KTI Networks KGS-2421, User Manual

Page 1: ...KGS 2421 KGS 1620 Web Management Interface User s Manual 1 DOC 110616 ...

Page 2: ...e and modify the software and its source code is granted Permission to integrate into other products disclose transmit and distribute the software in an absolute machine readable format e g HEX file is also granted The software may only be used in products utilizing the Vitesse switch products C 2010 KTI Networks Inc All rights reserved No part of this documentation may be reproduced in any form o...

Page 3: ...part of KTI Networks Inc to provide notification of such revision or change For more information contact United States KTI Networks Inc P O BOX 631008 Houston Texas 77263 1008 Phone 713 2663891 Fax 713 2663893 E mail kti ktinet com URL http www ktinet com International Fax 886 2 26983873 E mail kti ktinet com tw URL http www ktinet com tw 3 ...

Page 4: ...14 2 3 Security 16 2 3 1 Switch 16 2 3 1 1 Password 16 2 3 1 2 Auth Method 17 2 3 1 3 SSH 18 2 3 1 4 HTTPS 19 2 3 1 5 SNMP 20 2 3 1 5 1 System 20 2 3 1 5 2 Communities 23 2 3 1 5 3 Users 24 2 3 1 5 4 Groups 26 2 3 1 5 5 Views 27 2 3 1 5 6 Accesses 28 2 3 2 Network 29 2 3 2 1 NAS 29 2 3 2 2 ACL 33 2 3 2 2 1 Ports 33 2 3 2 2 2 Rate Limiters 34 2 3 2 2 3 Access Control Lists 35 2 3 3 Auth Server 37 2...

Page 5: ...2 8 1 Static MAC Address Configuration 63 2 9 VLANs 64 2 9 1 VLAN Membership 64 2 9 2 VLAN Port Configuration 66 2 10 Private VLANs 68 2 10 1 PVLAN Memberships 69 2 10 2 Port Isolation 71 2 11 QoS 72 2 11 1 Ports 73 2 11 2 QoS Control List 74 2 11 3 Rate Limiters 76 2 11 4 Storm Control 77 2 11 5 Wizard 78 2 11 6 Wizard Port Policies 79 2 11 7 Wizard Typical Network Application Rules 81 2 11 8 Wiz...

Page 6: ...1 Network 97 3 3 1 1 Port Security 98 3 3 1 1 1 Switch 98 3 3 1 1 2 Port 99 3 3 1 2 NAS 100 3 3 1 2 1 Switch 100 3 3 1 2 2 Port 100 3 3 1 3 ACL Status 101 3 3 2 Auth Server 102 3 3 2 1 RADIUS Overview 102 3 3 2 2 RADIUS Details 103 3 4 LACP 105 3 4 1 System Status 105 3 4 2 Port Status 106 3 4 3 Port Statistics 108 3 5 Spanning Tree 109 3 5 1 Bridge Status 109 3 5 2 Port Status 111 3 5 3 Port Stat...

Page 7: ...atistics 118 3 8 MAC Table 120 3 9 VLAN 121 3 9 1 VLAN Membership 121 3 9 2 VLAN Port 122 4 Diagnostics 124 4 1 SFP DDM 124 4 2 Ping 126 4 3 Copper Cable 127 5 Maintenance 128 5 1 Reset Device 128 5 2 Factory Defaults 129 5 3 Software Upload 129 5 4 Configuration 129 Glossary 131 ...

Page 8: ...aged from a web browser software make sure a unique IP address is configured for the switch 1 1 Start Browser Software and Making Connection Start your browser software and enter the IP address of the switch unit to which you want to connect The IP address is used as URL for the browser software to search the device URL http xxx xxx xxx xxx Factory default IP address 192 168 0 2 1 2 Login to the S...

Page 9: ...ccessful management connection at the same time A switch image icon is displayed as follows after a successful login The following example shows an image of a 24 port switch model Image of 24 Port Switch Model Image of 16 Port Switch Model 9 ...

Page 10: ... LLDP configuration MAC Table MAC address learning settings and static MAC address port configuration VLANs VLAN groups and VLAN port related configuration Private VLANs PVLAN groups and port isolation configuration QoS QoS port ingress egress and QCL configuration Port rate control QCL wizard Mirroring Port mirroring settings Monitor System System information and system log information Ports Port...

Page 11: ...P DDM SFP DDM information Ping ICMP ping utility Copper Cable Copper cable diagnostics for all copper ports Maintenance Reset Device Command to reboot the switch Factory Defaults Command to restore the switch with factory default settings Software Upload Command to update the switch firmware Configuration Command to save or upload the system configuration ...

Page 12: ...ters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Timezone Offset Provide the tim...

Page 13: ...e is 1 through 4095 SNTP Server Provide the IP address of the SNTP Server Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Renew Click to renew DHCP This button is only available if DHCP is enabled Note 1 If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP w...

Page 14: ...nd red that it is down Speed Current Provides the current link speed of the port Speed Configured Select any available link speed for the given switch port Disabled disables the switch port operation Auto selects the highest speed that is compatible with a link partner 1Gbps FDX selects auto negotiation 1000Mbps and full duplex 100Mbps FDX selects fixed 100Mbps and full duplex 14 ...

Page 15: ...e allowed range is 1518 bytes to 9600 bytes Excessive Collision Mode Configure port transmission collision behavior Discard Discard frame after 16 collisions default Restart Restart back off algorithm after 16 collisions Power Control The column shows the current percentage of the power consumption per port The Configured column allows for changing the power savings mode parameters per port Disabl...

Page 16: ...t system password If this is incorrect the new password will not be set New Password New system password to be used Allowed string length is 0 to 31 and the allowed content is the ASCII characters from 32 to 126 Confirm New Password Re enter the new system password Save Click to save the changes 16 ...

Page 17: ...on can be set to one of the following values none authentication is disabled and login is not possible local use the local user database on the switch for authentication RADIUS use a remote RADIUS server for authentication Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 17 ...

Page 18: ...de Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 18 ...

Page 19: ...peration Automatic Redirect Indicates the HTTPS redirect mode operation Automatic redirect web browser to HTTPS during HTTPS mode enabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 19 ...

Page 20: ...n Description Mode Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 20 ...

Page 21: ...lexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a particular range of source addresses can use to restrict source subnet Engine ID Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local us...

Page 22: ...MP trap inform timeout seconds The allowed range is 0 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 255 TrapProbeSecurityEngineID Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID mode of operation Disabled Disable SNMP trap probe security engine ID mode of operat...

Page 23: ...y string will treat as security name and map a SNMPv1 or SNMPv2c community string Source IP Indicates the SNMP access source address A particular range of source addresses can use to restrict source subnet when combined with source mask Source Mask Indicates the SNMP access source address mask Add new community Click to add a new community entry as shown below Delete Click to cancel the new entry ...

Page 24: ...name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The value of security le...

Page 25: ...None privacy protocol DES An optional flag to indicate that this user using DES authentication protocol Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 Add new user Click to add a new SNMPv3 user entry as shown below Delete Click to cancel the new entry Save Click to save the changes R...

Page 26: ...ecurity name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Add new group Click to add a new SNMPv3 group entry as shown below Delete ...

Page 27: ...d be included excluded An optional flag to indicate that this view sub tree should be excluded General if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID sub tree overstep the excluded view entry OID Subtree The OID defining the root of the sub tree to add to the named view The allowed OID length is 1 to 128 The allowed string con...

Page 28: ...le security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Write View Name The name o...

Page 29: ...backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Authentication configuration page MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X software installed on his system The switch uses the user s MAC address to authenticate against t...

Page 30: ... enabled ports can be used to detect if a new device is plugged into a switch port For MAC based ports re authentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port see Age Period below Reauthentication Period Determines the period in seconds af...

Page 31: ... frame before the second half of the age period expires the switch will consider the client alive and leave it authenticated Therefore an age period of T will require the client to send frames more frequent than T 2 for him to stay authenticated Hold Time This setting applies to ports running MAC based authentication only If the RADIUS server denies a client access or a RADIUS server request times...

Page 32: ...dmin State is Auto but the supplicant is not yet authenticated or the Admin State is Unauthorized X Auth Y Unauth X clients are currently authorized and Y are unauthorized This state is shown when 802 1X and MAC based authentication is globally enabled and the Admin State is set to MAC Based Restart Two buttons are available for each row The buttons are only enabled when authentication is globally...

Page 33: ...default value is 1 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply to this port The allowed values are Disabled or the values 1 15 The default value is Disabled Port Copy Select which port frames are copied to The allowed values are Disabled or a specific port number The default value is Disabled Shu...

Page 34: ...made locally will be undone Clear Click to clear the counters 2 3 2 2 2 Rate Limiters Configuration Description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps Save Click to save the changes R...

Page 35: ...which are not ICMP UDP TCP Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 15 When Disabled is displayed the rate limiter operation is disabled Port Copy Indicates the port copy operation of the ACE Frames matching t...

Page 36: ...ication buttons Inserts a new ACE before the current row e Edits the ACE Moves the ACE up the list Moves the ACE down the list X Deletes the ACE The lowest plus sign adds a new entry at the bottom of the list of ACL Refresh Click to refresh the page any changes made locally will be undone Clear Click to clear the counters Remove All Click to remove all ACEs Remark The maximum number of ACEs is 128...

Page 37: ...e subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually t...

Page 38: ... The UDP port to use on the RADIUS Authentication Server If the port is set to zero 0 the default port 1812 is used for the RADIUS Authentication Server Secret The secret up to 29 characters long shared between the RADIUS Authentication Server and the switch unit Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 39: ...tches using more than one physical links to increase the connection bandwidth between two switches Two aggregation modes Static and LACP are supported Note Maximum number of aggregation groups in one 24 Port switch 12 Maximum number of aggregation groups in one 16 Port switch 8 Maximum number of physical switched port members per group no limit 2 4 1 Static Screen of 24 Port Switch 39 ...

Page 40: ...r the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled TCP UDP Port Number The TCP UDP port number can be used to calculate the destinat...

Page 41: ...ts belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 2 4 2 LACP Configuration Description Port The port number for which the associated row configuration applies LACP Enabled Controls whether LACP is enabled...

Page 42: ...ggregation group while ports with different keys cannot Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a link partner speak if spoken to Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Note LLAG means LACP Link Aggregation Groups ...

Page 43: ...Valid values STP RSTP MSTP Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values 4 30 seconds Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values 6 40 seconds Max Age must be FwdDelay 1 2 Maximum Hop Count It defines how many bridges a root bridge can distri...

Page 44: ...ed as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a syst...

Page 45: ...t 32 characters Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 65535 MSTI Mapping MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to on...

Page 46: ...e The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 46 ...

Page 47: ... path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above AdminEdge Controls whether the operEdge flag should start as being set or cleared The initial operEdge state when a port is initialized operEdge Operational flag describi...

Page 48: ...causing address flushing in that region possibly because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently BPDU Guard If enabled causes the port to disable itself upon receiving valid BPDU s Contrary to the similar bridge setting the port Edge status does not affect this setting A port entering error disable...

Page 49: ...Configuration Description MSTI Select an MSTI for pop up configuration Get Click to pop up configuration page 49 ...

Page 50: ...alues Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values 1 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Save Click to save the c...

Page 51: ...al Configuration Description Snooping Enabled Enable the Global IGMP Snooping Unregistered IPMC Flooding enabled Enable unregistered IPMC traffic flooding Port Configuration Description Port The port number for which the row configuration applies 51 ...

Page 52: ...ration Description Start from VLAN Select range of VLAN table entries VLAN ID The VLAN ID of the entry Snooping Enabled Enable the per VLAN IGMP Snooping IGMP Querier Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each Querier s interval is 125 second and it will stop act as an IGMP Querier if received any Querier from...

Page 53: ...for having the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values 5 32768 seconds Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold 53 ...

Page 54: ... not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP information received from nei...

Page 55: ... repeat count The number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP frame with new information is received Coordinates Location 55 ...

Page 56: ...p Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is the North American Vertical Datum of 1988 NAVD88 This datum pair is to be used when referencing locations on land not near tidal water wh...

Page 57: ...ifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Add New Policy Click to configure a new policy Delete Check to delete the policy It will be deleted during the next save Policy ID ID for the policy Th...

Page 58: ...and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type 8 Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be adverti...

Page 59: ...on Information Civic Address LCI Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network ...

Page 60: ...on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to ...

Page 61: ...2 8 MAC Table Screen of 24 Port Switch 61 ...

Page 62: ...0 to 1000000 seconds Port MAC Table Learning Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done 62 Secure Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is los...

Page 63: ... of 24 Port Switch Screen of 16 Port Switch Static MAC Table Configuration VLAN ID The VLAN ID for the static MAC address entry MAC Address The MAC address for the entry Port Members Check to indicate which ports are members of the entry Check or uncheck as needed to modify the entry Delete Click to delete the entry It will be deleted during the next save Add new static entry Click to configure a ...

Page 64: ...ete Check to delete a VLAN entry The entry will be deleted on the switch unit during the next Save VLAN ID Indicates the ID of this particular VLAN Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are uncheck...

Page 65: ...D Enter VLAN ID for the new VLAN entry Legal values 1 through 4095 Delete Click to delete the new VLAN row Add new entry Click to add another new VLAN ID Save Click to save the new VLAN row Reset Click to undo any changes made locally and revert to previously saved values Screen of 16 Port Switch Configuration Description VLAN ID Enter VLAN ID for the new VLAN entry Legal values 1 through 4095 Por...

Page 66: ...AN Port Configuration Configuration Description Port This is the logical port number for this row VLAN Aware Enable VLAN awareness for a port by checking the box This parameter affects VLAN ingress processing If VLAN awareness is enabled the tag is removed from tagged frames received on the port Furthermore VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled a...

Page 67: ...ss processing None a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Specific the default value a Port VLAN ID can be configured see below Untagged frames received on the port are classified to the Port VLAN ID If VLAN awareness is disabled all frames received on the port are classified to the ...

Page 68: ...irewall server provider network or similar central resource Types of Ports in a private VLAN Promiscuous Usually connects to a router a type of a port which is allowed to send and receive frames from any other port on the VLAN Isolated This type of port is only allowed to communicate with Promiscuous ports Isolated ports are not allowed to communicate to each other This type of ports usually conne...

Page 69: ...not accepted and a warning message appears Port Members A row of check boxes for each port is displayed for each private VLAN ID To include a port in a Private VLAN check the box To remove or exclude the port from the Private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Add new Private VLAN Click to add a new private VLAN ID An empty row is added ...

Page 70: ...Adding new Private VLAN 70 Screen of 24 Port Switch Screen of 16 Port Switch Configuration Description Private VLAN ID See above Port Members See above Delete Click to delete the new private VLAN row ...

Page 71: ...ion Port Numbers A check box is provided for each port of a private VLAN When checked set the port to be isolation port in a private VLAN When unchecked set the port to be promiscuous port in a private VLAN By default port isolation is disabled for all ports Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values 71 ...

Page 72: ...signed to each port A QCL consists of an ordered list of up to 12 QCEs Each QCE can be used to classify certain frames to a specific QoS class This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS class for the port 72 ...

Page 73: ...for frames not matching any of the QCEs in the QCL QCL Select which QCL to use for the port Tag Priority Select the default tag priority for this port when adding a Tag to the untagged frames Egress Configuration Queuing Mode Select which Queuing mode for this port Strict Priority High class queue is served first always till it is empty Weighted The queues are served based on the weight ratios set...

Page 74: ...ation Description QCL Select a QCL to display a table that lists all the QCEs for that particular QCL You can modify each QCE in the table using the following buttons Inserts a new QCE before the current row e Edits the QCE Moves the QCE up the list Moves the QCE down the list X Deletes the QCE The lowest plus sign adds a new entry at the bottom of the list of QCL QCE Type Specifies which frame fi...

Page 75: ...DSCP IPv4 and IPv6 DSCP ToS The 3 precedence bit in the ToS byte of the IPv4 IPv6 header also known as DS field Tag Priority User Priority Only applicable if the frame is VLAN tagged or priority tagged Type Value Indicates the value according to its QCE type Traffic Class The QoS class associated with the QCE Save Click to save the changes Reset Click to undo any changes made locally and revert to...

Page 76: ...nit Configure the unit of measure for the port policer rate as kbps or Mbps The default value is kbps Shaper Enabled Enable or disable the port shaper The default value is Disabled Shaper Rate Configure the rate for the port shaper The default value is 500 This value is restricted to 500 1000000 when the Policer Unit is kbps and it is restricted to 1 1000 when the Policer Unit is Mbps Shaper Unit ...

Page 77: ...hich are sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited to this rate The management VLAN is configured on the IP setup page Configuration Description Frame Type The settings in a particular row apply to the frame type listed here unicast multicast or broadcast Status Enable or disable the storm control status for t...

Page 78: ...2 11 5 Wizard This handy wizard helps you set up a QCL quickly 78 ...

Page 79: ...2 11 6 Wizard Port Policies Screen of 24 Port Switch Screen of 16 Port Switch 79 ...

Page 80: ...is specific QCL Port Members A row of radio buttons for each port is displayed for each QCL ID To include a port in a QCL member click the radio button Cancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard 80 ...

Page 81: ...icates the user definition that applies to the specific QCE The user definitions are Ethernet Type Specify the Ethernet Type filter for this QCE The allowed range is 0x600 to 0xFFFF VLAN ID VLAN ID filter for this QCE The allowed range is 1 to 4095 UDP TCP Port Specify the TCP UDP port filter for this QCE The allowed range is 0 to 65535 DSCP Specify the DSCP filter for this QCE The allowed range i...

Page 82: ... when receiving IPv4 IPv6 packets Configuration Description QCL ID Select the QCL ID to which this QCE applies ToS Precedence Class Select a traffic class of Low Normal Medium or High to apply to the QCE Cancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard 82 ...

Page 83: ...CL ID Select the QCL ID to which this QCE applies VLAN Priority Class Select a traffic class of Low Normal Medium or High to apply to the QCE Cancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard 83 ...

Page 84: ...or destination mirroring Configuration Description Port to mirror to Port to mirror is also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled disables mirroring Port The logical port for the settings contained in the same row Mode Select one of the following mirror modes Rx only Frames received at this port ...

Page 85: ...the mirror port Save Click to save the changes Reset Click to undo any changes made locally and revert to previously saved values Note For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames for the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only ...

Page 86: ...m contact configured in Configuration System Information System Contact Name The system name configured in Configuration System Information System Name Location The system location configured in Configuration System Information System Location 86 MAC Address The MAC Address of this switch ...

Page 87: ... page at regular intervals Refresh Click to refresh the page any changes made locally will be undone 3 1 2 CPU Load This page displays the CPU load using a SVG graph The load is measured as averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG...

Page 88: ...the system log entry Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to Updates the system log entries starting from the current entry ID Clear Flushes all system log entries I Updates the system log entries starting from the first available entry ID Updates the system log entries ending from the last entry currently displayed Updates the s...

Page 89: ...Click to Updates the system log entries starting from the current entry ID Clear Flushes all system log entries I Updates the system log entries starting from the first available entry ID Updates the system log entries ending from the last entry currently displayed Updates the system log entries starting from the last entry currently displayed I Updates the system log entries ending at the last en...

Page 90: ...ch Configuration Description Port Icon Click the port icon to display its detailed statistics Port 2 example Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone ...

Page 91: ...tch Screen of 16 Port Switch Configuration Description Port The logical port for the settings contained in the same row Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port 91 ...

Page 92: ...ess congestion Filtered The number of received frames filtered by the forwarding process Receive Transmit The number of received and transmitted packets per port Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone Clear Click to flush all counters ...

Page 93: ...itch 93 Screen of 16 Port Switch Configuration Description Port The logical port for the settings contained in the same row Low Queue There are 4 QoS queues per port with strict or weighted queuing scheduling This is the lowest priority queue ...

Page 94: ...t has higher priority than the Normal Queue High Queue This is the highest priority queue of the 4 QoS queues Receive Transmit The number of received and transmitted packets per port Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone Clear Click to flush all counters ...

Page 95: ... Multicast Number of received and transmitted good and bad multicast packets Rx and Tx Broadcast Number of received and transmitted good and bad broadcast packets Rx and Tx Pause Counter of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive and Transmit Size Counters Number of received and transmitted good and bad packets split into...

Page 96: ...mber of received frames filtered by the forwarding process Transmit Error Counters Tx Drops Number of frames dropped due to output buffer congestion Tx Late Exc Coll Number of frames dropped due to excessive or late collisions Port Select the logical port for the displayed statistics Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refres...

Page 97: ...3 3 Security 3 3 1 Network 97 ...

Page 98: ...Click the port number to see the status for this particular port Users Each of the user modules has a column that shows whether that module has enabled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security MAC Count Indicate the number of currently learned MAC addr...

Page 99: ...AC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it will stay in the blocked state until the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period me...

Page 100: ...able an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone 3 3 1 2 2 Port Configuration Description Port Select a port to display the port state Admin State The port s current administrative state Refer to NAS Admin State for a description of 100 ...

Page 101: ...e that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP ...

Page 102: ... RADIUS Authentication Servers The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in IP Address UDP Port notation of this server Status The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running...

Page 103: ... or invalid received from the server Access Challenges RFC4670 name radiusAuthClientExtAccessChallenges The number of RADIUS Access Challenge packets valid or invalid received from the server Malformed Access Responses RFC4670 name radiusAuthClientExtMalformedAccessResponses The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an in...

Page 104: ... to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enab...

Page 105: ...the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Local Ports Show which ports are a part of this aggregation for this switch stack The format is Switch ID Port Auto refresh Check this box to enab...

Page 106: ...3 4 2 Port Status Screen of 24 Port Switch 106 ...

Page 107: ...le it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GLAGs while IDs 3 14 are LLAGs Partner System ID The partners System ID MAC address Partner Port The partners port number connected to this port Auto refresh Check this box to enable an automatic refresh ...

Page 108: ...nsmitted Shows how many LACP frames have been sent from each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone Clear Click to clear all counters 108 ...

Page 109: ...he root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Last The time since last Topology Change occurred Auto refresh Check this box to enable an automatic refresh of the page a...

Page 110: ... Regional Root Path Cost For the Regional Root Bridge this is zero For all other CIST instances in the same MSTP region it is the sum of the Internal Port Path Costs on the least cost path to the Internal Root Bridge For the CIST instance only Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Count The number of times where the topology change fla...

Page 111: ...r explicitly configured Each Edge Port transits directly to the Forwarding Port State since there is no possibility of it participating in a loop Point2Point The current STP port point to point flag A point to point port connects to a non shared LAN media The flag may be automatically computed or explicitly configured The point to point properties of a port affect how fast it can transition STP st...

Page 112: ... 3 Port Statistics Configuration Description Port The switch port number of the logical RSTP port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spannin...

Page 113: ...eceived V1 Reports V2 Reports Receive The number of Received V2 Reports V3 Reports Receive The number of Received V3 Reports V2 Leave Receive The number of Received V2 Leave IGMP Groups Groups The present IGMP groups Max are 128 groups for each VLAN Port Members The ports that are members of the entry Router Ports Port The port number Status The port is a router port or not Auto refresh Check this...

Page 114: ... advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address...

Page 115: ...by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint Device Definition LLDP MED the using service communication IP in participate and edge network LAN 802 IEEE at located are TIA 1057 defined as Devices Endpoint Within the LLDP MED Endpoint Device category the LLDP MED scheme is broken into further Endpoint Device Classes as defined in the following Each LLDP MED Endpoint Dev...

Page 116: ...es Media Servers and similar Discovery services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III The LLDP MED Communication Endpoint Class III definition is applicable to all endpoint products that act as end user communication appliances supporting IP media Capabilities include all of the capabilities defined for the previo...

Page 117: ...6 Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services 7 Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with bufferin...

Page 118: ...lication type as defined in IETF RFC 2474 Contain one of 64 code point values 0 through 63 Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone 3 7 3 Port Statistics Global Status Description Neighbor entries were last changed at Shows the time of the last entry was last deleted or adde...

Page 119: ...frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is cou...

Page 120: ...orts that are members of the entry Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to updates the information starting from the current entry ID Clear Click to clear all counters I Updates the system log entries starting from the first available entry ID Updates the system log entries starting from the last entry currently displayed 120 ...

Page 121: ...ronment The VLAN Membership Status Page shall show the current VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users is selected it shall show this information for all the VLAN Users and this is the default VLAN membership allows the frames Classified to the VLAN ID to be forwarded to the respective VLAN member ports Select...

Page 122: ...s are not removed Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded Frame Type Shows whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagg...

Page 123: ...equests to set VLAN membership or VLAN port configuration the following conflicts can occur 1 Functional Conflicts between feature 2 Conflicts due to hardware limitation 3 Direct conflict between user modules ...

Page 124: ...atus Description SFP Ports Port numbers which are equipped with SFP slot i e Port 21 22 23 and 24 Identifier Identification information of the transceiver Connector The connector type used on the transceiver SONET Compliance The SONET compliance information of the transceiver 124 ...

Page 125: ... vendor OUI of the transceiver Temperature The current temperature sensed currently inside the transceiver Voltage The working voltage sensed currently inside the transceiver TX Power The transmission optical power sensed currently TX power data is displayed in unit of µW dBm N µW 30 dBm log10 N x 10 Refresh Click to updates the information ...

Page 126: ... ping test Five ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs Result displayed for a failed ping test Result displayed for a successful ping test New Ping Click to start a new ping test 126 ...

Page 127: ...ximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that the diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostics Therefore running diagnostics on a 10 or 100...

Page 128: ...he stack switch on this page After reset the system will boot normally as if you had powered on the devices Yes Click to reboot device System rebooting message is displayed as follows No Click to return to the Port State page without rebooting 128 ...

Page 129: ...is initiated After about a minute the firmware is updated and the switch reboots Warning While the firmware is being updated Web access appears to be defunct The front LED flashes Green Off with a frequency of 10 Hz while the firmware update is in progress Do not reset or power off the device at this time or the switch may fail to function afterwards 5 4 Configuration You can save view or load the...

Page 130: ...Save configuration Click to start download of the configuration Browse Click to the location of a configuration file Upload Click to start uploading configuration 130 ...

Page 131: ...ce ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration 131 ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs...

Page 132: ... limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as an Ethernet address ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known Before using IP the hos...

Page 133: ...s an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices on a network DHCP used by networked computers clients to obtain IP addresses and other parameters such as the default gateway subnet mask and IP addresses of DNS servers from a DHCP server The DHCP server ensures that all IP addresses are unique for example no IP address is assi...

Page 134: ...der on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server DNS DNS is an acronym for Domain Name System It stores and associates many types of information with domain names Most importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For...

Page 135: ...onvey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands For example when you enter a URL in your browser this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page The other main standard that controls how the World W...

Page 136: ...on from any point within the network IGMP IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It is an integral part of the IP multicast specification like ICMP for unicast connections IGMP can be ...

Page 137: ...t Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet IPMC IPMC is an acronym for IP MultiCast IP Source Guard IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually config...

Page 138: ...Algorithm Mirroring For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port N NetBIOS NetBIOS is an acronym for Network Basic Input Output System It i...

Page 139: ...m that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with an acknowledgment that it received the packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected ping uses Internet Control Message Protocol ICMP packets The PING Request ...

Page 140: ...es inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia Private VLAN In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN Q QCE QCE is an acronym for QoS Control Entry It describes QoS class associ...

Page 141: ...QCL id to an ingress port Furthermore you can assign a default class to a port and a queuing mode Strict queuing means that the higher priority frame will always be served before a lower priority frame Weighted priority will give each class some weight of the bandwidth QoS Rate Limiters Under this page you can configure the policer ingress and shaper egress rate for each port See the help page for...

Page 142: ...ood Network SHA SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the message of any length Shaper A shaper can limit the bandwidth of transmitted frames It is located a...

Page 143: ...grity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia SSM SSM In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication STP Spanning Tree Protocol is an OSI layer 2 protocol which ensures a loop free topology for ...

Page 144: ...ide Web WWW e mail and File Transfer Protocol FTP TELNET TELNET is an acronym for TELetype NETwork It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user mus...

Page 145: ...y prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP UPn...

Page 146: ...iFi is an acronym for Wireless Fidelity It is meant to be used generically when referring of any type of 802 11 network whether 802 11b 802 11a dual band etc The term is promulgated by the Wi Fi Alliance WPA WPA is an acronym for Wi Fi Protected Access It was created in response to several serious weaknesses researchers had found in the previous system Wired Equivalent Privacy WEP WPA implements t...

Page 147: ... PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPS WPS is an acronym for Wi Fi Protected Setup It is a standard for easy and secure establishment of a wireless home network The goal of the WPS protocol is to simplify the proc...