manualshive.com logo in svg

Interlogix IFS NS3550-24T/4S, User Manual

The Interlogix IFS NS3550-24T/4S is a cutting-edge network switch - a reliable and high-performance solution for seamless data transmission. For a comprehensive understanding of its features and settings, users can conveniently access the detailed User Manual. It is available for free download at 88.208.23.73:8080, offering valuable resources at your fingertips.

Share
Download
background image

 

 
 

208

In Multi 802.1X it is not possible to use the multicast BPDU MAC address as 
destination MAC address for EAPOL frames sent from the switch towards the 
supplicant, since that would cause all supplicants attached to the port to reply to 
requests sent from the switch. Instead, the switch uses the supplicant's MAC 
address, which is obtained from the first EAPOL Start or EAPOL Response 
Identity frame sent by the supplicant. An exception to this is when no supplicants 
are attached. In this case, the switch sends EAPOL Request Identity frames using 
the BPDU multicast MAC address as destination - to wake up any supplicants that 
might be on the port. 
The maximum number of supplicants that can be attached to a port can be limited 
using the Port Security Limit Control functionality.  

MAC-based Auth. 

Unlike port-based 802.1X, MAC-based authentication is not a standard, but 
merely a best-practices method adopted by the industry. In MAC-based 
authentication, users are called clients, and the switch acts as the supplicant on 
behalf of clients. The initial frame (any kind of frame) sent by a client is snooped 
by the switch, which in turn uses the client's MAC address as both username and 
password in the subsequent EAP exchange with the RADIUS server. The 6-byte 
MAC address is converted to a string on the following form "xx-xx-xx-xx-xx-xx", 
that is, a dash (-) is used as separator between the lower-cased hexadecimal 
digits. The switch only supports the MD5-Challenge authentication method, so the 
RADIUS server must be configured accordingly. 
When authentication is complete, the RADIUS server sends a success or failure 
indication, which in turn causes the switch to open up or block traffic for that 
particular client, using the Port Security module. Only then will frames from the 
client be forwarded on the switch. There are no EAPOL frames involved in this 
authentication, and therefore, MAC-based Authentication has nothing to do with 
the 802.1X standard. 
The advantage of MAC-based authentication over port-based 802.1X is that 
several clients can be connected to the same port (e.g. through a 3rd party switch 
or a hub) and still require individual authentication, and that the clients don't need 
special supplicant software to authenticate. The advantage of MAC-based 
authentication over 802.1X-based authentication is that the clients don't need 
special supplicant software to authenticate. The disadvantage is that MAC 
addresses can be spoofed by malicious users-equipment whose MAC address is 
a valid RADIUS user can be used by anyone. Also, only the MD5-Challenge 
method is supported. The maximum number of clients that can be attached to a 
port can be limited using the Port Security Limit Control functionality. 

 

RADIUS-Assigned QoS 
Enabled 

When RADIUS-Assigned QoS is both globally enabled and enabled (checked) for 
a given port, the switch reacts to QoS Class information carried in the RADIUS 
Access-Accept packet transmitted by the RADIUS server when a supplicant is 
successfully authenticated. If present and valid, traffic received on the 
supplicant's port will be classified to the given QoS Class. If (re-)authentication 
fails or the RADIUS Access-Accept packet no longer carries a QoS Class or it's 
invalid, or the supplicant is otherwise no longer present on the port, the port's QoS 
Class is immediately reverted to the original QoS Class (which may be changed 
by the administrator in the meanwhile without affecting the RADIUS-assigned). 
This option is only available for single-client modes, i.e. 

 Port-based 802.1X 

• Single 802.1X 
RADIUS attributes used in identifying a QoS Class: 

Refer to the written documentation for a description of the RADIUS attributes 
needed in order to successfully identify a QoS Class. The User-Priority-Table 
attribute defined in RFC4675 forms the basis for identifying the QoS Class in an 
Access-Accept packet. 
Only the first occurrence of the attribute in the packet will be considered, and to be 
valid, it must follow this rule: 

All 8 octets in the attribute's value must be identical and consist of ASCII 
characters in the range '0' - '3', which translates into the desired QoS Class in the 
range [0; 3]. 

 

RADIUS-Assigned 
VLAN Enabled 

-  When RADIUS-Assigned VLAN is both globally enabled and enabled 

(checked) for a given port, the switch reacts to VLAN ID information 
carried in the RADIUS Access-Accept packet transmitted by the 
RADIUS server when a supplicant is successfully authenticated. If 

Summary of Contents for IFS NS3550-24T/4S

Page 1: ...P N 1072569 REV 00 05 ISS 11OCT12 IFS NS3550 24T 4S User Manual ...

Page 2: ... authorized manufacturing representative UTC Fire Security B V Kelvinstraat 7 6003 DH Weert The Netherlands Certification N4131 FCC compliance This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a ...

Page 3: ...witch Front Panel 26 2 1 2 LED Indications 27 2 1 3 Switch Rear Panel 28 2 2 Install the Switch 29 2 2 1 Desktop Installation 29 2 2 2 Rack Mounting 30 2 2 3 Installing the SFP transceiver 31 2 2 4 Wiring the Power Input 34 2 2 5 Wiring the Digital Input Output 35 3 SWITCH MANAGEMENT 38 3 1 Requirements 38 3 2 Management Access Overview 39 3 3 Administration Console 39 3 4 Web Management 41 3 5 SN...

Page 4: ...ion Upload 73 4 2 19 Digital input output 74 4 2 20 Fault Alarm 75 4 2 21 Factory Default 77 4 2 22 System Reboot 78 4 3 Simple Network Management Protocol 79 4 3 1 SNMP Overview 79 4 3 2 SNMP System Configuration 80 4 3 3 SNMP System Information Configuration 81 4 3 4 SNMP Trap Configuration 81 4 3 5 SNMPv3 Configuration 84 4 3 5 1 SNMPv3 Communities Configuration 84 4 3 5 2 SNMPv3 Users Configur...

Page 5: ...ort Isolation Configuration 120 4 6 9 Private VLAN Membership Configuration 122 4 6 10 VLAN setting example 124 4 6 10 1 Two separate 802 1Q VLAN 124 4 6 10 2 VLAN Trunking between two 802 1Q aware switch 128 4 6 10 3 Port Isolate 129 4 7 Spanning Tree Protocol 132 4 7 1 Theory 132 4 7 2 STP Bridge Configuration 138 4 7 3 Bridge Status 140 4 7 4 CIST Port Configuration 140 4 7 5 MSTI Priorities 14...

Page 6: ...n 183 4 9 10 Voice VLAN OUI Table 185 4 10 Access Control Lists 186 4 10 1 Access Control List Status 187 4 10 2 Access Control List Configuration 188 4 10 3 ACE Configuration 189 4 10 4 ACL Ports Configuration 195 4 10 5 ACL Rate Limiter Configuration 196 4 11 Authentication 198 4 11 1 Understanding IEEE 802 1X Port Based Authentication 199 4 11 2 Authentication Configuration 202 4 11 3 Network A...

Page 7: ...2 Static MAC Table Configuration 252 4 13 3 MAC Address Table Status 252 4 13 4 MAC Table Learning 254 4 13 5 Dynamic ARP Inspection Table 255 4 13 6 Dynamic IP Source Guard Table 257 4 14 LLDP 259 4 14 1 Link Layer Discovery Protocol 259 4 14 2 LLDP Configuration 259 4 14 3 LLDPMED Configuration 262 4 14 4 LLDP MED Neighbor 267 4 14 5 Neighbor 269 4 14 6 Port Statistics 270 4 15 Network Diagnosti...

Page 8: ... 289 IP Setup 290 IP Ping 290 IP DNS 291 IP DNS Proxy 291 IPv6 AUTOCINFIG 292 IPv6 Setup 292 IPv6 Ping 293 IP NTP Configuration 294 IP NTP Mode 294 IP NTP Server Add 295 IP NTP Server IPv6 Add 295 IP NTP Server Delete 296 6 3 Port Management Command 298 Port Configuration 298 Port Mode 298 Port Flow Control 299 Port State 299 Port Maximum Frame 300 Port Power 300 Port SFP 301 Port Excessive 302 Po...

Page 9: ...4 VLAN Delete 315 VLAN Look up 315 VLAN Status 316 6 6 Private VLAN Configuration Command 317 PVLAN Configuration 317 PVLAN Add 318 PVLAN Delete 319 PVLAN Look up 320 PVLAN Isolate 320 6 7 Security Command 321 Security Switch User Configuration 321 Security Switch User Add 322 Security Switch User Delete 322 Security Switch Privilege Level Configuration 323 Security Switch Privilege Level Group 32...

Page 10: ...7 Security Switch SNMP Trap Destination 338 Security Switch SNMP Trap IPv6 Destination 338 Security Switch SNMP Trap Authentication Failure 339 Security Switch SNMP Trap Link up 339 Security Switch SNMP Trap Inform Mode 340 Security Switch SNMP Trap Inform Timeout 341 Security Switch SNMP Trap Inform Retry Times 341 Security Switch SNMP Trap Probe Security Engine ID 342 Security Switch SNMP Trap S...

Page 11: ...Configuration 358 Security Network NAS Mode 358 Security Network NAS State 359 Security Network NAS Reauthentication 359 Security Network NAS ReauthPeriod 360 Security Network NAS EapolTimeout 361 Security Network NAS Agetime 361 Security Network NAS Holdtime 362 Security Network NAS RADIUS_QoS 362 Security Network NAS RADIUS_VLAN 363 Security Network NAS Guest_VLAN 363 Security Network NAS Authen...

Page 12: ...79 Security Network IP Source Guard Entry 379 Security Network IP Source Guard Status 380 Security Network ARP Inspection Configuration 380 Security Network ARP Inspection Mode 381 Security Network ARP Inspection Port Mode 381 Security Network ARP Inspection Entry 382 Security Network ARP Inspection Status 382 Security AAA Configuration 383 Security AAA Timeout 384 Security AAA Deadtime 384 Securi...

Page 13: ...STP MSTI Port Priority 402 6 9 Multicast Configuration Command 403 IGMP Configuration 403 IGMP Mode 404 IGMP Leave Proxy 404 IGMP State 405 IGMP Querier 405 IGMP Fastleave 406 IGMP Throttling 407 IGMP Filtering 407 IGMP Router 408 IGMP Flooding 409 IGMP Groups 409 IGMP Status 409 6 10 Link Aggregation Command 411 Aggregation Configuration 411 Aggregation Add 411 Aggregation Delete 411 Aggregation ...

Page 14: ...uration 423 LLDPMED Civic 424 LLDPMED ECS 425 LLDPMED Policy Delete 425 LLDPMED Policy Add 426 LLDPMED Port Policy 427 LLDPMED Coordinates 427 LLDPMED Datum 428 LLDPMED Fast 428 LLDPMED Info 428 LLDPMED Debuge_med_transmit_var 429 6 14 Quality of Service Command 430 QoS Configuration 430 QoS Classes 430 QoS Default 431 QoS Tag Priority 431 QoS QCL Port 432 QoS QCL Add 432 QoS QCL Delete 433 QoS QC...

Page 15: ...n Load 442 6 17 Firmware Command 443 Firmware Load 443 Firmware IPv6 Load 443 6 18 UPnP Command 444 UPnP Configuration 444 UPnP Mode 444 UPnP TTL 445 UPnP Advertising Duration 445 6 19 MVR Command 446 MVR Configuration 446 MVR Group 446 MVR Status 447 MVR Mode 447 MVR Port Mode 448 MVR Multicast VLAN 448 MVR Port Type 449 MVR Immediate Leave 449 6 20 Voice VLAN Command 451 Voice VLAN Configuration...

Page 16: ...Command 462 Show ACL Configuration 462 Show Link Aggregation Configuration 462 Show IGMP Configuration 462 Show IP Configuration 462 Show LACP Configuration 463 Show LLDP Configuration 463 Show MAC Configuration 463 Show Mirror Configuration 463 Show PoE Configuration 463 Show Port Configuration 464 Show Private VLAN Configuration 464 Show QoS Configuration 464 Show SNMP Configuration 464 Show Sys...

Page 17: ...r_alr 471 7 SWITCH OPERATION 473 7 1 Address Table 473 7 2 Learning 473 7 3 Forwarding Filtering 473 7 4 Store and Forward 473 7 5 Auto Negotiation 474 8 TROUBLE SHOOTING 475 APPENDEX A 477 A 1 Switch s RJ 45 Pin Assignments 477 A 2 10 100Mbps 10 100Base TX 477 APPENDIX B Local User Access Level Table 479 APPENDEX C GLOSSARY 481 ...

Page 18: ... with high Port density Gigabit Fiber link capability and 19 rack mountable design It is specifically designed to operate stable in electrically harsh and the toughest environment with extended operating temperature ranges The NS3550 24T 4S is equipped with advanced management functions and provides 24 10 100 1000Base T copper ports and 4 shared 1000Base S LX SFP slots delivered in a rugged strong...

Page 19: ...on 6 network infrastructure speedily To fulfill the demand IFS releases the IPv6 management Gigabit Ethernet Switch It supports both IPv4 and IPv6 management functions It can work with original network structure IPv4 and also support the new network structure IPv6 in the future With easy and friendly management interfaces and plenty of management functions included the NS3550 24T 4S Managed Switch...

Page 20: ...e section explains how to manage the Managed Switch by Web interface Section 5 COMMAND LINE INTERFACE The section describes how to use the Command Line interface CLI Section 6 CLI CONFIGURATION The section explains how to manage the Managed Switch by Command Line interface Section 7 SWITCH OPERATION The chapter explains how to does the switch operation of the Managed Switch Section 8 TROUBSHOOTING...

Page 21: ...02 3x PAUSE frame flow control Full Duplex High performance of Store and Forward architecture broadcast storm control and runt CRC filtering eliminates erroneous packets to optimize the network bandwidth Storm Control support Broadcast Multicast Unknown Unicast Support VLAN IEEE 802 1Q Tagged VLAN Up to 255 VLANs groups out of 4094 VLAN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Privat...

Page 22: ...orts IGMP Snooping v1 v2 and v3 Querier mode support IGMP Snooping port filtering Multicast VLAN Registration MVR support Security IEEE 802 1x Port Based MAC Based network access authentication Built in RADIUS client to co operate with the RADIUS servers TACACS login users access authentication RADIUS TACACS users access authentication IP Based Access Control List ACL MAC Based Access Control List...

Page 23: ...k Layer Discovery Protocol LLDP Protocol Cable Diagnostic technology provides the mechanism to detect and report potential cabling issues Reset button for system reboot or reset to factory default IFS Smart Discovery Utility for deploy management ICMPv6 Redundant Power System 36 72V DC Dual power redundant Active active redundant power failure protection Backup of catastrophic power failure on one...

Page 24: ...5A Range 36V 72V DC ESD Protection 6KV DC DI DO 2 Digital Input DI Level 0 24 2 1V 0 1V Level 1 2 1 24V 0 1V Input Load Current 10mA max 2 Digital Output DO Open collector to 24VDC 100mA max load Layer 2 Function Port configuration Port disable enable Auto Negotiation 10 100 1000Mbps full and half duplex mode selection Flow Control disable enable Bandwidth control on each port Power saving mode co...

Page 25: ... 100Base TX 100Base FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1D Spanning tree protocol IEEE 802 1w Rapid Spanning tree protocol IEEE 802 1s Multiple Spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP RFC 768...

Page 26: ... Up to 100 meters Gigabit SFP slots 1000Base SX LX mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meters Multi mode fiber up to 10 30 50 70 kilometers Single mode fiber Console Port The console port is a DB9 RS 232 male serial port connector It is an interface for connecting a terminal directly Through the console port it provides rich diagnostic information includes IP Addr...

Page 27: ...he front panel LEDs indicates instant status of port links data activity and system power helps monitor and troubleshoot when needed Figure 2 2 shows the LED indications of these Managed Switch NS3550 24T 4S LED indication Figure 2 2 NS3550 24T 4S LED Panel System LED Color Function DC1 Green Illuminates to indicate that the Switch is powered on by DC1 input DC2 Green Illuminates to indicate that ...

Page 28: ... ACT LED Off indicates that the port is link down 1000Base SX LX SFP interfaces Shared Port 21 Port 24 LED Color Function Lights To indicate the link through that SFP port is successfully established LNK ACT Green Off To indicate that the SFP port is link down 2 1 3 Switch Rear Panel The rear panel of the Managed Switch indicates an AC inlet power socket which works with an input power range from ...

Page 29: ...550 24T 4S is the same with a GE DSSG 244 POE Step1 Attach the rubber feet to the recessed areas on the bottom of the Managed Switch Step2 Place the Managed Switch on the desktop or the shelf near an AC power source as shown in Figure 2 4 Figure 2 4 Place the Managed Switch on the Desktop Step3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a loc...

Page 30: ...lace the Managed Switch on a hard flat surface with the front panel positioned towards the front side Step2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 5 shows how to attach brackets to one side of the Managed Switch Figure 2 5 Attach Brackets to the Managed Switch You must use the screws supplied with the mounting brackets...

Page 31: ...bling and supply power to the Managed Switch 2 2 3 Installing the SFP transceiver The sections describe how to plug in an SFP transceiver into an SFP slot The SFP transceivers are hot swappable You can plug in and out the transceiver to from any SFP port without a need to shut the power down SFPs and fiber cables are plugged in as shown in Figure 2 7 Figure 2 7 Plug in the SFP Transceiver ...

Page 32: ...ot recognize it Before connect the other Managed Switches workstation or Media Converter 1 Make sure both sides use the same type of SFP transceiver for example 1000Base SX to 1000Base SX 1000Base LX to 1000Base LX 2 Check the fiber optic cable type match the SFP transceiver model To connect to 1000Base SX SFP transceiver use the Multi mode fiber cable with one side must be male duplex LC connecto...

Page 33: ... SFP port if the link failed Remove the transceiver module 1 Make sure there is no network activity Go through the management interface of the switch to disable the port in advance 2 Remove the Fiber Optic Cable gently 3 Turn the handle of the MGB module to the horizontal position 4 Pull out the module gently with the handle Figure 2 8 Pull out the SFP Transceiver Never pull out the module without...

Page 34: ... the power wire 1 Insert positive negative DC power wires into the contacts 1 and 2 for DC POWER 1 or 5 and 6 for DC POWER 2 Figure 2 9 Wiring the Redundant Power Inputs 2 Tighten the wire clamp screws to prevent the wires from loosening 1 2 3 4 5 6 DC 2 DC 1 Figure 2 10 6 Pin Terminal Block Power Wiring Input The wire gauge for the terminal block should be in the range between 12 24 AWG ...

Page 35: ... ground The 6 pin is unassigned Figure 2 11 Wiring the Redundant Power Inputs 2 Tighten the wire clamp screws for preventing the wires from loosing 1 2 3 4 5 6 DI0 DI1 DO0 DO1 GND GND Figure 2 12 6 Pin Terminal Block DI DO Wiring Input 3 There are two Digital Input groups for you to monitor two different devices The following topology shows how to wire DI0 and DI1 The required voltage of 2 digital...

Page 36: ...re are two Digital Output groups for you to be notified of if the NS3550 24T 4S port fails or power fails and issues a high or low signal to external device The following topology shows how to wire DO0 and DO1 Figure 2 14 Wiring DO0 and DO1 to Open Detector ...

Page 37: ...User s Manual of NS3550 24T 4S 37 ...

Page 38: ...on Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations of subscribers running Windows 98 ME NT4 0 2000 XP 2003 Vistsa MAC OS9 or later Linux UNIX or other platform compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Serial Port connection Terminal Above PC with COM Port DB9 RS 232 or USB ...

Page 39: ...r browsers Can be accessed from any location User friendly GUI Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on poor connections SNMP Agent Communicates with switch functions at the MIB level Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can...

Page 40: ...232 cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the following parameters The default parameters are 115200 bps 8 data bits No parity 1 stop bit Figure 3 2 Terminal Parameter Settings You can change these settings if desired after you log on This management method is often preferred because you can remain connected a...

Page 41: ...tandard browser such as Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch Figure 3 3 Web Management Diagram You can then use your Web browser to list and manage the Managed Switch configuration parameters from one central location ju...

Page 42: ...nd the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default gets and sets communit...

Page 43: ...va Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 1...

Page 44: ...100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen is shown in Figure 4 1 2 Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen is shown in Figure 4 1 3 ...

Page 45: ...the commands and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch 2 Since the changed IP address take effect immediately after you click on the Save button you need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this first setup 4 The Switch only ac...

Page 46: ...terface to configure and manage it Figure 4 1 4 Main Page Panel Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ 45 Ports SFP Ports Main Functions ...

Page 47: ...nage and control the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can setup the Managed Switch by select the functions those listed in the Main Function The screen is shown in Figure 4 1 5 Figure 4 1 5 NS3550 24T 4S Managed Switch Main Functions Menu ...

Page 48: ... displays the CPU load using a SVG graph System Log The switch system log information is provided here Detailed Log The switch system detailed log information is provided here Remote Syslog Configure remote syslog on this page Web Firmware Upgrade This page facilitates an update of the firmware controlling the switch TFTP Firmware Upgrade Upgrade the firmware via TFTP server Configuration Backup Y...

Page 49: ...ollowing fields Object Description Contact The system contact configured in Configuration System Information System Contact Name The system name configured in Configuration System Information System Name Location The system location configured in Configuration System Information System Location MAC Address The MAC Address of this switch Power Status Indicate DC power supply input of this switch Te...

Page 50: ...n Fill up the IP Address Subnet Mask and Gateway for the device The screen is shown in Figure 4 2 2 Figure 4 2 2 IP Configuration Page Screenshot The Current column is used to show the active IP configuration Object Description DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is n...

Page 51: ... used to view or change the IPv6 configuration The Current column is used to show the active IPv6 configuration The screen is shown in Figure 4 2 3 Figure 4 2 3 IPv6 Configuration Page Screenshot The page includes the following fields Object Description Auto Configuration Enable IPv6 auto configuration by checking this box If fails the configured IPv6 address is zero The router may delay respondin...

Page 52: ...ol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 VLAN ID Provide the managed VLAN ID The allowed range is 1 through 4095 Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 4 ...

Page 53: ...the following fields Object Description Username Display Username of the Managed Switch Access Level Display the access level of the Managed Switch Edit Provide edit current specific user setting Add New User Provide add new user setting of the Managed Switch the web screen is shown in Figure 4 2 5 appears ...

Page 54: ...el of the Managed Switch the available options are Master Admin Master Viewer IT Admin IT Viewer Security Admin Security Viewer Assign Change Password Assign password for the Managed Switch Reconfirm Password Input password again to confirm setting Apply Press this button to take affect Delete User Delete the current user This button is not available for new configurations Add new user Once the ne...

Page 55: ...you forget the password Please press the Reset button in the front panel of the Managed Switch over 10 seconds and then release the current setting includes VLAN will be lost and the Managed Switch will restore to the default mode The preset user priorities for each function is listed under the section titled Appendix B ...

Page 56: ...ord The screen is shown in Figure 4 2 7 Figure 4 2 7 Privilege Levels Configuration Page Screenshot t The page includes the following fields Object Description Group Name The name identifying the privilege group In most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contains more than one The following description defines these privilege level grou...

Page 57: ...System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every privilege level group has an authorization level for the following sub groups configuration read only configuration execute read write status statistics read only and status statistics r...

Page 58: ...en the clients and the server when they are not on the same subnet domain Disabled Disable NTP mode operation Timezone Allow select the time zone according to current location of switch Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff...

Page 59: ...atically to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this ...

Page 60: ... specific information into DHCP request packet when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 Remote ID opti...

Page 61: ...d to transfer DHCP messages between the clients and the server when they are not on the same subnet domain Relay Information Mode Indicates the DHCP relay information mode option operation Possible modes are Enabled Enable DHCP relay information mode operation When enable DHCP relay information mode operation the agent insert specific information option 82 into a DHCP message when forwarding to DH...

Page 62: ...ption was missing Receive Missing Remote ID The packets number that received packets which Remote ID option was missing Receive Bad Circuit ID The packets number that the Circuit ID option did not match known the circuit ID Receive Bad Remote ID The packets number that the Remote ID option did not match the known Remote ID Client Statistics Object Description Transmit to Client The number of packe...

Page 63: ...r packets that dropped received packets with relay agent information option Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page any changes made locally will be undone Clear all statistics ...

Page 64: ...upport the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen is shown in Figure 4 2 13 Figure 4 2 13 CPU Load Page Screenshot Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals If your browser ...

Page 65: ...ing level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system logging entry Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page any changes made locally will be undone Clear all statistics Hide the statistics Download the statistics Upda...

Page 66: ...fields Object Description ID The ID 1 of the system log entry Message The message of system logging entry Buttons Click to refresh the page any changes made locally will be undone Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entry currently displayed Updates the system log entries starting from the last entry currently ...

Page 67: ...ode Indicates the remote syslog mode operation Possible modes are Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation Syslog Server IP Fill in your remote syslog server IP address Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 14 SMTP Configure This page facilitates a SMTP Configure the switch The...

Page 68: ...ed when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type the sender s E mail address This address is used for reply e mails E mail Subject Type the subject title of the e mail E mail 1 To E mail 2 To Type the receiver s e mail addre...

Page 69: ...page the system would pop up the file selection menu to choose firmware 4 Select the firmware file then click the Software Upload Progress would show the file upload status 5 Once the software be loaded to the system successfully the following screen The system will load the new software after reboot Figure 4 2 19 Software successfully Loaded Notice Screen DO NOT Power OFF the Managed Switch until...

Page 70: ... 4 2 20 TFTP Firmware Update Page Screenshot The page includes the following fields Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmware 1 DO NOT Turn OFF Power the Managed Switch until the update progress is complete 2 Do not quit the Firmware Upgrade page without press th...

Page 71: ...h ports Module tags ip mac port etc These tags identify a module controlling specific parts of the configuration Group tags port_table vlan_table etc These tags identify a group of parameters typically a table Parameter tags mode entry etc These tags identify parameters for the specific section module and group The entry tag is used for table entries Configuration parameters are represented as att...

Page 72: ...72 Figure 4 2 22 File Download Screen 2 Chose the file save path in management workstation Figure 4 2 23 File Save Screen ...

Page 73: ...Configuration Upload Page Screenshot Configuration Upload 1 Click the button of the main page the system would pop up the file selection menu to choose saved configuration The Configuration screen is shown in Figure 4 2 25 Figure 4 2 25 Windows File Selection Menu Popup 2 Select on the configuration file then click the bottom of the browser shows the upload status 3 After the upload process is fin...

Page 74: ... 2 26 Windows File Selection Menu Popup The page includes the following fields Object Description Enable Checks the Enable checkbox will enable Digital Input output function Unchecks the Enable checkbox will disable Digital input output function Trigger As Digital Input Allows user selecting to High to Low or Low to High This is means a signal received by system is from High to Low or From Low to ...

Page 75: ...lows user to choose which port want to be monitored Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 20 Fault Alarm The Fault Relay Alarm function provides the Power Failure and Port Link Down Broken detection With both power input 1 and power input 2 installed and the check boxes of power 1 power 2 ticked the FAULT LED indicator will t...

Page 76: ...NMP Trap or SMTP As default SNMP Trap and SMTP are disabled please enable them first if you want to issue alarm message via them Action Allows user to monitor and alarm from port fail or power fail Power Alarm Allows user to choose which power module want to be monitored Port Alarm Allows user to choose which port want to be monitored Buttons Click to save changes Click to undo any changes made lo...

Page 77: ...lick to return to the Port State page without resetting the configuration After the Reset button is pressed and the device is rebooted the system will load the default IP settings as following Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 The other setting value is back to disable or none To reset the Managed Switch to the Factory default setting you can ...

Page 78: ... Once the Reboot button is pressed the user will have to re login the WEB interface about 60 seconds later The System Reboot screen is shown in Figure 4 2 29 Figure 4 2 29 System Reboot Page Screenshot Buttons Click to reboot the system Click to return the Port State page without reboot the system ...

Page 79: ...n a virtual information store Collections of related managed objects are defined in specific MIB modules network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol SNMP Operations SNMP itself is a simple request response protocol NMSs can send multiple requests without rec...

Page 80: ...munity read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMPv1 and SNMPv2c SNMPv3 is using USM for authentication and privacy and the community string will associated with SNMPv3 communities table Write Community Indicates the community writes access string to permit access...

Page 81: ...y assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Location The phy...

Page 82: ...eparate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Trap Authentication Failure Indicates the SNMP entity is permitted to generate authentication failure traps Possible modes...

Page 83: ...User s Manual of NS3550 24T 4S 83 Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 84: ...mmunity Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Source IP Indicates the SNMP access source address Source Mask Indicates the SNMP access source address mask Buttons Click to add a new community entry Click to save changes Click to undo any changes made locally and reve...

Page 85: ...hentication protocol that this entry should belong to Possible authentication protocol are None None authentication protocol MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if entry already existed That means must first ensure that the v...

Page 86: ...or SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from...

Page 87: ...excluded An optional flag to indicate that this view subtree should be excluded General if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID subtree overstep the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital n...

Page 88: ... Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy Read View Name The name of the MIB is view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the all...

Page 89: ... SFP Module Information Display SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This page displays current port configurations Ports can also be configured here The port settings relate to the currently selected unit as reflected by the page header The table has one row for each port on the selected switch in the and a number of columns which are...

Page 90: ... Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 byt...

Page 91: ...n Figure 4 4 2 Figure 4 4 2 Port Statistics Overview Page Screenshot The displayed counters are Object Description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per por...

Page 92: ...it as reflected by the page header The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit The Detailed Port Statistics screen is shown in Figure 4 4 3 Figure 4 4 3 Detailed Port Statistics Port 1 Page Screenshot The page includes the following fields Receive Total and Transmit Total Object Descriptio...

Page 93: ...pped due to lack of receives buffers or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short 1 frames received with valid CRC Rx Oversize The number of long2 frames received with valid CRC Rx Fragments The number of short 1 frames received with invalid CRC Rx Jabber The number of long2 frames received with invalid CRC Rx Fil...

Page 94: ...Screenshot The page includes the following fields Object Description Type Display the type of current SFP module the possible types are 1000Base SX 1000Base LX 100Base FX Speed Display the spedd of current SFP module the speed value or description is get from the SFP module Different vendors SFP modules might shows different speed information Wave Length nm Display the wavelength of current SFP mo...

Page 95: ...an be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Figure 4 4 5 Port Mirror application The traffic to be copied to the mirror port i...

Page 96: ...96 Figure 4 4 6 Port Mirror Configuration Page Screenshot ...

Page 97: ...his switch Port The logical port for the settings contained in the same row Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transmitted nor received are mirrored Mode Enabled Frames recei...

Page 98: ...manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supports the following Aggregation links Static LAGs Port Trunk Force agg...

Page 99: ...added or deleted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole Enable the link aggregation prior to connecting any cable between the switches to avoid creating a data loop Disconnect all link aggregation port cables or disable the link aggregation ports before removing a port link aggregation to avoid creating a data loop It allows a maximum of 16...

Page 100: ... MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the frame Ch...

Page 101: ...w Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons Click to save changes Click to undo any changes made locally and rever...

Page 102: ... each other to discover automatically whether any ports are member of the same LAG This page allows the user to inspect the current LACP port configurations and possibly change them as well The LACP port settings relate to the currently selected unit as reflected by the page header The LACP Port Configuration screen is shown in Figure 4 5 4 Figure 4 5 4 LACP Port Configuration Page Screenshot ...

Page 103: ...can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot The default setting is Auto Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to Buttons Click to save changes Click to undo any changes made locally an...

Page 104: ...r System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local Ports Shows which ports are a part of this aggregation for this switch Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular inte...

Page 105: ...enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GL...

Page 106: ...k this box to enable an automatic refresh of the page at regular intervals 4 5 5 LACP Port Statistics This page provides an overview for LACP statistics for all ports The LACP statistics screen is shown in Figure 4 5 7 Figure 4 5 7 LACP Port Statistics Page Screenshot ...

Page 107: ...s have been sent from each port LACP Received Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page immediately Clears the counters for all ports ...

Page 108: ...2 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unaware 3 The Switch s default is to assign all ports to a single 802 1Q VLAN named DEFAULT_VLAN As new VLAN is created the member ports assigned to the new VLAN will be removed from the DEFAULT_ VLAN port member list The DEFAULT_VLAN has a VID 1 This se...

Page 109: ...ast multicast and unicast packets from unknown sources VLAN can also provide a level of security to your network IEEE 802 1Q VLAN will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recognize VLAN tags in packet headers The tagg...

Page 110: ...th the VLAN information intact This allows 802 1Q VLAN to span network devices and indeed the entire network if all network devices are 802 1Q compliant Every physical port on a switch has a PVID 802 1Q ports are also assigned a PVID for use within the switch If no VLAN are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the ...

Page 111: ... or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be st...

Page 112: ... Display the current VLAN mode used by this Managed Switch Port Based IEEE 802 1Q VLAN Maximum VLAN ID Maximum VLAN ID recognized by this Managed Switch Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this Managed Switch Current number of VLANs Display the current number of VLANs VLAN Learning Display the VLAN learning mode The Managed Switch supports IVL IVL In...

Page 113: ...er that the PVID is only used internally within the Switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant network device Frame Income Frame Leave Income Frame is tagged Income Frame is untagged Leave port is tagged Frame remains tagged Tag is inserted Leave port is untagged Tag is removed Frame remain untagged Table 4 6 1 Ingress Egress port with VLAN ...

Page 114: ... tag is stripped and the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service provider tags In cases where a given service VLAN only has two...

Page 115: ...LAN group or the untagged traffic will be dropped Ingress Filtering Enable ingress filtering for a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded By default ingress filtering is disabled no checkmark Accept Frame Type Determines whether the port a...

Page 116: ...AN mode This is the default MAN Port Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider network Customer Port Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network Set Out layer VLAN tag ether type The Tag Protocol Identifier TPID specifies the ...

Page 117: ...udes the following fields Object Description Delete To delete a VLAN entry check this box VLAN ID Indicates the ID of this particular VLAN Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding...

Page 118: ...ed by a Combo Box When ALL VLAN Users is selected it shall show this information for all the VLAN Users and this is the default VLAN membership allows the frames Classified to the VLAN ID to be forwarded to the respective VLAN member ports VLAN User A VLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID...

Page 119: ...ervals Click to refresh the page immediately 4 6 7 VLAN Port Status for User Static This page provides VLAN Port Staus The VLAN Port Status for User Static screen is shown in Figure 4 6 5 Figure 4 6 5 VLAN Port Status for User Static Page Screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row ...

Page 120: ...N User A VLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID UVID Currently we support following VLAN CLI Web SNMP This are reffered as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server Voice VLAN Voice VLAN i...

Page 121: ...Isolated ports Ports from which traffic can only be forwarded to promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an i...

Page 122: ...t and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting 4 6 9 Private VLAN Membership Configuration In this menu the Private VLAN membership configurations for the switch can be monitored and modified private VLAN...

Page 123: ... Screenshot The page includes the following fields Object Description Delete To delete a VLAN entry check this box The entry will be deleted on all switch units during the next Save VLAN ID Indicates the ID of this particular VLAN Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make ...

Page 124: ...iagram shows how the Managed Switch handles Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLAN Each VLAN isolate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen is shown in Figure 4 6 8 appears and Table 4 6 2 describes the port configuration of the Managed Switches Figure 4 6 8 two separate VLAN Diagram...

Page 125: ...ransmit a tagged packet with VLAN Tag 2 enters Port 3 PC 1 and PC 2 will received the packet through Port 1 and Port 2 6 While the packet leaves Port 1 and Port 2 it will be stripped away it tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will be received the packet through...

Page 126: ...n VLAN members for VLAN 2 and VLAN 3 and Remove Specify Ports from VLAN 1 Member It s import to remove the VLAN members from VLAN 1 configuration Or the ports would become overlap setting About the overlapped VLAN configuration see next VLAN configure sample 4 Assign PVID for each port Port 1 Port 2 and Port 3 PVID 2 Port 4 Port 5 and Port 6 PVID 3 Port 7 Port 24 PVID 1 5 Enable VLAN Tag for speci...

Page 127: ...User s Manual of NS3550 24T 4S 127 Figure 4 6 10 Port 1 Port 6 VLAN Configuration ...

Page 128: ...fferent switches but they need to access with other switches within the same VLAN group The screen is shown in Figure 4 6 11 Setup steps 1 Create VLAN Group Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 ...

Page 129: ...e Public Area Member Assign 5 Specify Port 8 to be the 802 1Q VLAN Trunk port and the Trunking port must be a Tagged port while egress The Port 8 configuration as the following screen is shown in Figure 4 6 13 Figure 4 6 13 The Configuration of VLAN Trunk port That is although the VLAN 2 members Port 1 to Port 3 and VLAN 3 members Port 4 to Port 6 also belongs to VLAN 1 But with different PVID set...

Page 130: ...w you how to configure the port for the server that could be accessed by each isolate port Setup steps 1 Assign Port Mode Set Port 1 Port 4 in Isolate port Set Port5 and Port 6 to Promiscuous port The screen is shown in Figure 4 6 15 ...

Page 131: ... 4S 131 Figure 4 6 15 The Configuration of Isolate and Promiscuous Port 2 Assign VLAN Member VLAN 1 Port 1 Port 2 Port 5 and Port 3 VLAN 2 Port 3 Port 6 The screen is shown in Figure 4 6 16 Figure 4 6 16 Private VLAN Port Setting ...

Page 132: ...link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the performance of the network if the Spanning T...

Page 133: ...d links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transitioned directly from a Blocking state to a Forwarding state could create temporary data loops Ports must wait for new network topology information to propag...

Page 134: ...y STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same wa...

Page 135: ...the root port 128 Port Cost A value used by STP to evaluate paths STP calculates path costs and selects the path with the minimum cost as the active path 200 000 100Mbps Fast Ethernet ports 20 000 1000Mbps Gigabit Ethernet ports 0 Auto Default Spanning Tree Configuration Feature Default Value Enable state STP disabled for all ports Port priority 128 Port cost 0 Bridge Priority 32 768 User Changeab...

Page 136: ...etwork problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure In this example STP breaks the loop by blocking the connection between switch B and C The decision to bloc...

Page 137: ...User s Manual of NS3550 24T 4S 137 Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used Figure 4 7 3 After Applying the STA Rules ...

Page 138: ...tem settings The settings are used by all STP Bridge instances in the Switch The Managed Switch support the following Spanning Tree protocols Compatiable Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree convergence without creating f...

Page 139: ...mission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Advanced Settings Object Description Edge Port BPDU Filtering Control whether a port configures explicitly as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port configures explicitly as Edge will disable itself upon reception of a BPDU The port will enter the error disable...

Page 140: ...t bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Last The time since last Topology Change occurred 4 7 4 CIST Port C...

Page 141: ...41 Figure 4 7 6 STP CIST Port Configuration Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical STP port STP Enabled Controls whether RSTP is enabled on this switch port ...

Page 142: ...CN If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning trees active topology as a result of persistent incorrectly learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causi...

Page 143: ...000 000 1 000 000 500 000 Fast Ethernet Half Duplex Full Duplex Trunk 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 10 000 5 000 Table 4 7 3 Default STP Path Costs 4 7 5 MSTI Priorities This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Priority screen is shown in Figure 4 7 7 Figure 4 7 7 MSTI Pri...

Page 144: ... Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 6 MSTI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Configuration screen is shown in Figure 4 7 8 Figure 4 7 8 MSTI Configuration Page Screenshot The page includes the following fields Co...

Page 145: ...AN can only be mapped to one MSTI A unused MSTI should just be left empty I e not having any VLANs mapped to it Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 7 MSTI Ports Configuration This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is ...

Page 146: ...146 Select MSTI Select the bridge instance and set more detail configuration Figure 4 7 10 MST1 MSTI Port Configuration Page Screenshot ...

Page 147: ...e active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Buttons Click to set MSTx configuration Click to refresh the page immediately Auto refresh Check this box to enable...

Page 148: ...port state can be one of the following values Disabled Blocking Learning Forwarding Non STP Uptime The time since the bridge port was last initialized Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 7 9 Port Statistics This page displays the STP port statistics counters for port physical ports in the curren...

Page 149: ...nsmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automa...

Page 150: ...uters that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of...

Page 151: ...User s Manual of NS3550 24T 4S 151 Figure 4 8 1 Multicast Service Figure 4 8 2 Multicast Flooding ...

Page 152: ... leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 0x11 Specific Group Membership Query...

Page 153: ... whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN an expl...

Page 154: ...ce requests on to any doing upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet ...

Page 155: ...al IGMP Snooping Unregistered IPMC Flooding enabled Enable unregistered IPMC traffic flooding Leave Proxy Enable Enable the leave proxy VLAN ID The VLAN ID of the entry Snooping Enabled Enable the per VLAN IGMP Snooping IGMP Querier Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each Querier s interval is 125 second an...

Page 156: ...outer Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port The Switch forwards IGMP join or leave packets to an IGMP router port Auto Select Auto to have the Managed Switch automatically use...

Page 157: ... saved values 4 8 4 VLAN Configuration Each page shows up to 999 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the start...

Page 158: ...ch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a request...

Page 159: ...t will be filtered Buttons Check to delete the entry Click to add a new entry to the Group Filtering table Click to save changes Click to undo any changes made locally and revert to previously saved values 4 8 6 IGMP Snooping Status This page provides IGMP Snooping status The status relate to the currently selected unit as reflected by the page header The IGMP Snooping Status screen is shown in Fi...

Page 160: ...rt Members The ports that are members of the entry Querier Status Show the Querier status is ACTIVE or IDLE Querier Transmit The number of Transmitted Querier Querier Receive The number of Received Querier V1 Reports Receive The number of Received V1 Reports V2 Reports Receive The number of Received V2 Reports V3 Reports Receive The number of Received V3 Reports V2 Leave Receive The number of Rece...

Page 161: ...fferent subnets even if they are on the same physical network Multicast VLAN Registration MVR routes packets received in a multicast source VLAN to one or more receive VLANs Clients are in the receive VLANs and the multicast server is in the source VLAN Multicast routing has to be disabled when MVR is enabled Refer to the configuration guide at Understanding Multicast VLAN Registration for more in...

Page 162: ...162 Figure 4 8 10 MVR Configuration Page Screenshot The page includes the following fields Object Description MVR Mode Enable Disable the Global MVR ...

Page 163: ... This page provides MVR status The MVR Status screen is shown in Figure 4 8 11 Figure 4 8 11 MVR Status Page Screenshot The page includes the following fields Object Description Group The present multicast groups Maximum are 128 groups in the multicast VLAN Port Members The ports that are members of the entry V1 Reports Receive The number of Received V1 Reports V2 Reports Receive The number of Rec...

Page 164: ...164 Buttons Click to refresh the page immediately Clears all Statistics counters Auto refresh Check this box to enable an automatic refresh of the page at regular intervals ...

Page 165: ...QoS Terminology Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP header that are encoded b...

Page 166: ...up Port Policies Group ports into several types according to different QCL policies Set up Typical Network Application Rules Set up the specific QCL for different typical network application quality control Set up ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets Set up VLAN Tag Priority Mapping Set up the traffic class ma...

Page 167: ...t as reflected by the page header The screen is shown in Figure 4 9 2 Figure 4 9 2 Set up Policy Rules Page Screenshot The page includes the following fields Object Description QCL ID Frames that hit this QCE are set to match this specific QCL Port Members A row of radio buttons for each port is displayed for each QCL ID To include a port in a QCL member click the radio button Buttons ...

Page 168: ...rd again Click to get more information 4 9 2 2 Set up Typical Network Application Rules Set up the specific QCL for different typical network application quality control STEP 1 Set up the specific QCL for different typical network application quality control by selecting the network application type for your rule The Set up Typical Network Application Rules screen is shown in Figure 4 9 3 ...

Page 169: ...itions are Ethernet Type Specify the Ethernet Type filter for this QCE The allowed range is 0x600 to 0xFFFF VLAN ID VLAN ID filters for this QCE The allowed range is 1 to 4095 UDP TCP Port Specify the TCP UDP port filter for this QCE The allowed range is 0 to 65535 DSCP Specify the DSCP filter for this QCE The allowed range is 0 to 63 Buttons Click to cancel the wizard Click to go back to the prev...

Page 170: ...hot The page includes the following fields Object Description QCL ID Select the QCL ID to which these QCEs apply Traffic Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Click to cancel the wizard Click to go back to the previous wizard step Click to continue the wizard ...

Page 171: ...e 4 9 5 Set up ToS Precedence Mapping Page Screenshot The page includes the following fields Object Description QCL ID Select the QCL ID to which this QCE applies ToS Precedence Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Click to cancel the wizard Click to go back to the previous wizard step Click to continue the wizard The QCL configuration wizard is fin...

Page 172: ...pping screen is shown in Figure 4 9 6 Figure 4 9 6 Set up VLAN Tag Priority Mapping Page Screenshot The page includes the following fields Object Description QCL ID Select the QCL ID to which this QCE applies VLAN Priority Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Click to cancel the wizard Click to go back to the previous wizard step ...

Page 173: ...S class This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS Class for the port The QoS Control List Configuration screen is shown in Figure 4 9 7 Figure 4 9 7 QoS Control List Configuration Page Screenshot The page includes the following fields Object Description QCL Select ...

Page 174: ... the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down the list Deletes the QCE The lowest plus sign adds a new entry at the bottom of the list of QCL 4 9 3 1 QoS Control Entry Configuration Configure a new QoS Control Entry on this page Frames can be classified by up to 4 different QoS classes are Low Normal Mediu...

Page 175: ...The port range allowed is from 0 to 65535 DSCP The allowed range is 0 to 63 ToS or Tag Priority do not have type value settings Traffic Class Select a traffic class of Low Normal Medium or High to apply to the QCE If the QCE type is ToS or Tag Priority there are 8 rows of traffic class that can be configured for each priority Buttons Click to save changes Click to undo any changes made locally and...

Page 176: ... Description Number of Classes Configure the number of traffic classes as 1 2 or 4 The default value is 4 Port The logical port for the settings contained in the same row Default Class Configure the default QoS class for the port that is the QoS class for frames not matching any of the QCEs in the QCL ...

Page 177: ...t Queue Weighted Setting Queue weighted Low Normal Medium High if the Queuing Mode is Weighted Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 5 Bandwidth Control Configure the switch port rate limit for Polices and Shapers on this page The settings relate to the currently selected unit as reflected by the page header The screen Bandwi...

Page 178: ...er The default value is Disabled Policer Rate Configure the rate for the port policer The default value is 500 This value is restricted to 500 1000000 when the Policer Unit is kbps and it is restricted to 1 1000 when the Policer Unit is Mbps Policer Unit Configure the unit of measure for the port policer rate as kbps or Mbps The default value is kbps Shaper Enabled Enable or disable the port shape...

Page 179: ...f the rate can be either pps packets per second or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen is shown in Figure 4 9 11 Figure 4 9 11 Storm Control Configuration Page Screenshot The page includes the following fields Object Description Frame Type The settings i...

Page 180: ...reenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Low Queue There are 4 QoS queues per port with strict or weighted queuing scheduling This is the lowest priority queue Normal Queue This is the normal priority queue of the 4 QoS queues It has higher priority than the Low Queue Medium Queue This is the medium priority...

Page 181: ... page at regular intervals 4 9 8 DSCP Remarking This page allows you to configure DSCP remarking related settings for each port Frames can be classified by 4 different QoS classes Low Normal Medium and High The classification can be controlled by Port QoS configuration page And this page is used to configure DSCP remarking The DSCP value of incoming frames will be changed according to its mapping ...

Page 182: ...arking Mode If the QoS remarking mode is set to enabled it should be with this DSCP remarking correction function according to RFC2474 on this port DSCP Queue Mapping Configure the mapping table between the queue and its DSCP value that is used for DSCP remarking if the DSCP value of incoming packets is not specified in RCF2474 Best Effort DSCP 0 CS1 DSCP 8 CS2 DSCP 16 CS3 DSCP 24 CS4 DSCP 32 ...

Page 183: ...ation The Voice VLAN feature enables the voice traffic forwarding on the Voice VLAN then the switch can classifying and scheduling to network traffic It is recommands there are two VLANs on a port one for voice one for data Before connect the IP device to the switch The IP phone should configure the voice VLAN ID correctly It should be configure through its own GUI The Voice VLAN Configuration scr...

Page 184: ...184 Figure 4 9 14 Voice VLAN Configuration Page Screenshot ...

Page 185: ...N traffic class All traffic on Voice VLAN will apply this class Port Mode Indicates the Voice VLAN port mode When the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port a...

Page 186: ...ormaly it describes which vendor telephony device The allowed string length is 0 to 32 Buttons Click to add a new access management entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 10 Access Control Lists ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or...

Page 187: ...the ACL user Ingress Port Indicates the ingress port of the ACE Possible values are Any The ACE will match any ingress port Policy The ACE will match ingress ports with a specific policy Port The ACE will match a specific ingress port Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an E...

Page 188: ...aximum number of ACEs is 128 Click on the lowest plus sign to add a new ACE to the list The Access Control List Configuration screen is shown in Figure 4 10 2 Figure 4 10 2 Access Control List Configuration Page Screenshot The page includes the following fields Object Description Ingress Port Indicates the ingress port of the ACE Possible values are Any The ACE will match any ingress port Policy T...

Page 189: ... Possible values are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits the ACE row Moves the ACE up th...

Page 190: ...ny The frame that hits this ACE is dropped Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 15 Disabled indicates that the rate limiter operation is disabled Port Copy Frames that hit the ACE are copied to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port copy operation is disabled Lo...

Page 191: ...s VLAN ID value Tag Priority Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is 0 to 7 The value Any means that no tag priority is specified tag priority is don t care ARP Parameters The ARP parameters can be configured when Frame Type ARP is selected Object Description ARP RARP Specify the available ARP RARP opcode OP flag for th...

Page 192: ...s allowed don t care Ethernet Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Any Any value is allowed don t care IP Parameters The IP parameters can be configured when Frame Type IPv4 is ...

Page 193: ...tation DIP Mask When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation ICMP Parameters Object Description ICMP Type Filter Specify the ICMP filter for this ACE Any No ICMP filter is specified ICMP filter status is don t care Specific If you want to filter a specific ICMP filter with this ACE you can enter a specific ICMP value A field fo...

Page 194: ...bers SYN value for this ACE 0 TCP frames where the SYN field is set must not be able to match this entry 1 TCP frames where the SYN field is set must be able to match this entry Any Any value is allowed don t care TCP PSH Specify the TCP Push Function PSH value for this ACE 0 TCP frames where the PSH field is set must not be able to match this entry 1 TCP frames where the PSH field is set must be ...

Page 195: ...reflected by the page header The ACL Ports Configuration screen is shown in Figure 4 10 4 Figure 4 10 4 ACL Ports Configuration page screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 1 through 8 The default value is 1 Action Select whether for...

Page 196: ...abled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled Counter Counts the number of frames that match this ACE Buttons Click to save changes Click to undo any c...

Page 197: ...e Limiter ID The rate limiter ID for the settings contained in the same row Rate The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 198: ...mplete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC base...

Page 199: ...ware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restricts u...

Page 200: ...which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device controls the physical access to the network based on the authentication status of the client The switch acts as an intermediary proxy between the client and the authentication server requesting identity information from the client verifying that information with the au...

Page 201: ...oes not receive an EAP request identity frame after three attempts to start authentication the client transmits frames as if the port is in the authorized state A port in the authorized state effectively means that the client has been successfully authenticated When the client supplies its identity the switch begins its role as the intermediary passing EAP frames between the client and the authent...

Page 202: ... allowed through the port If the authentication fails the port remains in the unauthorized state but authentication can be retried If the authentication server cannot be reached the switch can retransmit the request If no response is received from the server after the specified number of attempts authentication fails and network access is not granted When a client logs off it sends an EAPOL logoff...

Page 203: ...and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Configuration Security AAA page The IEE...

Page 204: ...204 Figure 4 11 4 Network Access Server Configuration Page Screenshot ...

Page 205: ...ee resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in 802 1X based mode this is not so criticial since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthenti...

Page 206: ...st VLAN When unchecked the ability to move to the Guest VLAN is disabled for all ports Guest VLAN ID This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid values are in the range 1 4095 Max Reauth Count The number of times that the switch transmits an EAPOL Request Identity frame withou...

Page 207: ... expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traff...

Page 208: ... a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user...

Page 209: ...ded The final value must be in the range 1 4095 Guest VLAN Enabled When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e Port based 802 1X Single 802 1X Multi 802 1X For trouble shooting VLAN assignments use the Monitor VLANs...

Page 210: ...are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules a reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediatel...

Page 211: ... administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID ...

Page 212: ... only Use the port select box to select which port details to be displayed The Network Access Statistics screen is shown in Figure 4 11 6 Figure 4 11 6 Network Access Statistics Page Screenshot The page includes the following fields Port State Object Description Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current ...

Page 213: ...uthEapolLogoffFr amesRx The number of valid EAPOL Logoff frames that have been received by the switch Rx Invalid Type dot1xAuthInvalidEapolF ramesRx The number of EAPOL frames that have been received by the switch in which the frame type is not recognized Rx Invalid Length dot1xAuthEapLengthErr orFramesRx The number of EAPOL frames that have been received by the switch in which the Packet Body Len...

Page 214: ...esses dot1xAuthBackendAuth Successes 802 1X and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Rx Auth Failures dot1xAuthBackendAuth Fails 802 1X and MAC based Counts the number of times that the switch receives a failure message This indicates that the supplicant client ha...

Page 215: ...populate the table select one of the attached MAC Addresses from the table below Port Counters Object Description Identity Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This col...

Page 216: ...02 1X Click to clear the counters for the selected port This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear only the currently selected client s counters 4 1...

Page 217: ...following fields Port State These setting are common for all of the Authentication Servers Object Description Timeout The Timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this timeframe we will consider it to be dead and ...

Page 218: ...ow applies Enabled Enable the RADIUS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Authentication Server IP address is expressed in dotted decimal notation Port The UDP port to use on the RADIUS Authentication Server If the port is set to 0 zero the default port 1812 is used on the RADIUS Authentication Server Secret The secret up to 29 cha...

Page 219: ... port is set to 0 zero the default port 49 is used on the TACACS Authentication Server Secret The secret up to 29 characters long shared between the TACACS Authentication Server and the switch Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 11 7 RADIUS Overview This page provides an overview of the status of the RADIUS servers configurab...

Page 220: ...only reachable when more than one server is enabled RADIUS Accounting Servers Object Description The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of this server State The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The...

Page 221: ...following fields RADIUS Authentication Servers The statistics map follows closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details Object Description RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Packet Counters Rx Ac...

Page 222: ... of RADIUS packets that were received from the server on the authentication port and dropped for some other reason Rx Packets Dropped radiusAuthClientExtP acketsDropped The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason Tx Access Requests radiusAuthClientExtA ccessRequests The number of RADIUS Access Request packets sent to ...

Page 223: ... milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Servers The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use...

Page 224: ...send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The ...

Page 225: ... the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at the Managed Switch s 802 1x system configuration 12345678 at this case 1 Configure the IP Address of remote RADIUS server and secret key Figure 4 11 10 RADIUS Server Configuration Page Screenshot 2 Add New RADIUS Cleint on the Windows 2003 server ...

Page 226: ...226 Figure 4 11 11 Windows Server add new RADIUS Client Setting 3 Assign the client IP address to the Managed switch Figure 4 11 12 Windows Server RADIUS Server setting ...

Page 227: ...User s Manual of NS3550 24T 4S 227 4 The shared secret key should be as same as the key configured on the Managed Switch Figure 4 11 13 Windows Server RADIUS Server Setting ...

Page 228: ...Configuration Figure 4 11 14 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then Figure 4 11 15 Windows 2003 AD server Setting Path ...

Page 229: ... Enter Active Directory Users and Computers create legal user data the next right click a user what you created to enter properties and what to be noticed Figure 4 11 16 Add User Properties Screen Figure 4 11 17 Add User Properties Screen ...

Page 230: ...0 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 G...

Page 231: ...cess control using IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type Figure 4 11 19 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue ...

Page 232: ...232 Figure 4 11 20 Windows Client Popup Login Request Message 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 21 ...

Page 233: ...imit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of four different as described below The Limit Control module is one of a range of modules that utilizes a lower la...

Page 234: ...234 Figure 4 12 1 Port Limit Control Configuration Overview Page Screenshot ...

Page 235: ...eriod the end host is assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration The table has one row for each port on the selected switch which are Object Description Port The port number for which the configuration below applies Mode Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Enabled for Limit Co...

Page 236: ...own Reopen Button If a port is shutdown by this module you may reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shutdown in the Action section Note that clicking the reopen button causes the page to be refreshed so non committed changes will be lost Buttons Click to refresh the page Note that non committed changes will be lost Click to sav...

Page 237: ...s the switch from TELNET SSH interface that the host IP address matched the entry Buttons Click to add a new access management entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 3 Access Management Statistics This page provides statistics for access management The Access Management Statistics screen is shown in Figure 4 12 3 Figure 4 12 3 ...

Page 238: ...irect web browser to HTTPS during HTTPS mode enabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 5 SSH Configure SSH on this page This page shows the Port Security status Port Security is a module with no direct configura...

Page 239: ...tatus This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whet...

Page 240: ...age Screenshot The page includes the following fields User Module Legend The legend shows all user modules that may request Port Security services Object Description User Module Name The full name of a module that may request Port Security services ...

Page 241: ...he limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port...

Page 242: ...ules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user module has decided to hold the MAC ...

Page 243: ...abled Enable DHCP snooping mode operation When enabled DHCP snooping the requested DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as ...

Page 244: ...s This page provides statistics for DHCP snooping The statistics only counter packet under DHCP snooping mode is enabled and relay mode is disabled And it doesn t count the DHCP packets for system DHCP client The DHCP Snooping Port Statistics screen is shown in Figure 4 12 9 Figure 4 12 9 DHCP Snooping Port Statistics Screen Page Screenshot ...

Page 245: ...Query The number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Unassigned The number of lease unassigned option 53 with value 11 packets received and transmitted Rx and Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx and Tx Lease Active The number of lease active option 53 with value 13 packets recei...

Page 246: ...ource Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard All configured ACEs will be lost when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port ...

Page 247: ... IP Source Guard Static Table This page provides Static IP Source Guard Table The Static IP Source Guard Table screen is shown in Figure 4 12 11 Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN I...

Page 248: ...s by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page provides ARP Inspection related configuration The ARP Inspection Configuration screen is shown in Figure 4 12 12 Figure 4 12 12 ARP Inspection Configuration Screen Page Screenshot The page includes the following fields ...

Page 249: ...vert to previously saved values 4 12 13 ARP Inspection Static Table This page provides Static ARP Inspection Table The Static ARP Inspection Table screen is shown in Figure 4 12 13 Figure 4 12 13 Static ARP Inspection TableScreen Page Screenshot The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port f...

Page 250: ...250 Click to undo any changes made locally and revert to previously saved values ...

Page 251: ...esses Dynamic entries are removed from the MAC table if there is no frame with the corresponding SMAC address has been seen after a configurable age time 4 13 1 MAC Address Table Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here The MAC Address Table Configuration screen is shown in Figure 4 13 1...

Page 252: ...elete the entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Buttons Click to add new entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 13 3 MAC Address Ta...

Page 253: ... Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the button to start o...

Page 254: ...th one or more device MAC addresses that are authorized to access the network through that port When port security is enabled on a port the Managed Switch stops learning new MAC addresses on the specified port and when it has reached a configured maximum number Only incoming traffic with source addresses already stored in the dynamic or static address table will be authorized to access the network...

Page 255: ...before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 13 5 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this pag...

Page 256: ...wing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over The page includes the following fields Object Description Port The port number for which the status applies Click the port number to see the status ...

Page 257: ...rd Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next looku...

Page 258: ...8 Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address Updates the table starting with the entry after the last entry currently displayed ...

Page 259: ... LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details L...

Page 260: ... frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Default 30 seconds This attribute must comply with the following rule Transmission Interval Hold Time Multiplier 65536 and Transmission Interval 4 Delay Interval Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information vali...

Page 261: ...ation received from neighbors CDP Aware Select CDP awareness The CDP operation is restricted to decoding incoming CDP frames The switch doesn t transmit CDP frames CDP frames are only decoded if LLDP for the port is enabled Only CDP TLVs that can be mapped into a corresponding field in the LLDP neighbors table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frame a...

Page 262: ...of the switch If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement The management address TLV may also include information about the specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address Buttons Click to save chan...

Page 263: ...cond interval will be transmitted when a LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including between Network Connectivity Devices or to other types of link...

Page 264: ...treet direction Leading street direction Example N Trailing street suffix Trailing street suffix Example SW Street suffix Street suffix Example Ave Platz House no House number Example 21 House no suffix House number suffix Example A 1 2 Landmark Landmark or vanity address Example Columbia University Additional location info Additional location info Example South Wing Name Name residence and office...

Page 265: ...rity value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 This network policy is potentially advertised and associated with multiple sets of application types supported on a given port The application types specifically addressed are 1 Voice 2 Guest Voice 3 Softphone Voice 4 Video Conferencing 5 Streaming Video 6 Control Signaling conditionally support a separate network p...

Page 266: ...ation type Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy Tag Tag indicating whether the specified application type is using a tagged or an untagged VLAN Unta...

Page 267: ...nectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 8...

Page 268: ...the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management LLDP MED Capabilities LLDP MED Capabilities describes the neighbor unit s LLDP MED capabilities The possible capabilities are 1 LLDP MED capabilities 2 Network Policy 3 Location Identification 4 Extended Power via MDI PSE 5 Ex...

Page 269: ... 0 through 7 DSCP DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 Contain one of 64 code point values 0 through 63 Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 14 5 Neighbor This page provides a status overview for all LLD...

Page 270: ...ability is followed by Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist the discovery by the network management This could for instance hold the neighbor s IP address Buttons Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 14 6 Port Statistics Thi...

Page 271: ...ge was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LLDP frames dropped due to that the entry table was full Total Neighbors Entries Aged Out Shows the number of entries deleted due to Time To Live expiri...

Page 272: ... given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Age...

Page 273: ...bles These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two status as follow If the link is established on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer If the link is establ...

Page 274: ...me network subnet of the switch or you had setup the correct gateway IP address Buttons Click to transmit ICMP packets 4 15 2 IPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Start 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically un...

Page 275: ...bytes Buttons Click to transmit ICMP packets 4 15 3 Remote IP Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on special port After you press Test 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a ti...

Page 276: ...276 Figure 4 15 3 Remote IP Ping Test Page Screenshot The page includes the following fields Object Description Port The logical port for the settings Remote IP Address The destination IP Address ...

Page 277: ...onds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnastic on a 10 or 100 Mbps management port will cause the switch to stop responding until Veri...

Page 278: ...The page includes the following fields Object Description Port The port where you are requesting Cable Diagnostics Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair Buttons Click to run the diagnostics ...

Page 279: ...and line interface CLI is very similar to entering commands on a UNIX system This chapter describes how to use the Command Line Interface CLI Logon to the Console Once the terminal has connected to the device power on the Managed Switch the terminal will display that it is running testing procedures Then the following message asks the login username password The factory default password as followi...

Page 280: ...s or modify a new IP address for the Switch please use the procedures as follow Show the current IP address 1 On Switch prompt enter ip configuration 2 The screen displays the current IP address Subnet Mask and Gateway As show in Figure 5 2 Figure 5 2 Show IP Information Screen Configure IP address 3 On Switch prompt enter the following command and press Enter As show in Figure 5 3 Switch ip setup...

Page 281: ...ar with console command or the related parameter enter help anytime in console to get the help description You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated ac...

Page 282: ...282 5 2 Telnet Login The Managed Switch also supports telnet for remote management The switch asks for user name and password for remote login when using telnet please use admin for username password ...

Page 283: ...y Security management STP Spanning Tree Protocol IGMP Internet Group Management Protocol snooping Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media PoE Power Over Ethernet QoS Quality of Service Mirror Port mirroring Config Load Save of configuration via TFTP Firmware Download of firmware via TFTP UPnP Univer...

Page 284: ...erature 49 5 C 121 1 F System Time 1970 01 01 Thu 00 08 08 0000 System Uptime 00 08 08 Software Version Beta110426 Software Date 2010 06 23 15 43 02 0800 Previous Restart Cool SWITCH System Name Description Set or show the system name Syntax System Name name Parameters name System name or clear to clear System name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No blank or s...

Page 285: ...part of a contact only in CLI Default Setting empty Example To set device contact Switch System contact NS3550 24T 4S Test System Location Description Set or show the system location Syntax System Location location Parameters location System location string Use clear or to clear the string In CLI no blank or space characters are permitted as part of a contact Default Setting empty Example To set d...

Page 286: ...ne offset in minutes 720 to 720 relative to UTC Default Setting 0 Example To set timezone Switch system timezone 0 System Prompt Description Set the CLI prompt string Syntax System Prompt prompt Parameters prompt CLI prompt string Default Setting SWITCH Example To change CLI title Switch system prompt NS3550 24T 4S IGSW 24040T ...

Page 287: ...efault configuration Syntax System Restore Default keep_ip Parameters keep_ip Keep IP configuration default Restore full configuration Example To restore default value but not reset IP address Switch system restore default keep_ip System Load Description Show current CPU load 100ms 1s and 10s running average in percent zero is idle Syntax System Load Example To show current CPU load Switch system ...

Page 288: ... entries all Show all levels default info Show informations warning Show warnings error Show errors clear Clear log Example To show system log Switch system log Number of entries Info 4 Warning 0 Error 0 All 4 ID Level Time Message 1 Info DC1 Power OFF 2 Info AC Power OFF 3 Info Switch just made a cold boot 4 Info 1970 01 01 Thu 00 00 04 0000 Link up on port 15 ...

Page 289: ...68 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 DNS Proxy Disabled IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 230 4fff fe24 4d1 IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router IPv6 VLAN ID 1 IP DHCP Description Set or show the DHCP client mode Syntax IP DHCP enable disable Parameters enable Enable or renew DHCP client disable Disable DHCP cli...

Page 290: ... subnet mask a b c d default Show IP mask ip_router IP router a b c d default Show IP router vid VLAN ID 1 4095 default Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 Example Set IP address SWITCH ip setup 192 168 0 100 255 255 255 0 IP Ping Description Ping IP address ICMP echo Syntax IP Ping ip_addr_string ping_lengt...

Page 291: ...eq 1 time 0ms 60 bytes from 192 168 0 21 icmp_seq 2 time 0ms 60 bytes from 192 168 0 21 icmp_seq 3 time 10ms 60 bytes from 192 168 0 21 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad IP DNS Description Set or show the DNS server address Syntax IP DNS ip_addr Parameters ip_addr IP address a b c d default Show IP address Default Setting 0 0 0 0 Example Set DNS IP address SWITCH ip dns 168 95...

Page 292: ... Set or show the IPv6 AUTOCONFIG mode Syntax IP IPv6 AUTOCONFIG enable disable Parameters enable Enable IPv6 AUTOCONFIG mode disable Disable IPv6 AUTOCONFIG mode Default Setting disable Example Enable IPv6 autoconfig function SWITCH ip ipv6 autoconfig enable IPv6 Setup Description Set or show the IPv6 setup Syntax IP IPv6 Setup ipv6_addr ipv6_prefix ipv6_router vid ...

Page 293: ... syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 vid VLAN ID 1 4095 default Show VLAN ID Default Setting IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 230 4fff fe24 4d1 IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router IPv6 VLAN ID ...

Page 294: ...ms 68 bytes from 2001 2 icmp_seq 3 time 0ms 68 bytes from 2001 2 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad IP NTP Configuration Description Show NTP configuration Syntax IP NTP Configuration Default Setting IP NTP Configuration NTP Mode Disabled Idx Server IP host address a b c d or a host name string 1 pool ntp org 2 europe pool ntp org 3 north america pool ntp org 4 asia pool ntp or...

Page 295: ...P NTP Server Add Description Add NTP server entry Syntax IP NTP Server Add server_index ip_addr_string Parameters server_index The server index 1 5 ip_addr_string IP host address a b c d or a host name string Example To add NTP server SWITCH ip ntp server add 1 60 249 136 151 IP NTP Server IPv6 Add Description Add NTP server IPv6 entry Syntax IP NTP Server Ipv6 Add server_index server_ipv6 ...

Page 296: ...x that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example To add IPv6 NTP server SWITCH ip ntp server ipv6 add 1 2001 7b8 3 2c 123 IP NTP Server Delete Description Delete NTP server entry Syntax IP NTP Server Delete server_index Parameters server_index The...

Page 297: ...User s Manual of NS3550 24T 4S 297 ...

Page 298: ...nfiguration Port State Mode Flow Control MaxFrame Power Excessive Link 1 Enabled Auto Disabled 9600 Enabled Discard Down 2 Enabled Auto Disabled 9600 Enabled Discard Down 3 Enabled Auto Disabled 9600 Enabled Discard Down 4 Enabled Auto Disabled 9600 Enabled Discard Down Port Mode Description Set or show the port speed and duplex mode Syntax Port Mode port_list 10hdx 10fdx 100hdx 100fdx 1000fdx aut...

Page 299: ...port mode 1 10hdx Port Flow Control Description Set or show the port flow control mode Syntax Port Flow Control port_list enable disable Parameters port_list Port list or all default All ports enable Enable flow control disable Disable flow control default Show flow control mode Default Setting Disable Example Enable flow control function for port1 SWITCH port flow control 1 enable Port State Desc...

Page 300: ...t1 SWITCH port state 1 disable Port Maximum Frame Description Set or show the port maximum frame size Syntax Port MaxFrame port_list max_frame Parameters port_list Port list or all default All ports max_frame Port maximum frame size 1518 9600 default Show maximum frame size Default Setting 9600 Example Set 2048 frame size for port1 SWITCH port maxframe 1 2048 Port Power Description Set or show the...

Page 301: ...trol dynamic Enable Dynamic power control Default Setting Enable Example Disable port power function for port1 4 SWITCH port power 1 4 disable Port SFP Description Show SFP port information Syntax Port SFP port_list Parameters port_list Port list or all default All ports Example Show SFP information for port21 24 SWITCH port sfp Port Type Speed Wave Length nm Distance m 21 1000Base LX 1000 Base 13...

Page 302: ...Discard Example SWITCH port excessive 1 restart Port Statistics Description Show port statistics Syntax Port Statistics port_list command up down Parameters port_list Port list or all default All ports command The command parameter takes the following values clear Clear port statistics packets Show packet statistics bytes Show byte statistics errors Show error statistics discards Show discard stat...

Page 303: ...h Show high priority statistics default Show all port statistics up Show ports which are up down Show ports which are down default Show all ports Port VeriPHY Description Run cable diagnostics Syntax Port VeriPHY port_list Parameters port_list Port list or all default All ports ...

Page 304: ...st or all default All ports Example Show Mac address state SWITCH mac configuration MAC Configuration MAC Address 9c f6 1a XX XX XX MAC Age Time 300 Port Learning 1 Auto 2 Auto 3 Auto 4 Auto 5 Auto 6 Auto 7 Auto 8 Auto 9 Auto 10 Auto 11 Auto 12 Auto 13 Auto 14 Auto 15 Auto 16 Auto 17 Auto 18 Auto 19 Auto 20 Auto 21 Auto 22 Auto 23 Auto 24 Auto MAC Add Description ...

Page 305: ...le Add Mac address 9c f6 1a XX XX XX in port1 and vid1 SWITCH mac add 9c f6 1a XX XX XX 1 1 MAC Delete Description Delete MAC address entry Syntax MAC Delete mac_addr vid Parameters mac_addr MAC address xx xx xx xx xx xx vid VLAN ID 1 4095 default 1 Example Delete Mac address 9c f6 1a XX XX XX in vid1 SWITCH mac delete 9c f6 1a XX XX XX 1 MAC Look up Description Look up MAC address entry Syntax MA...

Page 306: ...ption Set or show the MAC address age timer Syntax MAC Agetime age_time Parameters age_time MAC address age time 0 10 1000000 0 disable default Show age time Default Setting 300 Example Set agetime value in 30 SWITCH mac agetime 30 MAC Learning Description Set or show the port learn mode Syntax MAC Learning port_list auto disable secure Parameters port_list Port list or all default All ports ...

Page 307: ...ample Set secure learning mode in port1 SWITCH mac learning 1 secure MAC Dump Description Show sorted list of MAC address entries Syntax MAC Dump mac_max mac_addr vid Parameters mac_max Maximum number of MAC addresses 1 8192 default Show all addresses mac_addr First MAC address xx xx xx xx xx xx default MAC address zero vid First VLAN ID 1 4095 default 1 ...

Page 308: ...e CPU Dynamic 1 40 61 86 04 18 69 10 Static 1 ff ff ff ff ff ff 1 24 CPU MAC Statistics Description Show MAC address table statistics Syntax MAC Statistics port_list Parameters port_list Port list or all default All ports Example Set all of MAC statistics SWITCH mac statistics Port Dynamic Addresses 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 1 11 0 12 0 13 0 14 0 15 0 16 0 17 0 18 0 19 0 20 0 21 0 22 ...

Page 309: ...ion Flush all learned entries Syntax MAC Flush 6 5 VLAN Configuration Command VLAN Configuration Description Show VLAN configuration Syntax VLAN Configuration port_list Parameters port_list Port list or all default All ports Example Show VLAN status of port1 SWITCH vlan configuration 1 VLAN Configuration ...

Page 310: ...IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type 1 1 Disabled All UnTag Disable N A VID Ports 1 1 24 VLAV PVID Description Set or show the port VLAN ID Syntax VLAN PVID port_list vid none ...

Page 311: ...ame Type Description Set or show the port VLAN frame type Syntax VLAN FrameType port_list all tagged Parameters port_list Port list or all default All ports all Allow tagged and untagged frames tagged Allow tagged frames only default Show accepted frame types Default Setting All Example Set port20 to allow tagged frames only SWITCH vlan frametype 20 tagged VLAN Ingress Filter Description Set or sh...

Page 312: ... Show VLAN ingress filtering Default Setting Disable Example Enable VLAN ingress filtering for port20 SWITCH vlan ingressfilter 20 enable VLAN Mode Description Set or show the VLAN Mode Syntax VLAN Mode portbased dot1q Parameters portbased Port Based VLAN Mode dot1q 802 1Q VLAN Mode default Show VLAN Mode Default Setting IEEE 802 1Q Example Set VLAN mode in port base SWITCH vlan mode portbased ...

Page 313: ...e Untagged default Show VLAN link type Default Setting Un tagged Example Enable tagged frame for port2 SWITCH vlan linktype 2 tagged VLAN Q in Q Mode Description Set or show the port Q in Q mode Syntax VLAN Qinqmode port_list disable man customer Parameters port_list Port list or all default All ports disable Disable Q in Q VLAN Mode man Q in Q MAN Port Mode customer Q in Q Customer Port Mode defa...

Page 314: ...t out layer VLAN tag ether type MAN dot1q Set out layer VLAN tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Default Setting N A Example Set out layer VLAN tag Ethernet type for port 10 in man Ethernet type SWITCH vlan ethtype 10 man VLAN Add Description Add or modify VLAN entry Syntax VLAN Add vid port_list Parameters vid VLAN ID 1 4095 port_list Port list or all default All...

Page 315: ...vlan delete 10 VLAN Look up Description Look up VLAN entry Syntax VLAN Look up vid combined static nas mvr voice_vlan all Parameters vid VLAN ID 1 4095 default Show all VLANs combined Shows All the Combined VLAN database static Shows the VLAN entries configured by the administrator nas Shows the VLANs configured by NAS mvr Shows the VLANs configured by MVR voice_vlan Shows the VLANs configured by ...

Page 316: ...tatic static port configuration nas NAS port configuration mvr MVR port configuration voice_vlan Voice VLAN port configuration mstp MSTP port configuration all All VLAN Users configuration default combined VLAN Users configuration Default Setting Promiscous Example Show VLAN configuration of port10 SWITCH status 1 Port VLAN User Aware PVID Frame Type Ing Filter Tx Tag UVID Conflicts 1 Static Enabl...

Page 317: ...User s Manual of NS3550 24T 4S 317 6 6 Private VLAN Configuration Command PVLAN Configuration Description Show Private VLAN configuration Syntax PVLAN Configuration port_list ...

Page 318: ...led 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled 21 Disabled 22 Disabled 23 Disabled 24 Disabled PVLAN ID Ports 1 1 24 PVLAN Add Description Add or modify Private VLAN entry Syntax PVLAN Add pvlan_id port_list Parameters pvlan_id Private VLAN ID port_list Port list or ...

Page 319: ...User s Manual of NS3550 24T 4S 319 Example Add port17 to port24 in PVLAN10 SWITCH pvlan add 10 17 24 PVLAN Delete Description Delete Private VLAN entry Syntax PVLAN Delete pvlan_id ...

Page 320: ...vlan_id Parameters pvlan_id Private VLAN ID Example Look up PVLAN SWITCH lookup PVLAN ID Ports 1 1 24 PVLAN Isolate Description Set or show the port isolation mode Syntax PVLAN Isolate port_list enable disable Parameters port_list Port list or all default All ports enable Enable port isolation disable Disable port isolation default Show port isolation port list ...

Page 321: ...User s Manual of NS3550 24T 4S 321 Default Setting Promiscous Example Enable isolate for port10 SWITCH pvlan isolate 10 enable 6 7 Security Command Security Switch User Configuration Description ...

Page 322: ...ty Switch User Add Description Add or modify users entry Syntax Security Switch Users Add user_name password privilege_level Parameters user_name A string identifying the user name that this entry should belong to password The password for this user name Use clear or as null string privilege_level User privilege level 1 15 Example Add new user username test password test privilege 10 SWITCH securi...

Page 323: ...ivilege Level Configuration Example Show privilege level SWITCH security switch privilege level configuration Privilege Level Configuration Privilege Current Level 15 Group Name Privilege Level CRO CRW SRO SRW Aggregation 5 10 5 10 Debug 15 15 15 15 Diagnostics 5 10 5 10 IGMP_Snooping 5 10 5 10 IP 5 10 5 10 LACP 5 10 5 10 LLDP 5 10 5 10 LLDP MED 5 10 5 10 MAC_Table 5 10 5 10 MVR 5 10 5 10 Maintena...

Page 324: ...o Configuration read only privilege level 1 15 crw Configuration Execute read write privilege level 1 15 sro Status Statistics read only privilege level 1 15 srw Status Statistics read write privilege level 1 15 Example Change privilege level of MVR group SWITCH security switch privilege level group mvr 15 15 15 15 Security Switch Privilege Level Current Description Show the current privilege leve...

Page 325: ...l Disabled Security Switch Auth Method Description Set or show Auth method Syntax Security Switch Auth Method console telnet ssh web none local radius tacacs enable disable Parameters console Settings for console telnet Settings for telnet ssh Settings for ssh web Settings for web none Authentication disabled local Use local authentication radius Use remote RADIUS authentication tacacs Use remote ...

Page 326: ...et radius enable Security Switch SSH Configuration Description Show SSH configuration Syntax Security Switch SSH Configuration Example Show SSH configuration SWITCH security switch ssh configuration SSH Configuration SSH Mode Disabled Security Switch SSH Mode Description Set or show the SSH mode Syntax Security Switch SSH Mode enable disable Parameters enable Enable SSH disable Disable SSH default...

Page 327: ...figuration Syntax Security Switch HTTPS Configuration Default Setting disable Example Show HTTPs configuration SWITCH security switch https configuration HTTPS Configuration HTTPS Mode Disabled HTTPS Redirect Mode Disabled Security Switch HTTPs Mode Description Set or show the HTTPS mode Syntax Security Switch HTTPS Mode enable disable Parameters enable Enable HTTPs disable Disable HTTPs ...

Page 328: ... to HTTPS during HTTPS mode enabled Syntax Security Switch HTTPS Redirect enable disable Parameters enable Enable HTTPs redirect disable Disable HTTPs redirect default Show HTTPs redirect mode Default Setting disable Example Enable HTTPs redirect function SWITCH security switch https redirect enable Security Switch Access Configuration Description Show access management configuration Syntax Securi...

Page 329: ...w the access management mode Syntax Security Switch Access Mode enable disable Parameters enable Enable access management disable Disable access management default Show access management mode Default Setting disable Example Enable access management function SWITCH security switch access mode enable Security Switch Access Add Description Add access management entry Syntax Security Switch Access Add...

Page 330: ... fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 end_ipv6_addr End IPv6 address IPv6 address is in 128 bit records r...

Page 331: ...Switch Access Delete access_id Parameters access_id entry index 1 16 Example Delete access management ID 1 SWITCH security switch access delete 1 Security Switch Access Look up Description Look up access management entry Syntax Security Switch Access Look up access_id Parameters access_id entry index 1 16 Example Look up access management entry SWITCH security switch access lookup 1 Security Switc...

Page 332: ...ar access management statistics Default Setting disable Example Show access management statistics SWITCH security switch access statistics Access Management Statistics HTTP Receive 79 Allow 7 Discard 72 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Receive 0 Allow 0 Discard 0 Security Switch SNMP Configuration Description Show SNMP config...

Page 333: ...f000001 SNMPv3 Communities Table Idx Community Source IP Source Mask 1 public 0 0 0 0 0 0 0 0 2 private 0 0 0 0 0 0 0 0 Number of entries 2 SNMPv3 Users Table Idx Engine ID User Name Level Auth Priv 1 Local default_user NoAuth NoPriv None None Number of entries 1 SNMPv3 Groups Table Idx Model Security Name Group Name 1 v1 public default_ro_group 2 v1 private default_rw_group 3 v2c public default_r...

Page 334: ...fault Show SNMP mode Default Setting enable Example Disable SNMP mode SWITCH security switch snmp mode disable Security Switch SNMP Version Description Set or show the SNMP protocol version Syntax Security Switch SNMP Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP version Default Setting 2c Example Set SNMP in version 3 ...

Page 335: ... of NS3550 24T 4S 335 SWITCH security switch snmp version 3 Security Switch SNMP Read Community Description Set or show the community string for SNMP read access Syntax Security Switch SNMP Read Community community ...

Page 336: ...ption Set or show the community string for SNMP write access Syntax Security Switch SNMP Write Community community Parameters community Community string Use clear or to clear the string default Show SNMP write community Default Setting private Example Set public value in SNMP write community SWITCH security switch snmp write community public Security Switch SNMP Trap Mode Description Set or show t...

Page 337: ...urity Switch SNMP Trap Version Description Set or show the SNMP trap protocol version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP trap version in version 2c SWITCH security switch snmp trap version 2c Security Switch SNMP Trap Community Description Set or show the c...

Page 338: ...tch SNMP Trap Destination Description Set or Show the SNMP trap destination address Syntax Security Switch SNMP Trap Destination ip_addr_string Parameters ip_addr_string IP host address a b c d or a host name string Example Set SNMP trap destination address for 192 168 0 20 SWITCH security switch snmp trap destination 192 168 0 20 Security Switch SNMP Trap IPv6 Destination Description Set or Show ...

Page 339: ... 1 2 34 Example Set SNMP trap IPv6 destination address for 2001 0001 SWITCH security switch snmp trap ipv6 destination 2001 0001 Security Switch SNMP Trap Authentication Failure Description Set or show the SNMP authentication failure trap mode Syntax Security Switch SNMP Trap Authentication Failure enable disable Parameters enable Enable SNMP trap authentication failure disable Disable SNMP trap a...

Page 340: ...le Disable SNMP trap link up SWITCH security switch snmp trap link up disable Security Switch SNMP Trap Inform Mode Description Set or show the SNMP trap inform mode Syntax Security Switch SNMP Trap Inform Mode enable disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting enable Example Disable SNMP trap inform mode SWITCH s...

Page 341: ...tting 1 Example Set SNMP trap inform timeout in 20sec SWITCH security switch snmp trap inform timeout 20 Security Switch SNMP Trap Inform Retry Times Description Set to or show up the SNMP trap information retry times Syntax Security Switch SNMP Trap Inform Retry Times retries Parameters retries SNMP trap inform retransmited times 0 255 default Show SNMP trap inform retry times Default Setting 5 E...

Page 342: ... probe mode Default Setting enable Example Disable SNMP trap probe security engine ID SWITCH security switch snmp trap probe security engine id disable Security Switch SNMP Trap Security Engine ID Description Set or show SNMP trap security engine ID Syntax Security Switch SNMP Trap Security Engine ID engineid Parameters engineid Engine ID the format may not be all zeros or all ff H and is restrict...

Page 343: ...he SNMP trap security name SWITCH security switch snmp trap security name 12345678 Security Switch SNMP Engine ID Description Set or show SNMPv3 local engine ID Syntax Security Switch SNMP Engine ID engineid Parameters engineid Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string Default Setting 800007e5017f000001 Example Set 800007e5017f000002 for SNMPv3 lo...

Page 344: ...le Add SNMPv3 community entry SWITCH security switch snmp community add public 192 168 0 20 255 255 255 0 Security Switch SNMP Community Delete Description Delete SNMPv3 community entry Syntax Security Switch SNMP Community Delete index Parameters index entry index 1 64 Example Delete SNMPv3 community entry SWITCH security switch snmp community delete 3 Security Switch SNMP Community Look up Descr...

Page 345: ...at may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to md5 An optional flag to indicate that this user using MD5 authentication protocol sha An optional flag to indicate that this user using SHA authentication protocol auth_password A string identifying the authentication pass phrase des An optional f...

Page 346: ...format may not be all zeros or all ff H and is restricted to 5 32 octet string user_name A string identifying the user name that this entry should belong to auth_password A string identifying the authentication pass phrase priv_password A string identifying the privacy pass phrase Example Delete SNMPv3 user entry SWITCH security switch snmp user changekey 800007e5017f000003 admin_snmpv3 87654321 1...

Page 347: ...oup Add security_model security_name group_name Parameters security_model v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM security_name A string identifying the security name that this entry should belong to group_name A string identifying the group name that this entry should belong to Example Add SNMPv3 group entry SWITCH security switch snmp group add usm admin...

Page 348: ... 4 v2c private default_rw_group 5 usm default_user default_rw_group Number of entries 4 Security Switch SNMP View Add Description Add or modify SNMPv3 view entry The entry index key are view_name and oid_subtree Syntax Security Switch SNMP View Add view_name included excluded oid_subtree Parameters view_name A string identifying the view name that this entry should belong to included An optional f...

Page 349: ...Parameters index entry index 1 64 Example Delete SNMPv3 view entry SWITCH security switch snmp view delete 3 Security Switch SNMP View Look up Description Look up SNMPv3 view entry Syntax Security Switch SNMP View Look up index Parameters index entry index 1 64 Example Look up SNMPv3 view entry SWITCH security switch snmp view lookup Idx View Name View Type OID Subtree 1 default_view included 1 2 ...

Page 350: ...ecurity Model USM security_level noAuthNoPriv None authentication and none privacy AuthNoPriv Authentication and none privacy AuthPriv Authentication and privacy read_view_name The name of the MIB view defining the MIB objects for which this request may request the current values write_view_name The name of the MIB view defining the MIB objects for which this request may potentially SET new values...

Page 351: ...x Parameters index entry index 1 64 Example Look up SNMPv3 access entry SWITCH security switch snmp access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of entries 2 Security Network Psec Switch Description Show Port Security status Syntax Security Network Psec Switch port_list Parameters port_list Port list or all default All po...

Page 352: ...10 No users 0 11 No users 0 12 No users 0 13 No users 0 14 No users 0 15 No users 0 16 No users 0 17 No users 0 18 No users 0 19 No users 0 20 No users 0 21 No users 0 22 No users 0 23 No users 0 24 No users 0 Security Network Psec Port Description Show MAC Addresses learned by Port Security Syntax Security Network Psec Port port_list Parameters port_list Port list or all default All ports Example...

Page 353: ...n Port Security Limit Control Configuration Mode Disabled Aging Disabled Age Period 3600 Port Mode Limit Action 1 Disabled 4 None 2 Disabled 4 None 3 Disabled 4 None 4 Disabled 4 None 5 Disabled 4 None 6 Disabled 4 None 7 Disabled 4 None 8 Disabled 4 None 9 Disabled 4 None 10 Disabled 4 None 11 Disabled 4 None 12 Disabled 4 None 13 Disabled 4 None 14 Disabled 4 None 15 Disabled 4 None 16 Disabled ...

Page 354: ... Parameters enable Globally enable port security disable Globally disable port security default Show current global enabledness of port security limit control Default Setting disable Example Enable the limit mode SWITCH security network limit mode enable Security Network Limit Aging Description Set or show aging enabledness ...

Page 355: ...ing enable Security Network Limit Agetime Description Time in second between check for activity on learned MAC addresses Syntax Security Network Limit Agetime age_time Parameters age_time Time in seconds between checks for activity on a MAC address 10 10000000 seconds default Show current age time Default Setting 3600 Example Set age time in 100sec SWITCH security network limit agetime 100 Securit...

Page 356: ...ting disable Example Enable port limit for port 1 SWITCH security network limit port 1 enable Security Network Limit Limit Description Set or show the max number of MAC addresses that can be learned on this set of ports Syntax Security Network Limit Limit port_list limit Parameters port_list Port list or all default All ports limit Max number of MAC addresses on this port default Show current limi...

Page 357: ...ceeds the limit none Don t do anything trap Send an SNMP trap shut Shutdown the port trap_shut Send an SNMP trap and shutdown the port default Show current action Default Setting none Example Set trap mode for limit action for port 1 SWITCH security network limit action 1 trap Security Network Limit Reopen Description Reopen one or more ports whose limit is exceeded and shut down Syntax Security N...

Page 358: ...h Period 3600 EAPOL Timeout 30 Age Period 300 Hold Time 10 RADIUS QoS Disabled RADIUS VLAN Disabled Guest VLAN Disabled Guest VLAN ID 1 Max Reauth Count 2 Allow Guest VLAN if EAPOL Frame Seen Disabled Port Admin State Port State Last Source Last ID 1 Force Authorized Globally Disabled Security Network NAS Mode Description Set or show the global NAS enabledness Syntax Security Network NAS Mode enab...

Page 359: ...t list or all default All ports auto Port based 802 1X Authentication authorized Port access is allowed unauthorized Port access is not allowed single Single Host 802 1X Authentication multi Multiple Host 802 1X Authentication macbased Switch authenticates on behalf of the client default Show 802 1X state Default Setting none Example Show the port 1 security state SWITCH security network nas state...

Page 360: ...e reauthentication function SWITCH security network nas reauthentication enable Security Network NAS ReauthPeriod Description Set or show the period between reauthentications Syntax Security Network NAS ReauthPeriod reauth_period Parameters reauth_period Period between reauthentications 1 3600 seconds default Show current reauthentication period Default Setting 3600 Example Set reauthentication pe...

Page 361: ...lt Setting 30 Example Set the time between EAPOL retransmissions for 100sec SWITCH security network nas eapoltimeout 100 Security Network NAS Agetime Description Time in seconds between check for activity on successfully authenticated MAC addresses Syntax Security Network NAS Agetime age_time Parameters age_time Time between checks for activitiy on a MAC address that succeeded autentication defaul...

Page 362: ...rk NAS RADIUS_QoS Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned QoS Syntax Security Network NAS RADIUS_QoS global port_list enable disable Parameters global Select the global RADIUS assigned QoS setting port_list Select the per port RADIUS assigned QoS setting default Show current per port RADIUS assigned QoS enabledness enable ...

Page 363: ...able Enable RADIUS assigned VLAN either globally or on one or more ports disable Disable RADIUS assigned VLAN either globally or on one or more ports default Show current RADIUS assigned VLAN enabledness Default Setting disable Example Enable NAS RADIUS VLAN SWITCH security network nas radius_vlan enable Security Network NAS Guest_VLAN Description Set or show either global enabledness and paramete...

Page 364: ...lt Show current Maximum Reauth Count value allow_if_eapol_seen The value can only be set if you use the global keyword in the beginning of the command disable The Guest VLAN can only be entered if no EAPOL frames have been received on a port for the lifetime of the port enable The Guest VLAN can be entered even if an EAPOL frame has been received during the lifetime of the port default Show curren...

Page 365: ...xample Show 802 1X statistics in port 1 SWITCH security network nas statistics 1 Port 1 EAPOL Statistics Rx Total 0 Tx Total 0 Rx Response Id 0 Tx Request Id 0 Rx Response 0 Tx Request 0 Rx Start 0 Rx Logoff 0 Rx Invalid Type 0 Rx Invalid Length 0 Port 1 Backend Server Statistics Rx Access Challenges 0 Tx Responses 0 Rx Other Requests 0 Rx Auth Successes 0 Rx Auth Failures 0 Security Network ACL C...

Page 366: ...sabled Disabled Disabled Disabled 0 12 1 Permit Disabled Disabled Disabled Disabled 0 13 1 Permit Disabled Disabled Disabled Disabled 0 14 1 Permit Disabled Disabled Disabled Disabled 0 15 1 Permit Disabled Disabled Disabled Disabled 0 16 1 Permit Disabled Disabled Disabled Disabled 0 17 1 Permit Disabled Disabled Disabled Disabled 0 18 1 Permit Disabled Disabled Disabled Disabled 746 19 1 Permit ...

Page 367: ...ng System logging of frames log log_disable shutdown Shut down ingress port shut shut_disable Default Setting 300 Example Show ACL action in port 1 SWITCH security network acl action 1 Port Action Rate Limiter Port Copy Logging Shutdown Counter 1 Permit Disabled Disabled Disabled Disabled 0 Security Network ACL Policy Description Set or show the ACL port policy Syntax Security Network ACL Policy p...

Page 368: ...ready exists the ACE will be modified Otherwise a new ACE will be added If the ACE ID is not specified the next available ACE ID will be used If the next ACE ID parameter ace_id_next is specified the ACE will be placed before this ACE in the list If the next ACE ID is not specified the ACE will be placed last in the list If the Switch keyword is used the rule applies to all ports If the Port keywo...

Page 369: ...xx xx xx or any dmac Destination MAC address xx xx xx xx xx xx or any arp ARP keyword sip Source IP address a b c d n or any dip Destination IP address a b c d n or any arp_opcode ARP operation code any arp rarp other arp_flags ARP flags request smac tmac len ip ether 0 1 any ip IP keyword protocol IP protocol number 0 255 or any ip_flags IP flags ttl options fragment 0 1 any icmp ICMP keyword icm...

Page 370: ...arameters ace_id ACE ID 1 128 Example Delete ACE 1 SWITCH security network acl delete 1 Security Network ACL Look up Description Show ACE default All ACEs Syntax Security Network ACL Look up ace_id Parameters ace_id ACE ID 1 128 Example Look up ACE 1 SWITCH security network acl lookup 1 Security Network ACL Clear Description Clear all ACL counters ...

Page 371: ...ined Shows the combined status static Shows the static user configured status dhcp Shows the status by DHCP upnp Shows the status by UPnP arp_inspection Shows the status by ARP Inspection ip_source_guard Shows the status by IP Source Guard conflicts Shows all conflict status default Shows the combined status Example Show ACL status SWITCH security network acl status Security Network DHCP Relay Con...

Page 372: ...ameters enable Enable DHCP relaly mode When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for security considered disable Disable DHCP relaly mode default Show flow DHCP relaly mode Default Setting disable Example Enable DHCP relay mode SWITCH...

Page 373: ...tion 82 into a DHCP message when forwarding to DHCP server and remote it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Syntax Security Network DHCP Relay Information Mode enable disable Parameters enable Enable DHCP relay agent information option mode disable Disable DHCP relay agent information option mode default Show DHCP relay agent ...

Page 374: ...ready contains it drop Drop the package when receive a DHCP message that already contains relay information default Show DHCP relay information policy Default Setting replace Example Keep the original relay information when receive a DHCP message that already contains it SWITCH security network dhcp relay information policy keep Security Network DHCP Relay Statistics Description Show or clear DHCP...

Page 375: ...sted 7 trusted 8 trusted 9 trusted 10 trusted 11 trusted 12 trusted 13 trusted 14 trusted 15 trusted 16 trusted 17 trusted 18 trusted 19 trusted 20 trusted 21 trusted 22 trusted 23 trusted 24 trusted Security Network DHCP Snooping Mode Description Set or show the DHCP snooping mode Syntax Security Network DHCP Snooping Mode enable disable Parameters enable Enable DHCP snooping mode When enable DHC...

Page 376: ...Port Mode port_list trusted untrusted Parameters port_list Port list or all default All ports trusted Configures the port as trusted sources of the DHCP message untrusted Configures the port as untrusted sources of the DHCP message default Show flow DHCP snooping port mode Default Setting trusted Example Set untrusted DHCP snooping port mode in port 1 SWITCH security network dhcp snooping port mod...

Page 377: ...ase Query 0 Tx Lease Query 0 Rx Lease Unassigned 0 Tx Lease Unassigned 0 Rx Lease Unknown 0 Tx Lease Unknown 0 Rx Lease Active 0 Tx Lease Active 0 Security Network IP Source Guard Configuration Description Show IP source guard configuration Syntax Security Network IP Source Guard Configuration Example Show IP source guard configuration SWITCH security network ip source guard configuration IP Sourc...

Page 378: ...unlimited IP Source Guard Entry Table Type Port VLAN IP Address IP Mask Security Network IP Source Guard Mode Description Set or show IP source guard mode Syntax Security Network IP Source Guard Mode enable disable Parameters enable Enable IP Source Guard disable Disable IP Source Guard Default Setting disable Example Enable IP source guard mode SWITCH security network ip source guard mode enable ...

Page 379: ... 4 SWITCH security network ip source guard port mode 1 4 enable Security Network IP Source Guard Limit Description Set or show the IP Source Guard port limitation for dynamic entries Syntax Security Network IP Source Guard limit port_list dynamic_entry_limit unlimited Parameters port_list Port list or all default All ports dynamic_entry_limit unlimited dynamic entry limit 0 2 or unlimited Default ...

Page 380: ...t ip_mask IP mask a b c d IP mask for allowed IP address Example Add IP source guard static entry SWITCH security network ip source guard entry 1 add 1 192 168 0 20 255 255 255 0 Security Network IP Source Guard Status Description Show IP source guard static and dynamic entries Syntax Security Network IP Source Guard Status port_list Parameters port_list Port list or all default All ports Example ...

Page 381: ...Network ARP Inspection Mode enable disable Parameters enable Enable ARP Inspection disable Disable ARP Inspection Default Setting disable Example Enable ARP inspection mode SWITCH security network arp inspection mode enable Security Network ARP Inspection Port Mode Description Set or show the ARP Inspection port mode Syntax Security Network ARP Inspection Port Mode port_list enable disable Paramet...

Page 382: ...owed_ip Parameters port_list Port list or all default All ports add Add new port ARP inspection static entry delete Delete existing port ARP inspection static entry vid VLAN ID 1 4095 allowed_mac MAC address xx xx xx xx xx xx MAC address allowed for doing ARP request allowed_ip IP address a b c d IP address allowed for doing ARP request Default Setting 300 Example Add ARP inspection static entry S...

Page 383: ...Security AAA Configuration Example Show Auth configuration SWITCH security aaa configuration AAA Configuration Server Timeout 15 seconds Server Dead Time 300 seconds RADIUS Authentication Server Configuration Server Mode IP Address Secret Port 1 Disabled 1812 2 Disabled 1812 3 Disabled 1812 4 Disabled 1812 5 Disabled 1812 RADIUS Accounting Server Configuration Server Mode IP Address Secret Port 1 ...

Page 384: ...er response timeout 3 3600 seconds default Show server timeout configuration Default Setting 15 Example Set 30sec for server timeout SWITCH security aaa timeout 30 Security AAA Deadtime Description Set or show server dead time Syntax Security AAA Deadtime dead_time Parameters dead_time Time that a server is considered dead if it doesn t answer a request 0 3600 seconds default Show server dead time...

Page 385: ...tion server disable Disable RADIUS authentication server default Show RADIUS server mode ip_addr_string IP host address a b c d or a host name string secret Secret shared with external authentication server Set to empty secret please use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed server_port Server UDP port Use 0 to use the default RADIUS port 1812 E...

Page 386: ...ample Set RADIUS accounting server configuration SWITCH security acct_radius 1 enable 192 168 0 20 12345678 1813 Security AAA TACACS Description Set or show TACACS authentication server setup Syntax Security AAA TACACS server_index enable disable ip_addr_string secret server_port Parameters The server index 1 5 default Show TACACS authentication server configuration enable Enable TACACS authentica...

Page 387: ...cation server configuration SWITCH security aaa tacacs 1 enable 192 168 0 20 12345678 49 Security AAA Statistics Description Show RADIUS statistics Syntax Security AAA Statistics server_index Parameters The server index 1 5 default Show statistics for all servers ...

Page 388: ...388 Example Show RADIUS statistics SWITCH security aaa statistics ...

Page 389: ... STP Configuration Example Show STP configuration SWITCH stp cofiguration STP Configuration Protocol Version MSTP Max Age 20 Forward Delay 15 Tx Hold Count 6 Max Hop Count 20 STP Version Description Set or show the STP Bridge protocol version Syntax STP Version stp_version Parameters stp_version mstp rstp stp Default Setting MSTP ...

Page 390: ...t Hold Count parameter Syntax STP Txhold holdcount Parameters holdcount STP Transmit Hold Count 1 10 Default Setting 6 Example Set STP Tx hold in 10 SWITCH stp txhold 10 STP MaxHops Description Set or show the MSTP Bridge Max Hop Count parameter Syntax STP MaxHops maxhops Parameters maxhops STP BPDU MaxHops 6 40 Default Setting 20 ...

Page 391: ...STP MaxAge max_age Parameters max_age STP maximum age time 6 40 and max_age forward_delay 1 2 Default Setting 20 Example Set STP maximum age time in 10 SWITCH stp maxage 10 STP FwdDelay Description Set or show the CIST MSTI bridge forward delay Syntax STP FwdDelay delay Parameters delay MSTP forward delay 4 30 and max_age forward_delay 1 2 Default Setting 15 Example ...

Page 392: ...p to 32 characters length Use quotes to embed spaces in name integer Integer value Default Setting Configuration name MAC address Configuration rev 0 Example Set MSTP configuration name and revision SWITCH stp cname 9f_IGSW 24040T 1 STP BPDU Filter Description Set or show edge port BPDU Filtering Syntax STP bpduFilter enable disable Parameters enable disable enable or disable BPDU Filtering for Ed...

Page 393: ...arameters enable disable enable or disable BPDU Guard for Edge ports Default Setting Disable Example Set edge port BPDU guard SWITCH stp bpduguard enable STP Recovery Description Set or show edge port error recovery timeout Syntax STP recovery timeout Parameters timeout Time before error disabled ports are reenabled 30 86400 seconds 0 disables default Show recovery timeout Default Setting Disable ...

Page 394: ...le Show up STP Bridge status SWITCH stp status CIST Bridge STP Status Bridge ID 80 00 00 30 4F 24 04 D1 Root ID 80 00 00 30 4F 24 04 D1 Root Port Root PathCost 0 Regional Root 80 00 00 30 4F 24 04 D1 Int PathCost 0 Max Hops 20 TC Flag Steady TC Count 0 TC Last Port Port Role State Pri PathCost Edge P2P Uptime 14 DesignatedPort Forwarding 128 20000 Yes Yes 0d 00 10 32 STP MSTI Priority Description ...

Page 395: ...MST2 128 MST3 128 MST4 128 MST5 128 MST6 128 MST7 128 Example Set MST1 priority value in 48 SWITCH stp msti priority 1 48 STP MSTI Map Description Show up or clear MSTP MSTI VLAN mapping configuration Syntax STP Msti Map msti clear Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 Clear Clear VID to MSTI mapping Example Add MST1 priority value in 48 SWITCH stp msti priority 1 48 ...

Page 396: ...figuration Description Show up STP Port configuration Syntax STP Port Configuration port_list Parameters port_list Port list or all Port zero means aggregations Example Show STP status of Port1 SWITCH stp port configuration 1 Port Mode AdminEdge AutoEdge restrRole restrTcn bpduGuard Point2point 1 Enabled Enabled Enabled Disabled Disabled Disabled Auto STP Port Mode Description Set or show the STP ...

Page 397: ...ble Example Disable STP function on port1 SWITCH stp port mode 1 disable STP Port Edge Description Set or show the STP adminEdge port parameter Syntax STP Port Edge port_list enable disable Parameters port_list Port list or all default All ports Enable Configure MSTP adminEdge to Edge Disable Configure MSTP adminEdge to Non edge Default Enable Example Disable STP edge function on port1 SWITCH stp ...

Page 398: ...dge Disable Disable MSTP autoEdge Default enable Example Disable STP edge function on port1 SWITCH stp port autoedge 1 disable STP Port P2P Description Set or show the STP point2point port parameter Syntax STP Port P2P port_list enable disable auto Parameters port_list Port list or all default All ports enable Enable MSTP point2point disable Disable MSTP point2point auto Automatic MSTP point2point...

Page 399: ...list enable disable Parameters port_list Port list or all default All ports enable Enable MSTP restricted role disable Disable MSTP restricted role Default disable Example Eisable STP restricted role on port1 SWITCH stp port restrictedrole 1 enable STP Port RestrictedTcn Description Set or show the MSTP restrictedTcn port parameter Syntax STP Port RestrictedTcn port_list enable disable Parameters ...

Page 400: ...ription Set or show the bpduGuard port parameter Syntax STP Port bpduGuard port_list enable disable Parameters port_list Port list or all default All ports enable Enable port BPDU Guard disable Disable port BPDU Guard Default disable Example Eisable BPDU guard on port1 SWITCH stp port bpduguard 1 enable STP Port Statistic Description Show STP port statistics Syntax STP Port Statistics port_list ...

Page 401: ...on Set the STP mCheck Migration Check variable for ports Syntax STP Port Mcheck port_list Parameters port_list Port list or all default All ports Example Set the STP mCheck Migration Check variable for port 1 SWITCH stp port mcheck 1 STP MSTI Port Configuration Description Show the STP CIST MSTI port configuration Syntax STP Msti Port Configuration msti port_list Parameters msti STP bridge instanc...

Page 402: ...the STP CIST MSTI port path cost Syntax STP Msti Port Cost msti port_list path_cost Parameters msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port zero means aggregations path_cost STP port path cost 1 200000000 or auto Default auto Example Set MSTI7 in port1 SWITCH stp msti port cost 7 1 MSTI Port Path Cost MST7 1 Auto STP MSTI Port Priority Description Set or show the ...

Page 403: ...rs msti STP bridge instance no 0 7 CIST 0 MSTI1 1 port_list Port list or all Port zero means aggregations priority STP port priority 0 16 32 48 224 240 Default 128 6 9 Multicast Configuration Command IGMP Configuration Description Show IGMP snooping configuration Syntax IGMP Configuration port_list ...

Page 404: ...r show the IGMP snooping mode Syntax IGMP Mode enable disable Parameters enable Enable IGMP snooping disable Disable IGMP snooping default Show IGMP snooping mode Default Setting Disabled Example Enable IGMP mode SWITCH igmp mode enable IGMP Leave Proxy Description Set or show the mode of IGMP Leave Proxy Syntax IGMP Leave Proxy enable disable Parameters ...

Page 405: ...oxy enable IGMP State Description Set or show the IGMP snooping state for VLAN Syntax IGMP State vid enable disable Parameters vid VLAN ID 1 4095 default Show all VLANs enable Enable IGMP snooping disable Disable IGMP snooping default Show IGMP snooping mode Default Setting enable Example Disable VID 1 SWITCH igmp state 1 disable IGMP Querier Description Set or show the IGMP snooping querier mode ...

Page 406: ...ng querier mode for VLAN SWITCH igmp querier 1 enable IGMP Fastleave Description Set or show the IGMP snooping fast leave port mode Syntax IGMP Fastleave port_list enable disable Parameters port_list Port list or all default All ports enable Enable IGMP fast leave disable Disable IGMP fast leave default Show IGMP fast leave mode Default Setting disable Example Enable the IGMP snooping fast leave p...

Page 407: ...r Parameters port_list Port list or all default All ports 0 No limit 1 10 Group learn limit default Show IGMP Port Throttling Default Setting unlimited Example Set the IGMP port throttling status for port 1 SWITCH igmp throttling 1 10 IGMP Filtering Description Set or show the IGMP port group filtering list Syntax IGMP Filtering port_list add del group_addr ...

Page 408: ...Set the IGMP port group filtering list for port 1 SWITCH igmp filtering 1 add 239 0 0 1 IGMP Router Description Set or show the IGMP snooping router port mode Syntax IGMP Router port_list enable disable Parameters port_list Port list or all default All ports enable Enable IGMP router port disable Disable IGMP router port default Show IGMP router port mode Default Setting disable Example Enable IGM...

Page 409: ...sable Parameters enable Enable IGMP flooding disable Disable IGMP flooding default Show IGMP flood mode Default Setting disable Example Enable IGMP flooding function SWITCH igmp flooding enable IGMP Groups Description Show IGMP groups Syntax IGMP Groups vid Parameters vid VLAN ID 1 4095 IGMP Status Description Show IGMP status Syntax IGMP Status vid ...

Page 410: ...410 Parameters vid VLAN ID 1 4095 Default Setting disable ...

Page 411: ...e SWITCH aggr configuration Aggregation Mode SMAC Enabled DMAC Disabled IP Enabled Port Enabled Aggregation Add Description Add or modify link aggregation Syntax Aggr Add port_list aggr_id Parameters port_list Port list aggr_id Aggregation ID global 1 2 local 3 14 Default Setting disable Example Add port 1 4 in Group1 SWITCH aggr add 1 4 1 Aggregation Delete Description ...

Page 412: ...l 1 2 local 3 14 Example Delete Group2 SWITCH aggr delete 2 Aggregation Look up Description Look up link aggregation Syntax Aggr Look up aggr_id Parameters aggr_id Aggregation ID global 1 2 local 3 14 Example Show aggregation status SWITCH aggr lookup 1 Aggr ID Name Type Ports 1 GLAG1 Static 1 4 ...

Page 413: ...e disable Parameters smac Source MAC address dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribution Default Setting SMAC Enabled DMAC Disabled IP Enabled Port Enabled Example Disable SMAC mode SWITCH Aggr mode smac disable ...

Page 414: ... Disabled Auto Active 5 Disabled Auto Active 6 Disabled Auto Active 7 Disabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active 11 Disabled Auto Active 12 Disabled Auto Active 13 Disabled Auto Active 14 Disabled Auto Active 15 Disabled Auto Active 16 Disabled Auto Active 17 Disabled Auto Active 18 Disabled Auto Active 19 Disabled Auto Active 20 Disabled Auto Active...

Page 415: ...CP protocol default Show LACP mode Default Setting disable Example Enable LACP for port1 4 SWITCH lacp mode 1 4 enable LACP Key Description Set or show the LACP key Syntax LACP Key port_list key Parameters port_list Port list or all default All ports key LACP key 1 65535 or auto Default Setting auto Example Set key1 for port1 4 SWITCH lacp key 1 4 1 LACP Role Description ...

Page 416: ...efault Show LACP role Default Setting active Example Set passive for port1 4 SWITCH lacp role 1 4 passive LACP Status Description Show LACP Status Syntax LACP Status port_list Parameters port_list Port list or all default All ports Example Show LACP status of port1 4 SWITCH lacp status 1 4 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 1 2 Disabled 1 3 Disabled 1 4 Disabled 1 ...

Page 417: ...tics Syntax LACP Statistics port_list clear Parameters port_list Port list or all default All ports clear Clear LACP statistics Example Show LACP statistics of port1 4 SWITCH lacp statistics 1 4 Port Rx Frames Tx Frames Rx Unknown Rx Illegal 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 ...

Page 418: ...r System Capa Mgmt Addr CDP awareness 1 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 2 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 3 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 4 Enabled Enabled Enabled Enabled Enabled Enabled Disabled LLDP Mode Description Set or show LLDP mode Syntax LLDP Mode port_list enable disable rx tx Parameters port_list Port list or ...

Page 419: ...t_list Port list or all default All ports port_descr Description of the port sysm_name System name sys_descr Description of the system sys_capa System capabilities mgmt_addr Master s IP address default Show optional TLV s configuration enable Enables TLV disable Disable TLV default Show optional TLV s configuration Default Setting Description of the port Enable System name Enable Description of th...

Page 420: ...nterval Parameters interval LLDP transmission interval 5 32768 Default Setting 30 Example Set transmission interval in 10 SWITCH lldp interval 10 LLDP Hold Description Set or show LLDP Tx hold value Syntax LLDP Hold hold Parameters hold LLDP hold value 2 10 Default Setting 3 Example Set LLDP hold value in 10 SWITCH lldp hold 10 ...

Page 421: ...y Syntax LLDP Delay delay Parameters delay LLDP transmission delay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 SWITCH lldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syntax LLDP Reinit reinit Parameters reinit LLDP reinit delay 1 10 Default Setting 2 ...

Page 422: ...cs of port 1 SWITCH lldp statistics 1 LLDP global counters Neighbor entries was last changed at 323592 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP local counters Rx Tx Rx Rx Rx TLV Rx TLV Rx TLV Port Frames Frames Errors Discards Errors Unknown Organz Aged 1 0 0 0 0 0 0 0 0 LLDP Info Description...

Page 423: ...LLDP cdp_aware port_list enable disable Parameters port_list Port list or all default All ports enable Enable CDP awareness CDP discovery information is added to the LLDP neighbor table disable Disable CDP awareness default Show CDP awareness configuration Default Setting disable Example Enable CDP aware finction for port1 4 SWITCH lldp cdp_aware 1 4 enable 6 13 LLDPMED Command LLDPMED Configurati...

Page 424: ... LLDP MED Civic Address Location Syntax LLDPMED Civic country state county city district block street leading_street_direction trailing_street_suffix str_suf house_no house_no_s uffix landmark additional_info name zip_code building apartment floor room_number place_type postal_com_name p_o_ box additional_code civic_value Parameters country Country state National subdivisions state caton region pr...

Page 425: ...artment suite floor Floor room_number Room number place_type Placetype postal_com_name Postal community name p_o_box Post office box P O Box additional_code Addtional code default Show Civic Address Location configuration civic_value lldpmed The value for the Civic Address Location entry LLDPMED ECS Description Set or show LLDP MED Emergency Call Service Syntax LLDPMED ecs ecs_value Parameters ecs...

Page 426: ...nd other similar appliances supporting interactive voice services guest_voice_signaling Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media softphone_voice Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently...

Page 427: ...Description Set or show LLDP MED port polcies Syntax LLDPMED port policies port_list policy_list Parameters port_list Port list or all default All ports policy_list List of policies to delete LLDPMED Coordinates Description Set or show LLDP MED Location Syntax LLDPMED Coordinates latitude longitude altitude north south west east meters floor coordinate_value Parameters latitude Latitude 0 to 90 de...

Page 428: ...t or show LLDP MED Coordinates map datum Syntax LLDPMED Datum wgs84 nad83_navd88 nad83_mllw Parameters wgs84 nad83_navd88 nad83_mllw wgs84 WGS84 nad83_navd88 NAD83_NAVD88 nad83_mllw NAD83_MLLW lldpmed Coordinate datum LLDPMED Fast Description Set or show LLDP MED Fast Start Repeat Count Syntax LLDPMED Fast count Parameters count The number of times the fast start LLDPDU are being sent during the a...

Page 429: ...t_var Description Set or show if the current value of the global medTansmitEnable variable Section Section 11 2 1 TIA 1057 Syntax LLDPMED debug_med_transmit_var port_list enable disable Parameters port_list Port list or all default All ports enable Enable Set medTansmitEnable variable to true disable Disable Set medTansmitEnable variable to false default Show medTansmitEnable variable value ...

Page 430: ...uration 1 4 QoS Configuration Traffic Classes 4 Storm Multicast Disabled 1 pps Storm Broadcast Disabled 1 pps Storm Unicast Disabled 1 pps Port Default Tag Priority QCL ID Rate Limiter Shaper Mode Weight 1 Low 0 1 Disabled Disabled Strict 1 2 4 8 2 Low 0 1 Disabled Disabled Strict 1 2 4 8 3 Low 0 1 Disabled Disabled Strict 1 2 4 8 4 Low 0 1 Disabled Disabled Strict 1 2 4 8 QoS Classes Description ...

Page 431: ... classes 2 QoS Default Description Set or show the default port priority Syntax QoS Default port_list class Parameters port_list Port list or all default All ports class Traffic class low normal medium high or 1 2 3 4 Default Setting Low Example Set high priority for port5 SWITCH qos default 5 high QoS Tag Priority Description Set or show the port VLAN tag priority ...

Page 432: ...Example Set priority7 for port 3 SWITCH qos tagprio 3 7 QoS QCL Port Description Set or show the port QCL ID Syntax QoS QCL Port port_list qcl_id Parameters port_list Port list or all default All ports qcl_id QCL ID Default Setting 1 Example Set QCL ID5 for port10 SWITCH qos qcl port 10 5 QoS QCL Add Description Add or modify QoS Control Entry QCE ...

Page 433: ..._id_next etype etype vid vid port udp_tcp_port dscp dscp tos tos_list tag_prio tag_prio_list class Parameters qcl_id QCL ID qce_id QCE ID 1 24 qce_id_next Next QCE ID 1 24 etype Ethernet Type keyword etype Ethernet Type vid VLAN ID keyword vid VLAN ID 1 4095 port UDP TCP port keyword udp_tcp_port Source or destination UDP TCP port 0 65535 dscp IP DSCP keyword dscp IP DSCP 0 63 tos IP ToS keyword t...

Page 434: ... show the port egress scheduler mode Syntax QoS Mode port_list strict weighted Parameters port_list Port list or all default All ports strict Strict mode weighted Weighted mode default Show QoS mode Default Setting Strict Example Set weighted mode for port15 SWITCH qos mode 15 weighted QoS Weight Description Set or show the port egress scheduler weight ...

Page 435: ...er Syntax QoS Rate Limiter port_list enable disable bit_rate Parameters port_list Port list or all default All ports enable Enable rate limiter disable Disable rate limiter default Show rate limiter mode bit_rate Rate in 1000 bits per second 500 1000000 kbps Default Setting Disabled 500kbps Example Set 1000kbps rate limiter for port17 24 SWITCH qos rate limiter 17 24 enable 1000 QoS Shaper Descrip...

Page 436: ...kbps shaper for port 9 16 SWITCH qos shaper 9 16 enable 1000 QoS Storm Unicast Description Set or show the unicast storm rate limiter Syntax QoS Storm Unicast enable disable packet_rate Parameters enable Enable unicast storm control disable Disable unicast storm control packet_rate Rate in pps 1 2 4 512 1k 2k 4k 1024k Default Setting Disabled 1pps Example Enable unicast storm rate limiter in 1kpps...

Page 437: ...2 1k 2k 4k 1024k Default Setting Disabled 1pps Example Enable multicast storm rate limiter in 1kpps SWITCH qos storm multicast enable 1k QoS Strom Broadcast Description Set or show the multicast storm rate limiter Syntax QoS Storm Broadcast enable disable packet_rate Parameters enable Enable broadcast storm control disable Disable broadcast storm control packet_rate Rate in pps 1 2 4 512 1k 2k 4k ...

Page 438: ...rking disable Disable QoS Remarking Default Setting Disabled Example Enable the status of QoS DSCP Remarking for port 1 4 SWITCH qos dscp remarking 1 4 enable QoS DSCP Queue Mapping Description Set or show the default port priority Syntax QoS DSCP Queue Mapping port_list class dscp Parameters port_list Port list or all default All ports class Traffic class low normal medium high or 1 2 3 4 dscp Qo...

Page 439: ...rt_list Port list or all default All ports Default Setting disable Example Show mirror configuration SWITCH mirror configuration Mirror Port Description Set or show the mirror port Syntax Mirror Port port disable Parameters port disable Mirror port or disable default Show port Default Setting Mirror Port 1 Example Set port 2 for the mirror port SWITCH mirror port 2 ...

Page 440: ...r mirror switch ID SWITCH mirror sid 2 Mirror Mode Description Set or show the mirror mode Syntax Mirror Mode port_list enable disable rx tx Parameters port_list Port list or all default All ports enable Enable Rx and Tx mirroring disable Disable Mirroring rx Enable Rx mirroring tx Enable Tx mirroring default Show mirror mode Default Setting disable ...

Page 441: ...User s Manual of NS3550 24T 4S 441 Example Enable the mirror mode for port 1 4 SWITCH mirror mode 1 4 enable ...

Page 442: ...ters ip_server TFTP server IP address a b c d file_name Configuration file name Configuration Load Description Load configuration from TFTP server Syntax Config Load ip_server file_name check Parameters ip_server TFTP server IP address a b c d file_name Configuration file name check Check configuration file only default Check and apply file ...

Page 443: ...er Syntax Firmware Load ip_addr_string file_name Parameters ip_addr_string IP host address a b c d or a host name string file_name Firmware file name Firmware IPv6 Load Description Load new firmware from IPv6 TFTP server Syntax Firmware IPv6 Load ipv6_server file_name Parameters ipv6_server TFTP server IPv6 address ...

Page 444: ... SWITCH upnp configuration UPnP Configuration UPnP Mode Disabled UPnP TTL 4 UPnP Advertising Duration 100 UPnP Mode Description Set or show the UPnP mode Syntax UPnP Mode enable disable Parameters enable Enable UPnP disable Disable UPnP default Show UPnP mode Default Setting disable Example Enable the UPnP mode SWITCH upnp mode enable ...

Page 445: ...ng 4 Example Set the value 10 for TTL value of the IP header in SSDP messages SWITCH upnp ttl 10 UPnP Advertising Duration Description Set or show UPnP Advertising Duration Syntax UPnP Advertising Duration duration Parameters duration duration range 100 86400 default Show UPnP duration range Default Setting 100 Example Set value 1000 for UPnP Advertising Duration SWITCH upnp advertising duration 1...

Page 446: ...led 6 Disabled Receive Disabled 7 Disabled Receive Disabled 8 Disabled Receive Disabled 9 Disabled Receive Disabled 10 Disabled Receive Disabled 11 Disabled Receive Disabled 12 Disabled Receive Disabled 13 Disabled Receive Disabled 14 Disabled Receive Disabled 15 Disabled Receive Disabled 16 Disabled Receive Disabled 17 Disabled Receive Disabled 18 Disabled Receive Disabled 19 Disabled Receive Dis...

Page 447: ...447 MVR Group MVR Status Description Show the MVR status Syntax MVR Status MVR Mode Description Set or show the MVR mode Syntax MVR Mode enable disable Parameters enable Enable MVR mode disable Disable MVR mode default Show MVR mode ...

Page 448: ...de port_list enable disable Parameters port_list Port list or all default All ports enable Enable MVR mode disable Disable MVR mode default Show MVR mode Default Setting disable Example Enable the MVR port mode for port 1 4 SWITCH mvr port mode 1 4 enable MVR Multicast VLAN Description Set or show MVR multicast VLAN ID Syntax MVR Multicast VLAN vid ...

Page 449: ...e Description Set or show MVR port type Syntax MVR Port Type port_list source receiver Parameters port_list Port list or all default All ports source Enable source mode receiver Disable receiver mode default Show MVR port type Default Setting receive Example Set source type for MVR port type of port 1 SWITCH mvr port type 1 source MVR Immediate Leave Description Set or show MVR port state about im...

Page 450: ...t Port list or all default All ports enable Enable Immediate leave mode disable Disable Immediate leave mode default Show MVR Immediate leave mode Default Setting disable Example Enable MVR port state about immediate leave for port 1 SWITCH mvr immediate leave 1 enable ...

Page 451: ...I Description 00 30 4F IFS phones 00 03 6B Cisco phones 00 0F E2 H3C phones 00 60 B9 Philips and NEC AG phones 00 D0 1E Pingtel phones 00 E0 75 Polycom phones 00 E0 BB 3Com phones 00 01 E3 Siemens AG phones Voice VLAN Port Configuration Port Mode Security Discovery Protocol 1 Disabled Disabled 2 Disabled Disabled 3 Disabled Disabled 4 Disabled Disabled 5 Disabled Disabled 6 Disabled Disabled 7 Dis...

Page 452: ...ust disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Mode enable disable Parameters enable Enable Voice VLAN mode disable Disable Voice VLAN mode default Show flow Voice VLAN mode Default Setting disable Example Enable the Voice VLAN mode SWITCH voice vlan mode enable Voice VLAN ID Description Set or show Voice VLAN ID Syntax Voice VLAN...

Page 453: ...s Manual of NS3550 24T 4S 453 Default Setting 1000 Example Set ID 2 for Voice VLAN ID SWITCH voice vlan id 2 Voice VLAN Agetime Description Set or show Voice VLAN age time Syntax Voice VLAN Agetime age_time ...

Page 454: ...escription Set or show Voice VLAN ID Syntax Voice VLAN Traffic Class class Parameters class Traffic class low normal medium high or 1 2 3 4 Default Setting high Example Set medium traffic class for voice VLAN SWITCH voice vlan traffic class medium Voice VLAN OUI Add Description Add Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Add oui_addr descrip...

Page 455: ...22 test Voice VLAN OUI Delete Description Delete Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Delete oui_addr Parameters oui_addr OUI address xx xx xx Example Delete Voice VLAN OUI entry SWITCH voice vlan oui delete 00 11 22 Voice VLAN OUI Clear Description Clear Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Vo...

Page 456: ... the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Port Mode port_list disable auto force Parameters port_list Port list or all default All ports disable Disjoin from Voice VLAN auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VL...

Page 457: ...nabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Syntax Voice VLAN Security port_list enable disable Parameters port_list Port list or all default All ports enable Enable Voice VLAN security mode disable Disable Voice VLAN security mode default Show flow Voice VLAN security mode Default Setting disable Example Enable the Voice VLAN port security mode for port 1 4 SWITC...

Page 458: ...Setting disable SMTP Mode Description Enable or disable SMTP configure Syntax SMTP Mode enable disable Parameters enable Enable SMTP mode disable Disable SMTP mode default Show SMTP mode Default Setting disable SMTP Server Description Set or show SMTP server configure Syntax SMTP Server server port Parameters ...

Page 459: ...igure Syntax SMTP Auth enable disable Parameters enable Enable SMTP Authentication disable Disable SMTP Authentication default Show SMTP Authentication Default Setting disable SMTP Auth_user Description Set or show up SMTP authentication user name configure Syntax SMTP Auth_user auth_user_text Parameters auth_user_text SMTP Authentication User Name Default Setting disable ...

Page 460: ...Password Default Setting disable SMTP Mailfrom Description Set or show SMTP e mail from configure Syntax SMTP Mailfrom mailfrom_text Parameters mailfrom_text SMTP E mail From address Default Setting disable SMTP Mailsubject Description Set or show up SMTP e mail subject configure Syntax SMTP Mailsubject mailsubject_text Parameters mailsubject_text SMTP E mail Subject ...

Page 461: ...TP e mail 1 to configure Syntax SMTP Mailto1 mailto1_text Parameters mailto1_text SMTP e mail 1 to address Default Setting disable SMTP Mailto2 Description Set or show SMTP e mail 2 to configure Syntax SMTP Mailto2 mailto2_text Parameters mailto1_text SMTP e mail 2 to address Default Setting disable ...

Page 462: ...ion Syntax Show acl Show Link Aggregation Configuration Description Show link aggregation configuration Syntax Show aggr Show IGMP Configuration Description Show IGMP snooping configuration Syntax Show igmp Show IP Configuration Description Show IP configuration Syntax Show ip ...

Page 463: ...acp Show LLDP Configuration Description Show LLDP configuration Syntax Show lldp Show MAC Configuration Description Show MAC address table configuration Syntax Show MAC Show Mirror Configuration Description Show mirror configuration Syntax Show mirror Show PoE Configuration Description Show PoE configuration ...

Page 464: ...guration Syntax Show port Show Private VLAN Configuration Description Show up Private VLAN configuration Syntax Show pvlan Show QoS Configuration Description Show QoS Configuration Syntax Show QoS Show SNMP Configuration Description Show SNMP configuration Syntax Show SNMP ...

Page 465: ...ow System Configuration Description Show system configuration Syntax Show system Show VLAN Configuration Description Show VLAN configuration Syntax Show vlan Show STP Configuration Description Show up STP Port configuration Syntax Show STP ...

Page 466: ...tem Log 2 Syslog 3 SNMP Trap 4 SMTP default set or show digital input 1 2 action enable Enable digital input1 2 function disable Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Enable Digital input 1 and enable acion to System log SWITCH dido di_act first 1 enable Didital input1 action System Log enbale Syslog disable SNMP Trap disable SMTP...

Page 467: ... first window was opened Di_en Description Set or show the system digital input1 2 Syntax di_desc first second description Parameters first Digital input output 1 second Digital input output 2 default Set or show digital input output first 1 second 2 select enable Enable digital input1 2 function disable Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 sta...

Page 468: ...ble digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Set digital output action SWITCH dido do_act first port enable SWITCH dido do_act first power enable Do_en Description Set or show the system digital output1 2 Syntax do_en first second enable disable hightolow lowtohigh Parameters first Digital input output 1 second Digital input output 2 default...

Page 469: ...rs first Digital input output 1 second Digital input output 2 default Set or show digital input output first 1 second 2 select port_list Port list or all default All ports Example Set digital output port alarm SWITCH dido do_port_alr first all SWITCH dido do_port_alr first 1 3 5 SWITCH dido do_port_alr first 1 10 Do_pwr_alr Description Set or show the system digital output1 2 power alarm Syntax di...

Page 470: ...H dido do_pwr_alr first dc2 enable SWITCH dido do_pwr_alr first ac enable fault_act Description Set or show the system fault alarm action Syntax dido fault_act port power enable disable Parameters port port fail power power fail default Set or show digital output fault alarm 1 2 action enable Enable digital input1 2 function disable Disable digital input1 2 function default Set or show digital inp...

Page 471: ...Enable power alarm configuration SWITCH dido fault_en enable fault_port_alr Description Set or show the system fault alarm of port alarm Syntax dido fault_port_alr port_list Parameters port_list Port list or all default All ports Example Enable power alarm configuration SWITCH dido fault_port_alr all SWITCH dido fault_port_alr 1 3 5 SWITCH dido fault_port_alr 1 10 fault_pwr_alr Description Set or ...

Page 472: ... power_fail enable Enable digital input1 2 function disable Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Enable power alarm configuration SWITCH dido fault_pwr_alr dc1 enable SWITCH dido fault_pwr_alr dc2 enable SWITCH dido fault_pwr_alr ac enable ...

Page 473: ...this packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network needs efficienc...

Page 474: ...is is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode If attached device is 100Base TX port will set to 10Mbps no auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10Base T Full Duplex 100Mbps no auto negotiation 100Mbps 100Mbps with auto negot...

Page 475: ...ormance will be poor Please also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 100Base TX port link LED is lit but the traffic is irregular Solutio...

Page 476: ...changed or the admin password forgeotten To reset the IP address to the default IP Address 192 168 0 100 or reset the password to default value press the hardware reset button at the front panel about 10 seconds After the device is rebooted you can login the management WEB interface within the same subnet of 192 168 0 xx Reset ...

Page 477: ...ur 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assign...

Page 478: ...reen 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Figure A 1 Straight Through and Cr...

Page 479: ...t IP Change Not Accessable Change Not Accessable Not Accessable Not Accessable Factory Default Change Not Accessable Not Accessable Not Accessable Not Accessable Not Accessable System System Reboot Change Not Accessable Not Accessable Not Accessable Not Accessable Not Accessable Port Control Change Change Change View Only Not Accessable Not Accessable Rate Control Change Change Change View Only No...

Page 480: ...View Only Change View Only LLDP PerPort Configuration Change Change Change View Only Change View Only Access Control List Change Change Change View Only Not Accessable Not Accessable User Configuration See Blow I Not Accessable See Blow II Not Accessable See Blow III Not Accessable MAC Limit Change Change Change View Only Not Accessable Not Accessable Security 802 1x Configuration Change Change Ch...

Page 481: ...ws the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated with a Policy 1 ingress port or any ingress port the whole switch If an ACE P...

Page 482: ... Ethernet address ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known Before using IP the host sends a broadcast ARP request containing the Internet address of the desired destination system ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by pois...

Page 483: ...ient while the first client s assignment is valid its lease has not expired Therefore IP address pool management is done by the server and not by a human network administrator Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without...

Page 484: ...of Service In a denial of service DoS attack an attacker attempts to prevent legitimate users from accessing information or services By targeting at network sites or network connection an attacker may be able to prevent network users from accessing email web sites online accounts banking etc or other services that rely on the affected computer Dotted Decimal Notation Dotted Decimal Notation refers...

Page 485: ...ontrols how the World Wide Web works is HTML which covers how Web pages are formatted and displayed Any Web server machine contains in addition to the Web page files it can serve an HTTP daemon a program that is designed to wait for HTTP requests and handle them when they arrive The Web browser is an HTTP client sending requests to server machines An HTTP client initiates a request by establishing...

Page 486: ... servers and SMTP is the protocol used to transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves your email messages on the server rather than downloading them to your computer If you wish to remove your messages f...

Page 487: ...ndard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the...

Page 488: ...s the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if there is not frame with the corresponding SMAC address have been seen after a configurable age time MEP MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenan...

Page 489: ... OSI model NFS NFS is an acronym for Network File System It allows hosts to mount partitions on a remote system and use them as though they are local file systems NFS allows the system administrator to store resources in a central location on the network providing authorized users continuous access to them which means NFS supports sharing of files printers and other resources as persistent storage...

Page 490: ...d the packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected ping uses Internet Control Message Protocol ICMP packets The PING Request is the packet from the origin computer and the PING Reply is the packet response from the target PoE PoE is an acronym for Power Over Ethernet Power Over Ethernet is used to transmit electrical power to r...

Page 491: ...orks Wikipedia Private VLAN In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN PTP PTP is an acronym for Precision Time Protocol a network protocol for synchronizing the clocks of computer systems Q QCE QCE is an acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID There are six QCE fram...

Page 492: ...ADIUS RADIUS is an acronym for Remote Authentication Dial In User Service It is a networking protocol that provides centralized access authorization and accounting management for people or computers to connect and use a network service RDI RDI is an acronym for Remote Defect Indication It is a OAM functionallity that is used by a MEP to indicate defect detected to the remote peer MEP Router Port A...

Page 493: ...ansmitted frames It is located after the ingress queues SMTP SMTP is an acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications regarding incoming mail SNMP SNMP is an acronym for Simple Network Management ...

Page 494: ...servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority Tag Priority is a 3 bit field storing the priority level for the 802 1Q frame TCP TCP is an acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages b...

Page 495: ...s file writing and reading but it does not provides directory service and security features ToS ToS is an acronym for Type of Service It is implemented as the IPv4 ToS priority control It is fully decoded to determine the priority from the 6 bit ToS field in the IP header The most significant 6 bits of the ToS field are fully decoded into 64 possibilities and the singular code that results is comp...

Page 496: ...and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components User Priority User Priority is a 3 bit field storing the priority level for the 802 1Q frame V VLAN Virtual LAN is a method to restrict communic...

Page 497: ...created in response to several serious weaknesses researchers had found in the previous system Wired Equivalent Privacy WEP WPA implements the majority of the IEEE 802 11i standard and was intended as an intermediate measure to take the place of WEP while 802 11i was prepared WPA is specifically designed to also work with pre WPA wireless network interface cards through firmware upgrades but not n...

Page 498: ... The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPS WPS is an acronym for Wi Fi Protected Setup It is a standard for easy and secure establishment of a wireless home network The goal of the WPS protocol is to simplify the process of connecting any home device to the wireless network Wikipedia WTR WTR is an acronym for Wait To Restore This is the time a fail on a res...

Reviews:

No comments

Related manuals for IFS NS3550-24T/4S

CALIENT S320 Hardware User'S Manual preview
S320
Brand: CALIENT Pages: 46
CALIENT S320 Getting Started Manual preview
S320
Brand: CALIENT Pages: 42
G&D DVIMUX4-DL-USB Installation And Operations preview
DVIMUX4-DL-USB
Brand: G&D Pages: 36
HPM XL770T Product Information preview
XL770T
Brand: HPM Pages: 4
Cabletron Systems 3T01-04 User Manual preview
3T01-04
Brand: Cabletron Systems Pages: 52
IDEM SAFETY SWITCHES KLM-P2L Operating Instructions preview
KLM-P2L
Brand: IDEM SAFETY SWITCHES Pages: 2
Lantech IPES-3408GSFP User Manual preview
IPES-3408GSFP
Brand: Lantech Pages: 119
Black Box LE2650A Specifications preview
LE2650A
Brand: Black Box Pages: 2
Farallon Fast Starlet User Manual preview
Fast Starlet
Brand: Farallon Pages: 22
StarTech.com VS221HD20 Quick Start Manual preview
VS221HD20
Brand: StarTech.com Pages: 2
CYP CPLUS-662CVEA Operation Manual preview
CPLUS-662CVEA
Brand: CYP Pages: 68
ROSSMA IIOT-AMS Tilt Counter Operation Manual preview
IIOT-AMS Tilt Counter
Brand: ROSSMA Pages: 13
Hailink MX44NN00RK User Manual preview
MX44NN00RK
Brand: Hailink Pages: 6
Banner SI-HG63FQDR Instruction Manual preview
SI-HG63FQDR
Brand: Banner Pages: 8
Pittway System Sensor EPS40 Series Installation And Maintenance Instructions preview
System Sensor EPS40 Series
Brand: Pittway Pages: 4
3Com SuperStack II Switch 3300 User Manual preview
SuperStack II Switch 3300
Brand: 3Com Pages: 64
Cabletron Systems SmartSTACK 10 ELS10-26 Getting Started preview
SmartSTACK 10 ELS10-26
Brand: Cabletron Systems Pages: 18
steute ES 98 SR Mounting And Wiring Instructions preview
ES 98 SR
Brand: steute Pages: 8

Brands by name

Popular brands

Load more brands