manualshive.com logo in svg

ORiNG IGS-9168GP series, Руководство пользователя

Поделиться
Скачать
ORiNG IGS-9168GP series Скачать руководство пользователя страница 123

IGS-9168GP User’s Manual

ORing Industrial Networking Corp

122

In an 802.1X network environment, the user is called the supplicant, the

switch is the authenticator, and the RADIUS server is the authentication

server. The authenticator acts as the man-in-the-middle, forwarding

requests and responses between the supplicant and the authentication

server. Frames sent between the supplicant and the switch are special

802.1X frames, known as EAPOL (EAP Over LANs) frames which

encapsulate EAP PDUs (RFC3748). Frames sent between the switch

and the RADIUS server is RADIUS packets. RADIUS packets also

encapsulate EAP PDUs together with other attributes like the switch's IP

address, name, and the supplicant's port number on the switch. EAP is

very flexible as it allows for different authentication methods, like

MD5-Challenge, PEAP, and TLS. The important thing is that the

authenticator (the switch) does not need to know which authentication

method the supplicant and the authentication server are using, or how

many information exchange frames are needed for a particular method.

The switch simply encapsulates the EAP part of the frame into the

relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special

packet containing a success or failure indication. Besides forwarding the

result to the supplicant, the switch uses it to open up or block traffic on

the switch port connected to the supplicant.

Note: in an environment where two backend servers are enabled, the

server timeout is configured to X seconds (using the authentication

configuration page), and the first server in the list is currently down (but

not considered dead), if the supplicant retransmits EAPOL Start frames

at a rate faster than X seconds, it will never be authenticated because

the switch will cancel on-going backend authentication server requests

whenever it receives a new EAPOL Start frame from the supplicant.

Since the server has not failed (because the X seconds have not

expired), the same server will be contacted when the next backend

authentication server request from the switch This scenario will loop

forever. Therefore, the server timeout should be smaller than the

supplicant's EAPOL Start frame retransmission rate.

a. Single 802.1X

In port-based 802.1X authentication, once a supplicant is successfully

authenticated on a port, the whole port is opened for network traffic. This

allows other clients connected to the port (for instance through a hub) to

Содержание IGS-9168GP series

Страница 1: ...us st tr ri ia al l M Ma an na ag ge ed d E Et th he er rn ne et t S Sw wi it tc ch h U Us se er r M Ma an nu ua al l V Ve er rs si io on n 1 1 1 1 M Ma ay y 2 20 01 14 4 w ww ww w o or ri in ng g n...

Страница 2: ...ses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORing...

Страница 3: ...el 10 Hardware Installation 11 3 1 DIN rail Installation 11 3 2 Wall Mounting 12 3 3 Wiring 13 3 3 1 Grounding 14 3 3 2 Redundant Power Inputs 14 3 4 Connection 14 3 4 1 Cables 14 10 100 1000BASE T X...

Страница 4: ...1 System Information 34 5 1 2 Admin Password 35 5 1 3 Authentication 35 5 1 4 IP Settings 36 5 1 5 IPv6 Settings 37 5 1 6 Daylight Saving Time 38 5 1 7 HTTPS 40 5 1 8 SSH 40 5 1 9 LLDP 41 LLDP Neighbo...

Страница 5: ...Prioritization 75 5 6 1 Storm Control 75 5 6 2 Port Classification 75 5 6 3 Port Tag Remaking 77 5 6 4 Port DSCP 78 5 6 5 Port Policing 80 Queue Policing 81 5 6 6 Scheduling and Shaping 81 5 6 7 Port...

Страница 6: ...lt Alarm 128 5 9 2 System Warning 128 5 10 Monitor and Diag 131 5 10 1 MAC Table 131 5 10 2 Port Statistics 134 5 10 3 Port Mirroring 136 5 10 4 System Log Information 137 5 10 5 Cable Diagnostics 138...

Страница 7: ...ime 30ms over 250 units of connection and MSTP RSTP STP compatible for Ethernet redundancy Supports Open Ring to interoperate with other vendors ring technology in open architecture Supports O Chain t...

Страница 8: ...pports loop guard to avoid Ethernet loops Supports serial console backup unit to backup configuration 1 3 Hardware Specifications 16 x 10 100 1000Base T X Ethernet ports 8 x 100 1000Base X with SFP po...

Страница 9: ...5 Ethernet port 16 x 10 100 1000Base T X ports Console port 1 x console port 1 Power system LED 2 Power 1 LED 3 Power 2 LED 4 R M Ring Master LED 5 Ring status LED 6 Fault indicator 7 Console port 8 L...

Страница 10: ...100 1000Base T X Fast Ethernet ports LNK ACT Green On Port is linked Blinking Transmitting data Speed Green On Port running at 1000Mbps Off Port running at 10Mbps Amber On Port running at 100Mbps SFP...

Страница 11: ...s of screw holes The two sets placed in triangular patterns on both ends of the rear panel are used for wall mounting and the set of four holes in the middle are used for Din rail installation For mor...

Страница 12: ...to allow you to fasten the switch to a DIN rail in any environments DIN rail Kit Measurement Installing the switch on the DIN rail is easy First screw the Din rail kit onto the back of the switch righ...

Страница 13: ...Measurement To mount the switch onto the wall follow the steps 1 Screw the two pieces of wall mount kits onto both ends of the rear panel of the switch A total of six screws are required as shown bel...

Страница 14: ...ctrical codes dictating the maximum current allowable for each wire size 3 If the current goes above the maximum ratings the wiring could overheat causing serious damage to your equipment 4 Use separa...

Страница 15: ...ch s top panel are used for the two digital inputs Follow the steps below to wire redundant power inputs Step 1 insert the negative positive DC wires into the V V terminals respectively Step 2 to keep...

Страница 16: ...Not used 6 RD 7 Not used 8 Not used 1000Base T RJ 45 Pin Assignments Pin Number Assignment 1 BI_DA 2 BI_DA 3 BI_DB 4 BI_DC 5 BI_DC 6 BI_DB 7 BI_DD 8 BI_DD The device also supports auto MDI MDI X opera...

Страница 17: ...e polarity of the wires that make up each wire pair RS 232 port wiring The device can be managed via console ports using a RS 232 cable which can be found in the package You can connect the port to a...

Страница 18: ...B Switch A Switch B 3 4 3 O Ring O Chain O Ring You can connect three or more switches to form a ring topology to gain network redundancy capabilities through the following steps 1 Connect each switch...

Страница 19: ...Coupling Ring option by checking the checkbox on the management page and select the coupling ring in correspondence to the connected port For more information on port setting please refer to 4 1 2 Co...

Страница 20: ...he chain Switch A B that you want to connect to the O Ring and connect them to the switches in the ring Switch C D 2 In correspondence to the port connected to the ring configure an edge port for both...

Страница 21: ...ietary redundant ring technology with recovery time of less than 10 milliseconds and up to 250 nodes The ring protocols identify one switch as the master of the network and then automatically block pa...

Страница 22: ...vide a big ring into two smaller rings to avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Ports for connecting multiple rings A couplin...

Страница 23: ...d for distributed and complex industrial networks enables the network to recover in less than 10ms for up to 250 switches if at any time a segment of the chain fails O Chain allows multiple redundant...

Страница 24: ...ring configuration to recover from failure rapidly to ensure seamless data transmission A MRP ring IEC 62439 can support up to 50 devices and will enable a back up link in 80ms adjustable to max 200m...

Страница 25: ...mpared to STP which recovers a link in 30 to 50 seconds RSTP can shorten the time to 5 to 6 seconds STP Bridge Status This page shows the status for all STP bridge instance Label Description MSTI The...

Страница 26: ...of the CIST port The values include AlternatePort BackupPort RootPort and DesignatedPort State The current STP port state of the CIST port The values include Blocking Learning and Forwarding Uptime T...

Страница 27: ...legal spanning tree BPDUs received and discarded on the port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals STP Bridge...

Страница 28: ...The technology supports multiple spanning trees within a network by grouping and mapping multiple VLANs into different spanning tree instances known as MSTIs to form individual MST regions Each switch...

Страница 29: ...o enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The rang...

Страница 30: ...not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANS Mapped The list of VLANs mapped to the MSTI The VLANs must be separated with commas and or space A VLAN can...

Страница 31: ...Port Settings Label Description Port The switch port number to which the following settings will be applied STP Enabled Check to enable STP for the port Path Cost Configures the path cost incurred by...

Страница 32: ...ions and topology changes to other ports If set it will cause temporary disconnection after changes in an active spanning trees topology as a result of persistent incorrectly learned station location...

Страница 33: ...tworking Corp 32 Label Description Active Activate fast recovery mode Port Ports can be set to 24 priorities Only the port with the highest priority will be the active port 1st Priority is the highest...

Страница 34: ...dly viewing screen Note By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for network ports...

Страница 35: ...ctions of the switch 5 1 1 System Information This page shows the general information of the switch Label Description System Name An administratively assigned name for the managed node By convention t...

Страница 36: ...n minutes east of GMT The valid range is from 720 to 720 minutes Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 2 Admin Password This...

Страница 37: ...on Fallback Check to enable fallback to local authentication If none of the configured authentication servers are active the local user database is used for authentication This is only possible if Aut...

Страница 38: ...Click to undo any changes made locally and revert to previously saved values 5 1 5 IPv6 Settings IPv6 is the next generation IP that uses a 128 bit address standard It is developed to supplement and...

Страница 39: ...also represent a legally valid IPv4 address For example 192 1 2 34 Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 6 Daylight Saving...

Страница 40: ...ation for single time configuration Default Disabled Start Time Settings Label Description Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select...

Страница 41: ...current connection is HTTPS disabling HTTPS will automatically redirect web browser to an HTTP connection The modes include Enabled enable HTTPS Disabled disable HTTPS Save Click to save changes Rese...

Страница 42: ...and or transmit their information to other connected devices on the network that are also using the protocols and to store the information that is learned about other devices This page allows you to...

Страница 43: ...D The identification number of the neighbor sending out the LLDP frames Remote Port ID The identification of the neighbor port System Name The name advertised by the neighbor Port Description The desc...

Страница 44: ...l Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LLDP frames dropped due to full entry table Total Neighbors...

Страница 45: ...ut time If no new LLDP frame is received during the age out time the LLDP information will be removed and the value of the age out counter will be incremented Refresh Click to refresh the page immedia...

Страница 46: ...DHCP server functions By enabling DHCP the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients 5 2 1 Basic Settings This page allows yo...

Страница 47: ...When a device is connected to the port and requests for dynamic IP assigning the switch will assign the IP address that has previously been assigned to the connected device 5 2 4 Relay Agent DHCP rel...

Страница 48: ...rt number For example 00030108 means the DHCP message received form VLAN ID 3 switch ID 1 and port No 8 The option 82 remote ID value equals to the switch MAC address The modes include Enabled activat...

Страница 49: ...s received without agent information Receive Missing Circuit ID The number of packets received with Circuit ID Receive Missing Remote ID The number of packets received with the Remote ID option missin...

Страница 50: ...anage individual ports of the switch including traffic power and trunks 5 3 1 Port Control This page shows current port configurations Ports can also be configured here Label Description Port The swit...

Страница 51: ...e current power consumption of each port in percentage The Configured column allows you to change power saving parameters for each port Disabled all power savings functions are disabled ActiPHY link d...

Страница 52: ...stination port of the frame You can check this box to enable the destination MAC address or uncheck to disable By default Destination MAC Address is disabled IP Address Calculates the destination port...

Страница 53: ...h the standard This page allows you to enable LACP functions to group ports together to form single virtual links and change associated settings thereby increasing the bandwidth between the switch and...

Страница 54: ...aggregation ID is associated with the aggregation instance For LLAG the ID is shown as isid aggr id and for GLAGs as aggr id Partner System ID System ID MAC address of the aggregation partner Partner...

Страница 55: ...ggregation ID assigned to the aggregation group Partner System ID The partner s system ID MAC address Partner Port The partner s port number associated with the port Refresh Click to refresh the page...

Страница 56: ...eventing the loop attack from affecting other network devices Label Description Enable Loop Protection Activate loop protection functions as a whole Transmission Time The interval between each loop pr...

Страница 57: ...ork virtualization A VLAN can be created by partitioning a physical LAN into multiple logical LANs using a VLAN ID You can assign switch ports to a VLAN and add new VLANs in this page Label Descriptio...

Страница 58: ...port number to which the following settings will be applied Port type Port can be one of the following types Unaware Customer C port Service S port Custom Service S custom port If port type is Unawar...

Страница 59: ...e classified VLAN ID of a frame transmitted on the port is different from the port VLAN ID a VLAN tag with the classified VLAN ID will be inserted in the frame Port VLAN ID Configures the VLAN identif...

Страница 60: ...an untagged frame obtains a tag based on PVID and is forwarded When the port receives tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded 2 If the TPID of tagged frame i...

Страница 61: ...IGS 9168GP User s Manual ORing Industrial Networking Corp 60...

Страница 62: ...IGS 9168GP User s Manual ORing Industrial Networking Corp 61...

Страница 63: ...User s Manual ORing Industrial Networking Corp 62 Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Below are the switc...

Страница 64: ...IGS 9168GP User s Manual ORing Industrial Networking Corp 63 VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Страница 65: ...IGS 9168GP User s Manual ORing Industrial Networking Corp 64 VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Страница 66: ...QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN 9000 Series Port 1 VLAN Settings VLAN ID Settings When setting the management...

Страница 67: ...or destination MAC address A port must be a member of both a VLAN and a private VLAN to be able to forward packets This page allows you to configure private VLAN memberships for the switch By default...

Страница 68: ...return to the editing and make a correction The private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new private VLANs A private VLAN is defined as a pair...

Страница 69: ...o permit access to SNMP agent The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication a...

Страница 70: ...from 33 to 126 are allowed Trap Destination Address Indicates the SNMP trap destination address Trap Destination IPv6 Address Provides the trap destination IPv6 address of this switch IPv6 address co...

Страница 71: ...to the SNMP data on your devices by creating one or more SNMP communities An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information...

Страница 72: ...eID and usmUserName are the entry keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine wit...

Страница 73: ...ndicates the privacy protocol that this entry should belong to Possible privacy protocols include None no privacy protocol DES an optional flag to indicate that this user is using DES authentication p...

Страница 74: ...from 33 to 126 are allowed 5 5 5 SNMP View Configurations The SNMP v3 View table specifies the MIB object access requirements for each View Name You can specify specific areas of the MIB that can be a...

Страница 75: ...that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Security Model Indicates the security model that this entry should belong to...

Страница 76: ...e unit of the rate can be either pps packets per second or kpps kilopackets per second Note frames sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in th...

Страница 77: ...s classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS class PCP value 0 1 2 3 4 5 6 7 QoS class 1 0 2 3 4 5 6 7 If t...

Страница 78: ...ed to a DEI value If the port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value Tag Class Shows...

Страница 79: ...Port DSCP DSCP Differentiated Services Code Point is a measure of QoS It can classify data packets by using the 6 bit DS field in the IP header so you can manage each traffic class differently and eff...

Страница 80: ...es four values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify only selected DSCP whose classification is enabled as specified i...

Страница 81: ...te exceeds the configured maximum rate policing drops or remarks the excess traffic This page allows you to configure Policer for all switch ports Port Policing Label Description Port The port number...

Страница 82: ...policers is enabled 5 6 6 Scheduling and Shaping Port scheduling can solve performance degradation during network congestions The schedulers allow switches to maintain separate queues for packets from...

Страница 83: ...restricted to 100 to 1000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate for each queue shaper The default value is 500 This va...

Страница 84: ...ting basis It can guarantee each queue s minimum bandwidth based on their bandwidth weight when there is traffic congestion Only when a port has more traffic than it can handle will this mode be activ...

Страница 85: ...Mode is set to Weighted Queue Scheduler Percent Shows the weight of the queue in percentage This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Check to enable port sh...

Страница 86: ...ing on an interface you specify a value indicating the maximum amount of traffic allowable for the interface This value must be less than the maximum bandwidth for that interface Label Description Por...

Страница 87: ...lation This page allows you to configure basic QoS DSCP translation settings for all switches DSCP translation can be done in Ingress or Egress Label Description DSCP Maximum number of supported DSCP...

Страница 88: ...precedence with a high priority You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges form 0 to 63 5 6 11 DSCP Classification This page allows you to configur...

Страница 89: ...VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 a range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator can be any of values between 0 and 1 or Any SMAC Source MAC Add...

Страница 90: ...eft to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11...

Страница 91: ...iption Port The switch port number to which the following settings will be applied Qn There are 8 QoS queues per port Q0 is the lowest priority Rx Tx The number of received and transmitted packets per...

Страница 92: ...DPL column DSCP if a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays the conflict status of QCL entries As hardware resources are shared...

Страница 93: ...P Snooping If a VLAN is not IGMP snooping enabled it floods multicast data and control packets to the entire VLAN in hardware When snooping is enabled IGMP packets are trapped to the CPU Data packets...

Страница 94: ...reached the text No more entries is shown in the displayed table Use the button to start over Label Description Delete Check to delete the entry The designated entry will be deleted during the next s...

Страница 95: ...d V3 reports V2 Leave Receive The number of received V2 leave packets Refresh Click to refresh the page immediately Clear Clear all statistics counters Auto refresh Check to enable an automatic refres...

Страница 96: ...IP Web Check to enable management via a Web interface Telnet Check to enable management via a Telnet interface SNMP Check to enable management via a SNMP interface Delete Check to delete entries 5 8...

Страница 97: ...en dead Stream Check Active Check to enable stream check When enabled the switch will detect the stream change getting low from the device Stream Check Status Indicates stream check status Possible st...

Страница 98: ...l time status of the device connected to the port Live checking packets will be sent to the device to probe if the device is running If the switch receives no response from the device actions will be...

Страница 99: ...levels are Low low sensibility Normal normal sensibility Medium medium sensibility High high sensibility Packet Type Indicates the types of DDoS attack packets to be monitored Possible types are RX To...

Страница 100: ...event Only Log it simply logs the event Reboot Device if PoE is supported the device can be rebooted The event will be logged Status Indicates the DDOS prevention status Possible statuses are disable...

Страница 101: ...om the device bound with the port When the traffic changes sharply all of a sudden an alert will be issued This page allows you to configure stream check settings Label Description Mode Enables or dis...

Страница 102: ...t value is Disabled Port Copy Select which port frames are copied to The allowed values are Disabled or a specific port number The default value is Disabled Logging Specifies the logging operation of...

Страница 103: ...actually 1002 1 pps ACL Control List An ACE Access Control Entry is an element in an access control list ACL An ACL can have zero or more ACEs Each ACE controls or monitors access to an object based o...

Страница 104: ...action when the frame matches the ACE Deny drops the frame matching the ACE Rate Limiter Specifies the rate limiter in number of base units The allowed range is 1 to 15 Disabled means the rate limiter...

Страница 105: ...or this ACE Any no DMAC filter is specified DMAC filter status is don t care MC frame must be multicast BC frame must be broadcast UC frame must be unicast Specific If you want to filter a specific de...

Страница 106: ...rotocol filter appears ICMP selects ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear For more details of these fields please refer to the help file UDP se...

Страница 107: ...the source IP filter for this ACE Any no source IP filter is specified Source IP filter is don t care Host source IP filter is set to Host Specify the source IP address in the SIP Address field that...

Страница 108: ...t care Request frame must have ARP Request or RARP Request OP flag set Reply frame must have ARP Reply or RARP Reply OP flag Sender IP Filter Specifies the sender IP filter for the ACE Any no sender...

Страница 109: ...t care RARP SMAC Match Specifies whether frames will meet the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address 1 RARP fram...

Страница 110: ...for entering an ICMP value appears ICMP Type Value When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use thi...

Страница 111: ...CP UDP source value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter...

Страница 112: ...SYN synchronize sequence numbers value for the ACE 0 TCP frames where the SYN field is set must not be able to match this entry 1 TCP frames where the SYN field is set must be able to match this entr...

Страница 113: ...ontinue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subinterval...

Страница 114: ...ion the RADIUS server may store or forward this information as needed to support billing for the services provided Label Description The RADIUS authentication server number for which the configuration...

Страница 115: ...rt is set to 0 zero the default port 1813 is used on the RADIUS accounting server Secret The secret is a text string used by RADIUS to encrypt the client and server authenticator field during exchange...

Страница 116: ...o this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires The number of seconds left before this occu...

Страница 117: ...f seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Authentication and Accounting Server Statistics This page shows the acce...

Страница 118: ...orking Corp 117 Other Info This section contains information about the state of the server and the latest round trip time Label Description Packet Counters RADIUS accounting server packet counters The...

Страница 119: ...s intruders can create counterfeit MAC addresses MAC based authentication is less secure than 802 1X authentication Overview of 802 1X Port Based Authentication In an 802 1X network environment the us...

Страница 120: ...he switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and pas...

Страница 121: ...h port For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore does not imp...

Страница 122: ...t Security functionality to secure MAC addresses MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server request times out ac...

Страница 123: ...evant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding the result to the supp...

Страница 124: ...n once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the...

Страница 125: ...switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in thi...

Страница 126: ...use settings changed on the page to take effect Reauthenticate schedules a reauthentication whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reaut...

Страница 127: ...rce MAC address from the most recently received frame from a new client for MAC based authentication This page provides detailed IEEE 802 1X statistics for a specific switch port using port based auth...

Страница 128: ...end RADIUS frame counters are available for the following administrative states 802 1X MAC based Auth Last Supplicant Client Info Information about the last supplicant client that attempts to authenti...

Страница 129: ...cluding actions to be taken during disconnection and power failure 5 9 2 System Warning SYSLOG Setting SYSLOG is a protocol that allows a device to send event notification messages across IP networks...

Страница 130: ...DP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server does not exist Possible modes are Enabled enable server mode Dis...

Страница 131: ...tication password Confirm Password re enter password Recipient E mail Address The recipient s e mail address A mail allows for 6 recipients Apply Click to activate the configurations Help Shows help f...

Страница 132: ...configurations Help Shows help file 5 10 Monitor and Diag 5 10 1 MAC Table A MAC address tablet is a table in a network switch that maps MAC addresses to ports The switch uses the table to determine...

Страница 133: ...ort is grayed out it means another module is in control of the mode and thus the user cannot change the configurations An example of such a module is MAC Based authentication under 802 1X Label Descri...

Страница 134: ...Per Page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC a...

Страница 135: ...are members of the entry 5 10 2 Port Statistics Traffic Overview This page provides an overview of general traffic statistics for all switch ports Label Description Port The switch port number to whi...

Страница 136: ...etailed traffic statistics for a specific switch port Use the port drop down list to decide the details of which switch port to be displayed The displayed counters include the total number for receive...

Страница 137: ...orwarding process Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions 1 Short frames are frames smal...

Страница 138: ...or a given port a frame is only transmitted once Therefore you cannot mirror Tx frames to the mirror port In this case mode for the selected mirror port is limited to Disabled or Rx nly 5 10 4 System...

Страница 139: ...the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagn...

Страница 140: ...network Using the ping command you can see if another site on the network can be reached After you press five ICMP packets will be transmitted and the sequence number and roundtrip time will be displa...

Страница 141: ...he destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 to 1400 bytes IPv6 Ping PING6 server 192 168 10 1 sendto sendto sendto sendto sendto Sent 5 packets received...

Страница 142: ...nfigure the external VCXO rate adjustment The following values are possible True enable external VCXO rate adjustment False disable external VCXO rate adjustment Clock Frequency The box allows you to...

Страница 143: ...multicast ip4uni PTP over IPv4 unicast Note IPv4 unicast protocol only works in Master Only and Slave Only clocks For more information please refer to Device Type In a unicast Slave Only clock you al...

Страница 144: ...tory defaults No Click to return to the Port State page without resetting 5 12 2 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you have powe...

Страница 145: ...the switch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F...

Страница 146: ...IGS 9168GP User s Manual ORing Industrial Networking Corp 145 Step 3 Select a COM port in the drop down list...

Страница 147: ...up window that indicates COM port properties appears including bits per second data bits parity stop bits and flow control Step 5 The console login screen will appear Use the keyboard to enter the Us...

Страница 148: ...255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin Follow the steps below to access console via Telnet Step 1 Telnet to the IP address of the switch from the Run window by inputi...

Страница 149: ...IGS 9168GP User s Manual ORing Industrial Networking Corp 148 Commander Groups...

Страница 150: ...able Setup ip_addr ip_mask ip_router vid Ping ip_addr_string ping_length SNTP ip_addr_string Port port Configuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx sfp_auto_am...

Страница 151: ...PortType port_list unaware c port s port s custom port EtypeCustomSport etype Add vid name ports_list Forbidden Add vid name port_list Delete vid name Forbidden Delete vid name Forbidden Lookup vid na...

Страница 152: ...adius enable disable Security Switch SSH Security switch ssh Configuration Mode enable disable Security Switch HTTPS Security switch ssh Configuration Mode enable disable Security Switch RMON Security...

Страница 153: ...acbased Reauthentication enable disable ReauthPeriod reauth_period EapolTimeout eapol_timeout Agetime age_time Holdtime hold_time Authenticate port_list now Statistics port_list clear eapol radius Sec...

Страница 154: ...ork DHCP Security Network DHCP Configuration Mode enable disable Server ip_addr Information Mode enable disable Information Policy replace keep drop Statistics clear Security Network AAA Security Netw...

Страница 155: ...t enable disable Port P2P port_list enable disable auto Port RestrictedRole port_list enable disable Port RestrictedTcn port_list enable disable Port bpduGuard port_list enable disable Port Statistics...

Страница 156: ...port_list port_power Status Primary_Supply supply_power QoS QoS DSCP Map dscp_list class dpl DSCP Translation dscp_list trans_dscp DSCP Trust dscp_list enable disable DSCP Classification Mode dscp_lis...

Страница 157: ...ration port_list Mode enable disable State port_list macbased auto authorized unauthorized Authenticate port_list now Reauthentication enable disable Period reauth_period Timeout eapol_timeout Statist...

Страница 158: ...l ip_flags icmp sip dip icmp_type icmp_code ip_flags udp sip dip sport dport ip_flags tcp sip dip sport dport ip_flags tcp_flags permit deny rate_limiter port_copy logging shutdown Delete ace_id Looku...

Страница 159: ...view_name included excluded oid_subtree View Delete index View Lookup index Access Add group_name security_model security_level read_view_name write_view_name Access Delete index Access Lookup index F...

Страница 160: ...clear MasterTableUnicast clockinst ExtClockMode one_pps_mode ext_enable clockfreq vcxo_enable OnePpsAction one_pps_clear DebugMode clockinst debug_mode Wireless mode clockinst port_list enable disabl...

Страница 161: ...yslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable disable Syslog RingTopologyChange enable disable Syslog Port port_list disable linkup linkdow...

Страница 162: ...web_on web_off telnet_on telnet_off snmp_on snmp_off Del index Configuration FastReocvery FastRecovery Mode enable disable Port port_list fr_priority SFP SFP syslog enable disable temp temperature Inf...

Страница 163: ...disable Port Stream Action port_list do_nothing only_log Port Stream Status port_list Port Addr port_list ip_addr mac_addr Port Alias port_list ip_addr Port DeviceType port_list unknown ip_cam ip_phon...

Страница 164: ...IGS 9168GP User s Manual ORing Industrial Networking Corp 163 Modbus Modbus Status Mode enable disable...

Страница 165: ...Device Binding security feature Enable disable ports MAC based port security Port based network access control 802 1x VLAN 802 1Q to segregate and secure network traffic Radius centralized password m...

Страница 166: ...inal block Overload current protection Present Reverse Polarity Protection Present Physical Characteristic Enclosure IP 30 Dimension W x D x H 96 4 W x 105 5 D x 154 H mm 3 8 W x 4 15 D x 6 06 H inch...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды