Interlogix NS4750-24S-4T-4X, User Manual

Page 1: ...NS4750 24S 4T 4X User Manual P N 1702826 REV 00 01 ISS 14JUL14 ...

Page 2: ...the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications You are cautioned that any changes or modif...

Page 3: ...25 2 1 4 Wiring the DC Power Input 25 2 1 5 Wiring the Faulty Alarm Contact 26 2 1 6 Wiring the Digital Input Output 27 2 2 Installing the Managed Switch 30 2 2 1 Desktop Installation 30 2 2 2 Rack Mounting 31 2 3 Cabling 33 2 3 1 Installing the SFP Transceiver 34 2 3 2 Removing the Module 37 3 SWITCH MANAGEMENT 38 3 1 Requirements 38 3 2 Management Access Overview 39 3 3 CLI Mode Management 40 3 ...

Page 4: ...ut Output 72 4 2 17 Faulty Alarm 75 4 2 18 Web Firmware Upgrade 76 4 2 19 TFTP Firmware Upgrade 77 4 2 20 Save Startup Config 78 4 2 21 Configuration Download 79 4 2 22 80 4 2 23 Configuration Activate 81 4 2 24 Configuration Delete 82 4 2 25Image Select 82 4 2 26 Factory Default 84 4 2 27 System Reboot 85 4 3 Simple Network Management Protocol 86 4 3 1 SNMP Overview 86 4 3 2 SNMP System Configura...

Page 5: ...rt Configuration 127 4 6 4 VLAN Membership Status 133 4 6 5 VLAN Port Status 135 4 6 6 Prvivate VLAN 138 4 6 7 Port Isolation 139 4 6 8 VLAN Setting Example 140 4 6 8 1 Two separate 802 1Q VLANs 141 4 6 8 2 VLAN Trunking between two 802 1Q aware Switches 146 4 6 10 3 Port Isolate 148 4 6 11 MAC based VLAN 150 4 6 12 MAC based VLAN Status 151 4 6 13 Protocol based VLAN 151 4 6 14 Protocol based VLA...

Page 6: ... Status 205 4 8 14 MLD Group Information 207 4 8 15 MLDv2 Information 208 4 8 16 MVR Multicaset VLAN Registration 209 4 8 17 MVR Status 213 4 8 18 MVR Groups Information 214 4 8 19 MVR SFM Information 215 4 9 Quality of Service 216 4 9 1 Understand QOS 216 4 9 2 Port Policing 217 4 9 3 Port Shaping 219 4 9 3 1 QoS Egress Port Schedule and Shapers 220 4 9 4 Port Classification 222 4 9 4 1 QoS Ingre...

Page 7: ...thentication Configuration 279 4 11 3 Network Access Server Configuration 280 4 11 4 Network Access Overview 291 4 11 5 Network Access Statistics 293 4 11 6 RADIUS 301 4 11 7 TACACS 303 4 11 8 RADIUS Overview 305 4 11 9 RADIUS Details 306 4 12 Security 314 4 12 1 Port Limit Control 314 4 12 2 Access Management 318 4 12 3 Access Management Statistics 319 4 12 4 HTTPs 321 4 12 5 SSH 321 4 12 6 Port ...

Page 8: ...g Test 368 4 15 4 Cable Diagnostics 370 4 16 Loop Protection 371 4 16 1 Configuration 371 4 16 2 Status 373 4 17 RMON 375 4 17 1 RMON Alarm Configuration 375 4 17 2 RMON Alarm Status 378 4 17 3 RMON Event Configuration 379 4 17 4 RMON Event Status 380 4 17 5 RMON History Configuration 381 4 17 6 RMON History Status 382 4 17 7 RMON Statistics Configuration 383 4 17 8 RMON Statistics Status 384 4 18...

Page 9: ...5 5 1 Address Table 405 5 2 Learning 405 5 3 Forwarding Filtering 405 5 4 Store and Forward 405 5 5 Auto Negotiation 406 6 TROUBLESHOOTING 407 APPENDIX A 409 A 1 Switch s Data RJ 45 Pin Assignments 1000Mbps 1000Base T 409 A 2 10 100Mbps 10 100Base TX 409 APPENDIX B GLOSSARY 411 ...

Page 10: ...ees C Managed Switch mentioned in this User s Manual refers to the NS4750 24S 4T 4X 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items The NS4750 24S 4T 4X x 1 Quick Installation Guide x 1 User s Manual CD x 1 DB9 to RJ 45 Consol Cable x 1 Rubber Feet x 4 Rack Mount Accessory Kit x 1 AC Power Cord x 1 Dust Cap x 33 If any of th...

Page 11: ...dustrial System The NS4750 supports redundant ring technology and features strong rapid self recovery capability to prevent interruptions and external intrusions It incorporates ITU G 8032 Ethernet Ring Protection Switching technology Spanning Tree Protocol 802 1w RSTP and redundant power supply system into customer s industrial automation network to enhance system reliability and uptime in harsh ...

Page 12: ...d Digital Output on the front panel This external alarm offers technicians the ability to use Digital Input to detect and log external device status such as door intrusion detector for the alarm As Digital Output could be used to alarm if the NS4750 has port link down link up or power failure ...

Page 13: ...ifically designed to handle the demands of high tech facilities requiring the highest power integrity Furthermore with the 36 60V DC power supply implemented the NS4750 can be applied as the telecom level device that could be located in the electronic room Layer 2 Layer 4 Fully functioned Managed Switch for Building Automation Networking The NS4750 is ideal for applications in the factory data cen...

Page 14: ...ge the Managed Switch by Web interface Section 5 COMMAND LINE INTERFACE The section describes how to use the Command Line interface CLI Section 6 CLI MODE The section explains how to manage the Managed Switch by Command Line interface Section 7 SWITCH OPERATION The chapter explains how to do the switch operation of the Managed Switch Section 8 TROUBLESHOOTING The chapter explains how to do trouble...

Page 15: ...nto Auto Alarm System Transfer Alarm to IP Network via SNMP Trap Hardware Design 10 to 60 degrees C Operating Temperature for DC Power Input only 19 inch Rack mountable Relay Alarm for Port Breakdown Power Failure 2 Thermal Fans Design Layer 2 Features Prevents packet loss with back pressure half duplex and IEEE 802 3x pause frame flow control full duplex High performance of Store and Forward arch...

Page 16: ...ticular Port Loop Protection to Avoid Broadcast Loops Supports G 8032 Ethernet Ring Protection Switching E R P S Quality of Service Ingress Shaper and Egress Rate Limit Per Port Bandwidth Control 8 Priority Queues on All Switch Ports Traffic Classification IEEE 802 1p CoS IP TOS DSCP IP Precedence IP TCP UDP Port Number Typical Network Application Strict Priority and Weighted Round Robin WRR CoS P...

Page 17: ...nt Interfaces Console Telnet Command Line Interface Web Switch Management SNMP v1 and v2c Switch Management SSH SSL and SNMP v3 Secure Access Four RMON Groups History Statistics Alarms and Events IPv6 IP Address NTP DNS Management Built in Trivial File Transfer Protocol TFTP Client BOOTP and DHCP for IP Address Assignment Firmware Upload Download via HTTP TFTP DHCP Relay DHCP Option 82 User Privil...

Page 18: ...Frame 10Kbytes Reset Button 5 seconds System reboot 10 seconds Factory default Dimensions W x D x H 440 x 200 x 44 5 mm 1U high Weight 2 935kg LED Power DC1 DC2 Fault Ring R O Link Act and speed per Gigabit port Power Consumption Max 57 watts 197 6BTU Power Requirement AC AC 100 240V 50 60Hz 1 5A Power Requirement DC 36V DC 1 6A Range 36V 60V DC DI DO 2 Digital Input DI Level 0 24 2 4V 0 1V Level ...

Page 19: ...erfaces Console Telnet Web Browser SNMPv1 v2c and v3 Secure Management Interface SSH SSL SNMP v3 SNMP MIBs RFC 1213 MIB II IF MIB RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 2 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC3411 SNMP Frameworks MIB IEEE 802 1X PAE LLDP MAU MIB Standards Conformance Regulation Compliance FCC P...

Page 20: ... Switching RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 Environment Operating Temperature 10 60 degrees C for DC power input 0 50 degrees C for AC power input Relative Humidity 5 95 non condensing Storage Temperature 10 70 degrees C Relative Humidity 5 95 non condensing ...

Page 21: ...Twist Pair Up to 100 meters Gigabit SFP slots 1000Base SX LX mini GBIC slot SFP Small Factor Pluggable Transceiver Module supports from 550 meters Multi mode Fiber up to 10 30 50 70 120 kilometers Single Mode Fiber 10 Gigabit SFP slots 10GBase SR LR mini GBIC slot SFP Small Factor Pluggable Transceiver Module supports from 300 meters Multi mode Fiber up to 10 kilometers Single Mode Fiber Console P...

Page 22: ...settings as shown below Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 Figure 2 2 Reset button of Managed Switch 1 Press the RESET button once and the Managed Switch will reboot automatically 2 Press the RESET button for 5 seconds and the Managed Switch will be back to the factory default mode the entire config...

Page 23: ...tch at the input terminal block The size of the two screws in the terminal block is M3 5 Digital Input The digitail input of the Managed Switch can be activated by the external sensor that senses physical changes These changes can include intrusion detection or certain physical change in the monitored area For example the external sensor can be a door switch or an infrared motion detector Digital ...

Page 24: ... data over that port Green Off Indicates that the SFP port is link down Lights Indicates the link through that SFP port is successfully established with speed 10Mbps or 100Mbps Blinks Indicates that the switch is actively sending or receiving data over that port LNK ACT Orange Off Indicates that the SFP port is link down 10 100 1000Base T interfaces Shared Port1 Port4 LED Color Function Lights Ind...

Page 25: ...1 3 Wiring the AC Power Input The rear panel of the NS4750 indicates an AC inlet power socket which accepts input power from 100 to 240V AC 50 60Hz 2 1 4 Wiring the DC Power Input The 6 contact terminal block connector on the front panel of NS4750 is used for two DC redundant power input Please follow the steps below to insert the power wire 1 Insert positive negative DC power wires into contacts ...

Page 26: ...erminal block connector as the picture shows below Inserting the wires the Managed Switch will detect the fault status of the power failure or port link failure available for managed model when Fault Alarm function has been enabled The following illustration shows an application example for wiring the fault alarm contacts Insert the wires into the faulty alarm contacts 1 The wire gauge for the ter...

Page 27: ... panel of NS4750 24S 4T 4X is used for Digital Input and Digital Output Please follow the steps below to insert wire 1 The NS4750 24S 4T 4X offers two DI and DO groups 1 and 2 are DI groups 3 and 4 are DO groups and 5 and 6 are GND ground Figure 2 5 Wiring the Redundant Power Inputs DI DO GND ...

Page 28: ...GND Figure 2 6 6 Pin Terminal Block DI DO Wiring Input 2 There are two Digital Input groups for you to monitor two different devices The following topology shows how to wire DI0 and DI1 We use the NS4750 24S 4T 4X to be an example for describing DI application Figure 2 7 Wires DI0 and DI1 to Open Detector ...

Page 29: ... Output groups for you to sense NS4750 24S 4T 4X port failure or power failure and issue a high or low signal to external device The following topology shows how to wire DO0 and DO1 Figure 2 8 Wires DO0 and DO1 to Open Detector ...

Page 30: ... Managed Switch on desktop or shelf please follow these steps Step1 Attach the rubber feet to the recessed areas on the bottom of the Managed Switch Step2 Place the Managed Switch on the desktop or the shelf near an AC DC power source as shown in Figure 2 4 Figure 2 4 Place the Managed Switch on the Desktop Step3 Keep enough ventilation space between the Managed Switch and the surrounding objects ...

Page 31: ...lace the Managed Switch on a hard flat surface with the front panel positioned towards the front side Step2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 5 shows how to attach brackets to one side of the Managed Switch Figure 2 5 Attach Brackets to the Managed Switch You must use the screws supplied with the mounting brackets...

Page 32: ...32 Figure 2 6 Mounting the Managed Switch on a Rack Step6 Proceeds with steps 4 and 5 of session 2 2 1 Desktop Installation to connect the network cabling and supply power to the Managed Switch ...

Page 33: ...802 3ab Fast Gigabit Ethernet standard requires Category 5 UTP for 100Mbps 100Base TX 10Base T networks can use Cat 3 4 5 or 1000Base T use 5 5e 6 UTP see table below Maximum distance is 100 meters 328 feet The 100Base FX 1000Base SX LX SFP slot is used as LC connector with optional SFP module Please see table below and know more about the cable specifications Port Type Cable Type Connector 10Base...

Page 34: ...both single mode and multi mode SFP transceivers The following list of approved INTERLOGIX SFP transceivers is correct at the time of publication Gigabit SFP Transceiver Modules S30 RJ SFP Port 1000Base T Module 100M S30 2MLC SFP Port 1000Base SX mini GBIC module 550M 0 50 C S35 2MLC SFP Port 1000Base SX mini GBIC module 550M 40 75 C S30 2MLC 2 SFP Port 1000Base SX mini GBIC module 2KM 0 50 C S30 ...

Page 35: ...X Transceiver 1310nm 20KM 40 75 C S20 ISLC A 20 SFP Port 100Base BX Transceiver WDM TX 1310nm 20KM 0 50 C S20 ISLC B 20 SFP Port 100Base BX Transceiver WDM TX 1550nm 20KM 40 75 C 10 Giga SFP Transceiver Modules S40 2MLC SFP Port 1G Base SX Transceiver 300M 0 50 C S40 2SLC 10 SFP Port 1G Base SX Transceiver 10KM 0 50 C 62 5 125um fiber only supports 33meter for 300m use OM3 50 125um 1 It is recomme...

Page 36: ...e both sides of the SFP transceiver are with the same media type or WDM pair for example 100Base FX to 100Base FX 100Base BX20 U to 100Base BX20 D 2 Check the fiber optic cable type that matches the SFP transceiver model To connect to MFB FX SFP transceiver use the multi mode fiber cable with one side being the male duplex LC connector type To connect to MFB F20 F40 F60 FA20 FB20 SFP transceiver u...

Page 37: ...emove the Fiber Optic Cable gently 3 Lift up the lever of the MGB module and turn it to a horizontal position 4 Pull out the module gently through the lever Figure 2 10 How to Pull Out the SFP Transceiver Module Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP module slot...

Page 38: ... Requirements Management Access Overview Remote Telnet Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations of subscribers running Windows XP 2003 Vista Windows 7 MAC OS X Linux Fedora Ubuntu or other platform compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Ethernet Port connect Network cables...

Page 39: ...onality built into Windows XP 2003 Vista Windows 7 operating systems Can be accesses from any location Security can be compromised hackers need only know the IP address Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be compromised hackers need only know the IP address and subnet mask ...

Page 40: ...can access the Managed Switch remote telnet interface from personal computer or workstation in the same Ethernet environment as long as you know the current IP address of the Managed Switch Figure 3 1 Remote Telnet and Console Port Interface Management In Windows system you may click Start then choose Accessories and Command Prompt Please input telnet 192 168 0 100 and press enter from your keyboa...

Page 41: ...ddress for the Managed Switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch Figure 3 3 Web Management You can then use your Web browser to list and manage the Managed Switch configuration parameters from one central location the Web Management requires Microsoft Internet Explorer 7 0 or later Figure 3 4 ...

Page 42: ...tch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default getting and setti...

Page 43: ...o open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x whe...

Page 44: ...lt IP Address is shown as follows http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login Screen Default User name admin Default Password admin ...

Page 45: ...left of the web page let you access all the commands and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch 2 The changed IP address take effect immediately after clicking on the Save button you need to use the new IP address to access the Web interface 3 For security reason please change and memorize the new password after this...

Page 46: ...ace to configure and manage it Figure 4 1 4 Main Page Panel Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Link Down Link Up RJ 45 Ports SFP Ports Main Functi...

Page 47: ...ontrol the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can setup the Managed Switch by selecting the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Managed Switch Main Functions Menu ...

Page 48: ...itch administrator to identify the hardware MAC address software version and system uptime The screen in Figure 4 2 1 appears Figure 4 2 1 System Information Page Screenshot The page includes the following fields Object Description Contact The system contact configured in Configuration System Information System Contact Name The system name configured in Configuration System Information System Name...

Page 49: ...n The software version of the Managed Switch Software Date The date when the switch software was produced Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page 4 2 2 IP Configuration The IP Configuration includes the IP Address Subnet Mask and Gateway The Configured column is used to view or change the IP configurat...

Page 50: ...s to the currently configured DNS server and reply as a DNS resolver to the client devices on the network Delete Select this option to delete an existing IP interface VLAN The VLAN associated with the IP interface Only ports in this VLAN will be able to access the IP interface This field is only available for input when creating an new interface Enabled Enable the DHCP client by checking this box ...

Page 51: ...sk Length The destination IP network or host mask in number of bits prefix length Gateway The IP address of the IP gateway Valid format is dotted decimal notation or a valid IPv6 notation Gateway and Network must be of the same type IP Routes Next Hop VLAN The VLAN ID VID of the specific IPv6 interface associated with the gateway Buttons Click to add a new IP interface A maximum of 128 interfaces ...

Page 52: ...erface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type IP Interfaces Status The status flags of the interface and or address Network The destination IP network or host address of this route Gateway The gateway address of this route IP Routes Status The status flags of the route IP Address The IP ad...

Page 53: ...s the following fields Object Description User Name The name identifying the user Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege ...

Page 54: ...of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and p...

Page 55: ...rget the new password after changing the default password please press the Reset button on the front panel of the Managed Switch for over 10 seconds and then release it The current setting including VLAN will be lost and the Managed Switch will restore to the default mode 4 2 5 Privilege Levels This page provides an overview of the privilege levels After setup is completed please press Save button...

Page 56: ...56 Figure 4 2 7 Privilege Levels Configuration Page Screenshot ...

Page 57: ...ept ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Privilege Level Every group has an authorization Privilege level for the following sub groups Configuration read only Confi...

Page 58: ...NTP mode operation is enabled the agent forwards NTP messages between the clients and the server when they are not on the same subnet domain Disabled Disable NTP mode operation Timezone Allow select the time zone according to current location of switch Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal...

Page 59: ...niform standard time for legal commercial and social purposes It is convenient for areas in close commercial or other communication to keep the same time so time zones tend to follow the boundaries of countries and their subdivisions The Time Zone Configuration screen in Figure 4 2 9 appears Figure 4 2 9 Time Configuration Page Screenshot The Page includes the following fields Object Description ...

Page 60: ...ek Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute End Time Settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes Select the ending minute Offset Settings Enter the number of minutes to add during Daylight S...

Page 61: ...ration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done ...

Page 62: ...ption works by setting two sub options Circuit ID option 1 Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no...

Page 63: ...the DHCP relay information mode option operation Possible modes are Enabled Enable DHCP relay information mode operation When enable DHCP relay information mode operation the agent insert specific information option82 into a DHCP message when forwarding to DHCP server and remove it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Disabled D...

Page 64: ...cs Page Screenshot The page includes the following fields Server Statistics Object Description Transmit to Server The number of packets that are relayed from client to server Transmit Error The number of packets that resulted in errors while being sent to clients Receive form Server The number of packets received from server Receive Missing Agent Option The number of packets received without agent...

Page 65: ...in The number of packets whose relay agent information was retained Drop Agent Option The number of packets that were dropped which were received with relay agent information Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clear all statistics 4 2 11 CPU Load This page displays the CPU load using a...

Page 66: ...reenshot Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds If your browser cannot display anything on this page please download Adobe SVG tool and install it in your computer ...

Page 67: ...m log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The message of the system log entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to updates the sy...

Page 68: ...last entry currently displayed Updates the system log entries starting from the last entry currently displayed Updates the system log entries ending at the last available entry ID 4 2 13 Detailed Log The switch system detailed log information is provided here The Detailed Log screen in Figure 4 2 16 appears Figure 4 2 16 Detailed Log Page Screenshot The page includes the following fields Object De...

Page 69: ...cates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog ser...

Page 70: ...70 Warning Send warnings and errors Error Send errors Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 71: ...tted a DNS name please remember to input DNS server IP address at IP configuration page SMTP Port It is for you to input the SMTP server port number As default is 25 SMTP Authentication Enabled As usual SMTP server is denied to relay a mail from a different domain so you have to enable this option and input your mail account and password for SMTP sever authorizing to forward a mail from different ...

Page 72: ...changes Click to undo any changes made locally and revert to previously saved values 4 2 16 Digital Input Output Digital Input allows user can log external device such as industrial cooler dead or alive or something else system will logs a user cistomize message into system log syslog issue SNMP trap or issue an alarm E mail Digital Output allows user to monitor the switch port and power and let s...

Page 73: ... trigger an action that logs a customize message or issue the message from the switch As Digital Output Allows user selecting to High to Low or Low to High This is means that when the switch has power failed or port failed then system will issue a High or Low signal to an external device such as an alarm Event Description Allows user setting a customize message for Digital Input function alarming ...

Page 74: ...tput has detected these event then Digitial Output would be triggered according to the setting of Condition Power Alarm Allows user to choose which power module want to be monitored Port Alarm Allows user to choose which port want to be monitored Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 75: ...the segment of Wiring the Fault Alarm Contact for the failure detection The Configuration screen in Figure 4 2 20 appears Figure 4 2 20 Windows File Selection Menu Popup The page includes the following fields Object Description Enable Allows user to enable Fault Alarm function Record Allows user to record alarm message to System log syslog or issues out via SNMP Trap or SMTP As default SNMP Trap a...

Page 76: ... Upgrade screen perform the folling 1 Click System Web Firmware Upgrade 2 The Firmware Upgrade screen is displayed as in Figure 4 2 21 3 Click the button of the main page the system would pop up the file selection menu to choose firmware 4 Select on the firmware and then click The Software Upload Progress would show the file upload status 5 Once the software be loaded to the system successfully th...

Page 77: ...u have your TFTP server ready and the firmware image is on the TFTP server The TFTP Firmware Upgrade screen in Figure 4 2 23 appears Figure 4 2 23 TFTP Firmware Update Page Screenshot The page includes the following fields Object Description TFTP Server IP Fill in your TFTP server IP address Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmwar...

Page 78: ...e current configuration thereby ensuring that the current active configuration can be used at the next reboot screen in Figure 4 2 24 appears After saving the configuratioin the screen Figure 4 2 25 will appear Figure 4 2 24 Configuration Save Page Screenshot ...

Page 79: ... file is volatile startup config The startup configuration for the switch read at boot time default config A read only file with vendor specific configuration This file is read when the system is restored to default settings It is also possible to store up to two other files and apply them to running config thereby switching configuration Configuration Download page allows the download the running...

Page 80: ...e file will be applied to the switch configuration This can be done in two ways Replace mode The current configuration is fully replaced with the configuration in the uploaded file Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system files mentioned above plus two other files it is not possible to create new files but an existing file ...

Page 81: ...on Activate Configuration Activate page allows to activate the startup config and default config files present on the switch Please refer to the Figure 4 2 28 shown below Figure 4 2 28 Configuration Activate Page Screenshot ...

Page 82: ...29 Configuration Delete Page Screenshot 4 2 25Image Select This Page provides information about the active and alternate backup firmware images in the device and allows you to revert to the alternate image The web Page displays two tables with information about the active and alternate firmware images The Image Select screen in Figure 4 2 30 appears In case the active firmware image is the alterna...

Page 83: ...s Object Description Image The flash index name of the firmware image The name of primary preferred image is image the alternate image is named image bk Version The version of the firmware image Date The date where the firmware was produced Button Click to choose Alternate Image as Activate Image ...

Page 84: ...ure 4 2 31 appears Figure 4 2 31 Factory Default Page Screenshot Buttons Click to reset the configuration to Factory Defaults Click to return to the Port State Page without resetting the configuration To reset the Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel about 10 seconds After the device be rebooted You can login the management W...

Page 85: ...ation Once the Reboot button is pressed user will re access the WEB interface about 60 seconds later the System Reboot screen in Figure 4 2 32 appears Figure 4 2 32 System Reboot Page Screenshot Buttons Click to reboot the system Click to return to the web main page without reboot the system ...

Page 86: ...t information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol SNMP Operations SNMP itself is a si...

Page 87: ...ludes the following fields Object Description Mode Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 Read Community Indicates the community read ...

Page 88: ...he community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a particular range of source addresses can be used to restrict source subnet Engine ID Indicates the SNMPv3 engine ID The string must contain an even number in hexadecimal format with number of digits ...

Page 89: ...MP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported version 3 Trap Community Indicates the community access string when send SNMP tra...

Page 90: ...ble SNMP trap authentication failure Trap Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Trap Probe Security Engine ID Indicates the SNMPv3 trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID...

Page 91: ...LDP trap AAA Indicates that the AAA group s traps Possible traps are Authentication Fail Enable disable SNMP trap authentication failure trap Switch Indicates that the Switch group s traps Possible traps are STP Enable disable STP trap RMON Enable disable RMON trap Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 92: ...126 System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length i...

Page 93: ...community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of source addresses can be used to restrict source subnet when combined with s...

Page 94: ...mUserName are the entry s keys In a simple agent usmUserEngineID is always that agent s own snmpEngineID value The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate In other words if user engine ID equal system engine ID then it is local user otherwise it s remote user User Name A string identifying the user name that this entry should b...

Page 95: ...length is 8 to 40 The allowed content is the ASCII characters from 33 to 126 Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol DES An optional flag to indicate that this user using DES authentication protocol Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and ...

Page 96: ...ying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Click to add a new group entry Click to save changes Cli...

Page 97: ...o Possible view type are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded General if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID subtree overstep the excluded view entry OID Subtree The OID defining the root of the su...

Page 98: ... to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy Read...

Page 99: ...99 Buttons Click to add a new access entry Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 100: ... Lists Ethernet and RMON port statistics Port Statistics Detail Lists Ethernet and RMON port statistics SFP Information Displays SFP information Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Figure 4 4 1 Port Configuration Page...

Page 101: ...00Mbps Full duplex mode Auto Fiber 10G Setup 10G firber port for negotiation automatically Auto Fiber Setup 1G fiber port for negotiation automatically Auto Setup Auto negotiation Flow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx colu...

Page 102: ...tiPHY Link down power savings enabled PerfectReach Link up power savings enabled Enabled Both link up and link down power savings enabled When setting each port to run at 100M Full 100M Half 10M Full and 10M Half speed modes the Auto MDIX function will disable Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values Click to refresh the page Any ch...

Page 103: ...re 4 4 2 Port Statistics Overview Page Screenshot The displayed counters are Object Description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port ...

Page 104: ...ed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The selected port belongs to the currently selected stack unit as reflected by the page header The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit The Detailed Port Statistics sc...

Page 105: ...and bad packets split into categories based on their respective frame sizes Receive and Transmit Queue Counters The numeric of received and transmitted packet is per input and output queue Receive Error Counters Object Description Rx Drops The numeric of frames is dropped due to lack of receive buffers or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors...

Page 106: ...efresh the page immediately Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 4 4 SFP Information You can check the physical or operational status of an SFP module via the SFP Module Information page This page shows the operational status such as the transceiver type speed and wavelength and supports distance of SFP modu...

Page 107: ...X 1000Base LX 100Base FX Speed Display the speed of current SFP module The speed value or description is gotten from the SFP module Different vendors of SFP modules might show different speed information Wave Length nm Display the wavelength of current SFP module The wavelength value is gotten from the SFP module Use this column to check if the wavelength values of two nodes are matched while the ...

Page 108: ... Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Click to refresh the page immediately 4 4 5 Port Mirror Configure port mirroring on this page This function provides to monitor network traffic that forwards a copy of each incoming or outgoing packet from one port of a network switch to another port where the packet can be studied It enables the m...

Page 109: ...e mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Mirror Port Configuration The Port Mirror screen in Figure 4 4 6 appears ...

Page 110: ...110 Figure 4 4 6 Mirror Configuration Page Screenshot ...

Page 111: ...rored to the mirror port For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 5 Link Aggregation Port Aggregation optimizes port usage by link...

Page 112: ... establish a LAG between them Figure 4 5 1 Link Aggregation Topology The Link Aggregation Control Protocol LACP provides a standardized means for exchanging information between Partner Systems that require high speed redundant links Link aggregation lets you group up to eight consecutive ports into a single dedicated connection This feature can expand bandwidth to a device on the network LACP oper...

Page 113: ... avoid creating a data loop It allows a maximum of 10 ports to be aggregated at the same time The Managed Switch supports Gigabit Ethernet ports up to 5 groups If the group is defined as a LACP static link aggregationing group then any extra ports selected are placed in a standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregationing group...

Page 114: ...frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calc...

Page 115: ...Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in eac...

Page 116: ...llows switches connected to each other to discover automatically whether any ports are member of the same LAG This page allows the user to inspect the current LACP port configurations and possibly change them as well The LACP port settings relate to the currently selected stack unit as reflected by the page header The LACP Configuration screen in Figure 4 5 4 appears ...

Page 117: ...117 Figure 4 5 4 LACP Port Configuration Page Screenshot ...

Page 118: ...CP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet Partner Priority The Prio controls the priority of the port If the LACP partner...

Page 119: ...C address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local Ports Shows which ports are a part of this aggregation for this switch Buttons Click to refresh the page immediately Auto refresh Automatic refresh occurs every 3 seconds 4 5 4 LACP Port Status This page provides a status overview ...

Page 120: ...s means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile its LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together ...

Page 121: ...artners System ID MAC address Partner Port The partner port number connected to this port Buttons Click to refresh the page immediately Auto refresh Automatic refresh occurs every 3 seconds 4 5 5 LACP Port Statistics This page provides an overview for LACP statistics for all ports The LACP Port Statistics screen in Figure 4 5 7 appears ...

Page 122: ...ows how many LACP frames have been sent from each port LACP Transmitted Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for all ports ...

Page 123: ...s and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLANs 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unaware 3 The Switch s default is to assign all ports to a single 802 1Q VLAN...

Page 124: ...ss through a configured Layer 3 link to reach a different VLAN This Managed Switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging IEEE 802 1Q Standard IEEE 802 1Q tagged VLAN ...

Page 125: ...VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bits 12 bits TPID Tag Protocol Identifier TCI Tag Control Inform...

Page 126: ...ly one PVID but can have as many VID as the switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitti...

Page 127: ...oadcast domain that is separate from other VLANs configured on the switch Packets are forwarded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets 4 6 3 VLAN Port Configuration This Page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration Page contains fields for managing ports that are par...

Page 128: ...ent customers use the same internal VLAN IDs This is accomplished by inserting Service Provider VLAN SPVLAN tags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by differe...

Page 129: ...rements is reduced Global VLAN Configuration The Global VLAN Configuration screen in Figure 4 6 1 appears Figure 4 6 1 Global VLAN Configuration Screenshot The Page includes the following fields Object Description Allowed Access VLANs This field shows the allowed Access VLANs it only affects ports configured as Access ports Ports in other modes are members of all VLANs specified in the Allowed VLA...

Page 130: ...ollowing fields Object Description Port This is the logical port number for this row Mode Access Access ports are normally used to connect to end stations Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 ...

Page 131: ...onfiguration features In addition to the characteristics described for trunk ports hybrid ports have these abilities Can be configured to be VLAN tag unaware C tag aware S tag aware or S custom tag aware Ingress filtering can be controlled Ingress acceptance of frames and configuration of egress tagging can be configured independently Port VLAN Determines the port s VLAN ID PVID Allowed VLANs are ...

Page 132: ... gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with the custom S tag Ingress Filtering Hybrid ports allow for changing ingress filtering Access and Trunk ports always have ingress filtering enabled If ingress filtering is enabled checkbox is checked frames classified to a VLAN that the port is not a member of get discarded If ingress filtering is disabled ...

Page 133: ... the port will not become member of any VLANs Forbidden VLANs A port may be configured to never be member of one or more VLANs This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs The trick is to mark such VLANs as forbidden on the port in question The syntax is identical to the syntax used in the Enabled VLANs field By...

Page 134: ...inating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN Port Members A row of check boxes for each port is displayed for each VLAN ID If a port is included in a VLAN an image will be displayed If a port is included in a Forbidden port list an image will be dis...

Page 135: ...ry 3 seconds Click to refresh the Page immediately Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID Updates the table starting with the entry after the last entry currently displayed 4 6 5 VLAN Port Status This Page provides VLAN Port Staus The VLAN Port Status screen in Figure 4 6 5 appears ...

Page 136: ...136 Figure 4 6 5 VLAN Port Status for Static User Page Screenshot The Page includes the following fields ...

Page 137: ... or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded Port VLAN ID Shows the PVID setting for the port Tx Tag Shows egress filtering frame status whether tagged or untagged Untagged VLAN ID Shows UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side Conflicts S...

Page 138: ... Private VLAN screen in Figure 4 6 6 appears Figure 4 6 6 Private VLAN Membership Configuration Page Screenshot The page includes the following fields Object Description Delete To delete a private VLAN entry check this box The entry will be deleted during the next save Private VLAN ID Indicates the ID of this particular private VLAN Port Members A row of check boxes for each port is displayed for ...

Page 139: ... with database servers on the inside segment but are not allowed to communicate with each other For private VLANs to be applied the switch must first be configured for standard VLAN operation When this is in place one or more of the configured VLANs can be configured as private VLANs Ports in a private VLAN fall into one of these two groups Promiscuous ports Ports from which traffic can be forward...

Page 140: ...isolated ports on the same VLAN and Private VLAN The Port Isolation screen in Figure 4 6 7 appears Figure 4 6 7 Port Isolation Configuration Page Screenshot The page includes the following fields Object Description Port Members A check box is provided for each port of a private VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By defaul...

Page 141: ...nd Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLAN Each VLAN isolate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 8 appears and Table 4 1 describes the port configuration of the Managed Switch ...

Page 142: ...ed as follows Untagged packet entering VLAN 2 1 While PC 1 transmit an untagged packet enters Port 1 the Managed Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will receive the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away it tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep as a ta...

Page 143: ... 5 it will be stripped away it tag becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 For this example VLAN Group 1 is set as default VLAN but only focuses on VLAN 2 and VLAN 3 traffic flow The example screenshot comes from the other switch but the configuration interface is the same with NS4750 24S 4T 4X Setup steps 1 Create VLAN Group Add...

Page 144: ...144 Figure 4 6 10 Change Port VLAN of Port 1 3 to be VLAN2 and Port VLAN of Port 4 6 to be VLAN3 ...

Page 145: ...nk Selects Egress Tagging as Tag All and Types 2 in the Allowed VLANs column Change Port 6 Mode as Trunk and Selects Egress Tagging as Tag All and Types 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 11 appears Figure 4 6 11 Check VLAN 2 and 3 Members on VLAN Membership Page ...

Page 146: ...cess with other switches within the same VLAN group The screen in Figure 4 6 12 appears Figure 4 6 12 VLAN Trunking Diagram Setup steps 1 Add VLAN Group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Figure 4 6 13 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2 Port 1 Port 2 and Port 3 ...

Page 147: ...Port 7 to be the 802 1Q VLAN Trunk port 2 Assign Port 7 to both VLAN 2 and VLAN 3 at the VLAN Member configuration Page 3 Define a VLAN 1 as a Public Area that overlapping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member port 5 Specify Port 7 to be the 802 1...

Page 148: ...t the partner switch and add more VLANs to join the VLAN trunk repeat Steps 1 to 3 to assign the Trunk port to the VLANs 4 6 10 3 Port Isolate The diagram shows how the Managed Switch handles isolate and promiscuous ports and the each PC is not able to access each other PCs of each isolate port But they all need to access with the same server AP Printer The screen in Figure 4 6 16 appears This sec...

Page 149: ...omiscuous port The screen in Figure 4 6 17 appears Figure 4 6 17 The Configuration of Isolated and Promiscuous Port 2 Assign VLAN Member VLAN 1 Port 5 and Port 6 VLAN 2 Port 1 Port 2 Port 5 and Port 6 VLAN 3 Port 3 Port 6 The screen in Figure 4 6 18 appears Figure 4 6 18 Private VLAN Port Setting ...

Page 150: ...Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members A row of check boxes for each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Buttons Click to add a new MAC based VLAN entry ...

Page 151: ...he following fields Object Description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 4 6 13 Protocol based VLAN This page allows you to add new protocols to Group Name unique ...

Page 152: ... that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu Below is the criteria for three different Frame Types 1 For Ethernet Values in the text field when Ethernet is selected as a Frame Type is called etype Valid values for etype ranges from 0x0600 0xffff 2 For LLC Valid value in this case is comprised of two different sub values a D...

Page 153: ... Name is a unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 Note special character and underscore _ are not allowed Buttons Click to add a new entry in mapping table Click to save changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically A...

Page 154: ...g mapping entry on this page VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or exclude the port from the mapping make sure the box is unchecked By default no ports are members and all boxes are unc...

Page 155: ... automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to...

Page 156: ... using the default parameters the path between source and destination stations in a switched network might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transit...

Page 157: ...ugh the states of listening and learning at power up If properly configured each port stabilizes to the forwarding or blocking state No packets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level fo...

Page 158: ... Hello Time The length of time between broadcasts of the hello message by the switch 2 seconds Maximum Age Timer Measures the age of a received BPDU for a port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer 20 seconds Forward Delay Timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port t...

Page 159: ...es the Root Bridge The Hello Time cannot be longer than the Max Age Otherwise a configuration error will occur Max Age The Max Age can be from 6 to 40 seconds At the end of the Max Age if a BPDU has still not been received from the Root Bridge your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge If it turns out that your Switch has the lowest B...

Page 160: ...and C The decision to block a particular connection is based on the STP calculation of the most current Bridge and Port settings Now if switch A broadcasts a packet to switch C then switch C will drop the packet at port 2 and the broadcast will end there Setting up STP using values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will au...

Page 161: ...n switches B and C The two optional Gigabit ports default port cost 20 000 on switch A are connected to one optional Gigabit port on both switch B and C The redundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B...

Page 162: ...ng Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree convergence without creating forwarding loops Extension Multiple Spanning Tree Protocol MSTP Defines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of...

Page 163: ... mode Valid values are in the range 4 to 30 seconds Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Maximum Hop Count This defines the ...

Page 164: ...er a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time that has to pass before a port in the error disabled state can be enabled Valid values are between 30 and 86400 seconds 24 hours The Managed Switch implements the Rapid Spanning Protocol as the default s...

Page 165: ...tatus Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag for ...

Page 166: ...s the user to inspect the current STP CIST port configurations and possibly change them as well The CIST Port Configuration screen in Figure 4 7 6 appears Figure 4 7 6 STP CIST Port Configuration Page Screenshot The page includes the following fields ...

Page 167: ...oEdge fields This flag is displayed as Edge in Monitor Spanning Tree STP Detailed Bridge Status Admin Edge Controls whether the operEdge flag should start as beeing set or cleared The initial operEdge state when a port is initialized All means all ports will have one specific setting Auto Edge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdg...

Page 168: ...dia All means all ports will have one specific setting Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost meth...

Page 169: ... 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 2 000 000 1 000 000 500 000 Fast Ethernet Half Duplex Full Duplex Trunk 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 10 000 5 000 Table 4 7 3 Default STP Path Costs ...

Page 170: ...e bridge instance The CIST is the default instance which is always active Priority The Configuration All with available values will assign to whole items Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier means all MSTI items will have one priorit...

Page 171: ...his page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Configuration screen in Figure 4 7 8 appears Figure 4 7 8 MSTI Configuration Page Screenshot ...

Page 172: ...he revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI Mapping Object Description MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI A unused M...

Page 173: ...r the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global The MSTI Port Configuration screen in Figure 4 7 9 Figure 4 7 10 appears Figure 4 7 9 MSTI Port Configuration Page Screenshot The page includes the following fields MSTI Port Configur...

Page 174: ...174 Figure 4 7 10 MST1 MSTI Port Configuration Page Screenshot ...

Page 175: ... can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 All means all ports will have one specific setting Priority The Configuration All with available values will assign to whole items Controls the port priority This can be used t...

Page 176: ... The STP Port Status screen in Figure 4 7 11 appears Figure 4 7 11 STP Port Status Page Screenshot The page includes the following fields Object Description Port The switch port number of the logical STP port CIST Role The current STP port role of the ICST port The port role can be one of the following values AlternatePort ...

Page 177: ...port state can be one of the following values Disabled Blocking Learning Forwarding Non STP Uptime The time since the bridge port was last initialized Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately ...

Page 178: ...he number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Spanning Tree B...

Page 179: ...will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of the multicast g...

Page 180: ...180 Figure 4 8 2 Multicast Flooding ...

Page 181: ...ovides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query ...

Page 182: ... it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live ...

Page 183: ...erforming IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting ...

Page 184: ...he next save Profile Name The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present Profile Description Additional description which is composed of at maximum 64 alphabetic and numeric characters about the profile No blank or space characters are permitted as part of descrip...

Page 185: ...m The Profile Table screen in Figure 4 8 6 appears Figure 4 8 6 IPMC Profile Address Configuration Page The page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted during the next save Entry Name The name used for indexing the address entry table Each entry has the unique name which is composed of at maximum 16 alphabetic and nume...

Page 186: ...hanges Click to undo any changes made locally and revert to previously saved values Refreshes the displayed table starting from the input fields Updates the table starting from the first entry in the IPMC Profile Address Configuration Updates the table starting with the entry after the last entry currently displayed ...

Page 187: ... 8 4 IGMP Snooping Configuration This Page provides IGMP Snooping related configuration The IGMP Snooping Configuration screen in Figure 4 8 7 appears Figure 4 8 7 IGMP Snooping Configuration Page Screenshot ...

Page 188: ...ts A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier The Switch forwards IGMP join or leave packets to an IGMP router port Auto Select Auto to have the Managed Switch automatically uses the port as IGMP Router port if the port receives IGMP query packets Fix The Managed Switch always uses the specified port as an IGMP Router port Use thi...

Page 189: ...rs Figure 4 8 8 IGMP Snooping VLAN ConfigurationPage Screenshot The page includes the following fields Object Description Delete Check to delete the entry The designated entry will be deleted during the next save VLAN ID The VLAN ID of the entry IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected Querier Election Enable the IGMP Querier election in the VLAN D...

Page 190: ...Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds QRI Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds LLQI LMQI for IGMP Last Member Query Interval The Last Member...

Page 191: ...isplayed Click to add new IGMP VLAN Specify the VID and configure the new entry Click Save The specific IGMP VLAN starts working after the corresponding static VLAN is also created Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 192: ...but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When ...

Page 193: ...the settings Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 194: ...lds Object Description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Show the Querier status is ACTIVE or IDLE Querier Transmitted The number of Transmitted Querier Querier Received The number of Received Querier V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Rec...

Page 195: ...st device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicate whether specific port is a router port or not Buttons Click to refresh the Page immediately Clears all Statistics counters Auto r...

Page 196: ...low the user to select the starting point in the IGMP Group Table The IGMP Groups Information screen in Figure 4 8 11 appears Figure 4 8 9 IGMP Snooping Groups Information Page Screenshot The Page includes the following fields Object Description VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Buttons Auto refresh Automatic refresh occurs...

Page 197: ... SSM Information Table The IGMPv3 Information screen in Figure 4 8 12 appears Figure 4 8 12 IGMP SSM Information Page Screenshot The Page includes the following fields Object Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or ...

Page 198: ...198 Click to refresh the Page immediately Updates the table starting with the first entry in the IGMP Group Table Updates the table starting with the entry after the last entry currently displayed ...

Page 199: ... Figure 4 8 13 appears Figure 4 8 13 MLD Snooping Configuration Page Screenshot The Page includes the following fields Object Description Snooping Enabled Enable the Global MLD Snooping Unregistered IPMCv6 Flooding enabled Enable unregistered IPMCv6 traffic flooding The flooding control takes effect only when MLD Snooping is enabled ...

Page 200: ...void forwarding unnecessary join and leave messages to the router side Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port The allowed selection is Auto Fix Fone default compatibility...

Page 201: ... VLAN ID of the entry MLD Snooping Enable Enable the per VLAN MLD Snooping Up to 32 VLANs can be selected for MLD Snooping Querier Election Enable to join MLD Querier election in the VLAN Disable to act as a MLD Non Querier Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network The a...

Page 202: ...hs of seconds default last member query interval is 10 in tenths of seconds 1 second URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Buttons Refreshes the displayed table starting from the VLAN input fields Updat...

Page 203: ... can be assigned to a port When enabled MLD join reports received on the port are checked against the filter profile If a requested multicast group is permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of gr...

Page 204: ...ing Group Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values ...

Page 205: ... the following fields Object Description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Host Version currently Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled Querier Transmitted The number of Transmitted Querier Querier Received The number of Received Querier ...

Page 206: ...towards the Layer 3 multicast device or MLD querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Port Switch port number Status Indicates whether specific port is a router port or not Buttons Click to refresh the Page immediately Clears all...

Page 207: ...t fields allow the user to select the starting point in the MLD Group Table The MLD Groups Informatino screen in Figure 4 8 17 appears Figure 4 8 17 MLD Snooping Groups Information Page Screenshot The Page includes the following fields Object Description VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Buttons Auto refresh Automatic refre...

Page 208: ...ble The MLDv2 Information screen in Figure 4 8 18 appears Figure 4 8 18 MLD SSM Information Page Screenshot The Page includes the following fields Object Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Addres...

Page 209: ...ort which is a switch port configured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximun 8 MVR VLANs with corresponding channel sett...

Page 210: ...ludes the following fields Object Description MVR Mode Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group table is full ...

Page 211: ... mode of operation In Dynamic mode MVR allows dynamic MVR membership reports on source ports In Compatible mode MVR membership reports are forbidden on source ports The default is Dynamic mode Tagging Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged with MVR VID The default is Tagged Priority Specify how the traversed IGMP MLD control frames will be sent in ...

Page 212: ... group by issuing IGMP MLD messages Caution MVR source ports are not recommended to be overlapped with management VLAN ports Select the port role by clicking the Role symbol to switch the setting I indicates Inactive S indicates Source R indicates Receiver The default Role is Inactive Immediate Leave Enable the fast leave on the port Buttons Click to add new MVR VLAN Specify the VID and configure ...

Page 213: ...d The number of Transmitted Queries for IGMP and MLD respectively IGMPv1 Joins Received The number of Received IGMPv1 Joins IGMPv2 MLDv1 Reports Received The number of Received IGMPv2 Joins and MLDv1 Reports respectively IGMPv3 MLDv2 Reports Received The number of Received IGMPv1 Joins and MLDv2 Reports respectively IGMPv2 MLDv1 Leaves Received The number of Received IGMPv2 Leaves and MLDv1 Dones ...

Page 214: ...w the user to select the starting point in the MVR Group Table The MVR Groups Information screen in Figure 4 8 21 appears Figure 4 8 21 MVR Groups Information Page Screenshot The Page includes the following fields Object Description VLAN VLAN ID of the group Groups Group ID of the group displayed Port Members Ports under this group Buttons Auto refresh Automatic refresh occurs every 3 seconds Refr...

Page 215: ...e MVR SFM Information screen in Figure 4 8 22 appears Figure 4 8 22 MVR SFM Information Page Screenshot The Page includes the following fields Object Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP...

Page 216: ...nage network congestion QoS Terminology Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP h...

Page 217: ...profile to a port s 4 9 2 Port Policing This page allows you to configure the Policer settings for all switch ports The Port Policing screen in Figure 4 9 1 appears Figure 4 9 1 QoS Ingress Port Policers Page Screenshot ...

Page 218: ... Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps Unit The Configuration All with available options will assign to whole ports Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps All means all ports will have one specific setting Flow Control If flow control is enabled and the port is in flow control mode then pause f...

Page 219: ...rt Shapers Page Screenshot The page includes the following fields Object Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers For more detail please refer to chapter 4 9 3 1 Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps Port Shows disabled or actual port shaper rate e g 800 Mbps ...

Page 220: ... scheduler mode is Strict Priority or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Queue Shaper Unit Controls the unit ...

Page 221: ...ols whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons Click to save changes Cl...

Page 222: ...ication This page allows you to configure the basic QoS Ingress Classification settings for all switch ports The Port Classification screen in Figure 4 9 4 appears Figure 4 9 4 QoS Ingress Port Classification Page Screenshot ...

Page 223: ...ve one specific setting PCP The Configuration All with available values will assign to whole ports Controls the default PCP for untagged frames All means all ports will have one specific setting DEI The Configuration All with available values will assign to whole ports Controls the default DEI for untagged frames All means all ports will have one specific setting Tag Class Shows the classification...

Page 224: ...fields Object Description Tag Classification Controls the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames PCP DEI to QoS class DP level Mapping The Configuration All with available values will assign to whole items Controls the mapping of the classified PCP DEI to QoS class...

Page 225: ...n to the previous page 4 9 5 Port Scheduler This page provides an overview of QoS Egress Port Schedulers for all switch ports The Port Scheduler screen in Figure 4 9 6 appears Figure 4 9 6 QoS Egress Port Schedule Page Screenshot The page includes the following fields Object Description ...

Page 226: ...apter 4 9 5 1 Mode Shows the scheduling mode for this port Q0 Q5 Shows the weight for this queue and port 4 9 6 Port Tag Remarking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports The Port Tag Remarking screen in Figure 4 9 7 appears Figure 4 9 7 QoS Egress Port Tag Remarking Page Screenshot The page includes the following fields ...

Page 227: ...t are configured on this page The QoS Egress Port Tag Remarking sscreen in Figure 4 9 8 appears Figure 4 9 8 QoS Egress Port Tag Remarking Page Screenshot The page includes the following fields Object Description Mode Controls the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level PCP DEI...

Page 228: ...228 Click to undo any changes made locally and revert to previously saved values Click to undo any changes made locally and return to the previous page ...

Page 229: ...ort DSCP This page allows you to configure the basic QoS Port DSCP Configuration settings for all switch ports The Port DSCP screen in Figure 4 9 9 appears Figure 4 9 9 QoS Port DSCP Configuration Page Screenshot ...

Page 230: ...elected Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP All Classify all DSCP Egress The Configuration All with available options will assign to whole ports Port Egress Rewriting can be one of All means all ports will have one specific setting Disable No Egress rewrite Enable Rewrite enabled without remapping Remap DP Un...

Page 231: ...is page allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches The DSCP Based QoS screen in Figure 4 9 10 appears Figure 4 9 10 DSCP Based QoS Ingress Classification Page Screenshot ...

Page 232: ...to select all ports of Managed Switch QoS Class The Configuration All with available values will assign to whole DSCP values QoS Class value can be any of 0 7 DPL The Configuration All with available values will assign to whole DSCP values Drop Precedence Level 0 1 Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 233: ... switches DSCP translation can be done in Ingress or Egress The DSCP Translation screen in Figure 4 9 11 appears Figure 4 9 11 DSCP Translation Page Screenshot The Page includes the following fields Object Description DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 ...

Page 234: ...tion at Ingress side Egress There is following configurable parameter for Egress side Remap Remap DP Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Buttons Click to apply changes Click to undo any changes made locally and revert to previously saved values 4 9 10 DSCP Classification This Page allows you to map DSCP value to a QoS Class and DPL value...

Page 235: ...which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The QoS Control List screen in Figure 4 9 12 appears Figure 4 9 12 QoS Control List Configuration Page Screenshot The page includes the following fields Object Description QCE Indicates the index of QCE Port Indicates the ...

Page 236: ...specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any Action Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS Class if a frame matches the QCE it will be put in...

Page 237: ...s Key configuration is described as below Tag Value of Tag field can be Any Untag or Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values betwe...

Page 238: ... 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP...

Page 239: ...S class 0 7 or Default DP Valid Drop Precedence Level can be 0 1 or Default DSCP Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE Buttons Click to save the configuration and move to main QCL page Click to undo any changes made locally and revert to previously saved values Return to the previous page witho...

Page 240: ... look for incomming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames Port Indicates the list of ports configured with the QCE Action Indicates the classificatio...

Page 241: ... Yes otherwise it is always No Please note that conflict can be resolved by releaseing the resource required by the QCE and pressing Refresh button Buttons Select the QCL status from this drop down list Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to release the resources required to add QCL entry incase conflict status for any QCL en...

Page 242: ...roadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen in Figure 4 9 15 appears Figure 4 9 15 Storm Control Configuration Page Screenshot ...

Page 243: ...Broadcast Enable Enable or disable the storm control status for the given frame type Rate The rate unit is packets per second pps Valid values are 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1024K 2048K 4096K 8192K 16384K or 32768K Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 244: ...opped Min Threshold is the average queue filling level where the queues randomly start dropping frames The drop probability for frames marked with Drop Precedence Level n increases linearly from zero at Min Threshold average queue filling level to Max DP n at 100 average queue filling level The following illustration shows the drop probability function with associated parameters ...

Page 245: ...RED is enabled for this queue Min Threshold Controls the lower RED threshold If the average queue filling level is below this threshold the drop probability is zero This value is restricted to 0 100 Max DP1 Controls the drop probability for frames marked with Drop Precedence Level 1 when the average queue filling level is 100 This value is restricted to 0 100 Max DP2 Controls the drop probability ...

Page 246: ...246 4 9 15 QoS Statistics This page provides statistics for the different queues for all switch ports The QoS Statistics screen in Figure 4 9 17 appears Figure 4 9 17 Queuing Counters Page Screenshot ...

Page 247: ...me row Q0 Q7 There are 8 QoS queues per port Q0 is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for all ports ...

Page 248: ...an classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure 4 9 18 appears ...

Page 249: ...249 Figure 4 9 18 Voice VLAN Configuration Page Screenshot ...

Page 250: ...oice VLAN port mode When the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VLAN members automatically Forced Forced join to Voice VLAN All me...

Page 251: ...k to undo any changes made locally and revert to previously saved values 4 9 17 Voice VLAN OUI Table Configure VOICE VLAN OUI table on this page The maximum entry number is 16 Modifying the OUI table will restart auto detection of OUI process The Voice VLAN OUI Table screen in Figure 4 9 19 appears Figure 4 9 19 Voice VLAN OUI Table Page Screenshot ...

Page 252: ...ifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of OUI address Normaly it descript which vendor telephony device The allowed string length is 0 to 32 Buttons Click to add a new access management entry Click to save changes Click to undo any changes made locally and revert to previously saved value...

Page 253: ...ts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detail...

Page 254: ...IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled Port Red...

Page 255: ...nter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware limitations ...

Page 256: ...priority is highest The Access Control List Configuration screen in Figure 4 10 2 appears Figure 4 10 2 Access Control List Configuration Page Screenshot The page includes the following fields Object Description Ingress Port Indicates the ingress port of the ACE Possible values are All The ACE will match all ingress port Port The ACE will match a specific ingress port Policy Bitmask Indicates the ...

Page 257: ...specific ingress port Mirror Specify the mirror operation of this port Frames matching the ACE are mirrored to the destination mirror port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can...

Page 258: ...configuration that is defined here The ACE Configuration screen in Figure 4 10 3 appears Figure 4 10 3 ACE Configuration Page Screenshot The page includes the following fields Object Description Ingress Port Select the ingress port for which this ACE applies All The ACE applies to all port Portn The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the ...

Page 259: ...that hits this ACE is dropped Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled EVC Policer Select whether EVC policer is enabled or disabled The default value is Disabled EVC Policer ID Select which EVC policer ID to apply on this ACE The allowed values are Disabled or the values 1 through 128 ...

Page 260: ...260 Disabled Port shut down is disabled for the ACE Counter The counter indicates the number of times the ACE was hit by a frame ...

Page 261: ...icast Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears DMAC Value When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this DMAC value VLAN Parameters Object Description 802 1Q Tagged Specify wh...

Page 262: ...t or RARP Request OP flag set Reply Frame must have ARP Reply or RARP Reply OP flag Sender IP Filter Specify the sender IP filter for this ACE Any No sender IP filter is specified Sender IP filter is don t care Host Sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network Sender IP filter is set to Network Specify the sender IP address and sender ...

Page 263: ...is equal to the SMAC address Any Any value is allowed don t care IP Ethernet Length Specify whether frames can hit the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv...

Page 264: ... is 0 to 255 A frame that hits this ACE matches this IP protocol value IP TTL Specify the Time to Live settings for this ACE zero IPv4 frames with a Time to Live field greater than zero must not be able to match this entry non zero IPv4 frames with a Time to Live field greater than zero must be able to match this entry Any Any value is allowed don t care IP Fragment Specify the fragment offset set...

Page 265: ... Address field that appears Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear DIP Address When Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation DIP Mask When Network is selected for the destination IP filter you can ent...

Page 266: ...ecific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source...

Page 267: ...o match this entry Any Any value is allowed don t care TCP RST Specify the TCP Reset the connection RST value for this ACE 0 TCP frames where the RST field is set must not be able to match this entry 1 TCP frames where the RST field is set must be able to match this entry Any Any value is allowed don t care TCP PSH Specify the TCP Push Function PSH value for this ACE 0 TCP frames where the PSH fie...

Page 268: ...r status is don t care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears Ethernet Type Value When Specific is selected for the EtherType filter you can enter a specific EtherType value The allowed range is 0x600 to 0xFFFF but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 A frame that hit...

Page 269: ...e ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE The ACL Ports Configuration screen in Figure 4 10 4 appears Figure 4 10 4 ACL Ports Configuration Page Screenshot ...

Page 270: ...rt are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled All means all ports will have one specific setting Logging Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System ...

Page 271: ...271 Counter Counts the number of frames that match this ACE ...

Page 272: ...Click to refresh the page any changes made locally will be undone Click to clear the counters 4 10 5 ACL Rate Limiter Configuration Configure the rate limiter for the ACL of the switch The ACL Rate Limiter Configuration screen in Figure 4 10 5 appears Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot ...

Page 273: ...me row Rate The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Unit Specify the rate unit The allowed values are pps packets per second kbps Kbits per second All means all ports will have one specific setting Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 274: ... simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication ...

Page 275: ...l user name and Priviledge Level control RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11...

Page 276: ... In this release the Remote Authentication Dial In User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only supported authentication server it is available in Cisco Secure Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS cl...

Page 277: ...tion information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EA...

Page 278: ...ent initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authori...

Page 279: ...tication Method can be set to one of the following values None authentication is disabled and login is not possible local use the local user database on the switch stack for authentication RADIUS use a remote RADIUS server for authentication TACACSt use a remote TACACS server for authentication Fallback Enable fallback to local authentication by checking this box If none of the configured authenti...

Page 280: ...figuration Security AAA page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authent...

Page 281: ...281 Figure 4 11 4 Network Access Server Configuration Page Screenshot ...

Page 282: ... Reauthentication Enabled checkbox is checked Valid values are in the range 1 to 3600 seconds EAPOL Timeout Determines the time between retransmission of Request Identity EAPOL frames Valid values are in the range 1 to 255 seconds This has no effect for MAC based ports Aging Period This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses S...

Page 283: ...rally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned QoS Enabled below for a detailed description The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enable disable RADIUS ser...

Page 284: ...times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received on the port for the life time of the port Once ...

Page 285: ...DUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many inf...

Page 286: ...munication between the supplicant and the switch If more than one supplicant is connected to a port the one that comes first when the port s link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed acces...

Page 287: ...ients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only suppo...

Page 288: ...ion is only available for single client modes i e Port based 802 1X Single 802 1X RADIUS attributes used in identifying a QoS Class Refer to the written documentation for a description of the RADIUS attributes needed in order to successfully identify a QoS Class The User Priority Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access Accept packet Only the fi...

Page 289: ... Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for the first set of these attributes that have the same Tag value and fulfil the following requirements if Tag 0 is used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value o...

Page 290: ...nce in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating t...

Page 291: ...cessfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Buttons Click to refresh the page Click to save changes Click to undo any changes made loc...

Page 292: ...ive state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user nam...

Page 293: ...Ns here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 4 11 5 Network Access Statistics This page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X aut...

Page 294: ...VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Port Counters Object Description These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorized Port based 80...

Page 295: ...F ramesRx The number of EAPOL frames that have been received by the switch in which the frame type is not recognized Rx Invalid Length dot1xAuthEapLengthErr orFramesRx The number of EAPOL frames that have been received by the switch in which the Packet Body Length field is invalid Tx Total dot1xAuthEapolFrames Tx The number of EAPOL frames of any type that have been transmitted by the switch Tx Re...

Page 296: ...server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Rx Other Requests dot1xAuthBackendOther RequestsToSupplicant 802 1X based Counts the number of times that the switch sends an EAP Request packet fo...

Page 297: ...the supplicant client has not authenticated to the backend server Tx Responses dot1xAuthBackendResp onses 802 1X based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent...

Page 298: ... protocol version number carried in the most recently received EAPOL frame MAC based Not applicable Last Supplicant Client Info Identity 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable Selected Counters Object Description Selected Counters The Selected Counters table is visible when the port is one of the f...

Page 299: ...ing client is currently secured through the Port Security module State The client can either be authenticated or unauthenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason t...

Page 300: ...r both the port counters and all of the attached client s counters The Last Client will not be cleared however This button is available in the following modes Multi 802 1X MAC based Auth X Click to clear only the currently selected client s counters ...

Page 301: ...the range 1 to 1000 to wait for a reply from a RADIUS server before retransmitting the request Retransmit Retransmit is the number of times in the range 1 to 1000 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is...

Page 302: ...to be used as attribute 32 in RADIUS Access Request packets If this field is left blank the NAS Identifier is not included in the packet Server Configuration The table has one row for each RADIUS Server and a number of columns which are Object Description Delete To delete a RADIUS server entry check this box The entry will be deleted during the next Save Hostname The IP address or hostname of the ...

Page 303: ... locally and revert to previously saved values 4 11 7 TACACS This Page allows you to configure the TACACS Servers The TACACS Configuration screen in Figure 4 11 8 appears Figure 4 11 8 TACACS Server Configuration Page Screenshot The Page includes the following fields Global Configuration These setting are common for all of the TACACS Servers Object Description Timeout Timeout is the number of seco...

Page 304: ...e has one row for each TACACS server and a number of columns which are Object Description Delete To delete a TACACS server entry check this box The entry will be deleted during the next Save Hostname The IP address or hostname of the TACACS server Port The TCP port to use on the TACACS server for authentication Timeout This optional setting overrides the global timeout value Leaving it blank will ...

Page 305: ...DIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP commu...

Page 306: ...yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is ...

Page 307: ...hose specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for Object Description RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Packet Counters Rx Access radiusAuthClientExtA The number of RADIUS Access Accept packets valid ...

Page 308: ...se packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authenticators radiusAuthClientExtB adAuthenticators The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from...

Page 309: ...uthClientExtP endingRequests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Tx Timeouts radiusAuthClientExtT imeouts The number of authentication timeouts to th...

Page 310: ...will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Other Info Round Trip Time RadiusAuthClient ExtRoundTripTim e The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS...

Page 311: ...uthenticators The number of RADIUS packets containing invalid authenticators received from the server Rx Unknown Types radiusAccClientExt UnknownTypes The number of RADIUS packets of unknown types that were received from the server on the accounting port Rx Packets Dropped radiusAccClientExt PacketsDropped The number of RADIUS packets that were received from the server on the accounting port and d...

Page 312: ...as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description IP Address IP address and UDP port for the accounting server in question Other Info State Shows the state of the server It takes one of the following values Disable...

Page 313: ...ime interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet Buttons Auto refresh Check this box to refresh the Page automatically Automatic refresh occurs every 3 seconds Click to ref...

Page 314: ...lows you to configure the Port Security Limit Control system and port settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as de...

Page 315: ...315 ...

Page 316: ... number between 10 and 10 000 000 seconds To understand why aging may be desired consider the following scenario Suppose an end host is connected to a 3rd party switch or hub which in turn is connected to a port on this switch on which Limit Control is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers down If it wasn t for...

Page 317: ...resses on the port but take no further action Trap If Limit 1 MAC addresse is seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent everytime the limit gets exceeded Shutdown If Limit 1 MAC addresses is seen on the port shut down the port This implies that all secured MAC addresses will be removed from the port an...

Page 318: ...e page to be refreshed so non committed changes will be lost Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values Click to refresh the page Note that non committed changes will be lost 4 12 2 Access Management Configure access management table on this Page The maximum entry number is 16 If the application s type match any one of the access mana...

Page 319: ...t can access the switch from HTTP HTTPS interface that the host IP address matched the entry SNMP Indicates the host can access the switch from SNMP interface that the host IP address matched the entry TELNET SSH Indicates the host can access the switch from TELNET SSH interface that the host IP address matched the entry Buttons Click to add a new access management entry Click to apply changes Cli...

Page 320: ...e Managed Switch Receive Packets The received packets number from the interface under access management mode is enabled Allowed Packets The allowed packets number from the interface under access management mode is enabled Discard Packets The discarded packets number from the interface under access management mode is enabled ...

Page 321: ...es the HTTPS mode operation Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation Automatic redirect web browser to HTTPS during HTTPS mode enabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Buttons Click to save changes Click to ...

Page 322: ...on Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 6 Port Security Status This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from oth...

Page 323: ... Figure 4 12 6 appears Figure 4 12 6 Port Security Status Screen Page Screenshot The page includes the following fields User Module Legend The legend shows all user modules that may request Port Security services Object Description ...

Page 324: ...Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user modul...

Page 325: ...l Screen Page Screenshot The page includes the following fields Object Description MAC Address VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traff...

Page 326: ...326 indefinitely a dash will be shown Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately ...

Page 327: ... when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on this page The DHCP Snooping Configuration screen in Figure 4 12 8 appears Figure 4 12 8 DHCP Snooping Configuration Screen Page Screenshot ...

Page 328: ...328 ...

Page 329: ...de Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message All means all ports will have one specific setting Buttons Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 9 DHCP Snooping Statistics This page provides statistics for DHCP snoopi...

Page 330: ...decline option 53 with value 4 packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform The number of inform option 53 with value 8 pac...

Page 331: ...nsmitted Rx and Tx Lease Active The number of lease active option 53 with value 13 packets received and transmitted Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the counters for the selected port ...

Page 332: ...d on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host This page provides IP Source Guard related configuration The IP Source Guard Configuration screen in Figure 4 12 10 appears Figure 4 12 10 IP Source Guard Configuration Screen Page Screenshot ...

Page 333: ...mum number of dynamic clients can be learned on given ports This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max dynamic client is equal 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port All means all ports will have one specific setting Buttons Click to translate all dynamic entries to static entries Click to ...

Page 334: ...ew entry Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 12 ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page...

Page 335: ...335 ...

Page 336: ...s given port All means all ports will have one specific setting Buttons Click to translate all dynamic entries to static entries Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 13 ARP Inspection Static Table This page provides Static ARP Inspection Table The Static ARP Inspection Table screen in Figure 4 12 13 appears Figure 4 12 13 Static AR...

Page 337: ...ddress Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Buttons Click to add a new entry Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 338: ...s The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age time 4 13 1 MAC Address Table Configurat...

Page 339: ...arning If the learning mode for a given port is greyed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Object Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done Secure Only static MAC entries are learned all other f...

Page 340: ... MAC table is sorted first by VLAN ID and then by MAC address Object Description Delete Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry ...

Page 341: ...e web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC...

Page 342: ...c ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address The Dynamic ARP Inspection Table screen in Figure 4 13 3 appears Figure 4 13 3 Dynamic ARP Inspection Table Screenshot Navigating the ARP Inspection Table Each pa...

Page 343: ... permitted MAC Address User MAC address of the entry IP Address User IP address of the entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the input fields Updates the table starting from the first entry in the Dynamic ARP Inspection Table Updates the table starting with the entry after the...

Page 344: ...splayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over The page includes the following fields Object Description Port Switch Port Number for which the entries are displayed VLAN ID VLAN...

Page 345: ...nes how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP ME...

Page 346: ...346 Figure 4 14 1 LLDP Configuration Page Screenshot ...

Page 347: ...l seconds Valid values are restricted to 2 10 times TTL in seconds is based on the following rule Transmission Interval Holdtime Multiplier 65536 Therefore the default TTL is 4 30 120 seconds Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be large...

Page 348: ...o a corresponding field in the LLDP neighbours table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics CDP TLVs are mapped onto LLDP neighbours table as shown below CDP TLV Device ID is mapped to the LLDP Chassis ID field CDP TLV Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple...

Page 349: ...d in IEEE 802 1AB Management Address Optional TLV When checked the management address is included in LLDP information transmitted The management address protocol packet includes the IPv4 address of the switch If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement The management address TLV may also include information abou...

Page 350: ...350 Figure 4 14 2 LLDP MED Configuration Page Screenshot ...

Page 351: ...P MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbor has been detected in order share LLDP MED information as fast as possible to new neighbors Because there is a risk that a LLDP frame being lost du...

Page 352: ... 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum...

Page 353: ... suffix Street suffix Example Ave Platz House no House number Example 21 House no suffix House number suffix Example A Landmark Landmark or vanity address Example Columbia University Additional location info Additional location info Example South Wing Name Name residence and office occupant Example Flemming Jahn Zip code Postal zip code Example 2791 Building Building structure Example Low Library ...

Page 354: ...twork policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 This network policy is potentially advertised and associated with multiple sets of application types supported on a given port The application types specifically addressed are 1 Voice 2 Guest Voice 3 Softphone Voice 4 Video Confe...

Page 355: ...e guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically c...

Page 356: ...y specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 DSCP DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value...

Page 357: ... following fields Fast start repeat count Object Description Port The port on which the LLDP frame was received Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure fo...

Page 358: ...t support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpo...

Page 359: ...D 6 Inventory 7 Reserved Application Type Application Type indicating the primary function of the application s defined for this network policy advertised by an Endpoint or Network Connectivity Device The poosible application types are shown below Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed...

Page 360: ...E 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significan...

Page 361: ...ities Auto negotiation Capabilities shows the link partners MAC PHY capabilities Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately ...

Page 362: ... the neighbor port System Name System Name is the name advertised by the neighbor unit Port Description Port Description is the port description advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Re...

Page 363: ...s This page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole stack switch while local counters refer to counters for the currently selected switch The LLDP Statistics screen in Figure 4 14 5 appears Figure 4 14 5 LLDP Statistics Page Screenshot The page includes the following fields Global Counters ...

Page 364: ...nsmitted Tx Frames The number of LLDP frames transmitted on the port Rx Frames The number of LLDP frames received on the port Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP ...

Page 365: ...eceived within the age out time the LLDP information is removed and the Age Out counter is incremented Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clears the local counters All counters including global counters are cleared upon reboot ...

Page 366: ...witch transmits ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics is performing tests on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as fol...

Page 367: ...4 15 1 ICMP Ping Page Screenshot The page includes the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Ping Count The count of the ICMP packet Values range from 1 time to 60 times Ping Interval The interval of the ICMP packet Values range from 0 second to 30 seconds Be sure the target ...

Page 368: ... the following fields Object Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Ping Count The count of the ICMP packet Values range from 1 time to 60 times Ping Interval The interval of the ICMP packet Values range from 0 second to 30 seconds Button Click to start transmitting ICMP packets Click to re start dia...

Page 369: ...on of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Figure 4 15 3 Remote IP Ping Test Page Screenshot ...

Page 370: ...ed for running the Cable Diagnostics Press to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be ...

Page 371: ...ct to copper port not fiber port Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair Buttons Click to run the diagnostics 4 16 Loop Protection This page allows the user to inspect the current Loop Protection configurations and possibly change them as well 4 16 1 Configuration This page allows the user to inspect the current Loop Protection ...

Page 372: ...372 Figure 4 16 1 Loop Protection Configuration Page Screenshot ...

Page 373: ...o will keep a port disabled until next device restart Port Configuration Object Description Port The switch port number of the port Enable Controls whether loop protection is enabled on this switch port Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is actively generating lo...

Page 374: ...smit The currently configured port transmit mode Loops The number of loops detected on this port Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page...

Page 375: ...lert thresholds for RMON Agent records Event A list of all events generated by RMON Agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 17 1 RMON Alarm Configuration C...

Page 376: ...packets that request to transmit OutDiscards The number of outbound packets that are discarded event the packet is normal OutErrors The The number of outbound packets that could not be transmitted because of errors OutQLen The length of the output packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possibl...

Page 377: ...377 Falling Threshold Falling threshold value 2147483648 2147483647 Falling Index Falling event index 1 65535 ...

Page 378: ...creen in Figure 4 17 2 appears Figure 4 17 2 Port Statistics Overview page screenshot The page includes the following fields Object Description ID Indicates the index of Alarm control entry Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected va...

Page 379: ...he following fields Object Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Indicates the notification of the event the possible types are none The total number of octets received on the interface including f...

Page 380: ...ault being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Event table The first displayed will be the one with the lowest Event Index and Log Index found in the Event table table screen in Figure 4 17 4 appears Figure 4 17 4 RMON Event Overview page screenshot The page includes the following fields Objec...

Page 381: ... fields Object Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Interval Indicates the interval in seconds for samplin...

Page 382: ... includes the following fields Object Description History Index Indicates the index of History control entry Sample Index Indicates the index of the data entry associated with the control entry Sample Start The total number of events in which packets were dropped by the probe due to lack of resources Drops The total number of events in which packets were dropped by the probe due to lack of resourc...

Page 383: ...etwork utilization on this interface during this sampling interval in hundredths of a percent Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediate Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID Updates the table starting with the entry after the last en...

Page 384: ...age input field When first visited the web page will show the first 20 entries from the beginning of the Statistics table The first displayed will be the one with the lowest ID found in the Statistics table screen in Figure 4 17 8 appears Figure 4 17 8 RMON Statistics Status page screenshot The page includes the following fields Object Description ID Indicates the index of Statistics entry Data So...

Page 385: ...RC Coll The best estimate of the total number of collisions on this Ethernet segment 64 The total number of packets including bad packets received that were 64 octets in length 65 127 The total number of packets including bad packets received that were from 65 to 127 octets in length 128 255 The total number of packets including bad packets received that were from 128 to 255 octets in length 256 5...

Page 386: ...This Selection box will allow you to select the One_pps_mode configuration The following values are possible 1 Output Enable the 1 pps clock output 2 Input Enable the 1 pps clock input 3 Disable Disable the 1 pps clock in out put External Enable This Selection box will allow you to configure the External Clock output The following values are possible 1 True Enable the external clock output 2 False...

Page 387: ...e user to configure and inspect the current PTP clock settings Figure 4 18 2 PTP Clock configuration page screenshot The page includes the following fields Object Description One_pps_mode Shows the current One_pps_mode configured 1 Output Enable the 1 pps clock output 2 Input Enable the 1 pps clock input 3 Disable Disable the 1 pps clock in out put External Enable Shows the current External clock ...

Page 388: ...ce Type Indicates the Type of the Clock Instance There are five Device Types 1 Ord Bound Clock s Device Type is Ordinary Boundary Clock 2 P2p Transp Clock s Device Type is Peer to Peer Transparent Clock 3 E2e Transp Clock s Device Type is End to End Transparent Clock 4 Master Only Clock s Device Type is Master Only 5 Slave Only Clock s Device Type is Slave Only Port List Shows the ports configured...

Page 389: ...should be assigned as the member ports in the ERPS Only one switch in the Ring group would be set as the RPL owner switch in which one port called owner port would be blocked and PRL neighbour switch has one port in which one port called neighbour port would be blocked The neighbour port is connected to the owner port directly and this link is called the Ring Protection Link or RPL Each switch wil...

Page 390: ...nfiguration The Maintenance Entity Point instances are configured here as screen in Figure 4 19 1 is shown below Figure 4 19 1 MEP configuration page screenshot The page includes the following fields Object Description ...

Page 391: ...ingress traffic on Residence Port Egress This is an Egress up MEP monitoring egress traffic on Residence Port Residence Port The port where MEP is monitoring see Direction Level The MEG level of this MEP Flow Instance The MEP is related to this flow See Domain Tagged VID Port MEP An outer C S tag depending on VLAN Port Type is added with this VID Entering 0 means no TAG added This MAC The MAC of t...

Page 392: ... Figure 4 19 2 Detailed MEP configuration page screenshot The page includes the following fields Instance Data Object Description MEP Instance The ID of the MEP Domain See help on MEP create WEB Mode See help on MEP create WEB Direction See help on MEP create WEB Residence Port See help on MEP create WEB Flow Instance See help on MEP create WEB ...

Page 393: ...value 13 will become NULL MEP Id This value will become the transmitted two byte CCM MEP ID cLevel Fault Cause indicating that a CCM is received with a lower level than the configured for this MEP cMEG Fault Cause indicating that a CCM is received with an MEG ID different from configured for this MEP cMEP Fault Cause indicating that a CCM is received with an MEP ID different from all Peer MEP ID c...

Page 394: ...l Configuration Instance Data Object Description Enable Continuity Check based on transmitting receiving CCM PDU can be enabled disabled The CCM PDU is always transmitted as Multi cast Class 1 Priority The priority to be inserted as PCP bits in TAG if any In case of enabling Continuity Check and Loss Measurement both implemented on SW based CCM Priority has to be the same Frame rate Selecting the ...

Page 395: ...ype The R APS PDU is always transmitted with multi cast MAC described in G 8032 Type R APS APS PDU is transmitted as R APS this is for ERPS L APS APS PDU is transmitted as L APS this is for ELPS Last Octet This is the last octet of the transmitted and expected RAPS multi cast MAC In G 8031 03 2010 a RAPS multi cast MAC is defined as 01 19 A7 00 00 XX In current standard the value for this last oct...

Page 396: ...connected sub ring without virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 SF MEP is associated with this instance Port 0 APS MEP The Port 0 APS PDU handling MEP Port 1 APS MEP The Port 1 APS PDU handling MEP As only one APS MEP is associated with interconnected sub ring without virtual channel it is configured as 0 for such ring instances 0 i...

Page 397: ...397 Click to refresh the page immediately Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 398: ...reenshot The page includes the following fields Instant Data Object Description ERPS ID The ID of the Protection group Port 0 See help on ERPS create WEB Port 1 See help on ERPS create WEB Port 0 SF MEP See help on ERPS create WEB Port 1 SF MEP See help on ERPS create WEB Port 0 APS MEP See help on ERPS create WEB Port 1 APS MEP See help on ERPS create WEB Ring Type Type of Protected ring It can b...

Page 399: ...istent check on Signal Fail before switching The range of the hold off timer is 0 to 10 seconds in steps of 100 ms Version ERPS Protocol Version v1 or v2 Revertive In Revertive mode after the conditions causing a protection switch has cleared the traffic channel is restored to the working transport entity i e blocked on the RPL In Non Revertive mode the traffic channel continues to use the RPL if ...

Page 400: ...tion Tables in G 8032 Port 0 Receive APS The received APS on Port 0 according to State Transition Tables in G 8032 Port 1 Receive APS The received APS on Port 1 according to State Transition Tables in G 8032 WTR Remaining Remaining WTR timeout in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is not received from the other end Port 0 Block Status Block sta...

Page 401: ...values 4 19 5 Ring Wizard This page allows the user to configure the ERPS by wizard screen in Figure 4 19 4 appears Figure 4 19 5 Ring Wizard page screenshot The page includes the following fields Object Description All Switch Numbers Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 Number ID The switch where you are requesting ERPS Port Configures the...

Page 402: ... 4 19 6 Ring Example Diagram The above topology often occurs on using ERPS protocol The multi switch constitutes a single ERPS ring all of the switches only are configured as an ERPS in VLAN 3001 thereby constituting a single MRPP ring Switch ID Port MEP ID RPL Type VLAN Group Port 1 1 None 3001 Switch 1 Port 2 2 Owner 3001 ...

Page 403: ... 1 Connect PC to switch 1 directly don t connect to port 1 2 Log in on the Switch 1 and click Ring Ring Wizard Set All Switch Number 3 and Number ID 1 click Next button to set the ERPS configuration for Switch 1 Set MEP1 Port1 MEP2 Port2 and VLAN ID 3001 click Set button to save the ERPS configuration for Switch 1 Set ERPS Configuration on Switch 2 Connect PC to switch 2 directly don t connect to ...

Page 404: ...tch 3 Set MEP5 Port2 MEP6 Port1 and VLAN ID 3001 click Set button to save the ERPS configuration for Switch 3 To avoid loop please don t connect switch 1 2 3 together in the ring topology before configuring the end of ERPS Follow the configuration or ERPS wizard to connect the Switch 1 2 3 together to establish ERPS application MEP2 MEP3 Switch1 Port2 Switch2 Port2 MEP4 MEP5 Switch2 Port1 Switch3 ...

Page 405: ...ress is located at the same port with this packet comes in then this packet will be filtered Thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Managed Switch stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occ...

Page 406: ...lt in Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode 1000Base T can be only co...

Page 407: ... device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting Why the Managed Switch doesn t connect to the network Solution Check per port LED on the Managed Switch Try another port on the Managed Switch Make sure the cable is installed properly Make sure the cable is the right t...

Page 408: ...P address to the default IP Address 192 168 0 100 or reset the password to default value Press the hardware reset button at the front panel about 5 seconds After the device is rebooted you can login the management WEB interface within the same subnet of 192 168 0 xx ...

Page 409: ...he Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment Contact MDI Media Dependent Interface MDI X Media Dependent Interface Cross 1 Tx transmit Rx receive 2 Tx transmit Rx ...

Page 410: ...e 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Crossover Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Figure A 1 Strai...

Page 411: ...in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and...

Page 412: ...ction Switching This protocol is used to secure that switching is done bidirectional in the two ends of a protection group as defined in G 8031 Aggregation Using multiple ports in parallel is to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP ARP is an acronym for Address Resolution Protocol It is...

Page 413: ...ts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP DHCP is an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices ...

Page 414: ...ameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping DHCP Snooping is ...

Page 415: ...ching for Ethernet traffic in a ring topology and at the same time ensuring that there are no loops formed at the Ethernet layer Ethernet Type Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame F FTP FTP is an acronym for File Transfer Protocol It is a transfer ...

Page 416: ...ver Secure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 44...

Page 417: ...essages on the server rather than downloading them to your computer If you wish to remove your messages from the server you must use your mail client to generate local folders copy messages to your local hard drive and then delete and expunge the messages from the server IP IP is an acronym for Internet Protocol It is a protocol used for communicating data across an internet network IP is a best e...

Page 418: ...lowed by LLC information LLDP LLDP is an IEEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide manag...

Page 419: ...e time MEP MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 MD5 MD5 is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm Mirroring For debuggin...

Page 420: ... is IEEE 802 1X NetBIOS NetBIOS is an acronym for Network Basic Input Output System It is a program that allows applications on separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and trans...

Page 421: ...er sourcing equipment to a remote device The remote device is called a PD PHY PHY is an abbreviation for Physical Interface Transceiver and is the device that implements the Ethernet physical layer IEEE 802 3 PING ping is a program that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with...

Page 422: ...rotocol over Ethernet It is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia Private VLAN In a private VLAN PVLANs provide layer 2 isolation between ports within the same broadcast domain Isolate...

Page 423: ...ntees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the complement of ARP ...

Page 424: ...f an input data sequence the message of any length Shaper A shaper can limit the bandwidth of transmitted frames It is located after the ingress queues SMTP SMTP is an acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems ...

Page 425: ...two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia SSM SSM In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication STP Spannin...

Page 426: ...inal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user must log in to a server by entering a valid username and password Then the client user can enter commands through ...

Page 427: ... to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP UPnP UPnP is an...

Page 428: ...he transmission priority of voice traffic and voice quality W WEP WEP is an acronym for Wired Equivalent Privacy WEP is a deprecated algorithm to secure IEEE 802 11 wireless networks Wireless networks broadcast messages is using radio so are more susceptible to eavesdropping than wired networks When introduced in 1999 WEP was intended to provide confidentiality comparable to that of a traditional ...

Page 429: ...ferent keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPS WPS is an acronym for Wi Fi Protected Setup It is a standard for easy and secure establishment of a...