ORiNG RGS-9244GP Скачать руководство пользователя страница 123

Страница: 123 / 171

RGS-9244GP Series User Manual

ORing Industrial Networking Corp.

122

supplicant and the authentication server are using, or how many information exchange frames

are needed for a particular method. The switch simply encapsulates the EAP part of the frame

into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a

success or failure indication. Besides forwarding the result to the supplicant, the switch uses it

to open up or block traffic on the switch port connected to the supplicant.

Note: in an environment where two backend servers are enabled, the server timeout is

configured to X seconds (using the authentication configuration page), and the first server in

the list is currently down (but not considered dead), if the supplicant retransmits EAPOL Start

frames at a rate faster than X seconds, it will never be authenticated because the switch will

cancel on-going backend authentication server requests whenever it receives a new EAPOL

Start frame from the supplicant. Since the server has not failed (because the X seconds have

not expired), the same server will be contacted when the next backend authentication server

requests from the switch. This scenario will loop forever. Therefore, the server timeout should

be smaller than the supplicant's EAPOL Start frame retransmission rate.

Overview of MAC-Based Authentication

Unlike 802.1X, MAC-based authentication is not a standard, but merely a best-practices

method adopted by the industry. In MAC-based authentication, users are called clients, and the

switch acts as the supplicant on behalf of clients. The initial frame (any kind of frame) sent by

a client is snooped by the switch, which in turn uses the client's MAC address as both username

and password in the subsequent EAP exchange with the RADIUS server. The 6-byte MAC

address is converted to a string in the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is

used as separator between the lower-cased hexadecimal digits. The switch only supports the

MD5-Challenge authentication method, so the RADIUS server must be configured accordingly.

When authentication is complete, the RADIUS server sends a success or failure indication,

which in turn causes the switch to open up or block traffic for that particular client, using static

entries into the MAC Table. Only then will frames from the client be forwarded on the switch.

There are no EAPOL frames involved in this authentication, and therefore, MAC-based

authentication has nothing to do with the 802.1X standard.

The advantage of MAC-based authentication over 802.1X is that several clients can be

connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual

Содержание RGS-9244GP

Страница 1: ...RGS 9244GP Industrial Rack Mount Ethernet Switch User Manual Version 1 0 September 2016 www oring networking com...

Страница 2: ...d with shipment expenses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty do...

Страница 3: ...Panel 9 Hardware Installation 10 3 1 Rack mount Installation 10 3 2 Wiring 11 3 2 1 AC Power Connection 11 3 2 2 DC Power Connection RGS 9244GP E only 12 3 2 3 Relay contact RGS 9244GP E only 12 3 2...

Страница 4: ...34 5 1 4 IP Settings 35 5 1 5 IPv6 Settings 36 5 1 6 Daylight Saving Time 37 5 1 7 HTTPS 39 5 1 8 SSH 40 5 1 9 LLDP 40 5 1 10 Modbus TCP 43 5 1 11 Backup Restore Configurations 44 5 1 12 Firmware Upd...

Страница 5: ...82 5 6 6 Queue Policing 83 5 6 7 QoS Egress Port Scheduler and Shapers 83 5 6 8 Port Scheduled 86 5 6 9 Port Shaping 86 5 6 10 DSCP Based QoS 87 5 6 11 DSCP Translation 88 5 6 12 DSCP Classification...

Страница 6: ...ing 132 5 10 Monitor and Diag 136 5 10 1 MAC Table 136 5 10 2 Port Statistics 139 5 10 3 Port Mirroring 141 5 10 4 System Log Information 142 5 10 5 Cable Diagnostics 143 5 10 6 SFP Monitor 144 5 10 7...

Страница 7: ...conveniently via Open Vision web browsers Telnet and console CLI configuration making it one of the most reliable choice for highly managed and Fiber Ethernet power substation and rolling stock applic...

Страница 8: ...es Telnet Console CLI and Windows utility Open Vision Supports LLDP Protocol 1 3 Hardware Specifications 19 inch rack mountable design 24 x 10 100 1000Base T X RJ 45 ports 4 x100 1000Base X SFP ports...

Страница 9: ...utton for 3 seconds to reset and 5 seconds to return to factory default RGS 9244GP 2 1 2 LED LED Color Status Description PWR Green On System power on Green Blinking Upgrading firmware R M Green On Ri...

Страница 10: ...ion at 10Mbps 100 1000Base X SFP port Link Act Green On Port connected Blinking Transmitting data 2 2 Rear Panel The RGS 9244GP provides an AC power input on the back while the RGS 9244GP E comes with...

Страница 11: ...ten the switch to a rack in any environments Rack mount measurement Unit mm Follow the following steps to install the switch to a rack Step 1 Install the mounting brackets to the left and right front...

Страница 12: ...dicular at the intersection point 5 Do not run signal or communications wiring and power wiring through the same wire conduit To avoid interference wires with different signal characteristics should b...

Страница 13: ...event is triggered If a user configured event does not occur the fault circuit remains closed 3 2 4 Grounding RGS 9244GP E only Grounding and wire routing help limit the effects of noise due to electr...

Страница 14: ...8 BI_DD The series also support auto MDI MDI X operation You can use a cable to connect the switch to a PC The table below shows the 10BASE T 100BASE TX MDI and MDI X port pin outs 10 100 Base T X MD...

Страница 15: ...RS 232 cable which can be found in the package Connect each end of the RS 232 cable to the switch and a PC respectively PC pin out male assignment RS 232 with DB9 female connector DB9 to RJ 45 Pin 2...

Страница 16: ...ogy to gain network redundancy capabilities through the following steps 1 Connect each switch to form a daisy chain using an Ethernet cable 2 Set one of the connected switches to be the master and mak...

Страница 17: ...ence to the connected port For more information on port setting please refer to 4 1 2 Configurations Once the setting is completed one of the connections will act as the main path while the other will...

Страница 18: ...want to connect to the O Ring and connect them to the switches in the ring Switch C D 2 In correspondence to the ports connected to the ring configure an edge port for both of the connected switches...

Страница 19: ...f less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation and up to 250 nodes The ring protocols identify one switch as the master of the n...

Страница 20: ...aller rings to avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Ports for connecting multiple rings A coupling ring needs four switches...

Страница 21: ...ks enables the network to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segmen...

Страница 22: ...d RM LED will light up 4 3 MRP NOTE 4 3 1 Introduction MRP Media Redundancy Protocol is an industry standard for high availability Ethernet networks MRP allows Ethernet switches in a ring to recover f...

Страница 23: ...work loops occur frequently in large networks as when two or more paths run to the same destination broadcast packets may get in to an infinite loop and hence causing congestion in the network STP can...

Страница 24: ...ort status for the currently selected switch Label Description Port The switch port number to which the following settings will be applied CIST Role The current STP port role of the CIST port The valu...

Страница 25: ...the port Discarded Unknown The number of unknown spanning tree BPDUs received and discarded on the port Discarded Illegal The number of illegal spanning tree BPDUs received and discarded on the port...

Страница 26: ...4 4 2 MSTP Since the recovery time of STP and RSTP takes seconds which are unacceptable in some industrial applications MSTP was developed The technology supports multiple spanning trees within a netw...

Страница 27: ...to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The ra...

Страница 28: ...s Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI The bridge instance The CIST is not available for explicit mapping as it will r...

Страница 29: ...e number and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 4 3 CIST Wit...

Страница 30: ...iority for ports having identical port costs See above OpenEdge setate flag A flag indicating whether the port is connected directly to edge devices or not no bridges attached Transiting to the forwar...

Страница 31: ...the network from causing address flushing in that region because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions freq...

Страница 32: ...Networking Corp 31 Label Description Active Activates fast recovery mode port Ports can be set to 12 priorities Only the port with the highest priority will be the active port 1st Priority is the high...

Страница 33: ...friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for network ports...

Страница 34: ...m Name An administratively assigned name for the managed node By convention this is the node s fully qualified domain name A domain name is a text string consisting of alphabets A Z a z digits 0 9 and...

Страница 35: ...stem password required to access the web pages or log in from CLI Label Description Old Password The existing password If this is incorrect you cannot set the new password New Password The new system...

Страница 36: ...ed for authentication Radius a remote RADIUS server is used for authentication Fallback Check to enable fallback to local authentication If none of the configured authentication servers are active the...

Страница 37: ...e subnet mask IP Router Assigns the network gateway for the switch The default gateway is 192 168 10 254 VLAN ID Provides the managed VLAN ID The allowed range is 1 through 4095 DNS Server Provides th...

Страница 38: ...exadecimal digits with a colon separating each field For example in fe80 215 c5ff fe03 4dc7 the symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of...

Страница 39: ...e duration Select Disable to disable the configuration or Recurring to configure the duration to repeat every year Select Non Recurring to configure the duration for single time configuration Default...

Страница 40: ...fset Configures the offset time The time is measured by minute 5 1 7 HTTPS You can configure HTTPS settings in the following page Label Description Mode Indicates the selected HTTPS mode When the curr...

Страница 41: ...des include Enabled enable SSH Disabled disable SSH Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 5 1 9 LLDP LLDP Configurations This pa...

Страница 42: ...bors The following table contains information for each port on which an LLDP neighbor is detected The columns include the following information Label Description Local Port The port that you use to tr...

Страница 43: ...ounters will apply settings to the whole switch stack while local counters will apply settings to specified switches Global Counters Label Description Neighbor entries were last changed at Shows the t...

Страница 44: ...entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs Type Length Value If a TLV is malformed it will be counted and discarded TLVs Unrecognized The n...

Страница 45: ...s The configuration file is in XML format 5 1 12 Firmware Update This page allows you to update the firmware of the switch 5 2 DHCP Server The switch provides DHCP server functions By enabling DHCP th...

Страница 46: ...CP server functions are activated the switch will collect DHCP client information and display in the following table 5 2 3 Client List You can assign a specific IP address within the dynamic IP range...

Страница 47: ...between the clients and the server when they are not in the same subnet domain Relay Information Mode Indicates the existing DHCP relay information mode The format of DHCP option 82 circuit ID format...

Страница 48: ...when a DHCP message containing the information is received Drop drop the package when a DHCP message containing the information is received The relay statistics shows the information of relayed packet...

Страница 49: ...er Receive Agent Option The number of received packets containing relay agent information Replace Agent Option The number of packets replaced when received messages contain relay agent information Kee...

Страница 50: ...ch port configuration configures all ports Flow Control When Auto is selected for the speed the flow control will be negotiated to the capacity advertised by the link partner When a fixed speed settin...

Страница 51: ...y changes made locally will be undone 5 3 2 Port Trunk This page allows you to configure the aggregation hash mode and the aggregation group Label Description Source MAC Address Calculates the destina...

Страница 52: ...default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group 5 3 3 LACP This page allows you to enable LACP fu...

Страница 53: ...can join an aggregation and the ports must be in the same speed in each group Key The Key value varies with the port ranging from 1 to 65535 Auto will set the key according to the physical link speed...

Страница 54: ...gr id Partner System ID System ID MAC address of the aggregation partner Partner Key The key assigned by the partner to the aggregation ID Last Changed The time since this aggregation changed Last Cha...

Страница 55: ...ved The LACP status is disabled Key The key assigned to the port Only ports with the same key can be aggregated Aggr ID The aggregation ID assigned to the aggregation group Partner System ID The partn...

Страница 56: ...scarded The number of unknown or illegal LACP frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular inter...

Страница 57: ...ept disabled when a loop is detected shutting down the port The valid value is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Label Desc...

Страница 58: ...ps detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected 5 4 VLAN...

Страница 59: ...to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Valid values for a VLAN ID are 1 through 4095 After clicking Save the new VLAN will be enabled on the...

Страница 60: ...are None or Specific This parameter affects VLAN ingress and egress processing If None is selected a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is no...

Страница 61: ...s 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not 0x8100 ex 0x88A8 it will be discarded The TPID of a frame transmitted by C port will be set...

Страница 62: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 61 Custom S ports...

Страница 63: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 62...

Страница 64: ...ries User Manual ORing Industrial Networking Corp 63 Examples of VLAN Settings VLAN Access Mode Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Below are the swi...

Страница 65: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 64 VLAN 1Q Trunk Mode Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Страница 66: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 65 VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings...

Страница 67: ...ries User Manual ORing Industrial Networking Corp 66 VLAN QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN 9000 Series Port 1 V...

Страница 68: ...te VLANs can be added or deleted here Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means th...

Страница 69: ...vate VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding a New Static Entry Click Add new Private LAN to add a new private VLAN ID An empty row is ad...

Страница 70: ...unchecked port isolation is disabled for that port By default port isolation is disabled for all ports 5 5 SNMP 5 5 1 SNMP System Configurations Label Description Mode Indicates existing SNMP mode Po...

Страница 71: ...o SNMP agent The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and th...

Страница 72: ...t it can only appear once It also uses a following legally IPv4 address For example 192 1 2 34 Trap Authentication Failure Indicates the SNMP entity is permitted to generate authentication failure tra...

Страница 73: ...keys are Engine ID and User Name Label Description Delete Check to delete the entry It will be deleted during the next save Engine ID An octet string identifying the engine ID that this entry should b...

Страница 74: ...otocol MD5 an optional flag to indicate that this user is using MD5 authentication protocol SHA an optional flag to indicate that this user is using SHA authentication protocol The value of security l...

Страница 75: ...usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 a...

Страница 76: ...s Excluded it should exist another entry whose view type is Included and its OID subtree oversteps the Excluded entry OID Subtree The OID defining the root of the subtree to add to the named view The...

Страница 77: ...MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed 5 6 Traffic Prioritization 5 6 1 Storm Cont...

Страница 78: ...Status Enable or disable the storm control status for the given frame type Rate The rate unit is packet per second pps configure the rate as 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps...

Страница 79: ...is classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS class PCP value 0 1 2 3 4 5 6 7 QoS class 1 0 2 3 4 5 6 7 If...

Страница 80: ...e frame is tagged then the frame is classified to the PCP value in the tag Otherwise the frame is classified to the default PCP value DEI Controls the default DEI value All frames are classified to a...

Страница 81: ...will be applied Click on the port number to configure tag remarking Mode Shows the tag remarking mode for this port Classified use classified PCP DEI values Default use default PCP DEI values Mapped u...

Страница 82: ...k to enable ingress translation 2 Classify Classification has 4 different values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify...

Страница 83: ...5 6 5 Port Policing This page allows you to configure Policer settings for all switch ports Label Description Port The port number for which the configuration below applies Enable Check to enable the...

Страница 84: ...ue is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and is restricted to 1 to 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enable...

Страница 85: ...en the Unit is Mbps Queues Shaper Unit Configures the rate for each queue shaper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to...

Страница 86: ...Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper...

Страница 87: ...value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Port Shaper Unit Configures the unit of measurement for each port shaper rate as kbp...

Страница 88: ...e g 800 Mbps Qn Shows disabled or actual port shaper rate e g 800 Mbps 5 6 10 DSCP Based QoS This page allows you to configure basic QoS DSCP based QoS Ingress Classification settings for all switche...

Страница 89: ...d valid DSCP value ranges from 0 to 63 Ingress Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translat...

Страница 90: ...e allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value Label Description QoS Class Actual QoS class DPL Actual Drop Precedence Level DSCP Select the classified DSCP...

Страница 91: ...LAN ID can be any value from 1 to 4095 Any user can enter either a specific value or a range of VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 a range 0 1 2 3 4 5 6 7 0 3 4 7 or...

Страница 92: ...nd w are decimal numbers between 0 and 255 When the mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Differentiated Code...

Страница 93: ...stics of individual queues for all switch ports Label Description Port The switch port number to which the following settings will be applied Qn There are 8 QoS queues per port Q0 is the lowest priori...

Страница 94: ...matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame match...

Страница 95: ...Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leave Check to enable fast leave on the port 5...

Страница 96: ...ed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Label Description Delete Check to delete the entry...

Страница 97: ...ive The number of received V2 reports V3 Reports Receive The number of received V3 reports V2 Leave Receive The number of received V2 leave packets Refresh Click to refresh the page immediately Clear...

Страница 98: ...s Remote Control Security allows you to limit the remote access to the management interface When enabled requests of the client which is not in the allow list will be rejected Label Description Port P...

Страница 99: ...the entry will not be allowed to access the network Shutdown shuts down the port No Link Alive Check Active Check to enable alive check When enabled switch will ping the device continually Alive Chec...

Страница 100: ...for next move Attacked DDOS attacks occur Device IP Address Specifies IP address of the device Device MAC Address Specifies MAC address of the device Advanced Configurations Alias IP Address This pag...

Страница 101: ...he event simply logging the event and rebooting DDoS Prevention This page provides DDOS Prevention configurations The switch can monitor ingress packets and perform actions when DDOS attack occurred o...

Страница 102: ...ds Filter If packet type is UDP or TCP please choose the socket direction Destination Source Action Indicates the action to take when DDOS attacks occur Possible actions are no action Blocking 1 minut...

Страница 103: ...pes Possible types are no specification IP Camera IP Phone Access Point PC PLC and Network Video Recorder Location Address Indicates location information of the device The information can be used for...

Страница 104: ...take when the stream gets low Possible actions are no action Log it simply logs the event 5 8 3 ACL Ports This page allows you to configure the ACL parameters ACE of each switch port These parameters...

Страница 105: ...he default value is Disabled Logging Specifies the logging operation of the port The allowed values are Enabled frames received on the port are stored in the system log Disabled frames received on the...

Страница 106: ...s are displayed according to the frame type you have selected A frame matching the ACE can be configured here Label Description Ingress Port Indicates the ingress port to which the ACE will apply Any...

Страница 107: ...values are Enabled frames matching the ACE are stored in the system log Disabled frames matching the ACE are not logged Please note that system log memory capacity and logging rate is limited Shutdown...

Страница 108: ...dress The legal format is xx xx xx xx xx xx Frames matching the ACE will use this DMAC value Label Description VLAN ID Filter Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specifie...

Страница 109: ...ore details of these fields please refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear For more details of these fields pleas...

Страница 110: ...t to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear SIP Address When Host or Network is selected for the source IP filter you can enter a s...

Страница 111: ...he ACE Any no sender IP filter is specified sender IP filter is don t care Host sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network sender IP fi...

Страница 112: ...ings 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address Any any value is allowed don t care IP Ethernet Length Specifies whether frames will...

Страница 113: ...MP Type Value When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP value ICMP Code Filter Specifi...

Страница 114: ...CP UDP Source No When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP so...

Страница 115: ...no more data from sender value for the ACE 0 TCP frames where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any...

Страница 116: ...hin this time frame we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost f...

Страница 117: ...iguration below applies Enabled Check to enable the RADIUS authentication server IP Address The IP address or hostname of the RADIUS authentication server IP address is expressed in dotted decimal not...

Страница 118: ...Overview This page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page Label Description The RADIUS server number Click to navigate to detai...

Страница 119: ...led Not Ready the server is enabled but IP communication is not yet up and running Ready the server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting at...

Страница 120: ...orking Corp 119 Label Description Packet Counters RADIUS authentication server packet counters There are seven receive and four transmit counters Other Info This section contains information about the...

Страница 121: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 120 Label Description Packet Counters RADIUS accounting server packet counters There are five receive and four transmit counters...

Страница 122: ...addresses to authenticate against the backend server As intruders can create counterfeit MAC addresses MAC based authentication is less secure than 802 1X authentication Overview of 802 1X Port Based...

Страница 123: ...ore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but m...

Страница 124: ...tions system and port wide Label Description Mode Indicates if 802 1X and MAC based authentication is globally enabled or disabled on the switch If globally disabled all ports are allowed to forward f...

Страница 125: ...t regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds For po...

Страница 126: ...tion server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RA...

Страница 127: ...is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they...

Страница 128: ...e switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached...

Страница 129: ...ed special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also on...

Страница 130: ...immediately The clients will transfer to the unauthorized state while the reauthentication is in progress NAS Status This page provides an overview of the current NAS port states Label Description Po...

Страница 131: ...ion For MAC based ports only selected backend server RADIUS Authentication Server statistics is showed Use the port drop down list to select which port details to be displayed Label Description Admin...

Страница 132: ...ckend RADIUS frame counters are available for the following administrative states 802 1X MAC based Auth Last Supplicant Clie nt Info Information about the last supplicant client that attempts to authe...

Страница 133: ...elected fault event happens the Fault LED on the switch panel will light up and the electric relay will signal at the same time 5 9 2 System Warning SYSLOG Setting The SYSLOG is a protocol that transm...

Страница 134: ...nder since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server does not exist Possible modes are Enabled enable ser...

Страница 135: ...tion username Password the authentication password Confirm Password re enter password Recipient E mail Address The recipient s e mail address A mail allows for 6 recipients Apply Click to activate the...

Страница 136: ...tarted Power Status Sends out alerts when power is up or down SNMP Authentication Failure Sends out alert when SNMP authentication fails O Ring Topology Change Sends out alerts when O Ring topology ch...

Страница 137: ...l is called aging You can configure aging time by entering a value in the box of Age Time The allowed range is 10 to 1000000 seconds You can also disable the automatic aging of dynamic entries by chec...

Страница 138: ...ng to secure learning mode otherwise the management link will be lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table...

Страница 139: ...e Each page shows up to 999 entries from the MAC table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the b...

Страница 140: ...of the entry Port Members The ports that are members of the entry 5 10 2 Port Statistics Traffic Overview This page provides an overview of general traffic statistics for all switch ports Label Descri...

Страница 141: ...able an automatic refresh of the page at regular intervals Refresh Updates the counter entries starting from the current entry ID Clear Flushes all counters entries Detailed Statistics This page provi...

Страница 142: ...C Rx Oversize The number of long2 frames received with a valid CRC Rx Fragments The number of short1 frames received with an invalid CRC Rx Jabber The number of long2 frames received with an invalid C...

Страница 143: ...mirror port Frames transmitted are not mirrored Tx only only frames transmitted from this port are mirrored to the mirror port Frames received are not mirrored Disabled neither transmitted nor recived...

Страница 144: ...address of the switch Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Updates system log entries starting from the current entry ID Clear Flushes a...

Страница 145: ...disconnected while running VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port...

Страница 146: ...e ICMP packets will be transmitted and the sequence number and roundtrip time will be displayed upon reception of a reply The page refreshes automatically until responses to all packets are received o...

Страница 147: ...properties of the issued ICMP packets Label Description IP Address The destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 to 1400 bytes IPv6 Ping PING6 server 192...

Страница 148: ...actory defaults No Click to return to the Port State page without resetting 5 11 2 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you have po...

Страница 149: ...or telnet to manage the switch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port u...

Страница 150: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 149 Step 2 Input a name for the new connection Step 3 Select a COM port in the drop down list...

Страница 151: ...op up window that indicates COM port properties appears including bits per second data bits parity stop bits and flow control Step 5 The console login screen will appear Use the keyboard to enter the...

Страница 152: ...ess 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin Follow the steps below to access console via Telnet Step 1 Telnet to the IP address of the swit...

Страница 153: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 152 same as the password for Web browser and then press Enter Commander Groups...

Страница 154: ...RGS 9244GP Series User Manual ORing Industrial Networking Corp 153...

Страница 155: ...P enable disable Setup ip_addr ip_mask ip_router vid Ping ip_addr_string ping_length SNTP ip_addr_string Port port Configuration port_list up down Mode port_list auto 10hdx 10fdx 100hdx 100fdx 1000fdx...

Страница 156: ...le tx_tag port_list untag_pvid untag_all tag_all PortType port_list unaware c port s port s custom port EtypeCustomSport etype Add vid name ports_list Forbidden Add vid name port_list Delete vid name...

Страница 157: ...thentication Security switch auth Configuration Method console telnet ssh web none local radius enable disable Security Switch SSH Security switch ssh Configuration Mode enable disable Security Switch...

Страница 158: ...urity Network NAS Security Network NAS Configuration port_list Mode enable disable State port_list auto authorized unauthorized macbased Reauthentication enable disable ReauthPeriod reauth_period Eapo...

Страница 159: ...mirror logging shutdown Delete ace_id Lookup ace_id Clear Status combined static loop_protect dhcp ptp ipmc conflicts Port State port_list enable disable Security Network DHCP Security Network DHCP Co...

Страница 160: ...Priority msti priority Msti Map msti clear Msti Add msti vid Port Configuration port_list Port Mode port_list enable disable Port Edge port_list enable disable Port AutoEdge port_list enable disable P...

Страница 161: ...able disable Statistics port_list clear Info port_list QoS QoS DSCP Map dscp_list class dpl DSCP Translation dscp_list trans_dscp DSCP Trust dscp_list enable disable DSCP Classification Mode dscp_list...

Страница 162: ...le disable rx tx Dot1x Dot1x Configuration port_list Mode enable disable State port_list macbased auto authorized unauthorized Authenticate port_list now Reauthentication enable disable Period reauth_...

Страница 163: ...policy vid tag_prio dmac_type etype etype smac dmac arp sip dip smac arp_opcode arp_flags ip sip dip protocol ip_flags icmp sip dip icmp_type icmp_code ip_flags udp sip dip sport dport ip_flags tcp s...

Страница 164: ...x Community Lookup index User Add engineid user_name MD5 SHA auth_password DES priv_password User Delete index User Changekey engineid user_name auth_password priv_password User Lookup index Group Add...

Страница 165: ...eqintv delayasymmetry ingressLatency LocalClock clockinst update show ratio clockratio Filter clockinst def_delay_filt period dist Servo clockinst displaystates ap_enable ai_enable ad_enable ap ai ad...

Страница 166: ...Fastleave igmp port_list enable disable Router igmp port_list enable disable Status igmp vid Groups igmp vid Version igmp vid Fault Fault Alarm PortLinkDown port_list enable disable Alarm PowerFailur...

Страница 167: ...ster enable disable 1stRingPort port 2ndRingPort port Couple Mode enable disable Couple Port port Dualhoming Mode enable disable Dualhoming Port port Chain Chain Configuration Mode enable disable 1stU...

Страница 168: ...t_list source destination Port DDOS Action port_list do_nothing block_1_min block_10_mins block shutdown only_lo g reboot_device Port DDOS Status port_list Port Alive Mode port_list enable disable Por...

Страница 169: ...tRingPort mrp_port 2ndRingPort mrp_port Parameter MRP_TOPchgT value Parameter MRP_TOPNRmax value Parameter MRP_TSTshortT value Parameter MRP_TSTdefaultT value Parameter MRP_TSTNRmax value Parameter MR...

Страница 170: ...multicast groups 256 for each VLAN Port rate limiting User Define Jumbo frame Up to 9 6K Bytes Security Features Device Binding security feature Enable disable ports MAC based port security Port based...

Страница 171: ...ay None Relay output to carry capacity of 1A at 24VDC Power Power Input 100 240VAC 88 264VAC 125 373VDC with power socket 100 240VAC 88 264VAC 125 373VDC with power socket and dual 48VDC 24 72VDC at 6...

Результаты поиска

Содержание RGS-9244GP

Отзывы:

Похожие инструкции для RGS-9244GP

Бренды по названию

Популярные бренды

ORiNG RGS-9244GP, Руководство пользователя

Результаты поиска

Содержание RGS-9244GP

Отзывы:

Похожие инструкции для RGS-9244GP

Бренды по названию

Популярные бренды