Page 1 NS3552-8P-2S-V2 User Manual P/N 1073552-EN • REV B • ISS 25JAN19...
Page 2 Copyright © 2019 United Technologies Corporation. All rights reserved. Interlogix is part of UTC Climate, Controls & Security, a unit of United Technologies Corporation. Specifications subject to change without notice. Trademarks and patents Trade names used in this document may be trademarks or registered trademarks of the manufacturers or vendors of the respective products.
Page 3: Table Of Contents
Quality of Service (QoS) 172 Access Control Lists (ACL) 195 Authentication 209 Security 243 MAC address table 259 LLDP 265 Network diagnostics 278 Loop protection 283 RMON 285 Ring 294 Power over Ethernet (PoE) 307 Port identification 319 NS3552-8P-2S-V2 User Manual...
Page 4 Loop Protect Command 462 IPMC Command 464 VLAN Control List Command 472 SMTP Command 476 DIDO Command 478 Show Command 482 Chapter 7 Switch operation 487 Address table 487 Learning 487 Forwarding and filtering 487 Store-and-forward 487 Auto-negotiation 488 NS3552-8P-2S-V2 User Manual...
Page 5 Chapter 8 Troubleshooting 489 Appendix A Networking connection 491 Glossary 493 NS3552-8P-2S-V2 User Manual...
Page 6: Important Information
Note messages advise you of the possible loss of time or effort. They describe Note: how to avoid the loss. Notes are also used to point out important information that you should read. NS3552-8P-2S-V2 User Manual...
Page 7: Introduction
Chapter 1 Introduction The description of the IFS NS3552-8P-2S-V2 model is as follows:  Industrial L2+ 8-port 10/100/1000T 802.3at PoE  + 2-port 100/1000X SFP managed switch Unless specified, the term “industrial managed switch” mentioned in this user manual refers to the NS3552-8P-2S-V2.
Page 8 Watt power. The “PoE schedule” function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals, and is a powerful function to help SMBs or enterprises save power and money. NS3552-8P-2S-V2 User Manual...
Page 9 IP address, TCP/UDP port number, or defined typical network applications. Its protection mechanism also comprises 802.1x port-based and MAC-based user and device authentication. With the private VLAN function, communication between edge ports can be prevented to ensure NS3552-8P-2S-V2 User Manual...
Page 10 The distance can be extended from 550 m to 2 km (multi-mode fiber) up to above 10/20/30/40/50/70 km (single-mode fiber or WDM fiber). They are well suited for applications within enterprise data centers and distributions. NS3552-8P-2S-V2 User Manual...
Page 11: Product Applications
IP (VoIP) telephones, and multi-channel wireless LAN access points. Besides the wired Internet network, by adopting PoE Wireless LAN structure, the transportation authority gains benefits from more efficiency and less cost while providing better high- speed Internet services in a wider area for travelers. NS3552-8P-2S-V2 User Manual...
Page 12: Product Features
One RJ45 console interface for basic management and setup. Power over Ethernet • Complies with IEEE 802.3af / IEEE 802.3at Power over Ethernet / End-Span PSE. • Complies with IEEE 802.3af Power over Ethernet / End-Span PSE. NS3552-8P-2S-V2 User Manual...
Page 13 • Integrates sensors into auto alarm system • Transfers alarm to IP network via email and SNMP trap Layer 2 features • Prevents packet loss with back pressure (half-duplex) and IEEE 802.3x PAUSE frame flow control (full-duplex). NS3552-8P-2S-V2 User Manual...
Page 14 Quality of Service • Ingress shaper and egress rate limit per port bandwidth control • Eight priority queues on all switch ports • Traffic classification: IEEE 802.1p CoS TOS / DSCP / IP Precedence of IPv4/IPv6 packets NS3552-8P-2S-V2 User Manual...
Page 15 Auto DoS rule to defend against DoS attacks. • IP address access management to prevent unauthorized intruders. Management • Switch management interfaces: − Console / Telnet Command Line Interface − Web switch management − SNMP v1 and v2c switch management NS3552-8P-2S-V2 User Manual...
Page 16: Product Specifications
Switch Architecture 20 Gbps / non-blocking Switch Fabric 14.8 Mpps @ 64 bytes Throughput 8K entries, automatic source address learning and aging Address Table 4 Mbits Shared Data Buffer IEEE 802.3x pause frame for full-duplex Flow Control NS3552-8P-2S-V2 User Manual...
Page 17 31.9 W / 108.78 BTU (full loading without PoE function) Power Consumption 306 W / 1043.46 BTU (full loading with PoE function) 6K VDC ESD Protection 6K VDC EFT Protection Power over Ethernet IEEE 802.3af/802.3at PoE / PSE PoE Standard End-span PoE Power Supply Type NS3552-8P-2S-V2 User Manual...
Page 18 IEEE 802.3ad LACP/static trunk Link Aggregation Five groups with eight ports per trunk Traffic classification based, strict priority and WRR 8-level priority for switching – Port number – 802.1p priority – 802.1Q VLAN tag – DSCP/ToS field in IP packet NS3552-8P-2S-V2 User Manual...
Page 19 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 RFC 2710 MLD version 1 FRC 3810 MLD version 2 RFC 1213 MIB-II IF-MIB RFC 1493 Bridge MIB SNMP MIBs RFC 1643 Ethernet MIB RFC 2863 Interface MIB NS3552-8P-2S-V2 User Manual...
Page 20 RFC 2618 RADIUS Client MIB RFC 2933 IGMP-STD-MIB RFC 3411 SNMP-Frameworks-MIB IEEE 802.1X PAE LLDP MAU-MIB Environment Temperature: -40 to 75°C Operating Relative Humidity: 5 to 95% (non-condensing) Temperature: -40 to 85°C Storage Relative Humidity: 5 to 95% (non-condensing) NS3552-8P-2S-V2 User Manual...
Page 21: Installation
LED indicators. Please read this chapter completely before connecting any network device to the industrial managed switch,. Hardware description The industrial managed switch provides three different running speeds – 10Mbps, 100Mbps, and 1000Mbps, and automatically distinguishes the speed of the incoming connection. NS3552-8P-2S-V2 User Manual...
Page 22 Chapter 2: Installation Physical dimensions Dimensions (W x D x H): 152 x 107 x 72 mm NS3552-8P-2S-V2 User Manual...
Page 23 Default Username: admin Default Password: admin Default IP address: 192.168.0.100 Subnet mask: 255.255.255.0 Default Gateway: 192.168.0.254 LED indicators The front panel LEDs indicate port link status, data activity, and system power. NS3552-8P-2S-V2 User Manual...
Page 24 1. Insert positive/negative DC power wires into contacts 1 and 2 for DC Power 1, or 5 and 6 for DC Power 2. Do not plug a DC power connector into the device while power is ON, as this Caution: will cause damage to the unit. This is NOT a hot-swappable device. NS3552-8P-2S-V2 User Manual...
Page 25 Inserting the wires, the industrial managed switch detects the fault status of the power failure, or port link failure. The following illustration shows an application example for wiring the fault alarm contacts. Wires are inserted into the fault alarm contacts. NS3552-8P-2S-V2 User Manual...
Page 26 1. The industrial managed switch offers two DI and DO groups. 1 and 2 are DI groups; 3 and 4 are DO groups; and 5 and 6 are GND (ground). 2. Tighten the wire-clamp screws for preventing the wires from loosening. DI1 DO0 DO1 GND GND NS3552-8P-2S-V2 User Manual...
Page 27 4. There are two Digital Output groups for you to sense port failure or power failure and issue a high or low signal to the external device. The following topology shows how to wire DO0 and DO1. NS3552-8P-2S-V2 User Manual...
Page 28: Installing The Industrial Managed Switch
6. When all connections are set and all LED lights appear normal, the installation is complete. Mounting There are two methods to mount the industrial managed switch: DIN-rail mounting and wall-mount plate mounting. Please read the following topics and perform the procedures in the order presented. NS3552-8P-2S-V2 User Manual...
Page 29 To install the DIN rails on the industrial managed switch: 1. Screw the DIN-rail onto the industrial managed switch. 2. Carefully slide the DIN-rail into the track. 3. Ensure that the DIN-rail is tightly attached to the track. NS3552-8P-2S-V2 User Manual...
Page 30 To install the industrial managed switch on the wall: 1. Remove the DIN-rail from the industrial managed switch. Use the screwdriver to loosen the screws to remove the DIN-rail. 2. Place the wall-mount plate on the rear panel of the industrial managed switch. NS3552-8P-2S-V2 User Manual...
Page 31: Cabling
10BASE-T networks can use Cat.3, 4, 5, or 1000BASE-T use 5/5e/6 UTP (see table below). Maximum distance is 100 meters (328 feet). The 100BASE-FX/1000BASE- SX/LX SFP slot uses an LC connector with optional SFP module. The table below provides cable specification details. NS3552-8P-2S-V2 User Manual...
Page 32 SFP port without having to power down the industrial managed switch (see below). Approved Interlogix SFP transceivers The industrial managed switch supports both single mode and multi-mode SFP transceivers. The following list of approved Interlogix SFP transceivers is valid as of the time of publication: NS3552-8P-2S-V2 User Manual...
Page 33 (32 to 122°F) S35-2SLC- Single 10 km -40 to +75°C 1310 nm -9.5 ~ -3 Mode (6.2 mi.) (-40 to 167°F) S30-2SLC- Single 30 km 0 to +50°C 1310 nm -2 ~ +3 Mode (18.6 mi.) (32 to 122°F) NS3552-8P-2S-V2 User Manual...
Page 34 (32 to 122°F) * Note: High Power Optic. There must be a minimum of 5 dB of optical loss to the fiber for proper operation. We recommend the use of Interlogix SFPs on the industrial managed switch. If Note: you insert an SFP transceiver that is not supported, the industrial managed switch will not recognize it.
Page 35 Or, through the management interface of the switch/converter (if available), disable the port in advance. 2. Carefully remove the fiber optic cable. 3. Turn the lever of the transceiver module to a horizontal position. 4. Pull out the module gently through the lever. NS3552-8P-2S-V2 User Manual...
Page 36 Never pull out the module without making use of the lever or the push bolts on Note: the module. Removing the module with force could damage the module and the SFP module slot of the industrial managed switch. NS3552-8P-2S-V2 User Manual...
Page 37: Switch Management
An external SNMP-based network management application The remote Telnet and web browser interfaces support are embedded in the industrial managed switch software and are available for immediate use. The advantages of these management methods are described below: NS3552-8P-2S-V2 User Manual...
Page 38: Cli Mode Management
When this method is used, you can access the industrial managed switch remote telnet interface from a personal computer or workstation in the same Ethernet environment as long as you know the current IP address of the industrial managed switches. NS3552-8P-2S-V2 User Manual...
Page 39 Chapter 3: Switch management Remote Telnet In a Windows system, open the command prompt screen, type “telnet 192.168.0.100,” and press Enter on the keyboard. The following screen appears: NS3552-8P-2S-V2 User Manual...
Page 40: Web Management
If the SNMP Network Management Station only knows the set community string, it can read and write to the MIBs. However, if it only knows the get community string, it can only read MIBs. The default get and set community strings for the industrial managed switch are public. NS3552-8P-2S-V2 User Manual...
Page 41 Chapter 3: Switch management NS3552-8P-2S-V2 User Manual...
Page 42: Web Configuration
If the default IP address of the industrial managed switch has been changed to 192.168.1.1 with subnet mask 255.255.255.0 via the console, then the administrator computer should be set at 192.168.1.x (where x is a number between 2 and 254) to do the relative configuration on a manager computer. NS3552-8P-2S-V2 User Manual...
Page 43 For security purposes, change and memorize the new password after this first Note: setup. NS3552-8P-2S-V2 User Manual...
Page 44: Main Web
The administrator can set up the industrial managed switch by making selections from the main functions menu. Clicking on a main menu item opens sub menus. NS3552-8P-2S-V2 User Manual...
Page 45: System
Under the System list, the following topics are provided to configure and view the system information. This list contains the following items: System information The System Infomation page provides information on the current device such as the hardware MAC address, software version, and system uptime. NS3552-8P-2S-V2 User Manual...
Page 46 This will undo any changes made Refresh locally. IP configuration This page includes the IP Address, Subnet Mask, and IP Gateway. The configured column is used to view or change the IP configuration. NS3552-8P-2S-V2 User Manual...
Page 47 Save • Click to undo any changes made locally and revert to previously saved Reset values. • Click to renew the DHCP Client. This button is only available if DHCP Client Renew is enabled. NS3552-8P-2S-V2 User Manual...
Page 48 Reset values. Users configuration This page provides an overview of the current users. Close and reopen the browser to log in as another user on the web server. After setup is complete, click the Apply NS3552-8P-2S-V2 User Manual...
Page 49 10 for a standard user account, and privilege level 5 for a guest account. Buttons: • Click to add a new user Add New User Add/edit user Add, edit, or delete a user in this page. NS3552-8P-2S-V2 User Manual...
Page 50 If a password is forgotten after changing the default password, press the reset button on the front panel of the industrial managed switch for over 10 seconds and then release it. The current settings, including VLAN, will be erased and the industrial managed switch restores to default mode. NS3552-8P-2S-V2 User Manual...
Page 51 Port: Everything except 'VeriPHY'. Diagnostics: 'ping' and 'VeriPHY'. Maintenance: CLI- System Reboot, System Restore Default, System Password, Configuration Save, Configuration Load and Firmware Load. Web- Users, Privilege Levels and everything in Maintenance. Debug: Only present in CLI. NS3552-8P-2S-V2 User Manual...
Page 52 Time zone Provides the NTP IPv4 or IPv6 address of this switch. IPv6 address is in 128- Server# bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). NS3552-8P-2S-V2 User Manual...
Page 53 This is a user configurable acronym (up to 16 characters) used to identify the Acronym time zone. This is used to set the clock forward or backward according to the Daylight Saving configurations set below for a defined Daylight Saving Time duration. Select Time NS3552-8P-2S-V2 User Manual...
Page 54 This page includes the following fields: Object Description Indicates the UPnP operation mode. Possible modes are: Mode Enabled: Enable UPnP mode operation. Disabled: Disable UPnP mode operation. When the mode is enabled, two ACEs are added automatically to trap UPnP NS3552-8P-2S-V2 User Manual...
Page 55 The parameter of "port_no" is the fourth byte and it means the port number. The remote ID is six bytes in length, and the value equals the DHCP relay agent’s MAC address. Configure DHCP relay in the DHCP Relay Configuration page. NS3552-8P-2S-V2 User Manual...
Page 56 Drop: Drop the package when receiving a DHCP message that already contains relay information. Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 57 The number of packets in which the Circuit ID option does not match Receive Bad Circuit ID with the known circuit ID. The number of packets in which the Remote ID option does not Receive Bad Remote ID match with the known Remote ID. NS3552-8P-2S-V2 User Manual...
Page 58 To display the SVG graph, the browser must support the SVG format. Consult the SVG Wiki for more information on browser support as a plugin may be required. NS3552-8P-2S-V2 User Manual...
Page 59 Info: Information level of the system log. Warning: Warning level of the system log. Error: Error level of the system log. All: All levels. The time of the system log entry. Time The message of the system log entry. Message NS3552-8P-2S-V2 User Manual...
Page 60 ID. Download • Click to update the system log entry to the current entry ID. Refresh • Click to update the system log entries, starting from the first available entry ID. I<< NS3552-8P-2S-V2 User Manual...
Page 61 Selections include: Info: Send information, warnings, and errors. Warning: Send warnings and errors. Error: Send errors. Buttons • Click to apply changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 62 • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 63 Allows the user to record alarm message to System log, syslog or issues out via SNMP Trap or SMTP. As default SNMP Trap and SMTP are disabled, please enable them first if you want to issue alarm message via them. NS3552-8P-2S-V2 User Manual...
Page 64 Controls Port Fail or Power Fail, or both, for fault detection. Action Controls AC, DC1, or DC2, or all three, for fault detection. Power Alarm Controls ports for fault detection. Port Alarm Buttons • Click to save changes. Save NS3552-8P-2S-V2 User Manual...
Page 65 Otherwise, the system won’t apply the new firmware and the user has to repeat the firmware upgrade process. Save startup configuration This function ensures that the current active configuration can be used after the next reboot. NS3552-8P-2S-V2 User Manual...
Page 66 The Download Configuration page permits the download of the running-config, startup- config, and default-config system files to the switch. Configuration upload The Upload Configuration page permits the upload of the running-config and startup- config to the switch. NS3552-8P-2S-V2 User Manual...
Page 67 It is possible to activate any of the configuration files present on the switch, except for running-config which represents the currently active configuration. Select the file to activate and click Configuration. This initiates the process of Activate completely replacing the existing configuration with that of the selected file. NS3552-8P-2S-V2 User Manual...
Page 68 2. The firmware version and date information may be empty for older firmware releases. This does not constitute an error. NS3552-8P-2S-V2 User Manual...
Page 69: Dhcp Server
• Click to reboot the system. • Click to return to the main web page without rebooting the system. DHCP server Mode The DHCP Server Mode Configuration page permits setting changes for Global Mode and VLAN Mode. NS3552-8P-2S-V2 User Manual...
Page 70 Excluded IP The DHCP Server Excluded IP Configuration page permits exclusion of IP addresses for static IP address devices, such as servers or routers. The DHCP server will not allocate these excluded IP addresses to the DHCP client. NS3552-8P-2S-V2 User Manual...
Page 71 DHCP client. Adding a pool and giving it a name creates a new pool with a default configuration. If you want to configure all settings including type, IP subnet mask, and lease time, click the pool name to go into the configuration page. NS3552-8P-2S-V2 User Manual...
Page 72 Add New Pool • Click to apply changes. Apply • Click to undo any changes made locally and revert to previously saved Reset values. Click a pool name to configure DHCP pool settings on the DHCP Pool Configuration page. NS3552-8P-2S-V2 User Manual...
Page 73 Chapter 4: Web configuration NS3552-8P-2S-V2 User Manual...
Page 74 DHCP option 51, 58 and 59. Lease Time Specifies the lease time that allows the client to request a lease time for the IP address. If all are 0's, then it means the lease time is infinite. NS3552-8P-2S-V2 User Manual...
Page 75 DHCP server delivers the corresponding option 43 specific information to the client that sends an option 60 vendor class identifier. DHCP option 43. Vendor 1 Specific Information Specifies the vendor specific information according to the option 60 NS3552-8P-2S-V2 User Manual...
Page 76 Click to undo any changes made locally and revert to previously saved Reset values. Statistics The DHCP Server Statistics page displays the database counters and the number of DHCP messages sent and received by the DHCP server. NS3552-8P-2S-V2 User Manual...
Page 77 Number of bindings that the administrator assigns an IP address to a Manual Binding client (host pool type). Number of bindings in which the lease time expired or they are Expired Binding cleared from Automatic/Manual type bindings. NS3552-8P-2S-V2 User Manual...
Page 78 Refresh • Click to clear DHCP message received and sent counters. Clear Binding The DHCP Server Binding IP page displays bindings generated for DHCP clients. The page includes the following fields: Binding IP address Displays all bindings. NS3552-8P-2S-V2 User Manual...
Page 79 Declined IP The DHCP Server Declined IP page displays declined IP addresses. The page includes the following fields: Declined IP address Displays IP addresses declined by DHCP clients. Object Description List of IP addresses declined. Declined IP NS3552-8P-2S-V2 User Manual...
Page 80 RX amd TX NAK transmitted. The number of release (option 53 with value 7) packets received and RX and TX Release transmitted. The number of inform (option 53 with value 8) packets received and RX and TX Inform transmitted. NS3552-8P-2S-V2 User Manual...
Page 81: Udld
Refresh • Click to clear the counters for the selected port. Clear UDLD The UDLD Port Configuration page permits the user to inspect and change the current Unidirectional Link Detection (UDLD) configurations. NS3552-8P-2S-V2 User Manual...
Page 82 Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. UDLD status The Detailed UDLD Status/Neighbor Status page displays the UDLD status of the ports. NS3552-8P-2S-V2 User Manual...
Page 83: Simple Network Management Protocol (Snmp)
Physically, NMSs are usually engineering workstation-caliber computers with fast CPUs, megapixel color displays, substantial memory, and abundant disk space. At least one NMS must be present in each managed environment. NS3552-8P-2S-V2 User Manual...
Page 84 System Configuration The system information is provided here. System Information Configure SNMPv3 communities table on this page. SNMPv3 Communities Configure SNMPv3 users table on this page. SNMPv3 Users Configure SNMPv3 groups table on this page. SNMPv3 Groups NS3552-8P-2S-V2 User Manual...
Page 85 Indicates the community read access string to permit access to the Read Community SNMP agent. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 33 to 126. The field is applicable only when the SNMP version is SNMPv1 or NS3552-8P-2S-V2 User Manual...
Page 86 128-bit records represented as eight fields of up to four hexadecimal Address digits with a colon separating each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of NS3552-8P-2S-V2 User Manual...
Page 87 (A-Za-z), digits (0-9), minus sign (-). No space characters are permitted as part of a name. The first character must be an alpha character. And the first or last NS3552-8P-2S-V2 User Manual...
Page 88 Indicates the SNMP access source address mask. Source Mask Buttons • Click to add a new community entry. Add New Entry • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 89 Ensure that the value is set correctly. A string identifying the authentication pass phrase. For MD5 Authentication Password authentication protocol, the allowed string length is 8 to 32. For SHA authentication protocol, the allowed string length is 8 to 40. The NS3552-8P-2S-V2 User Manual...
Page 90 Indicates the security model that this entry should belong to. Security Model Selections include: v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM). A string identifying the security name that this entry should belong to. Security Name NS3552-8P-2S-V2 User Manual...
Page 91 The OID defining the root of the subtree to add to the named view. OID Subtree The allowed OID length is 1 to 128. The allowed string content is digital number or asterisk (*). NS3552-8P-2S-V2 User Manual...
Page 92 The name of the MIB view defining the MIB objects for which this Write View Name request may potentially SET new values. The allowed string length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126. NS3552-8P-2S-V2 User Manual...
Page 93: Port Management
Object Description This is the logical port number for this row. Port Indicates the per port description. Port Description The current link state is displayed graphically. Green indicates the Link link is up and red is down. NS3552-8P-2S-V2 User Manual...
Page 94 Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. • Click to refresh the page and undo all local changes. Refresh NS3552-8P-2S-V2 User Manual...
Page 95 The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit. NS3552-8P-2S-V2 User Manual...
Page 96 Receive and transmit size counters The number of received and transmitted (good and bad) packets split into categories based on their respective frame sizes. Receive and transmit queue counters The number of received and transmitted packets per input and output queue. NS3552-8P-2S-V2 User Manual...
Page 97 Information page. This page shows the operational status such as the transceiver type, speed, wavelength, optical output power, optical input power, temperature, laser bias current, and transceiver supply voltage in real time. You can also use the port number hyperlinks to check the statistics on a specific interface. NS3552-8P-2S-V2 User Manual...
Page 98 Reset values. • Click to refresh the page immediately. Refresh • Select the check box to enable an automatic refresh of the page at Auto-refresh regular intervals. NS3552-8P-2S-V2 User Manual...
Page 99 The traffic to be copied to the mirror port is selected as follows: • All frames received on a given port (also known as ingress or source mirroring). • All frames transmitted on a given port (also known as egress or destination mirroring). NS3552-8P-2S-V2 User Manual...
Page 100: Link Aggregation
Link aggregation Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Group (LAG). Port aggregation multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. NS3552-8P-2S-V2 User Manual...
Page 101 LACP operation requires full-duplex mode (refer to the IEEE 802.3ad standard for further details). Port link aggregations can be used to increase the bandwidth of a network connection or to ensure fault recovery. Link aggregation permits grouping up to four consecutive NS3552-8P-2S-V2 User Manual...
Page 102 10 member ports. Any quantity of link aggregations may be configured for the device (they are only limited by the quantity of ports on the device). To configure a proper traffic distribution, the ports within a link aggregation must use the same link speed. NS3552-8P-2S-V2 User Manual...
Page 103 The TCP/UDP port number can be used to calculate the destination TCP/UDP Port Number port for the frame. Select the check box to enable the use of the TCP/UDP Port Number, or uncheck it to disable. By default, the TCP/UDP Port Number is enabled. NS3552-8P-2S-V2 User Manual...
Page 104 LAG. This page allows the user to inspect and change the current LACP port configurations. The LACP port settings relate to the current device, as reflected by the page header. NS3552-8P-2S-V2 User Manual...
Page 105 Lower number means greater priority. Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 106 Auto-refresh seconds. LACP port status The LACP Status page provides a LACP status overview of all ports. This page displays the current LACP aggregation groups and LACP port status. NS3552-8P-2S-V2 User Manual...
Page 107 Refresh • Select the check box to automatically refresh the page every three Auto-refresh seconds. LACP port statistics The LACP Statistics page provides an overview of LACP statistics for all ports. NS3552-8P-2S-V2 User Manual...
Page 108: Vlan
VLANs. 2. The industrial managed switch supports IEEE 802.1Q VLAN. The port untagging function can be used to remove the 802.1 tag from packet headers to maintain compatibility with devices that are tag-unaware. NS3552-8P-2S-V2 User Manual...
Page 109 Up to 255 VLANs based on the IEEE 802.1Q standard. • Port overlapping, allowing a port to participate in multiple VLANs. • End stations can belong to multiple VLANs. • Passing traffic between VLAN-aware and VLAN-unaware devices. • Priority tagging NS3552-8P-2S-V2 User Manual...
Page 110 VID is 12 bits long, 4094 unique VLAN can be identified. The tag is inserted into the packet header making the entire packet longer by four octets. All of the information originally contained in the packet is retained. NS3552-8P-2S-V2 User Manual...
Page 111 A switch port can have only one PVID, but can have as many VIDs as the switch has memory in its VLAN table to store them. NS3552-8P-2S-V2 User Manual...
Page 112 A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch. Packets are forwarded only between ports that are designated for the same VLAN. Untagged VLANs can be used to manually isolate user groups or subnets. NS3552-8P-2S-V2 User Manual...
Page 113 Untagged: Ports with untagging enabled strip the 802.1Q tag from all packets that flow into those ports. If the packet doesn't have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an untagging port have no NS3552-8P-2S-V2 User Manual...
Page 114 VLAN tags so that the VLANs in the MAN space can be used independent of the customers’ VLANs. This is accomplished by adding a VLAN tag with a MAN-related VID for frames entering the MAN. When leaving NS3552-8P-2S-V2 User Manual...
Page 115 In cases where a given service VLAN only has two member ports on the switch, the learning can be disabled for the particular VLAN and can therefore rely on flooding as the forwarding mechanism between the two ports. This way, the MAC table requirements are reduced. VLAN port configuration NS3552-8P-2S-V2 User Manual...
Page 116 The port must be a member of the same VLAN as the Port VLAN ID. Note: Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 117 VLAN without any port members on any stack unit will be deleted when you click Save. The button can be used to undo the addition of new VLANs. Buttons • Click to add a new VLAN. Add New VLAN NS3552-8P-2S-V2 User Manual...
Page 118 VLAN memberships and VLAN port configuration such as PVID and UVID. Currently we support following VLAN s: CLI/Web/SNMP: This is referred as static. NAS: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an NS3552-8P-2S-V2 User Manual...
Page 119 VLAN ID). • Click to update the table, starting with the entry after the last entry currently >> displayed. VLAN port status The VLAN Port Status for Static User page provides VLAN port status. NS3552-8P-2S-V2 User Manual...
Page 120 By default, all ports are VLAN unaware and are members of VLAN 1 and private VLAN 1. A VLAN unaware port can only be a member of one VLAN, but it can be a member of multiple private VLANs. NS3552-8P-2S-V2 User Manual...
Page 121 Servers in a farm of web servers in a Demilitarized Zone (DMZ) are allowed to communicate with the outside world and with database servers on the inside segment, but are not allowed to communicate with each other. NS3552-8P-2S-V2 User Manual...
Page 122 The Port Isolation Configuration page is used for enabling or disabling port isolation on ports in a private VLAN. A port member of a VLAN can be isolated to other isolated ports on the same VLAN and private VLAN. NS3552-8P-2S-V2 User Manual...
Page 123 VLANs. VLAN Group 2 and VLAN Group 3 are separated VLANs. Each VLAN isolates network traffic, so only members of the VLAN receive traffic from the same VLAN members. The table below describes the port configuration of the industrial managed switches. NS3552-8P-2S-V2 User Manual...
Page 124 1. While [PC-3], a tagged packet with VLAN Tag=2 enters Port-3, [PC-1] and [PC-2] will receive the packet through Port-1 and Port-2. 2. While the packet leaves Port-1 and Port-2, it will be stripped away, becoming an untagged packet. NS3552-8P-2S-V2 User Manual...
Page 125 (see the next VLAN configure sample). 4. Assign PVID to each port: Port-1, Port-2, and Port-3 : PVID=2 Port-4, Port-5, and Port-6 : PVID=3 Port-7~Port-24: PVID=1 5. Enable VLAN Tag for specific ports Link Type: Port-3 (VLAN-2) and Port-6 (VLAN-3) NS3552-8P-2S-V2 User Manual...
Page 126 In most cases, they are used for “Uplink” to other switches. VLANs are separated at different switches, but they need access to other switches within the same VLAN group. Setup steps 1. Create a VLAN group. Set VLAN Group 1 = Default-VLAN with VID (VLAN ID) =1 NS3552-8P-2S-V2 User Manual...
Page 127 However, each computer requires access to the same server/AP/Printer. This section explains how to configure the port for the server so that it can be accessed by each isolated port. NS3552-8P-2S-V2 User Manual...
Page 128 VLAN 1 : Port-1, Port-2, Port-5, and Port-3 VLAN 2: Port-3~Port-6. The Private VLAN Membership Configuration page appears. MAC-based VLAN The MAC-based VLAN entries can be configured on the MAC-based VLAN Membership Configuration page. This page allows for adding and deleting MAC-based NS3552-8P-2S-V2 User Manual...
Page 129 Reset values. • Select the check box to refresh the page automatically. Automatic Auto-refresh refresh occurs every three seconds. • Click to refresh the page immediately. Refresh NS3552-8P-2S-V2 User Manual...
Page 130 Protocol-based VLAN The Protocol to Group Mapping Table page permits the addition of new protocols to the Group Name (unique for each Group) mapping entries, and allows you to see and delete entries already mapped for the switch. NS3552-8P-2S-V2 User Manual...
Page 131 Adding a New Group Add New Entry added to the table, and Frame Type, Value, and the Group Name can be to VLAN mapping configured as needed. entry Click the button to undo the addition of a new entry. Delete NS3552-8P-2S-V2 User Manual...
Page 132 An empty row Adding a New Group Add New Entry is added to the table, and Frame Type, Value, and the Group Name can be to VLAN mapping configured as needed. entry NS3552-8P-2S-V2 User Manual...
Page 133: Spanning Tree Protocol (Stp)
It is possible to cause serious degradation of the performance of the network if the spanning tree is incorrectly configured. Please read the following before making any changes from the default values. NS3552-8P-2S-V2 User Manual...
Page 134 MAC address in the network becomes the root switch. By increasing the priority (lowering the priority number) of the best switch, STP can be forced to select the best switch as the root switch. NS3552-8P-2S-V2 User Manual...
Page 135 From initialization (switch boot) to blocking. • From blocking to listening or to disabled. • From listening to learning or to disabled. • From learning to forwarding or to disabled. • From forwarding to disabled. • From disabled to blocking. NS3552-8P-2S-V2 User Manual...
Page 136 The STP operates in much the same way for both levels. On the switch level, STP calculates the bridge identifier for each switch and then Note: sets the root bridge and the designated bridges. On the port level, STP sets the root port and the designated ports. NS3552-8P-2S-V2 User Manual...
Page 137 The user changeable parameters in the switch are as follows: • Priority – A priority for the switch can be set from 0 to 65535. 0 is equal to the highest priority. NS3552-8P-2S-V2 User Manual...
Page 138 Illustration of STP A simple illustration of three switches connected in a loop is depicted in the following diagram. In this example, you can anticipate some major network problems if the STP assistance is not applied. NS3552-8P-2S-V2 User Manual...
Page 139 C is deliberately chosen as a 100 Mbps Fast Ethernet link (default port cost = 200,000). Gigabit ports could be used, but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link. NS3552-8P-2S-V2 User Manual...
Page 140 MAC address of the switch forms a Bridge Identifier. For MSTP operation, this is the priority of the CIST. Otherwise, this is the priority of the STP/RSTP bridge. The delay used by STP bridges to transition root and designated ports to Forward Delay NS3552-8P-2S-V2 User Manual...
Page 141 RSTP (802.1w) to be compatible and work with another STP (802.1D)’s BPDU control packet. Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 142 The time since the last topology change occurred. Topology Change Last Buttons • Select the check box to refresh the page automatically. Automatic Auto-refresh refresh occurs every three seconds. • Click to refresh the page immediately. Refresh NS3552-8P-2S-V2 User Manual...
Page 143 (having operEdge true) than for other ports. The value of this flag is based on AdminEdge and AutoEdge fields. This flag is displayed as Edge in Monitor ->Spanning Tree -> STP Detailed Bridge Status. NS3552-8P-2S-V2 User Manual...
Page 144 By default, the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below. Path cost “0” is used to indicate auto-configuration mode. When the short path cost method is selected NS3552-8P-2S-V2 User Manual...
Page 145 Half Duplex 200,000 Fast Ethernet Full Duplex 100,000 Trunk 50,000 Full Duplex 10,000 Gigabit Ethernet Trunk 5,000 MSTI priorities The MSTI Configuration page permits the user to inspect and change the current STP MSTI bridge instance priority configurations. NS3552-8P-2S-V2 User Manual...
Page 146 Save • Click to undo any changes made locally and revert to previously saved Reset values. MSTI configuration The MSTI Configuration page permits the user to inspect and change the current STP MSTI bridge instance priority configurations. NS3552-8P-2S-V2 User Manual...
Page 147 Chapter 4: Web configuration NS3552-8P-2S-V2 User Manual...
Page 148 CIST (physical) port for each MSTI instance configured and applicable for the port. The MSTI instance must be selected before displaying actual MSTI port configuration options. This page contains MSTI port settings for physical and aggregated ports. The aggregation settings are stack global. NS3552-8P-2S-V2 User Manual...
Page 149 Valid values are in the range to 200000000. means all ports wil have one specific setting. Controls the port priority. This can be used to control priority of ports having Priority identical port cost. means all ports wil have one specific setting. NS3552-8P-2S-V2 User Manual...
Page 150 CIST State the following values: Disabled Blocking Learning Forwarding Non-STP The time since the bridge port was last initialized. Uptime Buttons • Select the check box to refresh the page automatically. Automatic Auto-refresh refresh occurs every three seconds. NS3552-8P-2S-V2 User Manual...
Page 151: Multicast
Refresh • Click to clear the counters for all ports. Clear Multicast IGMP snooping The Internet Group Management Protocol (IGMP) allows hosts and routers share information about multicast groups memberships. IGMP snooping is a switch feature NS3552-8P-2S-V2 User Manual...
Page 152 If there are no members on a sub network, packets will not be forwarded to that sub network. Multicast service NS3552-8P-2S-V2 User Manual...
Page 153 Chapter 4: Web configuration Multicast flooding IGMP snooping multicast stream control NS3552-8P-2S-V2 User Manual...
Page 154 IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN, an explicit leave message, and query messages that are specific to a given group. The states a computer will go through to join or to leave a multicast group are as follows: NS3552-8P-2S-V2 User Manual...
Page 155 Multicast routers use this information, along with a multicast routing protocol such Note: as DVMRP or PIM, to support IP multicasting across the Internet. IGMP snooping configuration The IGMP Snooping Configuration page provides IGMP snooping-related configuration information. NS3552-8P-2S-V2 User Manual...
Page 156 Enable IGMP leave proxy. This feature can be used to avoid forwarding Leave Proxy Enable unnecessary leave messages to the router side. Enable IGMP proxy. This feature can be used to avoid forwarding Proxy Enable unnecessary join and leave messages to the router side. NS3552-8P-2S-V2 User Manual...
Page 157 When initially accessing the page, it Start from VLAN entries per page shows the first 20 entries from the beginning of the VLAN table. The first entry shown will be the one with the lowest VLAN ID found in the VLAN table. NS3552-8P-2S-V2 User Manual...
Page 158 10 in tenths of seconds (1 second). Unsolicited Report Interval. The Unsolicited Report Interval is the time between repetitions of a host's initial report of membership in a group. The allowed range is seconds, default unsolicited report interval 31744 is 1 second. NS3552-8P-2S-V2 User Manual...
Page 159 “deny” or “replace.” If the action is set to deny, any new IGMP join reports will be dropped. If the action is set to replace, the switch randomly removes an existing group and replaces it with the new multicast group. NS3552-8P-2S-V2 User Manual...
Page 160 Add New Filtering Group • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. IGMP snooping status The IGMP Snooping Status page provides IGMP snooping status. NS3552-8P-2S-V2 User Manual...
Page 161 When initially accessing the page, it shows the first 20 entries entries per page from the beginning of the IGMP Group table. The Start from VLAN group fields permit the user to select the starting point in the IGMP group table. Address NS3552-8P-2S-V2 User Manual...
Page 162 When initially accessing the page, it shows the first 20 entries from the beginning of the IGMP Group table. The fields permit the user to Start from VLAN group Address select the starting point in the IGMP information table. NS3552-8P-2S-V2 User Manual...
Page 163 IGMP group table. I<< • Click to update the table, starting with the entry after the last entry currently >> shown. MLD snooping configuration The MLD Snooping Configuration page provides MLD snooping-related configuration. NS3552-8P-2S-V2 User Manual...
Page 164 When initially accessing the page, it shows the first 20 entries from the beginning of the VLAN table. The first entry shown will be the one with the lowest VLAN ID found in the VLAN table. NS3552-8P-2S-V2 User Manual...
Page 165 Refresh Start from VLAN entries input fields. per page • Click to update the table starting from the first entry in the VLAN table (i.e., the I<< entry with the lowest VLAN ID). NS3552-8P-2S-V2 User Manual...
Page 166 “deny” or “replace.” If the action is set to deny, any new MLD join reports will be dropped. If the action is set to replace, the switch randomly removes an existing group and replaces it with the new multicast group. NS3552-8P-2S-V2 User Manual...
Page 167 Add New Filtering Group • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. MLD snooping status The MLD Snooping Status page provides MLD snooping status. NS3552-8P-2S-V2 User Manual...
Page 168 When initially accessing the page, it shows the first 20 entries entries per page from the beginning of the MLD Group table. The Start from VLAN group Address fields permit the user to select the starting point in the MLD group table. NS3552-8P-2S-V2 User Manual...
Page 169 When initially accessing the page, it shows the first 20 entries from the beginning of the IGMP Group table. The fields permit the user to select Start from VLAN Group the starting point in the MLD information table. NS3552-8P-2S-V2 User Manual...
Page 170 Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports. A maximum of eight MVR VLANs with corresponding channel settings can be created for each multicast VLAN. A maximum of 256 group addresses are available for channel settings. NS3552-8P-2S-V2 User Manual...
Page 171 Chapter 4: Web configuration The MVR Configurations page provides MVR-related configuration information. NS3552-8P-2S-V2 User Manual...
Page 172 Receiver: Configure a port as a receiver port if it is a subscriber port and should only receive multicast data. It does not receive data unless it becomes a member of the multicast group by issuing IGMP/MLD messages. We do not recommend overlapping MVR source ports with Caution: NS3552-8P-2S-V2 User Manual...
Page 173 The number of received IGMPv1 joins and MLDv2 reports, respectively. IGMPv3/MLDv2 Reports Received The number of received IGMPv2 leaves and MLDv1 dones, respectively. IGMPv2/MLDv1 Leaves Received Buttons • Click to refresh the page immediately. Refresh • Click to clear all statistics counters. Clear NS3552-8P-2S-V2 User Manual...
Page 174: Quality Of Service (Qos)
>> shown. Quality of Service (QoS) Understanding QoS Quality of Service (QoS) is an advanced traffic prioritization feature that allows you to establish control over network traffic. QoS permits the assignment of various grades of NS3552-8P-2S-V2 User Manual...
Page 175 To implement QoS on a network, perform the following actions: 1. Define a service level to determine the priority that will be applied to traffic. 2. Apply a classifier to determine how the incoming traffic will be classified and thus treated by the industrial managed switch. NS3552-8P-2S-V2 User Manual...
Page 176 If flow control is enabled and the port is in flow control mode, then pause Flow Control frames are sent instead of discarding frames. Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 177 Shows "disabled" or actual port shaper rate (e.g., "800 Mbps"). Port QoS egress port schedule and shapers The port scheduler and shapers for a specific port are configured on the QoS Egress Port Schedule and Shapers page. NS3552-8P-2S-V2 User Manual...
Page 178 Unit is kbps, and it is restricted to 1- 100-1000000 when the Unit is Mbps. 13200 Controls the unit of measure for the port shaper rate as or Mbps. The Port Shaper Unit kbps default value is kbps. NS3552-8P-2S-V2 User Manual...
Page 179 QCL entry. means all ports will have one specific setting. Controls the default PCP value. All frames are classified to a PCP value. If the port is VLAN-aware and the frame is tagged, then the frame is NS3552-8P-2S-V2 User Manual...
Page 180 Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. QoS ingress port tag classification Configure the classification modes for tagged frames on this page. NS3552-8P-2S-V2 User Manual...
Page 181 The logical port for the settings contained in the same row. Click on the port Port number to configure the schedulers. For more details, refer to “Understanding QoS” on page 172. Shows the scheduling mode for this port. Mode Shows the weight for this queue and port. Q0 ~ Q5 NS3552-8P-2S-V2 User Manual...
Page 182 Mapped: Use mapped versions of QoS class and DP level. QoS egress port tag remarking The QoS Egress Port Tag Remarking page can also provide an overview of QoS egress port tag remarking for a specific port. NS3552-8P-2S-V2 User Manual...
Page 183 Reset values. • Click to return to the previous page. Cancel Port DSCP The QoS Port DSCP Configuration page permits configuration of the basic QoS port DSCP settings for all switch ports. NS3552-8P-2S-V2 User Manual...
Page 184 Click to undo any changes made locally and revert to previously saved Reset values. DSCP-based QoS The QoS DSCP-Based QoS Ingress Classification page permits configuration of the basic QoS DSCP-based QoS ingress classification settings for all switches. NS3552-8P-2S-V2 User Manual...
Page 185 Level. Frames with untrusted DSCP values are treated as a non-IP frame. QoS Class values can be between 0-7. QoS Class Drop Precedence Level (0-1) Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 186 DSCP for the QoS class and DPL map. There are two configuration parameters for DSCP Translation: Translate Classify DSCP at the Ingress side can be translated to any of 0-63 DSCP values. Translate Click to enable classification at the Ingress side. Classify Classify NS3552-8P-2S-V2 User Manual...
Page 187 Save • Click to undo any changes made locally and revert to previously saved Reset values. DSCP classification The DSCP Classification page permits mapping a DSCP value to a QoS Class and DPL value. NS3552-8P-2S-V2 User Manual...
Page 188 Displays the OUI field of Source MAC address (i.e., the first three octets (in SMAC bytes) of the MAC address). Indicates tag type. Selections include: Tag Type Any: Match tagged and untagged frames. Default value. Untagged: Match untagged frames. NS3552-8P-2S-V2 User Manual...
Page 189 : Moves the QCE down the list. : Deletes the QCE. : The lowest plus sign adds a new entry at the bottom of the list of QCL. QoS control entry configuration The QCE Configuration page appears as follows: NS3552-8P-2S-V2 User Manual...
Page 190 – Diffserv Code Point value (DSCP): It can be a specific value, range DSCP of values, or Any. DSCP values are in the range 0-63 including BE, CS1- CS7, EF or AF11-AF43. – Source TCP/UDP port:(0-65535) or Any, specific or port range Sport applicable for IP protocol UDP/TCP. NS3552-8P-2S-V2 User Manual...
Page 191 Any: The QCE will match all frame types. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed. SNAP: Only (SNAP) frames are allowed. IPv4: The QCE will match only IPV4 frames. NS3552-8P-2S-V2 User Manual...
Page 192 Resolve Conflict when the conflict status for any QCL entry is Yes. • Click to refresh the page. Refresh Queue policing Configure the queue policer settings for all switch ports in the QoS Ingress Queue Policers page. NS3552-8P-2S-V2 User Manual...
Page 193 These only affect flooded frames (i.e., frames with a (VLAN ID, DMAC) pair not present on the MAC Address table). The configuration indicates the permitted packet rate for unicast, multicast, or broadcast traffic across the switch. NS3552-8P-2S-V2 User Manual...
Page 194 • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. QoS statistics The Queuing Counters page provides statistics for the different queues for all switch ports. NS3552-8P-2S-V2 User Manual...
Page 195 We recommended that there be two VLANs on a port – one for voice and one for data. Before connecting the IP device to the switch, the IP phone should configure the voice VLAN ID correctly. It should be configured through its own GUI. NS3552-8P-2S-V2 User Manual...
Page 196 All: All ports will have one specific setting. Voice VLAN OUI table Configure Voice VLAN OUI table on the Voice VLAN OUI Table page. The maximum entry number is 16. Modifying the OUI table restarts auto detection of the OUI process. NS3552-8P-2S-V2 User Manual...
Page 197: Access Control Lists (Acl)
Each accessible traffic object contains an identifier to its ACL. The privileges determine if there are specific traffic object access rights. ACL implementations can be quite complex (as when the ACEs are prioritized for various situations). In networking, the ACL refers to a list of service ports or network NS3552-8P-2S-V2 User Manual...
Page 198 Permit: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped. Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. Rate Limiter When is shown, the rate limiter operation is disabled. Disabled NS3552-8P-2S-V2 User Manual...
Page 199 Indicates the ingress port of the ACE. Possible values are: Ingress Port All: The ACE matches all ingress port. Port: The ACE matches a specific ingress port. Indicates the policy number and bitmask of the ACE. Policy / Bitmask NS3552-8P-2S-V2 User Manual...
Page 200 First select the ingress port for the ACE, and then select the frame type. Different parameter options appear depending on the frame type selected. A frame that hits this ACE matches the configuration that is defined here. NS3552-8P-2S-V2 User Manual...
Page 201 Policy Value Specific value. The permitted range is to 255. When is selected for the policy filter, you can enter a specific policy Policy Bitmask Specific bitmask. The permitted range is to 0xff. NS3552-8P-2S-V2 User Manual...
Page 202 Disabled: Port shut down is disabled for the ACE. Note: The shutdown feature only works when the packet length is less than 1518 (without VLAN tags). The counter indicates the number of times the ACE was hit by a frame. Counter NS3552-8P-2S-V2 User Manual...
Page 203 The allowed number range is 0 to 7. The value means that no tag priority is specified (tag priority is "don't-care”). ARP parameters Object Description Specify the available ARP/RARP opcode (OP) flag for this ACE. ARP/RARP NS3552-8P-2S-V2 User Manual...
Page 204 0: ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04). 1: ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04). Any: Any value is allowed ("don't-care”). NS3552-8P-2S-V2 User Manual...
Page 205 Yes: IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry. Any: Any value is allowed ("don't-care”). NS3552-8P-2S-V2 User Manual...
Page 206 When is selected for the ICMP code filter, you can enter a specific ICMP Code Value Specific ICMP code value. The allowed range is to 255. A frame that hits this ACE matches this ICMP code value. NS3552-8P-2S-V2 User Manual...
Page 207 0: TCP frames where the RST field is set must not be able to match this entry. 1: TCP frames where the RST field is set must be able to match this entry. Any: Any value is allowed ("don't-care”). NS3552-8P-2S-V2 User Manual...
Page 208 Cancel ACL ports configuration Configure the ACL parameters (ACE) of each switch port on the ACL Ports Configuration page. These parameters will affect frames received on a port unless the frame matches a specific ACE. NS3552-8P-2S-V2 User Manual...
Page 209 Specify the port shut down operation of this port. Selections include: Shutdown Enabled: If a frame is received on the port, the port will be disabled. Disabled: Port shut down is disabled. The default value is Disabled. means all ports will have one specific setting. NS3552-8P-2S-V2 User Manual...
Page 210 Any changes made locally are undone. Refresh • Click to clear the counters. Clear ACL rate limiter configuration Configure the rate limiter for the ACL of the industrial managed switch on the ACL Rate Limiter Configuration page. NS3552-8P-2S-V2 User Manual...
Page 211: Authentication
When authentication is complete, the RADIUS server sends a special packet containing a success or failure indication. Besides forwarding this decision to the supplicant, the switch uses it to open up or block traffic on the switch port connected to the supplicant. NS3552-8P-2S-V2 User Manual...
Page 212 Understanding IEEE 802.1X port-based authentication The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client NS3552-8P-2S-V2 User Manual...
Page 213 The switch includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with the authentication server. When the NS3552-8P-2S-V2 User Manual...
Page 214 If the authentication succeeds, the switch port becomes authorized. The specific exchange of EAP frames depends on the authentication method being used. The diagram below shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS server. NS3552-8P-2S-V2 User Manual...
Page 215 When a client logs off, it sends an EAPOL-logoff message that causes the switch port to transition to the unauthorized state. If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. NS3552-8P-2S-V2 User Manual...
Page 216 Configure the IEEE 802.1X and MAC-based authentication system and port settings on the Network Access Server Configuration page. The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. One or more central NS3552-8P-2S-V2 User Manual...
Page 217 The switch uses the MAC address to authenticate against the back end server. Intruders can create counterfeit MAC addresses, which makes MAC-based authentication less secure than 802.1X authentication. The NAS configuration consists of two sections, a system- and a port-wide. NS3552-8P-2S-V2 User Manual...
Page 218 "Configuration > Security > AAA" Page), the client is put on hold in the Unauthorized state. The hold timer does not count during an on-going authentication. In MAC-based Auth. mode, the The switch will ignore new frames coming NS3552-8P-2S-V2 User Manual...
Page 219 (selected), the switch considers entering the Guest VLAN even if an EAPOL frame has been received on the port for the life-time of the port. The value can only be changed if the Guest VLAN option is globally enabled. NS3552-8P-2S-V2 User Manual...
Page 220 This allows other clients connected to the port (through a hub, for example) to piggy- back on the successfully authenticated client and get network access even though they really aren't authenticated. To overcome this security breach, NS3552-8P-2S-V2 User Manual...
Page 221 The disadvantage is that MAC addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be used by NS3552-8P-2S-V2 User Manual...
Page 222 Private-Group-ID does not need to include a Tag): Value of Tunnel-Medium-Type must be set to "IEEE-802" (ordinal 6). Value of Tunnel-Type must be set to "VLAN" (ordinal 13). Value of Tunnel-Private-Group-ID must be a string of ASCII chars in the NS3552-8P-2S-V2 User Manual...
Page 223 (EAPOL-based authentication). For MAC-based authentication, reauthentication is attempted immediately. The button only has an effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized. NS3552-8P-2S-V2 User Manual...
Page 224 Response Identity EAPOL frame for EAPOL-based authentication, and the source MAC address from the most recently received frame from a new client for MAC-based authentication. QoS Class assigned to the port by the RADIUS server if enabled. QoS Class NS3552-8P-2S-V2 User Manual...
Page 225 ID is not overridden by NAS. If the VLAN ID is assigned by the RADIUS server, "(RADIUS-assigned)" is appended to the VLAN ID. If the port is moved to the Guest VLAN, "(Guest)" is appended to the VLAN NS3552-8P-2S-V2 User Manual...
Page 226 Length field is invalid. dot1xAuthEapolFrame The number of EAPOL Total frames of any type that have been transmitted by the switch. dot1xAuthEapolReqId The number of EAPOL Request ID FramesTx Request Identity frames that have been transmitted by the switch. NS3552-8P-2S-V2 User Manual...
Page 227 Indicates that the supplicant/client has successfully authenticated to the back end server. dot1xAuthBack Auth. 802.1X- and MAC-based: endAuthFails Counts the number of Failures times that the switch receives a failure message. This indicates that the supplicant/client has not NS3552-8P-2S-V2 User Manual...
Page 228 802.1X-based: lFrameVersion The protocol version number carried in the most recently received EAPOL frame. MAC-based: Not applicable. Identity 802.1X-based: The user name (supplicant identity) carried in the most recently received Response Identity EAPOL frame. MAC-based: Not applicable. NS3552-8P-2S-V2 User Manual...
Page 229 • Click to refresh the page immediately. Refresh • Click to clear the counters for the selected port. This button is available in the Clear following modes: • Force Authorized • Force Unauthorized • Port-based 802.1X NS3552-8P-2S-V2 User Manual...
Page 230 This button is Clear This available in the following modes: • Multi 802.1X • MAC-based Auth.X Authentication server configuration Configure the authentication servers on the Authentication Server Configuration page. NS3552-8P-2S-V2 User Manual...
Page 231 Enable the TACACS+ authentication server by selecting this check box. Enabled The IP address or hostname of the TACACS+ authentication server. IP address is expressed in dotted decimal notation. Address/Hostname The UDP port to use on the TACACS+ authentication server. If the port is Port NS3552-8P-2S-V2 User Manual...
Page 232 Reset values. RADIUS overview The RADIUS Authentication/Accounting Server Overview page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page. NS3552-8P-2S-V2 User Manual...
Page 233 The number of seconds left before this occurs is displayed in parentheses. This state is only reachable when more than one server is enabled. Buttons • Click to refresh the page immediately. Refresh • Click to refresh the page automatically. Automatic refresh occurs Auto-refresh every three seconds. NS3552-8P-2S-V2 User Manual...
Page 234 The page includes the following fields: RADIUS authentication statistics The statistics map closely to those specified in RFC4668 - RADIUS Authentication Client MIB. Use the server select box to switch between the back end servers to show details for each. NS3552-8P-2S-V2 User Manual...
Page 235 The number of RADIUS Access tAccessRequests Access-Request packets Requests sent to the server. This does not include retransmissions. radiusAuthClientEx The number of RADIUS Access tAccessRetransmis Access-Request packets Retransmissi retransmitted to the NS3552-8P-2S-V2 User Manual...
Page 236 This state is only reachable when more than one server is enabled. Round-Trip radiusAuthClie The time interval (measured in milliseconds) Time ntExtRoundTrip between the most recent Access-Reply/Access- Time Challenge and the Access-Request that matched it from the RADIUS authentication NS3552-8P-2S-V2 User Manual...
Page 237 Requests radiusAccClientEx The number of RADIUS tRequests packets sent to the server. This does not include retransmissions. Retransmissions radiusAccClientEx The number of RADIUS tRetransmissions packets retransmitted to the RADIUS accounting server. Pending radiusAccClientEx The number of RADIUS NS3552-8P-2S-V2 User Manual...
Page 238 Response and the Request that matched it from the RADIUS accounting server. The granularity of this measurement is 100 ms. A value of 0 ms indicates that there has yet to be round-trip communication with the server. NS3552-8P-2S-V2 User Manual...
Page 239 192.168.0.100). Ensure that the shared secret key is as same as the one you had set at the industrial managed switch’s 802.1x system configuration (12345678 in this case). 1. Configure the IP Address of remote RADIUS server and secret key. 2. Click on the Windows 2003 server. New RADIUS Client NS3552-8P-2S-V2 User Manual...
Page 240 Chapter 4: Web configuration 3. Assign the client IP address to the industrial managed switch. 4. The shared secret key should be as same as the key configured on the industrial managed switch. NS3552-8P-2S-V2 User Manual...
Page 241 6. Create user data. The establishment of the user data needs to be created on the Radius Server PC. For example, select Active Directory Users and Computers and create legal user data (Windows Server 2003). 7. Right-click a user that you created and then type in properties and configure settings. NS3552-8P-2S-V2 User Manual...
Page 242 Otherwise, the switch might not be able to access the RADIUS server after the 802.1X starts to work. 802.1X client configuration Windows XP has native support for 802.1X. The following procedures show how to configure 802.1X Authentication in Windows XP. NS3552-8P-2S-V2 User Manual...
Page 243 Properties setting window. Properties 4. Click the tab. Authentication 5. Select to enable 802.1x Enable network access control using IEEE 802.1X authentication. 6. Select from the drop-down list box for EAP type. MD-5 Challenge NS3552-8P-2S-V2 User Manual...
Page 244 8. When the client has associated with the industrial managed switch, a user authentication notice appears in the system tray. Click on the notice to continue. 9. Type the user name, password and the logon domain that your account belongs to. 10. Click to complete the validation process. NS3552-8P-2S-V2 User Manual...
Page 245: Security
The action can be one of the four different actions as described below. The limit control module utilizes a lower-layer port security module that manages MAC addresses learned on the port. The limit control configuration consists of two sections, a system- and a port-wide. NS3552-8P-2S-V2 User Manual...
Page 246 The end-host will be allowed to forward if the limit is not exceeded. Now suppose that the end-host logs off or powers down. If it wasn't for aging, the end-host would still take up resources on this switch and will be allowed to NS3552-8P-2S-V2 User Manual...
Page 247 Action is set to or Trap. None Shutdown: Indicates that the port is shut down by the Limit Control module. This state can only be shown if Action is set to Shutdown Trap & NS3552-8P-2S-V2 User Manual...
Page 248 Access management Configure the access management table on the Access Management Configuration page. The maximum entry number is 16. If the application's type match any one of the access management entries, it will allow access to the switch. NS3552-8P-2S-V2 User Manual...
Page 249 Add New Entry • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. Access management statistics The Access Management Statistics page provides statistics for access management. NS3552-8P-2S-V2 User Manual...
Page 250 HTTPS connection when both HTTPS mode and Automatic Redirect are enabled or redirects web browser to an HTTP connection when both are disabled. Selections include: Enabled: Enable HTTPS redirect mode operation. Disabled: Disable HTTPS redirect mode operation. Buttons • Click to save changes. Save NS3552-8P-2S-V2 User Manual...
Page 251 MAC address to forward or block it. For a MAC address to be set in the forwarding state, all enabled user modules must unanimously agree on allowing the MAC address to forward. If only one chooses to block it, it will be blocked until that user module decides otherwise. NS3552-8P-2S-V2 User Manual...
Page 252 A one-letter abbreviation of the user module. This is used in the Users Abbr column in the port status table. Port status The table has one row for each port on the selected switch in the switch and a number of columns, which are: NS3552-8P-2S-V2 User Manual...
Page 253 MAC address to be set in the forwarding state, all enabled user modules must unanimously agree on allowing the MAC address to forward. If only one chooses to block it, it will be blocked until that user module decides otherwise. NS3552-8P-2S-V2 User Manual...
Page 254 DHCP snooping DHCP snooping is used to block intruders on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server. NS3552-8P-2S-V2 User Manual...
Page 255 Chapter 4: Web configuration Configure DHCP Snooping on the DHCP Snooping Configuration page. NS3552-8P-2S-V2 User Manual...
Page 256 DHCP snooping statistics This page provides statistics for DHCP snooping. The statistics only counter packet under DHCP snooping mode is enabled and relay mode is disabled. DHCP packets for the system DHCP client are not counted. NS3552-8P-2S-V2 User Manual...
Page 257 DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. The IP Source Guard Configuration page provides IP Source Guard-related configuration data. NS3552-8P-2S-V2 User Manual...
Page 258 Buttons • Click to translate all dynamic entries to static entries. Translate Dynamic to Static • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 259 Layer 2 networks by "poisoning" the ARP caches. This feature is used to block such attacks. Only valid ARP requests and responses can go through DUT. The ARP Inspection Configuration page provides ARP Inspection related configuration. NS3552-8P-2S-V2 User Manual...
Page 260 Translate Dynamic to Static • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. ARP inspection static table The Static ARP Inspection Table page provides Static ARP Inspection data. NS3552-8P-2S-V2 User Manual...
Page 261: Mac Address Table
MAC table configuration The MAC Address Table is configured on the MAC Address Table Configuration page. Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here. NS3552-8P-2S-V2 User Manual...
Page 262 No learning is done. Disable Only static MAC entries are learned, all other frames are Secure dropped. Note: Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure NS3552-8P-2S-V2 User Manual...
Page 263 MAC address table status Dynamic MAC table Entries in the MAC table are shown on this page. The MAC table contains up to 8192 entries and is sorted first by VLAN ID, then by MAC address. NS3552-8P-2S-V2 User Manual...
Page 264 Entries in the Dynamic ARP Inspection Table are shown on this page. The Dynamic ARP Inspection Table contains up to 1024 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. NS3552-8P-2S-V2 User Manual...
Page 265 MAC table (i.e., the I<< entry with the lowest VLAN ID and MAC address). • Click to update the table, starting with the entry after the last entry currently >> displayed. NS3552-8P-2S-V2 User Manual...
Page 266 The IP address of the entry. IP Address Buttons • Click to refresh the page automatically. Automatic refresh occurs Auto-refresh every three seconds. • Click to refresh the displayed table starting from the Refresh MAC address input fields. VLAN NS3552-8P-2S-V2 User Manual...
Page 267: Lldp
SNMP applications to simplify troubleshooting, enhance network management, and maintain an accurate network topology. LLDP configuration The LLDP Configuration page allows the user to inspect and configure the current LLDP port settings. NS3552-8P-2S-V2 User Manual...
Page 268 LLDP information. The switch will not send out LLDP information, and will drop LLDP Disabled information received from neighbors. The switch will send out LLDP information, and will analyze LLDP Enabled information received from neighbors. NS3552-8P-2S-V2 User Manual...
Page 269 Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 270 With Fast start repeat count it is possible to specify the number of times the fast start transmission would be repeated. The recommended value is four times, given that four LLDP frames with a one second interval will be transmitted when an LLDP frame with new information is received. NS3552-8P-2S-V2 User Manual...
Page 271 IETF Geopriv Civic Address based Location Configuration Information (Civic Address LCI). Object Description The two-letter ISO 3166 country code in capital ASCII letters - Country code Example: DK, DE or US. National subdivisions (state, canton, region, province, prefecture). State NS3552-8P-2S-V2 User Manual...
Page 272 VLAN configuration, along with the associated Layer 2 and Layer 3 attributes, which apply for a set of specific protocol applications on that port. Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service. NS3552-8P-2S-V2 User Manual...
Page 273 Guest Voice – Support a separate 'limited feature–set' voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services. Guest Voice Signaling (conditional) – For use in network topologies that NS3552-8P-2S-V2 User Manual...
Page 274 The number of policies supported is 32 Port policies configuration Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration. NS3552-8P-2S-V2 User Manual...
Page 275 5. Any device that supports the IEEE 802.1AB and MED extensions defined by TIA-1057 and can relay IEEE 802 frames via any method. LLDP-MED Endpoint Device Definition Within the LLDP-MED Endpoint Device category, the LLDP-MED scheme is broken into further Endpoint Device Classes, as defined in the following. NS3552-8P-2S-V2 User Manual...
Page 276 5. Extended Power via MDI - PD 6. Inventory 7. Reserved Application Type indicating the primary function of the application(s) defined Application Type for this network policy, advertised by an Endpoint or Network Connectivity Device. The possible application types are as follows: NS3552-8P-2S-V2 User Manual...
Page 277 Auto-negotiation status identifies if auto-negotiation is currently enabled at Auto-negotiation the link partner. status If Auto-negotiation is supported and Auto-negotiation status is disabled, the 802.3 PMD operating mode will be determined by the operational MAU type field value rather than by auto-negotiation. NS3552-8P-2S-V2 User Manual...
Page 278 (-). The neighbor unit's address that is used for higher layer entities to assist the Management discovery by the network management. This could, for instance, hold the Address neighbor's IP address. NS3552-8P-2S-V2 User Manual...
Page 279 Total Neighbors Entries Deleted Shows the number of LLDP frames dropped due to the entry table being full. Total Neighbors Entries Dropped Shows the number of entries deleted due to Time-To-Live expiring. Total Neighbors Entries Aged Out NS3552-8P-2S-V2 User Manual...
Page 280: Network Diagnostics
Use the Diagnostics menu items to display and configure basic administrative details of the industrial managed switch. Under System, the following topics are provided to configure and view the system information: • Ping • IPv6 Ping NS3552-8P-2S-V2 User Manual...
Page 281 After clicking Start, five ICMPv6 packets are transmitted, and the sequence number and roundtrip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. NS3552-8P-2S-V2 User Manual...
Page 282 IP connectivity issues on a special port. After clicking Test, five ICMP packets are transmitted, and the sequence number and roundtrip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. NS3552-8P-2S-V2 User Manual...
Page 283 The VeriPHY Cable Diagnostics page is used for running cable diagnostics. Click Start to run the diagnostics. This will take approximately 15 seconds for a 1000Base-T Laptop/PC. Cable diagnostics is only accurate for cables of 7-140 meters in length. Note: NS3552-8P-2S-V2 User Manual...
Page 284 The port where you are requesting cable diagnostics. Port Port: Port number. Cable Status Pair: The status of the cable pair. Length: The length (in meters) of the cable pair. The resolution is 3 meters Buttons • Click to run the diagnostics. Start NS3552-8P-2S-V2 User Manual...
Page 285: Loop Protection
This section describes the enable loop protection function that provides loop protection to prevent broadcast loops in the industrial managed switch. Loop protection configuration The Loop Protection Configuration page allows the user to inspect and change the current loop protection configurations. NS3552-8P-2S-V2 User Manual...
Page 286 Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. Loop protection status The Loop Protection Status page shows the loop protection port status of the switch. NS3552-8P-2S-V2 User Manual...
Page 287: Rmon
(sending Trap or record in logs). RMON alarm configuration Configure RMON alarm table on the RMON Alarm Configuration page. The entry index key is ID. NS3552-8P-2S-V2 User Manual...
Page 288 OutDiscards: The number of outbound packets that are discarded when the packets are normal. OutErrors: The number of outbound packets that could not be transmitted because of errors. OutQLen: The length of the output packet queue (in packets). NS3552-8P-2S-V2 User Manual...
Page 289 When initially accessing the page, it shows the first 20 entries from the per page beginning of the Alarm table. The first entry shown will be the one with the lowest ID found in the Alarm table. NS3552-8P-2S-V2 User Manual...
Page 290 • Click to update the table starting with the entry after the last entry currently >> displayed. RMON event configuration Configure the RMON Event table on the RMON Event Configuration page. The entry index key is ID. NS3552-8P-2S-V2 User Manual...
Page 291 When initially accessing the page, it shows the first 20 entries entries per page from the beginning of the Event table. The first entry shown will be the one with the lowest ID found in the Event table NS3552-8P-2S-V2 User Manual...
Page 292 Indicates the maximum data entries associated with this history control entry Buckets stored in RMON. The range is from 1 to 3600, default value is 50. The number of data to be saved in the RMON. Buckets Granted NS3552-8P-2S-V2 User Manual...
Page 293 The total number of packets received that were less than 64 octets. Undersize The total number of packets received that were longer than 1518 octets. Oversize The number of frames with a size less than 64 octets received with invalid Frag. CRC. NS3552-8P-2S-V2 User Manual...
Page 294 1000*(switch ID-1). For example, if the port is switch 3 port 5, the value is 2005. Buttons • Click to add a new community entry. Add New Entry • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 295 The total number of packets (including bad packets) received that were 64 64 Bytes octets in length. The total number of packets (including bad packets) received that were 65~127 between 65 to 127 octets in length. The total number of packets (including bad packets) received that were 128~255 NS3552-8P-2S-V2 User Manual...
Page 296: Ring
When the failure of a network connection occurs, the nodes block the failed link and report the signal failure message. The RPL owner switch will automatically unblock the PRL to recover from the failure. NS3552-8P-2S-V2 User Manual...
Page 297 Chapter 4: Web configuration MEP configuration Maintenance entity point instances are configured in the Maintenance Entity Point page. NS3552-8P-2S-V2 User Manual...
Page 298 MEP entry. Add New MEP • Click to refresh the page immediately. Refresh • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 299 IEEE String: This is defined by IEEE. 'Domain Name' can be a maximum of eight characters. 'MEG id' can be a maximum of eight characters. This is either ITU ICC (MEG ID value[1-6]) or IEEE Maintenance Domain ICC/Domain Name Name, depending on 'Format'. See Format. NS3552-8P-2S-V2 User Manual...
Page 300 Fault cause indicating that a CCM is received from this peer MEP with a cPriority priority different from what is configured for this MEP. Buttons • Click to add a new peer MEP. Add New Peer MEP NS3552-8P-2S-V2 User Manual...
Page 301 Buttons • Click to go to the Fault Management page. Fault Management • Click to go to the Performance Monitor page. Performance Monitoring • Click to refresh the page immediately. Refresh • Click to save changes. Save NS3552-8P-2S-V2 User Manual...
Page 302 There is an active alarm on the ERPS. Alarm Buttons • Click to add a new protection group entry. Add New Protection Group • Click to refresh the page immediately. Refresh • Click to save changes. Save NS3552-8P-2S-V2 User Manual...
Page 303 Click Help when on the ERPS web page. Port 0 APS MEP Click Help when on the ERPS web page. Port 1 APS MEP Type of protected ring. It can be either major ring or sub-ring. Ring Type NS3552-8P-2S-V2 User Manual...
Page 304 Administrative command. A port can be administratively configured to be in Command either manual switch or forced switch state. Port selection – Port 0 or Port 1 of the protection group on which the Port command is applied. NS3552-8P-2S-V2 User Manual...
Page 305 Automaticc Auto-refresh refresh occurs every six seconds. • Click to refresh the page immediately. Refresh • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 306 The switch where you are requesting ERPS. Number ID Configures the port number for the MEP. Port Set the ERPS VLAN. VLAN Buttons • Click to configure ERPS. Next • Click to save changes. • Click to show the ring topology. Save Topology NS3552-8P-2S-V2 User Manual...
Page 307 2. On switch 1, 2, and 3, disable STP to avoid a conflict with ERPS. Setup steps Set ERPS configuration on switch 1 1. Connect a PC directly to switch 1. Do not connect to port 1 or 2. NS3552-8P-2S-V2 User Manual...
Page 308 1. Connect a PC directly to switch 3. Do not connect to port 1 or 2. 2. Log in to switch 3 and select > Ring Ring Wizard. 3. Set “All Switch Number” = 3 and “Number ID” = 3. Click to set the ERPS Next configuration for switch 3. NS3552-8P-2S-V2 User Manual...
Page 309: Power Over Ethernet (Poe)
Point (AP) group for the enterprise. For example, 24 cameras/APs can be installed for company surveillance demands, or to build a wireless roaming environment in the office. Without power-socket limitation, the industrial managed switch makes the installation of cameras or WLAN APs simple and efficient. NS3552-8P-2S-V2 User Manual...
Page 310 PoE splitters split the PoE 52 VDC over the Ethernet cable into a 5/12 VDC power output. It frees the device deployment from restrictions due to power outlet locations, which eliminate the 3~12 Watts costs for additional AC wiring and reduces the installation time. NS3552-8P-2S-V2 User Manual...
Page 311 In this mode, each port automatically determines how much power to reserve according to the class the connected PD belongs to, and reserves the power accordingly. Four different port classes exist: 4, 7, 15.4, and 30.8 W. NS3552-8P-2S-V2 User Manual...
Page 312 PoE ports according to port priority settings. PoE configuration Inspect and configure the current PoE configuration settings on the Power over Ethernet Configuration page. NS3552-8P-2S-V2 User Manual...
Page 313 Click to undo any changes made locally and revert to previously saved Reset values. For NS3552-8P-2S-V2, the total PoE power reservation from Port-1~8 is up to Note: 240 W. PD classifications A PD may be classified by the PSE based on the classification information provided by the PD.
Page 314 Schedule: Enables the PoE function in schedule mode Indicates the schedule profile mode. Possible profiles are: Schedule Profile1 Profile2 Profile3 Profile4 Permits the user to select 802.3at or 802.3af compatibility AF/AT Mode mode. The default vaule is 802.3at mode. NS3552-8P-2S-V2 User Manual...
Page 315 After a power overload has been detected, the port automatically shuts down and remains in detection mode until the PD’s power consumption is lower than the power limit value. NS3552-8P-2S-V2 = 30.8 watts for per port PoE output. Buttons • Click to save changes.
Page 316 Watt power. The PoE schedule function can enable or disable PoE power feeding for each PoE port during specified time intervals, and is a powerful function to help SMB or Enterprises save power and reduce cost. NS3552-8P-2S-V2 User Manual...
Page 317 PoE schedule function. Click Apply after creating a schedule for the selected profile. Then, go to the PoE Port Configuration page and select Schedule from the PoE Mode drop-down list, and the NS3552-8P-2S-V2 User Manual...
Page 318 Delete LLDP PoE neighbors The LLDP Neighbor PoE Information page provides a status overview for all LLDP PoE neighbors. The displayed table contains a row for each port on which an LLDP PoE neighbor is detected. NS3552-8P-2S-V2 User Manual...
Page 319 After the PD stops working and does not respond, the industrial managed switch restarts PoE port power so that the PD is once again recognized and working. Configure PD alive check on the PD Ping Alive Check page. NS3552-8P-2S-V2 User Manual...
Page 320 If you cannot determine the precise booting time, we suggest set it to a longer time. Buttons • Click to save changes. Save • Click to undo any changes made locally and revert to previously saved Reset values. NS3552-8P-2S-V2 User Manual...
Page 321: Port Identification
Chapter 4: Web configuration Port identification Configure each port response time for TruVision Navigator in the port identification Configuration page. NS3552-8P-2S-V2 User Manual...
Page 322: Command Line Interface
This chapter describes how to use the Command Line Interface (CLI). Telnet login The managed switch supports telnet for remote management. The switch asks for a user name and password for remote login when using telnet. Use “admin” for the both the username and password. NS3552-8P-2S-V2 User Manual...
Page 323: Command Line Mode
Maintainence entity End Point Quality of Service Port mirroring Mirror Load/Save of configuration via TFTP Config Download of firmware via TFTP Firmware Universal Plug and Play UPnP Multicast VLAN Registration Specific VLAN for voice traffic Voice VLAN NS3552-8P-2S-V2 User Manual...
Page 324: System Command
: 1970-01-01 Thu 03:28:50+00:00 System Uptime : 03:28:50 Software Version: 1.0b121221 Software Date : 2012-12-21T14:58:31+0800 Previous Restart: Cold Power Status : PWR1 :ON,PWR2 :OFF NS3552-8P-2S-V2:/> System Log Configuration Description: Show system log configuration. Syntax: System Log Configuration NS3552-8P-2S-V2 User Manual...
Page 325 : Enable system log server mode disable: Disable system log server mode (default: Show system Log server mode) Default Setting: disable Example: To show the log server mode: NS3552-8P-2S-V2:/> System log server mode System Log Server Mode : Disabled NS3552-8P-2S-V2 User Manual...
Page 326 Show or set the system log server address. System Log Server Address [<ip_addr_string>] Parameters: <ip_addr_string>: IP host address (a.b.c.d) or a host name string Default Setting: empty Example: To set log server address: NS3552-8P-2S-V2:/> log server address 192.168.0.21 NS3552-8P-2S-V2 User Manual...
Page 327 It uses to determine what kind of message will send to syslog server. Syntax: System Log Level [info|warning|error] Parameters: : Send informations, warnings and errors info warning : Send warnings and errors error : Send errors Default Setting: info Example: To set log level: NS3552-8P-2S-V2:/> log level warning NS3552-8P-2S-V2 User Manual...
Page 328 Set or show the daylight saving time end time settings. Syntax: System DST end <week> <day> <month> <date> <year> <hour> <minute> Parameters: <week> : Week (1-5), 0: ignored <day> : Day (1-7), 0: ignored <month> : Month (1-12), 0: ignored <date> : Date (1-31), 0: ignored NS3552-8P-2S-V2 User Manual...
Page 329 System Restore Default Description: Restore factory default configuration. Syntax: System Restore Default [keep_ip] Parameters: keep_ip: Keep IP configuration, default: Restore full configuration Example: To restore default value but not reset IP address: NS3552-8P-2S-V2:/> system restore default keep_ip NS3552-8P-2S-V2 User Manual...
Page 330: Ip Command
: Disabled IPv6 AUTOCONFIG mode : Disabled IPv6 Link-Local Address: fe80::6082:cdb9:19ab:c0e2 IPv6 Address : ::192.168.0.100 IPv6 Prefix : 96 IPv6 Router : :: IP DHCP Description: Set or show the DHCP client mode. Syntax: IP DHCP [enable|disable] NS3552-8P-2S-V2 User Manual...
Page 331 <ping_length> : Ping ICMP data length (2-1452; Default is 56), excluding MAC, IP and ICMP headers : PING Count keyword count : Transmit ECHO_REQUEST packet count (1-60; Default is 5) <ping_count> : PING Interval keyword interval <ping_interval> : Ping interval (0-30; Default is 0) NS3552-8P-2S-V2 User Manual...
Page 332 IP IPv6 AUTOCONFIG [enable|disable] Parameters: enable : Enable IPv6 AUTOCONFIG mode disable: Disable IPv6 AUTOCONFIG mode Default Setting: disable Example: Enable IPv6 autoconfig function: NS3552-8P-2S-V2:/> ip ipv6 autoconfig enable IPv6 Setup Description: Set or show the IPv6 setup. NS3552-8P-2S-V2 User Manual...
Page 333 16-bit groups of contiguous zeros; but it can only appear once. It also used a following legally IPv4 address. For example,'::192.1.2.34'. enable : Enable the designated IPv6 Interface disable: Disable the designated IPv6 Interface IPv6 Ping6 Description: Ping IPv6 address (ICMPv6 echo). Syntax: NS3552-8P-2S-V2 User Manual...
Page 334 IP NTP Mode Description: Set or show the NTP mode. Syntax: IP NTP Mode [enable|disable] Parameters: : Enable NTP mode enable : Disable NTP mode disable (default: Show NTP mode) Default Setting: disable NS3552-8P-2S-V2 User Manual...
Page 335 1 2001:7b8:3:2c::123 IP NTP Server Delete Description: Delete NTP server entry. Syntax: IP NTP Server Delete <server_index> Parameters: <server_index>: The server index (1-5) Example: To delete NTP server: NS3552-8P-2S-V2:/> ip ntp server delete 1 NS3552-8P-2S-V2 User Manual...
Page 336: Port Management Command
: 10 Mbps, half duplex 10hdx : 10 Mbps, full duplex 10fdx : 100 Mbps, half duplex 100hdx : 100 Mbps, full duplex 100fdx : 1 Gbps, full duplex 1000fdx (default: Show configured and current mode) Default Setting: Auto Example: NS3552-8P-2S-V2 User Manual...
Page 337 Port Maximum Frame Description: Set or show the port maximum frame size. Syntax: Port MaxFrame [<port_list>] [<max_frame>] Parameters: <port_list>: Port list or 'all', default: All ports <max_frame>: Port maximum frame size (1518-9600), default: Show maximum frame size Default Setting: NS3552-8P-2S-V2 User Manual...
Page 338 Discard Example: NS3552-8P-2S-V2:/> port excessive 1 restart Port Statistics Description: Show port statistics. Syntax: Port Statistics [<port_list>] [<command>] [up|down] Parameters: <port_list>: Port list or 'all', default: All ports <command> : The command parameter takes the following values: NS3552-8P-2S-V2 User Manual...
Page 339 ----------- 1000Base-LX 1000-Base 1310 10000 1000Base-LX 1000-Base 1310 10000 Port Description Description: Set or show Port Description. Syntax: Port Description [<port_list>] [<descr_text>] Parameters: <port_list> : Port list or 'all', default: All ports <descr_text>: Text of port description NS3552-8P-2S-V2 User Manual...
Page 340: Mac Address Table Command
MAC Add <mac_addr> <port_list> [<vid>] Parameters: <mac_addr> : MAC address (xx-xx-xx-xx-xx-xx) <port_list>: Port list or 'all' or 'none' : VLAN ID (1-4095), default: 1 <vid> Example: Add Mac address 00-30-4F-01-01-02 in port1 and vid1 NS3552-8P-2S-V2:/> mac add 9c-f6-1a-03-1c-48 1 1 NS3552-8P-2S-V2 User Manual...
Page 341 (default: Show age time) Default Setting: Example: Set agetime value in 30 NS3552-8P-2S-V2:/> mac agetime 30 MAC Learning Description: Set or show the port learn mode. Syntax: MAC Learning [<port_list>] [auto|disable|secure] Parameters: <port_list>: Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 342 1-10,CPU NS3552-8P-2S-V2:/> MAC Statistics Description: Show MAC address table statistics. Syntax: MAC Statistics [<port_list>] Parameters: <port_list>: Port list or 'all', (default: All ports) Example: Set all of MAC statistics NS3552-8P-2S-V2:/>mac statistics Port Dynamic Addresses ---- ----------------- NS3552-8P-2S-V2 User Manual...
Page 343: Vlan Configuration Command
NS3552-8P-2S-V2:/> vlan configuration 1 VLAN Configuration: =================== Mode : IEEE 802.1Q Port PVID IngrFilter FrameType LinkType Q-in-Q Mode Eth type ---- ---- ---------- ---------- -------- ----------- -------- Disabled UnTag Disable VID VLAN Name Ports ---- -------------------------------- ----- NS3552-8P-2S-V2 User Manual...
Page 344 Set port10 that allow tagged frames only NS3552-8P-2S-V2:/> vlan frametype 10 tagged VLAN Ingress Filter Description: Set or show the port VLAN ingress filter. Syntax: VLAN IngressFilter [<port_list>] [enable|disable] Parameters: <port_list>: Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 345 : VLAN Link Type Untagged tagged (default: Show VLAN link type) Default Setting: Un-tagged Example: Enable tagged frame for port2 NS3552-8P-2S-V2:/> vlan linktype 2 tagged VLAN Q-in-Q Mode Description: Set or show the port Q-in-Q mode. Syntax: VLAN QinQ [<port_list>] [disable|man|customer] NS3552-8P-2S-V2 User Manual...
Page 346 <untagvid> : Port VLAN ID (0-4095) or 'none', default: Show port VLAN ID If Untag VID = 0 ,then disable untag VID function. Default Setting: VLAN Add Description: Add or modify VLAN entry. Syntax: VLAN Add <vid>|<name> [<port_list>] Parameters: <vid>|<name>: VLAN ID (1-4095) or VLAN Name NS3552-8P-2S-V2 User Manual...
Page 347 VLAN Forbidden Delete Description: Delete VLAN entry. Syntax: LAN Forbidden Delete <vid>|<name> Parameters: <vid>|<name>: VLAN ID (1-4095) or VLAN Name Example: Forbidden delete VLAN10 NS3552-8P-2S-V2:/> vlan forbidden delete 10 VLAN Forbidden Lookup Description: Lookup VLAN Forbidden port entry. NS3552-8P-2S-V2 User Manual...
Page 348 VLAN name - Maximum of 32 characters. VLAN Name can only <name> contain alpha characters or numbers. VLAN name should contain at least one alpha character. <vid> : VLAN ID (1-4095) Example: Add VLAN name for VLAN 1 NS3552-8P-2S-V2:/> vlan name add test 1 NS3552-8P-2S-V2 User Manual...
Page 349 : static port configuration static : NAS port configuration : MVR port configuration : Voice VLAN port configuration voice_vlan : MSTP port configuration mstp : All VLAN Users configuration (default: combined VLAN Users configuration) Default Setting: Promiscous Example: NS3552-8P-2S-V2 User Manual...
Page 350: Private Vlan Configuration Command
<port_list>: Port list or 'all', default: All ports Example: Show private VLAN configuration NS3552-8P-2S-V2:/> pvlan configuration Private VLAN Configuration: =========================== Port Isolation ---- --------- Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled PVLAN ID Ports -------- ----- 1-10 NS3552-8P-2S-V2 User Manual...
Page 351 Private VLAN ID, default: Show all PVLANs. The allowed range for a <pvlan_id> Private VLAN ID is the same as the switch port number range. Example: Lookup PVLAN NS3552-8P-2S-V2:/> pvlan lookup PVLAN ID Ports -------- ----- 1-10 PVLAN Isolate Description: Set or show the port isolation mode. Syntax: NS3552-8P-2S-V2 User Manual...
Page 352: Security Command
The allowed string length is (1-32). The valid user name is a combination of letters, numbers, and underscores : The password for this user name. The allowed string length is <password> (0-32). Use 'clear' or "" as null string <privilege_level>: User privilege level (1-15) NS3552-8P-2S-V2 User Manual...
Page 353 : Status/Statistics read-write privilege level (1-15) <srw> Example: Change privilege level of MVR group. NS3552-8P-2S-V2:/> security switch privilege level group mvr 15 15 15 15 Security Switch Privilege Level Current Description: Show the current privilege level. Syntax: Security Switch Privilege Level Current NS3552-8P-2S-V2 User Manual...
Page 354 : Enable local authentication if remote authentication fails enable : Disable local authentication if remote authentication fails disable (The parameter is effective when it is typed) Default Setting: disable Example: Use RADIUS authentication method for telnet. NS3552-8P-2S-V2:/> security switch auth method telnet radius enable NS3552-8P-2S-V2 User Manual...
Page 355 Security Switch HTTPs Configuration Description: Show HTTPS configuration. Syntax: Security Switch HTTPS Configuration Example: Show HTTPs configuration. NS3552-8P-2S-V2:/> security switch https configuration HTTPS Configuration: ==================== HTTPS Mode : Enable HTTPS Redirect Mode : Disabled NS3552-8P-2S-V2 User Manual...
Page 356 Security Switch Access Configuration Description: Show access management configuration. Syntax: Security Switch Access Configuration Example: Show access management configuration. NS3552-8P-2S-V2:/> security switch access configuration Access Mgmt Configuration: ========================== System Access Mode : Disabled System Access number of entries: 0 NS3552-8P-2S-V2 User Manual...
Page 357 (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can only appear NS3552-8P-2S-V2 User Manual...
Page 358 Syntax: Security Switch Access Lookup [<access_id>] Parameters: : entry index (1-16) <access_id> Example: Lookup access management entry. NS3552-8P-2S-V2:/> security switch access lookup 1 Security Switch Access Clear Description: Clear access management entry. Syntax: Security Switch Access Clear NS3552-8P-2S-V2 User Manual...
Page 359 Set or show the SNMP mode. Syntax: Security Switch SNMP Mode [enable|disable] Parameters: enable : Enable SNMP disable: Disable SNMP (default: Show SNMP mode) Default Setting: enable Example: Disable SNMP mode. NS3552-8P-2S-V2:/> security switch snmp mode disable NS3552-8P-2S-V2 User Manual...
Page 360 Security Switch SNMP Write Community [<community>] Parameters: <community>: Community string. Use 'clear' or "" to clear the string (default: Show SNMP write community) Default Setting: private Example: Set public value in SNMP write community. NS3552-8P-2S-V2:/> security switch snmp write community public NS3552-8P-2S-V2 User Manual...
Page 361 Security Switch SNMP Trap Community [<community>] Parameters: <community>: Community string. Use 'clear' or "" to clear the string (default: Show SNMP trap community) Default Setting: public Example: Set private value for SNMP trap community. NS3552-8P-2S-V2:/> security switch snmp trap community private NS3552-8P-2S-V2 User Manual...
Page 362 : Enable SNMP trap authentication failure disable: Disable SNMP trap authentication failure (default: Show SNMP trap authentication failure mode) Default Setting: enable Example: Disable SNMP trap authentication failure NS3552-8P-2S-V2:/> security switch snmp trap authentication failure disable NS3552-8P-2S-V2 User Manual...
Page 363 Security Switch SNMP Trap Inform Timeout [<timeout>] Parameters: <timeout>: SNMP trap inform timeout (0-2147 seconds) (default: Show SNMP trap inform timeout) Default Setting: Example: Set SNMP trap inform timeout in 20sec. NS3552-8P-2S-V2:/> security switch snmp trap inform timeout 20 NS3552-8P-2S-V2 User Manual...
Page 364 5 - 32 octet string Example: Set the SNMP trap security engine ID NS3552-8P-2S-V2:/> security switch snmp trap security engine id 800007e5017f000011 Security Switch SNMP Trap Security Name Description: Set or show SNMP trap security name. NS3552-8P-2S-V2 User Manual...
Page 365 <ip_mask> : IP subnet mask (a.b.c.d), default: Show IP mask Example: Add SNMPv3 community entry. NS3552-8P-2S-V2:/> security switch snmp community add public 192.168.0.20 255.255.255.0 Security Switch SNMP Community Delete Description: Delete SNMPv3 community entry. Syntax: Security Switch SNMP Community Delete <index> Parameters: <index>: entry index (1-64) NS3552-8P-2S-V2 User Manual...
Page 366 The allowed string length is (8-32), and the allowed content is ASCII characters from 33 to 126 <priv_password>: A string identifying the privacy pass phrase. The allowed string length is (8-40), and the allowed content is ASCII NS3552-8P-2S-V2 User Manual...
Page 367 Delete SNMPv3 user entry NS3552-8P-2S-V2:/> security switch snmp user changekey 800007e5017f000003 admin_snmpv3 87654321 12345678 Security Switch SNMP User Lookup Description: Lookup SNMPv3 user entry. Syntax: Security Switch SNMP User Lookup [<index>] Parameters: entry index (1-64) <index> Example: NS3552-8P-2S-V2 User Manual...
Page 368 Security Switch SNMP Group Delete <index> Parameters: entry index (1-64) <index> Example: Delete SNMPv3 group entry NS3552-8P-2S-V2:/> security switch snmp group delete 1 Security Switch SNMP Group Lookup Description: Lookup SNMPv3 group entry. Syntax: Security Switch SNMP Group Lookup [<index>] NS3552-8P-2S-V2 User Manual...
Page 369 .1 Security Switch SNMP View Delete Description: Delete SNMPv3 view entry. Syntax: Security Switch SNMP View Delete <index> Parameters: : entry index (1-64) <index> Example: Delete SNMPv3 view entry NS3552-8P-2S-V2:/> security switch snmp view delete 3 NS3552-8P-2S-V2 User Manual...
Page 370 The name of "None" is reserved. The allowed string length is (1-32), and the allowed content is ASCII characters from 33 to 126 Example: Add SNMPv3 access entry NS3552-8P-2S-V2:/> security switch snmp access add group_snmpv3 usm authpriv snmpv3_view snmpv3_view NS3552-8P-2S-V2 User Manual...
Page 371 <data_source>: The OID that indicates that the ifIndex in ifEntry. The value should be like .1.3.6.1.2.1.2.2.1.1.xxx. Security Switch RMON Statistics Delete Description: Delete RMON Statistics entry. The entry index key is <stats_id>. Syntax: Security Switch RMON Statistics Delete <stats_id> Parameters: <stats_id>: Statistics ID (1-65535). NS3552-8P-2S-V2 User Manual...
Page 372 <history_id> : History ID (1-65535). Security Switch RMON Alarm Add Description: Add or modify RMON Alarm entry. The entry index key is <alarm_id>. Syntax: Security Switch RMON Alarm Add <alarm_id> <interval> <alarm_vairable> [absolute|delta] <rising_threshold> <rising_event_index> <falling_threshold> <falling_event_index> [rising|falling|both] Parameters: NS3552-8P-2S-V2 User Manual...
Page 373 Delete RMON Alarm entry. The entry index key is <alarm_id>. Syntax: Security Switch RMON Alarm Delete <alarm_id> Parameters: <alarm_id>: Alarm ID (1-65535). Security Switch RMON Alarm Lookup Description: Show RMON Alarm entries. Syntax: Security Switch RMON Alarm Lookup [<alarm_id>] Parameters: <alarm_id>: Alarm ID (1-65535). NS3552-8P-2S-V2 User Manual...
Page 374 Syntax: Security Network Psec Switch [<port_list>] Parameters: <port_list>: Port list or 'all', default: All ports Example: Show port security status. NS3552-8P-2S-V2:/> security network psec switch Users: L = Limit Control 8 = 802.1X D = DHCP Snooping NS3552-8P-2S-V2 User Manual...
Page 375 Security Network Limit Configuration Description: Show Limit Control configuration. Syntax: Security Network Limit Configuration [<port_list>] Parameters: <port_list>: Port list or 'all', default: All ports Example: Show Limit Control configuration. NS3552-8P-2S-V2:/> security network limit configuration Port Security Limit Control Configuration: ========================================== NS3552-8P-2S-V2 User Manual...
Page 376 Set or show aging enabledness. Syntax: Security Network Limit Aging [enable|disable] Parameters: enable : Enable aging disable : Disable aging (default: Show current enabledness of aging) Default Setting: disable Example: Enable limit aging NS3552-8P-2S-V2:/> security network limit aging enable NS3552-8P-2S-V2 User Manual...
Page 377 Parameters: <port_list>: Port list or 'all', default: All ports : Max. number of MAC addresses on this port <limit> (default: Show current limit) Default Setting: Example: Set limit in 5 NS3552-8P-2S-V2:/> security network limit limit 1-10 5 NS3552-8P-2S-V2 User Manual...
Page 378 Syntax: Security Network NAS Configuration [<port_list>] Parameters: <port_list>: Port list or 'all', default: All ports Example: Show 802.1X configuration of port 1 NS3552-8P-2S-V2:/> security network nas configuration 1 802.1X Configuration: ===================== Mode : Disabled Reauth. : Disabled NS3552-8P-2S-V2 User Manual...
Page 379 : Port access is allowed unauthorized: Port access is not allowed : Single Host 802.1X Authentication single : Multiple Host 802.1X Authentication multi : Switch authenticates on behalf of the client macbased (default: Show 802.1X state) Default Setting: none Example: NS3552-8P-2S-V2 User Manual...
Page 380 (default: Show current RADIUS-assigned VLAN enabledness) Default Setting: disable Example: Enable RADIUS-assigned VLAN. NS3552-8P-2S-V2:/> security network nas radius_vlan enable Security Network NAS EapolTimeout Description: Set or show the time between EAPOL retransmissions. Syntax: Security Network NAS EapolTimeout [<eapol_timeout>] NS3552-8P-2S-V2 User Manual...
Page 381 Default Setting: Example: Set NAS hold time in 100sec NS3552-8P-2S-V2:/> security network nas holdtime 100 Security Network NAS RADIUS_QoS Description: Set or show either global enabledness (use the global keyword) or per-port enabledness of RADIUS-assigned QoS. Syntax: NS3552-8P-2S-V2 User Manual...
Page 382 [<reauth_max>] [<allow_if_eapol_seen>] Parameters: global: Select the global Guest VLAN setting <port_list>: Select the per-port Guest VLAN setting (default: Show current per-port Guest VLAN enabledness) enable|disable: enable : Enable Guest VLAN either globally or on one or more NS3552-8P-2S-V2 User Manual...
Page 383 Show or clear 802.1X statistics. Syntax: Security Network NAS Statistics [<port_list>] [clear|eapol|radius] Parameters: <port_list>: Port list or 'all', default: All ports clear : Clear statistics eapol : Show EAPOL statistics radius : Show Backend Server statistics (default: Show all statistics) NS3552-8P-2S-V2 User Manual...
Page 384 : System logging of frames: log|log_disable <logging> : Shut down ingress port: shut|shut_disable <shutdown> Example: Show ACL action in port 1 NS3552-8P-2S-V2:/> security network acl action 1 Port Action Rate Limiter Port Copy Mirror Logging Shutdown Counter NS3552-8P-2S-V2 User Manual...
Page 385 If the Port keyword is used, the rule applies to the specified port only. If the Policy keyword is used, the rule applies to all ports configured with the specified policy. The default is that the rule applies to all ports. NS3552-8P-2S-V2 User Manual...
Page 386 <rate_limiter>: Rate limiter number (1-15) or 'disable' <port_copy> : Port list for copy of frames or 'disable' : Mirror of frames: enable|disable <mirror> : System logging of frames: log|log_disable <logging> : Shut down ingress port: shut|shut_disable <shutdown> NS3552-8P-2S-V2 User Manual...
Page 387 : Shows the status by DHCP dhcp : Shows the status by UPnP upnp arp_inspection : Shows the status by ARP Inspection ip_source_guard : Shows the status by IP Source Guard : Shows all conflict status conflicts NS3552-8P-2S-V2 User Manual...
Page 388 (default: Show flow DHCP relaly mode) Default Setting: disable Example: Enable DHCP relay mode NS3552-8P-2S-V2:/> security network dhcp relay mode enable Security Network DHCP Relay Server Description: Show or set DHCP relay server. Syntax: Security Network DHCP Relay Server [<ip_addr>] NS3552-8P-2S-V2 User Manual...
Page 389 : Drop the package when receiving a DHCP message that already contains drop relay information (default: Show DHCP relay information policy) Default Setting: replace Example: Keep the original relay information when receiving a DHCP message that already NS3552-8P-2S-V2 User Manual...
Page 390 Security Network DHCP Snooping Port Mode Description: Set or show the DHCP snooping port mode. Syntax: Security Network DHCP Snooping Port Mode [<port_list>] [trusted|untrusted] Parameters: <port_list>: Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 391 Security Network IP Source Guard Configuration Description: Show IP source guard configuration. Syntax: Security Network IP Source Guard Configuration Security Network IP Source Guard Mode Description: Set or show IP source guard mode. Syntax: Security Network IP Source Guard Mode [enable|disable] NS3552-8P-2S-V2 User Manual...
Page 392 Set IP source guard limit NS3552-8P-2S-V2:/> security network ip source guard 1 1 Security Network IP Source Guard Entry Description: Add or delete IP source guard static entry. Syntax: Security Network IP Source Guard Entry [<port_list>] add|delete <vid> NS3552-8P-2S-V2 User Manual...
Page 393 Show ARP inspection configuration. Syntax: Security Network ARP Inspection Configuration Example: Show ARP inspection configuration. NS3552-8P-2S-V2:/> security network arp inspection configuration Security Network ARP Inspection Mode Description: Set or show ARP inspection mode. Syntax: Security Network ARP Inspection Mode [enable|disable] NS3552-8P-2S-V2 User Manual...
Page 394 ARP request <allowed_ip> : IP address (a.b.c.d), IP address allowed for doing ARP request Example: Add ARP inspection static entry. NS3552-8P-2S-V2:/> security network arp inspection entry 1 add 1 00-30- 4f-00-00-11 192.168.0.11 Security Network ARP Inspection Status Description: NS3552-8P-2S-V2 User Manual...
Page 395 Secret Port ------ -------- --------------- ------------------------------ ----- Disabled 1812 Disabled 1812 Disabled 1812 Disabled 1812 Disabled 1812 RADIUS Accounting Server Configuration: ======================================= Server Mode IP Address Secret Port ------ -------- --------------- ------------------------------ ----- Disabled 1813 Disabled 1813 NS3552-8P-2S-V2 User Manual...
Page 396 <dead_time>: Time that a server is considered dead if it doesn't answer a request (0-3600 seconds) (default: Show server dead time configuration) Default Setting: Example: Set 1000sec for server dead time NS3552-8P-2S-V2:/> security aaa deadtime 1000 Security AAA RADIUS Description: Set or show RADIUS authentication server setup. NS3552-8P-2S-V2 User Manual...
Page 397 <server_port> : Server UDP port. Use 0 to use the default RADIUS port (1813) Example: Set RADIUS accounting server configuration. NS3552-8P-2S-V2:/> security acct_radius 1 enable 192.168.0.20 12345678 1813 Security AAA TACACS+ Description: Set or show TACACS+ authentication server setup. Syntax: Security AAA TACACS+ [<server_index>] [enable|disable] [<ip_addr_string>] NS3552-8P-2S-V2 User Manual...
Page 398: Spanning Tree Protocol Command
(default: Show statistics for all servers) Example: Show RADIUS statistics. NS3552-8P-2S-V2:/> security aaa statistics Spanning Tree Protocol Command STP Configuration Description: Show STP configuration. Syntax: STP Configuration Example: Show STP configuration. NS3552-8P-2S-V2:/> stp cofiguration STP Configuration: ================== Protocol Version: MSTP NS3552-8P-2S-V2 User Manual...
Page 399 Set STP Tx hold in 10 NS3552-8P-2S-V2:/> stp txhold 10 STP MaxHops Description: Set or show the MSTP Bridge Max Hop Count parameter. Syntax: STP MaxHops [<maxhops>] Parameters: <maxhops>: STP BPDU MaxHops (6-40)) Default Setting: Example: Set STP maximum hops in 25 NS3552-8P-2S-V2 User Manual...
Page 400 <config-name>: MSTP Configuration name. A text string up to 32 characters long. Use quotes (") to embed spaces in name. : Integer value <integer> Default Setting: Configuration name: MAC address Configuration rev.: 0 Example: Set MSTP configuration name and revision. NS3552-8P-2S-V2:/> stp cname 9f_NS3552-8P-2S-V2 1 NS3552-8P-2S-V2 User Manual...
Page 401 <timeout>: Time before error-disabled ports are reenabled (30-86400 seconds, 0 disables) (default: Show recovery timeout) Default Setting: Disable Example: Set STP recovery value in 30 sec. NS3552-8P-2S-V2:/> stp recovery 30 STP Status Description: Show STP Bridge status. Syntax: NS3552-8P-2S-V2 User Manual...
Page 402 1 48 STP MSTI Map Description: Show or clear MSTP MSTI VLAN mapping configuration. Syntax: STP Msti Map [<msti>] [clear] Parameters: <msti>: STP bridge instance no (0-7, CIST=0, MSTI1=1, ...) Clear : Clear VID to MSTI mapping Example: NS3552-8P-2S-V2 User Manual...
Page 403 STP Port Mode [<port_list>] [enable|disable] Parameters: <port_list>: Port list or 'all'. Port zero means aggregations. : Enable MSTP protocol Enable : Disable MSTP protocol Disable Default: disable Example: Enable STP function on port1 NS3552-8P-2S-V2:/> stp port mode 1 enable NS3552-8P-2S-V2 User Manual...
Page 404 <port_list>: Port list or 'all', default: All ports : Enable MSTP point2point enable : Disable MSTP point2point disable : Automatic MSTP point2point detection auto Default: auto Example: Disable STP P2P function on port1 NS3552-8P-2S-V2:/> stp port p2p 1 disable NS3552-8P-2S-V2 User Manual...
Page 405 STP Port bpduGuard [<port_list>] [enable|disable] eters: <port_list>: Port list or 'all', default: All ports : Enable port BPDU Guard enable : Disable port BPDU Guard disable Default: disable Example: Enable BPDU guard on port1 NS3552-8P-2S-V2:/> stp port bpduguard 1 enable NS3552-8P-2S-V2 User Manual...
Page 406 Set or show the STP port instance path cost. Syntax: STP Msti Port Cost [<msti>] [<port_list>] [<path_cost>] Parameters: : STP bridge instance no (0-7, CIST=0, MSTI1=1, ...) <msti> <port_list>: Port list or 'all'. Port zero means aggregations. NS3552-8P-2S-V2 User Manual...
Page 407: Link Aggregation Command
Aggregation Add Description: Add or modify link aggregation. Syntax: Aggr Add <port_list> [<aggr_id>] Parameters: <port_list>: Port list or 'all', default: All ports <aggr_id> : Aggregation ID Example: Add port 1~4 in Group1 NS3552-8P-2S-V2:/> aggr add 1-4 1 NS3552-8P-2S-V2 User Manual...
Page 408 : Source and destination UDP/TCP port enable : Enable field in traffic distribution disable: Disable field in traffic distribution Default Setting: SMAC : Enabled DMAC : Disabled : Enabled Port : Enabled Example: Disable SMAC mode NS3552-8P-2S-V2:/> Aggr mode smac disable NS3552-8P-2S-V2 User Manual...
Page 409: Link Aggregation Control Protocol Command
LACP Mode [<port_list>] [enable|disable] Parameters: <port_list>: Port list or 'all', default: All ports enable : Enable LACP protocol disable: Disable LACP protocol (default: Show LACP mode) Default Setting: disable Example: Enable LACP for port1~4 NS3552-8P-2S-V2:/> lacp mode 1-4 enable NS3552-8P-2S-V2 User Manual...
Page 410 Set or show the LACP role. Syntax: LACP Role [<port_list>] [active|passive] Parameters: <port_list>: Port list or 'all', default: All ports active : Initiate LACP negotiation passive: Listen for LACP packets (default: Show LACP role) Default Setting: active NS3552-8P-2S-V2 User Manual...
Page 411 Show LACP statistics of port1~4 NS3552-8P-2S-V2:/> lacp statistics 1-4 Port Rx Frames Tx Frames Rx Unknown Rx Illegal ------ --------------- --------------- --------------- ---------- LACP Timeout Description: Set or show the LACP timeout. Syntax: LACP Timeout [<port_list>] [fast|slow] NS3552-8P-2S-V2 User Manual...
Page 412: Lldp Command
Enabled Enabled Enabled Disabled 2 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 3 Enabled Enabled Enabled Enabled Enabled Enabled Disabled 4 Enabled Enabled Enabled Enabled Enabled Enabled Disabled LLDP Mode Description: Set or show LLDP mode. Syntax: NS3552-8P-2S-V2 User Manual...
Page 413 Description of the system: Enable System capabilities: Enable Master's IP address: Enable Example: Disable description of the port for port1 NS3552-8P-2S-V2:/> lldp optional_tlv 1 port_descr disable LLDP Interval Description: Set or show LLDP Tx interval. Syntax: LLDP Interval [<interval>] Parameters: NS3552-8P-2S-V2 User Manual...
Page 414 <delay>: LLDP transmission delay (1-8192) Default Setting: Example: Set LLDP delay value in 1 NS3552-8P-2S-V2:/> lldp delay 1 LLDP Reinit Description: Set or show LLDP reinit delay. Syntax: LLDP Reinit [<reinit>] Parameters: <reinit>: LLDP reinit delay (1-10) NS3552-8P-2S-V2 User Manual...
Page 415 Port Frames Frames Errors Discards Errors Unknown Organz. Aged ---- ------ ------ ------ -------- ------ ------- ------- ----- LLDP Info Description: Show LLDP neighbor device information. Syntax: LLDP Info [<port_list>] Parameters: <port_list>: Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 416: Lldp Med Command
: National subdivisions (state, caton, region, province, prefecture) state : County, parish,gun (JP), district(IN) county : City, townchip, shi (JP) city : City division,borough, city, district, ward,chou (JP) district : Neighborhood, block block : Street street leading_street_direction : Leading street direction NS3552-8P-2S-V2 User Manual...
Page 417 <policy_list>: List of policies to delete Example: Delete the policy 1 NS3552-8P-2S-V2:/> lldpmed policy delete 1 LLDP MED Policy Add Description: Adds a policy to the list of polices. Syntax: LLDPMED policy add [voice|voice_signaling|guest_voice|guest_voice_signaling|softphone_voice|video_c onferencing|streaming_video|video_signaling] [tagged|untagged] [<vlan_id>] [<l2_priority>] [<dscp>] Parameters: NS3552-8P-2S-V2 User Manual...
Page 418 (0 through 63). A value of 0 represents use of the default DSCP value as defined in RFC 2475 LLDP MED Port Policy Description: Set or show LLDP-MED port polcies. Syntax: LLDPMED port policies [<port_list>] [<policy_list>] Parameters: <port_list> : Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 419 Set or show LLDP-MED Fast Start Repeat Count. Syntax: LLDPMED Fast [<count>] Parameters: The number of times the fast start LLDPDU are being sent during the <count> activation of the fast start mechanism defined by LLDP-MED (1-10). NS3552-8P-2S-V2 User Manual...
Page 420: Thermal Command
Set or show the ports priority. Syntax: Thermal port_prio [<port_list>] [<prio>] Parameters: <port_list>: Port list or 'all', default: All ports : Priority (0-3) <prio> Thermal Status Description: Shows the chip temperature. Syntax: Thermal status Thermal Configuration Description: Show thermal_protect configuration. NS3552-8P-2S-V2 User Manual...
Page 421: Poe Command
<port_list>: Port list or 'all', default: All ports : Set priority to low : Set priority to high high critical: Set priority to critical (default: Show PoE priority) Default Setting: high PoE Mamagement Mode Description: Show / Set PoE management mode. Syntax: NS3552-8P-2S-V2 User Manual...
Page 422: Ethernet Virtual Connections Command
Show EVC configuration. Syntax: EVC Configuration [<port_list>] [<policer_id>] Parameters: <port_list> : Port list or 'all', default: All ports <policer_id>: Policer ID (1-128) EVC Port DEI Description: Set or show port DEI mode. Syntax: EVC Port DEI [<port_list>] [<dei_mode>] Parameters: NS3552-8P-2S-V2 User Manual...
Page 423 EVC Policer [<policer_id>] [enable|disable] [<policer_mode>] [<cir>] [<cbs>] [<eir>] [<ebs>] Parameters: <policer_id> : Policer ID (1-128) : Enable policer enable : Disable policer disable <policer_mode>: Policer_mode: coupled|aware : Committed Information Rate [kbps] <cir> : Committed Burst Size [bytes] <cbs> NS3552-8P-2S-V2 User Manual...
Page 424 Description: Delete EVC. Syntax: EVC Delete <evc_id> Parameters: <evc_id>: EVC ID (1-128) EVC Lookup Description: Lookup EVC. Syntax: EVC Lookup [<evc_id>] Parameters: <evc_id>: EVC ID (1-128) EVC Status Description: Show EVC Status. Syntax: EVC Status [<evc_id>] Parameters: NS3552-8P-2S-V2 User Manual...
Page 425 : IPv4 source address (a.b.c.d/n) or 'any' <sip> : DSCP value/range (0-63) or 'any' <dscp> <fragment> : IPv4 fragment: any|fragment|non-fragment : UDP/TCP source port value/range (0-65535) or 'any' <sport> : UDP/TCP destination port value/range (0-65535) or 'any' <dport> NS3552-8P-2S-V2 User Manual...
Page 426 <ece_id>: ECE ID (1-128) EVC ECE Lookup Description: Lookup ECE. Syntax: EVC ECE Lookup [<ece_id>] Parameters: <ece_id>: ECE ID (1-128) EVC ECE Status Description: Show ECE Status. Syntax: EVC ECE Status [<ece_id>] Parameters: <ece_id>: ECE ID (1-128) NS3552-8P-2S-V2 User Manual...
Page 427: Ethernet Protection Switching Command
Hold off timer value EPS Command Description: EPS command set operation. Syntax: EPS command [<inst>] [clear|lockout|forced|manualp|manualw|exercise|freeze|lockoutlocal] Parameters: : Instance number <inst> clear|lockout|forced|manualp|manualw|exercise|freeze|lockoutlocal: EPS protection command type - clear is 'no command active' EPS State Description: NS3552-8P-2S-V2 User Manual...
Page 428: Maintainence Entity End Point Command
: This MEP id (0-0x1FFF) <mep> : C-TAG only applicable for Port MEP <vid> : Flow instance number (Port/EVC) <flow> enable|disable: enable/disable MEP Peer MEP Description: MEP Peer MEP id configuration. Syntax: MEP peer MEP [<inst>] [<mep>] [<mac_addr>] [enable|disable] NS3552-8P-2S-V2 User Manual...
Page 429 MEP APS configuration 'prio' is the priority (PCP) of transmitted APS frame 'uni|multi' is selecting uni-cast or multi-cast transmission of APS frame 'laps|raps' is selecting ELPS or ERPS protocol 'octet' is the last octet in RAPS multicast MAC. Syntax: NS3552-8P-2S-V2 User Manual...
Page 430 1m - to send OAM frames in the rate of 1 per minute : Protection usability set/clear set|clear enable|disable: enable/disable MEP LCK Configuration Description: MEP LCK configuration 'prio' is the priority (PCP) of transmitted AIS frame '1s|1m' is the number of AIS frame pr. second. NS3552-8P-2S-V2 User Manual...
Page 431 MEP lb config [<inst>] [set|clear] [<prio>] [uni|multi] [<mac_addr>] [<mep>] [<tosend>] [<size>] [<gap>] [enable|disable] Parameters: : Instance number <inst> : OAM DEI set/clear set|clear : OAM PDU priority <prio> : Destination address is unicast or multicast uni|multi : MAC address ('xx-xx-xx-xx-xx-xx' or 'xx.xx.xx.xx.xx.xx' or <mac_addr> NS3552-8P-2S-V2 User Manual...
Page 432 : The action to counter when overflow happens keep|reset : Enable to use DMM/DMR packets to calculate one-way DM d2ford1 enable|disable: enable/disable MEP Test Signal Configuration Description: MEP Test Signal configuration 'set|clear' is set or clear of DEI of transmitted LBM frame NS3552-8P-2S-V2 User Manual...
Page 433 MEP lm state [<inst>] Parameters: : Instance number <inst> MEP Loss Measurement State Clear Description: MEP Loss Measurement state clear Syntax: MEP lm clear <inst> Parameters: : Instance number <inst> MEP Link Trace State Description: MEP Link Trace state get. NS3552-8P-2S-V2 User Manual...
Page 434 RX rate is shown in 100 Kbps. Syntax: MEP tst state [<inst>] Parameters: : Instance number <inst> MEP Test Signal State Clear Description: MEP Test Signal state clear Syntax: MEP tst clear <inst> Parameters: : Instance number <inst> NS3552-8P-2S-V2 User Manual...
Page 435: Quality Of Service Command
Port Classification dpl 1 1 QoS Port Classification PCP Description: Set or show the default PCP for an untagged frame. Syntax: QoS Port Classification PCP [<port_list>] [<pcp>] Parameters: <port_list>: Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 436 Set or show the port classification map. This map is used when port classification tag is enabled,and the purpose is to translate the Priority Code Point (PCP) and Drop Eligible Indicator (DEI) from a tagged frame to QoS class and DP level. NS3552-8P-2S-V2 User Manual...
Page 437 (default: Show port policer mode) Default Setting: disable Example: Enable QoS port policer NS3552-8P-2S-V2:/> qos Port Policer Mode 1-10 enable QoS Port Policer Rate Description: Set or show the port policer rate. Syntax: QoS Port Policer Rate [<port_list>] [<rate>] NS3552-8P-2S-V2 User Manual...
Page 438 : Disable port policer flow control disable (default: Show port policer flow control mode) Default Setting: disable QoS Port QueuePolicer Mode Description: Set or show the port queue policer mode. Syntax: QoS Port QueuePolicer Mode [<port_list>] [<queue_list>] [enable|disable] Parameters: NS3552-8P-2S-V2 User Manual...
Page 439 Set or show the port scheduler weight. Syntax: QoS Port Scheduler Weight [<port_list>] [<queue_list>] [<weight>] Parameters: <port_list> : Port list or 'all', default: All ports <queue_list>: Weighted queue list or 'all', default: All weighted queues (0-5) : Scheduler weight (1-100) <weight> NS3552-8P-2S-V2 User Manual...
Page 440 <queue_list>: Queue list or 'all', default: All queues (0-7) : Enable use of excess bandwidth enable : Disable use of excess bandwidth disable (default: Show port queue excess bandwidth mode) Default Setting: disable Example: Enable the port queue excess bandwidth mode. NS3552-8P-2S-V2 User Manual...
Page 441 Set or show the default DEI. This value is used when port tag remarking mode is set to 'default'. Syntax: QoS Port TagRemarking DEI [<port_list>] [<dei>] Parameters: <port_list>: Port list or 'all', default: All ports : Drop Eligible Indicator (0-1) <dei> Default Setting: NS3552-8P-2S-V2 User Manual...
Page 442 This enables per port to map new DSCP value based on QoS class and DP level. Syntax: QoS Port DSCP Classification [<port_list>] [none|zero|selected|all] Parameters: <port_list>: Port list or 'all', default: All ports : No DSCP ingress classification none : Classify DSCP if DSCP = 0 zero NS3552-8P-2S-V2 User Manual...
Page 443 QoS DSCP Map [<dscp_list>] [<class>] [<dpl>] Parameters: <dscp_list>: DSCP (0-63, BE, CS1-CS7, EF or AF11-AF43) list or 'all' (default: Show DSCP ingress map table i.e. DSCP->(class, DPL)) : QoS class (0-7) <class> : Drop Precedence Level (0-1) <dpl> NS3552-8P-2S-V2 User Manual...
Page 444 : Enable DSCP ingress classification enable : Disable DSCP ingress classification disable (default: Show DSCP classification mode) Default Setting: disable QoS DSCP EgressRemap Description: Set or show DSCP egress remap table. This table is used if the port egress NS3552-8P-2S-V2 User Manual...
Page 445 Description: Set or show the broadcast storm rate limiter. The limiter will only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present in the MAC Address table. Syntax: QoS Storm Broadcast [enable|disable] [<packet_rate>] NS3552-8P-2S-V2 User Manual...
Page 446 : IP protocol number: (0-255, TCP or UDP) or 'any' <protocol> : Source IP address: (a.b.c.d/n) or 'any' <sip> : DSCP:(0-63,BE,CS1-CS7,EF or AF11-AF43)or'any',specific/range <dscp> : IPv4 frame fragmented: yes|no|any <fragment> : Source TCP/UDP port:(0-65535) or 'any',specific or port range <sport> NS3552-8P-2S-V2 User Manual...
Page 447 QoS QCL status [combined|static|voice_vlan|conflicts] Parameters: : Shows the combined combined|static|voice_vlan|conflicts: combined status : Shows the static user configured status static : Shows the status by Voice VLAN voice_vlan : Shows all conflict status conflicts (default : Shows the combined status) NS3552-8P-2S-V2 User Manual...
Page 448: Mirror Command
Show mirror configuration. NS3552-8P-2S-V2:/> mirror configuration Mirror Port Description: Set or show the mirror port. Syntax: Mirror Port [<port>|disable] Parameters: <port>|disable: Mirror port or 'disable', default: Show port Default Setting: disable Example: Set port 2 for the mirror port. NS3552-8P-2S-V2 User Manual...
Page 449: Configuration Command
<file_name>: Configuration file name Configuration Load Description: Load configuration from TFTP server. Syntax: Config Load <ip_server> <file_name> [check] Parameters: <ip_server>: TFTP server IP address (a.b.c.d) <file_name>: Configuration file name : Check configuration file only, default: Check and apply file check NS3552-8P-2S-V2 User Manual...
Page 450: Firmware Command
Display information about active and alternate firmware images. Syntax: Firmware Information Firmware Swap Description: Activate the alternate firmware image.. Syntax: Firmware Swap UPnP Command UPnP Configuration Description: Show UPnP configuration. Syntax: UPnP Configuration Example: Show UPnP configuration. NS3552-8P-2S-V2:/> upnp configuration NS3552-8P-2S-V2 User Manual...
Page 451 Set the value 10 for TTL value of the IP header in SSDP messages. NS3552-8P-2S-V2:/> upnp ttl 10 UPnP Advertising Duration Description: Set or show UPnP Advertising Duration. Syntax: UPnP Advertising Duration [<duration>] Parameters: <duration>: duration range (100..86400), default: Show UPnP duration range Default Setting: NS3552-8P-2S-V2 User Manual...
Page 452: Mvr Command
Disabled Receive Disabled Disabled Receive Disabled MVR Mode Description: Set or show the MVR mode. Syntax: MVR Mode [enable|disable] Parameters: : Enable MVR mode enable : Disable MVR mode disable (default: Show MVR mode) Default Setting: disable NS3552-8P-2S-V2 User Manual...
Page 453 : Port list or 'all', default: All ports <port_list> : MVR source port source receiver : MVR receiver port inactive : Disable MVR (default: Show MVR port role) MVR VLAN LLQI Description: Set or show per MVR VLAN LLQI (Last Listener Query Interval). NS3552-8P-2S-V2 User Manual...
Page 454 : Untagged IGMP/MLD frames will be sent MVR Immediate Leave Description: Set or show MVR immediate leave per port. Syntax: MVR Immediate Leave [<port_list>] [enable|disable] Parameters: <<port_list>: Port list or 'all', default: All ports : Enable Immediate Leave enable NS3552-8P-2S-V2 User Manual...
Page 455: Voice Vlan Command
<port_list>: Port list or 'all', default: All ports Voice VLAN Command Voice VLAN Configuration Description: Show Voice VLAN configuration. Syntax: Voice VLAN Configuration Example: Show Voice VLAN configuration. NS3552-8P-2S-V2:/> voice vlan configuration V oice VLAN Configuration: ========================= Voice VLAN Mode : Disabled NS3552-8P-2S-V2 User Manual...
Page 456 It can avoid the conflict of ingress filter. Syntax: Voice VLAN Mode [enable|disable] Parameters: enable : Enable Voice VLAN mode. disable: Disable Voice VLAN mode (default: Show flow Voice VLAN mode) Default Setting: disable Example: Enable the Voice VLAN mode. NS3552-8P-2S-V2 User Manual...
Page 457 Voice VLAN Traffic Class Description: Set or show Voice VLAN ID. Syntax: Voice VLAN Traffic Class [<class>] Parameters: <class>: Traffic class (0-7) Default Setting: Example: Set 4 traffic class for voice VLAN NS3552-8P-2S-V2:/> voice vlan traffic class4 NS3552-8P-2S-V2 User Manual...
Page 458 Clear Voice VLAN OUI entry. NS3552-8P-2S-V2:/> voice vlan oui clear Voice VLAN OUI Lookup Description: Clear Voice VLAN OUI entry. Modify OUI table will restart auto detect OUI process. Syntax: Voice VLAN OUI Clear Example: Lookup Voice VLAN OUI entry. NS3552-8P-2S-V2 User Manual...
Page 459 Set or show the Voice VLAN port discovery protocol mode. It only works when auto detect mode is enabled. The LLDP feature should be enabled before configuring discovery protocol to 'LLDP' or 'Both'. Change the discovery protocol to 'OUI' or 'LLDP' to restart the auto detect process. NS3552-8P-2S-V2 User Manual...
Page 460: Ethernet Ring Protection Switching Command
<east_port> : protection group Port 0 <west_port> : protection group Port 1, Port 1 can be 0 for sub-rings [major|sub] : ring type i.e major-ring or sub-ring [interconnected] : interconnection node or not [[virtual_channel] : Virtual channel present or not NS3552-8P-2S-V2 User Manual...
Page 461 Disassociating a given vlan to a protection group <vid> : protected vlan to be deleted <group-id> : protection group-id for which vid belongs to. Syntax: Erps vlan delete <vid> <group-id> Parameters: : VLAN ID (1-4095) <vid> <group-id>: protection group id 1 - 64 NS3552-8P-2S-V2 User Manual...
Page 462 <group-id>: protection group id 1 - 64 ERPS RPL Neighbour Clear Description: make this node as non-neighbour for a protection group <group-id> : protection group id for selecting RPL Block. Syntax: Erps rpl neighbour clear <group-id> Parameters: NS3552-8P-2S-V2 User Manual...
Page 463 1 to 12 minutes <wtr_timeout> : configuring wtr timeout <group-id> : protection group id for configuring wtr time. Syntax: Erps wtr-timeout <wtr_timeout> <group-id> Parameters: NS3552-8P-2S-V2 User Manual...
Page 464: Loop Protect Command
: for clearing R-APS statistics. Syntax: Erps configuration [<group-id>] [statistics|clear] Parameters: : protection group id 1 - 64 <group-id> statistics|clear: ERPS statistics Loop Protect Command Loop Protect Configuration Description: Show Loop Protection configuration. Syntax: Loop Protect Configuration NS3552-8P-2S-V2 User Manual...
Page 465 <port_list>: Port list or 'all', default: All ports Loop Protect Port Mode Description: Set or show the Loop Protection port mode. Syntax: Loop Protect Port Mode [<port_list>] [enable|disable] Parameters: <port_list>: Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 466: Ipmc Command
Loop Protect Status [<port_list>] Parameters: <port_list>: Port list or 'all', default: All ports IPMC Command IPMC Configuration Description: Show IPMC snooping configuration. Syntax: IPMC Configuration [mld|igmp] Parameters: mld|igmp: mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP NS3552-8P-2S-V2 User Manual...
Page 467 Set or show the mode of IPMC Leave Proxy. Syntax: IPMC Leave Proxy [mld|igmp] [enable|disable] Parameters: mld|igmp: mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP enable : Enable IPMC Leave Proxy disable: Disable IPMC Leave Proxy NS3552-8P-2S-V2 User Manual...
Page 468 <prefix> : IPv4/IPv6 multicast group address, accordingly <mask_len>: Mask length for IPv4(4 ~ 32)/IPv6(8 ~ 128) ssm range, accordingly IPMC VLAN Add Description: Add the IPMC snooping VLAN interface. Syntax: IPMC VLAN Add [mld|igmp] <vid> Parameters: mld|igmp: mld : IPMC for IPv6 MLD NS3552-8P-2S-V2 User Manual...
Page 469 IPMC Querier [mld|igmp] [<vid>] [enable|disable] Parameters: mld|igmp: mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP <vid> : VLAN ID (1-4095) or 'any', default: Show all VLANs enable : Enable MLD querier disable: Disable MLD querier Default Setting: disable NS3552-8P-2S-V2 User Manual...
Page 470 (default: Show IPMC fast leave mode) Default Setting: disable Example: Enable IGMP fast leave for all port NS3552-8P-2S-V2:/> ipmc fastleave igmp 1-10 enable IPMC Throttling Description: Set or show the IPMC port throttling status. Syntax: IPMC Throttling [mld|igmp] [<port_list>] [limit_group_number] NS3552-8P-2S-V2 User Manual...
Page 471 <port_list>: Port list or 'all', default: All ports enable : Enable IPMC router port disable : Disable IPMC router port (default: Show IPMC router port mode) Example: Enable port 1 in IPMC router port NS3552-8P-2S-V2:/> ipmc riuter igmp 1 enable NS3552-8P-2S-V2 User Manual...
Page 472 IPMC for IPv4 IGMP <vid> : VLAN ID (1-4095) or 'any', default: Show all VLANs Example: Show VLAN 1 IPMC Versions. NS3552-8P-2S-V2:/> ipmc version igmp 1 IPMC SFM Description: Show SFM (including SSM) related information for IPMC. NS3552-8P-2S-V2 User Manual...
Page 473 (default: Show IPMC Interface Query Interval IPMC Parameter QRI Description: Set or show the IPMC Query Response Interval. Syntax: IPMC Parameter QRI [mld|igmp] [<vid>] [ipmc_param_qri] Parameters: mld|igmp mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP NS3552-8P-2S-V2 User Manual...
Page 474: Vlan Control List Command
: Default Value (1) 0~31744 : Unsolicited Report Interval in seconds (default: Show IPMC Interface Unsolicited Report Interval) VLAN Control List Command VCL MAC-based VLAN Configuration Description: Show VCL MAC-based VLAN configuration. Syntax: VCL Macvlan Configuration NS3552-8P-2S-V2 User Manual...
Page 475 Add VCL protocol-based VLAN Ethernet-II protocol to group mapping. Syntax: VCL ProtoVlan Protocol Add Eth2 <ether_type>|arp|ip|ipx|at <group_id> Parameters: <ether_type>|arp|ip|ipx|at: Ether Type (0x0600 - 0xFFFF) : Protocol group ID <group_id> VCL Protocol-based VLAN Add SNAP Description: Add VCL protocol-based VLAN SNAP protocol to group mapping. Syntax: NS3552-8P-2S-V2 User Manual...
Page 476 : PID value (0x0-0xFFFF). If OUI is 00-00-00, valid range of PID <pid> is from 0x0600-0xFFFF. VCL Protocol-based VLAN Delete LLC Description: Delete VCL protocol-based VLAN LLC protocol to group mapping. Syntax: VCL ProtoVlan Protocol Delete Llc <dsap> <ssap> Parameters: <dsap>: DSAP value (0x00-0xFF) <ssap>: SSAP value (0x00-0xFF) NS3552-8P-2S-V2 User Manual...
Page 477 VCL IPVlan Add [<vce_id>] <ip_addr_mask> <vid> [<port_list>] Parameters: : Unique VCE ID (1-128) for each VCL entry <vce_id> <ip_addr_mask>: Source IP address and mask (Format: a.b.c.d/n). : VLAN ID (1-4095) <vid> <port_list> : Port list or 'all', default: All ports NS3552-8P-2S-V2 User Manual...
Page 478: Smtp Command
Disable SMTP Server Description: Set or show SMTP server configure. Syntax: SMTP Server [<server>] [<port>] Parameters: <server>: SMTP server address <port> : SMTP server port Default Setting: disable SMTP Auth Description: Enable or disable SMTP authentication configure. NS3552-8P-2S-V2 User Manual...
Page 479 Set or show SMTP e-mail from configure. Syntax: SMTP Mailfrom [<mailfrom_text>] Parameters: <mailfrom_text>: SMTP E-mail From address Default Setting: Disable SMTP Mail Subject Description: Set or to show SMTP e-mail subject configure. Syntax: SMTP Mailsubject [<mailsubject_text>] Parameters: <mailsubject_text>: SMTP E-mail Subject NS3552-8P-2S-V2 User Manual...
Page 480: Dido Command
: Digital Input/Output 1 (default: Set or show digital input/output first(0)/second(1) select) : System Log : SNMP Trap (default: set or show digital input 0/1 action) enable : Enable digital input0/1 function disable : Disable digital input0/1 function NS3552-8P-2S-V2 User Manual...
Page 481 : power fail : DI1 trigger : DI2 trigger (default: Set or show digital output/fault alarm 0/1 action) enable : Enable digital input0/1 function disable : Disable digital input0/1 function (default: Set or show digital input/output/fault alarm 0/1 status) NS3552-8P-2S-V2 User Manual...
Page 482 : Enable digital input0/1 function disable : Disable digital input0/1 function (default: Set or show digital input/output/fault alarm 0/1 status) DIDO Fault Act Description: Set or show the system fault alarm action. Syntax: DIDO Fault_act [port|power] [enable|disable] NS3552-8P-2S-V2 User Manual...
Page 483 : DC power 1 : DC power 2 (default: Set or show digital output/fault alarm 0/1 power_fail) enable : Enable digital input0/1 function disable : Disable digital input0/1 function (default: Set or show digital input/output/fault alarm 0/1 status) NS3552-8P-2S-V2 User Manual...
Page 484: Show Command
Show ARP inspection configuration. Syntax: Show arp Show Auth Description: Show Auth configuration. Syntax: Show auth Show DHCP Relay Description: Show DHCP relay configuration. Syntax: Show DHCP relay Show EEE Description: Show EEE configuration. Syntax: Show EEE NS3552-8P-2S-V2 User Manual...
Page 485 Description: Show LACP configuration. Syntax: Show lacp Show Limit Control Description: Show Limit Control configuration. Syntax: Show limit control Show LLDP Description: Show LLDP configuration. Syntax: Show lldp Show LLDP-MED Description: Show LLDP-MED configuration. Syntax: Show LLDPMED NS3552-8P-2S-V2 User Manual...
Page 486 Show mirror Show MVR Description: Show MVR configuration. Syntax: Show MVR Show PoE Description: Show PoE configuration. Syntax: Show PoE Show Port Description: Show port configuration. Syntax: Show port Show Privilege Description: Show privilege configuration. Syntax: Show privilege NS3552-8P-2S-V2 User Manual...
Page 487 Show SSH Description: Show SSH configuration. Syntax: Show ssh Show System Description: Show system configuration. Syntax: Show system Show Timezone Description: Show System Timezone configuration. Syntax: Show timezone Show UPnP Description: Show UPnP configuration. Syntax: Show upnp NS3552-8P-2S-V2 User Manual...
Page 488 Show vlan Show Voice VLAN Description: Show Voice VLAN configuration. Syntax: Show voice vlan Show Firmware Description: Display information about active and alternate firmware images. Syntax: Show firmware Show STP Description: Show STP Port configuration. Syntax: Show STP NS3552-8P-2S-V2 User Manual...
Page 489: Switch Operation
Store-and-forward Store-and-Forward is a packet-forwarding technique. A Store-and-Forward switch stores the incoming frame in an internal buffer and completes error checking before NS3552-8P-2S-V2 User Manual...
Page 490: Auto-Negotiation
Both the 10BASE-T and 100BASE-TX devices can connect with the port in either half- or full- duplex mode. 1000BASE-T can be only connected in full-duplex mode. NS3552-8P-2S-V2 User Manual...
Page 491 2. If the cord is inserted correctly, replace the power cord. 3. Check that the AC power source is working by connecting a different device in place of the switch. If that device does not work, check the AC power NS3552-8P-2S-V2 User Manual...
Page 492 To reset the IP address to the default IP address “192.168.0.100” or reset the password to default value, press the hardware reset button at the front panel for approximately 10 seconds. After the device is rebooted, you can log in to the management web interface within the same subnet of 192.168.0.xx. NS3552-8P-2S-V2 User Manual...
Page 493 Dependent Interface Cross) detection. This makes it possible to directly connect the industrial managed switch to any Ethernet device without making a crossover cable. The following table and diagram show the standard RJ45 receptacle/ connector and their pin assignments. NS3552-8P-2S-V2 User Manual...
Page 494 7 = White / Brown 7 = White / Brown SIDE 2 8 = Brown 8 = Brown Ensure that connected cables are with the same pin assignment and color as the above diagram before deploying the cables into the network. NS3552-8P-2S-V2 User Manual...
Page 495 ACL can generally be configured to control inbound traffic, and in this context, they are similar to firewalls. NS3552-8P-2S-V2 User Manual...
Page 496 ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known. Before using IP, the host sends a broadcast ARP request containing the Internet address of the desired destination system. NS3552-8P-2S-V2 User Manual...
Page 497 IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address. NS3552-8P-2S-V2 User Manual...
Page 498 0 and 255. DSCP Differentiated Services Code Point. It is a field in the header of IP packets for packet classification purposes. Energy Efficient Ethernet as defined in IEEE 802.3az. Ethernet Protection Switching as defined in ITU/T G.8031. NS3552-8P-2S-V2 User Manual...
Page 499 An HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a remote host (port 80 by default). An HTTP server listening on that port waits for the client to send a request message. NS3552-8P-2S-V2 User Manual...
Page 500 To remove your messages from the server, use the mail client to generate local folders, copy messages to the local hard drive, and then delete and expunge the messages from the server. NS3552-8P-2S-V2 User Manual...
Page 501 LLDP-MED is an extendsion of IEEE 802.1ab and is defined by the telecommunication industry association (TIA-1057). LOC is an acronym for Loss Of Connectivity and is detected by a MEP and indicates lost connectivity in the network. Can be used as a switch criteria by EPS. NS3552-8P-2S-V2 User Manual...
Page 502 NAS, and the NAS connects to another resource asking whether the client's supplied credentials are valid. Based on the answer, the NAS then allows or disallows access to the protected resource. An example of a NAS implementation is IEEE 802.1X. NS3552-8P-2S-V2 User Manual...
Page 503 Powered Device. In a PoE> system the power is delivered from a PSE ( power sourcing equipment ) to a remote device. The remote device is called a PD. Physical Interface Transceiver. It is the device that implements the Ethernet physical layer (IEEE-802.3). NS3552-8P-2S-V2 User Manual...
Page 504 QCE ID. There are six QCE frame types: Ethernet Type, VLAN, UDP/TCP Port, DSCP, TOS, and Tag Priority. Frames can be classified by one of four different QoS classes: "Low", "Normal," "Medium," and "High" for individual application. NS3552-8P-2S-V2 User Manual...
Page 505 STP: the Rapid Spanning Tree Protocol, which provides for faster spanning tree convergence after a topology change. Standard IEEE 802.1D-2004 now incorporates RSTP and obsoletes STP, while at the same time being backwards- compatible with STP. NS3552-8P-2S-V2 User Manual...
Page 506 SPROUT also calculates parameters for setting up each switch to perform the shortest path forwarding within the stack. NS3552-8P-2S-V2 User Manual...
Page 507 IP manages and for reassembling the packets back into the complete message at the other end. Common network applications that use TCP include the World Wide Web (WWW), email, and File Transfer Protocol (FTP). NS3552-8P-2S-V2 User Manual...
Page 508 Common network applications that use UDP include the Domain Name System (DNS), streaming media applications such as IPTV, Voice over IP (VoIP), and Trivial File Transfer Protocol (TFTP). NS3552-8P-2S-V2 User Manual...
Page 509 (Wikipedia). Wi-Fi Wireless Fidelity. It is meant to be used generically when referring of any type of 802.11 network, whether 802.11b, 802.11a, dual-band, etc. The term is promulgated by the Wi-Fi Alliance. NS3552-8P-2S-V2 User Manual...
Page 510 Wait To Restore. This is the time a fail on a resource has to be 'not active' before restoration back to this (previously failing) resource. NS3552-8P-2S-V2 User Manual...

Interlogix NS3552-8P-2S-V2 User Manual

Chapter 1 Introduction

Chapter 2 Installation

Chapter 3 Switch Management

Chapter 4 Web Configuration

Chapter 5 Command Line Interface

Chapter 6 Command Line Mode

Chapter 7 Switch Operation

Quick Links

Related Manuals for Interlogix NS3552-8P-2S-V2

Summary of Contents for Interlogix NS3552-8P-2S-V2

Table of Contents