LevelOne GEP-5070 Скачать руководство пользователя страница 89

Страница: 89 / 318

HAPTER

| Configuring the Switch

Configuring Security

– 89 –

whether RADIUS-assigned QoS Class is enabled for that port. When

unchecked, RADIUS-server assigned QoS Class is disabled for all ports.
When RADIUS-Assigned QoS is both globally enabled and enabled for a

given port, the switch reacts to QoS Class information carried in the

RADIUS Access-Accept packet transmitted by the RADIUS server when

a supplicant is successfully authenticated. If present and valid, traffic

received on the supplicant’s port will be classified to the given QoS

Class. If (re-)authentication fails or the RADIUS Access-Accept packet

no longer carries a QoS Class or it's invalid, or the supplicant is

otherwise no longer present on the port, the port's QoS Class is

immediately reverted to the original QoS Class (which may be changed

by the administrator in the meanwhile without affecting the RADIUS-

assigned setting).
This option is only available for single-client modes, i.e. port-based

802.1X and Single 802.1X.

RADIUS Attributes Used in Identifying a QoS Class

The User-Priority-Table attribute defined in RFC4675 forms the basis for

identifying the QoS Class in an Access-Accept packet.
Only the first occurrence of the attribute in the packet will be

considered. To be valid, all 8 octets in the attribute's value must be

identical and consist of ASCII characters in the range '0' - '3', which

translates into the desired QoS Class in the range 0-3.
QoS assignments to be applied to a switch port for an authenticated

user may be configured on the RADIUS server as described below:

■

The “Filter-ID” attribute (attribute 11) can be configured on the

RADIUS server to pass the following QoS information:

■

Multiple profiles can be specified in the Filter-ID attribute by using a

semicolon to separate each profile.
For example, the attribute “service-policy-in=pp1;rate-limit-

input=100” specifies that the diffserv profile name is “pp1,” and the

ingress rate limit profile value is 100 kbps.

■

If duplicate profiles are passed in the Filter-ID attribute, then only

the first profile is used.
For example, if the attribute is “service-policy-in=p1;service-policy-

in=p2”, then the switch applies only the DiffServ profile “p1.”

■

Any unsupported profiles in the Filter-ID attribute are ignored.

Table 7: Dynamic QoS Profiles

Profile

Attribute Syntax

Example

DiffServ

service-policy-in

policy-map-name

service-policy-in=p1

Rate Limit

rate-limit-input

rate

rate-limit-input=100

(in units of Kbps)

802.1p

switchport-priority-default

value

switchport-priority-default=2

Содержание GEP-5070

Страница 1: ...GEP 5070 48 GE PoE Plus 2 GE SFP L2 Managed Switch User Manual V1 0...

Страница 2: ......

Страница 3: ...USER MANUAL GEP 5070 Layer 2 Gigabit Ethernet Switch with 48 10 100 1000BASE T PoE Plus Ports RJ 45 and 2 Gigabit Ethernet SFP Ports GEP 5070 E042013 ST R01...

Страница 4: ......

Страница 5: ...our attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that...

Страница 6: ...ABOUT THIS GUIDE 6...

Страница 7: ...N II WEB CONFIGURATION 33 3 USING THE WEB INTERFACE 35 Navigating the Web Browser Interface 35 Home Page 35 Configuration Options 36 Panel Display 36 Main Menu 36 4 CONFIGURING THE SWITCH 45 Configuri...

Страница 8: ...DHCP Snooping 107 Configuring DHCP Relay and Option 82 Information 109 Configuring IP Source Guard 111 Configuring ARP Inspection 114 Specifying Authentication Servers 117 Creating Trunk Groups 119 C...

Страница 9: ...VLANs 177 Protocol VLANs 179 Configuring Protocol VLAN Groups 179 Mapping Protocol Groups to Ports 181 Configuring IP Subnet based VLANs 182 Managing VoIP Traffic 183 Configuring VoIP Traffic 184 Conf...

Страница 10: ...nagement Statistics 229 Displaying Information About Switch Settings for Port Security 230 Displaying Information About Learned MAC Addresses 231 Displaying Port Status for Authentication Services 232...

Страница 11: ...ng IGMP Snooping Group Information 263 Showing IPv4 SFM Information 263 Showing MLD Snooping Information 264 Showing MLD Snooping Status 264 Showing MLD Snooping Group Information 266 Showing IPv6 SFM...

Страница 12: ...tion Files 290 Saving Configuration Settings 290 Restoring Configuration Settings 290 SECTION III APPENDICES 293 A SOFTWARE SPECIFICATIONS 295 Software Features 295 Management Features 296 Standards 2...

Страница 13: ...14 Authentication Server Operation 62 Figure 15 Authentication Method for Management Access 63 Figure 16 SSH Configuration 64 Figure 17 HTTPS Configuration 66 Figure 18 Access Management Configuratio...

Страница 14: ...anning Tree Internal Spanning Tree 128 Figure 48 STA Bridge Configuration 132 Figure 49 Adding a VLAN to an MST Instance 134 Figure 50 Configuring STA Bridge Priorities 135 Figure 51 STP RSTP CIST Por...

Страница 15: ...ure 82 Configuring Port DSCP Translation and Rewriting 196 Figure 83 Configuring DSCP based QoS Ingress Classification 197 Figure 84 Configuring DSCP Translation and Re mapping 198 Figure 85 Mapping D...

Страница 16: ...gure 119 RMON History Overview 250 Figure 120 RMON Alarm Overview 251 Figure 121 RMON Event Overview 251 Figure 122 LACP System Status 252 Figure 123 LACP Port Status 253 Figure 124 LACP Port Statisti...

Страница 17: ...ble 277 Figure 146 Showing VLAN Members 278 Figure 147 Showing VLAN Port Status 279 Figure 148 Showing MAC based VLAN Membership Status 280 Figure 149 Showing sFlow Statistics 282 Figure 150 ICMP Ping...

Страница 18: ...FIGURES 18...

Страница 19: ...upport 65 Table 6 SNMP Security Models and Levels 68 Table 7 Dynamic QoS Profiles 89 Table 8 QCE Modification Buttons 100 Table 9 Recommended STA Path Cost Range 136 Table 10 Recommended STA Path Cost...

Страница 20: ...TABLES 20...

Страница 21: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 22: ...SECTION I Getting Started 22...

Страница 23: ...y DHCP Snooping with Option 82 relay information IP Source Guard Access Control Lists Supports up to 512 rules DHCP Client DNS Client and Proxy service Port Configuration Speed duplex mode flow contro...

Страница 24: ...authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request use...

Страница 25: ...E LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of...

Страница 26: ...ed by using the STP backward compatible mode provided by RSTP STP provides loop detection When there are multiple physical paths between segments this protocol will choose a single path and disable al...

Страница 27: ...ecified interfaces based on protocol type IEEE 802 1Q TUNNELING QINQ This feature is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used...

Страница 28: ...ses IGMP Snooping and Query to manage multicast group registration for IPv4 traffic and MLD Snooping for IPv6 traffic It also supports Multicast VLAN Registration MVR which allows common multicast tra...

Страница 29: ...t Enabled 1 kpps Multicast disabled Unknown unicast disabled Spanning Tree Algorithm Status Enabled RSTP Defaults RSTP standard Edge Ports Enabled Address Table Aging Time 300 seconds Virtual LANs Def...

Страница 30: ...ent Disabled Snooping Disabled DNS Proxy service Disabled Multicast Filtering IGMP Snooping Snooping Disabled Querier Disabled MLD Snooping Disabled Multicast VLAN Registration Disabled System Log con...

Страница 31: ...ave addresses that start 192 168 1 x If the PC and switch are not on the same subnet you must manually set the PC s IP address to 192 168 1 x where x is any number from 1 to 254 except 10 4 Open your...

Страница 32: ...CHAPTER 2 Initial Switch Configuration 32 logging out To change the password click Security and then Users Select admin from the User Configuration list fill in the Password fields and then click Save...

Страница 33: ...detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 35 Configuring the Switch on page 45 Monitoring the Switch...

Страница 34: ...SECTION II Web Configuration 34...

Страница 35: ...the web browser interface you must first enter a user name and password The administrator has Read Write access to all configuration parameters and statistics The default user name and password for t...

Страница 36: ...an define system parameters manage and control the switch and all its ports or monitor network conditions The following table briefly describes the selections available from this program Table 3 Web P...

Страница 37: ...e mirroring 207 Advanced Configuration System2 Information Configures system contact name and location 45 IP Configures IPv4 and SNTP settings 46 IPv6 Configures IPv6 and SNTP settings 48 NTP Enables...

Страница 38: ...Configures global and port settings for IEEE 802 1X 85 ACL Access Control Lists 96 Ports Assigns ACL rate limiter and other parameters to ports 96 Rate Limiters Configures rate limit policies 98 Acce...

Страница 39: ...Protocol Snooping 145 Basic Configuration Configures global and port settings for multicast filtering 145 VLAN Configuration Configures IGMP snooping per VLAN interface 149 Port Group Filtering Confi...

Страница 40: ...ames entering the ingress queue of specified ports 188 Port Scheduler Provides overview of QoS Egress Port Schedulers including the queue mode and weight also configures egress queue mode queue shaper...

Страница 41: ...Control List entries 225 Detailed Statistics Shows detailed Ethernet port statistics 226 Security 229 Access Management Statistics Displays the number of packets used to manage the switch via HTTP HT...

Страница 42: ...Shows all logged events 251 LACP Link Aggregation Control Protocol 252 System Status Displays administration key and associated local ports for each partner 252 Port Status Displays administration key...

Страница 43: ...Energy Efficient Ethernet information advertised through LLDP messages 272 Port Statistics Displays statistics for all connected remote devices and statistics for LLDP protocol packets crossing each p...

Страница 44: ...es in the switch and allows you to revert to the alternate image 289 Configuration 290 Save Saves configuration settings to a file on the management station 290 Upload Restores configuration settings...

Страница 45: ...ETERS These parameters are displayed System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters...

Страница 46: ...ined via DHCP by default If the switch does not receive a response from a DHCP server it will default to the IP address 192 168 1 1 and subnet mask 255 255 255 0 You can manually configure a specific...

Страница 47: ...ame Server to which client requests for mapping host names to IP addresses are forwarded IP DNS Proxy Configuration DNS Proxy If enabled the switch maintains a local database based on previous respons...

Страница 48: ...ros required to fill the undefined fields When configuring a link local address note that the prefix length is fixed at 64 bits and the host portion of the default address is based on the modified EUI...

Страница 49: ...f the address comprise the prefix i e the network portion of the address Default 96 bits Note that the default prefix length of 96 bits specifies that the first six colon separated values comprise the...

Страница 50: ...the switch periodically sends a request for a time update to a configured time server You can configure up to five time server IP addresses The switch will attempt to poll each server in the configur...

Страница 51: ...t and mornings have less This is known as Daylight Savings Time or Summer Time Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn PATH Basic Adv...

Страница 52: ...summer time To End time for summer time Offset The number of minutes to add during Daylight Saving Time Range 1 1440 WEB INTERFACE To set the time zone or Daylight Savings Time 1 Click Configuration S...

Страница 53: ...ot exist PARAMETERS These parameters are displayed Server Mode Enables disables the logging of debug or error messages to the remote logging process Default Disabled Server Address Specifies the IPv4...

Страница 54: ...must agree upon the value of the wakeup time in order to make sure that both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devices can exchange i...

Страница 55: ...or manual selection The following options are supported Disabled Disables the interface You can disable an interface due to abnormal behavior e g excessive collisions and then re enable it after the p...

Страница 56: ...tually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Maximum Frame Size Sets the maximum transfer unit for tra...

Страница 57: ...on the switch or remote authentication of users via a RADIUS or TACACS server Additional authentication methods includes Secure Shell SSH Secure Hypertext Transfer Protocol HTTPS over the Secure Sock...

Страница 58: ...soon as possible and store it in a safe place The administrator has a privilege level of 15 with access to all process groups and full control over the device If the privilege level is set to any oth...

Страница 59: ...ctions except for maintenance and debugging 10 read and write access of all system functions except for maintenance and debugging 15 read and write access of all system functions including maintenance...

Страница 60: ...erything except for VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privileg...

Страница 61: ...RADIUS or TACACS remote access authentication server Note that the RADIUS servers used to authenticate client access for IEEE 802 1X port authentication are also configured on this page see page 85 R...

Страница 62: ...authentication method and the corresponding parameters for the remote authentication protocol on the Network Access Server Configuration page Local and remote logon authentication can be used to contr...

Страница 63: ...ication method Options None Local RADIUS TACACS Default Local Selecting the option None disables access through the specified management interface Fallback Uses the local user database for authenticat...

Страница 64: ...or management via the SSH protocol The switch supports both SSH Version 1 5 and 2 0 clients SSH service on this switch only supports password authentication The password can be authenticated either lo...

Страница 65: ...r encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Mozilla Firefox 2 0...

Страница 66: ...ch Access Management PARAMETERS These parameters are displayed Mode Enables or disables filtering of management access based on configured IP addresses Default Disabled Start IP Address The starting a...

Страница 67: ...by the agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions...

Страница 68: ...es or disables SNMP service Default Disabled Table 6 SNMP Security Models and Levels Model Level Community String Group Read View Write View Security v1 noAuth NoPriv public default_ro_group default_v...

Страница 69: ...against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engin...

Страница 70: ...raffic You should consider these effects when deciding whether to issue notifications as traps or informs Trap Inform Timeout The number of seconds to wait for an acknowledgment before resending an in...

Страница 71: ...ice on the switch specify the SNMP version to use change the community access strings if required and set the engine ID if SNMP version 3 is used 3 In the SNMP Trap Configuration table enable the Trap...

Страница 72: ...nly Default public private For SNMPv3 these strings are treated as a Security Name and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 Groups Configuration table see Configuring SNMPv...

Страница 73: ...vice where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using t...

Страница 74: ...NMPv3 groups An SNMPv3 group defines the access policy for assigned users restricting them to specific read and write views as defined on the SNMPv3 Access Configuration page page 76 You can use the p...

Страница 75: ...he those configured in the SNMPv3 Users Configuration menu 5 Enter a group name Note that the views assigned to a group must be specified on the SNMP Accesses Configuration menu see page 76 6 Click Sa...

Страница 76: ...PV3 GROUP ACCESS RIGHTS Use the SNMPv3 Access Configuration page to assign portions of the MIB tree to which each SNMPv3 group is granted access You can assign more than one view to a group to specify...

Страница 77: ...n independently perform a wide range of tasks significantly reducing network management traffic It can continuously run diagnostics and log information on network performance If an event is triggered...

Страница 78: ...ons and frames of various sizes PARAMETERS The following parameters are displayed ID Index to this entry Range 1 65535 Data Source Port identifier WEB INTERFACE To enable regular sampling of statistic...

Страница 79: ...tilization PARAMETERS The following parameters are displayed ID Index to this entry Range 1 65535 Data Source Port identifier Interval The polling interval Range 1 3600 seconds Default 1800 seconds Bu...

Страница 80: ...sampled Only variables of the type ifEntry n n may be sampled Note that ifEntry n uniquely defines the MIB variable and ifEntry n n defines the MIB variable plus the ifIndex For example 1 3 6 1 2 1 2...

Страница 81: ...erated Range 1 65535 Falling Threshold If the current value is less than the falling threshold and the last sample value was greater than this threshold then an alarm will be generated After a falling...

Страница 82: ...settings for event logging see Configuring Remote Log Messages on page 53 snmptrap Sends a trap message to all configured trap managers see Configuring SNMP System and Trap Settings on page 68 logandt...

Страница 83: ...ging as discussed under Aging Period With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such fram...

Страница 84: ...new addresses will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port...

Страница 85: ...open and easy access to network resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intru...

Страница 86: ...MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security However note that the only encryption method supported by...

Страница 87: ...he user to have special 802 1X software installed on his system The switch uses the client s MAC address to authenticate against the backend server However note that intruders can create counterfeit M...

Страница 88: ...t enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication does not cause direct communication between the switch and the client so this will no...

Страница 89: ...cept packet Only the first occurrence of the attribute in the packet will be considered To be valid all 8 octets in the attribute s value must be identical and consist of ASCII characters in the range...

Страница 90: ...er is denied access While a port has an assigned dynamic QoS profile any manual QoS configuration changes only take effect after all users have logged off the port RADIUS Assigned VLAN Enabled RADIUS...

Страница 91: ...used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Privat...

Страница 92: ...OL Success frame after entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the...

Страница 93: ...ted on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast...

Страница 94: ...e The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The...

Страница 95: ...client authentication using one of the methods described below Note that the restart buttons are only enabled when the switch s authentication mode is globally enabled under System Configuration and t...

Страница 96: ...eny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to another port or to the system log...

Страница 97: ...rameter on the ACL Ports Configuration page Then open the Mirror Configuration page set the Port to mirror on field to the required destination port and leave the Mode field Disabled Logging Enables l...

Страница 98: ...l List Configuration menu page 99 PATH Advanced Configuration Security Network ACL Rate Limiters PARAMETERS These parameters are displayed Rate Limiter ID Rate limiter identifier Range 0 14 Default 1...

Страница 99: ...order from top to bottom A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the frame is accepted The maximum number of ACL r...

Страница 100: ...ame to match Action Shows whether a frame is permitted or denied when it matches an ACL rule Rate Limiter Shows if rate limiting will be enabled or disabled when matching frames are found Port Redirec...

Страница 101: ...C address Options Any Specific user defined Default Any DMAC Filter The type of destination MAC address Options Any MC multicast BC broadcast UC unicast Specific user defined Default Any Ethernet Type...

Страница 102: ...ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Default Any RARP DMAC Match Specifies whether frames can be matched according to their target...

Страница 103: ...ode of an ICMP packet to filter for this rule Options Any Specific 0 255 Default Any UDP Parameters Source Port Filter Specifies the UDP source filter for this rule Options Any Specific 0 65535 Range...

Страница 104: ...d 0 TCP frames where the URG field is set must not match this entry 1 TCP frames where the URG field is set must match this entry Default Any IP TTL Specifies the time to Live settings for this rule O...

Страница 105: ...ter and port mirroring set on the general Mirror Configuration page are implemented independently To use ACL based mirroring enable the Mirror parameter on the ACE Configuration page Then open the Mir...

Страница 106: ...ttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 When editing an entry on the ACE Configuration page note that the items displayed depend on v...

Страница 107: ...rusted interface from a device not listed in the DHCP snooping table will be dropped Table entries are only learned for trusted interfaces An entry is added or removed dynamically to the DHCP snooping...

Страница 108: ...a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when t...

Страница 109: ...the DHCP response to the client DHCP also provides a mechanism for sending information about the switch and its DHCP clients to the DHCP server Known as DHCP Option 82 it allows compatible DHCP serve...

Страница 110: ...ts the DHCP relay policy for DHCP client packets that include Option 82 information Replace Overwrites the DHCP client packet information with the switch s relay information This is the default Keep R...

Страница 111: ...all entries in the DHCP Snooping binding table and IP Source Guard Static Table If no matching entry is found the packet is dropped NOTE Multicast addresses cannot be used by IP Source Guard When ena...

Страница 112: ...en both Global Mode and Port Mode on a given port are enabled will ARP Inspection take effect on a given port Default Disabled Max Dynamic Clients Specifies the maximum number of dynamic clients that...

Страница 113: ...s learned via DHCP snooping are configured by the DHCP server itself Static bindings are processed as follows If there is no entry with the same VLAN ID and MAC address a new entry is added to the sta...

Страница 114: ...provides protection against ARP traffic with invalid MAC to IP address bindings which forms the basis for certain man in the middle attacks This is accomplished by intercepting all ARP requests and r...

Страница 115: ...l not affect the ARP Inspection configuration of any ports When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual ports These configuration changes wi...

Страница 116: ...ION Use the Static ARP Inspection Table to bind a static address to a port Table entries include a port identifier VLAN identifier source MAC address in ARP request packets and source IP address in AR...

Страница 117: ...l management access based on a list of user names and passwords configured on a RADIUS or TACACS remote access authentication server and to authenticate client access for IEEE 802 1X port authenticati...

Страница 118: ...f authentication server used for authentication messages Range 1 65535 Default 0 If the UDP port is set to 0 zero the switch will use 1812 for RADIUS authentication servers 1813 for RADIUS accounting...

Страница 119: ...configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can automatically negotiate a trunked link with LACP conf...

Страница 120: ...ings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added or del...

Страница 121: ...ll be assigned The following options are supported Source MAC Address All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk...

Страница 122: ...identifier Port Members Port identifier WEB INTERFACE To configure a static trunk 1 Click Configuration Aggregation Static 2 Select one or more load balancing methods to apply to the configured trunk...

Страница 123: ...f an LACP trunk must be configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will be shown on the LACP System Status page page 252 and LACP...

Страница 124: ...U interval to 30 seconds Default Fast Fast Specifies a fast timeout of 3 seconds Slow Specifies a slow timeout of 90 seconds Prio If a link goes down LACP port priority is used to select a backup link...

Страница 125: ...anged once you determine what kind of packets are being looped back Loopback detection must be enabled both globally and on an interface for loopback detection to take effect PARAMETERS These paramete...

Страница 126: ...tions Shutdown Port Shutdown Port and Log Log Only Tx Mode Controls whether the port is actively generating loop protection PDUs or whether it is just passively looking for looped PDUs Default Enabled...

Страница 127: ...ng a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root por...

Страница 128: ...aining all commonly configured MSTP bridges Figure 46 MSTP Region Internal Spanning Tree Multiple Spanning Tree An MST Region consists of a group of interconnected bridges that have the same MST Confi...

Страница 129: ...rating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol1 RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynami...

Страница 130: ...t device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 128 Range...

Страница 131: ...lt 6 Advanced Settings Edge Port BPDU Filtering BPDU filtering allows you to avoid transmitting BPDUs on configured edge ports that are connected to end nodes By default STA sends BPDUs to all ports r...

Страница 132: ...rovides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a...

Страница 133: ...e2 The name for this MSTI Maximum length 32 characters Default switch s MAC address Configuration Revision2 The revision for this MSTI Range 0 65535 Default 0 MSTI Mapping MSTI Instance identifier to...

Страница 134: ...nfigure Range CIST MIST1 7 Priority The priority of a spanning tree instance Range 0 240 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53284 57344 61...

Страница 135: ...ports of the same media type to indicate the preferred path edge port to indicate if the attached device can support fast forwarding or link type to indicate a point to point connection or shared medi...

Страница 136: ...e path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority...

Страница 137: ...is can cause a lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influencing the spanning tree active topology pos...

Страница 138: ...a point to point link while a half duplex interface is assumed to be on a shared link Forced True A point to point connection to exactly one other bridge Forced False A shared connection to two or mor...

Страница 139: ...d and duplex mode used on each port and configures the path cost according to the values shown in Table 9 Table 10 and Table 11 Priority Defines the priority used for this port in the Spanning Tree Al...

Страница 140: ...rovided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong Even though common multicast streams are passed onto different VLAN groups from the MVR V...

Страница 141: ...st data associated with an MVR group is sent from all designated source ports to all receiver ports that have registered to receive data from that multicast group Default Disabled VLAN Interface Setti...

Страница 142: ...the MVR operational mode for any port MVR must also be globally enabled on the switch for this setting to take effect MVR only needs to be enabled on a receiver port if there are subscribers receiving...

Страница 143: ...ontrol whether or not membership reports are sent from source ports specify whether or not control frames are tagged with the MVR ID set the priority and last member query interval 4 Optionally enable...

Страница 144: ...the address to indicate the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is reserved PARAMETERS These parameters are displayed VLAN ID Displays th...

Страница 145: ...lticast traffic and query messages may not be received by the switch In this case Layer 2 IGMP Query can be used to actively ask the attached hosts if they want to receive a specific multicast service...

Страница 146: ...and Unregistered IPMC Flooding is disabled any subsequent multicast traffic not found in the table is dropped otherwise it is flooded throughout the VLAN IGMP SSM Range The Source Specific Multicast R...

Страница 147: ...e switch will generate and send a group specific GS query to the member port which received the leave message and then start the last member query timer for that port When the conditions in the preced...

Страница 148: ...r querier will send a GS query message when an IGMPv2 v3 group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the spec...

Страница 149: ...ed the switch will monitor network traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic Default Enabled When IGMP snooping is enabled globally the per VLA...

Страница 150: ...ral Queries are sent by the Querier Range 1 255 seconds Default 125 seconds An MLD general query message is sent by the switch at the interval specified by this attribute When this message is received...

Страница 151: ...FIGURING IGMP FILTERING Use the IGMP Snooping Port Group Filtering Configuration page to filter specific multicast traffic In certain switch applications the administrator may want to control the mult...

Страница 152: ...his switch supports MLD protocol version 1 MLDv1 control packets include Listener Query Listener Report and Listener Done messages equivalent to IGMPv2 query report and leave messages Remember that IG...

Страница 153: ...stered IPMCv6 Flooding is disabled any subsequent multicast traffic not found in the table is dropped otherwise it is flooded throughout the VLAN MLD SSM Range The Source Specific Multicast Range allo...

Страница 154: ...nsolicited multicast listener done report to the all routers address FF02 2 for MLDv1 Port Related Configuration Port Port identifier Router Port Sets a port to function as a router port which leads t...

Страница 155: ...ets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port any new MLD listener reports will be dropped WEB INTERFACE To conf...

Страница 156: ...s this IPv6 address as the query source address The querier will not start or will disable itself after having started if it detects an IPv6 multicast router on the network Compatibility Compatibility...

Страница 157: ...en the leave message is received by the switch it checks to see if this host is the last to leave the group by sending out an MLD group specific or group and source specific query message and starts a...

Страница 158: ...port are checked against the these groups If a requested multicast group is denied the MLD report is dropped WEB INTERFACE To configure MLD Snooping Port Group Filtering 1 Click Configuration IPMC ML...

Страница 159: ...agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner TTL in seconds is based on the following rule Transmission Interval Tr...

Страница 160: ...r devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch When CDP awareness for a port is disabled the CDP information is not removed immediately but will b...

Страница 161: ...nterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual...

Страница 162: ...in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Con...

Страница 163: ...Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Pr...

Страница 164: ...Call Service e g 911 and others such as defined by TIA or NENA ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN tr...

Страница 165: ...uto generated and will be used when selecting the polices that will be mapped to the specific ports Application Type Intended use of the application types Voice For use by dedicated IP Telephony hands...

Страница 166: ...802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame form...

Страница 167: ...the Power Over Ethernet Configuration page to set the maximum PoE power provided to a port the maximum power budget for the switch power available to all RJ 45 ports the port PoE operating mode power...

Страница 168: ...be controlled within the switch s power budget Port power can be automatically turned on and off for connected devices and a per port power priority can be set so that the switch never exceeds its pow...

Страница 169: ...f power that the power supply can deliver or if the actual power consumption for a given port exceeds the power reserved for that port The ports are shut down according to port priority If two ports h...

Страница 170: ...3 Specify the port PoE operating mode port power allocation priority and the port power budget 4 Click Save Figure 64 Configuring PoE Settings CONFIGURING THE MAC ADDRESS TABLE Use the MAC Address Tab...

Страница 171: ...nt link will be lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface NOTE If the learning mode for a given port in the MAC Learning Ta...

Страница 172: ...ed anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to...

Страница 173: ...GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you...

Страница 174: ...orts PARAMETERS These parameters are displayed Ethertype for Custom S ports When Port Type is set to S custom port the EtherType also called the Tag Protocol Identifier or TPID of all frames received...

Страница 175: ...f ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded If ingress filtering is disabled and a port receives frames tagge...

Страница 176: ...are devices including the destination host the switch should first strip off the VLAN tag before forwarding the frame Port VLAN ID VLAN ID assigned to untagged frames received on the interface Range 1...

Страница 177: ...re displayed Port Number Port identifier WEB INTERFACE To configure isolated ports 1 Click Configuration Private VLANs Port Isolation 2 Mark the ports which are to be isolated from each other 3 Click...

Страница 178: ...C address which is to be mapped to a specific VLAN The MAC address must be specified in the format xx xx xx xx xx xx VLAN ID VLAN to which ingress traffic matching the specified source MAC address is...

Страница 179: ...want to use page 173 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for e...

Страница 180: ...0x0600 0xffff and if value of the OUI is other than 00 00 00 then valid value of the PID will be any value from 0x0000 to 0xffff Group Name The name assigned to the Protocol VLAN Group This name must...

Страница 181: ...rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the...

Страница 182: ...no IP subnet is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID PATH Advanced Configuration VCL IP Subnet based VLAN COMMAND USAGE Each IP subnet can be ma...

Страница 183: ...ic Traffic isolation can provide higher voice quality by preventing excessive packet delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of...

Страница 184: ...ers on page 174 Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port Range 10 10 000 000 seconds Default 86400 seconds Traffic Clas...

Страница 185: ...OUI numbers are assigned to manufacturers and form the first three octets of a device MAC address MAC address OUI numbers must be configured in the Telephony OUI list so that the switch recognizes th...

Страница 186: ...equipment can be configured on the switch so that traffic from these devices is recognized as VoIP NOTE Making any changes to the OUI table will restart the auto detection process for attached VoIP d...

Страница 187: ...e manner in which an individual device handles traffic is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end Quality of S...

Страница 188: ...ssified in any other way Range 0 1 Default 0 DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification see page 196 WEB INTERFACE To set the basic QoS parameters for a port 1 Click Advance...

Страница 189: ...kbps Flow Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames WEB INTERFACE To configure ingress port policing 1 Click Adva...

Страница 190: ...eues 7 and 8 Queue Shaper Controls whether queue shaping is enabled for this queue on this port Enable Enables or disables queue shaping Default Disabled Rate Controls the rate for the queue shaper Th...

Страница 191: ...s WEB INTERFACE To show an overview of the queue mode and weight used by egress ports 1 Click Configuration QoS Port Scheduler 2 Click on any enter under the Port field to configure the Port Scheduler...

Страница 192: ...igure egress queue mode queue shaper rate and access to excess bandwidth and port shaper PATH Advanced Configuration QoS Port Shaper PARAMETERS These parameters are displayed Displaying QoS Egress Por...

Страница 193: ...fied PCP DEI values default PCP DEI values or mapped versions of QoS class and drop priority PATH Advanced Configuration QoS Port Tag Remarking PARAMETERS These parameters are displayed Displaying Por...

Страница 194: ...I Remarks matching egress frames with the specified Drop Eligible Indicator Range 0 1 Default 0 WEB INTERFACE To show the QoS Egress Port Tag Remarking mode used for each port 1 Click Advanced Configu...

Страница 195: ...iguration page to configure ingress translation and classification settings and egress re writing of DSCP values PATH Advanced Configuration QoS Port DSCP PARAMETERS These parameters are displayed Por...

Страница 196: ...mapped DSCP value is either taken from the DSCP Translation table Egress Remap DP0 or DP1 field see page 198 Remap DP Unaware Frame with DSCP from analyzer is remapped and remarked with the remapped D...

Страница 197: ...rames QoS Class QoS value to which the corresponding DSCP value is classified for ingress processing Range 0 7 Default 0 DPL Drop Precedence Level to which the corresponding DSCP value is classified f...

Страница 198: ...Ingress Translate Enables ingress translation of DSCP values based on the specified classification method Ingress Classify Enable Classification at ingress side as defined in the QoS Port DSCP Config...

Страница 199: ...CP Classification 2 Map key DSCP values to a corresponding QoS class 3 Click Save Figure 85 Mapping DSCP to QoS CONFIGURING QOS CONTROL LISTS Use the QoS Control List Configuration page to configure Q...

Страница 200: ...Eligible Indicator Options 0 1 or Any Action Indicates the classification action taken on ingress frame if the configured parameters are matched in the frame s content If a frame matches the QCE the f...

Страница 201: ...ound in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX LLC Link Logical Control includes the following settings SSAP Address Source Service Access Point address Options Any...

Страница 202: ...it smaller than the original packet s size DSCP Diffserv Code Point value Options Any specific value of 0 63 BE CS1 CS7 EF or AF11 AF43 or Range Default Any IPv6 IPv6 frame type includes the following...

Страница 203: ...ue or left unchanged Options 0 63 BE CS1 CS7 Default not changed Default setting Default WEB INTERFACE To configure QoS Control Lists 1 Click Advanced Configuration QoS QoS Control List 2 Click the bu...

Страница 204: ...st multicast or unknown unicast traffic Any packets exceeding the specified threshold will then be dropped Note that the limit specified on this page applies to each port PATH Configuration QoS Storm...

Страница 205: ...s or resending them at the same rate If a significant percentage of the network s traffic employs these protocols it is not advisable to enable RED PATH Configuration QoS WRED PARAMETERS These paramet...

Страница 206: ...ESTION MANAGEMENT Use the Congestion Management page to specify whether or not to forward traffic when the destination port is congested Note that congestion Management does not apply to priority 6 an...

Страница 207: ...ed on the Mirroring RSPAN Configuration page mirroring will occur regardless of any configuration settings made on the ACL Ports Configuration page see Filtering Traffic with Access Control Lists on p...

Страница 208: ...ation port to which all mirrored traffic will be sent 5 Click Save Figure 90 Mirror Configuration CONFIGURING REMOTE PORT MIRRORING Use the Mirroring RSPAN Configuration page to mirror traffic from re...

Страница 209: ...tch on the Mirroring RSPAN configuration page by specifying switch type Destination the RSPAN VLAN intermediate ports and the destination port s where the mirrored traffic will be received RSPAN Limit...

Страница 210: ...y mirrored traffic Source port s reflector port and intermediate port s are located on this switch Intermediate Specifies this device as an intermediate switch transparently passing mirrored traffic f...

Страница 211: ...tination port can still send and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned WEB INTERFACE To configure remote port mirroring for an RSPAN source sw...

Страница 212: ...lick Save Figure 93 Mirror Configuration Intermediate To configure remote port mirroring for an RSPAN destination switch 1 Click Basic Advanced Configuration Mirroring RSPAN 2 Set the Mode to Enabled...

Страница 213: ...evice s description from the URL provided by the device in the discovery message After a control point has retrieved a description of the device it can send actions to the device s service To do this...

Страница 214: ...half of the advertising duration minus 30 seconds Range 100 86400 seconds Default 100 seconds WEB INTERFACE To configure UPnP 1 Click Configuration UPnP 2 Enable or disable UPnP then set the TTL and a...

Страница 215: ...ATH Advanced Configuration UPnP PARAMETERS These parameters are displayed Receiver Configuration Owner sFlow can be configured in two ways Through local management using the Web interface or through S...

Страница 216: ...ld be set to a value that avoids fragmentation of the sFlow datagrams Range 200 1468 bytes Default 1400 bytes Port Configuration Port Port identifier Flow Sampler The following parameters apply to flo...

Страница 217: ...CHAPTER 4 Configuring the Switch Configuring sFlow 217 Figure 96 sFlow Configuration...

Страница 218: ...CHAPTER 4 Configuring the Switch Configuring sFlow 218...

Страница 219: ...g the device name location and contact information PATH Monitor System Information PARAMETERS These parameters are displayed System To configure the following items see Configuring System Information...

Страница 220: ...ation DISPLAYING CPU UTILIZATION Use the CPU Load page to display information on CPU utilization The load is averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed...

Страница 221: ...the logged system and event messages PATH Monitor System Log PARAMETERS These parameters are displayed Display Filter Level Specifies the type of log messages to display Info Informational messages on...

Страница 222: ...splay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entrie...

Страница 223: ...S You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the number of pa...

Страница 224: ...nsmitted Errors Received Transmitted The number of frames received with errors and the number of incomplete transmissions Drops Received Transmitted The number of frames discarded due to ingress or eg...

Страница 225: ...ing entry of this QCE The information displayed in this field depends on the option selected in the drop down list at the top of this page Combined Static Voice VLAN Conflict QCE QoS Control Entry ind...

Страница 226: ...solved Figure 104 QoS Control List Status DISPLAYING DETAILED PORT STATISTICS Use the Detailed Port Statistics page to display detailed statistics on network traffic This information can be used to id...

Страница 227: ...received with CRC or alignment errors Rx Undersize The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed...

Страница 228: ...CHAPTER 5 Monitoring the Switch Displaying Information About Ports 228 WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 105 Detailed Port Statistics...

Страница 229: ...Management Statistics USAGE GUIDELINES Statistics will only be displayed on this page if access management is enabled on the Access Management Configuration menu see page 66 and traffic matching one o...

Страница 230: ...es to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules that may request port security services and on...

Страница 231: ...m number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on...

Страница 232: ...aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown WEB INTERFACE To display information about the MAC address learning through the Port Security...

Страница 233: ...RADIUS assigned is appended to the VLAN ID Refer to RADIUS Assigned VLAN Enabled for a description of this attribute see page 85 If the port is moved to the Guest VLAN Guest is appended to the VLAN ID...

Страница 234: ...to the Guest VLAN Guest is appended to the VLAN ID Refer to Guest VLAN Enabled for a description of this attribute see page 85 Port Counters Receive EAPOL Counters Total The number of valid EAPOL fra...

Страница 235: ...hallenges received from the backend server for this port left most table or client right most table Other Requests 802 1X based Counts the number of times that the switch sends an EAP Request packet f...

Страница 236: ...s the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table...

Страница 237: ...n list Figure 110 NAS Statistics for Specified Port DISPLAYING ACL STATUS Use the ACL Status page to show the status for different security modules which use ACL filtering including ingress port frame...

Страница 238: ...hich are not ICMP UDP or TCP Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicat...

Страница 239: ...ber of ACK option 53 with value 5 packets received and transmitted Rx Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx Tx Release The number of release option 53 wit...

Страница 240: ...number of packets relayed from the client to the server Transmit Error The number of packets containing errors that were sent to clients Receive from Server The number of packets received from the ser...

Страница 241: ...s relay information Keep Agent Option The number of packets received where the DHCP client packet information was retained Drop Agent Option The number of packets that were dropped because they alread...

Страница 242: ...tries sorted first by port then VLAN ID MAC address and finally IP address Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per pa...

Страница 243: ...mber of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet...

Страница 244: ...formed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Bad Authenticators The numb...

Страница 245: ...onds left Access attempts were made to this server but it did not reply within the configured timeout The server has been temporarily disabled but will be re enabled when the dead time expires The num...

Страница 246: ...server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other Info IP Address IP address and UDP port for the accounting serve...

Страница 247: ...RMON to display information on RMON statistics alarms and event responses DISPLAYING RMON STATISTICS Use the RMON Statistics Status Overview page to view a broad range of interface statistics includin...

Страница 248: ...Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but including FC...

Страница 249: ...Security Switch RMON History PARAMETERS These parameters are displayed History Index Index of History control entry Sample Index Index of the data entry associated with the control entry Sample Start...

Страница 250: ...and falling threshold Variable MIB object to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds For more information se...

Страница 251: ...hreshold WEB INTERFACE To display RMON alarm settings click Monitor Security Switch RMON Alarm Figure 120 RMON Alarm Overview DISPLAYING RMON EVENT SETTINGS Use the RMON Alarm Event page to display co...

Страница 252: ...Aggr ID The Aggregation ID associated with this Link Aggregation Group LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Last Cha...

Страница 253: ...he LACP protocol i e its MAC address Partner Port The partner port connected to this local port Partner Priority The partner port priority used to select a backup link WEB INTERFACE To display LACP st...

Страница 254: ...e parameters are displayed Port Port identifier Action Configured port action i e the response to take when a loop is detected on a port Transmit Configured port transmit mode i e whether the port is...

Страница 255: ...itch has been accepted as the root device Root Port The number of the port on this switch that is closest to the root This switch communicates with the root device through this port If there is no roo...

Страница 256: ...isplays the current state of this port in the Spanning Tree Blocking Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an i...

Страница 257: ...e Status To display detailed information on a single STP bridge instance along with port state for all active ports associated 1 Click Monitor Spanning Tree Bridge Status 2 Click on an entry in the ST...

Страница 258: ...orward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the...

Страница 259: ...display information on spanning port statistics click Monitor Spanning Tree Port Statistics Figure 129 Spanning Tree Port Statistics DISPLAYING MVR INFORMATION Use the monitor pages for MVR to display...

Страница 260: ...messages used by MVR and to shows information about the interfaces associated with multicast groups assigned to the MVR VLAN PATH Monitor MVR Group Information PARAMETERS These parameters are displaye...

Страница 261: ...p The IP address of a multicast group detected on this interface Port Port identifier Mode The filtering mode maintained per VLAN ID port number and Group Address It can be either Include or Exclude S...

Страница 262: ...er Host Version IGMP version used when used by this switch when serving as a host in IGMP proxy mode Querier Status Shows the Querier status as ACTIVE or IDLE When enabled the switch can serve as the...

Страница 263: ...ers are displayed VLAN ID VLAN Identifier Groups The IP address for a specific multicast service Port Members The ports assigned to the listed VLAN which propagate a specific multicast service WEB INT...

Страница 264: ...pe It can be either Allow or Deny Hardware Filter Switch Indicates whether the data plane destined to the specific group address from the source IPv4 address can be handled by the chip or not WEB INTE...

Страница 265: ...nsible for asking hosts if they want to receive multicast traffic Queries Transmitted The number of transmitted Querier messages Queries Received The number of received Querier messages V1 Reports Rec...

Страница 266: ...Figure 137 MLD Snooping Group Information SHOWING IPV6 SFM INFORMATION Use the MLD SFM Information page to display MLD Source Filtered Multicast information including group filtering mode include or e...

Страница 267: ...or Information page to display information about devices connected directly to the switch s ports which are advertising information through LLDP PATH Monitor LLDP Neighbors PARAMETERS These parameters...

Страница 268: ...out LLDP neighbors click Monitor LLDP Neighbors Figure 139 LLDP Neighbor Information DISPLAYING LLDP MED NEIGHBOR INFORMATION Use the LLDP MED Neighbor Information page to display information about a...

Страница 269: ...both Media Endpoints Class II and Generic Endpoints Class I LLDP MED Generic Endpoint Class I Applicable to all endpoint products that require the base LLDP discovery services defined in TIA 1057 howe...

Страница 270: ...under Configuring LLDP MED TLVs on page 162 Policy This field displays one of the following values Unknown The network policy for the specified application type is currently unknown Defined The netwo...

Страница 271: ...ORMATION Use the LLDP Neighbor Power Over Ethernet Information page to display the status of all LLDP PoE neighbors including power device type PSE or PD source of power power priority and maximum req...

Страница 272: ...page to displays Energy Efficient Ethernet information advertised through LLDP messages PATH Monitor LLDP EEE PARAMETERS These parameters are displayed Local Port The port on this switch which receiv...

Страница 273: ...ia LLDP Resolved Rx Tw The resolved Rx Tw for this link not the link partner The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP EEE in...

Страница 274: ...mes Number of LLDP PDUs received Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded Number of frames discarded because they did not conform to the general vali...

Страница 275: ...r and current used and PoE priority PATH Monitor PoE PARAMETERS These parameters are displayed Local Port The port on this switch which received the LLDP frame PD class Each PD is classified according...

Страница 276: ...address entries associated with the CPU and each port PATH Monitor MAC Address Table PARAMETERS These parameters are displayed Start from VLAN and MAC address with entries per page These input fields...

Страница 277: ...t services to configure VLAN membership and VLAN port settings such as the PVID or untagged VLAN ID This switch supports the following VLAN user modules Static Ports statically assigned to a VLAN thro...

Страница 278: ...r to the preceding section for a description of the software modules that use VLAN management services PATH Monitor VLANs VLAN Port PARAMETERS These parameters are displayed VLAN User A software modul...

Страница 279: ...et s behavior at the egress side If the VID of Ethernet frames leaving a port match the UVID these frames will be sent untagged Conflicts Shows whether conflicts exist or not When a software module re...

Страница 280: ...r Combined Includes all entries MAC Address A source MAC address which is mapped to a specific VLAN VLAN ID VLAN to which ingress traffic matching the specified source MAC address is forwarded Port Me...

Страница 281: ...the sFlow receiver Tx Errors The number of UDP datagrams that has failed transmission The most common source of errors is invalid sFlow receiver IP host name configuration To diagnose paste the recei...

Страница 282: ...CHAPTER 5 Monitoring the Switch Displaying Information About Flow Sampling 282 WEB INTERFACE 1 To display information on sampled traffic click Monitor sFlow Figure 149 Showing sFlow Statistics...

Страница 283: ...IPv4 address consists of 4 numbers 0 to 255 separated by periods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the app...

Страница 284: ...IPv4 or IPv6 Address 284 After you press Start the sequence number and round trip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are recei...

Страница 285: ...faults that can occur on Category 5 twisted pair cabling WEB INTERFACE To run cable diagnostics 1 Click Diagnostics VeriPHY 2 Select all ports or indicate a specific port for testing 3 Click Start If...

Страница 286: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 286...

Страница 287: ...aving configuration settings and resetting the switch RESTARTING THE SWITCH Use the Restart Device page to restart the switch PATH Maintenance Restart Device WEB INTERFACE To restart the switch 1 Clic...

Страница 288: ...ance Restart Device WEB INTERFACE To restore factory defaults 1 Click Maintenance Factory Defaults 2 Click Yes The factory defaults are immediately restored which means that no reboot is necessary Fig...

Страница 289: ...ront LED flashes Green Off at a frequency of 10 Hz while the firmware update is in progress Do not reset or power off the device at this time or the switch may fail to function afterwards Figure 154 S...

Страница 290: ...the file under which to save the current configuration settings The configuration file is in XML format The configuration parameters are represented as attribute values When saving the configuration...

Страница 291: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 291 Figure 157 Configuration Upload...

Страница 292: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 292...

Страница 293: ...293 SECTION III APPENDICES This section provides additional information and includes these items Software Specifications on page 295 Troubleshooting on page 299 License Information on page 301...

Страница 294: ...SECTION III Appendices 294...

Страница 295: ...ull duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a crit...

Страница 296: ...ts DSCP remarking ingress traffic policing and egress traffic shaping MULTICAST FILTERING IGMP Snooping IPv4 MLD Snooping IPv6 Multicast VLAN Registration ADDITIONAL FEATURES DHCP Client Relay Option...

Страница 297: ...EEE 802 1p Priority tags IEEE 802 1Q 2005 VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protoco...

Страница 298: ...RFC 2065 IPV6 ICMP MIB RFC 2066 IPV6 TCP MIB RFC 2052 IPV6 UDP MIB RFC 2054 MAU MIB RFC 3636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB...

Страница 299: ...t been disabled Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station...

Страница 300: ...witch follow these steps 1 Enable logging 2 Set the error messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages...

Страница 301: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 302: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Страница 303: ...These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Страница 304: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Страница 305: ...according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DHCP Dynamic Host Control Protocol Provides a framework for passing...

Страница 306: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Страница 307: ...1S An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1W An IEEE standard for the Rapid Spanning Tree Protocol RSTP which...

Страница 308: ...by this switch can pass multicast traffic along to participating hosts IP PRECEDENCE The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority l...

Страница 309: ...egion and prevents VLAN members from being segmented from the rest of the group MULTICAST SWITCHING A process whereby the switch filters incoming multicast frames for services for which no attached ho...

Страница 310: ...rity of one flow or limiting the priority of another flow RADIUS Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to...

Страница 311: ...T Defines a remote communication facility for interfacing to a terminal device over TCP IP TFTP Trivial File Transfer Protocol A TCP IP protocol commonly used for software downloads UDP User Datagram...

Страница 312: ...GLOSSARY 312...

Страница 313: ...46 relay information option 110 relay information option policy 110 DHCP snooping 107 DNS server 47 Domain Name Service See DNS downloading software 288 using HTTP 288 using TFTP 288 drop precedence Q...

Страница 314: ...D 162 logging syslog traps 53 to syslog servers 53 log in web interface 35 logon authentication 58 encryption keys 118 RADIUS client 118 RADIUS server 118 settings 117 118 TACACS client 61 TACACS serv...

Страница 315: ...on 181 public key 64 Q QCE quality control list entry 200 QCL status monitoring 225 QoS 187 class 188 control lists 199 drop precedence 188 DSCP classification 199 DSCP rewriting 195 DSCP translation...

Страница 316: ...setting 51 time setting 50 trap destination 69 trap manager 69 troubleshooting 299 trunk configuration 120 123 LACP 123 static 120 Type Length Value See LLDP TLV See LLDP MED TLV U unknown unicast sto...

Страница 317: ......

Страница 318: ...GEP 5070 E042013 ST R01...

Результаты поиска

Содержание GEP-5070

Отзывы:

Похожие инструкции для GEP-5070

Бренды по названию

Популярные бренды

LevelOne GEP-5070, Руководство пользователя

Результаты поиска

Содержание GEP-5070

Отзывы:

Похожие инструкции для GEP-5070

Бренды по названию

Популярные бренды