Planet GS-5220-16S8C Скачать руководство пользователя страница 150

Страница: 150 / 353

User’s Manual of GS-5220-16S8C & GS-5220-16S8CR

150



MSTP

The number of MSTP Configuration BPDU's received/transmitted on the port.



RSTP

The number of RSTP Configuration BPDU's received/transmitted on the port.



STP

The number of legacy STP Configuration BPDU's received/transmitted on the

port.



TCN

The number of (legacy) Topology Change Notification BPDU's

received/transmitted on the port.



Discarded Unknown

The number of unknown Spanning Tree BPDU's received (and discarded) on the

port.



Discarded Illegal

The number of illegal Spanning Tree BPDU's received (and discarded) on the

port.

Buttons

Auto-refresh

: Automatic refresh occurs every 3 seconds.

: Click to refresh the Page immediately.

: Clears the counters for all ports.

Содержание GS-5220-16S8C

Страница 1: ...User s Manual of GS 5220 16S8C GS 5220 16S8CR 1 ...

Страница 2: ...ed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful int...

Страница 3: ... Indications 22 2 1 3 Switch Rear Panel 24 2 2 Installing the Switch 26 2 2 1 Desktop Installation 26 2 2 2 Rack Mounting 27 2 2 3 Installing the SFP Transceiver 28 3 SWITCH MANAGEMENT 32 3 1 Requirements 32 3 2 Management Access Overview 33 3 3 Administration Console 34 3 4 Web Management 35 3 5 SNMP based Network Management 36 3 6 PLANET Smart Discovery Utility 36 4 WEB CONFIGURATION 38 4 1 Main...

Страница 4: ...figuration Download 67 4 2 21 Configuration Upload 68 4 2 22 Configuration Activate 68 4 2 23 Configuration Delete 69 4 2 24 Image Select 69 4 2 25 Factory Default 70 4 2 26 System Reboot 71 4 3 Simple Network Management Protocol 72 4 3 1 SNMP Overview 72 4 3 2 SNMP System Configuration 73 4 3 3 SNMP Trap Configuration 75 4 3 4 SNMP System Information 77 4 3 5 SNMPv3 Configuration 78 4 3 5 1 SNMPv...

Страница 5: ... Private VLAN 117 4 6 7 Port Isolation 118 4 6 8 VLAN setting example 121 4 6 8 1 Two Separate 802 1Q VLANs 121 4 6 8 2 VLAN Trunking between two 802 1Q aware switches 123 4 6 8 3 Port Isolate 126 4 6 9 MAC based VLAN 127 4 6 10 MAC based VLAN Status 128 4 6 11 Protocol based VLAN 129 4 6 12 Protocol based VLAN Membership 131 4 7 Spanning Tree Protocol 132 4 7 1 Theory 132 4 7 2 STP System Configu...

Страница 6: ... 174 4 8 17 MVR Status 177 4 8 18 MVR Groups Information 178 4 8 19 MVR SFM Information 179 4 9 Quality of Service 181 4 9 1 Understanding QoS 181 4 9 2 Port Policing 182 4 9 3 Port Classification 183 4 9 4 Port Scheduler 185 4 9 5 Port Shaping 186 4 9 5 1 QoS Egress Port Schedule and Shapers 187 4 9 6 Port Tag Remarking 188 4 9 6 1 QoS Egress Port Tag Remarking 189 4 9 7 Port DSCP 190 4 9 8 DSCP ...

Страница 7: ...Details 254 4 11 10 Windows Platform RADIUS Server Configuration 260 4 11 11 802 1X Client Configuration 265 4 12 Security 268 4 12 1 Port Limit Control 268 4 12 2 Access Management 272 4 12 3 Access Management Statistics 273 4 12 4 HTTPs 274 4 12 5 SSH 274 4 12 6 Port Security Status 275 4 12 7 Port Security Detail 278 4 12 8 DHCP Snooping 279 4 12 9 Snooping Table 281 4 12 10 IP Source Guard Con...

Страница 8: ... 319 4 17 RMON 320 4 17 1 RMON Alarm Configuration 320 4 17 2 RMON Alarm Status 322 4 17 3 RMON Event Configuration 323 4 17 4 RMON Event Status 324 4 17 5 RMON History Configuration 325 4 17 6 RMON History Status 326 4 17 7 RMON Statistics Configuration 327 4 17 8 RMON Statistics Status 328 5 SWITCH OPERATION 330 5 1 Address Table 330 5 2 Learning 330 5 3 Forwarding Filtering 330 5 4 Store and Fo...

Страница 9: ...User s Manual of GS 5220 16S8C GS 5220 16S8CR APPENDIX B GLOSSARY 335 9 ...

Страница 10: ...ots with 8 port Shared TP Managed Switch AC DC Redundant Power Managed Switch is used as an alternative name in this user s manual 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items Managed Switch x 1 Quick Installation Guide x 1 RJ 45 to RS232 Cable x 1 SFP Dust Cap x 24 Rubber Feet x 4 Rack mount Accessory Kit x 1 Power Cord ...

Страница 11: ...ode fiber and up to above 10 20 30 40 50 70 120 kilometers single mode fiber or WDM fiber They are well suited for applications within the enterprise data centers and distributions That means the administrator now can flexibly choose the suitable SFP transceiver according to not only the transmission distance but also the transmission speed required PLANET GS 5220 16S8C and GS 5220 16S8CR Fiber Sw...

Страница 12: ...ert the users when there is something wrong with the switches With this ideal feature the users would not have to waste time to find where the problem is It will help to save time and human resource Solution for IPv6 Networking Faced with the increasingly large number of IP cameras and wireless APs installed and deployed in all kinds of applications more and more network facilities start to suppor...

Страница 13: ...ess TCP UDP ports or defined typical network applications Its protection mechanism also comprises of 802 1x Port based and MAC based user and device authentication With the private VLAN function communication between edge ports can be prevented to ensure user privacy Furthermore the GS 5220 16S8C and GS 5220 16S8CR provide DHCP Snooping IP Source Guard and Dynamic ARP Inspection functions to preve...

Страница 14: ...ANAGEMENT The section contains the information about the software function of the Managed Switch Section 4 WEB CONFIGURATION The section explains how to manage the Managed Switch by Web interface Section 5 SWITCH OPERATION The chapter explains how to do the switch operation of the Managed Switch Section 6 TROUBLESHOOTING The chapter explains how to do troubleshooting of the Managed Switch Appendix...

Страница 15: ...to 255 VLANs groups out of 4095 VLAN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Edge PVE Protocol based VLAN MAC based VLAN IP Subnet based VLAN Voice VLAN Supports Spanning Tree Protocol STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Supports Link Aggreg...

Страница 16: ...t based MAC based network access authentication IEEE 802 1X Authentication with Guest VLAN Built in RADIUS client to cooperate with the RADIUS servers RADIUS TACACS users access authentication IP based Access Control List ACL MAC based Access Control List ACL Source MAC IP address binding DHCP Snooping to filter distrusted DHCP messages Dynamic ARP Inspection discards ARP packets with invalid MAC ...

Страница 17: ...c technology provides the mechanism to detect and report potential cabling issues for TP ports ICMPv6 ICMPv4 Remote Ping Reset button for system reboot or reset to factory default SMTP Syslog SNMP Trap remote alarm System Log PLANET Smart Discovery Utility for deploy management Redundant Power System GS 5220 16S8CR 100 240V AC 36 60V DC Dual power redundant Active active redundant power failure pr...

Страница 18: ... default Dimensions W x D x H 440 x 200 x 44 5 mm 1U height Weight 2745g LED System PWR Greed DC Green GS 5220 16S8CR Only Fault Red FAN Red 10 100 1000T RJ45 Interfaces Port 1 to Port 8 1000Mbps LNK ACT Green 10 100Mbps LNK ACT Orange 100 1000Mbps SFP Interfaces Port 1 to Port 24 1000Mbps LNK ACT Green 100Mbps LNK ACT Orange Power Requirements AC AC 100 240V 50 60Hz AC 100 240V 50 60Hz Power Requ...

Страница 19: ...MLD Snooping MLD v1 v2 Snooping up to 255 multicast groups MLD Querier mode support Access Control List IP based ACL MAC based ACL Up to 256 entries Bandwidth Control Per port bandwidth control Ingress 100Kbps 1000Mbps Egress 100Kbps 1000Mbps Layer 3 Functions IP Interfaces Max 128 VLAN interfaces Routing Table Max 32 routing entries Routing Protocols IPv4 hardware Static Routing IPv6 hardware Sta...

Страница 20: ...tocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1X Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 RFC 2710 MLD version 1 FRC 3810 MLD version 2 Environm...

Страница 21: ... of GS 5220 16S8C GS 5220 16S8CR Front Panel Figure 2 1 2 Front Panels of GS 5220 16S8CR Gigabit TP interface 10 100 1000Base T Copper RJ45 Twist Pair Up to 100 meters SFP slot 100 1000Base X mini GBIC slot SFP Small form Factor Pluggable transceiver module From 550 meters to 2km multi mode fiber up to above 10 20 30 40 50 70 120 kilometers single mode fiber Console Port The console port is a RJ45...

Страница 22: ...he Managed Switch will then reboot and load the default settings as shown below Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 2 1 2 LED Indications The front panel LEDs indicate instant status of power and system status alarm status port links and data activity they help monitor and troubleshoot when needed Fi...

Страница 23: ...successfully established 1000 LNK ACT Green Blink To indicate that the switch is actively sending or receiving data over that port Lights To indicate the port is running in 10 100Mbps speed and successfully established 10 100 LNK ACT Orange Blink To indicate that the switch is actively sending or receiving data over that port Per 100 1000Base X SFP Interface Port 1 to Port 24 LED Color Function Li...

Страница 24: ...of the Managed Switch Plug the other end of the power cord into an electric service outlet and the power will be ready Power Notice The device is a power required device which means it will not work till it is powered If your networks should be active all the time please consider using UPS Uninterrupted Power Supply for your device It will prevent you from network data loss or network downtime In ...

Страница 25: ...GS 5220 16S8CR Figure 2 1 7 Rear Panel of GS 5220 16S8CR Warning Before connecting the DC power cable to the input terminal block of the GS 5220 16S8CR make sure that the power switch is in the OFF position and the DC power is OFF 25 ...

Страница 26: ... the desktop or the shelf near an AC power source as shown in Figure 2 2 1 Figure 2 2 1 Place the Managed Switch on the Desktop Step 3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and specifications Step 4 Connect the Managed Switch to network devices...

Страница 27: ...el positioned towards the front side Step 2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 2 2 shows how to attach brackets to one side of the Managed Switch Figure 2 2 2 Attach Brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would ...

Страница 28: ...abling and supply power to the Managed Switch 2 2 3 Installing the SFP Transceiver The sections describe how to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Managed Switch as the Figure 2 2 4 shows Figure 2 2 4 Plug in the SFP Transceiver 28 ...

Страница 29: ...avelength RX Operating Temp MFB FA20 100 WDM LC Single Mode 20km 1310nm 1550nm 0 60 MFB FB20 100 WDM LC Single Mode 20km 1550nm 1310nm 0 60 MFB TFA20 100 WDM LC Single Mode 20km 1310nm 1550nm 40 75 MFB TFB20 100 WDM LC Single Mode 20km 1550nm 1310nm 40 75 MFB TFA40 100 WDM LC Single Mode 40km 1310nm 1550nm 40 75 MFB TFB40 100 WDM LC Single Mode 40km 1550nm 1310nm 40 75 Gigabit Ethernet Transceiver...

Страница 30: ...50nm 40 75 MGB TLB60 1000 WDM LC Single Mode 60km 1550nm 1310nm 40 75 1 It is recommended to use PLANET SFP on the Managed Switch If you insert an SFP transceiver that is not supported the Managed Switch will not recognize it 1 Before we connect the GS 5220 16S8C GS 5220 16S8CR to the other network device we have to make sure both sides of the SFP transceivers are with the same media type for exam...

Страница 31: ...up the lever of the MGB module and turn it to a horizontal position 4 Pull out the module gently through the lever Figure 2 2 5 How to Pull Out the SFP Transceiver Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP module slot of the Managed Switch ...

Страница 32: ...ss Overview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations running Windows 2000 XP 2003 Vista 7 8 2008 MAC OS9 or later or Linux UNIX or other platforms compatible with TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect Terminal The above PC with COM Port DB9 R...

Страница 33: ...net functionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be c...

Страница 34: ...ged Switch s console serial port Figure 3 1 1 Console Management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight DB9 RS 232 cable is required to connect the switch to the PC After maki...

Страница 35: ...he Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch Figure 3 1 3 Web Management ...

Страница 36: ...anagement Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default getting and setting community strings for the Managed Switch is public Figure 3 1 5 SNMP Management 3 6 PLANET Smart Discovery Utility net Smart Discovery Utility from user s manual Deposit the Planet Smart Discovery Utility in ...

Страница 37: ...description for the devices 2 After setup is completed press Update Device Update Multi or Update All button to take effect The meaning of the 3 buttons above are shown as below Update Device use current setting on one single device Update Multi use current setting on choose multi devices Update All use current setting on whole devices in the list The same functions mentioned above also can be fou...

Страница 38: ...can be configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you have changed the default IP addres...

Страница 39: ...ogin screen in Figure 4 1 2 appears Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen appears as shown in Figure 4 1 3 Figure 4 1 3 Web Main Page Now you can use the Web management interface to continue the switch management or manage the Managed Switch by Web 39 ...

Страница 40: ...ace 4 1 Main Web Page The Managed Switch provides a Web based browser interface for configuring and managing it This interface allows you to access the Managed Switch using the Web browser of your choice This chapter describes how to use the Managed Switch s Web browser interface to configure and manage it Main Functions Menu Copper Port Link Status SFP Port Link Status Help Button Figure 4 1 4 We...

Страница 41: ...ameters manage and control the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can set up the Managed Switch by selecting the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Managed Switch Main Functions Menu 41 ...

Страница 42: ...r DHCP relay CPU Load This Page displays the CPU load using an SVG graph System Log The Managed Switch system log information is provided here Detailed Log The Managed Switch system detailed log information is provided here Remote Syslog Configure remote syslog on this Page SMTP Configuration Configuration SMTP parameters on this Page Fault Alarm Fault alarm control for the switch is configured on...

Страница 43: ...System Information System Name Location The system location configured in SNMP System Information System Location MAC Address The MAC Address of this Managed Switch Power Status The Status of Power Input type Temperature Indicates chipset temperature System Date The current GMT system time and date The system time is obtained through the configured NTP Server if any System Uptime The period of tim...

Страница 44: ...ctive IP configuration Object Description Mode Configure whether the IP stack should act as a Host or a Router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed between all interfaces IP Configurations DNS Server This setting controls the DNS name resolution done by the switch The following modes are supported From any DHCP interfaces The first DNS serv...

Страница 45: ...and 30 bits for a IPv4 address Address Provide the IP address of this Managed Switch A IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field IP Address IPv6 Mask Length The IPv6 network mask in number of bits prefix length Valid values are between 1 and 128 bits for a IPv6 address Delete Select this option to delete an ex...

Страница 46: ...e of the entry This may be LINK or IPv4 Address The current address of the interface of the given type IP Interfaces Status The status flags of the interface and or address Network The destination IP network or host address of this route Gateway The gateway address of this route IP Routes Status The status flags of the route IP Address The IP address of the entry Neighbor Cache Link Address The Li...

Страница 47: ...ivilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege leve...

Страница 48: ...he user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group Buttons Click to apply changes Click to undo any changes made locally and revert to...

Страница 49: ...Once the new user is added the new user entry shown in the Users Configuration Page Figure 4 2 6 User Configuration Page Screenshot If you forget the new password after changing the default password please press the Reset button on the front panel of the Managed Switch for over 10 seconds and then release it The current setting including VLAN will be lost and the Managed Switch will restore to the...

Страница 50: ... name and password and the screen in Figure 4 2 7 appears Figure 4 2 7 Privilege Levels Configuration Page Screenshot The Page includes the following fields Object Description Group Name The name identifying the privilege group In most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contain more than one The following description defines these privi...

Страница 51: ... Debug Only present in CLI Privilege Level Every privilege level group has an authorization level for the following sub groups Configuration read only Configuration execute read write Status statistics read only Status statistics read write e g for clearing of statistics Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 2 6 NTP Configurat...

Страница 52: ...each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 2 7 Time Configurati...

Страница 53: ...he time zone Range Up to 16 characters Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disable to disable the Daylight Saving Time configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure ...

Страница 54: ...locally and revert to previously saved values 4 2 8 UPnP Configure UPnP on this Page UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components The UPnP Configuratio...

Страница 55: ...ertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done at less than one half of the advertising duration In the implementation the switch sends SSDP messages periodically at the interv...

Страница 56: ...bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes representing the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equals 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value equ...

Страница 57: ...olicy When enabling DHCP relay information mode operation if agent receives a DHCP message that already contains relay agent information It will enforce the policy And it only works under DHCP relay information operation mode enabled Possible policies are Replace Replace the original relay information when receiving a DHCP message that already contains it Keep Keep the original relay information w...

Страница 58: ...rcuit ID Receive Bad Remote ID The packets number that the Remote ID option did not match known Remote ID Client Statistics Object Description Transmit to Client The packets number that relayed packets from server to client Transmit Error The packets number that erroneously sent packets to servers Receive from Client The packets number that received packets from server Receive Agent Option The pac...

Страница 59: ...ser must support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 14 appears Figure 4 2 14 CPU Load Page Screenshot Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seco...

Страница 60: ...of the system log Error Error level of the system log All All levels Clear Level To clear the system log entry level The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto refresh Check th...

Страница 61: ...Detailed Log screen in Figure 4 2 16 appears Figure 4 2 15 Detailed Log Page Screenshot The Page includes the following fields Object Description ID The ID 1 of the system log entry Message The message of the system log entry Buttons Download the system log entry to the current entry ID Updates the system log entry to the current entry ID Updates the system log entry to the first available entry I...

Страница 62: ...ledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation Syslog Server IP Indicates the IPv4 host address of syslog server If the switch provides DNS feature it also c...

Страница 63: ...hentication Controls whether SMTP authentication is enabled If authentication is required when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type the sender s E mail address This address is used for reply e mails E mail Subject Type t...

Страница 64: ...ollowing fields Object Description Enable Controls whether Fault Alarm is enabled on this switch Record Controls whether Record is sending System log or SNMP Trap or both Action Controls whether Port Fail or Power Fail or both for fault detecting Power Alarm Controls whether AC or DC or both for fault detecting Port Alarm Controls which Ports or all for fault detecting Buttons Click to apply chang...

Страница 65: ...n Page the system would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file with upload status 5 Once the software is loaded to the system successfully the following screen appears The system will load the new software after reboot Figure 4 2 21 Software Successfully Loaded Notice Screen DO NOT Power OFF the Managed...

Страница 66: ...Figure 4 2 22 appears Figure 4 2 22 TFTP Firmware Update Page Screenshot The Page includes the following fields Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmware DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade Pa...

Страница 67: ...irtual RAM based or stored in flash on the switch There are three system files running config A virtual file that represents the currently active configuration on the switch This file is volatile startup config The startup configuration for the switch read at boot time default config A read only file with vendor specific configuration This file is read when the system is restored to default settin...

Страница 68: ...e The current configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system files mentioned above plus two other files it is not possible to create new files but an existing file must be overwritten or another deleted first 4 2 22 Configuration Activate Configuration Ac...

Страница 69: ...wn below Figure 4 2 28 Configuration Delete Page Screenshot 4 2 24 Image Select This Page provides information about the active and alternate backup firmware images in the device and allows you to revert to the alternate image The web Page displays two tables with information about the active and alternate firmware images The Image Select screen in Figure 4 2 29 appears In case the active firmware...

Страница 70: ...sion The version of the firmware image Date The date where the firmware was produced Buttons Click to use the alternate image This button may be disabled depending on system state 4 2 25 Factory Default You can reset the configuration of the Managed Switch on this Page Only the IP configuration is retained The new configuration is available immediately which means that no restart is necessary The ...

Страница 71: ... System Reboot The Reboot Page enables the device to be rebooted from a remote location Once the Reboot button is pressed user have to re login the WEB interface about 60 seconds later the System Reboot screen in Figure 4 2 31 appears Figure 4 2 31 System Reboot Page Screenshot Buttons Click to reboot the system Click to return to the Port State Page without rebooting the system You can also check...

Страница 72: ... least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elements They collect and store management information such as the number of error packets received by a network element Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are define...

Страница 73: ... here SNMPv3 Communities Configure SNMPv3 communities table on this Page SNMPv3 Users Configure SNMPv3 users table on this Page SNMPv3 Groups Configure SNMPv3 groups table on this Page SNMPv3 Views Configure SNMPv3 views table on this Page SNMPv3 Access Configure SNMPv3 accesses table on this Page 4 3 2 SNMP System Configuration Configure SNMP on this Page The SNMP System Configuration screen in F...

Страница 74: ...es the community write access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMP...

Страница 75: ...the allowed content is ASCII characters from 33 to 126 Trap Mode Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported ...

Страница 76: ...ut seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Trap Probe Security Engine ID Indicates the SNMPv3 trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID mode of operation Disabled Disable SNMP trap probe se...

Страница 77: ...owing fields Object Description System Contact The textual identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain n...

Страница 78: ...the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of s...

Страница 79: ...the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID equal system engine ID then it is local user otherwise it s remote user User Name A string identifying the user name that this entry should belong to The a...

Страница 80: ...Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol DES An optional flag to indicate that this user using DES authentication protocol AES An optional flag to indicate that this user uses AES authentication protocol Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the ...

Страница 81: ...p Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new group entry Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 3 5 4 SNMPv3 Views Configure SNMPv3 views table on this Page The entry index keys a...

Страница 82: ... add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Buttons Click to add a new view entry Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 3 5 5 SNMPv3 Access Configure SNMPv3 accesses table on this Page The entry index keys are Group Name Security Model and Security Level The SNMPv3...

Страница 83: ...uthentication and none privacy Auth Priv Authentication and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Write View Name The name of the MIB view defining the MIB objects for which this request may potentially SET new ...

Страница 84: ...ion Configures port power saving settings Port Power Saving Status Status of port power saving Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This Page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Figure 4 4 1 Port Configuration Page Screenshot The Page includes the following fields...

Страница 85: ...rrent Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size all...

Страница 86: ...d and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Buttons Download the Port Statistics Overview result as EXEC...

Страница 87: ...3 Detailed Port Statistics Port 1 Page Screenshot The Page includes the following fields Receive Total and Transmit Total Object Description Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes including FCS but excluding framing bits Rx and Tx Unicast The number of received and transmitted good and...

Страница 88: ...e number of short frames received with invalid CRC Rx Jabber The number of long frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes Long frames are frames that are longer than the configured maximum frame length for this port 1 Short frames are frames that are smaller than 64 bytes 2 Lo...

Страница 89: ...he hyperlink of port no to check the statistics on a speficic interface The SFP Module Information screen in Figure 4 4 4 appears Figure 4 4 4 SFP Module Information for Switch Page Screenshot The Page includes the following fields Object Description Type Display the type of current SFP module the possible types are 10GBase SR 10GBase LR 1000Base SX 1000Base LX 100Base FX Speed Display the spedd o...

Страница 90: ...ic refresh of the Page at regular intervals Click to apply changes Click to undo any changes made locally and revert to previously saved values Click to refresh the Page immediately 4 4 5 Port Power Saving Configuration This page allows the user to configure the port power savings features What is EEE EEE is a power saving option that reduces the power usage when there is low or no traffic utiliza...

Страница 91: ...ffic Figure 4 4 5 Port Power Saving Configuration for Switch Page Screenshot The Page includes the following fields Object Description Port The switch port number of the logical port ActiPHY Link down power savings enabled ActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in order to determine if cable is inserted PerfectReach Cable length p...

Страница 92: ...Power Saving Status Figure 4 4 6 Port Power Saving Status Page Screenshot The Page includes the following fields Object Description Port This is the logical port number for this row Link Shows if the link is up for the port green link up red link down EEE Shows if EEE is enabled for the port reflects the settings at the Port Power Savings configuration page LP EEE Cap Shows if the link partner is ...

Страница 93: ...toring network traffic that forwards a copy of each incoming or outgoing packet from one port of a network Switch to another port where the packet can be studied It enables the manager to keep close track of switch performance and alter it if necessary To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame f...

Страница 94: ...fields Object Description Port to mirror on Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled disables mirroring Port The logical port for the settings contained in the same row Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Mode Tx only Frames transmitt...

Страница 95: ...and provides link redundancy Each LAG is composed of ports of the same speed set to full duplex operations Ports in a LAG can be of different media types UTP Fiber or different fiber types provided they operate at the same speed Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated...

Страница 96: ...se the Link aggregation Configuration menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that The ports used in a link aggregation must all be of the same media type RJ 45 100 Mbps fiber The ports that can be assigned to the same link aggregation have certain other restrictions see below Ports can only be assigned to one link aggregation The po...

Страница 97: ...UDP ports for IPv4 packets Normally all 5 contributions to the aggregation code should be enabled to obtain the best traffic distribution among the link aggregation member ports Each link aggregation may consist of up to 10 member ports Any quantity of link aggregation s may be configured for the device only limited by the quantity of ports on the device To configure a proper traffic distribution ...

Страница 98: ...ulate the destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Static Aggregation Group Configuration The Aggregation Group Configuration screen in Figure 4 5 3 appears Figure 4 5 3 Aggregation Group Configuration Page Screenshot The Page includes the following fields Object Description Group ID Indicates ...

Страница 99: ...LACP ports located on a different device LACP allows switches connected to each other to discover automatically whether any ports are member of the same LAG This Page allows the user to inspect the current LACP port configurations and possibly change them as well The LACP port settings relate to the currently selected stack unit as reflected by the Page header The LACP Configuration screen in Figu...

Страница 100: ...ame aggregation group while ports with different keys cannot The default setting is Auto Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 s...

Страница 101: ...ggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Partner Priority The priority of the aggregation partner Last changed The time since this aggregation changed Local Ports Shows which ...

Страница 102: ...ed and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group Partner System ID The p...

Страница 103: ...re 4 5 7 LACP Statistics Page Screenshot The Page includes the following fields Object Description Port The switch port number LACP Received Shows how many LACP frames have been sent from each port LACP Transmitted Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Automatic refres...

Страница 104: ...ich the broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices...

Страница 105: ... Switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging IEEE 802 1Q Standard IEEE 802 1Q tagged VLAN are implemented on the Switch 802 1Q VLAN require tagging which enables the...

Страница 106: ... the information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bit 12 bits TPID Tag Protocol Identifier TCI Tag Control Information 2 bytes 2 bytes Preamble Destination Address Source Address VLAN TAG Ethernet Type Data FCS 6 bytes 6 bytes 4 bytes 2 bytes 46 1500 bytes 4 bytes The Ether Type and VLAN ID are inserted after the MAC source address bu...

Страница 107: ... is connected to a tag aware device the packet should be tagged Default VLANs The Switch initially configures one VLAN VID 1 called default The factory default setting assigns all ports on the Switch to the default As new VLAN are configured in Port based mode their respective member ports are removed from the default Assigning Ports to VLANs Before enabling VLANs for the switch you must first ass...

Страница 108: ...ID Understand nomenclature of the Switch IEEE 802 1Q Tagged and Untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLA...

Страница 109: ...ximum VLAN limit of 4096 The Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic from numerous independent customer LANs into the MAN Metro Access Network space One of the purposes of the provider bridge is to recognize and use VLAN tags so that the VLANs in the MAN space can be used independent of the customers VLANs Th...

Страница 110: ...VLANs field By default only VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specified with a dash separating the lower and upper bound The following example will create VLANs 1 10 11 12 13 200 and 300 1 10 13 200 300 Spaces are allowed in between the delimiters Ethertype for Custome S ports This field specifies the...

Страница 111: ...rts have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged and C tagged frames Discards all frames that are not classified to the Access VLAN On egress all frames classified to the Access VLAN are transmitted untagged Other dynamically added VLANs are transmitted tagged Mode Trunk Trunk ports can carry traffic on multiple VLAN...

Страница 112: ...onfigured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the port but the frame is priority tagged VLAN ID 0 On egress frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN The Port VLAN is called an Access VLAN for ports in Access mode and Native VLAN for ports in Trunk or Hybrid mode Port Type Ports in hybrid mode al...

Страница 113: ... the switch engine However the port will never transmit frames classified to VLANs that it is not a member of Ingress Acceptance Hybrid ports allow for changing the type of frames that are accepted on ingress Tagged and Untagged Both tagged and untagged frames are accepted Tagged Only Only tagged frames are accepted on ingress Untagged frames are discarded Untagged Only Only untagged frames are ac...

Страница 114: ...h VLANs as forbidden on the port in question The syntax is identical to the syntax used in the Enabled VLANs field By default the field is left blank which means that the port may become a member of all possible VLANs The port must be a member of the same VLAN as the Port VLAN ID Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 6 4 VLAN ...

Страница 115: ... be displayed If a port is included in a Forbidden port list an image will be displayed If a port is included in a Forbidden port list and dynamic VLAN user register VLAN on same Forbidden port then conflict port will be displayed as conflict port VLAN Membership The VLAN Membership Status Page shall show the current VLAN port members for all VLANs configured by a selected VLAN User selection shal...

Страница 116: ...tagged frames received on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the fr...

Страница 117: ...he Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately 4 6 6 Private VLAN The Private VLAN membership configurations for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each Private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to V...

Страница 118: ...ning message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The Private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new Private VLANs Buttons Click to add new VLAN Click to save changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box...

Страница 119: ...vate VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN tabl...

Страница 120: ...ivate VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the...

Страница 121: ...rated VLAN Each VLAN isolate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 8 appears and Table 4 6 9 describes the port configuration of the Managed Switches VLAN Group VID Untagged Members Tagged Members VLAN Group 1 1 Port 7 Port 24 N A VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 Port 5 Port 6 Table 4 1 VLAN and Port...

Страница 122: ...e stripped away it tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will received the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away it tag becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packe...

Страница 123: ...ed VLANs column Change Port 6 Mode as Trunk and Selects Egress Tagging as Tag All and Types 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 11 appears Figure 4 6 11 Check VLAN 2 and 3 Members on VLAN Membership Page 4 6 8 2 VLAN Trunking between two 802 1Q aware switches The most cases are used for Uplink to other switches VLANs are separated at different switches but t...

Страница 124: ...N Group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Figure 4 6 13 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 48 124 ...

Страница 125: ...erlapping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member port 5 Specify Port 7 to be the 802 1Q VLAN Trunk port and the Trunking port must be a Tagged port while egress The Port 7 configuration is shown in Figure 4 6 15 Figure 4 6 15 VLAN Overlap Port Sett...

Страница 126: ...solated and promiscuous ports and the each PC is not able to access the isolated port of each other s PCs But they all need to access with the same server AP Printer This section will show you how to configure the port for the server that could be accessed by each isolated port Setup steps 1 Assign Port Mode Set Port 1 Port 4 in Isolate port Set Port5 and Port 6 in Promiscuous port The screen in F...

Страница 127: ...figured here This Page allows for adding and deleting MAC based VLAN entries and assigning the entries to different ports This Page shows only static entries The MAC based VLAN screen in Figure 4 6 18 appears Figure 4 6 18 MAC based VLAN Membership Configuration Page Screenshot The Page includes the following fields Object Description Delete To delete a MAC based VLAN entry check this box and pres...

Страница 128: ...MAC based VLAN entry is enabled when you click on Save A MAC based VLAN without any port members will be deleted when you click Save The Delete button can be used to undo the addition of new MAC based VLANs Buttons Click to add a new MAC based VLAN entry Click to apply changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the Pa...

Страница 129: ...Group Name unique for each Group mapping entries as well as allow you to see and delete already mapped entries for the switch The Protocol based VLAN screen in Figure 4 6 20 appears Figure 4 6 20 Protocol to Group Mapping Table Page Screenshot The Page includes the following fields Object Description Delete To delete a Protocol to Group Name map entry check this box The entry will be deleted on th...

Страница 130: ... OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to 0xffff Group Name A valid Group Name is a unique 16 character lo...

Страница 131: ...ther existing mapping entry on this Page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or exclude the port from the mapping make sure the box is unchecked By default no ports are members and all b...

Страница 132: ...f the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the...

Страница 133: ...work might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transitioned directly from a Blocking state to a Forwarding state could create temporary data loops Por...

Страница 134: ...kets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one ...

Страница 135: ... port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Default Value...

Страница 136: ...s when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _ 2 x Hello Time 1 second Port Priority A Port Priority can be from 0 to 240 The lower the number the greater the probability the port will be chosen as the Root Port Port Cost A Port Cost can be set from 0 to 200000000 The lower the number the greater the probability the port will be chosen to forward packets 3 Illus...

Страница 137: ...User s Manual of GS 5220 16S8C GS 5220 16S8CR Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used Figure 4 7 3 After Applying the STA Rules 137 ...

Страница 138: ...ure STP system settings The settings are used by all STP Bridge instances in the Switch or Switch Stack The Managed Switch support the following Spanning Tree protocols Compatiable Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree con...

Страница 139: ... Age 2 1 Maximum 30 Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It d...

Страница 140: ...BPDU control packet Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 7 3 Bridge Status This Page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance where the column displays the following information The Bridge Status screen in Figure 4 7 5 appears Figure 4 7 5 STP Brid...

Страница 141: ...k this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately 4 7 4 CIST Port Configuration This Page allows the user to inspect the current STP CIST port configurations and possibly change them as well The CIST Port Configuration screen in Figure 4 7 6 appears Figure 4 7 6 STP CIST Port Configuration Page Screenshot The Page includes t...

Страница 142: ...rt will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influence the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also known as Root Gua...

Страница 143: ...he default is set to 65 535 Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Table 4 7 1 Recommended STP Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk...

Страница 144: ...ty Page Screenshot The Page includes the following fields Object Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Click to apply change...

Страница 145: ...e Screenshot The Page includes the following fields Configuration Identification Object Description Configuration Name The name identifiying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the...

Страница 146: ...ge allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This Page contains MSTI port settings for ph...

Страница 147: ...nding STP CIST and MSTI port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor...

Страница 148: ...ttons Click to set MSTx configuration Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 7 8 Port Status This Page displays the STP CIST port status for port physical ports in the currently selected switch The STP Port Status screen in Figure 4 7 11 appears Figure 4 7 11 STP Port Status Page Screenshot The Page includes the following fields 148 ...

Страница 149: ...Disabled Learning Forwarding Uptime The time since the bridge port was last initialized Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds 4 7 9 Port Statistics This Page displays the STP port statistics counters for port physical ports in the currently selected switch The STP Port Statistics screen i...

Страница 150: ... s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh...

Страница 151: ... routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership...

Страница 152: ...User s Manual of GS 5220 16S8C GS 5220 16S8CR Figure 4 8 2 Multicast Flooding Figure 4 8 3 IGMP Snooping Multicast Stream Control 152 ...

Страница 153: ...outers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2...

Страница 154: ...ulticast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multic...

Страница 155: ...be deleted during the next save Profile Name The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Profile Description Additional description which is composed of at maximum 64 alphabetic and numeric characters about the profile No blank or space characters are permitted...

Страница 156: ...n Figure 4 8 6 appears Figure 4 8 6 IPMC Profile Address Configuration Page The Page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted during the next save Entry Name The name used for indexing the address entry table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one ...

Страница 157: ...nput fields Updates the table starting from the first entry in the IPMC Profile Address Configuration Updates the table starting with the entry after the last entry currently displayed 4 8 4 IGMP Snooping Configuration This Page provides IGMP Snooping related configuration The IGMP Snooping Configuration screen in Figure 4 8 7 appears Figure 4 8 7 IGMP Snooping Configuration Page Screenshot 157 ...

Страница 158: ...ds the Layer 3 multicast device or IGMP querier The Switch forwards IGMP join or leave packets to an IGMP router port Auto Select Auto to have the Managed Switch automatically uses the port as IGMP Router port if the port receives IGMP query packets Fix The Managed Switch always uses the specified port as an IGMP Router port Use this mode when you connect an IGMP multicast server or IP camera whic...

Страница 159: ...ng the next save VLAN ID The VLAN ID of the entry IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected Querier Election Enable the IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier Querier Address Define the IPv4 address as source address used in IP header for IGMP Querier election When the Querier address is not set system uses IPv4 mana...

Страница 160: ...onds 10 seconds LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time betwe...

Страница 161: ...lticast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at t...

Страница 162: ...e specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 7 IGMP Snooping Status This Page provides IGMP Snooping status The IGMP Snooping Status screen in Figure 4 8 10 appears Figure 4 8 10 IGMP Snooping Status Page Screenshot The Page includes the ...

Страница 163: ...ved The number of Received V3 Reports V2 Leave Received The number of Received V2 Leave Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the sp...

Страница 164: ...oup input fields allow the user to select the starting point in the IGMP Group Table The IGMP Groups Information screen in Figure 4 8 11 appears Figure 4 8 9 IGMP Snooping Groups Information Page Screenshot The Page includes the following fields Object Description VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Buttons Auto refresh Autom...

Страница 165: ...ears Figure 4 8 12 IGMP SSM Information Page Screenshot The Page includes the following fields Object Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits t...

Страница 166: ... MLD Snooping Configuration Page Screenshot The Page includes the following fields Object Description Snooping Enabled Enable the Global MLD Snooping Unregistered IPMCv6 Flooding enabled Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled When MLD Snooping is disabled unregistered IPMCv6 traffic flooding is always active in spite of this ...

Страница 167: ... port The allowed selection is Auto Fix Fone default compatibility value is Auto Fast Leave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to which a switch port can belong Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 11 MLD Snooping VLAN Configuration Each Page shows up to 99 entries fro...

Страница 168: ...robustness variable value is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds QRI Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default quer...

Страница 169: ...t that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled MLD join reports received on the port are checked against the filter profile If a requested multicast group is permitted the MLD join report is forwarded as normal If a requested multica...

Страница 170: ...ng condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 13 MLD Snooping Status This Page provides MLD Snooping status The IGMP Snooping Status screen in Figure 4 8 16 appears Figure 4 8 16 MLD Snooping Status Page Screenshot 170 ...

Страница 171: ...ier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicates whether specific port is a router port or not Buttons Click to refresh the Page immediately Clears all Statistics counters Auto refresh Automatic refr...

Страница 172: ...Entries in the MLD SFM Information Table are shown on this Page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry Each Page shows up to 99 entries from the MLD SFM Information table def...

Страница 173: ...s of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed tab...

Страница 174: ...port configured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximun 8 MVR VLANs with corresponding channel settings for each Multicas...

Страница 175: ... MVR Mode Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group table is full Delete Check to delete the entry The designated entry will be deleted during the next save MVR VID Specify the Multicast VLAN ID 175 ...

Страница 176: ... mode Tagging Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged with MVR VID The default is Tagged Priority Specify how the traversed IGMP MLD control frames will be sent in prioritized manner The default Priority is 0 LLQI Define the maximun time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membersh...

Страница 177: ...ick to undo any changes made locally and revert to previously saved values 4 8 17 MVR Status This Page provides MVR status The MVR Status screen in Figure 4 8 20 appears Figure 4 8 20 MVR Status Page Screenshot The Page includes the following fields Object Description VLAN ID The Multicast VLAN ID IGMP MLD Queries Received The number of Received Queries for IGMP and MLD respectively IGMP MLD Queri...

Страница 178: ...Each Page shows up to 99 entries from the MVR Group table default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginning of the MVR Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MVR Group Table The MVR Groups Information screen in Figure 4 8 21 appears F...

Страница 179: ...9 entries from the MVR SFM Information Table default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginning of the MVR SFM Information Table The Start from VLAN and Group Address input fields allow the user to select the starting point in the MVR SFM Information Table The MVR SFM Information screen in Figure 4 8 ...

Страница 180: ...are Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the input fields Updates the table starting from the first entry in the MVR SFM Information Table 180 ...

Страница 181: ...gy Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP header that are encoded by certain app...

Страница 182: ... configuration below applies Enable Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps The default value is 500 Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow...

Страница 183: ...sification screen in Figure 4 9 2 appears Figure 4 9 2 QoS Ingress Port Classification Page Screenshot The Page includes the following fields Object Description Port The port number for which the configuration below applies CoS Controls the default class of service All frames are classified to a CoS There is a one to one mapping between CoS queue and priority A CoS of 0 zero has the lowest priorit...

Страница 184: ... in parentheses after the configured default CoS Controls the default drop precedence level All frames are classified to a drop precedence level If the port is VLAN aware and the frame is tagged then the frame is classified to a DPL that is equal to the DEI value in the tag Otherwise the frame is classified to the default DPL The classified DPL can be overruled by a QCL entry DPL Click to Enable D...

Страница 185: ... appears Figure 4 9 3 QoS Egress Port Schedule Page Screenshot The Page includes the following fields Object Description The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1 Port Shows the scheduling mode for this port Mode Q0 Q5 Shows the weight for this queue and port 185 ...

Страница 186: ...4 9 4 QoS Egress Port Shapers Page Screenshot The Page includes the following fields Object Description The logical port for the settings contained in the same row Click on the port number in order to configure the shapers For more detail please refer to chapter 4 9 5 1 Port Shows disabled or actual queue shaper rate e g 800 Mbps Q0 Q7 Port Shows disabled or actual port shaper rate e g 800 Mbps 18...

Страница 187: ...rict Priority or Weighted on this switch port Schedule Mode Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Controls the rate for the queue shaper This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps The default value is 500 Queue Shaper Rate Controls the unit of measure for the queue...

Страница 188: ...ted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps The default value is 500 Port Shaper Rate Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Port Shaper Unit Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Click to undo any changes made locally and...

Страница 189: ... are configured on this Page The QoS Egress Port Tag Remarking sscreen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarking Page Screenshot The Page includes the following fields Object Description Controls the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Mode PCP DEI ...

Страница 190: ...ration Page Screenshot The Page includes the following fields Object Description The Port coulmn shows the list of ports for which you can configure dscp ingress and egress settings Port In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress Translate Classify Ingress Translate To Enable th...

Страница 191: ... DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP All Classify all DSCP Classify Port Egress Rewriting can be one of Disable No Egress rewrite Enable Rewrite enable without remapped Remap DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Egress Buttons Click to apply changes Click to undo any changes made locally and...

Страница 192: ...ed QoS Ingress Classification Page Screenshot The Page includes the following fields Object Description Maximum number of support ed DSCP values are 64 DSCP Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame Trust QoS Class value can be an...

Страница 193: ...anslation screen in Figure 4 9 10 appears Figure 4 9 10 DSCP Translation Page Screenshot The Page includes the following fields Object Description Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 DSCP Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Tr...

Страница 194: ...emap DSCP value ranges form 0 to 63 Remap DP Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 10 DSCP Classification This Page allows you to map DSCP value to a QoS Class and DPL value The DSCP Classification screen in Figure 4 9 11 appears Figure 4 9 11 DSCP Classification Page Screenshot The Page includes the following fields Object ...

Страница 195: ...t The QoS Control List screen in Figure 4 9 12 appears Figure 4 9 12 QoS Control List Configuration Page Screenshot The Page includes the following fields Object Description Indicates the index of QCE QCE Indicates the list of ports configured with the QCE Port Specify the type of Destination MAC addresses for incoming frame Possible values are Any All types of Destination MAC addresses are allowe...

Страница 196: ...Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames Frame Type Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP ...

Страница 197: ...are discribed as below DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any SMAC Source MAC address 24 MS bits OUI or Any Tag Value of Tag field can be Any Untag or Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP are specific 0 1 2 3...

Страница 198: ...decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IP Fragment IPv4 frame fragmented option yes no any Sport Source TCP UDP port 0 655...

Страница 199: ...CL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch The QoS Control List Status screen in Figure 4 9 14 appears Figure 4 9 14 QoS Control List Status Page Screenshot The Page includes the following fields Object Description Indicates the QCL user User Indic...

Страница 200: ...E may not be available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on pressing Resolve Conflict button Conflict Buttons Select the QCL status from this drop down list Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Clic...

Страница 201: ...is enabled on this switch port Enable Controls the rate for the storm control The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 13200 when the Unit is Mbps or kfps Rate Controls the unit of measure for the storm control rate as kbps Mbps fps or kfps The default value is kbps Unit Buttons Click to apply changes Click to undo any ...

Страница 202: ...ich the configuration below applies Queue Controls whether RED is enabled for this queue Enable Controls the lower RED threshold If the average queue filling level is below this threshold the drop probability is zero This value is restricted to 0 100 Min Threshold Controls the drop probability for frames marked with Drop Precedence Level 1 when the average queue filling level is 100 This value is ...

Страница 203: ... marked with Drop Precedence Level 0 are never dropped Min Threshold is the average queue filling level where the queues randomly start dropping frames The drop probability for frames marked with Drop Precedence Level n increases linearly from zero at Min Threshold average queue filling level to Max DP n at 100 average queue filling level Buttons Click to apply changes Click to undo any changes ma...

Страница 204: ...nshot The Page includes the following fields Object Description The logical port for the settings contained in the same row Port There are 8 QoS queues per port Q0 is the lowest priority queue Q0 Q7 The number of received and transmitted packets per queue Rx Tx Buttons Click to refresh the Page immediately Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh...

Страница 205: ...lassify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure 4 9 18 appears Figure 4 9 18 Voice VLAN Configuration Page Screenshot ...

Страница 206: ...oice VLAN traffic class All traffic on Voice VLAN will apply this class Traffic Class Mode Indicates the Voice VLAN port mode Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN Port Security Indicates the Voice V...

Страница 207: ...Description Check to delete the entry It will be deleted during the next save Delete An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Telephony OUI The description of OUI address Normally it describes which vendor telephony device it belongs to Description The allowed string ...

Страница 208: ...es access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This Page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a...

Страница 209: ...f the ACE The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number Port Redirect The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled CPU Forward packet that matched the specific ACE ...

Страница 210: ...Ingress Port All The ACE will match all ingress port Port The ACE will match a specific ingress port Policy Bitmask Indicates the policy number and bitmask of the ACE Indicates the frame type of the ACE Possible values are Frame Type Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP...

Страница 211: ...ation is disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits the ACE row Moves the ACE up the list Moves the ACE down the list Deletes the ACE The lowest plus sign adds a new entry at the bottom of the ACE listin...

Страница 212: ...ngress port for which this ACE applies Ingress Port Any The ACE applies to any port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the policy number filter for this ACE Any No policy filter is specified policy filter status is don t care Specific If you want to filter a specific policy with this ACE choose this value Two field for entering...

Страница 213: ... allowed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled Logging Specify the logging operation of the ACE The allowed values are Enabled Frames matching th...

Страница 214: ...a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears DMAC Filter When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this DMAC value DMAC Value VLAN Parameters Object...

Страница 215: ...r When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IP Address When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation Sender IP Mask Specify the target IP filter for this specific ACE Any No target IP filter is specified Target IP filter is don t care H...

Страница 216: ...ny value is allowed don t care IP Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 1 ARP RARP frames where the PRO is equal to IP 0x800 Any Any value is allowed don t care Ethernet IP Parameters The IP parameters can be configured when Frame Type IPv4 is selected Object Description IP Prot...

Страница 217: ...IPv4 frames where the options flag is set must not be able to match this entry Yes IPv4 frames where the options flag is set must be able to match this entry Any Any value is allowed don t care IP Option Specify the source IP filter for this ACE Any No source IP filter is specified Source IP filter is don t care Host Source IP filter is set to Host Specify the source IP address in the SIP Address ...

Страница 218: ...ng TCP parameters will appear These fields are explained later in this help file Next Header Fliter When Specific is selected for the IPv6 next header value you can enter a specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IPv6 protocol value Next Header Value Specify the source IPv6 filter for this ACE Any No source IPv6 filter is specified Source IPv6 filter is...

Страница 219: ...o 255 A frame that hits this ACE matches this ICMP value ICMP Type Value Specify the ICMP code filter for this ACE Any No ICMP code filter is specified ICMP code filter status is don t care Specific If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears ICMP Code Filter When Specific is selected for t...

Страница 220: ...CP UDP destination range value A field for entering a TCP UDP destination value appears TCP UDP Destination Number When Specific is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP UDP Destination Range When Range is selected for the TCP UDP destinatio...

Страница 221: ...where the URG field is set must be able to match this entry Any Any value is allowed don t care TCP URG Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected Object Description Specify the Ethernet type filter for this ACE Any No EtherType filter is specified EtherType filter status is don t care Specific If you want to filter a specific ...

Страница 222: ...al port for the settings contained in the same row Port Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Policy ID Select whether forwarding is permitted Permit or denied Deny The default value is Permit Action Select which rate limiter to apply on this port The allowed values are Disabled or the values 1 through 16 The default value is Disabled R...

Страница 223: ...d on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled Shutdown Specify the port state of this port The allowed values are Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disabled To close ports by changing the volatile port configuration of the ACL user module The default value is Enabled State Counts th...

Страница 224: ...ppears Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot The Page includes the following fields Object Description The rate limiter ID for the settings contained in the same row Rate Limiter ID The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Rate pps Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 224 ...

Страница 225: ...uthentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the i...

Страница 226: ...S aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restrict...

Страница 227: ...Cisco Secure Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device controls the physical access to the network based on the authentication status of the client The switch acts as an intermediary proxy between the client and the authentication se...

Страница 228: ... identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three attempts to start authentication the client transmits ...

Страница 229: ...f times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized and all frames from the authenticated client are allowed through the port If the authentication fails the port remains in the unauthorized state but...

Страница 230: ...locally and revert to previously saved values 4 11 3 Network Access Server Configuration This Page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central ser...

Страница 231: ...dicates if NAS is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames Mode Reauthentication Enabled If checked successfully authenticated supplicants clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a 231 ...

Страница 232: ...s the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in a 802 1X based mode this is not so criticial since supplicants that a...

Страница 233: ...upplicant is placed on the switch Incoming traffic will be classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature The RADIUS Assigned VLAN Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned VLAN functionality When checked the individual ports ditto setti...

Страница 234: ...the port The value can only be changed if the Guest VLAN option is globally enabled Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description The port number for which the configuration below applies Port Admin State If NAS is globally enabled this selection controls the port s authentication mode The following m...

Страница 235: ... that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seco...

Страница 236: ...m the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Sec...

Страница 237: ...igned QoS Enabled When RADIUS Assigned QoS is both globally enabled and enabled checked for a given port the switch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid traffic received on the supplicant s port will be classified to the given QoS Class If re authentication fa...

Страница 238: ...gnments use the Monitor VLANs VLAN Membership and VLAN Port Pages These Pages show which modules have temporarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ID in an Access Accept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Pr...

Страница 239: ... be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN t...

Страница 240: ...riod of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will tran...

Страница 241: ... Click to navigate to detailed NAS statistics for this port Port The port s current administrative state Refer to NAS Admin State for a description of possible values Admin State The current state of the port Refer to NAS Port State for a description of the individual states Port State The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the m...

Страница 242: ...ore about Guest VLANs here Port VLAN ID Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds 4 11 5 Network Access Statistics This Page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RADIUS A...

Страница 243: ...about Guest VLANs here Port VLAN ID Port Counters Object Description These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X EAPOL Counters Direction Name IEEE Name Description Rx Total dot1xAuthEapolFrames Rx The number of valid EAPOL frames of any type that have been received by the swi...

Страница 244: ...h in which the Packet Body Length field is invalid Tx Total dot1xAuthEapolFrames Tx The number of EAPOL frames of any type that have been transmitted by the switch Tx Request ID dot1xAuthEapolReqIdFr amesTx The number of EAPOL Request Identity frames that have been transmitted by the switch Tx Requests dot1xAuthEapolReqFra mesTx The number of valid EAPOL Request frames other than Request Identity ...

Страница 245: ...ndOther RequestsToSupplicant 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAuth Successes 802 1X and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplica...

Страница 246: ...lient right most table Possible retransmissions are not counted Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Last Supplicant Client Info Name IEEE Name Description MAC Address dot1xAuthLastEapolF rameSource The MAC address of the last supp...

Страница 247: ...ttached it shows No supplicants attached This column is not available for MAC based Auth MAC Address For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No c...

Страница 248: ...horized Force Unauthorized Port based 802 1X Single 802 1X Click to clear the counters for the selected port This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to cl...

Страница 249: ...equest Timeout Retransmit is the number of times in the range 1 to 1000 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Retransmit Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that ...

Страница 250: ... which are Object Description To delete a RADIUS server entry check this box The entry will be deleted during the next Save Delete The IP address or hostname of the RADIUS server Hostname The UDP port to use on the RADIUS server for authentication Auth Port The UDP port to use on the RADIUS server for accounting Acct Port This optional setting overrides the global timeout value Leaving it blank wi...

Страница 251: ...red to be dead Timeout The Dead Time which can be set to a number between 0 to 1440 minutes is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Deadtime to a value greater than 0 zero will enable this feat...

Страница 252: ...lank will use the global key Key Buttons Click to add a new TACACS server An empty row is added to the table and the TACACS server can be configured as needed Up to 5 servers are supported Click to undo the addition of the new server Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 11 8 RADIUS Overview This Page provides an overview of the statu...

Страница 253: ...ber of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Status RADIUS Accounting Server Status Overview Object Description The RADIUS server number Click to navigate to detailed statistics for this server The IP address and UDP port number in IP Address UDP Port notation of this server IP Address The current state of the ...

Страница 254: ...s for a particular RADIUS server The RADIUS Authentication Accounting for Server Overview screen in Figure 4 11 10 appears Figure 4 11 10 RADIUS Authentication Accounting for Server Overview Page Screenshot The Page includes the following fields RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to sw...

Страница 255: ...r of RADIUS Access Challenge packets valid or invalid received from the server Rx Malformed Access Responses radiusAuthClientExt MalformedAccessRe sponses The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access...

Страница 256: ...st packets retransmitted to the RADIUS authentication server Tx Pending Requests radiusAuthClientExtP endingRequests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmiss...

Страница 257: ...erver has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip Time radiusAuthClient ExtRoundTripTim e The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request th...

Страница 258: ...ticators received from the server Rx Unknown Types radiusAccClientExt UnknownTypes The number of RADIUS packets of unknown types that were received from the server on the accounting port Rx Packets Dropped radiusAccClientExt PacketsDropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Tx Requests radiusAccClientExt Requests...

Страница 259: ...time Other Info Name RFC4670 Name Description IP Address IP address and UDP port for the accounting server in question State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ...

Страница 260: ...fresh occurs every 3 seconds Click to refresh the Page immediately Clears the counters for the selected server The Pending Requests counter will not be cleared by this operation 4 11 10 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed switch In this case field in the default IP Address of the Managed Switch with 192 168 0 100 And ...

Страница 261: ...S 5220 16S8CR 2 Add New RADIUS Cleint on the Windows 2003 server Figure 4 11 12 Windows Server Add New RADIUS Client Setting 3 Assign the client IP address to the Managed Switch Figure 4 11 13 Windows Server RADIUS Server Setting 261 ...

Страница 262: ...igure 4 11 14 Windows Server RADIUS Server Setting 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration Figure 4 11 15 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then 262 ...

Страница 263: ...16S8C GS 5220 16S8CR Figure 4 11 16 Windows 2003 AD Server Setting Path 7 Enter Active Directory Users and Computers create legal user data next right click a user what you created to enter properties and what to be noticed 263 ...

Страница 264: ... 4 11 18 Add User Properties Screen Set the Port Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is an uplink port that is connected to another switch Or once the 802 1X starts to work the switch might not be able to access the RADIUS server 264 ...

Страница 265: ...reless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go to Start Control Panel double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting window Figure 4 11 19 4 Select Authen...

Страница 266: ...5220 16S8CR Figure 4 11 20 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue Figure 4 11 21 Windows Client Popup Login Request Message 266 ...

Страница 267: ...User s Manual of GS 5220 16S8C GS 5220 16S8CR 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 22 267 ...

Страница 268: ...port settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer mod...

Страница 269: ...ystem Configuration Object Description Mode Indicates if Limit Control is globally enabled or disabled on the switchstack If globally disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period 269 ...

Страница 270: ... gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description Port...

Страница 271: ...r the switch 3 Click the Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The limit is not...

Страница 272: ...ndicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable access management mode operation Delete Check to delete the entry It will be deleted during the next apply VLAN ID Indicates the VLAN ID for the access management entry Start IP address Indicates the start IP address for the access management entry End IP address Indica...

Страница 273: ...reenshot The Page includes the following fields Object Description Interface The interface that allowed remote host can access the switch Receive Packets The received packets number from the interface under access management mode is enabled Allow Packets The allowed packets number from the interface under access management mode is enabled Discard Packets The discarded packets number from the inter...

Страница 274: ...atic Redirect are enabled or redirects web browser to an HTTP connection when both are disabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 5 SSH Configure SSH on this Page This Page shows the Port Security status Port S...

Страница 275: ...t Security Status This Page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user ...

Страница 276: ...user modules that may request Port Security services Object Description User Module Name The full name of a module that may request Port Security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status The table has one row for each port on the selected switch in the switch and a number of columns which are 276 ...

Страница 277: ...vice is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit ...

Страница 278: ...eenshot The Page includes the following fields Object Description MAC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Additi...

Страница 279: ...sed to block intruder on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on this Page The DHCP Snooping Configuration screen in Figure 4 12 8 appears 279 ...

Страница 280: ...ble DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Config...

Страница 281: ...e Screen Page Screenshot Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds It will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table To start over 4 12 10 IP Source Guard Configuration IP Source Guard is a secure feature used...

Страница 282: ...he mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on given ports This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max dynamic c...

Страница 283: ...gure 4 12 11 appears Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The Page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Buttons Click to add a new en...

Страница 284: ...Source Guard Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the ...

Страница 285: ...the last entry currently displayed 4 12 13 ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This Page provides ARP Inspection related configuration The ARP Inspection Configu...

Страница 286: ...bal ARP Inspection or disable the Global ARP Inspection Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Possible modes are Enabled Enable ARP Inspection operation Disabled Disable ARP Inspection operation If you want to inspect the VLAN configuration you have t...

Страница 287: ...N are Enabled Enable check VLAN operation Disabled Disable check VLAN operation Only the Global Mode and Port Mode on a given port are enabled and the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting There are four log types and possible types are None Log nothing Deny Log denied entries Permit Log permitted entries ALL Log all entries Buttons Click t...

Страница 288: ...The VLAN ID for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Buttons Click to add a new entry to the Static ARP Inspection table Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 15 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table ...

Страница 289: ... entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over The Page includes the following fields Object Description Port The port number for which the status applies Click the port number to see ...

Страница 290: ...C address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time 4 13 1 MAC Table Configuration The MAC Address Table is configured on this Page Set timeouts for entries ...

Страница 291: ...used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The MAC tab...

Страница 292: ...he one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refresh button click assume the value of the firs...

Страница 293: ...ons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address Updates the table starting with the entry after the last entry currently displayed ...

Страница 294: ...w to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED info...

Страница 295: ...36 Therefore the default TTL is 4 30 120 seconds Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds This attribute must comply with the rule 4 Delay Interval Tra...

Страница 296: ...s shown in the LLDP neighbours table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighbours table If all ports have CDP awareness disabled th...

Страница 297: ... following fields Fast start repeat count Object Description Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general In addition it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types for example only advertise the voice ...

Страница 298: ...epeat count it is possible to specify the number of times the fast start transmission would be repeated The recommended value is 4 times given that 4 LLDP frames with a 1 second interval will be transmitted when an LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity...

Страница 299: ... use Datum NAD83 MLLW NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on water sea ocean Civic Address Location IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Object Description Country code The two letter ISO 31...

Страница 300: ...Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with t...

Страница 301: ...se the multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description Delete Check to delete the policy It will be deleted during the next save Policy ID ID for the policy This is auto generated and shall be used when selecting the polices that shall be mapped to the specific ports Application Type Intended use of the application types Voice for use ...

Страница 302: ...ignaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy Tag Tag indicating whether the specified application type is using a tagged or an untagged VLAN Untagged indicates tha...

Страница 303: ...t attributes for the same network policies based on the authenticated user identity or port configuration Object Description Port The port number for which the configuration applies Policy ID The set of policies that shall apply for a given port The set of policies is selected by checkmarking the checkboxes that corresponds to the policies Buttons Click to apply changes Click to undo any changes m...

Страница 304: ...nt Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class Fore example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also support all aspects of TIA 1057 applicable to Generic Endpoints Class I and any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of ...

Страница 305: ...liances that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management LLDP MED Capabilities LLDP MED Capabilities describes the neighbor unit s LLDP MED capabilities The possible capabilities are 1 LLDP MED capabilities 2 Network Policy 3 Location Identification 4 E...

Страница 306: ...ied application type is using a tagged or an untagged VLAN Can be Tagged ot Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to d...

Страница 307: ...ion screen in Figure 4 14 4 appears Figure 4 14 4 LLDP Neighbor Information Page Screenshot The Page includes the following fields Object Description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Port ID The Port ID is the identification of the neighbor port Port Description Port Description is the port descri...

Страница 308: ...management This could for instance hold the neighbor s IP address Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds 4 14 6 Port Statistics This Page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole stack switch while local c...

Страница 309: ...rt Rx Frames The number of LLDP frames received on the port Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Cha...

Страница 310: ...CR Buttons Click to refresh the Page immediately Clears the local counters All counters including global counters are cleared upon reboot Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds 310 ...

Страница 311: ...ectivity issues The Managed Switch transmit ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There mig...

Страница 312: ...ll packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears Figure 4 15 1 ICMP Ping Page Screenshot The Page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Be sure the target IP Address is within the same network subnet of the Managed S...

Страница 313: ...hot The Page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Egress Interface The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and will be effective only when the corresponding IPv6 interface is valid When the...

Страница 314: ... are displayed upon reception of a reply The Page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Figure 4 15 3 Remote IP Ping Test Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings Remote IP Address The destination IP Address Ping Size The payl...

Страница 315: ...imately 15 seconds When completed the Page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnastic on a 10 or 100 Mbps management port will cause the switch to stop respond...

Страница 316: ...d pair Open Open pair Short Shorted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in me...

Страница 317: ...n function that provides loop protection to prevent broadcast loops in Managed Switch 4 16 1 Configuration This Page allows the user to inspect the current Loop Protection configurations and possibly change them as well screen in Figure 4 17 1 appears Figure 4 17 1 Loop Protection Configuration Page Screenshot 317 ...

Страница 318: ... the port Valid values are 0 to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart Port Configuration Object Description Port The switch port number of the port Enable Controls whether loop protection is enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or ...

Страница 319: ...ed Switch port number of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Click to refresh the Page immediately ...

Страница 320: ...he implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 17 1 RMON Alarm Configuration Configure RMON Alarm table on this Page The entry index key is ID screen in Figure 4 17 1 appears Figure 4 17...

Страница 321: ...h of the output packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the sample directly Delta Calculate the difference between samples default Value The value of the statistic during the last sampling period Startup Alarm The method of sampling the selected variable a...

Страница 322: ...sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds Value The value of the statistic during the last sampling period Startup Alarm The alarm that may be sent when this entry is first set to valid Rising Threshold Risin...

Страница 323: ...fication of the event the possible types are none The total number of octets received on the interface including framing characters log The number of uni cast packets delivered to a higher layer protocol snmptrap The number of broad cast and multi cast packets delivered to a higher layer protocol logandtrap The number of inbound packets that are discarded even the packets are normal Community Spec...

Страница 324: ...e 4 17 4 RMON Event Overview Page Screenshot The Page includes the following fields Object Description Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry LogTime Indicates Event log time LogDescription Indicates the Event description Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic r...

Страница 325: ...s the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Buckets Indicates the maximum data entries associated this History control entry stored in RMON T...

Страница 326: ... broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but ha...

Страница 327: ...urrently displayed 4 17 7 RMON Statistics Configuration Configure RMON Statistics table on this Page The entry index key is ID screen in Figure 4 17 7 appears Figure 4 17 7 RMON Statistics Configuration Page Screenshot The Page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is f...

Страница 328: ... in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good...

Страница 329: ...e total number of packets including bad packets received that were between 256 to 511 octets in length 512 1023 The total number of packets including bad packets received that were between 512 to 1023 octets in length 1024 1518 The total number of packets including bad packets received that were between 1024 to 1518 octets in length Buttons Click to refresh the Page immediately Auto refresh Check ...

Страница 330: ...then this packet will be filtered Thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Managed Switch stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network needs efficien...

Страница 331: ...he best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode 1000Base T can be only connected in Full duplex mode ...

Страница 332: ... of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 1000Base T port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicat...

Страница 333: ...s 10 100Base TX When connecting your Switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignment...

Страница 334: ...ge 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8...

Страница 335: ...ated with the manual ACL configuration ACL Access Control List The web Page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associate...

Страница 336: ...idirectional in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such...

Страница 337: ...rypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP DHCP is an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP ad...

Страница 338: ...bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping DHCP Snooping is used to block intruder on the untru...

Страница 339: ...face is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously H HTTP HTTP is an acronym for Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web...

Страница 340: ...difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X IEEE 802 1X is an IEEE standard for port based Network Access Control It provides authentication to devices attached to a LAN port establishing a point to point connection or preventing access from that port if authentication fails With 802 1X a...

Страница 341: ...nternet Protocol address and this IP address is used to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number is reduced drastically by the practice of webmasters taking addresses in large blocks the ...

Страница 342: ... lost connectivity in the network Can be used as a switch criteria by EPS M MAC Table Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configu...

Страница 343: ...or Network Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X NetBIOS NetBIOS is an acronym for N...

Страница 344: ... optional TLVs is disabled the corresponding information is not included in the LLDP frame OUI OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address P PCP PCP is an acronym for Priority Code Point It is a ...

Страница 345: ...nd forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of e mail and are not to be confused with the Simple Mail Transfer Protocol SMTP You send e mail with SM...

Страница 346: ...It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end...

Страница 347: ...int servers for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Microsoft Windows networking Samba can be installed on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the m...

Страница 348: ...ers for setting up each switch to perform shortest path forwarding within the stack SSID Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range advertising their SSIDs and can choose one to connect to based on pre configuration or by displaying a list o...

Страница 349: ...the message or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP TELNET TELNET is a...

Страница 350: ...l IP Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units to ...

Страница 351: ...D VLAN ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality W WEP WEP is an acronym for Wired Equivalent Privacy WEP is a deprec...

Страница 352: ...ersonal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPS ...

Страница 353: ... 2006 A1 2009 A2 2009 EN 61000 3 3 2013 EN 55024 2010 IEC 61000 4 2 2008 IEC 61000 4 3 2006 A1 2007 A2 2010 IEC 61000 4 4 2012 IEC 61000 4 5 2005 IEC 61000 4 6 2013 IEC 61000 4 8 2009 IEC 61000 4 11 2004 Responsible for marking this declaration if the Manufacturer Authorized representative established within the EU Authorized representative established within the EU if applicable Company Name Plan...

Результаты поиска

Содержание GS-5220-16S8C

Отзывы:

Похожие инструкции для GS-5220-16S8C

Бренды по названию

Популярные бренды

Planet GS-5220-16S8C, Руководство пользователя

Результаты поиска

Содержание GS-5220-16S8C

Отзывы:

Похожие инструкции для GS-5220-16S8C

Бренды по названию

Популярные бренды