Interlogix NS3702-24P-4S User Manual Download

Page: 247 / 405

247

3rd party switch or a hub) and still require individual authentication, and that the clients don't need special supplicant software to

authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users, equipment whose MAC address is a

valid RADIUS user can be used by anyone, and only the MD5-Challenge method is supported.

The 802.1X and MAC-Based Authentication configuration consists of two sections, a system- and a port-wide.

Overview of User Authentication

It is allowed to configure the Managed Switch to authenticate users logging into the system for management access using local or

remote authentication methods, such as telnet and Web browser. This Managed Switch provides secure network management

access using the following options:



Remote Authentication Dial-in User Service (RADIUS)



Terminal Access Controller Access Control System Plus ()



Local user name and Priviledge Level control

RADIUS and

are logon authentication protocols that use software running on a central server to control access to

RADIUS-aware or TACACS-aware devices on the network. An

authentication server

contains a database of multiple user name /

password pairs with associated privilege levels for each user that requires management access to the Managed Switch.

4.11.1 Understanding IEEE 802.1X Port-Based Authentication

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized

clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to

a switch port before making available any services offered by the switch or the LAN.

Until the client is authenticated, 802.1X access control allows only

Extensible Authentication Protocol over LAN (EAPOL)

traffic

through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

This section includes this conceptual information:



Device Roles



Authentication Initiation and Message Exchange



Ports in Authorized and Unauthorized States



Device Roles

With 802.1X port-based authentication, the devices in the network have specific roles as shown below.

Summary of Contents for NS3702-24P-4S

Page 1: ...NS3702 24P 4S User Manual P N 1072832 REV 00 01 ISS 14JUL14 ...

Page 2: ...e FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications You are cautioned that any changes or modific...

Page 3: ...t Panel 22 2 1 2 LED Indications 23 2 1 3 Switch Rear Panel 25 2 2 Installing the Switch 26 2 2 1 Desktop Installation 26 2 2 2 Rack Mounting 27 2 2 3 Installing the SFP Transceiver 28 3 SWITCH MANAGEMENT 32 3 1 Requirements 32 3 2 Management Access Overview 33 3 3 Administration Console 34 3 4 Web Management 35 3 5 SNMP based Network Management 36 4 WEB CONFIGURATION 37 4 1 Main Web Page 40 4 2 S...

Page 4: ...e Upgrade 68 4 2 18 Save Startup Config 69 4 2 19 Configuration Download 69 4 2 20 Configuration Upload 70 4 2 21 Configuration Activate 71 4 2 22 Configuration Delete 71 4 2 23 Image Select 72 4 2 24 Factory Default 73 4 2 25 System Reboot 73 4 3 Simple Network Management Protocol 74 4 3 1 SNMP Overview 74 4 3 2 SNMP System Configuration 76 4 3 3 SNMP Trap Configuration 78 4 3 4 SNMP System Infor...

Page 5: ...bership Status 118 4 6 5 VLAN Port Status 122 4 6 6 Private VLAN 123 4 6 7 Port Isolation 125 4 6 8 VLAN setting example 128 4 6 8 1 Two Separate 802 1Q VLANs 128 4 6 8 2 VLAN Trunking between two 802 1Q aware switches 130 4 6 8 3 Port Isolate 133 4 6 9 MAC based VLAN 136 4 6 10 MAC based VLAN Status 137 4 6 11 Protocol based VLAN 138 4 6 12 Protocol based VLAN Membership 139 4 7 Spanning Tree Pro...

Page 6: ... MLD Snooping Status 185 4 8 14 MLD Group Information 186 4 8 15 MLDv2 Information 187 4 8 16 MVR Multicaset VLAN Registration 189 4 8 17 MVR Status 192 4 8 18 MVR Groups Information 193 4 8 19 MVR SFM Information 194 4 9 Quality of Service 196 4 9 1 Understanding QoS 196 4 9 2 Port Policing 197 4 9 3 Port Classification 198 4 9 4 Port Scheduler 200 4 9 5 Port Shaping 201 4 9 5 1 QoS Egress Port S...

Page 7: ...2 Authentication Configuration 250 4 11 3 Network Access Server Configuration 252 4 11 4 Network Access Overview 264 4 11 5 Network Access Statistics 265 4 11 6 RADIUS 272 4 11 7 TACACS 275 4 11 8 RADIUS Overview 277 4 11 9 RADIUS Details 279 4 11 10 Windows Platform RADIUS Server Configuration 285 4 11 11 802 1X Client Configuration 291 4 12 Security 294 4 12 1 Port Limit Control 294 4 12 2 Acces...

Page 8: ... 4 14 6 Port Statistics 337 4 15 Network Diagnostics 340 4 15 1 Ping 341 4 15 2 IPv6 Ping 342 4 15 3 Remote IP Ping Test 343 4 15 4 Cable Diagnostics 344 4 16 Power over Ethernet 346 4 16 1 Power over Ethernet Powered Device 346 4 16 2 System Configuration 347 4 16 3 Power Over Ethernet Configuration 348 4 16 4 Port Sequential 351 4 16 5 Port Configuration 352 4 16 6 PoE Status 354 4 16 7 PoE Sche...

Page 9: ...on 375 4 18 8 RMON Statistics Status 376 5 SWITCH OPERATION 378 5 1 Address Table 378 5 2 Learning 378 5 3 Forwarding Filtering 378 5 4 Store and Forward 378 5 5 Auto Negotiation 379 6 Power over Ethernet Overview 380 7 TROUBLESHOOTING 382 APPENDIX A Networking Connection 383 A 1 PoE RJ 45 Port Pin Assignments 383 A 2 Switch s Data RJ 45 Pin Assignments 1000Mbps 1000Base T 383 A 3 10 100Mbps 10 10...

Page 10: ...anaged Switch is used as an alternative name in this user s manual 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items Check the contents of your package for the following parts The Managed Switch x1 User s Manual CD x1 Quick Installation Guide x1 RS 232 DB9 Male Console Cable x1 Rubber Feet x4 Rack Mount Accessory Kit x1 Power ...

Page 11: ...eillance software to perform comprehensive security monitoring For instance the NS3702 can combine with NVR and 16 or more PoE IP cameras as a kit for the administrators centrally and efficiently manage the surveillance system in the local LAN and the remote site via Internet Centralized Power Management for Gigabit Ethernet PoE Networking To fulfill the needs of higher power required PoE network ...

Page 12: ...st NVR or camera management software offers SMTP email alert function the NS3702 further provides event alert function to help to diagnose the abnormal device owing to whether the network connection break lost of PoE power or the rebooting response by PD Alive Checking process PoE Schedule for Energy Saving Besides applied in IP Surveillance the NS3702 24P 4S is certainly applicable to construct a...

Page 13: ...Tree protocol MSTP Layer 2 to Layer 4 QoS bandwidth control and IGMP MLD Snooping The NS3702 provides 802 1Q Tagged VLAN and the VLAN groups allowed will be maximally up to 255 Via aggregation of supporting ports the NS3702 allows the operation of a high speed trunk combining multiple ports and supports fail over as well Powerful Security The NS3702 offers comprehensive Layer 2 to Layer 3 Access C...

Page 14: ...Switch Section 4 WEB CONFIGURATION The section explains how to manage the Managed Switch by Web interface Section 5 SWITCH OPERATION The chapter explains how to do the switch operation of the Managed Switch Section 6 POWER over ETHERNET OVERVIEW The chapter introduces the IEEE 802 3af 802 3at PoE standard and PoE provision of the Managed Switch Section 7 TROUBLESHOOTING The chapter explains how to...

Page 15: ...een ports Remote power feeding up to 100 meters PoE Management Total PoE power budget control Per port PoE function enable disable PoE Port Power feeding priority Per PoE port power limitation PD classification detection PD alive check PoE schedule PD power recycling schedule Layer 2 Features Prevents packet loss with back pressure half duplex and IEEE 802 3x pause frame flow control full duplex H...

Page 16: ...s Layer 3 IP Routing Features Supports maximum 128 static routes and route summarization Quality of Service Ingress Shaper and Egress Rate Limit per port bandwidth control 8 priority queues on all switch ports Traffic classification IEEE 802 1p CoS TOS DSCP IP Precedence of IPv4 IPv6 packets IP TCP UDP port number Typical network application Strict priority and Weighted Round Robin WRR CoS policie...

Page 17: ...witch management SSH SSL secure access Four RMON groups history statistics alarms and events IPv6 Address NTP management Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment Firmware upload download via HTTP TFTP DHCP Relay and Option 82 User Privilege levels control NTP Network Time Protocol Link Layer Discovery Protocol LLDP SFP DDM Digital Diagnostic Moni...

Page 18: ...uplex Jumbo Frame 9K bytes Reset Button 5 sec System reboot 5 sec Factory Default Dimension W x D x H 440 x 300 x 44 5 mm 1U height Weight 4750g LED System Power Green FAN1 Green FAN2 Green FAN3 Green PWR Green 10 100 1000T RJ45 Interfaces Port 1 to Port 24 10 100 1000Mbps LNK ACT Green PoE In Use Orange 100 1000Mbps SFP Combo Interfaces Port 21 to Port 24 1000Mbps Green LNK ACT Orange Power Requi...

Page 19: ...t VLAN Registration GVRP Up to 255 VLAN groups out of 4094 VLAN IDs Link Aggregation IEEE 802 3ad LACP Static Trunk Supports 12 groups of 16 port trunk QoS Traffic classification based Strict priority and WRR 8 Level priority for switching Port Number 802 1p priority 802 1Q VLAN tag DSCP TOS field in IP Packet IGMP Snooping IGMP v1 v2 v3 Snooping up to 255 multicast Groups IGMP Querier mode suppor...

Page 20: ...36 MAU MIB IEEE 802 1X PAE LLDP Standards Conformance Regulation Compliance FCC Part 15 Class A CE Standards Compliance IEEE 802 3 10Base T IEEE 802 3u 100Base TX 100Base FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1D Spanning tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple...

Page 21: ...version 3 RFC 2710 MLD version 1 RFC 3810 MLD version 2 Environment Operating Temperature 0 50 degrees C Relative Humidity 20 95 non condensing Storage Temperature 20 70 degrees C Relative Humidity 20 95 non condensing ...

Page 22: ...the Managed Switch please read this chapter completely 2 1 Hardware Description 2 1 1 Switch Front Panel The front panel provides a simple interface monitoring the Managed Switch Figure 2 1 1 shows the front panel of the Managed Switch NS3702 24P 4S Front Panel Figure 2 1 1 Front Panels of NS3702 24P 4S Gigabit TP interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters SFP slot 100 10...

Page 23: ... Managed Switch without turning off and on the power The following is the summary table of reset button functions Reset Button Pressed and Released Function 5 sec System Reboot Reboot the Managed Switch 5 sec Factory Default Reset the Managed Switch to Factory Default configuration The Managed Switch will then reboot and load the default settings as shown below Default Username admin Default Passw...

Page 24: ...Mbps successfully Blinks to indicate the switch is sending or receiving data over that port actively PoE In Use Orange Lights to indicate the port is providing 56V DC in line power Lights off to indicate the connected device is not a PoE Powered Device PD Per 100 1000Base X SFP Interface Port 23 to Port 24 LED Color Function Lights To indicate the port is successfully established at 1000Mbps 1000 ...

Page 25: ...0 Hz Plug the female end of the power cord firmly into the receptalbe on the rear panel of the Managed Switch Plug the other end of the power cord into an electric service outlet and the power will be ready Power Notice The device is a power required device which means it will not work till it is powered If your networks should be active all the time please consider using UPS Uninterrupted Power S...

Page 26: ...ttom of the Managed Switch Step 2 Place the Managed Switch on the desktop or the shelf near an AC power source as shown in Figure 2 2 1 Figure 2 2 1 Place the Managed Switch on the Desktop Step 3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and specif...

Page 27: ...h standard rack please follow the instructions described below Step 1 Place the Managed Switch on a hard flat surface with the front panel positioned towards the front side Step 2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 2 2 shows how to attach brackets to one side of the Managed Switch Figure 2 2 2 Attach Brackets to th...

Page 28: ...ion 2 2 1 Desktop Installation to connect the network cabling and supply power to the Managed Switch 2 2 3 Installing the SFP Transceiver The sections describe how to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Managed Switch as the Figure 2 2 4 show...

Page 29: ...IFS SFP Transceivers NS3702 Managed Switch supports both single mode and multi mode SFP transceiver The following list of approved Fast Ethernet Transceiver 100Base X SFP Gigabit Ethernet Transceiver 1000Base X SFP ...

Page 30: ...LC connector type To connect to 1000Base LX SFP transceiver please use the single mode fiber cable with one side being the male duplex LC connector type Connect the Fiber Cable 1 Insert the duplex LC connector into the SFP SFP transceiver 2 Connect the other end of the cable to a device with SFP SFP transceiver installed 3 Check the LNK ACT LED of the SFP SFP slot on the front of the Managed Switc...

Page 31: ...the SFP SFP Transceiver Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP module slot of the Managed Switch ...

Page 32: ...ration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations running Windows 2000 XP 2003 Vista 7 8 2008 MAC OS9 or later or Linux UNIX or other platforms compatible with TCP IP protocols Workstation is installed with Ethernet NIC Network Interface Card Serial Port connect Terminal The above PC with COM Port DB9 RS 232 or USB to RS 2...

Page 33: ...d HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be compromised hackers n...

Page 34: ...rect access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight DB9 RS 232 cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the following ...

Page 35: ...d Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch Figure 3 1 3 Web Management You can then use your Web browser to list and manage the Managed Switch configurat...

Page 36: ...nd the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default getting and setting co...

Page 37: ...e network ports The Managed Switch can be configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you...

Page 38: ...in or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen appears as shown in Figure 4 1 3 ...

Page 39: ...mands and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch 2 The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this first setup 4 Only accept command in lowercas...

Page 40: ... s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics Page The port status are illustrated as follows State Disabled Down Link RJ 45 Ports SFP Ports Main Menu Using the onboard web agent you can define system parameters manage and control the Managed Switch and all its ports or monitor ne...

Page 41: ...41 those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Managed Switch Main Functions Menu ...

Page 42: ...des statistics for DHCP relay CPU Load This Page displays the CPU load using an SVG graph System Log The Managed Switch system log information is provided here Detailed Log The Managed Switch system detailed log information is provided here Remote Syslog Configure remote syslog on this Page SMTP Configuration Configuration SMTP parameters on this Page Web Firmware Upgrade This Page facilitates an ...

Page 43: ...ollowing fields Object Description Contact The system contact configured in SNMP System Information System Contact Name The system name configured in SNMP System Information System Name Location The system location configured in SNMP System Information System Location MAC Address The MAC Address of this Managed Switch Temperature Indicates chipset temperature System Date The current GMT system tim...

Page 44: ...guration includes the IP Configuration IP Interface and IP Routes The configured column is used to view or change the IP configuration The maximum number of interfaces supported is 128 and the maximum number of routes is 32 The screen in Figure 4 2 2 appears Figure 4 2 2 IP Configuration Page Screenshot The current column is used to show the active IP configuration Object Description IP Configurat...

Page 45: ... input when creating an new interface Enabled Enable the DHCP client by checking this box Fallback The number of seconds for trying to obtain a DHCP lease IPv4 DHCP Current Lease For DHCP interfaces with an active lease this column show the current interface address as provided by the DHCP server Address Provide the IP address of this Managed Switch in dotted decimal notation IPv4 Mask Length The ...

Page 46: ...6 interface associated with the gateway Buttons Click to add a new IP interface A maximum of 128 interfaces is supported Click to add a new IP route A maximum of 32 routes is supported Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 2 3 IP Status IP Status displays the status of the IP protocol layer The status is defined by the IP interfaces t...

Page 47: ...heck this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page 4 2 4 Users Configuration This Page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser After setup is completed press Apply button to take effect Please login web interface with new user name a...

Page 48: ... level 5 for a guest account Buttons Click to add a new user Add Edit User This Page configures a user add edit or delete user Figure 4 2 5 Add Edit User Configuration Page Screenshot The Page includes the following fields Object Description Username A string identifying the user name that this entry should belong to The allowed string length is 1 to 31 The valid user name is a combination of lett...

Page 49: ...ry defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Click to undo any changes made locally and return to the Users Delete the curren...

Page 50: ...hanging the default password please press the Reset button on the front panel of the Managed Switch for over 10 seconds and then release it The current setting including VLAN will be lost and the Managed Switch will restore to the default mode ...

Page 51: ...rview of the privilege levels After setup is completed please press Apply button to take effect Please login web interface with new user name and password and the screen in Figure 4 2 7 appears Figure 4 2 7 Privilege Levels Configuration Page Screenshot ...

Page 52: ...ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every privilege level group has an authorization level ...

Page 53: ... the agent forward and to transfer NTP messages between the clients and the server when they are not on the same subnet domain Disabled Disable NTP mode operation Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol i...

Page 54: ...me so time zones tend to follow the boundaries of countries and their subdivisions The Time Zone Configuration screen in Figure 4 2 9 appears Figure 4 2 9 Time Configuration Page Screenshot The Page includes the following fields Object Description Time Zone Lists various Time Zones world wide Select appropriate Time Zone from the drop down and click Save to set Acronym User can set the acronym of ...

Page 55: ...Select the starting hour Minutes Select the starting minute End Time Settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes Select the ending minute Offset Settings Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Buttons Click to apply changes Click to undo any changes made locally and ...

Page 56: ...ration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done ...

Page 57: ...ecifically the option works by setting two sub options Circuit ID option 1 Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id m...

Page 58: ...e DHCP relay information mode option operation Possible modes are Enabled Enable DHCP relay information mode operation When enabling DHCP relay information mode operation the agent inserts specific information option82 into a DHCP message when forwarding to DHCP server and removing it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Disable...

Page 59: ...ncludes the following fields Server Statistics Object Description Transmit to Server The packets number that relayed from client to server Transmit Error The packets number that errors sending packets to clients Receive from Server The packets number that received packets from server Receive Missing Agent Option The packets number that received packets without agent information options Receive Mis...

Page 60: ...ets number that received packets from server Receive Agent Option The packets number that received packets with relay agent information option Replace Agent Option The packets number that replaced received packets with relay agent information option Keep Agent Option The packets number that kept received packets with relay agent information option Drop Agent Option The packets number that dropped ...

Page 61: ... SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 14 appears Figure 4 2 14 CPU Load Page Screenshot Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds If your browser ...

Page 62: ...arning level of the system log Error Error level of the system log All All levels Clear Level To clear the system log entry level The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto ref...

Page 63: ...ending at the last available entry ID 4 2 13 Detailed Log The Managed Switch system detailed log information is provided here The Detailed Log screen in Figure 4 2 16 appears Figure 4 2 15 Detailed Log Page Screenshot The Page includes the following fields Object Description ID The ID 1 of the system log entry Message The message of the system log entry Buttons Download the system log entry to the...

Page 64: ... send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled Enable remote syslog mode operation Disabled...

Page 65: ...65 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 66: ... of the SMTP server SMTP Port Set port number of SMTP service SMTP Authentication Controls whether SMTP authentication is enabled If authentication is required when an e mail is sent Authentication User Name Type the user name for the SMTP server if Authentication is Enable Authentication Password Type the password for the SMTP server if Authentication is Enable E mail From Type the sender s E mai...

Page 67: ...ade Page Screenshot To open Firmware Upgrade screen perform the following 1 Click System Web Firmware Upgrade 2 The Firmware Upgrade screen is displayed as in Figure 4 2 19 3 Click the button of the Main Page the system would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file with upload status 5 Once the software ...

Page 68: ...e the Managed Switch firmware from the TFTP server in the network Before updating make sure you have your TFTP server ready and the firmware image is on the TFTP server The TFTP Firmware Upgrade screen in Figure 4 2 21 appears Figure 4 2 20 TFTP Firmware Update Page Screenshot The Page includes the following fields Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File...

Page 69: ...d The switch stores its configuration in a number of text files in CLI format The files are either virtual RAM based or stored in flash on the switch There are three system files running config A virtual file that represents the currently active configuration on the switch This file is volatile startup config The startup configuration for the switch read at boot time default config A read only fil...

Page 70: ... the destination is running config the file will be applied to the switch configuration This can be done in two ways Replace mode The current configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system files mentioned above plus two other files it is not possible to c...

Page 71: ...resents the currently active configuration Select the file to activate and click This will initiate the process of completely replacing the existing configuration with that of the selected file 4 2 22 Configuration Delete Configuration Delete page allows to delete the startup config and default config files which stored in FLASH If this is done and the switch is rebooted without a prior Save opera...

Page 72: ... is the alternate image only the Active Image table is shown In this case the Activate Alternate Image button is also disabled 1 If the alternate image is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 2 The firmware version and date information may be empty for o...

Page 73: ...t is necessary The Factory Default screen in Figure 4 2 29 appears Figure 4 2 29 Factory Default Page Screenshot Buttons Click to reset the configuration to Factory Defaults Click to return to the Port State Page without resetting the configuration To reset the Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel about 10 seconds After the d...

Page 74: ...ork consists of three key components Network management stations NMSs SNMP agents Management information base MIB and network management protocol Network management stations NMSs Sometimes called consoles these devices execute management applications that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fast CPUs megapixel color displa...

Page 75: ...e group A SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are Write private Read public Use the SNMP Menu to display or configure the Managed Switch s SNMP function This section has the following items System Configuration Configure SNMP on this Page Trap C...

Page 76: ...y read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c co...

Page 77: ...nity string a particular range of source addresses can be used to restrict source subnet Engine ID Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users Buttons Click to apply changes Click to undo any changes made locally and revert to previous...

Page 78: ...tion s name for configuring The allowed string length is 0 to 255 and the allowed content is ASCII characters from 33 to 126 Trap Mode Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v...

Page 79: ... the port range is 1 65535 Trap Inform Mode Indicates the SNMP trap inform mode operation Possible modes are Enabled Enable SNMP trap authentication failure Disabled Disable SNMP trap authentication failure Trap Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 25...

Page 80: ...itch group s traps Possible traps are STP Enable disable STP trap RMON Enable disable RMON trap Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 3 4 SNMP System Information The switch system information is provided here The SNMP System Information screen in Figure 4 3 3 appears Figure 4 3 3 System Information Configuration Page Screensho...

Page 81: ...ASCII characters from 32 to 126 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 3 5 SNMPv3 Configuration 4 3 5 1 SNMPv3 Communities Configure SNMPv3 communities table on this Page The entry index key is Community The SNMPv3 Communities screen in Figure 4 3 4 appears Figure 4 3 4 SNMPv3 Communities Configuration Page Screenshot The Page ...

Page 82: ...NMPv3 Users Configuration Page Screenshot The Page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Engine ID An octet string identifying the engine ID that this entry should belong to The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed...

Page 83: ...on protocol MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if entry already exist That means must first ensure that the value is set correctly Authentication Password A string identifying the authentication pass phrase For MD5 authentic...

Page 84: ... the entry It will be deleted during the next save Security Model Indicates the security model that this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII c...

Page 85: ...d string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 View Type Indicates the view type that this entry should belong to Possible view type are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded In general if a view entry s view type is excluded it should...

Page 86: ... is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Security Model Indicates the security model that this entry should belong to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security...

Page 87: ...his request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new access entry Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 88: ...isplay SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This Page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Figure 4 4 1 Port Configuration Page Screenshot The Page includes the following fields Object Description Port This is the logical port number for this row Po...

Page 89: ...t is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter th...

Page 90: ...ckets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Buttons Download the Port Statistics Overview result as EXECL file Click to refr...

Page 91: ...or receive and transmit The Port Statistics Detail screen in Figure 4 4 3 appears Figure 4 4 3 Detailed Port Statistics Port 1 Page Screenshot The Page includes the following fields Receive Total and Transmit Total Object Description Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes including FCS...

Page 92: ...ignment errors Rx Undersize The number of short frames received with valid CRC Rx Oversize The number of long frames received with valid CRC Rx Fragments The number of short frames received with invalid CRC Rx Jabber The number of long frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes...

Page 93: ...e in real time You can also use the hyperlink of port no to check the statistics on a speficic interface The SFP Module Information screen in Figure 4 4 4 appears Figure 4 4 4 SFP Module Information for Switch Page Screenshot The Page includes the following fields Object Description Type Display the type of current SFP module the possible types are 10GBase SR 10GBase LR 1000Base SX 1000Base LX 100...

Page 94: ...Alert box it will be in accordance with your warning temperature setting and allows users to record message out via SNMP Trap Auto refresh Check this box to enable an automatic refresh of the Page at regular intervals Click to apply changes Click to undo any changes made locally and revert to previously saved values Click to refresh the Page immediately 4 4 5 Port Mirror Configure port Mirroring o...

Page 95: ...e mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Mirror Port Configuration The Port Mirror screen in Figure 4 4 8 appears ...

Page 96: ...rames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transmitted or frames received are mirrored Mode Both Frames received and frames transmitted are mirrored to the mirror port For a given port a frame is only transmitt...

Page 97: ...ided they operate at the same speed Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supp...

Page 98: ...Switch or other Layer 2 switches However before making any physical connections between devices use the Link aggregation Configuration menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that The ports used in a link aggregation must all be of the same media type RJ 45 100 Mbps fiber The ports that can be assigned to the same link aggregation ha...

Page 99: ... Reording of frames within a flow is therefore not possible The aggregation code is based on the following information Source MAC Destination MAC Source and destination IPv4 address Source and destination TCP UDP ports for IPv4 packets Normally all 5 contributions to the aggregation code should be enabled to obtain the best traffic distribution among the link aggregation member ports Each link agg...

Page 100: ...ess or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled TCP UDP Port Number The TCP UDP port number can be used to calculate the destination port for the frame Check to enable the use of the TCP UDP P...

Page 101: ...on group Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 5 2 LACP Configuration Link Aggregation Control Protocol LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device LACP allows switches connected to each other to discover automatically whether any ports are member of the same LAG This Page ...

Page 102: ...102 Figure 4 5 4 LACP Port Configuration Page Screenshot ...

Page 103: ...hile ports with different keys cannot The default setting is Auto Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a...

Page 104: ...iated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Partner Priority The priority of the aggregation partner Last changed The time since this aggregation changed Local Ports Shows which ports are a part of...

Page 105: ...at LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group Partner System ID The partner s System ID MAC address Partner...

Page 106: ...he Page includes the following fields Object Description Port The switch port number LACP Received Shows how many LACP frames have been sent from each port LACP Transmitted Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh ...

Page 107: ...as initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unawa...

Page 108: ...curity since traffic must pass through a configured Layer 3 link to reach a different VLAN This Managed Switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging IEEE 802 1Q Stand...

Page 109: ... priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bit 12 bits TPID Tag Protocol I...

Page 110: ...ices can coexist on the same network A switch port can have only one PVID but can have as many VID as the switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag ...

Page 111: ... printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are ...

Page 112: ...gged Frame remains tagged Tag is inserted Leave port is untagged Tag is removed Frame remain untagged Table 4 6 1 Ingress Egress Port with VLAN VID Tag Untag Table IEEE 802 1Q Tunneling Q in Q IEEE 802 1Q Tunneling QinQ is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used to maintain customer specific VLAN and Layer 2 protocol confi...

Page 113: ...h the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service provider tags In cases where a given service VLAN only has two member ports on the switch the learning can b...

Page 114: ...ated by using a list syntax where the individual elements are separated by commas Ranges are specified with a dash separating the lower and upper bound The following example will create VLANs 1 10 11 12 13 200 and 300 1 10 13 200 300 Spaces are allowed in between the delimiters Ethertype for Custome S ports This field specifies the ethertype TPID specified in hexadecimal used for Custom S ports Th...

Page 115: ...scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged and C tagged frames Discards all frames that are not classified to the Access VLAN On egress all frames classified to the Access VLAN are transmitted untagged Other dynamically added VLANs are transmitted tagged Mode Trunk Trunk ports can carry traffic ...

Page 116: ...re in the range 1 through 4095 default being 1 On ingress frames get classified to the Port VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the port but the frame is priority tagged VLAN ID 0 On egress frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN The Port VLAN is called an Access ...

Page 117: ...checkbox is checked frames classified to a VLAN that the port is not a member of get discarded If ingress filtering is disabled frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine However the port will never transmit frames classified to VLANs that it is not a member of Ingress Acceptance Hybrid ports allow for changing the type of frames th...

Page 118: ...ember of one or more VLANs This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs The trick is to mark such VLANs as forbidden on the port in question The syntax is identical to the syntax used in the Enabled VLANs field By default the field is left blank which means that the port may become a member of all possible VLANs...

Page 119: ...119 Figure 4 6 4 VLAN Membership Status for Static User Page Screenshot ...

Page 120: ...used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN Port Members A row of check boxes for each port is displayed for each VLAN ID If a port is included in a VLAN an image will be displayed If a port is included in a Forbidden port list an image will be displayed If a port is included in a ...

Page 121: ...sh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID Updates the table starting with the entry after the last entry currently displayed ...

Page 122: ...N ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded Frame Type Shows whether the port accepts all frames...

Page 123: ...s every 3 seconds Click to refresh the Page immediately 4 6 6 Private VLAN The Private VLAN membership configurations for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each Private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLA...

Page 124: ...124 Figure 4 6 6 Private VLAN Membership Configuration page screenshot ...

Page 125: ...are not accepted and a warning message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The Private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new Private VLANs Buttons Click to add new VLAN Click to save changes Click to undo any changes made locally and revert to previously saved values A...

Page 126: ...eceive traffic from all ports in the private VLAN Isolated ports Ports from which traffic can only be forwarded to promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the V...

Page 127: ...the following fields Object Description Port Members A check box is provided for each port of a private VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this b...

Page 128: ...olate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 8 appears and Table 4 6 9 describes the port configuration of the Managed Switches Figure 4 6 8 Two Separate VLANs Diagram VLAN Group VID Untagged Members Tagged Members VLAN Group 1 1 Port 7 Port 28 N A VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 Port 5 Port 6 Table ...

Page 129: ...aves Port 1 and Port 2 it will be stripped away it tag becoming an untagged packet Untagged packet entering VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will received the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away it tag becoming an untagged packet 3 While the packet leaves Port ...

Page 130: ...ects Egress Tagging as Tag All and Types 2 in the Allowed VLANs column Change Port 6 Mode as Trunk and Selects Egress Tagging as Tag All and Types 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 11 appears Figure 4 6 11 Check VLAN 2 and 3 Members on VLAN Membership Page 4 6 8 2 VLAN Trunking between two 802 1Q aware switches The most cases are used for Uplink to other s...

Page 131: ...gure 4 6 12 VLAN Trunking Diagram Setup steps 1 Add VLAN Group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Figure 4 6 13 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2 Port 1 Port 2 and Port 3 ...

Page 132: ...Port 7 to be the 802 1Q VLAN Trunk port 2 Assign Port 7 to both VLAN 2 and VLAN 3 at the VLAN Member configuration Page 3 Define a VLAN 1 as a Public Area that overlapping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member port 5 Specify Port 7 to be the 802 1...

Page 133: ...eps 1 to 6 set up the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk repeat Steps 1 to 3 to assign the Trunk port to the VLANs 4 6 8 3 Port Isolate The diagram shows how the Managed Switch handles isolated and promiscuous ports and the each PC is not able to access the isolated port of each other s PCs But they all need to access with the same server AP Printer Thi...

Page 134: ...ort 4 in Isolate port Set Port5 and Port 6 in Promiscuous port The screen in Figure 4 6 16 appears Figure 4 6 17 The Configuration of Isolated and Promiscuous Port 2 Assign VLAN Member VLAN 1 Port 5 and Port 6 VLAN 2 Port 1 Port 2 Port 5 and Port 6 ...

Page 135: ...135 VLAN 3 Port 3 Port 6 The screen in Figure 4 6 18 appears Figure 4 6 17 Private VLAN Port Setting ...

Page 136: ...r each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding a New MAC based VLAN Click Add New Entry to add a new MAC based VLAN entry An empty row is added to the table and the MAC based VLAN entry ca...

Page 137: ...last entry currently displayed 4 6 10 MAC based VLAN Status This Page shows MAC based VLAN entries configured by various MAC based VLAN users The MAC based VLAN Status screen in Figure 4 6 19 appears Figure 4 6 19 MAC based VLAN Membership Configuration for User Static Page Screenshot The Page includes the following fields Object Description MAC Address Indicates the MAC address VLAN ID Indicates ...

Page 138: ...ve Frame Type Frame Type can have one of the following values 1 Ethernet 2 LLC 3 SNAP Note On changing the Frame type field valid value of the following text field will vary depending on the new frame type you selected Value Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu Below is the criteria for three different Fr...

Page 139: ...lid Group Name is a unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 Note special character and underscore _ are not allowed Adding a New Group to VLAN mapping entry Click Add New Entry to add a new entry in mapping table An empty row is added to the table Frame Type Value and the Group Name can be configured as needed The Del...

Page 140: ...140 Figure 4 6 21 Group Name to VLAN Mapping Table Page Screenshot ...

Page 141: ...rs A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or exclude the port from the mapping make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding a New Group to VLAN mapping entry Click Add New Entry to add a new entry in mapping table An empty row is added to the t...

Page 142: ...led primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex sub...

Page 143: ... root switch By increasing the priority lowering the priority number of the best switch STP can be forced to select the best switch as the root switch When STP is enabled using the default parameters the path between source and destination stations in a switched network might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can c...

Page 144: ...forwarding to disabled From disabled to blocking Figure 4 7 1 STP Port State Transitions You can modify each port state by using management software When you enable STP every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up If properly configured each port stabilizes to the forwarding or blocking state...

Page 145: ...ks between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges On the port level STP sets the Root Port and the Designated Ports ...

Page 146: ...U for a port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state 15 seconds The following are the user configurable STP parameters for the port or port group level Variable Description Defaul...

Page 147: ...If it turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Forward Delay Timer The Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state Observe the following formulas when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max ...

Page 148: ...ore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however relatively straight forward Figure 4 7 2 Before Applying ...

Page 149: ...igabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link 4 7 2 STP System Configuration This Page allows you to configure STP system settings The settings are used by all STP Bridge instances in the Switch or Switch Stack The Managed Switch support the following Spanning Tree protocols Compatiable Sp...

Page 150: ...lowing fields Basic Settings Object Description Protocol Version The STP protocol version setting Valid values are STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 2w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol Bridge Priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated w...

Page 151: ... second Advanced Settings Object Description Edge Port BPDU Filtering Control whether a port explicitly configured as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether ...

Page 152: ...e This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag ...

Page 153: ...on Port The switch port number of the logical STP port STP Enabled Controls whether RSTP is enabled on this switch port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the a...

Page 154: ... administrator This feature is also known as Root Guard Restricted TCN If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administra...

Page 155: ... 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Table 4 7 1 Recommended STP Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5...

Page 156: ...Page includes the following fields Object Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Click to apply changes Click to undo any cha...

Page 157: ... The Page includes the following fields Configuration Identification Object Description Configuration Name The name identifiying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI config...

Page 158: ...e user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This Page contains MSTI port settings for physical and a...

Page 159: ...MSTI port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cos...

Page 160: ...evert to previously saved values 4 7 8 Port Status This Page displays the STP CIST port status for port physical ports in the currently selected switch The STP Port Status screen in Figure 4 7 11 appears Figure 4 7 11 STP Port Status Page Screenshot The Page includes the following fields Object Description Port The switch port number of the logical STP port CIST Role The current STP port role of t...

Page 161: ...tomatically Automatic refresh occurs every 3 seconds 4 7 9 Port Statistics This Page displays the STP port statistics counters for port physical ports in the currently selected switch The STP Port Statistics screen in Figure 4 7 12 appears Figure 4 7 12 STP Statistics Page Screenshot The Page includes the following fields Object Description Port The switch port number of the logical RSTP port MSTP...

Page 162: ...ived transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Clears the counters for all ports ...

Page 163: ...will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of the multicast g...

Page 164: ...164 Figure 4 8 2 Multicast Flooding ...

Page 165: ...rs to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 ...

Page 166: ...ill send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that t...

Page 167: ...erforming IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting ...

Page 168: ...ete Check to delete the entry The designated entry will be deleted during the next save Profile Name The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Profile Description Additional description which is composed of at maximum 64 alphabetic and numeric characters abou...

Page 169: ...ddress range that will be associated with IPMC Profile It is allowed to create at maximum 128 address entries in the system The Profile Table screen in Figure 4 8 6 appears Figure 4 8 6 IPMC Profile Address Configuration Page The Page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted during the next save Entry Name The name used ...

Page 170: ...ges made locally and revert to previously saved values Refreshes the displayed table starting from the input fields Updates the table starting from the first entry in the IPMC Profile Address Configuration Updates the table starting with the entry after the last entry currently displayed 4 8 4 IGMP Snooping Configuration This Page provides IGMP Snooping related configuration The IGMP Snooping Conf...

Page 171: ...raffic flooding The flooding control takes effect only when IGMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always active in spite of this setting IGMP SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Leave Proxy Enable Enable IGMP Leave Proxy This featu...

Page 172: ...e specified port as an IGMP Router port Use this mode when you connect an IGMP multicast server or IP camera which applied with multicast protocol to the port None The Managed Switch will not use the specified port as an IGMP Router port The Managed Switch will not keep any record of an IGMP router being connected to this port Use this mode when you connect other IGMP multicast servers directly on...

Page 173: ...deleted during the next save VLAN ID The VLAN ID of the entry IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected Querier Election Enable the IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier Querier Address Define the IPv4 address as source address used in IP header for IGMP Querier election When the Querier address is not set system us...

Page 174: ...ies The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10...

Page 175: ...n IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets ...

Page 176: ...mary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 7 IGMP Snooping Status This Page provides IGMP Snooping status The IGMP Snooping Status screen in Figure 4 8 10 appears Figure 4 8 10 IGMP Snooping Status Page Screenshot ...

Page 177: ...ic port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicate whether specific port is a router port or not Buttons Click to refresh the Page immediately Clears all Statistics counters Auto refresh Automatic refresh occurs every 3 seconds 4 8...

Page 178: ... entry currently displayed 4 8 9 IGMPv3 Information Entries in the IGMP SSM Information Table are shown on this Page The IGMP SSM Information Table is sorted first by VLAN ID then by group and then by Port No Diffrent source addresses belong to the same group are treated as single entry Each Page shows up to 99 entries from the IGMP SSM Source Specific Multicast Information table default being 20 ...

Page 179: ...Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 address could be handled by chip or not Buttons Auto refresh Check this box to enable an automatic refresh of the Page at r...

Page 180: ...guration Page Screenshot The Page includes the following fields Object Description Snooping Enabled Enable the Global MLD Snooping Unregistered IPMCv6 Flooding enabled Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled When MLD Snooping is disabled unregistered IPMCv6 traffic flooding is always active in spite of this setting ...

Page 181: ... port The allowed selection is Auto Fix Fone default compatibility value is Auto Fast Leave Enable the fast leave on the port Throtting Enable to limit the number of multicast groups to which a switch port can belong Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 11 MLD Snooping VLAN Configuration Each Page shows up to 99 entries fro...

Page 182: ...ess Variable The Robustness Variable allows tuning for the expected packet loss on a network The allowed range is 1 to 255 default robustness variable value is 2 QI Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds QRI Query Response Interval The Max Response Time used to calcu...

Page 183: ...rt and MLD throttling limits the number of simultaneous multicast groups a port can join MLD filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled MLD join reports received on the por...

Page 184: ...184 Figure 4 8 15 MLD Snooping Port Group Filtering Configuration Page Screenshot ...

Page 185: ...e specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 13 MLD Snooping Status This Page provides MLD Snooping status The IGMP Snooping Status screen in Figure 4 8 16 appears Figure 4 8 16 MLD Snooping Status Page Screenshot ...

Page 186: ...switch that leads towards the Layer 3 multicast device or MLD querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicates whether specific port is a router port or not Buttons Click to refresh the Page imme...

Page 187: ...after the last entry currently displayed 4 8 15 MLDv2 Information Entries in the MLD SFM Information Table are shown on this Page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry Each ...

Page 188: ...rently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from th...

Page 189: ...an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximun 8 MVR VLANs with corresponding channel settings for each Multicast VLAN There will b...

Page 190: ...sable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group table is full Delete Check to delete the entry The designated entry will be deleted during the next save MVR VID Specify the Multicast VLAN ID ...

Page 191: ...mpatible mode MVR membership reports are forbidden on source ports The default is Dynamic mode Tagging Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged with MVR VID The default is Tagged Priority Specify how the traversed IGMP MLD control frames will be sent in prioritized manner The default Priority is 0 LLQI Define the maximun time to wait for IGMP MLD rep...

Page 192: ... R indicates Receiver The default Role is Inactive Immediate Leave Enable the fast leave on the port Buttons Click to add new MVR VLAN Specify the VID and configure the new entry Click Save Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 8 17 MVR Status This Page provides MVR status The MVR Status screen in Figure 4 8 20 appears Figure 4 8 20 M...

Page 193: ...ccurs every 3 seconds 4 8 18 MVR Groups Information Entries in the MVR Group Table are shown on this Page The MVR Group Table is sorted first by VLAN ID and then by group Each Page shows up to 99 entries from the MVR Group table default being 20 selected through the entries per Page input field When first visited the web Page will show the first 20 entries from the beginning of the MVR Group Table...

Page 194: ...ce Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry Each Page shows up to 99 entries from the MVR SFM Information Table default being 20 selected through the entries per Page input field When first visit...

Page 195: ...er of IP source addresses for filtering to be 128 When there is no any source filtering address the text None is shown in the Source Address field Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh oc...

Page 196: ...ge network congestion QoS Terminology Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP hea...

Page 197: ...elow applies Enable Controls whether the policer is enabled on this switch port Rate Controls the rate for the policer This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps The default value is 500 Unit Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps Flow Control If flow...

Page 198: ...pplies CoS Controls the default class of service All frames are classified to a CoS There is a one to one mapping between CoS queue and priority A CoS of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a CoS that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default CoS PCP value 0 1 2 3...

Page 199: ... PCP value DEI Controls the default DEI value All frames are classified to a DEI value If the port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value Tag Class Shows the classification mode for tagged frames on this port Disabled Use default CoS and DPL for tagged frames Enabled Use mapped versio...

Page 200: ... 3 QoS Egress Port Schedule Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1 Mode Shows the scheduling mode for this port Q0 Q5 Shows the weight for this queue and port ...

Page 201: ...rt Shapers Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers For more detail please refer to chapter 4 9 5 1 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps ...

Page 202: ...ption Schedule Mode Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps The default value is...

Page 203: ... this switch port Port Shaper Rate Controls the rate for the port shaper This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps The default value is 500 Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons Click to apply changes Click to undo any changes made locally and...

Page 204: ...204 Figure 4 9 6 QoS Egress Port Tag Remarking Page Screenshot ...

Page 205: ...g Remarking for a specific port are configured on this Page The QoS Egress Port Tag Remarking sscreen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarking Page Screenshot The Page includes the following fields Object Description Mode Controls the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of ...

Page 206: ...ure 4 9 8 QoS Port DSCP Configuration Page Screenshot The Page includes the following fields Object Description Port The Port coulmn shows the list of ports for which you can configure dscp ingress and egress settings Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress Translate ...

Page 207: ...e Rewrite enable without remapped Remap DP Unaware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the D...

Page 208: ...ure 4 9 9 DSCP based QoS Ingress Classification Page Screenshot The Page includes the following fields Object Description DSCP Maximum number of support ed DSCP values are 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame ...

Page 209: ...209 QoS Class QoS Class value can be any of 0 7 DPL Drop Precedence Level 0 1 ...

Page 210: ...Ingress or Egress The DSCP Translation screen in Figure 4 9 10 appears Figure 4 9 10 DSCP Translation Page Screenshot The Page includes the following fields Object Description DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP ...

Page 211: ...rameter for Egress side Remap Remap DP Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 10 DSCP Classification This Page allows you to map DSCP value to a QoS Class and DPL value The DSCP Classification screen in Figure 4 9 11 appears Figur...

Page 212: ...QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The QoS Control List screen in Figure 4 9 12 appears Figure 4 9 12 QoS Control List Configuration Page Screenshot The Page includes the following fields Object Description QCE Indicates the index of QCE Port Indicates the list of ports configured...

Page 213: ...f frame to look for incomming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames Action Indicates the classification action taken on ingress frame if parameters c...

Page 214: ...he QCL entry By default all ports will be checked Key Parameters Key configuration are discribed as below DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any SMAC Source MAC address 24 MS bits OUI or Any Tag Value of Tag field can be Any Untag or Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific va...

Page 215: ...xFF or Any the default value is Any SNAP PID Valid PID a k a ethernet type can have value within 0x00 0xFFFF or Any default value is Any IPv4 Protocol IP protocol number 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary strin...

Page 216: ...3 or Default DSCP Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values Return to the previous Page without saving the configuration change 4 9 12 QCL Status This Page shows the QCL status by different Q...

Page 217: ...QoS class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen tha...

Page 218: ... flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen in Figure 4 9 15 appears Figure 4 9 15 Storm Control Configuration Page Screenshot The Page includes the following fields Object Description Port The port nu...

Page 219: ...his value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 13200 when the Unit is Mbps or kfps Unit Controls the unit of measure for the storm control rate as kbps Mbps fps or kfps The default value is kbps Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 220: ...r which the configuration below applies Enable Controls whether RED is enabled for this queue Min Threshold Controls the lower RED threshold If the average queue filling level is below this threshold the drop probability is zero This value is restricted to 0 100 Max DP 1 Controls the drop probability for frames marked with Drop Precedence Level 1 when the average queue filling level is 100 This va...

Page 221: ...arked with Drop Precedence Level 0 are never dropped Min Threshold is the average queue filling level where the queues randomly start dropping frames The drop probability for frames marked with Drop Precedence Level n increases linearly from zero at Min Threshold average queue filling level to Max DP n at 100 average queue filling level Buttons Click to apply changes Click to undo any changes made...

Page 222: ...udes the following fields Object Description Port The logical port for the settings contained in the same row Q0 Q7 There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Buttons Click to refresh the Page immediately Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the Page at reg...

Page 223: ...twork traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure 4 9 18 appears Figure 4 9 18 Voice VLAN Configuration Page Screenshot ...

Page 224: ...It used when security mode or auto detect mode is enabled In other cases it will based hardware age time The actual age time will be situated in the age_time 2 age_time interval Traffic Class Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply this class Mode Indicates the Voice VLAN port mode Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect ...

Page 225: ...ode is enabled We should enable LLDP feature before configuring discovery protocol to LLDP or Both Changing the discovery protocol to OUI or LLDP will restart auto detect process Possible discovery protocols are OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP ...

Page 226: ...creenshot The Page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normally it describes which v...

Page 227: ...227 Buttons Click to add a new access management entry Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 228: ...onym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This Page shows the ACL status by different ACL users Each row d...

Page 229: ...yed the rate limiter operation is disabled Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are...

Page 230: ...ingress port of the ACE Possible values are All The ACE will match all ingress port Port The ACE will match a specific ingress port Policy Bitmask Indicates the policy number and bitmask of the ACE Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get m...

Page 231: ...layed the port redirect operation is disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits the ACE row Moves the ACE up the list Moves the ACE down the list Deletes the ACE The lowest plus sign adds a new entry at ...

Page 232: ...ludes the following fields Object Description Ingress Port Select the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the policy number filter for this ACE Any No policy filter is specified policy filter status is don t care Specific If you want to filter a specific pol...

Page 233: ...iter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled Logging Specify the logging operation of ...

Page 234: ... to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears DMAC Value When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx or xx xx xx xx xx xx or xxxxxxxxxxxx x is a hexadecimal digit A frame that hits this ACE matches this DMAC value VLAN Parameters Object ...

Page 235: ...he sender IP address in the SIP Address field that appears Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear Sender IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IP Mask When Network is selected for the send...

Page 236: ...ettings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 Any Any value is allowed don t care IP Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1 1 ARP RA...

Page 237: ... entry non zero IPv4 frames with a Time to Live field greater than zero must be able to match this entry Any Any value is allowed don t care IP Fragment Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offset FRAG OFFSET field for an IPv4 frame No IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than ...

Page 238: ...tion IP filter you can enter a specific DIP address in dotted decimal notation DIP Mask When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation IPv6 Parameters Object Description Next Header Fliter Specify the IPv6 next header filter for this ACE Any No IPv6 next header filter is specified don t care Specific If you want to filter a speci...

Page 239: ...For example if the SIPv6 address is 2001 3 and the SIPv6 bitmask is 0xFFFFFFFE bit 0 is don t care bit then SIPv6 address 2001 2 and 2001 3 are applied to this rule Hop Limit Specify the hop limit settings for this ACE zero IPv6 frames with a hop limit field greater than zero must not be able to match this entry non zero IPv6 frames with a hop limit field greater than zero must be able to match th...

Page 240: ... range value A field for entering a TCP UDP source value appears TCP UDP Source No When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range va...

Page 241: ...YN field is set must be able to match this entry Any Any value is allowed don t care TCP RST Specify the TCP Reset the connection RST value for this ACE 0 TCP frames where the RST field is set must not be able to match this entry 1 TCP frames where the RST field is set must be able to match this entry Any Any value is allowed don t care TCP PSH Specify the TCP Push Function PSH value for this ACE ...

Page 242: ...fic EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears Ethernet Type Value When Specific is selected for the EtherType filter you can enter a specific EtherType value The allowed range is 0x600 to 0xFFFF but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 A frame that hits this ACE matches this EtherType value Buttons Click to appl...

Page 243: ...rt for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply on this port The allowed values are Disabled or the values 1 through 16 The default value is Disa...

Page 244: ...the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The allowed values are Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disabled To close ports by changing the volatile port configuration of the ACL user module The default value is Enabled Counter Counts the numb...

Page 245: ...5 ACL Rate Limiter Configuration Page Screenshot The Page includes the following fields Object Description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate pps The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 246: ...nt type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but m...

Page 247: ...on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard defines a client server based access con...

Page 248: ...on 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device controls the physical access to the network based on the authentication status of the client The switch acts as an intermediary proxy between the client and the authentication server requesting identity information fro...

Page 249: ...nt can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three attempts to start authentication the client transmits frames as if the port is in the authoriz...

Page 250: ...d number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized and all frames from the authenticated client are allowed through the port If the authentication fails the port remains in the unauthorized...

Page 251: ...251 Figure 4 11 3 Authentication Method Configuration Page Screenshot ...

Page 252: ...to previously saved values 4 11 3 Network Access Server Configuration This Page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend se...

Page 253: ...s the following fields System Configuration Object Description Mode Indicates if NAS is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames Reauthentication If checked successfully authenticated supplicants clients are reauthenticated ...

Page 254: ...ng the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and ...

Page 255: ...igned QoS Class functionality When checked the individual ports ditto setting determine whether RADIUS assigned QoS Class is enabled for that port When unchecked RADIUS server assigned QoS Class is disabled for all ports RADIUS Assigned VLAN Enabled RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming ...

Page 256: ... frame has been received on the port for the life time of the port Once the switch considers whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life time of the port If enabled checked the switch will consider entering the Guest ...

Page 257: ...the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the su...

Page 258: ...a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same characteristics In ...

Page 259: ...ffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g throu...

Page 260: ...be identical and consist of ASCII characters in the range 0 7 which translates into the desired QoS Class in the range 0 7 RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN ID information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authentic...

Page 261: ...al 13 Value of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 Guest VLAN Enabled When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules...

Page 262: ...OL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in Force Authorized or a single supplicant mode and...

Page 263: ...ization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Buttons Click to refresh the Page Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 264: ...e The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAP...

Page 265: ...etailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed The Network Access Statistics screen in Figure 4 11 6 appears Figure 4 11 6 Network Access Statistics Page Screenshot The Page includes ...

Page 266: ...iption These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X Direction Name IEEE Name Description Rx Total dot1xAuthEapolFrames Rx The number of valid EAPOL frames of any type that have been received by the switch Rx Response ID dot1xAuthEapolRespId FramesRx The number of valid EAPOL Re...

Page 267: ...eived by the switch in which the Packet Body Length field is invalid Tx Total dot1xAuthEapolFrames Tx The number of EAPOL frames of any type that have been transmitted by the switch Tx Request ID dot1xAuthEapolReqIdFr amesTx The number of EAPOL Request Identity frames that have been transmitted by the switch Tx Requests dot1xAuthEapolReqFra mesTx The number of valid EAPOL Request frames other than...

Page 268: ...ver for this port left most table or client right most table Rx Other Requests dot1xAuthBackendOther RequestsToSupplicant 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Rx Auth Successes dot1xAuthBackendAuth Successes 802 1X and MAC based Counts ...

Page 269: ... with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted Information about the last supplicant client that attempted to authenticate This information is available for the following administrativ...

Page 270: ...ived Version dot1xAuthLastEapolF rameVersion 802 1X based The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable Identity 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable ...

Page 271: ...supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module State The client can either be...

Page 272: ...s Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear only the currently selected client s counters 4 11 6 RADIUS This Page allows you to configure the RADIUS Servers The RADIUS Configuration screen in Fig...

Page 273: ...0 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from contin...

Page 274: ...ne row for each RADIUS Server and a number of columns which are Object Description Delete To delete a RADIUS server entry check this box The entry will be deleted during the next Save Hostname The IP address or hostname of the RADIUS server Auth Port The UDP port to use on the RADIUS server for authentication Acct Port The UDP port to use on the RADIUS server for accounting Timeout This optional s...

Page 275: ...nshot The Page includes the following fields Global Configuration These setting are common for all of the TACACS Servers Object Description Timeout Timeout is the number of seconds in the range 1 to 1000 to wait for a reply from a TACACS server before it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 to 1440 minutes is the period during which the switch wil...

Page 276: ...ntry will be deleted during the next Save Hostname The IP address or hostname of the TACACS server Port The TCP port to use on the TACACS server for authentication Timeout This optional setting overrides the global timeout value Leaving it blank will use the global timeout value Key This optional setting overrides the global key Leaving it blank will use the global key Buttons Click to add a new T...

Page 277: ...DIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP commu...

Page 278: ...isabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will ...

Page 279: ...ation Accounting for Server Overview Page Screenshot The Page includes the following fields RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for Object Description Packet Counters RADIUS authentication server packet counter There are seven receiv...

Page 280: ...x Malformed Access Responses radiusAuthClientExt MalformedAccessRe sponses The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAuthClientExtB adAuthenticators The numbe...

Page 281: ...ber of RADIUS Access Request packets retransmitted to the RADIUS authentication server Tx Pending Requests radiusAuthClientExtP endingRequests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challe...

Page 282: ...left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Other Info Round Trip Time radiusAuthClient ExtRoundTripTim e The time ...

Page 283: ...d authenticators or or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAcctClientExt BadAuthenticators The number of RADIUS packets containing invalid authenticators received from the server Rx Unknown Types radiusAccClientExt UnknownTypes The number of RADIUS packets of unknown types that were received from the server on the accounting port Rx Packets Drop...

Page 284: ...ient may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description IP Address IP address and UDP port for the accounting ...

Page 285: ...t is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Clears the counters for the selected server The Pending Requests counter will not be cleared by this operation 4 11 10 Windows Platform RADIUS Se...

Page 286: ...286 Figure 4 11 11 RADIUS Server Configuration Screenshot ...

Page 287: ...287 2 Add New RADIUS Cleint on the Windows 2003 server Figure 4 11 12 Windows Server Add New RADIUS Client Setting 3 Assign the client IP address to the Managed Switch ...

Page 288: ...288 Figure 4 11 13 Windows Server RADIUS Server Setting 4 The shared secret key should be as same as the key configured on the Managed Switch Figure 4 11 14 Windows Server RADIUS Server Setting ...

Page 289: ...e establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then Figure 4 11 16 Windows 2003 AD Server Setting Path 7 Enter Active Directory Users and Computers create legal user data next right click a user what you created to enter properties and what to be noticed ...

Page 290: ...290 Figure 4 11 17 Add User Properties Screen Figure 4 11 18 Add User Properties Screen ...

Page 291: ...2000 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication ...

Page 292: ...ing IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type Figure 4 11 20 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue ...

Page 293: ...293 Figure 4 11 21 Windows Client Popup Login Request Message 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Figure 4 11 22 ...

Page 294: ... Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module Port Security m...

Page 295: ... Object Description Mode Indicates if Limit Control is globally enabled or disabled on the switchstack If globally disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period ...

Page 296: ...ecured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description Port The po...

Page 297: ...imit Control on the port or the switch 3 Click the Reopen button Trap Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the p...

Page 298: ...298 non committed changes will be lost ...

Page 299: ... 4 12 2 Access Management Configuration Overview Page Screenshot The Page includes the following fields Object Description Mode Indicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable access management mode operation Delete Check to delete the entry It will be deleted during the next apply VLAN ID Indicates the VLAN ID for ...

Page 300: ...gement Statistics This Page provides statistics for access management The Access Management Statistics screen in Figure 4 12 3 appears Figure 4 12 3 Access Management Statistics Overview Page Screenshot The Page includes the following fields Object Description Interface The interface that allowed remote host can access the switch Receive Packets The received packets number from the interface under...

Page 301: ...301 Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to refresh the Page immediately Clears all statistics ...

Page 302: ...ct mode operation It only significant if HTTPS mode Enabled is selected Automatically redirects web browser to an HTTPS connection when both HTTPS mode and Automatic Redirect are enabled or redirects web browser to an HTTP connection when both are disabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Buttons Click to apply changes C...

Page 303: ...ration Disabled Disable SSH mode operation Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 12 6 Port Security Status This Page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the...

Page 304: ...ay request Port Security services Object Description User Module Name The full name of a module that may request Port Security services Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status The table has one row for each port on the selected switch in the switch and a number of columns which are ...

Page 305: ...east the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration W...

Page 306: ...cludes the following fields Object Description MAC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Time of Addition Shows the date a...

Page 307: ...er on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on this Page The DHCP Snooping Configuration screen in Figure 4 12 8 appears ...

Page 308: ...operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrus...

Page 309: ...t Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds It will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table To start over 4 12 10 IP Source Guard Configuration IP Source Guard is a secure feature used to restrict IP traffic...

Page 310: ...st when the mode is enabled Port Mode Configuration Specify IP Source Guard is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on given ports This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max ...

Page 311: ...een in Figure 4 12 11 appears Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The Page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Buttons Click to add...

Page 312: ...d to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This Page provides ARP Inspection related configuration The ARP Inspection Configuration screen in Figure 4 12 12 appears Figure 4 12 12 ARP Inspection Configuration Screen Page Screenshot ...

Page 313: ...bled When the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting And the setting of Check VLAN is enabled the log type of ARP Inspection will refer to the VLAN setting Possible setting of Check VLAN are Enabled Enable check VLAN operation Disabled Disable check VLAN operation Only the Global Mode and Port Mode on a given port are enabled and the setting...

Page 314: ... Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Buttons Click to add a new entry to the Static ARP Inspection table Click to apply changes Click to undo any ...

Page 315: ...contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time 4 13 1 MAC Table Configuration The MAC Address Table...

Page 316: ... is done Secure Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The s...

Page 317: ...ill show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match...

Page 318: ...in the MAC Table i e the entry with the lowest VLAN ID and MAC address Updates the table starting with the entry after the last entry currently displayed 4 13 3 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this Page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP add...

Page 319: ...Page includes the following fields Object Description Port The port number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry IP Address The IP address of the entry Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Refresh...

Page 320: ...e displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries ...

Page 321: ...reshes the displayed table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address Updates the table starting with the entry after the last entry currently displayed ...

Page 322: ...nes how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP ME...

Page 323: ...imes TTL in seconds is based on the following rule Transmission Interval Holdtime Multiplier 65536 Therefore the default TTL is 4 30 120 seconds Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid value...

Page 324: ...nto LLDP neighbours table as shown below CDP TLV Device ID is mapped to the LLDP Chassis ID field CDP TLV Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbours table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description f...

Page 325: ...ransmitted Management Address Optional TLV When checked the management address is included in LLDP information transmitted Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 14 3 LLDP MED Configuration This Page allows you to configure the LLDP MED The LLDPMED Configuration screen in Figure 4 14 2 appears Figure 4 14 2 LLDPMED Configuratio...

Page 326: ... capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbour has been detected in order share LLDP MED information as fast as possible to new neighbours Because there is a risk of an LLDP frame being lost during...

Page 327: ... ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The a...

Page 328: ...o House number Example 21 House no suffix House number suffix Example A 1 2 Landmark Landmark or vanity address Example Columbia University Additional location info Additional location info Example South Wing Name Name residence and office occupant Example Flemming Jahn Zip code Postal zip code Example 2791 Building Building structure Example Low Library Apartment Unit Apartment suite Example Apt ...

Page 329: ...network policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 This network policy is potentially advertised and associated with multiple sets of application types supported on a given port The application types specifically addressed are 1 Voice 2 Guest Voice 3 Softphone Voice 4 Video Con...

Page 330: ... and other similar appliances supporting interactive voice services Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy Softphone Voice for use by soft...

Page 331: ...mat includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN ID VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application type L2 Priority may specify one of eight priority levels 0 through 7 as defined by IEEE 8...

Page 332: ...a row for each port on which an LLDP neighbor is detected The LLDP MED Neighbor Information screen in Figure 4 14 3 appears The columns hold the following information Figure 4 14 3 LLDP MED Neighbor Information Page Screenshot The Page includes the following fields Fast start repeat count Object Description Port The port on which the LLDP frame was received Device Type LLDP MED Devices are compris...

Page 333: ...c Endpoints Class I LLDP MED Generic Endpoint Class I The LLDP MED Generic Endpoint Class I definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA 1057 however do not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers other communication related servers o...

Page 334: ...cy 3 Location Identification 4 Extended Power via MDI PSE 5 Extended Power via MDI PD 6 Inventory 7 Reserved Application Type Application Type indicating the primary function of the application s defined for this network policy advertised by an Endpoint or Network Connectivity Device The poosible application types are shown below Voice for use by dedicated IP Telephony handsets and other similar a...

Page 335: ...s such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning ...

Page 336: ...tion screen in Figure 4 14 4 appears Figure 4 14 4 LLDP Neighbor Information Page Screenshot The Page includes the following fields Object Description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Port ID The Port ID is the identification of the neighbor port Port Description Port Description is the port descr...

Page 337: ...iscovery by the network management This could for instance hold the neighbor s IP address Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds 4 14 6 Port Statistics This Page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole st...

Page 338: ...sed since the last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LLDP frames dropped due to that the entry table was full Total Neighbors Entries Aged Out Shows the number of entries deleted due...

Page 339: ...ntries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The numb...

Page 340: ...aged Switch transmit ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as f...

Page 341: ...ived or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears Figure 4 15 1 ICMP Ping Page Screenshot The Page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Be sure the target IP Address is within the same network subnet of the Managed Switch or you had se...

Page 342: ...es the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Egress Interface The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and will be effective only when the corresponding IPv6 interface is valid When the egress interface i...

Page 343: ...refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Figure 4 15 3 Remote IP Ping Test Page Screenshot The Page includes the following fields Object Description Port The logical port for the settings Remote IP Address The destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 by...

Page 344: ...utomatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnastic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete The ports belong to the ...

Page 345: ...ir Short Shorted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable p...

Page 346: ...of cameras or WLAN AP more easily and efficiently Figure 4 16 1 Power over Ethernet Status 4 16 1 Power over Ethernet Powered Device 3 5 Watts Voice over IP phones Enterprise can install POE VoIP Phone ATA and other Ethernet non Ethernet end devices to the central where UPS is installed for un interrupt power system and power control system 6 12 Watts Wireless LAN Access Points Museum Sightseeing ...

Page 347: ...tem Configuration In a power over Ethernet system operating power is applied from a power source PSU power supply unit over the LAN infrastructure to powered devices PDs which are connected to ports Under some conditions the total output power required by PDs can exceed the maximum available power provided by the PSU The system may a prior be planed with a PSU capable of supplying less power than ...

Page 348: ... 2 The PoE chip of PD69012 has designed to that Class level 0 will be assigned to 15 4 watts by AF mode and 30 8 watts by AT mode under classification power limit mode It is hardware limited Allocation mode In this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port PD is specified in the Maximum Power fields The ports are shut down whe...

Page 349: ...349 Figure 4 16 2 PoE Configuration Screenshot ...

Page 350: ...ption LLDP Reserved Power mode System reserves PoE power to PD according to LLDP configuration Power Supply Budget W Set limit value of the total PoE port provided power to the PDs NS3702 24P 4S available maximum value is 440 Temperature Threshold Allows setting over temperature protection threshold value It system temperature was over it then system lower total PoE power budget automatically PoE ...

Page 351: ...l This page allows the user to configure the PoE Ports started up interval time The PoE Port will start up one by one as Figure 4 16 3 shows Figure 4 16 3 PoE Port Sequential Power Up Interval Configuration Screenshot The PoE port will start up after the whole system program has finished running The page includes the following fields Object Description Sequential Power up Option Allows user to ena...

Page 352: ...6 5 Port Configuration This section allows the user to inspect and configure the current PoE port settings as Figure 4 16 4 shows Figure 4 16 4 Power over Ethernet Configuration Screenshot The page includes the following fields Object Description PoE Mode There are three modes for PoE mode Enable enable PoE function ...

Page 353: ...e will be reserved the same PoE power with 802 3af mode Priority The Priority represents PoE ports priority There are three levels of power priority named Low High and Critical The priority is used in the case when total power consumption has been over total power budget In this case the port with the lowest priority will be turn off and offer power for the port of higher priority Power Allocation...

Page 354: ...us This page allows the user to inspect the total power consumption total power reserved and current status for all PoE ports The screen in Figure 4 16 5 appears Make sure you leave room for heat derating under full load ...

Page 355: ...355 Figure 4 16 5 PoE Status Screenshot ...

Page 356: ...ts usage of Managed PoE Switch Local Port This is the logical port number for this row PD Class Displays the class of the PD attached to the port as established by the classification process Class 0 is the default for PDs The PD is powered based on PoE Class level if system working on Classification mode A PD will return Class to 0 to 4 in accordance with the maximum power draw as specified by Tab...

Page 357: ...ion on the Earth the Managed PoE switch can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMB or Enterprise saving power and money Scheduled Power Recycling The Managed PoE switch allows each of t...

Page 358: ...ew Rule button to start set PoE Schedule function You have to set PoE schedule to profile then go back to PoE Port Configuration and select Schedule mode from per port PoE Mode option then you can indicate which schedule profile could be apply to the PoE port The page includes the following fields ...

Page 359: ...oot Only function This function offers administrator to reboot PoE device at indicate time if administrator has this kind of requirement Reboot Only Allows user to reboot PoE function by PoE reboot schedule Please be noticed that if administrator enable this function PoE schedule will not to set time to profile This function just ony for PoE port reset on the indicate time Reboot Hour Allows user ...

Page 360: ...ted PoE LLDP function and then administrator is going to see the PoE information of the PD form LLDP Figure 4 16 8 LLDP Configuration Screenshot 4 16 9 PoE Alive Check Configuration The PoE Switch can be configured to monitor connected PD s status in real time via ping action Once the PD stops working and without response the PoE Switch is going to restart PoE port port power and bring the PD back...

Page 361: ...must be set to the same network segment with PoE Switch Interval Time 10 300s This column allows user to set how long system should be issue a ping request to PD for detecting PD is alive or dead Interval time range is from 10 seconds to 300 seconds Retry Count 1 5 This column allows user to set how many times system rerry ping to PD For example if we set count 2 the meaning is that if system retr...

Page 362: ...have different rebooting time The PD Alive check is not a defining standard so the PoE device on the market doesn t report reboots done information to NS3702 PoE Switch so user has to make sure how long the PD will be finished to boot and then set the time value to this column System is going to check the PD again according to the reboot time If ou can not make sure precisely booting time we sugge...

Page 363: ...ort Power Consumption This page allows user to see the usage of individual PoE Port The screen in Figure 4 16 10 appears Figure 4 16 10 Port Power Consumption Screenshot Buttons Click to refresh the page immediately ...

Page 364: ...vides loop protection to prevent broadcast loops in Managed Switch 4 17 1 Configuration This Page allows the user to inspect the current Loop Protection configurations and possibly change them as well screen in Figure 4 17 1 appears Figure 4 17 1 Loop Protection Configuration Page Screenshot ...

Page 365: ...ues are 0 to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart Port Configuration Object Description Port The switch port number of the port Enable Controls whether loop protection is enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Co...

Page 366: ...er of the logical port Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Click to refresh the Page immediately Auto refresh Check ...

Page 367: ...nt Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 18 1 RMON Alarm Configuration Configure RMON Alarm table on this Page The entry index key is ID screen in Figure 4 18 ...

Page 368: ...er of outbound packets that could not be transmitted because of errors OutQLen The length of the output packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are Absolute Get the sample directly Delta Calculate the difference between samples default Value The value of the statistic duri...

Page 369: ... appears Figure 4 18 2 RMON Alarm Overview Page Screenshot The Page includes the following fields Object Description ID Indicates the index of Alarm control entry Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the ...

Page 370: ... It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Indicates the notification of the event the possible types are none The total number of octets received on the interface including framing characters log The number of uni cast packets delivered to a hig...

Page 371: ...371 Buttons Click to add a new community entry Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 372: ... Overview Page Screenshot The Page includes the following fields Object Description Event Index Indicates the index of the event entry Log Index Indicates the index of the log entry LogTime Indicates Event log time LogDescription Indicates the Event description Buttons Click to refresh the Page immediately Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every...

Page 373: ... wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds Buckets Indicates the maximum data entries associated this History control entry stored in RMON The range is from 1 ...

Page 374: ...the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received that were directed to the broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but i...

Page 375: ...istory table i e the entry with the lowest History Index and Sample Index Updates the table starting with the entry after the last entry currently displayed 4 18 7 RMON Statistics Configuration Configure RMON Statistics table on this Page The entry index key is ID screen in Figure 4 18 8 appears Figure 4 18 8 RMON Statistics Configuration Page Screenshot The Page includes the following fields Obje...

Page 376: ... 18 9 RMON Statistics Status Overview Page Screenshot The Page includes the following fields Object Description ID Indicates the index of Statistics entry Data Source ifIndex The port ID which wants to be monitored Drop The total number of events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on ...

Page 377: ...d that were between 65 to 127 octets in length 128 255 The total number of packets including bad packets received that were between 128 to 255 octets in length 256 511 The total number of packets including bad packets received that were between 256 to 511 octets in length 512 1023 The total number of packets including bad packets received that were between 512 to 1023 octets in length 1024 1518 Th...

Page 378: ...ress is located at the same port with this packet comes in then this packet will be filtered Thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Managed Switch stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occ...

Page 379: ...n Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode 1000Base T can be only connec...

Page 380: ...onnecting with power device End Span could also tap the wire 1 2 and 3 6 PoE System Architecture The specification of PoE typically requires two devices the Powered Source Equipment PSE and the Powered Device PD The PSE is either an End Span or a Mid Span while the PD is a PoE enabled terminal such as IP Phones Wireless LAN etc Power can be delivered over data pairs or spare pairs of standard CAT ...

Page 381: ...gative supply In fact a late change to the spec allows either polarity to be used Figure 8 1 Power Supplied over the Spare Pins The data pairs are used Since Ethernet pairs are transformer coupled at each end it is possible to apply DC power to the center tap of the isolation transformer without upsetting the data transfer In this mode of operation the pair on pins 3 and 6 and the pair on pins 1 a...

Page 382: ... of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again 1000Base T port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicat...

Page 383: ...wer A 2 Switch s Data RJ 45 Pin Assignments 1000Mbps 1000Base T PIN NO MDI MDI X 1 BI_DA BI_DB 2 BI_DA BI_DB 3 BI_DB BI_DA 4 BI_DC BI_DD 5 BI_DC BI_DD 6 BI_DB BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC Implicit implementation of the crossover function within a twisted pair cable or at a wiring panel while not expressly forbidden is beyond the scope of this standard ...

Page 384: ... That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment PIN NO MDI Media Dependant Interface MDI X Media Dependant Interface Cross 1 Tx transmit Rx receive 2 Tx transmit Rx receive 3 Rx receive Tx transmit 4 5 Not use...

Page 385: ...ge 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE 2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8...

Page 386: ...s context they are similar to firewalls There are 3 web Pages associated with the manual ACL configuration ACL Access Control List The web Page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a cou...

Page 387: ...ted the port will select the prefered media APS APS is an acronym for Automatic Protection Switching This protocol is used to secure that switching is done bidirectional in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggreg...

Page 388: ...scovery Protocol D DEI DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the dat...

Page 389: ...formation to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circ...

Page 390: ...rgy Efficient Ethernet defined in IEEE 802 3az EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame F FTP FTP is an acronym for File Transfer Protocol It is a transf...

Page 391: ...ecure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 ins...

Page 392: ...s on the server rather than downloading them to your computer If you wish to remove your messages from the server you must use your mail client to generate local folders copy messages to your local hard drive and then delete and expunge the messages from the server IP IP is an acronym for Internet Protocol It is a protocol used for communicating data across a internet network IP is a best effort s...

Page 393: ...ement of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as ...

Page 394: ...an be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD MLD is an acronym for Multicast Listener Discovery for IPv6 MLD is used by IPv6 routers to discover multicast listeners on a directly attached link much as IGMP is used i...

Page 395: ...ugh they are local file systems NFS allows the system administrator to store resources in a central location on the network providing authorized users continuous access to them which means NFS supports sharing of files printers and other resources as persistent storage over a computer network NTP NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of compute...

Page 396: ...ver a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with an acknowledgment that it received the packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected ping uses Internet Control Message Protocol ICMP packets The PING Request is the packet from the origin comp...

Page 397: ...o most prevalent Internet standard protocols for e mail retrieval Virtually all modern e mail clients and servers support both PPPoE PPPoE is an acronym for Point to Point Protocol over Ethernet It is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over E...

Page 398: ...e quality of the clock received in the port QoS QoS is an acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and someti...

Page 399: ...after a topology change Standard IEEE 802 1D 2004 now incorporates RSTP and obsoletes STP while at the same time being backwards compatible with STP S SAMBA Samba is a program running under UNIX like operating systems that provides seamless integration between UNIX and Microsoft Windows machines Samba acts as file and print servers for Microsoft Windows IBM OS 2 and other SMB client machines Samba...

Page 400: ...to learn network problems by receiving traps or change notices from network devices implementing SNMP SNTP SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagrams as transport layer SPROUT Stack Protocol using ROUting Technology An advanced protocol for almost instantaneous discovery of topology changes within ...

Page 401: ...Tag Priority is a 3 bit field storing the priority level for the 802 1Q frame TCP TCP is an acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sender to receiver and distinguishes data for multiple connections by concurrent app...

Page 402: ...and the singular code that results is compared against the corresponding bit in the IPv4 ToS priority control bit 0 63 TLV TLV is an acronym for Type Length Value A LLDP frame can contain multiple pieces of information Each of these pieces of information is known as TLV TKIP TKIP is an acronym for Temporal Key Integrity Protocol It used in WPA to replace WEP with a new encryption algorithm TKIP co...

Page 403: ... of VLAN 1 This means that MAC addresses are learned in VLAN 1 and the switch does not remove or insert VLAN tags VLAN aware switching This is based on the IEEE 802 1Q standard All ports are VLAN aware Ports connected to VLAN aware switches are members of multiple VLANs and transmit tagged frames Other ports are members of one VLAN set up with this Port VLAN ID and transmit untagged frames Provide...

Page 404: ...is an acronym for Wi Fi Protected Access Pre Shared Key WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passph...

Page 405: ...mes when traffic builds up within a queue A frame s DP level is used as input to WRED A higher DP level assigned to a frame results in a higher probability that the frame is dropped during times of congestion WTR WTR is an acronym for Wait To Restore This is the time a fail on a resource has to be not active before restoration back to this previously failing resource is done ...

Search results

Summary of Contents for NS3702-24P-4S

Reviews:

Related manuals for NS3702-24P-4S

Brands by name

Popular brands

Interlogix NS3702-24P-4S, User Manual

Search results

Summary of Contents for NS3702-24P-4S

Reviews:

Related manuals for NS3702-24P-4S

Brands by name

Popular brands