LevelOne GEL-2670 Скачать руководство пользователя страница 88

Страница: 88 / 320

HAPTER

| Configuring the Switch

Configuring Security

– 88 –

With aging enabled, a timer is started once the end-host gets secured.

When the timer expires, the switch starts looking for frames from the

end-host, and if such frames are not seen within the next Aging Period,

the end-host is assumed to be disconnected, and the corresponding

resources are freed on the switch.

◆

Aging Period

– If Aging Enabled is checked, then the aging period is

controlled with this parameter. If other modules are using the

underlying port security for securing MAC addresses, they may have

other requirements for the aging period. The underlying port security

will use the shortest requested aging period of all modules that use this

functionality. (Range: 10-10,000,000 seconds; Default: 3600 seconds)

Port Configuration

◆

Port

– Port identifier.

◆

Mode

– Controls whether Limit Control is enabled on this port. Both

this and the global Mode must be set to Enabled for Limit Control to be

in effect. Notice that other modules may still use the underlying port

security features without enabling Limit Control on a given port.

◆

Limit

– The maximum number of MAC addresses that can be secured

on this port. This number cannot exceed 1024. If the limit is exceeded,

the corresponding action is taken.
The switch is “initialized” with a total number of MAC addresses from

which all ports draw whenever a new MAC address is seen on a Port

Security-enabled port. Since all ports draw from the same pool, it may

happen that a configured maximum cannot be granted if the remaining

ports have already used all available MAC addresses.

◆

Action

– If Limit is reached, the switch can take one of the following

actions:

■

None: Do not allow more than the specified Limit of MAC addresses

on the port, but take no further action.

■

Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP

trap. If Aging is disabled, only one SNMP trap will be sent, but with

Aging enabled, new SNMP traps will be sent every time the limit is

exceeded.

■

Shutdown: If Limit + 1 MAC addresses is seen on the port, shut

down the port. This implies that all secured MAC addresses will be

removed from the port, and no new addresses will be learned. Even

if the link is physically disconnected and reconnected on the port

(by disconnecting the cable), the port will remain shut down. There

are three ways to re-open the port:

■

Boot the switch,

■

Disable and re-enable Limit Control on the port or the switch,

■

Click the Reopen button.

Содержание GEL-2670

Страница 1: ...GEL 2670 24 GE 2 GE SFP L2 Managed Switch User Manual Ver 1 0...

Страница 2: ......

Страница 3: ...MANAGEMENT GUIDE GEL 2670 L2 MANAGED SWITCH Layer 2 Gigabit Ethernet Switch with 24 10 100 1000BASE T Ports RJ 45 and 2 Gigabit SFP Ports E012013 KS R01...

Страница 4: ......

Страница 5: ...ur attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that...

Страница 6: ...ABOUT THIS GUIDE 6...

Страница 7: ...INITIAL SWITCH CONFIGURATION 31 SECTION II SECTION III WEB CONFIGURATION 33 3 USING THE WEB INTERFACE 35 Navigating the Web Browser Interface 35 Home Page 35 Configuration Options 36 Panel Display 36...

Страница 8: ...Authentication Through Network Access Servers 90 Filtering Traffic with Access Control Lists 101 Configuring DHCP Snooping 112 Configuring DHCP Relay and Option 82 Information 115 Configuring IP Sourc...

Страница 9: ...Port Members 176 Configuring Private VLANs 179 Using Port Isolation 181 Configuring MAC based VLANs 181 Protocol VLANs 183 Configuring Protocol VLAN Groups 183 Mapping Protocol Groups to Ports 185 Co...

Страница 10: ...stics 236 Displaying Information About Switch Settings for Port Security 237 Displaying Information About Learned MAC Addresses 239 Displaying Port Status for Authentication Services 240 Displaying Po...

Страница 11: ...mation 268 Showing IPv4 SFM Information 269 Showing MLD Snooping Information 270 Showing MLD Snooping Status 270 Showing MLD Snooping Group Information 271 Showing IPv6 SFM Information 272 Displaying...

Страница 12: ...nfiguration Settings 292 SECTION IV APPENDICES 295 A SOFTWARE SPECIFICATIONS 297 Software Features 297 Management Features 298 Standards 299 Management Information Bases 300 B TROUBLESHOOTING 301 Prob...

Страница 13: ...14 Authentication Server Operation 66 Figure 15 Authentication Method for Management Access 67 Figure 16 SSH Configuration 68 Figure 17 HTTPS Configuration 70 Figure 18 Access Management Configuratio...

Страница 14: ...g Trees 134 Figure 48 STA Bridge Configuration 137 Figure 49 Adding a VLAN to an MST Instance 139 Figure 50 Configuring STA Bridge Priorities 140 Figure 51 STP RSTP CIST Port Configuration 144 Figure...

Страница 15: ...82 Configuring Port Tag Remarking Mode 202 Figure 83 Configuring Port DSCP Translation and Rewriting 203 Figure 84 Configuring DSCP based QoS Ingress Classification 205 Figure 85 Configuring DSCP Tran...

Страница 16: ...119 RMON Alarm Overview 256 Figure 120 RMON Event Overview 256 Figure 121 LACP System Status 257 Figure 122 LACP Port Status 258 Figure 123 LACP Port Statistics 259 Figure 124 Loop Protection Status 2...

Страница 17: ...145 Showing MAC based VLAN Membership Status 284 Figure 146 Showing sFlow Statistics 286 Figure 147 ICMP Ping 288 Figure 148 ICMP Ping Results 288 Figure 149 ICMP V6 Ping 288 Figure 150 ICMP V6 Result...

Страница 18: ...FIGURES 18...

Страница 19: ...upport 69 Table 6 SNMP Security Models and Levels 72 Table 7 Dynamic QoS Profiles 94 Table 8 QCE Modification Buttons 106 Table 9 Recommended STA Path Cost Range 141 Table 10 Recommended STA Path Cost...

Страница 20: ...TABLES 20...

Страница 21: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 22: ...SECTION I Getting Started 22...

Страница 23: ...Port Authentication Port Security DHCP Snooping with Option 82 relay information IP Source Guard Access Control Lists Supports up to 256 rules DHCP Client DNS Client and Proxy service Port Configurati...

Страница 24: ...authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request use...

Страница 25: ...E LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of...

Страница 26: ...ed by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol will choose a single path and disable al...

Страница 27: ...ecified interfaces based on protocol type IEEE 802 1Q TUNNELING QINQ This feature is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used...

Страница 28: ...Query to manage multicast group registration for IPv4 traffic and MLD Snooping for IPv6 traffic It also supports Multicast VLAN Registration MVR which allows common multicast traffic such as televisio...

Страница 29: ...t Enabled 1 kpps Multicast disabled Unknown unicast disabled Spanning Tree Algorithm Status Enabled RSTP Defaults RSTP standard Edge Ports Enabled Address Table Aging Time 300 seconds Virtual LANs Def...

Страница 30: ...ent Disabled Snooping Disabled DNS Proxy service Disabled Multicast Filtering IGMP Snooping Snooping Disabled Querier Disabled MLD Snooping Disabled Multicast VLAN Registration Disabled System Log con...

Страница 31: ...ave addresses that start 192 168 1 x If the PC and switch are not on the same subnet you must manually set the PC s IP address to 192 168 1 x where x is any number from 1 to 254 except 10 4 Open your...

Страница 32: ...CHAPTER 2 Initial Switch Configuration 32 logging out To change the password click Security and then Users Select admin from the User Configuration list fill in the Password fields and then click Save...

Страница 33: ...ith a detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 35 Configuring the Switch on page 47 Monitoring the S...

Страница 34: ...SECTION II Web Configuration 34...

Страница 35: ...the web browser interface you must first enter a user name and password The administrator has Read Write access to all configuration parameters and statistics The default user name and password for t...

Страница 36: ...onboard web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions The following table briefly describes the selections available from thi...

Страница 37: ...source and target ports for local or remote mirroring 213 Advanced Configuration System2 Information Configures system contact name and location 47 IP Configures IPv4 and SNTP settings 48 IPv6 Config...

Страница 38: ...luding maximum allowed MAC addresses and response for security breach 87 NAS Configures global and port settings for IEEE 802 1X 90 ACL Access Control Lists 101 Ports Assigns ACL rate limiter and othe...

Страница 39: ...and immediate leave 145 IPMC IP Multicast IGMP Snooping Internet Group Management Protocol Snooping 151 Basic Configuration Configures global and port settings for multicast filtering 151 VLAN Config...

Страница 40: ...provided for frames entering the ingress queue of specified ports 194 Port Scheduler Provides overview of QoS Egress Port Schedulers including the queue mode and weight also configures egress queue m...

Страница 41: ...ys the number of packets used to manage the switch via HTTP HTTPS and SNMP Telnet and SSH 236 Network Port Security Switch Shows information about MAC address learning for each port including the soft...

Страница 42: ...plays administration key and associated local ports for each partner 257 Port Status Displays administration key LAG ID partner ID and partner ports for each local port 257 Port Statistics Displays st...

Страница 43: ...vices and statistics for LLDP protocol packets crossing each port 278 MAC Table Displays dynamic and static address entries associated with the CPU and each port 280 VLANs Virtual LANs 281 VLAN Member...

Страница 44: ...he switch and allows you to revert to the alternate image 292 Save Saves or views the switch s current configuration in XML format Select Save to save the XML configuration file to local storage or se...

Страница 45: ...292 Upload Restores configuration settings from a file on the management station 292 1 The Basic Configuration menu is a subset of Advanced Configuration The following configuration chapter is therefo...

Страница 46: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 46...

Страница 47: ...ETERS These parameters are displayed System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters...

Страница 48: ...ned via DHCP by default If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 2 10 and subnet mask 255 255 255 0 You can manually configure a specific...

Страница 49: ...IP addresses are forwarded IP DNS Proxy Configuration DNS Proxy If enabled the switch maintains a local database based on previous responses to DNS queries forwarded on behalf of attached clients If...

Страница 50: ...ed EUI 64 Extended Universal Identifier form of the interface identifier i e the physical MAC address You can manually configure a link local address by entering the full address with the network pref...

Страница 51: ...ts specifies that the first six colon separated values comprise the network portion of the address Router Sets the IPv6 address of the default next hop router An IPv6 default gateway must be defined i...

Страница 52: ...the switch periodically sends a request for a time update to a configured time server You can configure up to five time server IP addresses The switch will attempt to poll each server in the configur...

Страница 53: ...t and mornings have less This is known as Daylight Savings Time or Summer Time Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn PATH Basic Adv...

Страница 54: ...me basis From Start time for summer time To End time for summer time Offset The number of minutes to add during Daylight Saving Time Range 1 1440 WEB INTERFACE To set the time zone or Daylight Savings...

Страница 55: ...CHAPTER 4 Configuring the Switch Configuring the Time Zone and Daylight Savings Time 55 Figure 7 Time Zone and Daylight Savings Time Configuration...

Страница 56: ...t exist PARAMETERS These parameters are displayed Server Mode Enables disables the logging of debug or error messages to the remote logging process Default Disabled Server Address Specifies the IPv4 a...

Страница 57: ...uits powered up when traffic is transmitted The devices can exchange information about the device wakeup time using LLDP protocol To maximize power savings the circuit is not started as soon as data i...

Страница 58: ...iguring EEE Power Reduction CONFIGURING PORT CONNECTIONS Use the Port Configuration page to configure the connection parameters for each port This page includes options for enabling auto negotiation o...

Страница 59: ...1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T port or trunk If not used the success of the link process cannot b...

Страница 60: ...quirements IEEE 802 3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters Enabling power saving mode can significantly reduce power used...

Страница 61: ...S over the Secure Socket Layer SSL static configuration of client addresses and SNMP General Security Measures Network menu This switch supports many methods of segregating traffic for clients attache...

Страница 62: ...er s privilege should be same or greater than the group privilege level to have the access of a group By default most of the group privilege levels are set to 5 which provides read only access and pri...

Страница 63: ...Users Figure 11 Showing User Accounts To configure a user account 1 Click Advanced Configuration Security Switch Users 2 Click Add new user 3 Enter the user name password and privilege level 4 Click...

Страница 64: ...Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege levels Every privilege level group can be configured to access the following modules...

Страница 65: ...or TACACS remote access authentication server Note that the RADIUS servers used to authenticate client access for IEEE 802 1X port authentication are also configured on this page see page 90 Remote A...

Страница 66: ...authentication method and the corresponding parameters for the remote authentication protocol on the Network Access Server Configuration page Local and remote logon authentication can be used to contr...

Страница 67: ...ossible if the Authentication Method is set to something else than none or local WEB INTERFACE To configure authentication for management access 1 Click Advanced Configuration Security Switch Auth Met...

Страница 68: ...nitial connection or manually entered into the known host file However you do not need to configure the client s keys The SSH service on the switch supports up to four client sessions The maximum numb...

Страница 69: ...or above The following web browsers and operating systems currently support HTTPS PARAMETERS These parameters are displayed Mode Enables HTTPS service on the switch Default Enabled Automatic Redirect...

Страница 70: ...ch Access Management PARAMETERS These parameters are displayed Mode Enables or disables filtering of management access based on configured IP addresses Default Disabled Start IP Address The starting a...

Страница 71: ...by the agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions...

Страница 72: ...es or disables SNMP service Default Disabled Table 6 SNMP Security Models and Levels Model Level Community String Group Read View Write View Security v1 noAuth NoPriv public default_ro_group default_v...

Страница 73: ...against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engin...

Страница 74: ...raffic You should consider these effects when deciding whether to issue notifications as traps or informs Trap Inform Timeout The number of seconds to wait for an acknowledgment before resending an in...

Страница 75: ...o enable SNMP service on the switch specify the SNMP version to use change the community access strings if required and set the engine ID if SNMP version 3 is used 3 In the SNMP Trap Configuration tab...

Страница 76: ...uration table For security reasons you should consider removing the default strings PATH Advanced Configuration Security Switch SNMP Communities PARAMETERS These parameters are displayed Community Spe...

Страница 77: ...Click Save Figure 20 SNMPv3 Community Configuration CONFIGURING SNMPV3 USERS Use the SNMPv3 User Configuration page to define a unique name and remote engine ID for each SNMPv3 user Users must be con...

Страница 78: ...oAuth NoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 Auth NoPriv SNMP communications use authentication but the data is not encrypted Auth P...

Страница 79: ...ASCII characters 33 126 only The options displayed for this parameter depend on the selected Security Model For SNMP v1 and v2c the switch displays the names configured on the SNMPv3 Communities Conf...

Страница 80: ...of the SNMP view Range 1 32 characters ASCII characters 33 126 only View Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Generally if...

Страница 81: ...User based Security Model usm Default any Security Level The security level assigned to the group NoAuth NoPriv There is no authentication or encryption used in SNMP communications This is the default...

Страница 82: ...adually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent then periodically communicates with the switch using the SNM...

Страница 83: ...ittent problems The record can be used to establish normal baseline activity which may reveal problems associated with high traffic levels broadcast storms or other unusual events It can also be used...

Страница 84: ...or changing values such as a statistical counter reaching a specific value or a statistic changing by a certain amount over the set interval Alarms can be set to respond to rising or falling threshold...

Страница 85: ...value is greater than the rising threshold and the last sample value was less than this threshold then an alarm will be generated After a rising event has been generated another such event will not be...

Страница 86: ...a message to a trap manager Alarms and corresponding events provide a way of immediately responding to critical network problems PATH Advanced Configuration Security RMON Event PARAMETERS The followi...

Страница 87: ...nd the community string to send with trap messages 4 Click Save Figure 28 RMON Event Configuration CONFIGURING PORT LIMIT CONTROLS Use the Port Security Limit Control Configuration page to limit the n...

Страница 88: ...MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken The switch is initialized with a total number of MAC addresses...

Страница 89: ...cates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap Shutdown Re open If a port is shut down by this module you may reopen it...

Страница 90: ...to easily intrude and possibly gain access to sensitive network data Use the Network Access Server Configuration page to configure IEEE 802 1X port based and MAC based authentication settings The 802...

Страница 91: ...MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security However note that the only encryption method supported by...

Страница 92: ...he user to have special 802 1X software installed on his system The switch uses the client s MAC address to authenticate against the backend server However note that intruders can create counterfeit M...

Страница 93: ...t enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication does not cause direct communication between the switch and the client so this will no...

Страница 94: ...cept packet Only the first occurrence of the attribute in the packet will be considered To be valid all 8 octets in the attribute s value must be identical and consist of ASCII characters in the range...

Страница 95: ...er is denied access While a port has an assigned dynamic QoS profile any manual QoS configuration changes only take effect after all users have logged off the port RADIUS Assigned VLAN Enabled RADIUS...

Страница 96: ...used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Privat...

Страница 97: ...OL Success frame after entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the...

Страница 98: ...ted on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast...

Страница 99: ...e The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The...

Страница 100: ...client authentication using one of the methods described below Note that the restart buttons are only enabled when the switch s authentication mode is globally enabled under System Configuration and t...

Страница 101: ...opped as soon as it matches a deny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to an...

Страница 102: ...n page 213 ACL based port mirroring set by this parameter and port mirroring set on the general Mirror Configuration page are implemented independently To use ACL based mirroring enable the Mirror par...

Страница 103: ...r each port to which an ACL will be applied 4 Click Save Figure 32 ACL Port Configuration CONFIGURING RATE LIMITERS Use the ACL Rate Limiter Configuration page to define the rate limits applied to a p...

Страница 104: ...tion CONFIGURING ACCESS CONTROL LISTS Use the Access Control List Configuration page to define filtering rules for an ACL policy for a specific port or for all ports Rules applied to a port take effec...

Страница 105: ...ing is equal to IP 0x800 IPv4 frames based on destination MAC address protocol type TTL IP fragment IP option flag source destination IP VLAN ID VLAN priority PARAMETERS These parameters are displayed...

Страница 106: ...to match Options Any Ethernet ARP IPv4 Default Any Filter Criteria Based on Selected Frame Type Ethernet MAC Parameters SMAC Filter The type of source MAC address Options Any Specific user defined Def...

Страница 107: ...IP address Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Network specifies the sender IP address and sender IP mask in the SIP Address and...

Страница 108: ...owed 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Default Any IPv4 MAC Parameters DMAC Filt...

Страница 109: ...st match this entry Default Any TCP PSH Specifies the TCP Push Function PSH value for this rule Options Any any value is allowed 0 TCP frames where the PSH field is set must not match this entry 1 TCP...

Страница 110: ...on IP mask in the DIP Address and DIP Mask fields Default Any Response to take when a rule is matched Action Permits or denies a frame based on whether it matches an ACL rule Default Permit Rate Limit...

Страница 111: ...B INTERFACE To configure an Access Control List for a port or a policy 1 Click Advanced Configuration Security Network ACL Access Control List 2 Click the button to add a new ACL or use the other ACL...

Страница 112: ...o DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping or using the static bindings configured with IP Source Guard DHCP snooping allows...

Страница 113: ...r a trusted port If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally but the port is not trusted it is pr...

Страница 114: ...nables DHCP snooping globally When DHCP snooping is enabled DHCP request messages will be forwarded to trusted ports and reply packets only allowed from trusted ports Default Disabled Port Port identi...

Страница 115: ...o which they are connected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire...

Страница 116: ...ddress of a neighbor to access the network CONFIGURING GLOBAL AND PORT SETTINGS FOR IP SOURCE GUARD Use the IP Source Guard Configuration page to filter traffic on an insecure port which receives mess...

Страница 117: ...inding the packet will be forwarded If IP source guard if enabled on an interface for which IP source bindings have not yet been configured neither by static configuration in the IP source guard bindi...

Страница 118: ...Source Guard CONFIGURING STATIC BINDINGS FOR IP SOURCE GUARD Use the Static IP Source Guard Table to bind a static address to a port Table entries include a port identifier VLAN identifier IP address...

Страница 119: ...o static IP source guard binding Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed Port The port to which a static entry is bound VLAN ID ID of a config...

Страница 120: ...tion is controlled on a global and port basis By default ARP Inspection is disabled both globally and on all ports If ARP Inspection is globally enabled then it becomes active only on the ports where...

Страница 121: ...Default Disabled Translate dynamic to static Click to translate all dynamic entries to static entries Port Mode Configuration Port Port identifier Mode Enables Dynamic ARP Inspection on a given port O...

Страница 122: ...packets to any entries specified in the static ARP table If no static entry matches the packets then the DHCP snooping bindings database determines their validity PATH Advanced Configuration Security...

Страница 123: ...equest Range 3 3600 seconds Default 15 seconds Dead Time The time after which the switch considers an authentication server to be dead if it does not reply Range 0 3600 seconds Default 300 seconds Set...

Страница 124: ...ement access in the web interface 1 Click Advanced Configuration Security AAA 2 Configure the authentication method for management client types the common server timing parameters and address UDP port...

Страница 125: ...e standby ports will automatically be activated to replace it USAGE GUIDELINES Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a...

Страница 126: ...e a balanced load across all links in a trunk the switch uses a hash algorithm to calculate an output link number in the trunk However depending on the device to which a trunk is connected and the tra...

Страница 127: ...nt hosts Do not use this mode for switch to server trunk links where the destination IP address is the same for all traffic One of the defaults TCP UDP Port Number All traffic with the same source and...

Страница 128: ...onnecting the ports and also disconnect the ports before disabling LACP If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with...

Страница 129: ...s are connected to the same partner LACP can form up to 12 LAGs per switch Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default Aut...

Страница 130: ...nabled a control frame is transmitted on the participating ports and the switch monitors inbound traffic to see if the frame is looped back PATH Advanced Configuration Loop Protection USAGE GUIDELINES...

Страница 131: ...in that state until the switch is reset When the loop protection mode is changed any ports placed in shutdown state by the loopback detection process will be immediately restored to operation regardle...

Страница 132: ...D RSTP Rapid Spanning Tree Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s STP STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router...

Страница 133: ...aining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs MSTP When using STP or RSTP it may be difficult to maintain a stable path between all...

Страница 134: ...ng Tree Instance MSTI the protocol will automatically build an MSTI tree to maintain connectivity among each of the VLANs MSTP maintains contact with the global network because each instance is treate...

Страница 135: ...lowing for faster convergence of a new topology for the failed instance To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP conf...

Страница 136: ...becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Note that references to ports in this section mean...

Страница 137: ...uthorized device The BPDU guard feature provides a secure response to invalid configurations because an administrator must manually enable the port Default Disabled Port Error Recovery Controls whethe...

Страница 138: ...l area of your network However remember that you must configure all bridges that exist within the same MSTI Region with the same set of instances and the same instance on each bridge with the same set...

Страница 139: ...pped VLANs to assign to this MST instance The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI Range 1 4094 WEB INTERFACE To add VLAN groups to an MSTP instance 1...

Страница 140: ...16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 Default 128 Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the ST...

Страница 141: ...ation settings can be applied to all trunks STP Enabled Sets the interface to enable STA disable STA or disable STA with BPDU transparency Default Enabled BPDU transparency is commonly used to support...

Страница 142: ...looding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA rela...

Страница 143: ...eceiving BPDUs It can prevent loops by shutting down an port when a BPDU is received instead of putting it into the spanning tree discarding state The BPDU guard feature provides a secure response to...

Страница 144: ...the same media type to indicate the preferred path References to ports in this section means interfaces which includes both ports and trunks PATH Basic Advanced Configuration Spanning Tree MSTI Ports...

Страница 145: ...ric identifier will be enabled Range 0 240 in steps of 16 Default 128 WEB INTERFACE To configure settings for MSTP interfaces 1 Click Configuration Spanning Tree MSTI Ports 2 Modify the required attri...

Страница 146: ...ver port PATH Advanced Configuration MVR COMMAND USAGE General Configuration Guidelines for MVR 1 Enable MVR globally on the switch and select the MVR VLAN 2 Set the interfaces that will join the MVR...

Страница 147: ...aracters containing at least one alphabetic character Mode Specify the MVR mode of operation Dynamic MVR allows dynamic MVR membership reports on source ports This is the default Compatible MVR member...

Страница 148: ...anually configured as a member of the MVR VLAN see Assigning Ports to VLANs on page 175 Receiver A subscriber port that can receive multicast data sent through the MVR VLAN Any port configured as a re...

Страница 149: ...URING MVR CHANNEL SETTINGS Use the MVR Channel Configuration page to view dynamic multicast group bindings for a multicast VLAN or to configure static bindings for a multicast VLAN PATH COMMAND USAGE...

Страница 150: ...ETERS These parameters are displayed VLAN ID Displays the Multicast VLAN identifier VLAN Name Displays the Multicast VLAN name Start Address The starting IPv4 IPv6 Multicast Group Address that will be...

Страница 151: ...ry thereby identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch rou...

Страница 152: ...cket only when the last dynamic member port leaves a multicast group The leave proxy feature does not function when a switch is set as the querier When the switch is a non querier the receiving port i...

Страница 153: ...s the switch to remove a port from the multicast forwarding table without first having to send an IGMP group specific GS query to that interface If Fast Leave is not used a multicast router or querier...

Страница 154: ...Configuration PARAMETERS These parameters are displayed VLAN ID VLAN Identifier Snooping Enabled When enabled the switch will monitor network traffic on the indicated VLAN interface to determine which...

Страница 155: ...t 125 seconds An MLD general query message is sent by the switch at the interval specified by this attribute When this message is received by downstream hosts all receivers build an MLD report for the...

Страница 156: ...ator may want to control the multicast services that are available to end users for example an IP TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement...

Страница 157: ...ndent functions and can therefore both function at the same time CONFIGURING GLOBAL AND PORT RELATED SETTINGS FOR MLD SNOOPING Use the MLD Snooping Configuration page to configure global and port rela...

Страница 158: ...ges so that a non querier switch forwards an MLD leave packet only when the last dynamic member port leaves a multicast group The leave proxy feature does not function when a switch is set as the quer...

Страница 159: ...If Fast Leave is not used a multicast router or querier will send a GS query message when a group leave message is received The router querier stops forwarding traffic for that group only if no host...

Страница 160: ...is enabled globally the per VLAN interface settings for MLD snooping take precedence When MLD snooping is disabled globally snooping can still be configured per VLAN interface but the interface settin...

Страница 161: ...t which General Queries are sent by the Querier Range 1 255 seconds Default 125 seconds An MLD general query message is sent by the switch at the interval specified by this attribute When this message...

Страница 162: ...ing Configuration page to filter specific multicast traffic In certain switch applications the administrator may want to control the multicast services that are available to end users for example an I...

Страница 163: ...ype Length Value TLV format according to the IEEE 802 1AB standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and main...

Страница 164: ...pting to re initialize after LLDP ports are disabled or the link goes down Range 1 10 seconds Default 2 seconds When LLDP is re initialized on a port all information in the remote system s LLDP MIB as...

Страница 165: ...Capa The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB...

Страница 166: ...ver IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details Both LLDP and LLDP MED information can be used by SNMP app...

Страница 167: ...at count it is possible to specify the number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted w...

Страница 168: ...de The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City Ci...

Страница 169: ...ific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are Layer 2 VLAN ID IEEE 802 1Q 2003 Layer 2 priority value IEEE 802...

Страница 170: ...dvertised in the Guest Voice application policy Softphone Voice For use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not sup...

Страница 171: ...value used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 63 A value of 0 represents use of the default...

Страница 172: ...for all known devices This information is used to pass traffic directly between the inbound and outbound ports All the addresses learned by monitoring traffic are stored in the dynamic address table...

Страница 173: ...he MAC Learning Table is grayed out another software module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X...

Страница 174: ...twork but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical c...

Страница 175: ...carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devi...

Страница 176: ...orts PARAMETERS These parameters are displayed Ethertype for Custom S ports When Port Type is set to S custom port the EtherType also called the Tag Protocol Identifier or TPID of all frames received...

Страница 177: ...f ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded If ingress filtering is disabled and a port receives frames tagge...

Страница 178: ...ntain any VLAN aware devices including the destination host the switch should first strip off the VLAN tag before forwarding the frame Port VLAN ID VLAN ID assigned to untagged frames received on the...

Страница 179: ...n only be forwarded to and from uplink ports that is ports configured as members of both a standard IEEE 802 1Q VLAN and the private VLAN Ports isolated in the private VLAN are designated as downlink...

Страница 180: ...VLANs PVLAN Membership PARAMETERS These parameters are displayed PVLAN ID Private VLAN identifier By default all ports are configured as members of VLAN 1 and PVLAN 1 Because all of these ports are me...

Страница 181: ...re displayed Port Number Port identifier WEB INTERFACE To configure isolated ports 1 Click Configuration Private VLANs Port Isolation 2 Mark the ports which are to be isolated from each other 3 Click...

Страница 182: ...C address which is to be mapped to a specific VLAN The MAC address must be specified in the format xx xx xx xx xx xx VLAN ID VLAN to which ingress traffic matching the specified source MAC address is...

Страница 183: ...want to use page 175 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for e...

Страница 184: ...0x0600 0xffff and if value of the OUI is other than 00 00 00 then valid value of the PID will be any value from 0x0000 to 0xffff Group Name The name assigned to the Protocol VLAN Group This name must...

Страница 185: ...rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the...

Страница 186: ...et these frames are assigned to the VLAN indicated in the entry If no IP subnet is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID PATH Advanced Configurat...

Страница 187: ...Then mark the ports which will be assigned to this VLAN 3 Click Save Figure 72 Assigning Ports to an IP Subnet based VLAN MANAGING VOIP TRAFFIC When IP telephony is deployed in an enterprise network...

Страница 188: ...Disabled VLAN ID Sets the Voice VLAN ID for the network Only one Voice VLAN is supported on the switch Range 1 4095 Default 1000 The Voice VLAN cannot be the same as that defined for any other functio...

Страница 189: ...d Discovery Protocol Selects a method to use for detecting VoIP traffic on the port Default OUI OUI Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MA...

Страница 190: ...numbers for VoIP equipment can be configured on the switch so that traffic from these devices is recognized as VoIP NOTE Making any changes to the OUI table will restart the auto detection process fo...

Страница 191: ...classes The manner in which an individual device handles traffic is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end Q...

Страница 192: ...es not classified in any other way Range 0 1 Default 0 PCP Controls the default Priority Code Point or User Priority for untagged frames Range 0 7 Default 0 DEI Controls the default Drop Eligible Indi...

Страница 193: ...e values when Tag Classification is Enabled Range 0 1 Default 0 WEB INTERFACE To set the basic QoS parameters for a port 1 Click Advanced Configuration QoS Port Classification 2 Set any of the ingress...

Страница 194: ...his function allows the network manager to control the maximum rate for traffic received on an port Port policing is configured on interfaces at the edge of a network to limit traffic into of the netw...

Страница 195: ...ure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discardin...

Страница 196: ...ch queue Options Strict Weighted Default Strict DWRR services the queues in a manner similar to WRR but the next queue is serviced only when the queue s Deficit Counter becomes smaller than the packet...

Страница 197: ...queue Port Shaper Sets the rate at which traffic can egress this queue Enable Enables or disables port shaping Default Disabled Rate Controls the rate for the port shaper The default value is 500 Thi...

Страница 198: ...r queue scheduler when the scheduler mode is set to Weighted and the port shaper 4 Click Save Figure 79 Configuring Egress Port Schedulers and Shapers CONFIGURING EGRESS PORT SHAPER Use the QoS Egress...

Страница 199: ...meters under Configuring Egress Port Scheduler WEB INTERFACE To show an overview of the rate for each queue and port 1 Click Advanced Configuration QoS Port Shaper 2 Click on any enter under the Port...

Страница 200: ...ort Classified Uses classified PCP DEI values Default Uses default PCP DEI values Range PCP 0 7 Default 0 DEI 0 1 Default 0 Mapped Controls the mapping of the classified QoS class values and DP levels...

Страница 201: ...81 Displaying Port Tag Remarking Mode To configure the tag remarking mode 1 Click Configuration QoS Port Tag Remarking 2 Click on any of the entries in the Port field 3 Set the tag remarking mode and...

Страница 202: ...Mode CONFIGURING PORT DSCP TRANSLATION AND REWRITING Use the QoS Port DSCP Configuration page to configure ingress translation and classification settings and egress re writing of DSCP values PATH Adv...

Страница 203: ...ed without remapping Remap DP Aware Frame with DSCP from analyzer is remapped and remarked with the remapped DSCP value Depending on the frame s DP level the remapped DSCP value is either taken from t...

Страница 204: ...re mapped to a specific QoS class and drop level DPL Frames with untrusted DSCP values are treated as non IP frames QoS Class QoS value to which the corresponding DSCP value is classified for ingress...

Страница 205: ...RAMETERS These parameters are displayed DSCP DSCP value Range 0 63 Ingress Translate Enables ingress translation of DSCP values based on the specified classification method Ingress Classify Enable Cla...

Страница 206: ...pping parameters 3 Click Save Figure 85 Configuring DSCP Translation and Re mapping CONFIGURING DSCP CLASSIFICATION Use the DSCP Classification page to map DSCP values to a QoS class and drop preceden...

Страница 207: ...tion page to configure Quality of Service policies for handling ingress packets based on Ethernet type VLAN ID TCP UDP port DSCP ToS or VLAN priority tag Once a QCE is mapped to a port traffic matchin...

Страница 208: ...ill be put in the queue corresponding to the specified QoS class DPL The drop precedence level will be set to the specified value DSCP The DSCP value will be set the specified value The following butt...

Страница 209: ...esponse or sequence information depending on whether the LLC frame type is Unnumbered Supervisory or Information Options Any Specific 0x00 0xff Default 0xff SNAP SubNetwork Access Protocol can be dist...

Страница 210: ...535 Action Parameters Indicates the classification action taken on ingress frame if the configured parameters are matched in the frame s content If a frame matches the QCE the following actions will b...

Страница 211: ...g the network is not properly configured or application programs are not well designed or properly configured Traffic storms caused by any of these problems can severely degrade performance or bring y...

Страница 212: ...32 64 128 256 512 or 1 2 4 8 16 32 64 128 256 512 1024 Kpps Default 2 pps Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps translates int...

Страница 213: ...on the ACL Ports Configuration page see Filtering Traffic with Access Control Lists on page 101 or the ACE Configuration page see Configuring Access Control Lists on page 104 PARAMETERS These paramet...

Страница 214: ...figuration CONFIGURING REMOTE PORT MIRRORING Use the Mirroring RSPAN Configuration page to mirror traffic from remote switches for analysis at a destination port on the local switch This feature also...

Страница 215: ...tch on the Mirroring RSPAN configuration page by specifying switch type Destination the RSPAN VLAN intermediate ports and the destination port s where the mirrored traffic will be received RSPAN Limit...

Страница 216: ...y mirrored traffic Source port s reflector port and intermediate port s are located on this switch Intermediate Specifies this device as an intermediate switch transparently passing mirrored traffic f...

Страница 217: ...tination port can still send and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned WEB INTERFACE To configure remote port mirroring for an RSPAN source sw...

Страница 218: ...ng for an RSPAN intermediate switch 1 Click Basic Advanced Configuration Mirroring RSPAN 2 Set the Mode to Enabled and the Type to Intermediate 3 Select the intermediate ports through which all mirror...

Страница 219: ...o Enabled and the Type to destination 3 Select the intermediate ports to add to the RSPAN VLAN which will then pass traffic on to the destination ports 4 Select the destination ports which are to moni...

Страница 220: ...URL for the service provided in the device description When a device is known to the control point periodic event notification messages are sent A UPnP description for a service includes a list of ac...

Страница 221: ...t on their network The sFlow Agent samples 1 out of n packets from all data traversing the switch re encapsulates the samples as sFlow datagrams and transmits them to the sFlow Collector This sampling...

Страница 222: ...ent reconfiguration The Release button can be used to release the current owner and disable sFlow sampling This button is disabled if sFlow is currently unconfigure If configured through SNMP the rele...

Страница 223: ...en Range 1 4096 packets or 0 to disable sampling Default Disabled Max Header Maximum size of the sFlow datagram header Range 14 200 bytes Default 128 bytes If the maximum datagram size does not take i...

Страница 224: ...CHAPTER 4 Configuring the Switch Configuring sFlow 224 Figure 95 sFlow Configuration...

Страница 225: ...splaying the device name location and contact information PATH Monitor System Information PARAMETERS These parameters are displayed System To configure the following items see Configuring System Infor...

Страница 226: ...ation Figure 96 System Information DISPLAYING CPU UTILIZATION Use the CPU Load page to display information on CPU utilization The load is averaged over the last 100ms 1sec and 10 seconds intervals The...

Страница 227: ...the logged system and event messages PATH Monitor System Log PARAMETERS These parameters are displayed Display Filter Level Specifies the type of log messages to display Info Informational messages on...

Страница 228: ...splay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entrie...

Страница 229: ...S You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the number of pa...

Страница 230: ...he number of packets received and transmitted Bytes Received Transmitted The number of bytes received and transmitted Errors Received Transmitted The number of frames received with errors and the numb...

Страница 231: ...meters are displayed Port Port identifier Q Receive Transmit The number of packets received and transmitted through the indicated queue WEB INTERFACE To display the queue counters click Monitor Ports...

Страница 232: ...aken Class Classified QoS Class If a frame matches the QCE it will be put in the queue corresponding to the specified QoS class DP The drop precedence level will be set to the specified value DSCP The...

Страница 233: ...ber of received and transmitted broadcast packets good and bad Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive Tra...

Страница 234: ...bber The total number of frames received that were longer than the configured maximum frame length for this port excluding framing bits but including FCS octets and had either an FCS or alignment erro...

Страница 235: ...CHAPTER 5 Monitoring the Switch Displaying Information About Ports 235 WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 104 Detailed Port Statistics...

Страница 236: ...Management Statistics USAGE GUIDELINES Statistics will only be displayed on this page if access management is enabled on the Access Management Configuration menu see page 70 and traffic matching one o...

Страница 237: ...es to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules that may request port security services and on...

Страница 238: ...ed on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count The two columns indicate the number of currently learned MAC addresses forwarding as well as...

Страница 239: ...ive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blo...

Страница 240: ...rame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received...

Страница 241: ...Port selection page to display the authentication status for the selected port either for 802 1X protocol or for the remote authentication server depending on the authentication method PATH Monitor Se...

Страница 242: ...will match any ingress port Policy The ACE will match ingress ports with a specific policy Port The ACE will match a specific ingress port Frame Type Indicates the frame type to which the ACE applies...

Страница 243: ...ounter The number of times the ACE was matched by a frame Conflict This field shows Yes if a specific ACE is not applied due to hardware limitations WEB INTERFACE To display ACL status 1 Click Monitor...

Страница 244: ...e number of inform option 53 with value 8 packets received and transmitted Rx Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx Tx Lease Unassigned T...

Страница 245: ...re displayed Server Statistics Transmit to Server The number of packets relayed from the client to the server Transmit Error The number of packets containing errors that were sent to clients Receive f...

Страница 246: ...eived where the DHCP client packet information was replaced with the switch s relay information Keep Agent Option The number of packets received where the DHCP client packet information was retained D...

Страница 247: ...ard Table to display entries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected thr...

Страница 248: ...TERS These parameters are displayed IP Address The IP address and UDP port number of this server Status The current state of the server This field takes one of the following values Disabled The server...

Страница 249: ...tication Statistics Receive Packets Access Accepts The number of RADIUS Access Accept packets valid or invalid received from this server Access Rejects The number of RADIUS Access Reject packets valid...

Страница 250: ...ission Timeouts The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted...

Страница 251: ...rt Packets Dropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Transmit Packets Requests The number of RADIUS packets sent...

Страница 252: ...but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Tri...

Страница 253: ...events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of pac...

Страница 254: ...statistics on a physical interface including network utilization packet types and errors PATH Monitor Security Switch RMON History PARAMETERS These parameters are displayed History Index Index of Hist...

Страница 255: ...sampling the selected variable and calculating the value to be compared against the thresholds For more information see Configuring RMON Alarms on page 84 Value The value of the statistic during the l...

Страница 256: ...h RMON Alarm Figure 119 RMON Alarm Overview DISPLAYING RMON EVENT SETTINGS Use the RMON Alarm Event page to display configured event settings PATH Monitor Security Switch RMON Event PARAMETERS These p...

Страница 257: ...Aggr ID The Aggregation ID associated with this Link Aggregation Group LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Last Cha...

Страница 258: ...AG partner s system ID assigned by the LACP protocol i e its MAC address Partner Port The partner port connected to this local port WEB INTERFACE To display LACP status for local ports this switch cli...

Страница 259: ...conditions PATH Monitor Loop Protection PARAMETERS These parameters are displayed Port Port identifier Action Configured port action i e the response to take when a loop is detected on a port Transmi...

Страница 260: ...are displayed STA Bridges MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID A unique identifier for this bridge consisting of the bridge priority and MAC addres...

Страница 261: ...gured during a one second interval CIST Ports Aggregations State Port Port Identifier Port ID The port identifier as used by the RSTP protocol This consists of the priority part and the logical port i...

Страница 262: ...one other bridge The flag may be automatically computed or explicitly configured The point to point properties of a port affect how fast it can transition RSTP states Uptime The time since the bridge...

Страница 263: ...re removed CIST State Displays current state of this port within the Spanning Tree Blocking Port receives STA configuration messages but does not forward packets Learning Port has transmitted configur...

Страница 264: ...transmitted on a port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on a port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded...

Страница 265: ...Joins and MLDv2 Reports respectively IGMPv2 MLDv1 Leaves Received Number of received IGMPv2 Leaves and MLDv1 Dones respectively WEB INTERFACE To display information for MVR statistics click Monitor M...

Страница 266: ...130 MVR Group Information DISPLAYING MVR SFM INFORMATION Use the MVR SFM Information page to display MVR Source Filtered Multicast information including group filtering mode include or exclude source...

Страница 267: ...GMP Snooping Status page to display IGMP querier status snooping statistics for each VLAN carrying IGMP traffic and the ports connected to an upstream multicast router switch PATH Monitor IPMC IGMP Sn...

Страница 268: ...tatus Ports connected to multicast routers may be dynamically discovered by this switch or statically assigned to an interface on this switch WEB INTERFACE To display IGMP snooping status information...

Страница 269: ...r IPMC IGMP Snooping IPv4 SFM Information PARAMETERS These parameters are displayed VLAN ID VLAN identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mo...

Страница 270: ...orts connected to an upstream multicast router switch PATH Monitor IPMC MLD Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version MLD version use...

Страница 271: ...o an interface on this switch WEB INTERFACE To display MLD snooping status information click Monitor MLD Snooping Status Figure 135 MLD Snooping Status SHOWING MLD SNOOPING GROUP INFORMATION Use the M...

Страница 272: ...S These parameters are displayed VLAN ID VLAN Identifier Group The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID port n...

Страница 273: ...PATH Monitor LLDP Neighbors PARAMETERS These parameters are displayed Local Port The local port to which a remote LLDP capable device is attached Chassis ID An octet string indicating the specific ide...

Страница 274: ...or Information page to display information about a remote device connected to a port on this switch which is advertising LLDP MED TLVs including network connectivity device endpoint device capabilitie...

Страница 275: ...Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device lo...

Страница 276: ...he VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagg...

Страница 277: ...Tw The link partner s maximum time that the transmit path can hold off sending data after de assertion of Lower Power Idle LPI mode Tw indicates Wake State Time Rx Tw The link partner s time the recei...

Страница 278: ...d via LLDP Resolved Rx Tw The resolved Rx Tw for this link not the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE...

Страница 279: ...es discarded because they did not conform to the general validation rules as well as any specific usage rules defined for the particular Type Length Value TLV TLVs Discarded Each LLDP frame can contai...

Страница 280: ...t fields allow you to select the starting point in the table Type Indicates whether the entry is static or dynamic Dynamic MAC addresses are learned by monitoring the source address for traffic enteri...

Страница 281: ...eb or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server MVR Eliminates the need to duplicate multicast traffic f...

Страница 282: ...tion of the software modules that use VLAN management services Port Port Identifier PVID The native VLAN assigned to untagged frames entering this port Port Type Shows whether or not a port processes...

Страница 283: ...VLAN port status click Monitor VLANs VLAN Port 2 Select a software module from the drop down list on the right side of the page Figure 144 Showing VLAN Port Status DISPLAYING INFORMATION ABOUT MAC BA...

Страница 284: ...AC based VLAN Membership Status DISPLAYING INFORMATION ABOUT FLOW SAMPLING Use the sFlow Statistics page to display information on sampled traffic including the owner receiver address remaining sampli...

Страница 285: ...ress host name into the Ping Web page Diagnostics Ping Ping6 Flow Samples The total number of flow samples sent to the sFlow receiver Counter Samples The total number of counter samples sent to the sF...

Страница 286: ...CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling 286 WEB INTERFACE 1 To display information on sampled traffic click Monitor sFlow Figure 146 Showing sFlow Statistics...

Страница 287: ...IPv4 address consists of 4 numbers 0 to 255 separated by periods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the app...

Страница 288: ...Start the sequence number and round trip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs Figure 147...

Страница 289: ...aving configuration settings and resetting the switch RESTARTING THE SWITCH Use the Restart Device page to restart the switch PATH Maintenance Restart Device WEB INTERFACE To restart the switch 1 Clic...

Страница 290: ...reboot is necessary Figure 152 Factory Defaults UPGRADING FIRMWARE Use the Software Upload page to upgrade the switch s system firmware by specifying a file provided by LevelOne You can download firmw...

Страница 291: ...off the device at this time or the switch may fail to function afterwards Figure 153 Software Upload ACTIVATING THE ALTERNATE IMAGE Use the Software Image Selection page to display information about t...

Страница 292: ...the file under which to save the current configuration settings The configuration file is in XML format The configuration parameters are represented as attribute values When saving the configuration...

Страница 293: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 293 Figure 156 Configuration Upload...

Страница 294: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 294...

Страница 295: ...295 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 297 Troubleshooting on page 301 License Information on page 303...

Страница 296: ...SECTION III Appendices 296...

Страница 297: ...0 Mbps at half full duplex 1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast...

Страница 298: ...ts DSCP remarking ingress traffic policing and egress traffic shaping MULTICAST FILTERING IGMP Snooping IPv4 MLD Snooping IPv6 Multicast VLAN Registration ADDITIONAL FEATURES DHCP Client Relay Option...

Страница 299: ...EEE 802 1p Priority tags IEEE 802 1Q 2005 VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protoco...

Страница 300: ...RFC 2065 IPV6 ICMP MIB RFC 2066 IPV6 TCP MIB RFC 2052 IPV6 UDP MIB RFC 2054 MAU MIB RFC 3636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB...

Страница 301: ...t been disabled Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station...

Страница 302: ...witch follow these steps 1 Enable logging 2 Set the error messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages...

Страница 303: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 304: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Страница 305: ...These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Страница 306: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Страница 307: ...according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DHCP Dynamic Host Control Protocol Provides a framework for passing...

Страница 308: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Страница 309: ...1S An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1W An IEEE standard for the Rapid Spanning Tree Protocol RSTP which...

Страница 310: ...by this switch can pass multicast traffic along to participating hosts IP PRECEDENCE The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority l...

Страница 311: ...egion and prevents VLAN members from being segmented from the rest of the group MULTICAST SWITCHING A process whereby the switch filters incoming multicast frames for services for which no attached ho...

Страница 312: ...rity of one flow or limiting the priority of another flow RADIUS Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to...

Страница 313: ...T Defines a remote communication facility for interfacing to a terminal device over TCP IP TFTP Trivial File Transfer Protocol A TCP IP protocol commonly used for software downloads UDP User Datagram...

Страница 314: ...GLOSSARY 314...

Страница 315: ...on policy 115 DHCP snooping 112 DNS server 49 Domain Name Service See DNS downloading software 290 using HTTP 290 using TFTP 290 drop precedence QoS 192 DSCP classification QoS 206 rewriting port 202...

Страница 316: ...ng syslog traps 56 to syslog servers 56 log in web interface 35 logon authentication 62 encryption keys 123 RADIUS client 123 RADIUS server 123 settings 123 TACACS client 65 TACACS server 65 123 loopb...

Страница 317: ...2 control lists 207 drop precedence 192 DSCP classification 206 DSCP rewriting 202 DSCP translation 202 205 egress port scheduler 196 ingress classification 204 ingress port classification 192 ingress...

Страница 318: ...2 trap destination 73 trap manager 73 troubleshooting 301 trunk configuration 126 128 LACP 128 static 126 Type Length Value See LLDP TLV See LLDP MED TLV U unknown unicast storm threshold 212 upgradin...

Страница 319: ......

Страница 320: ...Level 1 GEL 2670 E012013 KS R01...

Результаты поиска

Содержание GEL-2670

Отзывы:

LevelOne GEL-2670, Руководство пользователя, Страница: 88 / 320

Результаты поиска

Содержание GEL-2670

Отзывы: