IS5 COMMUNICATIONS iES28GF Скачать руководство пользователя страница 154

Страница: 154 / 205

iES28TG/iES28GF User Manual

154

iS5 Communications Inc.

Multi 802.1X

In port-based 802.1X authentication, once a supplicant is successfully

authenticated on a port, the whole port is opened for network traffic.

This allows other clients connected to the port (for instance through a

hub) to piggy-back on the successfully authenticated client and get

network access even though they are not authenticated individually. To

overcome this security breach, use the Multi 802.1X variant.

Multi 802.1X is not yet an IEEE standard, but features many of the same

characteristics as port-based 802.1X. In Multi 802.1X, one or more

supplicants can be authenticated on the same port at the same time. Each

supplicant is authenticated individually and secured in the MAC table using

the Port Security module.

In Multi 802.1X it is not possible to use the multicast BPDU MAC address as

the destination MAC address for EAPOL frames sent from the switch to the

supplicant, since that would cause all supplicants attached to the port to reply

to requests sent from the switch. Instead, the switch uses the supplicant's

MAC address, which is obtained from the first EAPOL Start or EAPOL

Response Identity frame sent by the supplicant. An exception to this is when

no supplicants are attached. In this case, the switch sends EAPOL Request

Identity frames using the BPDU multicast MAC address as destination - to

wake up any supplicants that might be on the port.

The maximum number of supplicants that can be attached to a port can be

limited using the Port Security Limit Control functionality.

Содержание iES28GF

Страница 1: ...iES28TG iES28GF User s Manual Intelligent 28 Port Configurable Gigabit Ethernet Switch with 10GE Version 4 4 May 2017...

Страница 2: ...fective within this warranty period including shipping costs This warranty does not cover product modifications or repairs done by persons other than iS5 approved personnel and this warranty does not...

Страница 3: ...10 2 1 Front Panel 10 2 1 1 Ports and Connectors 10 2 1 2 Ports and Connectors iES28GF 12 2 1 3 LED 14 2 2 Rear Panel 15 Hardware Installation 16 3 1 Rack mount Installation for iES28GF 16 3 2 Rack mo...

Страница 4: ...1 Basic Setting 43 5 1 2 Admin Password 44 5 1 3 Authentication Method 45 5 1 4 IP Setting 45 5 1 5 SNTP Configuration 47 5 1 6 Daylight Saving Time 48 5 1 7 Switch Time Configuration 49 5 1 8 RIP 50...

Страница 5: ...munity Configurations 99 5 6 4 SNMP User Configurations 99 5 6 5 SNMP Group Configurations 102 5 6 6 SNMP View Configurations 103 5 6 7 SNMP Access Configurations 103 5 7 Traffic Prioritization 104 5...

Страница 6: ...168 5 10 2 System Warning 168 5 11 Monitor and Diag 171 5 11 1 MAC Table 171 5 11 2 Port Statistics 173 5 11 3 Port Monitoring 176 5 11 4 System Log Information 176 5 11 5 VeriPHY Cable Diagnostics 1...

Страница 7: ...laser system and is classified as a CLASS 1 LASER PRODUCT Use of controls or adjustments or performance of procedures other than those specified herein may result in hazardous radiation exposure Caut...

Страница 8: ...support for Ethernet redundancy protocols such as iRing recovery time 20ms over 250 units of connection and MSTP RSTP STP compatible The switches can protect mission critical applications from network...

Страница 9: ...Bytes Jumbo Frame Supports multiple notifications for incidents Supports management via Web based interfaces Telnet Console CLI and Windows utility iMSS Supports LLDP Protocol Supports Layer 3 iES28TG...

Страница 10: ...odules otherwise the system will not detect newly inserted modules iS5Com Slots 1 3 Description CM28 BLK1 Blank Module slot 1 3 CM28 8GRJ45 MODULE 8 X 10 100 1000Base TX RJ45 CM28 2MMST FL MODULE 2 X...

Страница 11: ...10 MODULE 2 x 1000LX Singlemode ST 10Km 1310nm CM28 4GSMST 10 MODULE 4 x 1000LX Singlemode ST 10Km 1310nm CM28 2GSMSC 40 MODULE 2 x 1000LX Singlemode SC 40Km 1310nm CM28 4GSMSC 40 MODULE 4 x 1000LX Si...

Страница 12: ...ns based on your needs The iES28GF includes the following models Models Description iES28GF L2 Compliant IEC61850 3ed 2support and Layer 2 functionality iES28GF L3 future IEC61850 3support and Layer 3...

Страница 13: ...0FX Singlemode SC 100Km 1550nm 2SMST100 2 x 100FX Singlemode ST 100Km 1550nm 4SMST100 4 x 100FX Singlemode ST 100Km 1550nm iS5Com Slot 4 Description XX None 2GRJ45 2 X 1000Base TX RJ45 4GRJ45 4 x 1000...

Страница 14: ...1 3 LED LED Color Status Description PWR Green On System power on Green Blinking Upgrading firmware PW1 Green On Power module 1 activated PW2 Green On Power module 2 activated R M Green On Ring Maste...

Страница 15: ...the rear of the switch are for the hot swappable power supply modules The power supply terminal block can be mounted in the front of the chassis or at the rear as shown The terminal block includes two...

Страница 16: ...he switch using 4 M3 screws on each side screws provided with the switch Step 2 Place the switch in the rack and mount to the rack using the rack screws Note You can install the brackets either in the...

Страница 17: ...iES28TG iES28GF User Manual 17 iS5 Communications Inc 3 2 Rack mount Installation for iES28TG The switch can be rack mounted using the hardware provided...

Страница 18: ...unting rails Mount to the rack using rack screws at the front and rear ears 3 3 Module Installation iES28TG only 3 3 1 RJ 45 Module The iES28TG supports maximum of 3 8x10 100 1000Base T X configurable...

Страница 19: ...tion Step 1 Turn offthe power to the switch Step 2 Insert the module in Slot 4 Step 3 Turn onthe power to the switch 1 The 10G slot can only accommodate a 10G module therefore do not insert non 10Giga...

Страница 20: ...bserve all electrical codes dictating the maximum current allowable for each wire size 3 If the current goes above the maximum ratings the wiring could overheat causing serious damage to your equipmen...

Страница 21: ...w 1 Remove the cover designed for protection from the terminalblock 2 Connect the ground from the first power source to GND1 terminal screw 3 Connect the Positive or Live from the first power source t...

Страница 22: ...of the unit and remain energized unless a critical error occurs One common application for this output is to signal an alarm if a power failure or removal of control power occurs 3 4 Connection 3 4 1...

Страница 23: ...are used for transmitting data and pins 3 and 6 are used for receiving data 10 100 Base T X RJ 45 Pin Assignments Pin Number Assignment 1 TD 2 TD 3 RD 4 Not used 5 Not used 6 RD 7 Not used 8 Not used...

Страница 24: ...BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC Note and signs represent the polarity of the wires that make up each wire pair RS 232 console port wiring The iES28TG can be managed via the console port using the RS...

Страница 25: ...iChain iRing Three or more switches can be connected together to form a ring topology with network redundancy capabilities byfollowing the steps below 1 Connect each switch to form a daisy chain usin...

Страница 26: ...ch D Then enable Coupling Ring on the management page and select the coupling ring in correspondence to the connected port For more information on port setting please refer to 4 1 2 Configurations Onc...

Страница 27: ...n Switch A B that you want to connect to the iRing and connect them to the switches in the ring Switch C D 2 In correspondence to the ports connected to the ring configure an edge port for both of the...

Страница 28: ...gabit operation or 10 milliseconds in full duplex Fast Ethernet operation with up to 250 nodes The ring protocols identify one switch as the master of the network and then automatically block packets...

Страница 29: ...o avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Used for connecting multiple rings A coupling ring needs four switches to build an ac...

Страница 30: ...to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment of the chain fails iC...

Страница 31: ...ovide network redundancy Network loops occur frequently in large networks when two or more paths run to the same destination broadcast packets could get in to an infinite loop and cause congestion in...

Страница 32: ...page at regular intervals STP Port Status This page displays the STPport status for the currently selected switch Label Description Port The switch port number to which the following settings will be...

Страница 33: ...mber of legacy STP configuration BPDU s received transmitted on the port TCN The number of legacy topology change notifications BPDU s received transmitted on the port Discarded Unknown The number of...

Страница 34: ...l be delayed The range of valid values is 1 to 10 BPDUs per second Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 2 MSTP MSTP was dev...

Страница 35: ...ath cost according to the physical link speed by using the 802 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for th...

Страница 36: ...on The name should not exceed 32 characters Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI The bridge i n s t a n c e The CIST i...

Страница 37: ...ber and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 3 CIST With the...

Страница 38: ...ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above Op...

Страница 39: ...otifications and topology changes to other ports If se t it will cause temporary disconnection after changes in an active spanning trees topology as a result of persistent incorrectly learned station...

Страница 40: ...a MRP manager and can only have one manager If two or more switches are set to be Managers at the same time the MRP topology will fail React on Link Change Advanced mode Faster mode Enabling this func...

Страница 41: ...munications Inc Label Description Enable Enables fast recovery mode Port Ports can be set to 12 priorities Only the port with the highest priority will be the active port 1 st Priority is the highest...

Страница 42: ...consumption but also enhances access speed and provides a user friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser settin...

Страница 43: ...ppears Note Session timeout is 10 minutes On the right hand side of the management interface it shows links to various settings Click on the links to access the configuration pages to different functi...

Страница 44: ...ng length is 0 to 255 and only ASCII characters from 32 to 126 are allowed System Contact The textual identification of the contact person for this managed node together with information on how to con...

Страница 45: ...management interfaces Label Description Client The management client for which the configuration belowapplies Authentication Method Authentication Method can be set to one of the following values Non...

Страница 46: ...be used as IPv4 interface address A value of zero disables the fallback mechanism such that DHCP will keep retrying until a valid lease is obtained Legal values are 0 to 4294967295 seconds IPv4 DHCP...

Страница 47: ...route will have a mask length of 0 as it will match anything Gateway The IP address of the IP gateway Valid format is dotted decimal notation Next Hop VLAN The VLAN ID VID of the specific IPv6 interf...

Страница 48: ...ve changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 6 Daylight Saving Time This page allows you to configure the Time Zone Label Description Time Zone Con...

Страница 49: ...Day Select the starting day Recurring Month Select the starting month Date Select the starting date Non Recurring Year Select the starting year Non Recurring Hours Select the starting hour Minutes Sel...

Страница 50: ...conds Save Click to save changes Reset Click to undo any changes made locally and revert to previous saved values 5 1 8 RIP Configure RIP on this page Label Description Mode Indicates the RIP operatio...

Страница 51: ...s no group VRIP Virtual Router IP Default IP If this VLAN gets into backup state from master state this interface would recover by this IP Save Click to save changes 5 1 10 HTTPS Configure HTTPS setti...

Страница 52: ...bel Description Port The switch port number to which the following settings will be applied Mode Indicates the selected LLDP mode Rx only the switch will not send out LLDP information but LLDP informa...

Страница 53: ...port Port Description The description of the port advertised by the neighbor System Name The name advertised by the neighbor System Capabilities Description of the neighbor s capabilities The capabil...

Страница 54: ...tries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows...

Страница 55: ...d discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Age Outs Each LLDP frame contains information abo...

Страница 56: ...may fail to function afterwards Upgrade takes 10 minutes or more based on connection bandwidth 5 1 16 Modbus TCP This page shows Modbus TCP support of the switch For more information regarding Modbus...

Страница 57: ...Mask The subnet mask Router The IP address of the gateway DNS The IP address of the Domain Name Server Lease Time Lease timer counted in seconds TFTP Server The IP address of the TFTP Sever Option 66...

Страница 58: ...y to static table 5 2 3 DHCP Static Client List You can assign a specific IP address within the dynamic IP range to a specific port When a device is connected to the port and requests for dynamic IP a...

Страница 59: ...et domain You can configure the function on the following page Relay Label Description Relay Mode Indicates the existing DHCP relay mode The modes include Enabled activate DHCP relay When DHCP relay i...

Страница 60: ...2 into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to a DHCP client It only works when the DHCP relay mode is enabled Disabled disable DHCP rel...

Страница 61: ...etting Port Setting allows you to manage individual ports of the switch including traffic power and trunks 5 3 1 Port Control This page shows current port configurations Ports can also be configured h...

Страница 62: ...figured Link Speed The drop down list provides available link speed options for a given switch port Auto selects the highest speed supported by the link partner Disabled disables switch port configura...

Страница 63: ...ess is enabled DestinationMAC Address Calculates the destination port of the frame You can check this box to enable the destination MAC address or uncheck to disable By default Destination MACAddress...

Страница 64: ...hanges made locally and revert to previously saved values LACP Port This page allows you to enable LACP functions to group ports together to form single virtual links thereby increasing the bandwidth...

Страница 65: ...ority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role...

Страница 66: ...ans the port cannot join in the aggregation group unless other ports are removed and is in disabled LACP status Key The key assigned to this port Only ports with the same key can be Aggregated Aggr ID...

Страница 67: ...The number of unknown or illegalLACP frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular Intervals Clea...

Страница 68: ...d value is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Label Description Port Switch port number Enable Activate loop protection func...

Страница 69: ...t which connects to the MRP ring 5 4 2 iRing iS5 supports three ring topologies Ring Master Coupling Ring and Dual Homing You can configure the settings in the interface below Label Description iRing...

Страница 70: ...h ring to the normal switches in RSTP mode Save Click to apply the configurations 5 4 3 iChain iChain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Oth...

Страница 71: ...sable STP and RSTP Bridge Priority 0 61440 A value used to identify the root bridge The bridge with the lowest value highest priority is selected as the root If the value changes the switch must be re...

Страница 72: ...s are in the range 1 to 200000000 Priority 0 240 Enter which port should be blocked by setting the priority on the LAN Enter a number between 0 and 240 The value of priority must be a multiple of 16 A...

Страница 73: ...age at regular intervals Refresh Click to refresh the page immediately Root Bridge ID The Bridge ID of this Bridge instance Root Port The switch port currently assigned the root port role Path Cost Ro...

Страница 74: ...nfigured as an edge port and directly connected to an end station and cannot create a bridging loop False means OperEdge disabled OperP2P Some of the rapid state transactions that are possible within...

Страница 75: ...MaxAge must be FwdDelay 1 2 Transmit Hold Count The number of BPDUs a bridge port can send per second When exceeded transmission of the next BPDU will be delayed The range of valid values is 1 to 10...

Страница 76: ...an integer between 0 and 65535 MSTI The bridge i n s t a n c e The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANS Mapped The list of VLAN s mapped...

Страница 77: ...ity The bridge priority MSTI instance number and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to pr...

Страница 78: ...ces or not no bridges attached Transiting to the forwarding state is faster for edge ports operEdge set to true than other ports AdminEdge Configures the operEdge flag to start as set or cleared the i...

Страница 79: ...frequently Point to Point Configures whether the port connects to a point to point LAN rather than a shared medium This can be configured automatically or set to true or false manually Transiting to...

Страница 80: ...path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 2000000...

Страница 81: ...e last Topology Change occurred Refresh Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Port Status This page displays...

Страница 82: ...e port RSTP The number of RSTP configuration BPDU s received transmitted on the port STP The number of legacy STP configuration BPDU s received transmitted on the port TCN The number of legacy topolog...

Страница 83: ...riority is the highest Save Click to save the configurations 5 5 VLAN 5 5 1 VLAN Membership You can view and change VLAN membership configurations for a selected switch stack in this page Up to 64 VLA...

Страница 84: ...the port from the VLAN By default no ports are members of a newly created VLAN Add New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Vali...

Страница 85: ...rt will be discarded By default the field is set to All Port VLAN Mode The allowed values are None or Specific This parameter affects VLAN ingress and egress processing If None is selected a VLAN tag...

Страница 86: ...Unaware port will be set to 0x8100 The final status of the frame after egressing will also be affected by the Egress Rule C port When the port receives untagged frames an untagged frame obtains a tag...

Страница 87: ...PVID and is forwarded When the port receives tagged frames If the tagged frame contains a TPID of 0x8100 it will be forwarded If the TPID of tagged frame is not 0x88A8 ex 0x8100 it will be discarded T...

Страница 88: ...iES28TG iES28GF User Manual 88 iS5 Communications Inc...

Страница 89: ...G iES28GF User Manual 89 iS5 Communications Inc Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLANAccess mode Untagged 20 Port 8 is VLANAccess mode Untagged 10 Below are the switch set...

Страница 90: ...iES28TG iES28GF User Manual 90 iS5 Communications Inc VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Страница 91: ...iES28TG iES28GF User Manual 91 iS5 Communications Inc VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Страница 92: ...8TG iES28GF User Manual 92 iS5 Communications Inc VLAN QinQ Mode VLANQinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN iES28TG Port 1 VLAN Sett...

Страница 93: ...fied here Private VLANs can be added or deleted here Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLAN...

Страница 94: ...pty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are not...

Страница 95: ...ed port isolation is disabled for that port By default port isolation is disabled for all ports Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the p...

Страница 96: ...v1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table Write Community Indicates the write community string to permit acc...

Страница 97: ...rap mode Disabled disable SNMP trap mode Delete Check to delete the entry It will be deleted during the next save Trap Name Indicates the trap Configuration s name The allowed string length is 0 to 25...

Страница 98: ...Configures the retry times for SNMP trap inform The allowed range is 0 to 255 Trap Probe Security Engine ID Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabl...

Страница 99: ...set Click to undo any changes made locally and revert to previously saved values 5 6 3 SNMP Community Configurations This page allows you to configure SNMPv3 community table The entry index key is Com...

Страница 100: ...ent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID is the same as system e...

Страница 101: ...must be set correctly at the time of entry creation Authentication Password A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For...

Страница 102: ...uded v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name Astring identifying the security name that this entry should belong to The allowed string length is...

Страница 103: ...ndicate that this view subtree should be included Excluded An optional flag to indicate that this view subtree should be excluded Generally if an entry s view type is Excluded it should exist in anoth...

Страница 104: ...long to Possible security models include NoAuth NoPriv no authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The names o f t h...

Страница 105: ...icted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 13200 when the Unit is Mbps or kfps Unit Controls the unit of measure for the storm control rate as kbps Mbps fps or kfps Th...

Страница 106: ...eue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag a...

Страница 107: ...led by a QCL entry PCP Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the ta...

Страница 108: ...for all switch ports Label Description Port The switch port number to which the following settings will be applied Click on the port number to configure tag remarking Mode Shows the tag remarking mode...

Страница 109: ...late Check to enable ingress translation 2 Classify Classification has 4 different values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected...

Страница 110: ...the rate of each policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps or fps and is restricted to 1 to 3300 when the Unit is Mbps or kfps Unit Configures...

Страница 111: ...easurement for each queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled Save Click to save changes Reset Click to und...

Страница 112: ...ll be applied Click on the port number to configure the shapers Details for configuration can be found in the QoS Egress Port Scheduler and Shapers section Qn Shows disabled or actual port shaper rate...

Страница 113: ...restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use excess bandwidth Port Shaper Enable Check to ena...

Страница 114: ...cted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is...

Страница 115: ...restricted to 1 to 3300 when the Unit is Mbps Port Shaper Unit Configures the unit of measurement for each port shaper rate as kbps or M bps The default value is kbps Save Click to save changes Reset...

Страница 116: ...es are treated as a non IP frame QoS Class QoS class value can be any number from 0 7 DPL Drop Precedence Level 0 3 Save Click to save changes Reset Click to undo any changes made locally and revert t...

Страница 117: ...rs include Remap controls the remapping for frames You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges from 0 to 63 Save Click to save changes Reset Click t...

Страница 118: ...s Inc 5 7 13 QoS Control List This page shows the QoS Control List QCL which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on t...

Страница 119: ...estination MAC type can be unicast UC multicast MC broadcast BC or Any Frame Type can be the following values Any Ethernet LLC SNAP IPv4 IPv6 Note all frame types are explained below Any Allowall type...

Страница 120: ...e a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IPv6 Protocol IP protocol number Other 0 255 TCP UDP or Any Source IP IPv6 source address a b c...

Страница 121: ...s the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of Q...

Страница 122: ...e value displayed under DSCP column Conflict Displays the conflict status of QCL entries As hardware resources are shared by multiple applications resources required to add a QCE may not be available...

Страница 123: ...n IGMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting Router Port Specifies which ports act as router ports A router...

Страница 124: ...displayed table Use the button to start over Label Description Delete Check to delete the entry The designated entry will be deleted during the next save VLAN ID The VLANID of the entry IGMP Snooping...

Страница 125: ...ies Querier Received The number of transmitted Queries V1 Reports Received The number of received V1 reports V2 Reports Received The number of received V2 reports V3 Reports Received The number of rec...

Страница 126: ...isplayed table starting from that or the next closest IGMP Group Table match In addition the two input fields will upon a refresh button click assume the value of the first displayed entry allowing fo...

Страница 127: ...owed values are Enabled frames received on the port are stored in the system log Disabled frames received on the port are not logged The default value is Disabled Please note that system log memory ca...

Страница 128: ...s packet per second pps The allowed values are 0 131071 in pps Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ACL Control List This page...

Страница 129: ...us is don t care Specific If you want to filter a specific policy with this ACE choose this value Two fields for entering a policy value and bitmask appears 8 Policy Value Enter a range between 0 and...

Страница 130: ...rate is limited Shutdown Specifies the shutdown operation of the ACE The allowed values are Enabled if a frame matches the ACE the ingress port will be disabled Disabled port shutdown is disabled for...

Страница 131: ...xx xx xx xx xx xx Frames matching the ACE will use this DMAC value Label Description VLAN ID Filter Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter status i...

Страница 132: ...protocol frames Extra fields for defining UDP parameters will appear For more details of these fields please refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for...

Страница 133: ...P address in the SIP Address field that appears Network source IP filter is set to Network Specify the source IP address and source IP mask in the SIPAddress and SIPMask fields that appear SIP Address...

Страница 134: ...nder IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP...

Страница 135: ...allowed don t care IP Ethernet Length Specifies whether frames will meet the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames...

Страница 136: ...ou can enter a specific ICMP value The allowed range is 0 to 255 Aframe matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE Any no ICMP code filter is...

Страница 137: ...e allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source range TCP UDP Destination Filter Specifies the TCP UDP destination filter for the ACE Any no TCP UDP destination fil...

Страница 138: ...P PSH Specifies the TCPPSH push function value for the ACE 0 TCP frames where the PSHfield is set must not be able to match this entry 1 TCP frames where the PSHfield is set must be able to match this...

Страница 139: ...Pv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other Th...

Страница 140: ...refresh Check to enable an automatic refresh of the page at regular intervals 5 9 2 AAA AAA Radius Server Configuration This page allows you to configure RADIUS servers Label Description Timeout Time...

Страница 141: ...address of the outgoing interface is used NAS Identifier Attribute 32 The identifier up to 255 characters long to be used as attribute 32 in RADIUS Access Request packets If this field is left blank t...

Страница 142: ...is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept acce...

Страница 143: ...lect drop down box determines which server s information is shown by selecting server n Where n is a server 1 to 5 Auto refresh Check this box to refresh the page automatically Automatic refresh occur...

Страница 144: ...ver Rx Unknown Types radiusAuthClientExtUnk nownTypes The number of RADIUS packets that were received with unknown types from the server on the authentication port and dropped Rx Packets Dropped radiu...

Страница 145: ...e is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will g...

Страница 146: ...accounting port Rx Packets Dropped radiusAccClientExtPack etsDropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Tx Reques...

Страница 147: ...RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been...

Страница 148: ...r Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS serve...

Страница 149: ...form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be con...

Страница 150: ...ged into a switch port For MAC based ports re authentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and there...

Страница 151: ...e modes using the Port Security functionality to secure MAC addresses MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS serve...

Страница 152: ...ethod the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into th...

Страница 153: ...characteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communications between the supplicant and...

Страница 154: ...Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as the destination MA...

Страница 155: ...ion has nothing to do with the 802 1Xstandard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch...

Страница 156: ...whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect on successfully authent...

Страница 157: ...the port Refer to NAS Port State for more details regarding each value Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most...

Страница 158: ...ch value Port n The port select drop down box determines which port s information is shown by selecting port n Where n is a valid port number Auto refresh Check this box to refresh the page automatica...

Страница 159: ...EAPOL Start frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoffFra mesRx The number of valid EAPOL Logoff frames that have been received by the switch Rx Invalid Type dot1xAuth...

Страница 160: ...t Indicates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAut hSuccesses 802 1X and MAC based Counts the number of times that the switch receiv...

Страница 161: ...laced next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Label Description MA...

Страница 162: ...escription Port Port number of the remote client IP Address IP address of the remote client 0 0 0 0 means any IP Web Check to enable management via a Web interface Telnet Check to enable management vi...

Страница 163: ...ead Stream Check Active Check to enable stream check When enabled the switch will detect the stream change getting low from the device Stream Check Status Indicates stream check status Possible status...

Страница 164: ...e does not have an alias IP address Alive Check You can use ping commands to check port link status If port link fails you can set actions from the list Label Description Link Change Disables or enabl...

Страница 165: ...al normal sensibility Medium medium sensibility High high sensibility Packet Type Indicates the types of DDoS attack packets to be monitored Possible types are RX Total all ingress packets RX Unicast...

Страница 166: ...gs the event Shunt Down the Port shuts down the port No Link and logs the event Only Log it simply logs the event Reboot Device if PoE is supported the device can be rebooted The event will be logged...

Страница 167: ...er Location Address Indicates location information of the device The information can be used for Google Mapping Description Device descriptions Stream Check This page allows you to configure stream ch...

Страница 168: ...nel will light up and the electric relay will signal at the same time Select the events to cause the Fault Alarm then click Save at the bottom of the screen to save the changes 5 10 2 System Warning S...

Страница 169: ...nowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server does not exist Possible m...

Страница 170: ...tion username Password the authentication password Confirm Password re enter password Recipient E mail Address The recipient s e mail address allows a total number of six recipients Apply Click to act...

Страница 171: ...Failure Alerts when SNMP authentication fails Redundant Ring Topology Change Alerts when there is a ring topology change Port Event SYSLOG Select the SYSLOG event for a specific port number Possible...

Страница 172: ...ly static MAC entries are learned allother frames are dropped Note make sure the link used for managing the switch is added to the static Mac table before changing to secure learning mode otherwise th...

Страница 173: ...t in the MAC table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC table match In addition the two input fields will upon clicking Refresh assume...

Страница 174: ...the same row Click on a port to go to that ports Detailed Statistics page Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Er...

Страница 175: ...categories based on their respective frame sizes Rx and Tx Queue Counters The number of received and transmitted packets per input and output queue Rx Drops The number of frames dropped due to insuff...

Страница 176: ...to be copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or dest...

Страница 177: ...f the switch Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Updates system log entries starting from the current entry ID Clear Flushes all system...

Страница 178: ...e running VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port The port for which...

Страница 179: ...all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 i...

Страница 180: ...ut enable the 1 pps clock input Disable disable the 1 pps clock in out put External Enable The boxallows you to configure external clock output The following values are possible True enable external c...

Страница 181: ...ck P2p Transp peer to peer transparent clock E2e Transp end to end transparent clock Master Only master only Slave Only slave only Port List Set check mark for each port configured for this Clock Inst...

Страница 182: ...e which master clocks to request Announce and Sync messages from For more information please refer to Unicast Slave Configuration VLAN Tag Enable Enables VLAN tagging for PTP frames Note Packets are o...

Страница 183: ...the switch is restored to factory defaults Label Description Yes Click to reset the configuration to factory defaults No Click to return to the System Information page without resetting 5 14 System R...

Страница 184: ...Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable Follow the steps belowto access the console via RS 232 serial cable 1 Sta...

Страница 185: ...Manual 185 iS5 Communications Inc 4 Press Enter for the Console login screen to appear Use the keyboard to enter the Console Username and Password which is same as the Web Browser password admin for b...

Страница 186: ...Follow the steps belowto access the console via Telnet 1 Connect your PC to one of the Ethernet ports of the switch via an Ethernet cable 2 Telnet to the IP address of the switch from the Windows Run...

Страница 187: ...iES28TG iES28GF User Manual 187 iS5 Communications Inc Command Groups...

Страница 188: ...ng error Log Clear all info warning error Timezone Configuration Timezone Offset offset Timezone Acronym acronym DST Configuration DST Mode disable recurring non recurring DST start week day month dat...

Страница 189: ...Configuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx 10gfdx State port_list enable disable Port MaxFrame port_list max_frame Excessive port_list discard restart Statis...

Страница 190: ...nas all Name Add name vid Name Delete name Name Lookup name Status port_list combined static nas mstp all conflicts Private VLAN Configuration port_list Add pvlan_id port_list PVLAN Delete pvlan_id L...

Страница 191: ...Statistics Add stats_id data_source Statistics Delete stats_id Statistics Lookup stats_id History Add history_id data_source interval buckets History Delete history_id History Lookup history_id Alarm...

Страница 192: ...eapol radius Security Network ACL Security Network ACL Configuration port_list Action port_list permit deny rate_limiter port_redirect mirror logging shutdown Policy port_list policy Rate rate_limite...

Страница 193: ...AAA Security AAA Configuration Radius server timeout timeout Radius server retransmit retransmit Radius server deadtime deadtime radius server key key radius server nas ip address ipv4_addr disable ra...

Страница 194: ...st enable disable Port RestrictedTcn stp_port_list enable disable Port bpduGuard stp_port_list enable disable Port Statistics stp_port_list clear Port Mcheck stp_port_list Msti Port Configuration msti...

Страница 195: ...n Map port_list pcp_list dei_list class dpl Port Classification DSCP port_list enable disable Port Policer Mode port_list enable disable Port Policer Rate port_list rate Port Policer Unit port_list kb...

Страница 196: ...class_list dpl_list dscp DSCP EgressRemap dscp_list dpl_list dscp Port Storm Unicast port_list enable disable rate kbps fps Storm Multicast enable disable packet_rate Port Storm Broadcast port_list en...

Страница 197: ...Lookup index User Add engineid user_name MD5 SHA auth_password DES AES priv_password User Delete index User Changekey engineid user_name auth_password priv_password User Lookup index Group Add securi...

Страница 198: ..._name enable disable Trap Event AAA Authentication Failure conf_name enable disable Trap Event Switch STP conf_name enable disable Trap Event Switch RMON conf_name enable disable Firmware Firmware Loa...

Страница 199: ...lockMode one_pps_mode ext_enable clockfreq vcxo_enable OnePpsAction one_pps_clear DebugMode clockinst debug_mode Wireless mode clockinst port_list enable disable Wireless pre notification clockinst po...

Страница 200: ...t Configuration Syslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable disable Syslog RingTopologyChange enable disable Syslog Port port_list disab...

Страница 201: ...ng Configuration Mode enable disable Open Ring 1stUplinkPort port 2ndUplinkPort port Vender moxx advantexx hirschmaxx SFP SFP syslog enable disable temp temperature Info Device Binding DeviceBinding M...

Страница 202: ..._list Port Addr port_list ip_addr mac_addr Port Alias port_list ip_addr Port DeviceType port_list unknown ip_cam ip_phone ap pc plc nvr Port Location port_list device_location Port Description port_li...

Страница 203: ...Port rate limiting User Define Jumbo frame Up to 10K Bytes Security Features Device Binding security feature Enable disable ports M AC based port security Port based network access control 802 1x Sin...

Страница 204: ...isplay system Link Act LK ACT Speed SPD Duplex FDX Remote RMT green LED indicator x 4 Mode select Button MODE Link Act LK ACT Speed SP D Duplex FDX Remote RMT mode select button Port 1 28 Link Act LK...

Страница 205: ...e 512 SysDescription 768 SysLocation 1024 SysContact 4096 PortStatus Port 1 VTSS_PORTS Value 0x0000 Link down 0x0001 Link up 0x0002 Disable 0xffff NoPort 4352 PortSpeed Port 1 VTSS_PORTS Value 0x0000...

Результаты поиска

Содержание iES28GF

Отзывы:

Похожие инструкции для iES28GF

Бренды по названию

Популярные бренды

IS5 COMMUNICATIONS iES28GF, Руководство пользователя

Результаты поиска

Содержание iES28GF

Отзывы:

Похожие инструкции для iES28GF

Бренды по названию

Популярные бренды