manualshive.com logo in svg

Linksys Smart Switch LGS3XX, Руководство пользователя

Linksys Smart Switch LGS3XX - это надежное коммутационное устройство для вашей домашней или рабочей сети. Получите полное понимание работы этого продукта, скачав бесплатное руководство по эксплуатации на manualshive.com. User Manual доступен для загрузки бесплатно, позволяя вам настраивать и использовать ваш переключатель максимально эффективно.

Поделиться
Скачать
background image

79

Table of Contents

Linksys

When an authentication method finishes successfully for a client 
authenticated by a method with a lower priority, the attributes of the new 
method are applied  When the new method fails, the client is left authorized 
with the old method 

802.1x-Based Authentication

The device supports the 802 1x authentication mechanism, as described in 
the standard, to authenticate and authorize 802 1x supplicants 

The 802 1x-based authenticator relays transparent EAP messages between

802 1x supplicants and authentication servers  The EAP messages between 
supplicants and the authenticator are encapsulated into the 802 1x messages, 
and the EAP messages between the authenticator and authentication servers 
are encapsulated into the RADIUS messages 

This is described in the following:

Figure 1   802 1x-Based Authentication

MAC-Based Authentication

MAC-based authentication is an alternative to 802 1X authentication that 
allows network access to devices (such as printers and IP phones) that do not 
have the 802 1X supplicant capability  MAC-based authentication uses the 
MAC address of the connecting device to grant or deny network access 

In this case, the switch supports EAP MD5 functionality with the username 
and password equal to the client MAC address, as shown below 

Figure 2 MAC-Based Authentication

The method does not have any specific configuration 

Guest VLAN

The guest VLAN provide access to services that do not require the subscribing 
devices or ports to be 802 1X or MAC-based authenticated and authorized 

The guest VLAN is the VLAN that is assigned to an unauthorized client  You 
can configure the guest VLAN and one or more VLANs to be unauthenticated 
in the Security > Network Access Control > Feature Configuration page 

The guest VLAN, if configured, is a static VLAN with the following characteristics:

 •

It must be manually defined from an existing static VLAN 

 •

The guest VLAN cannot be used as the Voice VLAN 

Host Modes with Guest VLAN

The host modes work with guest VLAN in the following way:

 •

Single-Host and Multi-Host Mode

Untagged traffic and tagged traffic belonging to the guest VLAN arriving 
on an unauthorized port are bridged via the guest VLAN  All other traffic 
is discarded 

Dynamic VLAN Assignment 

An authorized client can be assigned a VLAN by the RADIUS server, if this 
option is enabled in the Port Authentication page  This is called either 
Dynamic VLAN Assignment (DVA) or RADIUS-Assigned VLAN  In this guide, the 
term RADIUSAssigned VLAN is used 

Содержание Smart Switch LGS3XX

Страница 1: ...Smart Switch LGS3XX User Guide ...

Страница 2: ...10 System Information 10 Management Session Timeout 10 Time 10 Overview 10 System Time 11 SNTP Unicast Server 12 SNMP 14 SNMP Versions and Workflow 14 Feature Configuration 15 Views 16 Groups 17 Users 18 Communities 19 Notification Filters 20 SNMPv1 v2 Notification Recipients 20 SNMPv3 Notification Recipients 21 Logs 22 Log Management 22 Remote Log Servers 23 RAM Log 23 Flash Memory Log 23 Chapter...

Страница 3: ...1 Chapter 8 MAC Address Management 53 Dynamic MAC Addresses 53 Static MAC Addresses 53 Reserved MAC Addresses 54 Chapter 9 Multicast 55 Overview 55 Feature Configuration 56 IGMP MLD Snooping 57 Multicast Router Ports 58 Forward All 59 Unregistered Multicast 59 IGMP MLD IP Group Addresses 59 MAC Group Address FDB 60 IP Group Address FDB 60 Chapter 10 IP Interface 62 IPv4 62 Overview 62 IPv4 Interfa...

Страница 4: ...ontrol List 86 MAC Based ACL 87 MAC Based ACE 87 IPv4 Based ACL 88 IPv4 Based ACE 88 IPv6 Based ACL 89 IPv6 Based ACE 89 ACL Binding 90 Chapter 14 Quality of Service 91 Overview 92 Feature Configuration 93 Queue Scheduling 93 CoS 802 1p to Queue 94 DSCP to Queue 95 Bandwidth Control 95 Egress Shaping 96 Basic QoS 96 QoS Statistics 97 Chapter 15 Maintenance 97 Reboot 98 File Management 98 Overview ...

Страница 5: ...ess bar on the browser and then press Enter NOTE When the device is using the factory default IP address of 192 168 1 251 its power LED flashes continuously When the device is using a DHCP assigned IP address or an administrator configured static IP address the power LED is on solid Logging In The default username is admin and the default password is admin to log in to the Web based GUI STEP 1 Ope...

Страница 6: ...guration File Copy page and save the Running Configuration to the Startup Configuration file type on the device Apply Click to apply changes to the Running Configuration on the device If the device is rebooted the Running Configuration is lost unless it is saved to the Startup Configuration file type or another file type Click Save to display the Configuration File Copy page and save the Running C...

Страница 7: ...e To configure the device through the menu CLI do the following 1 Log on to the device through telnet The following menu is displayed 2 Enter your user name and password The main menu is displayed 3 Continue configuring the device 4 Click Logout to log out of the CLI menu ...

Страница 8: ...Unique vendor identification of the network management subsystem Firmware Version Firmware version number Boot Code Version Boot version number Hardware Version Hardware version number of the device Serial Number Serial number Device Status Fan Status Applicable only to models that have fans The following values are possible OK Fan is operating normally Fail Fan is not operating correctly Date Tim...

Страница 9: ... that were received Frames of 128 to 255 Bytes Number of frames containing 128 255 bytes that were received Frames of 256 to 511 Bytes Number of frames containing 256 511 bytes that were received Frames of 512 to 1023 Bytes Number of frames containing 512 1023 bytes that were received Packets of 1024 and More Bytes Number of frames containing 1024 2000 bytes and Jumbo Frames that were received To ...

Страница 10: ... framing bits but including FCS octets Jabbers Total number of received packets that were longer than 2000 octets This number excludes frame bits but includes FCS octets that had either a bad FCS Frame Check Sequence with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number Collisions Collisions received Utilization Percentage of current interface tr...

Страница 11: ...ndicates the action to be taken when the alarm occurs Alarm counters can be monitored by either absolute values or changes delta in the counter values To enter RMON alarms STEP 1 Click System Status RMON Alarms All previously defined alarms are displayed The fields are described in the Add RMON Alarm page below In addition to those fields the following field appears Counter Value Displays the valu...

Страница 12: ...freshed The available options are as follows No Refresh Statistics are not refreshed 15 Sec Statistics are refreshed every 15 seconds 30 Sec Statistics are refreshed every 30 seconds 60 Sec Statistics are refreshed every 60 seconds The Receive Statistics area displays information about incoming packets Unicast Packets Good Unicast packets received Multicast Packets Good Multicast packets received ...

Страница 13: ...ion the Quick Start page provides links to the most commonly used pages Link Name on the Page Linked Page Configure User Accounts and Management Access User Access Accounts Configure Device IP Address IPv4 Interface Create VLANs VLANs Configure VLAN Memberships VLAN Memberships Save Your Configuration Configuration File Copy Clicking on the Support link takes you to the device product support page...

Страница 14: ...ent Management Session Timeout STEP 2 Select the timeout for the following sessions from the corresponding list The default timeout value is 10 minutes Telnet Session Timeout Select the timeout for a Telnet session HTTP Session Timeout Select the timeout for an HTTP session HTTPs Session Timeout Select the timeout for an HTTPS session STEP 3 Click Apply to set the configuration settings on the dev...

Страница 15: ...l configuration of the time zone and DST becomes the Operational time zone and DST only if the dynamic configuration is disabled or fails NOTE The DHCP server must supply DHCP option 100 in order for dynamic time zone configuration to take place SNTP Modes The device can receive the system time from an SNTP server in one of the following ways Client Broadcast Reception passive mode SNTP servers br...

Страница 16: ... the DHCP server This acronym appears in the Actual Time field Time Zone Offset Select the difference in hours between Greenwich Mean Time GMT and the local time For example the Time Zone Offset for Paris is GMT 1 while the Time Zone Offset for New York is GMT 5 Time Zone Acronym Enter a user defined name that represents the time zone you have configured This acronym appears in the Actual Time fie...

Страница 17: ...going to be identified by its IP address or if you are going to select a well known SNTP server by name from the list NOTE To specify a well known SNTP server the device must be connected to the Internet and configured with a DNS server or configured so that a DNS server is identified by using DHCP See DNS Settings IP Version Select the version of the IP address Version 4 or Version 6 IPv6 Address...

Страница 18: ...sure message content Cipher Block Chaining CBC DES is used for encryption Either authentication alone can be enabled on an SNMP message or both authentication and privacy can be enabled on an SNMP message However privacy cannot be enabled without authentication Timeliness Protects against message delay or playback attacks The SNMP agent compares the incoming message time stamp to the message arriv...

Страница 19: ...S318P 16 Port Smart Gigabit PoE Switch enterprises 1 linksys 3955 smb 1000 3 18 2 LGS326P 24 Port Smart Gigabit PoE Switch enterprises 1 linksys 3955 smb 1000 3 26 2 The private Object IDs are placed under enterprises 1 linksys 3955 smb 1000 switch01 201 Feature Configuration The Engine ID is used by SNMPv3 entities to uniquely identify them An SNMP agent is considered an authoritative SNMP engine...

Страница 20: ... defined by the Object ID OID of the root of the relevant subtrees Either well known names can be used to specify the root of the desired subtree or an OID can be entered see Model OIDs Each subtree is either included or excluded in the view being defined The Views page enables creating and editing SNMP views The default views Default DefaultSuper cannot be changed Views can be attached to groups ...

Страница 21: ...thentication Read View Only authenticated users are allowed to read the view By default all users or community of a group can access all the MIB objects A group can be limited to specific view s based on the read write notify authentication and or privacy configurations Authentication Write View Only authenticated users are able to write the view Management access is write for the selected view Au...

Страница 22: ...device Engine User is connected to a different SNMP entity besides the local device If the remote Engine ID is defined remote devices receive inform messages but cannot make requests for information Select the remote engine ID Group Name Select the SNMP group to which the SNMP user belongs SNMP groups are defined in the Add Group page NOTE Users who belong to groups which have been deleted remain ...

Страница 23: ...V6 type that is visible and reachable from other networks Interface If the IPv6 address type is Link Local select whether it is received through a VLAN or ISATAP IP Address Enter the SNMP management station IP address Community Enter the community name used to authenticate the management station to the device Access Control Select one of the following Basic In this mode there is no connection to a...

Страница 24: ...ch SNMP notifications are sent and the types of SNMP notifications that are sent to each destination traps or informs The Add Edit pop ups enable configuring the attributes of the notifications An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred such as a link up down It is also possible to filter certain notifications ...

Страница 25: ... list Recipient IP Address Name Enter the IP address or server name of where the traps are sent UDP Port Enter the UDP port used to for notifications on the recipient device Notification Type Select whether to send traps or informs If both are required two recipients must be created User Name Select from the drop down list the user to whom SNMP notifications are sent In order to receive notificati...

Страница 26: ...nformation about an event You can select different severity levels for RAM and Flash logs These logs are displayed in the RAM Log page and Flash Memory Log page respectively Selecting a severity level to be stored in a log causes all of the higher severity events to be automatically stored in the log Lower severity events are not stored in the log For example if Warning is selected all severity le...

Страница 27: ...er Settings UDP Port Enter the UDP port to which the log messages are sent Facility Select a facility value from which system logs are sent to the remote server Only one facility value can be assigned to a server If a second facility code is assigned the first facility value is overridden Description Enter a server description Minimum Logging Level Select the minimum level of system log messages t...

Страница 28: ...es For Jumbo Frames to take effect the device must be rebooted after the feature is enabled STEP 3 To update the port settings select the desired port and click Edit STEP 4 Modify the following parameters Port Select the port number Port Settings Operational Status Displays whether the port is currently up or down If the port is down because of an error the description of the error is displayed Ad...

Страница 29: ...Select to connect this device to a station by using a straight through cable Auto Select to configure this device to automatically detect the correct pinouts for the connection to another device Description Enter the port description STEP 5 Click Apply The port settings are written to the Running Configuration file Link Aggregation This section describes how to configure LAGs It covers the followi...

Страница 30: ...Disable LACP on the LAG to make it static Assign up to eight member ports to the static LAG in the Port List to the LAG Port Member list Perform these actions in the LAGs page 2 Configure various aspects of the LAG such as speed and flow control by using the Edit LAG page To configure a dynamic LAG perform the following actions 1 Enable LACP on the LAG Assign up to 16 candidates ports to the dynam...

Страница 31: ...different from EEE in that Green Ethernet energy detect is enabled on all devices where only the gigabyte ports are enable with EEE The Green Ethernet feature can reduce overall power usage in the following ways Energy Detect Mode In this mode the switch conserves power when the operational status of a port is down Energy Detect Mode is supported on all ports Short Reach Mode This feature provides...

Страница 32: ...y without user interaction when it is enabled on the device NOTE If Auto Negotiation is not enabled on a port the EEE is disabled The only exception is if the link speed is 1GB then EEE will still be enabled even though Auto Negotiation is disabled Default Configuration By default 802 3 EEE is enabled globally and per port Interactions Between Features The following describe 802 3 EEE interactions...

Страница 33: ...EEE feature EEE Status Whether EEE is currently operating on the local port This is a function of whether it has been enabled Administrative Status whether it has been enabled on the local port and whether it is operational on the local port NOTE The window displays the Short Reach Energy Detect and EEE settings for each port however they are not enabled on any port unless they are also enabled gl...

Страница 34: ... power consumed on the port exceeds the port limit the port power is turned off Class Limit Power is limited based on the class of the connected PD For these settings to be active the system must be in PoE Class Limit mode That mode is configured in the PoE Feature Configuration page When the power consumed on the port exceeds the class limit the port power is turned off PoE Priority Example A 48 ...

Страница 35: ...s that the device can supply to all the connected PDs Consumed Power Amount of power in watts that is currently being consumed by the PoE ports Available Power Nominal power in watts minus the amount of consumed power STEP 3 Click Apply to save the PoE properties Port Limit Power Mode To configure port limit power mode do the following STEP 1 Click Configuration Port Management PoE Port Limit Powe...

Страница 36: ... LLDP MED Network Policy Overview Link Layer Discovery Protocol LLDP is a link layer protocol for directly connected LLDP capable neighbors to advertise themselves and their capabilities LLDP enables network managers to troubleshoot and enhance network management in multi vendor environments LLDP standardizes methods for network devices to advertise themselves to other systems and to store discove...

Страница 37: ...ding then LLDPcapable devices can hear each other only if they are in the same VLAN An LLDPcapable device may receive advertisements from more than one device if the LLDPincapable devices flood the LLDP packets Workflows Following are examples of actions that can be performed with the LLDP feature and in a suggested order You can refer to the LLDP CDP section for additional guidelines on LLDP conf...

Страница 38: ... 8 through 15 are reserved 802 3 MAC PHY Duplex and bit rate capability and the current duplex and bit rate settings of the sending device It also indicates whether the current settings are due to auto negotiation or manual configuration 802 3 Link Aggregation Whether the link associated with the port on which the LLDP PDU is transmitted can be aggregated It also indicates whether the link is curr...

Страница 39: ...tten to the Running Configuration file LLDP Local Information To view the LLDP local port status advertised on a port STEP 1 Click Configuration Port Management Discovery LLDP LLDP Local Information STEP 2 Select the desired port from the Port list This page displays the following groups of fields the actual fields displayed depend on the optional TLVs selected to be advertised Global Chassis ID S...

Страница 40: ...ible field values are the following Tagged Indicates the network policy is defined for tagged VLANs Untagged Indicates the network policy is defined for untagged VLANs User Priority Network policy user priority DSCP Network policy DSCP LLDP Neighbor Information The LLDP Neighbor Information page contains information that was received from neighboring devices After timeout based on the value receiv...

Страница 41: ...e Hardware Revision Hardware version Firmware Revision Firmware version Software Revision Software version Serial Number Device serial number Manufacturer Name Device manufacturer name Model Name Device model name Asset ID Asset ID Location Information Enter the following data structures in hexadecimal as described in section 10 2 4 of the ANSI TIA 1057 standard Civic Civic or street address Coord...

Страница 42: ... VLAN section for details on how the device maintains its voice VLAN To define an LLDP MED network policy STEP 1 Click Configuration Port Management LLDP MED Network This page contains previously created network policies STEP 2 When Network Policy for Voice Application is enabled the device automatically generates and advertises a network policy with the current voice VLAN configuration Go to Voic...

Страница 43: ...o the VLAN based on the PVID Port VLAN Identifier configured at the ingress port where the frame is received The frame is discarded at the ingress port if Ingress Filtering is enabled and the ingress port is not a member of the VLAN to which the packet belongs A frame is regarded as priority tagged only if the VID in its VLAN tag is 0 Frames belonging to a VLAN remain within the VLAN This is achie...

Страница 44: ...s It is distinct non static non dynamic and all ports are untagged members by default It cannot be deleted It cannot be given a label It cannot be used for any special role such as unauthenticated VLAN or Voice VLAN This is only relevant for OUI enabled voice VLAN If a port is no longer a member of any VLAN the device automatically configures the port as an untagged member of the default VLAN A po...

Страница 45: ...e VLAN s Interfaces The Interface Settings page displays and enables configuration of VLAN related parameters for all interfaces To configure the VLAN settings STEP 1 Click Configuration VLAN Management Interface Settings STEP 2 Select an interface type Port or LAG and click Search Ports or LAGs and their VLAN Membership are displayed STEP 3 To configure a Port or LAG select it and click Edit NOTE...

Страница 46: ...t the interface mode for the VLAN The options are Access The interface is an untagged member of a single VLAN A port configured in this mode is known as an access port Trunk The interface is an untagged member of one VLAN at most and is a tagged member of zero or more VLANs A port configured in this mode is known as a trunk port General Port The interface can support all functions as defined in th...

Страница 47: ... on the port makes the port part of internal VLAN 4095 a reserved VID Excluded The interface is currently not a member of the VLAN This is the default for all the ports and LAGs when the VLAN is newly created Tagged The interface is a tagged member of the VLAN This is not relevant for Access ports Untagged The interface is an untagged member of the VLAN Frames of the VLAN are sent untagged to the ...

Страница 48: ... VLAN STEP 2 Click Add STEP 3 Enter the values for the following fields Interface Enter a general interface port LAG through which traffic is received Group ID Select aVLAN group defined in the MAC Based Groups page VLAN ID Select the VLAN to which traffic from the VLAN group is forwarded STEP 4 Click Apply to set the mapping of the VLAN group to the VLAN This mapping does not bind the interface d...

Страница 49: ...onfigure the mapping and remarking CoS 802 1p of the voice traffic based on the OUI By default all interfaces are CoS 802 1p trusted The device applies the quality of service based on the CoS 802 1p value found in the voice stream In Auto Voice VLAN you can override the value of the voice streams using advanced QoS For Telephony OUI voice streams you can override the quality of service and optiona...

Страница 50: ... assigned per port to the voice packets in one of the following modes All Quality of Service QoS values configured to the Voice VLAN are applied to all of the incoming frames that are received on the interface and are classified to the Voice VLAN Telephony Source MAC Address SRC The QoS values configured for the Voice VLAN are applied to any incoming frame that is classified to the Voice VLAN and ...

Страница 51: ...e network topology is naturally tree structured and therefore faster convergence might be possible RSTP is enabled by default Spanning Tree The Spanning Tree page contains parameters for enabling STP or RSTP Use the STP Interface page and RSTP Interface page to configure ports with these modes respectively To set the STP status and global settings do the following STEP 1 Click Configuration Spanni...

Страница 52: ...able STP on the port BPDU Handling Select how BPDU packets are managed when STP is disabled on the port or the device BPDUs are used to transmit spanning tree information Use Global Settings Select to use the settings defined in the Spanning Tree page Filtering Filters BPDU packets when Spanning Tree is disabled on an interface Flooding Floods BPDU packets when Spanning Tree is disabled on an inte...

Страница 53: ...s STP Mode Select either STP or RSTP Point to Point Status Displays the point to point operational status if the Point to Point Administrative Status is set to Auto Port Role Displays the role of the port that was assigned by STP to provide STP paths The possible roles are as follows Root Lowest cost path to forward packets to the root bridge Designated The interface through which the bridge is co...

Страница 54: ...ping the same configuration revision number and the same region name Formatted Font 18 pt Formatted Indent Left 0 Managed Switch Administration Guide 57 Switches intended to be in the same MST region are never separated by switches from another MST region If they are separated the region becomes two separate regions The VLAN to MSTP instance mapping is done in the MSTP Properties page Each VLAN ca...

Страница 55: ...on Spanning Tree Management MSTP Instance Interface STEP 2 Enter the parameters MSTP Instance Select the MSTP instance to be configured Interface Type Select whether to display the list of ports or LAGs STEP 3 Click Search The following MSTP parameters for the interfaces on the instance are displayed Interface Select the interface for which the MSTI settings are to be defined Interface Priority Se...

Страница 56: ...rt mode is STP Type Displays the MST type of the port Boundary A Boundary port attaches MST bridges to a LAN in a remote region If the port is a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Internal The port is an internal port Designated Bridge ID Displays the ID number of the bridge that connects the link or shared LAN to the roo...

Страница 57: ...ses of frames entering the device To prevent this table from overflowing and to make room for new MAC addresses an address is deleted if no corresponding traffic is received for a certain period This period of time is the aging interval Configuring Dynamic MAC Address Aging Time To configure the aging interval for dynamic addresses do the following STEP 1 Click Configuration MAC Address Management...

Страница 58: ...The entry in the Reserved MAC Address Table can either specify the reserved MAC address or the reserved MAC address and a frame type To add an entry for a reserved MAC address STEP 1 Configuration Click MAC Address Tables Reserved MAC Addresses STEP 2 Click Add STEP 3 Enter the values for the following fields MAC Address Select the MAC address to be reserved Frame Type Select a frame type based on...

Страница 59: ...Multicast stream In this setup the router sends IGMP queries periodically These queries reach the device which in turn floods the queries to the VLAN and also learns the port where there is a Multicast router Mrouter When a host receives the IGMP query message it responds with an IGMP Join message saying that the host wants to receive a specific Multicast stream and optionally from a specific sour...

Страница 60: ...the VLAN To selectively forward only to relevant ports and filter drop the Multicast on the rest of the ports enable Bridge Multicast filtering status in the Feature Configuration page If filtering is enabled Multicast frames are forwarded to a subset of the ports in the relevant VLAN as defined in the Multicast Forwarding Data Base Multicast filtering is enforced on all traffic By default such tr...

Страница 61: ...s and determines the following Which ports are asking to join which Multicast groups on what VLAN Which ports are connected to Multicast routers Mrouters that are generating IGMP MLD queries Which ports are receiving PIM DVMRP or IGMP MLD query protocols These VLANs are displayed on the IGMP MLD Snooping page Ports asking to join a specific Multicast group issue an IGMP report that specifies which...

Страница 62: ...AN ID Select a VLAN on which to configure MLD Snooping MLD Snooping Status Select to enable MLD snooping globally on all interfaces Auto Learn MRouter Ports Select to enable Auto Learn of the Multicast router Immediate Leave Select to enable the switch to remove an interface that sends a leave message from the forwarding table without first sending out MAC based general queries to the interface Wh...

Страница 63: ...ort to join a Multicast group None The port is not currently a Forward All port STEP 5 Click Apply The Running Configuration file is updated Unregistered Multicast Multicast frames are generally forwarded to all ports in the VLAN If IGMP MLD Snooping is enabled the device learns about the existence of Multicast groups and monitors which ports have joined which Multicast group Multicast groups can ...

Страница 64: ...cast streams based on MAC group addresses and its destination address is a Layer 2 Multicast address the frame is forwarded to all ports that are members of the MAC group address The MAC Group Address FDB page has the following functions Query and view information from the MFDB relating to a specific VLAN ID or a specific MAC address group This data is acquired either dynamically through IGMP MLD ...

Страница 65: ...IP group address is the Multicast group ID S G to be displayed If mode is G enter an to indicate that the Multicast group is only defined by destination STEP 3 Click Search The results are displayed in the lower block STEP 4 Click Add to add a static IP Multicast group address STEP 5 Enter the parameters VLAN ID Defines the VLAN ID of the group to be added IP Group Address Define the IP address of...

Страница 66: ...n a VLAN is configured to use dynamic IP addresses the device issues DHCPv4 requests until it is assigned an IPv4 address from a DHCPv4 server The management VLAN can be configured with a static or dynamic IP address The IP address assignment rules for the device are as follows Unless the device is configured with a static IP address it issues DHCPv4 requests until a response is received from the ...

Страница 67: ... is required to send route a packet to a local device it searches the ARP table to obtain the MAC address of the device The ARP table contains dynamic addresses The device creates dynamic addresses from the ARP packets it receives Dynamic addresses age out after a configured time To define the ARP tables do the following STEP 1 Click Configuration IP Interface IPv4 ARP STEP 2 Enter the parameters ...

Страница 68: ... in a tentative state during DAD verification Entering 0 in this field disables duplicate address detection processing on the specified interface Entering 1 in this field indicates a single transmission without follow up transmissions IPv6 Address Auto Configuration Select to enable automatic address configuration from router advertisements sent by neighbors NOTE The device does not support statef...

Страница 69: ...ollowing fields for each default router Default Router IPv6 Address Link local IP address of the default router IPv6 Interface Outgoing IPv6 interface where the default router resides State Whether route is reachable or unreachable Type The default router configuration that includes the following options Static The default router was manually added to this table through the Add button Dynamic The ...

Страница 70: ...e device This is the IPv6 equivalent of the IPv4 ARP Table When the device needs to communicate with its neighbors the device uses the IPv6 Neighbor Table to determine the MAC addresses based on their IPv6 addresses This page displays the neighbors that were automatically detected Each entry displays to which interface the neighbor is connected the neighbor s IPv6 and MAC addresses the entry type ...

Страница 71: ...erence value a lower value means a higher chance of being used Configuration Source Source of the server s IP address static or DHCPv4 or DHCPv6 STEP 3 Up to eight DNS servers can be defined To add a DNS server click Add Enter the parameters IP Version Select Version 6 for IPv6 or Version 4 for IPv4 IPv6 Address Type Select the IPv6 address type if IPv6 is used The options are the following Global...

Страница 72: ...when DHCP snooping is disabled Option 82 Insertion Disabled DHCP Relay VLAN with IP Address DHCP Relay VLAN without IP Address Packet arrives without Option 82 Packet arrives with Option 82 Packet arrives without Option 82 Packet arrives with Option 82 Packet is sent without Option 82 Packet is sent with original Option 82 Relay Discards Option 82 Bridge Packet is sent without Option 82 If reply o...

Страница 73: ...interfaces only Forwarded to trusted interfaces only DHCPOFFER Filter Forward the packet according to DHCP information If the destination address is unknown the packet is filtered DHCPREQUEST Forward to trusted interfaces only Forward to trusted interfaces only DHCPACK Filter Same as DHCPOFFER and an entry is added to the DHCP Snooping Binding database DHCPNAK Filter Same as DHCPOFFER Remove entry...

Страница 74: ...ss Select to verify that the source MAC address of the Layer 2 header matches the client hardware address as appears in the DHCP Header part of the payload on DHCP untrusted ports Backup Database Select to back up the DHCP Snooping Binding database on the device s flash memory DHCP Interfaces DHCP Snooping can be enabled on any interface with an IP Address and on VLANs with or without an IP addres...

Страница 75: ...ich a packet is expected MAC Address MAC address of a packet IPv4 Address IP address of a packet Bindings Settings Interface Type of interface on which a packet is expected Type The possible field values are the following Dynamic Entry has limited lease time Static Entry was statically configured Lease Time If the entry is dynamic enter the amount of time that the entry is to be active in the DHCP...

Страница 76: ...he next authentication method After adding a user as described below the default user is removed from the system NOTE It is not permitted to delete all users If all users are selected the Delete button is disabled To add a new user STEP 1 Click Configuration Security Management Security User Access Accounts This page displays the users defined in the system Enter the following fields HTTP Service ...

Страница 77: ...he device at one time Access profiles consist of one or more rules The rules are executed in order of their priority within the access profile top to bottom Rules are composed of filters that include the following elements Access Methods Methods for accessing and managing the device The authentication method for the selected access method is specified in Management Access Authentication Telnet Hyp...

Страница 78: ...o all ports VLANs and LAGs Port Rule applies to ports LAG Rule applies to LAGs VLAN Rule applies to VLANs Source IP Address Select the type of source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork Select one of the following values All Applies to all types of IP addresses User Defined Applies to only those types of IP addresses defined in the f...

Страница 79: ...s field is valid for a subnetwork Select one of the following values All Applies to all types of IP addresses User Defined Applies to only those types of IP addresses defined in the fields IP Version Select the supported IP version of the source address IPv6 or IPv4 IP Address Enter the source IP address IP Subnet Mask Select the format for the subnet mask for the source IP address and enter a val...

Страница 80: ...he RADIUS serve A key string is used to encrypt communications by using MD5 This overrides the default key string if one has been defined STEP 3 Click Apply The RADIUS default settings for the device are updated in the Running Configuration file To add a RADIUS server click Add STEP 4 Enter the values in the fields for each RADIUS server To use the default values entered in the RADIUS page select ...

Страница 81: ...ts 802 1x authentication is a client server model In this model network devices have the following specific roles Client or supplicant Authenticator Authentication server This is described in the figure below A network device can be either a client supplicant an authenticator or both per port Client or Supplicant A client or supplicant is a network device that requests access to the LAN The client...

Страница 82: ... page Multi Host Mode A port is authorized if there is at least one authorized client When a port is unauthorized and a guest VLAN is enabled untagged traffic is remapped to the guest VLAN Tagged traffic is dropped unless it belongs to the guest VLAN When a port is authorized untagged and tagged traffic from all hosts connected to the port is bridged based on the static VLAN membership port config...

Страница 83: ...work access In this case the switch supports EAP MD5 functionality with the username and password equal to the client MAC address as shown below Figure 2 MAC Based Authentication The method does not have any specific configuration Guest VLAN The guest VLAN provide access to services that do not require the subscribing devices or ports to be 802 1X or MAC based authenticated and authorized The gues...

Страница 84: ... Set the Administrative Port Control field to Auto STEP 10 Define the authentication methods STEP 11 Click Apply and the Running Configuration file is updated Workflow 2 To configure 802 1x based authentication STEP 1 Click Configuration Security Network Access Control Port Authentication STEP 2 Select the required port and click Edit STEP 3 Enter the fields required for the port The fields in thi...

Страница 85: ... based on the authentication exchange between the device and the client Force Authorized Authorizes the interface without authentication Host Authentication Mode Select one of the following options Multiple Host 802 1x Supports port based authentication with multiple clients per port Multiple Sessions Supports client based authentication with multiple clients per port RADIUS VLAN Assignment Select...

Страница 86: ...ast session was authenticated Authentication Method and Port Mode Support The following table shows which combinations of authentication method and port mode are supported Authentication Method Multi host Multi sessions Device in L3 Device in L2 802 1x MAC Legend The port mode also supports the guestVLAN and RADIUS VLAN assignment N S The authentication method does not support the port mode This d...

Страница 87: ...less they belong to the guest VLAN or to the unauthenticated VLANs Frames are dropped Frames are dropped unless they belong to the unauthenticatedVLANs Frames are remapped to the RADIUS assignedVLAN Frames are dropped unless they belong to the RADIUSVLAN or to the unauthenticated VLANs Frames are bridged based on the staticVLAN configuration Frames are bridged based on the staticVLAN configuration...

Страница 88: ...the Lock Interface can be reinstated The options are as follows Classic Lock Locks the port immediately regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging of MAC addresses are enabled M...

Страница 89: ...owards the bandwidth threshold Multicast Broadcast Counts Broadcast and Multicast traffic towards the bandwidth threshold Broadcast Only Counts only Broadcast traffic towards the bandwidth threshold Storm Control Rate Threshold Enter the maximum rate at which unknown packets can be forwarded The default for this threshold is 10 000 for FE devices and 100 000 for GE devices STEP 4 Click Apply Storm...

Страница 90: ...NOTE If no match is found to any ACE in all relevant ACLs the packet is dropped as a default action Because of this default drop action you must explicitly add ACEs into the ACL to permit the desired traffic including management traffic such as Telnet HTTP or SNMP that is directed to the device itself For example if you do not want to discard all the packets that do not match the conditions in an ...

Страница 91: ...E page To define a MAC based ACL STEP 1 Click Configuration Access Control List MAC Based ACL This page contains a list of all currently defined MAC based ACLs STEP 2 Click Add STEP 3 Enter the name of the new ACL in the ACL Name field ACL names are case sensitive STEP 4 Click Apply The MAC based ACL is saved to the Running Configuration file MAC Based ACE To add rules ACEs to an ACL STEP 1 Click ...

Страница 92: ...IP protocol by name for well known protocols or directly by value Source destination ports for TCP UDP traffic Flag values for TCP frames ICMP and IGMP type and code Source destination IP addresses including wildcards DSCP IP precedence value NOTE ACLs are also used as the building elements of flow definitions for per flow QoS handling see QoS Advanced Mode The IPv4 Based ACL page enables adding A...

Страница 93: ...tination addresses Destination IP Address Value Enter the IP address to which the destination IP address is to be matched Destination IP Wildcard Mask Enter the mask to define a range of IP addresses Source Port Select one of the following Any Match to all source ports Single Port Enter a single TCP UDP source port to which packets are matched This field is active only if 800 6 TCP or 800 17 UDP i...

Страница 94: ... destination IP address Source Port Select one of the following Any Match to all source ports Single Port Enter a single TCP UDP source port to which packets are matched This field is active only if 800 6 TCP or 800 17 UDP is selected in the Select from List drop down menu Destination Port Select one of the available values that are the same as the Source Port field described above NOTE You must s...

Страница 95: ...sed ACL Select an IPv4 Based ACL to be bound to the interface IPv6 Based ACL Select an IPv6 Based ACL to be bound to the interface Permit Any Unmatched Packets Select to enable disable this action STEP 6 Click Apply The ACL binding is modified and the Running Configuration file is updated NOTE If no ACL is selected the ACL s that is previously bound to the interface are unbound ...

Страница 96: ...Priority Tag VPT 802 1p value in Layer 2 and the Differentiated Service Code Point DSCP value for IPv4 or Traffic Class TC value for IPv6 in Layer 3 When operating in Basic Mode the device trusts this external assigned QoS value The external assigned QoS value of a packet determines its traffic class and QoS The type of header field to be trusted is entered in the Basic QoS page For every value of...

Страница 97: ...ode for the system Basic or Disabled as described in the QoS Modes section In addition the default CoS priority for each interface can be defined Feature Configuration To select the QoS mode STEP 1 Click Configuration Quality of Service Feature Configuration STEP 2 Set the QoS mode The following options are available Disable QoS is disabled on the device Basic QoS is enabled on the device in Basic...

Страница 98: ...Strict Priority Traffic scheduling for the selected queue and all higher queues is based strictly on the queue priority WRR Traffic scheduling for the selected queue is based on WRR The period time is divided between the WRR queues that are not empty meaning they have descriptors to egress This happens only if strict priority queues are empty WRR Weight If WRR is selected enter the WRR weight assi...

Страница 99: ...F12 4 Queue 3 3 4 3 3 2 1 1 DSCP 59 51 43 35 27 19 11 3 Queue 3 3 4 3 3 2 1 1 DSCP 58 50 42 34 AF41 26 AF31 18 AF21 10 AF11 2 Queue 3 3 4 3 3 2 1 1 DSCP 57 49 41 33 25 17 9 1 Queue 3 3 4 3 3 2 1 1 DSCP 56 CS7 48 CS6 40 CS5 32 CS4 24 CS3 16 CS2 8 CS1 0 BE Queue 3 3 4 3 3 2 1 1 The queue 4 is the highest queue and the default classes in the parentheses are defined by IETF To map DSCP to queues STEP ...

Страница 100: ... for up to four queues on each interface STEP 4 Select the Interface STEP 5 For each queue that is required enter the following fields Queue x Select to enable egress shaping on queue number x Committed Information Rate Enter the maximum rate CIR in Kbits per second Kbps CIR is the average maximum amount of data that can be sent Committed Burst Size Enter the maximum burst size CBS in bytes CBS is...

Страница 101: ...ate Select the time period that passes before the interface Ethernet statistics are refreshed The available options are No Refresh Statistics are not refreshed 15 Sec Statistics are refreshed every 15 seconds 30 Sec Statistics are refreshed every 30 seconds 60 Sec Statistics are refreshed every 60 seconds Counter Set The options are Set 1 Displays the statistics for Set 1 that contains all interfa...

Страница 102: ...s process erases the Startup Configuration file and the backup configuration file STEP 3 Click Apply and Reboot The parameters are copied to the Running Configuration file and the stack is rebooted File Management This section describes how system files are managed The following topics are covered Overview Firmware Boot Code Active Firmware Image Configuration Log Configuration File Copy Overview ...

Страница 103: ...in Flash memory File Actions The following actions can be performed to manage firmware and configuration files Upgrade the firmware or boot code as described in Overview section View the firmware image currently in use or select the image to be used in the next reboot as described in the Active Firmware Image section Save configuration files on the device to a location on another device as describ...

Страница 104: ...TEP 5 Click Apply NOTE When the process is completed the following information is displayed Bytes Transferred How many bites were transferred in the process Status Did the process succeed or fail Error Message Reason for failure of the process Active Firmware Image There are two firmware images stored on the device One of the images is identified as the active image and the other image is identifi...

Страница 105: ...le network link A link local address has a prefix of FE80 is not routable and can be used for communication only on the local network Only one link local address is supported If a link local address exists on the interface this entry replaces the address in the configuration Global The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks Interface Select the...

Страница 106: ...nology tests the quality and characteristics of a copper cable attached to a port Cables of up to 140 meters long can be tested These results are displayed in the Test Results block of the Copper Test page DSP based tests are performed on active GE links to measure cable length These results are displayed in the Advanced Information block of the Copper Test page Preconditions to Running the Copper...

Страница 107: ...owing STEP 1 Click Maintenance Diagnostics Ping STEP 2 Configure ping by entering the fields Target Select whether to specify the source interface by its IP address or name This field influences the interfaces that are displayed in the Source IP field as described below IPVersion If the source interface is identified by its IP address select either IPv4 or IPv6 to indicate that it will be entered ...

Страница 108: ...nication messages Only the existing IP addresses of the type specified in the IP Version field will be displayed Target Name Enter the target host name TTL Enter the maximum number of hops that Traceroute permits This is used to prevent a case where the sent frame gets into an endless loop The Traceroute command terminates when the destination is reached or when this value is reached To use the de...

Страница 109: ...lect the analyzer port to where packets are copied A network analyzer such as a PC running Wireshark is connected to this port If a port is identified as an analyzer destination port it remains the analyzer destination port until all entries are removed Source Port Select the source port from where traffic is to be mirrored MirrorType Select whether incoming outgoing or both types of traffic are m...

Страница 110: ...2014 Belkin International Inc and or its affiliates All rights reserved BELKIN LINKSYS and many product names and logos are trademarks of the Belkin group of companies Third party trademarks mentioned are the property of their respective owners 8820 01844 Rev B00 ...

Отзывы:

Нет отзывов

Похожие инструкции для Smart Switch LGS3XX

3Com IntelliJack NJ200 Datasheet preview
IntelliJack NJ200
Бренд: 3Com Страницы: 4
M86 Security R3000 Series Evaluation Manual preview
R3000 Series
Бренд: M86 Security Страницы: 46
Falcon 4G COMBO User Manual preview
4G COMBO
Бренд: Falcon Страницы: 24
Google AC-1304 User Manual preview
AC-1304
Бренд: Google Страницы: 14
BSD Networks bsg-0800t User Manual preview
bsg-0800t
Бренд: BSD Networks Страницы: 7
B-G Instruments DataPlot CB1224 Manual preview
DataPlot CB1224
Бренд: B-G Instruments Страницы: 4
Idis DR-6316PS-S Quick Manual preview
DR-6316PS-S
Бренд: Idis Страницы: 16
Jensen of Scandinavia Air:Link 29150 Installation Manual preview
Air:Link 29150
Бренд: Jensen of Scandinavia Страницы: 2
Alloy POEGE24T User Manual preview
POEGE24T
Бренд: Alloy Страницы: 13
Delta Electronics DVP Series PLC DVP04TC-H2 Instruction Manual preview
DVP Series PLC DVP04TC-H2
Бренд: Delta Electronics Страницы: 2
Cisco 12000 - Series Chassis Modular Expansion Base User Manual preview
12000 - Series Chassis Modular Expansion Base
Бренд: Cisco Страницы: 602
MikroTik LHG 60G Quick Manual preview
LHG 60G
Бренд: MikroTik Страницы: 25
Panasonic Zener Diodes MALS068X Specifications preview
Zener Diodes MALS068X
Бренд: Panasonic Страницы: 2
Panasonic Zener Diodes MAYS0750Y Specifications preview
Zener Diodes MAYS0750Y
Бренд: Panasonic Страницы: 3
Panasonic WV-CU20 Operating Instructions preview
WV-CU20
Бренд: Panasonic Страницы: 4
Panasonic Zener Diodes MAZSxxx Series Specifications preview
Zener Diodes MAZSxxx Series
Бренд: Panasonic Страницы: 7
Panasonic Zener Diodes MAZQxxx Series Specifications preview
Zener Diodes MAZQxxx Series
Бренд: Panasonic Страницы: 6
Panasonic Zener Diodes MAZSxxxG Series Specifications preview
Zener Diodes MAZSxxxG Series
Бренд: Panasonic Страницы: 8

Бренды по названию

Популярные бренды

Загрузить еще бренды