EtherWAN EX26262 Management Manual
  1. Manuals
  2. Brands
  3. EtherWAN Manuals
  4. Network Router
  5. EX26262
  6. Management manual

EtherWAN EX26262 Management Manual

Layer 2 gigabit poe ethernet switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Layer 2 Gigabit PoE

Ethernet Switch

 
 
 
Management Guide
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EX26262 and is the answer not in the manual?

Questions and answers

Related Manuals for EtherWAN EX26262

Summary of Contents for EtherWAN EX26262

  • Page 1: Ethernet Switch

                                                                  Management Guide Layer 2 Gigabit PoE   Ethernet Switch  ...
  • Page 2  ...
  • Page 3 AN AGEMEN T UI D E                                    ...
  • Page 4  ...

  • Page 5: About This Guide

      BOUT UIDE       This guide gives specific information on how to operate and use the URPOSE management functions of the switch.       The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
  • Page 6   BOUT UIDE   – 6 –  ...

  • Page 7: Table Of Contents

      ONTENTS       BOUT UIDE ONTENTS IGURES ABLES           ECTION ETTING TARTED     1    I   23  NTRODUCTION Key Features       Description of Software Features       System Defaults      ...
  • Page 8   ONTENTS     Configuring Power Reduction Reducing Power to Idle Queue Circuits Configuring Port Connections Configuring Security Configuring User Accounts Configuring User Privilege Levels Configuring The Authentication Method For Management Access Configuring SSH Configuring HTTPS Filtering IP Addresses for Management Access Using Simple Network Management Protocol Remote Monitoring Configuring Port Limit Controls...
  • Page 9 ONTENTS   Configuring IGMP Filtering MLD Snooping Configuring Global and Port-Related Settings for MLD Snooping Configuring VLAN Settings for MLD Snooping and Query Configuring MLD Filtering Link Layer Discovery Protocol Configuring LLDP Timing and TLVs Configuring LLDP-MED TLVs Power over Ethernet Configuring the MAC Address Table IEEE 802.1Q VLANs Assigning Ports to VLANs...
  • Page 10 ONTENTS   Configuring UPnP Configuring sFlow ONITORING THE WITCH Displaying Basic Information About the System Displaying System Information Displaying CPU Utilization Displaying Log Messages Displaying Log Details Displaying Information About Ports Displaying Port Status On the Front Panel Displaying an Overview of Port Statistics Displaying QoS Statistics Displaying QCL Status Displaying Detailed Port Statistics...
  • Page 11 ONTENTS   Displaying Information on Loop Protection Displaying Information on the Spanning Tree Displaying Bridge Status for STA Displaying Port Status for STA Displaying Port Statistics for STA Displaying MVR Information Displaying MVR Statistics Displaying MVR Group Information Displaying MVR SFM Information Showing IGMP Snooping Information Showing IGMP Snooping Status Showing IGMP Snooping Group Information...
  • Page 12 ONTENTS   ERFORMING YSTEM AINTENANCE Restarting the Switch Restoring Factory Defaults Upgrading Firmware Activating the Alternate Image Managing Configuration Files Saving Configuration Settings Restoring Configuration Settings       ECTION   PPENDICES             A   S 303  OFTWARE PECIFICATIONS Software Features...

  • Page 13: Figures

      IGURES                 Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Configuration Figure 4: IP Configuration Figure 5: IPv6 Configuration Figure 6: NTP Configuration Figure 7: Time Zone and Daylight Savings Time Configuration Figure 8: Configuring Settings for Remote Logging of Error Messages Figure 9: Configuring EEE Power Reduction Figure 10: Port Configuration...
  • Page 14   IGURES     Figure 32: ACL Port Configuration Figure 33: ACL Rate Limiter Configuration Figure 34: Access Control List Configuration Figure 35: DHCP Snooping Configuration Figure 36: DHCP Relay Configuration Figure 37: Configuring Global and Port-based Settings for IP Source Guard Figure 38: Configuring Static Bindings for IP Source Guard Figure 39: Configuring Global and Port Settings for ARP Inspection Figure 40: Configuring Static Bindings for ARP Inspection...
  • Page 15   IGURES     Figure 68: Private VLAN Membership Configuration Figure 69: Port Isolation Configuration Figure 70: Configuring MAC-Based VLANs Figure 71: Configuring Protocol VLANs Figure 72: Assigning Ports to Protocol VLANs Figure 73: Assigning Ports to an IP Subnet-based VLAN Figure 74: Configuring Global and Port Settings for a Voice VLAN Figure 75: Configuring an OUI Telephony List Figure 76: Configuring Ingress Port QoS Classification...
  • Page 16   IGURES     Figure 104: QoS Control List Status Figure 105: Detailed Port Statistics Figure 106: Access Management Statistics Figure 107: Port Security Switch Status Figure 108: Port Security Port Status Figure 109: Network Access Server Switch Status Figure 110: NAS Statistics for Specified Port Figure 111: ACL Status Figure 112: DHCP Snooping Statistics Figure 113: DHCP Relay Statistics...
  • Page 17   IGURES     Figure 140: LLDP-MED Neighbor Information Figure 141: LLDP Neighbor PoE Information Figure 142: LLDP Neighbor EEE Information Figure 143: LLDP Port Statistics Figure 144: Power over Ethernet Status Figure 145: MAC Address Table Figure 146: Showing VLAN Members Figure 147: Showing VLAN Port Status Figure 148: Showing MAC-based VLAN Membership Status Figure 149: Showing sFlow Statistics...
  • Page 18   IGURES   – 18 –  ...

  • Page 19: Tables

      ABLES                 Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: HTTPS System Support Table 6: SNMP Security Models and Levels Table 7: Dynamic QoS Profiles Table 8: QCE Modification Buttons Table 9: Recommended STA Path Cost Range...
  • Page 20   ABLES   – 20 –  ...

  • Page 21: Sectioni

          ECTION   ETTING TARTED       This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface.   This section includes these chapters:  ...
  • Page 22 | Getting Started   ECTION   – 22 –  ...

  • Page 23: Key Features

      NTRODUCTION               This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.

  • Page 24: Description Of Software Features

      | Introduction HAPTER Description of Software Features     Table 1: Key Features (Continued)   Feature Description   Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP)   Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private VLANs, and voice VLANs, and QinQ tunnel  ...
  • Page 25   | Introduction HAPTER Description of Software Features       ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP CCESS ONTROL port number or frame type) or layer 2 frames (based on any destination ISTS MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag priority).
  • Page 26   | Introduction HAPTER Description of Software Features     be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.  ...
  • Page 27   | Introduction HAPTER Description of Software Features       The switch supports up to 4096 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.

  • Page 28: System Defaults

      | Introduction HAPTER System Defaults       Differentiated Services (DiffServ) provides policy-based management UALITY OF ERVICE mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, DSCP values, or VLAN lists.
  • Page 29   | Introduction HAPTER System Defaults     Table 2: System Defaults (Continued)   Function Parameter Default SNMP SNMP Agent Disabled Community Strings “public” (read only) “private” (read/write) Traps Global: disabled Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: default_view Group: default_rw_group Port Configuration Admin Status...
  • Page 30   | Introduction HAPTER System Defaults     Table 2: System Defaults (Continued)   Function Parameter Default   IP Settings Management. VLAN VLAN 1 IP Address 192.168.1.10 Subnet Mask 255.255.255.0 Default Gateway 0.0.0.0   DHCP Client: Disabled Snooping: Disabled   Proxy service: Disabled  ...

  • Page 31: Nitial Witch Onfiguration

      NITIAL WITCH ONFIGURATION       This chapter includes information on connecting to the switch and basic configuration procedures.   To make use of the management features of your switch, you must first configure it with an IP address that is compatible with the network in which it is being installed.
  • Page 32 | Initial Switch Configuration   HAPTER       logging out. To change the password, click Security and then Users. Select “root” from the User Configuration list, fill in the Password fields, and then click Save. – 32 –  ...

  • Page 33: Ection

          ECTION   ONFIGURATION       This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser.   This section includes these chapters:   "Using the Web Interface" on page 35 ◆...
  • Page 34 | Web Configuration   ECTION   – 34 –  ...

  • Page 35: Sing The Eb Nterface

      SING THE NTERFACE       This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Mozilla Firefox 2.0.0.0, or more recent versions).

  • Page 36: Configuration Options

      | Using the Web Interface HAPTER Navigating the Web Browser Interface       Configurable parameters have a dialog box or a drop-down list. Once a ONFIGURATION configuration change has been made on a page, be sure to click on the PTIONS Save button to confirm the new setting.

  • Page 37: Main Menu

      | Using the Web Interface HAPTER Navigating the Web Browser Interface       Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.  ...
  • Page 38   | Using the Web Interface HAPTER Navigating the Web Browser Interface     Table 4: Main Menu (Continued)   Menu Description Page VLANs Virtual LANs       VLAN Membership Configures VLAN groups Ports Specifies default PVID and VLAN attributes Mirroring &...
  • Page 39   | Using the Web Interface HAPTER Navigating the Web Browser Interface     Table 4: Main Menu (Continued)   Menu Description Page History Periodically samples statistics on a physical interface Alarm Sets threshold bounds for a monitored variable Event Creates a response for an alarm  ...
  • Page 40   | Using the Web Interface HAPTER Navigating the Web Browser Interface     Table 4: Main Menu (Continued)   Menu Description Page Configures Multicast VLAN Registration, including global status, MVR VLAN, port mode, and immediate leave   IPMC IP Multicast IGMP Snooping Internet Group Management Protocol Snooping Basic...
  • Page 41   | Using the Web Interface HAPTER Navigating the Web Browser Interface     Table 4: Main Menu (Continued)   Menu Description Page Voice VLAN Configuration Configures global settings, including status, voice VLAN ID, VLAN aging time, and traffic priority; also configures port settings, including the way in which a port is added to the Voice VLAN, and blocking non-VoIP addresses Maps the OUI in the source MAC address of ingress packets...
  • Page 42   | Using the Web Interface HAPTER Navigating the Web Browser Interface     Table 4: Main Menu (Continued)   Menu Description Page Ports   State Displays a graphic image of the front panel indicating active port connections Traffic Overview Shows basic Ethernet port statistics QoS Statistics Shows the number of packets entering and leaving the...
  • Page 43   | Using the Web Interface HAPTER Navigating the Web Browser Interface   Table 4: Main Menu (Continued)   Menu Description Page     Switch   RMON Remote Monitoring Statistics Shows sampled data for each entry in the statistics group History Shows sampled data for each entry in the history group Alarm...
  • Page 44   | Using the Web Interface HAPTER Navigating the Web Browser Interface     Table 4: Main Menu (Continued)   Menu Description Page LLDP-MED Displays information about a remote device connected to a Neighbors port on this switch which is advertising LLDP-MED TLVs, including network connectivity device, endpoint device, capabilities, application type, and policy Displays status of all LLDP PoE neighbors, including power...
  • Page 45   | Using the Web Interface HAPTER Navigating the Web Browser Interface     Table 4: Main Menu (Continued)   Menu Description Page Configuration Save Saves configuration settings to a file on the management station Upload Restores configuration settings from a file on the management station  ...
  • Page 46   | Using the Web Interface HAPTER Navigating the Web Browser Interface   – 46 –  ...

  • Page 47: Onfiguring The Witch

      ONFIGURING THE WITCH               This chapter describes all of the basic configuration tasks.         ONFIGURING YSTEM NFORMATION Use the System Information Configuration page to identify the system by configuring contact information, system name, and the location of the switch.

  • Page 48: Setting An Ip Address

      | Configuring the Switch HAPTER Setting an IP Address         IP A ETTING AN DDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.

  • Page 49: Setting An Ipv6 Address

      | Configuring the Switch HAPTER Setting an IP Address     IP Router – IP address of the gateway router between the switch and ◆ management stations that exist on other network segments.   VLAN ID – ID of the configured VLAN. By default, all ports on the ◆...
  • Page 50   | Configuring the Switch HAPTER Setting an IP Address     kind of address cannot be passed by any router outside of the subnet. A link-local address is easy to set up, and may be useful for simple networks or basic troubleshooting tasks.

  • Page 51: Figure 5: Ipv6 Configuration

      | Configuring the Switch HAPTER Setting an IP Address     Address – Manually configures a global unicast address by specifying ◆ the full address and network prefix length (in the Prefix field). (Default: ::192.168.1.10)   Prefix – Defines the prefix length as a decimal value indicating how ◆...

  • Page 52: Configuring Ntp Service

      | Configuring the Switch HAPTER Configuring NTP Service         NTP S ONFIGURING ERVICE Use the NTP Configuration page to specify the Network Time Protocol (NTP) servers to query for the current time. NTP allows the switch to set its internal clock based on periodic updates from an NTP time server.

  • Page 53: Configuring The Time Zone And Daylight Savings Time

      | Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time         ONFIGURING THE ONE AND AYLIGHT AVINGS Use the Time Zone and Daylight Savings Time page to set the time zone and Daylight Savings Time.  ...
  • Page 54   | Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time     Non-Recurring – Sets the start, end, and offset times of summer ■ time for the switch on a one-time basis.   From – Start time for summer-time. ■...

  • Page 55: Configuring Remote Log Messages

      | Configuring the Switch HAPTER Configuring Remote Log Messages     Figure 7: Time Zone and Daylight Savings Time Configuration                                        ...

  • Page 56: Figure 8: Configuring Settings For Remote Logging Of Error Messages

      | Configuring the Switch HAPTER Configuring Remote Log Messages     acknowledgments. The syslog packet will always be sent out even if the syslog server does not exist.     ARAMETERS These parameters are displayed:   Server Mode – Enables/disables the logging of debug or error ◆...

  • Page 57: Configuring Power Reduction

      | Configuring the Switch HAPTER Configuring Power Reduction         ONFIGURING OWER EDUCTION The switch provides power saving methods including powering down the circuitry for port queues when not in use.       Use the EEE Configuration page to configure Energy Efficient Ethernet EDUCING OWER TO (EEE) for specified queues, and to specify urgent queues which are to...

  • Page 58: Configuring Port Connections

      | Configuring the Switch HAPTER Configuring Port Connections     If required, also specify urgent queues which will be powered up once data is queued and the default wakeup time has passed.   Click Save.   Figure 9: Configuring EEE Power Reduction  ...
  • Page 59   | Configuring the Switch HAPTER Configuring Port Connections     (Default: Autonegotiation enabled; Advertised capabilities for RJ- 45: 1000BASE-T - 10half, 10full, 100half, 100full, 1000full; SFP: 1000BASE-SX/LX/LH - 1000full)     The 1000BASE-T standard does not support forced mode. Auto- negotiation should always be used to establish a connection over any 1000BASE-T port or trunk.

  • Page 60: Configuring Security

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To configure port connection settings:   Click Configuration, Ports.   Make any required changes to the connection settings.   Click Save.   Figure 10: Port Configuration        ...

  • Page 61: Configuring User Accounts

      | Configuring the Switch HAPTER Configuring Security       Use the User Configuration page to control management access to the ONFIGURING switch based on manually configured user names and passwords. CCOUNTS   Advanced Configuration, Security, Switch, Users    ...

  • Page 62: Configuring User Privilege Levels

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To show user accounts:   Click Advanced Configuration, Security, Switch, Users.   Figure 11: Showing User Accounts                   To configure a user account:  ...
  • Page 63   | Configuring the Switch HAPTER Configuring Security     Security: Authentication, System Access Management, Port ■ (contains Dot1x port, MAC based and the MAC Address Limit), ACL, HTTPS, SSH, ARP Inspection, and IP source guard.   IP: Everything except for ping. ■...

  • Page 64: Configuring The Authentication Method For Management Access

      | Configuring the Switch HAPTER Configuring Security     Figure 13: Configuring Privilege Levels                                                    ...

  • Page 65: Figure 14: Authentication Server Operation

      | Configuring the Switch HAPTER Configuring Security     pairs with associated privilege levels for each user that requires management access to the switch.   Figure 14: Authentication Server Operation                    ...

  • Page 66: Figure 15: Authentication Method For Management Access

      | Configuring the Switch HAPTER Configuring Security       This guide assumes that RADIUS and TACACS+ servers have already been configured to support AAA. The configuration of RADIUS and TACACS+ server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS and TACACS+ server software.

  • Page 67: Configuring Ssh

      | Configuring the Switch HAPTER Configuring Security       Use the SSH Configuration page to configure access to the Secure Shell ONFIGURING (SSH) management interface. SSH provides remote management access to this switch as a secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a public-key that the client uses along with a local user name and password for access authentication.

  • Page 68: Configuring Https

      | Configuring the Switch HAPTER Configuring Security       Use the HTTPS Configuration page to enable the Secure Hypertext Transfer HTTPS ONFIGURING Protocol (HTTPS) over the Secure Socket Layer (SSL). HTTPS provides secure access (i.e., an encrypted connection) to the switch's web interface.  ...

  • Page 69: Filtering Ip Addresses For Management Access

      | Configuring the Switch HAPTER Configuring Security     Click Save.   Figure 17: HTTPS Configuration                       Use the Access Management Configuration page to create a list of up to 16 ILTERING IP addresses or IP address groups that are allowed management access to DDRESSES FOR...

  • Page 70: Using Simple Network Management Protocol

      | Configuring the Switch HAPTER Configuring Security     Enter the start and end of an address range.   Mark the protocols to restrict based on the specified address range. The following example shows how to restrict management access for all protocols to a specific address range.

  • Page 71: Table 6: Snmp Security Models And Levels

      | Configuring the Switch HAPTER Configuring Security     that are defined by a security model and specified security levels. Each group also has a defined security access to set of MIB objects for reading and writing, which are known as “views.” The switch has a default view (all MIB objects) and default groups defined for security models v1 and v2c.
  • Page 72   | Configuring the Switch HAPTER Configuring Security     ARAMETERS These parameters are displayed:   SNMP System Configuration   Mode - Enables or disables SNMP service. (Default: Disabled) ◆   Version - Specifies the SNMP version to use. (Options: SNMP v1, ◆...
  • Page 73   | Configuring the Switch HAPTER Configuring Security     Trap Destination Address - IPv4 address of the management station ◆ to receive notification messages.   Trap Destination IPv6 Address - IPv6 address of the management ◆ station to receive notification messages. An IPv6 address must be formatted according to RFC 2373 “IPv6 Addressing Architecture,”...
  • Page 74   | Configuring the Switch HAPTER Configuring Security     Trap Security Name (SNMPv3) - Indicates the SNMP trap security ◆ name. SNMPv3 traps and informs use USM for authentication and privacy. A unique security name is needed when SNMPv3 traps or informs are enabled.

  • Page 75: Figure 19: Snmp System Configuration

      | Configuring the Switch HAPTER Configuring Security     Figure 19: SNMP System Configuration                                                    ...

  • Page 76: Figure 20: Snmpv3 Community Configuration

      | Configuring the Switch HAPTER Configuring Security     For SNMPv3, these strings are treated as a Security Name, and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 Groups Configuration table (see "Configuring SNMPv3 Groups" on page 78).
  • Page 77   | Configuring the Switch HAPTER Configuring Security     ARAMETERS These parameters are displayed:   Engine ID - The engine identifier for the SNMP agent on the remote ◆ device where the user resides. (Range: 10-64 hex digits, excluding a string of all 0’s or all F’s)  ...

  • Page 78: Figure 21: Snmpv3 User Configuration

      | Configuring the Switch HAPTER Configuring Security     Define the user name, security level, authentication and privacy settings.   Click Save.   Figure 21: SNMPv3 User Configuration                       SNMP ONFIGURING ROUPS...

  • Page 79: Figure 22: Snmpv3 Group Configuration

      | Configuring the Switch HAPTER Configuring Security     Select the security name. For SNMP v1 and v2c, the security names displayed are based on the those configured in the SNMPv3 Communities menu. For USM, the security names displayed are based on the those configured in the SNMPv3 Users Configuration menu.

  • Page 80: Figure 23: Snmpv3 View Configuration

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To configure SNMPv3 views:   Click Advanced Configuration, Security, Switch, SNMP, Views.   Click “Add new view” to set up a new view.   Enter the view name, view type, and OID subtree.  ...

  • Page 81: Remote Monitoring

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To configure SNMPv3 group access rights:   Click Advanced Configuration, Security, Switch, SNMP, Access.   Click Add New Access to create a new entry.   Specify the group name, security settings, read view, and write view.  ...

  • Page 82: Figure 25: Rmon Statistics Configuration

      | Configuring the Switch HAPTER Configuring Security     The information collected for each entry includes: drop events, input ◆ octets, packets, broadcast packets, multicast packets, CRC alignment errors, undersize packets, oversize packets, fragments, jabbers, collisions, and frames of various sizes.  ...

  • Page 83: Figure 26: Rmon History Configuration

      | Configuring the Switch HAPTER Configuring Security     ARAMETERS The following parameters are displayed:   ID - Index to this entry. (Range: 1-65535) ◆   Data Source – Port identifier. ◆   Interval - The polling interval. (Range: 1-3600 seconds; Default: 1800 ◆...
  • Page 84   | Configuring the Switch HAPTER Configuring Security     ARAMETERS The following parameters are displayed:   ID – Index to this entry. (Range: 1-65535) ◆   Interval – The polling interval. (Range: 1-2^31 seconds) ◆   Variable – The object identifier of the MIB variable to be sampled. ◆...

  • Page 85: Figure 27: Rmon Alarm Configuration

      | Configuring the Switch HAPTER Configuring Security     Falling Threshold – If the current value is less than the falling ◆ threshold, and the last sample value was greater than this threshold, then an alarm will be generated. After a falling event has been generated, another such event will not be generated until the sampled value has risen above the falling threshold, reaches the rising threshold, and again moves back down to the failing threshold.

  • Page 86: Configuring Port Limit Controls

      | Configuring the Switch HAPTER Configuring Security     Type – Specifies the type of event to initiate: ◆   none – No event is generated. ■   log – Generates an RMON log entry when the event is triggered. ■...
  • Page 87   | Configuring the Switch HAPTER Configuring Security     Advanced Configuration, Security, Network, Limit Control     ARAMETERS The following parameters are displayed:   System Configuration   Mode – Enables or disables Limit Control is globally on the switch. If ◆...
  • Page 88   | Configuring the Switch HAPTER Configuring Security     Aging enabled, new SNMP traps will be sent every time the limit is exceeded.   Shutdown: If Limit + 1 MAC addresses is seen on the port, shut ■ down the port. This implies that all secured MAC addresses will be removed from the port, and no new addresses will be learned.

  • Page 89: Configuring Authentication Through Network Access Servers

      | Configuring the Switch HAPTER Configuring Security     Figure 29: Port Limit Control Configuration                                                 Network switches can provide open and easy access to network resources ONFIGURING by simply attaching a client PC.
  • Page 90   | Configuring the Switch HAPTER Configuring Security     This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the client, and a remote RADIUS authentication server to verify user identity and access rights.
  • Page 91   | Configuring the Switch HAPTER Configuring Security     these encryption methods in Windows 95 and 98, you can use the AEGIS dot1x client or other comparable client software.)   MAC-based authentication allows for authentication of more than one user on the same port, and does not require the user to have special 802.1X software installed on his system.
  • Page 92   | Configuring the Switch HAPTER Configuring Security     MAC address in question at regular intervals and free resources if no activity is seen within the given age period.   If reauthentication is enabled and the port is in a 802.1X-based mode, this is not so critical, since supplicants that are no longer attached to the port will get removed upon the next reauthentication, which will fail.

  • Page 93: Table 7: Dynamic Qos Profiles

      | Configuring the Switch HAPTER Configuring Security     RADIUS Attributes Used in Identifying a QoS Class   The User-Priority-Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access-Accept packet.   Only the first occurrence of the attribute in the packet will be considered.
  • Page 94   | Configuring the Switch HAPTER Configuring Security     Failure to configure the received profiles on the authenticated ■ port.   When the last user logs off on a port with a dynamic QoS ■ assignment, the switch restores the original QoS configuration for the port.
  • Page 95   | Configuring the Switch HAPTER Configuring Security     RADIUS Attributes Used in Identifying a VLAN ID   RFC 2868 and RFC 3580 form the basis for the attributes used in identifying a VLAN ID in an Access-Accept packet. The following criteria are used:  ...
  • Page 96   | Configuring the Switch HAPTER Configuring Security     in the Guest VLAN. If disabled, the switch will first check its history to see if an EAPOL frame has previously been received on the port (this history is cleared if the port link goes down or the port's Admin State is changed), and if not, the port will be placed in the Guest VLAN.
  • Page 97   | Configuring the Switch HAPTER Configuring Security     Single 802.1X - At most one supplicant can get authenticated on ■ the port at a time. If more than one supplicant is connected to a port, the one that comes first when the port's link comes up will be the first one considered.
  • Page 98   | Configuring the Switch HAPTER Configuring Security     The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients don't need special supplicant software to authenticate.
  • Page 99   | Configuring the Switch HAPTER Configuring Security     Unauthorized - The port is in Force Unauthorized mode, or a ■ single-supplicant mode and the supplicant is not successfully authorized by the RADIUS server.   X Auth/Y Unauth - The port is in a multi-supplicant mode. X ■...

  • Page 100: Filtering Traffic With Access Control Lists

      | Configuring the Switch HAPTER Configuring Security     Figure 31: Network Access Server Configuration                                                  ...
  • Page 101   | Configuring the Switch HAPTER Configuring Security     Advanced Configuration, Security, Network, ACL, Ports     ARAMETERS These parameters are displayed:   Port - Port Identifier. ◆   Policy ID - An ACL policy configured on the ACE Configuration page ◆...

  • Page 102: Figure 32: Acl Port Configuration

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To configure ACL policies and responses for a port:   Click Advanced Configuration, Security, Network, ACL, Ports.   Assign an ACL policy configured on the ACE Configuration page, specify the responses to invoke when a matching frame is seen, including the filter mode, copying matching frames to another port, logging matching frames, or shutting down the port.

  • Page 103: Figure 33: Acl Rate Limiter Configuration

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To configure rate limits which can be applied to a port:   Click Advanced Configuration, Security, Network, ACL, Rate Limiters.   For any of the rate limiters, select the maximum ingress rate that will be supported on a port once a match has been found in an assigned ACL.
  • Page 104   | Configuring the Switch HAPTER Configuring Security     ACLs provide frame filtering based on any of the following criteria: ◆   Any frame type (based on MAC address, VLAN ID, VLAN priority) ■   Ethernet type (based on Ethernet type value, MAC address, VLAN ■...

  • Page 105: Table 8: Qce Modification Buttons

      | Configuring the Switch HAPTER Configuring Security     The following buttons are used to edit or move the ACL entry (ACE):   Table 8: QCE Modification Buttons   Button Description     Inserts a new ACE before the current row. Edits the ACE.
  • Page 106   | Configuring the Switch HAPTER Configuring Security     A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX).   ARP: ◆  ...
  • Page 107   | Configuring the Switch HAPTER Configuring Security     protocol address length (PLN) settings. (Options: Any - any value is allowed, 0 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must not match this entry, 1 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must match this entry;...
  • Page 108   | Configuring the Switch HAPTER Configuring Security     TCP Parameters   Source Port Filter - Specifies the TCP source filter for this rule. ■ (Options: Any, Specific (0-65535), Range (0-65535); Default: Any)   Dest. Port Filter - Specifies the TCP destination filter for this ■...
  • Page 109   | Configuring the Switch HAPTER Configuring Security     Any - any value is allowed, Yes - IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must match this entry, No - IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not match this entry;...
  • Page 110   | Configuring the Switch HAPTER Configuring Security     VLAN Parameters   802.1Q Tagged - Specifies whether or not frames should be 802.1Q ◆ tagged. (Options: Any, Disabled, Enabled; Default: Any)   VLAN ID Filter - Specifies the VLAN to filter for this rule. ◆...

  • Page 111: Configuring Dhcp Snooping

      | Configuring the Switch HAPTER Configuring Security     Figure 34: Access Control List Configuration                                                  ...
  • Page 112   | Configuring the Switch HAPTER Configuring Security     VLAN interface, DHCP messages received on an untrusted interface from a device not listed in the DHCP snooping table will be dropped.   Table entries are only learned for trusted interfaces. An entry is added ◆...

  • Page 113: Figure 35: Dhcp Snooping Configuration

      | Configuring the Switch HAPTER Configuring Security     DHCP server, any packets received from untrusted ports are dropped.     ARAMETERS These parameters are displayed:   Snooping Mode – Enables DHCP snooping globally. When DHCP ◆ snooping is enabled, DHCP request messages will be forwarded to trusted ports, and reply packets only allowed from trusted ports.

  • Page 114: Configuring Dhcp Relay And Option 82 Information

      | Configuring the Switch HAPTER Configuring Security       Use the DHCP Relay Configuration page to configure DHCP relay service for DHCP ONFIGURING attached host devices. If a subnet does not include a DHCP server, you can ELAY AND PTION relay DHCP client requests to a DHCP server on another subnet.

  • Page 115: Configuring Ip Source Guard

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To configure DHCP Relay:   Click Advanced Configuration, Security, Network, DHCP, Relay.   Enable the DHCP relay function, specify the DHCP server’s IP address, enable Option 82 information mode, and set the policy by which to handle relay information found in client packets.
  • Page 116   | Configuring the Switch HAPTER Configuring Security     When enabled, traffic is filtered based upon dynamic entries learned via ◆ DHCP snooping (see "Configuring DHCP Snooping"), or static addresses configured in the source guard binding table.   If IP source guard is enabled, an inbound packet’s IP address will be ◆...

  • Page 117: Figure 37: Configuring Global And Port-Based Settings For Ip Source Guard

      | Configuring the Switch HAPTER Configuring Security     dynamic clients is equal 0, the switch will only forward IP packets that are matched in static entries for a given port. (Default: Unlimited)     NTERFACE To set the IP Source Guard filter for ports:  ...

  • Page 118: Figure 38: Configuring Static Bindings For Ip Source Guard

      | Configuring the Switch HAPTER Configuring Security     If there is an entry with the same VLAN ID and MAC address, and ■ the type of entry is static IP source guard binding, then the new entry will replace the old one.  ...

  • Page 119: Configuring Arp Inspection

      | Configuring the Switch HAPTER Configuring Security       ARP Inspection is a security feature that validates the MAC Address ONFIGURING bindings for Address Resolution Protocol packets. It provides protection NSPECTION against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the-middle”...

  • Page 120: Figure 39: Configuring Global And Port Settings For Arp Inspection

      | Configuring the Switch HAPTER Configuring Security     ARP I ONFIGURING LOBAL AND ETTINGS FOR NSPECTION Use the ARP Inspection Configuration page to enable ARP inspection globally for the switch and for any ports on which it is required.  ...

  • Page 121: Figure 40: Configuring Static Bindings For Arp Inspection

      | Configuring the Switch HAPTER Configuring Security     ARP I ONFIGURING TATIC INDINGS FOR NSPECTION Use the Static ARP Inspection Table to bind a static address to a port. Table entries include a port identifier, VLAN identifier, source MAC address in ARP request packets, and source IP address in ARP request packets.

  • Page 122: Specifying Authentication Servers

      | Configuring the Switch HAPTER Configuring Security       Use the Authentication Server Configuration page to control management PECIFYING access based on a list of user names and passwords configured on a UTHENTICATION RADIUS or TACACS+ remote access authentication server, and to ERVERS authenticate client access for IEEE 802.1X port authentication (see page...

  • Page 123: Figure 41: Authentication Configuration

      | Configuring the Switch HAPTER Configuring Security     NTERFACE To configure authentication for management access in the web interface:   Click Advanced Configuration, Security, AAA.   Configure the authentication method for management client types, the common server timing parameters, and address, UDP port, and secret key for each required RADIUS or TACACS+ server.

  • Page 124: Creating Trunk Groups

      | Configuring the Switch HAPTER Creating Trunk Groups         REATING RUNK ROUPS You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches.

  • Page 125: Configuring Static Trunks

      | Configuring the Switch HAPTER Creating Trunk Groups       Use the Aggregation Mode Configuration page to configure the aggregation ONFIGURING TATIC mode and members of each static trunk group. RUNKS   Basic/Advanced Configuration, Aggregation, Static     SAGE UIDELINES When configuring static trunks, you may not be able to link switches of...
  • Page 126   | Configuring the Switch HAPTER Creating Trunk Groups     Destination MAC Address – All traffic with the same destination ■ MAC address is output on the same link in a trunk. This mode works best for switch-to-switch trunk links where traffic through the switch is destined for many different hosts.

  • Page 127: Configuring Lacp

      | Configuring the Switch HAPTER Creating Trunk Groups     Figure 42: Static Trunk Configuration                                                  ...
  • Page 128   | Configuring the Switch HAPTER Creating Trunk Groups     Ports assigned to a common link aggregation group (LAG) must meet ◆ the following criteria:   Ports must have the same LACP Admin Key. Using auto- ■ configuration of the Admin Key will avoid this problem.  ...

  • Page 129: Configuring Loop Protection

      | Configuring the Switch HAPTER Configuring Loop Protection     Set at least one of the ports in each LAG to Active initiation mode, either at the near end or far end of the trunk.   Click Save.   Figure 43: LACP Port Configuration  ...
  • Page 130   | Configuring the Switch HAPTER Configuring Loop Protection     Shutdown Time – The interval to wait before the switch automatically ◆ releases an interface from shutdown state. (Range: 1-604,800 seconds, or 0 to disable automatic recovery)   If the recovery time is set to zero, any ports placed in shutdown state will remain in that state until the switch is reset.

  • Page 131: Configuring The Spanning Tree Algorithm

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     Figure 44: Loop Protection Configuration                                              ...

  • Page 132: Figure 45: Stp Root Ports And Designated Ports

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     Figure 45: STP Root Ports and Designated Ports         Designated       Root                 Root Designated  ...

  • Page 133: Configuring Global Settings For Sta

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including the Region Name, Revision Level and Configuration Digest – see "Configuring Multiple Spanning Trees"...
  • Page 134   | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     Rapid Spanning Tree Protocol ◆   RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below:  ...
  • Page 135   | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     priority, the device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.)   Default: 128 ■ Range: 0-240, in steps of 16 ■...

  • Page 136: Figure 48: Sta Bridge Configuration

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     administrative edge is enabled on a port. BDPU filtering is configured on a per-port basis. (Default: Disabled)   Edge Port BPDU Guard – This feature protects edge ports from ◆...

  • Page 137: Configuring Multiple Spanning Trees

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm       Use the MSTI Mapping page to add VLAN groups to an MSTP instance ONFIGURING (MSTI), or to designate the name and revision of the VLAN-to-MSTI ULTIPLE PANNING mapping used on this switch.

  • Page 138: Figure 49: Adding A Vlan To An Mst Instance

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     MSTI Mapping   MSTI – Instance identifier to configure. The CIST is not available for ◆ explicit mapping, as it will receive the VLANs not explicitly mapped. (Range: 1-7)  ...

  • Page 139: Configuring Spanning Tree Bridge Priorities

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm       Use the MSTI Priorities page to configure the bridge priority for the CIST ONFIGURING and any configured MSTI. Remember that RSTP looks upon each MST PANNING Instance as a single bridge node.

  • Page 140: Configuring Stp/Rstp/Cist Interfaces

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm       Use the CIST Ports Configuration page to configure STA attributes for ONFIGURING interfaces when the spanning tree mode is set to STP or RSTP, or for STP/RSTP/CIST interfaces in the CIST.

  • Page 141: Table 10: Recommended Sta Path Costs

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     Table 10: Recommended STA Path Costs   Port Type Link Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet Half Duplex 2,000,000 Full Duplex 1,999,999 Trunk 1,000,000   Fast Ethernet Half Duplex 200,000 Full Duplex...
  • Page 142   | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     tree priority. Such a port will be selected as an Alternate Port after the Root Port has been selected. If set, this can cause a lack of spanning tree connectivity.

  • Page 143: Configuring Mist Interfaces

      | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm     NTERFACE To configure settings for STP/RSTP/CIST interfaces:   Click Configuration, Spanning Tree, CIST Ports.   Modify the required attributes.   Click Save.   Figure 51: STP/RSTP/CIST Port Configuration  ...

  • Page 144: Multicast Vlan Registration

      | Configuring the Switch HAPTER Multicast VLAN Registration     Priority – Defines the priority used for this port in the Spanning Tree ◆ Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.

  • Page 145: Configuring General Mvr Settings

      | Configuring the Switch HAPTER Multicast VLAN Registration     802.1Q or private VLANs cannot exchange any information (except through upper-level routing services).   Figure 53: MVR Concept         Multicast Router Satellite Services        ...
  • Page 146   | Configuring the Switch HAPTER Multicast VLAN Registration     ARAMETERS These parameters are displayed:   MVR Configuration   MVR Mode – When MVR is enabled on the switch, any multicast data ◆ associated with an MVR group is sent from all designated source ports, to all receiver ports that have registered to receive data from that multicast group.
  • Page 147   | Configuring the Switch HAPTER Multicast VLAN Registration     Source (S) – Configures uplink ports to receive and send multicast ■ data as source ports. Subscribers cannot be directly connected to source ports. Also, note that MVR source ports should not overlap ports in the management VLAN.

  • Page 148: Configuring Mvr Channel Settings

      | Configuring the Switch HAPTER Multicast VLAN Registration     Figure 54: Configuring General MVR Settings                                         Use the MVR Channel Configuration page to view dynamic multicast group ONFIGURING bindings for a multicast VLAN, or to configure static bindings for a multicast HANNEL...

  • Page 149: Igmp Snooping

      | Configuring the Switch HAPTER IGMP Snooping     Start Address - The starting IPv4/IPv6 Multicast Group Address that ◆ will be used as a streaming channel.   End Address - The ending IPv4/IPv6 Multicast Group Address that will ◆...

  • Page 150: Configuring Global And Port-Related Settings For Igmp Snooping

      | Configuring the Switch HAPTER IGMP Snooping     If there is no multicast router attached to the local subnet, multicast traffic and query messages may not be received by the switch. In this case (Layer 2) IGMP Query can be used to actively ask the attached hosts if they want to receive a specific multicast service.
  • Page 151   | Configuring the Switch HAPTER IGMP Snooping     subsequent multicast traffic not found in the table is dropped, otherwise it is flooded throughout the VLAN.   IGMP SSM Range - The Source-Specific Multicast Range allows SSM- ◆ aware hosts and routers to run the SSM service model for groups in the specified address range.
  • Page 152   | Configuring the Switch HAPTER IGMP Snooping     When proxy reporting is enabled with this command, the switch performs “IGMP Snooping with Proxy Reporting” (as defined in DSL Forum TR-101, April 2006), including report suppression, last leave, and query suppression.  ...

  • Page 153: Configuring Vlan Settings For Igmp Snooping And Query

      | Configuring the Switch HAPTER IGMP Snooping     IGMP throttling sets a maximum number of multicast groups that a port can join at the same time. When the maximum number of groups is reached on a port, any new IGMP join reports will be dropped.  ...
  • Page 154   | Configuring the Switch HAPTER IGMP Snooping     IGMP Querier - When enabled, the switch can serve as the Querier ◆ (on the selected interface), which is responsible for asking hosts if they want to receive multicast traffic. (Default: Disabled)  ...

  • Page 155: Configuring Igmp Filtering

      | Configuring the Switch HAPTER IGMP Snooping     this host is the last to leave the group by sending out an IGMP group- specific or group-and-source-specific query message, and starts a timer. If no reports are received before the timer expires, the group record is deleted, and a report is sent to the upstream multicast router.

  • Page 156: Mld Snooping

      | Configuring the Switch HAPTER MLD Snooping     checked against the these groups. If a requested multicast group is denied, the IGMP join report is dropped.     NTERFACE To configure IGMP Snooping Port Group Filtering:   Click Configuration, IGMP Snooping, Port Group Filtering.  ...
  • Page 157   | Configuring the Switch HAPTER MLD Snooping     between multicast clients and servers, and dynamically configure the switch ports which need to forward multicast traffic.   Multicast routers use information from MLD snooping and query reports, along with a multicast routing protocol such as PIMv6, to support IP multicasting across the Internet.
  • Page 158   | Configuring the Switch HAPTER MLD Snooping     query to the member port which received the leave message, and then start the last member query timer for that port.   When the conditions in the preceding item all apply, except that the receiving port is a router port, then the switch will not send a GS-query, but will immediately start the last member query timer for that port.

  • Page 159: Configuring Vlan Settings For Mld Snooping And Query

      | Configuring the Switch HAPTER MLD Snooping     Fast Leave can improve bandwidth usage for a network which frequently experiences many MLD host add and leave requests.   Throttling - Limits the number of multicast groups to which a port can ◆...
  • Page 160   | Configuring the Switch HAPTER MLD Snooping     When MLD snooping is enabled globally, the per VLAN interface settings for MLD snooping take precedence. When MLD snooping is disabled globally, snooping can still be configured per VLAN interface, but the interface settings will not take effect until snooping is re-enabled globally.
  • Page 161   | Configuring the Switch HAPTER MLD Snooping     the maximum time this system waits for a response to general queries. (Range: 10-31744 tenths of a second; Default: 10 seconds)   LLQI - The Last Listener Query Interval (RFC 3810 – MLDv2 for IP) sets ◆...

  • Page 162: Configuring Mld Filtering

      | Configuring the Switch HAPTER Link Layer Discovery Protocol       Use the MLD Snooping Port Group Filtering Configuration page to filter ONFIGURING specific multicast traffic. In certain switch applications, the administrator ILTERING may want to control the multicast services that are available to end users; for example, an IP/TV service based on a specific subscription plan.

  • Page 163: Configuring Lldp Timing And Tlvs

      | Configuring the Switch HAPTER Link Layer Discovery Protocol     LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers.       Use the LLDP Configuration page to set the timing attributes used for the LLDP ONFIGURING transmission of LLDP advertisements, and the device information which is...
  • Page 164   | Configuring the Switch HAPTER Link Layer Discovery Protocol     Mode – Enables LLDP message transmit and receive modes for LLDP ◆ Protocol Data Units. (Options: Disabled, Enabled - TxRx, Rx only, Tx only; Default: Disabled)   CDP Aware – Enables decoding of Cisco Discovery Protocol frames. ◆...

  • Page 165: Figure 62: Lldp Configuration

      | Configuring the Switch HAPTER Link Layer Discovery Protocol     The management address TLV may also include information about the specific interface associated with this address, and an object identifier indicating the type of hardware component or protocol entity associated with this address.

  • Page 166: Configuring Lldp-Med Tlvs

      | Configuring the Switch HAPTER Link Layer Discovery Protocol       Use the LLDP-MED Configuration page to set the device information which LLDP- ONFIGURING is advertised for end-point devices. MED TLV   LLDP-MED (Link Layer Discovery Protocol - Media Endpoint Discovery) is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches.
  • Page 167   | Configuring the Switch HAPTER Link Layer Discovery Protocol     Coordinates Location   Latitude – Normalized to within 0-90 degrees with a maximum of 4 ◆ digits. It is possible to specify the direction to either North of the equator or South of the equator.
  • Page 168   | Configuring the Switch HAPTER Link Layer Discovery Protocol     Trailing street suffix - Trailing street suffix. (Example: SW) ■ Street suffix - Street suffix. (Example: Ave, Platz) ■ House no. - House number. (Example: 21) ■ House no. suffix - House number suffix. (Example: A, 1/2) ■...
  • Page 169   | Configuring the Switch HAPTER Link Layer Discovery Protocol     This network policy is potentially advertised and associated with multiple sets of application types supported on a given port. The application types specifically addressed are:   Voice ■  ...
  • Page 170   | Configuring the Switch HAPTER Link Layer Discovery Protocol     endpoints frequently does not support multiple VLANs, if at all, and are typically configured to use an 'untagged’ VLAN or a single 'tagged’ data specific VLAN. When a network policy is defined for use with an 'untagged’...

  • Page 171: Figure 63: Lldp-Med Configuration

      | Configuring the Switch HAPTER Link Layer Discovery Protocol     NTERFACE To configure LLDP-MED TLVs:   Click Configuration, LLDP-MED.   Modify any of the timing parameters as required.   Set the fast start repeat count, descriptive information for the end- point device, and policies applied to selected ports.

  • Page 172: Power Over Ethernet

      | Configuring the Switch HAPTER Power over Ethernet         OWER OVER THERNET Use the Power Over Ethernet Configuration page to set the maximum PoE power provided to a port, the maximum power budget for the switch (power available to all RJ-45 ports), the port PoE operating mode, power allocation priority, and the maximum power allocated to each port.
  • Page 173   | Configuring the Switch HAPTER Power over Ethernet     Advanced Configuration, PoE     ARAMETERS These parameters are displayed:   Reserved Power determined by - There are three modes for ◆ configuring how the ports or attached Powered Devices (PD) may reserve power:  ...

  • Page 174: Figure 64: Configuring Poe Settings

      | Configuring the Switch HAPTER Power over Ethernet     PoE Mode – The PoE operating mode for a port includes these options: ◆   Disabled – PoE is disabled for the port. ■   PoE – Enables PoE IEEE 802.3af (Class 4 PDs limited to 15.4W) ■...

  • Page 175: Configuring The Mac Address Table

      | Configuring the Switch HAPTER Configuring the MAC Address Table         MAC A ONFIGURING THE DDRESS ABLE Use the MAC Address Table Configuration page to configure dynamic address learning or to assign static addresses to specific ports.  ...

  • Page 176: Figure 65: Mac Address Table Configuration

      | Configuring the Switch HAPTER Configuring the MAC Address Table     A static address can be assigned to a specific port on this switch. Static addresses are bound to the assigned port and will not be moved. When a static address is seen on another port, the address will be ignored and will not be written to the address table.

  • Page 177: Ieee 802.1Q Vlans

      | Configuring the Switch HAPTER IEEE 802.1Q VLANs         IEEE 802.1Q VLAN In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.

  • Page 178: Assigning Ports To Vlans

      | Configuring the Switch HAPTER IEEE 802.1Q VLANs       Use the VLAN Membership Configuration page to enable VLANs for this SSIGNING ORTS TO switch by assigning each port to the VLAN group(s) in which it will VLAN participate.

  • Page 179: Configuring Vlan Attributes For Port Members

      | Configuring the Switch HAPTER IEEE 802.1Q VLANs       Use the VLAN Port Configuration page to configure VLAN attributes for VLAN ONFIGURING specific interfaces, including processing Queue-in-Queue frames with TTRIBUTES FOR embedded tags, enabling ingress filtering, setting the accepted frame EMBERS types, and configuring the default VLAN identifier (PVID).
  • Page 180   | Configuring the Switch HAPTER IEEE 802.1Q VLANs     If ingress filtering is enabled and a port receives frames tagged for ■ VLANs for which it is not a member, these frames will be discarded.   If ingress filtering is disabled and a port receives frames tagged for ■...

  • Page 181: Configuring Private Vlans

      | Configuring the Switch HAPTER Configuring Private VLANs     NTERFACE To configure attributes for VLAN port members:   Click Configuration, VLANs, Ports.   Configure in the required settings for each interface.   Click Save.   Figure 67: VLAN Port Configuration  ...

  • Page 182: Using Port Isolation

      | Configuring the Switch HAPTER Using Port Isolation     ARAMETERS These parameters are displayed:   PVLAN ID - Private VLAN identifier. ◆   By default, all ports are configured as members of VLAN 1 and PVLAN 1. Because all of these ports are members of 802.1Q VLAN 1, isolation cannot be enforced between the members of PVLAN 1.

  • Page 183: Configuring Mac-Based Vlans

      | Configuring the Switch HAPTER Configuring MAC-based VLANs     ARAMETERS These parameters are displayed:   Port Number - Port identifier. ◆     NTERFACE To configure isolated ports:   Click Configuration, Private VLANs, Port Isolation.   Mark the ports which are to be isolated from each other.  ...

  • Page 184: Protocol Vlans

      | Configuring the Switch HAPTER Protocol VLANs     VLAN ID – VLAN to which ingress traffic matching the specified source ◆ MAC address is forwarded. (Range: 1-4093)   Port Members – The ports assigned to this VLAN. ◆  ...

  • Page 185: Configuring Protocol Vlan Groups

      | Configuring the Switch HAPTER Protocol VLANs     separate VLAN for each major protocol running on your network. Do not add port members at this time.   Create a protocol group for each of the protocols you want to assign to a VLAN using the Configure Protocol (Add) page.

  • Page 186: Mapping Protocol Groups To Ports

      | Configuring the Switch HAPTER Protocol VLANs       Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN (VLAN 1 by default) that has been configured with the switch's administrative IP. IP Protocol Ethernet traffic must not be mapped to another VLAN or you will lose administrative network connectivity to the switch.

  • Page 187: Configuring Ip Subnet-Based Vlans

      | Configuring the Switch HAPTER Configuring IP Subnet-based VLANs     ARAMETERS These parameters are displayed:   Group Name – The name assigned to the Protocol VLAN Group. This ◆ name must be a unique 16-character long string which consists of a combination of alphabetic characters (a-z or A-Z) or integers (0-9).
  • Page 188   | Configuring the Switch HAPTER Configuring IP Subnet-based VLANs     untagged frames are classified as belonging to the receiving port’s VLAN ID (PVID).     Advanced Configuration, VCL, IP Subnet-based VLAN     OMMAND SAGE Each IP subnet can be mapped to only one VLAN ID. An IP subnet ◆...

  • Page 189: Managing Voip Traffic

      | Configuring the Switch HAPTER Managing VoIP Traffic     Figure 73: Assigning Ports to an IP Subnet-based VLAN                             IP T ANAGING RAFFIC When IP telephony is deployed in an enterprise network, it is recommended to isolate the Voice over IP (VoIP) network traffic from other data traffic.
  • Page 190   | Configuring the Switch HAPTER Managing VoIP Traffic     VLAN ID – Sets the Voice VLAN ID for the network. Only one Voice ◆ VLAN is supported on the switch. (Range: 1-4095; Default: 1000)   The Voice VLAN cannot be the same as that defined for any other function on the switch, such as the management VLAN (see "Setting an IPv4 Address"...

  • Page 191: Figure 74: Configuring Global And Port Settings For A Voice Vlan

      | Configuring the Switch HAPTER Managing VoIP Traffic     in the Telephony OUI list so that the switch recognizes the traffic as being from a VoIP device.   LLDP – Uses LLDP (IEEE 802.1ab) to discover VoIP devices ■...

  • Page 192: Configuring Telephony Oui

      | Configuring the Switch HAPTER Managing VoIP Traffic       Use the Voice VLAN OUI Table to identify VoIP devices attached to the ONFIGURING switch. VoIP devices can be identified by the manufacturer’s Organizational ELEPHONY Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses.

  • Page 193: Quality Of Service

      | Configuring the Switch HAPTER Quality of Service           UALITY OF ERVICE   All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class. Class information can be assigned by end hosts, or switches or routers along the path.
  • Page 194   | Configuring the Switch HAPTER Quality of Service     DP level – Controls the default drop priority for frames not classified in ◆ any other way. (Range: 0-1; Default: 0)   PCP – Controls the default Priority Code Point (or User Priority) for ◆...

  • Page 195: Figure 76: Configuring Ingress Port Qos Classification

      | Configuring the Switch HAPTER Quality of Service     Figure 76: Configuring Ingress Port QoS Classification                           To configure tag classification for tagged frames:   Click Advanced Configuration, QoS, Port Classification.  ...

  • Page 196: Configuring Port Policiers

      | Configuring the Switch HAPTER Quality of Service       Use the QoS Ingress Port Policers page to limit the bandwidth of frames ONFIGURING entering the ingress queue. This function allows the network manager to OLICIERS control the maximum rate for traffic received on an port. Port policing is configured on interfaces at the edge of a network to limit traffic into of the network.

  • Page 197: Configuring Egress Port Scheduler

      | Configuring the Switch HAPTER Quality of Service       Use the QoS Egress Port Schedulers page to show an overview of the QoS ONFIGURING GRESS Egress Port Schedulers, including the queue mode and weight. Click on any CHEDULER of the entries in the Port field to configure egress queue mode, queue shaper (rate and access to excess bandwidth), and port shaper.

  • Page 198: Figure 79: Displaying Egress Port Schedulers

      | Configuring the Switch HAPTER Quality of Service     Weight – A weight assigned to each of the queues (and thereby to ■ the corresponding traffic priorities). This weight sets the frequency at which each queue is polled for service, and subsequently affects the response time for software applications assigned a specific priority value.

  • Page 199: Configuring Egress Port Shaper

      | Configuring the Switch HAPTER Quality of Service     Figure 80: Configuring Egress Port Schedulers and Shapers                                            ...

  • Page 200: Configuring Port Remarking Mode

      | Configuring the Switch HAPTER Quality of Service     Configuring QoS Egress Port Scheduler, Queue Scheduler and Port Shapers   This configuration page can be access from the Port Scheduler or Port Shaper page. Refer to the description of these parameters under "Configuring Egress Port Scheduler".
  • Page 201   | Configuring the Switch HAPTER Quality of Service     Configuring Port Remarking Mode   Tag Remarking Mode – Configures the tag remarking mode used by ◆ this port:   Classified – Uses classified PCP/DEI values. ■   Default – Uses default PCP/DEI values. ■...

  • Page 202: Figure 83: Configuring Port Tag Remarking Mode

      | Configuring the Switch HAPTER Quality of Service     Figure 83: Configuring Port Tag Remarking Mode – 202 –  ...

  • Page 203: Configuring Port Dscp Translation And Rewriting

      | Configuring the Switch HAPTER Quality of Service       Use the QoS Port DSCP Configuration page to configure ingress translation ONFIGURING and classification settings and egress re-writing of DSCP values. DSCP T RANSLATION   EWRITING Advanced Configuration, QoS, Port DSCP  ...

  • Page 204: Configuring Dscp-Based Qos Ingress Classification

      | Configuring the Switch HAPTER Quality of Service     Figure 84: Configuring Port DSCP Translation and Rewriting                               Use the DSCP-Based QoS Ingress Classification page to configure DSCP- DSCP- ONFIGURING based QoS ingress classification settings.

  • Page 205: Configuring Dscp Translation

      | Configuring the Switch HAPTER Quality of Service     Figure 85: Configuring DSCP-based QoS Ingress Classification                                           . . .  ...

  • Page 206: Configuring Dscp Classification

      | Configuring the Switch HAPTER Quality of Service     Click Save.   Figure 86: Configuring DSCP Translation and Re-mapping                                        ...

  • Page 207: Configuring Qos Control Lists

      | Configuring the Switch HAPTER Quality of Service     Figure 87: Mapping DSCP to CoS/DPL Values                                              ...

  • Page 208: Table 12: Qce Modification Buttons

      | Configuring the Switch HAPTER Quality of Service     VID – VLAN identifier. (Range: 1-4095) ◆   PCP – Priority Code Point (User Priority). (Specific value: 0, 1, 2, 3, 4, ◆ 5, 6, 7; Range 0-1, 2-3, 4-5, 6-7, 0-3, 4-7; or Any)  ...
  • Page 209   | Configuring the Switch HAPTER Quality of Service     Frame Type – The supported types are listed below: ◆   Any – Allow all types of frames. ■   Ethernet – This option can only be used to filter Ethernet II ■...
  • Page 210   | Configuring the Switch HAPTER Quality of Service     Datagrams may be fragmented to ensure they can pass through a network device which uses a maximum transfer unit smaller than the original packet’s size.   DSCP – Diffserv Code Point value. (Options: Any, specific value ■...

  • Page 211: Configuring Storm Control

      | Configuring the Switch HAPTER Quality of Service     Figure 88: QoS Control List Configuration                                                ...

  • Page 212: Configuring Local Port Mirroring

      | Configuring the Switch HAPTER Configuring Local Port Mirroring     Enable - Enables or disables storm control. (Default: Disabled) ◆   Rate (pps) - The threshold above which packets are dropped. This limit ◆ can be set by specifying a value of 2 packets per second (pps), or by selecting one of the options in Kpps (i.e., marked with the suffix “K”).
  • Page 213   | Configuring the Switch HAPTER Configuring Local Port Mirroring     port mirroring is enabled on the Mirroring & RSPAN Configuration page, mirroring will occur regardless of any configuration settings made on the ACL Ports Configuration page (see "Filtering Traffic with Access Control Lists"...

  • Page 214: Configuring Remote Port Mirroring

      | Configuring the Switch HAPTER Configuring Remote Port Mirroring     Figure 90: Mirror Configuration                                               ONFIGURING EMOTE IRRORING Use the Mirroring &...
  • Page 215   | Configuring the Switch HAPTER Configuring Remote Port Mirroring     OMMAND SAGE Configuration Guidelines ◆   Take the following step to configure an RSPAN session:   Set up the source switch on the Mirroring & RSPAN configuration page by specifying the switch’s Type (Source), the RSPAN VLAN ID, the Reflector port through which mirrored traffic is passed on to the RSPAN VLAN, the traffic type to monitor (Rx, Tx or Both) on the...
  • Page 216   | Configuring the Switch HAPTER Configuring Remote Port Mirroring     Source - Specifies this device as the source of remotely mirrored ■ traffic. Source port(s), reflector port, and intermediate port(s) are located on this switch.   Intermediate - Specifies this device as an intermediate switch, ■...

  • Page 217: Figure 92: Mirror Configuration (Source)

      | Configuring the Switch HAPTER Configuring Remote Port Mirroring     Figure 92: Mirror Configuration (Source)                                           To configure remote port mirroring for an RSPAN intermediate switch:  ...

  • Page 218: Configuring Upnp

      | Configuring the Switch HAPTER Configuring UPnP     Select the intermediate ports to add to the RSPAN VLAN, which will then pass traffic on to the destination ports.   Select the destination ports which are to monitor the traffic mirrored from the source switch, through any intermediate switches, and finally through the intermediate ports on the destination switch.

  • Page 219: Figure 95: Upnp Configuration

      | Configuring the Switch HAPTER Configuring UPnP     actions the service responds to and a list of variables that model the state of the service at run time.   If a device has a URL for presentation, then the control point can retrieve a page from this URL, load the page into a web browser, and depending on the capabilities of the page, allow a user to control the device and/or view device status.

  • Page 220: Configuring Sflow

      | Configuring the Switch HAPTER Configuring sFlow         ONFIGURING S Use the sFlow Configuration page to configure periodic sampling of traffic flows. The flow sampling (sFlow) feature embedded on this switch, together with a remote sFlow Collector, can provide network administrators with an accurate, detailed and real-time overview of the types and levels of traffic present on their network.
  • Page 221   | Configuring the Switch HAPTER Configuring sFlow     If sFlow is configured through SNMP, all controls, except for the Release-button, are disabled to avoid inadvertent reconfiguration.   The Release button can be used to release the current owner and disable sFlow sampling.

  • Page 222: Figure 96: Sflow Configuration

      | Configuring the Switch HAPTER Configuring sFlow     NTERFACE To configure flow sampling:   Click Advanced Configuration, sFlow.   Set the parameters for flow receiver, flow sampler, and counter poller.   Click Save.   Figure 96: sFlow Configuration –...

  • Page 223: Monitoring The Switch

      ONITORING THE WITCH               This chapter describes how to monitor all of the basic functions, configure or view system logs, and how to view traffic status or the address table.        ...

  • Page 224: Displaying Cpu Utilization

      | Monitoring the Switch HAPTER Displaying Basic Information About the System     Software   Software Version – Version number of runtime code. ◆   Software Date – Release date of the switch software. ◆   Code Revision – Version control identifier of the switch software. ◆...

  • Page 225: Displaying Log Messages

      | Monitoring the Switch HAPTER Displaying Basic Information About the System     NTERFACE To display CPU utilization:   Click System, then CPU Load.   Figure 98: CPU Load                      ...

  • Page 226: Figure 99: System Log Information

      | Monitoring the Switch HAPTER Displaying Basic Information About the System     Table Headings   ID – Error ID. ◆   Level – Error level as described above. ◆   Time – The time of the system log entry. ◆...

  • Page 227: Displaying Log Details

      | Monitoring the Switch HAPTER Displaying Information About Ports     Use the Detailed Log page to view the full text of specific log messages. ISPLAYING   ETAILS   Monitor, System, Detailed Log     NTERFACE To display the text of a specific log message, click Monitor, System, Detailed Log.

  • Page 228: Displaying An Overview Of Port Statistics

      | Monitoring the Switch HAPTER Displaying Information About Ports       Use the Port Statistics Overview page to display a summary of basic ISPLAYING AN information on the traffic crossing each port. VERVIEW OF   TATISTICS Monitor, Ports, Traffic Overview  ...

  • Page 229: Displaying Qcl Status

      | Monitoring the Switch HAPTER Displaying Information About Ports     NTERFACE To display the queue counters, click Monitor, Ports, QoS Statistics.   Figure 103: Queueing Counters                          ...

  • Page 230: Displaying Detailed Port Statistics

      | Monitoring the Switch HAPTER Displaying Information About Ports     NTERFACE To display the show the status of QCE entries   Click Monitor, Ports, QCL Status.   Select the user type to display from the drop-down list at the top of the page.
  • Page 231   | Monitoring the Switch HAPTER Displaying Information About Ports     Receive/Transmit Size Counters – The number of received and ◆ transmitted packets (good and bad) split into categories based on their respective frame sizes.   Receive/Transmit Queue Counters – The number of received and ◆...

  • Page 232: Figure 105: Detailed Port Statistics

      | Monitoring the Switch HAPTER Displaying Information About Ports     NTERFACE To display the detailed port statistics, click Monitor, Ports, Detailed Statistics.   Figure 105: Detailed Port Statistics – 232 –  ...

  • Page 233: Displaying Information About Security Settings

      | Monitoring the Switch HAPTER Displaying Information About Security Settings         ISPLAYING NFORMATION BOUT ECURITY ETTINGS You can use the Monitor/Security menu to display statistics on management traffic, security controls for client access to the data ports, and the status of remote authentication access servers.

  • Page 234: Displaying Information About Switch Settings For Port Security

      | Monitoring the Switch HAPTER Displaying Information About Security Settings       Use the Port Security Switch Status page to show information about MAC ISPLAYING address learning for each port, including the software module requesting NFORMATION BOUT port security services, the service state, the current number of learned WITCH ETTINGS FOR addresses, and the maximum number of secure addresses allowed.

  • Page 235: Figure 107: Port Security Switch Status

      | Monitoring the Switch HAPTER Displaying Information About Security Settings     Limit Reached: The Port Security service is enabled by at least the ■ Limit Control user module, and that module has indicated that the limit is reached and no more MAC addresses should be taken in.  ...

  • Page 236: Displaying Information About Learned Mac Addresses

      | Monitoring the Switch HAPTER Displaying Information About Security Settings       Use the Port Security Port Status page to show the entries authorized by ISPLAYING port security services, including MAC address, VLAN ID, time added to NFORMATION BOUT table, age, and hold state.

  • Page 237: Displaying Port Status For Authentication Services

      | Monitoring the Switch HAPTER Displaying Information About Security Settings       Use the Network Access Server Switch Status page to show the port status ISPLAYING for authentication services, including 802.1X security state, last source TATUS FOR address used for authentication, and last ID. UTHENTICATION  ...

  • Page 238: Figure 109: Network Access Server Switch Status

      | Monitoring the Switch HAPTER Displaying Information About Security Settings     NTERFACE To display port status for authentication services, click Monitor, Security, Network, NAS, Switch.   Figure 109: Network Access Server Switch Status            ...
  • Page 239   | Monitoring the Switch HAPTER Displaying Information About Security Settings     Port Counters   Receive EAPOL Counters   Total – The number of valid EAPOL frames of any type that have been ◆ received by the switch.   Response ID –...
  • Page 240   | Monitoring the Switch HAPTER Displaying Information About Security Settings     Other Requests – ◆   802.1X-based: Counts the number of times that the switch sends ■ an EAP Request packet following the first to the supplicant. Indicates that the backend server chose an EAP-method.  ...
  • Page 241   | Monitoring the Switch HAPTER Displaying Information About Security Settings     Selected Counters   This table is visible when the port is one of the following administrative states: Multi 802.1X or MAC-based Auth.   The table is identical to and is placed next to the Port Counters table, and will be empty if no MAC address is currently selected.

  • Page 242: Displaying Acl Status

      | Monitoring the Switch HAPTER Displaying Information About Security Settings     Figure 110: NAS Statistics for Specified Port                                          ...

  • Page 243: Figure 111: Acl Status

      | Monitoring the Switch HAPTER Displaying Information About Security Settings     IPv4/ICMP: ACE will match IPv4 frames with ICMP protocol. ■   IPv4/UDP: ACE will match IPv4 frames with UDP protocol. ■   IPv4/TCP: ACE will match IPv4 frames with TCP protocol. ■...

  • Page 244: Displaying Statistics For Dhcp Snooping

      | Monitoring the Switch HAPTER Displaying Information About Security Settings       Use the DHCP Snooping Port Statistics page to show statistics for various ISPLAYING types of DHCP protocol packets. TATISTICS FOR   DHCP S NOOPING Monitor, Security, Network, DHCP, Snooping Statistics  ...

  • Page 245: Displaying Dhcp Relay Statistics

      | Monitoring the Switch HAPTER Displaying Information About Security Settings     Figure 112: DHCP Snooping Statistics                                              ...

  • Page 246: Displaying Mac Address Bindings For Arp Packets

      | Monitoring the Switch HAPTER Displaying Information About Security Settings     Receive Bad Remote ID – The number of packets with a Remote ID ◆ option that did not match a known remote ID.   Client Statistics   Transmit to Client –...

  • Page 247: Displaying Entries In The Ip Source Guard Table

      | Monitoring the Switch HAPTER Displaying Information About Security Settings     NTERFACE To display the Dynamic ARP Inspection Table, click Monitor, Security, Network, ARP Inspection.   Figure 114: Dynamic ARP Inspection Table              ...

  • Page 248: Displaying Information On Authentication Servers

      | Monitoring the Switch HAPTER Displaying Information on Authentication Servers         ISPLAYING NFORMATION ON UTHENTICATION ERVERS Use the Monitor/Authentication pages to display information on RADIUS authentication and accounting servers, including the IP address and statistics for each server.  ...

  • Page 249: Displaying Statistics For Configured Authentication Servers

      | Monitoring the Switch HAPTER Displaying Information on Authentication Servers       Use the RADIUS Details page to display statistics for configured ISPLAYING authentication and accounting servers. The statistics map closely to those TATISTICS FOR specified in RFC4668 - RADIUS Authentication Client MIB. ONFIGURED  ...
  • Page 250   | Monitoring the Switch HAPTER Displaying Information on Authentication Servers     Accept, Access-Reject, Access-Challenge, timeout, or retransmission.   Timeouts – The number of authentication timeouts to the server. ■ After a timeout, the client may retry to the same server, send to a different server, or give up.
  • Page 251   | Monitoring the Switch HAPTER Displaying Information on Authentication Servers     Unknown Types – The number of RADIUS packets of unknown ■ types that were received from the server on the accounting port.   Packets Dropped – The number of RADIUS packets that were ■...

  • Page 252: Figure 117: Radius Details

      | Monitoring the Switch HAPTER Displaying Information on Authentication Servers     NTERFACE To display statistics for configured authentication and accounting servers, click Monitor, Security, AAA, RADIUS Details.   Figure 117: RADIUS Details – 252 –  ...

  • Page 253: Displaying Information On Rmon

      | Monitoring the Switch HAPTER Displaying Information on RMON         RMON ISPLAYING NFORMATION ON Use the monitor pages for RMON to display information on RMON statistics, alarms and event responses.       Use the RMON Statistics Status Overview page to view a broad range of RMON ISPLAYING interface statistics, including a total count of different frame types and...

  • Page 254: Displaying Rmon Historical Samples

      | Monitoring the Switch HAPTER Displaying Information on RMON     64 Bytes – The total number of packets (including bad packets) ◆ received that were 64 octets in length.   x ~ y – The total number of packets (including bad packets) received ◆...

  • Page 255: Displaying Rmon Alarm Settings

      | Monitoring the Switch HAPTER Displaying Information on RMON     NTERFACE To display RMON historical samples, click Monitor, Security, Switch, RMON, History.   Figure 119: RMON History Overview                      ...

  • Page 256: Displaying Rmon Event Settings

      | Monitoring the Switch HAPTER Displaying Information on RMON     Falling Index – The index of the event to use if an alarm is triggered ◆ by monitored variables crossing below the falling threshold.     NTERFACE To display RMON alarm settings, click Monitor, Security, Switch, RMON, Alarm.

  • Page 257: Displaying Information On Lacp

      | Monitoring the Switch HAPTER Displaying Information on LACP         LACP ISPLAYING NFORMATION ON Use the monitor pages for LACP to display information on LACP configuration settings, the functional status of participating ports, and statistics on LACP control packets.  ...

  • Page 258: Displaying Lacp Port Statistics

      | Monitoring the Switch HAPTER Displaying Information on LACP     LACP – Shows LACP status: ◆   Yes – LACP is enabled and the port link is up. ■   No – LACP is not enabled or the port link is down. ■...

  • Page 259: Displaying Information On Loop Protection

      | Monitoring the Switch HAPTER Displaying Information on Loop Protection     NTERFACE To display LACP statistics for local ports this switch, click Monitor, LACP, Port Statistics.   Figure 124: LACP Port Statistics              ...

  • Page 260: Displaying Information On The Spanning Tree

      | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree     NTERFACE To display loop protection status, click Monitor, Loop Protection.   Figure 125: Loop Protection Status                      ...
  • Page 261   | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree     Topology Flag – The current state of the Topology Change Notification ◆ flag (TCN) for this bridge instance.   Topology Change Last – Time since the Spanning Tree was last ◆...

  • Page 262: Figure 126: Spanning Tree Bridge Status

      | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree     Edge – The current RSTP port (operational) Edge Flag. An Edge Port is ◆ a switch port to which no bridges are attached. The flag may be automatically computed or explicitly configured.

  • Page 263: Displaying Port Status For Sta

      | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree     Figure 127: Spanning Tree Detailed Bridge Status                                        ...

  • Page 264: Displaying Port Statistics For Sta

      | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree     Forwarding – Port forwards packets, and continues learning ■ addresses.   Uptime – The time since the bridge port was last initialized. ◆     NTERFACE To display information on spanning tree port status, click Monitor, Spanning Tree, Port Status.

  • Page 265: Displaying Mvr Information

      | Monitoring the Switch HAPTER Displaying MVR Information     NTERFACE To display information on spanning port statistics, click Monitor, Spanning Tree, Port Statistics.   Figure 129: Spanning Tree Port Statistics                  ...

  • Page 266: Displaying Mvr Group Information

      | Monitoring the Switch HAPTER Displaying MVR Information     NTERFACE To display information for MVR statistics, click Monitor, MVR, Statistics.   Figure 130: MVR Statistics                     Use the MVR Group Information page to display statistics for IGMP protocol ISPLAYING messages used by MVR;...

  • Page 267: Displaying Mvr Sfm Information

      | Monitoring the Switch HAPTER Displaying MVR Information     NTERFACE To display information for MVR statistics and multicast groups, click Monitor, MVR, Group Information.   Figure 131: MVR Group Information                  ...

  • Page 268: Showing Igmp Snooping Information

      | Monitoring the Switch HAPTER Showing IGMP Snooping Information     NTERFACE To display MVR Source-Filtered Multicast Information, click Monitor, MVR, MVR SFM Information.   Figure 132: MVR SFM Information                    ...

  • Page 269: Showing Igmp Snooping Group Information

      | Monitoring the Switch HAPTER Showing IGMP Snooping Information     V3 Reports Received – The number of received IGMP Version 3 ◆ reports.   V2 Leaves Received – The number of received IGMP Version 2 leave ◆ reports.  ...

  • Page 270: Showing Ipv4 Sfm Information

      | Monitoring the Switch HAPTER Showing IGMP Snooping Information     NTERFACE To display the port members of each service group, click Monitor, IGMP Snooping, Group Information.   Figure 134: IGMP Snooping Group Information            ...

  • Page 271: Showing Mld Snooping Information

      | Monitoring the Switch HAPTER Showing MLD Snooping Information     NTERFACE To display IGMP Source-Filtered Multicast information, click Monitor, IGMP Snooping, IGMP SFM Information.   Figure 135: IPv4 SFM Information                  ...

  • Page 272: Showing Mld Snooping Group Information

      | Monitoring the Switch HAPTER Showing MLD Snooping Information     V2 Reports Received – The number of received MLD Version 2 ◆ reports.   V1 Leaves Received – The number of received MLD Version 1 leave ◆ reports.  ...

  • Page 273: Showing Ipv6 Sfm Information

      | Monitoring the Switch HAPTER Showing MLD Snooping Information     NTERFACE To display the port members of each service group, click Monitor, MLD Snooping, Group Information.   Figure 137: MLD Snooping Group Information            ...

  • Page 274: Displaying Lldp Information

      | Monitoring the Switch HAPTER Displaying LLDP Information     NTERFACE To display MLD Source-Filtered Multicast information, click Monitor, MLD Snooping, IPv6 SFM Information.   Figure 138: IPv6 SFM Information                    ...

  • Page 275: Displaying Lldp-Med Neighbor Information

      | Monitoring the Switch HAPTER Displaying LLDP Information     System Capabilities – The capabilities that define the primary ◆ function(s) of the system as shown in the following table:   Table 13: System Capabilities   ID Basis Reference  ...
  • Page 276   | Monitoring the Switch HAPTER Displaying LLDP Information     ARAMETERS These parameters are displayed:   Device Type - LLDP-MED devices are comprised of two primary types: ◆   LLDP-MED Network Connectivity Devices – as defined in TIA-1057, ■ provide access to the IEEE 802 based LAN infrastructure for LLDP- MED Endpoint Devices.
  • Page 277   | Monitoring the Switch HAPTER Displaying LLDP Information     LLDP-MED Communication Endpoint (Class III) – Applicable to ■ all endpoint products that act as end user communication appliances supporting IP media. Capabilities include all of the capabilities defined for the previous Generic Endpoint (Class I) and Media Endpoint (Class II) classes, and are extended to include aspects related to end user devices.

  • Page 278: Displaying Lldp Neighbor Poe Information

      | Monitoring the Switch HAPTER Displaying LLDP Information     NTERFACE To display information about LLDP-MED neighbors, click Monitor, LLDP, LLDP-MED Neighbors.   Figure 140: LLDP-MED Neighbor Information                        ...

  • Page 279: Displaying Lldp Neighbor Eee Information

      | Monitoring the Switch HAPTER Displaying LLDP Information     capable of sourcing over a maximum length cable based on its current configuration.     NTERFACE To display LLDP neighbor PoE information, click Monitor, LLDP, PoE.   Figure 141: LLDP Neighbor PoE Information  ...

  • Page 280: Displaying Lldp Port Statistics

      | Monitoring the Switch HAPTER Displaying LLDP Information     Echo Rx Tw – The link partner's Echo Rx Tw value. ◆   Resolved Tx Tw – The resolved Tx Tw for this link (not the link ◆ partner). The resolved value that is the actual “tx wakeup time” used for this link (based on EEE information exchanged via LLDP).

  • Page 281: Figure 143: Lldp Port Statistics

      | Monitoring the Switch HAPTER Displaying LLDP Information     Total Neighbors Entries Aged Out – The number of times that a ◆ neighbor’s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired.  ...

  • Page 282: Displaying Poe Status

      | Monitoring the Switch HAPTER Displaying PoE Status         ISPLAYING TATUS Use the Power Over Ethernet Status to display the status for all PoE ports, including the PD class, requested power, allocated power, power and current used, and PoE priority.  ...

  • Page 283: Displaying The Mac Address Table

      | Monitoring the Switch HAPTER Displaying the MAC Address Table         MAC A ISPLAYING THE DDRESS ABLE Use the MAC Address Table to display dynamic and static address entries associated with the CPU and each port.  ...

  • Page 284: Displaying Information About Vlans

      | Monitoring the Switch HAPTER Displaying Information About VLANs         VLAN ISPLAYING NFORMATION BOUT Use the monitor pages for VLANs to display information about the port members of VLANs, and the VLAN attributes assigned to each port.  ...

  • Page 285: Vlan Port Status

      | Monitoring the Switch HAPTER Displaying Information About VLANs     Figure 146: Showing VLAN Members                           Use the VLAN Port Status page to show the VLAN attributes of port VLAN P TATUS members for all VLANs configured by a selected software module, including...

  • Page 286: Displaying Information About Mac-Based Vlans

      | Monitoring the Switch HAPTER Displaying Information About MAC-based VLANs     UVID – Shows the untagged VLAN ID. A port's UVID determines the ◆ packet's behavior at the egress side. If the VID of Ethernet frames leaving a port match the UVID, these frames will be sent untagged.  ...

  • Page 287: Displaying Information About Flow Sampling

      | Monitoring the Switch HAPTER Displaying Information About Flow Sampling     MAC Address – A source MAC address which is mapped to a specific ◆ VLAN.   VLAN ID – VLAN to which ingress traffic matching the specified source ◆...
  • Page 288   | Monitoring the Switch HAPTER Displaying Information About Flow Sampling     Timeout – The number of seconds remaining before sampling stops ◆ and the current sFlow owner is released.   Tx Successes – The number of UDP datagrams successfully sent to ◆...

  • Page 289: Figure 149: Showing Sflow Statistics

      | Monitoring the Switch HAPTER Displaying Information About Flow Sampling     NTERFACE To display information on sampled traffic, click Monitor, sFlow.   Figure 149: Showing sFlow Statistics – 289 –  ...
  • Page 290   | Monitoring the Switch HAPTER Displaying Information About Flow Sampling   – 290 –  ...

  • Page 291: Performing Basic Diagnostics

      ERFORMING ASIC IAGNOSTICS               This chapter describes how to test network connectivity using Ping for IPv4 or IPv6, and how to test network cables.         INGING AN DDRESS The Ping page is used to send ICMP echo request packets to another node on the network to determine if it can be reached.
  • Page 292   | Performing Basic Diagnostics HAPTER Pinging an IPv4 or IPv6 Address     After you press Start, the sequence number and round-trip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs.  ...

  • Page 293: Running Cable Diagnostics

      | Performing Basic Diagnostics HAPTER Running Cable Diagnostics         UNNING ABLE IAGNOSTICS The VeriPHY page is used to perform cable diagnostics for all ports or selected ports to diagnose any cable faults (short, open, etc.) and report the cable length.
  • Page 294   | Performing Basic Diagnostics HAPTER Running Cable Diagnostics   – 294 –  ...

  • Page 295: Performing System Maintenance

      ERFORMING YSTEM AINTENANCE               This chapter describes how to perform basic maintenance tasks including upgrading software, restoring or saving configuration settings, and resetting the switch.         ESTARTING THE WITCH Use the Restart Device page to restart the switch.  ...

  • Page 296: Restoring Factory Defaults

      | Performing System Maintenance HAPTER Restoring Factory Defaults         ESTORING ACTORY EFAULTS Use the Factory Defaults page to restore the original factory settings. Note that the LAN IP Address, Subnet Mask and Gateway IP Address will be reset to their factory defaults.

  • Page 297: Activating The Alternate Image

      | Performing System Maintenance HAPTER Activating the Alternate Image     After the software image is uploaded, a page announces that the firmware update has been initiated. After about a minute, the firmware is updated and the switch is rebooted.  ...

  • Page 298: Managing Configuration Files

      | Performing System Maintenance HAPTER Managing Configuration Files         ANAGING ONFIGURATION ILES Use the Maintenance Configuration pages to save the current configuration to a file on your computer, or to restore previously saved configuration settings to the switch.  ...

  • Page 299: Figure 157: Configuration Upload

      | Performing System Maintenance HAPTER Managing Configuration Files     NTERFACE To restore your current configuration settings:   Click Maintenance, Configuration, Upload.   Click the Browse button, and select the configuration file.   Click the Upload button to restore the switch’s settings.  ...
  • Page 300   | Performing System Maintenance HAPTER Managing Configuration Files   – 300 –  ...

  • Page 301: Ection

          ECTION   PPENDICES       This section provides additional information and includes these items:   "Software Specifications" on page 303 ◆   "Troubleshooting" on page 307 ◆   "License Information" on page 309 ◆ – 301 –  ...
  • Page 302   | Appendices ECTION – 302 –  ...

  • Page 303: A   Software Specifications

      OFTWARE PECIFICATIONS                   OFTWARE EATURES     Local, RADIUS, TACACS+, AAA, Port Authentication (802.1X), HTTPS, SSH, ANAGEMENT Port Security, IP Filter, DHCP Snooping UTHENTICATION     Access Control Lists (128 rules per system), Port Authentication (802.1X), LIENT CCESS MAC Authentication, Port Security, DHCP Snooping, IP Source Guard, ARP...

  • Page 304: Management Features

      | Software Specifications PPENDIX Management Features     Up to 128 groups; port-based, protocol-based, tagged (802.1Q), VLAN S UPPORT private VLANs, voice VLANs, MAC-based VLANs, and IP subnet-based VLANs       Supports four levels of priority LASS OF ERVICE Strict, Weighted Round Robin Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/UDP...

  • Page 305: Standards

      | Software Specifications PPENDIX Standards           TANDARDS   ANSI/TIA-1057 LLDP for Media Endpoint Discovery - LLDP-MED IEEE 802.1AB Link Layer Discovery Protocol IEEE-802.1ad Provider Bridge IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802.1p Priority tags...
  • Page 306   | Software Specifications PPENDIX Management Information Bases     Entity MIB version 3 (RFC 4133) Ether-like MIB (RFC 3635) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB using SMI v2 (RFC 2863) Interfaces Evolution MIB (RFC 2863) IP MIB (RFC 2011)

  • Page 307: B   Troubleshooting

      ROUBLESHOOTING           ROBLEMS CCESSING THE ANAGEMENT NTERFACE   Table 14: Troubleshooting Chart   Symptom Action     ◆ Cannot connect using a Be sure the switch is powered up. web browser, or SNMP ◆ Check network cabling between the management station and software the switch.

  • Page 308: Using System Logs

      | Troubleshooting PPENDIX Using System Logs         SING YSTEM If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps:  ...

  • Page 309: C   License Information

      ICENSE NFORMATION       This product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other related free software licenses. The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors.
  • Page 310   | License Information PPENDIX The GNU General Public License     GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION   This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
  • Page 311   | License Information PPENDIX The GNU General Public License     Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
  • Page 312   | License Information PPENDIX The GNU General Public License     If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.

  • Page 313: Glossary

      LOSSARY                 Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information.    ...
  • Page 314   LOSSARY     Differentiated Services provides quality of service on large networks by employing a well-defined set of building blocks from which a variety of aggregate forwarding behaviors may be built. Each packet carries information (DS byte) used by each hop to give it a particular forwarding treatment, or per-hop behavior, at each network node.
  • Page 315   LOSSARY     Generic Multicast Registration Protocol. GMRP allows network devices to GMRP register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard.       Specifies a general method for the operation of MAC bridges, including the IEEE 802.1D Spanning Tree Protocol.
  • Page 316   LOSSARY     On each subnetwork, one IGMP-capable device will act as the querier — IGMP Q UERY that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
  • Page 317   LOSSARY     MD5 Message-Digest is an algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
  • Page 318   LOSSARY     Defines a network link aggregation and trunking method which specifies RUNK how to create a single high-speed logical link that combines several lower- speed physical links.       Private VLANs provide port-based security and isolation between ports VLAN RIVATE within the assigned VLAN.
  • Page 319   LOSSARY     Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch.       Spanning Tree Algorithm is a technology that checks your network for any loops.
  • Page 320   LOSSARY   – 320 –  ...

  • Page 321: Index

      NDEX                 DSCP classification, QoS 206 acceptable frame type 180 rewriting, port 203 Access Control List See ACL translation, port 203 ACL 100 translation, QoS 205 binding to a port 100 dynamic addresses, displaying 175 address table 175  ...
  • Page 322   NDEX       snooping, description 149 logon authentication 61 encryption keys 122 snooping, fast leave 152 throttling 152 RADIUS client 122 ingress classification, QoS 204 RADIUS server 122 ingress filtering 179 settings 122 TACACS+ client 64 ingress port tag classification, QoS 194 ingress rate limiting 196 TACACS+ server 64 IP address, setting 48...
  • Page 323   NDEX       setting multicast groups 148 static binding 148 QCE, quality control list entry 208 statistics, displaying 265 QCL status, monitoring 229 using immediate leave 147 QoS 193   class 193   control lists 207 drop precedence 194 NTP, specifying servers 52 DSCP classification 206  ...
  • Page 324   NDEX         user configuration 76 LACP 127 views 79 static 125 software Type Length Value displaying version 224 See LLDP TLV downloading 296 See LLDP-MED TLV Spanning Tree Protocol See STA specifications, software 303   SSH 67  ...
  • Page 325      ...
  • Page 326                                                                                  ...

Table of Contents