ORiNG IGPS-9080 Скачать руководство пользователя

Страница: 129 / 175

IGPS-9080 Series User Manual

ORing Industrial Networking Corp

128

instance through a hub) to piggy-back on the successfully

authenticated client and get network access even though they are

not authenticated individually. To overcome this security breach,

use the Multi 802.1X variant.

Multi 802.1X is not yet an IEEE standard, but features many of the

same characteristics as port-based 802.1X. In Multi 802.1X, one

or more supplicants can be authenticated on the same port at the

same time. Each supplicant is authenticated individually and

secured in the MAC table using the Port Security module.

In Multi 802.1X it is not possible to use the multicast BPDU MAC

address as the destination MAC address for EAPOL frames sent

from the switch to the supplicant, since that would cause all

supplicants attached to the port to reply to requests sent from the

switch. Instead, the switch uses the supplicant's MAC address,

which is obtained from the first EAPOL Start or EAPOL Response

Identity frame sent by the supplicant. An exception to this is when

no supplicants are attached. In this case, the switch sends

EAPOL Request Identity frames using the BPDU multicast MAC

address as destination - to wake up any supplicants that might be

on the port.

The maximum number of supplicants that can be attached to a

port can be limited using the Port Security Limit Control

functionality.

MAC-based Auth.

Unlike port-based 802.1X, MAC-based authentication is not a

standard, but merely a best-practices method adopted by the

industry. In MAC-based authentication, users are called clients,

and the switch acts as the supplicant on behalf of clients. The

initial frame (any kind of frame) sent by a client is snooped by the

switch, which in turn uses the client's MAC address as both

username and password in the subsequent EAP exchange with

the RADIUS server. The 6-byte MAC address is converted to a

string in the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-)

is used as separator between the lower-cased hexadecimal digits.

The switch only supports the MD5-Challenge authentication

method, so the RADIUS server must be configured accordingly.

When authentication is complete, the RADIUS server sends a

Содержание IGPS-9080

Страница 1: ...rp I IG GP PS S 9 90 08 80 0 S Se er ri ie es s I In nd du us st tr ri ia al l M Ma an na ag ge ed d E Et th he er rn ne et t S Sw wi it tc ch h U Us se er r M Ma an nu ua al l V Ve er rs si io on n 1...

Страница 2: ...enses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORi...

Страница 3: ...nel 10 Hardware Installation 11 3 1 DIN Rail Installation 11 3 2 Wall Mounting 12 3 3 Wiring 13 3 3 1 Grounding 14 3 3 2 Fault Relay 14 3 3 3 Redundant Power Inputs 14 3 4 Connection 14 3 4 1 Cables 1...

Страница 4: ...Dynamic Client List 48 5 2 3 Client List 48 5 2 4 Relay Agent 49 5 3 Port Setting 51 5 3 1 Port Control 51 5 3 2 Port Trunk 53 5 3 4 Loop Gourd 57 5 4 VLAN 58 5 4 1 VLAN Membership 58 5 4 2 Port Confi...

Страница 5: ...CL Status 93 5 7 Multicast 94 5 7 1 IGMP Snooping 94 5 7 2 VLAN Configurations of IGMP Snooping 95 5 7 3 IGMP Snooping Status 96 5 7 4 Groups Information of IGMP Snooping 97 5 8 Security 98 5 8 1 Remo...

Страница 6: ...0 5 Cable Diagnostics 143 5 10 6 SFP Monitor 144 5 10 7 Ping 144 IPv6 Ping 145 5 11 Synchronization 145 5 12 PoE 148 5 12 1 Configurations 148 5 12 2 Status 150 5 13 Troubleshooting 151 5 13 1 Factory...

Страница 7: ...e device can be managed centrally via ORing s proprietary Open Vision platform as well as via Web based interfaces Telnet and console CLI 1 2 Software Features Supports Open Ring interoperates with ot...

Страница 8: ...ia Web based Telnet Console CLI and Windows utility Open Vision Supports LLDP Protocol 1 3 Hardware Specifications Redundant DC power inputs 8 x 10 100 1000Base T X P S E ports 1 x console port Operat...

Страница 9: ...4VDC power inputs IGPS 9080 NP 24V Standard functions with P S E 24VDC power inputs but without IEEE 1588v2 clock synchronization support The device provides the following ports on the front panel The...

Страница 10: ...Fault Amber On Errors occur i e power failure or port malfunctioning P O E Green On Power transmitted via Ethernet cable 10 100 1000Base T X Fast Ethernet ports LNK ACT Green On Port is linked Blinki...

Страница 11: ...ets of screw holes The two sets placed in triangular patterns on both ends of the rear panel are used for wall mounting red boxes in the figure below and the set of four holes in the middle are used f...

Страница 12: ...t allows you to fasten the switch to a DIN Rail Installing the switch on the DIN Rail is easy DIN Rail Measurement Unit mm Installing the switch on the DIN rail is easy First screw the Din rail kit on...

Страница 13: ...h can be fixed to the wall via a wall mount panel which can be found in the package Wall Mount Kit Measurement Unit mm To mount the switch onto the wall follow the steps 1 Screw the two pieces of wall...

Страница 14: ...slide the switch down before tightening the screw Note Instead of screwing the screws in all the way leave about 2 mm to allow room for sliding the wall mount panel between the wall and the screws 3 3...

Страница 15: ...the ground connection from the ground screw to the grounding surface prior to connecting devices 3 3 2 Fault Relay The two sets of relay contacts of the 6 pin terminal block connector are used to det...

Страница 16: ...eiving data 10 100 Base T X P S E RJ 45 Port Pin Assignments Pin Number Assignment 1 TD with PoE Power input 2 TD with PoE Power input 3 RD with PoE Power input 6 RD with PoE Power input 1000 Base T P...

Страница 17: ...and signs represent the polarity of the wires that make up each wire pair RS 232 console port wiring The device can be managed via console ports using a RS 232 cable which can be found in the package...

Страница 18: ...n about the port setting please refer to 4 1 2 Configurations 3 Connect the last switch to the first switch to form a ring topology Coupling Ring If you already have two O Ring topologies and would li...

Страница 19: ...ct as the main path while the other will act as the backup path Dual Homing If you want to connect your ring topology to a RSTP network environment you can use dual homing Choose two switches Switch A...

Страница 20: ...m the chain Switch A B that you want to connect to the O Ring and connect them to the switches in the ring Switch C D 2 In correspondence to the port connected to the ring configure an edge port for b...

Страница 21: ...time of less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation and up to 250 nodes The ring protocols identify one switch as the master of...

Страница 22: ...de a big ring into two smaller rings to avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Ports for connecting multiple rings A coupling...

Страница 23: ...enables the network to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment...

Страница 24: ...in ring configuration to recover from failure rapidly to ensure seamless data transmission A MRP ring IEC 62439 can support up to 50 devices and will enable a back up link in 80ms adjustable to max 20...

Страница 25: ...f the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds and MaxAge must be FwdDelay 1 2 Maximum Hop Count This defines the initial value of...

Страница 26: ...the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI configuration named a...

Страница 27: ...ge instance priority configurations and possibly change them as well Label Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge pri...

Страница 28: ...cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000...

Страница 29: ...It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control...

Страница 30: ...recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forward...

Страница 31: ...rrently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Pa...

Страница 32: ...kupPort RootPort DesignatedPort State The current STP port state of the CIST port The port state can be one of the following values Blocking Learning Forwarding Uptime The time since the bridge port w...

Страница 33: ...umber of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Click to refresh the page immed...

Страница 34: ...Networking Corp 33 Label Description Active Activate fast recovery mode port Ports can be set to 8 priorities Only the port with the highest priority will be the active port 1st Priority is the highe...

Страница 35: ...er friendly viewing screen Note By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for networ...

Страница 36: ...e management interface shows links to various settings Clicking on the links will bring you to individual configuration pages 5 1 Basic Settings The Basic Settings page allows you to configure the bas...

Страница 37: ...al identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are...

Страница 38: ...er database on the switch is used for authentication Radius a remote RADIUS server is used for authentication Fallback Check to enable fallback to local authentication If none of the configured authen...

Страница 39: ...efault IP is 192 168 10 1 IP Mask Assigns the subnet mask of the IP address If DHCP client function is enabled you do not need to assign the subnet mask IP Router Assigns the network gateway for the s...

Страница 40: ...ial syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192...

Страница 41: ...p to 16 alpha numeric characters and can contain _ or Daylight Saving Time Configuration Label Description Daylight Saving Time This is used to set the clock forward or backward according to the confi...

Страница 42: ...month Hours Select the starting hour Minutes Select the starting minute End Time Settings Label Description Week Select the ending week number Day Select the ending day Month Select the ending month...

Страница 43: ...ble HTTPS Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 8 SSH SSH Secure Shell is a cryptographic network protocol intended for secu...

Страница 44: ...ll be applied Mode Indicates the selected LLDP mode Rx only the switch will not send out LLDP information but LLDP information from its neighbors will be analyzed Tx only the switch will drop LLDP inf...

Страница 45: ...1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS Cable Device 8 Station Only 9 Reserved When a capability is enabled a will be displayed If the capability is disabled a wi...

Страница 46: ...of entries deleted due to expired time to live Local Counters Label Description Local Port The port that receives or transmits LLDP frames Tx Frames The number of LLDP frames transmitted on the port...

Страница 47: ...e age out counter will be incremented Refresh Click to refresh the page immediately Clear Click to clear the local counters All counters including global counters are cleared upon reboot Auto refresh...

Страница 48: ...es DHCP server functions By enabling DHCP the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients 5 2 1 Basic Settings This page allows...

Страница 49: ...y in the following table You can select the entries and add them to a static table by clicking Add to static Table 5 2 3 Client List You can assign a specific IP address within the dynamic IP range to...

Страница 50: ...d to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain Relay Information Mode Indicates the existing DHCP relay information mode The for...

Страница 51: ...e containing the information is received Drop drop the package when a DHCP message containing the information is received The relay statistics shows the information of relayed packets of the switch La...

Страница 52: ...packets containing relay agent information Replace Agent Option The number of packets replaced when received messages contain relay agent information Keep Agent Option The number of packets whose rela...

Страница 53: ...nt Tx indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last auto negotiation You can check the Configured column to use flow contro...

Страница 54: ...rce MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Addr...

Страница 55: ...the ports must be in the same speed in each group 5 3 3 LACP LACP Link Aggregation Control Protocol trunks are similar to static port trunks but they are more flexible because LACP is compliant with...

Страница 56: ...tivity status Active will transmit LACP packets every second while Passive will wait for a LACP packet from a partner speak if spoken to Save Click to save changes Reset Click to undo changes made loc...

Страница 57: ...ion group unless other ports are removed The LACP status is disabled Key The key assigned to the port Only ports with the same key can be aggregated Aggr ID The aggregation ID assigned to the aggregat...

Страница 58: ...P frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals Clear Click to clear the counters for a...

Страница 59: ...rotection functions as a whole Action Configures the action to take when a loop is detected Valid values include Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is ac...

Страница 60: ...check as needed to modify the entry Add New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Valid values for a VLAN ID are 1 through 4095 Af...

Страница 61: ...l frames are classified to the port VLAN ID and tags are not removed Ingress Filtering Enable ingress filtering on a port by checking the box This parameter affects VLAN ingress processing If ingress...

Страница 62: ...ues is 1 through 4095 The default value is 1 Note The port must be a member of the same VLAN as the port VLAN ID Tx Tag Determines egress tagging of a port Untag_pvid all VLANs except the configured P...

Страница 63: ...of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not 0x88A8 ex 0x8100 it will be discarded The TPID of a frame transmitted by S port will be set to 0x88A8 S custom port When the port re...

Страница 64: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 63...

Страница 65: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 64...

Страница 66: ...ries User Manual ORing Industrial Networking Corp 65 Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Below are the swi...

Страница 67: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 66 VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Страница 68: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 67 VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Страница 69: ...N QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN 9000 Series Port 1 VLAN Settings VLAN ID Settings When setting the managemen...

Страница 70: ...N ID or destination MAC address A port must be a member of both a VLAN and a private VLAN to be able to forward packets This page allows you to configure private VLAN memberships for the switch By def...

Страница 71: ...The private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new private VLANs A private VLAN is defined as a pairing of a primary VLAN with a secondary VLAN...

Страница 72: ...ring length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be...

Страница 73: ...rs from 33 to 126 are allowed Trap Destination Address Indicates the SNMP trap destination address Trap Destination IPv6 Address Provides the trap destination IPv6 address of this switch IPv6 address...

Страница 74: ...ty Configurations You can define access to the SNMP data on your devices by creating one or more SNMP communities An SNMP community is the group that devices and management stations running SNMP belon...

Страница 75: ...Model VACM for access control For the USM entry the usmUserEngineID and usmUserName are the entry keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can als...

Страница 76: ...allowed Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols include None no privacy protocol DES an optional flag to indicate that this user is...

Страница 77: ...should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Group Name A string identifying the group name that this entry should belong to The allowed s...

Страница 78: ...ry OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 5 5 6 SNMP Access Configura...

Страница 79: ...flood the LAN creating excessive traffic and degrading network performance Errors in the protocol stack implementation mistakes in network configuration or users issuing a denial of service attack ca...

Страница 80: ...mes in higher priority queues receive a bigger slice of bandwidth than those in a lower priority queue Label Description Port The port number for which the configuration below applies QoS Class Contro...

Страница 81: ...from the PCP and DEI value in the tag Otherwise the frame is classified to the default DP level The classified DP level can be overruled by a QCL entry PCP Controls the default PCP value All frames ar...

Страница 82: ...ck on the port number to configure tag remarking Mode Shows the tag remarking mode for this port Classified use classified PCP DEI values Default use default PCP DEI values Mapped use mapped versions...

Страница 83: ...ion Classify includes four values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify only selected DSCP whose classification is ena...

Страница 84: ...r limiting the rate of traffic streams thereby controlling the maximum rate of traffic sent or received on an interface When the traffic rate exceeds the configured maximum rate policing drops or rema...

Страница 85: ...Configures the unit of measurement for each queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled 5 6 7 Scheduling and...

Страница 86: ...Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper...

Страница 87: ...ghted scheduling will deliver traffic on a rotating basis It can guarantee each queue s minimum bandwidth based on their bandwidth weight when there is traffic congestion Only when a port has more tra...

Страница 88: ...duler Mode is set to Weighted Queue Scheduler Percent Shows the weight of the queue in percentage This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Check to enable p...

Страница 89: ...the interface This value must be less than the maximum bandwidth for that interface Label Description Port The switch port number to which the following settings will be applied Click on the port numb...

Страница 90: ...value ranges from 0 to 63 Ingress Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Transl...

Страница 91: ...rom 0 to 63 5 6 12 DSCP Classification This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value Label Description QoS Class Actual QoS class DPL Actual Drop P...

Страница 92: ...of VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 a range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator can be any of values between 0 and 1 or Any SMAC Source MAC A...

Страница 93: ...ft to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11...

Страница 94: ...d at each queue Label Description Port The switch port number to which the following settings will be applied Qn There are 8 QoS queues per port Q0 is the lowest priority Rx Tx The number of received...

Страница 95: ...QCE then DP level will set to a value displayed under DPL column DSCP if a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays the conflict...

Страница 96: ...whole aggregation will act as a router port Fast Leave Check to enable fast leave on the port 5 7 2 VLAN Configurations of IGMP Snooping If a VLAN is not IGMP snooping enabled it floods multicast dat...

Страница 97: ...se the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Label De...

Страница 98: ...umber of received V2 reports V3 Reports Receive The number of received V3 reports V2 Leave Receive The number of received V2 leave packets Refresh Click to refresh the page immediately Clear Clear all...

Страница 99: ...l Security allows you to limit remote access to the management interface When enabled requests of the client which is not in the allowed list will be rejected Label Description Port Port number of the...

Страница 100: ...ns IP MAC automatically but no binding function Binding enables binding Under this mode any IP MAC that does not match the entry will not be allowed to access the network Shutdown shuts down the port...

Страница 101: ...IP address of the device Device MAC Address Specifies MAC address of the device Advanced Configurations Alias IP Address This page provides alias IP address configuration Some devices might have more...

Страница 102: ...n monitor ingress packets and perform actions when DDoS attack occurred on this port When network traffic from a specific device increases significantly in a short period of time the switch will lock...

Страница 103: ...the same number in the low and high fields Filter If packet type is UDP or TCP please choose the socket direction Destination Source Action Indicates the action to take when DDOS attacks occur Possibl...

Страница 104: ...era IP Phone Access Point PC PLC Network Video Recorder Location Address Indicates location information of the device The information can be used for Google Mapping Description Device descriptions Str...

Страница 105: ...icates the action to take when the stream gets low Possible actions are no action Log it simply logs the event 5 8 3 ACL An ACL Access Control List is a list of permissions attached to an object An AC...

Страница 106: ...to The allowed values are Disabled or a specific port number The default value is Disabled Logging Specifies the logging operation of the port The allowed values are Enabled frames received on the por...

Страница 107: ...which vary with the frame type you have selected Label Description Ingress Port Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this po...

Страница 108: ...red in the system log Disabled frames matching the ACE are not logged Please note that system log memory capacity and logging rate is limited Shutdown Specifies the shutdown operation of the ACE The a...

Страница 109: ...mat is xx xx xx xx xx xx Frames matching the ACE will use this DMAC value Label Description VLAN ID Filter Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter st...

Страница 110: ...se refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear For more details of these fields please refer to the help file IP Prot...

Страница 111: ...IP address and source IP mask in the SIP Address and SIP Mask fields that appear SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted de...

Страница 112: ...specified sender IP filter is don t care Host sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network sender IP filter is set to Network Specify th...

Страница 113: ...rames where THA is equal to the SMAC address Any any value is allowed don t care IP Ethernet Length Specifies whether frames will meet the action according to their ARP RARP hardware address length HL...

Страница 114: ...d for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE An...

Страница 115: ...selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source value TCP UDP Source Range W...

Страница 116: ...s where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any value is allowed don t care TCP SYN Specifies the TCP...

Страница 117: ...er This page allows you to configure common settings for an authentication server Label Description Timeout The timeout which can be set to a number between 3 and 3600 seconds is the maximum time to w...

Страница 118: ...ss If a match is not found or a problem is found with the user s credentials the server returns a reject message to deny access The NAD then establishes or terminates the user s connection The NAD may...

Страница 119: ...expressed in dotted decimal notation Port The UDP port to use on the RADIUS accounting server If the port is set to 0 zero the default port 1813 is used on the RADIUS accounting server Secret The sec...

Страница 120: ...nabled but IP communication is not yet up and running Ready the server is enabled IP communications are built and the RADIUS module is ready to accept access attempts Dead X seconds left access attemp...

Страница 121: ...seconds left accounting attempts are made to this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires...

Страница 122: ...tworking Corp 121 Other Info This section contains information about the state of the server and the latest round trip time Label Description Packet Counters RADIUS accounting server packet counters T...

Страница 123: ...prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more backend servers RADIUS determine whether the user is allowed access to the netw...

Страница 124: ...urrently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it will never be authenticated because the switch will cancel on going backend au...

Страница 125: ...n be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challenge method is supported 802 1X and MAC Based authentication configuratio...

Страница 126: ...ule needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period...

Страница 127: ...ween the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packe...

Страница 128: ...a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Single 802 1X variant...

Страница 129: ...e sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wak...

Страница 130: ...quipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited usin...

Страница 131: ...NAS port statuses Label Description Port The switch port number Click to navigate to detailed 802 1X statistics of each port Admin State The port s current administrative state Refer to NAS Admin Sta...

Страница 132: ...displayed Label Description Admin State The port s current administrative state Refer to NAS Admin State for more details regarding each value Port State The current state of the port Refer to NAS Por...

Страница 133: ...r the following administrative states 802 1X MAC based Auth 5 9 Alerts 5 9 1 Fault Alarm When any selected fault event happens the Fault LED on the switch panel will light up and the electric relay wi...

Страница 134: ...hem As Syslog messages are UDP based the sender and receiver will not be aware of it if the packet is lost due to network disconnection and no UDP packet will be resent Label Description Server Mode I...

Страница 135: ...s a protocol for transmitting e mails across the Internet By setting up SMTP alert the device will send a notification e mail when a user defined event occurs Label Description E mail Alarm Enables or...

Страница 136: ...will gray out if SYSLOG or SMTP is disabled Label Description System Cold Start Sends out alerts when the system is restarted Power Status Sends out alerts when power is up or down SNMP Authentication...

Страница 137: ...tablet will age out after a configured aging time Such entries can be added by learning or manual configuration Aging Configuration Aging enables the switch to track only active MAC addresses on the...

Страница 138: ...received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped Note make sure the link used for managing the switch is added to the static Mac table befo...

Страница 139: ...d the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Star...

Страница 140: ...in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding...

Страница 141: ...mitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad br...

Страница 142: ...me length configured for this port 5 10 3 Port Mirroring Port mirroring function will copy the traffic of one port to another port on the same switch to allow the network analyzer attached to the mirr...

Страница 143: ...mirror Tx frames to the mirror port In this case mode for the selected mirror port is limited to Disabled or Rx nly 5 10 4 System Log Information This page provides switch system log information Labe...

Страница 144: ...the port from the drop down list and click Start to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page...

Страница 145: ...up event alarms through DDM Web interface 5 10 7 Ping This command sends ICMP echo request packets to another node on the network Using the ping command you can see if another site on the network can...

Страница 146: ...llowing properties of the issued ICMP packets Label Description IP Address The destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 to 1400 bytes IPv6 Ping PING6 se...

Страница 147: ...al Enable The box allows you to configure external clock output The following values are possible True enable external clock output False disable external clock output VCXO_Enable The box allows you t...

Страница 148: ...ed This parameter applies only to a slave In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay req...

Страница 149: ...he amount of power that each port reserves The allocated reserved power for each port power device is specified in the Maximum Power field Class each port automatically determines how much power to re...

Страница 150: ...rimary and Backup Power Source Some switches support two PoE power supplies One is used as primary power source and one as a backup If the switch does not support backup power supply only the primary...

Страница 151: ...wer consumed by the PD This setting includes five classes Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested Sho...

Страница 152: ...owered down PoE turned OFF the power device is turned off Invalid PD the power device is detected but is not working correctly 5 13 Troubleshooting 5 13 1 Factory Defaults This function is to force th...

Страница 153: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 152 Label Description Yes Click to reboot device No Click to return to the Port State page without rebooting...

Страница 154: ...witch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable...

Страница 155: ...nual ORing Industrial Networking Corp 154 Step 3 Select a COM port in the drop down list Step 4 A pop up window that indicates COM port properties appears including bits per second data bits parity st...

Страница 156: ...sole login screen will appear Use the keyboard to enter the Username and Password same as the password for Web browsers then press Enter CLI Management by Telnet You can can use TELNETto configure the...

Страница 157: ...dmin Follow the steps below to access console via Telnet Step 1 Telnet to the IP address of the switch from the Run window by inputingcommands or from the MS DOS prompt as below Step 2 The Login scree...

Страница 158: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 157 Commander Groups...

Страница 159: ...isable Setup ip_addr ip_mask ip_router vid Ping ip_addr_string ping_length SNTP ip_addr_string Port port Configuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx sfp_auto_...

Страница 160: ...l PortType port_list unaware c port s port s custom port EtypeCustomSport etype Add vid name ports_list Forbidden Add vid name port_list Delete vid name Forbidden Delete vid name Forbidden Lookup vid...

Страница 161: ...radius enable disable Security Switch SSH Security switch ssh Configuration Mode enable disable Security Switch HTTPS Security switch ssh Configuration Mode enable disable Security Switch RMON Securi...

Страница 162: ...rized macbased Reauthentication enable disable ReauthPeriod reauth_period EapolTimeout eapol_timeout Agetime age_time Holdtime hold_time Authenticate port_list now Statistics port_list clear eapol rad...

Страница 163: ...Security Network DHCP Security Network DHCP Configuration Mode enable disable Server ip_addr Information Mode enable disable Information Policy replace keep drop Statistics clear Security Network AAA...

Страница 164: ...e Port AutoEdge port_list enable disable Port P2P port_list enable disable auto Port RestrictedRole port_list enable disable Port RestrictedTcn port_list enable disable Port bpduGuard port_list enable...

Страница 165: ...al_res lldp_res lldp_con Maximum_Power port_list port_power Status Primary_Supply supply_power QoS QoS DSCP Map dscp_list class dpl DSCP Translation dscp_list trans_dscp DSCP Trust dscp_list enable di...

Страница 166: ...able rx tx Dot1x Dot1x Configuration port_list Mode enable disable State port_list macbased auto authorized unauthorized Authenticate port_list now Reauthentication enable disable Period reauth_period...

Страница 167: ...c dmac arp sip dip smac arp_opcode arp_flags ip sip dip protocol ip_flags icmp sip dip icmp_type icmp_code ip_flags udp sip dip sport dport ip_flags tcp sip dip sport dport ip_flags tcp_flags permit d...

Страница 168: ...d User Lookup index Group Add security_model security_name group_name Group Delete index Group Lookup index View Add view_name included excluded oid_subtree View Delete index View Lookup index Access...

Страница 169: ...UniConfig clockinst index duration ip_addr ForeignMasters clockinst port_list EgressLatency show clear MasterTableUnicast clockinst ExtClockMode one_pps_mode ext_enable clockfreq vcxo_enable OnePpsAc...

Страница 170: ...rFailure pwr1 pwr2 pwr3 enable disable Event Event Configuration Syslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable disable Syslog RingTopology...

Страница 171: ...isable 1stUplinkPort port 2ndUplinkPort port EdgePort 1st 2nd none RCS RCS Mode enable disable Add ip_addr port_list web_on web_off telnet_on telnet_off snmp_on snmp_off Del index Configuration FastRe...

Страница 172: ...tion port_list do_nothing link_change shutdown only_log reboot_device Port Alive Status port_list Port Stream Mode port_list enable disable Port Stream Action port_list do_nothing only_log Port Stream...

Страница 173: ...IGPS 9080 Series User Manual ORing Industrial Networking Corp 172 Parameter MRP_LNKdownT value Parameter MRP_LNKupT value Parameter MRP_LNKNRmax value Modbus Modbus Status Mode enable disable...

Страница 174: ...Properties Switching latency 7 us Switching bandwidth 16Gbps Max Number of Available VLANs 256 IGMP multicast groups 128 for each VLAN Port rate limiting User Define Jumbo frame Up to 9 6K Bytes Secur...

Страница 175: ...d Power Redundant Input power Dual DC inputs 50 57VDC on 6 pin terminal block Dual DC inputs 12 57VDC on 6 pin terminal block Power consumption Typ PoE output not included 11 Watts 11 Watts 12 Watts 1...

Результаты поиска

Содержание IGPS-9080

Отзывы:

Похожие инструкции для IGPS-9080

Бренды по названию

Популярные бренды

ORiNG IGPS-9080, Руководство пользователя

Результаты поиска

Содержание IGPS-9080

Отзывы:

Похожие инструкции для IGPS-9080

Бренды по названию

Популярные бренды