Chapter 1 – Getting Started There are two ways to configure the device: through the graphical user interface and through the menu command line interface. Starting the Web-based Configuration Utility This section describes how to navigate the Web-based switch configuration utility. If you are using a pop-up blocker, make sure it is disabled.
Logging Out By default, the application logs out after ten minutes of inactivity. CAUTION Unless the Running Configuration is copied to the Startup Configuration, rebooting the device will remove all changes made since the last time the file was saved. Save the Running Configuration to the Startup Configuration before logging off to preserve any changes you made during this session.
Management Buttons The following table describes the commonly used buttons that appear on various pages in the system. Button Name Description Click to display the related Add page and add an entry to a table. Enter the information and click Apply to save it to the Running Configuration.
Page 8
Configuring with Menu Command Line Interface To configure with the device through the menu CLI: 1. Log on to the device through telnet. 2. Configure the device. 3. Click Logout.
Chapter 2 – System Status System Summary The System Summary page provides a graphic view of the device, and displays device status, hardware information, firmware version information, general PoE status, and other items. To view system information, click System Status > System Summary. The System Summary page contains system and hardware information.
• Firmware Version—Firmware version number. • Boot Code Version—Boot version number. Hardware Version —Hardware version number of the device. • • Serial Number—Serial number. Device Status • Fan Status—Applicable only to models that have fans. The following values are possible: OK—Fan is operating normally.
Page 11
To view RMON statistics and/or set the refresh rate: 1. Click System Status > RMON > Statistics. 2. Select the Interface for which statistics are to be displayed. 3. Select the Refresh Rate, the time period that passes before the interface statistics are refreshed.
• Frames of 512 to 1023 Bytes—Number of frames, containing 512-1023 bytes that were received. • Packets of 1024 and More Bytes—Number of frames, containing 1024- 2000 bytes, and Jumbo Frames, that were received. To clear or view statistics counters: •...
4. Click Apply. The entry is added to the History Control Table page, and the Running Configuration file is updated. 5. Click the History button (described below) to view the actual statistics. RMON History Table The History Table page displays interface-specific statistical network samplings. The samples were configured in the History Control table described above.
• Jabbers—Total number of received packets that were longer than 2000 octets. This number excludes frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number.
Page 15
Trap (SNMP Manager and SYSLOG Server)—Send a trap to the remote log server when the alarm goes off. Log and Trap—Add a log entry to the Event Log table and send a trap to the remote log server when the alarm goes off. •...
RMON Alarms RMON alarms provide a mechanism for setting thresholds and sampling intervals to generate exception events on counters or any other SNMP object counter maintained by the agent. Both the rising and falling thresholds must be configured in the alarm. After a rising threshold is crossed, no rising events are generated until the companion falling threshold is crossed.
• Falling Threshold—Enter the value that triggers the falling threshold alarm. • Startup Alarm—Select the first event from which to start generation of alarms. Rising is defined by crossing the threshold from a low-value threshold to a higher- value threshold. o Rising Alarm—A rising value triggers the rising threshold alarm.
Page 18
To display Ethernet statistics and/or set the refresh rate: 1. Click System Status > Interface Statistics. 2. Enter the parameters. Interface—Select the specific interface for which Ethernet statistics are to be displayed. Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed.
Chapter 3 – Quick Start To simplify device configuration through quick navigation, the Quick Start page provides links to the most commonly used pages. Link Name (on the Page) Linked Page Configure User Accounts and User Access & Accounts Management Access Configure Device IP Address IPv4 Interface Create VLANs...
Chapter 4 – System Management System Information To enter system information: 1. Click Configuration > System Management > System Information. 2. View or modify the system settings. System Description—Displays a description of the device. • • System Location—Enter the location where the device is physically located. •...
Management Session Timeout The Management Session Timeout configures the time intervals that the management sessions can remain idle before they timeout and you must log in again to reestablish the session. To set the idle session timeout for various types of sessions: 1.
Page 22
Clock Source System time can be set manually by the user, or dynamically from an SNTP server. If an SNTP server is chosen, the manual time settings are overwritten when communications with the server are established. As part of the boot process, the device always configures the time, time zone, and DST. These parameters are obtained from SNTP, values set manually, or if all else fails, from the factory defaults.
• If the server supplying the source parameters fails, or dynamic configuration is disabled by the user, the manual settings are used. • Dynamic configuration of the time zone and DST continues after the IP address lease time has expired. •...
Page 24
2. Enter these parameters: Clock Source • SNTP-If you enable this, the system time is obtained from an SNTP server. To use this feature, you must also configure a connection to an SNTP server in the SNTP Unicast Server page. SNTP Client Unicast-Select to enable client Unicast mode.
• Daylight Savings Type o USA - DST is set according to the dates used in the USA. o European - DST is set according to the dates used by the European Union and other countries that use this standard. o By Dates - DST is set manually, typically for a country other than the USA or a European country.
Page 26
To add a Unicast SNTP server: 1. Click Configuration > System Management > Time > SNTP Unicast Server. This page displays the following information for each Unicast SNTP server: • SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to its stratum level.
• Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Page 28
Note—Due to the security vulnerabilities of other versions, it is recommended to use SNMPv3. SNMPv3 • In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies access control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs. SNMPv3 also defines a User Security Model (USM) that includes: Authentication—Provides data integrity and data origin authentication.
Page 29
If you decide to use SNMPv3: 1. Define the SNMP engine by using the Engine ID page. Either create a unique Engine ID or use the default Engine ID. Applying an Engine ID configuration clears the SNMP database. 2. Optionally, define SNMP view(s) by using the Views page. This limits the range of Object IDs available to a community or group.
Page 31
Feature Configuration The Engine ID is used by SNMPv3 entities to uniquely identify them. An SNMP agent is considered an authoritative SNMP engine. This means that the agent responds to incoming messages (Get, GetNext, GetBulk, Set) and sends trap messages to a manager. The agent's local information is encapsulated in fields in the message.
Page 32
o Use Default—Select to use the device-generated engine ID. The default engine ID is based on the device MAC address, and is defined per standard First 4 octets—First bit = 1, the rest is the IANA enterprise number. Fifth octet—Set to 3 to indicate the MAC address that follows. Last 6 octets—MAC address of the device.
Page 33
Views A view is a user-defined label for a collection of MIB subtrees. Each subtree ID is defined by the Object ID (OID) of the root of the relevant subtrees. Either well- known names can be used to Device Model Object IDs).
Page 34
4. Include or exclude the MIB object from the view. If Include Object is selected, the MIB objects are included in the view, otherwise they are excluded. 5. Click Apply. 6. In order to verify your view configuration, select the user-defined views from the View Name list.
Page 35
SNMPv3 provides a means of controlling the content each user can read or write and the notifications they receive. A group defines read/write privileges and a level of security. It becomes operational when it is associated with an SNMP user or community. Note—To associate a non-default view with a group, first create the view in the Views page.
Page 36
o Security Level—Define the security level attached to the group. SNMPv1 and SNMPv2 support neither authentication nor privacy. If SNMPv3 is selected, select to enable one of the following: o No Authentication and No Privacy—Neither the Authentication nor the Privacy security levels are assigned to the group. o Authorized View—Select the Read, Write and Notify views associated with this group and with the above security level.
Page 37
Groups enable network managers to assign access rights to a group of users instead of to a single user. A user can only belong to a single group. To create an SNMPv3 user, the following must first exist: An engine ID must first be configured on the device. This is done in the Engine ID page. An SNMPv3 group must be available.
Page 38
• Authentication Password—If authentication is accomplished by either a MD5 or a SHA password, enter the local user password in either Encrypted or Plaintext. Local user passwords are compared to the local database, and can contain up to 32 ASCII characters. •...
Page 39
• Advanced Mode—The access rights of a community are defined by a group (defined in the Groups page). You can configure the group with a specific security model. The access rights of a group are Read, Write, and Notify. To define SNMP communities: 1.
o Read Write—Management access is read-write. Changes can be made to the device configuration, but not to the community. o SNMP Admin—User has access to all device configuration options, as well as permissions to modify the community. SNMP Admin is equivalent to Read Write for all MIBs except for the SNMP MIBs.
Page 41
3. Enter the parameters. • Filter Name—Enter a name between 0-30 characters. Filter Object—Select the node in the MIB tree that is included or excluded in the • selected SNMP filter. The options to select the object are as follows: o Selection List—Enables you to navigate the MIB tree.
Page 42
The Notification Recipients SNMPv1/v2 page and the Notification Recipients SNMPv3 page enable configuring the destination to which SNMP notifications are sent, and the types of SNMP notifications that are sent to each destination (traps or informs). The Add/Edit pop-ups enable configuring the attributes of the notifications.
Page 43
• Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). 3. Click Apply. The SNMP Notification Recipient settings are written to the Running Configuration file. V3 Notification Recipients To define a recipient in SNMPv3: 1.
• Notification Version—Select SNMP v3. • Notification Type—Select whether to send traps or informs. If both are required, two recipients must be created. • Timeout—Enter the amount of time (seconds) the device waits before re- sending informs/traps. Timeout: Range 1-300, default 15. •...
In addition, you can send messages to remote SYSLOG servers in the form of SNMP traps and SYSLOG messages. You can configure the messages that are written to each log by severity, and a message can go to more. Log Management You can select the events by severity level.
Page 46
For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored (Notice, Informational, and Debug). To set global log parameters: 1.
Remote Log Servers The Remote Log Servers page enables defining remote SYSLOG servers where log messages are sent (using the SYSLOG protocol). For each server, you can configure the severity of the messages that it receives. To define SYSLOG servers, do the following: 1.
Page 48
o Log Server IP Address—Enter the IP address of the log server if it is to be identified by address. o Log Server Name—Enter the domain name of the log server if it is to be identified by name. • Server Settings o UDP Port—Enter the UDP port to which the log messages are sent.
• Severity—Event severity. • Description—Message text describing the event. To clear the log messages, click Clear. Flash Memory Log The Flash Memory Log page displays the messages that were stored in the Flash memory, in chronological order. The minimum severity for logging is configured in the Log Management page. Flash logs remain when the device is rebooted.
Chapter 5 – Port Management Ports To configure port settings: 1. Click Configuration > Port Management > Ports. 2. Select Enable to support jumbo packets of up to 10 KB in size. If Jumbo Frames is not enabled (default), the system supports packet size up to 2,000 bytes. For Jumbo Frames to take effect, the device must be rebooted after the feature is enabled.
Page 51
Protected Port—Select to make this a protected port. (A protected port is also referred to as a Private VLAN Edge.) Features of a protected port: Protected Ports provide Layer 2 isolation between interfaces (Ethernet ports and LAGs) that share the same VLAN. Packets received from protected ports can be forwarded only to unprotected egress ports.
Back Pressure—Used with Half Duplex mode to slow down the packet reception speed when the device is congested. It disables the remote port, preventing it from sending packets by jamming the signal. Flow Control—Enable or disable 802.3x Flow Control, or enable the Auto Negotiation of flow control on the port (only when in Full Duplex mode).
Page 53
This switch supports two modes of load balancing. By MAC Addresses—(Default) Based on the destination and source MAC addresses of all • packets. By IP and MAC Addresses—Based on the destination and source IP addresses for IP • packets, and destination and source MAC addresses for non-IP packets. LAG Management In general, a LAG is treated by the system as a single logical port.
Page 54
LAGs The LAGs page enables you to configure the global settings, and to select and edit the desired LAG on the Edit LAG Membership page. To define the member or candidate ports in a LAG: 1. Click Configuration > Port Management > Link Aggregation > LAGs. 2.
Page 55
o Auto Negotiation—Select to enable auto-negotiation on the LAG. Auto- negotiation is a protocol between two link partners that enables a LAG to advertise its transmission speed and flow control to its partner (the Flow Control default is disabled). It is recommended to keep auto-negotiation enabled on both sides of an aggregate link, or disabled on both sides, while ensuring that link speeds are identical.
Green Ethernet Green Ethernet is a common name for a set of features that is designed to be environmentally friendly, and to reduce the power consumption of a device. Green Ethernet is different from EEE in that Green Ethernet energy-detect is enabled on all devices where only the gigabyte ports are enabled with EEE.
Page 57
Power savings, current power consumption and cumulative energy saved can be monitored. The total amount of saved energy can be viewed as a percentage of the power that would have been consumed by the physical interfaces had they not been running in Green Ethernet mode. The saved energy displayed is only related to Green Ethernet.
Page 58
Note—If Auto-Negotiation is not enabled on a port, the EEE is disabled. The only exception is if the link speed is 1GB, then EEE will still be enabled even though Auto-Negotiation is disabled. Default Configuration By default, 802.3 EEE is enabled globally and per port. Interactions Between Features 802.3 EEE interactions with other features: If auto-negotiation is not enabled on the port, the 802.3 EEE operational status is...
Note—If Short Reach is enabled, EEE must be disabled. • 802.3 Energy Efficient Ethernet (EEE)—Select to globally enable EEE. 2. Click Apply to set the global settings. Power Savings—The percentage of power saved by running Green Ethernet and • Short Reach. The power savings displayed is only relevant to the power saved by Short Reach and Energy Detect modes.
Page 60
PoE capabilities: • Eliminates the need to run 110/220 V AC power to all devices on a wired LAN. Removes the necessity for placing all network devices next to power sources. • • Eliminates the need to deploy double cabling systems in an enterprise, significantly decreasing installation costs.
Page 61
PoE Priority Example A 48-port device is supplying a total of 375 watts. The administrator configures all ports to allocate up to 30 watts each. This results in 48 times 30 ports equaling 1440 watts, which is too much. The device cannot provide enough power to each port, so it provides power according to the priority.The administrator sets the priority for each port, allocating how much power it can be given.
Page 62
To prevent false detection, you should disable PoE on the ports on the PoE switches that are used to connect to PSEs. You should also first power up a PSE device before connecting it to a PoE device. When a device is being falsely detected as a PD, you should disconnect the device from the PoE port and power cycle the device with AC power before reconnecting its PoE ports.
• Consumed Power—Amount of power in watts that is currently being consumed by the PoE ports. • Available Power—Nominal power in watts minus the amount of consumed power. 3. Click Apply to save the PoE properties. Port Limit Power Mode To configure port limit power mode: 1.
Class Limit Power Mode To configure class limit power mode: 1. Click Configuration > Port Management > PoE > Class Limit Power Mode. • PoE Status—Enable or disable PoE on the port. Power Priority Level—Port priority is low, high, or critical, for use when the power •...
2. Select a port and click Edit. Enter the fields as described above. 3. Click Apply. The PoE settings for the port are written to the Running Configuration file. Discovery - LLDP Link Layer Discovery Protocol (LLDP) is a link layer protocol for directly-connected LLDP-capable neighbors to advertise themselves and their capabilities.
Page 66
The operation of LLDP is independent of the STP status of an interface. If 802.1x port access control is enabled at an interface, the device transmits and receives LLDP packets to and from the interface only if the interface is authenticated and authorized. If a port is the target of mirroring, then LLDP considers it down.
Page 67
The LLDP-MED TLVs to be advertised can be selected in the LLDP MED Port Settings page, and the management address TLV of the device may be configured to be advertised. To configure the LLDP port settings: 1. Click Configuration > Port Management > Discovery – LLDP > Feature Configuration. The following fields are displayed (only fields that do not appear in the Edit page are described): •...
Page 68
o Port Description—Information about the port, including manufacturer, product name and hardware/software version. o System Name—System's assigned name (in alpha-numeric format). The value equals the sysName object. o System Description—Description of the network entity (in alpha-numeric format). This includes the system's name and versions of the hardware, operating system, and networking software supported by the device.
LLDP MED Ports The LLDP MED Ports page enables the selection of the LLDP MED TLVs and/or the network policies to be included in the outgoing LLDP advertisement for the desired interfaces. Network Policies are configured using the LLDP MED Network Policy page. To configure LLDP MED on each port: 1.
• Available Network Policies—Select the LLDP MED policies to be published by LLDP by moving them from the Available Network Policies list. These were created in the LLDP MED Network Policy page. To include one or more user-defined network polices in the advertisement, you must also select Network Policy from the Available Optional TLVs.
Page 71
To view the LLDP local port status advertised on a port: 1. Click Configuration > Port Management Discovery - LLDP > LLDP Local Information. 2. Select the desired port from the Port list. This page displays the following groups of fields (the actual fields displayed depend on the optional TLVs selected to be advertised): •...
Page 72
Endpoint Class 2—Media endpoint class, offering media streaming capabilities, as well as all Class 1 features. Endpoint Class 3—Communications device class, offering all Class 1 and Class 2 features plus location, 911, Layer 2 device support, and device information management capabilities. PoE Device Type—Port PoE type;...
LLDP Neighbor Information The LLDP Neighbors Information page contains information that was received from neighboring devices. After timeout (based on the value received from the neighbor Time To Live TLV during which no LLDP PDU was received from a neighbor), the information is deleted. To view the LLDP neighbor information: Click Configuration>Port Management >...
Page 74
Supported System Capabilities—Primary functions of the device. The capabilities are indicated by two octets. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station, respectively. Bits 8 through 15 are reserved. Enabled System Capabilities—Primary enabled function(s) of the device. •...
Civic—Civic or street address. Coordinates—Location map coordinates—latitude, longitude, and altitude. ECS ELIN—Device’s Emergency Call Service (ECS) Emergency Location Identification Number (ELIN). Unknown—Unknown location information. • Network Policy Application Type—Network policy application type, for example, Voice. VLAN ID—VLAN ID for which the network policy is defined. VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined.
Page 76
Setting LLDP MED Network Policy An LLDP-MED network policy is a related set of configuration settings for a specific real-time application such as voice, or video. A network policy, if configured, can be included in the outgoing LLDP packets to the attached LLDP media endpoint device. The media endpoint device must send its traffic as specified in the network policy it receives.
Chapter 6 – VLAN Management VLANs A VLAN is a logical group of ports that enables devices associated with it to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected. Each VLAN is configured with a unique VLAN ID (VID) with a value from 1 to 4094.
The frame is discarded at the ingress port if Ingress Filtering is enabled and the ingress port is not a member of the VLAN to which the packet belongs. A frame is regarded as priority-tagged only if the VID in its VLAN tag is 0. Frames belonging to a VLAN remain within the VLAN.
Default VLAN Settings When using factory default settings, the device automatically creates VLAN 1 as the default VLAN, the default interface status of all ports is Trunk, and all ports are configured as untagged members of the default VLAN. The default VLAN has the following characteristics: It is distinct, non-static/non-dynamic, and all ports are untagged members by default.
Page 80
The Smart device supports up to 128 VLANs, including the default VLAN. Each VLAN must be configured with a unique VID with a value from 1 to 4094. The device reserves VID 4095 as the Discard VLAN and VID 4094 for 802.1x. All packets classified to the Discard VLAN are discarded at ingress, and are not forwarded to a port.
Interfaces The Interface Settings page displays and enables configuration of VLAN-related parameters for all interfaces. To configure the interface settings: 1. Click VLAN Management > Interface Settings. 2. Select an interface type (Port or LAG), and click Search. Ports or LAGs and their VLAN Membership are displayed.
Page 82
• PVID—Enter the Port VLAN ID (PVID) of the VLAN to which incoming untagged and priority tagged frames are classified. The possible values are 1 to 4094. • Acceptable Frame Type—Select the type of frame that the interface can receive. Frames that are not of the configured frame type are discarded at ingress.
Page 83
4. Enter the following fields: • VLAN Mode - Access—The interface is an untagged member of a single VLAN. A port configured in this mode is known as an access port. - Trunk—The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs.
VLAN Memberships The VLAN Memberships page displays the VLAN memberships of the ports in various presentations. You can use them to add memberships to or remove memberships from the VLANs. When a port is forbidden default VLAN membership, that port is not allowed membership in any other VLAN.
• Interface—Port/LAG ID. • PVID—Port PVID is set to this VLAN. If the interface is in access mode or trunk mode, the device automatically makes the interface an untagged member of the VLAN. If the interface is in general mode, you must manually configure VLAN membership.
Page 86
MAC-Based Group MAC-based VLAN classification enables packets to be classified according to their source MAC address. You can then define MAC-to-VLAN mapping per interface. You can define several MAC-based groups, which each group containing different MAC addresses. These MAC-based groups can be assigned to specific ports/LAGs. MAC-based groups cannot contain overlapping ranges of MAC addresses on the same port.
Page 87
To assign a MAC address to a VLAN Group: 1. Click Configuration > VLAN Management > MAC-Based Group. 2. Click Add. 3. Enter the values for the following fields: • Group ID—Enter a user-created VLAN group ID number. MAC Address—Enter a MAC address to be assigned to a VLAN group. •...
4. Click Apply to set the mapping of the VLAN group to the VLAN. This mapping does not bind the interface dynamically to the VLAN; the interface must be manually added to the VLAN.) Voice VLAN In a LAN, voice devices, such as IP phones, VoIP endpoints, and voice systems are placed into the same VLAN.
Page 89
Voice VLAN CoS The device can advertise the CoS/802.1p and DSCP settings of the voice VLAN by using LLDP- MED Network policies. You can create your network policy manually or enable the device to automatically generate the network policy based on your voice VLAN configuration. MED- supported devices must send their voice traffic with the same CoS/802.1p and DSCP values, as received with the LLDP- MED response.
Page 90
Feature Configuration To configure Auto Voice VLAN: 1. Click Configuration > VLAN Management > Voice VLAN > Feature Configuration. 2. Enter the following to configure Voice VLAN: • Voice VLAN ID—Enter the identifier of the current voice VLAN • CoS/802.1p—Select the CoS/802.1p value to be used by the LLDP-MED as a voice network policy.
Page 91
3. Enter the values for the following fields: • Telephony OUI—First six digits of the MAC address that are reserved for OUIs. Description—User-assigned OUI description. • Note—Click Restore to delete all of the user-created OUIs, and leave only the default OUIs in the table.
Page 92
To configure Telephony OUI on an interface: 1. Click Configuration > VLAN Management > Voice VLAN > Telephony OUI Interfaces. 2. To configure an interface to be a candidate port of the telephony OUI-based voice VLAN, click Edit. 3. Enter the values for the following fields: •...
Chapter 7 - Spanning Tree Management Spanning Tree Protocol protects a Layer 2 Broadcast domain from Broadcast storms by selectively setting links to standby mode to prevent loops. In standby mode, these links temporarily stop transferring user data. After the topology changes so that the data transfer is made possible, the links are automatically reactivated.
Spanning Tree To set the STP status and global settings: 1. Click Configuration > Spanning Tree Management > Spanning Tree. 2. Enter the parameters. Global Settings: • Spanning Tree—Select to enable on the device. • Spanning Tree Mode—Select an STP mode - Classic STP, Rapid STP or Multiple STP.
Page 95
Bridge Settings: • Priority—Sets the bridge priority value. After exchanging BPDUs, the device with the lowest priority becomes the Root Bridge. In the case that all bridges use the same priority, then their MAC addresses are used to determine the Root Bridge. The bridge priority value is provided in increments of 4096.
STP Interfaces The STP Interface page enables you to configure STP on a per-port basis, and to view the information learned by the protocol, such as the designated bridge. The defined configuration entered is valid for all flavors of the STP protocol. To configure STP on an interface: 1.
• Port State—Displays the current STP state of a port. o Disabled—STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. o Blocking—The port is currently blocked, and cannot forward traffic (with the exception of BPDU data) or learn MAC addresses. o Listening—The port is in Listening Mode.
Page 98
To configure RSTPs: 1. Click Configuration > Spanning Tree Management > Spanning Tree. 2. Select Rapid STP on the Spanning Tree Mode line. 3. Click Configuration > Spanning Tree Management > Spanning Tree > RSTP Interfaces. 4. Select an interface, and click Edit. 5.
o Backup - Provides a backup path to the designated port path toward the spanning tree leaves. This provides a configuration in which two ports are connected in a loop by a point-to-point link. Backup ports are also used when a LAN has two or more established connections to a shared segment. o Disabled - The port is not participating in spanning tree.
Page 100
Decide which MSTP instance be active in what VLAN, and associate these MSTP instances to VLAN(s) accordingly. Configure MSTP attributes on the following pages: • MSTP Properties MSTP Instance Status • • MSTP Instance Interface MSTP Interfaces The global MSTP configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each spanning tree instance.
Page 101
Enter the parameters. • Region Name—Define an MSTP region name. Revision—Define an unsigned 16-bit number that identifies the revision of the • current MST configuration. The field range is from 0 to 65535. Maximum Hops—Set the total number of hops that occur in a specific region •...
MSTP Instance Status The MSTP Instance Status page displays parameters of MST instances. This is the per-instance equivalent to the Spanning Tree page. To view MSTP instance settings: Click Configuration > Spanning Tree Management > MSTP Instance Status. • Instance ID—Select an MST instance to be displayed and defined. •...
MSTP Instance Interface The MSTP Instance Interface page enables you to configure the port MSTP settings for every MST instance, and to view information that has currently been learned by the protocol, such as the designated bridge per MST instance. To configure the ports in an MST instance: 1.
Page 104
Learning—The port on this instance is in Learning mode. The port cannot forward traffic, but it can learn new MAC addresses. Forwarding—The port on this instance is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Boundary—The port on this instance is a boundary port.
Page 105
• Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. 4. Select an interface, and click Edit. 5. Enter the parameters. 6. Click Apply. The Running Configuration file is updated.
Chapter 8 - MAC Address Management There are two types of MAC addresses—static and dynamic. Depending on their type, MAC addresses are either stored in the Static Address table or in the Dynamic Address table, along with VLAN and port information. Static addresses are configured by the user, and therefore, they do not expire.
2. Enter Aging Time. The aging time is a value between the user-configured value and twice that value minus 1. For example, if you entered 300 seconds, the aging time is between 300 and 599 seconds. 3. Click Apply. The aging time is updated. 4.
o Permanent—The system never removes this MAC address. If the static MAC address is saved in the Startup Configuration, it is retained after rebooting. o Delete on reset—The static MAC address is deleted when the device is reset. o Delete on timeout—The MAC address is deleted when aging occurs. o Secure—The MAC address is secure when the interface is in classic locked mode (see Port...
Page 109
o LLC-SNAP—Applies to Logical Link Control/Sub-Network Access Protocol (LLC-SNAP) packets with the specific MAC address. o All—Applies to all packets with the specific MAC address and protocol. • Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: o Bridge—Forward the packet to all VLAN members.
Chapter 9 – Multicast Multicast forwarding enables one-to-many information dissemination. Multicast applications are useful for dissemination of information to multiple clients, where clients do not require reception of the entire content. A typical application is a cable-TV-like service, where clients can join a channel in the middle of a transmission, and leave before it ends.
Page 111
The device can forward Multicast streams based on one of the following options: • Multicast MAC Group Address IP Multicast Group Address (G) • • A combination of the source IP address (S) and the destination IP Multicast Group Address (G) of the Multicast packet.
Feature Configuration The Feature Configuration page enables you to configure the Bridge Multicast filtering status. By default, all Multicast frames are flooded to all ports of the VLAN. To selectively forward only to relevant ports and filter (drop) the Multicast on the rest of the ports, enable Bridge Multicast filtering status in the Feature Configuration page.
Page 113
By selecting the forwarding mode, you can define the method used by hardware to identify Multicast flow by one of the following options: MAC Group Address, IP Group Address, or Source Specific IP Group Address. (S, G) is supported by IGMPv3, while IGMPv1/2 support only (*, G), which is just the group ID.
IGMP Snooping To enable IGMP Snooping and identify the device as an IGMP Snooping Querier on a VLAN: 1. Click Configuration > Multicast > IGMP Snooping. 2. Enable IGMP Snooping. When IGMP Snooping is enabled globally, the device monitoring network traffic can determine which hosts have requested to receive Multicast traffic.
• Querier Source IP Address-Select the source IP address of the IGMP Querier. The following options are available: Auto-The system decides whether to use the IP address of the VLAN or the management IP address. User Defined-This can be the IP address of the VLAN or it can be the management IP address.
• Immediate Leave—Select to enable the switch to remove an interface that sends a leave message from the forwarding table without first sending out MAC-based general queries to the interface. When an MLD Leave Group message is received from a host, the system removes the host port from the table entry. After it relays the MLD queries from the Multicast router, it deletes entries periodically if it does not receive any MLD membership reports from the Multicast clients.
3. Click Search. The interfaces matching the query criteria are displayed. For each port or LAG, select its association type. Static—The port is statically configured as a Multicast router port. • • Dynamic—(Display only) The port is dynamically configured as a Multicast router port by a IGMP query.
To define Forward All Multicast: 1. Click Configuration > Multicast > Forward All. STEP 2 Define the following: 2. VLAN ID — The VLAN ID the ports/LAGs are to be displayed. 3. Interface Type — Define whether to display ports or LAGs. 4.
Page 119
You can select a port to receive or filter unregistered Multicast streams. The configuration is valid for any VLAN of which it is a member (or will be a member). This feature ensures that the customer receives only the Multicast groups requested and not others that may be transmitted in the network.
IGMP/MLD IP Group Addresses The IGMP IP Group Addresses page displays the IPv4 group address learned from IGMP messages. There might be a difference between information on this page and, for example, information displayed in the MAC Group Address FDB page. Assuming that the system is in MAC-based groups and a port that requested to join the following Multicast groups 224.1.1.1 and 225.1.1.1, both are mapped to the same MAC Multicast address 01:00:5e:01:01:01.
• Excluded Ports — The list of ports not included in the group. • Compatibility Mode — The oldest IGMP version of registration from the hosts the device receives on the IP group address. MAC Group Address FDB The device supports forwarding incoming Multicast traffic based on the Multicast group information.
Page 122
To define and view MAC Multicast groups: 1. Click Configuration > Multicast > MAC Group Address FDB. 2. Enter the parameters. • VLAN ID —Enter the VLAN ID of the group to be displayed. • MAC Group Address —Set the MAC address of the Multicast group to be displayed.
IP Group Address FDB The IP Group Address FDB page enables querying and adding IP Multicast groups contained in the IP Multicast Groups Forwarding Data Base. To define and view IP Multicast groups: 1. Click Configuration > Multicast > IP Group Address FDB. The page contains all of the IP Multicast group addresses learned by snooping.
Page 124
6. Click Apply. The IP Multicast group is added, and the device is updated. To configure and display the registration of an IP group address, select an address and click Membership. The VLAN ID, IP Version, IP Multicast group address, and Source IP address selected are displayed as read-only in the top of the window.
Chapter 10 - IP Interface IPv4 Layer 2 IP Addressing The device has one IPv4 address and up to two IPv6 interfaces in the management VLAN. This IP address and the default gateway can be configured manually, or by DHCP. The static IP address and default gateway are configured on the IPv4 Interface page.
• With factory default settings, when no statically defined or DHCP- acquired IP address is available, the default IP address is used. When the other IP addresses become available, the addresses are automatically used. The default IP address is always on the management VLAN.
Page 127
SubNet Mask—Select and enter the IP address mask. Prefix Length—Select and enter the length of the IPv4 address prefix. User Defined Default Gateway—Select User Defined and enter the default • gateway IP address. Default Gateway—Displays the current default gateway status. •...
The ARP table displays the following fields: • IP Interface—The IPv4 Interface of the directly-connected IP subnet where the IP device resides. • IP Address—The IP address of the IP device. MAC Address—The MAC address of the IP device. • •...
IPv6 Interface An IPv6 interface can be configured on a port, LAG, or VLAN. To define an IPv6 interface: 1. Click Configuration > IP Interface> IPv6 > IPv6 Interface. 2. Click Add to add a new interface on which interface IPv6 is enabled. 3.
• All link local Multicast addresses (FF02::1) • Solicited-Node Multicast address (format FF02::1:FFXX:XXXX) IPv6 Interface Addresses To assign an IPv6 address to an IPv6 Interface: 1. Click Configuration > IP Interface> IPv6 > IPv6 Interface Addresses. 2. To filter the table, select an interface name, and click Search. The interface appears in the IPv6 Address Table.
Page 131
• Prefix Length—The length of the Global IPv6 prefix is a value from 0-128 indicating the number of the high-order contiguous bits of the address that comprise the prefix (the network portion of the address). EUI-64—Select to use the EUI-64 parameter to identify the interface ID portion of •...
• Type — The default router configuration that includes the following options: • Static—The default router was manually added to this table through the Add button. • Dynamic—The default router was dynamically configured. 2. Click Add to add a static default router. 3.
• Next Hop Router IPv6 Address—Address where the packet is forwarded. Typically, this is the address of a neighboring router. It can be one of the following types. o Link Local—An IPv6 interface and IPv6 address that uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network.
Page 134
The IPv6 Neighbors page enables configuring and viewing the list of IPv6 neighbors on the IPv6 interface. The IPv6 Neighbor Table (also known as IPv6 Neighbor Discovery Cache) displays the MAC addresses of the IPv6 neighbors that are in the same IPv6 subnet as the device. This is the IPv6 equivalent of the IPv4 ARP Table.
Chapter 11 - IP Network Operations Domain Name System The Domain Name System (DNS) translates domain names into IP addresses for the purpose of locating and addressing hosts. As a DNS client, this device resolves domain names to IP addresses through the use of one or more configured DNS servers.
Up to eight DNS servers can be defined. To add a DNS server: 1. Click Add. 2. Enter the parameters. • IP Version—Select IPv6 or IPv4. IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). • o Global — The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
Page 137
• DHCP Insertion - Add Option 82 information to packets that do not have foreign Option 82 information. • DHCP Passthrough - Forward or reject DHCP packets that contain Option 82 information from untrusted ports. On trusted ports, DHCP packets containing Option 82 information are always forwarded.
Page 138
4. DHCP server sends DHCPOFFER packet to offer an IP address, DHCPACK to assign one, or DHCPNAK to deny the address request. 5. Device snoops packet. If an entry exists in the DHCP Snooping Binding table that matches the packet, the device replaces it with IP-MAC binding on receipt of DHCPACK. 6.
DHCP Snooping In Layer 2, DHCP Snooping can only be enabled on VLANs with IP addresses. To globally configure DHCP Snooping/Relay: 1. Click Configuration > IP Network Operations > DHCP > DHCP Snooping. 2. To enable DHCP Snooping enter the following fields: DHCP Snooping—Select to enable DHCP Snooping.
Page 140
DHCP Interfaces In Layer 2, DHCP Snooping can only be enabled on VLANs with IP addresses. To enable DHCP Snooping on specific interfaces: 1. Click Configuration > IP Network Operations > DHCP > DHCP Interfaces. 2. The following fields are displayed for each interface for which the DHCP Snooping is enabled: •...
Trusted Interface Packets from untrusted ports/LAGs are checked against the DHCP Snooping Binding Database. By default, interfaces are untrusted. To designate an interface as untrusted go to Interface Settings. DHCP Snooping Binding Database Note the following points about maintenance of the DHCP Snooping Binding database: The device does not update the DHCP Snooping Binding database when a station moves to another interface.
Page 142
When DHCP Snooping is disabled for a VLAN, the binding entries that were collected for that VLAN are removed. If the database is full, DHCP Snooping continues to forward packets, but new entries are not created. To add entries to the DHCP Snooping Binding database: 1.
Chapter 12 – Security Management Security The default username/password is admin/admin. User Access & Accounts The User Access & Accounts page enables entering additional users that are permitted to access to the device (read-only or read-write) or changing the passwords of existing users. User authentication occurs in the order that the authentication methods are selected.
Page 145
To add a new user: 1. Click Configuration > Security > Management Security > User Access & Accounts. 2. Enter the following fields: • HTTP Service—Select to enable on the device. • HTTP Server Port—Enter the port on which HTTP is enabled. •...
Page 146
User authentication occurs in the order that the authentication methods are selected. If the first authentication method is not available, the next selected method is used. For example, if the selected authentication methods are RADIUS and Local, and all configured RADIUS servers are queried in priority order and do not reply, the user is authenticated locally.
Access Profile Access profiles determine how to authenticate and authorize users accessing the device through various access methods. Access profiles can limit management access from specific sources. Only users who pass both the active access profile and are authorized based on the authentication methods that correspond to the access method are given management access to the device.
Page 148
• Source IP Address—IP addresses or subnets. Access to management methods might differ among user groups. For example, one user group might be able to access the device module only by using an HTTPS session, while another user group might be able to access the device module by using both HTTPS and Telnet sessions.
Page 149
• Telnet—Users requesting access to the device that meets the Telnet access profile criteria are permitted or denied access. • HTTP— Users requesting access to the device that meets the HTTP access profile criteria, are permitted or denied. • Secure HTTP (HTTPS)—Users requesting access to the device that meets the HTTPS access profile criteria, are permitted or denied.
Access Profile Rules Access profiles can contain up to 128 rules to determine who is permitted to manage and access the device, and the access methods that may be used. Each rule in an access profile contains an action and criteria (one or more parameters) to match. Each rule has a priority;...
Page 151
o All—Assigns all management methods to the rule. o Telnet—Users requesting access to the device that meets the Telnet access profile criteria are permitted or denied access. o HTTP—Assigns HTTP access to the rule. Users requesting access to the device that meets the HTTP access profile criteria, are permitted or denied. o Secure HTTP (HTTPS)—Users requesting access to the device that meets the HTTPS access profile criteria, are permitted or denied.
RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X network access control. The device is a RADIUS client that can use a RADIUS server to provide centralized security. An organization can establish a RADIUS server to provide centralized 802.1X network access control for all of its devices.
Page 153
Defaults The following defaults are relevant to this feature: No default RADIUS server is defined by default. • • If you configure a RADIUS server, the accounting feature is disabled by default. To user a RADIUS server: 1. Open an account for the device on the RADIUS server. 2.
Page 154
• IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: o Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network.
Network Access Control 802.1x authentication restricts unauthorized clients from connecting to a LAN through publicity- accessible ports. 802.1x authentication is a client-server model. In this model, network devices have the following specific roles: • Client or supplicant Authenticator • • Authentication server This is described in the figure below: A network device can be either a client/supplicant, an authenticator or both per port.
Page 156
Authentication Server An authentication server performs the actual authentication of the client. The authentication server for the device is a RADIUS authentication server with EAP extensions. Port Administrative Authentication States The port administrative state determines whether the client is granted access to the network. The port administrative state can be configured in the Port Authentication page.
Page 157
Multiple Authentication Methods If more than one authentication method is enabled on the switch, the following hierarchy of authentication methods is applied: • 802.1x Authentication: Highest MAC-Based Authentication: Lowest • Multiple methods can run at the same time. When one method finishes successfully, the client becomes authorized, the methods with lower priority are stopped and the methods with higher priority continue.
Page 158
In this case, the switch supports EAP MD5 functionality with the username and password equal to the client MAC address, as shown below. Guest VLAN The guest VLAN provide access to services that do not require the subscribing devices or ports to be 802.1X or MAC-based authenticated and authorized.
Page 159
When the RADIUS-Assigned VLAN feature is enabled, the host modes behave as follows: • Single-Host and Multi-Host Mode Untagged traffic and tagged traffic belonging to the RADIUS-assigned VLAN are bridged via this VLAN. All other traffic not belonging to unauthenticated VLANs is discarded. Full Multi-Sessions Mode •...
Page 160
Feature Configuration The Feature Configuration page is used to globally enable 802.1X and define how ports are authenticated. For 802.1X to function, it must be activated globally and individually on each port. To define port-based authentication: 1. Click Configuration > Security > Network Access Control > Feature Configuration. 2.
• Guest VLAN—Enable the use of a guest VLAN for unauthorized ports. If a guest VLAN is enabled, all unauthorized ports automatically join the VLAN selected in the Guest VLAN ID field. If a port is later authorized, it is removed from the guest VLAN.
Page 162
2. Select a port, and click Edit. 3. Enter the parameters. Interface—Select a port. • • Port Control—Select the Administrative Port Authorization state. o Force Unauthorized—Denies the interface access by moving the interface into the unauthorized state. The device does not provide authentication services to the client through the interface.
• Reauthentication Period—Enter the number of seconds after which the selected port is reauthenticated. 4. Click Apply. The port settings are written to the Running Configuration file. Authenticated Hosts To display details about authenticated users: Click Configuration > Security > Network Access Control > Authenticated Hosts. •...
Page 164
Mode Behavior The following tables describes how authenticated and non-authenticated traffic is handled in various situations. Unauthenticated Traffic With Guest VLAN Without Guest VLAN Untagged Tagged Untagged Tagged Frames are remapped Frames are dropped Frames are dropped Frames are dropped Multi-host to the guest VLAN unless they belong to...
Port Security Network security can be increased by limiting access on a port to users with specific MAC addresses. The MAC addresses can be either dynamically learned or statically configured. Port security monitors received and learned packets. Access to locked ports is limited to users with specific MAC addresses.
Page 166
To configure port security: 1. Click Configuration > Security > Port Security. 2. Select an interface to be modified, and click Edit. 3. Enter the parameters. • Interface—Select the interface name. Interface Status—Select to lock the port. • • Learning Mode—Select the type of port locking. To configure this field, the Interface Status must be unlocked.
Storm Control When Broadcast, Multicast, or Unknown Unicast frames are received, they are duplicated, and a copy is sent to all possible egress ports. This means that in practice they are sent to all ports belonging to the relevant VLAN. In this way, one ingress frame is turned into many, creating the potential for a traffic storm.
Page 168
• Storm Control Rate Threshold—Enter the maximum rate at which unknown packets can be forwarded. The default for this threshold is 10,000 for FE devices and 100,000 for GE devices. 3. Click Apply. Storm control is modified, and the Running Configuration file is updated.
Chapter 13 - Access Control List The Access Control List (ACL) feature is part of the security mechanism. ACLs enable network managers to define patterns (filter and actions) for ingress traffic. Packets, entering the device on a port or LAG with an active ACL, are either admitted or denied entry. An Access Control List (ACL) is an ordered list of classification filters and actions.
• MAC-based ACL by using the MAC Based ACL page and the MAC Based ACE page. • IPv4-Based ACL by using the IPv4 Based ACL page and the IPv4 Based ACE page. IPv6-Based ACL by using the IPv6 Based ACL page and the IPv6 Based ACE page. •...
MAC-based ACLs are defined in the MAC Based ACL page. The rules are defined in the MAC- Based ACE page. To define a MAC-based ACL: 1. Click Configuration > Access Control List > MAC Based ACL. This page contains a list of all currently-defined MAC-based ACLs. 2.
Page 172
• Destination MAC Address—Select Any if all destination addresses are acceptable or User Defined to enter a destination address or a range of destination addresses. • Destination MAC Address Value—Enter the MAC address to which the destination MAC address is to be matched and its mask (if relevant). •...
IPv4-Based ACL IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs, are not checked. The following fields can be matched: • IP protocol (by name for well-known protocols or directly by value) • Source/destination ports for TCP/UDP traffic Flag values for TCP frames •...
IPv4-Based ACE To add rules (ACEs) to an IPv4-Based ACL: 1. Click Configuration > Access Control List > IPv4-Based ACE. 2. Select an ACL, and click Search. All currently-defined IP ACEs for the selected ACL are displayed. 3. Click Add. 4.
Page 175
• Protocol ID —Instead of selecting the name, enter the protocol ID. • Source IP Address—Select Any if all source address are acceptable or User Defined to enter a source address or range of source addresses. • Source IP Address Value—Enter the IP address to which the source MAC address is to be matched and its mask (if relevant).
IPv6-Based ACL To define an IPv6-Based ACL: 1. Click Configuration > Access Control List > IPv6 Based ACL. This page contains all currently defined IPv6-Based ACLs. 2. Click Add. 3. Enter the name of the new ACL in the ACL Name field. The names are case-sensitive. 4.
Page 177
2. Select an ACL, and click Search. All currently-defined IP ACEs for the selected ACL are displayed. 3. Click Add. 4. Enter the parameters. • ACL Name—Displays the name of the ACL. ACE Priority—Enter the priority. ACEs with higher priority are processed first. •...
• Note—You must specify the IP protocol for the ACE before you can enter the source and/or destination port. • Type of Services—The service type of the IP packet. o Any—Any service type o DSCP to Match—Differentiated Serves Code Point (DSCP) to match o IP Precedence—IP precedence is a model of TOS (type of service) that the network uses to help provide the appropriate QoS commitments.
Page 179
Note—To unbind all ACLs from an interface, select the interface, and click Clear. 4. Select an interface, and click Edit. 5. Select one of the following: • MAC Based ACL—Select a MAC-based ACL to be bound to the interface. • IPv4 Based ACL—Select an IPv4-Based ACL to be bound to the interface.
Chapter 14 - Quality of Service The Quality of Service feature is applied throughout the network to ensure that network traffic is prioritized according to required criteria and the desired traffic receives preferential treatment. The QoS feature is used to optimize network performance. It provides classification of incoming traffic to traffic classes, based on attributes, including: •...
Page 181
QoS Modes The QoS mode that is selected applies to all interfaces in the system. Basic Mode—Class of Service (CoS). • All traffic of the same class receives the same treatment, which is the single QoS action of determining the egress queue on the egress port, based on the indicated QoS value in the incoming frame.
Feature Configuration The Feature Configuration page contains fields for setting the QoS mode for the system (Basic, or Disabled, as described in the “QoS Modes” section). In addition, the default CoS priority for each interface can be defined. To select the QoS mode: 1.
2. Enter the parameters. • Interface—Select the port or LAG. Default CoS—Select the default CoS (Class-of-Service) value to be assigned for • incoming packets (that do not have a VLAN tag). 3. Click Apply. The interface default CoS value is saved to Running Configuration file. Queue Scheduling The device supports 4 queues for each interface.
It is also possible to assign some of the lower queues to WRR, while keeping some of the higher queues in strict priority. In this case, traffic for the strict priority queues is always sent before traffic from the WRR queues. Only after the strict priority queues have been emptied is traffic from the WRR queues forwarded.
Page 185
The CoS/802.1p to Queue page maps 802.1p priorities to egress queues. The CoS/802.1p to Queue Table determines the egress queues of the incoming packets based on the 802.1p priority in their VLAN Tags. For incoming untagged packets, the 802.1p priority is the default CoS/802.1p priority assigned to the ingress ports.
DSCP to Queue The DSCP (IP Differentiated Services Code Point) to Queue page maps DSCP values to egress queues. The DSCP to Queue Table determines the egress queues of the incoming IP packets based on their DSCP values. The original VPT (VLAN Priority Tag) of the packet is unchanged. By simply changing the DSCP to Queue mapping and the Queue schedule method and bandwidth allocation, it is possible to achieve the desired quality of services in a network.
To map DSCP to queues: 1. Click Configuration > Quality of Service > DSCP to Queue. 2. Select the Output Queue (traffic forwarding queue) to which the DSCP value is mapped. 3. Click Apply. The Running Configuration file is updated. Bandwidth Control The Bandwidth Control page enables users to define two values, Ingress Rate Limit and Egress Shaping Rate, which determine how much traffic the system can receive and send.
• Ingress Rate Control—Select to enable the ingress rate limit, which is defined in the field below. • Ingress Rate Limit—Enter the maximum amount of bandwidth allowed on the interface. • Ingress Committed Burst Size—Enter the maximum burst size of data for the ingress interface in bytes of data.
To define egress shaping per queue: 1. Click Configuration > Quality of Service > Egress Shaping. The Egress Shaping page displays the rate limit and burst size for each queue. 2. Select an interface type (Port or LAG), and click Search. 3.
Page 190
To configure Basic QoS mode: 1. Select Basic mode for the system by using the Feature Configuration page. 2. Select the trust-behavior using the Basic QoS page. The device supports CoS/802.1p trusted mode and DSCP trusted mode. CoS/802.1p trusted mode uses the 802.1p priority in the VLAN tag.
QoS Statistics Queues Statistics The Queues Statistics page displays queue statistics, including statistics of forwarded and dropped packets, based on interface, queue, and drop precedence. To view Queues Statistics: 1. Click Configuration > Quality of Service > QoS Statistics > Queues Statistics. This page displays the following fields: Refresh Rate—Select the time period that passes before the interface Ethernet •...
Page 192
• Queue—Packets were forwarded or tail dropped from this queue. • Drop Precedence—Lowest drop precedence has the lowest probability of being dropped. • Total Packets—Number of packets forwarded or tail dropped. Tail Drop Packets—Percentage of packets that were tail dropped. •...
Chapter 15 - Maintenance All models can be fully managed through the web-based switch configuration utility. GE is the naming convention used for Gigabit Ethernet (10/100/1000) ports. In Layer 2 system mode, the device forwards packets as a VLAN-aware bridge. Reboot Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted before they take effect.
Page 194
Content can be copied from one configuration file type to another, but the names of the file types cannot be changed by the user. Other files on the device include firmware, boot code, and log files, and are referred to as operational files.
Page 195
Firmware & Boot Code The Upgrade/Backup Firmware process can be used to upgrade or backup the firmware image and/or boot code. The following methods for transferring files are supported: HTTP/HTTPS that uses the facilities provided by the browser • • TFTP that requires a TFTP server There are two firmware images stored on the device.
Page 196
• Boot Code—Controls the basic system startup and launches the firmware image. • Source File Name—Enter the name of the source file. TFTP Server—Select whether to specify the TFTP server by IP address or domain • name. IP Version—Select whether an IPv4 or an IPv6 address is used. •...
Active Firmware Image There are two firmware images stored on the device. One of the images is identified as the active image and the other image is identified as the inactive image. The device boots from the image you set as the active image. You can change the image identified as the inactive image to the active image.
Page 198
Configuration & Log The Configuration & Log (Backup & Download) page enables: Backing up configuration files or logs from the device to an external device. • • Restoring configuration files from an external device to the device. When restoring a configuration file to the Running Configuration, the imported file adds any configuration commands that did not exist in the old file and overwrites any parameter values in the existing configuration commands.
Page 199
• TFTP Server—Select whether to specify the TFTP server by IP address or domain name. • IP Version—Select whether an IPv4 or an IPv6 address is used. • IPv6 Address Type o Link Local—The IPv6 address uniquely identifies hosts on a single network link.
Configuration File Copy When you click Apply on any window, changes that you made to the device configuration settings are stored only in the Running Configuration. To preserve the parameters in the Running Configuration, the Running Configuration must be copied to another configuration type or saved on another device.
Diagnostics Copper Test The Copper Test page displays the results of integrated cable tests performed on copper cables by the Virtual Cable Tester (VCT). VCT performs two types of tests: Time Domain Reflectometry (TDR) technology tests the quality and characteristics of a •...
To test copper cables attached to ports: 1. Click Maintenance > Diagnostics > Copper Test. 2. Select the port on which to run the test. 3. Click Test. 4. When the message appears, click OK to confirm that the link can go down or Cancel to abort the test.
Page 203
• Serial Number—Serial number of optical transceiver. • Data Ready—SFP is operational. Values are True and False Loss of Signal—Local SFP reports signal loss. Values are True and False. • • Transmitter Fault—Remote SFP reports signal loss. Values are True, False, and No Signal (N/S).
Page 204
• IPv6 Address Type—Select Link Local or Global as the type of IPv6 address to enter as the destination IP address. o Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network.
Page 205
Traceroute Traceroute discovers the IP routes along which packets were forwarded by sending an IP packet to the target host and back to the device. The Traceroute page shows each hop between the device and a target host, and the roundtrip time to each such hop. 1.
• Timeout—Enter the length of time that the system waits for a frame to return before declaring it lost, or select Use Default. 3. Click Start. The operation is performed. A page appears showing the Round Trip Time (RTT) and status for each trip in free text containing the following information: •...
Page 207
• Source Port—Interface, port, from which traffic is sent to the analyzer port. • Mirror Type—Type of monitoring: incoming to the port (Rx), outgoing from the port (Tx), or both. • Status— Displays one of the following values: o Active—Both source and destination interfaces are up and forwarding traffic.
Chapter - 16 Support Click “Get Support” to go to the Linksys Small Business support website. Resources available there include setup help, frequently asked questions, software downloads, live chat with technical support, and community forums.
Page 209
Visit linksys.com/support for award-winning 24/7 technical support. BELKIN, LINKSYS and many product names and logos are trademarks of the Belkin group of companies. Third-party trademarks mentioned are the property of their respective owners. Licenses and notices for third party software used in this product may be viewed here: http://support.linksys.com/en-us/license.