manualshive.com logo in svg

IS5 COMMUNICATIONS iES22GF, Руководство пользователя

Поделиться
Скачать
IS5 COMMUNICATIONS iES22GF Скачать руководство пользователя страница 152

iES22GF  User’s  Manual 

 

152 

 

 

iS5 Communications Inc.

 

 

not  failed  (because  the  X seconds have  not  expired),  the  same  server  will  be  contacted  when  the  next 

back-end authentication server  requests from the switch. This scenario will loop forever. Therefore, the 

server timeout should  be smaller than the supplicant's EAPOL Start frame retransmission rate. 

 

 

Overview of  MAC-Based Authentication 

Unlike  802.1X,  MAC-based  authentication  is  not  a  standard,  but  merely  a  best  -practices  method 

adopted  by  the  industry.  In  MAC-based  authentication,  users  are  called  clients,  and  the  switch  acts as 

the  supplicant on  behalf of clients. The  initial frame  (any  kind  of frame)  sent  by  a  client  is  snooped  by 

the  switch,  which  in  turn  uses  the  client's  MAC  address  as  both  username  and  password  in  the 

subsequent  EAP  exchange  with  the  RADIUS  server.  The  6-byte MAC address is converted to a string  in 

the following form "xx-xx- xx-xx- xx-xx", that is, a  dash  (-)  is  used  as  separator  between  the  lower-cased 

hexadecimal  digits.  The  switch  only  supports  the  MD5-Challenge  authentication  method,  so  the 

RADIUS  server  must  be  configured accordingly. 

When  authentication  is  complete,  the  RADIUS  server  sends  a  success  or  failure  indication,  which  in 

turn  causes  the switch to open up  or block traffic for  that particular  client, using  static  entries into the 

MAC  Table.  Only  then  will  frames  from  the  client  be  forwarded  on  the  switch.  There  are  no  EAPOL 

frames involved in  this authentication, and therefore, MAC -based  authentication has nothing to do with 

the 802.1X standard. 

The  advantage  of  MAC-based  authentication  over  802.1X  is  that  several  clients  can  be  connected  to 

the same  port (e.g.  through a 3rd party  switch or a  hub) and  still require individual  authentication,  and 

that  the  clients  do  not  need  special  supplicant  software  to  authenticate.  The  disadvantage  is  that 

MAC  addresses  can  be  spoofed  by  malicious  users,  equipment  whose  MAC  address  is  a  valid  RADIUS 

user  can  be used  by anyone, and only the  MD5-Challenge method is supported. 

 

 

802.1 

X and  MAC-Based  authentication  configurations  consist  of  two  sections: system-  and  port-wide. 

 

 
 

Содержание iES22GF

Страница 1: ...iES22GF User s Manual Intelligent 20 Ports Configurable Gigabit Ethernet Switch Version 1 8 May 2017...

Страница 2: ...tive within this warranty period including shipping costs This warranty does not cover product modifications or repairs done by persons other than iS5 approved personnel and this warranty does not app...

Страница 3: ...allation 10 2 1 Installing the Switch on a DIN Rail 10 2 1 1 Mounting the iES22GF on a DIN Rail 10 2 2 Wall Mount Installation 10 2 2 1 Mounting the iES22GF on a Wall or Panel 10 Hardware Overview 12...

Страница 4: ...overy 35 5 7 Dual Port Recovery 36 5 7 1 Introduction 36 5 7 2 Configuration 37 Management 39 6 1 Basic Settings 40 6 1 1 Basic Setting 40 6 1 2 Admin Password 41 6 1 3 Authentication Method 42 6 1 4...

Страница 5: ...6 6 2 SNMP Community Configurations 95 6 6 3 SNMP User Configurations 95 6 6 4 SNMP Group Configurations 98 6 6 5 SNMP View Configurations 99 6 6 6 SNMP Access Configurations 99 6 7 Traffic Prioritiz...

Страница 6: ...10 2 System Warning 164 6 11 Monitor and Diag 168 6 11 1 MAC Table 168 6 11 2 Port Statistics 170 6 11 3 Port Monitoring 172 6 11 4 System Log Information 173 6 11 5 VeriPHY Cable Diagnostics 174 6 1...

Страница 7: ...be required to take adequate measures Caution LASER This product contains a laser system and is classified as a CLASS 1 LASER PRODUCT Use of controls or adjustments or performance of procedures other...

Страница 8: ...ast recovery technology The iES22GF supports a wide operating temperature of 40 o C to 85 o C Both products can be managed centrally and conveniently via the iManaged Software Suite web browsers Telne...

Страница 9: ...r Authentication for security Supports 9 6K Bytes Jumbo Frame Multiple notification for warning of unexpected event Web based Telnet Console CLI and Windows utility iMSS configuration Support LLDP Pro...

Страница 10: ...t the switch and hook the top 2 catches of the metal bracket onto the top of the DIN Rail Step 2 Push the bottom of the switch toward the DIN Rail until the bracket snaps in place 2 2 Wall Mount Insta...

Страница 11: ...s Manual 11 iS5 Communications Inc Option 2 Fix mounting brackets to back of switch using 4 screws included in the package Note To avoid damage to the unit please use the screws provided to mount the...

Страница 12: ...for PWR When the PWR UP the green led will be light on 3 LED for PWR1 4 LED for PWR2 5 LED for R M Ring master When the LED light on it means that the switch is the ring master of Ring LED for Ring Wh...

Страница 13: ...en On Data transmitted 3 2 Bottom view Panel The Phillips Screw Terminal Block located on the bottom of the unit has Phillips screws with compression plates allowing either bare wire connections or cr...

Страница 14: ...econd or backup DC power source 8 RLY NO Failsafe Relay Normally Open contact 9 RLY CM Failsafe Relay Common contact 10 RLY NC Failsafe Relay Normally Closed contact Chassis Ground Connection The iES2...

Страница 15: ...hown below 1 Screw holes 4 for wall mount kit 2 DIN Rail mount 3 4 Side Panel The components on the side of the iES10G are shown below 1 Screw holes 4 for wall mount kit Cables 4 1 Ethernet Cables The...

Страница 16: ...SE T Cat 5 Cat 5e 100 ohm UTP UTP 100 m 328ft RJ 45 4 1 1 1000 100BASE TX 10BASE T Pin Assignments With 10 100 1000BASE T X cables pins 1 and 2 are used for transmitting data and pins 3 and 6 are used...

Страница 17: ...used Not used 1000 Base T MDI MDI XPin Assignments Pin Number MDI port MDI X port 1 BI_DA BI_DB 2 BI_DA BI_DB 3 BI_DB BI_DA 4 BI_DC BI_DD 5 BI_DC BI_DD 6 BI_DB BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC Note a...

Страница 18: ...using the RS 232 cable with a DB 9 female connector The DB 9 female connector of the RS 232 cable should be connected the PC while the other end of the cable RJ 45 connector should be connected to th...

Страница 19: ...om traveling through any of the network s redundant loops In the event that one branch of the ring gets disconnected from the rest of the network the protocol automatically re adjusts the ring so that...

Страница 20: ...which port on each switch will be used as the coupling ports and then link them together For example port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D Then enable C...

Страница 21: ...e ring to connect the switches in the RSTP network backbone switches The connection of one of the switches Switch A or B will act as the primary path while the other will act as the backup path when t...

Страница 22: ...void network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Used for connecting multiple rings A coupling ring needs four switches to build an activ...

Страница 23: ...allows multiple redundant rings of different redundancy protocols to interoperate together as a large robust network topology It can create multiple redundant networks beyond the limitations of curren...

Страница 24: ...ncy for any backbone network with different equipment providing ease of use and maximum fault recovery times flexibility compatibility and cost effectiveness iBridge feature allows usage iES22GF devic...

Страница 25: ...witch needs to be defined Other switches beside them just need to have iBridge enabled Label Description Enable Check to enable iBridge function Vender Chose vendor from the vendor s list Moxx Advante...

Страница 26: ...recovers a link in 30 to 50 seconds RSTP can shorten the time to 5 to 6 seconds STP Bridge Status This page shows the status for all STPbridge instance Label Description MSTI The bridge instance Can...

Страница 27: ...e current STP port state of the CIST port The values include Blocking Learning and Forwarding Uptime The time since the bridge port is last initialized Refresh Click to refresh the page immediately Au...

Страница 28: ...tree BPDU s received and discarded on the port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals STP Bridge Configuratio...

Страница 29: ...eptable in some industrial applications MSTP supports multiple spanning trees within a network by grouping and mapping multiple VLAN s into different spanning tree instances known as MSTI s forming in...

Страница 30: ...02 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding por...

Страница 31: ...The name should not exceed 32 characters Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI The bridge i n s t a n c e The CIST is n...

Страница 32: ...and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 4 3 CIST With the ab...

Страница 33: ...rts are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above OperE...

Страница 34: ...fications and topology changes to other ports If se t it will cause temporary disconnection after changes in an active spanning trees topology as a result of persistent incorrectly learned station loc...

Страница 35: ...a MRP manager and can only have one manager If two or more switches are set to be Managers at the same time the MRP topology will fail React on Link Change Advanced mode Faster mode Enabling this fun...

Страница 36: ...ery mode will provide redundant links 5 7 1 Introduction Dual Port Recovery is an iS5 Communication Proprietary solution for interoperability issues with unmanaged devices like unmanaged switches Dual...

Страница 37: ...he backup port is changing its state to be forwarding like in picture below The disconnected port changes its status to No Link When link of port 1 on switch 2 returns back to be link up the switch 1...

Страница 38: ...need to select one port to be Active Port on each of two devices of each side Test Interval Setting Interval time for sending keep alive messages 10 5000ms default 10 Note Test interval should be the...

Страница 39: ...sumption but also enhances access speed and provides a user friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting s...

Страница 40: ...ppears Note Session timeout is 10 minutes On the right hand side of the management interface it shows links to various settings Click on the links to access the configuration pages to different functi...

Страница 41: ...tring length is 0 to 255 and only ASCII characters from 32 to 126 are allowed System Contact The textual identification of the contact person for this managed node together with information on how to...

Страница 42: ...e she logs into the switch via one of the management interfaces Label Description Client The management client for which the configuration belowapplies Authentication Method Authentication Method can...

Страница 43: ...nabling you do not need to assign the IP address IP Address The network DHCP server will assign the IP address for the switch and it will be display in this column The default IP is 192 168 10 1 IP Ma...

Страница 44: ...e Acronym The user can set the acronym of the time zone This is a User configurable acronym to identify the time zone Range Up to 16 characters Daylight Savings Time Mode This is used to set the clock...

Страница 45: ...t the ending day Recurring Month Select the ending month Date Select the ending date Non Recurring Year Select the ending year Non Recurring Hours Select the ending hour Offset Settings Enter the numb...

Страница 46: ...tion Mode Indicates the selected SSHmode The modes include Enabled enable SSH Disabled disable SSH Save Click to save changes Reset Click to undo any changes made locally and revert to previously save...

Страница 47: ...nd out LLDP information and will analyze LLDP information received from its neighbors LLDP Neighbor Information This page provides a status overview for all LLDP neighbors The following table contains...

Страница 48: ...ty is disabled a will be displayed Management Address The neighbor s address which can be used to help network management This may contain the neighbor s IP address Refresh Click to refresh the page i...

Страница 49: ...iscarded If a port receives an LLDP frame and the switch s internal table is full the LLDP frame will be counted and discarded This situation is known as too many neighbors in the LLDP standard LLDP f...

Страница 50: ...rg Label Description Mode Shows the existing status of the Modbus TCP function Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Note For Mo...

Страница 51: ...restart or power off the device at this time or the switch may fail to function afterwards Upgrade takes 10 minutes or more based on connection bandwidth 6 2 DHCP Server The switch provides DHCP serve...

Страница 52: ...to save changes Reset Click to undo any changes made locally and revert to previously saved values 6 3 6 DHCP Dynamic Client List When DHCP server functions are activated the switch will collect DHCP...

Страница 53: ...be added to the Static Client List IP Address Enter the MAC address to be added to the Static Client List Add as Static Add new entry to static table Label Description Type The type of client Dynamic...

Страница 54: ...h and sixth characters are the module ID In stand alone devices the module ID always equals to 0 in stacked devices it means switch ID The last two characters are the port number For example 00030108...

Страница 55: ...eive Agent Option The number of received packets containing relay agent information Replace Agent Option The number of packets replaced when received messages contain relay agent information Label Des...

Страница 56: ...ort Control This page shows current port configurations Ports can also be configured here Label Description Port This is the logical port number for this row Link The current link state is displayed g...

Страница 57: ...This setting is related to the setting for Configured Link Speed MaximumFrame You can enter the maximum frame size allowed for the switch port in this column including FCS The allowed range is 1518 by...

Страница 58: ...is enabled DestinationMAC Address Calculates the destination port of the frame You can check this box to enable the destination MAC address or uncheck to disable By default Destination MACAddress is...

Страница 59: ...ges made locally and revert to previously saved values LACP Port This page allows you to enable LACP functions to group ports together to form single virtual links thereby increasing the bandwidth bet...

Страница 60: ...ty of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lo...

Страница 61: ...the port cannot join in the aggregation group unless other ports are removed and is in disabled LACP status Key The key assigned to this port Only ports with the same key can be Aggregated Aggr ID Th...

Страница 62: ...number of unknown or illegalLACP frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular Intervals Clear C...

Страница 63: ...alue is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Label Description Port Switch port number Enable Activate loop protection functio...

Страница 64: ...hich connects to the MRP ring 6 4 2 iRing iS5 supports three ring topologies Ring Master Coupling Ring and Dual Homing You can configure the settings in the interface below Label Description iRing Che...

Страница 65: ...ing to the normal switches in RSTP mode Save Click to apply the configurations 6 4 3 iChain iChain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Other...

Страница 66: ...le STP and RSTP Bridge Priority 0 61440 A value used to identify the root bridge The bridge with the lowest value highest priority is selected as the root If the value changes the switch must be reboo...

Страница 67: ...Enter which port should be blocked by setting the priority on the LAN Enter a number between 0 and 240 The value of priority must be a multiple of 16 Admin Edge Admin Edge is the port which is directl...

Страница 68: ...is enabled or disabled on this switch port Label Description Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately R...

Страница 69: ...ed OperP2P Some of the rapid state transactions that are possible within RSTP are dependent upon whether the port concerned can only be connected to exactly one other bridge i e It is served by a poin...

Страница 70: ...of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information to The range of valid values is 4 to 30 seconds and MaxAge must be FwdDelay 1 2 Transmit Hold Count The...

Страница 71: ...hare spanning trees for MSTI s intra region The name should not exceed 32 characters Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 M...

Страница 72: ...tive Priority Indicates bridge priority The lower the value the higher the priority The bridge priority MSTI instance number and the 6 byte MAC address of the switch forms a bridge identifier Save Cli...

Страница 73: ...chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above OperEdge sta...

Страница 74: ...et by a network administrator to prevent bridges outside a core region of the network from causing address flushing in that region because those bridges are not under the full control of the administr...

Страница 75: ...02 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding por...

Страница 76: ...tly assigned the root port role Root Cost Root path cost For a root bridge this is zero For other bridges it is the sum of port path costs on the least cost path to the Root Bridge Topology Flag The c...

Страница 77: ...lays the STPport statistics for the currently selected switch Label Description Port The switch port number to which the following settings will be applied MSTP The number of MSTP configuration BPDU s...

Страница 78: ...Recovery The Dual Port Recovery mechanism is the mechanism that allows execution of recovery protocol over the unmanaged devices switches ring of switches that don t support other recovery protocols T...

Страница 79: ...hen link of port 1 on switch 2 returns back to be link up the switch 1 port 1 is in forwarding state and in this case the No Link port is changing its status to be Blocking port Dual Port Recovery Con...

Страница 80: ...ship configurations for a selected switch stack in this page Up to 64 VLAN s are supported This page allows for adding and deleting VLAN s as well as adding and deleting port members of each VLAN Labe...

Страница 81: ...wVLANs Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 6 7 6 Port Configurations This page allows you to set up VLANports individually Lab...

Страница 82: ...fied VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Tx tag should be set to Untag_pvid when this mode is used If Specific t...

Страница 83: ...aware port will be set to 0x8100 The final status of the frame after egressing will also be affected by the Egress Rule C port When the port receives untagged frames an untagged frame obtains a tag ba...

Страница 84: ...D and is forwarded When the port receives tagged frames If the tagged frame contains a TPID of 0x8100 it will be forwarded If the TPID of tagged frame is not 0x88A8 ex 0x8100 it will be discarded The...

Страница 85: ...iES22GF User s Manual 85 iS5 Communications Inc...

Страница 86: ...22GF User s Manual 86 iS5 Communications Inc Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLANAccess mode Untagged 20 Port 8 is VLANAccess mode Untagged 10 Below are the switch settin...

Страница 87: ...iES22GF User s Manual 87 iS5 Communications Inc VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Страница 88: ...iES22GF User s Manual 88 iS5 Communications Inc VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Страница 89: ...ES22GF User s Manual 89 iS5 Communications Inc VLAN QinQ Mode VLANQinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN iES22GF Port 1 VLAN Setting...

Страница 90: ...d here Private VLANs can be added or deleted here Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs T...

Страница 91: ...row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are not ac...

Страница 92: ...port isolation is disabled for that port By default port isolation is disabled for all ports Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page...

Страница 93: ...e field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table Write Community Indicates the write comm...

Страница 94: ...MP trap packets The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed Trap Destination Address Indicates the SNMP trap destination address It allow a valid IP addr...

Страница 95: ...ns This page allows you to configure SNMPv3 community table The entry index key is Community Label Description Delete Check to delete the entry It will be deleted during the next save Community Indica...

Страница 96: ...nt s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID is the same as system en...

Страница 97: ...t be set correctly at the time of entry creation Authentication Password A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SH...

Страница 98: ...v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name Astring identifying the security name that this entry should belong to The allowed string length is 1 t...

Страница 99: ...ate that this view subtree should be included Excluded An optional flag to indicate that this view subtree should be excluded Generally if an entry s view type is Excluded it should exist in another e...

Страница 100: ...Possible security models include NoAuth NoPriv no authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The names o f t h e M I B...

Страница 101: ...d to this rate The management VLAN is configured on the IP setup page Label Description Frame Type The settings in a particular row apply to the frame type listed here unicast multicast or broadcast S...

Страница 102: ...and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag as s...

Страница 103: ...by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag O...

Страница 104: ...all switch ports Label Description Port The switch port number to which the following settings will be applied Click on the port number to configure tag remarking Mode Shows the tag remarking mode fo...

Страница 105: ...e Check to enable ingress translation 2 Classify Classification has 4 different values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected cl...

Страница 106: ...ricted to 100 to 1000000 when the Unit is kbps or fps and is restricted to 1 to 3300 when the Unit is Mbps or kfps Unit Configures the unit of measurement for each policer rate as kbps Mbps fps or kfp...

Страница 107: ...kbps and is restricted to 1 to 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enabled Unit Configures the unit of measurement for each queue policer rate...

Страница 108: ...t Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports Label Description Port The switch port number to which the following settings will be applied Click on the port...

Страница 109: ...haper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use exce...

Страница 110: ...default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate of each queue shap...

Страница 111: ...is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Port Shaper Unit Configures the unit of measurement for each port shaper rate as kbps or...

Страница 112: ...rop precedence level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS class value can be any number from 0 7 DPL Drop Precedence Level 0 3 Save Click to save changes Reset...

Страница 113: ...cation Egress There are the following configurable parameters for Egress side 1 Remap DP0 Controls the remapping for frames with DP level 0 2 Remap DP1 Controls the remapping for frames with DP level...

Страница 114: ...lue 0 63 Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 6 7 13 QoS Control List This page shows the QoS Control List QCL which is made up...

Страница 115: ...iES22GF User s Manual 115 iS5 Communications Inc Label Description Port Members Check to include the port in the QCL entry By default all ports are included...

Страница 116: ...ast BC or Any Frame Type can be the following values Any Ethernet LLC SNAP IPv4 IPv6 Note all frame types are explained below Any Allowall types of frames Ethernet Valid Ethernet values can range from...

Страница 117: ...specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IPv6 Protocol IP protocol number Other 0 255 TCP UDP or Any Source IP IPv6 source address a b c d...

Страница 118: ...he QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs...

Страница 119: ...alue displayed under DSCP column Conflict Displays the conflict status of QCL entries As hardware resources are shared by multiple applications resources required to add a QCE may not be available In...

Страница 120: ...GMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting Router Port Specifies which ports act as router ports A router por...

Страница 121: ...e starting point in the VLAN Table Clicking the Refresh button will update the displayed table starting from that or the next closest VLAN Table match The will use the last entry of the currently disp...

Страница 122: ...Querier Received The number of transmitted Queries V1 Reports Received The number of received V1 reports V2 Reports Received The number of received V2 reports V3 Reports Received The number of receiv...

Страница 123: ...to select the starting point in the IGMP Group Table Clicking the refresh button will update the displayed table starting from that or the next closest IGMP Group Table match In addition the two input...

Страница 124: ...iption Port Port number of the remote client IP Address IP address of the remote client 0 0 0 0 means any IP Web Check to enable management via a Web interface Telnet Check to enable management via a...

Страница 125: ...Stream Check Active Check to enable stream check When enabled the switch will detect the stream change getting low from the device Stream Check Status Indicates stream check status Possible statuses...

Страница 126: ...s you can set actions from the list 6 7 Label Description Link Change Disables or enables the port Only log it Simply sends logs to the log server Shunt Down the port Disables the port Reboot Device D...

Страница 127: ...a single number In this case please insert the same number Filter If packet type is UDP or TCP please choose the socket direction Destination Source Action Indicates the action to take when DDOS atta...

Страница 128: ...ble types are no specification IP Camera IP Phone Access Point PC PLC and Network Video Recorder Location Address Indicates location information of the device The information can be used for Google Ma...

Страница 129: ...ort unless the frame matches a specific ACE Label Description Port The switch port number to which the following settings will be applied Policy ID Select to apply a policy to the port The allowed val...

Страница 130: ...ion of this port The allowed values are Enabled if a frame is received on the port the port will be disabled Disabled port shut down is disabled The default value is Disabled State Specify the state o...

Страница 131: ...s packets per second kbps Kbits per second Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ACL Control List This page shows the Access Con...

Страница 132: ...iption Ingress Port Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this port number where n is the number of the switch port Policy Fi...

Страница 133: ...s the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled i...

Страница 134: ...es the destination MAC filter for this ACE Any no DMAC filter is specified DMAC filter status is don t care MC frame must be multicast BC frame must be broadcast UC frame must be unicast Specific If y...

Страница 135: ...r a specific VLAN ID number The allowed range is 1 to 4095 Frames matching the ACE will use this VLANID value Tag Priority Specifies the tag priority for the ACE Aframe matching the ACE will use this...

Страница 136: ...ters will appear For more details of these fields please refer to the help file IP Protocol Value Other allows you to enter a specific value The allowed range is 0 to 255 Frames matching the ACE will...

Страница 137: ...ork is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation SIP Mask When Network is selected for the source IP filter you can enter a specific SIP mask in...

Страница 138: ...k is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IPMask When Network is selected for the sender IP filter you can enter a specific se...

Страница 139: ...t not match this entry 1 ARP RARP frames where the HLNis equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed don t care IP Specifies whether frames...

Страница 140: ...can enter a specific ICMP value The allowed range is 0 to 255 Aframe matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE Any no ICMP code filter is sp...

Страница 141: ...llowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source range TCP UDP Destination Filter Specifies the TCP UDP destination filter for the ACE Any no TCP UDP destination filter...

Страница 142: ...SH Specifies the TCPPSH push function value for the ACE 0 TCP frames where the PSHfield is set must not be able to match this entry 1 TCP frames where the PSHfield is set must be able to match this en...

Страница 143: ...ames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE...

Страница 144: ...sh the page Auto refresh Check to enable an automatic refresh of the page at regular intervals 6 9 2 AAA AAA Radius Server Configuration Common Server Configuration This page allows you to configure t...

Страница 145: ...Server Configuration The table has one row for each RADIUS Authentication Server and a number of columns which are Label Description The RADIUS Authentication Server number for which the configuratio...

Страница 146: ...e RADIUS Accounting Server If the port is Port set to 0 zero the default port 1813 is used on the RADIUS Accounting Server Secret The secret up to 29 characters long shared between the RADIUS Accounti...

Страница 147: ...number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Refresh Click to refresh the page immediately Auto refresh Chec...

Страница 148: ...e number of RADIUS packets that were received with unknown types from the server on the authentication port and dropped Rx Packets Dropped radiusAuthClientExtPac ketsDropped The number of RADIUS packe...

Страница 149: ...p Time radiusAuthClientExtRou ndTripTime The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authent...

Страница 150: ...ounted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other info This section contains information about the state of the server and the...

Страница 151: ...al 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs...

Страница 152: ...tween the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS...

Страница 153: ...into a switch port For MAC based ports re authentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefor...

Страница 154: ...modes using the Port Security functionality to secure MAC addresses MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server r...

Страница 155: ...od the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the r...

Страница 156: ...aracteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communications between the supplicant and the...

Страница 157: ...h supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as the destination MAC a...

Страница 158: ...has nothing to do with the 802 1Xstandard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or...

Страница 159: ...fect on successfully authenticated clients on the port and will not cause the clients to be temporarily unauthorized Reinitialize forces a reinitialization of the clients on the port and hence a reaut...

Страница 160: ...istics for a specific switch port using port based authentication For MAC based ports only selected backend server RADIUS Authentication Server statistics are shown Use the port drop down list to sele...

Страница 161: ...e been received by the switch Rx Responses dot1xAuthEapolRespFram esRx The number of valid EAPOL response frames other than Response Identity frames that have been received by the switch Rx Start dot1...

Страница 162: ...ndicates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAut hSuccesses 802 1X and MAC based Counts the number of times that the switch receives...

Страница 163: ...ed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Label Description MAC A...

Страница 164: ...and the electric relay will signal at the same time Select the events to cause the Fault Alarm then click Save at the bottom of the screen to save the changes 6 10 2 System Warning SYSLOG Settings The...

Страница 165: ...ation and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will...

Страница 166: ...The recipient s e mail address allows a total number of six recipients Apply Click to activate the configurations Help Shows help box Event Selection SYSLOG is the warning method supported by the syst...

Страница 167: ...lure Alerts when SNMP authentication fails Redundant Ring Topology Change Alerts when there is a ring topology change Port Event SYSLOG Select the SYSLOG event for a specific port number Possible sele...

Страница 168: ...aging You can configure aging time by entering a value in the box of Age Time The allowed range is 10 to 1000000 seconds You can also disable the automatic aging of dynamic entries by checking Disabl...

Страница 169: ...rs Checkmarks indicate which ports are members of the entry Check or uncheck to modify the entry Adding New Static Entry Click to add a new entry to the static MAC table You can specify the VLAN ID MA...

Страница 170: ...whether the entry is a static or dynamic entry MAC address The MAC address of the entry VLAN The VLANID of the entry Port Members The ports that are members of the entry 6 11 2 Port Statistics Traffi...

Страница 171: ...d bad bytes including FCS except framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and...

Страница 172: ...nvalid CRC Rx Jabber The number of long 2 frames received with an invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Tx Drops The number of frames dropped due to...

Страница 173: ...iES22GF User s Manual 173 iS5 Communications Inc 6 11 4 System Log Information This page provides switch system log information...

Страница 174: ...he switch Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Updates system log entries starting from the current entry ID Clear Flushes all system log...

Страница 175: ...unning VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port The port for which Ve...

Страница 176: ...ets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2...

Страница 177: ...ible Output enable the 1 pps clock output Input enable the 1 pps clock input Disable disable the 1 pps clock in out put External Enable The boxallows you to configure external clock output The followi...

Страница 178: ...iES22GF User s Manual 178 iS5 Communications Inc...

Страница 179: ...P2p Transp peer to peer transparent clock E2e Transp end to end transparent clock Master Only master only Slave Only slave only Port List Set check mark for each port configured for this Clock Instanc...

Страница 180: ...hich master clocks to request Announce and Sync messages from For more information please refer to Unicast Slave Configuration VLAN Tag Enable Enables VLAN tagging for PTP frames Note Packets are only...

Страница 181: ...e switch is restored to factory defaults Label Description Yes Click to reset the configuration to factory defaults No Click to return to the System Information page without resetting 6 14 System Rebo...

Страница 182: ...configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable Follow the steps belowto access the console via RS 232 serial cable 1 Start Tar...

Страница 183: ...ual 183 iS5 Communications Inc 4 Press Enter for the Console login screen to appear Use the keyboard to enter the Console Username and Password which is same as the Web Browser password admin for both...

Страница 184: ...llow the steps belowto access the console via Telnet 1 Connect your PC to one of the Ethernet ports of the switch via an Ethernet cable 2 Telnet to the IP address of the switch from the Windows Run co...

Страница 185: ...iES22GF User s Manual 185 iS5 Communications Inc Command Groups...

Страница 186: ...error Log Clear all info warning error Timezone Configuration Timezone Offset offset Timezone Acronym acronym DST Configuration DST Mode disable recurring non recurring DST start week day month date y...

Страница 187: ...figuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx 10gfdx State port_list enable disable Port MaxFrame port_list max_frame Excessive port_list discard restart Statistic...

Страница 188: ...s all Name Add name vid Name Delete name Name Lookup name Status port_list combined static nas mstp all conflicts Private VLAN Configuration port_list Add pvlan_id port_list PVLAN Delete pvlan_id Look...

Страница 189: ...tistics Add stats_id data_source Statistics Delete stats_id Statistics Lookup stats_id History Add history_id data_source interval buckets History Delete history_id History Lookup history_id Alarm Add...

Страница 190: ...pol radius Security Network ACL Security Network ACL Configuration port_list Action port_list permit deny rate_limiter port_redirect mirror logging shutdown Policy port_list policy Rate rate_limiter_l...

Страница 191: ...Security AAA Configuration Radius server timeout timeout Radius server retransmit retransmit Radius server deadtime deadtime radius server key key radius server nas ip address ipv4_addr disable radiu...

Страница 192: ...enable disable Port RestrictedTcn stp_port_list enable disable Port bpduGuard stp_port_list enable disable Port Statistics stp_port_list clear Port Mcheck stp_port_list Msti Port Configuration msti st...

Страница 193: ...ap port_list pcp_list dei_list class dpl Port Classification DSCP port_list enable disable Port Policer Mode port_list enable disable Port Policer Rate port_list rate Port Policer Unit port_list kbps...

Страница 194: ...ss_list dpl_list dscp DSCP EgressRemap dscp_list dpl_list dscp Port Storm Unicast port_list enable disable rate kbps fps Storm Multicast enable disable packet_rate Port Storm Broadcast port_list enabl...

Страница 195: ...okup index User Add engineid user_name MD5 SHA auth_password DES AES priv_password User Delete index User Changekey engineid user_name auth_password priv_password User Lookup index Group Add security_...

Страница 196: ...me enable disable Trap Event AAA Authentication Failure conf_name enable disable Trap Event Switch STP conf_name enable disable Trap Event Switch RMON conf_name enable disable Firmware Firmware Load i...

Страница 197: ...kMode one_pps_mode ext_enable clockfreq vcxo_enable OnePpsAction one_pps_clear DebugMode clockinst debug_mode Wireless mode clockinst port_list enable disable Wireless pre notification clockinst port_...

Страница 198: ...onfiguration Syslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable disable Syslog RingTopologyChange enable disable Syslog Port port_list disable...

Страница 199: ...Configuration Mode enable disable Open Ring 1stUplinkPort port 2ndUplinkPort port Vender moxx advantexx hirschmaxx SFP SFP syslog enable disable temp temperature Info Device Binding DeviceBinding Mode...

Страница 200: ...st Port Addr port_list ip_addr mac_addr Port Alias port_list ip_addr Port DeviceType port_list unknown ip_cam ip_phone ap pc plc nvr Port Location port_list device_location Port Description port_list...

Страница 201: ...port security Port based network access control 802 1x VLAN 802 1Q to segregate and secure network traffic Radius centralized password management SNMPv3 encrypted authentication and access security Ht...

Страница 202: ...x D x H 5 x 6 44 x 6 07 inch Environmental Storage Temperature 40oC to 85oC 40oF to 18 5oF Operating Temperature 40oC to 85oC 40oF to 18 5oF Operating Humidity 5 to 95 Non condensing Regulatory appro...

Страница 203: ...Alarm 256 SysName 512 SysDescription 768 SysLocation 1024 SysContact 4096 4115 PortStatus Port 1 VTSS_PORTS Value 0x0000 Link down 0x0001 Link up 0x0002 Disable 0xffff NoPort 4352 4371 PortSpeed Port...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды