port Setting Page Screenshot The page includes the...

Страница 278: ...reens in Figure 4 9 62 Figure 4 9 63 appear Figure 4 9 62 IP Source Guard Static Binding Entry Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list VLAN ID Indicates the ID of this particular VLAN MAC Address Source MAC address is allowed IP Address Source IP address is allowed Buttons Click to add authentication list Figure 4 9 63 IP S...

Страница 279: ...imiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of four different as described below The Limit Control module is one of a range of modules that utilizes a lower layer module the Port Secur...

Страница 280: ...ailable MAC addresses Action If Limit is reached the switch can take one of the following actions Forward Do not allow more than Limit MAC addresses on the port but take no further action Shutdown If Limit 1 MAC addresses is seen on the port shut down the port This implies that all secured MAC addresses will be removed from the port and no new will be learned Even if the link is physically disconn...

Страница 281: ...ormal user data packet due to non stop processing the attacker s data packet leading to the denial of the service and worse can lead to leak of sensitive data of the server Security feature refers to applications such as protocol check which is for protecting the server from attacks such as DoS The protocol check allows the user to drop matched packets based on specified conditions The security fe...

Страница 282: ...282 Figure 4 9 66 Global DoS Setting Page Screenshot ...

Страница 283: ...IPv6 Ping Max Size Enable or disable DoS check mode by IPv6 ping max size Ping Max Size Setting Set the max size for ping Smurf Attack Enable or disable DoS check mode by smurf attack TCP Min Hdr Size Enable or disable DoS check mode by TCP min hdr size TCP SYN SPORT 1024 Enable or disable DoS check mode by TCP syn sport 1024 Null Scan Attack Enable or disable DoS check mode by null scan attack X ...

Страница 284: ...IPv6 min fragment status ICMP Fragments Display the current ICMP fragment status IPv4 Ping Max Size Display the current IPv4 ping max size status IPv6 Ping Max Size Display the current IPv6 ping max size status Smurf Attack Display the current smurf attack status TCP Min Header Length Display the current TCP min header length TCP SYN SPORT 1024 Display the current TCP syn status Null Scan Attack D...

Страница 285: ... DoS Port Setting The DoS Port Setting and Status screens in Figure 4 9 68 Figure 4 9 69 appear Figure 4 9 68 Port Security Setting Page Screenshot The page includes the following fields Object Description Port Select Select port for this drop down list DoS Protection Enable or disable per port DoS protection Buttons Click to apply changes ...

Страница 286: ...l for the switch is configured on this Page There is an unknown unicast storm rate control unknown multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table 4 9 12 1 Global Setting The Storm Control Global Setting and Information screens in Figure 4 9 69 Figure 4 9 70 appear Figure 4 9 6...

Страница 287: ...lowing fields Object Description Unit Display the current unit Preamble IFG Display the current preamble IFG 4 9 12 2 Port Setting Storm control for the switch is configured on this page There are three types of storm rate control Broadcast storm rate control Unknown Unicast storm rate control Unknow Multicast storm rate contro l The configuration indicates the permitted packet rate for unknown un...

Страница 288: ... control status for the given storm type Action Configures the action performed when storm control is over rate on a port Valid values are Shutdown or Drop Type Enable The settings in a particular row apply to the frame type listed here broadcast unknown unicast unknown multicast Rate kbps pps Configure the rate for the storm control The default value is 10 000 Buttons Click to apply changes ...

Страница 289: ...ort number of the logical port Port State Display the current port state Broadcast Kbps pps Display the current brocast storm control rate Unknown Multicast Kbps pps Display the current unknown multicast storm control rate Unknown Unicast Kbps pps Display the current unknown unicast storm control rate Action Display the current action ...

Страница 290: ...bes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application The ACL page contains links to the following main topics MAC based ACL Configuration MAC based ACL setting MAC based ACE Add Edit Delete ...

Страница 291: ...t Figure 4 10 2 ACL Table Page Screenshot The page includes the following fields Object Description Delete Click to delete ACL name entry 4 10 2 MAC based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you selected The MAC based ACE screen in Figure 4 10 3 Figure 4 10 4 appears ...

Страница 292: ...ACL sequence Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Shutdown Port shutdown is disabled for the ACE DA MAC Specify the destination MAC filter for this ACE Any No DA MAC filter is specified User Defined If you want to filter a specific destination MAC address with ...

Страница 293: ...field for entering a SA MAC value appears SA MAC Value When User Defined is selected for the SA MAC filter you can enter a specific source MAC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this SA MAC value SA MAC Mask Specify whether frames can hit the action according to their sender hardware address field SHA settings 0 ARP frames where SHA is not equal to the...

Страница 294: ...the current source MAC address Source MAC Address Mask Display the current source MAC address mask VLAN ID Display the current VLAN ID 802 1p Display the current 802 1p value 802 1p Mask Display the current 802 1p mask Ethertype Display the current Ethernet type Modify Click to edit MAC based ACL parameter Click to delete MAC based ACL entry 4 10 3 IPv4 based ACL This page shows the ACL status by ...

Страница 295: ...ns Click to add ACL name list Figure 4 10 6 ACL Table Page Screenshot The page includes the following fields Object Description Delete Click to delete ACL name entry 4 10 4 IPv4 based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you selected The IPv4 based ACE screens in Figure 4 10 7 Figure 4 10 8 appear ...

Страница 296: ...296 ...

Страница 297: ... address filter is specified User Defined If you want to filter a specific source IP address with this ACE choose this value A field for entering a source IP address value appears Source IP Address Value When User Defined is selected for the source IP address filter you can enter a specific source IP address The legal format is xxx xxx xxx xxx A frame that hits this ACE matches this source IP addr...

Страница 298: ...ecify the destination port for this ACE Any No specifc destination port is specified destination port status is don t care Single If you want to filter a specific destination port with this ACE you can enter a specific destiantino port value A field for entering a destiantino port value appears The allowed range is 0 to 65535 A frame that hits this ACE matches this destination port value Range If ...

Страница 299: ... value for this ACE Set TCP frames where the SYN field is set must be able to match this entry Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowed don t care FIN Specify the TCP No more data from sender FIN value for this ACE Set TCP frames where the FIN field is set must be able to match this entry Unset TCP frames where the FIN field i...

Страница 300: ...ilter a specific protocol ID filter with this ACE you can enter a specific protocol ID value A field for entering a protocol ID value appears The allowed range is 0 to 255 A frame that hits this ACE matches this protocol ID value ICMP Code Specify the ICMP code filter for this ACE Any No ICMP code filter is specified ICMP code filter status is don t care User Defined If you want to filter a specif...

Страница 301: ...ess wildcard mask Source Port Range Display the current source port range Destiantion Port Range Display the current destination port range Flag Set Display the current flag set DSCP Display the current DSCP IP Precedence Display the current IP precedence ICMP Type Display the current ICMP Type ICMP Code Display the current ICMP code Modify Click to edit IPv4 based ACL parameter Click to delete IP...

Страница 302: ...add ACL name list Figure 4 10 10 ACL Table Page Screenshot The page includes the following fields Object Description Delete Click to delete ACL name entry 4 10 6 IPv6 based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you selected The IPv6 based ACE screens in Figure 4 10 11 Figure 4 10 12 appear ...

Страница 303: ...303 ...

Страница 304: ...choose this value A field for entering a source IP address value appears Source IP Address Value When User Defined is selected for the source IP address filter you can enter a specific source IP address The legal format is xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx A frame that hits this ACE matches this source IP address value Source IP Prefix Length When User Defined is selected for the source IP f...

Страница 305: ...stination port for this ACE Any No specifc destination port is specified destination port status is don t care Single If you want to filter a specific destination port with this ACE you can enter a specific destiantino port value A field for entering a destiantino port value appears The allowed range is 0 to 65535 A frame that hits this ACE matches this destination port value Range If you want to ...

Страница 306: ...here the SYN field is set must be able to match this entry Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowed don t care FIN Specify the TCP No more data from sender FIN value for this ACE Set TCP frames where the FIN field is set must be able to match this entry Unset TCP frames where the FIN field is set must not be able to match this...

Страница 307: ... value A field for entering a protocol ID value appears The allowed range is 0 to 255 A frame that hits this ACE matches this protocol ID value ICMP Code Specify the ICMP code filter for this ACE Any No ICMP code filter is specified ICMP code filter status is don t care User Defined If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for...

Страница 308: ...on IP address Destination IP Address Wildcard Mask Display the current destination IP address wildcard mask Source Port Range Display the current source port range Destination Port Range Display the current destination port range Flag Set Display the current flag set DSCP Display the current DSCP IP Precedence Display the current IP precedence ICMP Type Display the current ICMP Type ICMP Code Disp...

Страница 309: ...e includes the following fields Object Description Bibding Port Select port for this drop down list ACL Select Select ACL list for this drop down list Buttons Click to apply changes Figure 4 10 14 ACL Binding Table Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port MAC ACL Display the current MAC ACL IPv4 ACL Display the curren...

Страница 310: ...ress and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time 4 11 1 Static ...

Страница 311: ...n No This is the number for entries MAC Address The MAC address for the entry VLAN The VLAN ID for the entry Port Display the current port Delete Click to delete static MAC status entry 4 11 2 MAC Filtering By filtering MAC address the switch can easily filter the per configured MAC address and reduce the un safety The Static MAC Setting screens in Figure 4 11 3 Figure 4 11 4 appear Figure 4 11 3 ...

Страница 312: ...4 Statics MAC Status Page Screenshot The page includes the following fields Object Description No This is the number for entries MAC Address The MAC address for the entry VLAN The VLAN ID for the entry Delete Click to delete static MAC status entry 4 11 3 Dynamic Address Setting By default dynamic entries are removed from the MAC table after 300 seconds The Dynamic Address Setting Status screens i...

Страница 313: ...arded Range 10 630 seconds Default 300 seconds Buttons Click to apply changes Figure 4 11 6 Dynamic Addresses Status Page Screenshot The page includes the following fields Object Description Aging Time Display the current aging time 4 11 4 Dynamic Learned Dynamic MAC Table Dynamic Learned MAC Table are shown on this page The MAC Table is sorted first by VLAN ID then by MAC ...

Страница 314: ...Port Select port for this drop down list VLAN Select VLAN for this drop down list MAC Address Physical address associated with this interface Buttons Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Figure 4 11 7 MAC Address Information Page Screenshot Object Description MAC Address The MAC address of the entry ...

Страница 315: ...15 VLAN The VLAN ID of the entry Type Indicates whether the entry is a static or dynamic entry Port The ports that are members of the entry Buttons Click to add dynamic MAC address to static MAC address ...

Страница 316: ... the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simpli...

Страница 317: ... frame shall be considered valid The LLDP information valid period is set to Holdtime multiplied by Transmission Interval seconds Valid values are restricted to 2 10 times TTL in seconds is based on the following rule Transmission Interval Holdtime Multiplier 65536 Therefore the default TTL is 4 30 120 seconds Reinitialization Delay When a port is disabled LLDP is disabled or the switch is reboote...

Страница 318: ...es that the LLDP MED Fast Start mechanism is active for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service Buttons Click to apply changes Figure 4 12 2 LLDP Global Config Page Screenshot The page includes the following fields Object Description LLDP Enable Display the current LLDP status LLDP PDU Disable...

Страница 319: ... to specify the message attributes for individual interfaces including whether messages are transmitted received or both transmitted and received The LLDP Port Configuration and Status screens in Figure 4 12 3 Figure 4 12 4 appear Figure 4 12 3 LLDP Port Configuration and Optional TLVs Selection Page Screenshot The page includes the following fields Object Description Port Select Select port for t...

Страница 320: ...tion transmitted System Capability When checked the System Capability is included in LLDP information transmitted 802 3 MAC PHY When checked the 802 3 MAC PHY is included in LLDP information transmitted 802 3 Link Aggregation When checked the 802 3 Link Aggregation is included in LLDP information transmitted 802 3 Maximun Frame Size When checked the 802 3 Maximun Frame Size is included in LLDP inf...

Страница 321: ...rt The switch port number of the logical port State Display the current LLDP status Selected Optional TLVs Display the current selected optional TLVs The VLAN Name TLV VLAN Selection and LLDP Port VLAN TLV Status screens in Figure 4 12 5 Figure 4 12 6 appear Figure 4 12 5 VLAN Name TLV Selection Page Screenshot ...

Страница 322: ...reenshot The page includes the following fields Object Description Port The switch port number of the logical port Selected VLAN Display the current selected VLAN 4 12 4 LLDP Local Device Use the LLDP Local Device Information screen to display information about the switch such as its MAC address chassis ID management IP address and port information The Local Device Summary and Port Status screens ...

Страница 323: ...rrent chassis ID subtype Chassis ID Display the current chassis ID System Name Display the current system name System Description Display the current system description Capabilities Supported Display the current capabilities supported Capabilities Enabled Display the current capabilities enabled Port ID Subtype Display the current port ID subtype ...

Страница 324: ...us Display the current LLDP status LLDP MED Status Display the current LLDP MED Status 4 12 5 LLDP Remove Device This Page provides a status overview for all LLDP remive devices The displayed table contains a row for each port on which an LLDP neighbor is detected The LLDP Remive Device screen in Figure 4 12 9 appears Figure 4 12 9 LLDP Remote Device Page Screenshot ...

Страница 325: ...the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies are only intended fo...

Страница 326: ...n type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggre...

Страница 327: ... services Guest Voice Signaling for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy Softphone Voice for use by softphone applications on typical data centric devices such as PCs or lapt...

Страница 328: ...ice is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application ...

Страница 329: ...play the current DSCP value Buttons Click to delete LLDP MED network policy table entry 4 12 7 MED Port Setting The Port LLDP MED Configuration Port Setting Table screens in Figure 4 12 12 Figure 4 12 13 appear Figure 4 12 12 Port LLDP MED Configuration Page Screenshot The page includes the following fields Object Description Port Select Select port for this drop down list MED Enable Enable or dis...

Страница 330: ...tification details Inventory This option advertises device details useful for inventory management such as manufacturer model software version and other pertinent information MED Network Policy Select MED network policy for this drop down list Buttons Click to apply changes Figure 4 12 13 Port LLDP MED Configuration Page Screenshot The page includes the following fields Object Description Interfac...

Страница 331: ...DP MED Configuration Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list Location Coordinate A string identifying the Location Coordinate that this entry should belong to Location Civic Address A string identifying the Location Civic Address that this entry should belong to Location ESC ELIN A string identifying the Location ESC ELIN t...

Страница 332: ...Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Coordinate Display the current coordinate Civic Address Display the current civic address ESC ELIN Display the current ESC ELIN ...

Страница 333: ... Bytes Total number of bytes of LLDP information that is normally sent in a packet Left to Send Bytes Total number of available bytes that can also send LLDP information in a packet Status Gives the status of the TLVs Mandatory TLVs Displays if the mandatory group of TLVs were transmitted or overloaded MED Capabilites Displays if the capabilities packets were transmitted or overloaded MED Location...

Страница 334: ...oaded 4 12 9 LLDP Statistics Use the LLDP Device Statistics screen to general statistics for LLDP capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces The LLDP Global and Port Statistics screens in Figure 4 12 17 Figure 4 12 18 appear Figure 4 12 17 LLDP Global Statistics Page Screenshot The page includes the following fields Object ...

Страница 335: ... internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out RX Frame Erro...

Страница 336: ... troubleshoot The diagnostic tools are designed for network manager to help them quickly diagnose problems between point to point and better service customers Use the Diagnastics menu items to display and configure basic administrative details of the Managed Switch Under System the following topics are provided to configure and view the system information This section has the following items Cable...

Страница 337: ...blished on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer If the link is established in 100Base TX or 10Base T the Cable Diagnostics cause the link to drop while the diagnostics are running After the diagnostics are finished the link is reestablished And the following functions are available Coupling between cable ...

Страница 338: ...scription Port Select port for this drop down list Buttons Click to run the diagnostics Figure 4 13 2 Test Results Page Screenshot The page includes the following fields Object Description Port The port where you are requesting Cable Diagnostics Channel A D Display the current channel status Cable Length A D Display the current cable length Result Display the test result ...

Страница 339: ...a reply 4 13 3 Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues After you press Apply ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 13 3 appears Figur...

Страница 340: ...t ICMP packets Be sure the target IP Address is within the same network subnet of the switch or you have to set up the correct gateway IP address 4 13 4 IPv6 Ping Test This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Apply 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The...

Страница 341: ...n IP Address The destination IPv6 Address Count Number of echo requests to send Interval in sec Send interval for each ICMP packet Size in bytes The payload size of the ICMP packet Values range from 8bytes to 5120bytes Ping Results Display the current ping result Buttons Click to transmit ICMPv6 packets ...

Страница 342: ...ubnet monitored by the Agent History Record periodical statistic samples available from Statistics Alarm Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent records Event A list of all events generated by RMON Agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Al...

Страница 343: ...be due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Packets The total number of packets including bad packets broadcast packets and multicast packets received Broadcast Packets The total number of good packets received that were directed to the broadcast address Multicast Packets The total number of good packets received that...

Страница 344: ...cluding bad packets received that were 64 octets in length 65 127 Byte Frames The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 Byte Frames The total number of packets including bad packets received that were between 128 to 255 octets in length 256 511 Byte Frames The total number of packets including bad packets received that were betw...

Страница 345: ... including framing characters log The number of uni cast packets delivered to a higher layer protocol SNMP Trap The number of broad cast and multi cast packets delivered to a higher layer protocol Log and Trap The number of inbound packets that are discarded even the packets are normal Community Specify the community when trap is sent the string length is from 0 to 127 default is public Owner Indi...

Страница 346: ...ect Description Index Display the current event index Event Type Display the current event type Community Display the current community for SNMP trap Description Display the current event description Last Sent Time Display the current last sent time Owner Display the current event owner Action Click to delete RMON event entry ...

Страница 347: ...n in Figure 4 14 4 appears Figure 4 14 4 RMON Event Log Table Page Screenshot The Page includes the following fields Object Description Select Index Select index for this drop down list Index Indicates the index of the log entry Log Time Indicates Event log time Description Indicates the Event description ...

Страница 348: ...ect Index Select index for this drop down list to create the new index or modify the index Index Indicates the index of the alarm entry Sample Port Select port for this drop down list Sample Variable Indicates the particular variable to be sampled the possible variables are DropEvents The total number of events in which packets were dropped due to lack of resources Octets The number of received an...

Страница 349: ...ts in length excluding framing bits but including FCS octets and had either an FCS or alignment error Jabbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet segment Pkts64Octets The total number of frames inc...

Страница 350: ...cluding FCS octets Sample Interval Sample interval 1 2147483647 Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the sample directly default Delta Calculate the difference between samples Rising Threshold Rising threshold value 0 2147483647 Falling Threshold Falling threshold value 0 2147...

Страница 351: ...the current sample type Rising Threshold Display the current rising threshold Falling Threshold Display the current falling threshold Rising Event Display the current rising event Falling Event Display the current falling event Owner Display the current owner Action Click to delete RMON alarm entry 4 14 5 RMON History Configure RMON History table on this Page The RMON History screens in Figure 4 1...

Страница 352: ... default value is 50 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Owner Specify an owner for the history Buttons Click to apply changes Figure 4 14 8 RMON History Status Page Screenshot The Page includes the following fields Object Description Index Display the current index Data Source Display the cur...

Страница 353: ...tion This section has the following items Factory Default You can reset the configuration of the switch on this page Reboot Switch You can restart the switch on this page After restart the switch will boot normally Backup Manager You can back up the switch configuration Upgrade Manager You can upgrade the switch configuration Dual Image Select active or backup image on this Page 4 15 1 Factory Def...

Страница 354: ...actory default setting you can also press the hardware reset button on the front panel for about 10 seconds After the device is rebooted uou can login the management WEB interface within the same subnet of 192 168 0 xx 4 15 2 Reboot Switch The Reboot page enables the device to be rebooted from a remote location Once the Reboot button is pressed user has to re login the WEB interface about 60 secon...

Страница 355: ...des the following fields Object Description Backup Method Select backup method for this drop down list Server IP Fill in your TFTP server IP address Backup Type Select backup type Image Select active or backup image Buttons Click to backup image configuration or log 4 15 4 Upgrade Manager This function allows reload the current image or configuration of the Managed Switch to the local management s...

Страница 356: ...ect Description Upgrade Method Select upgrade method for this drop down list Server IP Fill in your TFTP server IP address File Name The name of firmware image or configuration Upgrade Type Select upgrade type Image Select active or backup image Buttons Click to upgrade image or configuration ...

Страница 357: ... packet to the port where this destination address is located according to the information from address table But if the destination address is located at the same port with this packet comes in then this packet will be filtered Thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet...

Страница 358: ... The STP ports on the Switch have built in Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full ...

Страница 359: ... Switch If the Managed Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the Managed Switch 2 Try another port on the Managed Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Tu...

Страница 360: ...r cord is inserted correctly 3 Replace the power cord if the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the switch 4 If that device works refer to the next step 5 If that device does not work check the AC power ...

Страница 361: ...0 100Mbps 10 100Base TX When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their ...

Страница 362: ...each wire is color coded The following shows the pin allocation and color of straight cable and crossover cable connection Straight through Cable SIDE 1 SIDE 2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SI...

Страница 363: ... Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Figure A 1 Straight through and Crossover Cable Please make sure your connected cables are with the same pin assignment and color as the above table before deploying the cables into your network ...

Результаты поиска

Содержание NS3500-28T-4S

Отзывы:

Бренды по названию

Популярные бренды

Interlogix NS3500-28T-4S, Руководство пользователя

Результаты поиска

Содержание NS3500-28T-4S

Отзывы:

Бренды по названию

Популярные бренды