manualshive.com logo in svg

Microchip Technology Microsemi PDS-408G, Руководство пользователя по управлению веб-системой, Страница: 80 / 99

Поделиться
Скачать
Microchip Technology Microsemi PDS-408G Скачать руководство пользователя страница 80

Port Isolation 

Port Isolation – Configure Private VLAN 

Microsemi PDS-408G Web Management User Guide Ver. 1.0.1, 03-2019 

80

 

13

 

PORT ISOLATION 

13.1 

Port Isolation – Configure Private VLAN 

13.1.1 

General 

Private VLAN 

has nothing to do with traditional VLANs

, meaning that Private-VLAN ID can be 

identical to VLAN-ID. 
Private-VLAN filters outgoing destination port traffic. Packet received on port X can be sent only to 
destination ports which are marked as part of port X group, 

considering multiple PVLAN-ID table 

rows configuration (union).

 

Private-VLAN does not affect unit management over IP. 
 

Example

 - PVLAN-ID2 = marked ports 1,5,6. PVLAN-ID3 = marked ports 1,6,8. All other ports are 

unchecked. 
As a result, ports-2,3,4,7,9,10,11 will not send any outgoing packets except for packets created 
internally. 
incoming traffic on port 1 will be sent only to ports 5,6,8. 
Incoming traffic on port 5 will be sent only to ports 1,6. 
Incoming traffic on port 6 will be sent to ports 1,5,8 
Incoming traffic on port 8 will be sent to ports 1,6

 

 

Figure 13-1: Private VLAN Membership Configuration

 

13.1.2 

Private VLAN - configuration parameters 

 

Delete

 - To delete a private VLAN entry, check this box. The entry will be deleted during the 

next save. 

 

PVLAN ID

 - Indicates the ID of this Private-VLAN.  

 

Port Members

 - Used to show/select the unit Ethernet ports assigned to be members for this 

specific Private-VLAN ID.  

13.2 

Port Isolation – Configure Port Isolation 

13.2.1 

General 

Marked ports are prevented from sending packets to each other - isolated. However, they can 
communicate normally with all the other Switch ports. 

Example

 - Marking ports 1,2 will block any traffic from port 1 to reach to port 2 and vice versa. 

However, each one of them can communicate normally with ports 3-11

 

 

Содержание Microsemi PDS-408G

Страница 1: ...PDS 408G Web Management User Guide Ver 1 0 1 03 2019...

Страница 2: ...ndependently determine suitability of any products and to test and verify the same The information provided by Microsemi hereunder is provided as is where is and with all faults and the entire risk as...

Страница 3: ...iew 20 3 2 1 Port Statistics Overview 20 3 2 2 Detailed Port Statistics 21 3 3 Overview Unit System Information 21 4 NETWORK IPS MAC 22 4 1 Network Configuration Ethernet Ports 23 4 2 Network Configur...

Страница 4: ...obal VLAN Configuration 40 6 2 3 Port VLAN Configuration 41 6 3 VLAN View Members 43 6 4 VLAN View Ports 44 7 POE BT POWER 45 7 1 General PoE background 45 7 2 PoE BT Set PoE BT Power 46 7 2 1 Global...

Страница 5: ...s and state 68 11 AGGREGATION LACP 69 11 1 General 69 11 2 Aggregation LACP Aggregation Aggregation Configuration 69 11 2 1 Aggregation Group Configuration 69 11 2 2 Hash Contributors Configuration 70...

Страница 6: ...Information 86 15 5 IGMP Snooping View Status 86 15 5 1 IGMP Snooping Status 86 15 5 2 Router Port 87 16 PORT MIRRORING 88 16 1 Port Mirroring General 88 16 1 1 Enable Ports Mirroring 88 16 1 2 Port...

Страница 7: ...Configuration 24 Figure 4 3 Dynamic Static IPv6 Address Configuration 25 Figure 4 4 IP Routes Default Gateway configuration 26 Figure 4 5 NTP Server configuration 26 Figure 4 6 Time Zone Configuratio...

Страница 8: ...guration 49 Figure 8 2 STP Port Configuration 50 Figure 8 3 View STP Bridges 51 Figure 8 4 View STP Detailed Bridge Status 51 Figure 8 5 View STP Port Status 53 Figure 8 6 View STP Port Statistics 53...

Страница 9: ...86 Figure 16 1 Port Mirroring 88 Figure 17 1 Maintenance Reset and Restore unit 90 Figure 17 2 Maintenance Download unit configuration 90 Figure 17 3 Maintenance Activate unit configuration 91 Figure...

Страница 10: ...ption Standard AES Advanced Encryption Standard MD5 Message Digest algorithm 5 SHA Secure Hash Algorithm MDI Media Dependent Interface MIB Management Information Base PD Powered Device SNMP Simple Net...

Страница 11: ...er The unit uses Silicon Labs CP210x USB to UART IC internally If this is the 1st time you are connecting to the USB interface then an appropriate USB driver should be installed in advanced before usi...

Страница 12: ...ange power is delivered over two pair Green power is delivered over four pair 1 8 RJ45 Ports 9 10 Figure 1 5 Unit ports 9 10 out of 11 RJ45 Gigabit Ethernet only none PoE Top left green LED Ethernet L...

Страница 13: ...commended to enable SNMP only after changing the SNMP default passwords Web the interface is configured as HTTP Please change to HTTPS whenever there are security concerns 2 2 Web interface overview P...

Страница 14: ...and how to work with each of them Failing to do so may lead to configuration errors Running configuration profile immediate unit configuration Any configuration change will take effect immediately an...

Страница 15: ...b Management User Guide Ver 1 0 1 03 2019 15 2 3 2 Saving unit configuration over Web and CLI From the Web press on Save running config followed by pressing on Save Configuration Figure 2 2 Save unit...

Страница 16: ...packets Pressing on any of the port numbers will open a detailed table page with much more in depth traffic statistics for the specific selected port Unit System Info displays system information such...

Страница 17: ...of the other LED The tables bellow summarize al the LED combinations used to indicate network status PoE status network configuration and PoE configuration Link LED left State Link up 1000 100 10 Link...

Страница 18: ...section will appear only whenever the SFP module is reported as inserted Network The following network status displays are available network Status Description Disabled Ethernet port is disabled rega...

Страница 19: ...ies PD Underload PD device power consumption is to low less then 10mA so power was turned off endless On On Off cycle Table 3 5 PoE Status PoE Power This column displays the PoE PD device ongoing powe...

Страница 20: ...tion 3 1 3 Unit Status The unit status dynamically updated table displays the overall power consumed by all PoE PD devices and unit internal temperature The temperature has the option to be displayed...

Страница 21: ...rt report by using the drop down port list on the top right Figure 3 5 Port Statistics Overview 3 3 Overview Unit System Information The unit system information page displays the unit software version...

Страница 22: ...v4 6 configure static dynamic IPv4 IPv6 address and mask default gateway DNS NTP configure NTP Server IP address Enable Disable NTP Server Time Zone configure time zone and daylight saving time SysLog...

Страница 23: ...d is it half full duplex Configured Configure Enable Disable Ethernet port Copper ports 1 10 When enabled set port speed to Auto or limit its speed to specific speed rate Also set port to Half Full du...

Страница 24: ...a DHCPv4 enabled interface over specific VLAN ID From any DHCPv6 VLANS ID The first DNS server offered from a DHCPv6 enabled interface From this DHCPv6 VLANS ID DNS server offered from a DHCPv6 enable...

Страница 25: ...tion options IF MAC DHCPv4 client will use unit MAC address port index as option 61 ASCII Text string HEX Hexadecimal number Hostname opt 12 Text string Table 4 5 DNS Server Configuration options 4 2...

Страница 26: ...s in the note above to route all unknown destination IP traffic to the same default gateway In case there are multiple path options please use the appropriate Distance Next Hop cost field to prioritiz...

Страница 27: ...guring the severity importance of the SysLog messages that will trigger the sending Figure 4 8 SysLog configuration 4 6 Network Configuration MAC Table learning This page provides various options rega...

Страница 28: ...he aging counter for the specific MAC address to start counting from zero again Disable Automatic Aging Enable Disable from MAC table to automatically erase MAC address if no packet with the same sour...

Страница 29: ...Incoming packets from learning disabled VLANs will be forwarded to other ports as before no packet drop Forward to specific port if destination MAC is known or flood to all other ports on same VLAN i...

Страница 30: ...ntain up to 8192 entries This page can show up to 999 MAC entries for every page with a default of 20 MAC addresses per page Figure 4 14 View unit MAC Address Table 4 8 Network View IP Status This pag...

Страница 31: ...03 2019 31 4 9 Network View Routing Info This page displays the routing option used by the unit for communicating with other IP based network devices located on other networks The routing information...

Страница 32: ...TTPS Configuration HTTP HTTPS Controls whether the unit embedded web server should operate in HTTP or HTTPS mode HTTPS uses TLS v1 2 encryption to encrypt all Web network traffic between the user web...

Страница 33: ...led or disable and how the remote user username password will be authenticated Should it be done locally by the unit or by remote RADIUS TACACS authentication server Accounting Method Configuration Co...

Страница 34: ...be tested against the unit local configuration Web The remote web username password authentication will be done by a remote Radius Server In case the Radius Server is down no reply then TACACS authent...

Страница 35: ...agement interface over the web SNMP and Telnet SSH Up to 16 entries can be added to the Access Control List table Figure 5 6 Access Control List 5 5 Access Control View ACL Statistics This page tracks...

Страница 36: ...itch supports single 802 1Q VLAN tagging and double 802 1Q VLAN tagging also known as QinQ or 802 1ad Switch ports with no external VLAN tagging are referred to as Access Ports Switch Ports with exter...

Страница 37: ...of VLAN tagging Typically it should be 0x8100 followed by additional two byte VLAN ID In case of Q in Q 802 1ad double VLAN tagging it should be 0x88A8 Valid VLAN ID range Valid VLAN ID numbers range...

Страница 38: ...nect end devices Receive native VLAN packets no VLAN Receive Priority VLAN VLAN 0 packets Receive VLAN packets with VLAN ID same as Access VLAN ID VLAN 5 as in this example Transmit only native VLAN p...

Страница 39: ...mple Leave all other VLAN tags unchanged This apply to both VLAN TPID 0x88A8 and 0x8100 Tagged All all frames whether classified to the Port VLAN VLAN 5 or not are transmitted with a tag Untagged All...

Страница 40: ...es must be tagged on egress Tx they will be tagged with an S tag 0x88A8 Switch port config Hybrid Mode Port Type S Custom Port Same as for Hybrid S Port except that the user may configure custom TPID...

Страница 41: ...rts have the following characteristics o Member of exactly one VLAN as configured in the Port VLAN field Default Access VLAN is 1 o Accepts untagged and C tagged frames o Discards all frames that are...

Страница 42: ...If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with a C tag S Port On ingress frames with a VLAN tag with T...

Страница 43: ...is identical to the syntax used in the Enabled VLANs field By default a Trunk or Hybrid port will become member of all VLANs and is therefore set to 1 4095 The field may be left empty which means tha...

Страница 44: ...AN View Ports Microsemi PDS 408G Web Management User Guide Ver 1 0 1 03 2019 44 6 4 VLAN View Ports This page displays a summary of all ports VLAN configuration Figure 6 7 VLAN Port Status for Combine...

Страница 45: ...e first PoE specification known as PoE AF IEEE 802 3af capable of delivering up to 15W on two out of four cable pairs inside the RJ45 connector The maximum power offered for each PD Powered device as...

Страница 46: ...power it will be shut down by the unit Uninterruptable Power When checked checked by default the Switch is prevented from performing a PoE power down and up cycle as part of the Switch s startup proc...

Страница 47: ...e priority levels Low High Critical Low The lowest PoE PD capacity By default all PoE ports are config to low priority High Higher priority than Low Critical Highest PoE port priority Terminal Type De...

Страница 48: ...ftware failed to detect PoE ICs This message should not appear during normal unit operation Detecting PoE The software is in the middle of the process to detect PoE ICs over I2C bus This message shoul...

Страница 49: ...ge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operat...

Страница 50: ...IST port configurations and change them It contains settings for physical and aggregated ports Figure 8 2 STP Port Configuration Port The switch port number of the logical STP port STP Enabled Control...

Страница 51: ...er ports If set it can cause temporary loss of connectivity after changes in a spanning trees active topology because of persistently incorrect learned station location information It is set by a netw...

Страница 52: ...et 8 4 2 CIST Ports Aggregation State Port The switch port number of the logical STP port Port ID The port id as used by the STP protocol This is the priority part and the logical port index of the br...

Страница 53: ...ew STP Port Status Port The switch port number of the logical STP port CIST Role The current STP port role of the CIST port The port role can be one of the following values AlternatePort BackupPort Ro...

Страница 54: ...anning Tree STP Spanning Tree View STP Port Statistics Microsemi PDS 408G Web Management User Guide Ver 1 0 1 03 2019 54 STP The number of legacy STP Configuration BPDUs received transmitted on the po...

Страница 55: ...g drawn from the alphabet A Z a z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a...

Страница 56: ...branch to be included excluded The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 View Type Indicates if the named OiD branch should be included excluded...

Страница 57: ...Community Configuration that this entry should belong to SNMPv3 One of the SNMPv3 users that were already configured by the help of SNMPv3 Users page Group Name A string identifying the group name th...

Страница 58: ...ers from 33 to 126 secondsurity Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authenticati...

Страница 59: ...e without necessary sending SNMP Trap to the SNMP Trap Server Enabled Send SNMP Trap to the IP address of the remote SNMP Trap Server Disabled Keep SNMP Trap Server record without sending any traps to...

Страница 60: ...yChange network topology was changed lldpRemTablesChange 9 4 SNMP Configuration example 9 4 1 SNMPv2 Configuration Example Enabling SNMP is the only step required to enable SNMPv2 with default SNMPv2...

Страница 61: ...the groups created in the previous step 9 4 2 SNMPv3 Configuration Example Configure SNMPv3 user Remove SNMPv1 v2 from group configuration Add SNMPv3 security model and assign to it a group name Add t...

Страница 62: ...by the RADIUS Server For normal unit operation all remote users should obtain access level 15 administrator by remote RADIUS Server 10 1 2 General Setting up remote RADIUS Server Successful RADIUS Ser...

Страница 63: ...w requests to a server that has failed to respond to a previous request dead This should stop the switch from continually trying to contact a server that it has already determined as dead Setting the...

Страница 64: ...that has failed to respond to a previous request dead This should stop the switch from continually trying to contact a server that it has already determined as dead Change secondsret Key Specify to ch...

Страница 65: ...current status of the RADIUS server This field takes one of the following values o Disabled RADIUS server is disabled o Not Ready RADIUS server is enabled but IP communication is not yet up and runni...

Страница 66: ...ccessChallenges RADIUS Access Challenge packets valid or invalid received from the server Rx Malformed Access Responses radiusAuthClientExtMalformed AccessResponses RADIUS malformed Access Response pa...

Страница 67: ...out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Tx Ti...

Страница 68: ...not yet up and running Ready RADIUS server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left RADIUS Server failed to reply to a...

Страница 69: ...to any aggregation group Only full duplex ports can join an aggregation The ports in each group must be in the same speed Mode This parameter determines the mode for the aggregation group Disabled Th...

Страница 70: ...bled IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled TCP UDP Port...

Страница 71: ...Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet Prio The Priority controls the priority of the port range 1 65535 If the LACP partner want...

Страница 72: ...al i e local system status for all ports Only ports that are part of an LACP group are shown Figure 11 5 View LACP Internal Port Status Port The switch port number State The current port state Down Th...

Страница 73: ...artner Partner Port The partner port number associated with this link Partner Port Priority The priority assigned to this partner port Activity The LACP mode of the group Active or Passive Timeout The...

Страница 74: ...ics This page provides an overview for LACP statistics for all ports Figure 11 7 View LACP Port Statistics Port The switch port number LACP Received Shows how many LACP frames have been received at ea...

Страница 75: ...2 10 times Tx Delay If a configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay...

Страница 76: ...e addresses but only the first address is shown in the LLDP neighbors table o CDP TLV Port ID is mapped to the LLDP Port ID field o CDP TLV Version and Platform is mapped to the LLDP System Descriptio...

Страница 77: ...s Port ID The identification of the neighbor port Port Description The port description advertised by the neighbor unit System Name The name advertised by the neighbor unit System Capabilities Describ...

Страница 78: ...ies added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LLDP frames dropped due to...

Страница 79: ...Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded If LLDP frame is received with an org...

Страница 80: ...created internally incoming traffic on port 1 will be sent only to ports 5 6 8 Incoming traffic on port 5 will be sent only to ports 1 6 Incoming traffic on port 6 will be sent to ports 1 5 8 Incomin...

Страница 81: ...tion Microsemi PDS 408G Web Management User Guide Ver 1 0 1 03 2019 81 Figure 13 2 Port Isolation Configuration 13 2 2 Port Isolation configuration parameters Port Members Select the ports that are no...

Страница 82: ...1 to 10 seconds Default value is 5 seconds Shutdown Time The period in seconds for which a port will be kept disabled in a loop is detected and the port action shuts down the port Valid values are 0 t...

Страница 83: ...15 2 1 IGMP Snooping Configuration Enable IGMP Snooping Enable the Global IGMP Snooping Unregistered IPMCv4 Flooding Enabled Enable unregistered IPMCv4 traffic flooding The flooding control takes eff...

Страница 84: ...Pv1 v3 Auto set Querier etc for the VLANs which is already configured The page shows up to VLAN 99 entries sorted from lowest highest VLAN ID Figure 15 2 IGMP Snooping VLAN Configuration 15 3 1 IGMP S...

Страница 85: ...Querier The allowed range is 1 to 31744 seconds the default query interval is 125 seconds QRI Query Response Interval The Maximum Response Delay is used to calculate the Maximum Response Code inserted...

Страница 86: ...as an EXCLUDE NULL report An EXCLUDE NULL report indicates that the host wants to join the multicast group and receive packets from all sources Source Address IP Address of the source Currently the m...

Страница 87: ...plays V2 Leaves Received The number of Received V2 Leaves 15 5 2 Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multi...

Страница 88: ...m one or more ports to a dedicated mirroring port 16 1 2 Port Configuration Source Source port mirroring mode o Disabled No mirroring of the traffic on this port o Both Frames received and frames tran...

Страница 89: ...ring Port Mirroring General Microsemi PDS 408G Web Management User Guide Ver 1 0 1 03 2019 89 NOTE MAC Table learning under network Configuration MAC Table learning needs to be disabled on the destina...

Страница 90: ...ed by device reset Restore to full factory Defaults Restores the device to full factory default configuration including device default IP address default VLAN etc 17 2 Maintenance Unit Configuration 1...

Страница 91: ...18 3 Maintenance Upload unit configuration It is possible to upload a file from the web browser to all the files on the switch except default config which is read only Select the file to upload select...

Страница 92: ...eration this effectively resets the switch to default configuration 17 3 Maintenance Software Update 17 3 1 Upload New Version Figure 18 6 Software Update Upload new version This Page allows the user...

Страница 93: ...reverting process the image bellow will be displayed during the software reverting process Figure 17 6 Switching active image NOTES 1 If the active firmware image is the alternate image only the Activ...

Страница 94: ...o revert to the previous version before performing software update by executing the following steps 1 Connect to the unit USB interface with a USB Serial Virtual COMM interface with baud rate of 11520...

Страница 95: ...elect which specific SysLog message severity level to display Possible SysLog message levels are o Informational lowest priority SysLog message level o Notice higher than Informational o Warning highe...

Страница 96: ...Hostname or IPv4 IPv6 Address The address of the destination host such as 192 168 0 50 for IPv4 or 2345 15 for IPv6 or Hostname such as my computer com Payload Size Sets the size of the ICMPv4 v6 dat...

Страница 97: ...ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until the VeriPHY RJ45 test is complete Port The...

Страница 98: ...Diagnostics Diagnostics View CPU Load Microsemi PDS 408G Web Management User Guide Ver 1 0 1 03 2019 98 18 4 Diagnostics View CPU Load This page shows the Switch CPU load Figure 18 6 Switch CPU load...

Страница 99: ...r software rebooted it will use the same configuration as before it had been restarted Revision History Revision Level Date Para Affected Description 1 0 1 19 3 19 Whole Document initial document For...

Отзывы:

Нет отзывов