Planet IGSW-2840 User Manual

24-port 10/100mbps + 4 gigabit tp/sfp combo industrial managed switch

Table of Contents

Quick Links

Download this manual

User's Manual of IGSW-2840

User's Manual

IGSW-2840

24-Port 10/100Mbps

+ 4 Gigabit TP/SFP Combo

Industrial Managed Switch

Table of Contents

Chapters

Table of Contents

Summary of Contents for Planet IGSW-2840

Page 1 User’s Manual of IGSW-2840 User’s Manual IGSW-2840 24-Port 10/100Mbps + 4 Gigabit TP/SFP Combo Industrial Managed Switch...
Page 2: Fcc Warning
PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners. Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose.
Page 3 Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately. Revision PLANET 24-Port 10/100Mbps + 4 Gigabit TP/SFP Combo Industrial Managed Switch User's Manual FOR MODEL: IGSW-2840 REVISION: 1.0 (May.2010)
Page 4: Table Of Contents
User’s Manual of IGSW-2840 TABLE OF CONETNTS 1. INTRODUTION ........................24 1.1 Packet Contents ............................24 1.2 Product Description ........................... 24 1.3 How to Use This Manual ..........................26 1.4 Product Features ............................26 1.5 Product Specification ..........................29 2. INSTALLATION ........................31 2.1 Hardware Description ..........................
Page 5 User’s Manual of IGSW-2840 4.1 Main WEB PAGE ............................49 4.2 System ................................. 52 4.2.1 System Information .............................. 53 4.2.2 Switch Information ............................... 54 4.2.3 Bridge Extension Configuration ........................... 55 4.2.4 IP Configuration ..............................56 4.2.5 Jumbo Frames ..............................58 4.2.6 File Management ..............................
Page 6 User’s Manual of IGSW-2840 4.3.3 SNMPv3 ................................99 4.3.3.1 SNMPv3 Engine ID ............................ 99 4.3.3.2 SNMPv3 Remote Engine ID ........................100 4.3.3.3 SNMPv3 Users ............................101 4.3.3.4 SNMPv3 Remote Users .......................... 104 4.3.3.5 SNMPv3 Groups ............................106 4.3.3.6 SNMPv3 View ............................109 4.4 Port Management .............................
Page 7 User’s Manual of IGSW-2840 4.7.2 MSTP................................. 166 4.7.2.1 Configuring Multiple Spanning Trees ....................... 166 4.7.2.2 Displaying Interface Settings for MSTP ....................167 4.7.2.3 MSTP Port Configuration ......................... 168 4.8 VLAN Configuration ..........................170 4.8.1 IEEE 802.1Q VLANs ............................171 4.8.1.1 VLAN Basic Information .......................... 175 4.8.1.2 GVRP Status ............................
Page 8 User’s Manual of IGSW-2840 4.9.3.2 MVR Port Configuration ........................... 223 4.9.3.3 MVR Port Information ..........................225 4.9.3.4 MVR Group Member Configuration ......................226 4.9.3.5 MVR Group IP Information ........................227 4.10 Quality of Service ........................... 228 4.10.1 Priority ................................229 4.10.1.1 Port Priority Configuration ........................
Page 9 User’s Manual of IGSW-2840 4.11.6 AAA Authorization and Accounting ........................263 4.11.6.1 AAA RADIUS Group Settings......................... 264 4.11.6.2 AAA TACACS+ Group Settings ......................264 4.11.6.3 AAA Accounting Settings ........................265 4.11.6.4 AAA Accounting Update ......................... 266 4.11.6.5 AAA Accounting 802.1X Port Settings ....................267 4.11.6.6 AAA Accounting Exec Command Privileges ..................
Page 10 User’s Manual of IGSW-2840 4.11.14.3 Extended ACL ............................311 4.11.14.4 MAC ACL ............................. 313 4.11.14.5 ACL Port Binding..........................316 4.11.15 IP Filter ................................318 4.11.15.1 Web IP Filter ............................318 4.11.15.2 SNMP IP Filter ............................. 319 4.11.15.3 Telnet IP Filter ............................320 4.11.16 DHCP Snooping .............................
Page 11 User’s Manual of IGSW-2840 5.2.12 Command Line Processing ..........................344 5.3 Command Groups ............................ 345 5.4 General Commands ..........................346 enable.................................. 346 disable ................................. 347 configure................................348 show history ................................ 348 reload .................................. 349 prompt ................................. 349 end ..................................350 exit ..................................
Page 12 User’s Manual of IGSW-2840 dir ..................................373 whichboot ................................374 boot system ................................. 375 5.6 Line Commands ............................376 line ..................................376 login ..................................377 password ................................378 timeout login response ............................378 exec-timeout ................................ 379 password-thresh ..............................380 silent-time ................................380 databits ................................
Page 13 User’s Manual of IGSW-2840 clock timezone ..............................397 calendar set ................................. 398 show calendar ..............................398 5.10 Switch Cluster Commands ........................399 cluster .................................. 399 cluster commander .............................. 400 cluster ip-pool ..............................401 cluster member ..............................401 rcommand ................................402 show cluster ................................
Page 14 User’s Manual of IGSW-2840 radius-server key ..............................425 radius-server retransmit............................426 radius-server timeout ............................426 show radius-server .............................. 426 5.12.4 TACACS+ Client .............................. 427 tacacs-server host ............................... 428 tacacs-server port ..............................428 tacacs-server key ..............................429 tacacs-server retransmit ............................429 tacacs-server timeout ............................
Page 15 User’s Manual of IGSW-2840 show ip ssh ................................452 show ssh ................................452 show public-key ..............................453 5.12.9 802.1X Port Authentication ..........................455 dot1x system-auth-control ........................... 455 dot1x default ................................ 456 dot1x max-req ..............................456 dot1x port-control ..............................456 dot1x operation-mode ............................457 dot1x re-authenticate ............................
Page 16 User’s Manual of IGSW-2840 web-auth re-authenticate (IP) ..........................478 show web-auth ..............................478 show web-auth interface............................479 show web-auth summary............................. 480 5.13.4 DHCP Snooping Commands ........................... 480 ip dhcp snooping ..............................481 ip dhcp snooping vlan ............................482 ip dhcp snooping trust ............................483 ip dhcp snooping verify mac-address ........................
Page 17 User’s Manual of IGSW-2840 5.15 Interface Commands ..........................505 interface................................505 description ................................506 speed-duplex ............................... 506 negotiation ................................507 capabilities ................................508 flowcontrol ................................509 shutdown ................................510 broadcast byte-rate ............................. 511 switchport broadcast ............................511 clear counters ..............................512 show interfaces status ............................
Page 18 User’s Manual of IGSW-2840 spanning-tree max-age ............................537 spanning-tree priority ............................537 spanning-tree pathcost method ........................... 538 spanning-tree transmission-limit .......................... 539 spanning-tree mst-configuration .......................... 539 mst vlan ................................540 mst priority ................................540 name ................................... 541 revision ................................542 max-hops ................................542 spanning-tree spanning-disabled.........................
Page 19 User’s Manual of IGSW-2840 5.21.4 Displaying VLAN Information ........................... 565 show vlan ................................565 5.21.5 Configuring IEEE 802.1Q Tunneling ........................ 566 dot1q-tunnel system-tunnel-control ........................567 switchport dot1q-tunnel mode ..........................567 switchport dot1q-tunnel tpid ..........................568 show dot1q-tunnel ............................... 569 5.21.6 Configuring Private VLANs ..........................570 private-vlan ................................
Page 20 User’s Manual of IGSW-2840 lldp basic-tlv management-ip-address ......................... 593 lldp basic-tlv port-description ..........................594 lldp basic-tlv system-capabilities.......................... 595 lldp basic-tlv system-description .......................... 595 lldp basic-tlv system-name ..........................596 lldp dot1-tlv proto-ident ............................596 lldp dot1-tlv proto-vid ............................597 lldp dot1-tlv pvid ..............................597 lldp dot1-tlv vlan-name ............................
Page 21 User’s Manual of IGSW-2840 show map access-list ............................621 5.24 Quality of Service Commands ......................621 class-map ................................622 match................................... 623 policy-map ................................624 class ..................................624 set ..................................625 police ................................... 626 service-policy ............................... 627 show class-map ..............................628 show policy-map ..............................
Page 22 User’s Manual of IGSW-2840 show ip igmp throttle interface ..........................645 5.25.5 Multicast VLAN Registration Commands ......................647 mvr (Global Configuration) ..........................647 mvr (Interface Configuration) ..........................648 show mvr ................................650 5.26 IP Interface Commands ......................... 653 ip address ................................653 ip default-gateway ...............................
Page 23 User’s Manual of IGSW-2840 A.2 10/100Mbps, 10/100Base-TX ........................665 APPENDEX B : GLOSSARY ....................667...
Page 24: Packet Contents
1. INTRODUTION The PLANET Layer 2 Industrial Managed Security Switch – IGSW-2840 is equipped with one 100~240V AC power supply unit and one additional DC 12~48V power supply unit for redundant power supply installation. IGSW-2840 is all multiple ports Fast Ethernet Switched with Gigabit uplink capability and robust layer 2 features;...
Page 25 AC + DC Redundant Power to ensure continuous operation Planet IGSW-2840 is equipped with one 100~240V AC power supply unit and one additional DC 12 ~ 48V power supply unit for redundant power supply installation. A redundant power system is also provided to enhance the reliability with either 100~240V AC power supply unit or DC 12 ~ 48V power supply unit.
Page 26: How To Use This Manual
User’s Manual of IGSW-2840 which encrypt the packet content at each session. 1.3 How to Use This Manual This User Manual is structured as follows: Section 2, INSTALLATION The section explains the functions of the Switch and how to physically install the Industrial Managed Switch.
Page 27 User’s Manual of IGSW-2840  Auto-MDI/MDI-X detection for each RJ-45 port  Prevents packet loss Flow Control: IEEE 802.3x FAUSE Frame flow control for Full-Duplex mode Back-Pressure Flow Control in Half-Duplex mode  High performance of Store-and-Forward architecture, broadcast storm control and runt/CRC filtering eliminate erroneous packets to optimize the network bandwidth ...
Page 28 User’s Manual of IGSW-2840  RADIUS / TACACS+ users access authentication  IP-Based Access Control List (ACL)  MAC-Based Access Control List (ACL)  Port Security Management  Switch Management Interface Console / Telnet Command Line Interface Web switch management...
Page 29: Product Specification
User’s Manual of IGSW-2840 1.5 Product Specification IGSW-2840 Product 24-Port 10/100Mbps + 4 Gigabit TP/SFP Combo Industrial Managed Switch Hardware Specification 10/100Mbps Copper Ports 24 x 10/100Base-TX RJ-45 Auto-MDI/MDI-X ports 1000Mbps Copper Ports 4 x 10/100/1000Mbps RJ-45 Auto-MDI/MDI-X ports 4 x 1000Base-SX/LX/BX, shared with Port-25~28,...
Page 30 User’s Manual of IGSW-2840 Alarm Relay current carry ability: 1A @ DC 24V RFC-1213 MIB-2 RFC-2863 Interface MIB RFC-2665 EtherLike MIB RFC-1493 Bridge MIB SNMP MIBs RFC-2674 Extended Bridge MIB RFC-2819 RMON MIB (Group 1, 2, 3,9) RFC-2737 Entity MIB...
Page 31: Hardware Description
The unit front panel provides a simple interface monitoring the switch. Figure 2-1 shows the front panel of the Industrial Managed Switches. IGSW-2840 Front Panel Figure 2-1 IGSW-2840 Front Panel. ■ Gigabit TP interface 10/100/1000Base-T Copper, RJ-45 Twist-Pair: Up to 100 meters.
Page 32: Led Indications
User’s Manual of IGSW-2840 2.1.2 LED Indications The front panel LEDs indicates instant status of port links, data activity, system operation, and system power, helps monitor and troubleshoot when needed. IGSW-2840 LED indication Figure 2-2 IGSW-2840 LED panel System Color Function Green Lights: To indicate the DC1 has power.
Page 33: Switch Rear Panel
100 to 240V AC, 50-60Hz and 12 to 48V DC. IGSW-2840 Rear Panel Figure 2-3 IGSW-2840 Rear Panel. The device is a power-required device, it means, it will not work till it is powered. If your networks should active all the time, please consider using UPS (Uninterrupted Power Supply) for your device. It will prevent you from network data loss or network downtime.
Page 34: Install The Switch
User’s Manual of IGSW-2840 2.2 Install the Switch This section describes how to install your Industrial Managed Switch and make connections to the Industrial Managed Switch. Please read the following topics and perform the procedures in the order being presented. To install your Industrial Managed Switch on a desktop or shelf, simply complete the following steps.
Page 35: Rack Mounting
User’s Manual of IGSW-2840 2.2.2 Rack Mounting To install the Industrial Managed Switch in a 19-inch standard rack, please follows the instructions described below. Step1: Place the Industrial Managed Switch on a hard flat surface, with the front panel positioned towards the front side.
Page 36: Installing The Sfp Transceiver
Figure 2-7 Plug-in the SFP transceiver Approved PLANET SFP Transceivers PLANET Industrial Managed Switch supports both Single mode and Multi-mode SFP transceiver. The following list of approved PLANET SFP transceivers is correct at the time of publication: ■MGB-SX SFP (1000BASE-SX SFP transceiver ) ■MGB-LX SFP (1000BASE-LX SFP transceiver )
Page 37 User’s Manual of IGSW-2840 Connect the fiber cable Attach the duplex LC connector on the network cable into the SFP transceiver. Connect the other end of the cable to a device – switches with SFP installed, fiber NIC on a workstation or a Media Converter..
Page 38: Wiring The Power Inputs
User’s Manual of IGSW-2840 2.2.4 Wiring the Power Inputs The 6-contact terminal block connector on the rear panel of IGSW-2840 is used for two DC redundant power input. Please follow the steps below to insert the power wire. Insert positive / negative DC power wires into the contacts 1 and 2 for POWER 1, or 5 and 6 for POWER 2.
Page 39: Wiring The Fault Alarm Contact
User’s Manual of IGSW-2840 2.2.5 Wiring the Fault Alarm Contact The fault alarm contacts are in the middle of the terminal block connector as the picture shows below. Inserting the wires, the Industrial Switch will detect the fault status of the power failure. The following illustration shows an application example for wiring the fault alarm contacts.
Page 40: Switch Management
User’s Manual of IGSW-2840 3. SWITCH MANAGEMENT This chapter explains the methods that you can use to configure management access to the Industrial Managed Switch. It describes the types of management applications. The communication and management protocols that deliver data between your management device (work-station or personal computer) and the system.
Page 41: Management Access Overview
User’s Manual of IGSW-2840 3.2 Management Access Overview The Industrial Managed Switch allows you to access and manage it by using any or all of the following methods:  An administration console  Web browser interface  An external SNMP-based network management application The administration console and Web browser interface are embedded in the Industrial Managed Switch software and also available for immediate use.
Page 42: Administration Console
User’s Manual of IGSW-2840 3.3 Administration Console The administration console is an internal, character-oriented, and command line user interface for performing system administration such as displaying statistics or changing option settings. You can view the administration console from a terminal, personal computer, Apple Macintosh, or workstation connected to the switch's console (serial) port.
Page 43 User’s Manual of IGSW-2840 Figure 3-2 Terminal parameter settings You can change these settings, if desired, after you log on. This management method is often preferred because you can remain connected and monitor the system during system reboots. Also, certain error messages are sent to the serial port, regardless of the interface through which the associated action was initiated.
Page 44: Web Management
User’s Manual of IGSW-2840 3.4 Web Management The Industrial Managed Switch provides a browser interface that lets you configure and manage the switch remotely. After you set up your IP address for the switch, you can access the Industrial Managed Switch's Web interface applications directly in your Web browser by entering the IP address of the Industrial Managed Switch.
Page 45: Virtual Terminal Protocols
User’s Manual of IGSW-2840 3.6 Protocols The Industrial Managed Switch supports the following protocols:  Virtual terminal protocols, such as Telnet  Simple Network Management Protocol (SNMP) 3.6.1 Virtual Terminal Protocols A virtual terminal protocol is a software program, such as Telnet, that allows you to establish a management session from a Macintosh, a PC, or a UNIX workstation.
Page 46: Web Configuration
IP subnet address with the Industrial Managed Switch. For example, the default IP address of the IGSW-2840 Industrial Managed Switch is 192.168.0.100, then the manager PC should be set at 192.168.0.x (where x is a range of the number between 1 and 254, except 100), and the default subnet mask is 255.255.255.0.
Page 47 User’s Manual of IGSW-2840  Logging on the switch Use Internet Explorer 6.0 or later version of Web browser. Enter the factory-default IP address to access the Web interface. The factory-default IP Address as following: http://192.168.0.100 When the following login screen appears, please enter the default username "admin" with default password “admin” (or the username/password you have changed via console) to login the main screen of Industrial Managed Switch.
Page 48 User’s Manual of IGSW-2840 After entering the username and password, the main screen appears as Figure 4-1-3. Figure 4-1-3 Default main page Now, you can use the Web management interface to continue the switch management or manage the Industrial Managed Switch by Web interface.
Page 49: Main Web Page
User’s Manual of IGSW-2840 4.1 Main WEB PAGE The IGSW-2840 Industrial Managed Switch provides a Web-based browser interface for configuring and managing it. This interface allows you to access the Industrial Managed Switch using the Web browser of your choice. This chapter describes how to use the Industrial Managed Switch’s Web browser interface to configure and manage it.
Page 50 Main Function. The screen in Figure 4-1-5 appears. Figure 4-1-5 IGSW-2840 Industrial Managed Switch Main Funcrions Menu Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting.
Page 51 User’s Manual of IGSW-2840 The following Main functions can be configured here:  System  SNMP  Port Management  Address Table  Spanning Tree  VLAN  Multicast   Security  Cluster...
Page 52 User’s Manual of IGSW-2840 4.2 System Use the System menu items to display and configure basic administrative details of the Industrial Managed Switch. Under System the following topics are provided to configure and view the system information: This section has the following items: ■...
Page 53: System Information
User’s Manual of IGSW-2840 4.2.1 System Information Use the System Information screen to display descriptive information about the Industrial Managed Switch, or for quick system identification. You can identify the system by displaying the device name, location and contact information easily. The System...
Page 54: Switch Information
User’s Manual of IGSW-2840 4.2.2 Switch Information Use the Switch Information page to display hardware / firmware version, numbers for the main board and management software, as well as the number of ports of the system. The Switch Information screen in Figure 4-2-2 appears.
Page 55 User’s Manual of IGSW-2840 4.2.3 Bridge Extension Configuration The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables or configure the global setting for GARP VLAN Registration Protocol (GVRP).
Page 56 User’s Manual of IGSW-2840 4.2.4 IP Configuration This section describes how to configure an IP interface for management access over the network. The IP address for the stack is obtained via DHCP by default. To configure an address manually, you need to change the Industrial Managed Switch’s default settings to values that are compatible with your network.
Page 57 User’s Manual of IGSW-2840 • Subnet Mask This mask identifies the host address bits used for routing to specific subnets. (Default: 255.255.255.0) • Gateway IP address IP address of the gateway router between this device and management stations that exist on other network segments.
Page 58: Jumbo Frames
User’s Manual of IGSW-2840 4.2.5 Jumbo Frames The Industrial Managed Switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
Page 59 User’s Manual of IGSW-2840 Figure 4-2-6 default Copy Operation screenshot The page includes the following fields: Object Description • File Transfer Method The configuration copy operation includes these options: -file to file – Copies a file within the switch directory, assigning it a new name.
Page 60 User’s Manual of IGSW-2840  Example 1: Save Current Configuration setting To save all applied changes and set the current configuration as startup configuration. The startup-configuration file will be load automatically across a system reboot. Click System  File Management  Copy Operation Select “running-config to startup-config”...
Page 61 User’s Manual of IGSW-2840  Example 2: Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file.
Page 62 User’s Manual of IGSW-2840 • If you download to a new destination file, go to the System  File  Set Start-Up menu, mark the operation code file used at startup, and click Apply. • To start the new firmware, reboot the system via the System  Reset menu.
Page 63 User’s Manual of IGSW-2840  Example 4: Saving or Restoring Configuration Settings You can upload/download configuration settings to/from a TFTP server. The configuration files can be later downloaded to restore the Industrial Managed Switch’s settings. Click System  File Management  Copy Operation.
Page 64 User’s Manual of IGSW-2840 4.2.6.2 Delete To delete a file, select the file name from the given list by checking the tick box and then click Apply. The File Delete screen in Figure 4-2-13 appears. Click System  File Management  Delete.
Page 65 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Name The name of a file stored on the switch. • Type Indicates either an operation code file, or a configuration file. • Startup Shows if this file is used when the system is started.
Page 66 User’s Manual of IGSW-2840 4.2.7 Line You can access the onboard configuration program by attaching a VT100 compatible device to the Industrial Managed Switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings.
Page 67 User’s Manual of IGSW-2840 Range: 0-65535 seconds; Default: 600 seconds • Password Threshold Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt.
Page 68 User’s Manual of IGSW-2840 4.2.7.2 Telnet Settings You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled / disabled and other various parameters set, including the TCP port number, timeouts, and a password.
Page 69 User’s Manual of IGSW-2840 4.2.8 Log The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages. This section has the following options: ■...
Page 70 User’s Manual of IGSW-2840 Figure 4-2-17 System Logs screenshot Click System  Log  System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash memory, then click Apply. The page includes the following fields:...
Page 71 User’s Manual of IGSW-2840 4.2.8.2 Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the event messages sent to only those messages below a specified level.
Page 72 User’s Manual of IGSW-2840 Range: 16-23, Default: 23 • Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be sent to the remote server.
Page 73 User’s Manual of IGSW-2840 4.2.8.4 SMTP E-Mail Alert To alert system administrators of problems, the Industrial Managed Switch can use SMTP (Simple Mail Transfer Protocol) to send email messages when triggered by logging events of a specified level. The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients.
Page 74 User’s Manual of IGSW-2840 For example, using Level 7 will report all events from level 7 to level 0. (Default: Level 7) • SMTP Server List Specifies a list of up to three recipient SMTP servers. The Industrial Managed Switch attempts to connect to the other listed servers if the first fails.
Page 75 User’s Manual of IGSW-2840 4.2.9 UPNP Universal Plug and Play (UPnP) is a set of protocols that allows devices to connect seamlessly and simplifies the deployment of home and office networks. UPnP achieves this by issuing UPnP device control protocols designed upon open, Internet-based communication standards.
Page 76 User’s Manual of IGSW-2840 4.2.10 Reset Reset the Industrial Managed Switch. The Industrial Managed Switch’s configuration will not be saved automatically; you have to save the configuration manually before system reboot. Click System  Reset. Click the Reset button to reboot the Industrial Managed Switch.
Page 77 User’s Manual of IGSW-2840 4.2.11 SNTP Simple Network Time Protocol (SNTP) allows the Industrial Managed Switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the Industrial Managed Switch enables the system log to record meaningful dates and times for event entries.
Page 78 User’s Manual of IGSW-2840 4.2.11.2 Clock Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth's prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
Page 79 User’s Manual of IGSW-2840 4.2.12 LLDP Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details...
Page 80 User’s Manual of IGSW-2840 Range: 5-32768seconds; Default: 30 seconds This attribute must comply with the following rule: (Transmission Interval * Hold Time Multiplier) ≤65536, and Transmission Interval >= (4 * Delay Interval) • Hold Time Multiplier Configures the time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below.
Page 81 User’s Manual of IGSW-2840 Range: 5-3600 seconds; Default: 5 seconds This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management. Information about changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only state changes that exist at the time of a notification are included in the transmission.
Page 82 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Admin Status Enables LLDP message transmit and receive modes for LLDP Protocol Data Units.  Options:  Tx only  Rx only  TxRx  Disabled Default: TxRx •...
Page 83 User’s Manual of IGSW-2840 MIB. Since there are typically a number of different addresses associated with a Layer 3 device, an individual LLDP PDU may contain more than one management address TLV. Every management address TLV that reports an address that is accessible on a...
Page 84 User’s Manual of IGSW-2840 4.2.12.3 LLDP Trunk Configuration Use the LLDP Trunk Configuration to specify the message attributes for individual interfaces, including whether messages are transmitted, received, or both transmitted and received, whether SNMP notifications are sent, and the type of information advertised.
Page 85 User’s Manual of IGSW-2840 notification-events missed due to throttling or transmission loss. • TLV Type Configures the information included in the TLV field of advertised messages. -Port Description – The port description is taken from the ifDescr object in RFC 2863, which includes information about the manufacturer, the product name, and the version of the interface hardware/software.
Page 86 User’s Manual of IGSW-2840 information, aiding in the discovery and diagnosis of VLAN configuration mismatches on a port. Improper network policy configurations frequently result in voice quality degradation or complete service disruption. -Location – This option advertises location identification details.
Page 87 User’s Manual of IGSW-2840 4.2.12.4 LLDP Local Device Information Use the LLDP Local Device Information screen to display information about the switch, such as its MAC Address, Chassis ID, Management IP Address, and Port Information. Figure 4-2-30 LLDP Local Device Information screenshot...
Page 88 User’s Manual of IGSW-2840 system command. • System Capabilities The capabilities that define the primary function(s) of the system. Supported • System Capabilities The primary function(s) of the system which are currently enabled. Refer to the Enabled preceding table. • Management Address The management address protocol packet includes the IPv4 address of the switch.
Page 89 User’s Manual of IGSW-2840 Figure 4-2-31 Interface Settings screenshot The page includes the following fields: Object Description • Port Description A string that indicates the port’s description. If RFC 2863 is implemented, the ifDescr object should be used for this field.
Page 90 User’s Manual of IGSW-2840 system. • Port ID A string that contains the specific identifier for the port from which this LLDPDU was transmitted. • Port Name A string that indicates the port’s description. If RFC 2863 is implemented, the ifDescr object should be used for this field.
Page 91 User’s Manual of IGSW-2840 (See Table 4-2-1, “Chassis ID Subtype,) • Chassis ID An octet string indicating the specific identifier for the particular chassis in this system. • Port Type Indicates the basis for the identifier that is listed in the Port ID field.
Page 92 User’s Manual of IGSW-2840 4.2.12.7 LLDP Device Statistics Use the LLDP Device Statistics screen to general statistics for LLDP-capable devices attached to the switch, and for LLDP protocol messages transmitted or received on all local interfaces. Figure 4-2-34 LLDP Device Statistics screenshot...
Page 93 User’s Manual of IGSW-2840 4.2.12.8 LLDP Device Statistics Details Use the LLDP Device Statistics Details screen to display detailed statistics for LLDP-capable devices attached to specific interfaces on the Industrial Managed Switch. Figure 4-2-35 LLDP Device Statistics Details screenshot The page includes the following fields:...
Page 94: Simple Network Management Protocol
User’s Manual of IGSW-2840 4.3 Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
Page 95: Snmp Configuration
User’s Manual of IGSW-2840 AuthPriv user defined user defined user defined user defined Provides user authentication via MD5 or SHA algorithms and data privacy using DES 56-bit encryption The predefined default groups and view can be deleted from the system. You can then define customized groups and views for the SNMP clients that require access.
Page 96 User’s Manual of IGSW-2840 Figure 4-3-2 SNMP Configuration screenshot Click SNMP  Configuration. Add new community strings as required, select the access rights from the Access Mode drop-down list, then click Add. The page includes the following fields: Object Description •...
Page 97 User’s Manual of IGSW-2840 If you specify an SNMP Version 3 host, then the “Trap Manager Community String” is interpreted as an SNMP user name. If you use V3 authentication or encryption options (authNoPriv or authPriv), the user name must first be defined in the SNMPv3 Users page.
Page 98 User’s Manual of IGSW-2840 Click SNMP  Configuration. Enter the IP address and community string for each management station that will receive trap messages, specify the UDP port, trap version, trap security level (for v3 clients), trap inform settings (for v2c/v3 clients), and then click Add.
Page 99 User’s Manual of IGSW-2840 Retry The maximum number of times to resend an inform times –receipt. message if the recipient does not acknowledge. Range: 0-255; Default: 3 • Enable Authentication Issues a notification message to specified IP trap managers whenever an invalid Traps community string is submitted during the SNMP access authentication process.
Page 100 User’s Manual of IGSW-2840 Figure 4-3-4 SNMPv3 Engine ID screenshot The page includes the following fields: Object Description • Engine ID A SNMPv3 engine is an independent SNMP agent that resides on the Industrial Managed Switch • Default Sets the default •...
Page 101 User’s Manual of IGSW-2840 4.3.3.3 SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group. The SNMPv3 group restricts users to a specific read, write, and notify view.
Page 102 User’s Manual of IGSW-2840  Add / Remote SNMPv3 new users   Click SNMP SNMPv3 Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list.
Page 103 User’s Manual of IGSW-2840 (This is the default for SNMPv3.) -AuthNoPriv SNMP communications use authentication, but the data is not encrypted (only available for the SNMPv3 security model). -AuthPriv SNMP communications use both authentication and encryption (only available for the SNMPv3 security model).
Page 104 User’s Manual of IGSW-2840 Once the new SNMPv3 user be successed add and be assign to a snmp group, this entry will shows in the users table. Figure 4-3-9 SNMPv3 Users screenshot 4.3.3.4 SNMPv3 Remote Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group.
Page 105 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • User Name The name of user connecting to the SNMP agent. (Range: 1-32 characters) • Group Name The name of the SNMP group to which the user is assigned.
Page 106 User’s Manual of IGSW-2840 4.3.3.5 SNMPv3 Groups A SNMPv3 group sets the access policy for its assigned users, restricting them to specific read, write, and notify views. You can use the pre-defined default groups or create new groups to map a set of SNMP users to SNMP views.
Page 107 User’s Manual of IGSW-2840 • Notify View The configured view for notifications. (Range: 1-64 characters)  EXAMPLE: Add a new SNMPv3 Group In the New Group page, define a name, assign a security model and level, and then select read and write views. Click Add to save the new group and return to the Groups list.
Page 108 User’s Manual of IGSW-2840 SNMPv2 Traps coldStart 1.3.6.1.6.3.1.1.5.1 A coldStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered. warmStart 1.3.6.1.6.3.1.1.5.2 A warmStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializingitself such that its configuration is unaltered.
Page 109 User’s Manual of IGSW-2840 4.3.3.6 SNMPv3 View SNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined view “defaultview” includes access to the entire MIB tree. Figure 4-3-13 SNMPv3 Views screenshot The page includes the following fields:...
Page 110 User’s Manual of IGSW-2840 Figure 4-3-14 SNMPv3 View--Edit screenshot...
Page 111: Port Management
User’s Manual of IGSW-2840 4.4 Port Management Use the Port Menu to display or configure the Industrial Managed Switch's ports. This section has the following items:  Port Information Displays port connection status  Port Configuration Configures port connection settings ...
Page 112 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Name Interface label. • Type Indicates the port type. The possible type such as: 100BASE-TX 1000BASE-T 1000BASE-SFP • Admin Status Shows if the interface is enabled or disabled.
Page 113: Port Configuration
User’s Manual of IGSW-2840 4.4.2 Port Configuration You can use the Port Configuration page to Enable / Disable an interface, set Auto-Negotiation and the interface capabilities to advertise, or manually fix the speed, Duplex mode, and Flow Control. Figure 4-4-2 Port Configuration screenshot...
Page 114 User’s Manual of IGSW-2840 • Flow Control Allows automatic or manual selection of flow control (that is, with auto-negotiation disabled). Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, backpressure is used for half-duplex operation and IEEE 802.3-2005 (formally...
Page 115: Port Broadcast Control
User’s Manual of IGSW-2840 4.4.3 Port Broadcast Control Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
Page 116 User’s Manual of IGSW-2840 Scale and 5 under Level. Scale Range: 1, 10, 100, 1000 Kbytes per second; Default: 1000 Kbytes per second. Level Range: 1-127; Default: 5 • Port Port number. • Trunk Shows if a port is a trunk member.
Page 117: Port Mirroring
User’s Manual of IGSW-2840 4.4.4 Port Mirroring The Industrial Managed Switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Page 118 User’s Manual of IGSW-2840 Figure 4-4-5 Mirror Port Configuration page screenshot The page includes the following fields: Object Description • Mirror Sessions Displays a list of current mirror sessions. • Source Port The port whose traffic will be monitored. Range- IGSW-2840: 1-28 •...
Page 119 User’s Manual of IGSW-2840 Figure 4-4-7 Mirror Port Configuration screenshot...
Page 120: Rate Limit
User’s Manual of IGSW-2840 4.4.5 Rate Limit This function allows the network manager to control the maximum rate for traffic received on a port or transmitted from a port. Rate limiting is configured on ports at the edge of a network to limit traffic coming in and out of the network. Packets that exceed the acceptable amount of traffic are dropped.
Page 121 User’s Manual of IGSW-2840 4.4.5.2 Output Rate Limit Port Configuration Use the rate limit configuration pages to apply output rate limiting. Figure 4-4-9 Output Rate Limit Port Configuration screenshot Click Port  Rate Limit  Output Port Configuration. Enable the Rate Limit Status for the required interfaces, set the Rate Limit Scale and Rate Limit Level, and click Apply.
Page 122: Port Statistics
User’s Manual of IGSW-2840 4.4.6 Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.
Page 123 User’s Manual of IGSW-2840 Figure 4-4-11 Port Statistics screenshot RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as HP OpenView. The page includes the following fields: Object Description • Received Octets The total number of octetts received on the interface, including framing characters.
Page 124 User’s Manual of IGSW-2840 • Received Errors The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. • Transmit Octets The total number of octets transmitted out of the interface, including framing characters.
Page 125 User’s Manual of IGSW-2840 reason for discarding such a packet could be to free up buffer space. Transmit Errors The number of outbound packets that could not be transmitted because of errors. Etherlike Statistics Alignment Errors The number of alignment errors (missynchronized data packets).
Page 126 User’s Manual of IGSW-2840 Broadcast Frames The total number of good frames received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Frames The total number of good frames received that were directed to this multicast address.
Page 127: Link Aggregation
User’s Manual of IGSW-2840 4.5 Link Aggregation Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE 802.3-2005 (formerly IEEE 802.3ad) Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail.
Page 128: Trunk Configuration
User’s Manual of IGSW-2840 • The ports at both ends of a connection must be configured as trunk ports. • When configuring static trunks on switches of different types, they must be compatible with the Cisco EtherChannel standard. • The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
Page 129 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Trunk Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups” • Name Allows you to label an interface.
Page 130: Trunk Broadcast Control
User’s Manual of IGSW-2840 4.5.3 Trunk Broadcast Control Use the Trunk Broadcast Control page to configure the Broad storm control in the Port Trunk interface. Figure 4-5-3 Trunk Broadcast Control screenshot The page includes the following fields: Object Description • Threshold Multiplied by one another, the scale and level set the broadcast threshold.
Page 131: Trunk Membership
User’s Manual of IGSW-2840 4.5.4 Trunk Membership When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer's implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
Page 132 User’s Manual of IGSW-2840 Figure 4-5-5 Trunk Membership screenshot Click Port  Trunk Membership. Enter a trunk ID of 1-12 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply.
Page 133 User’s Manual of IGSW-2840 Figure 4-5-7 Trunk Membership screenshot Figure 4-5-8 Trunk Membership screenshot 4.5.5 LACP Dynamic Link Aggregation Control Protocol (LACP) configured ports can automatically negotiate a trunked link with LACP-configured ports on another device. You can configure any number of ports on the switch as LACP, as long as they are not already configured as part of a static trunk.
Page 134 User’s Manual of IGSW-2840 • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID.
Page 135 User’s Manual of IGSW-2840 4.5.5.1 LACP Configuration Select any of the switch ports from the list and click Add or Remove. Figure 4-5-11 LACP Configuration screenshot Click Port  LACP  Configuration. Select any of the switch ports from the scroll-down port list and click Add.
Page 136 User’s Manual of IGSW-2840 Figure 4-5-12 LACP Configuration screenshot Figure 4-5-13 LACP Configuration screenshot 4.5.5.2 LACP Aggregation Port Dynamically Creating a Port Channel • Ports assigned to a common port channel must meet the following criteria: • Ports must have the same LACP System Priority.
Page 137 User’s Manual of IGSW-2840 Figure 4-5-14 Aggregation Port screenshot Figure 4-5-15 Aggregation Port screenshot Click Port  LACP  Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.)
Page 138 User’s Manual of IGSW-2840 The page includes the following fields:  Set Port Actor - This menu sets the local side of an aggregate link; i.e., the ports on this switch. Object Description • Port Port number. IGSW-2840 Range: 1-28) •...
Page 139 User’s Manual of IGSW-2840 4.5.5.3 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Figure 4-5-16 LACP Port Counter Information screenshot The page includes the following fields: Object Description • LACPDUs Sent Number of valid LACPDUs transmitted from this channel group.
Page 140 User’s Manual of IGSW-2840 4.5.5.4 Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of a link aggregation. Figure 4-5-17 LACP Port Internal Information screenshot The page includes the following fields:...
Page 141 User’s Manual of IGSW-2840 collectionis currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information. • Synchronization – The System considers this link to be IN_SYNC; i.e., it has...
Page 142 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Partner Admin System ID LAG partner’s system ID assigned by the user. Partner Oper System ID LAG partner’s system ID assigned by the LACP protocol. Partner Admin Port Current administrative value of the port number for the protocol Partner.
Page 143: Address Table
User’s Manual of IGSW-2840 4.6 Address Table Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 144: Dynamic Addresses
User’s Manual of IGSW-2840 • Interface Port or trunk associated with the device assigned a static address. • MAC Address Physical address of a device mapped to this interface. • VLAN ID of configured VLAN (1-4094).  Static MAC Address example: Figure 4-6-2 Static Addresses screenshot 4.6.2 Dynamic Addresses...
Page 145 User’s Manual of IGSW-2840 Figure 4-6-3 Dynamic Addresses screenshot Click Address Table  Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query.
Page 146: Address Aging
User’s Manual of IGSW-2840 4.6.3 Address Aging You can set the aging time for entries in the Dynamic Address Table. Figure 4-6-4 Dynamic Addresses screenshot The page includes the following fields: Object Description • Aging Status Enables/disables the function. • Aging Time The time after which a learned entry is discarded.
Page 147: Spanning Tree
User’s Manual of IGSW-2840 4.7 Spanning Tree Spanning Tree Protocol The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
Page 148 User’s Manual of IGSW-2840 designed to support independent spanning trees based on VLAN groups. Using multiple spanning trees can provide multiple forwarding paths and enable load balancing. One or more VLANs can be grouped into a Multiple Spanning Tree Instance (MSTI).
Page 149 User’s Manual of IGSW-2840 The IEEE 802.1D Spanning Tree Protocol and IEEE 802.1W Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network. When multiple links between switches are detected, a primary link is established.
Page 150 User’s Manual of IGSW-2840 Creating a Stable STP Topology It is to make the root port a fastest link. If all switches have STP enabled with default settings, the switch with the lowest MAC address in the network will become the root switch. By increasing the priority (lowering the priority number) of the best switch, STP can be forced to select the best switch as the root switch.
Page 151 User’s Manual of IGSW-2840 Switch Blocking Listening Disable Learning Forwarding STP Port State Transitions You can modify each port state by using management software. When you enable STP, every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up. If properly configured, each port stabilizes to the forwarding or blocking state.
Page 152 User’s Manual of IGSW-2840 Priority A relative priority for each switch – lower 32768 numbers give a higher priority and a greater chance of a given switch being elected as the root bridge Hello Time The length of time between broadcasts of...
Page 153 User’s Manual of IGSW-2840 Hello Time – The Hello Time can be from 1 to 10 seconds. This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other Switches that it is indeed the Root Bridge. If you set a Hello Time for your Switch, and it is not the Root Bridge, the set Hello Time will be used if and when your Switch becomes the Root Bridge.
Page 154 User’s Manual of IGSW-2840 Before Applying the STA Rules In this example, only the default STP values are used. After Applying the STA Rules The switch with the lowest Bridge ID (switch C) was elected the root bridge, and the ports were selected to give a high port cost between switches B and C.
Page 155 User’s Manual of IGSW-2840 Fast Ethernet link (default port cost = 200,000). Gigabit ports could be used, but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link.
Page 156 User’s Manual of IGSW-2840 • Bridge ID A unique identifier for this bridge, consisting of the bridge priority, the MST Instance ID 0 for the Common Spanning Tree when spanning tree mode is set to MSTP, and MAC address (where the address is taken from the switch system).
Page 157 User’s Manual of IGSW-2840 4.7.1.2 STA Configuration Configuring Global Settings Global settings apply to the entire Industrial Managed Switch. Command Usage ■ Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates one spanning tree instance for the entire network.
Page 158 User’s Manual of IGSW-2840 The page includes the following fields: ■ Basic Configuration of Global Settings Object Description • Spanning Tree State Enables/disables STA on this switch. (Default: Enabled) • Spanning Tree Type Specifies the type of spanning tree used on this switch: STP: Spanning Tree Protocol (IEEE 802.1D);...
Page 159 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Hello Time Interval (in seconds) at which the root device transmits a configuration message. -Default: -Minimum: -Maximum: The lower of 10 or [(Max. Message Age / 2) -1] •...
Page 160 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Path Cost Method The path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface.
Page 161 User’s Manual of IGSW-2840 • Maximum Hop Count The maximum number of hops allowed in the MST region before a BPDU is discarded. (Range: 1-40; Default: 20) The MST name and revision number are both required to uniquely identify an MST region.
Page 162 User’s Manual of IGSW-2840 information. Port address table is cleared, and the port begins learning addresses. - Forwarding Port forwards packets, and continues learning addresses. • Forward Transitions The number of times this port has transitioned from the Learning state to the Forwarding state.
Page 163 User’s Manual of IGSW-2840 4.7.1.4 STA Port Configuration Configuring Interface Settings You can configure RSTP and MSTP attributes for specific interfaces, including port priority, path cost, link type, and edge port. You may use a different priority or path cost for ports of the same media type to indicate the preferred path, link type to indicate a point-to-point connection or shared-media connection, and edge port to indicate if the attached device can support fast forwarding.
Page 164 User’s Manual of IGSW-2840 • Priority Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 165 User’s Manual of IGSW-2840 By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below. Path cost “0” is used to indicate auto-configuration mode. When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65,535, the default is set to 65,535.
Page 166 User’s Manual of IGSW-2840 4.7.2 MSTP 4.7.2.1 Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 167 User’s Manual of IGSW-2840 Figure 4-7-9 MSTP VLAN Configuration screenshot The page includes the following fields: • VLANs in MST VLANs assigned to this instance. Instance • MST ID Instance identifier to configure. (Range: 0-57; Default: 0) • VLAN ID VLAN to assign to this selected MST instance.
Page 168 User’s Manual of IGSW-2840 4.7.2.3 MSTP Port Configuration Configuring Interface Settings for MSTP You can configure the STA interface settings for an MST Instance using the MSTP Port Configuration and MSTP Trunk Configuration pages. Figure 4-7-11 MSTP Port Configuration screenshot...
Page 169 User’s Manual of IGSW-2840 • Priority Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.
Page 170: Vlan Configuration
User’s Manual of IGSW-2840 4.8 VLAN Configuration VLAN Description A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN.
Page 171 User’s Manual of IGSW-2840 4.8.1 IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This Industrial Managed Switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.
Page 172 User’s Manual of IGSW-2840 ports and work normally. Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLAN allow VLAN to work with legacy switches that don’t recognize VLAN tags in packet headers. The tagging feature allows VLAN to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work...
Page 173 User’s Manual of IGSW-2840 Adding an IEEE802.1Q Tag Original Ethernet Dest. Addr. Src. Addr. Length/E. type Data Old CRC Dest. Addr. Src. Addr. E. type Length/E. type Data New CRC New Tagged Packet Priority VLAN ID ■ Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network...
Page 174 User’s Manual of IGSW-2840 intermediate network devices nor the host at the other end of the connection supports VLANs, then you should add this port to the VLAN as an untagged port. VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging.
Page 175 User’s Manual of IGSW-2840 If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports connected to these devices (as described in “Adding Static Members to VLANs (VLAN Index)”). But you can still enable GVRP on these edge switches, as well as on the core switches in the network.
Page 176 User’s Manual of IGSW-2840 VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch.
Page 177 User’s Manual of IGSW-2840 port-based VLAN for one or two switches, you can disable tagging. Figure 4-8-3 VLAN Current Table screenshot The page includes the following fields: Object Description • VLAN ID ID of configured VLAN (1-4094). • Up Time at Creation Time this VLAN was created (i.e., System Up Time).
Page 178 User’s Manual of IGSW-2840 Figure 4-8-4 VLAN Static List screenshot The page includes the following fields: Object Description • Current Lists all the current VLAN groups created for this system. Up to 255 VLAN groups can be defined. VLAN 1 is the default untagged VLAN.
Page 179 User’s Manual of IGSW-2840  Understand nomenclature of the Switch Tagged and Untagged Every port on an 802.1Q compliant switch can be configured as tagged or untagged. • Tagged: Ports with tagging enabled will put the VID number, priority and other VLAN information into the header of all packets that flow into those ports.
Page 180 User’s Manual of IGSW-2840 Figure 4-8-5 VLAN Static Table screenshot The page includes the following fields: Object Description VLAN ID of configured VLAN. Range :1-4093, no leading zeros Name Name of the VLAN. Range: 1 to 32 characters Status Enables or disables the specified VLAN.
Page 181 User’s Manual of IGSW-2840 -Untagged: Interface is a member of the VLAN. All packets transmitted by the port will be untagged, that is, not carry a tag and therefore not carry VLAN or CoS information. Note that an interface must be assigned to at least one group as an untagged port.
Page 182 User’s Manual of IGSW-2840 4.8.1.6 Static Membership by Port Adding Static Members to VLANs (Port Index) Use this page to assign VLAN groups to the selected interface as a tagged member. Command Sequence – Select an interface from the scroll-down box (Port or Trunk).
Page 183 User’s Manual of IGSW-2840 4.8.1.7 VLAN Port Configuration Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers. • GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.
Page 184 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • PVID VLAN ID assigned to untagged frames received on the interface. (Default: 1) If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN, the interface will automatically be added to VLAN 1 as an untagged member.
Page 185 User’s Manual of IGSW-2840 • GARP Join Timer* The interval between transmitting requests/queries to participate in a VLAN group. Range: 20-1000 centiseconds Default: 20 centiseconds • GARP Leave Timer* The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time.
Page 186 User’s Manual of IGSW-2840 4.8.2 Q-in-Q VLAN ■ IEEE 802.1Q Tunneling (Q-in-Q) IEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs.
Page 187 User’s Manual of IGSW-2840 Layer 2 Flow for Packets Coming into a Tunnel Access Port A QinQ tunnel port may receive either tagged or untagged packets. No matter how many tags the incoming packet has, it is treated as tagged packet.
Page 188 User’s Manual of IGSW-2840 Layer 2 Flow for Packets Coming into a Tunnel Uplink Port An uplink port receives one of the following packets:  Untagged  One tag (CVLAN or SPVLAN)  Double tag (CVLAN + SPVLAN) The ingress process does source and destination lookups. If both lookups are successful, the ingress process writes the packet to memory.
Page 189 User’s Manual of IGSW-2840 -Spanning tree bridge protocol data unit (BPDU) filtering is automatically disabled on a tunnel port. ■ General Configuration Guidelines for QinQ Configure the switch to QinQ mode (see “Enabling QinQ Tunneling on the Switch”). Set the Tag Protocol Identifier (TPID) value of the tunnel access port. This step is required if the attached client is using a nonstandard 2-byte ethertype to identify 802.1Q tagged frames.
Page 190 User’s Manual of IGSW-2840 4.8.2.2 802.1Q Tunnel Port Configuration Adding an Interface to a QinQ Tunnel Follow the guidelines in the preceding section to set up a QinQ tunnel on the Industrial Managed Switch. Use the VLAN Port Configuration or VLAN Trunk Configuration screen to set the access port on the edge switch to 802.1Q Tunnel mode. Also set the Tag Protocol Identifier (TPID) value of the tunnel port if the attached client is using a nonstandard 2-byte ethertype to identify 802.1Q tagged frames.
Page 191 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Port Port number. • Mode Set the VLAN membership mode of the port. • None The port operates in its normal VLAN mode. (This is the default.) •...
Page 192: Private Vlan
User’s Manual of IGSW-2840 4.8.3 Private VLAN Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This Industrial Managed Switch supports two types of private VLANs:  primary / secondary associated groups  stand-alone isolated VLANs.
Page 193 User’s Manual of IGSW-2840  Primary / secondary Associated Group To configure primary/secondary associated groups, follow these steps: Use the Private VLAN Configuration menu to designate one or more community VLANs, and the primary VLAN that will channel traffic outside of the VLAN groups.
Page 194 User’s Manual of IGSW-2840 4.8.3.1 Private VLAN Information Displaying Current Private VLANs The Private VLAN Information page displays information on the Private VLANs configured on the Industrial Managed Switch, including primary, community, and isolated VLANs, and their assigned interfaces. Figure 4-8-10.Private VLAN Information screenshot...
Page 195 User’s Manual of IGSW-2840 4.8.3.2 Private VLAN Configuration Configuring Private VLANs The Private VLAN Configuration page is used to create/remove primary, community, or isolated VLANs. Figure 4-8-11.Private VLAN Configuration screenshot The page includes the following fields: Object Description • VLAN ID ID of configured VLAN (2-4094).
Page 196 User’s Manual of IGSW-2840 4.8.3.3 Private VLAN Association Each Community VLAN must be associated with a primary VLAN. Figure 4-8-12. Private VLAN Association screenshot The page includes the following fields: Object Description • Primary VLAN ID ID of primary VLAN (2-4094).
Page 197 User’s Manual of IGSW-2840 4.8.3.4 Private VLAN Port Information Use these menus to display the interfaces associated with Private VLANs. Figure 4-8-13. Private VLAN Port Information screenshot The page includes the following fields: Object Description • Port The switch interface.
Page 198 User’s Manual of IGSW-2840 4.8.3.5 Private VLAN Port Configuration Use these menus to set the private VLAN interface type, and associate the interfaces with a private VLAN. Figure 4-8-14. Private VLAN Port Configuration screenshot The page includes the following fields:...
Page 199 User’s Manual of IGSW-2840 designated promiscuous ports. Set PVLAN Port Type to “Host,” and then specify the associated Community VLAN. • Isolated VLAN A single stand-alone VLAN that contains one promiscuous port and one or more isolated (or host) ports. This VLAN conveys traffic between the isolated ports and a lone promiscuous port.
Page 200: Protocol Vlan
User’s Manual of IGSW-2840 4.8.4 Protocol VLAN The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 201 User’s Manual of IGSW-2840 4.8.4.1 Protocol VLAN Configuration Use the Protocol VLAN Configuration menu to create or remove protocol groups. Figure 4-8-15. Protocol VLAN Configuration screenshot The page includes the following fields: ■ Special Protocol Object Description • Special Protocol Three fixed protocol types have been preconfigured.
Page 202 User’s Manual of IGSW-2840 ■ Programmable Protocol Object Description • Programmable The following options are available: Protocol • Frame Type The following frame types are available: Ethernet LLC_other RFC_1042 SNAP_8021H • Protocol Type User defined. Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN (VLAN 1) that has been configured with the switch’s administrative IP.
Page 203 User’s Manual of IGSW-2840 Figure 4-8-16. Protocol VLAN Port Configuration screenshot The page includes the following fields: Object Description • Interface Port or Trunk identifier. • Query Use this button to display the current protocol settings, and to select an interface for configuration.
Page 204 User’s Manual of IGSW-2840 4.9 Multicast Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Page 205 User’s Manual of IGSW-2840 Multicast Service Multicast flooding...
Page 206 User’s Manual of IGSW-2840 IGMP Snooping multicast stream control IGMP Versions 1 and 2 Multicast groups allow members to join or leave at any time. IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group.
Page 207 User’s Manual of IGSW-2840 0x17 Leave a Group (version 2) 0x12 Membership Report (version 1) IGMP packets enable multicast routers to keep track of the membership of multicast groups, on their respective sub networks. The following outlines what is communicated between a multicast router and a multicast group member using IGMP.
Page 208 User’s Manual of IGSW-2840 When using IGMPv3 snooping, service requests from IGMP Version 1, 2 or 3 hosts are all forwarded to the upstream router as IGMPv3 reports. The primary enhancement provided by IGMPv3 snooping is in keeping track of information about the specific multicast sources which downstream IGMPv3 hosts have requested or refused.
Page 209: Configuring Igmp Snooping And Query Parameters
User’s Manual of IGSW-2840 Configuring IGMP Snooping and Query Parameters 4.9.1.1 IGMP Configuration You can configure the Industrial Managed Switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the Industrial Managed Switch forwards traffic only to the ports that request multicast traffic. This prevents the Industrial Managed Switch from broadcasting the traffic to all ports and possibly disrupting network performance.
Page 210 User’s Manual of IGSW-2840 Figure 4-9-1 IGMP Configuration screenshot The page includes the following fields: Object Description • IGMP Status When enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic. This is also referred to as IGMP Snooping.
Page 211 User’s Manual of IGSW-2840 • IGMP Version Sets the protocol version for compatibility with other devices on the network. Range: 1-3; Default: 2 All systems on the subnet must support the same version. Some attributes are only enabled for IGMPv2 and/or v3, including Act as IGMP Querier, IGMP Report Delay and IGMP Query Timeout.
Page 212 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • VLAN ID VLAN Identifier. (Range: 1-4094) • Immediate Leave Sets the status for immediate leave on the specified VLAN. (Default: Disabled) 4.9.1.3 Multicast Router Port Information Multicast routers that are attached to ports on the Industrial Managed Switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet.
Page 213 User’s Manual of IGSW-2840 4.9.1.4 Static Multicast Router Port Configuration Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/ switch connected over the network to an interface (port or trunk) on your Industrial Managed Switch, you can manually configure the interface (and a specified VLAN) to join all the current multicast groups supported by the attached router.
Page 214 User’s Manual of IGSW-2840 Figure 4-9-5 IP Multicast Registration Table screenshot The page includes the following fields: Object Description • VLAN ID Selects the VLAN for which to display port members. (Range: 1-4094) • Multicast IP Address The IP address for a specific multicast service.
Page 215 User’s Manual of IGSW-2840 4.9.1.6 IGMP Member Port Table Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in IGMP Configuration. For certain applications that require tighter control, you may need to statically configure a multicast service on the Industrial Managed Switch.
Page 216 User’s Manual of IGSW-2840 Figure 4-9-7 IGMP Member Port Table screenshot...
Page 217 User’s Manual of IGSW-2840 4.9.2 IGMP Filter and Throttling In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan. The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port, and IGMP throttling limits the number of simultaneous multicast groups a port can join.
Page 218 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • IGMP Filter Enables IGMP filtering and throttling globally for the switch. (Default: Disabled) • IGMP Profile Creates IGMP profile numbers. (Range: 1-4294967295) 4.9.2.2 IGMP Filter Profile Configuration When you have created an IGMP profile number, you can then configure the multicast groups to filter and set the access mode.
Page 219 User’s Manual of IGSW-2840 The page includes the following fields: Object Description • Profile ID Selects an existing profile number to configure. After selecting an ID number, click the Query button to display the current configuration. • Access Mode Sets the access mode of the profile; either permit or deny.
Page 220 User’s Manual of IGSW-2840 Figure 4-9-10 IGMP Filter and Throttling Port Configuration screenshot The page includes the following fields: Object Description • Profile Selects an existing profile number to assign to an interface. • Max Multicast Groups Sets the maximum number of multicast groups an interface can join at the same time.
Page 221 User’s Manual of IGSW-2840 4.9.3 Multicast VLAN Registration (MVR) Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN most commonly used for transmitting multicast traffic (such as television channels or video-on-demand) across a service provider’s network. Any multicast traffic entering an MVR VLAN is sent to all attached subscribers.
Page 222 User’s Manual of IGSW-2840 Only IGMP version 2 or 3 hosts can issue multicast join or leave messages. For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bind the multicast group to the participating interfaces (see “Assigning Static Multicast Groups to Interfaces”).
Page 223 User’s Manual of IGSW-2840 • MVR VLAN Identifier of the VLAN that serves as the channel for streaming multicast services using MVR. MVR source ports should be configured as members of the MVR VLAN (see “Adding Static Members to VLANs (VLAN Index)”), but MVR receiver ports should not be manually configured as members of this VLAN.
Page 224 User’s Manual of IGSW-2840 Figure 4-9-12 MVR Port Configuration screenshot The page includes the following fields: Object Description • MVR Type The following interface types are supported: -Source An uplink port that can send and receive multicast data for the groups assigned to the MVR VLAN.
Page 225 User’s Manual of IGSW-2840 4.9.3.3 MVR Port Information You can display information about the interfaces attached to the MVR VLAN. Figure 4-9-13 Port Information screenshot The page includes the following fields: Object Description • Type Shows the MVR port type.
Page 226 User’s Manual of IGSW-2840 4.9.3.4 MVR Group Member Configuration For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bind the multicast group to the participating interfaces. Command Usage •...
Page 227 User’s Manual of IGSW-2840 4.9.3.5 MVR Group IP Information You can display the multicast groups assigned to the MVR VLAN either through IGMP snooping or static configuration. Figure 4-9-15 MVR Group IP Table screenshot The page includes the following fields:...
Page 228: Quality Of Service
User’s Manual of IGSW-2840 4.10 Quality of Service This Industrial Managed Switch prioritizes each packet based on the required level of service, using four priority queues with strict priority, Weighted Round Robin, or hybrid queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application.
Page 229 User’s Manual of IGSW-2840  Service Policy Defines service policy settings for ports VoIP Voice over IP  Configuration Sets a Voice VLAN ID and enables VoIP traffic detection  Port Configuration Configures port VoIP traffic mode, security, and priority ...
Page 230 User’s Manual of IGSW-2840 4.10.1.1 Port Priority Configuration You can specify the default port priority for each interface on the Industrial Managed Switch. All untagged packets entering the Industrial Managed Switch are tagged with the specified default port priority, and then sorted into the appropriate egress queue at the output port.
Page 231 User’s Manual of IGSW-2840 4.10.1.2 Traffic Classes IEEE 802.1p CoS Priority This Industrial Managed Switch processes Class of Service (CoS) priority tagged traffic by using four egress queues for each port, with service schedules based on Weighted Round Robin (WRR). Up to eight separate traffic priority levels are defined in IEEE 802.1p.
Page 232 User’s Manual of IGSW-2840 The default priority levels are assigned according to recommendations in the IEEE 802.1p standard. However, you can map the priority levels to the Industrial Managed Switch's output queues in any way that benefits application traffic for your own network.
Page 233 User’s Manual of IGSW-2840 4.10.1.3 Queue Mode Selecting the Queue Mode You can set the Industrial Managed Switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue, or a combination of strict service for the high priority queues and weighted queueing for the remaining queues.
Page 234 User’s Manual of IGSW-2840 4.10.1.4 Queue Scheduling The Industrial Managed Switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each egress queue. The traffic classes are mapped to one of the four egress queues provided for each port. You can assign a weight to each of these queues (and thereby to the corresponding traffic priorities).
Page 235 User’s Manual of IGSW-2840 4.10.2 Layer 3/4 Priority Settings 4.10.2.1 Mapping Layer 3/4 Priorities to CoS Values This Industrial Managed Switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (TOS) octet or the number of the TCP port.
Page 236 User’s Manual of IGSW-2840 4.10.2.3 IP DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP retains backward compatibility with the three precedence bits so that non-DSCP compliant, TOS-enabled devices, will not conflict with the DSCP mapping.
Page 237 User’s Manual of IGSW-2840 4.10.2.4 Mapping IP Precedence Priority The Type of Service (TOS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority (7) for network control packets to lowest priority (0) for routine traffic. Bits 6 and 7 are used for network control, and the other bits for various application types.
Page 238 User’s Manual of IGSW-2840 4.10.2.6 IP Precedence Priority Figure 4-10-8 IP Precedence Priority screenshot The page includes the following fields: Object Description IP Precedence Priority Shows the IP Precedence to CoS map. Table Class of Queue Service Maps an IP Precedence value to a CoS queue.
Page 239 User’s Manual of IGSW-2840 The four TOS bits provide 15 different priority values, however only five values have a defined meaning. The following table lists the defined IP TOS values and the default mapping to CoS queues on the switch. (All the TOS values not defined are mapped to CoS queue 0.)
Page 240 User’s Manual of IGSW-2840 4.10.2.9 IP TOS Priority Figure 4-10-10 IP TOS Priority screenshot The page includes the following fields: Object Description IP TOS Priority Table Shows the IP TOS to CoS map. Class of Queue Service Maps an IP TOS value to a CoS queue.
Page 241 User’s Manual of IGSW-2840 4.10.2.11 IP Port Priority Status Figure 4-10-11 IP Port Priority Status screenshot The page includes the following fields: Object Description IP Port Priority Status Enables or disables the IP port priority. IP Port Priority Table Shows the IP port to CoS queue map.
Page 242 User’s Manual of IGSW-2840 4.10.2.12 IP Port Priority Figure 4-10-12 IP Port Priority screenshot The page includes the following fields: Object Description IP Port Priority Table Shows the IP port to CoS queue map. IP Port Number Set a new IP port number.
Page 243 User’s Manual of IGSW-2840 4.10.2.14 ACL CoS Priority Figure 4-10-13 ACL CoS Priority screenshot The page includes the following fields: Object Description Port Port identifier. Name Name of a configured ACL. Type Type of ACL (IP or MAC). CoS Values CoS values used for packets matching the ACL rule.
Page 244 User’s Manual of IGSW-2840 4.10.3 DiffServ The commands described in this section are used to configure Quality of Service (QoS) classification criteria and service policies. Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence, DSCP values, or VLAN lists.
Page 245 User’s Manual of IGSW-2840 4.10.3.1 Configuring a DiffServ Class Map A class map is used for matching packets to a specified class. Command Usage • To configure a Class Map, follow these steps: Open the Class Map page, and click Add Class.
Page 246 User’s Manual of IGSW-2840 Figure 4-10-16 Class Map screenshot Class Configuration Figure 4-10-17 Class Configuration screenshot The page includes the following fields: Object Description Class Name Name of the class map. (Range: 1-16 characters) Type Only one match command is permitted per class map, so the match-any field refers to the criteria specified by the lone match command.
Page 247 User’s Manual of IGSW-2840 Match Class Settings Figure 4-10-18 Match Class Settings screenshot The page includes the following fields: Object Description Class Name List of class maps ACL List Name of an access control list. Any type of ACL can be specified, including standard or extended IP ACLs and MAC ACLs.
Page 248 User’s Manual of IGSW-2840 4.10.3.2 Policy Map Creating QoS Policies This function creates a policy map that can be attached to multiple interfaces. Command Usage • To configure a Policy Map, follow these steps: Create a Class Map as described Open the Policy Map page, and click Add Policy.
Page 249 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Modify Name and Configures the name and a brief description of a policy map. Description (Range: 1-16 characters for the name; 1-64 characters for the description) Edit Classes Opens the “Policy Rule Settings”...
Page 250 User’s Manual of IGSW-2840 Policy Configuration Figure 4-10-23 Policy Configuration screenshot The page includes the following fields: Object Description Policy Name Name of policy map. (Range: 1-16 characters) Description A brief description of a policy map. (Range: 1-64 characters) Adds the specified policy Back Returns to previous page with making any changes.
Page 251 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Class Name Name of class map. Action Shows the service provided to ingress traffic by setting a CoS or DSCP value in a matching packet (as specified in Match Class Settings).
Page 252 User’s Manual of IGSW-2840 4.10.3.3 Service Policy Attaching a Policy Map to Ingress Queues This function binds a policy map to the ingress queue of a particular interface. Command Usage • You must first define a class map, then define a policy map, and finally bind the service policy to the required interface.
Page 253 User’s Manual of IGSW-2840 4.10.4 Voice VLANs When IP telephony is deployed in an enterprise network, it is recommended to isolate the Voice over IP (VoIP) network traffic from other data traffic. Traffic isolation can provide higher voice quality by preventing excessive packet delays, packet loss, and jitter.
Page 254 User’s Manual of IGSW-2840 Voice VLAN ID Sets the Voice VLAN ID for the network. Only one Voice VLAN is supported and it must already be created on the switch. (Range: 1-4094) Vioce VLAN Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port.
Page 255 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Mode Specifies if the port will be added to the Voice VLAN when VoIP traffic is detected. (Default: None) - None The Voice VLAN feature is disabled on the port. The port will not detect VoIP traffic nor be added to the Voice VLAN.
Page 256 User’s Manual of IGSW-2840 4.10.4.3 Telephony OUI Configuration VoIP devices attached to the Industrial Managed Switch can be identified by the manufacturer’s Organizational Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses.
Page 257: User Authentication
User’s Manual of IGSW-2840 4.11 Security This section is to control the access of the Industrial Managed Switch, includes the user access and management control. The Security page contains links to the following main topics:  User Authentication  Client Security 4.11.1 User Authentication...
Page 258 User’s Manual of IGSW-2840 Figure 4-11-1 User Accounts screenshot The page includes the following fields: Object Description Account List Displays the current list of user accounts and associated access levels. (Defaults: admin, and guest) New Account Displays configuration settings for a new account.
Page 259 User’s Manual of IGSW-2840 4.11.3 Configuring Local / Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the Industrial Managed Switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.
Page 260 User’s Manual of IGSW-2840 • RADIUS and TACACS+ logon authentication assign a specific privilege level for each user name/password pair. The user name, password, and privilege level must be configured on the authentication server. The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client.
Page 261: Radius Settings
User’s Manual of IGSW-2840 4.11.4 RADIUS Settings This page is to configure the RADIUS server connection session parameters. The RADIUS Settings screen in Figure 4-11-3 appears. Figure 4-11-3 Authentication \ RADIUS Settings screenshot The page includes the following fields: Object...
Page 262 User’s Manual of IGSW-2840 4.11.5 TACACS Settings This page is to configure the TACACS server connection session parameters. The TACACS Settings screen in Figure 4-11-4 appears. Figure 4-11-4 Authentication \ TACACS Settings screenshot The page includes the following fields: Object...
Page 263: Aaa Authorization And Accounting
User’s Manual of IGSW-2840 4.11.6 AAA Authorization and Accounting Authentication, Authorization, and Accounting (AAA) provides a framework for configuring access control on the Industrial Managed Switch. The three security functions can be summarized as follows: • Authentication — Identifies users that request access to the network.
Page 264 User’s Manual of IGSW-2840 4.11.6.1 AAA RADIUS Group Settings The AAA RADIUS Group Settings screen defines the configured RADIUS servers to use for accounting and authorization. Figure 4-11-5 AAA RADIUS Group Settings screenshot Click Security  AAA  Radius Group Settings.
Page 265 User’s Manual of IGSW-2840 Figure 4-11-6 AAA TACACS+ Group Settings screenshot The page includes the following fields: Object Description Group Name Defines a name for the TACACS+ server group. (1-255 characters) Server Spefies the TACACS+ server to use for the group. (Range: 1) 4.11.6.3 AAA Accounting Settings...
Page 266 User’s Manual of IGSW-2840 Click Security  AAA  Accounting Settings. To configure a new accounting method, specify a method name and a group name, then click Add. The page includes the following fields: Object Description Method Name Specifies an accounting method for service requests. The “default” methods are used for a requested service if no other methods have been defined.
Page 267 User’s Manual of IGSW-2840 Click Security  AAA  Accounting, Periodic Update. Enter the required update interval and click Apply The page includes the following fields: Object Description Periodic Update Specifies the interval at which the local accounting service updates information to the accounting server.
Page 268 User’s Manual of IGSW-2840 4.11.6.6 AAA Accounting Exec Command Privileges This feature specifies a method name to apply to commands entered at specific CLI privilege levels. Figure 4-11-10 AAA Accounting EXEC Command Privileges screenshot Click Security  AAA  Accounting  Command Privilges. Enter a defined method name for console and Telnet privilege levels.
Page 269 User’s Manual of IGSW-2840 4.11.6.7 AAA Accounting Exec Settings This feature specifies a method name to apply to console and Telnet connections. Figure 4-11-11 AAA Accounting Exec Settings screenshot Click Security  AAA  Accounting  Exec Settings. Enter a defined method name for console and Telnet connections, and click Apply.
Page 270 User’s Manual of IGSW-2840 4.11.6.8 AAA Accounting Summary This feature displays all accounting configured accounting methods, the methods applied to specified interfaces, and basic accounting information recorded for user sessions. Figure 4-11-12 AAA Accounting Summary screenshot The page includes the following fields:...
Page 271 User’s Manual of IGSW-2840 4.11.6.9 AAA Accounting Statistics Summary Object Description User Name Displays a registered user name. Interface Displays the receive port number through which this user accessed the switch. Time Elapsed Displays the length of time this entry has been active.
Page 272 User’s Manual of IGSW-2840 4.11.6.11 AAA Authorization Exec Settings This feature specifies an authorization method name to apply to console and Telnet connections. Figure 4-11-14 AAA Authorization Exec Settings screenshot Click Security  AAA  Authorization  Exec Settings. Enter a defined method name for console and Telnet connections, and click Apply.
Page 273 User’s Manual of IGSW-2840 Interface Displays the console or Telnet interface to which the authorization method applies. (This field is null if the authorization method and associated server group have not been assigned.) 4.11.7 HTTPS Setting You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface.
Page 274 User’s Manual of IGSW-2840 The page includes the following fields: Object Description HTTPS Status Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled) Change HTTPS Port Specifies the UDP port number used for HTTPS/ SSL connection to the switch’s Number web interface.
Page 275 User’s Manual of IGSW-2840 4.11.8 SSH 4.11.8.1 Configure Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 276 User’s Manual of IGSW-2840 for all the SSH client’s granted management access to the switch. (Note that these clients must be configured locally on the switch via the User Accounts page as described.) The clients are subsequently authenticated using these keys. The current...
Page 277 User’s Manual of IGSW-2840 Authenticating SSH v2 Clients The client first queries the switch to determine if DSA public key authentication using a preferred algorithm is acceptable. If the specified algorithm is supported by the switch, it notifies the client to proceed with the authentication process.
Page 278 User’s Manual of IGSW-2840 SSH Authentication Specifies the number of authentication attempts that a client is allowed before Retries authentication fails and the client has to restart the authentication process. (Range: 1-5 times; Default: 3) SSH Server-Key Size Specifies the SSH server key size.
Page 279 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Public-Key of Host-Key The public key for the host. -RSA (Version 1): The first field indicates the size of the host key (e.g., 1024), the second field is the encoded public exponent (e.g., 65537), and the last string is the encoded modulus.
Page 280 User’s Manual of IGSW-2840 Figure 4-11-19 SSH Host-Key Settings screenshot...
Page 281: X Port Authentication
User’s Manual of IGSW-2840 4.11.9 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 282 User’s Manual of IGSW-2840 4.11.9.1 Understanding IEEE 802.1X Port-Based Authentication The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.
Page 283 User’s Manual of IGSW-2840 The switch includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with the authentication server. When the switch receives EAPOL frames and relays them to the authentication server, the Ethernet header is stripped and the remaining EAP frame is re-encapsulated in the RADIUS format.
Page 284 User’s Manual of IGSW-2840  Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally.
Page 285 User’s Manual of IGSW-2840 4.11.9.2 Displaying 802.1X Information The 802.1X protocol provides client authentication. Figure 4-11-20 802.1X Information screenshot The page includes the following fields: Object Description 802.1X System The global settings for 802.1X. Authentication Control 4.11.9.3 802.1X Configuration The 802.1X protocol provides port authentication. The 802.1X protocol must be enabled globally for the switch system before port settings are active.
Page 286 User’s Manual of IGSW-2840 4.11.9.4 802.1X Port Configuration When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
Page 287 User’s Manual of IGSW-2840 -Force-Unauthorized Forces the port to deny access to all clients, either dot1x-aware or otherwise. Re-authentication Sets the client to be re-authenticated after the interval specified by the Re-authentication Period. Re-authentication can be used to detect if a new device is plugged into a switch port.
Page 288 User’s Manual of IGSW-2840 4.11.9.5 Displaying 802.1X Statistics This Industrial Managed Switch can display statistics for dot1x protocol exchanges for any port. Figure 4-11-23 802.1X Statistics screenshot Select Security  802.1X  Statistics. Select the required port and then click Query.
Page 289 User’s Manual of IGSW-2840 Rx Last EAPOLVer The protocol version number carried in the most recently received EAPOL frame. Rx Last EAPOLSrc The source MAC address carried in the most recently received EAPOL frame. Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Authenticator.
Page 290 User’s Manual of IGSW-2840 Create user data. That step are different of “Local Authenticate”, the establishment of the user data needs to be created on the Radius Server PC. For example, the Radius Server founded on Win2000 Server, and then: Figure 4-11-26 Windows Server RADIUS Server setting path Enter ”...
Page 291 User’s Manual of IGSW-2840 4.11.9.7 802.1X Client Configuration Windows XP is originally 802.1X support. As to other operating systems (windows 98SE, ME, 2000), an 802.1X client utility is needed. The following procedures show how to configure 802.1X Authentication in Windows XP.
Page 292 User’s Manual of IGSW-2840 Select “MD-5 Challenge” from the drop-down list box for EAP type. Click “OK”. When client has associated with the Industrial Managed Switch, a user authentication notice appears in system tray. Click on the notice to continue.
Page 293 User’s Manual of IGSW-2840 Enter the user name, password and the logon domain that your account belongs. 10. Click “OK” to complete the validation process.
Page 294 User’s Manual of IGSW-2840 4.11.10 Client Security This Industrial Managed Switch supports many methods of segregating traffic for clients attached to each of the data ports, and for ensuring that only authorized clients gain access to the network. Private VLANs and port-based authentication using IEEE 802.1X are commonly used for these purposes.
Page 295: Port Security
User’s Manual of IGSW-2840 4.11.11 Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the Industrial Managed Switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
Page 296 User’s Manual of IGSW-2840 Figure 4-11-28 Port Security screenshot Click Security  Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in the Status column to enable security for a port, set the maximum number of MAC addresses allowed on a port, and click Apply.
Page 297 User’s Manual of IGSW-2840 This example selects the target port, sets the port security action to send a trap and disable the port, sets the maximum MAC addresses allowed on the port, and then enables port security for the port.
Page 298: Web Authentication
User’s Manual of IGSW-2840 4.11.12 Web Authentication Web authentication allows stations to authenticate and access the network in situations where 802.1X or Network Access authentications are infeasible or impractical. The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries. All other traffic, except for HTTP protocol traffic, is blocked. The switch intercepts HTTP protocol traffic and redirects it to a switch-generated web page that facilitates username and password authentication via RADIUS.
Page 299 User’s Manual of IGSW-2840 4.11.12.1 Web Authentication Configuration Web authentication is configured on a per-port basis, however there are four configurable parameters that apply globally to all ports on the Industrial Managed Switch. Figure 4-11-31 Web Authentication Configuration screenshot Click Security  Web Authentication  Configuration.
Page 300 User’s Manual of IGSW-2840 4.11.12.2 Web Authentication Port Configuration Web authentication is configured on a per-port basis. The following parameters are associated with each port. Figure 4-11-32 Web Authentication Port Configuration screenshot Click Security  Web Authentication  Port Configuration.
Page 301 User’s Manual of IGSW-2840 Figure 4-11-33 Web Authentication Port Information screenshot The page includes the following fields: Object Description Interface Indicates the port to query. IP Address Indicates the IP address of each connected host. Status Indicates the authorization status of each connected host.
Page 302 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Interface Indicates the port to query. Host IP Indicates the IP address of the host selected for re-authentication.
Page 303 User’s Manual of IGSW-2840 4.11.13 Network Access (MAC Address Authentication) Some devices connected to switch ports may not be able to support 802.1X authentication due to hardware or software limitations. This is often true for devices such as network printers, IP phones, and some wireless access points. This switch enables network access from these devices to be controlled by authenticating device MAC addresses with a central RADIUS server.
Page 304 User’s Manual of IGSW-2840 4.11.13.1 Network Access Configuration MAC Access Configuration is configured on a per-port basis, however there are two configurable parameters that apply globally to all ports on the switch. Figure 4-11-35 MAC Access Configuration screenshot The page includes the following fields:...
Page 305 User’s Manual of IGSW-2840 4.11.13.2 Network Access Port Configuration Configures MAC authentication on switch ports, including setting the maximum MAC count, applying a MAC address filter, and enabling dynamic VLAN assignment. Figure 4-11-36 Network Access Port Configuration screenshot The page includes the following fields:...
Page 306 User’s Manual of IGSW-2840 Dynamic VLAN Enables dynamic VLAN assignment for an authenticated port. When enabled, any VLAN identifiers returned by the RADIUS server are applied to the port, providing the VLANs have already been created on the switch. (GVRP is not used to create the VLANs.)
Page 307 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Network Access MAC The number of MAC addresses currently in the secure MAC address table. Address Count Query By Specifies parameters to use in the MAC address query.
Page 308: Access Control Lists
User’s Manual of IGSW-2840 4.11.14 Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a specific port.
Page 309 User’s Manual of IGSW-2840 4.11.14.1 ACL Configuration Use the ACL Configuration page to designate the name and type of an ACL. Figure 4-11-38 ACL Configuration screenshot Select Security  ACL  Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MAC), and click Add to open the configuration page for the new list.
Page 310 User’s Manual of IGSW-2840 4.11.14.2 Configure a Standard ACL Figure 4-11-39 Standard ACL screenshot Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 311 User’s Manual of IGSW-2840 Figure 4-11-40 Standard ACL Settings screenshot Figure 4-11-41 Standard ACL Settings screenshot 4.11.14.3 Extended ACL Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 312 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Action An ACL can contain any combination of permit or deny rules. (Default: Permit rules) Source/Destination Specifies the source or destination IP address. Use “Any” to include all possible Address Type addresses, “Host”...
Page 313 User’s Manual of IGSW-2840 4.11.14.4 MAC ACL Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets. Figure 4-11-42 MAC ACL screenshot Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses.
Page 314 User’s Manual of IGSW-2840 Source/Destination MAC Source or destination MAC address. Address Source/Destination Bit Hexadecimal mask for source or destination MAC address. Mask VLAN ID. (Range: 1-4094) Ethernet Type This option can only be used to filter Ethernet II formatted packets.
Page 315 User’s Manual of IGSW-2840 Figure 4-11-44 MAC ACL Settings screenshot...
Page 316 User’s Manual of IGSW-2840 4.11.14.5 ACL Port Binding After configuring the Access Control Lists (ACL), you can bind the ports that need to filter traffic to the appropriate ACLs. You can assign one IP access list to any port – IP ingress or MAC ingress.
Page 317 User’s Manual of IGSW-2840 Figure 4-11-46 ACL Port Binding Settings screenshot...
Page 318: Ip Filter
User’s Manual of IGSW-2840 4.11.15 IP Filter You can create a list of up to 16 IP addresses or IP address groups that are allowed management access to the Industrial Managed Switch through the web interface, SNMP, or Telnet. Command Usage •...
Page 319 User’s Manual of IGSW-2840 Click Security  IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add Web IP Filtering Entry to update the filter list. The page includes the following fields:...
Page 320 User’s Manual of IGSW-2840 The page includes the following fields: Object Description SNMP IP Filter Configures IP address(es) for the SNMP group. Start IP Address A single IP address, or the starting address of a range. End IP Address The end address of a range.
Page 321 User’s Manual of IGSW-2840 End IP Address The end address of a range. Add/Remove Filtering Adds/removes an IP address from the list. Entry...
Page 322: Dhcp Snooping
User’s Manual of IGSW-2840 4.11.16 DHCP Snooping The addresses assigned to DHCP clients on unsecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard). DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port-related information to a DHCP server.
Page 323 User’s Manual of IGSW-2840 If a DHCP packet is from server is received on a trusted port, it will be forwarded to both trusted and untrusted ports in the same VLAN. • If the DHCP snooping is globally disabled, all dynamic bindings are removed from the binding table.
Page 324 User’s Manual of IGSW-2840 • When the DHCP snooping is globally disabled, DHCP snooping can still be configured for specific VLANs, but the changes will not take effect until DHCP snooping is globally re-enabled. • When DHCP snooping is globally enabled, and DHCP snooping is then disabled on a VLAN, all dynamic bindings learned for this VLAN are removed from the binding table.
Page 325 User’s Manual of IGSW-2840 If the DHCP packet’s broadcast flag is on, the reply packet is broadcast to all attached VLANs, excluding that through which the reply packet was received. If the DHCP packet’s broadcast flag is off, the switch uses the Option 82 information to identify the interface connected to the requesting client and unicasts the reply packet to the client.
Page 326 User’s Manual of IGSW-2840 4.11.16.4 DHCP Snooping Port Configuration Configures switch ports as trusted or untrusted. Command Usage • A trusted interface is an interface that is configured to receive only messages from within the network. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall.
Page 327: Ip Source Guard
User’s Manual of IGSW-2840 4.11.17 IP Source Guard IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table when enabled (see “DHCP...
Page 328 User’s Manual of IGSW-2840 Figure 4-11-54 IP Source Guard Port Configuration screenshot The page includes the following fields: Object Description Filter Type Configures the switch to filter inbound traffic based source IP address, or source IP address and corresponding MAC address.
Page 329 User’s Manual of IGSW-2840 4.11.17.2 Static Configuration Add a static address to the source-guard binding table. Table entries include a MAC address, IP address, lease time, entry type (Static, Dynamic), VLAN identifier, and port identifier. All static entries are configured with an infinite lease time, which is indicated with a value of zero in the table.
Page 330 User’s Manual of IGSW-2840 The page includes the following fields: Object Description Static Binding Table The total number of static entries in the table. Counts Port Switch port number. IGSW-2840 Range: 1-28 VLAN ID ID of a configured VLAN (Range: 1-4094) MAC Address A valid unicast MAC address.
Page 331 User’s Manual of IGSW-2840 Object Description Query by Select an interface to display the source-guard binding. Options: Port VLAN MAC Address IP Address Dynamic Binding Table Counts Displays the number of IP addresses in the source-guard binding table. Current Dynamic Binding Table...
Page 332: Cluster Configuration
User’s Manual of IGSW-2840 4.12 Cluster Switch Clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Page 333 User’s Manual of IGSW-2840 Figure 4-12-1 Cluster Configuration screenshot The page includes the following fields: Object Description Cluster Status Enables or disables clustering on the switch. (Default: Enabled) Cluster Commander Enables or disables the switch as a cluster Commander. (Default: Disabled) Role Indicates the current role of the switch in the cluster;...
Page 334: Cluster Member Configuration
User’s Manual of IGSW-2840 4.12.2 Cluster Member Configuration Adds Candidate switches to the cluster as Members. Figure 4-12-2 Cluster Member Configuration screenshot The page includes the following fields: Object Description Member ID Specify a Member ID number for the selected Candidate switch.
Page 335: Cluster Candidate Information
User’s Manual of IGSW-2840 The page includes the following fields: Object Description Member ID The ID number of the Member switch. (Range: 1-36) Role Indicates the current status of the switch in the cluster. IP Address The internal cluster IP address assigned to the Member switch.
Page 336: Command Line Interface
After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the IGSW-2840 is opened. To end the CLI session, enter [Exit]. Console# 5.1.3 Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address.
Page 337: Entering Commands
When finished, exit the session with the “quit” or “exit” command. After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the IGSW-2840 is opened. To end the CLI session, enter [Exit]. Vty-0# You can open up to four sessions to the device via Telnet.
Page 338: Keywords And Arguments
User’s Manual of IGSW-2840 5.2.1 Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Page 339 User’s Manual of IGSW-2840 Console# show ? access-group Access groups access-list Access lists accounting Uses an accounting list with this name banner Banner info bridge-ext Bridge extension information calendar Date and time information class-map Displays class maps cluster Display cluster...
Page 340 User’s Manual of IGSW-2840 Secure shell server connections startup-config Startup system configuration system System information tacacs-server TACACS server settings users Information about terminal lines version System hardware and software versions vlan Virtual LAN settings voice Shows the voice VLAN information...
Page 341: Partial Keyword Lookup
User’s Manual of IGSW-2840 5.2.6 Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.”...
Page 342: Exec Commands
“super”. To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the IGSW-2840 is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [guest login password] CLI session with the IGSW-2840 is opened.
Page 343: Configuration Commands
User’s Manual of IGSW-2840 5.2.11 Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the copy running-config startup-config command.
Page 344: Command Line Processing
User’s Manual of IGSW-2840 Policy Map policy map Console(config-pmap) Server Group aaa group server radius Console(config-sg-radius) aaa group server tacacs+ Console(config-sg-tacacs+) VLAN vlan database Console(config-vlan) Table 5-2 Configuration Modes For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec...
Page 345: Command Groups
User’s Manual of IGSW-2840 5.3 Command Groups The system commands can be broken down into the functional groups shown below. Command Group Description General Basic commands for entering privileged access mode, restarting thesystem, or quitting the CLI System Management Display and setting of system information, basic modes of operation, maximum frame...
Page 346: General Commands
User’s Manual of IGSW-2840 Quality of Service Configures Differentiated Services Multicast Filtering Configures IGMP multicast filtering, query parameters, specifies ports attached to a multicast router, and enables multicast VLAN registration IP Interface Configures IP address for the switch Table 5-4 Command Groups...
Page 347 User’s Manual of IGSW-2840 0: Normal Exec, 15: Privileged Exec. Enter level 15 to access Privileged Exec mode. Default Setting Level 15 Command Mode Normal Exec Command Usage “admin” is the default password required to change the command mode from Normal Exec to Privileged Exec.
Page 348 User’s Manual of IGSW-2840 Related Commands enable configure This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration.
Page 349 User’s Manual of IGSW-2840 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration modes. In this example, the !2 command repeats the second command in the Execution history buffer (config).
Page 350 User’s Manual of IGSW-2840 prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configuration Example Console(config)#prompt RD2 RD2(config)# This command returns to Privileged Exec mode.
Page 351 User’s Manual of IGSW-2840 quit This command exits the configuration program. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session:...
Page 352: System Management Commands
User’s Manual of IGSW-2840 5.5 System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information. Command Group Function Device Designation Configures information that uniquely identifies this switch...
Page 353 User’s Manual of IGSW-2840 Console(config)#hostname RD#1 Console(config)# 5.5.2 Banner Information Commands These commands are used to configure and manage administrative information about the switch, its exact data center location, details of the electrical and network circuits that supply the switch, as well as contact information for the network administrator and system manager.
Page 354 User’s Manual of IGSW-2840 The administrator can batch-input all details for the switch with one command. When the administrator finishes typing the company name and presses the enter key, the script prompts for the next piece of information, and so on, until all information has been entered.
Page 355 User’s Manual of IGSW-2840 banner configure company This command is used to configure company information displayed in the banner. Use the no form to restore the default setting. Syntax banner configure company name no banner configure company name - The name of the company. (Maximum length: 32 characters)
Page 356 User’s Manual of IGSW-2840 boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity. Example Console(config)#banner configure floor 3 row 15 rack 24 electrical-circuit 48v-id_3.15.24.2 Console(config)# banner configure department This command is used to configure the department information displayed in the banner.
Page 357 User’s Manual of IGSW-2840 mfr-name no banner configure equipment-info [floor | manufacturer | manufacturer-id | rack | row | shelf-rack] mfr-id -The name of the device model number. floor-id - The floor number. row-id - The row number. rack-id - The rack number.
Page 358 User’s Manual of IGSW-2840 whitespace is necessary for clarity. Example Console(config)# banner configure equipment-location 710_Network_Path,_Indianapolis Console(config)# banner configure ip-lan This command is used to configure the device IP address and subnet mask information displayed in the banner. Use the no form to restore the default setting.
Page 359 User’s Manual of IGSW-2840 None Command Mode Global Configuration Command Usage Input strings cannot contain spaces. The banner configure lp-number command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity.
Page 360 User’s Manual of IGSW-2840 123-555-1212 name2 Lamar phone-number 123-555-1219 Console(config)# banner configure mux This command is used to configure the mux information displayed in the banner. Use the no form to restore the default setting. Syntax banner configure mux muxinfo no banner configure mux muxinfo - The circuit and PVC to which the switch is connected.
Page 361 User’s Manual of IGSW-2840 Example Console(config)# banner configure note !!!!!ROUTINE_MAINTENANCE_firmware upgrade_0100-0500_GMT-0500_20071022!!!!!_20min_network_impact_expected Console(config)# show banner This command displays all banner information. Command Mode Normal Exec, Privileged Exec Example Console# show banner ABC Co. WARNING - MONITORED ACTIONS AND ACCESSES R&D_Dept Albert_Einstein - 123-555-1212...
Page 362: System Status Commands
User’s Manual of IGSW-2840 5.5.3 System Status Commands This section describes commands used to display system information. Command Function Mode show startup-config Displays the contents of the configuration file (stored in flashmemory) that is used to start up the system...
Page 363 User’s Manual of IGSW-2840 Example Console# show startup-config building startup-config, please wait..!<stackingDB>00</stackingDB> !<stackingMac>01_00-30-4f-10-22-bc_01</stackingMac> phymap 00-30-4f-10-22-bc SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 broadcast byte-rate 1000 level 5 snmp-server community public ro snmp-server community private rw username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3...
Page 364 User’s Manual of IGSW-2840 interface ethernet 1/1 switchport allowed vlan add 1 untagged switchport native vlan 1 switchport allowed vlan add 4093 tagged interface vlan 1 ip address DHCP line console line vty Console# Related Commands show running-config show running-config This command displays the configuration information currently in use.
Page 365 User’s Manual of IGSW-2840 -VLAN configuration settings for each interface -Spanning tree settings -Interface settings -IP address configured for the switch -Any configured settings for the console port and Telnet System Management Commands Example Console# show running-config building startup-config, please wait..
Page 366 For a description of the items shown by this command, refer to “Displaying System Information” on page 3-12. The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console# show system System Description: PLANET 8+2G Industrial Managed Switch IGSW-2840 System OID String: 1.3.6.1.4.1.10456.1.1482 System Information System Up Time: 0 days, 0 hours, 57 minutes, and 56.69 seconds...
Page 367 User’s Manual of IGSW-2840 MAC Address (Unit1): 00-30-4F-10-22-40 Web Server: Enabled Web Server Port: Web Secure Server: Enabled Web Secure Server Port: Telnet Server: Enable Telnet Server Port: Jumbo Frame: Disabled POST Result: DUMMY Test 1 ......PASS UART Loopback Test ... PASS DRAM Test ....
Page 368 User’s Manual of IGSW-2840 console admin 0:14:14 VTY 0 admin 0:00:00 192.168.1.19 SSH 1 steve 0:00:06 192.168.1.19 Web online users: Line Remote IP addr Username Idle time (h:m:s). ----------- -------------- -------- ----------------- 1 HTTP 192.168.1.19 admin 0:00:00 Console# show version This command displays hardware and software version information for the system.
Page 369: Frame Size Commands
User’s Manual of IGSW-2840 5.5.4 Frame Size Commands This section describes commands used to configure the Ethernet frame size on the switch. Command Function Mode jumbo frame Enables support for jumbo frames Table 5-10 Frame Size Commands jumbo frame This command enables support for jumbo frames. Use the no form to disable it.
Page 370: File Management Commands
User’s Manual of IGSW-2840 5.5.5 File Management Commands Managing Firmware Firmware can be uploaded and downloaded to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. The switch can also be set to use new firmware without overwriting the previous version.
Page 371 User’s Manual of IGSW-2840 Default Setting None Command Mode Privileged Exec Command Usage The system prompts for data required to complete the copy command. The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch.
Page 372 User’s Manual of IGSW-2840 TFTP completed. Success. Console# The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name: startup Write to FLASH Programming. \Write to FLASH finish. Success. Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99...
Page 373 User’s Manual of IGSW-2840 TFTP server IP address: 192.168.1.19 Choose public key type: 1. RSA: 2. DSA: <1-2>: 1 Source file name: steve.pub Username: steve TFTP Download Success. Write to FLASH Programming. Success. Console# delete This command deletes a file or image.
Page 374 User’s Manual of IGSW-2840 boot-rom - Boot ROM (or diagnostic) image file. config -Switch configuration file. opcode - Run-time operation code image file. filename -Name of the configuration file or code image. Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters, the system displays all files.
Page 375 User’s Manual of IGSW-2840 Console#whichboot File name File type Startup Size (byte) -> align? -------------------------------- -------------- ------- ---------- Unit1: Boot-Rom IGSW-2840_DIAG_V0011.bix 305424 Image Operation IGSW-2840_RUNTIME_V0035_m.bix 3018936 Code Config startup1.cfg 4648 File Console# boot system This command specifies the image used to start up the system.
Page 376: Line Commands
User’s Manual of IGSW-2840 5.6 Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal).
Page 377 User’s Manual of IGSW-2840 There is no default line. Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as “VTY” in screen displays such as show users. However, the serial communication parameters (e.g., databits) do not affect Telnet or SSH connections.
Page 378 User’s Manual of IGSW-2840 Related Commands username password password This command specifies the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password {0 | 7} - 0 means plain password, 7 means encrypted password password - Character string that specifies the line password.
Page 379 User’s Manual of IGSW-2840 timeout login response [seconds] no timeout login response seconds - Integer that specifies the timeout interval. (Range: 0 -300 seconds; 0: disabled) Default Setting CLI: Disabled (0 seconds) Telnet: 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval, the connection is terminated for the session.
Page 380 User’s Manual of IGSW-2840 Using the command without specifying a timeout restores the default setting. Example To set the timeout to two minutes, enter this command: Console(config-line)#exec-timeout 120 Console(config-line)# Related Commands silent-time timeout login response password-thresh This command sets the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value.
Page 381 User’s Manual of IGSW-2840 Syntax silent-time [seconds] no silent-time seconds -The number of seconds to disable console response. (Range: 0-65535; 0: no silent-time) Default Setting The default value is no silent-time. Command Mode Line Configuration Example To set the silent time to 60 seconds, enter this command:...
Page 382 User’s Manual of IGSW-2840 parity This command defines the generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity none - No parity even - Even parity...
Page 383 User’s Manual of IGSW-2840 stopbits This command sets the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} 1 - One stop bit 2 - Two stop bits...
Page 384: Event Logging Commands
User’s Manual of IGSW-2840 Syntax show line [console | vty] console -Console terminal line. vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting Shows all lines Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command:...
Page 385 User’s Manual of IGSW-2840 messages logging facility Sets the facility type for remote logging of syslog messages logging trap Limits syslog messages saved to a remote server based on severity clear log Clears messages from the logging buffer Table 5-14 Event Logging Commands logging on This command controls logging of error messages, sending debug or error messages to switch memory.
Page 386 User’s Manual of IGSW-2840 ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). level -One of the levels listed below. Messages sent include the selected level down to level 0. (Range: 0-7) Table 4-15 Logging Levels...
Page 387 User’s Manual of IGSW-2840 Command Usage Use this command more than once to build up a list of host IP addresses. The maximum number of host IP addresses allowed is five. Example Console(config)#logging host 10.1.0.3 Console(config)# logging facility This command sets the facility type for remote logging of syslog messages. Use the no form to return the type to the default.
Page 388 User’s Manual of IGSW-2840 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved. Using this command without a specified level also enables remote logging, but restores the minimum severity level to the default.
Page 389 User’s Manual of IGSW-2840 sendmail - Displays settings for the SMTP event handler (page 4-58). trap - Displays settings for the trap function. Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “informational”...
Page 390 User’s Manual of IGSW-2840 Table 4-17 show logging trap - display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command. REMOTELOG status Shows if remote logging has been enabled via the logging trap command.
Page 391: Smtp Alert Commands
User’s Manual of IGSW-2840 "System coldStart notification." level: 6, module: 5, function: 1, and event no.: 1 Console# 5.8 SMTP Alert Commands These commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP servers and email recipients.
Page 392 User’s Manual of IGSW-2840 Example Console(config)# logging sendmail host 192.168.1.200 Console(config)# logging sendmail level This command sets the severity threshold used to trigger alert messages. Syntax logging sendmail level level level -One of the system message levels (page 4-50). Messages sent include the selected level down to level 0. (Range: 0-7;...
Page 393 User’s Manual of IGSW-2840 Example This example will set the source email marcl@planet.com.tw. Console(config)#logging sendmail source-email marcl@planet.com.tw Console(config)# logging sendmail destination-email This command specifies the email recipients of alert messages. Use the no form to remove a recipient. Syntax no] logging sendmail destination-email email-address email-address -The source email address used in alert messages.
Page 394: Time Commands
User’s Manual of IGSW-2840 Console(config)# show logging sendmail This command displays the settings for the SMTP event handler. Command Mode Normal Exec, Privileged Exec Example Console#show logging sendmail SMTP servers 1. 192.168.1.200 SMTP minimum severity level: 4 SMTP destination email addresses 1.
Page 395 User’s Manual of IGSW-2840 sntp client This command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp servers command. Use the no form to disable SNTP client requests. Syntax [no] sntp client...
Page 396 User’s Manual of IGSW-2840 Syntax sntp server [ip1 [ip2 [ip3]]] ip - IP address of a time server (NTP or SNTP). (Range: 1-3 addresses) Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode. The client will poll the time servers in the order specified until a response is received.
Page 397 User’s Manual of IGSW-2840 show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether or not the local time has been properly updated. Command Mode Normal Exec, Privileged Exec Command Usage This command displays the current time, the poll interval used for sending time synchronization requests, and the current SNTP mode (i.e., unicast).
Page 398 User’s Manual of IGSW-2840 you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC. Example Console(config)#clock timezone Japan hours 8 minute 0 after-UTC Console(config)# Related Commands show sntp calendar set This command sets the system clock.
Page 399: Switch Cluster Commands
User’s Manual of IGSW-2840 Example Console#show calendar 15:12:43 April 1 2004 Console# 5.10 Switch Cluster Commands Switch Clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Page 400 User’s Manual of IGSW-2840 [no] cluster Default Setting Enabled Command Mode Global Configuration Command Usage To create a switch cluster, first be sure that clustering is enabled on the switch (the default is enabled), then set the switch as a Cluster Commander. Set a Cluster IP Pool that does not conflict with any other IP subnets in the network. Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander.
Page 401 User’s Manual of IGSW-2840 Example Console(config)#cluster commander Console(config)# cluster ip-pool This command sets the cluster IP address pool. Use the no form to reset to the default address. Syntax cluster ip-pool ip-address no cluster ip-pool ip-address - The base IP address for IP addresses assigned to cluster Members. The IP address must start 10.x.x.x.
Page 402 User’s Manual of IGSW-2840 Command Mode Global Configuration Command Usage The maximum number of cluster Members is 36. The maximum number of switch Candidates is 100. Example Console(config)#cluster member mac-address 00-12-34-56-78-9a id 5 Console(config)# rcommand This command provides access to a cluster Member CLI for configuration.
Page 403 User’s Manual of IGSW-2840 Interval heartbeat: 30 Heartbeat loss count: 3 Number of Members: 1 Number of Candidates: 2 Console# show cluster members This command shows the current switch cluster members. Command Mode Privileged Exec Example Console#show cluster members Cluster Members:...
Page 404: Snmp Commands
User’s Manual of IGSW-2840 5.11 SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption; as well as controlling user access to specific areas of the MIB tree.
Page 405 User’s Manual of IGSW-2840 Example Console(config)#snmp-server Console(config)# show snmp This command can be used to check the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
Page 406 User’s Manual of IGSW-2840 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs...
Page 407 User’s Manual of IGSW-2840 snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters)
Page 408 User’s Manual of IGSW-2840 remove the specified host. Syntax snmp-server host host-addr [inform [retry retries | timeout seconds]] community-string [version {1 | 2c | 3 {auth | noauth | priv} [udp-port port]} no snmp-server host host-addr host-addr - Internet address of the host (the targeted recipient). (Maximum host addresses: 5 trap destination IP address entries) inform - Notifications are sent as inform messages.
Page 409 User’s Manual of IGSW-2840 acknowledgement of receipt. Informs can be used to ensure that critical information is received by the host. However, note that informs consume more system resources because they must be kept in memory until a response is received. Informs also add to network traffic.
Page 410 User’s Manual of IGSW-2840 [no] snmp-server enable traps [authentication | link-up-down] authentication - Keyword to issue authentication failure notifications. link-up-down - Keyword to issue link-up or link-down notifications. Default Setting Issue authentication and link-up-down traps. Command Mode Global Configuration Command Usage If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent.
Page 411 User’s Manual of IGSW-2840 Command Mode Global Configuration Command Usage An SNMP engine is an independent SNMP agent that resides either on this switch or on a remote device. This engine protects against message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets.
Page 412 User’s Manual of IGSW-2840 Field Description Local SNMP String identifying the engine ID. engineID Local SNMP The number of times that the engine has (re-)initialized engineBoots since the snmp EngineID was last configured. Remote SNMP String identifying an engine ID on a remote device.
Page 413 User’s Manual of IGSW-2840 This view includes the MIB-2 interfaces table, and the mask selects all index entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2.1.2.2.1.1.* included Console(config)# show snmp view This command shows information on the SNMP views. Command Mode Privileged Exec Example...
Page 414 User’s Manual of IGSW-2840 snmp-server group groupname groupname -Name of an SNMP group. (Range: 1-32 characters) v1 | v2c | v3 - Use SNMP version 1, 2c or 3. auth | noauth | priv - This group uses SNMPv3 with authentication, no authentication, or with authentication and privacy.
Page 415 User’s Manual of IGSW-2840 Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview Write View: daily Notify View: none Storage Type: permanent Row Status: active Group Name: public Security Model: v1 Read View: defaultview Write View: none...
Page 416 User’s Manual of IGSW-2840 Storage Type: volatile Row Status: active Console# Field Description groupname Name of an SNMP group. security model The SNMP version. readview The associated read view. writeview The associated write view. notifyview The associated notify view. storage-type The storage type for this entry.
Page 417 User’s Manual of IGSW-2840 Global Configuration Command Usage The SNMP engine ID is used to compute the authentication/privacy digests from the password. You should therefore configure the engine ID with the snmp-server engine-id command before using this configuration command. Before you configure a remote user, use the snmp-server engine-id command (page 4-75) to specify the engine ID for the remote device where the user resides.
Page 418 User’s Manual of IGSW-2840 EngineId: 80000000030004e2b316c54321 User Name: mark Authentication Protocol: mdt Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active Console# Field Description EngineId String identifying the engine ID. User Name Name of user connecting to the SNMP agent.
Page 419: Authentication Commands
User’s Manual of IGSW-2840 5.12 Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1X.
Page 420 User’s Manual of IGSW-2840 The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. nopassword - No password is required for this user to log in. {0 | 7} - 0 means plain password, 7 means encrypted password.
Page 421 User’s Manual of IGSW-2840 level level - Level 15 for Privileged Exec. (Levels 0-14 are not used.) {0 | 7} - 0 means plain password, 7 means encrypted password. password - password for this privilege level. (Maximum length: 8 characters plain text, 32 encrypted, case sensitive) Default Setting The default is level 15.
Page 422 User’s Manual of IGSW-2840 authentication login {[local] [radius] [tacacs]} no authentication login local - Use local password. radius - Use RADIUS server password. tacacs - Use TACACS server password. Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport.
Page 423: Radius Client
User’s Manual of IGSW-2840 Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet.
Page 424 User’s Manual of IGSW-2840 radius-server host This command specifies primary and backup RADIUS servers and authentication parameters that apply to each server. Use the no form to restore the default values. Syntax [no] radius-server index host {host_ip_address} [auth-port auth_port] [acct-port acct_port] [timeout timeout] [retransmit retransmit] [key key] index - Allows you to specify up to five servers.
Page 425 User’s Manual of IGSW-2840 1812 Command Mode Global Configuration Example Console(config)# radius-server auth-port 181 Console(config)# radius-server acct-port This command sets the RADIUS server port used for accounting messages. Use the no form to restore the default. Syntax radius-server acct-port port_number no radius-server acct-port port_number -RADIUS server UDP port used for accounting messages.
Page 426 User’s Manual of IGSW-2840 radius-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries -Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1-30)
Page 427 User’s Manual of IGSW-2840 Example Console# show radius-server Global Settings: Communication Key with RADIUS Server: Auth-Port: 1812 Acct-port: 1813 Retransmit Times: Request Timeout: Server 1: Server IP Address: 10.1.2.3 Communication Key with RADIUS Server: ****** Auth-Port: 1812 Acct-port: 1813 Retransmit Times:...
Page 428 User’s Manual of IGSW-2840 tacacs-server host This command specifies TACACS+ servers and parameters. Use the no form to restore the default. Syntax [no] tacacs-server index host {host_ip_address} [port port_number] [timeout timeout] [retransmit retransmit] [key key] index - Specifies the index number of the server. (Range: 1) host_ip_address -IP address of the server.
Page 429 User’s Manual of IGSW-2840 tacacs-server key This command sets the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string.
Page 430 User’s Manual of IGSW-2840 Syntax tacacs-server timeout number_of_seconds no tacacs-server timeout number_of_seconds -Number of seconds the switch waits for a reply before resending a request. (Range: 1-540) Default Setting 5 seconds Command Mode Global Configuration Example Console(config)# tacacs-server timeout 10...
Page 431 User’s Manual of IGSW-2840 ----------------------------- ---------------- tacacs+ Console#...
Page 432: Aaa Commands
User’s Manual of IGSW-2840 5.12.5 AAA Commands Authentication, Authorization, and Accounting (AAA) provides a framework for configuring access control on the Industrial Managed Switch. The AAA functions require the use of configured RADIUS or TACACS+ servers in the network. Command...
Page 433 User’s Manual of IGSW-2840 Console(config)#aaa group server radius tps Console(config-sg-radius)# server This command adds a security server to an AAA server group. Use the no form to remove the associated server from the group. Syntax [no] server {index | ip-address} index - Specifies a server index and the sequence to use for the group.
Page 434 User’s Manual of IGSW-2840 command described on page 4-93. -server-group -Specifies the name of a server group configured with the aaa group server command described on 4-97. (Range: 1-255 characters) Default Setting Accounting is not enabled No servers are specified...
Page 435 User’s Manual of IGSW-2840 Command Usage This command runs accounting for Exec service requests for the local console and Telnet connections. Note that the default and method-name fields are only used to describe the accounting method(s) configured on the specified RADIUS or TACACS+ servers, and do not actually send any information to the servers about the methods to use.
Page 436 User’s Manual of IGSW-2840 aaa accounting update This command enables the sending of periodic updates to the accounting server. Use the no form to disable accounting updates. Syntax aaa accounting update [periodic interval] no aaa accounting update interval -Sends an interim accounting record to the server at this interval. (Range: 1-2147483647 minutes)
Page 437 User’s Manual of IGSW-2840 accounting exec This command applies an accounting method to local console or Telnet connections. Use the no form to disable accounting on the line. Syntax accounting exec {default | list-name} no accounting exec default -Specifies the default method list created with the aaa accounting exec command (page 4-99).
Page 438 User’s Manual of IGSW-2840 Example Console(config)#line console Console(config-line)#accounting commands 15 default Console(config-line)# aaa authorization exec This command enables the authorization for Exec access. Use the no form to disable the authorization service. Syntax aaa authorization exec {default | method-name} group {tacacs+ | server-group} no aaa authorization exec {default | method-name} default - Specifies the default authorization method for Exec access.
Page 439 User’s Manual of IGSW-2840 aaa authorization exec command (page 4-103). list-name - Specifies a method list created with the aaa authorization exec command. Default Setting None Command Mode Line Configuration Example Console(config)#line console Console(config-line)#authorization exec tps Console(config-line)#exit Console(config)#line vty Console(config-line)#authorization exec default...
Page 440 User’s Manual of IGSW-2840 Example Console# show accounting Accounting type: dot1x Method list: default Group list: radius Interface: Method list: tps Group list: radius Interface: eth 1/2 Accounting type: Exec Method list: default Group list: radius Interface: vty Console#...
Page 441: Web Server Commands
User’s Manual of IGSW-2840 5.12.6 Web Server Commands This section describes commands used to configure web browser management access to the Industrial Managed Switch. Command Function Mode ip http port Specifies the port to be used by the web browser interface...
Page 442 User’s Manual of IGSW-2840 Command Mode Global Configuration Example Console(config)#ip http server Console(config)# Related Commands Ip http port ip http secure-server This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the no form to disable this function.
Page 443 User’s Manual of IGSW-2840 Example Console(config)# ip http secure-server Console(config)# Related Commands ip http secure-port copy tftp https-certificate ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’s web interface. Use the no form to restore the default port.
Page 444: Telnet Server Commands
User’s Manual of IGSW-2840 5.12.7 Telnet Server Commands Command Function Mode ip telnet server Allows the switch to be monitored or configured from Telnet; alsospecifies the port to be used by the Telnet interface Table 5-35 Telnet Server Commands ip telnet server This command allows this device to be monitored or configured from Telnet.
Page 445: Secure Shell Commands
User’s Manual of IGSW-2840 5.12.8 Secure Shell Commands This section describes the commands used to configure the SSH server. However, note that you also need to install a SSH client on the management station when using this protocol to configure the switch.
Page 446 User’s Manual of IGSW-2840 and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the following example 10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737087794545 24083971752646358058176716709574804776117 Import Client’s Public Key to the Switch –...
Page 447 User’s Manual of IGSW-2840 Authenticating SSH v1.5 Clients a. The client sends its RSA public key to the switch. b. The switch compares the client's public key to those stored in memory. c. If a match is found, the switch uses its secret key to generate a random 256-bit string as a challenge, encrypts this string with the user’s public key, and sends it to the client.
Page 448 User’s Manual of IGSW-2840 Example Console# ip ssh crypto host-key generate Console#configure Console(config)#ip ssh server Console(config)# Related Commands ip ssh crypto host-key generate show ssh ip ssh timeout This command configures the timeout for the SSH server. Use the no form to restore the default setting.
Page 449 User’s Manual of IGSW-2840 ip ssh authentication-retries This command configures the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting. Syntax ip ssh authentication-retries count no ip ssh authentication-retries count – The number of authentication attempts permitted after which the interface is reset.
Page 450 User’s Manual of IGSW-2840 delete public-key This command deletes the specified user’s public key. Syntax delete public-key username [dsa | rsa] username – Name of an SSH user. (Range: 1-8 characters) dsa – DSA public key type. rsa – RSA public key type.
Page 451 User’s Manual of IGSW-2840 Related Commands ip ssh crypto zeroize ip ssh save host-key ip ssh crypto zeroize This command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa] dsa – DSA key type.
Page 452 User’s Manual of IGSW-2840 Command Mode Privileged Exec Example Console#ip ssh save host-key dsa Console# Related Commands ip ssh crypto host-key generate show ip ssh This command displays the connection settings used when authenticating client access to the SSH server.
Page 453 User’s Manual of IGSW-2840 Field Description Session The session number. (Range: 0-3) Version The Secure Shell version number. State The authentication negotiation state. (Values: Negotiation-Started, Authentication-Started, Session-Started) Username The user name of the client. Table 5-37 show ssh - display description...
Page 454 User’s Manual of IGSW-2840 show public-key [user [username]| host] username – Name of an SSH user. (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is specified, then the public keys for all users are displayed.
Page 455 User’s Manual of IGSW-2840 5.12.9 802.1X Port Authentication The Industrial Managed Switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).
Page 456 User’s Manual of IGSW-2840 dot1x default This command sets all configurable dot1x global and port settings to their default values. Command Mode Global Configuration Example Console(config)#dot1x default Console(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session.
Page 457 User’s Manual of IGSW-2840 Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# dot1x operation-mode This command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to restore the default to single host. Use the no form with the multi-host max-count keywords to restore the default maximum count.
Page 458 User’s Manual of IGSW-2840 dot1x re-authenticate This command forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) Command Mode Privileged Exec Command Usage The re-authentication process verifies the connected client’s user ID and password on the RADIUS server.
Page 459 User’s Manual of IGSW-2840 Related Commands dot1x timeout re-authperiod dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default.
Page 460 User’s Manual of IGSW-2840 dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds -The number of seconds.
Page 461 User’s Manual of IGSW-2840 show dot1x This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] statistics - Displays dot1x status for each port. interface ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number.
Page 462 User’s Manual of IGSW-2840 -Port-control - Shows the dot1x mode on a port as auto, force-authorized, or force-unauthorized. -Supplicant - MAC address of authorized client. -Current Identifier – The integer (0-255) used by the Authenticator to identify the current authentication session.
Page 463 User’s Manual of IGSW-2840 reauth-enabled: Enable reauth-period: 1800 quiet-period: tx-period: supplicant-timeout: server-timeout: reauth-max: max-req: Status Authorized Operation mode Single-Host Max count Port-control Auto Supplicant Current 00-30-4F-49-5e-dc Identifier Intrusion action Guest VLAN Authenticator State Machine State Authenticated Reauth Count Backend State Machine...
Page 464 User’s Manual of IGSW-2840 start-address - A single IP address, or the starting address of a range. end-address -The end address of a range. Default Setting All addresses Command Mode Global Configuration Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the switch will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.
Page 465 User’s Manual of IGSW-2840 Example Console# show management all-client Management IP Filter HTTP-Client: Start IP address End IP address 192.168.1.19 192.168.1.19 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address 192.168.1.19 192.168.1.19 192.168.1.25 192.168.1.30 TELNET-Client: Start IP address End IP address 192.168.1.19...
Page 466: Port Security Commands
User’s Manual of IGSW-2840 * The priority of execution for these filtering commands is Port Security, Port Authentication, Network Access, Web Authentication, Access Control Lists, DHCP Snooping, and then IP Source Guard. 5.13.1 Port Security Commands These commands can be used to enable port security on a port. When using port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
Page 467 User’s Manual of IGSW-2840 Use the port security command to enable security on a port. Then use the port security action command to set the response to a port security violation, and the port security max-mac-count command to set the maximum number of addresses allowed on a port.
Page 468 User’s Manual of IGSW-2840 max-mac-count addresses on an interface network-access dynamic-vlan Enables dynamic VLAN assignment from a RADIUS server network-access guest-vlan Specifies the guest VLAN mac-authentication reauth-time Sets the time period after which a connected MACaddress must be re-authenticated clear network-access...
Page 469 User’s Manual of IGSW-2840 Example Console(config-if)#network-access mode mac-authentication Console(config-if)# network-access max-mac-count Use this command to set the maximum number of MAC addresses that can be authenticated on a port via all forms of authentication. Use the no form of this command to restore the default.
Page 470 User’s Manual of IGSW-2840 mac-authentication max-mac-count Use this command to set the maximum number of MAC addresses that can be authenticated on a port via 802.1X authentication or MAC authentication. Use the no form of this command to restore the default.
Page 471 User’s Manual of IGSW-2840 Example Example The following enables dynamic VLAN assignment on port 1. Console(config)#interface ethernet 1/1 Console(config-if)#network-access dynamic-vlan Console(config-if)# network-access guest-vlan Use this command to assign all traffic on a port to a guest VLAN when network access (MAC authentication) or 802.1X authentication is rejected.
Page 472 User’s Manual of IGSW-2840 Default Setting 1800 Command Mode Global Configuration Command Usage The reauthentication time is a global setting and applies to all ports. When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server. During the reauthentication process traffic through the port remains unaffected.
Page 473 User’s Manual of IGSW-2840 show network-access Use this command to display the MAC authentication settings for port interfaces. Syntax show network-access [interface interface] interface - Specifies a port interface. ethernet unit/port -unit - This is unit 1. -port - Port number. (Range: 1-26) Default Setting Displays the settings for all interfaces.
Page 474 User’s Manual of IGSW-2840 mask -Specifies a MAC address bit mask for filtering displayed addresses. interface - Specifies a port interface. ethernet unit/port -unit - This is unit 1. -port - Port number. (Range: 1-28) sort - Sorts displayed entries by either MAC address or interface.
Page 475 User’s Manual of IGSW-2840 1. RADIUS authentication must be activated and configured properly for the web authentication feature to work properly. (See “RADIUS Client” on page 4-88.) 2. Web authentication cannot be configured on trunk ports. Command Function Mode web-auth login-attempts...
Page 476 User’s Manual of IGSW-2840 web-auth quiet-period This command defines the amount of time a host must wait after exceeding the limit for failed login attempts, before it may attempt web authentication again. Use the no form to restore the default.
Page 477 User’s Manual of IGSW-2840 Default Setting Disabled Command Mode Global Configuration Command Usage Both web-auth system-auth-control for the switch and web-auth for an interface must be enabled for web authentication to be active. Example Console(config)#web-auth system-auth-control Console(config)# web-auth This command enables web authentication for a port. Use the no form to restore the default.
Page 478 User’s Manual of IGSW-2840 Default Setting None Command Mode Privileged Exec Example Console#web-auth re-authenticate interface ethernet 1/2 Console# web-auth re-authenticate (IP) This command ends the web authentication session associated with the designated IP address and forces the user to re-authenticate.
Page 479 User’s Manual of IGSW-2840 Privileged Exec Example Console#show web-auth Global Web-Auth Parameters System Auth Control : Enabled Session Timeout : 3600 Quiet Period : 60 Max Login Attempts : 3 Console# show web-auth interface This command displays interface-specific web authentication parameters and statistics.
Page 480: Dhcp Snooping Commands
User’s Manual of IGSW-2840 show web-auth summary This command displays a summary of web authentication port parameters and statistics. Syntax show web-auth summary Default Setting None Command Mode Privileged Exec Example Console#show web-auth summary Global Web-Auth Parameters System Auth Control : Enabled...
Page 481 User’s Manual of IGSW-2840 show ip dhcp snooping Shows the DHCP snooping configuration settings show ip dhcp snoopingbinding Shows the DHCP snooping binding table entries Table 5-44 DHCP Snooping Commands ip dhcp snooping This command enables DHCP snooping globally. Use the no form to restore the default setting.
Page 482 User’s Manual of IGSW-2840 client’s hardware address stored in the DHCP packet is the same as the source MAC address in the Ethernet header. * If the DHCP packet is not a recognizable type, it is dropped. -If a DHCP packet from a client passes the filtering criteria above, it will only be forwarded to trusted ports in the same VLAN.
Page 483 User’s Manual of IGSW-2840 When DHCP snooping is globally enabled, configuration changes for specific VLANs have the following effects: -If DHCP snooping is disabled on a VLAN, all dynamic bindings learned for this VLAN are removed from the binding table.
Page 484 User’s Manual of IGSW-2840 Example Example This sets port 5 to untrusted. Console(config)#interface ethernet 1/5 Console(config-if)#no ip dhcp snooping trust Console(config-if)# Related Commands ip dhcp snooping ip dhcp snooping vlan ip dhcp snooping verify mac-address This command verifies the client’s hardware address stored in the DHCP packet against the source MAC address in the Ethernet header.
Page 485 User’s Manual of IGSW-2840 Default Setting Disabled Command Mode Global Configuration Command Usage DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server. Known as DHCP Option 82, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients.
Page 486 User’s Manual of IGSW-2840 Default Setting replace Command Mode Global Configuration Command Usage When the switch receives DHCP packets from clients that already include DHCP Option 82 information, the switch can be configured to set the action policy for these packets. Either the switch can drop the DHCP packets, keep the existing information, or replace it with the switch’s relay information.
Page 487 User’s Manual of IGSW-2840 show ip dhcp snooping binding This command shows the DHCP snooping binding table entries. Command Mode Privileged Exec Example Console#show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface 11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5 Console# 5.13.5 IP Source Guard Commands...
Page 488 User’s Manual of IGSW-2840 Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage • Source guard is used to filter traffic on an unsecure port which receives messages from outside the network or firewall, and therefore may be subject to traffic attacks caused by a host trying to use the IP address of a neighbor.
Page 489 User’s Manual of IGSW-2840 ip source-guard binding This command adds a static address to the source-guard binding table. Use the no form to remove a static entry. Syntax ip source-guard binding mac-address vlan vlan-id ip-address interface ethernet unit/port no ip source-guard binding mac-address vlan vlan-id mac-address - A valid unicast MAC address.
Page 490: Access Control List Commands
User’s Manual of IGSW-2840 show ip source-guard This command shows whether source guard is enabled or disabled on each interface. Command Mode Privileged Exec Example Console#show ip source-guard Interface Filter-type Eth 1/1 DISABLED Eth 1/2 DISABLED Eth 1/3 DISABLED Eth 1/4 DISABLED...
Page 491 User’s Manual of IGSW-2840 Command Grup Function IP ACLs Configures ACLs based on IP addresses, TCP/UDP port number, andprotocol type MAC ACLs Configures ACLs based on hardware addresses, packet format, and Ethernet type ACL Information Displays ACLs and associated rules; shows ACLs assigned to...
Page 492 User’s Manual of IGSW-2840 • acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configuration Command Usage • When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list.
Page 493 User’s Manual of IGSW-2840 source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x –...
Page 494 User’s Manual of IGSW-2840 • control-flag – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63) Default Setting None Command Mode Extended ACL Command Usage All new rules are appended to the end of the list.
Page 495 User’s Manual of IGSW-2840 Console(config-ext-acl)# permit 192.168.1.0 255.255.255.0 any destination-port 80 Console(config-ext-acl)# This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-flag 2 Console(config-ext-acl)# Related Commands...
Page 496 User’s Manual of IGSW-2840 ip access-group This command binds a port to an IP ACL. Use the no form to remove the port. Syntax [no] ip access-group acl_name {in | out} acl_name – Name of the ACL. (Maximum length: 16 characters) in –...
Page 497 User’s Manual of IGSW-2840 Related Commands ip access-group map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to remove the CoS mapping.
Page 498: Mac Acls
User’s Manual of IGSW-2840 show map access-list ip [interface] interface • ethernet unit/port -unit - This is device 1. -port - Port number. Command Mode Privileged Exec Example Console# show map access-list ip Access-list to COS of Eth 1/4 Access-list ALS1 cos 0...
Page 499 User’s Manual of IGSW-2840 Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To create an ACL, you must add at least one rule to the list.
Page 500 User’s Manual of IGSW-2840 [cos cos-value] [vid vid vid-bitmask] tagged-eth2 – Tagged Ethernet II packets. untagged-eth2 – Untagged Ethernet II packets. tagged-802.3 – Tagged Ethernet 802.3 packets. untagged-802.3 – Untagged Ethernet 802.3 packets. any – Any MAC source or destination address.
Page 501 User’s Manual of IGSW-2840 show mac access-list This command displays the rules for configured MAC ACLs. Syntax show mac access-list [acl_name] acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example Console#show mac access-list MAC access-list jerry:...
Page 502 User’s Manual of IGSW-2840 Related Commands show mac access-list show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Console#show mac access-group Interface ethernet 1/5 MAC access-list M5 in Console# Related Commands mac access-group map access-list mac This command sets the output queue for packets matching an ACL rule.
Page 503: Acl Information
User’s Manual of IGSW-2840 Example Console(config)#interface ethernet 1/2 Console(config-if)#map access-list mac steve cos 0 Console(config-if)# Related Commands queue cos-map show map access-list mac show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.)
Page 504 User’s Manual of IGSW-2840 show access-list This command shows all ACLs and associated rules. Command Mode Privileged Exec Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.16.0 255.255.240.0 IP extended access-list bob: permit 10.7.1.1 255.255.255.0 any permit 192.168.1.0 255.255.255.0 any destination-port 80 80 permit 192.168.1.0 255.255.255.0 any protocol tcp control-code 2...
Page 505: Interface Commands
User’s Manual of IGSW-2840 IP access-list jerry out Console# 5.15 Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Command Function Mode interface Configures an interface type and enters interface configuration...
Page 506 User’s Manual of IGSW-2840 • vlan vlan-id (Range: 1-4094) Default Setting None Command Mode Global Configuration Example To specify port 24, enter the following command: Console(config)#interface ethernet 1/24 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description.
Page 507 User’s Manual of IGSW-2840 100half - Forces 100 Mbps half-duplex operation 10full -Forces 10 Mbps full-duplex operation 10half -Forces 10 Mbps half-duplex operation 1000full operation cannot be forced. The Gigabit Combo ports can only operate at 1000full when auto-negotiation is enabled.
Page 508 User’s Manual of IGSW-2840 Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 509 User’s Manual of IGSW-2840 Default Setting • 100BASE-TX: 10half, 10full, 100half, 100full • 1000BASE-T: 10half, 10full, 100half, 100full, 1000full • SFP: 1000full Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command.
Page 510 User’s Manual of IGSW-2840 disable auto-negotiation on the selected interface. • When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities command. To enable flow control under auto-negotiation, “flowcontrol” must be included in the capabilities list for any port •...
Page 511 User’s Manual of IGSW-2840 broadcast byte-rate This command configures broadcast storm control threshold. Syntax broadcast byte-rate scale level level scale – The threshold scale. (Options: 1, 10, 100, 1000 Kbytes per second) level – The threshold level. (Range: 1-127) Default Setting...
Page 512 User’s Manual of IGSW-2840 specified using the broadcast byte-rate command, applies to all ports on the switch. Example The following shows how to enable broadcast storm control for port 5. Console(config)#interface ethernet 1/5 Console(config-if)#switchport broadcast Console(config-if)# clear counters This command clears statistics on an interface.
Page 513 User’s Manual of IGSW-2840 -port - Port number. (Range: 1-28) port-channel channel-id (Range: 1-12) • vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Displaying Connection...
Page 514 User’s Manual of IGSW-2840 Syntax show interfaces counters [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12) Default Setting Shows the counters for all interfaces. Command Mode...
Page 515 User’s Manual of IGSW-2840 Packet size 512 to 1023 octets: 0, Packet size 1024 to 1518 octets: 0 Console# show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface •...
Page 516 User’s Manual of IGSW-2840 Private-VLAN Mapping: NONE 802.1Q-tunnel Status: Disable 802.1Q-tunnel Mode: NORMAL 802.1Q-tunnel TPID: 8100(Hex) Console# Field Description Broadcast Threshold Shows if broadcast storm suppression is enabled or disabled; if enabled it also shows the threshold level LACP Status...
Page 517: Link Aggregation Commands
User’s Manual of IGSW-2840 5.16 Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Page 518 User’s Manual of IGSW-2840 Dynamically Creating a Port Channel – Ports assigned to a common port channel must meet the following criteria: Ports must have the same LACP system priority. Ports must have the same port admin key (Ethernet Interface).
Page 519 User’s Manual of IGSW-2840 Syntax [no] lacp Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage The ports on both ends of an LACP trunk must be configured for full duplex, and auto-negotiation. A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.
Page 520 User’s Manual of IGSW-2840 status: Port security: Disabled Max MAC count: Current status: Created by: LACP Link status: Operation speed-duplex: 100full Flow control type: None Member Ports: Eth1/11, Eth1/12, Eth1/13, Console# lacp system-priority Default Setting This command configures a port's LACP system priority. Use the no form to restore the...
Page 521 User’s Manual of IGSW-2840 Console(config)#interface ethernet 1/5 Console(config-if)#lacp actor system-priority 3 Console(config-if)# lacp admin-key (Ethernet Interface) This command configures a port's LACP administration key. Use the no form to Default Setting restore the Syntax lacp {actor | partner} admin-key key [no] lacp {actor | partner} admin-key actor - The local side an aggregate link.
Page 522 User’s Manual of IGSW-2840 Syntax lacp {actor | partner} admin-key key [no] lacp {actor | partner} admin-key key -The port channel admin key is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch. (Range: 0-65535)
Page 523 User’s Manual of IGSW-2840 backup port. Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configuring LACP settings for the partner only applies to its administrative state, not its operational state, and will only take effect the next time an aggregate link is established with the partner.
Page 524 User’s Manual of IGSW-2840 Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received on this channel group. Marker Sent Number of valid Marker PDUs transmitted from this channel group.
Page 525 User’s Manual of IGSW-2840 Admin State,Oper Administrative or operational values of the actor’s state parameters: • State Expired – The actor’s receive machine is in the expired state; • Defaulted – The actor’s receive machine is using defaulted operational partner information, administratively configured for the partner.
Page 526 User’s Manual of IGSW-2840 Field Description Partner Admin System ID LAG partner’s system ID assigned by the user. Partner Oper System ID LAG partner’s system ID assigned by the LACP protocol. Partner Admin Port Current administrative value of the port number for the protocol Number Partner.
Page 527: Mirror Port Commands
User’s Manual of IGSW-2840 5.17 Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Command Function Mode port monitor Configures a mirror session show port monitor Shows the configuration for a mirror port...
Page 528: Rate Limit Commands
User’s Manual of IGSW-2840 show port monitor This command displays mirror information. Syntax show port monitor [interface] interface -ethernet unit/port (source port) unit - Stack unit. (Range: 1) port - Port number. (Range: 1-28) Default Setting Shows all sessions. Command Mode...
Page 529: Address Table Commands
User’s Manual of IGSW-2840 rate-limit This command define the rate limit for a specific interface. Use the no form to restore the default status of disabled. Syntax rate-limit {input | output} scale {1k | 10k | 100k | 1m | 10m} level level no rate-limit {input | output} input –...
Page 530 User’s Manual of IGSW-2840 mac-address-table static This command maps a static address to a destination port in a VLAN. Use the no form to remove an address. Syntax mac-address-table static mac-address interface interface vlan vlan-id [action] no mac-address-table static mac-address vlan vlan-id mac-address - MAC address.
Page 531 User’s Manual of IGSW-2840 Default Setting None Command Mode Privileged Exec Example Console#clear mac-address-table dynamic Console# show mac-address-table This command shows classes of entries in the bridge-forwarding database. Syntax show mac-address-table [address mac-address [mask]] [interface interface] [vlan vlan-id] [sort {address | vlan | interface}] mac-address - MAC address.
Page 532 User’s Manual of IGSW-2840 Example Console#show mac-address-table Interface Mac Address Vlan Type --------- ----------------- ---- ---------------- Eth 1/1 00-30-4F-94-34-de 1 Delete-on-reset Trunk 2 00-30-4F-8f-aa-1b 1 Learned Console# mac-address-table aging-time This command sets the aging time for entries in the address table. Use the no form to restore the default aging time.
Page 533: Spanning Tree Commands
User’s Manual of IGSW-2840 Example Console#show mac-address-table aging-time Aging time: 100 sec. Console# 5.20 Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface.
Page 534 User’s Manual of IGSW-2840 spanning-tree Re-checks the appropriate BPDU format protocol-migration show spanning-tree Shows spanning tree configuration for the common spanning tree (i.e., overall bridge), a selected interface, oran instance within the multiple spanning tree show spanning-tree mst Shows the multiple spanning tree configuration...
Page 535 User’s Manual of IGSW-2840 Syntax spanning-tree mode {stp | rstp | mstp} no spanning-tree mode stp - Spanning Tree Protocol (IEEE 802.1D) rstp - Rapid Spanning Tree Protocol (IEEE 802.1w) mstp - Multiple Spanning Tree (IEEE 802.1s) Default Setting rstp...
Page 536 User’s Manual of IGSW-2840 seconds - Time in seconds. (Range: 4 -30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1]. Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., discarding to learning to forwarding).
Page 537 User’s Manual of IGSW-2840 spanning-tree max-age This command configures the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds. (Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello-time + 1)].
Page 538 User’s Manual of IGSW-2840 32768 Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority (i.e., lower numeric value) becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Page 539 User’s Manual of IGSW-2840 spanning-tree transmission-limit This command configures the minimum interval between the transmission of consecutive RSTP/MSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds. (Range: 1-10)
Page 540 User’s Manual of IGSW-2840 mst vlan This command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no form without any VLAN parameters to remove all VLANs. Syntax [no] mst instance_id vlan vlan-range instance_id - Instance identifier of the spanning tree.
Page 541 User’s Manual of IGSW-2840 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance. The device with the highest priority (i.e., lowest numerical value) becomes the MSTI root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Page 542 User’s Manual of IGSW-2840 revision This command configures the revision number for this multiple spanning tree configuration of this switch. Use the no form to restore the default. Syntax revision number number -Revision number of the spanning tree. (Range: 0-65535)
Page 543 User’s Manual of IGSW-2840 Example Console(config-mstp)#max-hops 30 Console(config-mstp)# spanning-tree spanning-disabled This command disables the spanning tree algorithm for the specified interface. Use the no form to reenable the spanning tree algorithm for the specified interface. Syntax [no] spanning-tree spanning-disabled Default Setting...
Page 544 User’s Manual of IGSW-2840 Fast Ethernet Half 200,000 DuplexFull 100,000 DuplexTrunk 50,000 Gigabit Full 10,000 Ethernet DuplexTrunk 5,000 Table 5-64 Recommended STA Path Cost Default Setting By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below.
Page 545 User’s Manual of IGSW-2840 spanning-tree port-priority This command configures the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port. (Range: 0-240, in steps of 16)
Page 546 User’s Manual of IGSW-2840 also overcomes other STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device. • This command has the same effect as the spanning-tree portfast. Example Console(config)#interface ethernet ethernet 1/5...
Page 547 User’s Manual of IGSW-2840 Related Commands spanning-tree edge-port spanning-tree link-type This command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree link-type {auto | point-to-point | shared} no spanning-tree link-type auto -Automatically derived from the duplex mode setting.
Page 548 User’s Manual of IGSW-2840 cost - Path cost for an interface. (Range: 0 for auto-configuration, 1-65535 for short path cost method24, 1-200,000,000 for long path cost method) The recommended path cost range is listed in Table 4-63 on page 4-211. The recommended path cost is listed in Table 4-64 on page 4-212.
Page 549 User’s Manual of IGSW-2840 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command defines the priority for the use of an interface in the multiple spanning-tree. If the path cost for all interfaces on a switch are the same, the interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.
Page 550 User’s Manual of IGSW-2840 show spanning-tree This command shows the configuration for the common spanning tree (CST) or for an instance within the multiple spanning tree (MST). Syntax show spanning-tree [interface | mst instance_id] • interface ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number.
Page 551 User’s Manual of IGSW-2840 Root Max Age (sec.): 20 Root Forward Delay (sec.): 15 Max hops: 20 Remaining hops: 20 Designated Root: 32768.0.0000ABCD0000 Current root port: 1 Current root cost: 10000 Number of topology changes: 1 Last topology changes time (sec.): 22...
Page 552 User’s Manual of IGSW-2840 show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Command Mode Privileged Exec Example Console#show spanning-tree mst configuration Mstp Configuration Information Configuration name: R&D Revision level:0 Instance Vlans 0 1,3-4094 Console#...
Page 553: Vlan Commands
User’s Manual of IGSW-2840 5.21 VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 554 User’s Manual of IGSW-2840 Syntax [no] bridge-ext gvrp Default Setting Disabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch.
Page 555 User’s Manual of IGSW-2840 switchport gvrp This command enables GVRP for a port. Use the no form to disable it. Syntax [no] switchport gvrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/6 Console(config-if)#switchport gvrp...
Page 556 User’s Manual of IGSW-2840 garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} {join | leave | leaveall} - Which timer to set. timer_value - Value of timer. Ranges: join: 20-1000 centiseconds leave: 60-3000 centiseconds...
Page 557 User’s Manual of IGSW-2840 show garp timer This command shows the GARP timers for the selected interface. Syntax show garp timer [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12) Default Setting Shows all GARP timers.
Page 558: Editing Vlan Groups
User’s Manual of IGSW-2840 5.21.2 Editing VLAN Groups Command Function Mode vlan database Enters VLAN database mode to add, change, and delete VLANs vlan Configures a VLAN, including VID, name and state Table 5-68 Editing VLAN Groups vlan database This command enters VLAN database mode. All commands in this mode will take effect immediately.
Page 559: Configuring Vlan Interfaces
User’s Manual of IGSW-2840 -vlan-name -ASCII string from 1 to 32 characters. media ethernet - Ethernet media type. state - Keyword to be followed by the VLAN state. -active -VLAN is operational. -suspend - VLAN is suspended. Suspended VLANs do not pass packets.
Page 560 User’s Manual of IGSW-2840 switchport allowed vlan Configures the VLANs associated with an interface switchport gvrp Enables GVRP for an interface switchport forbidden vlan Configures forbidden VLANs for an interface switchport priority default Sets a port priority for incoming untagged frames...
Page 561 User’s Manual of IGSW-2840 private-vlan -For an explanation of this command see “switchport mode private-vlan” on page 4-240. Default Setting All ports are in hybrid mode with the PVID set to VLAN 1. Command Mode Interface Configuration (Ethernet, Port Channel)
Page 562 User’s Manual of IGSW-2840 switchport ingress-filtering This command enables ingress filtering for an interface. Syntax [no] switchport ingress-filtering Although this command is available, the switch has ingress filtering permanently set to enabled. Therefore, trying to disable the filtering with the no switchport ingress-filtering command will produce this error message: “Note: Failed to ingress-filtering on ethernet...
Page 563 User’s Manual of IGSW-2840 Setting the native VLAN for a port can only be performed when the port is a member of the VLAN and the VLAN is untagged. The no switchport native vlan command will set the native VLAN of the port to untagged VLAN 1.
Page 564 User’s Manual of IGSW-2840 Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged Console(config-if)# switchport forbidden vlan This command configures forbidden VLANs.
Page 565: Displaying Vlan Information
User’s Manual of IGSW-2840 5.21.4 Displaying VLAN Information Command Function Mode show vlan Shows VLAN information NE, PE show interfaces status vlan Displays status for the specified VLAN interface NE, PE show interfaces switchport Displays the administrative and operational status of an...
Page 566 User’s Manual of IGSW-2840 5.21.5 Configuring IEEE 802.1Q Tunneling IEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs. Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider’s network even when they use the same customer-specific VLAN IDs.
Page 567 User’s Manual of IGSW-2840 dot1q-tunnel system-tunnel-control This command sets the switch to operate in QinQ mode. Use the no form to disable QinQ operating mode. Syntax [no] dot1q-tunnel system-tunnel-control Default Setting Disabled Command Mode Global Configuration Command Usage QinQ tunnel mode must be enabled on the switch for QinQ interface settings to be functional.
Page 568 User’s Manual of IGSW-2840 • plink port receives a packet from the service provider, the outer service provider’s tag is stripped off, and the packet passed onto the VLAN indicated by the inner tag. If no inner tag is found, the packet is passed onto the native VLAN defined for the uplink port.
Page 569 User’s Manual of IGSW-2840 Related Commands show interfaces switchport show dot1q-tunnel This command displays information about QinQ tunnel ports. Command Mode Privileged Exec Example Console(config)#dot1q-tunnel system-tunnel-control Console(config)#interface ethernet 1/1 Console(config-if)#switchport dot1q-tunnel mode access Console(config-if)#interface ethernet 1/2 Console(config-if)#switchport dot1q-tunnel mode uplink...
Page 570: Configuring Private Vlans
User’s Manual of IGSW-2840 5.21.6 Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports two types of private VLANs: primary/ secondary associated groups, and stand-alone isolated VLANs. A primary VLAN contains...
Page 571 User’s Manual of IGSW-2840 To configure isolated VLANs, follow these steps: Use the private-vlan command to designate an isolated VLAN that will contain a single promiscuous port and one or more isolated ports. Use the switchport mode private-vlan command to configure one port as promiscuous (i.e., having access to all ports in the isolated VLAN) one or more ports as host (i.e., isolated port).
Page 572 User’s Manual of IGSW-2840 private vlan association Use this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no form to remove all associations for the specified primary VLAN. Syntax private-vlan primary-vlan-id association {secondary-vlan-id | add secondary-vlan-id | remove secondary-vlan-id} no private-vlan primary-vlan-id association primary-vlan-id -ID of primary VLAN.
Page 573 User’s Manual of IGSW-2840 port to a community VLAN, use the private-vlan host association command. To assign a promiscuous port or host port to an isolated VLAN, use the switchport private-vlan isolated command. Example Console(config)#interface ethernet 1/2 Console(config-if)#switchport mode private-vlan promiscuous...
Page 574 User’s Manual of IGSW-2840 switchport private-vlan isolated Use this command to assign an interface to an isolated VLAN. Use the no form to remove this assignment. Syntax switchport private-vlan isolated isolated-vlan-id no switchport private-vlan isolated isolated-vlan-id - ID of isolated VLAN.
Page 575 User’s Manual of IGSW-2840 show private-vlan Use this command to show the private VLAN configuration settings on this switch. Syntax show private-vlan [community | isolated | primary] community – Displays all community VLANs, along with their associated primary VLAN and assigned host interfaces.
Page 576 User’s Manual of IGSW-2840 5.21.7 Configuring Protocol-based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 577 User’s Manual of IGSW-2840 Command Mode Global Configuration Example The following creates protocol group 1, and specifies the IPX protocol type. Protocol VLAN group 2 is created with protocol-type IPv6 (86DD) and frame-type ethernet specified: Console(config)#protocol-vlan protocol-group 1 add protocol-type ipx...
Page 578 User’s Manual of IGSW-2840 VLAN 2. Console(config)#interface ethernet 1/1 Console(config-if)#protocol-vlan protocol-group 1 vlan 2 Console(config-if)# show protocol-vlan protocol-group This command shows the frame and protocol type associated with protocol groups. Syntax show protocol-vlan protocol-group [group-id] group-id - Group identifier for a protocol group. (Range: 1-2147483647) Default Setting All protocol groups are displayed.
Page 579 User’s Manual of IGSW-2840 show interfaces protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces. Syntax show interfaces protocol-vlan protocol-group [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-26) •...
Page 580: Configuring Voice Vlans
User’s Manual of IGSW-2840 5.21.8 Configuring Voice VLANs The switch allows you to specify a Voice VLAN for the network and set a CoS priority for the VoIP traffic. VoIP traffic can be detected on switch ports by using the source MAC address of packets, or by using LLDP (IEEE 802.1AB) to discover connected VoIP devices.
Page 581 User’s Manual of IGSW-2840 Example The following example enables VoIP traffic detection and specifies the Voice VLAN ID as 1234. Console(config)#voice vlan 1234 Console(config)# voice vlan aging This command sets the Voice VLAN membership time out. Use the no form to restore the default.
Page 582 User’s Manual of IGSW-2840 Default Setting None Command Mode Global Configuration Command Usage • VoIP devices attached to the switch can be identified by the manufacturer’s Organizational Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses.
Page 583 User’s Manual of IGSW-2840 Console(config)#interface ethernet 1/1 Console(config-if)#switchport voice vlan auto Console(config-if)# switchport voice vlan rule This command selects a method for detecting VoIP traffic on a port. Use the no form to disable the selected detection method on a port.
Page 584 User’s Manual of IGSW-2840 Default Setting Disabled Command Mode Interface Configuration Command Usage • Security filtering discards any non-VoIP packets received on a port that are tagged with the voice VLAN ID. VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list, or through LLDP that discovers VoIP devices attached to the switch.
Page 585 User’s Manual of IGSW-2840 show voice vlan This command displays the Voice VLAN settings on the switch and the OUI Telephony list. Syntax show voice vlan {oui | status} • oui - Displays the OUI Telephony list. • status -Displays the global and port Voice VLAN settings.
Page 586: Lldp Commands
User’s Manual of IGSW-2840 5.22 LLDP Commands Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details...
Page 587 User’s Manual of IGSW-2840 lldp basic-tlv system-description Configures an LLDP-enabled port to advertise the system description lldp basic-tlv system-name Configures an LLDP-enabled port to advertise its system name lldp dot1-tlv proto-ident* Configures an LLDP-enabled port to advertise the supported protocols...
Page 588 User’s Manual of IGSW-2840 Command Mode Global Configuration Example Console(config)#lldp Console(config)# lldp holdtime-multiplier Default This command configures the time-to-live (TTL) value sent in LLDP advertisements. Use the no form to restore the Setting Syntax lldp holdtime-multiplier value no lldp holdtime-multiplier value - Calculates the TTL in seconds based on (holdtime-multiplier * refresh-interval) ≤...
Page 589 User’s Manual of IGSW-2840 4 packets Command Mode Global Configuration Command Usage The MEDFastStartCount parameter is part of the timer which ensures that the LLDP-MED Fast Start mechanism is active for the port. LLDP-MED Fast Start is critical to the timely startup of LLDP, and therefore integral to the rapid availability of Emergency Call Service.
Page 590 User’s Manual of IGSW-2840 lldp refresh-interval Default This command configures the periodic transmit interval for LLDP advertisements. Use the no form to restore the Setting Syntax lldp refresh-interval seconds no lldp refresh-delay seconds - Specifies the periodic interval at which LLDP advertisements are sent. (Range: 5 - 32768 seconds)
Page 591 User’s Manual of IGSW-2840 lldp tx-delay This command configures a delay between the successive transmission of advertisements initiated by a change in local LLDP Default Setting MIB variables. Use the no form to restore the Syntax lldp tx-delay seconds no lldp tx-delay seconds - Specifies the transmit delay.
Page 592 User’s Manual of IGSW-2840 lldp admin-status This command enables LLDP transmit, receive, or transmit and receive mode on the specified port. Use the no form to disable this feature. Syntax lldp admin-status {rx-only | tx-only | tx-rx} no lldp admin-status rx-only - Only receive LLDP PDUs.
Page 593 User’s Manual of IGSW-2840 Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp notification Console(config-if)# lldp mednotification This command enables the transmission of SNMP trap notifications about LLDP-MED changes. Use the no form to disable LLDP-MED notifications. Syntax [no] lldp mednotification Default Setting Enabled...
Page 594 User’s Manual of IGSW-2840 Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The management address protocol packet includes the IPv4 address of the switch. If no management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement.
Page 595 User’s Manual of IGSW-2840 lldp basic-tlv system-capabilities This command configures an LLDP-enabled port to advertise its system capabilities. Use the no form to disable this feature. Syntax [no] lldp basic-tlv system-capabilities Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel)
Page 596 User’s Manual of IGSW-2840 lldp basic-tlv system-name This command configures an LLDP-enabled port to advertise the system name. Use the no form to disable this feature. Syntax [no] lldp basic-tlv system-name Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage The system name is taken from the sysName object in RFC 3418, which contains the system’s administratively assigned...
Page 597 User’s Manual of IGSW-2840 lldp dot1-tlv proto-vid This command configures an LLDP-enabled port to advertise port related VLAN information. Use the no form to disable this feature. Syntax [no] lldp dot1-tlv proto-vid Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises the port-based and protocol-based VLANs configured on this interface (see “Configuring VLAN...
Page 598 User’s Manual of IGSW-2840 lldp dot1-tlv vlan-name This command configures an LLDP-enabled port to advertise its VLAN name. Use the no form to disable this feature. Syntax [no] lldp dot1-tlv vlan-name Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises the name of all VLANs to which this interface has been assigned.
Page 599 User’s Manual of IGSW-2840 lldp dot3-tlv mac-phy This command configures an LLDP-enabled port to advertise its MAC and physical layer capabilities. Use the no form to disable this feature. Syntax [no] lldp dot3-tlv mac-phy Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel)
Page 600 User’s Manual of IGSW-2840 lldp medtlv inventory This command configures an LLDP-MED-enabled port to advertise its inventory identification details. Use the no form to disable this feature. Syntax [no] lldp medtlv inventory Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel)
Page 601 User’s Manual of IGSW-2840 lldp medtlv med-cap This command configures an LLDP-MED-enabled port to advertise its Media Endpoint Device capabilities. Use the no form to disable this feature. Syntax [no] lldp medtlv med-cap Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel)
Page 602 User’s Manual of IGSW-2840 Console(config-if)#lldp medtlv network-policy Console(config-if)# show lldp config This command shows LLDP configuration settings for all ports. Syntax show lldp config [detail interface] • detail - Shows configuration summary. • interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number.
Page 603 User’s Manual of IGSW-2840 Notification Enabled : True Basic TLVs Advertised: port-description system-name system-description system-capabilities management-ip-address 802.1 specific TLVs Advertised: *port-vid *vlan-name *proto-vlan *proto-ident 802.3 specific TLVs Advertised: *mac-phy *link-agg *max-frame MED Configuration: MED Notification Enabled : True MED Enabled TLVs Advertised:...
Page 604 Console# show lldp info local-device LLDP Local System Information Chassis Type : MAC Address Chassis ID : 00-01-02-03-04-05 System Name : System Description : PLANET 8+2G Industrial Managed Switch System Capabilities Support : Bridge System Capabilities Enable : Bridge Management Address : 192.168.0.101 (IPv4)
Page 605 User’s Manual of IGSW-2840 show lldp info remote-device This command shows LLDP global and interface-specific configuration settings for remote devices attached to an LLDP-enabled port. Syntax show lldp info remote-device [detail interface] detail - Shows detailed information. interface ethernet unit/port -unit - Stack unit.
Page 606 User’s Manual of IGSW-2840 Syntax show lldp info statistics [detail interface] detail - Shows detailed information. interface ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12) Command Mode Privileged Exec...
Page 607: Class Of Service Commands
User’s Manual of IGSW-2840 5.23 Class of Service Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 608 User’s Manual of IGSW-2840 servicing lower priority queues. • wrr - Weighted Round-Robin shares bandwidth at the egress ports by using scheduling weights 1, 2, 4, 8 for queues 0 -3 respectively. • hybrid -Services the highest priority queue (3) according to strict priority queuing, after which the 3 lower priority queues (0, 1, 2) are processed according to their WRR weightings.
Page 609 User’s Manual of IGSW-2840 Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and tagged frames).
Page 610 User’s Manual of IGSW-2840 Example This example shows how to assign WRR weights to priority queues 0 - 2: Console(config)#queue bandwidth 6 9 12 Console(config)# Related Commands queue mode show queue bandwidth queue cos-map This command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 3). Use the no form set the CoS map to the default values.
Page 611 User’s Manual of IGSW-2840 Console(config-if)#queue cos-map 2 2 Console(config-if)#exit Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 Traffic Class : 0 1 2 3 4 5 6 7 Priority Queue: 0 1 2 1 2 2 3 3 Console#...
Page 612 User’s Manual of IGSW-2840 Console# show queue cos-map This command shows the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12)
Page 613 User’s Manual of IGSW-2840 5.23.2 Priority Commands (Layer 3 and 4) This section describes commands used to configure Layer 3 and Layer 4 traffic priority on the switch Command Function Mode map ip dscp Configures IP DSCP to CoS queue mapping...
Page 614 User’s Manual of IGSW-2840 Table 5-80 Mapping IP DSCP to CoS Queues Command Mode Global Configuration Command Usage • The command map ip dscp enables the feature on the switch. The command map ip dscp dscp-value cos cos-queue maps DSCP values to port CoS queues.
Page 615 User’s Manual of IGSW-2840 Example The following example shows how to map HTTP traffic to CoS queue 0, then enable the feature globally on the switch. Console(config)#map ip port 80 cos 0 Console(config)#map ip port Console(config)# map ip precedence Use this command to enable and set IP precedence priority mapping. Use the no form to disable the feature or restore a...
Page 616 User’s Manual of IGSW-2840 map ip tos Use this command to enable and set IP TOS priority mapping (i.e., IP Type of Service priority mapping). Use the no form to Default Setting disable the feature or restore a Syntax map ip tos [tos-value cos cos-queue] no map ip tos [tos-value] tos-value -4-bit TOS value.
Page 617 User’s Manual of IGSW-2840 map access-list ip This command sets the output queue for packets matching an IP ACL rule. Use the no form to remove the CoS queue mapping. Syntax [no] map access-list ip acl_name cos cos-queue acl_name – Name of the IP ACL. (Maximum length: 16 characters) cos-queue –...
Page 618 User’s Manual of IGSW-2840 show map ip dscp This command shows the IP DSCP priority map. Syntax show map ip dscp Command Mode Privileged Exec Example Console# show map ip dscp dscp Mapping Status: Disabled DSCP -------- ------- Console# Related Commands...
Page 619 User’s Manual of IGSW-2840 Related Commands map ip port show map ip precedence Use this command to show the IP precedence priority map. Syntax show map ip precedence Command Mode Privileged Exec Example Console# show map ip precedence Precedence Mapping Status: Enabled...
Page 620 User’s Manual of IGSW-2840 Console# show map ip tos tos Mapping Status: Disabled TOS COS ----- ---- Console# Related Commands map ip tos...
Page 621: Quality Of Service Commands
User’s Manual of IGSW-2840 show map access-list This command shows the CoS queue mapped to an ACL for the current interface. Syntax show map access-list {ip | mac} [interface] ip - Specifies IP ACLs. mac - Specifies MAC ACLs. interface -ethernet unit/port -unit - This is device 1.
Page 622 User’s Manual of IGSW-2840 show policy-map Displays the QoS policy maps which define classification criteria for incoming traffic, and may include policers for bandwidth limitations show policy-map interface Displays the configuration of all classes configured for all service policies on the specified interface...
Page 623 User’s Manual of IGSW-2840 Command Usage • First enter this command to designate a class map and enter the Class Map configuration mode. Then use the match command to specify the criteria for ingress traffic that will be classified under this class map.
Page 624 User’s Manual of IGSW-2840 policy-map This command creates a policy map that can be attached to multiple interfaces, and enters Policy Map configuration mode. Use the no form to delete a policy map and return to Global configuration mode. Syntax [no] policy-map policy-map-name policy-map-name -Name of the policy map.
Page 625 User’s Manual of IGSW-2840 Command Mode Policy Map Configuration Command Usage • Use the policy-map command to specify a policy map and enter Policy Map configuration mode. Then use the class command to enter Policy Map Class configuration mode. And finally, use the set and police commands to specify the match criteria, where the: -set command classifies the service that an IP packet will receive.
Page 626 User’s Manual of IGSW-2840 Console(config)#policy-map rd_policy Console(config-pmap)#class rd_class Console(config-pmap-c)#set ip dscp 3 Console(config-pmap-c)#police 100000 1522 exceed-action drop Console(config-pmap-c)# police This command defines an policer for classified traffic. Use the no form to remove a policer. Syntax [no] police rate-kbps burst-byte [exceed-action drop] rate-kbps -Rate in kilobits per second.
Page 627 User’s Manual of IGSW-2840 service-policy This command applies a policy map defined by the policy-map command to the ingress queue of a particular interface. Use the no form to remove the policy map from this interface. Syntax [no] service-policy input policy-map-name input - Apply to the input traffic.
Page 628 User’s Manual of IGSW-2840 show class-map This command displays the QoS class maps which define matching criteria used for classifying traffic. Syntax show class-map [class-map-name] class-map-name -Name of the class map. (Range: 1-16 characters) Default Setting Displays all class maps.
Page 629 User’s Manual of IGSW-2840 Console#show policy-map Policy Map rd_policy class rd_class set ip dscp 3 Console#show policy-map rd_policy class rd_class Policy Map rd_policy class rd_class set ip dscp 3 Console# show policy-map interface This command displays the service policy assigned to the specified interface.
Page 630: Igmp Snooping Commands
User’s Manual of IGSW-2840 5.25 Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 631 User’s Manual of IGSW-2840 Syntax [no] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static This command adds a port to a multicast group. Use the no form to remove the port.
Page 632 User’s Manual of IGSW-2840 Syntax ip igmp snooping version {1 | 2 | 3} no ip igmp snooping version 1 - IGMP Version 1 2 - IGMP Version 2 3 - IGMP Version 3 Default Setting IGMP Version 2 Command Mode...
Page 633 User’s Manual of IGSW-2840 ip igmp snooping immediate-leave This command immediately deletes a member port of a multicast service if a leave packet is received at that port and immediate-leave is enabled for the parent VLAN. Use the no form to restore the default.
Page 634 User’s Manual of IGSW-2840 Example The following shows the current IGMP snooping configuration: . Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Leave proxy status: Disabled Query count: Query interval: 100 sec Query max response time: 20 sec...
Page 635 User’s Manual of IGSW-2840 5.25.2 IGMP Query Commands (Layer 2) This section describes commands used to configure Layer 2 IGMP query on the switch. Command Function Mode ip igmp snooping querier Allows this device to act as the querier for IGMP snooping...
Page 636 User’s Manual of IGSW-2840 count - The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Range: 2-10) Default Setting 2 times Command Mode...
Page 637 User’s Manual of IGSW-2840 ip igmp snooping query-max-response-time This command configures the query report delay. Use the no form to restore the default. Syntax ip igmp snooping query-max-response-time seconds no ip igmp snooping query-max-response-time seconds -The report delay advertised in IGMP queries. (Range: 5-25)
Page 638 User’s Manual of IGSW-2840 Example The following shows how to configure the default timeout to 300 seconds: Console(config)#ip igmp snooping router-port-expire-time 300 Console(config)# Related Commands ip igmp snooping version 5.25.3 Static Multicast Routing Commands This section describes commands used to configure static multicast routing on the switch.
Page 639 User’s Manual of IGSW-2840 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs.
Page 640: Igmp Filtering And Throttling Commands
User’s Manual of IGSW-2840 5.25.4 IGMP Filtering and Throttling Commands In certain switch applications, the administrator may want to control the multicast services that are available to end users. For Example , an IP/TV service based on a specific subscription plan. The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port, and IGMP throttling limits the number of simultaneous multicast groups a port can join.
Page 641 User’s Manual of IGSW-2840 Example Console(config)#ip igmp filter Console(config)# ip igmp profile This command creates an IGMP filter profile number and enters IGMP profile configuration mode. Use the no form to delete a profile number. Syntax [no] ip igmp profile profile-number profile-number - An IGMP filter profile number. (Range: 1-4294967295)
Page 642 User’s Manual of IGSW-2840 Example Console(config)#ip igmp profile 19 Console(config-igmp-profile)#permit Console(config-igmp-profile) # range This command specifies multicast group addresses for a profile. Use the no form to delete addresses from a profile. Syntax [no] range low-ip-address [high-ip-address] low-ip-address - A valid IP address of a multicast group or start of a group range.
Page 643 User’s Manual of IGSW-2840 Command Usage The IGMP filtering profile must first be created with the ip igmp profile command before being able to assign it to an interface. Only one profile can be assigned to an interface. A profile can also be assigned to a trunk interface. When ports are configured as trunk members, the trunk uses the filtering profile assigned to the first port member in the trunk.
Page 644 User’s Manual of IGSW-2840 ip igmp max-groups action This command sets the IGMP throttling action for an interface on the switch. Syntax ip igmp max-groups action {replace | deny} replace - The new multicast group replaces an existing group. deny - The new multicast group join report is dropped.
Page 645 User’s Manual of IGSW-2840 Console#show ip igmp filter interface ethernet 1/1 Ethernet 1/1 information IGMP Profile 19 Deny range 239.1.1.1 239.1.1.1 range 239.2.3.1 239.2.3.100 Console# show ip igmp profile This command displays IGMP filtering profiles created on the switch. Syntax show ip igmp profile [profile-number] profile-number - An existing IGMP filter profile number.
Page 646 User’s Manual of IGSW-2840 Syntax show ip igmp throttle interface [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12) Default Setting None Command Mode Privileged Exec Command Usage Using this command without specifying an interface displays all interfaces.
Page 647: Multicast Vlan Registration Commands
User’s Manual of IGSW-2840 5.25.5 Multicast VLAN Registration Commands This section describes commands used to configure Multicast VLAN Registration (MVR). A single network-wide VLAN can be used to transmit multicast traffic (such as television channels) across a service provider’s network. Any multicast traffic entering an MVR VLAN is sent to all subscribers.
Page 648 User’s Manual of IGSW-2840 Command Mode Global Configuration Command Usage • Use the mvr group command to statically configure all multicast group addresses that will join the MVR VLAN. Any multicast data associated an MVR group is sent from all source ports, and to all receiver ports that have registered to receive data from that multicast group.
Page 649 User’s Manual of IGSW-2840 Default Setting The port type is not defined. Immediate leave is disabled. No receiver port is a member of any configured multicast group. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering.
Page 650 User’s Manual of IGSW-2840 Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#mvr type receiver Console(config-if)#mvr immediate Console(config-if)#exit Console(config)#interface ethernet 1/7 Console(config-if)#mvr type receiver Console(config-if)#mvr group 225.0.0.5 Console(config-if)# show mvr This command shows information about the global MVR configuration settings when entered without any keywords, the interfaces attached to the MVR VLAN using the interface keyword, or the multicast groups assigned to the MVR VLAN using the members keyword.
Page 651 User’s Manual of IGSW-2840 MVR Max Multicast Groups:255 MVR Current multicast groups:10 Console# Field Description MVR Status Shows if MVR is globally enabled on the switch. MVR running status Indicates whether or not all necessary conditions in the MVR environment are satisfied.
Page 652 User’s Manual of IGSW-2840 The following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN: Console# show mvr members MVR Group IP Status Members ------------------- ---------- ---------------- 225.0.0.1 ACTIVE eth1/1(d), eth1/2(s) 225.0.0.2 INACTIVE None 225.0.0.3 INACTIVE None 225.0.0.4...
Page 653: Ip Interface Commands
User’s Manual of IGSW-2840 5.26 IP Interface Commands An IP addresses may be used for management access to the switch over your network. The IP address for this switch is obtained via DHCP by default. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.
Page 654 User’s Manual of IGSW-2840 Requests will be broadcast periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, default gateway, and subnet mask). You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command, or by rebooting the switch.
Page 655 User’s Manual of IGSW-2840 show ip redirects ip dhcp restart This command submits a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command.
Page 656 User’s Manual of IGSW-2840 Example Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console# Related Commands show ip redirects show ip redirects This command shows the default gateway configured for this device.
Page 657 User’s Manual of IGSW-2840 Command Mode Normal Exec, Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached. • The following are some results of the ping command: -Normal response - The normal response occurs in one to ten seconds, depending on network traffic.
Page 658: Cli Configuration (To Be Continued)
Console(config)# snmp-server location WC 9 Console(config)# snmp-server contact Ted Console(config)# exit Console# show system System Description: Layer2+ Fast Ethernet Standalone Switch IGSW-2840 System OID String: 1.3.6.1.4.1.259.6.10.103 System Information System Up Time: 0 days, 0 hours, 57 minutes, and 56.69 seconds System Name: R&D 5...
Page 659: Display Bridge Extension Capabilities
User’s Manual of IGSW-2840 Switch Information Console# show version Serial Number: 0012CF422DC0 Service Tag: Hardware Version: EPLD Version: 0.00 Number of Ports: Main Power Status: Loader Version: 1.0.0.2 Boot ROM Version: 0.0.1.1 Operation Code Version: 0.0.3.5 Console# Display Bridge Extension Capabilities...
Page 660: Ip Address Configuration
User’s Manual of IGSW-2840 IP Address Configuration Manual IP Configuration Console#config Console(config)# interface vlan 1 Console(config-if)# ip address 192.168.1.1 255.255.255.0 Console(config-if)# exit Console(config)# ip default-gateway 192.168.1.253 Console(config)# Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services.
Page 661: Setting The System Clock
User’s Manual of IGSW-2840 SMTP minimum severity level: 4 SMTP destination email addresses 1. supports@planet.com.tw SMTP source email address: kentk@planet.com.tw SMTP status: Enabled Console# Setting the System Clock Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#exit Console#show sntp...
Page 662: Switch Operation
User’s Manual of IGSW-2840 7. SWITCH OPERATION 7.1 Address Table The Switch is implemented with an address table. This address table composed of many entries. Each entry is used to store the address information of some node in network, including MAC address, port no, etc. This in-formation comes from the learning process of Ethernet Switch.
Page 663 User’s Manual of IGSW-2840 7.5 Auto-Negotiation The STP ports on the Switch have built-in "Auto-negotiation". This technology automatically sets the best possible bandwidth when a connection is established with another network device (usually at Power On or Reset). This is done by detect the modes and speeds at the second of both device is connected and capable of, both 10Base-T and 100Base-TX devices can connect with the port in either Half- or Full-Duplex mode.
Page 664: Trouble Shooting
User’s Manual of IGSW-2840 8. TROUBLE SHOOTING This chapter contains information to help you solve problems. If the Ethernet Switch is not functioning properly, make sure the Ethernet Switch was set up according to instructions in this manual. ■ The Link LED is not lit...
Page 665: A.1 Switch's Rj-45 Pin Assignments
User’s Manual of IGSW-2840 APPENDEX A A.1 Switch's RJ-45 Pin Assignments 1000Mbps, 1000Base T Contact MDI-X BI_DA+ BI_DB+ BI_DA- BI_DB- BI_DB+ BI_DA+ BI_DC+ BI_DD+ BI_DC- BI_DD- BI_DB- BI_DA- BI_DD+ BI_DC+ BI_DD- BI_DC- Implicit implementation of the crossover function within a twisted-pair cable, or at a wiring panel, while not expressly forbidden, is beyond the scope of this standard.
Page 666 User’s Manual of IGSW-2840 The standard cable, RJ-45 pin assignment The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded. The following shows the pin allocation and color of straight cable and crossover cable connection:...
Page 667 User’s Manual of IGSW-2840 APPENDEX B : GLOSSARY Bandwidth Utilization The percentage of packets received over time as compared to overall bandwidth. BOOTP Boot protocol used to load the operating system for devices connected to the network. Distance Vector Multicast Routing Protocol (DVMRP) A distance-vector-style routing protocol used for routing multicast datagrams through the Internet.
Page 668 User’s Manual of IGSW-2840 IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol. IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign end-stations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks.
Page 669 User’s Manual of IGSW-2840 Management Information Base (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Switching A process whereby the switch filters incoming multicast frames for services no attached host has registered for, or forwards them to all ports contained within the designated multicast VLAN group.
Page 670 User’s Manual of IGSW-2840 Serial Line Internet Protocol (SLIP) Serial Line Internet Protocol, a standard protocol for point-to-point connections using serial lines. Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or back-up linked network systems.
Page 671: Ec Declaration Of Conformity
*Model Number: IGSW-2840 * Produced by: Manufacturer‘s Name : Planet Technology Corp. Manufacturer‘s Address: 11F, No 96, Min Chuan Road, Hsin Tien, Taipei, Taiwan, R.O.C. is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility Directive on (2004/108/EC).

Planet IGSW-2840 User Manual

Table of Conetnts

Command Line Interface

Table of Contents

3 Switch Management

4 Web Configuration

Address Table

Command Line Interface

Using the Command Line Interface

Entering Commands

Ip Interface Commands

Cli Configuration (to be Continued)

Switch Operation

Trouble Shooting

A.1 Switch's Rj-45 Pin Assignments

Quick Links

Chapters

Related Manuals for Planet IGSW-2840

Summary of Contents for Planet IGSW-2840

Table of Contents