Page 1 GEP-5070 48 GE PoE-Plus + 2 GE SFP L2 Managed Switch User Manual V1.0...
Page 3 ANUAL GEP-5070 Layer 2 Gigabit Ethernet Switch with 48 10/100/1000BASE-T PoE-Plus Ports (RJ-45) and 2 Gigabit Ethernet SFP Ports GEP-5070 E042013/ST-R01...
Page 5: About This Guide
BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Page 6 BOUT UIDE – 6 –...
Page 7: Table Of Contents
ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features System Defaults NITIAL WITCH ONFIGURATION ECTION ONFIGURATION SING THE NTERFACE Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu ONFIGURING THE WITCH Configuring System Information Setting an IP Address...
Page 8 ONTENTS Configuring Power Reduction Reducing Power to Idle Queue Circuits Configuring Port Connections Configuring Security Configuring User Accounts Configuring User Privilege Levels Configuring The Authentication Method For Management Access Configuring SSH Configuring HTTPS Filtering IP Addresses for Management Access Using Simple Network Management Protocol Remote Monitoring Configuring Port Limit Controls Configuring Authentication Through Network Access Servers...
Page 9 ONTENTS Configuring IGMP Filtering MLD Snooping Configuring Global and Port-Related Settings for MLD Snooping Configuring VLAN Settings for MLD Snooping and Query Configuring MLD Filtering Link Layer Discovery Protocol Configuring LLDP Timing and TLVs Configuring LLDP-MED TLVs Power over Ethernet Configuring the MAC Address Table IEEE 802.1Q VLANs Assigning Ports to VLANs...
Page 10 ONTENTS Configuring Local Port Mirroring Configuring Remote Port Mirroring Configuring UPnP Configuring sFlow ONITORING THE WITCH Displaying Basic Information About the System Displaying System Information Displaying CPU Utilization Displaying Log Messages Displaying Log Details Displaying Information About Ports Displaying Port Status On the Front Panel Displaying an Overview of Port Statistics Displaying QoS Statistics Displaying QCL Status...
Page 11 ONTENTS Displaying Information on LACP Displaying an Overview of LACP Groups Displaying LACP Port Status Displaying LACP Port Statistics Displaying Information on Loop Protection Displaying Information on the Spanning Tree Displaying Bridge Status for STA Displaying Port Status for STA Displaying Port Statistics for STA Displaying MVR Information Displaying MVR Statistics...
Page 12 ONTENTS Running Cable Diagnostics ERFORMING YSTEM AINTENANCE Restarting the Switch Restoring Factory Defaults Upgrading Firmware Activating the Alternate Image Managing Configuration Files Saving Configuration Settings Restoring Configuration Settings ECTION PPENDICES OFTWARE PECIFICATIONS Software Features Management Features Standards Management Information Bases ROUBLESHOOTING Problems Accessing the Management Interface Using System Logs...
Page 13: Figures
IGURES Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Configuration Figure 4: IP Configuration Figure 5: IPv6 Configuration Figure 6: NTP Configuration Figure 7: Time Zone and Daylight Savings Time Configuration Figure 8: Configuring Settings for Remote Logging of Error Messages Figure 9: Configuring EEE Power Reduction Figure 10: Port Configuration Figure 11: Showing User Accounts...
Page 14 IGURES Figure 32: ACL Port Configuration Figure 33: ACL Rate Limiter Configuration Figure 34: Access Control List Configuration Figure 35: DHCP Snooping Configuration Figure 36: DHCP Relay Configuration Figure 37: Configuring Global and Port-based Settings for IP Source Guard Figure 38: Configuring Static Bindings for IP Source Guard Figure 39: Configuring Global and Port Settings for ARP Inspection Figure 40: Configuring Static Bindings for ARP Inspection Figure 41: Authentication Configuration...
Page 15 IGURES Figure 68: Port Isolation Configuration Figure 69: Configuring MAC-Based VLANs Figure 70: Configuring Protocol VLANs Figure 71: Assigning Ports to Protocol VLANs Figure 72: Assigning Ports to an IP Subnet-based VLAN Figure 73: Configuring Global and Port Settings for a Voice VLAN Figure 74: Configuring an OUI Telephony List Figure 75: Configuring Ingress Port QoS Classification Figure 76: Configuring Ingress Port Policing...
Page 16 IGURES Figure 104: QoS Control List Status Figure 105: Detailed Port Statistics Figure 106: Access Management Statistics Figure 107: Port Security Switch Status Figure 108: Port Security Port Status Figure 109: Network Access Server Switch Status Figure 110: NAS Statistics for Specified Port Figure 111: ACL Status Figure 112: DHCP Snooping Statistics Figure 113: DHCP Relay Statistics...
Page 17 IGURES Figure 140: LLDP-MED Neighbor Information Figure 141: LLDP Neighbor PoE Information Figure 142: LLDP Neighbor EEE Information Figure 143: LLDP Port Statistics Figure 144: Power over Ethernet Status Figure 145: MAC Address Table Figure 146: Showing VLAN Members Figure 147: Showing VLAN Port Status Figure 148: Showing MAC-based VLAN Membership Status Figure 149: Showing sFlow Statistics Figure 150: ICMP Ping...
Page 18 IGURES – 18 –...
Page 19: Tables
ABLES Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: HTTPS System Support Table 6: SNMP Security Models and Levels Table 7: Dynamic QoS Profiles Table 8: QCE Modification Buttons Table 9: Recommended STA Path Cost Range Table 10: Recommended STA Path Costs Table 11: Default STA Path Costs...
Page 20 ABLES – 20 –...
Page 21: Sectioni
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 23 ◆...
Page 22 | Getting Started ECTION – 22 –...
Page 23: Key Features
NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 24: Description Of Software Features
| Introduction HAPTER Description of Software Features Table 1: Key Features (Continued) Feature Description Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP) Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private VLANs, and voice VLANs, and QinQ tunnel Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/...
Page 25 | Introduction HAPTER Description of Software Features ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP CCESS ONTROL port number or frame type) or layer 2 frames (based on any destination ISTS MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag priority).
Page 26 | Introduction HAPTER Description of Software Features be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port. The switch supports IEEE 802.1D transparent bridging. The address table IEEE 802.1D B RIDGE facilitates data switching by learning addresses, and then filtering or...
Page 27 | Introduction HAPTER Description of Software Features The switch supports up to 4096 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 28: System Defaults
| Introduction HAPTER System Defaults Differentiated Services (DiffServ) provides policy-based management UALITY OF ERVICE mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, DSCP values, or VLAN lists.
Page 29 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default SNMP SNMP Agent Disabled Community Strings “public” (read only) “private” (read/write) Traps Global: disabled Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: default_view Group: default_rw_group Port Configuration Admin Status Enabled Auto-negotiation...
Page 30 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default IP Settings Management. VLAN VLAN 1 IP Address 192.168.1.1 Subnet Mask 255.255.255.0 Default Gateway 0.0.0.0 DHCP Client: Disabled Snooping: Disabled Proxy service: Disabled Multicast Filtering IGMP Snooping Snooping: Disabled Querier: Disabled MLD Snooping...
Page 31: Initial Switch Configuration
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. To make use of the management features of your switch, you must first configure it with an IP address that is compatible with the network in which it is being installed.
Page 32 | Initial Switch Configuration HAPTER logging out. To change the password, click Security and then Users. Select “admin” from the User Configuration list, fill in the Password fields, and then click Save. – 32 –...
Page 33: Ection
ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 35 ◆ "Configuring the Switch" on page 45 ◆...
Page 34 | Web Configuration ECTION – 34 –...
Page 35: Using The Web Interface
SING THE NTERFACE This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Mozilla Firefox 2.0.0.0, or more recent versions).
Page 36: Configuration Options
| Using the Web Interface HAPTER Navigating the Web Browser Interface Configurable parameters have a dialog box or a drop-down list. Once a ONFIGURATION configuration change has been made on a page, be sure to click on the PTIONS Save button to confirm the new setting. The following table summarizes the web page configuration buttons.
Page 37 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Aggregation Static Specifies ports to group into static trunks LACP Allows ports to dynamically join trunks Spanning Tree Bridge Settings Configures global bridge settings for STP, RSTP and MSTP; also configures edge port settings for BPDU filtering, BPDU guard, and port error recovery MSTI Mapping...
Page 38 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Access Sets IP addresses of clients allowed management access via Management HTTP/HTTPS, and SNMP, and Telnet/SSH SNMP Simple Network Management Protocol System Configures read-only and read/write community strings for SNMP v1/v2c, engine ID for SNMP v3, and trap parameters...
Page 39 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Aggregation Static Specifies ports to group into static trunks LACP Allows ports to dynamically join trunks Loop Protection Detects general loopback conditions caused by hardware problems or faulty protocol settings Spanning Tree Bridge Settings...
Page 40 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Private VLANs Port Isolation Prevents communications between designated ports within the same private VLAN VLAN Control List MAC-based VLAN Maps traffic with specified source MAC address to a VLAN Protocol-based VLAN Protocol to...
Page 41 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page WRED Sets drop probabilities for congested queues Congestion Prevents traffic from being forwarded if destination port is Management congested Mirroring & RSPAN Sets source and target ports for local or remote mirroring UPnP Enables UPNP and defines timeout values...
Page 42 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page DHCP Dynamic Host Configuration Protocol Snooping Shows statistics for various types of DHCP protocol packets Statistics Relay Displays server and client statistics for packets affected by Statistics the relay information policy ARP Inspection...
Page 43 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Group Displays active IGMP groups Information IPv4 SFM Displays IGMP Source-Filtered Multicast information Information including group, filtering mode (include or exclude), source address, and type (allow or deny) MLD Snooping Multicast Listener Discovery Snooping...
Page 44 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Maintenance Restart Device Restarts the switch Factory Defaults Restores factory default settings Software Upload Updates software on the switch with a file specified on the management station Image Select Displays information about the active and alternate (backup)
Page 45: Configuring The Switch
ONFIGURING THE WITCH This chapter describes all of the basic configuration tasks. ONFIGURING YSTEM NFORMATION Use the System Information Configuration page to identify the system by configuring contact information, system name, and the location of the switch. Basic/Advanced Configuration, System, Information ARAMETERS These parameters are displayed: System Contact –...
Page 46: Setting An Ip Address
| Configuring the Switch HAPTER Setting an IP Address IP A ETTING AN DDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.
Page 47: Figure 4: Ip Configuration
| Configuring the Switch HAPTER Setting an IP Address IP Router – IP address of the gateway router between the switch and ◆ management stations that exist on other network segments. VLAN ID – ID of the configured VLAN. By default, all ports on the ◆...
Page 48: Setting An Ipv6 Address
| Configuring the Switch HAPTER Setting an IP Address Use the IPv6 Configuration page to configure an IPv6 address for ETTING AN management access to the switch. DDRESS IPv6 includes two distinct address types - link-local unicast and global unicast. A link-local address makes the switch accessible over IPv6 for all devices attached to the same local subnet.
Page 49: Figure 5: Ipv6 Configuration
| Configuring the Switch HAPTER Setting an IP Address interface. The network portion of the address is based on prefixes received in IPv6 router advertisement messages, and the host portion is automatically generated using the modified EUI-64 form of the interface identifier;...
Page 50: Configuring Ntp Service
| Configuring the Switch HAPTER Configuring NTP Service NTP S ONFIGURING ERVICE Use the NTP Configuration page to specify the Network Time Protocol (NTP) servers to query for the current time. NTP allows the switch to set its internal clock based on periodic updates from an NTP time server. Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.
Page 51: Configuring The Time Zone And Daylight Savings Time
| Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time ONFIGURING THE ONE AND AYLIGHT AVINGS Use the Time Zone and Daylight Savings Time page to set the time zone and Daylight Savings Time. Time Zone – NTP/SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Page 52: Figure 7: Time Zone And Daylight Savings Time Configuration
| Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time Non-Recurring – Sets the start, end, and offset times of summer ■ time for the switch on a one-time basis. From – Start time for summer-time. ■ To –...
Page 53: Configuring Remote Log Messages
| Configuring the Switch HAPTER Configuring Remote Log Messages ONFIGURING EMOTE ESSAGES Use the System Log Configuration page to send log messages to syslog servers or other management stations. You can also limit the event messages sent to specified types. Basic/Advanced Configuration, System, Log OMMAND SAGE...
Page 54: Configuring Power Reduction
| Configuring the Switch HAPTER Configuring Power Reduction ONFIGURING OWER EDUCTION The switch provides power saving methods including powering down the circuitry for port queues when not in use. Use the EEE Configuration page to configure Energy Efficient Ethernet EDUCING OWER TO (EEE) for specified queues.
Page 55: Configuring Port Connections
| Configuring the Switch HAPTER Configuring Port Connections Figure 9: Configuring EEE Power Reduction ONFIGURING ONNECTIONS Use the Port Configuration page to configure the connection parameters for each port. This page includes options for enabling auto-negotiation or manually setting the speed and duplex mode, enabling flow control, setting the maximum frame size, specifying the response to excessive collisions, or enabling power saving mode.
Page 56 | Configuring the Switch HAPTER Configuring Port Connections The 1000BASE-T standard does not support forced mode. Auto- negotiation should always be used to establish a connection over any 1000BASE-T port or trunk. If not used, the success of the link process cannot be guaranteed when connecting to other types of switches.
Page 57: Configuring Security
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure port connection settings: Click Configuration, Ports. Make any required changes to the connection settings. Click Save. Figure 10: Port Configuration ONFIGURING ECURITY You can configure this switch to authenticate users logging into the system for management access or to control client access to the data ports.
Page 58: Configuring User Accounts
| Configuring the Switch HAPTER Configuring Security addresses assigned to DHCP clients can also be carefully controlled using static or dynamic bindings with DHCP Snooping and IP Source Guard commands. ARP Inspection can also be used to validate the MAC address bindings for ARP packets, providing protection against ARP traffic with invalid MAC to IP address bindings, which forms the basis for “man-in-the- middle”...
Page 59 | Configuring the Switch HAPTER Configuring Security Privilege Level – Specifies the user level. (Options: 1 - 15) ◆ Access to specific functions are controlled through the Privilege Levels configuration page (see page 60). The default settings provide four access levels: 1 –...
Page 60: Configuring User Privilege Levels
| Configuring the Switch HAPTER Configuring Security Use the Privilege Levels page to set the privilege level required to read or ONFIGURING configure specific software modules or system settings. RIVILEGE EVELS Advanced Configuration, Security, Switch, Privilege Levels ARAMETERS These parameters are displayed: ◆...
Page 61: Configuring The Authentication Method For Management Access
| Configuring the Switch HAPTER Configuring Security Click Save. Figure 13: Configuring Privilege Levels Use the Authentication Method Configuration page to specify the ONFIGURING authentication method for controlling management access through the UTHENTICATION console, Telnet, SSH or HTTP/HTTPS. Access can be based on the (local) ETHOD user name and password configured on the switch, or can be controlled ANAGEMENT...
Page 62: Figure 14: Authentication Server Operation
| Configuring the Switch HAPTER Configuring Security Figure 14: Authentication Server Operation 1. Client attempts management access. 2. Switch contacts authentication server RADIUS/ 3. Authentication server challenges client. 4. Client responds with proper password or key TACACS+ 5. Authentication server approves access. server 6.
Page 63: Figure 15: Authentication Method For Management Access
| Configuring the Switch HAPTER Configuring Security This guide assumes that RADIUS and TACACS+ servers have already been configured to support AAA. The configuration of RADIUS and TACACS+ server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS and TACACS+ server software.
Page 64: Configuring Ssh
| Configuring the Switch HAPTER Configuring Security Use the SSH Configuration page to configure access to the Secure Shell ONFIGURING (SSH) management interface. SSH provides remote management access to this switch as a secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a public-key that the client uses along with a local user name and password for access authentication.
Page 65: Configuring Https
| Configuring the Switch HAPTER Configuring Security Use the HTTPS Configuration page to enable the Secure Hypertext Transfer HTTPS ONFIGURING Protocol (HTTPS) over the Secure Socket Layer (SSL). HTTPS provides secure access (i.e., an encrypted connection) to the switch's web interface. Advanced Configuration, Security, Switch, HTTPS SAGE UIDELINES...
Page 66: Filtering Ip Addresses For Management Access
| Configuring the Switch HAPTER Configuring Security Figure 17: HTTPS Configuration Use the Access Management Configuration page to create a list of up to 16 ILTERING IP addresses or IP address groups that are allowed management access to DDRESSES FOR the switch through the web interface, or SNMP, or Telnet.
Page 67: Using Simple Network Management Protocol
| Configuring the Switch HAPTER Configuring Security Mark the protocols to restrict based on the specified address range. The following example shows how to restrict management access for all protocols to a specific address range. Click Save. Figure 18: Access Management Configuration Simple Network Management Protocol (SNMP) is a communication protocol SING IMPLE...
Page 68: Table 6: Snmp Security Models And Levels
| Configuring the Switch HAPTER Configuring Security MIB objects) and default groups defined for security models v1 and v2c. The following table shows the security models and levels available and the system default settings. Table 6: SNMP Security Models and Levels Model Level Community String...
Page 69 | Configuring the Switch HAPTER Configuring Security Version - Specifies the SNMP version to use. (Options: SNMP v1, ◆ SNMP v2c, SNMP v3; Default: SNMP v2c) Read Community - The community used for read-only access to the ◆ SNMP agent. (Range: 0-255 characters, ASCII characters 33-126 only; Default: public) This parameter only applies to SNMPv1 and SNMPv2c.
Page 70 | Configuring the Switch HAPTER Configuring Security 8 colon-separated 16-bit hexadecimal values. One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. Trap Authentication Failure - Issues a notification message to ◆...
Page 71: Figure 19: Snmp System Configuration
| Configuring the Switch HAPTER Configuring Security To select a name from this field, first enter an SNMPv3 user with the same Trap Security Engine ID in the SNMPv3 Users Configuration menu (see "Configuring SNMPv3 Users" on page 73). NTERFACE To configure SNMP system and trap settings: Click Advanced Configuration, Security, Switch, SNMP, System.
Page 72: Figure 20: Snmpv3 Community Configuration
| Configuring the Switch HAPTER Configuring Security SNMP ETTING OMMUNITY CCESS TRINGS Use the SNMPv3 Community Configuration page to set community access strings. All community strings used to authorize access by SNMP v1 and v2c clients should be listed in the SNMPv3 Communities Configuration table.
Page 73: Users
| Configuring the Switch HAPTER Configuring Security SNMP ONFIGURING SERS Use the SNMPv3 User Configuration page to define a unique name and remote engine ID for each SNMPv3 user. Users must be configured with a specific security level, and the types of authentication and privacy protocols to use.
Page 74: Groups
| Configuring the Switch HAPTER Configuring Security Privacy Protocol - The encryption algorithm use for data privacy; only ◆ 56-bit DES is currently available. (Options: None, DES; Default: DES) Privacy Password - A string identifying the privacy pass phrase. ◆ (Range: 8-40 characters, ASCII characters 33-126 only) NTERFACE To configure SNMPv3 users:...
Page 75: Views
| Configuring the Switch HAPTER Configuring Security menu (see page 73). To modify an entry for USM, the current entry must first be deleted. Group Name - The name of the SNMP group. (Range: 1-32 characters, ◆ ASCII characters 33-126 only) NTERFACE To configure SNMPv3 groups: Click Advanced Configuration, Security, Switch, SNMP, Groups.
Page 76: Figure 23: Snmpv3 View Configuration
| Configuring the Switch HAPTER Configuring Security should exist and its OID subtree should overlap the “excluded” view entry. OID Subtree - Object identifiers of branches within the MIB tree. Note ◆ that the first character must be a period (.). Wild cards can be used to mask a specific portion of the OID string using an asterisk.
Page 77: Remote Monitoring
| Configuring the Switch HAPTER Configuring Security Auth, Priv - SNMP communications use both authentication and ■ encryption. Read View Name - The configured view for read access. (Range: 1-32 ◆ characters, ASCII characters 33-126 only) Write View Name - The configured view for write access. ◆...
Page 78: Figure 25: Rmon Statistics Configuration
| Configuring the Switch HAPTER Configuring Security RMON S ONFIGURING TATISTICAL AMPLES Use the RMON Statistics Configuration page to collect statistics on a port, which can subsequently be used to monitor the network for common errors and overall traffic rates. Advanced Configuration, Security, RMON, Statistics OMMAND SAGE...
Page 79: Figure 26: Rmon History Configuration
| Configuring the Switch HAPTER Configuring Security growth and plan for expansion before your network becomes too overloaded. Advanced Configuration, Security, RMON, History OMMAND SAGE The information collected for each sample includes: drop events, input octets, packets, broadcast packets, multicast packets, CRC alignment errors, undersize packets, oversize packets, fragments, jabbers, collisions, and network utilization.
Page 80 | Configuring the Switch HAPTER Configuring Security RMON A ONFIGURING LARMS Use the RMON Alarm Configuration page to define specific criteria that will generate response events. Alarms can be set to test data over any specified time interval, and can monitor absolute or changing values (such as a statistical counter reaching a specific value, or a statistic changing by a certain amount over the set interval).
Page 81: Figure 27: Rmon Alarm Configuration
| Configuring the Switch HAPTER Configuring Security Rising or Falling – Trigger alarm when the first value is larger than ■ the rising threshold or less than the falling threshold (default). Rising Threshold – If the current value is greater than the rising ◆...
Page 82 | Configuring the Switch HAPTER Configuring Security RMON E ONFIGURING VENTS Use the RMON Event Configuration page to set the action to take when an alarm is triggered. The response can include logging the alarm or sending a message to a trap manager. Alarms and corresponding events provide a way of immediately responding to critical network problems.
Page 83: Configuring Port Limit Controls
| Configuring the Switch HAPTER Configuring Security Figure 28: RMON Event Configuration Use the Port Security Limit Control Configuration page to limit the number ONFIGURING of users accessing a given port. A user is identified by a MAC address and IMIT ONTROLS VLAN ID.
Page 84 | Configuring the Switch HAPTER Configuring Security Limit – The maximum number of MAC addresses that can be secured ◆ on this port. This number cannot exceed 1024. If the limit is exceeded, the corresponding action is taken. The switch is “initialized” with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security-enabled port.
Page 85: Configuring Authentication Through Network Access Servers
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure port limit controls: Click Advanced Configuration, Security, Network, Limit Control. Set the system configuration parameters to globally enable or disable limit controls, and configure address aging as required. Set limit controls for any port, including status, maximum number of addresses allowed, and the response to a violation.
Page 86: Figure 30: Using Port Security
| Configuring the Switch HAPTER Configuring Security Figure 30: Using Port Security 802.1x client 1. Client attempts to access a switch port. 2. Switch sends client an identity request. RADIUS 3. Client sends back identity information. 4. Switch forwards this to authentication server. server 5.
Page 87 | Configuring the Switch HAPTER Configuring Security 802.1X / MAC-based authentication must be enabled globally for the ◆ switch. The Admin State for each switch port that requires client authentication ◆ must be set to 802.1X or MAC-based. When using 802.1X authentication: ◆...
Page 88 | Configuring the Switch HAPTER Configuring Security between the switch and the client, and therefore does not imply that a client is still present on a port (see Age Period below). Reauthentication Period - Sets the time period after which a ◆...
Page 89: Table 7: Dynamic Qos Profiles
| Configuring the Switch HAPTER Configuring Security whether RADIUS-assigned QoS Class is enabled for that port. When unchecked, RADIUS-server assigned QoS Class is disabled for all ports. When RADIUS-Assigned QoS is both globally enabled and enabled for a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated.
Page 90 | Configuring the Switch HAPTER Configuring Security For example, if the attribute is “map-ip-dscp=2:3;service-policy- in=p1,” then the switch ignores the “map-ip-dscp” profile. When authentication is successful, the dynamic QoS information ■ may not be passed from the RADIUS server due to one of the following conditions (authentication result remains unchanged): The Filter-ID attribute cannot be found to carry the user profile.
Page 91 | Configuring the Switch HAPTER Configuring Security If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a VLAN ID or it's invalid, or the supplicant is otherwise no longer present on the port, the port's VLAN ID is immediately reverted to the original VLAN ID (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned setting).
Page 92 | Configuring the Switch HAPTER Configuring Security For trouble-shooting VLAN assignments, use the Monitor > VLANs > VLAN Membership and VLAN Port pages. These pages show which modules have (temporarily) overridden the current Port VLAN configuration. Guest VLAN Operation When a Guest VLAN enabled port's link comes up, the switch starts transmitting EAPOL Request Identity frames.
Page 93 | Configuring the Switch HAPTER Configuring Security Admin State - If NAS is globally enabled, this selection controls the ◆ port's authentication mode. The following modes are available: Force Authorized - The switch sends one EAPOL Success frame ■ when the port link comes up. This forces the port to grant access to all clients, either dot1x-aware or otherwise.
Page 94 | Configuring the Switch HAPTER Configuring Security password in the subsequent EAP exchange with the RADIUS server. The 6-byte MAC address is converted to a string on the following form “xx-xx-xx-xx-xx-xx”, that is, a dash (-) is used as separator between the lower-cased hexadecimal digits.
Page 95 | Configuring the Switch HAPTER Configuring Security Guest VLAN Enabled - Enables or disables this feature for a given ◆ port. Refer to the description of this feature under the System Configure section. Port State - The current state of the port: ◆...
Page 96: Filtering Traffic With Access Control Lists
| Configuring the Switch HAPTER Configuring Security Figure 31: Network Access Server Configuration An Access Control List (ACL) is a sequential list of permit or deny ILTERING RAFFIC conditions that apply to IP addresses, MAC addresses, or other more WITH CCESS specific criteria.
Page 97 | Configuring the Switch HAPTER Configuring Security Policy ID - An ACL policy configured on the ACE Configuration page ◆ (page 101). (Range: 1-8; Default: 1, which is undefined) Action - Permits or denies a frame based on whether it matches a rule ◆...
Page 98: Figure 32: Acl Port Configuration
| Configuring the Switch HAPTER Configuring Security frames, or shutting down the port. Note that the setting for rate limiting is implemented regardless of whether or not a matching packet is seen. Repeat the preceding step for each port to which an ACL will be applied. Click Save.
Page 99: Figure 33: Acl Rate Limiter Configuration
| Configuring the Switch HAPTER Configuring Security Figure 33: ACL Rate Limiter Configuration ONFIGURING CCESS ONTROL ISTS Use the Access Control List Configuration page to define filtering rules for an ACL policy, for a specific port, or for all ports. Rules applied to a port take effect immediately, while those defined for a policy must be mapped to one or more ports using the ACL Ports Configuration menu (page...
Page 100: Table 8: Qce Modification Buttons
| Configuring the Switch HAPTER Configuring Security matches this entry when ARP/RARP protocol address space setting is equal to IP (0x800) IPv4 frames (based on destination MAC address, protocol type, TTL, ■ IP fragment, IP option flag, source/destination IP, VLAN ID, VLAN priority) ARAMETERS These parameters are displayed:...
Page 101 | Configuring the Switch HAPTER Configuring Security ACE C ONFIGURATION Ingress Port and Frame Type Ingress Port - Any port, port identifier, or policy. (Options: Any port, ◆ Port 1-10, Policy 1-8; Default: Any) Policy Filter - The policy number filter for this ACE: ◆...
Page 102 | Configuring the Switch HAPTER Configuring Security RARP opcode set to ARP, RARP - frame must have ARP/RARP opcode set to RARP, Other - frame has unknown ARP/RARP opcode flag; Default: Any) Request/Reply - Specifies whether the packet is an ARP request, ■...
Page 103 | Configuring the Switch HAPTER Configuring Security RARP frames where the PRO is equal to IP (0x800) must match this entry; Default: Any) IPv4: ◆ MAC Parameters DMAC Filter - The type of destination MAC address. (Options: Any, ■ MC - multicast, BC - broadcast, UC - unicast; Default: Any) IP Parameters IP Protocol Filter - Specifies the IP protocol to filter for this rule.
Page 104 | Configuring the Switch HAPTER Configuring Security TCP SYN - Specifies the TCP “Synchronize sequence numbers” ■ (SYN) value for this rule. (Options: Any - any value is allowed, 0 - TCP frames where the SYN field is set must not match this entry, 1 - TCP frames where the SYN field is set must match this entry;...
Page 105 | Configuring the Switch HAPTER Configuring Security DIP Filter - Specifies the destination IP filter for this rule. ■ (Options: Any - no destination IP filter is specified, Host - specifies the destination IP address in the DIP Address field, Network - specifies the destination IP address and destination IP mask in the DIP Address and DIP Mask fields;...
Page 106: Figure 34: Access Control List Configuration
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure an Access Control List for a port or a policy: Click Advanced Configuration, Security, Network, ACL, Access Control List. Click the button to add a new ACL, or use the other ACL modification buttons to specify the editing action (i.e., edit, delete, or moving the relative position of entry in the list).
Page 107: Configuring Dhcp Snooping
| Configuring the Switch HAPTER Configuring Security Use the DHCP Snooping Configuration page to filter IP traffic on insecure DHCP ONFIGURING ports for which the source address cannot be identified via DHCP snooping. NOOPING The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard).
Page 108 | Configuring the Switch HAPTER Configuring Security If the DHCP packet is not a recognizable type, it is dropped. ■ If a DHCP packet from a client passes the filtering criteria above, it ■ will only be forwarded to trusted ports in the same VLAN. If a DHCP packet is from server is received on a trusted port, it will ■...
Page 109: Configuring Dhcp Relay And Option 82 Information
| Configuring the Switch HAPTER Configuring Security Figure 35: DHCP Snooping Configuration Use the DHCP Relay Configuration page to configure DHCP relay service for DHCP ONFIGURING attached host devices. If a subnet does not include a DHCP server, you can ELAY AND PTION relay DHCP client requests to a DHCP server on another subnet.
Page 110: Figure 36: Dhcp Relay Configuration
| Configuring the Switch HAPTER Configuring Security ARAMETERS These parameters are displayed: Relay Mode - Enables or disables the DHCP relay function. ◆ (Default: Disabled) ◆ Relay Server - IP address of DHCP server to be used by the switch's DHCP relay agent.
Page 111: Configuring Ip Source Guard
| Configuring the Switch HAPTER Configuring Security IP Source Guard is a security feature that filters IP traffic on network ONFIGURING interfaces based on manually configured entries in the IP Source Guard OURCE UARD table, or dynamic entries in the DHCP Snooping table when enabled (see "Configuring DHCP Snooping").
Page 112 | Configuring the Switch HAPTER Configuring Security ARAMETERS These parameters are displayed: Global Configuration Mode – Enables or disables IP Source Guard globally on the switch. All ◆ configured ACEs will be lost when enabled. (Default: Disabled) DHCP snooping must be enabled for dynamic clients to be learned automatically.
Page 113: Figure 37: Configuring Global And Port-Based Settings For Ip Source Guard
| Configuring the Switch HAPTER Configuring Security Figure 37: Configuring Global and Port-based Settings for IP Source Guard IP S ONFIGURING TATIC INDINGS FOR OURCE UARD Use the Static IP Source Guard Table to bind a static address to a port. Table entries include a port identifier, VLAN identifier, IP address, and subnet mask.
Page 114: Configuring Arp Inspection
| Configuring the Switch HAPTER Configuring Security IP Address – A valid unicast IP address, including classful types A, B ◆ or C. IP Mask – This mask specifies the address bits used to identify the ◆ subnet and host. (Default: 255.255.255.0). NTERFACE To configure static bindings for IP Source Guard: Click Advanced Configuration, Security, Network, IP Source Guard,...
Page 115 | Configuring the Switch HAPTER Configuring Security By default, ARP Inspection is disabled both globally and on all ports. ◆ If ARP Inspection is globally enabled, then it becomes active only on ■ the ports where it has been enabled. When ARP Inspection is enabled globally, all ARP request and reply ■...
Page 116: Figure 39: Configuring Global And Port Settings For Arp Inspection
| Configuring the Switch HAPTER Configuring Security Mode – Enables Dynamic ARP Inspection on a given port. Only when ◆ both Global Mode and Port Mode on a given port are enabled, will ARP Inspection be enabled on a given port. (Default: Disabled) NTERFACE To configure global and port settings for ARP Inspection: Click Advanced Configuration, Security, Network, ARP Inspection,...
Page 117: Specifying Authentication Servers
| Configuring the Switch HAPTER Configuring Security MAC Address – Allowed source MAC address in ARP request packets. ◆ IP Address – Allowed source IP address in ARP request packets. ◆ NTERFACE To configure the static ARP Inspection table: Click Advanced Configuration, Network, Security, ARP Inspection, Static Table.
Page 118 | Configuring the Switch HAPTER Configuring Security Dead Time – The time after which the switch considers an ◆ authentication server to be dead if it does not reply. (Range: 0-3600 seconds; Default: 300 seconds) Setting the Dead Time to a value greater than 0 (zero) will cause the authentication server to be ignored until the Dead Time has expired.
Page 119: Creating Trunk Groups
| Configuring the Switch HAPTER Creating Trunk Groups Figure 41: Authentication Configuration REATING RUNK ROUPS You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches.
Page 120: Configuring Static Trunks
| Configuring the Switch HAPTER Creating Trunk Groups SAGE UIDELINES Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, configure the trunk on the devices at both ends.
Page 121 | Configuring the Switch HAPTER Creating Trunk Groups needs to ensure that frames in each “conversation” are mapped to the same trunk link. To achieve this requirement and to distribute a balanced load across all links in a trunk, the switch uses a hash algorithm to calculate an output link number in the trunk.
Page 122: Figure 42: Static Trunk Configuration
| Configuring the Switch HAPTER Creating Trunk Groups Aggregation Group Configuration Group ID – Trunk identifier. ◆ Port Members – Port identifier. ◆ NTERFACE To configure a static trunk: Click Configuration, Aggregation, Static. Select one or more load-balancing methods to apply to the configured trunks.
Page 123: Configuring Lacp
| Configuring the Switch HAPTER Creating Trunk Groups Use the LACP Port Configuration page to enable LACP on selected ports, LACP ONFIGURING configure the administrative key, and the protocol initiation mode. Basic/Advanced Configuration, Aggregation, LACP SAGE UIDELINES To avoid creating a loop in the network, be sure you enable LACP before ◆...
Page 124 | Configuring the Switch HAPTER Creating Trunk Groups Select the Specific option to manually configure a key. Use the Auto selection to automatically set the key based on the actual link speed, where 10Mb = 1, 100Mb = 2, and 1Gb = 3. Role –...
Page 125: Configuring Loop Protection
| Configuring the Switch HAPTER Configuring Loop Protection Figure 43: LACP Port Configuration ONFIGURING ROTECTION Use the Loop Protection page to detect general loopback conditions caused by hardware problems or faulty protocol settings. When enabled, a control frame is transmitted on the participating ports, and the switch monitors inbound traffic to see if the frame is looped back.
Page 126: Figure 44: Loop Protection Configuration
| Configuring the Switch HAPTER Configuring Loop Protection When the loop protection mode is changed, any ports placed in shutdown state by the loopback detection process will be immediately restored to operation regardless of the remaining recover time. Port Configuration Port –...
Page 127: Configuring The Spanning Tree Algorithm
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm ONFIGURING THE PANNING LGORITHM The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link...
Page 128: Figure 46: Mstp Region, Internal Spanning Tree, Multiple Spanning Tree
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm MSTP – When using STP or RSTP, it may be difficult to maintain a stable path between all VLAN members. Frequent changes in the tree structure can easily isolate some of the group members. MSTP (which is based on RSTP for fast convergence) is designed to support independent spanning trees based on VLAN groups.
Page 129: Configuring Global Settings For Sta
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm running spanning tree algorithm between switches that support the STP, RSTP, MSTP protocols. Once you specify the VLANs to include in a Multiple Spanning Tree Instance (MSTI), the protocol will automatically build an MSTI tree to maintain connectivity among each of the VLANs.
Page 130 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm configuration, allowing them to participate in a specific set of spanning tree instances. A spanning tree instance can exist only on bridges that have ■ compatible VLAN instance assignments. Be careful when switching between spanning tree modes. Changing ■...
Page 131 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm from among the device ports attached to the network. (Note that references to “ports” in this section mean “interfaces,” which includes both ports and trunks.) Minimum: The higher of 6 or [2 x (Hello Time + 1)] Maximum: The lower of 40 or [2 x (Forward Delay - 1)] Default: 20 ◆...
Page 132: Configuring Multiple Spanning Trees
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm NTERFACE To configure global settings for STA: Click Configuration, Spanning Tree, Bridge Settings. Modify the required attributes. Click Save. Figure 48: STA Bridge Configuration Use the MSTI Mapping page to add VLAN groups to an MSTP instance ONFIGURING (MSTI), or to designate the name and revision of the VLAN-to-MSTI ULTIPLE...
Page 133 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm To use multiple spanning trees: Set the spanning tree type to MSTP (page 129). Add the VLANs that will share this MSTI on the MSTI Mapping page. Enter the spanning tree priority for the CIST and selected MST instance on the MSTI Priorities page.
Page 134: Configuring Spanning Tree Bridge Priorities
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 49: Adding a VLAN to an MST Instance Use the MSTI Priorities page to configure the bridge priority for the CIST ONFIGURING and any configured MSTI. Remember that RSTP looks upon each MST PANNING Instance as a single bridge node.
Page 135: Configuring Stp/Rstp/Cist Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm NTERFACE To add VLAN groups to an MSTP instance: Click Configuration, Spanning Tree, MSTI Priorities. Set the bridge priority for the CIST or any configured MSTI. Click Save Figure 50: Configuring STA Bridge Priorities Use the CIST Ports Configuration page to configure STA attributes for ONFIGURING interfaces when the spanning tree mode is set to STP or RSTP, or for...
Page 136: Table 9: Recommended Sta Path Cost Range
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm spanning tree. As implemented on this switch, BPDU transparency allows a port which is not participating in the spanning tree (such as an uplink port to the service provider’s network) to forward BPDU packets to other ports instead of discarding these packets or attempting to process them.
Page 137 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm highest priority, the port with lowest numeric identifier will be enabled. (Range: 0-240, in steps of 16; Default: 128) Admin Edge (Fast Forwarding) – You can enable this option if an ◆...
Page 138: Configuring Mist Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Point-to-Point – The link type attached to an interface can be set to ◆ automatically detect the link type, or manually configured as point-to- point or shared medium. Transition to the forwarding state is faster for point-to-point links than for shared media.
Page 139: Figure 52: Msti Port Configuration
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm ARAMETERS These parameters are displayed: Port – Port identifier. ◆ This field is not applicable to static trunks or dynamic trunks created through LACP. Also, note that only one set of interface configuration settings can be applied to all trunks.
Page 140: Multicast Vlan Registration
| Configuring the Switch HAPTER Multicast VLAN Registration VLAN R ULTICAST EGISTRATION Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN most commonly used for transmitting multicast traffic (such as television channels or video-on-demand) across a service provider’s network.
Page 141 | Configuring the Switch HAPTER Multicast VLAN Registration Set the interfaces that will join the MVR as source ports or receiver ports. If you are sure that only one subscriber attached to an interface is receiving multicast services, you can enable the immediate leave function.
Page 142 | Configuring the Switch HAPTER Multicast VLAN Registration port from multicast group membership. (Range: 0 to 31,744 tenths of a second; Default: 5 tenths of a second) Interface Channel Setting – When the MVR VLAN is created, click the ◆ Edit symbol to expand the corresponding multicast channel settings for the specific MVR VLAN.
Page 143: Configuring Mvr Channel Settings
| Configuring the Switch HAPTER Multicast VLAN Registration switch can only remove the interface from the multicast stream after the host responds to a periodic request for a membership report. Note that immediate leave should only be enabled on receiver ports to which only one subscriber is attached.
Page 144 | Configuring the Switch HAPTER Multicast VLAN Registration Static bindings should only be used to receive long-term multicast ◆ streams associated with a stable set of hosts Only IGMP version 2 or 3 hosts can issue multicast join or leave ◆...
Page 145: Igmp Snooping
| Configuring the Switch HAPTER IGMP Snooping Figure 55: Configuring MVR Channel Settings IGMP S NOOPING Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Page 146 | Configuring the Switch HAPTER IGMP Snooping passing between multicast clients and servers, and dynamically configure the switch ports which need to forward multicast traffic. Multicast routers use information from IGMP snooping and query reports, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet.
Page 147 | Configuring the Switch HAPTER IGMP Snooping specific source. For IGMPv1/v2 hosts, the source address of a channel is always null (indicating that any source is acceptable), but for IGMPv3 hosts, it may include a specific address when requested. Only IGMPv3 hosts can request service from a specific multicast source. When downstream hosts request service from a specific source for a multicast service, these sources are all placed in the Include list, and traffic is forwarded to the hosts from each of these sources.
Page 148 | Configuring the Switch HAPTER IGMP Snooping If IGMP snooping cannot locate the IGMP querier, you can manually designate a port which is connected to a known IGMP querier (i.e., a multicast router/switch). This interface will then join all the current multicast groups supported by the attached router/switch to ensure that multicast traffic is passed to all appropriate interfaces within the switch.
Page 149: Configuring Vlan Settings For Igmp Snooping And Query
| Configuring the Switch HAPTER IGMP Snooping NTERFACE To configure global and port-related settings for IGMP Snooping: Click Configuration, IPMC, IGMP Snooping, Basic Configuration. Adjust the IGMP settings as required. Click Save. Figure 56: Configuring Global and Port-related Settings for IGMP Snooping Use the IGMP Snooping VLAN Configuration page to configure IGMP VLAN ONFIGURING...
Page 150 | Configuring the Switch HAPTER IGMP Snooping elected “querier” and assumes the role of querying the LAN for group members. It then propagates the service requests on to any upstream multicast switch/router to ensure that it will continue to receive the multicast service.
Page 151: Configuring Igmp Filtering
| Configuring the Switch HAPTER IGMP Snooping This attribute will take effect only if IGMP snooping proxy reporting is enabled (see page 152). URI - The Unsolicited Report Interval specifies how often the upstream ◆ interface should transmit unsolicited IGMP reports when report suppression/proxy reporting is enabled.
Page 152: Mld Snooping
| Configuring the Switch HAPTER MLD Snooping NTERFACE To configure IGMP Snooping Port Group Filtering: Click Configuration, IGMP Snooping, Port Group Filtering. Click Add New Filtering Group to display a new entry in the table. Select the port to which the filter will be applied. Enter the IP address of the multicast service to be filtered.
Page 153 | Configuring the Switch HAPTER MLD Snooping Multicast routers use information from MLD snooping and query reports, along with a multicast routing protocol such as PIMv6, to support IP multicasting across the Internet. Advanced Configuration, IPMC, MLD Snooping, Basic Configuration ARAMETERS These parameters are displayed: Global Configuration...
Page 154 | Configuring the Switch HAPTER MLD Snooping The leave-proxy feature does not function when a switch is set as the querier. When the switch is a non-querier, the receiving port is not the last dynamic member port in the group, and the receiving port is not a router port, the switch will generate and send a group-specific (GS) query to the member port which received the leave message, and then start the last member query timer for that port.
Page 155: Configuring Vlan Settings For Mld Snooping And Query
| Configuring the Switch HAPTER MLD Snooping enabled on an interface if it is connected to only one MLD-enabled device, either a service host or a neighbor running MLD snooping. Fast Leave does not apply to a port if the switch has learned that a multicast router is attached to it.
Page 156 | Configuring the Switch HAPTER MLD Snooping Snooping Enabled - When enabled, the switch will monitor network ◆ traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic. (Default: Disabled) When MLD snooping is enabled globally, the per VLAN interface settings for MLD snooping take precedence.
Page 157 | Configuring the Switch HAPTER MLD Snooping QRI - The Query Response Interval is the Max Response Time ◆ advertised in periodic General Queries. The QRI applies when the switch is serving as the querier, and is used to inform other devices of the maximum time this system waits for a response to general queries.
Page 158: Configuring Mld Filtering
| Configuring the Switch HAPTER Link Layer Discovery Protocol Use the MLD Snooping Port Group Filtering Configuration page to filter ONFIGURING specific multicast traffic. In certain switch applications, the administrator ILTERING may want to control the multicast services that are available to end users; for example, an IP/TV service based on a specific subscription plan.
Page 159: Configuring Lldp Timing And Tlvs
| Configuring the Switch HAPTER Link Layer Discovery Protocol LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers. Use the LLDP Configuration page to set the timing attributes used for the LLDP ONFIGURING transmission of LLDP advertisements, and the device information which is IMING AND...
Page 160 | Configuring the Switch HAPTER Link Layer Discovery Protocol Mode – Enables LLDP message transmit and receive modes for LLDP ◆ Protocol Data Units. (Options: Disabled, Enabled - TxRx, Rx only, Tx only; Default: Disabled) CDP Aware – Enables decoding of Cisco Discovery Protocol frames. ◆...
Page 161: Figure 62: Lldp Configuration
| Configuring the Switch HAPTER Link Layer Discovery Protocol The management address TLV may also include information about the specific interface associated with this address, and an object identifier indicating the type of hardware component or protocol entity associated with this address. The interface number and OID are included to assist SNMP applications in the performance of network discovery by indicating enterprise specific or other starting points for the search, such as the Interface or Entity MIB.
Page 162: Configuring Lldp-Med Tlvs
| Configuring the Switch HAPTER Link Layer Discovery Protocol Use the LLDP-MED Configuration page to set the device information which ONFIGURING is advertised for end-point devices. LLDP-MED TLV LLDP-MED (Link Layer Discovery Protocol - Media Endpoint Discovery) is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches.
Page 163 | Configuring the Switch HAPTER Link Layer Discovery Protocol Coordinates Location Latitude – Normalized to within 0-90 degrees with a maximum of 4 ◆ digits. It is possible to specify the direction to either North of the equator or South of the equator. Longitude –...
Page 164 | Configuring the Switch HAPTER Link Layer Discovery Protocol Trailing street suffix - Trailing street suffix. (Example: SW) ■ Street suffix - Street suffix. (Example: Ave, Platz) ■ House no. - House number. (Example: 21) ■ House no. suffix - House number suffix. (Example: A, 1/2) ■...
Page 165 | Configuring the Switch HAPTER Link Layer Discovery Protocol This network policy is potentially advertised and associated with multiple sets of application types supported on a given port. The application types specifically addressed are: Voice ■ Guest Voice ■ Softphone Voice ■...
Page 166 | Configuring the Switch HAPTER Link Layer Discovery Protocol endpoints frequently does not support multiple VLANs, if at all, and are typically configured to use an 'untagged’ VLAN or a single 'tagged’ data specific VLAN. When a network policy is defined for use with an 'untagged’...
Page 167: Power Over Ethernet
| Configuring the Switch HAPTER Power over Ethernet NTERFACE To configure LLDP-MED TLVs: Click Configuration, LLDP-MED. Modify any of the timing parameters as required. Set the fast start repeat count, descriptive information for the end- point device, and policies applied to selected ports. Click Save.
Page 168 | Configuring the Switch HAPTER Power over Ethernet on the amount of cables attached to each device. Once configured to supply power, an automatic detection process is initialized by the switch that is authenticated by a PoE signature from the connected device. Detection and authentication prevent damage to non-compliant devices (IEEE 802.3af or 802.3at).
Page 169 | Configuring the Switch HAPTER Power over Ethernet and reserves power accordingly. Four different port classes exist, including 4, 7, 15.4 or 34.2 Watts. In this mode, the Maximum Power fields have no effect. Allocation – The amount of power that each port may reserve is ■...
Page 170: Configuring The Mac Address Table
| Configuring the Switch HAPTER Configuring the MAC Address Table Maximum Power - The maximum power that can be delivered to a ◆ remote device. (Range: 0-34.2 Watts depending on the PoE mode) NTERFACE To configure global and port-specific PoE settings: Click Advanced Configuration, PoE.
Page 171 | Configuring the Switch HAPTER Configuring the MAC Address Table ARAMETERS These parameters are displayed: Aging Configuration Disable Automatic Aging - Disables the automatic aging of dynamic ◆ entries. (Address aging is enabled by default.) ◆ Aging Time - The time after which a learned entry is discarded. (Range: 10-1000000 seconds;...
Page 172: Ieee 802.1Q Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs Add any required static MAC addresses by clicking the Add New Static Entry button, entering the VLAN ID and MAC address, and marking the ports to which the address is to be mapped. Click Save.
Page 173: Assigning Ports To Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs End stations can belong to multiple VLANs ◆ Passing traffic between VLAN-aware and VLAN-unaware devices ◆ Priority tagging ◆ Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate.
Page 174: Configuring Vlan Attributes For Port Members
| Configuring the Switch HAPTER IEEE 802.1Q VLANs NTERFACE To configure IEEE 802.1Q VLAN groups: Click Configuration, VLANs, VLAN Membership. Change the ports assigned to the default VLAN (VLAN 1) if required. To configure a new VLAN, click Add New VLAN, enter the VLAN ID, and then mark the ports to be assigned to the new group.
Page 175 | Configuring the Switch HAPTER IEEE 802.1Q VLANs Port Type – Configures how a port processes the VLAN ID in ingress ◆ frames. (Default: Unaware) C-port – For customer ports, each frame is assigned to the VLAN ■ indicated in the VLAN tag, and the tag is removed. S-port –...
Page 176: Figure 67: Vlan Port Configuration
| Configuring the Switch HAPTER IEEE 802.1Q VLANs are classified to the Port VLAN ID. If the classified VLAN ID of a frame transmitted on the port is different from the Port VLAN ID, a VLAN tag with the classified VLAN ID is inserted in the frame. When forwarding a frame from this switch along a path that contains any VLAN-aware devices, the switch should include VLAN tags.
Page 177: Using Port Isolation
| Configuring the Switch HAPTER Using Port Isolation SING SOLATION Use the Port Isolation Configuration page to prevent communications between customer ports within the same private VLAN. Ports within a private VLAN (PVLAN) are isolated from other ports which are not in the same PVLAN. Port Isolation can be used to prevent communications between ports within the same PVLAN.
Page 178 | Configuring the Switch HAPTER Configuring MAC-based VLANs OMMAND SAGE ◆ Source MAC addresses can be mapped to only one VLAN ID. Configured MAC addresses cannot be broadcast or multicast addresses. ◆ When MAC-based and protocol-based VLANs are both enabled, priority ◆...
Page 179: Protocol Vlans
| Configuring the Switch HAPTER Protocol VLANs VLAN ROTOCOL The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 180: Figure 70: Configuring Protocol Vlans
| Configuring the Switch HAPTER Protocol VLANs LLC – Includes the DSAP (Destination Service Access Point) and SSAP (Source Service Access Point) values. (Range: 0x00-0xff; Default: 0xff) SNAP – Includes OUI (Organizationally Unique Identifier) and PID (Protocol ID) values: OUI – A value in the format of xx-xx-xx where each pair (xx) in the ■...
Page 181: Mapping Protocol Groups To Ports
| Configuring the Switch HAPTER Protocol VLANs Use the Group Name to VLAN Mapping Table to map a protocol group to a APPING ROTOCOL VLAN for each interface that will participate in the group. ROUPS TO ORTS Advanced Configuration, VCL, Protocol-based VLANs, Group to VLAN OMMAND SAGE When creating a protocol-based VLAN, only assign interfaces using this...
Page 182: Configuring Ip Subnet-Based Vlans
| Configuring the Switch HAPTER Configuring IP Subnet-based VLANs Figure 71: Assigning Ports to Protocol VLANs IP S VLAN ONFIGURING UBNET BASED Use the IP Subnet-based VLAN Membership Configuration page to map untagged ingress frames to a specified VLAN if the source address is found in the IP subnet-to-VLAN mapping table.
Page 183: Managing Voip Traffic
| Configuring the Switch HAPTER Managing VoIP Traffic IP Address – The IP address for a subnet. Valid IP addresses consist of ◆ four decimal numbers, 0 to 255, separated by periods. Mask Length – The network mask length. ◆ VLAN ID –...
Page 184: Configuring Voip Traffic
| Configuring the Switch HAPTER Managing VoIP Traffic Use the Voice VLAN Configuration page to configure the switch for VoIP ONFIGURING traffic. First enable automatic detection of VoIP devices attached to the RAFFIC switch ports, then set the Voice VLAN ID for the network. The Voice VLAN aging time can also be set to remove a port from the Voice VLAN when VoIP traffic is no longer received on the port.
Page 185 | Configuring the Switch HAPTER Managing VoIP Traffic When OUI is selected, be sure to configure the MAC address ranges in the Telephony OUI list. Forced – The Voice VLAN feature is enabled on the port. ■ Security – Enables security filtering that discards any non-VoIP ◆...
Page 186: Configuring Telephony Oui
| Configuring the Switch HAPTER Managing VoIP Traffic Figure 73: Configuring Global and Port Settings for a Voice VLAN Use the Voice VLAN OUI Table to identify VoIP devices attached to the ONFIGURING switch. VoIP devices can be identified by the manufacturer’s Organizational ELEPHONY Unique Identifier (OUI) in the source MAC address of received packets.
Page 187: Quality Of Service
| Configuring the Switch HAPTER Quality of Service Enter a MAC address that specifies the OUI for VoIP devices in the network, and enter a description for the devices. Click Save. Figure 74: Configuring an OUI Telephony List UALITY OF ERVICE All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class.
Page 188: Configuring Port Classification
| Configuring the Switch HAPTER Quality of Service Use the QoS Ingress Port Classification page to set the basic QoS ONFIGURING parameters for a port, including the default traffic class, DP level (IEEE LASSIFICATION 802.1p), and DSCP-based QoS classification. Advanced Configuration, QoS, Port Classification ARAMETERS These parameters are displayed: QoS Ingress Port Classification...
Page 189: Configuring Egress Port Scheduler
| Configuring the Switch HAPTER Quality of Service verify conformity. Non-conforming traffic is dropped, conforming traffic is forwarded without any changes. Advanced Configuration, QoS, Port Policing ARAMETERS These parameters are displayed: ◆ Port – Port identifier. Enabled – Enables or disables port policing on a port. ◆...
Page 190 | Configuring the Switch HAPTER Quality of Service ARAMETERS These parameters are displayed: Displaying QoS Egress Port Schedulers Port – Port identifier. ◆ Mode – Shows the scheduling mode for this port. ◆ ◆ Weight – Shows the weight of each egress queue used by the port. Configuring QoS Egress Port Scheduler, Queue Scheduler and Port Shapers Scheduler Mode –...
Page 191: Figure 77: Displaying Egress Port Schedulers
| Configuring the Switch HAPTER Quality of Service Port Shaper – Sets the rate at which traffic can egress this queue. ◆ Enable – Enables or disables port shaping. (Default: Disabled) ■ Rate – Controls the rate for the port shaper. The default value is ■...
Page 192: Configuring Egress Port Shaper
| Configuring the Switch HAPTER Quality of Service Figure 78: Configuring Egress Port Schedulers and Shapers Use the QoS Egress Port Shapers page to show an overview of the QoS ONFIGURING GRESS Egress Port Shapers, including the rate for each queue and port. Click on HAPER any of the entries in the Port field to configure egress queue mode, queue shaper (rate and access to excess bandwidth), and port shaper...
Page 193: Configuring Port Remarking Mode
| Configuring the Switch HAPTER Quality of Service NTERFACE To show an overview of the rate for each queue and port: Click Advanced Configuration, QoS, Port Shaper. Click on any enter under the Port field to configure the Port Scheduler and Shaper.
Page 194: Figure 80: Displaying Port Tag Remarking Mode
| Configuring the Switch HAPTER Quality of Service Mapped – Controls the mapping of the classified QoS class values ■ and DP levels (drop precedence) to (PCP/DEI) values. QoS class/DP level – Shows the mapping options for QoS class ■ values and DP levels (drop precedence).
Page 195: Configuring Port Dscp Translation And Rewriting
| Configuring the Switch HAPTER Quality of Service Figure 81: Configuring Port Tag Remarking Mode Use the QoS Port DSCP Configuration page to configure ingress translation ONFIGURING and classification settings and egress re-writing of DSCP values. DSCP T RANSLATION EWRITING Advanced Configuration, QoS, Port DSCP ARAMETERS These parameters are displayed:...
Page 196: Configuring Dscp-Based Qos Ingress Classification
| Configuring the Switch HAPTER Quality of Service Disable – No Ingress DSCP Classification is performed. ■ DSCP=0 – Classify if incoming DSCP is 0. ■ Selected – Classify only selected DSCP for which classification is ■ enabled in DSCP Translation table (see page 198).
Page 197 | Configuring the Switch HAPTER Quality of Service Advanced Configuration, QoS, DSCP-Based QoS ARAMETERS These parameters are displayed: DSCP – DSCP value in ingress packets. (Range: 0-63) ◆ Trust – Controls whether a specific DSCP value is trusted. Only frames ◆...
Page 198: Configuring Dscp Translation
| Configuring the Switch HAPTER Quality of Service Use the DSCP Translation page to configure DSCP translation for ingress DSCP ONFIGURING traffic or DSCP re-mapping for egress traffic. RANSLATION Advanced Configuration, QoS, DSCP Translation ARAMETERS These parameters are displayed: ◆ DSCP –...
Page 199: Configuring Dscp Classification
| Configuring the Switch HAPTER Quality of Service Use the DSCP Classification page to map DSCP values to a QoS class and DSCP ONFIGURING drop precedence level. LASSIFICATION Advanced Configuration, QoS, DSCP Classification ARAMETERS These parameters are displayed: ◆ QoS Class – Shows the mapping options for QoS class values. DSCP –...
Page 200: Table 12: Qce Modification Buttons
| Configuring the Switch HAPTER Quality of Service ARAMETERS These parameters are displayed: QoS Control List QCE – Quality Control Entry index. ◆ Port - Port identifier. ◆ Frame Type – Indicates the type of frame to look for in incoming ◆...
Page 201 | Configuring the Switch HAPTER Quality of Service Key Parameters Tag – VLAN tag type. (Options: Any, Tag, Untag; Default: Any) ◆ VID – VLAN identifier. (Options: Any, Specific (1-4095), Range; ◆ Default: Any) PCP – Priority Code Point (User Priority). (Options: a specific value of ◆...
Page 202 | Configuring the Switch HAPTER Quality of Service other than 00-00-00, then valid value of the PID will be any value from 0x0000 to 0xffff. IPv4 – IPv4 frame type includes the following settings: ■ Protocol – IP protocol number. (Options: Any, UDP, TCP, or ■...
Page 203: Figure 86: Qos Control List Configuration
| Configuring the Switch HAPTER Quality of Service a queue based on basic classification rules. (Options: 0-7, Default (use basic classification); Default setting: 0) DPL – The drop precedence level will be set to the specified value or ◆ left unchanged. (Options: 0-1, Default; Default setting: Default) DSCP –...
Page 204: Configuring Storm Control
| Configuring the Switch HAPTER Quality of Service Use the Storm Control Configuration page to set limits on broadcast, ONFIGURING TORM multicast and unknown unicast traffic to control traffic storms which may ONTROL occur when a network device is malfunctioning, the network is not properly configured, or application programs are not well designed or properly configured.
Page 205: Configuring Wred
| Configuring the Switch HAPTER Quality of Service Use the Storm Control Configuration page to control traffic congestion on WRED ONFIGURING its output queues using Weighted Random Early Detection (WRED). This method controls the average queue size by randomly dropping packets at a moderate rate as the network load moves above a specified minimum threshold, and then at a more aggressive rate when it reaches the maximum threshold.
Page 206: Configuring Congestion Management
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure WRED: Click Configuration, QoS, WRED. Enable WRED on the priority queues as required. Set the minimum threshold below which no packets are dropped. Set the drop probabilities for DP levels 1 through 3 as a percentage. Click Save.
Page 207: Configuring Local Port Mirroring
| Configuring the Switch HAPTER Configuring Local Port Mirroring Figure 89: Congestion Management Configuration ONFIGURING OCAL IRRORING Use the Mirroring & RSPAN Configuration page to mirror traffic from any local source port to a target port on the same switch for real-time analysis.
Page 208: Configuring Remote Port Mirroring
| Configuring the Switch HAPTER Configuring Remote Port Mirroring Tx only - Frames transmitted from this port are mirrored to the ■ destination port. Destination - Traffic from all configured source ports is mirrored to ◆ this port. (Default: Disabled) NTERFACE To configure local port mirroring: Click Basic/Advanced Configuration, Mirroring &...
Page 209: Figure 91: Configuring Remote Port Mirroring
| Configuring the Switch HAPTER Configuring Remote Port Mirroring Figure 91: Configuring Remote Port Mirroring Intermediate Switch Intermediate Switch RPSAN VLAN Uplink Port Uplink Port Destination Switch Source Switch Source Port Uplink Port Uplink Port Destination Port Ingress or egress traffic Tagged or untagged traffic is mirrored onto the RSPAN from the RSPAN VLAN is...
Page 210 | Configuring the Switch HAPTER Configuring Remote Port Mirroring session is allowed, either local or remote. Also, note that the source port and destination port cannot be configured on the same switch. MAC address learning is not supported on RSPAN uplink ports ■...
Page 211: Figure 92: Mirror Configuration (Source)
| Configuring the Switch HAPTER Configuring Remote Port Mirroring Intermediate – Uplink ports to intermediate switches. ◆ MAC Table learning must be disabled on intermediate ports. ◆ Destination Port – Specifies the destination port to monitor the traffic mirrored from source ports. A destination port can be configured on more than one switch for the same session.
Page 212: Figure 93: Mirror Configuration (Intermediate)
| Configuring the Switch HAPTER Configuring Remote Port Mirroring To configure remote port mirroring for an RSPAN intermediate switch: Click Basic/Advanced Configuration, Mirroring & RSPAN. Set the Mode to Enabled, and the Type to Intermediate. Select the intermediate ports through which all mirrored traffic will be forwarded to other switches.
Page 213: Configuring Upnp
| Configuring the Switch HAPTER Configuring UPnP Figure 94: Mirror Configuration (Destination) ONFIGURING Universal Plug and Play (UPnP) is a set of protocols that allows devices to connect seamlessly and simplifies the deployment of home and office networks. UPnP achieves this by issuing UPnP device control protocols designed upon open, Internet-based communication standards.
Page 214: Configuring Sflow
| Configuring the Switch HAPTER Configuring sFlow interface. Or right-click on the entry and select “Properties” to display a list of device attributes advertised through UPnP. Advanced Configuration, UPnP ARAMETERS These parameters are displayed: ◆ Mode - Enables/disables UPnP on the device. (Default: Disabled) TTL - Sets the time-to-live (TTL) value for UPnP messages transmitted ◆...
Page 215 | Configuring the Switch HAPTER Configuring sFlow the monitored interface. Moreover, the processor and memory load imposed by the sFlow agent is minimal since local analysis does not take place. The wire-speed transmission characteristic of the switch is thus preserved even at high traffic levels. As the Collector receives streams from the various sFlow agents (other switches or routers) throughout the network, a timely, network-wide picture of utilization and traffic flows is created.
Page 216 | Configuring the Switch HAPTER Configuring sFlow UDP Port – The UDP port on which the sFlow receiver is listening for ◆ sFlow datagrams. If set to 0 (zero), the default port (6343) is used. (Range: 0-65534; Default: 6343) Timeout – The number of seconds remaining before sampling stops, ◆...
Page 217: Figure 96: Sflow Configuration
| Configuring the Switch HAPTER Configuring sFlow Figure 96: sFlow Configuration – 217 –...
Page 218 | Configuring the Switch HAPTER Configuring sFlow – 218 –...
Page 219: Monitoring The Switch
ONITORING THE WITCH This chapter describes how to monitor all of the basic functions, configure or view system logs, and how to view traffic status or the address table. ISPLAYING ASIC NFORMATION BOUT THE YSTEM You can use the Monitor/System menu to display a basic description of the switch, log messages, or statistics on traffic used in managing the switch.
Page 220: Displaying Cpu Utilization
| Monitoring the Switch HAPTER Displaying Basic Information About the System Software Date – Release date of the switch software. ◆ Code Revision – Version control identifier of the switch software. ◆ NTERFACE To view System Information, click Monitor, System, Information. Figure 97: System Information Use the CPU Load page to display information on CPU utilization.
Page 221: Displaying Log Messages
| Monitoring the Switch HAPTER Displaying Basic Information About the System NTERFACE To display CPU utilization: Click System, then CPU Load. Figure 98: CPU Load Use the System Log Information page to scroll through the logged system ISPLAYING and event messages. ESSAGES Monitor, System, Log ARAMETERS...
Page 222: Figure 99: System Log Information
| Monitoring the Switch HAPTER Displaying Basic Information About the System Table Headings ID – Error ID. ◆ Level – Error level as described above. ◆ Time – The time of the system log entry. ◆ Message – The message text of the system log entry. ◆...
Page 223: Displaying Log Details
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Detailed Log page to view the full text of specific log messages. ISPLAYING ETAILS Monitor, System, Detailed Log NTERFACE To display the text of a specific log message, click Monitor, System, Detailed Log.
Page 224: Displaying An Overview Of Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Port Statistics Overview page to display a summary of basic ISPLAYING AN information on the traffic crossing each port. VERVIEW OF TATISTICS Monitor, Ports, Traffic Overview ARAMETERS These parameters are displayed: ◆...
Page 225: Displaying Qcl Status
| Monitoring the Switch HAPTER Displaying Information About Ports Q# Receive/Transmit – The number of packets received and ◆ transmitted through the indicated queue. NTERFACE To display the queue counters, click Monitor, Ports, QoS Statistics. Figure 103: Queueing Counters Use the QoS Control List Status page to show the QCE entries configured ISPLAYING for different users or software modules, and whether or not there is a TATUS...
Page 226: Displaying Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Conflict – Displays QCE status. It may happen that resources required ◆ to add a QCE may not available, in that case it shows conflict status as Yes, otherwise it is always shows No. Please note that conflict can be resolved by releasing the resource required by the QCE and pressing Refresh button.
Page 227 | Monitoring the Switch HAPTER Displaying Information About Ports Broadcast – The number of received and transmitted broadcast ■ packets (good and bad). Pause – A count of the MAC Control frames received or transmitted ■ on this port that have an opcode indicating a PAUSE operation. Receive/Transmit Size Counters –...
Page 228: Figure 105: Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the detailed port statistics, click Monitor, Ports, Detailed Statistics. Figure 105: Detailed Port Statistics – 228 –...
Page 229: Displaying Information About Security Settings
| Monitoring the Switch HAPTER Displaying Information About Security Settings ISPLAYING NFORMATION BOUT ECURITY ETTINGS You can use the Monitor/Security menu to display statistics on management traffic, security controls for client access to the data ports, and the status of remote authentication access servers. Use the Access Management Statistics page to view statistics on traffic ISPLAYING CCESS...
Page 230: Displaying Information About Switch Settings For Port Security
| Monitoring the Switch HAPTER Displaying Information About Security Settings Use the Port Security Switch Status page to show information about MAC ISPLAYING address learning for each port, including the software module requesting NFORMATION BOUT port security services, the service state, the current number of learned WITCH ETTINGS FOR addresses, and the maximum number of secure addresses allowed.
Page 231: Displaying Information About Learned Mac Addresses
| Monitoring the Switch HAPTER Displaying Information About Security Settings Limit Reached: The Port Security service is enabled by at least the ■ Limit Control user module, and that module has indicated that the limit is reached and no more MAC addresses should be taken in. Shutdown: The Port Security service is enabled by at least the Limit ■...
Page 232: Displaying Port Status For Authentication Services
| Monitoring the Switch HAPTER Displaying Information About Security Settings VLAN ID – The VLAN ID seen on this port. ◆ State – Indicates whether the corresponding MAC address is blocked ◆ or forwarding. In the blocked state, it will not be allowed to transmit or receive traffic.
Page 233: Service
| Monitoring the Switch HAPTER Displaying Information About Security Settings recently received frame from a new client for MAC-based authentication. Last ID – The user name (supplicant identity) carried in the most ◆ recently received Response Identity EAPOL frame for EAPOL-based authentication, and the source MAC address from the most recently received frame from a new client for MAC-based authentication.
Page 234 | Monitoring the Switch HAPTER Displaying Information About Security Settings ARAMETERS These parameters are displayed: Port State Admin State – The port's current administrative state. Refer to NAS ◆ Admin State for a description of possible values (see page 85). Port State –...
Page 235 | Monitoring the Switch HAPTER Displaying Information About Security Settings Request ID – The number of EAPOL Request Identity frames that have ◆ been transmitted by the switch. Requests – The number of valid EAPOL Request frames (other than ◆ Request Identity frames) that have been transmitted by the switch.
Page 236 | Monitoring the Switch HAPTER Displaying Information About Security Settings Last Supplicant Info MAC Address – The MAC address of the last supplicant/client. ◆ VLAN ID – The VLAN ID on which the last frame from the last ◆ supplicant/client was received. Version –...
Page 237: Displaying Acl Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings the client will remain in the unauthenticated state for Hold Time seconds (see page 231). Last Authentication – Shows the date and time of the last ◆ authentication of the client (successful as well as unsuccessful). NTERFACE To display port Statistics for 802.1X or Remote Authentication Service: Click Monitor, Security, Network, NAS, Port.
Page 238: Figure 111: Acl Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings Port: The ACE will match a specific ingress port. ■ Frame Type – Indicates the frame type to which the ACE applies. ◆ Possible values are: Any: The ACE will match any frame type. ■...
Page 239: Displaying Statistics For Dhcp Snooping
| Monitoring the Switch HAPTER Displaying Information About Security Settings Use the DHCP Snooping Port Statistics page to show statistics for various ISPLAYING types of DHCP protocol packets. TATISTICS FOR DHCP S NOOPING Monitor, Security, Network, DHCP, Snooping Statistics ARAMETERS These parameters are displayed: ◆...
Page 240: Displaying Dhcp Relay Statistics
| Monitoring the Switch HAPTER Displaying Information About Security Settings Figure 112: DHCP Snooping Statistics Use the DHCP Relay Statistics page to display statistics for the DHCP relay DHCP ISPLAYING service supported by this switch and DHCP relay clients. ELAY TATISTICS Monitor, Security, Network, DHCP, Relay Statistics ARAMETERS...
Page 241: Displaying Mac Address Bindings For Arp Packets
| Monitoring the Switch HAPTER Displaying Information About Security Settings Receive Bad Remote ID – The number of packets with a Remote ID ◆ option that did not match a known remote ID. Client Statistics Transmit to Client – The number of packets that were relayed from ◆...
Page 242: Displaying Entries In The Ip Source Guard Table
| Monitoring the Switch HAPTER Displaying Information About Security Settings NTERFACE To display the Dynamic ARP Inspection Table, click Monitor, Security, Network, ARP Inspection. Figure 114: Dynamic ARP Inspection Table Open the Dynamic IP Source Guard Table to display entries sorted first by ISPLAYING NTRIES port, then VLAN ID, MAC address, and finally IP address.
Page 243: Displaying Information On Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers ISPLAYING NFORMATION ON UTHENTICATION ERVERS Use the Monitor/Authentication pages to display information on RADIUS authentication and accounting servers, including the IP address and statistics for each server. Use the RADIUS Overview page to display a list of configured ISPLAYING A IST OF authentication and accounting servers.
Page 244: Displaying Statistics For Configured Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers Use the RADIUS Details page to display statistics for configured ISPLAYING authentication and accounting servers. The statistics map closely to those TATISTICS FOR specified in RFC4668 - RADIUS Authentication Client MIB. ONFIGURED UTHENTICATION ERVERS...
Page 245 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Accept, Access-Reject, Access-Challenge, timeout, or retransmission. Timeouts – The number of authentication timeouts to the server. ■ After a timeout, the client may retry to the same server, send to a different server, or give up.
Page 246 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Unknown Types – The number of RADIUS packets of unknown ■ types that were received from the server on the accounting port. Packets Dropped – The number of RADIUS packets that were ■...
Page 247: Displaying Information On Rmon
| Monitoring the Switch HAPTER Displaying Information on RMON NTERFACE To display statistics for configured authentication and accounting servers, click Monitor, Security, AAA, RADIUS Details. Figure 117: RADIUS Details RMON ISPLAYING NFORMATION ON Use the monitor pages for RMON to display information on RMON statistics, alarms and event responses.
Page 248 | Monitoring the Switch HAPTER Displaying Information on RMON ARAMETERS These parameters are displayed: ID – Index of Statistics entry. ◆ Data Source (ifIndex) – Port ID to monitor. ◆ Drop – The total number of events in which packets were dropped by ◆...
Page 249: Displaying Rmon Historical Samples
| Monitoring the Switch HAPTER Displaying Information on RMON NTERFACE To display RMON statistics, click Monitor, Security, Switch, RMON, Statistics. Figure 118: RMON Statistics Use the RMON History Overview page to view statistics on a physical RMON ISPLAYING interface, including network utilization, packet types, and errors. ISTORICAL AMPLES Monitor, Security, Switch, RMON, History...
Page 250: Displaying Rmon Alarm Settings
| Monitoring the Switch HAPTER Displaying Information on RMON NTERFACE To display RMON historical samples, click Monitor, Security, Switch, RMON, History. Figure 119: RMON History Overview Use the RMON Alarm Overview page to display configured alarm settings. RMON ISPLAYING LARM ETTINGS Monitor, Security, Switch, RMON, Alarm ARAMETERS...
Page 251: Displaying Rmon Event Settings
| Monitoring the Switch HAPTER Displaying Information on RMON Falling Threshold – If the current value is less than the falling ◆ threshold, and the last sample value was greater than this threshold, then an alarm will be generated. Falling Index – The index of the event to use if an alarm is triggered ◆...
Page 252: Displaying Information On Lacp
| Monitoring the Switch HAPTER Displaying Information on LACP LACP ISPLAYING NFORMATION ON Use the monitor pages for LACP to display information on LACP configuration settings, the functional status of participating ports, and statistics on LACP control packets. Use the LACP System Status page to display an overview of LACP groups. ISPLAYING AN LACP VERVIEW OF...
Page 253: Displaying Lacp Port Statistics
| Monitoring the Switch HAPTER Displaying Information on LACP LACP – Shows LACP status: ◆ Yes – LACP is enabled and the port link is up. ■ No – LACP is not enabled or the port link is down. ■ Backup –...
Page 254: Displaying Information On Loop Protection
| Monitoring the Switch HAPTER Displaying Information on Loop Protection NTERFACE To display LACP statistics for local ports this switch, click Monitor, LACP, Port Statistics. Figure 124: LACP Port Statistics ISPLAYING NFORMATION ON ROTECTION Use the Loop Protection Status page to display information on loopback conditions.
Page 255: Displaying Information On The Spanning Tree
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ISPLAYING NFORMATION ON THE PANNING Use the monitor pages for Spanning Tree to display information on spanning tree bridge status, the functional status of participating ports, and statistics on spanning tree protocol packets. Use the Bridge Status page to display STA information on the global bridge ISPLAYING RIDGE...
Page 256 | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree Internal Root Cost – The Regional Root Path Cost. For the Regional ◆ Root Bridge this is zero. For all other CIST instances in the same MSTP region, it is the sum of the Internal Port Path Costs on the least cost path to the Internal Root Bridge.
Page 257: Displaying Port Status For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree NTERFACE To display an overview of all STP bridge instances, click Monitor, Spanning Tree, Bridge Status. Figure 126: Spanning Tree Bridge Status To display detailed information on a single STP bridge instance, along with port state for all active ports associated, Click Monitor, Spanning Tree, Bridge Status.
Page 258: Displaying Port Statistics For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ARAMETERS These parameters are displayed: Port – Port Identifier. ◆ CIST Role – Roles are assigned according to whether the port is part of ◆ the active topology connecting the bridge to the root bridge (i.e., root port), connecting a LAN through the bridge to the root bridge (i.e., designated port);...
Page 259: Displaying Mvr Information
| Monitoring the Switch HAPTER Displaying MVR Information RSTP – The number of RSTP Configuration BPDU's received/ ◆ transmitted on a port. STP – The number of legacy STP Configuration BPDU's received/ ◆ transmitted on a port. TCN – The number of (legacy) Topology Change Notification BPDU's ◆...
Page 260: Displaying Mvr Group Information
| Monitoring the Switch HAPTER Displaying MVR Information IGMPv1 Joins Received – Number of received IGMPv1 Joins. ◆ IGMPv2/MLDv1 Reports Received – Number of received IGMPv2 ◆ Joins and MLDv1 Reports, respectively. IGMPv3/MLDv2 Reports Received – Number of received IGMPv1 ◆...
Page 261: Displaying Mvr Sfm Information
| Monitoring the Switch HAPTER Displaying MVR Information NTERFACE To display information for MVR statistics and multicast groups, click Monitor, MVR, Group Information. Figure 131: MVR Group Information Use the MVR SFM Information page to display MVR Source-Filtered ISPLAYING Multicast information including group, filtering mode (include or exclude), SFM I NFORMATION source address, and type (allow or deny).
Page 262: Showing Igmp Snooping Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information IGMP S HOWING NOOPING NFORMATION Use the IGMP Snooping pages to display IGMP snooping statistics, port members of each service group, and information on source-specific groups. Use the IGMP Snooping Status page to display IGMP querier status, IGMP HOWING snooping statistics for each VLAN carrying IGMP traffic, and the ports...
Page 263: Showing Igmp Snooping Group Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information NTERFACE To display IGMP snooping status information, click Monitor, IGMP Snooping, Status. Figure 133: IGMP Snooping Status Use the IGMP Snooping Group Information page to display the port IGMP HOWING members of each service group. NOOPING ROUP NFORMATION...
Page 264: Showing Mld Snooping Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information ARAMETERS These parameters are displayed: VLAN ID – VLAN identifier. ◆ Group – The IP address of a multicast group detected on this interface. ◆ Port – Port identifier. ◆ ◆ Mode –...
Page 265: Figure 136: Mld Snooping Status
| Monitoring the Switch HAPTER Showing MLD Snooping Information ARAMETERS These parameters are displayed: Statistics VLAN ID – VLAN Identifier. ◆ Querier Version – MLD version used by the switch when serving as ◆ the MLD querier. Host Version – MLD version used when used by this switch when ◆...
Page 266: Showing Mld Snooping Group Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information Use the MLD Snooping Group Information page to display the port HOWING members of each service group. NOOPING ROUP NFORMATION Monitor, IPMC, MLD Snooping, Group Information ARAMETERS These parameters are displayed: ◆...
Page 267: Displaying Lldp Information
| Monitoring the Switch HAPTER Displaying LLDP Information Type – Indicates the Type. It can be either Allow or Deny. ◆ Hardware Filter/Switch – Indicates whether the data plane destined ◆ to the specific group address from the source IPv4 address can be handled by the chip or not.
Page 268: Displaying Lldp-Med Neighbor Information
| Monitoring the Switch HAPTER Displaying LLDP Information Table 13: System Capabilities ID Basis Reference Other – Repeater IETF RFC 2108 Bridge IETF RFC 2674 WLAN Access Point IEEE 802.11 MIB Router IETF RFC 1812 Telephone IETF RFC 2011 DOCSIS cable IETF RFC 2669 and IETF RFC 2670 device Station only...
Page 269 | Monitoring the Switch HAPTER Displaying LLDP Information Device Type - LLDP-MED devices are comprised of two primary types: ◆ LLDP-MED Network Connectivity Devices – as defined in TIA-1057, ■ provide access to the IEEE 802 based LAN infrastructure for LLDP- MED Endpoint Devices.
Page 270 | Monitoring the Switch HAPTER Displaying LLDP Information and Media Endpoint (Class II) classes, and are extended to include aspects related to end user devices. Example product categories expected to adhere to this class include (but are not limited to) end user communication appliances, such as IP Phones, PC-based softphones, or other communication appliances that directly support the end user.
Page 271: Displaying Lldp Neighbor Poe Information
| Monitoring the Switch HAPTER Displaying LLDP Information Auto-negotiation Status – Auto-negotiation status identifies if auto- ◆ negotiation is currently enabled at the link partner. If Auto-negotiation is supported and Auto-negotiation status is disabled, the 802.3 PMD operating mode will be determined the operational MAU type field value rather than by auto-negotiation.
Page 272: Displaying Lldp Neighbor Eee Information
| Monitoring the Switch HAPTER Displaying LLDP Information If it is unknown what power supply the PD device is using, this is indicated as “Unknown.” ◆ Power Priority – Power Priority represents the priority of the PD device, or the power priority associated with the PSE type device's port that is sourcing the power.
Page 273: Displaying Lldp Port Statistics
| Monitoring the Switch HAPTER Displaying LLDP Information The respective echo values shall be defined as the local link partner’s reflection (echo) of the remote link partner’s respective values. When a local link partner receives its echoed values from the remote link partner it can determine whether or not the remote link partner has received, registered and processed its most recent values.
Page 274 | Monitoring the Switch HAPTER Displaying LLDP Information Total Neighbors Entries Deleted – The number of LLDP neighbors ◆ which have been removed from the LLDP remote systems MIB for any reason. Total Neighbors Entries Dropped – The number of times which the ◆...
Page 275: Displaying Poe Status
| Monitoring the Switch HAPTER Displaying PoE Status NTERFACE To display statistics on LLDP global counters and control frames, click Monitor, LLDP, Port Statistics. Figure 143: LLDP Port Statistics ISPLAYING TATUS Use the Power Over Ethernet Status to display the status for all PoE ports, including the PD class, requested power, allocated power, power and current used, and PoE priority.
Page 276: Displaying The Mac Address Table
| Monitoring the Switch HAPTER Displaying the MAC Address Table Current Used – How much current the PD is currently using ◆ Priority – The port's configured priority level (see page 167). ◆ Port Status – PoE service status for the attached device. ◆...
Page 277: Displaying Information About Vlans
| Monitoring the Switch HAPTER Displaying Information About VLANs NTERFACE To display the address table, click Monitor, MAC Address Table. Figure 145: MAC Address Table VLAN ISPLAYING NFORMATION BOUT Use the monitor pages for VLANs to display information about the port members of VLANs, and the VLAN attributes assigned to each port.
Page 278: Vlan Port Status
| Monitoring the Switch HAPTER Displaying Information About VLANs Combined: Shows information for all active user modules. ■ VLAN ID – A VLAN which has created by one of the software modules. ◆ Port Members – The ports assigned to this VLAN. ◆...
Page 279: Displaying Information About Mac-Based Vlans
| Monitoring the Switch HAPTER Displaying Information About MAC-based VLANs Ingress Filtering – If ingress filtering is enabled and the ingress port ◆ is not a member of the classified VLAN of the frame, the frame is discarded. Frame Type – Shows whether the port accepts all frames or only ◆...
Page 280: Displaying Information About Flow Sampling
| Monitoring the Switch HAPTER Displaying Information About Flow Sampling ARAMETERS These parameters are displayed: MAC-based VLAN User – A user or software module that uses VLAN ◆ management services to configure MAC-based VLAN membership. This switch supports the following VLAN user modules: Static: MAC addresses statically assigned to a VLAN and member ■...
Page 281 | Monitoring the Switch HAPTER Displaying Information About Flow Sampling ARAMETERS These parameters are displayed: Receiver Statistics Owner – This field shows the current owner of the sFlow configuration. ◆ It assumes one of three values as follows: If sFlow is currently unconfigured/unclaimed, Owner shows ■...
Page 282: Figure 149: Showing Sflow Statistics
| Monitoring the Switch HAPTER Displaying Information About Flow Sampling NTERFACE To display information on sampled traffic, click Monitor, sFlow. Figure 149: Showing sFlow Statistics – 282 –...
Page 283: Performing Basic Diagnostics
ERFORMING ASIC IAGNOSTICS This chapter describes how to test network connectivity using Ping for IPv4 or IPv6, and how to test network cables. INGING AN DDRESS The Ping page is used to send ICMP echo request packets to another node on the network to determine if it can be reached.
Page 284 | Performing Basic Diagnostics HAPTER Pinging an IPv4 or IPv6 Address After you press Start, the sequence number and round-trip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. Figure 150: ICMP Ping –...
Page 285: Running Cable Diagnostics
| Performing Basic Diagnostics HAPTER Running Cable Diagnostics UNNING ABLE IAGNOSTICS The VeriPHY page is used to perform cable diagnostics for all ports or selected ports to diagnose any cable faults (short, open, etc.) and report the cable length. Diagnostics, VeriPHY ARAMETERS These parameters are displayed on the VeriPHY Cable Diagnostics page: Port –...
Page 286 | Performing Basic Diagnostics HAPTER Running Cable Diagnostics – 286 –...
Page 287: Performing System Maintenance
ERFORMING YSTEM AINTENANCE This chapter describes how to perform basic maintenance tasks including upgrading software, restoring or saving configuration settings, and resetting the switch. ESTARTING THE WITCH Use the Restart Device page to restart the switch. Maintenance, Restart Device NTERFACE To restart the switch Click Maintenance, Restart Device.
Page 288: Restoring Factory Defaults
Figure 153: Factory Defaults PGRADING IRMWARE Use the Software Upload page to upgrade the switch’s system firmware by specifying a file provided by LevelOne. You can download firmware files for your switch from the LevelOne web site. Maintenance, Software Upload NTERFACE To upgrade firmware: Click Maintenance, Software Upload.
Page 289: Activating The Alternate Image
| Performing System Maintenance HAPTER Activating the Alternate Image Click the Upload button to upgrade the switch’s firmware. After the software image is uploaded, a page announces that the firmware update has been initiated. After about a minute, the firmware is updated and the switch is rebooted.
Page 290: Managing Configuration Files
| Performing System Maintenance HAPTER Managing Configuration Files ANAGING ONFIGURATION ILES Use the Maintenance Configuration pages to save the current configuration to a file on your computer, or to restore previously saved configuration settings to the switch. Use the Configuration Save page to save the current configuration settings AVING to a file on your local management station.
Page 291: Figure 157: Configuration Upload
| Performing System Maintenance HAPTER Managing Configuration Files Figure 157: Configuration Upload – 291 –...
Page 292 | Performing System Maintenance HAPTER Managing Configuration Files – 292 –...
Page 293: Ection
ECTION PPENDICES This section provides additional information and includes these items: "Software Specifications" on page 295 ◆ "Troubleshooting" on page 299 ◆ "License Information" on page 301 ◆ – 293 –...
Page 294 | Appendices ECTION – 294 –...
Page 295: Specifications
OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, TACACS+, AAA, Port Authentication (802.1X), HTTPS, SSH, ANAGEMENT Port Security, IP Filter, DHCP Snooping UTHENTICATION Access Control Lists (128 rules per system), Port Authentication (802.1X), LIENT CCESS MAC Authentication, Port Security, DHCP Snooping, IP Source Guard, ARP ONTROL Inspection 100BASE-TX: 10/100 Mbps, half/full duplex...
Page 296: Management Features
| Software Specifications PPENDIX Management Features Up to 128 groups; port-based, protocol-based, tagged (802.1Q), VLAN S UPPORT private VLANs, voice VLANs, MAC-based VLANs, and IP subnet-based VLANs Supports four levels of priority LASS OF ERVICE Strict, Weighted Round Robin Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS bit, VLAN tag priority, or port Layer 3/4 priority mapping: IP DSCP remarking DiffServ supports DSCP remarking, ingress traffic policing, and egress...
Page 297: Standards
| Software Specifications PPENDIX Standards Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event) RMON TANDARDS ANSI/TIA-1057 LLDP for Media Endpoint Discovery - LLDP-MED IEEE 802.1AB Link Layer Discovery Protocol IEEE-802.1ad Provider Bridge IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol...
Page 298: Management Information Bases
| Software Specifications PPENDIX Management Information Bases ANAGEMENT NFORMATION ASES Bridge MIB (RFC 4188) DHCP Option for Civic Addresses Configuration Information (RFC 4776) Differentiated Services MIB (RFC 3289) DNS Resolver MIB (RFC 1612) Entity MIB version 3 (RFC 4133) Ether-like MIB (RFC 3635) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096)
Page 299: B Troubleshooting
ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 14: Troubleshooting Chart Symptom Action Cannot connect using a ◆ Be sure the switch is powered up. web browser, or SNMP ◆ Check network cabling between the management station and software the switch. ◆...
Page 300: Using System Logs
| Troubleshooting PPENDIX Using System Logs SING YSTEM If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 301: Information
ICENSE NFORMATION This product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other related free software licenses. The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors.
Page 302: License Information
| License Information PPENDIX The GNU General Public License GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program"...
Page 303 | License Information PPENDIX The GNU General Public License Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 304 | License Information PPENDIX The GNU General Public License If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Page 305: Glossary
LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Page 306 LOSSARY Differentiated Services provides quality of service on large networks by employing a well-defined set of building blocks from which a variety of aggregate forwarding behaviors may be built. Each packet carries information (DS byte) used by each hop to give it a particular forwarding treatment, or per-hop behavior, at each network node.
Page 307 LOSSARY Generic Multicast Registration Protocol. GMRP allows network devices to GMRP register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Specifies a general method for the operation of MAC bridges, including the IEEE 802.1D Spanning Tree Protocol.
Page 308 LOSSARY On each subnetwork, one IGMP-capable device will act as the querier — IGMP Q UERY that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
Page 309 LOSSARY MD5 Message-Digest is an algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
Page 310 LOSSARY Defines a network link aggregation and trunking method which specifies RUNK how to create a single high-speed logical link that combines several lower- speed physical links. Private VLANs provide port-based security and isolation between ports VLAN RIVATE within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports.
Page 311 LOSSARY Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Spanning Tree Algorithm is a technology that checks your network for any loops.
Page 312 LOSSARY – 312 –...
Page 313: Index
NDEX drop precedence, QoS 188 DSCP acceptable frame type 175 classification, QoS 199 Access Control List See ACL rewriting, port 195 ACL 96 translation, port 195 binding to a port 96 translation, QoS 198 address table 170 dynamic addresses, displaying 171 aging time 171 address, management access 31 ARP inspection 114...
Page 314 NDEX snooping, configuring 149 logon authentication 58 snooping, description 145 encryption keys 118 snooping, fast leave 148 RADIUS client 118 throttling 148 RADIUS server 118 ingress classification, QoS 196 settings 117 ingress filtering 175 TACACS+ client 61 ingress rate limiting 188 TACACS+ server 61 IP address, setting 46 loopback detection, non-STA 125...
Page 315 NDEX static binding 143 QCL status, monitoring 225 statistics, displaying 259 QoS 187 using immediate leave 142 class 188 control lists 199 drop precedence 188 DSCP classification 199 DSCP rewriting 195 NTP, specifying servers 50 DSCP translation 195 egress port scheduler 189 ingress classification 196 ingress port classification 188 passwords 31...
Page 316 NDEX software LACP 123 displaying version 219 static 120 downloading 288 Type Length Value Spanning Tree Protocol See STA See LLDP TLV specifications, software 295 See LLDP-MED TLV SSH 64 configuring 64 server, configuring 64 STA 127 unknown unicast storm, threshold 204 BPDU shutdown 137 upgrading software 288 edge port 137...
Page 318 GEP-5070 E042013/ST-R01...

LevelOne GEP-5070 User Manual

About this Guide

Contents

Figures

Tables

Sectioni

Getting Started

1 Introduction

2 Initial Switch Configuration

Ection

Web Configuration

3 Using the Web Interface

4 Configuring the Switch

5 Monitoring the Switch

6 Performing Basic Diagnostics

7 Performing System Maintenance

Ection

Appendices

Specifications

B Troubleshooting

Information

Glossary

Index

Quick Links

Need help?

Questions and answers

Related Manuals for LevelOne GEP-5070

Summary of Contents for LevelOne GEP-5070