ORiNG TRGPS-9084TG-M12X-BP2-MV Скачать руководство пользователя страница 100

Страница: 100 / 197

TRGPS-9084TG-M12X-BP2-MV User

Manual

ORing Industrial Networking Corp

Security Level

Indicates the security model that this entry should belong to. Possible

security models include:

NoAuth, NoPriv

: no authentication and no privacy

Auth, NoPriv

: Authentication and no privacy

Auth, Priv

: Authentication and privacy

Read View Name

The name of the MIB view defining the MIB objects for which this

request may request the current values. The allowed string length is

1 to 32, and only ASCII characters from 33 to 126 are allowed.

Write View Name

The name of the MIB view defining the MIB objects for which this

request may potentially SET new values. The allowed string length is

1 to 32, and only ASCII characters from 33 to 126 are allowed.

6.5.8

RMON

Statistics Configuration

Label

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Indicates the index of the entry. The range is from 1 to 65535.

Data Source

Indicates the port ID which wants to be monitored. If in stacking

switch, the value must add 1000000*(switch ID-1), for example, if the

port is switch 3 port 5, the value is 2000005.

History Configuration

Содержание TRGPS-9084TG-M12X-BP2-MV

Страница 1: ...B BP P2 2 M MV V I In nd du us st tr ri ia al l R Ra ac ck k M Mo ou un nt t E Et th he er rn ne et t S Sw wi it tc ch h U Us se er r M Ma an nu ua al l V Ve er rs si io on n 1 1 0 0 J Ja an n 2 20 01 19 9 w ww ww w o or ri in ng gn ne et t c co om m ...

Страница 2: ...iod with shipment expenses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORing products that are misused abused improperly installed or damaged by accidents Please refer to the Technical Specifications section for the actual warranty period s of the produ...

Страница 3: ...ion 11 3 1 Rack mount Installation 11 3 2 Wiring 12 3 2 1 Grounding 12 3 2 2 Fault Relay 12 3 2 3 Redundant Power Inputs 13 3 3 Connection 14 3 3 1 Cables 14 3 3 2 O Ring O Chain 16 Redundancy 20 4 1 O Ring 20 4 1 1 Introduction 20 4 1 2 Configurations 20 4 2 OPEN Ring 22 4 2 1 Introduction 22 4 2 2 Configurations 22 4 3 O Chain 23 4 3 1 Introduction 23 4 3 2 Configurations 23 4 4 Bypass 24 4 4 1 ...

Страница 4: ...ight Saving Time 49 6 1 7 HTTPS 51 6 1 8 SSH 52 6 1 9 DBU01 Option Config 52 6 1 10 LLDP 53 6 1 11 NTP 57 6 1 12 Upnp 58 6 1 13 ModbusTCP 59 6 1 14 Ethernet IP 59 6 1 15 Backup Restore Configurations 60 6 1 16 Firmware Update 60 6 2 DHCP 61 6 2 1 DHCP Server 61 6 2 2 DHCP Relay 65 6 2 3 DHCP Snooping 68 6 3 Port Setting 71 6 3 1 Port Control 71 6 3 2 Port Trunk 74 6 3 3 Loop Protection 79 6 4 VLAN...

Страница 5: ...n 108 6 6 3 Port Tag Remaking 109 6 6 4 Port DSCP 110 6 6 5 Port Policing 111 6 6 6 Queue Policing 112 5 6 7 QoS Egress Port Scheduler and Shapers 112 5 6 8 Port Scheduler 115 5 6 9 Port Shaping 115 5 6 10 DSCP Based QoS 116 5 6 11 DSCP Translation 117 5 6 12 DSCP Classification 118 5 6 13 QoS Control List 118 5 6 14 QoS Statistics QoS Counters 121 5 6 15 QCL Status 121 5 6 16 WRED 123 6 7 Multica...

Страница 6: ...178 6 10 1 MAC Table 178 6 10 2 Port Statistics 182 6 10 3 Port Monitoring 184 6 10 4 System Log Information 185 6 10 5 Cable Diagnostics 187 6 10 6 Ping 188 IPv6 Ping 188 6 11 POE 189 6 11 1 Configuration 189 6 11 2 Status 191 6 12 Configuration 193 6 12 1 Activate 193 6 12 2 Delete 193 6 13 Save 193 6 14 Troubleshooting 193 6 14 1 Factory Defaults 193 6 14 2 System Reboot 194 Technical Specifica...

Страница 7: ...ation and shock TRGPS 9084TG M12X BP2 MV also support Power over Ethernet a system to transmit electrical power up to 30 watts along with data to remote devices over standard twisted pair cable in an Ethernet network Each TRGPS 9084TG M12X BP2 MV switch has 8x10 100 1000Base T X P S E Power Sourcing Equipment ports P S E is a device switch or hub for instance that will provide power in a PoE conne...

Страница 8: ...LAN network management Supports ACL TACACS and 802 1x user authentication Supports 9 6K bytes Jumbo frame Multiple notifications during unexpected events Configuration via Web based Telnet Console CLI and Windows utility Open Vision Supports LLDP Protocol 1 3 Hardware Specifications 8x10 100 1000Base T X P S E M12 ports provide up to 30 Watts per port 4 x 100 1G 2 5G 10G Base T X M12 ports 1 x con...

Страница 9: ...Base T X P S E copper ports M12 X Code 4 x 100 1G 2 5G 10G Base T X non PoE ports with bypass function M12 X Code Console 1 x console port M12 A Code Relay output 1 x relay output M12 A Code Reset button 1 x reset button 1 Reset button 2 System LED PWR LED R M status LED Ring status LED Fault LED 3 Power connector 4 Non PoE 100 1G 2 5G 10G Ethernet ports with bypass 5 PoE enabled Gigabit Ethernet ...

Страница 10: ...r i e power failure or port malfunctioning 10 100 1000Base T X P S E Ethernet ports LNK ACT Green On Port is linked Blinking Transmitting data PoE Green On Power supplied over Ethernet Speed Green On Port is running at 1000Mbps Amber On Port is running at 100Mbps OFF Port is running at 10Mbps 100 1G 2 5G 10G Base T X Ethernet ports LNK ACT Green On Port is linked Blinking Transmitting data Speed G...

Страница 11: ... a switch without bypass function the device will lose connection if he switch loses power as traffic will not be able to flow through the link as shown in the figure below Switches with bypass functions such as the TRGPS 9084GT M12X BP2 MV provide one or more sets of bypass ports that ensure constant network connectivity during power failure ...

Страница 12: ... the switch to a rack Step 1 Attach the mounting brackets to the front left and right sides of the switch using 4 screws Step 2 With front brackets orientated in front of the rack fasten the brackets to the rack using two more screws Instead of screwing the screws in all the way it is advised to leave a space of about 2mm to allow room for sliding the switch between the wall and the screws ...

Страница 13: ...e of signal transmitted through a wire to determine which wires should be kept separate The rule of thumb is that wiring sharing similar electrical characteristics can be bundled together 7 You should separate input wiring from output wiring 8 It is advised to label the wiring to all devices in the system 3 2 1 Grounding Grounding and wire routing help limit the effects of noise due to electromagn...

Страница 14: ... Power Inputs The switch provides two sets of power supply on a M23 5 pin connector to enable dual power inputs Step 1 Insert a power cable to the power connector on the device Step 2 Rotate the outer ring of the cable connector until a snug ﬁt is achieved Make sure the connection is tight ...

Страница 15: ... devices PCs servers switches routers or hubs Please refer to the following table for cable specifications 8 Pin Gigabit Port Definition Cable Types and Specifications Cable Type Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft M12 X coding connector 100BASE TX Cat 5 100 ohm UTP UTP 100 m 328 ft M12 X coding connector 1000BASE T Cat 5 Cat 5e 100 ohm UTP UTP 100 m 328ft M12 X coding...

Страница 16: ...I_DD 4 BI_DA with PoE Vout 5 BI_DB with PoE Vout 6 BI_DA with PoE Vout 7 BI_DC 8 BI_DB with PoE Vout The device supports auto MDI MDI X operation You can use a cable to connect the switch to a PC The table below shows the 10 100Base T X MDI and MDI X port pin outs 10 100 Base T X MDI MDI X Pin Assignments Pin Number MDI port MDI X port 1 TD transmit RD receive 2 TD transmit RD receive 3 RD receive...

Страница 17: ...Use a M12 to DB9 console cable to connect the console port to your PC s COM port 3 3 2 O Ring O Chain O Ring You can connect three or more switches to form a ring topology to gain network redundancy capabilities through the following steps 1 Connect each switch to form a daisy chain using an Ethernet cable 2 Set one of the connected switches to be the master and make sure the port setting of each ...

Страница 18: ...ing 2 Decide which port on each switch to be used as the coupling port and then link them together for example port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D Then enable Coupling Ring option by checking the checkbox on the management page and select the coupling ring in correspondence to the connected port For more information on port setting please refer to ...

Страница 19: ...P network environment you can use dual homing Choose two switches Switch A B from the ring for connecting to the switches in the RSTP network core switches The connection of one of the switches Switch A or B will act as the primary path while the other will act as the backup path that is activated when the primary path connection fails ...

Страница 20: ...s from the chain Switch A B that you want to connect to the O Ring and connect them to the switches in the ring Switch C D 2 In correspondence to the port connected to the ring configure an edge port for both of the connected switches in the chain by checking the box in the management page see 4 1 2 Configurations 3 Once the setting is completed one of the connections will act as the main path and...

Страница 21: ...me of less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation and up to 250 nodes The ring protocols identify one switch as the master of the network and then automatically block packets from traveling through any of the network s redundant loops In the event that one branch of the ring gets disconnected from the rest of the network the ...

Страница 22: ...divide a big ring into two smaller rings to avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Ports for connecting multiple rings A coupling ring needs four switches to build an active and a backup link Links formed by the coupling ports will run in active backup mode Dual Homing Check to enable Dual Homing When Dual Homing is enabled ...

Страница 23: ...developed by ORing to enhance ORing switches interoperability with other vendors products With this technology you can add any ORing switches to the network based on other ring technologies 4 2 2 Configurations Label Description Enable Check to enable Open Ring topology Vender Choose the venders that you want to join in their rings ...

Страница 24: ...y designed for distributed and complex industrial networks enables the network to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment of the chain fails O Chain allows multiple redundant rings of different redundancy protocols to join and function together as a large and the ...

Страница 25: ...light up 4 4 Bypass 4 4 1 Introduction Bypass provides reliable and uninterrupted connections of inline network devices when any of the devices encounter hardware failure such as power outage Figure 1 shows the topology consisting of switches without bypass function When any of the devices breaks down the network will lose connection Figure 1 Figure 2 shows the topology consisting of switches with...

Страница 26: ...led the backup link will be activated immediately when one of the links is down thereby ensuring uninterrupted data transmission However if any inline device fails the network will be disconnected see below By using bypass enabled switches in a ring topology data will continue to flow to the next active switch through the same route when one or more inlay devices fail Data will bypass the inactive...

Страница 27: ...al Networking Corp 26 Fast Ethernet Networks Fiber Networks When a link between two switches fails following the breakdown of the switch the backup link will be activated Data will then be transmitted via the backup path see below Fast Ethernet Networks ...

Страница 28: ...4 5 MRP NOTE 4 5 1 Introduction MRP Media Redundancy Protocol is an industry standard for high availability Ethernet networks MRP allowing Ethernet switches in ring configuration to recover from failure rapidly to ensure seamless data transmission A MRP ring IEC 62439 can support up to 50 devices and will enable a back up link in 80ms adjustable to max 200ms 500ms 4 5 2 Configurations Label Descri...

Страница 29: ...ly in large networks as when two or more paths run to the same destination broadcast packets may get in to an infinite loop and hence causing congestion in the network STP can identify the best path to the destination and block all other paths The blocked links will stay connected but inactive When the best path fails the blocked links will be activated Compared to STP which recovers a link in 30 ...

Страница 30: ... displays the STP port status for the currently selected switch Label Description Port The switch port number to which the following settings will be applied CIST Role The current STP port role of the CIST port The values include AlternatePort BackupPort RootPort and DesignatedPort State The current STP port state of the CIST port The values include Blocking Learning and Forwarding Uptime The time...

Страница 31: ...ceived transmitted on the port TCN The number of legacy topology change notification BPDUs received transmitted on the port Discarded Unknown The number of unknown spanning tree BPDUs received and discarded on the port Discarded Illegal The number of illegal spanning tree BPDUs received and discarded on the port Refresh Click to refresh the page immediately Auto refresh Check to enable an automati...

Страница 32: ...ick to undo any changes made locally and revert to previously saved values 4 6 2 MSTP Since the recovery time of STP and RSTP takes seconds which are unacceptable in some industrial applications MSTP was developed The technology supports multiple spanning trees within a network by grouping and mapping multiple VLANs into different spanning tree instances known as MSTIs to form individual MST regio...

Страница 33: ...s you to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above Save Click to save changes Reset Click to undo any changes made locally and ...

Страница 34: ...s Configuration Revision Revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANS Mapped The list of VLANs mapped to the MSTI The VLANs must be separated with commas and or space A VLAN can only be mapped to one MSTI An unused MSTI will ...

Страница 35: ...r and the 6 byte MAC address of the switch forms a bridge identifier Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 6 3 CIST With the ability to cross regional boundaries CIST is used by MSTP to communicate with other MSTP regions and with any RSTP and STP single instance spanning trees in the network Any boundary port that is if it ...

Страница 36: ...he priority for ports having identical port costs See above OpenEdge setate flag A flag indicating whether the port is connected directly to edge devices or not no bridges attached Transiting to the forwarding state is faster for edge ports operEdge set to true than other ports AdminEdge Configures the operEdge flag to start as set or cleared the initial operEdge state when a port is initialized A...

Страница 37: ...re region of the network from causing address flushing in that region because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently Point2Point Configures whether the port connects to a point to point LAN rather than a shared medium This can be configured automatically or set to true or false manually Transiting...

Страница 38: ...rial Networking Corp 37 Label Description Active Activate fast recovery mode port Ports can be set to 12 priorities Only the port with the highest priority will be the active port 1st Priority is the highest Apply Click to activate the configurations ...

Страница 39: ...user friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for network ports Preparing for Web Management You can access the management page of the switch via the following default values IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 Use...

Страница 40: ...l Networking Corp 39 After logging in you can see the information of the switch as below On the left hand side of the management interface shows links to various settings You can click on the links to access the configuration pages of different functions ...

Страница 41: ...f the name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Description Description of the device System Location The physical location of the node e g telephone closet 3rd floor The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are allowed System Contact The textual ide...

Страница 42: ... one of the following values no Authentication is disabled and login is not possible local Use the local user database on the switch for authentication radius Use remote RADIUS server s for authentication tacacs Use remote TACACS server s for authentication Command Authorization Method Configuration The command authorization section allows you to limit the CLI commands available to a user Label De...

Страница 43: ...ription Client The management client for which the configuration below applies Methods Method can be set to one of the following values no Accounting is disabled tacacs Use remote TACACS server s for accounting Cmd Lvl Enable accounting of all commands with a privilege level higher than or equal to this level Valid values are in the range of 0 to 15 Leave the field empty to disable command account...

Страница 44: ...can access all groups i e that is granted the fully control of the device But other values need to refer to each group privilege level User s privilege should be the same or greater than the group privilege level to have the access of that group By default the group privilege level of 5 has the read only access and the privilege level of 10 has the read write access System maintenance software upl...

Страница 45: ...the MAC Address Limit ACL HTTPS SSH IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Levels Every group has an authorization Priv...

Страница 46: ...ence less index has higher priority in doing DNS name resolution System selects the active DNS server from configuration in turn if the preferred server does not respond in five attempts The following modes are supported From any DHCPv4 interfaces The first DNS server offered from a DHCPv4 lease to a DHCPv4 enabled interface will be used No DNS server No DNS server will be used Configured IPv4 Exp...

Страница 47: ...able for input when creating a new interface IPv4 DHCP Enabled Enable the DHCPv4 client by checking this box If this option is enabled the system will configure the IPv4 address and mask of the interface using the DHCPv4 protocol The DHCPv4 client will announce the configured System Name as hostname to provide DNS lookup IPv4 DHCP Fallback Timeout The number of seconds for trying to obtain a DHCP ...

Страница 48: ...6 server IPv6 Address The IPv6 address of the interface An IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once System accepts the v...

Страница 49: ...ress 6 1 5 IP Status This page displays the status of the IP protocol layer The status is defined by the IP interfaces the IP routes and the neighbor cache ARP cache status Label Description IP Interface Interface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Status The status flags of the interf...

Страница 50: ...nym of the time zone This is a User configurable acronym to identify the time zone Range Up to 16 alpha numeric characters and can contain _ or Daylight Saving Time Configuration Daylight Saving Time Mode Enable or disable daylight saving time function This is used to set the clock forward or backward according to the configurations set below for a defined daylight saving time duration Select Disa...

Страница 51: ... 11 am Oscar Time Zone 2 hours 10 am ADT Atlantic Daylight 3 hours 9 am AST Atlantic Standard EDT Eastern Daylight 4 hours 8 am EST Eastern Standard CDT Central Daylight 5 hours 7 am CST Central Standard MDT Mountain Daylight 6 hours 6 am MST Mountain Standard PDT Pacific Daylight 7 hours 5 am PST Pacific Standard ADT Alaskan Daylight 8 hours 4 am ALA Alaskan Standard 9 hours 3 am HAW Hawaiian Sta...

Страница 52: ...urs 10 pm IDLE International Date Line NZST New Zealand Standard NZT New Zealand 12 hours Midnight 6 1 7 HTTPS You can configure the HTTPS mode in this page Label Description Mode Enables or disables HTTPS mode Automatic Redirect Enables or disables automatic redirect function It is only significant when HTTPS mode is enabled When the redirect mode is enabled the HTTP connection will be redirected...

Страница 53: ...rent status of certificate on the switch Possible statuses are Switch secure HTTP certificate is presented Switch secure HTTP certificate is not presented Switch secure HTTP certificate is generating 6 1 8 SSH You can configure the SSH mode in this page Label Description Mode Enable or disable SSH Save Click to save changes Reset Click to undo any changes made locally and revert to previously save...

Страница 54: ...lid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values must be between 2 10 times Tx Delay When a setting is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values must be between 1 81...

Страница 55: ...t LLDP information and will analyze LLDP information received from neighbors Port Descr Optional TLV When checked the port description is included in LLDP information transmitted Sys Name Optional TLV When checked the system name is included in LLDP information transmitted Sys Descr Optional TLV When checked the system description is included in LLDP information transmitted Sys Capa Optional TLV W...

Страница 56: ...lude 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS Cable Device 8 Station Only 9 Reserved When a capability is enabled a will be displayed If the capability is disabled a will be displayed Management Address The neighbor s address which can be used to help network management This may contain the neighbor s IP address Refresh Click to refresh the page immediately Aut...

Страница 57: ...Shows the number of LLDP frames dropped due to full entry table Total Neighbors Entries Aged Out Shows the number of entries deleted due to expired time to live Local Counters Label Description Local Port The port that receives or transmits LLDP frames Tx Frames The number of LLDP frames transmitted on the port Rx Frames The number of LLDP frames received on the port Rx Errors The number of receiv...

Страница 58: ...f checked the counters for the specific interface are cleared when Clear is pressed 6 1 11 NTP The function allows you to specify the Network Time Protocol NTP servers to query for the current time to maintain an accurate time on the switch ensuring the system log record meaningful dates and times for event entries With NTP the switch can set its internal clock periodically according to an NTP tim...

Страница 59: ...lly to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive an SSDP advertisement message from this swit...

Страница 60: ...thernet IP EtherNet IP is an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet 1 EtherNet IP is one of the leading industrial protocols in the United States and is widely used in a range of industries including factory hybrid and process Label Description Mode Indicates the EtherNet IP mode operation Possible modes are Enabled Enable EtherNet IP mode opera...

Страница 61: ...BP2 MV User Manual ORing Industrial Networking Corp 60 6 1 15 Backup Restore Configurations You can save view or load switch configurations 6 1 16 Firmware Update This page allows you to update the firmware of the switch ...

Страница 62: ...sable DHCP server pre system VLAN Mode VLAN Range Indicate the VLAN range in which DHCP server is enabled or disabled The first VLAN ID must be smaller than or equal to the second VLAN ID BUT if the VLAN range contains only 1 VLAN ID then you can just input it into either one of the first and second VLAN ID or both On the other hand if you want to disable existed VLAN range then you can follow the...

Страница 63: ...e Define the IP range to be excluded IP addresses The first excluded IP must be smaller than or equal to the second excluded IP BUT if the IP range contains only 1 excluded IP then you can just input it to either one of the first and second excluded IP or both Pool This page manages DHCP pools According to the DHCP pool DHCP server will allocate IP address and deliver configuration parameters to D...

Страница 64: ...ined Subnet Mask Display subnet mask of the DHCP address pool If is displayed it means not defined Lease Time Display lease time of the pool Statistics This page displays the database counters and the number of DHCP messages sent and received by DHCP server Label Description Database Counters Pool Number of pools Excluded IP Address Number of excluded IP address ranges Declined IP Address Number o...

Страница 65: ...ges received RELEASE Number of DHCP RELEASE messages received INFORM Number of DHCP INFORM messages received DHCP Message Sent Counters OFFER Number of DHCP OFFER messages sent ACK Number of DHCP ACK messages sent NAK Number of DHCP NAK messages sent Binding This page displays bindings generated for DHCP clients Label Description IP IP address allocated to DHCP client Type Type of binding Possible...

Страница 66: ...ates the existing DHCP relay mode The modes include Enabled activate DHCP relay When DHCP relay is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain to prevent the DHCP broadcast message from flooding for security considerations Disabled disable DHCP relay Relay Server Indicates the DHCP relay server IP address A D...

Страница 67: ...orwarding to a DHCP server and removes it from a DHCP message when transferring to a DHCP client It only works when DHCP relay mode is enabled Disabled disable DHCP relay information Relay Information Policy Indicates the policies to be enforced when receiving DHCP relay information When DHCP relay information mode is enabled if the agent receives a DHCP message that already contains relay agent i...

Страница 68: ...D The number of packets whose Circuit ID do not match the known circuit ID Receive Bad Remote ID The number of packets whose Remote ID do not match the known Remote ID Transmit to Client The number of packets relayed from the server to the client Transmit Error The number of packets with errors when being sent to servers Receive from Client The number of packets received from the server Receive Ag...

Страница 69: ...kets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted source of the DHCP messages Untrusted Configures the port as untrusted source of the DHCP messages Snooping Table This page display the dynamic IP assigned information after DHCP Snooping mode is disabled ...

Страница 70: ...ess User IP address of the entry IP Subnet Mask User IP subnet mask of the entry DHCP Server Address DHCP Server address of the entry Detailed Statistics This page provides statistics for DHCP snooping Notice that the normal forward per port TX statistics isn t increased if the incoming DHCP packet is done by L3 forwarding mechanism And clear the statistics on specific port may not take effect on ...

Страница 71: ...eived and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform The number of inform option 53 with value 8 packets received and transmitted Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Unassigned The number of lease unassigned option 53 with value 11 p...

Страница 72: ...splayed graphically Green indicates the link is up and red that it is down Current Link Speed Provides the current link speed of the port Configured Link Speed Selects any available link speed for the given switch port Only speeds supported by the specific port are shown Possible speeds are Disabled Disables the switch port operation Auto Port auto negotiating speed with the link partner and selec...

Страница 73: ...ave Cu port preferred Ports in AMS mode with 1000 X speed have fiber port preferred Ports in AMS mode with 100 FX speed have fiber port preferred Advertise Duplex When duplex is set as auto i e auto negotiation the port will only advertise the specified duplex as either Fdx or Hdxto the link partner By default port will advertise all the supported duplexes if the Duplex is Auto Advertise Speed Whe...

Страница 74: ...ame Size Enter the maximum frame size allowed for the switch port including FCS The range is 1518 10240 bytes Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions default Restart Restart backoff algorithm after 16 collisions Frame Length Check Configures if frames with incorrect frame length in the EtherType Length field shall be dropped An ...

Страница 75: ...scription Source MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address Calculates the destination port of the frame You can check this box to enable the destination MAC address or uncheck to disable By default Destination MAC Address is disabled IP Addre...

Страница 76: ...r to static port trunks but they are more flexible because LACP is compliant with the IEEE 802 3ad standard Hence it is interoperable with equipment from other vendors that also comply with the standard This page allows you to enable LACP functions to group ports together to form single virtual links and change associated settings thereby increasing the bandwidth between the switch and other LACP ...

Страница 77: ...er speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet Prio The Prio controls the priority of the port range 1 65535 If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be activ...

Страница 78: ...ic refresh of the page at regular intervals LACP Port Status This page provides an overview of the LACP status for all ports Label Description Port Switch port number LACP Yes means LACP is enabled and the port link is up No means LACP is not enabled or the port link is down Backup means the port cannot join in the aggregation group unless other ports are removed The LACP status is disabled Key Th...

Страница 79: ...or all ports Label Description Port Switch port number LACP Transmitted The number of LACP frames sent from each port LACP Received The number of LACP frames received at each port Discarded The number of unknown or illegal LACP frames discarded at each port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals Clear Click t...

Страница 80: ...ach port The valid value is 1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled when a loop is detected shutting down the port The valid value is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Label Description Port Switch port number Enable Activate loop protection functions as a whole Action Co...

Страница 81: ...lobal VLAN Configuration Label Description Allowed Access VLANs This field shows the allowed Access VLANs i e it only affects ports configured as Access ports Ports in other modes are members of the VLANs specified in the Allowed VLANs field By default only VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specified ...

Страница 82: ...will get when the mode is applied Access Access ports are normally used to connect to end stations Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN a k a Access VLAN which by default is 1 Accepts untagged and C tagged frames Discards all frames not classified to the Access VLAN...

Страница 83: ...re Ingress filtering can be controlled Ingress acceptance of frames and configuration of egress tagging can be configured independently Port VLAN Determines the port s VLAN ID a k a PVID Allowed VLANs are in the range 1 through 4095 default being 1 On ingress frames get classified to the Port VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the p...

Страница 84: ...cept Tagged Only frames see Ingress Acceptance below frames without this TPID are dropped If frames must be tagged on egress they will be tagged with an S tag S Custom Port On ingress frames with a VLAN tag with a TPID equal to the Ethertype configured for Custom S ports get classified to the VLAN ID embedded in the tag Priority tagged frames are classified to the Port VLAN If the port is configur...

Страница 85: ...ss Untag Port VLAN Frames classified to the Port VLAN are transmitted untagged Other frames are transmitted with the relevant tag Tag All All frames whether classified to the Port VLAN or not are transmitted with a tag Untag All All frames whether classified to the Port VLAN or not are transmitted without a tag This option is only available for ports in Hybrid mode Allowed VLANs Ports in Trunk and...

Страница 86: ...ht allows for selecting between showing VLAN memberships as configured by an administrator Admin or as configured by one of these internal software modules The Combined entry will show a combination of the administrator and internal software modules configuration and basically reflects what is actually configured in hardware VLAN ID VLAN ID for which the Port members are displayed Port Members A r...

Страница 87: ...tually configured in hardware If a given software modules hasn t overridden any of the port settings the text No data exists for the selected user is shown in the table Port The logical port for the settings contained in the same row Port Type Shows the port type Unaware C Port S Port S Custom Port that a given user wants to configure on the port The field is empty if not overridden by the selecte...

Страница 88: ...flict which is solved in a prioritized way The Administrator has the least priority Other software modules are prioritized according to their position in the drop down list The higher in the list the higher priority If conflicts exist it will be displayed as Yes for the Combined user and the offending software module The Combined user reflects what is actually configured in hardware 6 4 4 Private ...

Страница 89: ... private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding a New Static Entry Click Add New Private WLAN to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are not accepte...

Страница 90: ...Q 2005 clause 11 GVRP is an example of the use of GARP hence the G in GVRP GVRP Config This page allows you to configure the global GVRP configuration settings that are commonly applied to all GVRP enabled ports Label Description Enable VRRP Globally The GVRP feature is globally enabled by setting the check mark in the checkbox named Enable GVRP and pressing the Save button GVRP Protocol Timers Jo...

Страница 91: ...This number can only be changed when GVRP is turned off Port Config This page allows you to enable or disable a port for GVRP operation This configuration can be performed either before or after GVRP is configured globally the protocol operation will be the same Label Description Port The logical port that is to be configured Mode Mode can be either Disabled or GVRP enabled These values turn the G...

Страница 92: ...acters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table Write Community Indicates the write community string to permit access to SNMP agent The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv...

Страница 93: ...n Possible versions include SNMP v1 supports SNMP trap version 1 SNMP v2c supports SNMP trap version 2c SNMP v3 supports SNMP trap version 3 Trap Community Indicates the community access string when sending SNMP trap packets The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed Trap Destination Address Indicates the SNMP trap destination address It allow a vali...

Страница 94: ... inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Configures the retry times for SNMP trap inform The allowed range is 0 to 255 Trap Probe Secuirty Engine ID Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID mode of operation Disabled Disable SNMP trap probe security engine ID mode of operat...

Страница 95: ...itted to generate authentication failure traps Possible modes are Link Up Enable disable Link up trap Link Down Enable disable Link down trap LLDP Enable disable LLDP trap Authentication Indicates that the authentication group s traps Possible traps are SNMP Authentication Fail Enable disable SNMP trap authentication failure trap Switch Indicates the Switch group s traps Possible traps are STP Ena...

Страница 96: ...this entry should belong to The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed The SNMPv3 architecture uses User based Security Model USM for message security and View based Access Control Model VACM for access control For the USM entry the usmUserEngineID and usmUserName are the entry keys In a simple agent usmUserEngineID is alwa...

Страница 97: ...value of security level cannot be modified if the entry already exists which means the value must be set correctly at the time of entry creation Authentication Password A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 Only ASCII characters from 33 to 126 are ...

Страница 98: ...ty Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed 6 5 6 SNMP View Configurations This page allows you to confi...

Страница 99: ...xcluded entry OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 6 5 7 SNMP Access Configurations This page allows you to configure SNMPv3 access table The entry index keys are Group Name Security Model and Security Level Label Description Delete Check to delete the entry It will ...

Страница 100: ...2 and only ASCII characters from 33 to 126 are allowed Write View Name The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed 6 5 8 RMON Statistics Configuration Label Description Delete Check to delete the entry It will be deleted during the next save ID Indic...

Страница 101: ...ed in the RMON Alarm Configuration Label Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold The range is from 1 to 2 31 1 Variable Indicates the particular variable to be sampled the possible variab...

Страница 102: ...g the value to be compared against the thresholds possible sample types are Absolute Get the sample directly Delta Calculate the difference between samples default Value The value of the statistic during the last sampling period Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are RisingTrigger alarm wh...

Страница 103: ...munity when trap is sent the string length is from 0 to 127 default is public Event Last Time Indicates the value of sysUpTime at the time this event entry last generated an event Statistics Stauts Label Description ID Indicates the index of Statistics entry Data Source The port ID which wants to be monitored Octets The total number of events in which packets were dropped by the probe due to lack ...

Страница 104: ...uding bad packets received that were 64 octets in length 65 127 The total number of packets including bad packets received that are between 65 to 127 octets in length 128 255 The total number of packets including bad packets received that are between 128 to 255 octets in length 256 511 The total number of packets including bad packets received that are between 256 to 511 octets in length 512 1023 ...

Страница 105: ...d a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Undersize The total number of packets received that were less than 64 octets Oversize The total number of packets received that were longer than ...

Страница 106: ...calculating the value to be compared against the thresholds Value The value of the statistic during the last sampling period Startup Alarm The alarm that may be sent when this entry is first set to valid Rising Threshold Rising threshold value Rising Index Rising threshold value Filing Threshold Falling threshold value Falling Index Falling event index Event Status Label Description Event Index In...

Страница 107: ...lopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Note frames sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited to this rate The management VLAN is configured on the IP setup page Label Description Frame Type The settings in a partic...

Страница 108: ...abel Description Frame Type The frame type for which the configuration below applies Enable Enable or disable the storm policer status for the given frame type Rate Controls the rate for the port storm policer This value is restricted to 10 13128147 when Unit is fps or kbps and 1 13128 when Unit is kfps or Mbps The rate is internally rounded up to the nearest value supported by the port storm poli...

Страница 109: ...is classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS class PCP value 0 1 2 3 4 5 6 7 QoS class 1 0 2 3 4 5 6 7 If the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified t...

Страница 110: ...the frame is classified to the default PCP value DEI Controls the default DEI value All frames are classified to a DEI value If the port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value Tag Class Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP ...

Страница 111: ...Port DSCP settings for all switch ports Label Description Port Shows the list of ports for which you can configure DSCP Ingress and Egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress 1 Translate 2 Classify 1 Translate Check to enable ingress translation 2 Classif...

Страница 112: ...ked with a remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation Egress Remap DP0 table or from the DSCP Translation Egress Remap DP1 table 6 6 5 Port Policing This page allows you to configure Policer settings for all switch ports Label Description Port The port number for which the configuration below applies Enable Check to ...

Страница 113: ... Check to enable queue policer for individual switch ports Rate Configures the rate of each queue policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and is restricted to 1 to 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enabled Unit Configures the unit of measurement for each queue policer rate as kbps o...

Страница 114: ...o 100 to 1000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate for each queue shaper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use excess bandwidth Port Shaper Enable Check to enable por...

Страница 115: ...hether the scheduler mode is Strict Priority or Weighted on this switch port Queue Shaper Enable Check to enable queue shaper for individual switch ports Queue Shaper Rate Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate of...

Страница 116: ...ual switch ports Port Shaper Rate Configures the rate of each port shaper The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Port Shaper Unit Configures the unit of measurement for each port shaper rate as kbps or Mbps The default value is kbps 5 6 8 Port Scheduler This page provides an overview of QoS E...

Страница 117: ...gure the shapers Mode Shows disabled or actual queue shaper rate e g 800 Mbps Qn Shows disabled or actual port shaper rate e g 800 Mbps 5 6 10 DSCP Based QoS This page allows you to configure basic QoS DSCP based QoS Ingress Classification settings for all switches Label Description DSCP Maximum number of supported DSCP values is 64 Trust Check to trust a specific DSCP value Only frames with trust...

Страница 118: ...onfigure basic QoS DSCP translation settings for all switches DSCP translation can be done in Ingress or Egress Label Description DSCP Maximum number of supported DSCP values is 64 and valid DSCP value ranges from 0 to 63 Ingress Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate D...

Страница 119: ...SCP value from a selected menu to which you want to remap DSCP value ranges from 0 to 63 5 6 12 DSCP Classification This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value Label Description QoS Class Actual QoS class DPL Actual Drop Precedence Level DSCP Select the classified DSCP value 0 63 5 6 13 QoS Control List This page allows you to edit or insert a...

Страница 120: ... of VLAN ID can be any value from 1 to 4095 Any user can enter either a specific value or a range of VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 a range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator can be any of values between 0 and 1 or Any SMAC Source MAC Address can be 24 MS bits OUI or Any DMAC Type Destination MAC type can be unicast UC multicast MC broa...

Страница 121: ...cific Source IP address in value mask format or Any IP and mask are in the format of x y z w where x y z and w are decimal numbers between 0 and 255 When the mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE C...

Страница 122: ...fault classified value is not modified by this QCE 5 6 14 QoS Statistics QoS Counters This page provides the statistics of individual queues for all switch ports Label Description Port The switch port number to which the following settings will be applied Qn There are 8 QoS queues per port Q0 is the lowest priority Rx Tx The number of received and transmitted packets per queue 5 6 15 QCL Status Th...

Страница 123: ...ken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to a value displayed under DPL column DSCP if a frame matches the QCE then DSCP will be classified with the value di...

Страница 124: ...which the configuration below applies DPL The Drop Precedence Level for which the configuration below applies Enable Controls whether RED is enabled for this entry Min Controls the lower RED fill level threshold If the queue filling level is below this threshold the drop probability is zero This value is restricted to 0 100 Max Controls the upper RED drop probability or fill level threshold for fr...

Страница 125: ... level is just below 100 If Max Unit is Fill Level the red line Max controls the fill level where drop probability reaches 100 This configuration makes it possible to reserve a portion of the queue exclusively for frames marked with Drop Precedence Level 0 green frames The reserved portion is calculated as 100 Max Frames marked with Drop Precedence Level 0 green frames are never dropped The drop p...

Страница 126: ...re hosts and routers run the SSM service model for the groups in the address range Assign valid IPv4 multicast address as prefix with a prefix length from 4 to 32 for the range Leaver Proxy Enabled Enable IGMP Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enable Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary...

Страница 127: ...sest VLAN Table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Label Description Delete Check to delete the entry The designated entry will be deleted during the next save VLAN ID The VLAN ID of the entry IGMP Snooping Enable Check to enab...

Страница 128: ...e is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds QRI Query Response Interval The Maximum Response Delay used to calculate the Maximum Response Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response ...

Страница 129: ... of received V1 reports V2 Reports Receive The number of received V2 reports V3 Reports Receive The number of received V3 reports V2 Leave Receive The number of received V2 leave packets Refresh Click to refresh the page immediately Clear Clear all statistics counters Auto refresh Check to enable an automatic refresh of the page at regular intervals Port Switch port number Status Indicates whether...

Страница 130: ...cast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry Label Description VLAN ID The VLAN ID of the group Groups The group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Inclu...

Страница 131: ... associated with the designated profile 6 7 2 MVR This page provides MVR related configurations The MVR feature enables multicast traffic forwarding on the Multicast VLANs In a multicast television application a PC or a network television or a set top box can receive the multicast stream Multiple set top boxes or PCs can be connected to one subscriber port which is a switch port configured as an M...

Страница 132: ...h of the MVR VLAN Name string is 16 MVR VLAN Name can only contain alphabets or numbers When the optional MVR VLAN name is given it should contain at least one alphabet MVR VLAN name can be edited for the existing MVR VLAN entries or it can be added to the new entries IGMP Address Define the IPv4 address as source address used in IP header for IGMP control frames The default IGMP address is not se...

Страница 133: ...ce channel is not allowed to have overlapped permit group address Profile Management Button You can inspect the rules of the designated profile by using the following button List the rules associated with the designated profile Port The logical port for the settings Port Role Configure an MVR port of the designated MVR VLAN as one of the following roles Inactive The designated port does not partic...

Страница 134: ...spectively IGMPv1 Join Reeived The number of Received IGMPv1 Join s IGMPv2 MLDv1 Report s Received The number of Received IGMPv2 Join s and MLDv1 Report s respectively IGMPv3 MLDv2 Report s Received The number of Received IGMPv1 Join s and MLDv2 Report s respectively IGMPv2 MLDv1 Leave s Received The number of Received IGMPv2 Leave s and MLDv1 Done s respectively MVR Channel Group Label Descriptio...

Страница 135: ...roup Address basis It can be either Include or Exclude Source Address IP Address of the source Currently the maximum number of IP source address for filtering per group is 8 When there is no any source filtering address the text None is shown in the Source Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Indicates whether data plane destined to the specific grou...

Страница 136: ...own shuts down the port No Link Alive Check Active Check to enable alive check When enabled switch will ping the device continually Alive Check Status Indicates alive check status Possible statuses are disable Got Reply receive ping reply from device meaning the device is still alive Lost Reply not receiving ping reply from device meaning the device might have been dead Stream Check Active Check t...

Страница 137: ...Device IP Address Specifies IP address of the device Device MAC Address Specifies MAC address of the device Advanced Configurations Alias IP Address This page provides Alias IP Address configuration Some devices might have more than one IP addresses You could specify the other IP address here Label Description Alias IP Address Specifies alias IP address Keep 0 0 0 0 if the device does not have an ...

Страница 138: ...les PoE power DDoS Prevention This page provides DDOS Prevention configurations The switch can monitor ingress packets and perform actions when DDOS attack occurred on this port You can configure the setting to achieve maximum protection Label Description Mode Enables or disables DDOS prevention of the port Sensibility Indicates the level of DDOS detection Possible levels are Low low sensibility N...

Страница 139: ...or TCP please choose the socket direction Destination Source Action Indicates the action to take when DDOS attacks occur Possible actions are no action Blocking 1 minute blocks the forwarding for 1 minute and log the event Blocking 10 minute blocks the forwarding for 10 minutes and log the event Blocking blocks and logs the event Shunt Down the Port shuts down the port No Link and logs the event O...

Страница 140: ...ypes Possible types are no specification IP Camera IP Phone Access Point PC PLC and Network Video Recorder Location Address Indicates location information of the device The information can be used for Google Mapping Description Device descriptions Stream Check This page allows you to configure stream check settings ...

Страница 141: ... Access Management Configuration You can configure access management table on this page If the application s type match any one of the access management entries it will allow access to the switch Label Description Delete Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID for the access management entry Start IP Address The start IP address for the access manageme...

Страница 142: ... host can access the switch from TELNET SSH interface if the host IP address matches the IP address range provided in the entry Statistics This page provides an overview of access management configurations 6 8 3 IP Source Guard IP source guard can prevent traffic attacks if a host tries to use the IP address of its neighbor You can enable IP source guard when DHCP snooping is enabled on an untrust...

Страница 143: ...he next save Port The logical port for the settings VLAN ID The vlan id for the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Dynamic Table This page shows entries in the Dynamic IP Source Guard table The default value is 20 The Start from port address VLAN MAC address and IP address input fields allow you to select the starting point in the table Label Descr...

Страница 144: ...e default value is Permit Rate Limiter ID Select a rate limiter for the port The allowed values are Disabled or numbers from 1 to 15 The default value is Disabled Port Redirect Indicates the port redirect operation implemented by the ACE Frames matching the ACE are redirected to the listed port Mirror Select which port frames are copied to The allowed values are Disabled or a specific port number ...

Страница 145: ...ttings contained in the same row Rate The rate unit is packet per second pps which can be configured as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps Unit Specify the unit for the rate ACL Control List This page allows you to configure ACE Access Control Entry An ACE consists of several parameters These parameters vary with the frame...

Страница 146: ...hexadecimal ARP only ARP frames can match the ACE Notice the ARP frames will not match the ACE with Ethernet type IPv4 only IPv4 frames can match the ACE Notice the IPv4 frames will not match the ACE with Ethernet type Action Specifies the action to take when a frame matches the ACE Permit takes action when the frame matches the ACE Deny drops the frame matching the ACE Rate Limiter Specifies the ...

Страница 147: ...C filter is specified SMAC filter status is don t care Specific if you want to filter a specific source MAC address with the ACE choose this value A field for entering an SMAC value appears SMAC Value When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is xx xx xx xx xx xx Frames matching the ACE will use this SMAC value DMAC Filter Specifies ...

Страница 148: ... don t care Specific if you want to filter a specific VLAN ID with the ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 Frames matching the ACE will use this VLAN ID value Tag Priority Specifies the tag priority for the ACE A frame matching the ACE will...

Страница 149: ...r IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear For more details of these fields please refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear For more details of these fields please refer to the help file IP Protocol Value Specific allows you to enter a specific value The allowed range is 0 to ...

Страница 150: ...ource IP address in the SIP Address field that appears Network source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation SIP Mask When Network is selected for the source IP filter you can e...

Страница 151: ...ust have ARP Reply or RARP Reply OP flag Sender IP Filter Specifies the sender IP filter for the ACE Any no sender IP filter is specified sender IP filter is don t care Host sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fi...

Страница 152: ...e SMAC address 1 ARP frames where SHA is equal to the SMAC address Any any value is allowed don t care RARP SMAC Match Specifies whether frames will meet the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address Any any value is allowed don t care IP Ethernet Length Specifie...

Страница 153: ...want to filter a specific ICMP filter with the ACE you can enter a specific ICMP value A field for entering an ICMP value appears ICMP Type Value When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for the ACE Any no ICMP code filter is speci...

Страница 154: ...ic is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source value...

Страница 155: ...frames where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any value is allowed don t care TCP SYN Specifies the TCP SYN synchronize sequence numbers value for the ACE 0 TCP frames where the SYN field is set must not be able to match this entry 1 TCP frames where the SYN field is set must be able to match this...

Страница 156: ...hich can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this time frame we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals o...

Страница 157: ...rver identifier NAS ID for the interface The NAS ID is sent to the RADIUS server by the controller as a RADIUS client using the authentication request which is used to classify users to different groups You can enter up to 32 alphanumeric characters Delete Click to delete an entry from the table Hostname Specifies the host name of the RADIUS server The maximum supported length for the AAA RADIUS h...

Страница 158: ...val the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead Dead Time The dead time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to c...

Страница 159: ...server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not yet up and running Ready the server is enabled IP communications are built and the RADIUS module is ready to accept access attempts Dead X seconds left access attempts are made to this server but it does not reply within the configured timeout The server has...

Страница 160: ...tion One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the authentication configuration page MAC based authentication allows for authentication of more than one user on the same port and does not require the users to have special 802 1X software installed on their system The switch uses the use...

Страница 161: ...it to open up or block traffic on the switch port connected to the supplicant Note in an environment where two backend servers are enabled the server timeout is configured to X seconds using the authentication configuration page and the first server in the list is currently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it will never b...

Страница 162: ... therefore MAC based authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients do npt need special supplicant software to authenticate The disadvantage is that MAC addresses can be sp...

Страница 163: ...abled on the switch If globally disabled all ports are allowed to forward frames Reauthentication Enabled If checked clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port For MAC based ports reauthentication is only useful if the ...

Страница 164: ...y module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds For ports in MAC based Auth mode reauthentication does not cause direct communications between the switch and the client so this will not...

Страница 165: ...uthentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is v...

Страница 166: ... This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Single 802 1X variant Single 802 1X is not yet an IEEE standard but features many of the same characteristics as port based 802 1X In Single 802 1X at mo...

Страница 167: ... obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using...

Страница 168: ...tage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality Port State The current state of the port It can undertake one of the following values Glob...

Страница 169: ...ew of the current NAS port states Label Description Port The switch port number Click to navigate to detailed 802 1X statistics of each port Admin State The port s current administrative state Refer to NAS Admin State for more details regarding each value Port State The current state of the port Refer to NAS Port State for more details regarding each value Last Source The source MAC address carrie...

Страница 170: ...port details to be displayed Label Description Admin State The port s current administrative state Refer to NAS Admin State for more details regarding each value Port State The current state of the port Refer to NAS Port State for more details regarding each value EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorize...

Страница 171: ...e This information is available for the following administrative states 802 1X MAC based Auth 6 8 9 ARP Inspecition This page allows you to configure the Random Early Detection RED settings Through different RED configuration for the queues QoS classes it is possible to obtain Weighted Random Early Detection WRED operation between queues The settings are global for all ports in the switch ...

Страница 172: ...ed for this entry Min Controls the lower RED fill level threshold If the queue filling level is below this threshold the drop probability is zero This value is restricted to 0 100 Max Controls the upper RED drop probability or fill level threshold for frames marked with Drop Precedence Level 0 yellow frames This value is restricted to 1 100 Max Unit Selects the unit for Max Possible values are Dro...

Страница 173: ...cks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period Aging Period You can specify the aging period in seconds The Aging Period can be set to a number between 10 and 10 000 000 seconds Label Description Mode Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Ena...

Страница 174: ...ort by disconnecting the cable the port will remain shut down Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port...

Страница 175: ...his is used in the Users column in the port status table Label Description Users Each of the user modules has a column that shows whether that module has enabled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security State Shows the current state of the port which i...

Страница 176: ...it Control configuration Web page MAC Count The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the port the Limit column will show a da...

Страница 177: ...y module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown 6 9 Warning 6 9 1 Fault Alarm When any selected fa...

Страница 178: ...oes not exist Possible modes are Enabled enable server mode Disabled disable server mode Server Address Indicates the IPv4 host address of syslog server If the switch provides DNS functions it also can be a host name Syslog Level Select the severity level for the syslog messages to be logged The list contains Error Log error messages Warning Log warning messages Notice Log messages that represent ...

Страница 179: ...ds out alert when SNMP authentication fails Redundant Ring Topology Change Sends out alerts when Redundant Ring topology changes Port Event SYSLOG Disable Link Up Link Down Link Up Link Down Apply Click to activate the configurations Help Shows help file 6 10 Monitor and Diag 6 10 1 MAC Table The MAC address table can be configured on this page You can set timeouts for entries in the dynamic MAC t...

Страница 180: ... Time seconds The allowed range is 10 to 1000000 seconds You can disable the automatic aging of dynamic entries by checking Disable Automatic Aging MAC Table Learning If the learning mode for a given port is grayed out it means another module is in control of the mode and thus the user cannot change the configurations An example of such a module is MAC Based authentication under 802 1X You can con...

Страница 181: ...witches The MAC table is sorted first by VLAN ID and then by MAC address Label Description Delete Check to delete an entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck to modify the entry Adding New Static Entry Click to add a new entry to th...

Страница 182: ...the displayed table starting from that or the closest next MAC table match In addition the two input fields will upon clicking Refresh assume the value of the first displayed entry allows for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When it reaches the end the text no more entries is ...

Страница 183: ...ort Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Auto refresh Check to enable an automatic refresh of the page at regular intervals Refresh Updates the counter entries starting from the current entry ID Clear Flushes all counters entries Detailed Statistics This page provides detailed traffic stat...

Страница 184: ...of MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Rx Drops The number of frames dropped due to insufficient receive buffer or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short1 frames received with a valid CRC Rx Oversize The number of long2 frames received with a ...

Страница 185: ...own as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Port to mirror is also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled option disables mirroring Label Description Mode Enable or disable this function Type Mirror the switch is running o...

Страница 186: ...or mode Disabled Neither frames transmitted nor frames received are mirrored Both Frames received and frames transmitted are mirrored on the Intermediate Destination port Rx only Frames received on this port are mirrored on the Intermediate Destination port Frames transmitted are not mirrored Tx only Frames transmitted on this port are mirrored on the Intermediate Destination port Frames received ...

Страница 187: ...ll Log all messages Time The time of the system log entry Message The MAC address of the switch Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Updates system log entries starting from the current entry ID Clear Flushes all system log entries Updates system log entries starting from the first available entry ID Updates system log entries ending a...

Страница 188: ...and you can view the cable diagnostics results in the cable status table Note that VeriPHY diagnostics is only accurate for cables 7 140 meters long 10 and 100 Mbps ports will be disconnected while running VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port The port for which Ver...

Страница 189: ...es to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2 time 0ms 64 bytes from 10 10 132 20 icmp_seq 3 time 0ms 64 bytes from 10 10 132 20 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad You can configure the following properties of t...

Страница 190: ...POE 6 11 1 Configuration PoE Power Over Ethernet is a technology that transmits electrical power to devices such as IP telephones wireless LAN access points and IP cameras over standard Ethernet cables The ability is very useful in places where power supply is difficult or expensive deploy Label Description Reserved Power There are three modes available when configuring the ...

Страница 191: ...de the maximum power fields will gray out In all of the abovementioned modes if a port uses more power than the reserved power for the port the port is shut down Power Management Mode There are two modes available when configuring when to shut down the port Actual Consumption the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply c...

Страница 192: ... for selecting PoE operations The modes include Disabled disable PoE PoE enable PoE IEEE 802 3af Class 4 PDs limited to 15 4W PoE enable PoE IEEE 802 3at Class 4 PDs limited to 30W Priority Indicates port priority There are three levels of power priority Low High and Critical The priority is used when remote devices require more power than the power supply can deliver The port with the lowest prio...

Страница 193: ...rent Used Shows how much current the PD currently is using Priority Shows the port s priority configured by the user Port Status Shows the port s status The status can be one of the following values PoE not available no PoE chip found PoE turned OFF PoE is disabled by user PoE turned OFF power budget exceeded The total requested or used power by the power devices exceeds the maximum power the powe...

Страница 194: ...figuration files Simply select the files to be activated or deleted and press the button 6 12 1 Activate 6 12 2 Delete 6 13 Save You can save current configurations as a startup configuration file 6 14Troubleshooting 6 14 1 Factory Defaults You can reset the configuration of the stack switch on this page Only the IP configuration is retained ...

Страница 195: ... to factory defaults No Click to return to the Port State page without resetting 6 14 2 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you have powered on the devices Label Description Yes Click to reboot device No Click to return to the Port State page without rebooting ...

Страница 196: ...Processing Store and Forward Switch Properties Switching latency 7 us Switching bandwidth 96Gbps Max Number of Available VLANs 4095 IGMP multicast groups 128 for each VLAN Port rate limiting User Define Jumbo frame Up to 9 6K Bytes Security Features Device Binding security feature Enable disable ports MAC based port security Port based network access control 802 1x VLAN 802 1Q to segregate and sec...

Страница 197: ...or port Link Act indicator Fault contact Relay Relay output to carry capacity of 3A at 24VDC on M12 connector A coding female connector Power Redundant Input power 72 96 110VDC 50 4 154VDC on 5 pin S coding male connector Power consumption Typ 41 Watts power consumption of P S E is not included Overload current protection Present Reverse Polarity Protection Present Physical Characteristic Enclosur...

Результаты поиска

Содержание TRGPS-9084TG-M12X-BP2-MV

Отзывы:

Бренды по названию

Популярные бренды

ORiNG TRGPS-9084TG-M12X-BP2-MV, Руководство пользователя

Результаты поиска

Содержание TRGPS-9084TG-M12X-BP2-MV

Отзывы:

Бренды по названию

Популярные бренды