1. Manuals
  2. Brands
  3. CTS Manuals
  4. Switch
  5. FOS-3126-PLUS SERIES
  6. User manual

CTS FOS-3126-PLUS SERIES User Manual

24 ports combo sfp (10/100/1000base-t/100base-fx/1000base-x) and uplink 2 ports combo sfp (1000base-t/1000base-x) slots management switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

FOS-3126-PLUS SERIES
24 PORTS COMBO SFP (10/100/1000BASE-T /
100BASE-FX/1000BASE-X) AND UPLINK 2 PORTS
COMBO SFP (1000BASE-T / 1000BASE-X) SLOTS
MANAGEMENT SWITCH
Network Management
.
User's Manual
Version 1.4
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FOS-3126-PLUS SERIES and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for CTS FOS-3126-PLUS SERIES

Summary of Contents for CTS FOS-3126-PLUS SERIES

  • Page 1 FOS-3126-PLUS SERIES 24 PORTS COMBO SFP (10/100/1000BASE-T / 100BASE-FX/1000BASE-X) AND UPLINK 2 PORTS COMBO SFP (1000BASE-T / 1000BASE-X) SLOTS MANAGEMENT SWITCH Network Management User’s Manual Version 1.4...

  • Page 2: Copyright Statement

    Trademarks CTS is a registered trademark of Connection Technology Systems Inc.. Contents subject to revision without prior notice. All other trademarks remain the property of their owners. Copyright Statement Copyright  Connection Technology Systems Inc.. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc..

  • Page 3: Table Of Contents

    Table of Content 1. INTRODUCTION ....................... 8 1.1 Interface ........................8 1.2 Management Options ....................9 1.3 Management Software ....................10 1.4 Management Preparations ..................11 2. Command Line Interface (CLI) ..................13 2.1 Using the Local Console ..................... 13 2.2 Remote Console Management - Telnet ..............
  • Page 4 2.6.13 Management Command ..................55 2.6.14 Mirror Command ....................56 2.6.15 MVR Command ....................57 2.6.16 NTP Command ....................58 2.6.17 QoS Command ....................59 2.6.18 Security Command .................... 62 2.6.19 Spanning-tree Command ................... 65 2.6.20 Switch Command ....................69 2.6.21 SNMP-Server Command ...................
  • Page 5 4.4.4 Rapid Spanning Tree ..................104 4.4.4.1 RSTP Switch Settings ................. 105 4.4.4.2 RSTP Aggregated Port Settings ..............106 4.4.4.3 RSTP Physical Port Settings ............... 107 4.4.5 802.1X Configuration ..................109 4.4.5.1 Configure System ..................110 4.4.5.2 Configure Port Admin State ................. 110 4.4.5.3 Configure Port Reauthenticate ..............
  • Page 6 4.4.14.2 DHCP Port Settings ................... 140 4.4.14.3 Filter Configuration ..................140 4.4.14.4 Static IP Table Configuration ..............141 4.4.14.5 Configure DHCP Snooping................ 142 4.4.14.6 Storm Control .................... 143 4.4.14.7 Anti-Broadcast Configuration ..............143 4.4.15 Access Control List Management (ACLM) ............144 4.4.16 LLDP Configuration ..................
  • Page 7 4.6.3 Load Factory Settings ..................176 4.6.4 Load Factory Settings Except Network Configuration ........176 4.6.5 Backup Configuration ..................177 4.7 Save Configuration ....................178 4.8 Reset System ......................178 APPENDIX A: Free RADIUS readme ................179 APPENDIX B: Set Up DHCP Auto-Provisioning ............. 180 APPENDIX C: VLAN Application Note ................

  • Page 8: Introduction

    1. INTRODUCTION Thank you for using the 24 dual-speed combo ports plus 2 Gigabit combo ports Managed Switch that is specifically designed for SMB (small and medium businesses), SME and for FTTx applications. The Managed Switch provides a built-in management module that enables users to configure and monitor the operational status both locally and remotely.

  • Page 9: Management Options

    Figure 2-4: Model 4 Rear Panel 1.2 Management Options Switch management options available are listed below:  Local Console Management  Telnet Management  SNMP Management  WEB Management  SSH Management Local Console Management Local Console Management is done through the RS-232 DB-9 Console port located on the rear panel of the Managed Switch.

  • Page 10: Management Software

    1.3 Management Software The following is a list of management software options provided by this Managed Switch:  Managed Switch CLI interface  SNMP-based Management Software  Web Browser Application Console Program The Managed Switch has a built-in Command Line Interface called the CLI which you can use to: ...

  • Page 11: Management Preparations

    1.4 Management Preparations After you have decided how to manage your Managed Switch, you are required to connect cables properly, determine the Managed switch IP address and, in some cases, install MIB shipped with your Managed Switch. Connecting the Managed Switch It is very important that the proper cables with the correct pin arrangement are used when connecting the Managed switch to other switches, hubs, workstations, etc..
  • Page 12 IP Addresses IP addresses have the format n.n.n.n, (The default factory setting is 192.168.0.1). IP addresses are made up of two parts:  The first part (for example 192.168.n.n) refers to network address that identifies the network where the device resides. Network addresses are assigned by three allocation organizations. Depending on your location, each allocation organization assigns a globally unique network number to each network which intends to connect to the Internet.

  • Page 13: Command Line Interface (Cli)

    2. Command Line Interface (CLI) This chapter introduces you how to use Command Line Interface CLI, specifically in:  Local Console  Telnet  Configuring the system  Resetting the system The interface and options in Local Console and Telnet are the same. The major difference is the type of connection and the port that is used to manage the Managed Switch.

  • Page 14: Remote Console Management - Telnet

    2.2 Remote Console Management - Telnet You can manage the Managed Switch via Telnet session. However, you must first assign a unique IP address to the Switch before doing so. Use the Local Console to login the Managed Switch and assign the IP address for the first time. Follow these steps to manage the Managed Switch through Telnet session: Step 1.

  • Page 15: General Commands

    2.3.1 General Commands This section introduces you some general commands that you can use in User, Enable, and Configuration mode, including “help”, “exit”, “history” and “logout”. Entering the command… To do this… Available Modes User Mode Obtain a list of available help Privileged Mode commands in the current mode.

  • Page 16: Command Format

    2.3.3 Command Format While in CLI, you will see several symbols very often. As mentioned above, you might already know what “>”, “#” and (config)# represent. However, to perform what you intend the device to do, you have to enter a string of complete command correctly. For example, if you want to assign IP address for the Managed Switch, you need to enter the following command with the required parameter and IP, subnet mask and default gateway: Switch(config)#ip address [A.B.C.D] [255.X.X.X] [A.B.C.D]...

  • Page 17: Login Username & Password

    Example 2: specifying three values (separated by commas) Switch(config)#qos 802.1p-map 1,3 0 Switch(config)#qos dscp-map 10,13,15 3 Example 3: specifying a range of values (separated by a hyphen) Switch(config)#qos 802.1p-map 1-3 0 Switch(config)#qos dscp-map 10-15 3 2.3.4 Login Username & Password Default Login When you enter Console session, a login prompt for username and password will appear to request a valid and authorized username and password combination.

  • Page 18: User Mode

    2.4 User Mode In User mode, only a limited set of commands are provided. Please note that in User mode, you have no authority to configure advanced settings. You need to enter Enable mode and Configuration mode to set up advanced functions of the Switch. For a list of commands available in User mode, enter the question mark (?) or “help”...

  • Page 19: Copy-Cfg Command

    2.5.1 Copy-cfg Command Use “copy-cfg” command to backup a configuration file via FTP or TFTP server and restore the Managed Switch back to the defaults or to the defaults but keep IP configurations. 1. Restore a configuration file via FTP or TFTP server. Command Parameter Description...

  • Page 20: Firmware Command

    2.5.2 Firmware Command To upgrade Firmware via TFTP or FTP server. Command Parameter Description Switch# firmware [A.B.C.D] Enter the IP address of your FTP server. upgrade ftp [file name] Enter the firmware file name that you want to [A.B.C.D] upgrade. [file_name] [user_name] Enter the username for FTP server login.

  • Page 21: Configure Command

    2.5.6 Configure Command The only place where you can enter Global Configuration mode is in Privileged mode. You can type in “configure” or “config” for short to enter Global Configuration mode. The display prompt will change from “Switch#” to “Switch(config)#” once you successfully enter Global Configuration mode.

  • Page 22: Entering Interface Numbers

    2.6.1 Entering Interface Numbers In the Global Configuration mode, you can configure a command that only applies to interfaces specified. For example, you can set up each interface‟s VLAN assignment, speeds, or duplex modes. To configure, you must first enter the interface number. There are four ways to enter your interface numbers to signify the combination of different interfaces that apply a command or commands.
  • Page 23 Company Name: Display a company name for this Managed Switch. Use “switch-info company- name [company-name]” command to edit this field. System Object ID: Display the predefined System OID. System Contact: Display contact information for this Managed Switch. Use “switch-info sys- contact [sys-contact]”...

  • Page 24: Interface Command

    Refer to “show default-setting copmmand”, “show running-config command” and “show start-up- config command” sections. 2.6.4 Interface Command Use “interface” command to set up configurations of several discontinuous ports or a range of ports. Command Parameter Description Switch(config)# interface [port_list] Enter several port numbers separated by [port_list] commas or a range of port numbers.

  • Page 25: Acl Command

    Show command Switch(config)# show interface Show each interface‟s port configuration including media type, forwarding state, speed, duplex mode, flow control and link up/down status. Switch(config)# show interface [port_list] Show the selected interface‟s port [port_list] configuration. Switch(config)# show interface Show each interface‟s port status status including media type, forwarding state, speed, duplex mode, flow control and link...
  • Page 26 Switch(config-acl-RULE)# [dest_mac] Define the destination MAC filtering frame-type any [dest_mac] type. “any”: Specify “any” to filter any kind of traffic. “uc”: Specify “uc” to filter unicast traffic. “mc”: Specify “mc” to filter to filter multicast traffic. “bc”: Specify “bc” to filter broadcast traffic.
  • Page 27 Specify “any” to apply ACL rule to both [opcode] reply and request frames; “reply” to denote reply frames; “request” to denote request frames. [source_ip] This is sender IP filtering function. Specify “any” to filter frames from any sender IP addresses. Or, specify either a host IP address (x.x.x.x).
  • Page 28 “any”: Specify “Any” to indicate a [length_check] match and not a match. “0”: Specify “0” to indicate that HLN (Hardware Address Length) field in the ARP/RARP frame is not equal to Ethernet (0x6) and the Protocol Address Length field is not equal to IPv4 (0x4).
  • Page 29 “any”: Specify “any” to apply ACL rule to any destination MAC addresses. “uc”: Specify “uc” to apply ACL rule to unicast traffic. “mc”: Specify “mc” to apply ACL rule to multicast traffic. “bc”: Specify “bc” to apply ACL rule to broadcast traffic.
  • Page 30 [icmp_code] This parameter is to show and filter the ICMP code defined in the code field of the ICMP header. “any”: Specify “any” to filter any codes. “0-255”: Specify “0-255” to filter different defined codes. [source_ip] This is sender IP filtering function. Specify “any”...
  • Page 31 [ip_option] Specify IP option bit. “any”: Specify “any” to denote the value which is either 0 or not 0. “0”: Specify “0” to indicate that the IPv4 is 5 bytes. “1”: Specify “1” to indicate that the IPv4 header is bigger than 5 bytes. Switch(config-acl-RULE)# [dest_mac] Define destination MAC address type.
  • Page 32 “any”: Specify “any” to denote the value which is either zero or not zero. “0”: Specify “0” to indicate that the TTL filed in IPv4 header is 0. “1”: If the value in TTL field is not 0, use “1” to indicate that. [ip_fragment] Specify IP fragment bit.
  • Page 33 “any”: Specify “any” to filter frames [dest_port] from any destination ports. “0-65535”: Specify a destination port between 0 and 65535. “0-65535/0-65535”: Specify a range of destination ports. For example, “1000/2000” means that port numbers from 1000 to 2000 are specified. The starting destination port number is1000;...
  • Page 34 [ip_fragment] Specify IP fragment bit. “any”: Specify “any” to denote the value which is either 0 or not 0. “0”: Specify “0” to indicate that the fragment filed in IPv4 header is 0. “1”: If the value in TTL field is not 0, use “1”...
  • Page 35 Switch(config-acl-RULE)# [dest_mac] Define destination MAC address type. frame-type udp [dest_mac] “any”: Specify “any” to apply ACL rule [source_port] [dest_port] [source_ip] [ip_mask] to any destination MAC addresses. [dest_ip] [ip_mask] [ip_ttl] “uc”: Specify “uc” to apply ACL rule to [ip_fragment] [ip_option] unicast traffic. “mc”: Specify “mc”...
  • Page 36 [dest_ip] This is destination IP filtering function. “any”: Specify “any” to filter frames to any target IP addresses. “x.x.x.x”: Specify either a host IP address. [ip_mask] Define destination IP mask. “any”: Specify “any” to mean any IP mask. “255.255.0.0”: Specify a specific IP mask.
  • Page 37 Switch(config-acl-RULE)# [any | policy1-8 | Specify one option for ingress port ingress-port [any | policy1- port 1~26] command. 8 | port] “any”: Specify “any” to mean any ports are ingress ports. “policy1-8”: Specify a policy that applies to ingress port command. To make this command work properly, you must configure “Switch(config-if-xx- xx)# acl policy [1-8]”...
  • Page 38 Switch(config-acl-RULE)# Reset the frame type back to the no frame-type default value. Switch(config-acl-RULE)# Reset the ingress port to the default no ingress-port setting. Switch(config-acl-RULE)# Reset tag priority value back to the no tag-priority default value. Switch(config-acl-RULE)# Reset VID filter setting back to the no vid factory default.

  • Page 39: Archive Command

    No command Switch(config-if-PORT-PORT)# no Permit the action on the specified acl action interfaces. Switch(config-if-PORT-PORT)# no Disable the Managed Switch to send a acl action port-copy copy of traffic from the specified interfaces to the defined port. Switch(config-if-PORT-PORT)# no Remove rate limiter rule from the acl action rate-limiter-id specified interfaces.

  • Page 40: Channel-Group Command

    No command Switch(config)# no archive auto-backup Disable auto-backup function. Switch(config)# no archive auto-backup path Reset the backup protocol back to the default setting. Switch(config)# no archive auto-backup time Reset the backup time back to the default setting. Show command Switch(config)# show archive auto-backup Show or verify auto-backup settings.
  • Page 41 Show command Switch(config)# show channel-group Show or verify link aggregation trunking settings. Switch(config)# show channel-group [group_name] Show or verify a specific link trunking [group_name] aggregation group‟s settings including aggregated port numbers and load-balancing status. Channel-group command example Switch(config)# channel-group trunking corenetwork Create a link aggregation group called “corenetwork”.

  • Page 42: Loop Detection Command

    Switch(config)# show channel- Clear all LACP statistics. group lacp statistics clear Channel-group & interface command example Enter port 1 to port 3‟s interface mode. Switch(config)# interface 1-3 Switch(config-if-1-3)# channel-group lacp Enable LACP on the selected interfaces. Set a key value “10” to the selected Switch(config-if-1-3)# channel-group lacp key 10 interfaces.

  • Page 43: Dot1X Command

    Use “Interface” command to configure a group of ports’ Loop Detection settings. Dot1x & Interface command Parameter Description Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Enable Loop Detection function on the loop-detection...
  • Page 44 No command Switch(config)# no dot1x Disable IEEE 802.1x function. Switch(config)# no dot1x reauth- Reset the re-authentication period period value back to the default setting (60 seconds). Switch(config)# no dot1x Disable re-authentication function. reauthentication Switch(config)# no dot1x secret Remove the original shared secret. Switch(config)# no dot1x server Remove the specified server IP address.
  • Page 45 Use “Interface” command to configure a group of ports’ IEEE 802.1x settings. Dot1x & Interface command Parameter Description Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Specify the selected ports to “auto”...

  • Page 46: Ip Command

    Dot1x & interface command example Switch(config)# interface 1-3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-1-3)# dot1x port-control auto Set the selected ports to “auto” state. Switch(config-if-1-3)# dot1x reauthenticate Re-authenticate the selected interfaces immediately.
  • Page 47 Switch(config)# no ip dhcp Remove DHCP server ports. snooping dhcp-server Switch(config)# no ip dhcp Reset the initiated value back to the default snooping initiated setting. Switch(config)# no ip dhcp Reset the leased value back to the default snooping leased setting. Switch(config)# no ip dhcp Disable DHCP Option 82 Relay Agent.
  • Page 48 Switch(config)# show ip dhcp snooping Show the specified ports‟ DHCP Snooping interface [port_list] trust port settings. DHCP & Interface Example Switch(config)# interface 1-3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-1-3)# ip dhcp snooping Set the selected interfaces to DHCP Option option...
  • Page 49 Switch(config)# ip igmp [1-6000] Specify Query time interval. This is used to snooping query-interval [1-6000] set the time interval between transmitting secs IGMP queries. Switch(config)# ip igmp [1-4094] Specify a VLAN ID. This enables IGMP snooping vlan [1-4094] Snooping on a specified VLAN. Switch(config)# ip igmp [1-4094] Enable a querier on the specified VLAN.
  • Page 50 Switch(config)# no ip igmp [profile_name] Delete the specified profile. profile [profile_name] Show command Switch(config)# show ip igmp Show IGMP Filtering setting. filter Switch(config)# show ip igmp [port_list] Show the specified ports‟ IGMP filter interface [port_list] Filtering status. Switch(config)#show ip igmp Show IP multicast profile information.
  • Page 51 Switch(config-if-PORT-PORT)# ip [dhcp | fixed-ip] Specify authorized access sourceguard [dhcp | fixed-ip] information for the selected ports. dhcp: DHCP server assigns IP address. fixed IP: Only Static IP (Create Static IP table first). unlimited: Non-Limited (Allows both static IP and DHCP-assigned IP). This is the default setting.

  • Page 52: Lldp Command

    Switch(config)# show ip igmp [profile_name] Show the specified profile‟s setting. profile [profile_name] Switch(config)# show ip igmp Show IP multicast segment segment information. Switch(config)# show ip igmp [1-400] Show the specified segment‟s segment [1-400] setting. Switch(config)# show ip igmp Show static multicast IP table. static-multicast-ip Switch(config-segment-ID)# show Show the selected segment‟s setting.
  • Page 53 Switch(config)# lldp [1-180] Specify the time interval for updated LLDP packets interval [1-180] to be sent. The allowable interval value is between 1 and 180 seconds. Switch(config)# lldp [1-16] Specify the amount of packets that are sent in packets [1-16] each discovery.

  • Page 54: Mac Command

    Switch(config)# lldp tlv-select port- Enable Port Description attribute to be sent. description Switch(config)# lldp tlv-select system- Enable System Description to be sent. description Switch(config)# lldp tlv-select system- Enable System Name to be sent. name Use “Interface” command to configure a group of ports’ LLDP settings. LLDP &...

  • Page 55: Management Command

    Use “Interface” command to configure a group of ports’ MAC Table settings. MAC & Interface command Parameter Description Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT- [xx:xx:xx:xx:xx:xx] Create a MAC address to VLAN entry.

  • Page 56: Mirror Command

    Switch(config)# management [1025- When telnet is enabled, you can set up the telnet port [1025-65535] 65535] port number that allows telnet access. The default port number is set to 23. However, you can also identify a port number between 1025 and 65535. Switch(config)# management To manage the Managed Switch via Web management.

  • Page 57: Mvr Command

    2.6.15 MVR Command Command Parameter Description Switch(config)# mvr Enable MVR function. Switch(config)# mvr vlan [1-4094] [1-4094] Specify a VID (1~4094) to create a MVR VLAN. Switch(config)# mvr group [1-4094] [1-4094] Specify a registered MVR VID (1~4094) [E.F.G.H] [E.F.G.H] and add specify the multicasting channel that would belong to MVR VLAN.

  • Page 58: Ntp Command

    2.6.16 NTP Command Command Parameter Description Switch(config)# ntp Enable the Managed Switch to synchronize the clock with a time server. Switch(config)# ntp daylight- Enable the daylight saving function. saving Switch(config)# ntp offset [1-2] [1-2] Offset 1 hour or 2 hours for daylight saving function.

  • Page 59: Qos Command

    2.6.17 QoS Command 1. Set up QoS Control List (QCL). QCL command Description Parameter Switch(config)# qos qcl [1-26] [1-26] Create a QoS control list for traffic classification. Switch(config-qcl-LIST)# dscp [0- [0-63] Specify a DSCP value between 63] [low | normal | medium | high] 0 and 63.
  • Page 60 Switch(config)# show qos qcl Show or verify each QCL rule. Switch(config)# show qos qcl [1-26] [1-26] Show or verify the selected QCL rule. Switch(config-qcl-LIST)# show Show configurations of the selected QCL rule. QCL example Switch(config)# qos qcl 1 Create a QoS control list for traffic classification.
  • Page 61 Switch(config-if-PORT-PORT)# [weight] Specify egress mode as weight qos queuing-mode [weight] queuing mode. The default queuing- mode is strict. “weight”: Weighted Round-Robin shares bandwidth at the egress ports by using scheduling weights 1, 2, 4, 8 for queues 1 through 4 respectively.

  • Page 62: Security Command

    2.6.18 Security Command When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast traffic on a per switch basis so as to protect network from broadcast/ multicast/ unknown unicast storms.
  • Page 63 Enable or disable broadcast/multicast/unknown unicast storm control. Security command Parameter Description Switch(config)# security [1-1024k] Specify the maximum broadcast packets storm-protection broadcast per second (pps). Any broadcast packets [1-1024k] exceeding the specified threshold will then be dropped. The packet rates that can be specified are listed below: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k, 512k,...
  • Page 64 Switch(config)# no security Disable multicast storm control. storm-protection multicast Switch(config)# no security Disable unicast storm control. storm-protection unicast Show command Switch(config)# show Show current storm control settings. security storm-protection Switch(config)# show Show each interface‟s storm protection security storm-protection settings. interface Switch(config)# show [port_list] Show the selected interfaces‟...

  • Page 65: Spanning-Tree Command

    2.6.19 Spanning-tree Command The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.
  • Page 66 Switch(config)# spanning- [6-200] Specify the Maximum Age value in tree max-age [6-200] seconds. The allowable value is between 6 and 200. Switch(config)# spanning- [0-61440] Specify a priority value on a per switch tree priority [0-61440] basis. The allowable value is between 0 and 61440.
  • Page 67 Switch(config)# show [port_list | llag] Show the selected interfaces or link spanning-tree statistics aggregation groups‟ statistics information [port_list | llag] including the total RSTP packets received, RSTP packets transmitted, STP packets received, STP packets transmitted, TCN (Topology Change Notification) packets received, TCN packets transmited, illegal packets received, and unknown packets received.
  • Page 68 Switch(config-if-PORT-PORT)# [forced_fasle Set the aggregated ports to non- spanning-tree p2p [forced_fasle | | auto] point to point ports (forced_false) or auto] allow the Managed Switch to detect point to point status automatically (auto). By default, aggregated ports are set to point to point ports (forced_true).

  • Page 69: Switch Command

    Switch(config)# show spanning- [port_list | Show the selected interfaces or link tree status [port_list | llag] llag] aggregation groups‟ statistics information Switch(config)# show spanning- Show the current STP state. tree overview Spanning-tree & interface command example Description Switch(config)# interface 1-3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen.

  • Page 70: Snmp-Server Command

    No command Switch(config)# no switch sfp temperature Set the SFP temperature back to the default setting. Switch(config)# no switch sfp tx-bias Set the SFP TX bias power back to the default setting. Switch(config)# no switch sfp tx-power Set the SFP TX power value back to the default setting.
  • Page 71 Switch(config-community- [Description] Enter the description for this SNMP NAME)# description community of up to 35 alphanumerical [Description] characters. Switch(config-community- [admin | rw | Specify the access privilege for this SNMP NAME)# level [admin | rw | account. admin: Full access right, including maintaining user account, system information, loading factory settings, etc..
  • Page 72 2. Set up a SNMP trap destination. Trap-destination command Parameter Description Switch(config)# snmp-server [1-10] Create a trap destination account. trap-destination [1-10] Switch(config-trap- Enable this SNMP trap destination ACCOUNT)# active account. Switch(config-trap- [community] Enter the community name of network ACCOUNT)# community management system.
  • Page 73 3. Set up SNMP trap types that will be sent. Trap-type command Parameter Description Switch(config)# snmp- [all |anti- Specify a trap type that will be sent when a server trap-type [all |anti- bcast |auth- certain situation occurs. bcast |auth-fail | case-fan | fail | case-fan cold-start | port-link | | cold-start |...

  • Page 74: Switch-Info Command

    No command Switch(config)# no snmp- [all |anti- Specify a trap type that will not be sent server trap-type [all |anti- bcast |auth- when a certain situation occurs. bcast |auth-fail | case-fan | fail | case-fan cold-start | port-link | | cold-start | power-down | sfp | storm | port-link | upper-limit [0-148810] pps...

  • Page 75: User Command

    No command Switch(config)# no switch-info company-name Delete the entered company name information. Switch(config)# no switch-info system-contact Delete the entered system contact information. Switch(config)# no switch-info system-location Delete the entered system location information. Switch(config)# no switch-info system-name Delete the entered system name information.
  • Page 76 Switch(config-user- [admin | rw | Specify this user‟s access level. NAME)# level [admin | rw | admin (administrator): Full access right, including maintaining user account & system information, loading factory settings, etc.. rw (read & write): Partial access right, unable to modify user account & system information and load factory settings.
  • Page 77 2. Configure RADIUS server settings. User command Parameter Description Switch(config)# user radius Enable RADIUS authentication. Switch(config)# user radius [1025- Specify RADIUS server port number. radius-port [1025-65535] 65535] Switch(config)# user radius [0-2] Specify the retry value. This is the number of retry-time [0-2] times that the Managed Switch will try to reconnect if the RADIUS server is not...

  • Page 78: Syslog Command

    2.6.24 Syslog Command Syslog command Parameter Description Switch(config)# syslog Enable system log function. Switch(config)# syslog [A.B.C.D] Specify the primary system log server IP server1 [A.B.C.D] address. Switch(config)# syslog [A.B.C.D] Specify the secondary system log server IP server2 [A.B.C.D] address. Switch(config)# syslog [A.B.C.D] Specify the third system log server IP server3 [A.B.C.D]...
  • Page 79 [trunk | Specify whether the management access] port is in trunk or access mode. “trunk” mode: Set the selected ports to tagged. “access” mode: Set the selected ports to untagged. Switch(config)# vlan port-based [name] Specify a name for this port-based [name] VLAN.
  • Page 80 Switch(config-if-PORT-PORT)# Set the selected ports that belong to vlan dot1q-vlan mode access the specified VLAN to access mode (untagged). Switch(config-if-PORT-PORT)# Enable Q-in-Q function in the selected vlan dot1q-vlan mode dot1q- interfaces. tunnel Switch(config-if-PORT-PORT)# Set the selected ports to trunk mode vlan dot1q-vlan mode trunk (tagged).

  • Page 81: Show Interface Statistics Command

    2.6.26 Show interface statistics Command The command “show interface statistics” that can display port traffic statistics, port packet error statistics and port analysis history can be used either in Privileged mode # and Global Configuration mode (config)#. “show interface statistics” is useful for network administrators to diagnose and analyze port traffic real-time conditions.

  • Page 82: Show Default-Setting, Running-Config & Start-Up-Config Command

    2.6.28 Show default-setting, running-config & start-up-config Command Command Description Show the original configurations Switch(config)# show default-setting assigned to the Manged Switch by the factory. Switch(config)# show running-config Show configurations currently used in the Manged Switch. Please note that you must save running configurations into your switch flash before rebooting or restarting the device.

  • Page 83: Snmp Network Management

    3. SNMP NETWORK MANAGEMENT The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.

  • Page 84: Web Management

    4. WEB MANAGEMENT You can manage the Managed Switch via a Web browser. However, you must first assign a unique IP address to the Managed Switch before doing so. Use the RS-232 DB-9 console port or use a RJ45 LAN cable and any of the 10/100/1000Base-T RJ-45 ports of the Managed Switch (as the temporary RJ-45 Management console port) to login to the Managed Switch and set up the IP address for the first time.
  • Page 85 1. System Information: Name the Managed Switch, specify the location and check the current version of information. 2. User Authentication: View the registered user list. Add a new user or remove an existing user. 3. Network Management: Set up or view the IP address and related information of the Managed Switch required for network management applications.

  • Page 86: System Information

    4.1 System Information Select System Information from the Main Menu and then the following screen shows up. Company Name: Enter a company name up to 55 alphanumeric characters for this Managed Switch. System Object ID: View-only field that shows the predefined System OID. System Contact: Enter contact information up to 55 alphanumeric characters for this Managed switch.

  • Page 87: User Authentication

    4.2 User Authentication To prevent any unauthorized operations, only registered users are allowed to operate the Managed Switch. Users who want to operate the Managed Switch need to register into the user list first. To view or change current registered users, select User Authentication from the Main Menu and then the following screen page shows up.

  • Page 88: Radius Configuration

    Password: Enter the desired user password, up to 20 alphanumeric characters. Retype Password: Enter the password again for double-checking. Description: Enter a unique description up to 35 alphanumeric characters for the user. This is mainly for reference only. IP Security: Enable or disable the IP security function. If enabled, the user can access the Managed Switch only through the management station which has exact IP address specified in IP address field below.

  • Page 89: Network Management

    Secret Key: The word to encrypt data of being sent to RADIUS server. RADIUS Port: The RADIUS service port on RADIUS server. Retry Time: Times of trying to reconnect if the RADISU server is not reachable. RADIUS Server Address: IP address of the first RADIUS server. 2nd RADIUS Server Address: IP address of the second RADIUS server.

  • Page 90: Network Configuration

    4.3.1 Network Configuration Click the option Network Configuration from the Network Management menu and then the following screen page appears. MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Managed switch. You cannot change the Managed Switch‟s MAC address. Configuration Type: There are two configuration types that users can select from the pull-down menu, "DHCP"...

  • Page 91: System Service Configuration

    4.3.2 System Service Configuration Click the option System Service Configuration from the Network Management menu and then the following screen page appears. Telnet Service: To enable or disable the Telnet Management service. SSH Service: To enable or disable the SSH Management service. To enable SSH Service, Telnet Service must be disabled.

  • Page 92: Time Server Configuration

    Telnet Port: Specify the desired TCP port number for the Telnet console. The default TCP port number of the Telnet is 23. System Time Out: Specify the desired time that the Managed Switch will wait before disconnecting an inactive console/telnet. Specifying “0” means an inactive connection will never be disconnected.

  • Page 93: Device Community

    4.3.5 Device Community Click the option Device Community from the Network Management menu and then the following screen page appears. Up to 10 Device Communities can be set up. Click New to add a new community and then the following screen page appears. Click Edit to view the current community settings.

  • Page 94: Trap Destination

    IP Security: Click the pull-down menu to enable or disable the IP security function. If enabled, Community may access the Managed Switch only through the management station, which has the exact IP address specified in IP address field below. If disabled, Community can access the Managed Switch through any management stations.

  • Page 95: Trap Configuration

    4.3.7 Trap Configuration Click the option Trap Configuration from the Network Management menu and then the following screen page appears. Cold Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch is turned on. Warm Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch restarts.

  • Page 96: Mal-Attempt Log Configuration

    4.3.8 Mal-attempt Log Configuration Click the option Trap Configuration from the Network Management menu and then the following screen page appears. When DHCP snooping filters unauthorized DHCP packets on the network, the Mal-attempt log will allow the Managed Switch to send event notification message to Log server. Log Server: Enable or disable Mal-attempt log function.
  • Page 97 2. Port Configuration: Enable or disable port speed, flow control, etc. 3. Link Aggregation: Set up port trunk and LACP port configuration. 4. Rapid Spanning Tree: Set up RSTP switch settings, aggregated port settings, physical port settings, etc. 5. 802.1X Configuration: Set up the 802.1X system, port Admin state, port reauthenticate. 6.

  • Page 98: Switch Configuration

    4.4.1 Switch Configuration Click the option Switch Configuration from the Switch Management menu and then the following screen page appears. Maximum Frame Size: Specify the maximum frame size between 1518 and 9600 bytes. The default maximum frame size is 9600bytes. MAC Address Aging Time: Specify MAC Address aging time between 0 and 4080 seconds.

  • Page 99: Port Configuration

    0180C2000002: 802.3 Clause 43 (Link Aggregation) and Clause 57 (OAM) use, aka "Slow Protocols" Multicast address 0180C2000003: 802.1X Port Authenticator Entity (PAE) address. 0180C2000004-5: Reserved for future media access specific method standardization. 0180C2000006-7: Reserved for future standardization. 0180C2000008: All Provider Bridges. 0180C2000009-C: Reserved for future standardization.

  • Page 100: Link Aggregation

    Duplex: When you select Manual port type, you can further specify the current operation Duplex mode (full or half duplex) of the port(s). Flow Control: Enable or disable the flow control. Description: Enter the brief descrition for this specific port. 4.4.3 Link Aggregation Link aggregation is an inexpensive way to set up a high-speed backbone network that transfers much more data than any one single port or device can deliver without replacing everything and...

  • Page 101: Trunk Mode Configuration

    4.4.3.1 Trunk Mode Configuration Click the option Trunk Mode Configuration from the Link Aggregation menu, the following screen page appears. There are two fields for you to set up packets according to operations. Source MAC Address: Enable or disable packets according to source MAC address. Destination MAC Address: Enable or disable packets according to Destination MAC address.

  • Page 102: Lacp Port Configuration

    - Must have 2 to 16 ports in each trunking group. - Each port can only be grouped in one group. - If the port is already set On in LACP Port Configuration, it can‟t be grouped anymore. Click OK and return back to Link Aggregation menu. NOTE: All trunking ports in the group must be members of the same VLAN and their Spanning Tree Protocol (STP) status and QoS default priority configurations must be identical.
  • Page 103 Configure Key Value: Select “Key Value” from the pull-down menu of Select Setting. Ports in an aggregated link group must have the same LACP port Key. In order to allow a port to join an aggregated group, the port Key must be set to the same value. The range of key value is between 0 and 255.

  • Page 104: Rapid Spanning Tree

    4.4.4 Rapid Spanning Tree The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.

  • Page 105: Rstp Switch Settings

    4.4.4.1 RSTP Switch Settings Click the option RSTP Switch Settings from the Rapid Spanning Tree menu and then the following screen page appears. System Priority: Each interface is associated with a port (number) in the STP code. And, each switch has a relative priority and cost that is used to decide what the shortest path is to forward a packet.

  • Page 106: Rstp Aggregated Port Settings

    4.4.4.2 RSTP Aggregated Port Settings Click the option RSTP Aggregated Port Settings from the Rapid Spanning Tree menu and then the following screen page appears. State: Enable or disable configured trunking groups in RSTP mode. Cost: This parameter is used by the RSTP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.

  • Page 107: Rstp Physical Port Settings

    4.4.4.3 RSTP Physical Port Settings Click the option RSTP Physical Port Settings from the Rapid Spanning Tree menu and then the following screen page appears. Configure Port State: Select “State” from the pull-down menu of Select Setting. This allows ports to be enabled or disabled. When it is On, RSTP is enabled. Configure Port Path Cost: Select “Path Cost”...
  • Page 108 Configure Port Priority: Select “Priority” from the pull-down menu of Select Setting. You can choose Port Priority value between 0 and 240. The default value is “0”. Configure Port Edge: Select “Edge” from the pull-down menu of Select Setting. Set the port to “enabled” or “disabled”. When it is On, Port Edge is enabled.

  • Page 109: Configuration

    Configure Port Point2point: Select “Point2point” from the pull-down menu of Select Setting. Set up the Point to Point setting. The default setting is “Forced True”. 4.4.5 802.1X Configuration The IEEE 802.1X standard provides a port-based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports.

  • Page 110: Configure System

    4.4.5.1 Configure System Click the option Configure System from the 802.1X Configuration folder and then the following screen page appears. Mode: Enable or disable 802.1X on the Managed Switch. When enabled, the Managed Switch acts as a proxy between the 802.1X-enabled client and the authentication server. In other words, the Managed Switch requests identifying information from the client, verifies that information with the authentication server, and relays the response to the client.

  • Page 111: Configure Port Reauthenticate

    Unauthorized: This forces the Managed Switch to deny access to all clients, either 802.1X-aware or 802.1X-unaware. Auto: This requires 802.1X-aware clients to be authorized by the authentication server. Accesses from clients that are not dot1x‑ aware will be denied. 4.4.5.3 Configure Port Reauthenticate Click the option Configure Port Reauthenticate from the 802.1X Configuration menu and then the following screen page appears.

  • Page 112: Mac Table Learning

    4.4.6.1 MAC Table Learning Click the option MAC Table Learning from the MAC Address Table menu and then the following screen page appears. Auto: Enable port MAC address learning. Disabled: Disable port MAC address learning. 4.4.6.2 Static MAC Table Configuration Click the option Static MAC Table Configuration from the MAC Address Table menu and then the following screen page appears.

  • Page 113: Vlan Configuration

    Current/Total/Max: The number of current, total and maximum MAC address entry or entries. MAC Address: Specify a destination MAC address in the packet with the 00:00:00:00:00:00 format. VID: Specify the VLAN where the packets with the Destination MAC address can be forwarded. Forwarding Port: If the incoming packet has the same destination MAC address as the one specified in VID, it will be forwarded to the selected port directly.

  • Page 114: Q Vlan Concept

    Since source addresses of the packets are listed in MAC address table of specific VLAN (except broadcast/multicast packets), in every VLAN the traffic between two ports will be two-way without restrictions. Click New to add a new VLAN entity and then the following screen page appears. Use Edit to view and edit the current VLAN setting.
  • Page 115 Introduction to 802.1Q frame format: Preamble Type/LEN PAYLOAD Original frame 802.1q Preamble Type/LEN PAYLOAD FCS TCI/P/C/VID frame PRE Preamble 62 bits Used to synchronize traffic SFD Start Frame Delimiter 2 bits Marks the beginning of the header Destination Address 6 bytes The MAC address of the destination Source Address 6 bytes...
  • Page 116 Important VLAN Definitions: Ingress The point at which a frame is received on a switch and the switching decisions must be made. The switch examines the VID (if present) in the received frames header and decides whether or not and where to forward the frame. If the received frame is untagged, the switch will tag the frame with the PVID for the port on which it was received.

  • Page 117: Introduction To Q-In-Q

    4.4.7.3 Introduction to Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.

  • Page 118: Q Vlan

    4.4.7.4 802.1Q VLAN The following screen page appears when you choose IEEE 802.1q Tag VLAN. 1. Configure VLAN: To create, edit or delete 802.1Q Tag VLAN settings. 2. VLAN Interface: To set up VLAN mode on the selected port. 3. Management VLAN: To set up management VLAN and management ports. 4.4.7.4.1 Configure VLAN The following screen page appears if you choose Configure VLAN.

  • Page 119: Vlan Interface

    VLAN ID: Specify a VLAN ID between 1 and 4094. VLAN Members: If you select “V” from the pull-down menu, it denotes that the ports selected belong to the specified VLAN. 4.4.7.4.2 VLAN Interface The following screen page appears if you choose VLAN Interface. Mode: Select the appropriate mode for each port.

  • Page 120: Management Vlan

    4.4.7.4.3 Management VLAN The following screen page appears if you choose Management VLAN. CPU VLAN ID: Specify an existing VLAN ID. Mode: Select the VLAN mode for this Management VLAN. Management Port: Tick the checkbox on the ports that you would like them to become Management ports.

  • Page 121: Qos Port Configuration

    4.4.8.1 QoS Port Configuration Select the option QoS Port configuration from the QoS Configuration menu and then the following screen page appears. Configure Default Class: Click the pull-down menu to choose the class level “Low”, “Normal”, “Medium” or “High”. The default class level of each port is “Low”.
  • Page 122 Configure User Priority: There are eight priority levels that you can choose to classify data packets. Choose one of the listed options from the pull-down menu for CoS (Class of Service) priority tag values. The default value is “0”. The default 802.1p settings are shown in the following table: Priority Level normal normal...

  • Page 123: Qos Control List

    Configure Queuing Weighted: Click the pull-down menu to select values of Queue weighted for each port. 4.4.8.2 QoS Control List The following screen page appears if you choose QoS Priority Configuration and then select QoS Control List. QCL: Select a QCL number (1~26). QCE Type: View-only filed that shows QCL‟s current QCE type.
  • Page 124 Current/Total/Max List: View-only field. Current: This shows the number of current registered QCL setting(s). Total: This shows the number of total registered QCL setting(s). Max List: The shows the number of maximum QCL settings that are available for registration. The default number is 12. QCE Type: Click the pull-down menu to select the desired privilege for the QCE type operation.

  • Page 125: Qos Rate Limiter

    4.4.8.3 QoS Rate Limiter Select the option QoS Rate Limiter from the QoS Priority Configuration menu and then the following screen page appears. Configure Policer Rate: This allows users to specify each port‟s inbound bandwidth. The excess traffic will be dropped. Specifying “0”...

  • Page 126: Dscp Remark

    4.4.9 DSCP Remark To set up DSCP Remark, select the option DSCP Remark from the Switch Management menu and then the following screen page appears. Configure DSCP Remark: Select “DSCP Remark” from the pull-down menu of Select Setting. This allows you to enable or disable DSCP remarking for each port. The default setting is disabled. Configure 802.1p Remark: Select 802.1p Remark from the pull-down menu of Select Setting.

  • Page 127: Port Mirroring

    DSCP mapping to Queue: Assign a value (0~63) to four different levels. 802.1p mapping to Queue: Assign a value (0~7) to four different levels. 4.4.10 Port Mirroring In order to allow Target Port to mirror Source Port and enable traffic monitoring, select the option Port Mirroring from the Switch Management menu and then the following screen page appears.

  • Page 128: Igmp Snooping

    4.4.11 IGMP Snooping The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It can be used more efficiently when supporting activities, such as online streaming video and gaming.

  • Page 129: Igmp Configuration

    4.4.11.1 IGMP Configuration Select the option IGMP Configuration from the IGMP Snooping menu and then the following screen page appears. Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic. Unregistered IPMC Flooding: Set forwarding mode for unregistered (not-joined) IP multicast traffic.

  • Page 130: Ipmc Segment

    Snooping: When enabled, the port in VLAN will monitor network traffic and determine which hosts to receive the multicast traffic. Querying: When enabled, the port in VLAN can serve as the Querier which is responsible for asking hosts whether they want to receive multicast traffic. 4.4.11.3 IPMC Segment Select the option IPMC Segment from the IGMP Snooping menu and then the following screen page with the ability information of IPMC Segment ID, Name and IP Range appears.

  • Page 131: Ipmc Profile

    Current/Total/Max Segment Nums: View-only field. Current: This shows the number of current registered IPMC Segment. Total: This shows the total number of registered IPMC Segment. Max: This shows the maximum number available for IPMC Segment. The maximum number is 400. Segment ID: Specify a number from 1~400 for a new ID.

  • Page 132: Igmp Filtering

    Total: This shows the number of total IPMC Profiles that are registered. Max: This shows the maximum number available for IPMC Profile. The maximum number is 60. Profile Name: Enter an identification name. This field is limited to 20 characters. Segment ID: Specify the segment ID that is registered in IPMC Segment.

  • Page 133: Static Multicast Configuration

    Channel Limit: Specify the maximum transport multicast stream. Enable: To enable each port‟s IGMP filtering function. The default setting is “Off” which is disabled. Port: View-only field that shows the port number that is currently configured. IPMC Profile: In IGMP filtering, it only allows information specified in IPMC Profile fields to pass through.

  • Page 134: Mvr

    default maximum number is 128. IP Address: Specify the multicast stream source IP address. VLAN: Specify a VLAN ID for multicast stream. Forwarding port: Select a port number for multicast stream forwarding. 4.4.13 MVR MVR stands for Multicast VLAN Registration that enables a media server to transmit multicast stream in a single multicast VLAN when clients receiving multicast VLAN stream can reside in different VLANs.

  • Page 135: Mvr Settings

    Click the folder MVR Configuration from the Switch Management menu and then the following screen page appears. 1. MVR Port Settings: To enable or disable MRV global settings and create MVR VLAN to indicate the Source and Receive port. 2. MVR Group: Create MVR Groups whose multicasting stream would belong to MVR VLAN. 4.4.13.1 MVR Settings Select the option MVR Settings from the MVR Configuration menu and then the following screen page appears.

  • Page 136: Mvr Group

    Current: This shows the number of current registered MVR VLAN configuration. Total: This shows the total number of registered MVR VLAN configuration. Max: This shows the maximum number available for MVR VLAN configuration. VLAN: Specify a VLAN ID for multicast VLAN. Receive port: Indicate the MVR receive port.

  • Page 137: Security Configuration

    VLAN ID: Specify a VLAN ID number that is registered in MVR port settings. Group Range: Specify the multicasting channels that would belong to MVR VLAN. 4.4.14 Security Configuration In this section, several Layer 2 security mechanisms are provided to increase the security level of your Managed Switch.

  • Page 138: Dhcp Option 82 Settings

    4.4.14.1 DHCP Option 82 Settings The Managed Switch can add information about the source of client DHCP requests that relay to DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information.
  • Page 139 Configure Trust Port Setting: Trust Port: Select “V” if you would like ports to become trust ports. The trusted ports will not discard DHCP messages. For example: A DHCP request is from Port 1 that is marked as both Opt82 port and trust port. A.

  • Page 140: Dhcp Port Settings

    4.4.14.2 DHCP Port Settings Select the option DHCP Port Settings from the Security Configuration menu and then the following screen page appears. Source Guard: To specify authorized access information for each port. There are three options available. Unlimited: Non-Limited (Static IP or DHCP-assigned IP). DHCP: DHCP-assigned IP address only.

  • Page 141: Static Ip Table Configuration

    IPv6 Filter: Enable or disable IPv6 filter. When enabled, IPv6 packets will be dropped. UPnP Filter: Enable or disable UPnP filter. When enabled, UPnP packets will be dropped. 4.4.14.4 Static IP Table Configuration Select the option Static IP Table Configuration from the Security Configuration menu and then the following screen page appears.

  • Page 142: Configure Dhcp Snooping

    VLAN ID: Specify the VLAN ID. (0 means without VLAN ID) Port: Specify the communication port number. (Port 1~24) 4.4.14.5 Configure DHCP Snooping When you want to use DHCP Snooping function, follow the steps described below to enable a client to receive an IP from DHCP server. Step 1.

  • Page 143: Storm Control

    4.4.14.6 Storm Control Select the option Storm Control from the Security Configuration menu to set up storm control parameters for ports and then the following screen page appears. When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast storms may occur, which eventually degrades network performance and even worse cause a complete halt.

  • Page 144: Access Control List Management (Aclm)

    Polling Interval: Specify a time interval for the frequency of the Managed Switch checking or refreshing broadcast traffic. Port Enable: Enable or disable anti-broadcast function in each port. Port Threshold (pps): Enter the threshold value for each port. When the port exceeds the threshold value in the time specified, the port will be temporarily blocked until the value is refreshed in the next polling interval.
  • Page 145 each Rate Limiter‟s rate. Port Copy: Send a copy of packets to the desired port. Shutdown: If enabled, the Managed Switch will shutdown the interface. Counter: View-only filed that shows how many packets conform to MAC and VLAN parameters. OK: Click OK to save the port configurations. Reflash: Click Reflash to show the number of packets that conform to the default ACL rule.
  • Page 146 ACL Configuration: Click New to add a new ACL configuration, then the screen page is shown below. Click Delete to remove an existing ACL configuration. Click Edit to view and edit an existing ACL configuration. Current/Max ACL: View-only field. Current: This shows the number of the current ACL rule. Max ACL: This shows the maximum number available for registering ACL rule.
  • Page 147 Rate Limiter: Disable or enable rate limiter. Port Copy: Send a copy of packets to the selected port. Shutdown: If enabled, the Managed Switch will shutdown the interface. Any Frame Type: MAC Parameters DMAC Filter: Select an option from the pull-down menu for destination MAC filtering. Select “Any”...
  • Page 148 Ethernet Frame Type: MAC Parameters SMAC Filter: Select “Any” or “Specific” for source MAC filtering. If “Specific” is selected, you need to further specify a source MAC address. SMAC Value: Specify a source MAC address. DMAC Filter: Select “Any”, “UC”, “MC”, “BC” or “Specific” for destination MAC filtering. If “Specific”...
  • Page 149 ARP Frame Type: MAC Parameters SMAC Filter: Select “Any” or “Specific” for source MAC filtering. If “Specific” is selected, you need to further specify a source MAC address. SMAC Value: Specify a source MAC address. DMAC Filter: Select “Any”, “UC”, “MC” or “BC” for destination MAC filtering. Select “Any” to filter any kind of traffic.
  • Page 150 Sender IP Filter: Select “Any”, “Host”, or “Network” for sender IP filter. If “Host” is selected, you need to indicate a specific host IP address. If “Network” is selected, you need to indicate both network address and subnet mask. Sender IP Address: Specify a sender IP address. Sender IP Mask: Specify a subnet mask.
  • Page 151 IPv4 Frame Type: MAC Parameters DMAC Filter: Select “Any”, “UC”, “MC” or “BC” for destination MAC filtering. Select “Any” to filter any kind of traffic. Select “UC” to filter unicast traffic. Select “MC” to filter multicast traffic. Select “BC” to filter broadcast traffic. VLAN Parameters VLAN ID Filter: Select “Any”...
  • Page 152 need to indicate a specific host IP address. If “Network” is selected, you need to indicate both network address and subnet mask. SIP Address: Specify a source IP address. SIP Mask: Specify a source subnet mask. DIP Filter: Select “Any”, “Host”, or “Network” for destination IP filtering. If “Host” is selected, you need to indicate a specific host IP address.
  • Page 153 Source Port NO.: Specify a source port number (0~65535). Source Port Range: Specify a source port range (The source port number is from 0 to 65535). Destination Port Filter: Select “Any” to filter frames to any destination port. If “Specific” is selected, you need to further specify a destination port number.

  • Page 154: Lldp Configuration

    4.4.16 LLDP Configuration LLDP stands for Link Layer Discovery Protocol and runs over data link layer which is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.

  • Page 155: Loop Detection Configuration

    4.4.17 Loop Detection Configuration To set up Loop Detection function, select the option Loop Detection Configuration from the Switch Management menu and then the following screen page appears. Loop Detection: Enable or disable Loop Detection function. Detection Interval: Specify the time interval of performing Loop Detection. The maximum time interval is 180 seconds.

  • Page 156: Switch Monitor

    4.5 Switch Monitor Switch Monitor allows users to monitor the real-time operation status of the Managed Switch. Users may monitor the port link-up status or traffic counters for maintenance or diagnostic purposes. Select the folder Switch Monitor from the Main Menu and then the following screen page appears.

  • Page 157: Switch Port State

    4.5.1 Switch Port State In order to view the real-time port status of the Managed Switch, select Switch Port State from the Switch Monitor menu and then the following screen page appears. Port Number: The number of the port. Media Type: The media type of the port, either TX or Fiber. Port State: This shows each port‟s state which can be D (Disabled), B/L (Blocking/Listening), L (Learning) or F (Forwarding).

  • Page 158: Port Traffic Statistics

    4.5.2 Port Traffic Statistics In order to view the real-time port traffic statistics of the Managed Switch, select Port Traffic Statistics from the Switch Monitor menu and then the following screen page appears. Select: Choose the Traffic Statistics from the pull-down menu. Bytes Received: Total bytes received from each port.

  • Page 159: Port Packet Error

    4.5.3 Port Packet Error Port Packet Error Statistics mode counters allow users to view the port error of the Managed Switch. The event mode counter is calculated since the last time that counter was reset or cleared. Select Port Packet Error Statistics from the Switch Monitor menu and then the following screen page appears.

  • Page 160: Port Packet Analysis Statistics

    4.5.4 Port Packet Analysis Statistics Port Packet Analysis Statistics Mode Counters allow users to view the port analysis history of the Managed Switch. Event mode counters are calculated since the last time that counter was reset or cleared. Select Port Packet Analysis Statistics from the Switch Monitor menu and then the following screen page appears.

  • Page 161: Lacp Monitor

    4.5.5 LACP Monitor Click the LACP Monitor folder and then the two options will appears. 4.5.5.1 LACP Port Status LACP Port Status allows users to view a list of all LACP ports‟ information. Select LACP Port Status from the LACP monitor menu and then the following screen page appears. In this page, you can find the following information about LACP port status: Port Number: The number of the port.

  • Page 162: Lacp Statistics

    4.5.5.2 LACP Statistics In order to view the real-time LACP statistics status of the Managed Switch, select LACP Statistics from the LACP Monitor menu and then the following screen page appears. Port: LACP packets (LACPDU) transmitted or received from current port. LACP Transmitted: Packets transmitted from current port.

  • Page 163: Rstp Vlan Bridge Overview

    4.5.6.1 RSTP VLAN Bridge Overview RSTP VLAN Bridge Overview allows users to view a list of all RSTP VLANs‟ brief information, such as VLAN ID, Bridge ID, topology status and Root ID and to obtain detailed VLAN information after selecting. Select RSTP VLAN Bridge Overview from the RSTP Monitor menu and then the following screen page appears.

  • Page 164: Rstp Port Status

    4.5.6.2 RSTP Port Status RSTP Port Status allows users to view a list of all RSTP ports‟ information. Select RSTP Port Status from the RSTP Monitor menu and then the following screen page appears. In this page, you can find the following information about RSTP status: Port Number: The number of the port.

  • Page 165: Rstp Statistics

    4.5.6.3 RSTP Statistics In order to view the real-time RSTP statistics status of the Managed Switch, select RSTP Statistics from the RSTP Monitor menu and then the following screen page appears. RSTP Transmitted: The total transmitted RSTP packets from current port. STP Transmitted: The total transmitted STP packets from current port.

  • Page 166: X Monitor

    4.5.7 802.1X Monitor Click the 802.1X Monitor folder and then two options appear. 4.5.7.1 802.1X Port Status 802.1X Port Status allows users to view a list of all 802.1x ports‟ information. Select 802.1X port status from the 802.1x Monitor menu and then the following screen page appears. In this page, you can find the following information about 802.1X ports: Port: The number of the port.

  • Page 167: X Statistics

    4.5.7.2 802.1X Statistics In order to view the real-time 802.1X port statistics status of the Managed Switch, select 802.1x Statistics from the 802.1x Monitor menu and then the following screen page shows up. Select the port number from the pull-down menu to view statistics. 4.5.8 IGMP Monitor Click the IGMP Monitor folder and then the following screen page appears.

  • Page 168: Igmp Snooping Status

    4.5.8.1 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries‟ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select IGMP Snooping Status from the IGMP Monitor menu and then the following screen page appears. Update: Click “Update”...

  • Page 169: Igmp Group Table

    4.5.8.2 IGMP Group Table In order to view the real-time IGMP multicast group status of the Managed Switch, select IGMP Group Table from the IGMP monitor menu and then the following screen page appears. Update: Click “Update” to update the table. VLAN ID: VID of the specific VLAN Group: The multicast IP address of IGMP querier.

  • Page 170: Sfp Information

    4.5.10 SFP Information Click the SFP Information folder and then the following screen page appears. 4.5.10.1 SFP Port Info SFP Port Info displays each port‟s slide-in SFP Transceiver information e.g. Speed, Length, Vendor Name, Vendor PN, Vendor SN, and detection Temperature, Voltage , TX Bias, etc.. Select SFP Port Info from the SFP Information menu and then the following screen page appears.

  • Page 171: Sfp Port State

    4.5.10.2 SFP Port State Select SFP Port Status from the SFP Information menu and then the following screen page appears. Port Number: The number of the SFP module slide-in port. Temperature (C): The Slide-in SFP module operation temperature. Voltage (V): The Slide-in SFP module operation voltage. TX Bias (mA): The Slide-in SFP module operation current.

  • Page 172: Dchp Snooping

    4.5.11 DCHP Snooping DHCP Snooping displays the Managed Switch‟s DHCP Snooping table. Select DHCP Snooping from the Switch Monitor menu and then the following screen page appears. Update: Click “Update” to update the DHCP snooping table. Cli Port: View-only field that shows where the DHCP client binding port is. VID: View-only field that shows the VLAN ID of the client port.

  • Page 173: Loop Detection Status

    Chassis ID: View-only field that shows the MAC address of the LLDP frames received (the MAC address of the neighboring device). Remote Port: View-only field that shows the port number of the neighboring device. System Name: View-only field that shows the system name advertised by the neighboring device. Port Description: View-only field that shows the port description of the remote port.

  • Page 174: System Utility

    4.6 System Utility System Utility allows users to easily operate and maintain the system. Select the folder System Utility from the main menu and then the following screen page appears. 1. Event Log: Event log can keep a record of system‟s log events such as system warm start, cold start, link up/down, user login/logout, etc.

  • Page 175: Event Log

    4.6.1 Event Log Event log keep a record of user login and logout timestamp information. Select Event Log from the System Utility menu and then the following screen page appears. Click Clear to clear all Event log records. 4.6.2 Update The Managed Switch has both built-in TFTP and FTP clients.

  • Page 176: Load Factory Settings

    Click OK to start the download process and receive files from the server. A transmitting progress will be displayed during file transfer. Once completed, a process-completed message will pop up to remind the user. Click Put to start the upload process and transmit files to the server. A transmitting progress will be displayed during file transfer.

  • Page 177: Backup Configuration

    Select Load Factory Setting Except Network Configuration from the System Utility menu, the following screen page shows up. Click OK to start loading factory settings except network configuration. 4.6.5 Backup Configuration Select Backup Configuration from the System Utility menu and then the following screen page appears.

  • Page 178: Save Configuration

    4.7 Save Configuration In order to save configuration setting permanently, users need to save configuration first before resetting the Managed Switch. Select Save Configuration from the Console main menu and then the following screen page appears. Click OK to save the configuration. 4.8 Reset System After any configuration change, Reset System can make it effective.

  • Page 179: Appendix A: Free Radius Readme

    APPENDIX A: Free RADIUS readme The advanced RADIUS Server Set up for RADIUS Authentication is described as below. When free RADIUS client is enabled on the device, On the server side, it needs to put this file "dictionary.sample" under the directory /raddb, and modify these three files - "users", "clients.conf"...

  • Page 180: Appendix B: Set Up Dhcp Auto-Provisioning

    APPENDIX B: Set Up DHCP Auto-Provisioning Networking devices, such as switches or gateways, with DHCP Auto-provisioning function allow you to automatically upgrade firmware and configuration at startup process. Before setting up DHCP Server for auto-upgrade of firmware and configuration, please make sure the Managed Switch that you purchased can support DHCP Auto-provisioning.
  • Page 181 Step 2. Set up Auto Provision Server  Update DHCP Client Linux Fedora 12 supports “yum” function by default. First of all, update DHCP client function by issuing “yum install dhclient” command.  Install DHCP Server Issue “yum install dhcp” command to install DHCP server.
  • Page 182  Copy dhcpd.conf to /etc/dhcp/ directory Copy dhcpd.conf file provided by the vendor to /etc/dhcp/ directory. Please note that each vendor has their own way to define auto provisioning. Make sure to use the file provided by the vendor.  Enable and run DHCP service 1.
  • Page 183 Step 3. Modify dhcpd.conf file  Open dhcpd.conf file in /etc/dhcp/ directory Double-click dhcpd.conf placed in /etc/dhcp/ directory to open it.
  • Page 184  Modify dhcpd.conf file The following marked areas in dhcpd.conf file can be modified with values that work with your networking environment. 1. Define DHCP default and maximum lease time in seconds. Default lease time: If a client does not request a specific IP lease time, the server will assign a default lease time value.
  • Page 185 5. This value is configurable and can be defined by users. 6. Specify the protocol used (Protocol 1: FTP; Protocol 0: TFTP). 7. Specify the FTP or TFTP IP address. 8. Login TFTP server anonymously (TFTP does not require a login name and password). 9.
  • Page 186  Restart DHCP service...
  • Page 187 Every time when you modify dhcpd.conf file, DHCP service must be restarted. Issue “killall dhcpd” command to disable DHCP service and then issue “dhcpd” command to enable DHCP service. Step 4. Backup a Configuration File Before preparing a configuration file in TFTP/FTP Server, make sure the device generating the configuration file is set to “Get IP address from DHCP”...
  • Page 188 B. Auto-Provisioning Process This switching device is setting-free (through auto-upgrade and configuration) and its upgrade procedures are as follows: 1. The ISC DHCP server will recognize the device whenever it sends an IP address request to it, and it will tell the device how to get a new firmware or configuration. 2.

  • Page 189: Appendix C: Vlan Application Note

    APPENDIX C: VLAN Application Note Overview A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme instead of the physical layout. It can be used to combine any collection of LAN segments into a group that appears as a single LAN so as to logically segment the network into different broadcast domains.
  • Page 190 I. Port-Based VLAN Port-Based VLAN is uncomplicated in implementation and is useful for network administrators who wish to quickly and easily set up VLANs to isolate the effect of broadcast packets on their network. In the network diagram provided below, the network administrator is required to set up VLANs to separate traffic based on the following design conditions: ...

  • Page 191: Cli Configuration

    CLI Configuration: Steps… Commands… SWH> enable 1. Enter Global Configuration Password: mode. SWH# config SWH(config)# SWH(config)# vlan port-based Marketing 2. Create port-based VLANs OK ! “Marketing” and “RD” SWH(config)# vlan port-based RD OK ! SWH(config)# interface 1,21,23,26 3. Select port 1, 21, 23 and 26 to SWH(config-if-1,21,23,26)# configure.
  • Page 192 3. Add Port 1, 21, 23 and 26 in a group and name it to “Marketing”. Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN Click “OK” to apply the settings. 4. Click “New” to add a new Port-Based VLAN Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN 5.
  • Page 193 6. Check Port-Based VLAN settings. Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Deafult_VLAN from the VLAN table, make sure you have correct management VLAN and PVID configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command.
  • Page 194 II. Data VLAN In networking environment, VLANs can carry various types of network traffic. The most common network traffic carried in a VLAN could be voice-based traffic, management traffic and data traffic. In practice, it is common to separate voice and management traffic from data traffic such as files, emails.
  • Page 195 NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Default_VLAN from the VLAN table, make sure you have correct management VLAN and PVID configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command.
  • Page 196 2. Create a new Data VLAN 11 that includes Port 1 and Port 26 as members. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Click “New” to create a new VLAN. Data VLAN 11 that includes Port 1 and Port 26 as member ports.
  • Page 197 4. Change Port 1’s PVID to 11, and set Port 26 to trunk mode. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN> VLAN Interface Change Port 1‟s PVID to 11 Select “TRUNK” Click “OK” to apply the settings. Treatments of Packets: 1. A untagged packet arrives at Port 1 When an untagged packet arrives at Port 1, port 1‟s Port VLAN ID (11) will be added to the original port.
  • Page 198 III. Management VLAN For security and performance reasons, it is best to separate user traffic and management traffic. When Management VLAN is set up, only a host or hosts that is/are in this Management VLAN can manage the device; thus, broadcasts that the device receives or traffic (e.g. multicast) directed to the management port will be minimized.
  • Page 199 Web Management Configuration: 1. Select “Configure VLAN” option in IEEE 802.1Q Tag VLAN menu. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Click “New” to create a new VLAN. 2. Create a new Management VLAN 10 that includes only Port 26 as a member port. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Management VLAN 10 that...
  • Page 200 NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Deafult_VLAN from the VLAN table, make sure you have correct management VLAN and PVID configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command. 4.
  • Page 201 IV. Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
  • Page 202 SWH(config)# interface 1 6. Set Port 1 to tunnel mode. SWH(config-if-1)# vlan dot1q-vlan mode dot1q- tunnel OK ! SWH(config-if-1)# vlan dot1q-vlan access-vlan 15 7. Change Port 1‟s PVID to 15. OK ! SWH(config-if-1)# exit SWH(config)# interface 26 8. Set Port 26 to trunk mode. SWH(config-if-26)# vlan dot1q-vlan mode trunk OK ! SWH(config)# show vlan interface...
  • Page 203 2. Create a new Service VLAN 15 that includes Port 1 and Port 26 as member ports. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Click “New” to create a new VLAN. Create S-VLAN 15 that includes Port 1 and Port 26 as member ports.
  • Page 204 4. Change Port 1’s PVID to 15, and set Port 1 to DOT1Q-TUNNEL mode and Port 26 to TRUNK mode. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>VLAN Interface Set Port 1 to DOT1Q-TUNNEL mode and change Port 1‟s PVID to 15 Set Port 26 to TRUNK mode Click “OK”...
  • Page 205 This page is intentionally left blank. Revision History Manual Version Modification Firmware Version Date Add SSH function 1.08.90 2012/4 Remove CFM function Add “show default-setting” CLI command Modify Appendix C - VLAN Application 1.08.00 2011/9 Note with new CLI and Web GUI Revise VLAN descriptions...

Table of Contents