Interlogix NS3503-16P-4C страница 190 Скачать руководство пользователя

Страница: 190 / 316

NS3503-16P-4C User Manual

188

When authentication is complete, the RADIUS server sends a special packet containing a success or

failure indication. Besides forwarding this decision to the supplicant, the switch uses it to open up or

block traffic on the switch port connected to the supplicant.

Overview of User Authentication

It is allowed to configure the Managed Switch to authenticate users logging into the system for

management access using local or remote authentication methods, such as telnet and Web browser.

This Managed Switch provides secure network management access using the following options:



Remote Authentication Dial-in User Service (RADIUS)



Terminal Access Controller Access Control System Plus ()



Local user name and Privilege Level control

4.9.1.1 Understanding IEEE 802.1X Port-based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that

restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The

authentication server authenticates each client connected to a switch port before making available any

services offered by the switch or the LAN.

Until the client is authenticated, 802.1X access control allows only

Extensible Authentication Protocol

over LAN (EAPOL)

traffic through the port to which the client is connected. After authentication is

successful, normal traffic can pass through the port.

This section includes this conceptual information:



Device Roles



Authentication Initiation and Message Exchange



Ports in Authorized and Unauthorized States



Device Roles

With 802.1X port-based authentication, the devices in the network have specific roles as shown below.

Figure 4-9-1

Содержание NS3503-16P-4C

Страница 1: ...NS3503 16P 4C User Manual P N 1073221 REV A ISS 08SEP16 ...

Страница 2: ...ence 2 This Device must accept any interference received including interference that may cause undesired operation ACMA compliance Notice This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Canada This Class A digital apparatus complies with CAN ICES 003 A NMB 3 A Cet appareil numérique de la...

Страница 3: ...or Energy Saving 11 PoE Usage Monitoring 12 Environment friendly Smart Fan Design for Silent Operation 12 IPv6 IPv4 Dual Stack Management 12 Robust Layer 2 Features 12 Efficient Traffic Control 13 Powerful Security 13 Advanced Network Security 13 Friendly and Secure Management 13 Flexibility and Long distance Extension Solution 13 1 3 How to Use This Manual 14 1 4 Product Features 14 Physical Port...

Страница 4: ...gement 31 3 5 SNMP based Network Management 32 3 6 IFS Smart Discovery Utility 33 4 WEB CONFIGURATION 35 4 1 Main Web Page 37 4 1 1 Save Button 38 4 1 2 Configuration Manager 39 4 1 2 1 Saving Configuration 40 4 2 System 41 4 2 1 System Information 41 4 2 2 IP Configurations 42 4 2 3 IPv6 Configuration 44 4 2 4 User Configuration 45 4 2 5 Time Settings 47 4 2 5 1 System Time 47 4 2 5 2 SNTP Server...

Страница 5: ...ion 74 4 3 4 Port Mirroring 75 4 3 5 Jumbo Frame 77 4 3 6 Port Error Disabled Configuration 79 4 3 7 Port Error Disabled 81 4 3 8 Protected Ports 81 4 4 Link Aggregation 84 4 4 1 LAG Setting 86 4 4 2 LAG Management 87 4 4 3 LAG Port Setting 88 4 4 4 LACP Setting 90 4 4 5 LACP Port Setting 91 4 4 6 LAG Status 92 4 5 VLAN 94 4 5 1 VLAN Overview 94 4 5 2 IEEE 802 1Q VLAN 95 4 5 3 Management VLAN 98 4...

Страница 6: ...139 4 7 1 Properties 139 4 7 2 IGMP Snooping 140 4 7 2 1 IGMP Setting 144 4 7 2 2 IGMP Querier Setting 146 4 7 2 3 IGMP Static Group 147 4 7 2 4 IGMP Group Table 148 4 7 2 5 IGMP Router Setting 148 4 7 2 6 IGMP Router Table 150 4 7 2 7 IGMP Forward All 151 4 7 3 IGMP Snooping Statics 152 4 7 4 MLD Snooping 153 4 7 4 1 MLD Setting 153 4 7 4 2 MLD Static Group 155 4 7 4 3 MLD Group Table 156 4 7 4 4...

Страница 7: ... 180 4 8 4 3 Egress Queue 181 4 8 5 Voice VLAN 182 4 5 8 1 Introduction to Voice VLAN 182 4 8 5 2 Properties 182 4 8 5 3 Telephony OUI MAC Setting 184 4 8 5 4 Telephony OUI Port Setting 185 4 9 Security 187 4 9 1 802 1X 187 4 9 1 1 Understanding IEEE 802 1X Port based Authentication 188 4 9 1 2 802 1X Setting 191 4 9 1 3 802 1X Port Setting 192 4 9 1 4 Guest VLAN Setting 194 4 9 1 5 Authenticated ...

Страница 8: ...namic ARP Inspection 224 4 9 8 1 Global Setting 224 4 9 8 2 VLAN Setting 225 4 9 8 3 Port Setting 226 4 9 8 4 Statistics 228 4 9 8 5 Rate Limit 229 4 9 9 IP Source Guard 230 4 9 9 1 Port Settings 230 4 9 9 2 Binding Table 232 4 9 10 Port Security 233 4 9 11 DoS 235 4 9 11 1 Global DoS Setting 235 4 9 11 2 DoS Port Setting 238 4 9 12 Storm Control 239 4 9 12 1 Global Setting 239 4 9 12 2 Port Setti...

Страница 9: ...tatistics 278 4 13 Diagnostics 279 4 13 1 Cable Diagnostics 280 4 13 2 Ping 281 4 13 3 Ping Test 281 4 13 4 IPv6 Ping Test 282 4 13 5 Trace Router 283 4 14 RMON 284 4 14 1 RMON Statistics 285 4 14 2 RMON Event 286 4 14 3 RMON Event Log 288 4 14 4 RMON Alarm 289 4 14 5 RMON History 291 4 14 6 RMON History Log 292 4 15 Power over Ethernet 293 4 15 1 Power over Ethernet Powered Device 294 4 15 3 Powe...

Страница 10: ... 307 5 SWITCH OPERATION 309 5 1 Address Table 309 5 2 Learning 309 5 3 Forwarding Filtering 309 5 4 Store and Forward 309 5 5 Auto Negotiation 310 6 TROUBLESHOOTING 311 APPENDIX A Switch s RJ45 Pin Assignments 313 A 1 1000Mbps 1000BASE T 313 A 2 10 100Mbps 10 100BASE TX 313 ...

Страница 11: ...o Rack mounting Brackets with Attachment Screws 2 Power Cord 1 SFP Dust Caps 4 If any item is found missing or damaged please contact your local reseller for replacement 1 2 Product Description A New Generation Ultra PoE Managed Switch with Advanced L2 L4 Switching and Security IFS NS3503 16P 4C is a cost optimized 1U Gigabit Ultra PoE Managed Switch featuring IFS intelligent PoE functions to impr...

Страница 12: ...ew 4 pair system two PSE controllers will be used to power both the data pairs and the spare pairs It can offer more PoE applications such as PoE PTZ speed dome Other network devices that need higher PoE power to work normally Thin client AIO All in One touch PC Remote digital signage display Built in Unique PoE Functions for Powered Devices Management As it is the managed PoE switch for surveilla...

Страница 13: ...the connected PoE IP cameras or PoE wireless access points to reboot at a specified time each week Therefore it will reduce the chance of IP camera or AP crash resulting from buffer overflow PoE Schedule for Energy Saving Under the trend of energy saving worldwide and contributing to environmental protection IFS NS3503 16P 4C can effectively control the power supply as well as giving high watt pow...

Страница 14: ...y stably and quietly in any environment without affecting its performance IPv6 IPv4 Dual Stack Management Supporting both IPv6 and IPv4 protocols IFS NS3503 16P 4C helps the SMBs to step in the IPv6 era with the lowest investment as its network facilities need not be replaced or overhauled if the IPv6 FTTx edge network is set up Robust Layer 2 Features IFS NS3503 16P 4C can be programmed for advan...

Страница 15: ...des DHCP snooping IP source guard and dynamic ARP inspection functions to prevent IP snooping from attack and discard ARP packets with invalid MAC address The network administrators can now construct highly secure corporate networks with considerably less time and effort than before Friendly and Secure Management For efficient management IFS NS3503 16P 4C is equipped with web Telnet and SNMP manag...

Страница 16: ...tion of the Managed Switch 1 4 Product Features Physical Port 10 100 1000BASE T Gigabit RJ45 copper ports with IEEE 802 3at af Ultra PoE injector 4 100 1000BASE X mini GBIC SFP slots compatible with 100BASE FX SFP RJ45 console interface for switch basic management and setup Power over Ethernet Complies with IEEE 802 3at Power over Ethernet Plus end span mid span PSE Backward compatible with IEEE 8...

Страница 17: ...RSTP Rapid Spanning Tree Protocol MSTP Multiple Spanning Tree Protocol STP BPDU Guard BPDU filtering and BPDU forwarding Supports Link Aggregation IEEE 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel static trunk Provides port mirror many to 1 Loop protection to avoid broadcast loops Quality of Service Ingress and egress rate limit per port bandwidth control Storm control suppor...

Страница 18: ...ard prevents IP spoofing attacks DoS attack prevention SSH SSL Management IPv4 and IPv6 dual stack management Switch management interface Web switch management Telnet command line interface SNMP v1 v2c and v3 SSH and SSL secure access User privilege levels control Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment System maintenance Firmware upload downloa...

Страница 19: ...ch Throughput 64Bytes 29 7Mpps Address Table 8K entries Shared Data Buffer 4 1 megabits Flow Control IEEE 802 3x pause frame for full duplex Back pressure for half duplex Jumbo Frame 10K bytes Reset Button 5 sec System reboot 5 sec Factory default LED PWR SYS LNK ACT PoE in use 1000 FAN1 FAN2 PoE PWR Power Requirements 100 240V AC 50 60 Hz auto sensing Dimensions W x D x H 440 x 300 x 44 5 mm 1U h...

Страница 20: ...EE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP IGMP Snooping IGMP v2 v3 snooping IGMP querier Up to 256 multicast groups MLD Snooping MLD v1 v2 snooping up to 256 multicast groups Access Control List IPv4 IPv6 IP based ACL MAC based ACL QoS 8 mapping IDs to 8 level priority queues Port number 802 1p priority 802 1Q VLAN tag DSCP field in IP packet Traf...

Страница 21: ...ds Conformance Regulatory Compliance FCC Part 15 Class A CE LVD Standards Compliance IEEE 802 3 10BASE T IEEE 802 3u 100BASE TX 100BASE FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x flow control and back pressure IEEE 802 3ad port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p...

Страница 22: ...3503 16P 4C User Manual 20 RFC 3810 MLD v2 Environment Operating Temperature 0 50 degrees C Relative Humidity 5 95 non condensing Storage Temperature 20 70 degrees C Relative Humidity 5 95 non condensing ...

Страница 23: ...d pair Up to 100 meters 100 1000BASE X SFP Slots Each of the SFP Small Form factor Pluggable slots supports dual speed 1000BASE SX LX or 100BASE FX For 1000BASE SX LX SFP transceiver module From 550 meters multi mode fiber to 10 30 50 70 kilometers single mode fiber For 100BASE FX SFP transceiver module From 2 kilometers multi mode fiber to 20 40 60 kilometers single mode fiber Console Port The co...

Страница 24: ...2 LED Indications The front panel LEDs indicates instant status of port links data activity and system power it helps monitor and troubleshoot when needed Figure 2 1 2 shows the LED indications of these Managed Switches Figure 2 1 2 NS3503 16P 4C LED indication System Alert LED Color Function PWR Green Lights to indicate that the Switch has power SYS Green Lights to indicate the system is working ...

Страница 25: ...ndicate that the port is operating at 10 100Mbps Blinks To indicate that the switch is actively sending or receiving data over that port 100 1000BASE SX LX SFP Interfaces Port 17 to Port 20 LED Color Function 1000 Green Lights To indicate that the port is operating at 1000Mbps Blinks To indicate that the switch is actively sending or receiving data over that port 100 Orange Lights To indicate that...

Страница 26: ... install your Managed Switch and make connections to the Managed Switch Please read the following topics and perform the procedures in the order being presented To install your Managed Switch on a desktop or shelf simply complete the following steps 2 2 1 Desktop Installation To install the Managed Switch on desktop or shelf 1 Attach the rubber feet to the recessed areas on the bottom of the Manag...

Страница 27: ...ed Switch in a 19 inch standard rack 1 Place the Managed Switch on a hard flat surface with the front panel positioned towards the front side 2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 1 5 shows how to attach brackets to one side of the Managed Switch Figure 2 1 5 Attach Brackets to the Managed Switch CAUTION You must us...

Страница 28: ... to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Managed Switch as the Figure 2 1 7 shows Figure 2 1 7 Plug in the SFP transceiver Approved IFS SFP Transceivers IFS Managed Switch supports both single mode and multi mode SFP transceivers The following...

Страница 29: ...nsceiver are similar 1 Before we connect Managed Switch to the other network device we have to make sure both sides of the SFP transceivers are with the same media type for example 1000BASE SX to 1000BASE SX 1000BASE LX to 1000BASE LX 2 Check whether the fiber optic cable type matches with the SFP transceiver requirement To connect to 1000BASE SX SFP transceiver please use the multi mode fiber cab...

Страница 30: ... fiber NICs or media converters user has to set the port Link mode to 1000 Force or 100 Force Remove the Transceiver Module 1 Make sure there is no network activity anymore 2 Remove the fiber optic cable gently 3 Lift up the lever of the SFP module and turn it to a horizontal position 4 Pull out the module gently through the lever Figure 2 1 8 How to Pull Out the SFP Transceiver Note Never pull ou...

Страница 31: ...h TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect Terminal The above PC comes with COM Port DB9 RS 232 or USB to RS 232 converter Ethernet Port connection Network cables Use standard network UTP cables with RJ45 connectors The above Workstation is installed with Web browser and Java runtime environment plug in Note It is recommended to use Int...

Страница 32: ...vel Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need to only know the community name 3 3 Administration Console The administration console is an internal character oriented and command line user interface for performing system administration such as displaying statistics ...

Страница 33: ...s are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 3 4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch fr...

Страница 34: ...n external SNMP based application to configure and manage the Managed Switch such as SNMPc Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set commun...

Страница 35: ...u to running the IFS Smart Discovery Utility 1 Deposit the IFS Smart Discovery Utility in administrator PC 2 Run this utility when the following screen appears Figure 3 1 6 IFS Smart Discovery Utility Screen Note If there are two LAN cards or above in the same administrator PC choose a different LAN card by using the Select Adapter tool 3 Press Refresh button for the currently connected devices in...

Страница 36: ... 3 buttons above are shown below Update Device Use the current setting on one single device Update Multi Use the current setting on multi devices Update All Use the current setting on whole devices in the list The same functions mentioned above also can be found in Option tools bar 6 Clickg the Control Packet Force Broadcast function to assign a new setting value to the Web Smart Switch under a di...

Страница 37: ... PC must be set on the same IP subnet address as the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you have changed the default IP address of the Managed Switch to 192 168 1 1 with subnet mask 255 255 255 0 via ...

Страница 38: ...t or manage the Managed Switch by Web interface The Switch Menu on the left of the web page lets you access all the commands and statistics the Managed Switch provides Note It is recommended to use Internet Explore 8 0 or above to access Managed Switch The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface No...

Страница 39: ...e Panel Display The Web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ45 Ports SFP Ports PoE Ports Main Menu Using the onboard Web agent you can define system pa...

Страница 40: ...Buttons Click to save changes or reset to default Click to logout the Managed Switch Click to reboot the Managed Switch Click to refresh the page 4 1 1 Save Button This save button allows you to save the running startup backup configuration or reset switch in default parameter If you forgot to save configuration all configurations will be lost after system reboot The screen in Figure 4 1 6 appears...

Страница 41: ...ect Description Running Configuration Refers to the running configuration sequence used in the switch In switch the running configuration file stores in the RAM In the current version the running configuration sequence running config can be saved from the RAM to FLASH by saving Source File Running Configuration to Destination File Startup Configuration so that the running configuration sequence be...

Страница 42: ...he running configuration file stores in the RAM In the current version the running configuration sequence of running config can be saved from the RAM to FLASH by Save Configurations to FLASH function so that the running configuration sequence becomes the startup configuration file which is called configuration save To save all applied changes and set the current configuration as a startup configur...

Страница 43: ...age IPv6 Configuration Configure the switch managed IPv6 information on this page User Configuration Configure new user name and password on this page Time Settings Configure SNTP on this page Log Management The switch log information is provided here SNMP Management Configure SNMP on this page 4 2 1 System Information The System Info page provides information for the current device information Sy...

Страница 44: ... The loader date of this Managed Switch Firmware Version The firmware version of this Managed Switch Firmware Date The firmware date of this Managed Switch System Object ID The system object ID of the Managed Switch System Up Time The period of time the device has been operational PCN HW Version The hardware version of this Managed Switch Buttons Click to edit parameter 4 2 2 IP Configurations The...

Страница 45: ...CP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Provide the IP address of this switch in dotted decimal notation Subnet Mask Provide the subnet mask of this switch in dotted decimal notation Gateway Provide the IP address of the router in dotted decimal notation DNS Server 1 2 Provide the...

Страница 46: ... this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 9ef6 1aff fe04 c5c3 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses the following legally IPv4 address For example 192 1...

Страница 47: ...c address IPv6 Static Router Display the current IPv6 static gateway DHCPv6 Client Display the current DHCPv6 client status 4 2 4 User Configuration This page provides an overview of the current users and privilege type Currently the only way to login as another user on the Web server is to close and reopen the browser After the setup is completed please press Apply button to take effect Please lo...

Страница 48: ... Retype Password Please enter the user s new password here again to confirm Privilege Type The privilege type for the user Options Admin User Other Buttons Click to apply changes Figure 4 2 7 Local User Page Screenshot The page includes the following fields Object Description Username Display the current username Password Type Display the current password type Privilege Type Display the current pr...

Страница 49: ...ts and the server when they are not on the same subnet domain Disabled Disable SNTP mode operation Manual Time To set time manually Year Select the starting year Month Select the starting month Day Select the starting day Hours Select the starting hour Minutes Select the starting minute Seconds Select the starting seconds Time Zone Select the time zone according to the current location of switch D...

Страница 50: ...ing minute Recurring To Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute Non recurring From Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute Non recurring To Week Select th...

Страница 51: ... Display the current time zone Daylight Saving Time Display the current daylight saving time state Daylight Saving Time Offset Display the current daylight saving time offset state From Display the current daylight saving time from To Display the current daylight saving time to 4 2 5 2 SNTP Server Settings The SNTP Server Configuration screens in Figure 4 2 10 and Figure 4 2 11 appear Figure 4 2 1...

Страница 52: ...aged Switch log management is provided here The local logs allow you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RAM The following table lists the event levels of the Managed Switch Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational ...

Страница 53: ...ge includes the following fields Object Description Logging Service Enabled Enable logging service operation Disabled Disable logging service operation Buttons Click to apply changes Figure 4 2 13 Logging Information Page Screenshot The page includes the following fields Object Description Logging Service Display the current logging service status 4 2 6 2 Local Log The switch system local log info...

Страница 54: ...or local log crit Critical level of the critical conditions for local log error Error level of the error conditions for local log warning Warning level of the warning conditions for local log notice Notice level of the normal but significant conditions for local log info Informational level of the informational messages for local log debug Debug level of the debugging messages for local log Button...

Страница 55: ...on Server Address Provide the remote syslog IP address of this switch Server Port Provide the port number of remote syslog server Default Port no 514 Severity The severity of the local log entry The following severity types are supported emerg Emergency level of the system unstable for local log alert Alert level of the immediate action needed for local log crit Critical level of the critical cond...

Страница 56: ...Server Info Display the current remote syslog server information Severity Display the current remote syslog severity Facility Display the current remote syslog facility Action Delete the remote server entry 4 2 6 4 Log Message The switch log view is provided here The Log View screens in Figure 4 2 18 Figure 4 2 19 and Figure 4 2 20 appear Figure 4 2 18 Log Information Select Page Screenshot The pa...

Страница 57: ...notice Notice level of the normal but significant conditions for log view info Informational level of the informational messages for log view debug Debug level of the debugging messages for log view Category The category of the log view includes AAA ACL CABLE_DIAG DAI DHCP_SNOOPING Dot1X GVRP IGMP_SNOOPING IPSG L2 LLDP Mirror MLD_SNOOPING Platform PM Port PORT_SECURITY QoS Rate SNMP and STP Button...

Страница 58: ... suite SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth An SNMP managed network consists of three key components Network management stations NMS s SNMP agents Management information base MIB and network management protocol Network management stations NMS s Sometimes called consoles these devices execute management applica...

Страница 59: ...of some event The SNMPv2 trap message is designed to replace the SNMPv1 trap message SNMP community An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent The community name is used to identify the group An SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management sta...

Страница 60: ...to The allowed string length is 1 to 16 Subtree OID The OID defining the root of the subtree to add to the named view The allowed string content is digital number or asterisk Subtree OID Mask The bitmask identifies which positions in the specified object identifier are to be regarded as wildcards for the purpose of pattern matching View Type Indicates the view type that this entry should belong to...

Страница 61: ... entry 4 2 7 4 SNMP Access Group Configure SNMPv3 access group on this page The entry index keys are Group Name Security Model and Security Level The SNMPv3 Access Group Setting screens in Figure 4 2 25 and Figure 4 2 26 appear Figure 4 2 25 SNMPv3 Access Group Setting Page Screenshot The page includes the following fields Object Description Group Name A string identifying the group name to which ...

Страница 62: ... length is 1 to 16 Write View Name Write view name is the name of the view in which you enter data and configure the contents of the agent The allowed string length is 1 to 16 Notify View Name Notify view name is the name of the view in which you specify a notify inform or trap Buttons Click to add a new access entry Check to delete the entry Figure 4 2 26 SNMP View Table Status Page Screenshot Th...

Страница 63: ...dicates the SNMP community supported mode Possible versions are Basic Set SNMP community mode supported version 1 and 2c Advanced Set SNMP community mode supported version 3 Group Name A string identifying the group name to which this entry should belong The allowed string length is 1 to 16 View Name A string identifying the view name to which this entry should belong The allowed string length is ...

Страница 64: ...escription User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 16 Group The SNMP Access Group A string identifying the group name that this entry should belong to Privilege Mode Indicates the security model that this entry should belong to Possible security models are NoAuth None authentication and none privacy Auth Authentication and non...

Страница 65: ... to indicate that this user using DES authentication protocol Encryption Key A string identifying the privacy pass phrase The allowed string length is 8 to 16 Buttons Click to add a new user entry Figure 4 2 30 SNMPv3 Users Status Page Screenshot The page includes the following fields Object Description User Name Display the current user name Group Display the current group Privilege Mode Display ...

Страница 66: ...address For example 192 1 2 34 SNMP Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c Notify Type Set the notify type in traps or informs Community Name Indicates the community access string when send SNMP trap packet UDP Port Indicates the SNMP trap destination port SNMP Agent will send SNM...

Страница 67: ...screens in Figure 4 2 33 and Figure 4 2 34 appear Figure 4 2 33 SNMPv3 Notification Recipients Page Screenshot The page includes the following fields Object Description Server Address Indicates the SNMP trap destination address It allows a valid IP address in dotted decimal notation x y z w It can also represent a legally valid IPv4 address For example 192 1 2 34 Notify Type Set the notify type in...

Страница 68: ...UDP Port Display the current UDP port Time Out Display the current time out Retries Display the current retry times Action Delete the SNMPv3 host entry 4 2 7 9 SNMP Engine ID Configure SNMPv3 Engine ID on this page The entry index key is Engine ID The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The SNMPv3 Engin...

Страница 69: ...e Screenshot The page includes the following fields Object Description User Default Display the current status Engine ID Display the current engine ID 4 2 7 10 SNMP Remote Engine ID Configure SNMPv3 remote Engine ID on this page The SNMPv3 Remote Engine ID Setting screens in Figure 4 2 37 and Figure 4 2 38 appear Figure 4 2 37 SNMPv3 Remote Engine ID Setting Page Screenshot The page includes the f...

Страница 70: ...Management Use the Port Menu to display or configure the Managed Switch s ports This section has the following items Port Configuration Configures port configuration settings Port Counters Lists Ethernet and RMON port statistics Bandwidth Utilization Displays current bandwidth utilization Port Mirroring Sets the source and target ports for mirroring Jumbo Frame Sets the jumbo frame on the switch P...

Страница 71: ...ation Auto 100M Setup 100M Auto negotiation Auto 1000M Setup 1000M Auto negotiation Auto 10 100M Setup 10 100M Auto negotiation 10M Setup 10M Force mode 100M Setup 100M Force mode 1000M Setup 1000M Force mode Duplex Select any available link duplex for the given switch port Draw the menu bar to select the mode Auto Setup Auto negotiation Full Force sets Full Duplex mode Half Force sets Half Duplex...

Страница 72: ...rrent link status Speed Display the current speed status of the port Duplex Display the current duplex status of the port Flow Control Configuration Display the current flow control configuration of the port Flow Control Status Display the current flow control status of the port 4 3 2 Port Counters This page provides an overview of traffic and trunk statistics for all switch ports The Port Statist...

Страница 73: ...use of an unknown or unsupported protocol Received Discards Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Transmit Octets The total number of octets transmitted out of the interface includin...

Страница 74: ...er of packets that higher level protocols requested is transmitted and addressed to a broadcast address at this sub layer including those that were discarded or not sent Figure 4 3 5 Ethernet link Counters Page Screenshot Object Description Alignment Errors The number of alignment errors missynchronized data packets FCS Errors A count of frames received on a particular interface that are an integr...

Страница 75: ...e Frames The number of received pause frames Out Pause Frames The number of transmitted pause frames Figure 4 3 6 RMON Counters Page Screenshot Object Description Drop Events The total number of events in which packets were dropped due to lack of resources Octets The total number of octets received and transmitted on the interface including framing characters Packets The total number of packets re...

Страница 76: ...nd had either an FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet segment 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames Th...

Страница 77: ...work traffic that forwards a copy of each incoming or outgoing packet from one port of a network switch to another port where the packet can be studied It enables the manager to keep close track of switch performance and alter it if necessary To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Ma...

Страница 78: ...iguration The Port Mirror Configuration screens in Figure 4 3 9 and Figure 4 3 10 appear Figure 4 3 9 Port Mirroring Settings Page Screenshot The page includes the following fields Object Description Session ID Set the port mirror session ID Possible ID are 1 to 4 Monitor Session State Enable or disable the port mirroring function Destination Port Select the port to mirror destination port Allow i...

Страница 79: ...Mirroring Status Page Screenshot The page includes the following fields Object Description Session ID Display the session ID Destination Port This is the mirroring port entry Ingress State Display the ingress state Source TX Port Display the current TX ports Source RX Port Display the current RX ports 4 3 5 Jumbo Frame This page provides to select the maximum frame size allowed for the switch port...

Страница 80: ...s Enter the maximum frame size allowed for the switch port including FCS The allowed range is 64 bytes to 9216 bytes Buttons Click to apply changes Figure 4 3 12 Jumbo Frame Information Page Screenshot The page includes the following fields Object Description Jumbo Display the current maximum frame size ...

Страница 81: ...e port error disabled function to check status by self loop Broadcast Flood Enable or disable the port error disabled function to check status by broadcast flood Unknown Multicast Flood Enable or disable the port error disabled function to check status by unknown multicast flood Unicast Flood Enable or disable the port error disabled function to check status by unicast flood ACL Enable or disable ...

Страница 82: ...f Loop Display the current self loop status Broadcast Flood Display the current broadcast flood status Unknown Multicast Flood Display the current unknown multicast flood status Unicast Flood Display the current unicast flood status ACL Display the current ACL status Port Security Violation Display the current port security violation status DHCP Rate Limit Display the current DHCP rate limit statu...

Страница 83: ...ror disabled reason of the port Time Left Seconds Display the time left 4 3 8 Protected Ports Overview When a switch port is configured to be a member of protected group also called Private VLAN communication between protected ports within that group can be prevented Two application examples are provided in this section Customers connected to an ISP can be members of the protected group but they a...

Страница 84: ...e private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN...

Страница 85: ...ous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Unprotected A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting Buttons Click to apply changes Figure 4 3 17 Port Isolation Status Page Screenshot The page includes the following fields Object Description Protected...

Страница 86: ...e assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed suplex setting etc The device supports the following Aggregation links Static LAGs Port Trun...

Страница 87: ...egation ports None of the ports in a link aggregation can be configured as a mirror source port or a mirror target port All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole Enable the link aggregation prior to connecting any cable between the switches...

Страница 88: ...llowing fields Object Description Load Balance Algorithm Select load balance algorithm mode MAC Address The MAC address can be used to calculate the port for the frame IP MAC Address The IP and MAC address can be used to calculate the port for the frame Buttons Click to apply changes Figure 4 4 3 LAG Information Page Screenshot The page includes the following fields Object Description Load Balance...

Страница 89: ...lect LAG number for this drop down list Name Indicates each LAG name Type Indicates the trunk type Static Force aggregated selected ports to be a trunk group LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them Ports Select port number for this drop down list to estab...

Страница 90: ... Setting screens in Figure 4 4 6 and Figure 4 4 7 appear Figure 4 4 6 LAG Port Setting Information Page Screenshot The page includes the following fields Object Description LAG Select Select LAG number for this drop down list Enable Indicates the LAG state operation Possible states are Enabled Start up the LAG manually Disabled Shut down the LAG manually Speed Select any available link speed for t...

Страница 91: ...ings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Buttons Click to apply changes Figure 4 4 7 LAG Port Status Page Screenshot The page includes the following fields Object Description LAG The LAG for the settings contained in the same row Description Display the current des...

Страница 92: ...e includes the following fields Object Description System Priority A value which is used to identify the active LACP The Managed Switch with the lowest value has the highest priority and is selected as the active LACP peer of the trunk group Buttons Click to apply changes Figure 4 4 9 LACP Information Page Screenshot The page includes the following fields Object Description System Priority Display...

Страница 93: ...P port setting Priority The Priority controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower number means greater priority Timeout The Timeout controls the period between BPDU transmissions Short will transmit LACP packets each secon...

Страница 94: ...lays LAG status The LAG Status screens in Figure 4 4 12 and Figure 4 4 13 appear Figure 4 4 12 LAG Status Page Screenshot The page includes the following fields Object Description LAG Display the current trunk entry Name Display the current LAG name Type Display the current trunk type Link State Display the current link state Active Member Display the current active member Standby Member Display t...

Страница 95: ...rt disabled state EXPR means expired state LACPds means LACP disabled state DFLT means defaulted state CRRNT means current state PrdTx LACP periodic transmission state machine status of the port no PRD means the port is in no periodic state FstPRD means fast periodic state SlwPRD means slow periodic state PrdTX means periodic TX state AtState The actor state field of LACP PDU description The field...

Страница 96: ...at frequently communicate with each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated Note 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets ...

Страница 97: ...broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can b...

Страница 98: ...f putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header 802 1Q VLAN Tags The figure below shows the 802 1Q VLAN tag There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the Ether Type field When a packet s Ether Type field is equal to 0x8100 th...

Страница 99: ...ntained within the tag Tagged packets are also assigned a PVID but the PVID is not used to make packet forwarding decisions the VID is Tag aware switches must keep a table to relate PVID within the switch to VID on the network The switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet If the two VID are different the switch will drop the pac...

Страница 100: ...en the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns the frame to an associated VLAN based on the default VLAN ID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame Port Overlapping Port overlapping can be used to allow access to commonly shared netwo...

Страница 101: ...ent VLAN 4 5 4 Create VLAN Create delete VLAN on this page The screens in Figure 4 5 3 and Figure 4 5 4 appear Figure 4 5 3 VLAN Setting Page Screenshot The page includes the following fields Object Description VLAN List Indicates the ID of this particular VLAN VLAN Action This column allows users to add or delete VLAN s VLAN Name Prefix Indicates the name of this particular VLAN Buttons Click to ...

Страница 102: ...2 1Q compliant switch can be configured as tagged or untagged Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compli...

Страница 103: ...pecific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might be mixed Assigning a unique range of VLAN IDs to each customer would restrict customer configurations require intensive processing of VLAN mapping tables and could ea...

Страница 104: ...ss indicates the port belongs to one VLAN only Hybrid means the port allows the traffic of multi VLANs to pass in tag or untag mode Tunnel configures IEEE 802 1Q tunneling for a downlink port to another device within the customer network PVID Allows you to assign PVID to selected port The PVID will be inserted into all untagged frames entering the ingress port The PVID must be the same as the VLAN...

Страница 105: ...ce Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Interface VLAN Mode Display the current interface VLAN mode PVID Display the current PVID Accepted Frame Type Display the current access frame type Ingress Filtering Display the current ingress filtering Uplink Display the current uplink mode TPID Display the current...

Страница 106: ...ect VLAN membership for each interface by marking the appropriate radio button for a port or trunk Forbidden Interface is forbidden from automatically joining the VLAN via GVRP Excluded Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Tagged Interface is a member of the VLAN All packets transmitted by the port will be tagged that is c...

Страница 107: ...to modify VLAN membership 4 5 8 Protocol VLAN Group Setting The network devices required to support multiple protocols cannot be easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including s...

Страница 108: ... protocol based VLAN Group Setting The protocol based VLAN screens in Figure 4 5 9 and Figure 4 5 10 appear Figure 4 5 9 Add Protocol VLAN Group Page Screenshot The page includes the following fields Object Description Group ID Protocol Group ID assigned to the Special Protocol VLAN Group Frame Type Frame Type can have one of the following values Ethernet II IEEE802 3_LLC_Other RFC_1042 Note On ch...

Страница 109: ...5 9 Protocol VLAN Port Setting This page allows you to map an already configured Group Name to a VLAN port for the switch The Protocol VLAN Port Setting State screens in Figure 4 5 11 and Figure 4 5 12 appear Figure 4 5 11 Protocol VLAN Port Setting Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list to assign protocol VLAN port Group ...

Страница 110: ...ort entry Figure 4 5 12 Protocol VLAN Port State Page Screenshot The page includes the following fields Object Description Port Display the current port Group ID Display the current group ID VLAN ID Display the current VLAN ID Delete Click to delete the group ID entry ...

Страница 111: ...across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch The GVRP Global Setting Information screens in Figure 4 5 13 and Figure 4 5 14 appear Figure 4 5 13 GVRP Global Setting Page Screenshot ...

Страница 112: ...icants can rejoin before the port actually leaves the group Range 45 32760 centiseconds Default 60 centiseconds LeaveAll Timeout The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Range 65 32765 ce...

Страница 113: ...nabled or disabled on port Registration Mode By default GVRP ports are in normal registration mode These ports use GVRP join messages from neighboring switches to prune the VLANs running across the 802 1Q trunk link If the device on the other side is not capable of sending GVRP messages or if you do not want to allow the switch to prune any of the VLANs use the fixed mode Fixed mode ports will for...

Страница 114: ...isplay the current registration mode VLAN Creation Status Display the current VLAN creation status 4 5 12 GVRP VLAN The GVRP VLAN Database screen in Figure 4 5 17 appears Figure 4 5 17 GVRP VLAN Database Status Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Member Ports Display the current member ports Dynamic Ports Display the current...

Страница 115: ...in Empty Rx Tx Display the current join empty TX RX packets Empty Rx Tx Display the current empty TX RX packets Leave Empty Rx Tx Display the current leave empty TX RX packets Join In Rx Tx Display the current join in TX RX packets Leave In Rx Tx Display the current leave in TX RX packets LeaveAll Rx Tx Display the current leaveall TX RX packets Figure 4 5 19 GVRP Port Error Statistics Page Screen...

Страница 116: ...ttons Click to clear the GVRP Error Statistics Click to refresh the GVRP Error Statistics 4 5 14 VLAN setting example Separate VLANs 802 1Q VLAN Trunk 4 5 14 1 Two separate 802 1Q VLANs The diagram shows how the Managed Switch handles Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLANs Each VLAN isolates network traffic so only members of the VLAN recei...

Страница 117: ...anaged Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away its tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep as a tagged packet with VLAN Tag 2 Tagged packet entering VLAN 2 1 While PC 3 transmits a tagged packet with VL...

Страница 118: ...becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 Note In this example VLAN Group 1 is set as default VLAN but only focuses on VLAN 2 and VLAN 3 traffic flow Setup Steps 1 Create VLAN Group 2 and 3 Add VLAN group 2 and group 3 2 Assign VLAN mode and PVID to each port Port 1 Port 2 and Port 3 VLAN Mode Hybrid PVID 2 Port 4 Port 5 and Port 6...

Страница 119: ... Port 6 Tagged Port 1 3 Excluded 4 5 14 2 VLAN Trunking between two 802 1Q aware switches In most cases they are used for Uplink to other switches VLANs are separated at different switches but they need to access other switches within the same VLAN group The screen in Figure 4 5 21 appears ...

Страница 120: ...up steps 1 Create VLAN Group 2 and 3 Add VLAN group 2 and group 3 2 Assign VLAN mode and PVID to each port Port 1 Port 2 and Port 3 VLAN Mode Hybrid PVID 2 Port 4 Port 5 and Port 6 VLAN Mode Hybrid PVID 3 Port 7 VLAN Mode Hybrid PVID 1 ...

Страница 121: ...119 NS3503 16P 4C User Manual 3 Assign Tagged Untagged to each port VLAN ID 1 Port 1 6 Untagged Port 7 Excluded VLAN ID 2 Port 1 2 Untagged Port 3 7 Tagged Port 4 6 Excluded VLAN ID 3 Port 4 5 Untagged ...

Страница 122: ...established Duplicated links are blocked from use and become standby links The protocol allows for the duplicate links to be used in the event of a failure of the primary link Once the Spanning Tree Protocol is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accom...

Страница 123: ...s the root switch The shortest distance to the root switch is calculated for each switch A designated switch is selected This is the switch closest to the root switch through which packets will be forwarded to the root A port for each switch is selected This is the port providing the best path from the switch to the root switch Ports included in the STP are selected Creating a Stable STP Topology ...

Страница 124: ...o the blocking state Learning the port is adding addresses to its forwarding database but not yet forwarding packets Forwarding the port is forwarding packets Disabled the port only responds to network management messages and must return to the blocking state first A port transitions from one state to another as follows From initialization switch boot to blocking From blocking to listening or to d...

Страница 125: ...ority and the switch s MAC address The Bridge Identifier consists of two parts a 16 bit priority and a 48 bit Ethernet MAC address 32768 MAC 32768 MAC Priority A relative priority for each switch lower numbers give a higher priority and a greater chance of a given switch being elected as the root bridge 32768 Hello Time The length of time between broadcasts of the hello message by the switch 2 sec...

Страница 126: ...ur Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge If it turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Forward Delay Timer The Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state N...

Страница 127: ...ng values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however re...

Страница 128: ... chosen as a 100 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link This section has the following items STP Global Setting Configures STP system settings STP Port Setting Configuration per port STP setting CIST Instance Setting Configure syste...

Страница 129: ...oup and blocks all but one of the possible alternate paths within each Spanning Tree The STP Global Settings screens in Figure 4 6 4 and Figure 4 6 5 appear Figure 4 6 4 Global Settings Page Screenshot The page includes the following fields Object Description Enable Enable or disable the STP function The default value is Disabled BPDU Forward Set the BPDU forward method PathCost Method The path co...

Страница 130: ...rward Display the current BPDU forward mode Cost Method Display the current cost method Force Version Display the current force version Configuration Name Display the current configuration name Configuration Revision Display the current configuration revision 4 6 3 STP Port Setting This page allows you to configure per port STP settings The STP Port Setting screens in Figure 4 6 6 and Figure 4 6 7...

Страница 131: ...l whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology P2P MAC Controls whether the port connects to a point to point LAN rather than a shared medium This can be automatically determined or forced either true or false Transition to the forwarding state is faster for point ...

Страница 132: ...00 Table 4 6 2 Recommended STP Path Costs Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Table 4 6 3 Default STP Path Costs Port Type Link Type IEEE 802 1w 2001 Ethernet Half Duplex Full...

Страница 133: ...re 4 6 8 CIST Instance Setting Page Screenshot The page includes the following fields Object Description priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority o...

Страница 134: ...an send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Hello Time The time that controls the switch to send out the BPDU packet to check STP current status Enter a value between 1 through 10 Buttons Click to apply changes Figure 4 6 9 CIST Instance Information Page Screenshot The page includes the following fields Obje...

Страница 135: ...ontrols the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 Internal Path Cost 0 Auto Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered T...

Страница 136: ...t internal path cost oper Designated Root Bridge Display the current designated root bridge External Root Cost Display the current external root cost Regional Root Bridge Display the current regional root bridge Internal Root Cost Display the current internal root cost Designated Bridge Display the current designated bridge Internal Port Path Cost Display the current internal port path cost Edge P...

Страница 137: ...o assign VLAN list to special MSTI ID The range for the VLAN list is 1 4094 Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Click to apply changes Figure 4 6 13 MSTI Instance Setting Information Page Screenshot The page include...

Страница 138: ...ining Hops Display the current remaining hops Last Topology Change Display the current last topology change 4 6 7 MST Port Setting This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the por...

Страница 139: ...Internal Path Cost 0 Auto Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher pa...

Страница 140: ...nated bridge Internal Path Cost Display the current internal path cost Port Role Display the current port role Port State Display the current port state 4 6 8 STP Statistics This page displays STP statistics The STP statistics screen in Figure 4 6 17 appears Figure 4 6 17 STP Statistics Page Screenshot The page includes the following fields Object Description Port The switch port number of the log...

Страница 141: ...tatistics Display the MLD snooping statistics Multicast Throttling Setting Configures multicast throttling setting Multicast Filter Configures multicast filter 4 7 1 Properties This page provides multicast properties related configuration The multicast Properties and Information screen in Figure 4 7 1 and Figure 4 7 2 appear Figure 4 7 1 Properties Setting Page Screenshot The page includes the fol...

Страница 142: ... member of the multicast group About the Internet Group Management Protocol IGMP Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for member...

Страница 143: ...141 NS3503 16P 4C User Manual Figure 4 7 3 Multicast Service Figure 4 7 4 Multicast Flooding ...

Страница 144: ...en joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 0x11 Specific Group Mem...

Страница 145: ... 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast qu...

Страница 146: ...to the current unit as reflected by the page header The IGMP Snooping Setting and Information screens in Figure 4 7 7 Figure 4 7 8 and Figure 4 7 9 appear Figure 4 7 7 IGMP Snooping Page Screenshot The page includes the following fields Object Description IGMP Snooping Status Enable or disable the IGMP snooping The default value is Disabled IGMP Snooping Version Sets the IGMP Snooping operation ve...

Страница 147: ...ing fields Object Description Entry No Display the current entry number VLAN ID Display the current VLAN ID IGMP Snooping Operation Status Display the current IGMP snooping operation status Router Ports Auto Learn Display the current router ports auto learning Query Robustness Display the current query robustness Query Interval sec Display the current query interval Query Max Response Interval sec...

Страница 148: ...N Setting Page Screenshot The page includes the following fields Object Description VLAN ID Select VLAN ID for this drop down list Querier State Enable or disable the querier state The default value is Disabled Querier Version Sets the querier version for compatibility with other devices on the network Version 2 or 3 Default 2 Buttons Click to apply changes Figure 4 7 11 IGMP Querier Status Page S...

Страница 149: ...e Managed Switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN The IGMP Static Group configuration screens in Figure 4 7 12 ...

Страница 150: ...eenshot The page includes the following fields Object Description VLAN ID Display the current VID Group IP Address Display multicast IP address for a specific multicast service Member Port Display the current member port Type Member types displayed include Static or Dynamic depending on selected options Life Sec Display the current life 4 7 2 5 IGMP Router Setting Depending on your network connect...

Страница 151: ...l multicast traffic coming from the attached multicast router Type Sets the Router port type The types of Router port as below Static Forbid Static Ports Select Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Forbid Port Select Specify which ports un act as router ports Buttons Click to add IGMP ...

Страница 152: ... 7 18 and Figure 4 7 19 appear Figure 4 7 17 Dynamic Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Display the current dynamic router ports Expiry Time Sec Display the current expiry time Figure 4 7 18 Static Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the cu...

Страница 153: ... This page provides IGMP Forward All The Forward All screen in Figure 4 7 20 appears Figure 4 7 20 Forward All Setting Page Screenshot The page includes the following fields Object Description VLAN ID Select VLAN ID for this drop down list to assign IGMP membership Port The switch port number of the logical port Membership Select IGMP membership for each interface Forbidden Interface is forbidden ...

Страница 154: ...will not be transmitted by the interface Static Interface is a member of the IGMP Buttons Click to apply changes 4 7 3 IGMP Snooping Statics This page provides IGMP Snooping Statics The IGMP Snooping Statics screen in Figure 4 7 20 appears Figure 4 7 20 Forward All Setting Page Screenshot The page includes the following fields ...

Страница 155: ...rent leave TX Report TX Display current report TX General Query TX Display current general query TX Special Group Query TX Display current special group query TX Special Group Source Query TX Display current special group and source query TX Buttons Click to clear the IGMP Snooping Statistics Click to refresh the IGMP Snooping Statistics 4 7 4 MLD Snooping 4 7 4 1 MLD Setting This page provides ML...

Страница 156: ...ersion 2 MLD Snooping Report Suppression Limits the membership report traffic sent to multicast capable routers When you disable report suppression all MLD reports are sent as is to multicast capable routers The default is enabled Buttons Click to apply changes Figure 4 7 22 MLD Snooping information Page Screenshot The page includes the following fields Object Description MLD Snooping Status Displ...

Страница 157: ... the current query robustness Query Interval sec Display the current query interval Query Max Response Interval sec Display the current query max response interval Last Member Query count Display the current last member query count Last Member Query Interval sec Display the current last member query interval Immediate Leave Display the current immediate leave Modify Click to edit parameter 4 7 4 2...

Страница 158: ...s Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Group IPv6 Address Display the current group IPv6 address Member Ports Display the current member ports Modify Click to edit parameter 4 7 4 3 MLD Group Table This page provides MLD Group Table The MLD Group Table screen in Figure 4 7 26 appears Figure 4 7 26 MLD Group Table Page Screens...

Страница 159: ...in all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the Managed Switch The MLD Router Setting screens in Figure 4 7 27 and Figure 4 7 28 appear Figure 4 7 27 Add Router Port Page Screenshot The page includes the following fields Object Description VLAN ID Selects the VLAN to propagate all mul...

Страница 160: ... Modify Click to edit parameter Click to delete the group ID entry 4 7 4 5 MLD Router Table This page provides Router Table The Dynamic Static and Forbidden Router Table screens in Figure 4 7 29 Figure 4 7 30 and Figure 4 7 31 appear Figure 4 7 29 Dynamic Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Display the curr...

Страница 161: ... the current VLAN ID Port Mask Display the current port mask Figure 4 7 31 Forbidden Router Table Page Screenshot The page includes the following fields Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask 4 7 4 6 MLD Forward All This page provides MLD Forward All The Forward All screen in Figure 4 7 32 appears ...

Страница 162: ...ical port Membership Select MLD membership for each interface Forbidden Interface is forbidden from automatically joining the MLD via MVR None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Static Interface is a member of the MLD Buttons Click to apply changes 4 7 5 MLD Snooping Statics This page provides MLD Snooping Statics The ML...

Страница 163: ... current other RX Leave RX Display current leave RX Report RX Display current report RX General Query RX Display current general query RX Special Group Query RX Display current special group query RX Special Group Source Query RX Display current special group and source query RX Leave TX Display current leave TX Report TX Display current report TX General Query TX Display current general query TX ...

Страница 164: ...xisting group and replaces it with the new multicast group Once you have configured multicast profiles you can assign them to interfaces on the Managed Switch Also you can set the multicast throttling number to limit the number of multicast groups an interface can join at the same time The MAX Group and Information screens in Figure 4 7 34 and Figure 4 7 35 appear Figure 4 7 34 Max Groups and Acti...

Страница 165: ...a specific subscription plan The multicast filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port Multicast filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A multicast filter profile can contain one or more or a range of multicast addresses but only one pr...

Страница 166: ...the following fields Object Description IP Type Select IPv4 or IPv6 for this drop down list Profile Index Indicates the ID of this particular profile Group from Specifies multicast groups to include in the profile Specify a multicast group range by entering a start IP address Group to Specifies multicast groups to include in the profile Specify a multicast group range by entering an end IP address...

Страница 167: ...play the current group to Action Display the current action Modify Click to edit parameter Click to delete the MLD IGMP profile entry 4 7 7 2 IGMP Filter Setting The Filter Setting and Status screens in Figure 4 7 38 and Figure 4 7 39 appear Figure 4 7 38 Filter Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number for this drop down list ...

Страница 168: ...ter profile ID Action Click to display detail profile parameter Click to delete the IGMP filter profile entry 4 7 7 3 MLD Filter Setting The Filter Setting and Status screens in Figure 4 7 40 and Figure 4 7 41 appear Figure 4 7 40 Filter Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number for this drop down list Filter Profile ID Select ...

Страница 169: ...affic such as multi media video protocol specific time critical and file backup traffic QoS reduces bandwidth limitations delay loss and jitter It also provides increased reliability for delivery of your data and allows you to prioritize certain applications across your network You can define exactly how you want the switch to treat selected applications and types of traffic You can use QoS on you...

Страница 170: ...e or Port base mode can be selected Both the three mode rely on predefined fields within the packet to determine the output queue 802 1p Tag Priority Mode The output queue assignment is determined by the IEEE 802 1p VLAN priority tag IP DSCP Mode The output queue assignment is determined by the TOS or DSCP field in the IP packets Port Base Priority Mode Any packet received from the specify high pr...

Страница 171: ... the following fields Object Description QoS Mode Display the current QoS mode 4 8 2 2 QoS Port Settings The QoS Port Settings and Status screens in Figure 4 8 2 and Figure 4 8 3 appear Figure 4 8 2 QoS Port Setting Page Screenshot The page includes the following fields Object Description Port Select Select port number for this drop down list CoS Value Select CoS value for this drop down list ...

Страница 172: ...igure 4 8 3 QoS Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port CoS Value Display the current CoS value Remark CoS Display the current remark CoS Remark DSCP Display the current remark DSCP Remark IP Precedence Display the current remark IP precedence 4 8 2 3 Queue Settings The Queue Table and Information screens...

Страница 173: ...heduler mode is Strict Priority on this switch port WRR Controls whether the scheduler mode is Weighted on this switch port Weight Controls the weight for this queue This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted of WRR Bandwidth Display the current bandwidth for each queue Buttons Click to apply changes Figure 4 8 5 Queue Information Page Scree...

Страница 174: ...ue value information 4 8 2 4 CoS Mapping The CoS to Queue and Queue to CoS Mapping screens in Figure 4 8 6 and Figure 4 8 7 appear Figure 4 8 6 CoS to Queue and Queue to CoS Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value for this drop down list Class of Service Select CoS value for this drop down list Buttons Click to apply changes ...

Страница 175: ... fields Object Description CoS Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to CoS Display the current mapping to CoS 4 8 2 5 DSCP Mapping The DSCP to Queue and Queue to DSCP Mapping screens in Figure 4 8 8 and Figure 4 8 9 appear ...

Страница 176: ...ueue to DSCP Mapping Page Screenshot The page includes the following fields Object Description Queue Select Queue value for this drop down list DSCP Select DSCP value for this drop down list Buttons Click to apply changes Figure 4 8 9 DSCP Mapping Page Screenshot ...

Страница 177: ... to queue Queue Display the current queue value Mapping to DSCP Display the current mapping to DSCP 4 8 2 6 IP Precedence Mapping The IP Precedence to Queue and Queue to IP Precedence Mapping screens in Figure 4 8 10 and Figure 4 8 11 appear Figure 4 8 10 IP Precedence to Queue and Queue to IP Precedence Mapping Page Screenshot The page includes the following fields ...

Страница 178: ...own list Buttons Click to apply changes Figure 4 8 11 IP Precedence Mapping Page Screenshot The page includes the following fields Object Description IP Precedence Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to IP Precedence Display the current mapping to IP Precedence ...

Страница 179: ... Figure 4 8 13 appear Figure 4 8 12 Basic Mode Global Settings Page Screenshot The page includes the following fields Object Description Trust Mode Set the QoS mode Buttons Click to apply changes QoS Information Figure 4 8 13 QoS Information Page Screenshot The page includes the following fields Object Description Trust Mode Display the current QoS mode ...

Страница 180: ...reenshot The page includes the following fields Object Description Port Select port number for this drop down list Trust Mode Enable or disable the trust mode Buttons Click to apply changes Figure 4 8 15 QoS Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Trust Mode Display the current trust type ...

Страница 181: ...hot The page includes the following fields Object Description Port Select port number for this drop down list State Enable or disable the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 17 Ingress Bandwidth Control Status Page Screens...

Страница 182: ...bject Description Port Select port number for this drop down list State Enable or disable the port rate policer The default value is Disabled Rate Kbps Configure the rate for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 19 Egress Bandwidth Control Status Page Screenshot The page includes the following fields Ob...

Страница 183: ...er for this drop down list Queue Select queue number for this drop down list State Enable or disable the port rate policer The default value is Disabled CIR Kbps Configure the CIR for the port policer The default value is unlimited Valid values are in the range 0 to 1000000 Buttons Click to apply changes Figure 4 8 21 Egress Queue Status Page Screenshot The page includes the following fields Objec...

Страница 184: ...e VLAN when relocated physically The greatest advantage of the VLAN is the equipment can be automatically placed into Voice VLAN according to its voice traffic which will be transmitted at specified priority Meanwhile when voice equipment is physically relocated it still belongs to the Voice VLAN without any further configuration modification which is because it is based on voice equipment other t...

Страница 185: ...d Disable Voice VLAN mode operation Voice VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR VID PVID etc The allowed range is 1 to 4095 Remark CoS 802 1p Select 802 1p value for this drop down list 1p remark Enable or disable 802 1p remark Aging Time 30 65536 min The tim...

Страница 186: ...he current voice VLAN ID Remark CoS 802 1p Display the current remark CoS 802 1p 1p remark Display the current 1p remark Aging Display the current aging time 4 8 5 3 Telephony OUI MAC Setting Configure VOICE VLAN OUI table on this Page The Telephony OUI MAC Setting screens in Figure 4 8 24 and Figure 4 8 25 appear Figure 4 8 24 Voice VLAN OUI Settings Page Screenshot The page includes the followin...

Страница 187: ...hot The page includes the following fields Object Description OUI Address Display the current OUI address Description Display the current description Modify Click to edit voice VLAN OUI group parameter Click to delete voice VLAN OUI group parameter 4 8 5 4 Telephony OUI Port Setting The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule ...

Страница 188: ...ot The page includes the following fields Object Description Port Select port number for this drop down list State Enable or disable the voice VLAN port setting The default value is Disabled CoS Mode Select the current CoS mode Buttons Click to apply changes Figure 4 8 27 Voice VLAN Port State Page Screenshot The page includes the following fields Object Description Port The switch port number of ...

Страница 189: ...d responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and...

Страница 190: ...evel control 4 9 1 1 Understanding IEEE 802 1X Port based Authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports The authentication server authenticates each client connected to a switch port before making available any services offered by the swi...

Страница 191: ...hernet header is stripped and the remaining EAP frame is re encapsulated in the RADIUS format The EAP frames are not modified or examined during encapsulation and the authentication server must support EAP within the native frame format When the switch receives frames from the authentication server the server s frame header is removed leaving the EAP frame which is then encapsulated for Ethernet a...

Страница 192: ...on the client does not respond to the request the port remains in the unauthorized state and the client is not granted access to the network In contrast when an 802 1X enabled client connects to a port that is not running the 802 1X protocol the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number ...

Страница 193: ... more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Security 802 1X Access Control 802 1X Setting page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below The 802 1X Setting and Information screens in Figure 4 9 3 a...

Страница 194: ...are available No Authentication Authentication Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Rea...

Страница 195: ...e before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Buttons Click to apply changes Figure 4 9 6 802 1X Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Mode pps Display the current mode Status pps Display the current ...

Страница 196: ... authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If ...

Страница 197: ...oth globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e Port based 802 1X Buttons Click to apply changes Figure 4 9 8 Guest VLAN Status Page Screenshot The page includes the following fields Object Description Port Name The switch port number of t...

Страница 198: ...s in Figure 4 9 10 Figure 4 9 11 and Figure 4 9 12 appear Figure 4 9 10 Use Default Parameters Page Screenshot The page includes the following fields Object Description Retries Timeout is the number of seconds in the range 1 to 10 to wait for a reply from a RADIUS server before retransmitting the request Timeout for Reply Retransmit is the number of times in the range 1 to 30 a RADIUS request is r...

Страница 199: ...t Description Server Definition Set the server definition Server IP Address of the Radius server IP name Authentication Port The UDP port to use on the RADIUS Authentication Server If the port is set to 0 zero the default port 1812 is used on the RADIUS Authentication Server Acct Port The UDP port to use on the RADIUS Accounting Server If the port is set to 0 zero the default port 1813 is used on ...

Страница 200: ...number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured ...

Страница 201: ... The RADIUS Settings screens in Figure 4 9 13 Figure 4 9 14 and Figure 4 9 15 appear Figure 4 9 13 Guest VLAN Setting Page Screenshot The page includes the following fields Object Description Key String The secret key up to 63 characters long shared between the TACACS server and the switch Timeout for Reply Retransmit is the number of times in the range 1 to 30 a TACACS request is retransmitted to...

Страница 202: ... messages Range 1 65535 Default 49 Server Key The key shared between the TACACS Authentication Server and the switch Server Timeout The number of seconds the switch waits for a reply from the server before it resends the request Server Priority Set the server priority Buttons Click to add Radius server setting Figure 4 9 15 Login Authentication List Page Screenshot The page includes the following ...

Страница 203: ... response the second server will be tried and so on If at any point a pass or fail is returned the process stops The Managed Switch supports the following AAA features Accounting for IEEE 802 1X authenticated users that access the network through the Managed Switch Accounting for users that access management interfaces on the Managed Switch through the console and Telnet Accounting for commands th...

Страница 204: ...t Name Defines a name for the authentication list Method 1 4 Set the login authentication method Empty None Local TACACS RADIUS Enable Buttons Click to add authentication list Figure 4 9 18 Login Authentication List Screenshot The page includes the following fields Object Description List Name Display the current list name Method List Display the current method list Modify Click to edit login auth...

Страница 205: ...List Name Defines a name for the authentication list Method 1 3 Set the login authentication method Empty None Enable TACACS RADIUS Buttons Click to add authentication list Figure 4 9 20 Login Authentication List Screenshot The page includes the following fields Object Description List Name Display the current list name Method List Display the current method list Modify Click to edit login authent...

Страница 206: ...age Screenshot The page includes the following fields Object Description Telnet Service Disable or enable telnet service Login Authentication List Select login authentication list for this drop down list Enable Authentication List Select enable authentication list for this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Ti...

Страница 207: ...e SSH on this Page This Page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user...

Страница 208: ...gin Authentication List Select login authentication list for this drop down list Enable Authentication List Select enable authentication list for this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Time Set the silent time value Buttons Click to apply changes Click to disconnect telnet communication ...

Страница 209: ...ntication List Display the current enable authentication list Session Timeout Display the current session timeout Password Retry Count Display the current password retry count Silent Time Display the current silent time Current SSH Session Count Display the current SSH session count 4 9 5 3 HTTP The HTTP Settings and Information screens in Figure 4 9 25 and Figure 4 9 26 appear Figure 4 9 25 HTTP ...

Страница 210: ...k to apply changes Figure 4 9 26 HTTP Information Page Screenshot The page includes the following fields Object Description HTTP Service Display the current HTTP service Login Authentication List Display the current login authentication list Session Timeout Display the current session timeout 4 9 5 4 HTTPs The HTTPs Settings and Information screen in Figure 4 9 27 and Figure 4 9 28 appear Figure 4...

Страница 211: ... changes Figure 4 9 28 HTTPs Information Page Screenshot The page includes the following fields Object Description HTTPs Service Display the current HTTPs service Login Authentication List Display the current login authentication list Session Timeout Display the current session timeout 4 9 6 Management Access Method 4 9 6 1 Profile Rules The Profile Rule Table Setting and Table screens in Figure 4...

Страница 212: ...ither permit or deny Port Select port for this drop down list IP Source Indicates the IP address for the access management entry Buttons Click to apply changes Figure 4 9 30 Profile Rule Table Page Screenshot The page includes the following fields Object Description Access Profile Name Display the current access profile name Priority Display the current priority Management Method Display the curre...

Страница 213: ...lect access profile for this drop down list Buttons Click to apply changes Figure 4 9 32 Access Profile Table Page Screenshot The page includes the following fields Object Description Access Profile Display the current access profile Delete Click to delete access profile entry 4 9 7 DHCP Snooping 4 9 7 1 DHCP Snooping Overview The addresses assigned to DHCP clients on unsecure ports can be careful...

Страница 214: ...an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLAN identifier and port identifier When DHCP snooping is enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Filtering rules are implemented as follows If the global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is...

Страница 215: ... port s through which the switch submits a client request to the DHCP server must be configured as trusted Note that the switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any messages from a DHCP server any pack...

Страница 216: ...ed VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When the DHCP snooping is globally disabled DHCP snooping can still be configured for specific VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are r...

Страница 217: ...AN list Status Display the current DHCP snooping status 4 9 7 4 Port Setting Configures switch ports as trusted or untrusted Command Usage A trusted interface is an interface that is configured to receive only messages from within the network An untrusted interface is an interface that is configured to receive messages from outside the network or firewall When DHCP snooping enabled both globally a...

Страница 218: ...p down list Type Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message Chaddr Check Indicates that the Chaddr check function is enabled on selected port Chaddr Client hardware address Buttons Click to apply changes Figure 4 9 38 DHCP Snooping Port Settin...

Страница 219: ...Snooping Statistics Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Forwarded Display the current forwarded Chaddr Check Dropped Display the chaddr check dropped Untrust Port Dropped Display untrust port dropped Untrust Port with Option82 Dropped Display untrust port with option82 dropped Invalid Dropped Display invalid drop...

Страница 220: ...onnectivity If the agent is disabled and only DHCP snooping is enabled the switch does not lose its connectivity but DHCP snooping might not prevent DCHP spoofing attacks The database agent stores the bindings in a file at a configured location When reloading the switch reads the binding file to build the DHCP snooping binding database The switch keeps the file current by updating it when the data...

Страница 221: ...sfer process after the binding database changes The range is from 0 to 86400 Use 0 for an infinite duration The default is 300 seconds 5 minutes Buttons Click to apply changes Figure 4 9 41 DHCP Snooping Database Information Page Screenshot The page includes the following fields Object Description Database Type Display the current database type File Name Display the current file name Remote Server...

Страница 222: ...default or user define Rate Limit pps Configure the rate limit for the port policer The default value is unlimited Valid values are in the range 1 to 300 Buttons Click to apply changes Figure 4 9 43 DHCP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Rate Limit pps Display the current rate limit 4 9 7 8 O...

Страница 223: ...the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always...

Страница 224: ... the system will drop it without processing The keep mode means that the system will keep the original option82 segment in the message and forward it to the server to process The replace mode means that the system will replace the option 82 segment in the existing message with its own option 82 and forward the message to the server to process Option82 Port Setting screens in Figure 4 9 46 and Figu...

Страница 225: ...lowing fields Object Description Port The switch port number of the logical port Enable Display the current status Allow Untrusted Display the current untrusted mode 4 9 7 10 Option82 Circuit ID Setting Set creation method for option82 users can define the parameters of circuit id suboption by themselves Option82 Circuit ID Setting screens in Figure 4 9 48 and Figure 4 9 49 appear Figure 4 9 48 Op...

Страница 226: ...e current port VLAN Display the current VLAN Circuit ID Display the current circuit ID 4 9 8 Dynamic ARP Inspection Dynamic ARP Inspection DAI is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page pr...

Страница 227: ... disable the Global ARP Inspection Buttons Click to apply changes Figure 4 9 51 DAI Information Page Screenshot The page includes the following fields Object Description DAI Display the current DAI status 4 9 8 2 VLAN Setting DAI VLAN Setting screens in Figure 4 9 52 and Figure 4 9 53 appear Figure 4 9 52 DAI VLAN Setting Page Screenshot The page includes the following fields ...

Страница 228: ...ure 4 9 53 DAI VLAN Setting Page Screenshot The page includes the following fields Object Description VLAN List Display the current VLAN list Status Display the current status 4 9 8 3 Port Setting Configures switch ports as DAI trusted or untrusted and check mode DAI Port Setting screens in Figure 4 9 54 and Figure 4 9 55 appear Figure 4 9 54 DAI Port Setting Page Screenshot The page includes the ...

Страница 229: ...Enable or disable to checks the destination MAC address in the Ethernet header against the target MAC address in ARP body This check is performed for ARP responses When enabled packets with different MAC addresses are classified as invalid and are dropped IP Chk Enable or disable to checks the source and destination IP addresses of ARP packets The all zero all one or multicast IP addresses are con...

Страница 230: ...Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Forwarded Display the current forwarded Source MAC Failures Display the current source MAC failures Dest MAC Failures Display the current source MAC failures SIP Validation Failures Display the current SIP Validation failures DIP Validation Failures Display the current DIP Validatio...

Страница 231: ...elds Object Description Port Select port for this drop down list State Set default or user define Rate Limit pps Configure the rate limit for the port policer The default value is unlimited Buttons Click to apply changes Figure 4 9 58 ARP Rate Limit Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port Rate Limit pps Displ...

Страница 232: ... of the IP source guard If there is a matching entry the port will forward the packet Otherwise the port will abandon the packet IP source guard filters packets based on the following types of binding entries IP port binding entry MAC port binding entry IP MAC port binding entry 4 9 9 1 Port Settings IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports b...

Страница 233: ...source guard filtering on the Managed Switch IP Enables traffic filtering based on IP addresses stored in the binding table IP and MAC Enables traffic filtering based on IP addresses and corresponding MAC addresses stored in the binding table Max Binding Entry The maximum number of IP source guard that can be secured on this port Buttons Click to apply changes Figure 4 9 61 IP Source Guard Port Se...

Страница 234: ...eens in Figure 4 9 62 and Figure 4 9 63 appear Figure 4 9 62 IP Source Guard Static Binding Entry Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list VLAN ID Indicates the ID of this particular VLAN MAC Address Sourcing MAC address is allowed IP Address Sourcing IP address is allowed Buttons Click to add authentication list Figure 4 9 ...

Страница 235: ...t Control module is one of the modules that utilize a lower layer module while the Port Security module manages MAC addresses learned on the port The Limit Control configuration consists of two sections a system and a port wid The IP Source Guard Static Binding Entry and Table Status screens in Figure 4 9 64 and Figure 4 9 65 appear Figure 4 9 64 Port Security Setting Page Screenshot The page incl...

Страница 236: ...port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Disable and re enable Limit Control on the port or the switch 2 Click the Reopen button Discard If Limit 1 MAC addresses is seen on the port it will trigger the action that do not learn the new MAC and drop the package Buttons Click to apply changes Figure 4 9 65 Port Security Status Page Scre...

Страница 237: ...ture refers to applications such as protocol check which is for protecting the server from attacks such as DoS The protocol check allows the user to drop matched packets based on specified conditions The security features provide several simple and effective protections against Dos attacks while acting no influence on the linear forwarding performance of the switch 4 9 11 1 Global DoS Setting The ...

Страница 238: ...ing Max Size Enable or disable DoS check mode by IPv6 ping max size Ping Max Size Setting Set the max size for ping Smurf Attack Enable or disable DoS check mode by smurf attack TCP Min Hdr Size Enable or disable DoS check mode by TCP min hdr size TCP SYN SPORT 1024 Enable or disable DoS check mode by TCP syn sport 1024 Null Scan Attack Enable or disable DoS check mode by null scan attack X Mas Sc...

Страница 239: ... current ICMP fragment status IPv4 Ping Max Size Display the current IPv4 ping max size status IPv6 Ping Max Size Display the current IPv6 ping max size status Smurf Attack Display the current smurf attack status TCP Min Header Length Display the current TCP min header length TCP SYN SPORT 1024 Display the current TCP syn status Null Scan Attack Display the current null scan attack status X Mas Sc...

Страница 240: ...age includes the following fields Object Description Port Select Select port for this drop down list DoS Protection Enable or disable per port DoS protection Buttons Click to apply changes Figure 4 9 68 Port Security Setting Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical port DoS Protection Display the current DoS protection ...

Страница 241: ...bal Setting and Information screens in Figure 4 9 69 and Figure 4 9 70 appear Figure 4 9 69 Storm Control Global Setting Page Screenshot The page includes the following fields Object Description Unit Controls the unit of measure for the storm control rate as pps or bps The default value is bps Preamble IFG Set the excluded or included interframe gap Buttons Click to apply changes Figure 4 9 70 Sto...

Страница 242: ...in Figure 4 9 71 and Figure 4 9 72 appear Figure 4 9 71 Storm Control Setting Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list Port State Enable or disable the storm control status for the given storm type Action Configures the action performed when storm control is over rate on a port Valid values are Shutdown or Drop Type Enable T...

Страница 243: ...control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In network...

Страница 244: ...Pv4 based ACE Access Control Entry setting IPv6 based ACL Configuration IPv6 based ACL setting IPv6 based ACE Add Edit Delete the IPv6 based ACE Access Control Entry setting ACL Binding Configure the ACL parameters ACE of each switch port 4 10 1 MAC based ACL This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not a...

Страница 245: ...Different parameter options are displayed depending on the frame type that you selected The MAC based ACE screen in Figure 4 10 3 and Figure 4 10 4 appears Figure 4 10 3 MAC based ACE Page Screenshot The page includes the following fields Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence Action Indicates the forwarding action of the ACE ...

Страница 246: ... Any No SA MAC filter is specified User Defined If you want to filter a specific source MAC address with this ACE choose this value A field for entering a SA MAC value appears SA MAC Value When User Defined is selected for the SA MAC filter you can enter a specific source MAC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this SA MAC value SA MAC Mask Specify whet...

Страница 247: ...802 1p Display the current 802 1p value 802 1p Mask Display the current 802 1p mask Ethertype Display the current Ethernet type Modify Click to edit MAC based ACL parameter Click to delete MAC based ACL entry 4 10 3 IPv4 based ACL This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to...

Страница 248: ...e following fields Object Description Delete Click to delete ACL name entry 4 10 4 IPv4 based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you selected The IPv4 based ACE screens in Figure 4 10 7 and Figure 4 10 8 appear ...

Страница 249: ...NS3503 16P 4C User Manual Figure 4 10 7 IP based ACE Page Screenshot The page includes the following fields Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence ...

Страница 250: ...ering a source IP address value appears Destination IP Address Value When User Defined is selected for the destination IP address filter you can enter a specific destination IP address The legal format is xxx xxx xxx xxx A frame that hits this ACE matches this destination IP address value Destination IP Wildcard Mask When User Defined is selected for the destination IP filter you can enter a speci...

Страница 251: ... match this entry Unset TCP frames where the RST field is set must not be able to match this entry Don t Care Any value is allowed don t care SYN Specify the TCP Synchronize sequence numbers SYN value for this ACE Set TCP frames where the SYN field is set must be able to match this entry Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowe...

Страница 252: ...status is don t care User Defined If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value Buttons Click to add ACE list Figure 4 10 8 IPv4 based ACE Table Page Screenshot The page includes the following fields Object ...

Страница 253: ...4 based ACL entry 4 10 5 IPv6 based ACL This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations IPv6 based ACL screens in Figure 4 10 9 and Figure 4 10 10 appear Figure 4 10 9 IPv6 based ACL Page Screenshot The page includes the following fields Object Description ...

Страница 254: ...iption Delete Click to delete ACL name entry 4 10 6 IPv6 based ACE An ACE consists of several parameters Different parameter options are displayed depending on the frame type that you selected The IPv6 based ACE screens in Figure 4 10 11 and Figure 4 10 12 appear ...

Страница 255: ...NS3503 16P 4C User Manual Figure 4 10 11 IP based ACE Page Screenshot The page includes the following fields Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence ...

Страница 256: ...Value When User Defined is selected for the destination IP address filter you can enter a specific destination IP address The legal format is xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx A frame that hits this ACE matches this destination IP address value Destination IP Prefix Length When User Defined is selected for the destination IP filter you can enter a specific DIP prefix length in dotted decimal...

Страница 257: ... match this entry Unset TCP frames where the RST field is set must not be able to match this entry Don t Care Any value is allowed don t care SYN Specify the TCP Synchronize sequence numbers SYN value for this ACE Set TCP frames where the SYN field is set must be able to match this entry Unset TCP frames where the SYN field is set must not be able to match this entry Don t Care Any value is allowe...

Страница 258: ... If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value Buttons Click to add ACE list Figure 4 10 12 IPv6 based ACE Table Page Screenshot The page includes the following fields Object Description ACL Name Display the...

Страница 259: ...rameter Click to delete IPv6 based ACL entry 4 10 7 ACL Binding This page allows you to bind the Policy content to the appropriate ACLs The ACL Policy screens in Figure 4 10 13 and Figure 4 10 14 appears Figure 4 10 13 ACL Binding Page Screenshot The page includes the following fields Object Description Binding Port Select port for this drop down list ACL Select Select ACL list for this drop down ...

Страница 260: ...dministrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC addres...

Страница 261: ...splay the current port Delete Click to delete static MAC status entry 4 11 2 MAC Filtering By filtering MAC address the switch can easily filter the per configured MAC address and reduce the un safety The Static MAC Setting screens in Figure 4 11 3 and Figure 4 11 4 appear Figure 4 11 3 MAC Filtering Setting Page Screenshot The page includes the following fields Object Description MAC Address Phys...

Страница 262: ...try Delete Click to delete static MAC status entry 4 11 3 Dynamic Address Setting By default dynamic entries are removed from the MAC table after 300 seconds The Dynamic Address Setting Status screens in Figure 4 11 5 and Figure 4 11 6 appear Figure 4 11 5 Dynamic Addresses Setting Page Screenshot The page includes the following fields Object Description Aging Time The time after which a learned e...

Страница 263: ... MAC Table is sorted first by VLAN ID and then by MAC address The Dynamic Learned screens in Figure 4 11 6 and Figure 4 11 7 appear Figure 4 11 6 Dynamic Learned Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list VLAN Select VLAN for this drop down list MAC Address Physical address associated with this interface Buttons Refreshes the ...

Страница 264: ...nformation Page Screenshot Object Description MAC Address The MAC address of the entry VLAN The VLAN ID of the entry Type Indicates whether the entry is a static or dynamic entry Port The ports that are members of the entry Buttons Click to add dynamic MAC address to static MAC address ...

Страница 265: ... LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology 4 12 2 LLDP Global Setting This Page a...

Страница 266: ...the switch is rebooted a LLDP shutdown frame is transmitted to the neighboring units signaling that the LLDP information isn t valid anymore Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds Transmit Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time betwe...

Страница 267: ...Holdtime Multiplier Display the current holdtime multiplier Reinitialization Delay Display the current reinitialization delay Transmit Delay Display the current transmit delay LLDP MED Fast Start Repeat Count Display the current LLDP MED Fast Start Repeat Count 4 12 3 LLDP Port Setting Use the LLDP Port Setting to specify the message attributes for individual interfaces including whether messages ...

Страница 268: ...n checked the Port Description is included in LLDP information transmitted System Description When checked the System Description is included in LLDP information transmitted System Capability When checked the System Capability is included in LLDP information transmitted 802 3 MAC PHY When checked the 802 3 MAC PHY is included in LLDP information transmitted 802 3 Link Aggregation When checked the ...

Страница 269: ...us Selected Optional TLVs Display the current selected optional TLVs The VLAN Name TLV VLAN Selection and LLDP Port VLAN TLV Status screens in Figure 4 12 5 and Figure 4 12 6 appear Figure 4 12 5 VLAN Name TLV Selection Page Screenshot The page includes the following fields Object Description Port Select Select port for this drop down list VLAN Select Select VLAN for this drop down list Buttons Cl...

Страница 270: ...AN Display the current selected VLAN 4 12 4 LLDP Local Device Use the LLDP Local Device Information screen to display information about the switch such as its MAC address chassis ID management IP address and port information The Local Device Summary and Port Status screens in Figure 4 12 7 and Figure 4 12 8 appear Figure 4 12 7 Local Device Summary Page Screenshot The page includes the following f...

Страница 271: ...nt capabilities enabled Port ID Subtype Display the current port ID subtype Figure 4 12 8 Port Status Page Screenshot The page includes the following fields Object Description Interface The switch port number of the logical port LLDP Status Display the current LLDP status LLDP MED Status Display the current LLDP MED Status 4 12 5 LLDP Remove Device This page provides a status overview for all LLDP...

Страница 272: ... Click to refresh LLDP remove device 4 12 6 MED Network Policy Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that...

Страница 273: ... Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN The Voice A...

Страница 274: ...s App Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling for use in network topologies that require a separate policy for the video sig...

Страница 275: ...urrent application VLAN ID Display the current VLAN ID VLAN Tag Display the current VLAN tag status L2 Priority Display the current L2 priority DSCP Value Display the current DSCP value Buttons Click to delete LLDP MED network policy table entry 4 12 7 MED Port Setting The Port LLDP MED Configuration Port Setting Table screens in Figure 4 12 12 and Figure 4 12 13 appear Figure 4 12 12 Port LLDP ME...

Страница 276: ...y result in voice quality degradation or complete service disruption Location This option advertises location identification details Inventory This option advertises device details useful for inventory management such as manufacturer model software version and other pertinent information MED Network Policy Select MED network policy for this drop down list Buttons Click to apply changes Figure 4 12...

Страница 277: ...4 12 14 Port LLDP MED Configuration Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list Location Coordinate A string identifying the Location Coordinate that this entry should belong to Location Civic Address A string identifying the Location Civic Address that this entry should belong to Location ESC ELIN A string identifying the Loca...

Страница 278: ...ludes the following fields Object Description Port The switch port number of the logical port Coordinate Display the current coordinate Civic Address Display the current civic address ESC ELIN Display the current ESC ELIN 4 12 8 LLDP Overloading The LLDP Port Overloading screen in Figure 4 12 16 appears ...

Страница 279: ...ed or overloaded MED Capabilities Displays if the capabilities packets were transmitted or overloaded MED Location Displays if the location packets were transmitted or overloaded MED Network Policy Displays if the network policies packets were transmitted or overloaded MED Extended Power via MDI Displays if the extended power via MDI packets were transmitted or overloaded 802 3 TLVs Displays if th...

Страница 280: ...and Figure 4 12 18 appear Figure 4 12 17 LLDP Global Statistics Page Screenshot The page includes the following fields Object Description Insertions Shows the number of new entries added since switch reboot Deletions Shows the number of new entries deleted since switch reboot Drops Shows the number of LLDP frames dropped due to that the entry table was full Age Outs Shows the number of entries del...

Страница 281: ... down an LLDP shutdown frame is received or when the entry ages out RX Frame Error The number of received LLDP frames containing some kind of error RX TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded RX TLVs Unrecognized The number of well formed TLVs but with an unknown type...

Страница 282: ...tics can run without disruption of the link or of any data transfer If the link is established in 100Base TX or 10Base T the Cable Diagnostics cause the link to drop while the diagnostics are running After the diagnostics are finished the link is reestablished And the following functions are available Coupling between cable pairs Cable pair termination Cable Length Note Cable Diagnostics is only a...

Страница 283: ...e ICMP PING packets to troubleshoot IP connectivity issues The Managed Switch transmits ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply 4 13 3 Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues After you press Apply ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon...

Страница 284: ...result Buttons Click to transmit ICMP packets Note Be sure the target IP Address is within the same network subnet of the switch or you have to set up the correct gateway IP address 4 13 4 IPv6 Ping Test This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Apply 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are dis...

Страница 285: ...om the source device to the destination device so to check the network accessibility and locate the network failure Execution procedure of the Traceroute function consists of first a data packet with TTL at 1 is sent to the destination address if the first hop returns an ICMP error message to inform this packet can not be sent due to TTL timeout a data packet with TTL at 2 will be sent Also the se...

Страница 286: ...MIB definitions used to define standard network monitor functions and interfaces enabling the communication between SNMP management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets MID of RMON consists of 10 groups The switch supports the most frequently used group 1 2 3 and 9 Statistics Maintain basic usage and error statistics for each s...

Страница 287: ...ics This page provides a Detail of a specific RMON statistics entry RMON Statistics screen in Figure 4 14 1 appears Figure 4 14 1 RMON Statistics Detail Page Screenshot The page includes the following fields Object Description Port Select port for this drop down list Drop Events The total number of events in which packets were dropped by the probe due to lack of resources Octets The total number o...

Страница 288: ... The best estimate of the total number of collisions on this Ethernet segment 64 Bytes Frame The total number of packets including bad packets received that were 64 octets in length 65 127 Byte Frames The total number of packets including bad packets received that were between 65 to 127 octets in length 128 255 Byte Frames The total number of packets including bad packets received that were betwee...

Страница 289: ...ncluding framing characters log The number of uni cast packets delivered to a higher layer protocol SNMP Trap The number of broad cast and multi cast packets delivered to a higher layer protocol Log and Trap The number of inbound packets that are discarded even the packets are normal Community Specify the community when trap is sent the string length is from 0 to 127 default is public Owner Indica...

Страница 290: ...nt description Last Sent Time Display the current last sent time Owner Display the current event owner Action Click to delete RMON event entry 4 14 3 RMON Event Log This page provides an overview of RMON Event Log The RMON Event Log Table screen in Figure 4 14 4 appears Figure 4 14 4 RMON Event Log Table Page Screenshot The page includes the following fields Object Description Select Index Select ...

Страница 291: ...ble variables are DropEvents The total number of events in which packets were dropped due to lack of resources Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Pkts The total number of frames bad broadcast and multicast received and transmitted BroadcastPkts The total number of good frames received that were directed to the broadcast address N...

Страница 292: ...transmitted where the number of octets falls within the specified range excluding framing bits but including FCS octets Pkts256to511Octets The total number of frames including bad packets received and transmitted where the number of octets falls within the specified range excluding framing bits but including FCS octets Pkts512to1023Octets The total number of frames including bad packets received a...

Страница 293: ...rrent interval Sample Type Display the current sample type Rising Threshold Display the current rising threshold Falling Threshold Display the current falling threshold Rising Event Display the current rising event Falling Event Display the current falling event Owner Display the current owner Action Click to delete RMON alarm entry 4 14 5 RMON History Configure RMON History table on this page The...

Страница 294: ...he interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Owner Specify an owner for the history Buttons Click to apply changes Figure 4 14 8 RMON History Status Page Screenshot The page includes the following fields Object Description Index Display the current index Data Source Display the current data source Bucket Requested Display...

Страница 295: ...easily build a power central controlled IP phone system IP camera system and AP group for the enterprise For instance cameras APs can be easily installed around the corner in the company for surveillance demands or build a wireless roaming environment in the office Without the power socket limitation the NS3503 UPoE Switch makes the installation of cameras or WLAN APs easier and more efficient PoE...

Страница 296: ...s sightseeing spots airports hotels campuses factories and warehouses can install the Access Point anywhere 10 12 watts IP Surveillance Enterprises museums campuses hospitals and banks can install IP camera without the limit of the installation location Electrician is not needed to install AC sockets 3 60 watts PoE Splitter PoE Splitter splits the PoE DC over the Ethernet cable into 5 12 19 24V DC...

Страница 297: ... implemented The PSU input power consumption is monitored by measuring voltage and current The input power consumption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activates additional ports as long as the aggregated power of the system is lower than the power level at which additional PDs cannot be connected When this value i...

Страница 298: ...ts Consumption mode The system offers PoE power according to PD real power consumption Allocation mode Users allow to assign how much PoE power to each port and the system will reserve PoE power to PD Temperature Threshold Allows setting over temperature protection threshold value PoE Temperature Display the PoE chip temperature This section displays the PoE Power Usage of Current Power Consumptio...

Страница 299: ...s are End Span Pins 1 2 pair 2 in both T568A and T568B form one side of the DC supply and pins 3 6 pair 3 in both T568A and T568B provide the return Mid Span Pins 4 5 pair 1 in both T568A and T568B form one side of the DC supply and pins 7 8 pair 4 in both T568A and T568B provide the return UPoE Pins 1 2 pair 2 in both T568A and T568B form one side of the DC supply and pins 3 6 pair 3 in both T568...

Страница 300: ...Used W The Power Used shows how much power the PD currently is using Power Allocation It can limit the port PoE supply watts Per port maximum value must be less than 60 watts Total port values must be less than the Power Reservation value Once power overload is detected the port will auto shut down and keep in detection mode until PD s power consumption is lower than the power limit value Buttons ...

Страница 301: ...ng worldwide and contributing to the environmental protection on the Earth the Managed PoE switch can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMB or Enterprise saving power and money Schedul...

Страница 302: ...NS3503 16P 4C User Manual 300 The screen in Figure 4 16 5 appears Figure 4 16 5 PoE Schedule Screenshot ...

Страница 303: ...by disabling it End Min Allows user to set what minute PoE function does by disabling it Reboot Enable Allows user to enable or disable the whole PoE port reboot by PoE reboot schedule Please note that if you want PoE schedule and PoE reboot schedule to work at the same time please use this function and don t use Reboot Only function This function offers administrator to reboot PoE device at an in...

Страница 304: ... administrator management burden This page provides you with how to configure PD Alive Check The screen in Figure 4 16 6 appears Figure 4 15 6 PD Alive Check Configuration Screenshot The page includes the following fields Object Description Mode Allows user to enable or disable per port PD Alive Check function By default all ports are disabled Ping PD IP Address This column allows user to set PoE ...

Страница 305: ...e via Syslog Alarm It means system will issue an alarm message via Syslog Reboot Time 30 180s This column allows user to set the PoE device rebooting time as there are so many kinds of PoE devices on the market and they have a different rebooting time The PD Alive check is not a defining standard so the PoE device on the market doesn t report reboot done information to the PoE Switch Thus user has...

Страница 306: ...the configuration to Factory Defaults Figure 4 15 1 Factory Default Page Screenshot After the Factory button is pressed and rebooted the system will load the default IP settings as follows Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Gateway 192 168 0 254 The other setting value is back to disable or none Note To reset the Managed Switch to the Factory default setting you can also pr...

Страница 307: ...m front panel 4 16 3 Backup Manager This function allows backup of the current image or configuration of the Managed Switch to the local management station The Backup Manager screen in Figure 4 16 3 appears Figure 4 16 3 Backup Manager Page Screenshot The page includes the following fields ...

Страница 308: ...function allows reloading of the current image or configuration of the Managed Switch to the local management station The Upgrade Manager screen in Figure 4 16 4 appears Figure 4 16 4 Upgrade Manager Page Screenshot The page includes the following fields Object Description Upgrade Method Select upgrade method for this drop down list Server IP Fill in your TFTP server IP address File Name The name ...

Страница 309: ... web page displays two tables with information about the active and backup firmware images The Dual Image Configuration and Information screens in Figure 4 16 5 and Figure 4 16 6 appear Figure 4 15 5 Dual Image Configuration Page Screenshot The page includes the following fields Object Description Active Image Select the active or backup image Buttons Click to apply active image Figure 4 16 6 Dual...

Страница 310: ...The page includes the following fields Object Description Flash Partition Display the current flash partition Image Name Display the current image name Image Size Display the current image size Created Time Display the created time ...

Страница 311: ... if the destination address is located at the same port as this packet then this packet will be filtered thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding technique A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer and does the complete error checking before transmission Therefore...

Страница 312: ... when a connection is established with another network device usually at Power On or Reset This is done by detecting the modes and speeds when both devices are connected Both 10BASE T and 100BASE TX devices can connect with the port in either half or full duplex mode If attached device is 100BASE TX port will set to 10Mbps without auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10BA...

Страница 313: ...ll duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port Why doesn t the Switch connect to the network Solution 1 Check the LNK ACT LED on the Managed Switch 2 Try another port on the Managed Switch 3 Make sure the cable is installed correctly 4 Make sure the cable is the right type 5 Turn off the power After a few moments turn...

Страница 314: ...the PoE Ethernet Switch Make sure the cable is installed properly and make sure the cable is the right type Turn off the power After a few moments turn on the power again When I connect my PoE device to PoE Ethernet Switch it cannot be powered on Solution 1 Please check the cable type of the connection from the PoE Ethernet Switch port 1 to port 8 to the other end The cable should be an 8 wire UTP...

Страница 315: ... 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ45 receptacle connector and their pin assignments RJ45 Connector pin assignment...

Страница 316: ...hite Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 2 Crossover Cable SIDE 1 SIDE 2 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Oran...

Результаты поиска

Содержание NS3503-16P-4C

Отзывы:

Похожие инструкции для NS3503-16P-4C

Бренды по названию

Популярные бренды

Interlogix NS3503-16P-4C, Руководство пользователя

Результаты поиска

Содержание NS3503-16P-4C

Отзывы:

Похожие инструкции для NS3503-16P-4C

Бренды по названию

Популярные бренды