manualshive.com logo in svg

Lancom GS-2310P, Руководство пользователя

Инструкция по эксплуатации Lancom GS-2310P доступна для бесплатного скачивания с {веб-сайта}. Узнайте подробности о этом продукте и его функциях, загрузив руководство по эксплуатации. Легкость использования и надежность Lancom GS-2310P сделают вашу работу еще более эффективной.

Поделиться
Скачать
background image

In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened
for network traffic. This allows other clients connected to the port (for instance through a hub) to piggy-back on the
successfully authenticated client and get network access even though they really aren't authenticated. To overcome this
security breach, use the Single 802.1X variant. Single 802.1X is really not an IEEE standard, but features many of the
same characteristics as does port-based 802.1X. In Single 802.1X, at most one supplicant can get authenticated on the
port at a time. Normal EAPOL frames are used in the communication between the supplicant and the switch. If more
than one supplicant is connected to a port, the one that comes first when the port's link comes up will be the first one
considered. If that supplicant doesn't provide valid credentials within a certain amount of time, another supplicant will
get a chance. Once a supplicant is successfully authenticated, only that supplicant will be allowed access. This is the
most secure of all the supported modes. In this mode, the Port Security module is used to secure a supplicant's MAC
address once successfully authenticated.

Multi 802.1X:

In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened
for network traffic. This allows other clients connected to the port (for instance through a hub) to piggy-back on the
successfully authenticated client and get network access even though they really aren't authenticated. To overcome this
security breach, use the Multi 802.1X variant.

Multi 802.1X is really not an IEEE standard, but features many of the same characteristics as does port-based 802.1X.
Multi 802.1X is - like Single 802.1X - not an IEEE standard, but a variant that features many of the same characteristics.
In Multi 802.1X, one or more supplicants can get authenticated on the same port at the same time. Each supplicant is
authenticated individually and secured in the MAC table using the Port Security module.

In Multi 802.1X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL frames
sent from the switch towards the supplicant, since that would cause all supplicants attached to the port to reply to
requests sent from the switch. Instead, the switch uses the supplicant's MAC address, which is obtained from the first
EAPOL Start or EAPOL Response Identity frame sent by the supplicant. An exception to this is when no supplicants are
attached. In this case, the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as
destination - to wake up any supplicants that might be on the port.

The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control
functionality.

MAC-based Auth.:

Unlike port-based 802.1X, MAC-based authentication is not a standard, but merely a best-practices method adopted by
the industry. In MAC-based authentication, users are called clients, and the switch acts as the supplicant on behalf of
clients. The initial frame (any kind of frame) sent by a client is snooped by the switch, which in turn uses the client's
MAC address as both username and password in the subsequent EAP exchange with the RADIUS server. The 6-byte MAC
address is converted to a string on the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator between
the lower-cased hexadecimal digits. The switch only supports the MD5-Challenge authentication method, so the RADIUS
server must be configured accordingly.

When authentication is complete, the RADIUS server sends a success or failure indication, which in turn causes the switch
to open up or block traffic for that particular client, using the Port Security module. Only then will frames from the client
be forwarded on the switch. There are no EAPOL frames involved in this authentication, and therefore, MAC-based
Authentication has nothing to do with the 802.1X standard.

The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected to the
same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients don't
need special supplicant software to authenticate. The advantage of MAC-based authentication over 802.1X-based
authentication is that the clients don't need special supplicant software to authenticate. The disadvantage is that MAC
addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be used by
anyone. Also, only the MD5-Challenge method is supported. The maximum number of clients that can be attached to a
port can be limited using the Port Security Limit Control functionality.

RADIUS-Assigned QoS Enabled:

When RADIUS-Assigned QoS is both globally enabled and enabled (checked) on a given port, the switch reacts to QoS
Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is

175

LANCOM GS-2310P/GS-2326(P) User Manual

5 Security

Содержание GS-2310P

Страница 1: ...connecting your business LANCOM GS 2310P GS 2326 P User Manual...

Страница 2: ...s 21 3 2 2 Rate Limiters 22 3 2 3 Access Control List 23 3 2 4 ACL Status 26 3 3 Aggregation 28 3 3 1 Static Trunk 28 3 3 2 LACP 30 3 4 Spanning Tree 33 3 4 1 Bridge Settings 34 3 4 2 MSTI Mapping 35...

Страница 3: ...e 76 3 9 1 Configuration 76 3 9 2 Dynamic MAC Table 78 3 10 VLAN 80 3 10 1 VLAN Membership 80 3 10 2 Ports 81 3 10 3 Switch Status 85 3 10 4 Port Status 86 3 10 5 Private VLANs 87 3 10 6 MAC based VLA...

Страница 4: ...tion 128 3 17 2 Status 129 3 18 Single IP 130 3 18 1 Configuration 130 3 18 2 Information 131 3 19 Easy Port 131 3 20 Mirroring 133 3 21 Trap Event Severity 134 3 22 SMTP Configuration 135 3 23 UPnP 1...

Страница 5: ...n 166 5 3 2 Statistics 167 5 4 DHCP Relay 168 5 4 1 Configuration 168 5 4 2 Statistics 169 5 5 NAS 171 5 5 1 Configuration 171 5 5 2 Switch Status 178 5 5 3 Port Status 178 5 6 AAA 181 5 6 1 Configura...

Страница 6: ...User 200 6 4 Export Import 200 6 4 1 Export Config 200 6 4 2 Import Config 201 6 5 Diagnostics 202 6 5 1 Ping 202 6 5 2 Ping6 203 6 5 3 VeriPHY GS 2326 P only 204 A Glossary of Web based Management 20...

Страница 7: ...ications protect your sensitive information and optimize your network bandwidth to deliver information and applications more effectively It provides the ideal combination of affordability and capabili...

Страница 8: ...the password is admin When logging in for the first time please use the default username and password and then click the Login button The login process now is completed In the login menu you have to...

Страница 9: ...series is set to DHCP by default If you do not have a DHCP server to provide an IP address to the switch the default IP is 172 23 56 250 9 LANCOM GS 2310P GS 2326 P User Manual 2 Operation of Web bas...

Страница 10: ...he RJ45 ports on the switch support automatic MDI MDI X pin out configuration so you can use standard straight through twisted pair cables to connect to any other network device PCs servers switches r...

Страница 11: ...ponding to each port will light green 1000 Mbps or amber 100 Mbps to indicate that the connection is valid NETWORK WIRING CONNECTIONS Today the patch down block is an integral part of many of the newe...

Страница 12: ...s only available when there is no link on the corresponding SFP port 3 1 1 Configuration This chapter describes how to view the current port configuration and how to configure ports to non default set...

Страница 13: ...ent Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the re...

Страница 14: ...identity It provides user the option to enter an alphanumeric string describing the full name and or additional information eg the usage of the port Web Interface To enter a Port Description in the we...

Страница 15: ...w Parameter description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted by...

Страница 16: ...to refresh the information then you need to activate Auto refresh 4 Click Refresh to refresh the port detailed statistics or click Clear to clear all information Figure 3 1 4 The Detailed Port Statist...

Страница 17: ...r alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize The number of long 2 frames received with valid CRC Rx Fragments The number of short 1 frames received...

Страница 18: ...manually 3 1 6 EEE EEE is a power saving option that reduces the power usage when there is very low traffic utilization or no traffic EEE works by powering down circuits when there is no traffic When...

Страница 19: ...itch port number of the logical EEE port EEE Enabled Controls if EEE is enabled for this switch port EEE Urgent Queues Queues set will activate transmission of frames as soon as any data is available...

Страница 20: ...ndor OUI Display the Manufacturer s OUI code which is assigned by IEEE Vendor Name Display the company name of the module manufacturer Vendor P N Display the product name of the naming by module manuf...

Страница 21: ...unless the frame matches a specific ACE Web Interface To configure the ACL Ports in the web interface 1 Click Configuration ACL then Ports 2 To scroll the specific parameter value to select the correc...

Страница 22: ...bled Port shut down is disabled The default value is Disabled Counter Counts the number of frames that match this ACE Buttons Save Click to save changes Reset Click to undo any changes made locally an...

Страница 23: ...he conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the frame is accepted Other actions can...

Страница 24: ...relevant criteria to be matched for this rule and set the actions to take when a rule is matched such as Rate Limiter Port Copy Logging and Shutdown Figure 3 2 3 The ACL Rate Limiter Configuration Pa...

Страница 25: ...d Logging Indicates the logging operation of the ACE Possible values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Please note that t...

Страница 26: ...you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this DMAC value...

Страница 27: ...ames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is disp...

Страница 28: ...s means you can apply your current Ethernet equipment s to build the bandwidth aggregation 3 3 1 1 Static Trunk Ports using Static Trunk as their trunk method can choose their unique Static GroupID to...

Страница 29: ...use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Aggregation Group Configuration Locality Indicates the aggregation group type This field is only valid fo...

Страница 30: ...up with only one or less than one ready member ports is not a real trunked group Web Interface To configure the Trunk Aggregation LACP parameters in the web interface 1 Click Configuration Aggregation...

Страница 31: ...face To display the LACP System status in the web interface 1 Click Configuration Aggregation LACP System Status 2 If you want to auto refresh the information then you need to activate Auto refresh 3...

Страница 32: ...ile its LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GLAG...

Страница 33: ...in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down STP STP uses a distri...

Страница 34: ...ters in the blank field in Basic Settings 3 Activate to enable or disable the parameters and enter available value of parameters in the blank field in Advanced settings 4 Click Apply to save the setti...

Страница 35: ...is also cleared by a system reboot Port Error Recovery Timeout The time to pass before a port in the error disabled state can be enabled Valid values are between 30 and 86400 seconds 24 hours Buttons...

Страница 36: ...ust be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just be left empty I e not having any VLANs Buttons Save Click to save changes Reset Click to undo...

Страница 37: ...tifier Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 3 4 4 CIST Ports When you implement a Spanning Tree protocol on the switch...

Страница 38: ...aving operEdge true than for other ports The value of this flag is based on AdminEdge and AutoEdge fields This flag is displayed as Edge in Monitor Spanning Tree STP Detailed Bridge Status AdminEdge C...

Страница 39: ...or forced either true or false Transition to the forwarding state is faster for point to point LANs than for shared media Buttons Save Click to save changes Reset Click to undo any changes made locall...

Страница 40: ...control priority of ports having identical port cost See above Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 3 4 6 Bridge Statu...

Страница 41: ...e Topology Change Last The time since last Topology Change occurred Auto refresh Activate the auto refresh to refresh the information automatically Refresh Refresh the STP Bridges status information m...

Страница 42: ...fresh the STP Port status information manually 3 4 8 Port Statistics After you complete the STP configuration then you could to let the switch display the STP Statistics The Section provides you to as...

Страница 43: ...fferent from broadcast packet A switch which supports IGMP Snooping with the functions of query report and leave a type of packet exchanged between IP Multicast Router Switch and IP Multicast Host can...

Страница 44: ...M Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Format IP address sub mask Proxy Enabled Enable IGMP Pr...

Страница 45: ...VLAN in the web interface 1 Click Configuration IGMP Snooping VLAN Configuration 2 Activate to select enable or disable Snooping IGMP Querier 3 Specify the parameters in the blank field 4 Click the r...

Страница 46: ...the lowest VLAN ID or click to update the table starting with the entry after the last entry currently displayed 3 5 3 Port Group Filtering The section describes how to set the IGMP Port Group Filter...

Страница 47: ...at will be filtered Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 3 5 4 Status After you complete the IGMP Snooping configuratio...

Страница 48: ...The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Auto refresh Activate auto refresh to refresh the log automa...

Страница 49: ...ries is shown in the displayed table IGMP Group Table Columns VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Auto refresh Activate the aut...

Страница 50: ...le default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the IGMPv3 Information Table The Start from V...

Страница 51: ...unning on the source and destination systems cooperates to determine what multicast address to use Note that this is a function of the application software not of MLD When MLD snooping is enabled on a...

Страница 52: ...Proxy Enabled Enable MLD Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Port The Port index what you enable or disable the MLD Snooping funct...

Страница 53: ...guration Information 4 Click or to move to previous or next entry Figure 3 7 2 The MLD Snooping VLAN Configuration Parameter description VLAN ID The VLAN ID of the entry Snooping Enabled Enable the pe...

Страница 54: ...Report Interval The Unsolicited Report Interval is the time between repetitions of a node s initial report of interest in a multicast address The allowed range is 0 to 31744 seconds default unsolicite...

Страница 55: ...scribes the MLD Snooping Status It is helpful to find out the detailed information of the MLD Snooping status Web Interface To display the MLD Snooping Status in the web interface 1 Click Configuratio...

Страница 56: ...Groups Information The Start from VLAN and group input fields allow the user to select the starting point in the MLD Group Table Each page shows up to 99 entries from the MLD Group table the default...

Страница 57: ...group Auto refresh Activate the auto refresh to refresh the log automatically Refresh Refresh the IGMP Group Status manually Go to the previous next page or entry 3 6 6 IPv6 SSM Information This secti...

Страница 58: ...Go to the previous next page or entry 3 7 MVR The MVR feature enables multicast traffic forwarding on the Multicast VLAN In a multicast television application a PC or a television with a set top box c...

Страница 59: ...saved values Figure 3 7 1 The MVR Configuration GS 2310P Parameter description MVR Mode Enable Disable the Global MVR VLAN ID Specify the Multicast VLAN ID Mode Enable MVR on the port Type Specify the...

Страница 60: ...VLAN ID VLAN ID of the group Groups Group ID of the group displayed Port Members Ports under this group Auto refresh Activate the auto refresh tto refresh the information automatically Refresh Refres...

Страница 61: ...ing switches to advertise themselves to adjacent devices and to learn about adjacent LLDP devices The Link Layer Discovery Protocol LLDP is a vendor neutral Link Layer protocol in the Internet Protoco...

Страница 62: ...rame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times Tx Delay If some configuration is changed...

Страница 63: ...P Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbors table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TL...

Страница 64: ...P then the table will show No LLDP neighbor information found Parameter description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neig...

Страница 65: ...rv settings enabling plug and play networking Device location discovery allows creation of location databases and in the case of Voice over Internet Protocol VoIP Enhanced 911 services Extended and au...

Страница 66: ...TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbor has been detect...

Страница 67: ...Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich the associated vertical datum...

Страница 68: ...xample 4 Room no Room number Example 450F Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional code...

Страница 69: ...dentity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise th...

Страница 70: ...the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP...

Страница 71: ...ice is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point...

Страница 72: ...and are extended to include aspects related to end user devices Example product categories expected to adhere to this class include but are not limited to end user communication appliances such as IP...

Страница 73: ...VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is...

Страница 74: ...echo values shall be defined as the local link partners reflection echo of the remote link partners respective values When a local link partner receives its echoed values from the remote link partner...

Страница 75: ...d or added It also shows the time elapsed since the last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Sho...

Страница 76: ...on automatically Refresh Refresh the LLDP Port Statistics information manually Clear Press clear to clean up the entries 3 9 Filtering Data Base The Filtering Data Base Configuration includes many fun...

Страница 77: ...Specify the VLAN IP and Mac address Port Members 3 Click Apply Figure 3 9 1 The MAC Address Table Configuration GS 2310P Parameter description Aging Configuration By default dynamic entries are remov...

Страница 78: ...can contain 64 entries The MAC table is sorted first by VLAN ID and then by MAC address Delete Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID of the entry MAC A...

Страница 79: ...efresh the MAC address entries manually Clear Press clear to clean up the MAC table Go to the previous next entries of the table 5 00 A0 57 73 01 29 your switch MAC address for IPv4 33 33 00 00 00 01...

Страница 80: ...as adding and deleting port members of each VLAN Web Interface To configure VLAN membership configuration in the web interface 1 Click VLAN membership Configuration 2 Specify VLAN ID 1 4094 3 Click Ap...

Страница 81: ...ved values Refresh Refresh the VLAN entries manually Clear Clean up the VLAN table Go to the previous next page of the table 3 10 2 Ports In the VLAN Tag Rule Settings PVID number for each port can be...

Страница 82: ...ceives a tagged frame an additional outer tag based on the defined PVID is added and the frame is forwarded Unaware 0x8100 The final status of the frame after egressing is also effected by the egress...

Страница 83: ...t receives an untagged frame a tag based on the defined PVID is added and the frame is forwarded When the port receives a tagged frame and the TPID S custom port value which can be set by using the fi...

Страница 84: ...ts its operate behavior to individual packet Figure 1 Ingress sample Unaware Figure 2 Ingress sample C port Figure 3 Ingress sample S port Figure 4 Ingress sample S custom port Ingress Filtering 84 LA...

Страница 85: ...LAN ID If VLAN awareness is disabled all frames received on the port are classified to the Port VLAN ID If the classified VLAN ID of a frame transmitted on the port is different from the Port VLAN ID...

Страница 86: ...o create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment VLAN ID Indicates the ID of this particular VLAN VLAN...

Страница 87: ...of Conflicts whether exists or not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur Functional Conflicts between features Conflict...

Страница 88: ...t traffic flow The apparatus comprises a switch having said plurality of ports each port configured as a protected port or a non protected port An address table memory stores an address table having a...

Страница 89: ...Ns the device will be assigned to a different VLAN the next time it accesses the network As a result it will not be able to use the resources in the old VLAN On the other hand if Port A and Port B bel...

Страница 90: ...al values for a VLAN ID are 1 through 4094 The MAC based VLAN entry is enabled on the selected switch unit when you click on Save A MAC based VLAN without any port members on any unit will be deleted...

Страница 91: ...repeat request ARQ error management mechanisms SNAP The Sub network Access Protocol SNAP is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by t...

Страница 92: ...string 0x00 0xff b SSAP 1 byte long string 0x00 0xff For SNAP Valid value in this case also is comprised of two different sub values a OUI OUI Organizationally Unique Identifier is value in format of...

Страница 93: ...nterface To display Group Name to VLAN mapping table configured in the web interface 1 Click Group Name VLAN configuration and add new entry 2 Specify the Group Name and VLAN ID 3 Click Apply Figure 3...

Страница 94: ...ly Refresh Refresh the Protocol Group Mapping information manually 3 11 Voice VLAN Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VL...

Страница 95: ...e is 10 to 10000000 seconds It is used when security mode or auto detect mode is enabled In other cases it will be based on hardware aging time The actual aging time will be situated between the age_t...

Страница 96: ...Possible discovery protocols are OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP Buttons Save Click to save changes Reset Click to undo any chan...

Страница 97: ...e devices form a reachability tree that is a subset of an active topology GARP defines the architecture rules of operation state machines and variables for the registration and de registration of attr...

Страница 98: ...for Leave All Timer is 10000ms Application Currently supported applications GVRP Attribute Type Currently supported Attribute Type is VLAN GARP Applicant This configuration is used to configure the Ap...

Страница 99: ...Registration Protocol GARP mainly used to automatically and dynamically maintain the group membership information of the VLANs The GVRP offers the function providing the VLAN registration service thr...

Страница 100: ...ases 1 GVRP Mode This configuration is to enable disable GVRP Mode on particular port locally Disable Select to Disable GVRP mode on this port Enable Select to Enable GVRP mode on this port The defaul...

Страница 101: ...nsmitted from the GARP layer include join in join empty Leave Tx Count The count of GVRP leave PDUs transmitted from the GARP layer include leave in leave empty Auto refresh Activate the auto refresh...

Страница 102: ...ings for all switch ports and the settings relate to the currently selected unit as reflected by the page header Web Interface To configure the QoS Port Classification parameters in the web interface...

Страница 103: ...inition DEI value is 0 or 1 it is settable map to DP value is 0 or 1 When ingress QoS class value is the same the DP level defines the priority a large DP value will be dropped first ex From Port 1 in...

Страница 104: ...vate to enable or disable flow control on port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 3 14 3 Port Scheduler This section...

Страница 105: ...105 LANCOM GS 2310P GS 2326 P User Manual 3 Configuration...

Страница 106: ...haper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is This value is restricted to 1...

Страница 107: ...s and it is restricted to 1 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons Save Click to save changes Re...

Страница 108: ...108 LANCOM GS 2310P GS 2326 P User Manual 3 Configuration...

Страница 109: ...ight Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted Queue Scheduler Percent Shows the we...

Страница 110: ...ault PCP DEI values Mapped Use mapped versions of QoS class and DP level Tag Remarking Mode To scroll to select the tag remarking mode for this port Classified Use classified PCP DEI values Default Us...

Страница 111: ...2310P Parameter description Port The Port column shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and...

Страница 112: ...hows how to configure the DSCP Based QoS mode Web Interface To configure the DSCP Based QoS Ingress Classification parameters in the web interface 1 Click Configuration QoS DSCP Based QoS 2 Activate t...

Страница 113: ...S DSCP Translation settings for all switches DSCP translation can be done in Ingress or Egress Web Interface To configure the DSCP Translation parameters in the web interface 1 Click Configuration QoS...

Страница 114: ...There are two configuration parameters for DSCP Translation Translate DSCP at Ingress side can be translated to any of 0 63 DSCP values Classify Click to enable Classification at Ingress side Egress...

Страница 115: ...eb Interface To configure the DSCP Classification parameters in the web interface 1 Click Configuration QoS DSCP Translation 2 Set the DSCP Parameters 3 Click Apply to save the setting 4 If you want t...

Страница 116: ...ers in the web interface 1 Click Configuration QoS QoS Control List 2 Click the to add a new QoS Control List 3 Select the parameters and activate the Port Member to join the QCE rules 4 Click Apply t...

Страница 117: ...herwise it is always No Please note that conflict can be resolved by releasing the resource required by the QCE and pressing Refresh button Action Indicates the classification action taken on ingress...

Страница 118: ...efault value is Any 5 IPv4 Protocol IP protocol number 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w...

Страница 119: ...fresh the information then you need to activate Auto refresh 3 Select the combined static Voice VLAN and conflict 4 Click the Refresh to refresh a entry of the MVR Statistics Information Figure 3 14 1...

Страница 120: ...e Refresh Refresh the QCL information manually 3 14 12 Storm Control The section shows how to configure the Storm control of the switch There is a unicast storm rate control multicast storm rate contr...

Страница 121: ...pensive to connect the equipment to main power supply 3 15 1 Configuration This page allows the user to inspect and configure the current PoE port settings Figure 3 15 1 The PoE Configuration Paramete...

Страница 122: ...PDs in total Local Port The logical port number for this row PD Class The class the of PDs that identify with a specified current The classification current describes the amount of power the PD will...

Страница 123: ...ally Figure 3 15 4 The PoE Auto Checking Parameter description Ping Check Enable the ping check function to detect the connection between PoE port and powered device Port The logical port number for t...

Страница 124: ...ower after a reboot of the PD The reboot time range is 3 to 120 seconds Buttons Apply Apply changes 3 15 5 Scheduling This page allows the user to make a schedule for the PoE power supply Scheduling m...

Страница 125: ...ow Agent in the web interface 1 Click Configuration sFlow Agent Collector 2 Set the parameters 3 Scroll to IP Type to choice with IPv4 or IPv6 4 Click Apply to save the setting 5 If you want to cancel...

Страница 126: ...nd out the sFlow samples to the receiver The value accepted is within the range of 200 1500 bytes The default is 1400 bytes Buttons Save Click to save changes Reset Click to undo any changes made loca...

Страница 127: ...e counter sampling Buttons Edits the Data source sampler configuration Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Click to can...

Страница 128: ...Protection Configuration GS 2310P Parameter description General Settings Enable Loop Protection Controls whether loop protections is enabled as a whole Transmission Time The interval between each loop...

Страница 129: ...page displays the loop protection port status of the ports of the currently selected switch Web Interface To configure the Loop Protection parameters in the web interface 1 Click Configuration Loop Pr...

Страница 130: ...Eliminate any specialized cables for stacking and remove the distance barriers that typically limit topology options when using other stacking technology Each single IP group consists of one master s...

Страница 131: ...Easy Port provides a convenient way to save and share common configurations You can use it to enable features and settings based on the location of a switch in the network and for mass configuration...

Страница 132: ...want the voice has high priority then you can set the value with 7 Port Security To scroll to enable or disable the Port Security function on the Port If you turn on the function then you need to set...

Страница 133: ...affic received by Port B will be copied to Port A for monitoring Web Interface To configure the Mirror in the web interface 1 Click Configuration Mirroring 2 Select Port to mirror on which port 3 Scro...

Страница 134: ...is limited to Disabled or Rx only Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 3 21 Trap Event Severity The function is used to...

Страница 135: ...ction is used to set a Alarm trap when the switch alarm then you could set the SMTP server to send you the alarm mail Web Interface To configure the SMTP in the web interface 1 Click Configuration SMT...

Страница 136: ...ike to receive the alarm message Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 3 23 UPnP UPnP is an acronym for Universal Plug a...

Страница 137: ...ertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should rec...

Страница 138: ...chanical Version Serial Number Host IP Address Host Mac Address Device Port RAM Size and Flash Size 4 1 1 Information The switch system information is provided here To access the System Information in...

Страница 139: ...BIOS in the switch Firmware version The firmware version in the switch Hardware Mechanical version The version of the electronic and the mechanical hardware The figure before the hyphen shows the ver...

Страница 140: ...The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Location The physical location of this node e g tel...

Страница 141: ...tch provides manual and automatic ways to set the system time via NTP Manual setting is simple and you just enter Year Month Day Hour Minute and Second within the valid value range indicated in each i...

Страница 142: ...ime the system time will be decreased one hour after one minute The switch supports a configurable day light saving time offset of up to 24 hours The zero for this parameter means it need not have to...

Страница 143: ...to 5 The NTP s IPv4 or IPv6 address The IPv6 address in 128 bit records is represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe0...

Страница 144: ...from 32 to 126 Password again You must type the same password again in this field Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 he ca...

Страница 145: ...MRP MVR MVRP Maintenance Mirroring POE Ports Private VLANs QoS SMTP SNMP Security Spanning Tree System Trap Event VCL VLANs Voice VLAN Web Interface To configure Privilege Level in the web interface...

Страница 146: ...ation in the same condition it was sent Each device connected to a Local Area Network LAN or Wide Area Network WAN is given an Internet Protocol address and this IP address is used to identify the dev...

Страница 147: ...the IP address of the SNTP Server in dotted decimal notation DNS Server Provide the IP address of the DNS Server in dotted decimal notation VLAN ID Provide the managed VLAN ID The allowed range is 1...

Страница 148: ...6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that...

Страница 149: ...des are Enabled Enable server mode operation Disabled Disable server mode operation Server Address 1 and 2 Indicates the IPv4 host address of the syslog server 1 and server 2 For redundancy If the swi...

Страница 150: ...of the system log entry Time The time of the system log entry Message The message of the system log entry Refresh Refresh the system log manually Clear Clear the system log manually 4 5 3 Detailed Lo...

Страница 151: ...nt If you set the field SNMP Enable the SNMP agent will be started up All supported MIB OIDs including RMON MIB can be accessed via SNMP manager If the field SNMP is set Disable SNMP agent will be de...

Страница 152: ...to configure SNMPv3 communities The Community and UserName is unique To create a new community account please click on the Add new community button and enter the account information and click on Save...

Страница 153: ...rce address A particular range of source addresses can be used to restrict the source subnet when combined with source mask Source Mask Indicates the SNMP access source address mask 4 6 3 Users The fu...

Страница 154: ...that the value is set correctly Authentication Password A string identifying the authentication password phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentica...

Страница 155: ...ame that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 4 6 5 Views The function is used to configure SNMPv3 view The entri...

Страница 156: ...another view entry existing with view type as included and it s OID subtree should overstep the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view The al...

Страница 157: ...NMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth N...

Страница 158: ...y and modify the detail parameters or click the delete button to delete the entry Figure 4 6 7 The SNMP Trap Host Configuration Parameters description Delete Check Delete entry then click the Save but...

Страница 159: ...uthentication and no privacy Auth Priv Authentication and privacy Authentication Protocol You can choose MD5 or SHA for authentication Authentication Password The length of MD5 Authentication Password...

Страница 160: ...5 1 1 Configuration This section describes how to configure IP Source Guard setting including Mode Enabled and Disabled Maximum Dynamic Clients 0 1 2 Unlimited To configure an IP Source Guard in the w...

Страница 161: ...to 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert t...

Страница 162: ...ve changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 3 Dynamic Table The section describes how to configure the Dynamic IP Source Guard Table parameters of...

Страница 163: ...f the switch 5 2 1 Configuration This section describes how to configure ARP Inspection including Mode Enabled and Disabled Port Enabled and Disabled To configure ARP Inspection in the web interface 1...

Страница 164: ...on describes how to configure the Static ARP Inspection Table parameters of the switch To configure a Static ARP Inspection Table in the web interface 1 Click Add new entry 2 Specify the Port VLAN ID...

Страница 165: ...MAC address and then by IP address To configure a Dynamic ARP Inspection Table Configuration in the web interface 1 Specify the Start from port VLAN ID MAC Address IP Address and entry per page 2 Che...

Страница 166: ...ct Trusted of the specific port in the Mode of Port Mode Configuration 3 Click Apply Figure 5 3 1 The DHCP Snooping Configuration GS 2310P Parameter description Snooping Mode Indicates the DHCP snoopi...

Страница 167: ...arameter description Rx and Tx Discover The number of discover option 53 with value 1 packets received and transmitted Rx and Tx Offer The number of offer option 53 with value 2 packets received and t...

Страница 168: ...elay The section describes how to forward DHCP requests to another specific DHCP servers via DHCP relay The DHCP servers may be on another network 5 4 1 Configuration This section describes how to con...

Страница 169: ...HCP relay operation mode is enabled Disabled Disable DHCP relay information mode operation Relay Information Policy Indicates the DHCP relay information option policy When DHCP relay information mode...

Страница 170: ...rcuit ID The number of packets whose Circuit ID option did not match known circuit ID Receive Bad Remote ID The number of packets whose Remote ID option did not match known Remote ID Client Statistics...

Страница 171: ...cording to IEEE 802 1X MAC based authentication system and port settings The NAS configuration consists of two sections system and port wide To configure the Network Access Server in the web interface...

Страница 172: ...ermines the period in seconds after which a connected client must be reauthenticated This is only active if the Reauthentication Enabled checkbox is checked Valid values are in the range 1 to 3600 sec...

Страница 173: ...tto setting determine whether RADIUS assigned QoS Class is enabled on that port When unchecked RADIUS server assigned QoS Class is disabled on all ports RADIUS Assigned VLAN Enabled RADIUS assigned VL...

Страница 174: ...n as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with...

Страница 175: ...POL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC add...

Страница 176: ...rt will be classified and switched on the RADIUS assigned VLAN ID If re authentication fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it s invalid or the supplicant is otherwi...

Страница 177: ...the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled Port State The current state of the port It ca...

Страница 178: ...ent for MAC based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address...

Страница 179: ...S has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS...

Страница 180: ...MAC based Auth MAC Address For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link...

Страница 181: ...igure a RADIUS Authentication Server Configuration of AAA in the web interface 1 Check Enabled 2 Specify IP address or Hostname for Radius Server 3 Specify Authentication Port for Radius Server Defaul...

Страница 182: ...ut interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up t...

Страница 183: ...by checking this box IP Address Hostname The IP address or hostname of the RADIUS Accounting Server IP address is expressed in dotted decimal notation Port The UDP port to use on the RADIUS Accounting...

Страница 184: ...the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and...

Страница 185: ...arentheses This state is only reachable when more than one server is enabled Auto refresh Activate the auto refresh to refresh the information automatically Refresh Refresh the RADIUS Status manually...

Страница 186: ...input to an interface by limiting and identifying MAC addresses Web Interface To configure Limit Control in the web interface 1 Select Enabled in the Mode of System Configuration 2 Check Aging Enabled...

Страница 187: ...desired consider the following scenario Suppose an end host is connected to a 3rd party switch or hub which in turn is connected to a port on this switch on which Limit Control is enabled The end hos...

Страница 188: ...d Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port Boot the switch Disable and...

Страница 189: ...nterface 1 Check Auto refresh Figure 5 7 2 The Port Security Switch Status Parameter description User Module Legend The legend shows all user modules that may request Port Security services User Modul...

Страница 190: ...formation automatically Refresh Refresh the Port Security Switch Status information manually 5 7 3 Port Status This section shows the MAC addresses secured by the Port Security module Port Security is...

Страница 191: ...h to refresh the information automatically Refresh Refresh the Port Security Port Status information manually 5 8 Access Management This section explains how to configure access management of the swit...

Страница 192: ...in the entry SNMP Indicates that the host can access the switch from SNMP interface if the host IP address matches the IP address range provided in the entry TELNET SSH Indicates that the host can acc...

Страница 193: ...efresh Activate the auto refresh to refresh the information automatically Refresh Refresh the Access Management Statistics information manually Clear Clear the statistics 5 9 SSH This section shows yo...

Страница 194: ...ect Enabled in the Mode of HTTPS Configuration 2 Select Enabled in the Automatic Redirect of HTTPS Configuration 3 Click Apply Figure 5 10 1 The HTTPS Configuration Parameter description Mode Indicate...

Страница 195: ...is disabled and login is not possible local use the local user database on the switch for authentication radius use a remote RADIUS server for authentication tacacs use a remote TACACS server for aut...

Страница 196: ...Web Interface To restart the device 1 Click Restart Device 2 Click Yes Figure 6 1 1 Restart Device Parameter description Restart Device You can restart the switch on this page After restart the switc...

Страница 197: ...witches restart 5 WARNING While the firmware is being updated Web access appears to be defunct The front LED flashes Green Off with a frequency of 10 Hz while the firmware update is in progress Do not...

Страница 198: ...ion uploading a new firmware image to the device will automatically use the primary image slot and activate it The firmware version and date information may be empty for older firmware releases This d...

Страница 199: ...art Configuration via the web interface 1 Click Save Start 2 Click Yes Figure 6 3 2 The Save as Start configuration Parameter description Buttons Save Click to save current configuration as Start Conf...

Страница 200: ...Save Click to restore the Backup Configuration to the switch 6 4 Export Import This section describes how to export and import the Switch configuration Any current configuration file will be exported...

Страница 201: ...escribes how to import the switch configuration for maintenance needs Any current configuration file will be imported via XML format Web Interface To import a configuration via the web interface 1 Cli...

Страница 202: ...ow that whether the system is healthy or needs to be fixed The basic system check includes ICMP Ping ICMPv6 and VeriPHY Cable Diagnostics 6 5 1 Ping This section allows you to issue ICMP PING packets...

Страница 203: ...eout occurs PING server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2 time 0ms 64 bytes from 10 10 13...

Страница 204: ...onfigure the following properties of the issued ICMP packets 6 5 3 VeriPHY GS 2326 P only This section is used for running the VeriPHY Cable Diagnostics Press Start to run the diagnostics This will ta...

Страница 205: ...Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair 205 LANCOM GS 2310P GS 2326 P User Manual 6 Maintenance...

Страница 206: ...An ACE can be associated with a Policy 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web pag...

Страница 207: ...n be shared by those devices for a link C CC CC is an acronym for Continuity Check It is a MEP functionality that is able to detect loss of continuity in a network by transmitting CCM frames to a peer...

Страница 208: ...format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always...

Страница 209: ...rvers and browsers should take in response to various commands The other main standard that controls how the World Wide Web works is HTML which covers how Web pages are formatted and displayed Any Web...

Страница 210: ...transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex featu...

Страница 211: ...management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be acces...

Страница 212: ...k Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied cr...

Страница 213: ...ice The remote device is called a PD PHY PHY is an abbreviation for Physical Interface Transceiver and is the device that implement the Ethernet physical layer IEEE 802 3 PING ping is a program that s...

Страница 214: ...or synchronizing the clocks of computer systems Q QCE QCE is an acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID There are six QCE frame types Ethernet Type VLA...

Страница 215: ...uence the message of any length Shaper A shaper can limit the bandwidth of transmitted frames It is located after the ingress queues SMTP SMTP is an acronym for Simple Mail Transfer Protocol It is a t...

Страница 216: ...access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting service...

Страница 217: ...2 1Q frame It is also known as PCP V VLAN Virtual LAN A method to restrict communication between switch ports VLANs can be used for the following applications VLAN unaware switching This is the defaul...

Отзывы:

Нет отзывов

Похожие инструкции для GS-2310P

Qualys GUARD Quick Start Manual preview
GUARD
Бренд: Qualys Страницы: 2
Ubiquiti NanoBeam M5 Setup preview
NanoBeam M5
Бренд: Ubiquiti Страницы: 3
Intellinet 523318 Instructions preview
523318
Бренд: Intellinet Страницы: 2
Sangamo CHOICE PR1 User Instructions preview
CHOICE PR1
Бренд: Sangamo Страницы: 2
E-Lins H700 Series User Manual preview
H700 Series
Бренд: E-Lins Страницы: 113
Gbord EN-101 User Manual preview
EN-101
Бренд: Gbord Страницы: 8
HELVAR Imagine 920 Installation Manual preview
Imagine 920
Бренд: HELVAR Страницы: 2
Buffalo LinkStation Mini User Manual preview
LinkStation Mini
Бренд: Buffalo Страницы: 71
QTech QSW-2900 User Manual preview
QSW-2900
Бренд: QTech Страницы: 406
AMX NXF Dimensional Drawing preview
NXF
Бренд: AMX Страницы: 1
Ethernet Direct Husky HMG-1648EP User Manual preview
Husky HMG-1648EP
Бренд: Ethernet Direct Страницы: 16
ADTRAN EXPRESS 6503 User Manual preview
EXPRESS 6503
Бренд: ADTRAN Страницы: 20
Tripp Lite N201-003-WH Specifications preview
N201-003-WH
Бренд: Tripp Lite Страницы: 2
ADTRAN Express L128FP User Manual preview
Express L128FP
Бренд: ADTRAN Страницы: 161
Planet GSW-2416SF User Manual preview
GSW-2416SF
Бренд: Planet Страницы: 54
Quantum FC1202 User Manual preview
FC1202
Бренд: Quantum Страницы: 108
BinTec BinGO! DSL II Quick Install Manual preview
BinGO! DSL II
Бренд: BinTec Страницы: 2
Yeti 20731 Quick Start Manual preview
20731
Бренд: Yeti Страницы: 29

Бренды по названию

Популярные бренды

Загрузить еще бренды