EnGenius EWS Series User Manual
  1. Manuals
  2. Brands
  3. EnGenius Manuals
  4. Switch
  5. EWS Series
  6. User manual
EnGenius EWS Series User Manual

EnGenius EWS Series User Manual

Gigabit managed smart switch with wireless controller
Hide thumbs Also See for EWS Series:
Table of Contents

Advertisement

Quick Links

Download this manual
Business Solutions
Gigabit Managed Smart Switch
with Wireless Controller
EWS Switch Series
1

Advertisement

Table of Contents
loading

Related Manuals for EnGenius EWS Series

Summary of Contents for EnGenius EWS Series

  • Page 1 Business Solutions Gigabit Managed Smart Switch with Wireless Controller EWS Switch Series...
  • Page 2 IMPORTANT To install this device please refer to the Quick Installation Guide included in the product packaging.

  • Page 3: Table Of Contents

    Table of Content Product Overview ...............................7 Introduction ............................8 Key Features ............................9 System Requirements ........................10 Package Contents ..........................10 Technical Specifications ........................11 Getting Started ..............................14 Installing the Switch ..........................15 Management Interface ........................15 Connecting the Switch to a Network ....................16 Software Features ............................
  • Page 4 Wireless Clients ..........................71 Real Time Throughput ........................72 Hotspot Services ..........................73 Captive Portal ..........................73 Guest Account ..........................75 Maintenance ............................. 76 Schedule Tasks ..........................76 Troubleshooting ..........................77 Bulk Upgrade ..........................78 One-Click Update .......................... 79 SSL Certificate ..........................82 Check Codes ..........................
  • Page 5 Management ........................... 140 System Information ........................140 User Management ........................141 Dual Image ..........................142 SNMP ............................143 ACL ..............................152 MAC ACL ............................153 MAC ACE ............................. 154 IPv4 ACL ............................156 IPv4 ACE ............................157 IPv6 ACL ............................159 IPv6 ACE ............................
  • Page 6 Trace Route ..........................198 Maintenance ........................... 199 Configuration Manager ....................... 199 Firmware Upgrade ........................200 Appendix ................................201 Appendix A - Federal Communication Commission Interference Statement ........202 Appendix B - IC Interference Statement ..................... 203 Appendix C - CE Interference Statement .................... 204...

  • Page 7: Product Overview

    Chapter 1 Product Overview...

  • Page 8: Introduction

    The system can automatically discover any supported EnGenius EWS Series Access Points connected to the network with a simple click of a mouse, self-configure and become instantly manageable. Simply log into the device via any standard web browser and assign APs into cluster groups.

  • Page 9: Key Features

    Key Features > 10/100/1000 Mbps Gigabit Ethernet Ports > Dedicated SFP slots for longer connectivity via fiber uplinks and for uplink redundancy and failover > IGMP and MLD snooping provides advanced multicast filtering > IEEE802.3ad Link Aggregation > STP/RSTP/MSTP > Access Control List/ Port Security >...

  • Page 10: System Requirements

    Web-Browsing Application (i.e. Internet Explorer, Firefox, Chrome, Safari, or another similar browser application) Package Contents The package contains the following items (all items must be in package to issue a refund): EWS1200D-10T, EWS2910P > EnGenius Switch > Power Adapter > Wall-mount Kit >...

  • Page 11: Technical Specifications

    Technical Specifications General EWS1200D-10T EWS1200-28T EWS1200-52T 10/100/1000Mbps Ports 100/1000Mbps SFP Slots RJ45 Console Ports Switching Capacity 20Gbps 56Gbps 104Gbps Forwarding Mode Store-and-Forward SDRAM 256 MB 256 MB 256 MB Flash Memory 32 MB 32 MB 32 MB Packet Buffer Memory 512 KB 512 KB 1.5 MB...
  • Page 12 Software Features - 256 entries 802.1ab Link Layer Discovery Protocol Wireless Management Features IGMP Snooping Access Point Auto Discovery and Provisioning - IGMP v1/v2/v3 Snooping - Supports 256 IGMP groups Access Point Auto IP Assignment Access Point Group Management - IGMP per VLAN Visual Topology View - IGMP Snooping Querier Floor Plan View...
  • Page 13 - 802.1p priority RFC1757 - Ethertype RFC2674 - IP address RFC 2863 - Protocol type Environment Specifications - DSCP Operating Temperature Security 0 to 40°C (EWS1200D-10T, EWS2910P) 802.1X 0 to 50°C (EWS1200-28T/52T, EWS5912FP, - Guest VLAN EWS7228P/FP, EWS7952FP) - Port-based Access Control Supports RADIUS Authentication Storage Temperature Port Security...

  • Page 14: Getting Started

    Chapter 2 Getting Started...

  • Page 15: Installing The Switch

    Installing the Switch This section will guide you through the installation process. Management Interface The Switch features an embedded Web interface for the monitoring and management of your device. Management Interface Default Values IP Address: 192.168.0.239 Username: admin Password: password...

  • Page 16: Connecting The Switch To A Network

    Connecting the Switch to a Network Discovery in a Network with a DHCP server Use the procedure below to setup the Switch within a network that uses DHCP. Connect the supplied Power Cord to the Switch and plug the other end into an electrical outlet. Verify the power LED indicator is lit on the Switch.
  • Page 17 Discovery in a Network with a DHCP server This section describes how to set up the Switch in a network without a DHCP server. If your network has no DHCP service, you must assign a static IP address to your Switch in order to log in to the web-based management interface.

  • Page 18: Software Features

    Chapter 3 Software Features...

  • Page 19: Using The Switch

    Using the Switch Besides the functions of a Wireless Controller, the EWS Wireless Management Switch also possesses functions of a full-featured Layer 2 Ethernet Switch. Use the Controller / Switch tab on the upper left corner of the user interface to toggle between the Wireless Controller or Layer 2 Switch functions.

  • Page 20: Wireless Controller Features

    Wireless Controller Features Managing EWS Access Points 1. Access Points in the network will be automatically discovered by the EWS and will be listed under the AP(s) Detected list in the Access Point menu. 2. Select the Access Point(s) you wish to manage and click Add. 3.
  • Page 21 Auto-Configuration DHCP: You can choose to auto assign IP address if there is a DHCP server in the network. Static: If you wish to manually assign the IP address, choose Static. Enter the IP address you wish to assign to the AP and fill in the subnet mask, default gateway and DNS server address.

  • Page 22: Device Management

    Device Management Summary The Summary page shows general system information for the EWS Switch including the Controller Status, the software version, the maximum number of APs the system can manage, MAC Address, IP Address, serial number, and system uptime for the system.
  • Page 23 Dashboard The Dashboard on the upper right corner of the GUI shows the current status of EWS APs that has been managed by the EWS Switch. Managed This shows the number of APs currently managed by the EWS Switch. Active This shows the number of managed APs that currently have an active connection with the EWS Switch.

  • Page 24: Access Points

    Access Points to your EWS Controller Access Point list. The EWS Switch is able to manage supported EWS Series Access Points. For the discovery procedure to succeed, the EWS Switch and the EWS Access Point must be connected in the same network. The EWS Switch can discover supported EWS Access Points with any IP address and Subnet settings.
  • Page 25 Radio Settings of the AP Group, then click on the Device Name field of the Access Point (which is already in a group) you wish to configure and you will be directed to a screen where you can configure override settings for the selected Access Point.
  • Page 26 Remove AP The Remove button removes selected Access Point(s) from list. Access Points removed will be automatically set to standalone mode with all settings restored to their factory default settings. Reboot AP The Reboot button will reboot the selected Access Point(s). Search Bar Use the Search Bar to search for Access Points managed by the EWS Switch using the following criteria: Status, model name, MAC Address, Device name, IP address, Firmware Version, Cluster.
  • Page 27 Resetting AP is resetting. Firmware AP is currently undergoing firmware upgrade process. Upgrading Invalid IP The subnet of managed AP’s IP address is not the same as the EWS Switch. Please remove AP and reconfigure AP to the correct setting. Incompatible AP firmware is not compatible with EWS Switch.
  • Page 28 Firmware Version Shows the firmware version of the managed Access Point. Last Update Display the time the Access Point was last detected and the information was last updated. Group Displays the AP Group the Access Point is currently assigned to. Click on this field and you'll be redirected to the group configuration page.

  • Page 29: Access Point Settings

    Access Point Settings On this page, you can edit the AP's name and password, manually assign an IP address, or change the channel selection, transmit power and other wireless settings of a managed Access Point. General Settings Device Name: The device name of the Access Point. Users can enter a custom name for the Access Point if they wish.
  • Page 30 Wireless Radio Settings Country: Select a Country/Region to conform to local regulations. Different regions have different rules that govern which channels can be used for wireless communications. Wireless Mode: Select from the drop-down menu to set the wireless mode for the Access Point. For 2.4GHz, the available options are 802.11b/g/n mixed, 802.11b, 802.11b/g mixed, 802.11g, and 802.11n.
  • Page 31 Transmit Power: Allows you to manually set the transmit power on 2.4GHz or 5GHz radios. Increasing the power improves performance, but if two or more Access Points are operating in the same area on the same channel, it may cause interference. Client Limits: Specify the maximum number of wireless clients that can associate with the radio.
  • Page 32 The ID displays the SSID profile identifier. Status This displays whether the current SSID profile is enabled or disabled. SSID Displays the SSID name as it appears to the wireless clients in the network. Security Displays the security mode the SSID uses. Encryption Displays the data encryption type the SSID uses.
  • Page 33 SSID Config Enable SSID: Select to enable or disable the SSID broadcasting. SSID: Enter the SSID for the current profile. This is the name that is visible to wireless clients on the network. Hidden SSID: Enable this option if you do not want to broadcast this SSID. This can help to discourage wireless users from connecting to a particular SSID.
  • Page 34 the correct SSID. The AP drops all packets with VLAN IDs that are not associated to the SSID. Traffic Shaping: Traffic Shaping regulates the allowed maximum downloading/uploading throughput per SSID. Select to enable or disable Wireless Traffic Shaping for the SSID. ...
  • Page 35  ASCII Key: You can choose upper and lower case alphanumeric characters and special symbols such as @ and #.  HEX Key: You can choose to use digits from 0~9 and letters from A~F. Select the bit-length of the encryption key to be used in the WEP connection. Your available options are: 64, 128, and 152-bit password lengths.
  • Page 36 RADIUS Accounting Secret: Enter the secret required to connect to the RADIUS accounting server. Accounting Group Key Update Interval: Specify how often, in seconds, the accounting data sends. The range is from 60~600 seconds. WPA-PSK / WPA2-PSK: WPA with PSK (Pre-shared key / Personal mode), designed for home and small office networks that don't require the complexity of an 802.1X authentication server.
  • Page 37 Advanced Settings LED Control: In some environments, the blinking LEDs on APs are not welcomed. This option allows you to enable or disable the devices LED indicators. Note that only indoor models support this feature. Band Steering: When enabled, when the wireless client first associates with the AP, the AP will detects whether or not the wireless client is dual-band capable, and if it is, it will force the client to connect to the less congested 5GHz network to relieve congestion and overcrowding on the mainstream 2.4GHz frequency.
  • Page 38 RSSI Threshold: With this feature enabled, in order to minimize the time the wireless client spends to passively scanning for a new AP to connect to, the AP will send a disassociation request to the wireless client upon detecting the wireless client's RSSI value lower than specified. The RSSI value can be adjusted to allow for more clients to stay associated to this Access Point.
  • Page 39 Guest Network: The Guest Network feature allows administrators to grant Internet connectivity to visitors or guests while keeping other networking devices and sensitive personal or company information private and secure. Enable SSID: Select to enable or disable the SSID broadcasting. SSID: Enter the SSID for the current profile.
  • Page 40 Client Isolation: When enabled, all communication between wireless clients connected to the same AP will be blocked. Security: Select encryption method (WPA-PSK / WPA2-PSK, or none) and encryption algorithm (AES or TKIP). WPA-PSK / WPA2-PSK: WPA with PSK (Pre-shared key / Personal mode), designed for home and small office networks that don't require the complexity of an 802.1X authentication server.
  • Page 41 Manual IP Settings  IP Address: Enter the IP address for the default gateway of clients associated to the Guest Network.  Subnet Mask: Enter the Subnet mask for the Guest Network. Automatic DHCP Server Settings  Starting IP Address/Ending IP Address: Enter the pool range of IP addresses available for assignment.

  • Page 42: Ap Groups

    AP Groups An AP Group can be used to define configuration options and apply them to a number of APs at once. If your wireless network covers a large physical environment and you want to provide wireless services with different settings and policies to different areas of your environment, you can use AP Groups to do this instead of having to modify the settings of each AP individually.
  • Page 43 In the Member Setting section, all Access Points that are managed by the EWS Switch that are not currently assigned to an AP Group will be listed on the left. Select the Access Points you wish to assign to this group and press Add. The Access Points will be moved to the right column.

  • Page 44: Access Control

    Access Control This page displays the list of wireless clients previously blocked from your network. If for any reason, you need to block a client device from your network, you can do so from this page by creating a new rule and entering the client's MAC address.
  • Page 45 Blocked Clients Displays the total number of clients permanently blocked from the network. Apply Button Click on Apply to save changes made on this page. Search Bar Use the Search Bar to search for blocked clients in the list using the following criteria: Client MAC Address, Description.

  • Page 46: Wireless Services

    Wireless Services Background Scanning With Background Scanning enabled, the controller periodically samples RF activity of all Access Points including channel utilization and surrounding devices in all available channels. Background scanning is the basis of Auto Channel, Auto Tx Power and Rogue AP detection, and must be enabled for these features to operate.

  • Page 47: Monitor

    Monitor Active Clients From here, you can view information, temporarily disconnect and permanently block the wireless clients that are associated with the Access Points that the EWS Switch manages. The EWS Switch is able to identify client devices by their Operating System, device type and host name, if available. If multiple Access Points are connected to the network, use the search bar to find an Access Point by its name.
  • Page 48 Search Bar Use the Search Bar to search for Wireless Clients managed by the EWS Switch using the following criteria: Client Name, Client IP, Client MAC Address, Client OS, AP Device Name, AP MAC Address, Model Name, SSID, Band, TX Traffic, RX Traffic. Client Name Displays the name of the wireless client connected to the Access Point.

  • Page 49: Rogue Ap Detection

    Rogue AP Detection Rogue Access Points refer to those unauthorized and often unmanaged APs attached to an existing wired network which could bring harm to the network or may be used to deliberately gain access to confidential company information. With Background Scanning enabled, the Rogue AP Detection feature can be used to periodically scan 2.4 GHz and 5 GHz frequency bands to identify rogue wireless Access Points not managed by the EWS Switch.
  • Page 50 Type Displays the type of the rogue device detected. Channel Displays the channel of the rogue device detected. Mode Displays the wireless mode of the rogue device detected. Band Displays the band of the rogue device detected. Security Displays the encryption method of the rogue device detected. Detector Displays the name and MAC address of the managed AP which detected the rogue device.

  • Page 51: System Log

    System Log Global Settings From here, you can Enable or Disable the Log settings for the EWS Switch. Local Logging The System Log is designed to monitor the operation of the EWS Switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems.
  • Page 52 Severity Level RFC 5424 defines eight severity levels: Code Severity Description General Description EMERG System is unusable. A "panic" condition usually affecting multiple apps/servers/sites. At this level it would usually notify all tech staff on call. ALERT Action must be taken Should be corrected immediately, therefore notify immediately.
  • Page 53 IP/Hostname Specify the IP address or host name of syslog server. Server Port Specify the port of the syslog server. The default port is 514. Severity Level RFC 5424 defines eight severity levels: Code Severity Description General Description EMERG System is unusable. A "panic"...
  • Page 54 WARNING Warning conditions. Warning messages, not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time. NOTICE Normal but significant Events that are unusual but not error conditions - condition.
  • Page 55 Display logs in  RAM: The information stored in the system’s RAM log will be lost after the Switch is rebooted or powered off  Flash: The information stored in the system’s Flash will be kept effective even if the Switch is rebooted or powered off.

  • Page 56: Email Alert

    Email Alert Alert Settings If an alert is detected, the EWS Switch will record it in the event log. The EWS Switch can also be configured to send email notifications for selected events. Mail Alert State: Select whether to Enable/Disable email notification. Mail Information Setting ...
  • Page 57  From Mail Address: Enter the email address that will appear as the sender of the email alert.  To Mail Address: Enter the email address which the EWS Switch will send alarm messages to. You can only send alarm messages to a single email address. ...
  • Page 58 Event Binding Use this page to choose which types of events will trigger the EWS Switch to send an email notification. When any of the selected events occur, the EWS Switch sends an email notification to the email address that you specified in the Monitoring > Email Alert > Alert Settings section. The table below provides explanations for EWS Controller syslog event messages.
  • Page 59 Status of AP [AP Name] [AP MAC] offline WARNING Status of AP [AP Name] [AP MAC] has invalid IP [IP Address] WARNING Status of AP [AP Name] [AP MAC]'s active client number reaches WARNING client limits {value} of [2.4/5]GHz AP Configuration Changed [AP Name] [AP MAC] configuration updated INFO AP Firmware...

  • Page 60: Visualization

    Visualization Topology View From here, you can see a visual view of the topology of all supported devices in the network. The EWS Switch automatically maps your network deployment and displays the device relationships across your network infrastructure. An essential feature for troubleshooting network issues that would otherwise require manual mapping, overlay monitoring software, or manually keeping track of MAC address tables.
  • Page 61 Unmanaged The AP is not managed by the controller Topology Change There is a change in topology for this device Navigating Tips to scroll up, down, left, or right. to Zoom in/out. Alternatively, you can use the mouse to navigate by clicking and dragging the left mouse button.
  • Page 62 Controller to save the current network topology. Changes will be displayed upon detecting a topology change. Note: The EWS Switch can only generate topologies with EnGenius L2 Series switches. Non-EnGenius switches will be marked as “Uncontrollable LAN Switches” in the generated topology.

  • Page 63: Map View

    Map View From here, you can view a geographical representation of Access Points in the network. Click AP List to display the list of Access Points managed by the EWS switch then simply click-and-drag the AP marker to the desired location on the map. Note: Your browser needs to be able to access the Internet for this function to work.
  • Page 64 Use the slider bar to Zoom in/out. Alternatively, you can use the mouse to navigate by clicking and dragging the left mouse button. Use the mouse wheel to zoom in/out. Use the Search box to search for locations by typing an address or the name of a landmark. Use the Locate button to pinpoint the map to your current location.

  • Page 65: Floor View

    Floor View The Floor View feature enables an administrator to upload custom floor plans and place AP markers in relevant locations for better network visualization of a wireless network. Multiple images can be uploaded to visualize Access Point placement on multiple floors of an office building or different branch offices within an organization.
  • Page 66 Add Button Use the Add Button to import a new image. Edit Button Use the Edit Button to edit the Name/Description of the imported image. Delete Button Use the Delete Button to remove the image.
  • Page 67 Floorplan View After importing your floor plan image, you can distribute markers that represent the APs to the correct locations by clicking on AP List and dragging each marker icon to its correct location on the floor plan. Also, Wireless Coverage Display can be toggled on to indicate the coverage range of each AP, assisting IT managers to easily and accurately plan and deploy wireless networks in any indoor environment.
  • Page 68 AP Info AP Information: Select to toggle on/off AP detailed information to be shown on your floor plan. 2.4GHz / 5GHz: Select whether to display signal coverage of 2.4GHz or 5GHz radio. The wireless coverage displayed will be based on the transmit power settings of the Access Point. Scaling Tool: Use the scaling tool to determine the exact distance on the floorplan.
  • Page 69 Navigating Tips to scroll up, down, left, or right. to Zoom in/out. Alternatively, you can use the mouse to navigate by clicking and dragging the left mouse button. Use the mouse wheel to zoom in/out. Mouse over a device to show information about the device. AP List: Click to reveal a list of APs that the EWS Switch is currently managing.

  • Page 70: Statistics

    Statistics Access Points The page displays a visual chart of the network traffic of all the Access Points managed by the EWS Switch. Navigating Tips Click Sort to sort the order from ascending/descending, depending on your preference. Click Rx to display Rx transmission, Tx to display Tx transmission or Total to display combined Rx and Tx transmission.

  • Page 71: Wireless Clients

    Wireless Clients In addition to viewing information based on specific Access Points, you can view data via specific clients as well for security purposes. Navigating Tips Click Sort to sort the order from ascending/descending, depending on your preference. Click Rx to display Rx transmission, Tx to display Tx transmission or Total to display combined Rx and Tx transmission.

  • Page 72: Real Time Throughput

    Real Time Throughput This page displays the real-time network activity of the selected Access Point.

  • Page 73: Hotspot Services

    Hotspot Services A hotspot is a wireless network that provides access through a captive portal. Use this feature to setup captive portal related configurations. A captive portal provides registered users with network access while containing unregistered users. Users will need to enter a valid user name and password before they are allowed access to the Internet through the hotspot.
  • Page 74 Login Page: A splash page is the web page which prompts the user to log in with a user name and password, or accept a network use policy once the client has associated to the SSID. Local Web Page Use the splash page hosted locally by EWS Switch. The local splash page enable administrators to eliminate the need to set up a local web server.

  • Page 75: Guest Account

    Guest Account On this page, an administrator can create, edit, and remove user accounts used for captive portal's local database authentication. Add: Create a new user account. Remove: Delete the selected user account. Edit: Edit the settings of the selected user account.

  • Page 76: Maintenance

    Maintenance Schedule Tasks Use the Schedule Tasks feature to control the time(s), or day(s) of a week, or date of a month to automatically perform the following task: Reboot AP(s): Soft reboot AP Change WLAN State: Enable/disable WLAN service Change Switch PoE State: By port PoE enable or disable. Only available for PoE supported models. Switch PoE Reset: Power cycle PoE port.

  • Page 77: Troubleshooting

    Troubleshooting From here, you can troubleshoot any issues you have with Access Points connected to the network. This feature is designed primarily for administrators to verify and test the link route between the Switch and the Access Point. A troubleshooting solution is provided by the system so that administrators can know where the problem lies.

  • Page 78: Bulk Upgrade

    Bulk Upgrade The Bulk Upgrade feature allows administrators to upgrade the firmware of multiple Access Points at the same time. After uploading the firmware of an AP, the system will automatically display a list of Access Points the system is currently managing that the uploaded firmware is for. To upgrade, please follow the steps below: Click on Upload New File to mount AP firmware onto EWS Switch flash Once the Access Point firmware is uploaded onto the Controller, the list of Access Points that...

  • Page 79: One-Click Update

    One-Click Update The EWS Switch can be configured to automatically check for new firmware updates for your EWS devices. The icon below will appear on the upper right corner of the user interface when a new update is available. Simply click on the icon and follow the on screen instructions to update your devices. Note: An active Internet connection is required for this feature.
  • Page 80 Automatically Check for Updates Enable/disable automatically check for new updates for your devices. Update Server Choose whether you wish to check for updates from EnGenius server or specify your own http/ftp server path. Check updates from specific server Apart from copying firmware image files into the specific http/ftp path, an index file is required in the same folder.
  • Page 81 Create a new .txt file with the name "lastfwlist.txt". In the file, create entries based on the format below and save the file. <Model Name>,<Firmware Version>,<File Name>,<MD5>,<SKU> Field Description Reference String Model Enter model name. EWS310AP, EWS320AP, EWS660AP Name Firmware Enter firmware version.

  • Page 82: Ssl Certificate

    SSL Certificate SSL certificates enables device or user identification, as well as secure communications. Administrators can create a self-signed SSL Certificate to secure communications between the Switch and Access Points. Note that Access Points will disconnect and reconnect using new certificate upon applying changes. Generate New Certificate Enter the information below to generate a request for an SSL certificate for the controller.
  • Page 83 State/Province Enter the state or province. Country Enter the name of the country. Valid Date Enter the expiry date of the certificate. Restore to Default Certificate Click on Restore button under Advance Options to restore the default SSL Certificate settings.

  • Page 84: Check Codes

    Check Codes Use this feature to generate a list of 'Check Codes' for the APs that your EWS Switch is current managing. Check Codes are used for registering devices to ezMaster.

  • Page 85: Migration To Ezmaster

    Migration to ezMaster This feature will help to migrate the EWS Switch and all the APs managed by the EWS Switch to ezMaster automatically without the need of manually entering the check code and MAC address of all the APs one by one.

  • Page 86: Ethernet Switch Features

    Ethernet Switch Features System Summary The Summary page shows general system information for the Switch including the device name, the software version, serial number, MAC address, IP Address, gateway address, and system uptime. Device Name Displays the model name of the device. FW Version Displays the installed firmware version of the device.

  • Page 87: Ip Settings

    IP Settings The IP Setting screen contains fields for assigning IP addresses. IP addresses are either defined as static or are retrieved using the Dynamic Host Configuration Protocol (DHCP). DHCP assigns dynamic IP addresses to devices on a network. DHCP ensures that network devices can have a different IP address every time the device connects to the network.
  • Page 88 the Switch. Select this option if you don't have a DHCP server or if you wish to assign a static IP address to the Switch. IP Address This field allows the entry of an IPv4 address to be assigned to this IP interface.
  • Page 89 IPv6 State Select whether you wish to enable Auto Configuration, DHCPv6 Client, or Static for the IPv6 address. Auto Configuration Use this option to set the IPv6 address for the IPv6 network interface in Auto Configuration. The Switch will automatically generate and use a globally-unique IPv6 address based on the network prefix and its Ethernet MAC address.

  • Page 90: System Time

    System Time Use the System Time screen to view and adjust date and time settings. The Switch supports Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. This switch operates only as an SNTP client and cannot provide time services to other systems.
  • Page 91 To configure date/time through SNMP: Next to the Enable SNTP, select Enable. In the Time Zone Offset list, select by country or by the GMT time zone in which the Switch is located. Next select Disabled, Recurring, or Non-Recurring for Daylight Savings Time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

  • Page 92: Port Settings

    Port Settings Use this screen to view and configure Switch port settings. The Port Settings page allows you change the configuration of the ports on the Switch in order to find the best balance of speed and flow control according to your preferences. Configuring Gigabit ports require additional factors to be considered when arranging your preferences for the Switch compared to 10/100 ports.
  • Page 93 uses the pre-configured speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer port are the same in order to connect. Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses.

  • Page 94: Poe

    The PoE Management screen contains system PoE information for monitoring the current power usage and assigns the total amount of power the Switch can provide to all of its PoE ports. To access the page, click PoE under the System menu. Note: This feature is only available for PoE supported models listed below.
  • Page 95 PoE Port Settings Port Displays the specific port for which PoE parameters are defined. PoE parameters are assigned to the powered device that is connected to the selected port. State Displays the active participating members of the trunk group. Member Enable: Enables the Device Discovery protocol and provides power to the device Port using the PoE module.
  • Page 96 Class 2: The maximum power level at the Power Sourcing Equipment is 7.0 Watts. Class 3: The maximum power level at the Power Sourcing Equipment is 15.4 Watts. Class 4: The maximum power level at the Power Sourcing Equipment is 30 Watts. Class (User Select this option to base the power limit on the value configured in the User Defined)

  • Page 97: Eee

    Network administrators have long focused on the energy efficiency of their infrastructure, and the EnGenius Layer 2 Switch complies with the IEEE’s Energy-Efficient Ethernet (EEE) standard. The EEE compliant Switch offers users the ability to utilize power that Ethernet links use only during data transmission.

  • Page 98: L2 Feature

    L2 Feature The L2 Feature tab exhibits complete standard-based Layer 2 switching capabilities, including: Link Aggregation, 802.1D Spanning Tree Protocol, 802.1w Rapid Spanning Tree Protocol, 802.1s Multiple Spanning Tree Protocol, MAC Address Table, Internet Group Management Protocol (IGMP) Snooping, Port Mirroring, 802.1ab Link Layer Discovery Protocol (LLDP), and Multicast Listener Discovery (MLD) snooping.
  • Page 99 > All ports in the LAG have the same back pressure and flow control modes. > All ports in the LAG have the same priority. > All ports in the LAG have the same transceiver type. > Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG.

  • Page 100: Port Trunking

    Port Trunking Port Trunking allows you to assign physical links to one logical link that functions as a single, higher-speed link, providing dramatically increased bandwidth. Use Port Trunking to bundle multiple connections and use the combined bandwidth as if it were a single larger “pipe”. Important: You must enable Trunk Mode before you can add a port to a trunk group.
  • Page 101 LACP Settings Assign a system priority to run with Link Aggregation Control Protocol (LACP) and is become for a backup link if a link goes down. The lowest system priority is allowed to make decisions about which ports it is actively participating in in case a link goes down.
  • Page 102 LACP Timeout Link Aggregation Control Protocol (LACP) allows the exchange of information with regard to the link aggregation between two members of aggregation. The LACP Time Out value is measured in a periodic interval. Check first whether the port in the trunk group is up. When the interval expires, it will be removed from the trunk.

  • Page 103: Mirror Settings

    Mirror Settings Mirrors network traffic by forwarding copies of incoming and outgoing packets from specific ports to a monitoring port. The packet that is copied to the monitoring port will be the same format as the original packet. Port mirroring is useful for network monitoring and can be used as a diagnostic tool. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, detecting intrusions, monitoring and predicting traffic patterns, and other correlating events.
  • Page 104 Note You cannot mirror a faster port onto a slower port. For example, if you try to mirror the traffic from a 100Mbps port onto a 10Mbps port, this can cause throughput problems. The port you are copying frames from should always support an equal or lower speed than the port to which you are sending the copies.

  • Page 105: Stp

    The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between Switches. This allows the Switch to interact with other bridging devices in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
  • Page 106 Loops occur when alternate routes exist between hosts. Loops in an extended network can cause the Switch to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency. Once the STP is enabled and configured, primary links are established and duplicated links are blocked automatically.

  • Page 107: Root Bridge

    This can result in the loss of communication between various parts of the network during the convergence process so STP can subsequently lose data packets during transmission. RSTP on the other hand is much faster than STP. It can complete a convergence in seconds, so it greatly diminishes the possible impact the process can have on your network compared to STP.
  • Page 108 Root Address Displays the root bridge MAC address. Root in root bridge refers to the base of the spanning tree, which the Switch could be configured for. Priority Displays the priority for the bridge. When switches are running STP, each is assigned a priority.
  • Page 109 CIST Instance Settings The Common Instance Spanning Tree (CIST) protocol is formed by the spanning tree algorithm running among bridges that support the IEEE 802.1w, IEEE 802.1s, and IEEE 802.1D standard. A Common and Internal Spanning Tree (CIST) represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/RSTP.
  • Page 110 switch will wait before changing states (called listening to learning). Maximum Age Displays the bridge Switch Maximum Age Time. This is the amount of time a bridge waits before sending a configuration message. The default is 20 seconds. Hello Time Displays the Switch Hello Time.
  • Page 111 Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops. When more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled. The range is from 0 to 240, in steps of 16;...
  • Page 112 MST Instance Settings Multiple Spanning Tree Protocol, or MSTP enables the grouping of multiple VLANs with the same topology requirements into one Multiple Spanning Tree Instance (MSTI). MSTP then builds an Internal Spanning Tree (IST) for the region containing commonly configured MSTP bridges. Instances are not supported in STP or RSTP.
  • Page 113 MST ID Displays the ID of the MST group that is created. A maximum of 15 groups can be set for the Switch. VLAN List Enter the VLAN ID range from for the configured VLANs to associate with the MST ID. The VLAN ID number range is from 1 to 4094. Priority Select the bridge priority value for the MST.
  • Page 114 MST ID Displays the ID of the MST group that is created. A maximum of 15 groups can be set for the Switch. Port Displays port or trunked port ID. Priority Select the bridge priority value for the MST. When switches or bridges are running STP, each is assigned a priority.
  • Page 115 Regional Root This is the bridge identifier of the CST regional root. It is made up using the Bridge bridge priority and the base MAC address of the bridge. Internal Root Cost Displays the path cost to the designated root for the selected MST instance. Designated Bridge Displays the bridge identifier of the bridge for the designated port.

  • Page 116: Mac Address Table

    MAC Address Table The MAC address table contains address information that the Switch uses to forward traffic between the inbound and outbound ports. All MAC addresses in the address table are associated with one or more ports. When the Switch receives traffic on a port, it searches the Ethernet switching table for the MAC address of the destination.
  • Page 117 Dynamic MAC Address The Switch will automatically learn the device's MAC address and store it to the dynamic MAC address table. If there is no packet received from the device within the aging time, the Switch adopts an aging mechanism for updating the tables from which MAC address entries will be removed from related network devices.

  • Page 118: Lldp

    LLDP Link Layer Discovery Protocol (LLDP) is the IEEE 802.1AB standard for Switches to advertise their identity, major capabilities, and neighbors on the 802 LAN. LLDP allows users to views the discovered information to identify system topology and detect faulty configurations on the LAN. LLDP is essentially a neighbor discovery protocol that uses Ethernet connectivity to advertise information to devices on the same LAN and store information about the network.
  • Page 119 State Select Enabled or Disabled to activate LLDP for the Switch. Transmission Interval Enter the interval at which LLDP advertisement updates are sent. The default value is 30. The range is from 5 to 32768. Holdtime Multiplier Enter the amount of time that LLDP packets are held before packets are discarded and measured in multiples of the Advertised Interval.
  • Page 120 Capabilities Supported Describes the device functions. Capabilities Enabled Describes the device functions. Port ID Subtype Displays the port ID type. Remote Device LLDP devices must support chassis and port ID advertisement, as well as the system name, system ID, system description, and system capability advertisements. From here you can viewing detailed LLDP Information for the remote device.
  • Page 121 802.3 Link Aggregation Status Displays the status of 802.3 Link Aggregation. 802.3 Link Aggregation Port ID Displays the port ID of 802.3 Link Aggregation.

  • Page 122: Igmp Snooping

    IGMP Snooping Internet Group Management Protocol (IGMP) Snooping allows a Switch to forward multicast traffic intelligently. Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any host that wishes to receive the multicast register with their local multicast Switch.
  • Page 123 Global Settings Click to enable or disable the IGMP Snooping feature for the Switch. Next, select whether you wish to use V2 or V3. Finally, select whether you wish to enable or disable the Report Suppression feature for the Switch. Status Select to enable or disable IGMP Snooping on the Switch.
  • Page 124 VLAN Settings Use the IGMP Snooping VLAN Settings to configure IGMP Snooping settings for VLANs on the system. The Switch performs IGMP Snooping on VLANs that send IGMP packets. You can specify the VLANs that IGMP Snooping should be performed on. Choose from the drop down box whether to enable or disable IGMP Snooping.

  • Page 125: Querier Settings

    Querier Settings IGMP Snooping requires that one central Switch to periodically query all end devices on the network to announce their multicast memberships and this central device is the IGMP querier. The snooping Switch sends out periodic queries with a time interval equal to the configured querier query interval. The IGMP query keeps the Switch updated with the current multicast group membership information.
  • Page 126 Counter Oper Last Member Query Enter the number of IGMP group-specific queries sent before the Counter switch assumes there are no local members. Last Member Query Enter the time between two consecutive group-specific queries that Interval are sent by the querier, including those sent in response to leave group messages.
  • Page 127 Router Settings The Router Settings shows the learned multicast router attached port if the port is active and a member of the VLAN. Select the VLAN ID you would like to configure and enter the Static and Forbidden ports for the specified VLAN IDs.

  • Page 128: Mld Snooping

    MLD Snooping Multicast Listener Discovery (MLD) Snooping operates on the IPv6 traffic level for discovering multicast listeners on a directly attached port and performs a similar function to IGMP Snooping for IPv4. MLD snooping allows the Switch to examine MLD packets and make forwarding decisions based on content. MLD Snooping limits IPv6 multicast traffic by dynamically configuring the Switch port so that multicast traffic is forwarded only to those ports that wish to receive it.
  • Page 129 VLAN Settings If the Fast Leave feature is not used, a multicast querier will send a GS-query message when an MLD group leave message is received. The querier stops forwarding traffic for that group only if no host replies to the query within the specified timeout period. If Fast Leave is enabled, the Switch assumes that only one host is connected to the port.
  • Page 130 Group List The Group List displays the VLAN ID, IPv6 address, and members port in the MLD Snooping List. Router Settings The Router Settings feature shows the learned multicast router attached port if the port is active and a member of the VLAN. Select the VLAN ID you would like to configure and enter the static and forbidden ports for the specified VLAN IDs that are utilizing MLD Snooping.

  • Page 131: Jumbo Frame

    Jumbo Frame Ethernet has used the 1500 byte frame size since its inception. Jumbo frames are network-layer PDUs that have a size much larger than the typical 1500 byte Ethernet Maximum Transmission Unit (MTU) size. Jumbo frames extend Ethernet to 9000 bytes, making them large enough to carry an 8 KB application datagram plus packet header overhead.

  • Page 132: Vlan

    VLAN A Virtual LAN (VLAN) is a group of ports that form a logical Ethernet segment on a Layer 2 Switch which provides better administration, security, and management of multicast traffic. A VLAN is a network topology configured according to a logical scheme rather than a physical layout. When you use a VLAN, users can be grouped by logical function instead of physical location.

  • Page 133: 133

    802.1Q Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. The IEEE 802.1Q specification establishes a standard method for tagging Ethernet frames with VLAN membership information. The key for IEEE 802.1Q to perform its functions is in its tags.

  • Page 134: Pvid

    PVID When an untagged packet enters a Switch port, the PVID (Port VLAN ID) will be attached to the untagged packet and forward frames to a VLAN specified VID part of the PVID. A packet received on a given port would be assigned that port's PVID and then be forwarded to the port that corresponded to the packet's destination address.
  • Page 135 accepts tagged frames. Untagged Only: Only untagged frames received on the port are accepted. All: The port accepts both tagged and untagged frames. Ingress Filtering Specify how you wish the port to handle tagged frames. Select Enabled or Disabled from the list. Enabled: Tagged frames are discarded if VID does not match the PVID of the port.

  • Page 136: Management Vlan

    Management VLAN The Management VLAN allows users to transfer the authority of the Switch from the default VLAN to other VLAN IDs. By default, the active management VLAN ID is 1, which allows an IP connection to be established through any port. When the management VLAN is set to a different VLAN, connectivity through the existing management VLAN is lost and an IP connection can be made only through a port that is part of the management VLAN.

  • Page 137: Voice Vlan

    Voice VLAN Enhance your Voice over IP (VoIP) service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN. Voice VLAN provides QoS to VoIP, ensuring that the quality of the call does not deteriorate if the IP traffic is received erratically or unevenly. Global Settings Voice VLAN State Select Enabled or Disabled for Voice VLAN on the Switch.

  • Page 138: Oui Settings

    OUI Settings The Switches determines whether a received packet is a voice packet by checking its source MAC address. VoIP traffic has a pre-configured Organizationally Unique Identifiers (OUI) prefix in the source MAC address. You can manually add specific manufacturer's MAC addresses and description to the OUI table. All traffic received on the Voice VLAN ports from the specific IP phone with a listed OUI is forwarded on the voice VLAN.
  • Page 139 Port Settings Enhance your VoIP service further by configuring ports to carry IP voice traffic from IP phones on a specific VLAN. Voice VLAN provides QoS to VoIP, ensuring that the quality of voice does not deteriorate if the IP traffic is received unevenly. Port Displays the port to which the Voice VLAN settings are applied.

  • Page 140: Management

    Management System Information The System Information screen contains general device information including the system name, system location, and system contact for the Switch. System Name Enter the name you wish to use to identify the Switch. You can use up to 255 alphanumeric characters.

  • Page 141: User Management

    User Management Use the User Management page to control management access to the Switch based on manually configured user names and passwords. A User account can only view settings without the right to configure the Switch, and an Admin account can configure all the functions of the Switch. Click the Add button to add an account or the Edit button to edit an existing account.

  • Page 142: Dual Image

    Dual Image The Switch maintains two versions of the Switch image in its permanent storage. One image is the active image, and the second image is the backup image. The Dual Image screen enables the user to select which partition will be set as active after the next reset. The Switch boots and runs from the active image.

  • Page 143: Snmp

    SNMP Simple Network Management Protocol (SNMP) is an application layer protocol designed specifically for managing and monitoring network devices. Simple Network Management Protocol (SNMP) is a popular protocol for network management. It is used for collecting information from and configuring network devices such as;...
  • Page 144 than SNMPv1 and SNMPv2c as well. In the SNMPv1 and SNMPv2c protocols, the terms agent and manager are used. In the SNMPv3 protocol, agents and managers are renamed to entities. With the SNMPv3 protocol, you create users and determine the protocol used for message authentication as well as if data transmitted between two SNMP entities is encrypted.
  • Page 145 Global Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) protocol designed specifically for managing and monitoring network devices. The SNMP agents maintain a list of variables that are used to manage the device. The variables are defined in the Management Information Base (MIB), which provides a standard presentation of the information controlled by the on-board SNMP agent.

  • Page 146: View List

    View List SNMP uses an extensible design, where the available information is defined by Management Information Bases (MIBs). MIBs describe the structure of the management data of a device subsystem; they use a hierarchical namespace containing Object Identifiers (OID) to organize themselves. Each OID identifies a variable that can be read or set via SNMP.
  • Page 147 Group List Configure SNMP Groups to control network access on the Switch by providing users in various groups with different management rights via the Read View, Write View, and Notify View options. Group Name Enter the group name that access control rules are applied to. The group name can contain up to 30 alphanumeric characters.

  • Page 148: Community List

    Community List In SNMPv1 and SNMPv2c, user authentication is accomplished using types of passwords called Community Strings, which are transmitted in clear text and not supported by authentication. It is important to note that the community name can limit access to the SNMP agent from the SNMP network management station, functioning as a password.
  • Page 149 User List Use the User List page to create SNMP users for authentication with managers using SNMP v3 to associate them to SNMP groups. Click Add to add a new user. Privilege Mode Select No Auth, Auth, or Priv security level from the list. No auth: Neither authentication nor the privacy security levels are assigned to the group.

  • Page 150: Trap Settings

    Trap Settings A trap is a type of SNMP message. The Switch can send traps to an SNMP manager when an event occurs. You can restrict user privileges by specifying which portions of the MIBs that a user can view. In this way, you restrict which MIBs a user can display and modify for better security.
  • Page 151 device waits before re-sending an inform request. The default is 3 seconds. Click the Apply button to accept the changes or the Cancel button to discard them.

  • Page 152: Acl

    An Access Control List (ACL) allows you to define classification rules or establish criteria to provide security to your network by blocking unauthorized users and allowing authorized users to access specific areas or resources. ACLs can provide basic security for access to the network by controlling whether packets are forwarded or blocked at the Switch ports.

  • Page 153: Mac Acl

    MAC ACL This page displays the currently-defined MAC-based ACLs profiles. To add a new ACL, click Add and enter the name of the new ACL. Index Profile identifier. Name Enter the MAC based ACL name. You can use up to 32 alphanumeric characters. Click the Apply button to accept the changes or the Cancel button to discard them.

  • Page 154: Mac Ace

    MAC ACE Use this page to view and add rules to MAC-based ACLs. ACL Name Select the ACL from the list. Sequence Enter the sequence number which signifies the order of the specified ACL relative to other ACLs assigned to the selected interface. The valid range is from 1 to 2147483647, 1 being processed first.
  • Page 155 802.1p Value Enter the 802.1p value. The range is from 0 to 7. Ethertype Value Selecting this option instructs the Switch to examine the Ethernet type value in each frame's header. This option can only be used to filter Ethernet II formatted packets. A detailed listing of Ethernet protocol types can be found in RFC 1060.

  • Page 156: Ipv4 Acl

    IPv4 ACL This page displays the currently-defined IPv4-based ACLs profiles. To add a new ACL, click Add and enter the name of the new ACL. Index Displays the current number of ACLs. Name Enter the IP based ACL name. You can use up to 32 alphanumeric characters. Click the Apply button to accept the changes or the Cancel button to discard them.

  • Page 157: Ipv4 Ace

    IPv4 ACE Use this page to view and add rules to IPv4-based ACLs. ACL Name Select the ACL from the list for which a rule is being created. Sequence Enter the sequence number which signifies the order of the specified ACL relative to other ACLs assigned to the selected interface.
  • Page 158 transmits packets but does not guarantee their delivery. • HMP: The Host Mapping Protocol (HMP) collects network information from various networks hosts. HMP monitors hosts spread over the Internet as well as hosts in a single network. • RDP: Reliable Data Protocol (RDP). Provides a reliable data transport service for packet-based applications.

  • Page 159: Ipv6 Acl

    IPv6 ACL This page displays the currently-defined IPv6-based ACLs profiles. To add a new ACL, click Add and enter the name of the new ACL. Index Displays the current number of ACLs. Name Enter the IPv6 based ACL name. You can use up to 32 alphanumeric characters. Click the Apply button to accept the changes or the Cancel button to discard them.

  • Page 160: Ipv6 Ace

    IPv6 ACE Allows IPv6 Based Access Control Entry (ACE) to be defined within a configured ACL. ACL Name Select the ACL from the list. Sequence Enter the sequence number which signifies the order of the specified ACL relative to other ACLs assigned to the selected interface. The valid range is from 1 to 2147483647, 1 being processed first.
  • Page 161 matched to packets. The range is from 0 to 65535. Destination Port Select Single or Range from the list. Enter the destination port that is matched to packets. The range is from 0 to 65535. TCP Flags Select whether to handle each six TCP control flags; URG (Urgent), ACK (Acknowledgment), PSH (Push), RST (Reset), SYN (Synchronize), and FIN (Fin) from drop down menu.

  • Page 162: Acl Binding

    ACL Binding When an ACL is bound to an interface, all the rules that have been defined for the ACL are applied to that interface. Whenever an ACL is assigned on a port or LAG, flows from that ingress or egress interface that do not match the ACL, are matched to the default rule of dropping unmatched packets.

  • Page 163: Qos

    Quality of Service (QoS) provides the ability to implement priority queuing within a network. QoS is a means of providing consistent and predictable data delivery to the Switch by distinguishing between packets that have stricter timing requirements from those that are more tolerant of delays. QoS enables traffic to be prioritized while avoiding excessive broadcast and multicast traffic.

  • Page 164: Global Settings

    Global Settings There are two options for applying QoS information onto packets: the 802.1p Class of Service (CoS) priority field within the VLAN tag of tagged Ethernet frames, and Differentiated Services (DiffServ) Code Point (DSCP). Each port on the Switch can be configured to trust one of the packet fields (802.1p , DSCP or DSCP+802.1p).

  • Page 165: Cos Mapping

    CoS Mapping Use the Class of Service (CoS) Mapping feature to specify which internal traffic class to map to the corresponding CoS value. CoS allows you to specify which data packets have greater precedence when traffic is buffered due to congestion. Displays the CoS priority tag values, where 0 is the lowest and 7 is the highest.

  • Page 166: Dscp Mapping

    DSCP Mapping Use Differentiated Services Code Point (DSCP) Mapping feature to specify which internal traffic class to map to the corresponding DSCP values. DSCP Mapping increases the number of definable priority levels by reallocating bits of an IP packet for prioritization purposes. DSCP Displays the packet's DSCP values, where 0 is the lowest and 10 is the highest.

  • Page 167: Port Settings

    Port Settings From here, you can configure the QoS port settings for the Switch. Select a port you wish to set and choose a CoS value from the drop down box. Next, Select to enable or disable the Trust setting to let any CoS packet be marked at ingress.

  • Page 168: Bandwidth Control

    Bandwidth Control The Bandwidth Control feature allows users to define the bandwidth settings for a specified port's Ingress Rate Limit and Egress Rate. Port Displays the ports for which the bandwidth settings are displayed. Ingres Select enable or disable ingress on the interface. Ingress Rate Enter the ingress rate in kilobits per second.

  • Page 169: Storm Control

    Storm Control Storm Control limits the amount of Broadcast, Unknown Multicast, and Unknown Unicast frames accepted and forwarded by the Switch. Storm Control can be enabled per port by defining the packet type and the rate that the packets are transmitted at. The Switch measures the incoming Broadcast, Unknown Multicast, and Unknown Unicast frames rates separately on each port, and discards the frames when the rate exceeds a user-defined rate.
  • Page 170 Unknown Multicast Enter the Unknown Multicast rate in kilobits per second. The gigabit Ethernet ports have a maximum speed of 1000000 kilobits per second. If the rate of broadcast traffic ingress on the interface increases beyond the configured threshold, the traffic is dropped. Unknown Unicast Enter the Unknown Unicast rate in kilobits per second.

  • Page 171: Security

    Security 802.1x The IEEE 802.1X standard authentication uses the RADIUS (Remote Authentication Dial In User Service) protocol to validate users and provide a security standard for network access control. The user that wishes to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server.
  • Page 172 State Select whether authentication is Enabled or Disabled on the Switch. Guest VLAN Select whether Guest VLAN is Enabled or Disabled on the Switch. The default is Disabled. Guest VLAN ID Select the guest VLAN ID from the list of currently defined VLANs. Click Apply to update the system settings.
  • Page 173 Port Displays the ports for which the 802.1X information is displayed. Mode Select Auto or Force_UnAuthorized or Force_Authorized mode from the list. Re-Authentication Select whether port re-authentication is Enabled or Disabled. Re-authentication Enter the time span in which the selected port is re-authenticated. The period default is 3600 seconds.

  • Page 174: Authenticated Host

    Authenticated Host The Authenticated Host section displays the Authenticated User Name, Port, Session Time, Authenticated Method, and Mac Address.

  • Page 175: Radius Server

    RADIUS Server RADIUS proxy servers are used for centralized administration. Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service for greater convenience. RADIUS is a server protocol that runs in the application layer, using UDP as transport.

  • Page 176: Access

    Access HTTP(S) Settings The EnGenius Switch provides a built-in browser interface that enables you to configure and manage the Switch via Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) requests selectively to help prevent security breaches on the network. You can manage your HTTP and HTTPS settings for the Switch further by choosing the length of session timeouts for HTTP and HTTPS requests.

  • Page 177: Telnet Settings

    Telnet Settings From here, you can configure and manage the Switch's Telnet protocol settings. The Telnet protocol is a standard Internet protocol which enables terminals and applications to interface over the Internet with remote hosts by providing Command Line Interface (CLI) communication using a virtual terminal connection.
  • Page 178 SSH Settings Secure Shell (SSH) is a cryptographic network protocol for secure data communication network services. SSH is a way of accessing the command line interface on the network Switch. The traffic is encrypted, so it is difficult to eavesdrop on as it creates a secure connection within an insecure network such as the Internet.

  • Page 179: Console Settings

    Silent Time Enter the silent time for Telnet service. The range is from 0 to 65535 seconds. Click Apply to update the system settings. Console Settings From here, you can configure the Console service settings for the Switch. Session Timeout Enter the amount of time that elapses before Console service is timed out.

  • Page 180: Port Security

    Port Security Network security can be increased by limiting access on a specific port to users with specific MAC addresses. Port Security prevents unauthorized device to the Switch prior to stopping auto-learning processing. Max MAC Address Enter the maximum number of MAC addresses that can be learned on the port.

  • Page 181: Port Isolation

    Port Isolation Port Isolation feature provides L2 isolation between ports within the same broadcast domain. When enabled, Isolated ports can forward traffic to Not Isolated ports, but not to other Isolated ports. Not Isolated ports can send traffic to any port; whether Isolated or Not Isolated. The default setting is Not Isolated.

  • Page 182: Dos

    DoS (Denial of Service) is used for classifying and blocking specific types of DoS attacks. From here, you can configure the Switch to monitor and block different types of attacks. Global Settings On this page, the user can enable or disable the prevention of different types of DoS attacks. When enabled, the switch will drop the packets matching the types of DoS attack detected.
  • Page 183 Port Settings From here you can configure the Port Settings for DoS for the Switch. Select from the drop down list whether you wish to enable or disable DoS protection for the Switch. Port Displays the port for which the DoS protection is defined. DoS Protection Select Enabled or Disabled for the DoS protection feature for the selected port.

  • Page 184: Monitoring

    Monitoring Port Statistics The Port Statistics page displays a summary of all port traffic statistics. Port Displays the port for which statistics are displayed. RXByte Displays the number of all packets received on the port. RXUcast Displays the number of unicast packets received on the port. RXNUcast Displays the number of unicast packets received on the port.

  • Page 185: Rmon

    RMON Remote Network Monitoring, or RMON is used for support monitoring and protocol analysis of LANs by enabling various network monitors and console systems to exchange network monitoring data through the Switch. Event List The Event List defines RMON events on the Switch. Index Enter the entry number for event.

  • Page 186: Alarm List

    Event Log Table From here, you can view specific event logs for the Switch. Choose an event log you wish to view from the drop down list. Alarm List You can configure network alarms to occur when a network problem is detected. Choose your preferences for the alarm from the drop down boxes.

  • Page 187: History List

    History List Index Enter the entry number for the History List. Sample Port Select the port from which the history samples were taken. Bucket Requested Enter the number of samples to be saved. The range is from 1 to 50. Interval Enter the time that samples are taken from the ports.
  • Page 188 History Log Table From here, you can view the History Index for history logs on the Switch. Select a history index to view from the drop down box. Statistics From here, you can view all the RMON statistics of the Switch. Port Indicates the specific port for which RMON statistics are displayed.
  • Page 189 Pkts Displays the number of packets received on the port. Broadcast Pkts Displays the number of good broadcast packets received on the port. This number does not include Multicast packets. Multicast Pkts Displays the number of good Multicast packets received on the port. CRC &...

  • Page 190: Log

    The Syslog protocol allows devices to send event notification messages in response to events, faults, or errors occurring on the platform as well as changes in configuration or other occurrences across an IP network to syslog servers. It then collects the event messages, providing powerful support for users to monitor network operation and diagnose malfunctions.
  • Page 191 INFO Informational messages Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required. Global Settings From here, you can Enable or Disable the log settings for the Switch. Click Apply to update the system settings.

  • Page 192: Local Logging

    Local Logging The System Log is designed to monitor the operation of the Switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems. The Switch supports log output to two directions: Flash and RAM.
  • Page 193 Remote Logging The internal log of the EWS Switch has a fixed capacity; at a certain level, the EWS Switch will start deleting the oldest entries to make room for the newest. If you want a permanent record of all logging activities, you can set up your syslog server to receive log contents from the EWS Switch.
  • Page 194 Event Logs This page displays the most recent records in the Switch's internal log. Log entries are listed in reverse chronological order (with the latest logs at the top of the list). Click a column header to sort the contents by that category.

  • Page 195: Diagnostics

    Diagnostics Cable Diagnostics Cable Diagnostics helps you to detect whether your cable has connectivity problems provides information about where errors have occurred in the cable. The tests use Time Domain Reflectometry (TDR) technology to test the quality of a copper cable attached to a port. TDR detects a cable fault by sending a signal through the cable and reading the signal that is reflected back.

  • Page 196: Ping Test

    Ping Test The Packet INternet Groper (Ping)Test allows you to verify connectivity to remote hosts. The Ping test operates by sending Internet Control Message Protocol (ICMP) request packets to the tested host and waits for an ICMP response. In the process it measures the time from transmission to reception and records any packet loss.

  • Page 197: Ipv6 Ping Test

    IPv6 Ping Test Send a ping request to a specified IPv6 address. Check whether the Switch can communicate with a particular network host before testing. You can vary the test parameters by entering the data in the appropriate boxes. To verify accuracy of the test, it is recommended that you run multiple tests in case of a test fault or user error.

  • Page 198: Trace Route

    Trace Route The traceroute feature is used to discover the routes that packets take when traveling to their destination. It will list all the routers it passes through until it reaches its destination, or fails to reach the destination and is discarded. In testing, it will tell you how long each hop from router to router takes via the trip time of the packets it sends and receives from each successive host in the route.

  • Page 199: Maintenance

    Maintenance Maintenance functions are available from the maintenance bar located on the upper right corner of the user interface. Maintenance functions include: saving configuration settings, upgrading firmware, resetting the configuration to factory default standards, rebooting the device, and logging out of the interface.

  • Page 200: Firmware Upgrade

    Firmware Upgrade WARNING Backup your configuration before upgrading to prevent loss of settings information. NOTE: The upgrade process may require a few minutes to complete. It is advised to clear your browser cache after upgrading your firmware. Chapter 0...

  • Page 201: Appendix

    Appendix...

  • Page 202: Appendix A - Federal Communication Commission Interference Statement

    Appendix A - Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.

  • Page 203: Appendix B - Ic Interference Statement

    Appendix B - IC Interference Statement Industry Canada Statement This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

  • Page 204: Appendix C - Ce Interference Statement

    Appendix C - CE Interference Statement Europe – EU Declaration of Conformity This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test methods have been applied in order to prove presumption of conformity with the essential requirements of the R&TTE Directive 1999/5/EC: •...
  • Page 205 This device is a 5GHz wideband transmission system (transceiver), intended for use in all EU member states and EFTA countries, except in France and Italy where restrictive use applies. In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain authorization to use the device for setting up outdoor radio links and/or for supplying public access to telecommunications and/or network services.
  • Page 206 Hierbij verklaart [naam van de fabrikant] dat het toestel [type van toestel] in Nederlands overeenstemming is met de essentiële eisen en de andere relevante bepalingen van [Dutch] richtlijn 1999/5/EG. Hawnhekk, [isem tal-manifattur], jiddikjara li dan [il-mudel tal-prodott] jikkonforma Malti [Maltese] mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.

Table of Contents