LevelOne GEP-1070 Скачать руководство пользователя страница 49

Страница: 49 / 319

4.5. Security

You can configure this switch to authenticate users logging into the system for management

access or to control client access to the data ports.

Management Access Security (Switch menu)

– Management access to the switch can be

controlled through local authentication of user names and passwords stored on the switch, or

remote authentication of users via a RADIUS or server. Additional authentication

methods includes Secure Shell (SSH), Secure Hypertext Transfer Protocol (HTTPS) over the

Secure Socket Layer (SSL), static configuration of client addresses, and SNMP.

General Security Measures (Network menu)

– This switch supports many methods of

segregating traffic for clients attached to each of the data ports, and for ensuring that only

authorized clients gain access to the network. Private VLANs and port-based authentication

using IEEE 802.1X are commonly used for these purposes. In addition to these methods,

several other options of providing client security are supported by this switch. These include

limiting the number of users accessing a port. The addresses assigned to DHCP clients can

also be carefully controlled using static or dynamic bindings with DHCP Snooping and IP

Source Guard commands.

ARP Inspection can also be used to validate the MAC address bindings for ARP packets,

providing protection against ARP traffic with invalid MAC to IP address bindings, which forms
the basis for “man-in-the- middle” attacks.

Switch Security

Users Configuration

Use the User Configuration page to control management access to the switch based on

manually configured user names and passwords.

PATH

Configuration \ Security \ Switch \ Users

Figure 12: Configuring User Accounts

Содержание GEP-1070

Страница 1: ...1 GEP 1070 L2 Managed Gigabit PoE Switch 802 3at PoE 8 PoE Outputs 2 x SFP User Manual V1 0 Digital Data Communications Asia Co Ltd http www level1 com...

Страница 2: ...terms applicable to your products and replacement parts can be obtained from your local Sales and Service Office or authorized dealer Disclaimer Manufacturer does not warrant that the hardware will w...

Страница 3: ...This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation CE Warning This is a Class A device In...

Страница 4: ...Navigating the Web Browser Interface 22 Home Page 22 Configuration Options 22 Panel Display 23 Main Menu 23 4 CONFIGURING THE SWITCH 34 4 1 System 34 System Information Configuration 34 IP Configurat...

Страница 5: ...IPMC Configurations 138 IGMP Snooping 138 MLD Snooping 145 4 11 Link Layer Discovery Protocol LLDP 152 LLDP Configuration 152 LLDP MED Configuration 155 4 12 Power over Ethernet PoE 160 PoE Configurat...

Страница 6: ...QOS Control Lists 197 Configuring Storm Control 201 4 19 Configuring Port Mirroring 203 4 20 Configuring UPnP 204 4 21 sFlow Agent 206 5 MONITORING THE SWITCH 208 5 1 System 208 Displaying System Info...

Страница 7: ...R SFM Information 257 5 9 IPMC 259 IGMP SNOOPING 259 MLD SNOOPING 262 5 10 Link Layer Discovery Protocol LLDP 266 Displaying LLDP Neighbour 266 Displaying LLDP MED Neighbour 267 Displaying LLDP Neighb...

Страница 8: ...t 293 7 4 Configuration 295 Saving Configuration Settings 295 Upload Configuration Settings 295 SECTION III APPENDICES 297 A SOFTWARE SPECIFICATIONS 298 A 1 Software Features 298 A 2 Management Featur...

Страница 9: ...managed Gigabit PoE Switch and introduces some basic concepts about switching network management It also describes the basic settings required to access the management interfaces This section include...

Страница 10: ...r there are many options that you should configure to maximizes the switch performance for your particular network environment The Gigabit PoE switch is equipped with a power supply to operate under 1...

Страница 11: ...ast unknown unicast storms Address Table 8K MAC addresses in the forwarding table 1000 static MAC addresses 1K L2 IGMP multicast groups and 128 MVR groups IP Version 4 and 6 Supports IPv4 and IPv6 add...

Страница 12: ...er i e RADIUS or TACACS server Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Telnet equivalent connection SNMP Version 3 I...

Страница 13: ...PORT TRUNKING Ports can be combined into an aggregate connection Trunks can be manually set up or dynamically configured using Link Aggregation Control Protocol LACP IEEE 802 3 2005 The additional po...

Страница 14: ...ould fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology ch...

Страница 15: ...sing four priority queues with strict or Weighted Round Robin queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions...

Страница 16: ...AN Registration MVR which allows common multicast traffic such as television channels to be transmitted across a single network wide multicast VLAN shared by hosts residing in other standard or privat...

Страница 17: ...thentication 802 1X Port Authentication HTTPS SSH Port Security IP Filtering admin Disabled Disabled Disabled Enabled Enabled Disabled Disabled Web Management HTTP Server HTTP Port Number HTTP Secure...

Страница 18: ...ual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Switchport Mode Egress Mode 1 1 All Disabled Access Traffic Prioritization Ingress Port Priority Queue Mode Weighted Round Robin Ethe...

Страница 19: ...ent Disabled Snooping Disabled Proxy service Disabled Multicast Filtering IGMP Snooping MLD Snooping Multicast VLAN Registration Snooping Disabled Querier Disabled Disabled Disabled System Log console...

Страница 20: ...set the PC s IP address to 192 168 1 x where x is any number from 2 to 254 except 1 4 Open your web browser and enter the address http 192 168 1 1 If your PC is properly configured you will see the l...

Страница 21: ...long with a detailed description of how to configure each feature via a web browser This section includes these chapters 3 Using the Web Interface on page 22 4 Configuring the Switch on page 34 5 Moni...

Страница 22: ...ration parameters and statistics The default user name for the administrator is admin and for password Home Page When your web browser connects with the switch s web agent the home page is displayed a...

Страница 23: ...Files Settings Internet Explorer 7 x This option is available under Tools Internet Options General Browsing History Settings Temporary Internet Files Panel Display The web agent displays an image of t...

Страница 24: ...cy expires regardless queue length 43 Thermal Protection Configures temperature priority levels and assigns those priorities for port shut down if exceeded 45 Ports Configures port connection settings...

Страница 25: ...Limiters Configures rate limit policies 91 Access Control List Configures ACLs based on frame type destination MAC type VLAN ID VLAN priority tag and the action to take for matching packets 92 DHCP D...

Страница 26: ...instance 123 MSTI Priorities Configures the priority for the CIST and each MISTI 125 CIST Ports Configures interface settings for STA 126 MSTI Ports Configures interface settings for an MST instance...

Страница 27: ...ate and hourly period 159 Auto Checking To set the checking IP address and time intervals 160 MAC Table Configures address aging dynamic learning and static addresses 162 VLANs Virtual LANs 164 VLAN M...

Страница 28: ...e queue shaper rate and access to excess bandwidth and port shaper 183 Port Shaping Provides overview of QoS Egress Port Shapers including the rate for each queue and port also configures egress queue...

Страница 29: ...panel indicating active port connections 210 Traffic Overview Shows basic Ethernet port statistics 211 QoS Statistics Shows the number of packets entering and leaving the egress queues 212 QCL Status...

Страница 30: ...splays entries in the IP Source Guard table sorted first by port then VLAN ID MAC address and finally IP address 230 AAA Authentication Authorization and Accounting 231 RADIUS Overview Displays status...

Страница 31: ...IGMP groups 255 IPv4 SFM Information Displays IGMP Source Filtered Multicast Information including group filtering mode include or exclude source address and type allow or deny 256 MLD Snooping Multic...

Страница 32: ...ows the current port members for all VLANs configured by a selected software module 275 VLAN Port Shows the VLAN attributes of port members for all VLANs configured by a selected software module which...

Страница 33: ...33 Menu Description Page Save Saves configuration settings to a file on the management station 288 Upload Restores configuration settings from a file on the management station 289...

Страница 34: ...ng contact information system name location of the switch and time zone offset PATH Configuration System Information Figure 3 System Information Configuration PARAMETERS These parameters are displayed...

Страница 35: ...dynamically generated Setting an IPV4 Address Use the IP Configuration page to configure an IPv4 address for the switch The IP address for the switch is obtained via DHCP by default for VLAN 1 To man...

Страница 36: ...to which the management station is attached Valid IP addresses consist of four numbers 0 to 255 separated by periods Default 192 168 1 1 IP Mask This mask identifies the host address bits used for rou...

Страница 37: ...Configuration page to configure an IPv6 address for management access to the switch IPv6 includes two distinct address types link local unicast and global unicast A link local address makes the switc...

Страница 38: ...ss by entering the full address with the network prefix FE80 To connect to a larger network with multiple subnets you must configure a global unicast address There are several alternatives to configur...

Страница 39: ...y must be defined if the management station is located in a different IPv6 segment An IPv6 default gateway can only be successfully set when a network interface that directly connects to the gateway h...

Страница 40: ...ttempts an update from the next server in the sequence The polling interval is fixed at 15 minutes WEB INTERFACE To configure the NTP servers 1 Click Configuration System NTP 2 Enter the IP address of...

Страница 41: ...e parameters are displayed Server Mode Enables disables the logging of debug or error messages to the remote logging process Default Disabled Server Address Specifies the IPv4 address or alias of a re...

Страница 42: ...Intensity Use the LED Power Reduction Configuration page to reduces LED intensity during specified hours PATH Configuration Power Reduction LED Figure 8 Configuring LED Power Reduction COMMAND USAGE...

Страница 43: ...ll intensity for a specified period when a link change occurs Default 10 seconds On at errors LEDs set at full intensity when a link error occurs WEB INTERFACE To configure LED intensity 1 Click Confi...

Страница 44: ...savings the circuit is not started as soon as data is ready to be transmitted from a port but instead waits until 3000 bytes of data is queued at the port To avoid introducing a large delay when the q...

Страница 45: ...time has passed 4 Click Save 4 3 Thermal Protection Use the Thermal Protection Configuration page to set temperature priority levels and assign those priorities for port shut down if exceeded PATH Co...

Страница 46: ...shut down a port Range 0 3 WEB INTERFACE To configure the thermal protection 1 Click Configuration Thermal Protection 2 Select the circuits which will use EEE 3 Set the temperature threshold for each...

Страница 47: ...be negotiated between the link partners based on their advertised capabilities 1Gbps FDX Supports 1 Gbps full duplex operation 100Mbps FDX Supports 100 Mbps full duplex operation 100Mbps HDX Supports...

Страница 48: ...eding the maximum frame size are dropped Range 9600 1518 bytes Default 9600 bytes Excessive Collision Mode Sets the response to take when excessive transmit collisions are detected on a port Discard D...

Страница 49: ...hat only authorized clients gain access to the network Private VLANs and port based authentication using IEEE 802 1X are commonly used for these purposes In addition to these methods several other opt...

Страница 50: ...et to 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account PARAMETERS These parameters...

Страница 51: ...ege Levels page to set the privilege level required to read or configure specific software modules or system settings PATH Configuration Security Switch Privilege Levels Figure 13 Configuring Privileg...

Страница 52: ...modules or system settings Configuration Read only Configuration Execute Read write Status Statistics Read only and Status Statistics Read write e g clearing statistics The default settings provide f...

Страница 53: ...stem Plus TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server cont...

Страница 54: ...tion methods used for the authentication process must also be configured or negotiated between the authentication server and logon client This switch can pass authentication messages between the serve...

Страница 55: ...ement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH...

Страница 56: ...e switch supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions PARAMETERS These parameters are displayed Mode Allows you to e...

Страница 57: ...ient and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The...

Страница 58: ...Access Management Configuration Use the Access Management Configuration page to create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the...

Страница 59: ...d HTTP or over HTTPS which uses the Secure Socket Layer SSL protocol to provide an encrypted connection SNMP Filters IP addresses for access through SNMP TELNET SSH Filters IP addresses for access thr...

Страница 60: ...traffic passing through its ports A network management station can access this information using software such as HP OpenView Access to the onboard agent from clients using SNMP v1 and v2c is control...

Страница 61: ...r defined Provides user authentication via MD5 or SHA algorithms v3 Auth Priv user defined user defined user defined user defined Provides user authentication via MD5 or SHA algorithms and data privac...

Страница 62: ...racters ASCII characters 33 126 only Default private This parameter only applies to SNMPv1 and SNMPv2c SNMPv3 uses the User based Security Model USM for authentication and privacy This community strin...

Страница 63: ...down Issues a notification message whenever a port link is established or broken Default Enabled Trap Inform Mode Enables or disables sending notifications as inform messages Note that this option is...

Страница 64: ...iguring SNMPv3 Users on page 65 WEB INTERFACE To configure SNMP system and trap settings 1 Click Configuration Security Switch SNMP System 2 In the SNMP System Configuration table set the Mode to Enab...

Страница 65: ...low access to the SNMP agent Range 1 32 characters ASCII characters 33 126 only Default public private For SNMPv3 these strings are treated as a Security Name and are mapped as an SNMPv1 or SNMPv2 com...

Страница 66: ...H Configuration Security Switch SNMP Users Figure 21 SNMPv3 User Configuration PARAMETERS These parameters are displayed Engine ID The engine identifier for the SNMP agent on the remote device where t...

Страница 67: ...ers for MD5 8 40 characters for SHA Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Options None DES Default DES Privacy Password A string identif...

Страница 68: ...or SNMPv3 the switch displays the names configured with the local engine ID in the SNMPv3 Users Configuration menu To modify an entry for USM the current entry must first be deleted Group Name The na...

Страница 69: ...23 SNMPv3 View Configuration PARAMETERS These parameters are displayed View Name The name of the SNMP view Range 1 32 characters ASCII characters 33 126 only View Type Indicates if the object identif...

Страница 70: ...w name view type and OID subtree 4 Click Save Configuring SNMPV3 Group Access Rights Use the SNMPv3 Access Configuration page to assign portions of the MIB tree to which each SNMPv3 group is granted a...

Страница 71: ...t for SNMPv3 Auth NoPriv SNMP communications use authentication but the data is not encrypted Auth Priv SNMP communications use both authentication and encryption Read View Name The configured view fo...

Страница 72: ...xt save ID Indicates the index of the entry The range is from 1 to 65 535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for ex...

Страница 73: ...1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 se...

Страница 74: ...riables are InOctets The total number of octets received on the interface including framing characters InUcastPkts The number of uni cast packets delivered to a higher layer protocol InNUcastPkts The...

Страница 75: ...iod Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are RisingTrigger alarm when the first value is lar...

Страница 76: ...the notification of the event the possible types are none The total number of octets received on the interface including framing characters log The number of uni cast packets delivered to a higher la...

Страница 77: ...ty Limit Control Configuration page to limit the number of users accessing a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the maximum number of us...

Страница 78: ...Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port Limit The maximum number of MAC addresses that can...

Страница 79: ...utton causes the page to be refreshed so non committed changes will be lost WEB INTERFACE To configure port limit controls 1 Click Configuration Security Network Limit Control 2 Set the system configu...

Страница 80: ...80 authentication from any point within the network...

Страница 81: ...EEE 802 1X to pass authentication messages can be MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security However...

Страница 82: ...Vista Windows XP and in Windows 2000 with Service Pack 4 To support these encryption methods in Windows 95 and 98 you can use the AEGIS dot1x client or other comparable client software MAC based auth...

Страница 83: ...Sets the time the switch waits for a supplicant response during an authentication session before retransmitting a Request Identify EAPOL packet Range 1 255 seconds Default 30 seconds Aging Period The...

Страница 84: ...ch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid traffic received on...

Страница 85: ...gnores the map ip dscp profile When authentication is successful the dynamic QoS information may not be passed from the RADIUS server due to one of the following conditions authentication result remai...

Страница 86: ...e classified and switched on the RADIUS assigned VLAN ID If re authentication fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it s invalid or the supplicant is otherwise no lon...

Страница 87: ...uration Guest VLAN Operation When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reaut...

Страница 88: ...POL Success frame when the port link comes up This forces the port to grant access to all clients either dot1x aware or otherwise This is the default setting Force Unauthorized The switch will send on...

Страница 89: ...cimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or f...

Страница 90: ...ere is no link on the port Authorized The port is in Force Authorized mode or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized mode or a single...

Страница 91: ...ed as soon as it matches a deny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to anoth...

Страница 92: ...t Disabled To use this function Action must be set to Deny for the local port Mirror Mirrors matching frames from this port Default Disabled To use this function the destination port to which traffic...

Страница 93: ...cy configured on the ACE Configuration page specify the responses to invoke when a matching frame is seen including the filter mode copying matching frames to another port logging matching frames or s...

Страница 94: ...lt pps WEB INTERFACE To configure rate limits which can be applied to a port 1 Click Configuration Security Network ACL Rate Limiters 2 For any of the rate limiters select the maximum ingress rate tha...

Страница 95: ...VLAN priority Ethernet type based on Ethernet type value MAC address VLAN ID VLAN priority ARP based on ARP RARP type request reply sender target IP hardware address matches ARP RARP MAC address ARP...

Страница 96: ...he rules defined for this ACL The following buttons are used to edit or move the ACL entry ACE Table 9 QCE Modification Buttons Button Description Inserts a new ACE before the current row Edits the AC...

Страница 97: ...ress Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Network specifies the sender IP address and sender IP mask in the SIP Address and SIP Ma...

Страница 98: ...ecifies the IP protocol to filter for this rule Options Any ICMP UDP TCP Other Default Any The following additional fields are displayed when these protocol filters are selected ICMP Parameters ICMP T...

Страница 99: ...ule Options Any any value is allowed Non zero IPv4 frames with a TTL field greater than zero must match this entry Zero IPv4 frames with a TTL field greater than zero must not match this entry Default...

Страница 100: ...Shutdown Shuts down a port when a macthing frame is seen Default Disabled Counter Shows he number of frames which have matched any of the rules defined for this ACL VLAN Parameters 802 1Q Tagged Spec...

Страница 101: ...ration Security Network DHCP Snooping Figure 35 DHCP Snooping Configuration COMMAND USAGE DHCP Snooping Process Network traffic may be disrupted when malicious DHCP messages are received from an outsi...

Страница 102: ...client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both truste...

Страница 103: ...and sends a DHCP response back to the switch The switch then broadcasts the DHCP response to the client DHCP also provides a mechanism for sending information about the switch and its DHCP clients to...

Страница 104: ...ackets that include Option 82 information Replace Overwrites the DHCP client packet information with the switch s relay information This is the default Keep Retains the client s DHCP information Drop...

Страница 105: ...e source IP address and MAC address pairs found in the DHCP Snooping table or based upon static entries configured in the IP Source Guard Table PATH Configuration Security Network IP Source Guard Conf...

Страница 106: ...or DHCP packets PARAMETERS These parameters are displayed Global Mode Enables or disables IP Source Guard globally on the switch All configured ACEs will be lost when enabled Default Disabled Note DHC...

Страница 107: ...onfigured by the DHCP server itself Static bindings are processed as follows If there is no entry with the same VLAN ID and MAC address a new entry is added to the static IP source guard binding table...

Страница 108: ...otocol packets It provides protection against ARP traffic with invalid MAC to IP address bindings which forms the basis for certain man in the middle attacks This is accomplished by intercepting all A...

Страница 109: ...global ARP Inspection will not affect the ARP Inspection configuration of any ports When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual ports Thes...

Страница 110: ...Only when both Global Mode and Port Mode on a given port are enabled will ARP Inspection be enabled on a given port Default Disabled WEB INTERFACE To configure global and port settings for ARP Inspec...

Страница 111: ...packets then the DHCP snooping bindings database determines their validity PATH Configuration Security Network ARP Inspection Static Table Figure 40 Configuring Static Bindings for ARP Inspection PARA...

Страница 112: ...authentication server and to authenticate client access for IEEE 802 1X port authentication Note This guide assumes that RADIUS and TACACS servers have already been configured to support AAA The conf...

Страница 113: ...ro will cause the authentication server to be ignored until the Dead Time has expired However if only one server is enabled it will never be considered dead RADIUS TACACS Server Configuration Enabled...

Страница 114: ...nel standard On the other hand LACP configured ports can automatically negotiate a trunked link with LACP configured ports on another device You can configure any number of ports on the switch to use...

Страница 115: ...le when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk Static Trunks Configuration Use the Aggregation Mode Configuration page to configure...

Страница 116: ...method to apply to all trunks on the switch If more than one option is selected each factor is used in the hash algorithm to determine the port member within the trunk to which a frame will be assign...

Страница 117: ...re load balancing methods to apply to the configured trunks 3 Assign port members to each trunk that will be used 4 Click Save LACP Configuration Use the LACP Port Configuration page to enable LACP on...

Страница 118: ...tiation mode Aggregation Mode Configuration located under the Static Aggregation menu see Configuring Static Trunks on page 112 also applies to LACP PARAMETERS These parameters are displayed Port Port...

Страница 119: ...tion Figure 44 Global Configuration for Loop Protection PARAMETERS These parameters are displayed General Settings Enable Loop Protection Controls whether loop protections is enabled as a whole Transm...

Страница 120: ...pliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link g...

Страница 121: ...by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports in...

Страница 122: ...communications with STP or RSTP nodes in the global network Figure 47 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a singl...

Страница 123: ...nce for the entire network If multiple VLANs are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members Whe...

Страница 124: ...ning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the new mode temporarily disrupting user traffic PARAMETERS These parameters are displ...

Страница 125: ...Transmit Hold Count The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Range 1 10 Default 6 Max Hop Count The maximum number of hops all...

Страница 126: ...ion is also cleared by a system reboot Port Error Recovery Timeout The time that has to pass before a port in the error disabled state can be enabled Range 30 86400 seconds or 24 hours WEB INTERFACE T...

Страница 127: ...eral area of your network However remember that you must configure all bridges that exist within the same MSTI Region with the same set of instances and the same instance on each bridge with the same...

Страница 128: ...s to assign to this MST instance The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI Range 1 4094 WEB INTERFACE To add VLAN groups to an MSTP instance 1 Click Con...

Страница 129: ...the 6 byte MAC address of the switch forms a Bridge Identifier WEB INTERFACE To add VLAN groups to an MSTP instance 1 Click Configuration Spanning Tree MSTI Priorities 2 Set the bridge priority for t...

Страница 130: ...U tunneling passing BPDUs across a service provider s network without any changes thereby combining remote network segments into a single spanning tree As implemented on this switch BPDU ransparency a...

Страница 131: ...001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10...

Страница 132: ...spanning tree priority Such a port will be selected as an Alternate Port after the Root Port has been selected If set this can cause a lack of spanning tree connectivity It can be set by a network ad...

Страница 133: ...link while a half duplex interface is assumed to be on a shared link Forced True A point to point connection to exactly one other bridge Forced False A shared connection to two or more bridges WEB IN...

Страница 134: ...12 Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be...

Страница 135: ...antly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN This makes it possible to support common multicast services over a w...

Страница 136: ...136 Figure 53 MVR Concept PATH Configuration MVR Figure 54 MVR Configuration COMMAND USAGE General Configuration Guidelines for MVR 1 Enable MVR globally on the switch and select the MVR VLAN...

Страница 137: ...he channel for streaming multicast services using MVR MVR source ports should be configured as members of the MVR VLAN but MVR receiver ports should not be manually configured as members of this VLAN...

Страница 138: ...educes the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed on to...

Страница 139: ...ng the traffic to all ports and possibly disrupting network performance If multicast routing is not supported on other switches in your network you can use IGMP Snooping and IGMP Query to monitor IGMP...

Страница 140: ...the querier When the switch is a non querier the receiving port is not the last dynamic member port in the group the receiving port is not a router port and no IGMPv1 member port exists in the group...

Страница 141: ...pecific GS query to that interface If Fast Leave is not used a multicast router or querier will send a GS query message when an IGMPv2 v3 group leave message is received The router querier stops forwa...

Страница 142: ...d When enabled the switch will monitor network traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic Default Enabled When IGMP snooping is enabled globally...

Страница 143: ...vers build an MLD report for the multicast groups they have joined QRI The Query Response Interval is the Max Response Time advertised in periodic General Queries The QRI applies when the switch is se...

Страница 144: ...to end users for example an IP TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement by denying access to specified multicast services on a switch port...

Страница 145: ...ort and leave messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same time Basic Configuration for MLD Snooping Use the MLD Snooping...

Страница 146: ...he table used to store multicast entries for MLD snooping is filled no new entries are learned If no router port is configured in the attached VLAN and Unregistered IPMCv6 Flooding is disabled any sub...

Страница 147: ...ier you can manually designate a port which is connected to a known MLD querier i e a multicast router switch This interface will then join all the current multicast groups supported by the attached r...

Страница 148: ...reached on a port any new MLD listener reports will be dropped WEB INTERFACE To configure global and port related settings for MLD Snooping 1 Click Configuration IPMC MLD Snooping Basic Configuration...

Страница 149: ...ing started if it detects an IPv6 multicast router on the network RV The Robustness Variable allows tuning for the expected packet loss on a network A port will be removed from receiving a multicast s...

Страница 150: ...e but may generate more burst traffic This attribute will take effect only if MLD snooping proxy reporting is enabled see page 141 URI The Unsolicited Report Interval specifies how often the upstream...

Страница 151: ...eived on a port are checked against the these groups If a requested multicast group is denied the MLD report is dropped WEB INTERFACE To configure MLD Snooping Port Group Filtering 1 Click Configurati...

Страница 152: ...d and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it...

Страница 153: ...orted in each transmission This attribute must comply with the rule 4 Transmission Delay Transmission Interval Tx Reinit Configures the delay before attempting to re initialize after LLDP ports are di...

Страница 154: ...re type software operating system and networking software Sys Capa The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The in...

Страница 155: ...managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details Both LLDP and LL...

Страница 156: ...is possible to specify the number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP f...

Страница 157: ...le Copenhagen City District City division borough city district ward chou Japan Block Neighborhood Neighborhood block Street Street Example Poppelvej Leading street direction Leading street direction...

Страница 158: ...th multiple sets of application types supported on a given port The application types specifically addressed are Voice Guest Voice Softphone Voice Video Conferencing Streaming Video Control Signaling...

Страница 159: ...y broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying o...

Страница 160: ...PoE power provided to a port the maximum power budget for the switch power available to all RJ 45 ports the port PoE operating mode power allocation priority and the maximum power allocated to each po...

Страница 161: ...If the power required by a device exceeds the power budget of the port or the whole switch power is not supplied Ports can be set to one of four power priority levels critical high medium or low To c...

Страница 162: ...wn the ports Actual Consumption Ports are shut down when actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a g...

Страница 163: ...which port power is shut down and the switch s overall power budget 3 Specify the port PoE operating mode port power allocation priority and the port power budget 4 Click Save PoE Scheduling This pag...

Страница 164: ...WEB INTERFACE To configure global and port specific PoE scheduling 1 Click Configuration PoE Scheduling 2 Select the port for PoE scheduling and click GET 3 Enable Disable the PoE scheduling mode and...

Страница 165: ...g It takes about 1 second to check each port and about 9 seconds for one cycle interval Interval Number 1 9sec 2 18sec 3 27sec 4 36sec 6 54sec 8 72sec 12 108sec 16 144sec Failure Action The Failure Ac...

Страница 166: ...figuration page to configure dynamic address learning or to assign static addresses to specific ports Switches store the addresses for all known devices This information is used to pass traffic direct...

Страница 167: ...ning mode for a given port in the MAC Learning Table is grayed out another software module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Bas...

Страница 168: ...168...

Страница 169: ...tly provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 256 VLANs based...

Страница 170: ...be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to commu...

Страница 171: ...le independent customers over the same medium using double tagged frames When Port Type is set to S port or S custom port the port will change the EtherType of all frames received to indicate that dou...

Страница 172: ...pes any received frames that are untagged are assigned to the default VLAN When set to receive only tagged frames all untagged frames received on the interface are discarded Option All Tagged Untagged...

Страница 173: ...switch except for the uplink ports Ports assigned to both a private VLAN and an 802 1Q VLAN are designated as uplink ports and can communicate with any downlink ports within the same private VLAN to w...

Страница 174: ...TERFACE To configure VLAN port members for private VLANs 1 Click Configuration Private VLANs PVLAN Membership 2 Add or delete members of any existing PVLAN or click Add New Private VLAN and mark the p...

Страница 175: ...based VLAN Membership Configuration page to configure VLAN based on MAC addresses The MAC based VLAN feature assigns VLAN IDs to ingress untagged frames according to the source MAC addresses When MAC...

Страница 176: ...ress must be specified in the format xx xxxx xx xx xx VLAN ID VLAN to which ingress traffic matching the specified source MAC address is forwarded Range 1 4093 Port Members The ports assigned to this...

Страница 177: ...gure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use Although not mandatory we suggest configuring a separate VLAN for each major protocol runni...

Страница 178: ...alue assigned by that organization to the protocol running on top of SNAP In other words if value of the OUI field is 00 00 00 then value of the PID will be etherType 0x0600 0xffff and if value of the...

Страница 179: ...y protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed accord...

Страница 180: ...isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth it needs VLAN isolation...

Страница 181: ...ee Setting an IP Address on page 42 the MVR VLAN or the native VLAN assigned to any port see Configuring VLAN Attributes for Port Members on page 166 Aging Time The time after which a port is removed...

Страница 182: ...MAC addresses configured in the Telephony OUI list or through LLDP which is used to discover VoIP devices attached to the switch Packets received from non VoIP sources are dropped Default Disabled Di...

Страница 183: ...he first three octets of device MAC addresses The MAC OUI numbers for VoIP equipment can be configured on the switch so that traffic from these devices is recognized as VoIP Note Making any changes to...

Страница 184: ...o end Quality of Service QoS solution This section describes how to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch provides fou...

Страница 185: ...frames Range 0 7 Default 0 DEI Controls the default Drop Eligible Indicator for untagged frames Range 0 1 Default 0 Tag Class Shows classification mode for tagged frames on this port Disabled Uses th...

Страница 186: ...1 Click Configuration QoS Port Classification 2 Set any of the ingress port QoS classification parameters 3 Click Save To configure tag classification for tagged frames 1 Click Configuration QoS Port...

Страница 187: ...1 3300 when the Unit is Mbps or kfps Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow control is enabled and the port is i...

Страница 188: ...e Port field to configure egress queue mode queue shaper rate and access to excess bandwidth and port shaper PATH Configuration QoS Port Scheduler Figure 78 Displaying Egress Port Schedulers Figure 79...

Страница 189: ...ueue shaper The default value is 500 This value is restricted to 100 1000000 kbps or 1 3300 Mbps Unit Unit of measure for the queue shaper rate as kbps or Mbps Default kbps Excess Controls whether the...

Страница 190: ...2 Click on any of the entries in the Port field 3 Set the scheduler mode the queue shaper queue scheduler when the scheduler mode is set to Weighted and the port shaper 4 Click Save Configuring Egres...

Страница 191: ...WEB INTERFACE To show an overview of the rate for each queue and port 1 Click Configuration QoS Port Shaper 2 Click on any enter under the Port field to configure the Port Scheduler and Shaper Configu...

Страница 192: ...the classified QoS class values and DP levels drop precedence to PCP DEI values QoS class DP level Shows the mapping options for QoS class values and DP levels drop precedence PCP Remarks matching egr...

Страница 193: ...ess Classify Specifies the classification method Disable No Ingress DSCP Classification is performed DSCP 0 Classify if incoming DSCP is 0 Selected Classify only selected DSCP for which classification...

Страница 194: ...translation and classification settings and egress re writing of DSCP values 1 Click Configuration QoS Port DSCP 2 Set the required ingress translation and egress re writing parameters 3 Click Save C...

Страница 195: ...ence Level to which the corresponding DSCP value is classified for ingress processing Range 0 1 where 1 is the higher drop priority Default 0 WEB INTERFACE To configure DSCP based QoS ingress classifi...

Страница 196: ...n the QoS Port DSCP Configuration table Egress Remap DP0 Re maps DP0 field to selected DSCP value DP0 indicates a drop precedence with a low priority Egress Remap DP1 Re maps DP1 field to selected DSC...

Страница 197: ...yed QoS class DPL Shows the mapping options for QoS class values and DP drop precedence levels DSCP DSCP value Range 0 63 WEB INTERFACE To map DSCP values to a QoS class and drop precedence level 1 Cl...

Страница 198: ...displayed QoS Control List QCE Quality Control Entry index Port Port identifier Frame Type Indicates the type of frame to look for in incoming SMAC The OUI field of the source MAC address i e the firs...

Страница 199: ...Priority Code Point User Priority Options a specific value of 0 1 2 3 4 5 6 7 a range of 0 1 2 3 4 5 6 7 0 3 4 7 or Any Default 0 DEI Drop Eligible Indicator Options 0 1 or Any SMAC The OUI field of t...

Страница 200: ...settings Protocol IP protocol number Options Any UDP TCP or Other 0 255 Source IP Source IP address Options Any Specific To configure a specific source IP address enter both the address and mask form...

Страница 201: ...buttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 When editing an entry on the QCE Configuration page specify the relevant criteria to be ma...

Страница 202: ...1 2 4 8 16 32 64 128 256 512 or 1 2 4 8 16 32 64 128 256 512 1024 Kpps Default 2 pps Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps tr...

Страница 203: ...abled on the Mirror Configuration page by setting the destination port in the Port to mirror on field and enabling the Mode for any port mirroring will occur regardless of any configuration settings m...

Страница 204: ...device s description from the URL provided by the device in the discovery message After a control point has retrieved a description of the device it can send actions to the device s service To do thi...

Страница 205: ...Discover Protocol SSDP packets which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch Due to the unreliable nature of UDP th...

Страница 206: ...Web or CLI interface or through SNMP This read only field shows the owner of the current sFlow configuration and assumes values as follows If sFlow is currently unconfigured unclaimed Owner contains n...

Страница 207: ...numbers for which the Flow configuration below applied Flow Sampler Enabler Enables disables flow sampling on this port Flow Sampler Sampling Rate The statistical sampling rate for packet sampling Se...

Страница 208: ...s table 5 1 System You can use the System menu to display a basic description of the switch log messages or statistics on traffic used in managing the switch Displaying System Information Use the Syst...

Страница 209: ...34 Hardware MAC Address The physical layer address for this switch Time System Date The current system time and date The time is obtained through an SNTP Server if configured see Setting an IP Addres...

Страница 210: ...lable Vector Graphics format Consult SVG Wiki for more information on browser support Depending on your browser version Microsoft Internet Explorer will need to have a plugin installed to support SVG...

Страница 211: ...Warning Warning conditions Error Error conditions All All levels Start from ID The error ID from which to start the display with entries per page The number of entries to display per page Table Headin...

Страница 212: ...essages updates the system log entries starting from the first available entry ID updates the system log entries ending at the last entry currently displayed updates the system log entries starting fr...

Страница 213: ...al Protection Figure 95 Thermal Protection Status PARAMETERS These parameters are displayed Local Port Port identifier Temperature The temperature of the switch ASIC Shows if a port link is operating...

Страница 214: ...ts processed by each service queue or detailed statistics on port traffic Displaying Port Status Use the Port State Overview page to display port status at the front panel of the switch Clicking on th...

Страница 215: ...mber of packets received and transmitted Bytes Received Transmitted The number of bytes received and transmitted Errors Received Transmitted The number of frames received with errors and the number of...

Страница 216: ...s are displayed Port Port identifier Q Receive Transmit The number of packets received and transmitted through the indicated queue WEB INTERFACE To display the queue counters click Monitor Ports QoS S...

Страница 217: ...taken Class Classified QoS Class If a frame matches the QCE it will be put in the queue corresponding to the specified QoS class DP The drop precedence level will be set to the specified value DSCP Th...

Страница 218: ...er second Statistics are refreshed every 60 seconds by default PATH Monitor Ports Detailed Statistics Figure 100 Detailed Port Statistics PARAMETERS These parameters are displayed Receive Transmit Tot...

Страница 219: ...otherwise well formed Rx Oversize The total number of frames received that were longer than the configured maximum frame length for this port excluding framing bits but including FCS octets and were o...

Страница 220: ...enabled on the Access Management Configuration menu and traffic matching one of the entries is detected PARAMETERS These parameters are displayed Interface Network protocols used to manage the switch...

Страница 221: ...curity on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to...

Страница 222: ...user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that...

Страница 223: ...rding In the blocked state it will not be allowed to transmit or receive traffic Time Added Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user modul...

Страница 224: ...port number Click to navigate to detailed NAS statistics for this port Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values see page 78 Po...

Страница 225: ...st is appended to the VLAN ID Refer to Guest VLAN Enabled for a description of this attribute see page 78 WEB INTERFACE To display port status for authentication services click Monitor Security Networ...

Страница 226: ...to the VLAN ID Refer to Guest VLAN Enabled for a description of this attribute see page 78 Port Counters Receive EAPOL Counters Total The number of valid EAPOL frames of any type that have been recei...

Страница 227: ...has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Other Requests 802 1X based Counts th...

Страница 228: ...ical to and is placed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table Attached M...

Страница 229: ...d Time seconds Last Authentication Shows the date and time of the last authentication of the client successful as well as unsuccessful WEB INTERFACE To display port Statistics for 802 1X or Remote Aut...

Страница 230: ...Pv4 frames with UDP protocol IPv4 TCP ACE will match IPv4 frames with TCP protocol IPv4 Other ACE will match IPv4 frames which are not ICMP UDP or TCP Action Indicates the forwarding action of the ACE...

Страница 231: ...Statistics Figure 107 DHCP Snooping Statistics PARAMETERS These parameters are displayed Rx Tx Discover The number of discover option 53 with value 1 packets received and transmitted Rx Tx Offer The n...

Страница 232: ...1 packets received and transmitted Rx Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx Tx Lease Active The number of lease active option 53 with...

Страница 233: ...th the Circuit ID option missing Receive Missing Remote ID The number of packets that were received with the Remote ID option missing Receive Bad Circuit ID The number of packets with a Circuit ID opt...

Страница 234: ...Relay Statistics Displaying ARP Inspection Open the Dynamic ARP Inspection Table to display address entries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 9...

Страница 235: ...ning of the Dynamic IP Source Guard Table PATH Monitor Security Network IP Source Guard Figure 110 Dynamic IP Source Guard Table WEB INTERFACE To display the Dynamic IP Source Guard Table click Monito...

Страница 236: ...ess attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the de...

Страница 237: ...ed from this server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Bad...

Страница 238: ...made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the dead time expires The number of seconds left before thi...

Страница 239: ...es Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module i...

Страница 240: ...nt in the Statistics table button will update the table starting from the next closest Statistics table match will use the last entry of the currently displayed entry as a basis for the next lookup Wh...

Страница 241: ...that were less than 64 octets Over size The total number of packets received that were longer than 1518 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jab...

Страница 242: ...History table button will update the table starting from the next closest Statistics table match will use the last entry of the currently displayed entry as a basis for the next lookup When the end i...

Страница 243: ...ess than 64 octets Oversize The total number of packets received that were longer than 1518 octets Frag The number of frames which size is less than 64 octets received with invalid CRC Jabb The number...

Страница 244: ...rently displayed PATH Monitor Security Switch RMON Alarm Figure 115 RMON Alarm Overview PARAMETERS These parameters are displayed ID Indicates the index of Alarm control entry Interval Indicates the i...

Страница 245: ...e The Start from Event Index and Log Index allows the user to select the starting point in the Event table button will update the table starting from the next closest Statistics table match will use t...

Страница 246: ...tes the Event description 5 5 Link Aggregation Control Protocol LACP Use the monitor pages for LACP to display information on LACP configuration settings the functional status of participating ports a...

Страница 247: ...s assigned to this LAG Last Changed The time since this LAG changed Local Ports Shows the local ports that are a part of this LAG WEB INTERFACE To display an overview of LACP groups active on this swi...

Страница 248: ...ion port Note that only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this LAG Partner System ID LAG partner s system ID assigned by the LACP protocol i e its M...

Страница 249: ...of LACP frames sent from each port LACP Received The number of LACP frames received at each port Discarded The number of unknown or illegal LACP frames that have been discarded at each port WEB INTER...

Страница 250: ...h port number Action The current action of the currently configured port Transmit Transmit mode of the currently configured port Loops The number of loops detected on this port Status The current loop...

Страница 251: ...and statistics on spanning tree protocol packets Displaying STP Bridge Status Use the Bridge Status page to display STA information on the global bridge i e this switch and individual ports PATH Moni...

Страница 252: ...ailed information on the selected entry The following additional information is displayed Bridge Instance The Bridge instance CIST MST1 Regional Root The Bridge ID of the currently elected regional ro...

Страница 253: ...tomatically computed or explicitly configured Each Edge Port transitions directly to the Forwarding Port State since there is no possibility of it participating in a loop Point2Point Indicates a conne...

Страница 254: ...rt within the Spanning Tree Blocking Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay...

Страница 255: ...mitted on a port STP The number of legacy STP Configuration BPDU s received transmitted on a port TCN The number of legacy Topology Change Notification BPDU s received transmitted on a port Discarded...

Страница 256: ...or streaming services MVR IGMP MLD Queries Received The number of received queries for IGMP and MLD IGMP MLD Queries Transmitted The number of transmitted queries for IGMP and MLD IGMPv1 Joins Receive...

Страница 257: ...annels Groups Information Table PATH Monitor MVR MVR Channel Groups Figure 126 MVR Channels Group Information PARAMETERS The Start from VLAN and Group Address input fields allow the user to select the...

Страница 258: ...allow the user to select the starting point in the MVR SFM Information Table VLAN ID The VLAN ID of the group Groups The groups ID of the group displayed Port The switch port number Mode Indicate the...

Страница 259: ...n upstream multicast router switch PATH Monitor IPMC IGMP Snooping Status Figure 128 IGMP Snooping Status PARAMETERS These parameters are displayed Statistics VLAN ID VLAN Identifier Querier Version I...

Страница 260: ...of received IGMP Version 2 leave reports Router Port Port Port Identifier Status Ports connected to multicast routers may be dynamically discovered by this switch or statically assigned to an interfac...

Страница 261: ...e also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as si...

Страница 262: ...e addresses belong to the same group are treated as single entry Type Indicates the Type It can be either Allow or Deny WEB INTERFACE To display IGMP SFM Information click Monitor IPMC IGMP Snooping I...

Страница 263: ...ible for asking hosts if they want to receive multicast traffic Queries Transmitted The number of transmitted Querier messages Queries Received The number of received Querier messages V1 Reports Recei...

Страница 264: ...IP address for a specific multicast service Port Members The ports assigned to the listed VLAN which propagate a specific multicast service WEB INTERFACE To display the port members of each service g...

Страница 265: ...number and Group Address It can be either Include or Exclude Source Address IP Address of the source Currently the system limits the total number of IP source addresses for filtering to be 128 Differe...

Страница 266: ...parameters are displayed Local Port The local port to which a remote LLDP capable device is attached Chassis ID An octet string indicating the specific identifier for the particular chassis in this sy...

Страница 267: ...ould be the MAC address for the CPU or for the port sending this advertisement If the neighbor device allows management access clicking on an entry in this field will re direct the web browser to the...

Страница 268: ...following Each LLDP MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class For example will any LLDP MED Endpoint Device claiming compliance...

Страница 269: ...end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision...

Страница 270: ...ying LLDP Neighbour PoE Information Use the LLDP Neighbour Power Over Ethernet Information page to display the status of all LLDP PoE neighbours including power device type PSE or PD source of power p...

Страница 271: ...ee levels of power priority The three levels Critical High and Low If the power priority is unknown this is indicated as Unknown Maximum Power The maximum power in watts required by a PD device from a...

Страница 272: ...ho Tx Tw value The respective echo values shall be defined as the local link partner s reflection echo of the remote link partner s respective values When a local link partner receives its echoed valu...

Страница 273: ...s the number of new entries added since the switch was rebooted and for which the remote TTL has not yet expired Total Neighbors Entries Deleted The number of LLDP neighbors which have been removed fr...

Страница 274: ...s of information known as TLVs If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizatio...

Страница 275: ...eceived the LLDP frame PD class Each PD is classified according to the maximum power it will use The PD classes include Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3...

Страница 276: ...nfiguration PoE Scheduling Status Use the Scheduling Status to display the status for all PoE ports PATH Monitor PoE Scheduling Figure 140 PoE Scheduling Status PARAMETERS These parameters are display...

Страница 277: ...number of interval for IP checking It takes about 1 second to check each port and about 9 seconds for one cycle interval Interval Number 1 9sec 2 18sec 3 27sec 4 36sec 6 54sec 8 72sec 12 108sec 16 14...

Страница 278: ...tal Log Total Log indicates the total number of ping checking for each port Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for all port...

Страница 279: ...nput fields allow you to select the starting point in the table Type Indicates whether the entry is static or dynamic Dynamic MAC addresses are learned by monitoring the source address for traffic ent...

Страница 280: ...ing VLAN user modules Static Ports statically assigned to a VLAN through the CLI Web or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenticator and...

Страница 281: ...preceding section for a description of the software modules that use VLAN management services PATH Monitor VLANs VLAN Port Figure 144 Displayinging VLAN Port Status PARAMETERS These parameters are di...

Страница 282: ...e discarded Tx Tag Shows egress filtering fame status indicating whether frames are transmitted as tagged or untagged UVID Shows the untagged VLAN ID A port s UVID determines the packet s behavior at...

Страница 283: ...odules Static MAC addresses statically assigned to a VLAN and member port through the CLI Web or SNMP NAS Provides port based authentication which involves communications between a Supplicant Authenti...

Страница 284: ...SNMP Owner contains a string identifying the sFlow receiver IP Address Hostname The IP address or hostname of the sFlow receiver Time Out The number of seconds remaining before sampling stops and the...

Страница 285: ...amples here are divided into Rx and Tx flow samples where Rx flow samples contains the number of packets that were sampled upon reception ingress on the port and Tx flow samples contains the number of...

Страница 286: ...P packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space the ICMP header The page refreshes automatically until responses to all packets are received or until a timeo...

Страница 287: ...ception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING server 10 10 132 20 56 bytes of data 64 bytes from 10 10 132 20 icmp_seq...

Страница 288: ...reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PATH Diagnostics Ping6 Figure 148 ICMPv6 Ping PARAMETERS These parameters ar...

Страница 289: ...from 0 second to 30 seconds WEB INTERFACE To ping another device on the network 1 Click Diagnostics Ping6 2 Enter the IPv6 address of the target device 3 Specify the packet size 4 Click Start After yo...

Страница 290: ...cables 7 140 meters long Ports will be linked down while running VeriPHY Therefore running VeriPHY on a management port will cause the switch to stop responding until testing is completed PATH Diagno...

Страница 291: ...guration settings and resetting the switch 7 1 Restarting the Switch Use the Restart Device page to restart the switch PATH Maintenance Restart Device Figure 150 Restart Device WEB INTERFACE To restar...

Страница 292: ...P Address will be reset to their factory defaults PATH Maintenance Factory Defaults Figure 151 Factory Defaults REFERENCES Please refer Appendix B 3 Factory Default Reset on page 299 WEB INTERFACE To...

Страница 293: ...hile the firmware is being updated Web access appears to be defunct The front LED flashes Green Off at a frequency of 10 Hz while the firmware update is in progress Do not reset or power off the devic...

Страница 294: ...named image bk Version The version of the firmware image Date The date where the firmware was produced WEB INTERFACE To upgrade firmware 1 Click Maintenance Software Upload 2 Click the Browse button a...

Страница 295: ...intenance Configuration Save 2 Click the Save configuration button 3 Specify the directory and name of the file under which to save the current configuration settings The configuration file is in XML...

Страница 296: ...n Upload WEB INTERFACE To restore your current configuration settings 1 Click Maintenance Configuration Upload 2 Click the Browse button and select the configuration file 3 Click the Upload button to...

Страница 297: ...N III APPENDICES This section provides additional appendices and includes these items A Software Specifications on page 298 B Troubleshooting on page 302 C License Information on page 307 D Glossary o...

Страница 298: ...LIMITS Input limits per port manual setting or ACL PORT TRUNKING Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol SPANNING TREE ALGORITHM Spanning Tree Prot...

Страница 299: ...ent to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event A 3 Standards ANSI TIA 1057 LLDP for Media Endpoint Discovery LLDP MED IEEE 802 1AB Link Layer Discovery Protocol IEEE 802 1ad...

Страница 300: ...SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 A 4 Management Information Bases MIB Bridge MIB RFC 4188 DHCP Option for Civic Addresses Configuration Information RFC 4776 Differentiated Services MIB RFC...

Страница 301: ...ridge MIB RFC 2674Q Quality of Service MIB RADIUS Accounting Server MIB RFC 4670 RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implemen...

Страница 302: ...t resumes normally Table 15 Troubleshooting Chart Symptom Action Cannot connect using a web browser or SNMP software Be sure the switch is powered up Check network cabling between the management stati...

Страница 303: ...configure the switch through PC web browser To find out the IP address information for your computer please run Command Line window in WinNT 2000 XP and enter ipconfig or enter winipcfg in Win9x For e...

Страница 304: ...ow showing the status of the current network connection If there is no network status icon on the task bar please go to the Start Settings Network Local Area Connection of the Window task bar s Start...

Страница 305: ...enter the following for computer s IP IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Gateway 192 168 1 1 Click Ok after finish entering the IP Now you will be able to access the switch by entering...

Страница 306: ...Step 3 Turn On the PoE Switch Step 4 The LED indicators of Port 1 2 will be ON first and then OFF in 2 3 seconds Step 5 The LED indicators of Port 1 2 will be ON again in 2 3 seconds This indicates th...

Страница 307: ...arantee your freedom to share and change free software to make sure the software is free for all its users This General Public License applies to most of the Free Software Foundation s software and to...

Страница 308: ...ch program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim o...

Страница 309: ...am the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus i...

Страница 310: ...r rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 6 You are not required to accept this License since you have not signed i...

Страница 311: ...eographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if...

Страница 312: ...REPAIR OR CORRECTION 2 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED AB...

Страница 313: ...CP is based on the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options DHCP OPTION 82 A relay option for sending i...

Страница 314: ...s long and may be constructed in the EUI 64 format The modified EUI 64 format interface ID is derived from a 48 bit link layer address by inserting the hexadecimal number FFFE between the upper three...

Страница 315: ...links Now incorporated in IEEE 802 3 2002 IGMP Internet Group Management Protocol A protocol through which hosts can register with their local router for multicast services If there is more than one...

Страница 316: ...capabilities and configuration settings MD5 MD5 Message Digest is an algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm...

Страница 317: ...and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links PRIVATE VLANS Private VLANs provide port based security and isolatio...

Страница 318: ...ch STA Spanning Tree Algorithm is a technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data alon...

Страница 319: ...y accurate atomic time The UTC does not have daylight saving time VLAN Virtual LAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical loca...

Результаты поиска

Содержание GEP-1070

Отзывы:

LevelOne GEP-1070, Руководство пользователя, Страница: 49 / 319

Результаты поиска

Содержание GEP-1070

Отзывы: