Vivotek AW-IHT-1270 Скачать руководство пользователя | Manualshive

Страница: 167 / 228

background image

159

7.

Security

7.1.

IP Source Guard

IP Source Guard is a security feature that restricts IP traffic on untrusted Layer 2 ports by filtering
traffic based on the DHCP snooping binding database or manually configured IP source bindings.
This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address
of another host. Any IP traffic coming into the interface with a source IP address other than that
assigned (via DHCP or static configuration) will be filtered out on the untrusted Layer 2 ports.

The IP Source Guard feature is enabled in combination with the DHCP snooping feature on
untrusted Layer 2 interfaces. It builds and maintains an IP source binding table that is learned by
DHCP snooping or manually configured (static IP source bindings). An entry in the IP source
binding table contains the IP address and the associated MAC and VLAN numbers. The IP
Source Guard is supported on Layer 2 ports only, including access and trunk ports.

The IP Source Guard features include below functions:

1.

DHCP Snooping.

2.

DHCP Binding table.

3.

ARP Inspection.

4.

Blacklist Filter. (arp-inspection mac-filter table)

7.1.1.

DHCP Snooping

7.1.1.1.

Introduction

DHCP snooping is a DHCP security feature that provides network security by filtering untrusted
DHCP messages and by building and maintaining a DHCP snooping binding database, which is
also referred to as a DHCP snooping binding table.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. You can use
DHCP snooping to differentiate between untrusted interfaces connected to the end user and
trusted interfaces connected to the DHCP server or another switch.

The DHCP snooping binding database contains the MAC address, the IP address, the lease time,
the binding type, the VLAN number, and the interface information that corresponds to the local
untrusted interfaces of a switch.

When a switch receives a packet on an untrusted interface and the interface belongs to a VLAN
in which DHCP snooping is enabled, the switch compares the source MAC address and the
DHCP client hardware address. If addresses match (the default), the switch forwards the packet.
If the addresses do not match, the switch drops the packet.

The switch drops a DHCP packet when one of these situations occurs:

✓

A packet from a DHCP server, such as a DHCPOFFER, DHCPACK, DHCPNAK, or
DHCPLEASEQUERY packet, is received from the untrusted port.

✓

A packet is received on an untrusted interface, and the source MAC address and the
DHCP client hardware address do not match any of the current bindings.

«
...
165
166
167
168
169
...
»

Содержание AW-IHT-1270

Страница 1: ...AW IHT 1270 8 port 10 100 1000Base T w PoE 4 SFP Gigabit ports Managed Industrial Switch User Manual...

Страница 2: ...installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communicati...

Страница 3: ...INPUTS 8 3 2 5 POWERING ON THE UNIT 8 3 3 LED INDICATORS 9 3 4 DIP SWITCHES 10 4 SYSTEM STATUS 11 4 1 CONSOLE PORT 11 4 2 TELNET 11 4 3 HOW TO ENTER THE CLI 11 4 4 CLI COMMAND CONCEPT 12 4 5 GUI LOGI...

Страница 4: ...WIDTH CONTROL 39 6 1 1 QOS 39 6 1 1 1 INTRODUCTION 39 6 1 1 2 CLI CONFIGURATION 44 6 1 1 3 WEB CONFIGURATION 45 6 1 2 RATE LIMITATION 48 6 1 2 1 STORM CONTROL 48 6 1 2 1 1 INTRODUCTION 48 6 1 2 1 2 CL...

Страница 5: ...81 6 3 4 MAC BASED VLAN 82 6 3 4 1 INTRODUCTION 82 6 3 4 2 CLI CONFIGURATION 83 6 3 4 3 WEB CONFIGURATION 83 6 3 5 PROTOCOL BASED VLAN 84 6 3 5 1 INTRODUCTION 84 6 3 5 2 CLI CONFIGURATION 84 6 3 5 3...

Страница 6: ...CHEDULE 126 6 11 2 1 INTRODUCTION 126 6 11 2 2 CLI CONFIGURATION 127 6 11 2 3 WEB CONFIGURATION 127 6 11 3 PD ALIVE CHECK 128 6 11 3 1 INTRODUCTION 128 6 11 3 2 CLI CONFIGURATION 128 6 11 3 3 WEB CONF...

Страница 7: ...FILTER TABLE 171 7 1 3 2 1 INTRODUCTION 171 7 1 3 2 2 CLI CONFIGURATION 172 7 1 3 2 3 WEB CONFIGURATION 172 7 2 ACL 173 7 2 1 INTRODUCTION 173 7 2 2 CLI CONFIGURATION 174 7 2 3 WEB CONFIGURATION 177 7...

Страница 8: ...3 WEB CONFIGURATION 200 9 1 2 SNMP TRAP 202 9 1 3 SNMPV3 203 9 1 3 1 CLI CONFIGURATION 203 9 1 3 2 WEB CONFIGURATION 204 9 2 AUTO PROVISION 207 9 2 1 INTRODUCTION 207 9 2 2 CLI CONFIGURATION 208 9 2 3...

Страница 9: ...nents withstand in operating temperatures from from 40 to 70 The AW IHT 1270 features with 4 slot Gigabit SFP which immune to moisture static electricity power surges and short circuits plus 8 10 100...

Страница 10: ...Rate Limitation Storm Control Port Isolation 802 1Q Tag based VLAN Auto MDI MDI X Network Management Command Line Interface Telnet Web GUI SNMP v1 v2c v3 Management VLAN System log Firmware Upgradabl...

Страница 11: ...n Wide Operating temperature 40 to 70 Storage temperature 40 to 85 Operating humidity 10 to 95 RH Non Condensing Storage humidity 5 to 95 RH Non Condensing PoE Power Available at PD 25 50 W Max Power...

Страница 12: ...el Redundant inputs 48 57V DC or 24 57V DC for AW IHT 1270 24V model Connection One removable 6 pin terminal block Support Overload current protection Support Reverse Polarity Protection One relay out...

Страница 13: ...ives true plug n play capability just plug the network cables into the ports and the ports will adjust according to the end node devices The following are recommended cabling for the RJ 45 connectors...

Страница 14: ...e be sure the tab on the plug clicks into position to ensure that it is properly seated Check the corresponding port LED on the Switch to be sure that the connection is valid Refer to the LED chart 3...

Страница 15: ...confirm the connection is established 3 2 2 DIN rail Installation The AW IHT 1270 has a DIN rail bracket on the back of the Switch Location The AW IHT 1270 can be DIN Rail mounted in cabinet or enclo...

Страница 16: ...t Power Inputs You can use Terminal Block PWR for Primary Power input and Terminal Block RPS for secondary power source for Redundant Power Input To insert power wire and connect the 48 57V DC or 24 5...

Страница 17: ...pment Reset Button There has Reset button in front of Switch which can help to manually hardware reboot 3 3 LED Indicators This Switch is equipped with Unit LEDs to enable you to determine the status...

Страница 18: ...is enabled OFF port 3 link alarm reporting is disabled 6 P4 ON port 4 link alarm reporting is enabled OFF port 4 link alarm reporting is disabled 7 P5 ON port 5 link alarm reporting is enabled OFF por...

Страница 19: ...sion to the Switch s IP address If this is your first login use the default values Default Management IP Address Setting Default Value IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway...

Страница 20: ...s command displays the current VLAN configurations The Node type enable Its command prompt is L2SWITCH It means these commands can be executed in this command prompt configure Its command prompt is L2...

Страница 21: ...ted in this command prompt In Configure code executing command vlan 2 enter the vlan 2 node Note where the 2 is the vlan ID L2SWITCH config vlan 2 L2SWITCH config vlan acl Its command prompt is L2SWIT...

Страница 22: ...formation enable show running config This command displays the current operating configurations enable show system info This command displays the system s CPU loading and memory information enable sho...

Страница 23: ...he unit Management VLAN This field displays the VLAN ID that is used for the Switch management purposes CPU Loading This field displays the percentage of your Switch s system load Memory Information T...

Страница 24: ...cho request to the destination host The c parameter allow user to specific the packet count The default count is 4 enable ping IPADDR s SIZE This command sends an echo request to the destination host...

Страница 25: ...lobal scope of IPv6 address and subnet mask for the system eth0 ip ipv6 address default gateway AAAA BBBB CCCC DD DD EEEE FFFF GGGG HHHH This command configures a default gateway for the system eth0 i...

Страница 26: ...cimal notation for example 255 255 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 1 1 IPv6 Settings DHCPv6 Client Select Enab...

Страница 27: ...10240 Default Settings The default jumbo frame is 10240 bytes 5 1 2 2 CLI Configuration Node Command Description enable show jumboframe This command displays the current jumbo frame settings configure...

Страница 28: ...ocks of computer systems over packet switched variable latency data networks A less complex implementation of NTP using the same protocol but without requiring the storage of state over extended perio...

Страница 29: ...eat the query process 7 No default SNTP server Default Settings Current Time Time 0 3 51 UTC Date 1970 1 1 Time Server Configuration Time Zone 00 00 IP Address 0 0 0 0 DayLight Saving Time Configurati...

Страница 30: ...aving Time configure time ntp server disable enable This command disables enables the NTP server state configure time ntp server IP_ADDRESS This command sets the IP address of your time server configu...

Страница 31: ...format and time in hour minute and second format The new date and time then appear in the Current Date and Current Time fields after you click Apply Enable Network Time Protocol Select this option to...

Страница 32: ...d time when Daylight Saving Time ends if you enabled Daylight Saving Time The time field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the las...

Страница 33: ...s eth0 management host A B C D The command adds a management host address eth0 no management host A B C D The command deletes a management host address Example L2SWITCH configure terminal L2SWITCH con...

Страница 34: ...s ports When a device which may belong to a VLAN group sends a packet which is forwarded to a port on the Switch the MAC address of the device is shown on the Switch s MAC Table It also shows whether...

Страница 35: ...specific port configure mac address table static MACADDR vlan VLANID port PORT_ID This command configures a static unicast entry configure no mac address table static MACADDR vlan VLANID This command...

Страница 36: ...resh Click Refresh to begin configuring this screen afresh Static MAC Table MAC Address This field displays the MAC address of a manually entered MAC address entry VLAN ID This field displays the VID...

Страница 37: ...or whether it was learned by the Switch Dynamic VLAN ID This field displays the VLAN ID of the MAC address entry Port This field displays the port number the MAC address entry is associated It display...

Страница 38: ...cription enable show mac address table refusal This command displays the current refusal MAC address only configure mac address table refusal MACADDR vlan VLANID This command configures a refusal MAC...

Страница 39: ...the VLAN ID of the MAC address entry Action Click Delete to remove this manually entered MAC address entry from the refusal MAC address table Total Counts This field displays the total entries in the...

Страница 40: ...ed from the source ports automatically Default Settings Mirror Configurations State Disable Monitor port 1 Ingress port s None Egress port s None 5 3 2 CLI Configuration Node Command Description enabl...

Страница 41: ...set the common settings and then make adjustments on a port by port basis Source Port This field displays the number of a port Mirror Mode Select Ingress Egress or Both to only copy the ingress incom...

Страница 42: ...wrap plug that is inserted in a port on a communications device The effect of a wrap plug is to cause transmitted output data to be returned as received input data simulating a complete communication...

Страница 43: ...l is typically used in half duplex mode to send a collision signal to the sending port mimicking a state of packet collision causing the sending port to temporarily stop sending signals and resend lat...

Страница 44: ...t cable test configure interface range gigabitethernet1 0 PORTLISTS This command enters the interface configure node if range description STRINGs This command configures a description for the specific...

Страница 45: ...ps Full Duplex 10 Mbps Half Duplex 100 Mbps Full Duplex 100 Mbps Half Duplex 1000 Mbps Full Duplex Flow Control Select On to enable access to buffering resources for the port thus ensuring lossless op...

Страница 46: ...plays Link Down if the port is disabled or not connected to any device Information Parameter Description Port Select a port or a range ports you want to configure on this screen Description Configures...

Страница 47: ...ty queuing The Switch has 8 priority queues These priority queues are numbered from 7 Class 7 the highest priority queue to 0 Class 0 the lowest priority queue The eight priority tags specified in IEE...

Страница 48: ...bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802 1Q tagged frame Tag Control Information TCI Priority Code Point PCP a 3 bit field which refers to the IEEE 802 1p prior...

Страница 49: ...ize types of traffic When using the DiffServ priority mechanism the packet is classified based on the DSCP field in the IP header If the tag is present the packet is assigned to a programmable egress...

Страница 50: ...the treatment of the datagram during its transmission through the internet system Example mappings of the internet type of service to the actual service provided on networks such as AUTODIN II ARPANE...

Страница 51: ...WRR scheduling uses the same algorithm as round robin scheduling but services queues based on their priority and queue weight the number you configure in the queue Weight field rather than a fixed amo...

Страница 52: ...S scheduling mode to high_first each hardware queue will transmit all of the packets in its buffer before permitting the next lower priority to transmit its packets configure qos mode wrr queue weight...

Страница 53: ...y tag field of incoming packets The values range from 0 lowest priority to 7 highest priority Port This field displays the number of a port 802 1p Priority Select a priority for packets received by th...

Страница 54: ...Over DSCP means the 802 1p tag has higher priority than DSCP Priority This field displays each priority level The values range from 0 lowest priority to 7 highest priority Apply Click Apply to take e...

Страница 55: ...to the defaults Priority This field displays each priority level The values range from 0 lowest priority to 7 highest priority Queue ID Select the number of a queue for packets with the priority level...

Страница 56: ...work is overwhelmed with constant broadcast or multicast traffic Broadcast storms can eventually lead to a complete loss of network connectivity as the packets proliferate Storm Control protects the S...

Страница 57: ...the limitation configure no storm control type bcast mcast DLF bcast mcast bcast DLF mcast DLF bcast mcast DLF ports PORTLISTS This command disables the bandwidth limit for broadcast or multicast or...

Страница 58: ...ettings All ports Ingress and Egress rate limitation are disabled 6 1 2 2 2 CLI Configuration Node Command Description enable show bandwidth limit This command displays the current rate control config...

Страница 59: ...snooping is for multicast traffic The Switch can passively snoop on IGMP packets transferred between IP multicast routers switches and IP multicast hosts to learn the IP multicast group membership It...

Страница 60: ...e to remove from the forwarding table an interface that sends a leave message without the switch sending group specific queries to the interface The VLAN interface is pruned from the multicast tree fo...

Страница 61: ...IGMP join and leave packets to the query port Configurations Users can enable disable the IGMP Snooping on the Switch Users also can enable disable the IGMP Snooping on a specific VLAN If the IGMP Sn...

Страница 62: ...GMP snooping counters configure clear igmp counters port vlan This command clears the IGMP snooping counters for port or vlan interface igmp querier mode auto fixed edge This command specifies whether...

Страница 63: ...ted to an IGMP multicast router or server You must enable IGMP snooping as well Default auto Example L2SWITCH config igmp snooping enable L2SWITCH config igmp snooping vlan 1 L2SWITCH config igmp snoo...

Страница 64: ...to all ports Apply Click Apply to configure the settings Refresh Click this to reset the fields to the last setting IGMP Snooping State This field displays whether IGMP snooping is globally enabled or...

Страница 65: ...k Apply to apply the settings Refresh Click this to reset the fields Port The port ID Querier Mode The Querier mode setting for the specific port Immediate Leave The Immediate Leave setting for the sp...

Страница 66: ...vlan 6 2 3 IGMP Snooping Filtering The IGMP Snooping Filter allows users to configure one or some of range or multicast address to drop or to forward them 6 2 3 1 CLI Configurations Node Command Descr...

Страница 67: ...l of the group configurations config igmp type deny permit This command configures the type of deny or permit for the group interface igmp snooping filtering profile STRING This command enables the IG...

Страница 68: ...ng IGMP Filtering Status Profile The profile name Type The type of action Ports The field indicates the ports that the IGMP Filtering profile is activated Action Click the Delete button to delete the...

Страница 69: ...st VLAN Registration that enables a media server to transmit multicast stream in a single multicast VLAN while clients receiving multicast VLAN stream can reside in different VLANs Clients in differen...

Страница 70: ...the switch CPU modifies the hardware address table to include this receiver port and VLAN as a forwarding destination of MVLAN Leave Operation Subscriber sends an IGMP leave message to the switch to l...

Страница 71: ...the following group record types as membership reports Those group record types are MODE_IS_INCLUDE CHANGE_TO_INCLUDE_MODE ALLOW_NEW_SOURCES and BLOCK_OLD_SOURCES Don t use the group address X 0 0 1 f...

Страница 72: ...es the mode for the MVR Dynamic Sends IGMP report to all MVR source ports in the multicast VLAN Compatible Sets the Switch not to send IGMP report MVR name STRING This command configures the name for...

Страница 73: ...e Configures the mode for the MVR 802 1p Priority The priority for these multicast group packets Source Ports Configures the source port s for the MVR Normally the source ports are connected to the st...

Страница 74: ...MAC address 01 00 5e therefore multicast packets are delivered by using the Ethernet MAC address range 01 00 5e 00 00 00 01 00 5e 7f ff ff This is 23 bits of available address space The first octet 01...

Страница 75: ...erved 224 0 0 1 The All Hosts multicast group that contains all systems on the same network segment 224 0 0 2 The All Routers multicast group that contains all routers on the same network segment 224...

Страница 76: ...dress 224 0 1 41 H 323 Gatekeeper discovery address 6 2 5 2 CLI Configuration Node Command Description enable show mac address table multicast This command displays the current static dynamic multicas...

Страница 77: ...n explicit host tracking is enabled the router uses more memory than if explicit tracking is disabled because the router must store the membership state of all hosts on the interface 6 2 6 1 CLI Confi...

Страница 78: ...port 0 is not an egress port for a specific port the host connected to the specific port cannot manage the Switch If you wish to allow two subscriber ports to talk to each other you must define the e...

Страница 79: ...om the specific port Example L2SWITCH config interface 1 0 2 L2SWITCH config if port isolation ports 3 10 6 3 1 3 Web Configuration Parameter Description Port Select a port number to configure its por...

Страница 80: ...configurations are 4 094 A tagged VLAN uses an explicit tag VLAN ID in the MAC header to identify the VLAN membership of a frame across bridges they are not confined to the switch on which they were c...

Страница 81: ...approaches the packets forwarded using this method do not leak into other VLAN domains on the network After a port has been assigned to a VLAN the port cannot send to or receive from devices in anothe...

Страница 82: ...of the vlan vlan no tagged PORTLISTS This command removes all tagged member from the vlan vlan untagged PORTLISTS This command assigns ports for untagged member of the VLAN group The ports should be...

Страница 83: ...e VLAN group The ports should be one some of the permanent members of the vlans vlan range no tagged PORTLISTS This command removes all tagged member from the vlans vlan range untagged PORTLISTS This...

Страница 84: ...designate multiple port numbers individually by using a comma and by range with a hyphen Apply Click Apply to save your changes back to the Switch Refresh Click Refresh to begin configuring this scree...

Страница 85: ...ID Select All Click Select All to mark all member ports as tag ports Deselect All Click Deselect All to mark all member ports as untag ports Apply Click Apply to save your changes back to the Switch R...

Страница 86: ...this port This is the default setting Select VLAN Tagged Only to accept only tagged frames on this port All untagged frames will be dropped Select VLAN Untagged Only to accept only untagged frames on...

Страница 87: ...the network learn those VLANs dynamically An end node can be plugged into any switch and be connected to that end node s desired VLAN For end nodes to make use of GVRP they need GVRP aware Network In...

Страница 88: ...ommand displays the timers for the GARP configure gvrp disable enable This command disables enables the GVRP on the switch configure no gvrp configuration This command set GVRP configuration to its de...

Страница 89: ...port that you want to configure the GVRP settings State Select Enable to activate the port GVRP function Select Disable to deactivate the port GVRP function Registration Mode Select Normal to allows...

Страница 90: ...ll Time Specifies the interval in milliseconds at which Leave All messages are sent on interfaces Leave All messages help to maintain current GVRP VLAN membership information in the network 6 3 4 MAC...

Страница 91: ...s configure mac vlan STRINGS vlan VLANID priority 0 7 This command creates a mac vlan entry with the leading three or more bytes of mac address and the VLAN and the priority configure no mac vlan entr...

Страница 92: ...rotocol vlan configurations configure protocol vlan frame type ethernetII ether type STRINGS vlan VLANID ports PORTLISTS This command creates a protocol vlan entry with ethernetII frame type configure...

Страница 93: ...ired by ISPs Internet Service Provider that need Transparent LAN services TLS and the service provider has their own set of VLAN independent of customer VLANs Typically each service provider VLAN inte...

Страница 94: ...ess ports will be untagged or single tagged CVLAN When a port is configured as a normal port it will ignore the frames with double tagging Double Tagging Format A VLAN tag service provider VLAN stacki...

Страница 95: ...s to configure a service provider s VLAN SPVLAN on the Q in Q switch Then the double tagged frames can be switched according to the SP VID The SPVLAN should include all the related Tunnel and Access p...

Страница 96: ...onfig vlan 10 L2SWITCH config vlan fixed 7 8 L2SWITCH config vlan tagged 7 L2SWITCH config vlan exit L2SWITCH config vlan 100 L2SWITCH config vlan fixed 7 8 L2SWITCH config vlan tagged 8 L2SWITCH conf...

Страница 97: ...eceived on one port according to their inner VLAN tags In the Selective Q in Q mode switch performs traffic classification for the traffic incoming to a port based on the VLAN ID When a user uses diff...

Страница 98: ...d 500 L2SWITCH config qinq access ports 3 L2SWITCH config qinq tunnel ports 4 L2SWITCH config qinq active L2SWITCH config qinq show L2SWITCH config qinq exit L2SWITCH config vlan stacking selective qi...

Страница 99: ...an stacking selective qinq STRINGS This command removes the selective Q in Q profile with the name configure vlan stacking tpid table index 2 6 value STRINGS This command configures TPID table interfa...

Страница 100: ...apply the rule qinq end The command exits the CLI Q in Q node and enters the CLI enable node qinq exit The command exits the CLI Q in Q node and enter the CLI configure node qinq show The command show...

Страница 101: ...Selective for the VLAN stacking Configures the TPID Table The TPID table has 6 entries Tunnel TPID Index Selects the table index TPID Configures the TPID Configures the Port TPID Port Selects a port o...

Страница 102: ...port or a range of ports which you want to configure Role Selects one of the three roles Normal and Access and Tunnel for the specific ports SPVID Configures the service provider s VLAN Priority Confi...

Страница 103: ...FFER and DHCPACK packets The DHCP server will assign IP domain to the client dependent on these information The maximum length of the information is 32 characters In residential metropolitan Ethernet...

Страница 104: ...e DHCP request Option Frame Format Code Len Agent Information Field 82 N i1 i2 i3 i4 iN The Agent Information field consists of a sequence of SubOpt Length Value tuples for each sub option encoded in...

Страница 105: ...frame ID is configured with the CLI command dhcp options option82 circuit_frame VALUE Or GUI Circuit Frame SHELF Add the shelf ID into the Circuit sub option The shelf ID is configured with the CLI c...

Страница 106: ...ns option82 remote_id This command configures the information of the remote ID sub option configure dhcp options option82 circuit_frame VALUE This command configures the frame ID for the circuit sub o...

Страница 107: ...PDISCOVER message is a broadcast message and broadcasts only cross other segments when they are explicitly routed you might have to configure a DHCP Relay Agent on the router interface so that all DHC...

Страница 108: ...figurations Users can enable disable the DHCP Relay on the Switch Users also can enable disable the DHCP Relay on a specific VLAN If the DHCP Relay on the Switch is disabled the DHCP Relay is disabled...

Страница 109: ...nfigure dhcp relay disable enable This command disables enables the DHCP relay on the switch configure dhcp relay vlan VLAN_RANGE This command enables the DHCP relay function on a VLAN or a range of V...

Страница 110: ...parameter options are attached per pool DHCP server can work irrespective of routing feature in the Switch but if router is running along with the DHCP server then administrator should take care about...

Страница 111: ...ables ICMP module in DHCP server for periodical checking configure no dhcp server icmp enable This command disabled ICMP module in DHCP server configure dhcp server offer reuse seconds This command co...

Страница 112: ...ed address IPADDR IPADDR This command configures to exclude specified range of IP addresses from assigning to client This will be useful for blocking few IP addresses dhcp server no excluded address I...

Страница 113: ...id ip addr HEX STRING OPTION IPADDR This command binds specified IP address option parameter with specified client_id in pool dhcp server no host client id ip addr HEX STRING OPTION IPADDR This comman...

Страница 114: ...ble The command disables enables the trunk on the specific trunk group configure link aggregation GROUP_ID interface PORTLISTS The command adds ports to a specific trunk group configure no link aggreg...

Страница 115: ...e IEEE 802 3ad standard describes the Link Aggregation Control Protocol LACP for dynamically creating and managing trunk groups When you enable LACP link aggregation on a port the port can automatical...

Страница 116: ...specific group or all groups enable show lacp internal GROUP_ID This command displays the LACP internal information for the specific group or all groups enable show lacp neighbor GROUP_ID This comman...

Страница 117: ...range lacp port_priority 1 65535 This command configures the priority for the specific ports Note The default value is 32768 if range no lacp port_priority This command configures the default for the...

Страница 118: ...ority level Group LACP Select a trunk group ID and then select whether to Enable or Disable Group Link Aggregation Control Protocol for that trunk group Port Priority Select a port or a range of ports...

Страница 119: ...e neighbor Switch s system ID Port The direct connected port Id of the neighbor Switch Age The available time period of the neighbor Switch LACP information Port State The direct connected port s stat...

Страница 120: ...rmation Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management Protocol SNMP Default Settin...

Страница 121: ...rt only rx only Receive the LLDP packet on the specific port configure interface range gigabitethernet1 0 PORTLISTS This command enters the interface configure node if range lldp agent disable enable...

Страница 122: ...information Port The port range which you want to configure State Enables disables the LLDP on these ports LLDP Status Port The Port ID State The LLDP state for the specific port Parameter Description...

Страница 123: ...the loop detection is enabled the Switch will send one probe packets every two seconds and then listen this packet If it receives the packet at the same port the Switch will disable this port After t...

Страница 124: ...the loop detection on the port interface no shutdown This command enables the port It can unblock port blocked by loop detection interface loop detection recovery disable enable This command enables d...

Страница 125: ...uard protection State Select Enable to use the loop guard feature on the Switch Loop Recovery Select Enable to reactivate the port automatically after the designated recovery time has passed Recovery...

Страница 126: ...ot support now Internal Bits or Physical Coils 1 Read Coils Not support now Word access 16 bit access Physical Input Registers 4 Read Input Registers Physical Output Registers 3 Read Holding Registers...

Страница 127: ...ord 5 Hi byte Word 5 Lo byte 1 Word 6 Hi byte Word 6 Lo byte 0 Word 7 Hi byte Word 7 Lo byte S Word 8 Hi byte 0 Word 8 Lo byte 0 0x0060 16 words ASCII Firmware Release Date Mon Sep 30 18 51 45 2013 0x...

Страница 128: ...Word 5 Hi byte Word 5 Lo byte 0 0x0400 to 0x0413 port 1 to 10 2 words HEX Port 1 to 10 Tx Packets Ex port 1 Tx Packet Amount 0x87654321 Word 0 8765 Word 1 4321 0x0440 to 0x0453 port 1 to 10 2 words H...

Страница 129: ...Port of the Xpress ring2 Word 0 Hi byte Port ID 0x051b 1 word HEX Secondary Port of the Xpress ring2 Word 0 Hi byte Port ID 0x051c 1 word HEX Role of Xpress ring1 0x0000 Forwarder 0x0001 Arbiter 0x051...

Страница 130: ...ith a midspan power supply The original IEEE 802 3af 2003 PoE standard provides up to 15 4 W of DC power minimum 44 V DC and 350 mA to each device Only 12 95 W is assured to be available at the powere...

Страница 131: ...egory 3 and Category 5 Category 5 Supported modes Mode A endspan Mode B midspan Mode A Mode B Mode A and Mode B operating simultaneously Power Devices Power levels available Class Usage Classification...

Страница 132: ...nd status enable show poe schedule port PORT_ID This command displays the PoE port schedule configurations configure poe disable enable This command disables or enables the global PoE for the Switch c...

Страница 133: ...PD Port Selects a port or a range of ports that you want to configure the PoE function State Selects Enable to enable the PoE function on the specific port Selects Disable to disable the PoE function...

Страница 134: ...If the global state configuration is disabled The Switch will not perform the schedule function If the global state is enabled the Switch will check every port s configurations If the port s check con...

Страница 135: ...n Tue Wed Thu Fri Sat check yes no This command enables or disables the PoE schedule on the specific day interface poe schedule week Sun Mon Tue Wed Thu Fri Sat start time VALUE end time VALUE action...

Страница 136: ...fault 15 range 3 120 sec Start up Time sec When PD has been start up the Switch will wait Start up time to do PoE Auto Checking Default 60 range 30 600 sec Interval Time sec Device will send checking...

Страница 137: ...command configures the retry times when no response from the host for the keep a live probe packet for the specific port Interface pd alive power off time VALUE startup time VALUE This command config...

Страница 138: ...1 4 Power Delay 6 11 4 1 Introduction The Power Delay allows the user to setting the delay time of power providing after device rebooted 6 11 4 2 CLI Configuration Node Command Description enable show...

Страница 139: ...or the specific ports Time The delay time for the specific ports Apply Click Apply to take effect the settings Refresh Click Refresh to begin configuring this screen afresh Power Delay Status Port The...

Страница 140: ...on Node Command Description enable show ip forwarding status This command displays the current configuration of the ip forwarding status enable show ip routes all ipv4 ipv6 This command displays the c...

Страница 141: ...interface route from the interface vlan This command deletes all dependent static routes on the specified IPv4 interface route If there is no assigned IP addresses for the specified interface after de...

Страница 142: ...22 33 44 55 Assigning a IPv4 IPv6 interface router This command is used to add an IPv4 IPv6 interface route to a interface vlan L2SWITCH config interface vlan 1 L2SWITCH config if vlan l3 L2SWITCH co...

Страница 143: ...es disables the route to act as an ARP proxy globally IPv4 ARP Table Adds a static IPv4 ARP entry in the ARP table Deletes a static IPv4 ARP entry from the ARP table IP The IP address for the entry MA...

Страница 144: ...figurations 6 13 STP 6 13 1 STP RSTP 6 13 1 1 Introduction R STP detects and breaks network loops and provides backup links between switches bridges or routers It allows a Switch to interact with othe...

Страница 145: ...cost to the root among the bridges connected to the LAN Forward Time Forward Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every...

Страница 146: ...l Equipment Corporation In the OSI model for computer networking STP falls under the OSI layer 2 Spanning tree allows a network design to include spare redundant links to provide automatic backup path...

Страница 147: ...ly to the forwarding state RSTP still continues to monitor the port for BPDUs in case a bridge is connected RSTP can also be configured to automatically detect edge ports As soon as the bridge detects...

Страница 148: ...her words Root Guard provides a way to enforce the root bridge placement in the network The Root Guard feature prevents a Designated Port from becoming a Root Port If a port on which the Root Guard fe...

Страница 149: ...time TIME max age TIME hello time TIME This command configures the bridge times forward delay max age hello time configure no spanning tree algorithm timer This command configures the default values...

Страница 150: ...res the port priority for the specific port Default 128 interface no spanning tree port priority This command configures the port priority to default for the specific port configure interface range gi...

Страница 151: ...hanges before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might resu...

Страница 152: ...idge which in turn determines the Root Hello Time Root Maximum Age and Root Forwarding Delay Pathcost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to a...

Страница 153: ...te of the STP function Role The port role Should be one of the Alternated Designated Root Backup None Status The port s status Should be one of the Discarding Blocking Listening Learning Forwarding Di...

Страница 154: ...us MAC address This is the MAC address of the current bridge Priority Priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric...

Страница 155: ...nces required to support a large number of VLANs Multiple Spanning Tree Regions For switches to participate in multiple spanning tree MST instances you must consistently configure the switches with th...

Страница 156: ...change in the IST instance and in all the MST instances active on that port Interoperability with 802 1D STP A switch running MSTP supports a built in protocol migration mechanism that enables it to i...

Страница 157: ...gure spanning tree mst hello time This command configures the hello time for the MSTP configure no spanning tree mst hello time This command resets the hello time for the MSTP The default hello time i...

Страница 158: ...revision This command resets the revision for the MSTP mst show current pending This command shows the MSTP configures Current the working configurations Pending the not applied configurations Specif...

Страница 159: ...Protocol RSTP Rapid Spanning Tree Protocol MSTP Multiple Spanning Tree Protocol Configuration Parameters Region Name Configures the region name for the Switch Revision Configures the revision for the...

Страница 160: ...ata loops might result The allowed range is 4 to 30 seconds Hello Time This is the time interval in seconds between BPDU Bridge Protocol Data Units configuration message generations by the root switch...

Страница 161: ...with the highest priority lowest numeric value becomes the STP root switch If all switches have the same priority the switch with the lowest MAC address will then become the root switch Enter a value...

Страница 162: ...BPDU filter function for the specific port BPDU Guard Enables Disables the BPDU guard function for the specific port ROOT Guard Enables Disables the BPDU root guard function for the specific port Por...

Страница 163: ...conds the Switch can wait without receiving a configuration message before attempting to reconfigure Hello Time This is the time interval in seconds at which the root switch transmits a configuration...

Страница 164: ...locked port will be set to forwarding state Default Settings Xpress Ring Configurations The global Xpress Ring state is Disabled Ring 1 State Disabled Destination MAC 01 80 c2 ff ff f0 Role Forwarder...

Страница 165: ...port configure xpress ring ring RING1 RING2 secondary port PORTID This command configures the secondary port for the ring on the Switch Notice If the global xpress ring is disabled or ring state is di...

Страница 166: ...r two Xpress Ring Every Switch can be a Forwarder or Arbiter in an Xpress Ring The two adjacent Xpress Rings should not use a same destination multicast MAC If you want to enable the STP RSTP and Xpre...

Страница 167: ...HCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database which is also referred to a...

Страница 168: ...rce MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of th...

Страница 169: ...LAN states When the global state is disabled the DHCP Snooping on the Switch is disabled even per VLAN states are enabled When the global state is enabled user must enable per VLAN states to enable th...

Страница 170: ...st 7 1 1 2 CLI Configuration Node Command Description enable show dhcp snooping This command displays the current DHCP snooping configurations configure dhcp snooping disable enable This command disab...

Страница 171: ...oping vlan 1 L2SWITCH config interface 1 0 1 L2SWITCH config if dhcp snooping trust 7 1 1 3 Web Configuration DHCP Snooping Parameter Description State Select Enable to use DHCP snooping on the Switch...

Страница 172: ...the VLAN IDs that have DHCP snooping enabled on them This will display None if no VLANs have been set Port Settings Parameter Description Port Select a port number to modify its maximum host count Tr...

Страница 173: ...users to configure up to three valid DHCP servers If no DHCP servers are configured it means all DHCP server are valid 7 1 1 4 2 CLI Configuration Node Command Description enable show dhcp snooping se...

Страница 174: ...ss and VLAN ID Each MAC address and VLAN ID can only be in one static binding If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding the new static b...

Страница 175: ...ng entry MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease Hour This field displays h...

Страница 176: ...g Port This field displays the port number in the binding If this field is blank the binding applies to all ports Type This field displays how the Switch learned the binding Static This binding was le...

Страница 177: ...ed ports are connected to subscribers Configurations Users can enable disable the ARP Inspection on the Switch Users also can enable disable the ARP Inspection on a specific VLAN If the ARP Inspection...

Страница 178: ...function on a VLAN or range of VLANs interface arp inspection trust This command configures the trust port for the specific port interface no arp inspection trust This command configures the un trust...

Страница 179: ...d Enabled on VLAN This field displays the VLAN IDs that have ARP Inspection enabled on them This will display None if no VLANs have been set Trusted Ports This field displays the ports which are trust...

Страница 180: ...the age time for the ARP inspection MAC filter entry configure clear arp inspection mac filter This command clears all of entries in the filter table configure no arp inspection mac filter mac MACADD...

Страница 181: ...les to reject packets from the specific ingress ports or all ports These rules will check the packets source MAC address and destination MAC address If packets match these rules the system will do the...

Страница 182: ...u can specify the type ipv4 or ipv6 configure no access list STRING This command deletes an access control profile acl show This command displays the current access control profile acl action disable...

Страница 183: ...source ip host IPADDR This command configures the source IP address for the profile acl source ip IPADDR IPMASK This command configures the source IP address and mask for the profile acl no source ip...

Страница 184: ...filter a range of IP in the packets source IP or destination IP For example source ip 172 20 1 1 255 255 0 0 The command will filter source IP range from 172 20 0 0 to 172 20 255 255 Example L2SWITCH...

Страница 185: ...177 7 2 3 Web Configuration Parameter Description IP Type Selects IPv4 IPv6 type for the profile Profile Name The access control profile name...

Страница 186: ...figures the 802 1p for the profile Source IP Configures the source IP of the packets that you want to filter Mask of Source IP Configures the bitmap mask of the source IP of the packets that you want...

Страница 187: ...e being allowed to pass through security to the terminal With 802 1X port based authentication the supplicant provides credentials such as user name password or digital certificate to the authenticato...

Страница 188: ...rt the switch assigns clients to a guest VLAN when the switch does not receive a response to its EAP request identity frame or when EAPOL packets are not sent by the client Port Parameters Admin Contr...

Страница 189: ...rts The default port Guest VLAN is 0 for all ports Guest VLAN is disabled The default port Max req Time is 2 times for all ports The default port Reauth period is 3600 seconds for all ports The defaul...

Страница 190: ...onfigures the control direction for blocking packets interface dot1x default This command sets the port configuration to default settings interface dot1x max req 1 10 This command sets the max req tim...

Страница 191: ...wever only a certain number of accounts can exist at one time RADIUS is a security protocol used to authenticate users by means of an external server instead of an internal device user database that i...

Страница 192: ...s Server is down Global Status State This field displays if 802 1x authentication is Enabled or Disabled Authentication Method This field displays if the authentication method is Local or RADIUS Guest...

Страница 193: ...packets on the port when a user has not passed 802 1x port authentication Select In to drop only incoming packets on the port when a user has not passed 802 1x port authentication Re authentication S...

Страница 194: ...Reset to Default Select this and click Apply to reset the custom 802 1x port authentication settings back to default Apply Click Apply to add modify the settings Refresh Click Refresh to begin config...

Страница 195: ...g a switch or a hub to a port has implications It means that the network will have more traffic If a switch or a hub is connected by a user instead of an administrator then there are chances that loop...

Страница 196: ...nction for the specified ports if range port security limit VALUE This command configures the maximum MAC entries for the specified ports 7 4 3 Web Configuration Parameter Description Port Security Se...

Страница 197: ...189 State This field displays if Port Security is Enabled or Disabled Maximum MAC This field displays the maximum number of MAC addresses...

Страница 198: ...en the main power supply disconnect RPS ON The Switch will send alarm message when the redundant power supply disconnect 8 1 2 CLI Configuration Node Command Description enable show alarm info This co...

Страница 199: ...onfiguration Node Command Description enable show hardware monitor C F This command displays hardware working information Example L2SWITCH show hardware monitor C Temperature C Crent MAX MIN Threshold...

Страница 200: ...3 3 Web Configuration Parameter Description Port Select a port or a range of ports to display their statistics Rx Packets The field displays the received packet count Tx Packets The field displays the...

Страница 201: ...escription Port Select a port or a range of ports to display their RMON statistics Speed The current port speed Utilization The port traffic utilization Refresh Click this button to refresh the screen...

Страница 202: ...ction The SFP information allows user to know the SFP module s information such as vendor name connector type revision serial number manufacture date and to know the DDMI information if the SFP module...

Страница 203: ...de of optical connector type Vendor Name SFP vendor name Vendor PN Part Number Vendor rev Revision level for part number Vendor SN Serial number ASCII Date Code Manufacturing date code Notice If the f...

Страница 204: ...iguration Node Command Description enable show traffic monitor This command displays the traffic monitor configurations and current status configure traffic monitor disable enable This command enables...

Страница 205: ...This command enables disables the recovery function for the traffic monitor on the port if range traffic monitor recovery time VALUE This command configures the recovery time for the traffic monitor...

Страница 206: ...ket Rate Specify the packet rate which you want to monitor Recover State Enables disables the recovery function for the traffic monitor function on these ports Recovery Time Configures the recovery ti...

Страница 207: ...d to define the security parameters of SNMP clients in an SNMP v1 and SNMP v2c environments The default SNMP community is public for both SNMP v1 and SNMP v2c before SNMP v3 is enabled Once SNMP v3 is...

Страница 208: ...igures the location information for the system configure snmp system name STRING This command configures a name for the system The System Name is same as the host name configure snmp trap receiver IPA...

Страница 209: ...ent station An SNMP community string is a text string that acts as a password It is used to authenticate messages that are sent between the management station the SNMP manager and the device the SNMP...

Страница 210: ...g that acts as a password Right This field displays the community string s rights This will be Read Only or Read Write Network ID of Trusted Host This field displays the IP address of the remote SNMP...

Страница 211: ...ommand Description enable show snmp user This command displays all snmp v3 users enable show snmp group This command displays all snmp v3 groups enable show snmp view This command displays all snmp v3...

Страница 212: ...ch 9 1 3 2 Web Configuration SNMPv3 User Parameter Description User Name Enter the v3 user name Group Name Map the v3 user name into a group name Security Level Select the security level of the v3 use...

Страница 213: ...igure the settings Refresh Click Refresh to begin configuring this screen afresh SNMPv3 User Status User Name This field displays the v3 user name Group Name This field displays the group name which t...

Страница 214: ...w a group determines the list of notifications its users can receive default value is none Apply Click Apply to configure the settings Refresh Click Refresh to begin configuring this screen afresh SNM...

Страница 215: ...a v3 view 9 2 Auto Provision 9 2 1 Introduction Auto provision is a service that service provider can quickly easily and automatically configure remote device or doing firmware upgrade at remote side...

Страница 216: ...rwise do step 10 The naming is Model_Name _ with 12 bit MAC digits example for following is AW IHT 1270_00e04c8196b9 txt 9 If upgrade configutation succeeded and Specific_Configuration_Reboot 1 let re...

Страница 217: ...n no FTP user The command configurations the username and password to default 9 2 3 Web Configuration 9 3 Mail Alarm 9 3 1 Introduction The feature sends an e mail trap to a predefined administrator w...

Страница 218: ...ecure SSL SSL 995 Googlemail Gmail Server Authentication Port SMTP Server Outgoing Messages smtp gmail com SSL 465 smtp gmail com StartTLS 587 POP3 Server Incoming Messages pop gmail com SSL 995 Outlo...

Страница 219: ...figure mail alarm mail to This command configures the mail receiver configure mail alarm server ip IPADDR server port VALUE This command configures the mail server IP address and the TCP port configur...

Страница 220: ...urrent one Note The system will reboot automatically to take effect the configurations configure write memory This command writes current operating configurations to the configuration file configure a...

Страница 221: ...e switch L2SWITCH configure terminal L2SWITCH config interface eth0 L2SWITCH config if ip dhcp client enable L2SWITCH show config change status The user configuration file is default The configuration...

Страница 222: ...fault configurations The configuration status Display the configuration status of recorded in the NV RAM Notice If the user has changed any configurations the message displays The configurations have...

Страница 223: ...nction allows users to enable or disable the SSH or Telnet or Web service individual using the CLI or GUI 9 4 3 1 CLI Configuration Node Command Description enable show server status This command disp...

Страница 224: ...Enable or Disable to enable or disable the Telnet service SSH Server State Selects Enable or Disable to enable or disable the SSH service Apply Click Apply to configure the settings Refresh Click thi...

Страница 225: ...d displays the entire log message recorded in the Switch enable show syslog level LEVEL The command displays the log message with the LEVEL recorded in the Switch enable show syslog server The command...

Страница 226: ...Click Apply to add modify the settings Refresh Click Refresh to begin configuring this screen afresh 9 6 User Account 9 6 1 Introduction The Switch allows users to create up to 6 user account The user...

Страница 227: ...ileged mode admin admin Notices The Switch allows users to create up to 6 user account The user name and the password should be the combination of the digit or the alphabet The last admin user account...

Страница 228: ...te or normal read only for this user account Apply Click Apply to add modify the user account Refresh Click Refresh to begin configuring this screen afresh User Account List No This field displays the...

Отзывы:

Нет отзывов

Похожие инструкции для AW-IHT-1270

Бренд: N-Tron Страницы: 20

COOPER POWER SERIES

Бренд: Eaton Страницы: 16

Бренд: OEZ Страницы: 5

Бренд: Rack World Страницы: 4

Бренд: Vector Страницы: 3

Бренд: Tripp Lite Страницы: 80

Бренд: Key Digital Страницы: 20

Бренд: T1V Страницы: 2

Бренд: Eagle Страницы: 2

Бренд: StarTech.com Страницы: 2

Бренд: TRENDnet Страницы: 2

Бренд: J-Tech Digital Страницы: 13

Бренд: Zenith Страницы: 24

Бренд: GarrettCom Страницы: 12

Бренд: StarTech.com Страницы: 2

LMP-0602-24 Series

Бренд: ANTAIRA Страницы: 83

Бренд: TRENDnet Страницы: 2

Бренд: ITC Audio Страницы: 12

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды