1. Manuals
  2. Brands
  3. CTS Manuals
  4. Network Router
  5. FOS-3148 Series
  6. User manual

CTS FOS-3148 Series User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

FOS-3148 Series
44 PORTS 100/1000BASE-X SFP WITH 4 COMBO PORTS
(10/100/1000BASE-T, 100/1000BASE-X SFP) UPLINK
MANAGEMENT SWITCH
Network Management
User's Manual
Version 0.92
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FOS-3148 Series and is the answer not in the manual?

Questions and answers

Related Manuals for CTS FOS-3148 Series

Summary of Contents for CTS FOS-3148 Series

  • Page 1 FOS-3148 Series 44 PORTS 100/1000BASE-X SFP WITH 4 COMBO PORTS (10/100/1000BASE-T, 100/1000BASE-X SFP) UPLINK MANAGEMENT SWITCH Network Management User’s Manual Version 0.92...

  • Page 2: Revision History

    Revision History Version Date Description 0.90 0.99.15 20141201 Fisrt release 0.91 0.99.16 20141208 Minor modification according to F/W v0.99.16 0.92 0.99.16 20150224 Revise trust port...

  • Page 3: Copyright Statement

    Trademarks CTS is a registered trademark of Connection Technology Systems Inc.. Contents subject to revision without prior notice. All other trademarks remain the property of their owners. Copyright Statement Copyright  Connection Technology Systems Inc.. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc..

  • Page 4: Table Of Contents

    Table of Content 1. INTRODUCTION ....................... 9 1.1 Management Options ....................9 1.2 Management Software ....................10 1.3 Management Preparations ..................11 2. Command Line Interface (CLI) ..................13 2.1 Using the Local Console ..................... 13 2.2 Remote Console Management - Telnet ..............14 2.3 Navigating CLI ......................
  • Page 5 2.6.11 MAC Command ....................45 2.6.12 Management Command ..................46 2.6.13 Mirror Command ....................47 2.6.14 NTP Command ....................48 2.6.15 QoS Command ....................49 2.6.16 Security Command .................... 50 2.6.17 SNMP-Server Command ................... 52 2.6.18 Spanning-tree Command ................... 55 2.6.19 Switch Command ....................
  • Page 6 4.4.3.3 LACP Port Configuration ................102 4.4.4 Rapid Spanning Tree ..................104 4.4.4.1 RSTP Switch Settings ................. 105 4.4.4.2 RSTP Aggregated Port Settings ..............106 4.4.4.3 RSTP Physical Port Settings ............... 107 4.4.5 802.1X Configuration ..................110 4.4.5.1 802.1X System Settings ................111 4.4.5.2 802.1X Port Admin State ................
  • Page 7 4.4.12.5 Configure DHCP Snooping................ 144 4.4.12.6 Storm Control .................... 144 4.4.13 Access Control List (ACL) Configuratiom ............145 4.4.14 LLDP Configuration ..................147 4.4.15 Loop Detection Configuration ................. 148 4.5 Switch Monitor ......................149 4.5.1 Switch Port State ....................150 4.5.2 Port Traffic Statistics ..................
  • Page 8 4.6.4 Load Factory Settings ..................173 4.6.5 Load Factory Settings Except Network Configuration ........173 4.7 Save Configuration ....................173 4.8 Reset System ......................174 APPENDIX A: Free RADIUS readme ................175 APPENDIX B: Set Up DHCP Auto-Provisioning ............. 176 APPENDIX C: VLAN Application Note ................

  • Page 9: Introduction

    1. INTRODUCTION Thank you for using the 44 100/1000Mbps SFP ports plus 4 10/100/1000Mbps combo ports Managed Switch that is specifically designed for FTTx applications. The Managed Switch provides a built-in management module that enables users to configure and monitor the operational status both locally and remotely.

  • Page 10: Management Software

    1.2 Management Software The following is a list of management software options provided by this Managed Switch:  Managed Switch CLI interface  SNMP-based Management Software  Web Browser Application Console Program The Managed Switch has a built-in Command Line Interface called the CLI which you can use to: ...

  • Page 11: Management Preparations

    1.3 Management Preparations After you have decided how to manage your Managed Switch, you are required to connect cables properly, determine the Managed switch IP address and, in some cases, install MIB shipped with your Managed Switch. Connecting the Managed Switch It is very important that the proper cables with the correct pin arrangement are used when connecting the Managed switch to other switches, hubs, workstations, etc..
  • Page 12 IP Addresses IP addresses have the format n.n.n.n, (The default factory setting is 192.168.0.1). IP addresses are made up of two parts:  The first part (for example 192.168.n.n) refers to network address that identifies the network where the device resides. Network addresses are assigned by three allocation organizations. Depending on your location, each allocation organization assigns a globally unique network number to each network which intends to connect to the Internet.

  • Page 13: Command Line Interface (Cli)

    2. Command Line Interface (CLI) This chapter introduces you how to use Command Line Interface CLI, specifically in:  Local Console  Telnet  Configuring the system  Resetting the system The interface and options in Local Console and Telnet are the same. The major difference is the type of connection and the port that is used to manage the Managed Switch.

  • Page 14: Remote Console Management - Telnet

    2.2 Remote Console Management - Telnet You can manage the Managed Switch via Telnet session. However, you must first assign a unique IP address to the Switch before doing so. Use the Local Console to login the Managed Switch and assign the IP address for the first time. Follow these steps to manage the Managed Switch through Telnet session: Step 1.

  • Page 15: General Commands

    2.3.1 General Commands This section introduces you some general commands that you can use in User, Enable, and Configuration mode, including “help”, “exit”, “history” and “logout”. Entering the command… To do this… Available Modes User Mode Obtain a list of available help Privileged Mode commands in the current mode.

  • Page 16: Command Format

    2.3.3 Command Format While in CLI, you will see several symbols very often. As mentioned above, you might already know what “>”, “#” and (config)# represent. However, to perform what you intend the device to do, you have to enter a string of complete command correctly. For example, if you want to assign IP address for the Managed Switch, you need to enter the following command with the required parameter and IP, subnet mask and default gateway: Switch(config)#ip address [A.B.C.D] [255.X.X.X] [A.B.C.D]...

  • Page 17: Login Username & Password

    (separated by commas) Switch(config)#qos 802.1p-map 1,3 0 Switch(config)#qos dscp-map 10,13,15 3 Example 3: specifying a range of values (separated by a hyphen) Switch(config)#qos 802.1p-map 1-3 0 Switch(config)#qos dscp-map 10-15 3 2.3.4 Login Username & Password Default Login When you enter Console session, a login prompt for username and password will appear to request a valid and authorized username and password combination.

  • Page 18: User Mode

    2.4 User Mode In User mode, only a limited set of commands are provided. Please note that in User mode, you have no authority to configure advanced settings. You need to enter Enable mode and Configuration mode to set up advanced functions of the Switch. For a list of commands available in User mode, enter the question mark (?) or “help”...

  • Page 19: Privileged Mode

    2.5 Privileged Mode The only place where you can enter the Privileged (Enable) mode is in User mode. When you successfully enter Enable mode (this mode is password protected), the prompt will be changed to Switch# (the model name of your device together with a pound sign). Enter the question mark (?) or help command to view a list of commands available for use.

  • Page 20: Firmware Command

    [user_name] | startup ] startup [password] [user_name] Enter the username for FTP server login. [password] Enter the password for FTP server login. Switch# copy-cfg to [A.B.C.D | Enter the IP address of your TFTP server. tftp [A.B.C.D | A:B:C:D:E:F:G:H] A:B:C:D:E:F:G:H] [file name] Enter the configuration file name that you want to [file_name] [running...

  • Page 21: Ping Command

    2.5.3 Ping Command Command Parameter Description Switch> ping [A.B.C.D | Enter the IP/IPv6 address that you would like to [A.B.C.D | A:B:C:D:E:F:G:H] ping. A:B:C:D:E:F:G:H] [- [-s size (1- Enter the packet size that would be sent. The s size (1- 65500)bytes] allowable packet size is from 1 to 65500 bytes.

  • Page 22: Configure Command

    2.5.7 Configure Command The only place where you can enter Global Configuration mode is in Privileged mode. You can type in “configure” or “config” for short to enter Global Configuration mode. The display prompt will change from “Switch#” to “Switch(config)#” once you successfully enter Global Configuration mode.

  • Page 23: Configuration Mode

    Serial Number: Display the serial number of this Managed Switch. Date Code: Display the Managed Switch Firmware date code. Up Time: Display the up time since last restarting. Local Time: Display local time. Current Run In: Display the current running firmware image. Reboot Run To: Display the firmware image which will run after next restarting.

  • Page 24: Entering Interface Numbers

    security Configure broadcast, multicast, unknown unicast storm control settings. snmp-server Create a new SNMP community and trap destination and specify the trap types. spanning-tree Set up RSTP status of each port and aggregated ports. switch Set up acceptable frame size and address learning, etc. switch-info Set up acceptable frame size and address learning, etc.
  • Page 25 Company Name: Display a company name for this Managed Switch. Use “switch-info company- name [company-name]” command to edit this field. System Object ID: Display the predefined System OID. System Contact: Display contact information for this Managed Switch. Use “switch-info sys- contact [sys-contact]”...

  • Page 26: Acl Command

    4. Show default, running and startup configurations Refer to “show default-setting copmmand”, “show running-config command” and “show start-up- config command” sections. 2.6.4 ACL Command Command Parameter Description Switch(config)# acl [1-192] [1-192] The total number of ACL rule can be created is 192. Use this command to enter ACL configuration mode for each ACL rule.
  • Page 27 Switch(config-acl-RULE)# [A.B.C.D] Specify destination IPv4 address destination-ipv4 address [A.B.C.D] [255.X.X.X] [255.X.X.X] Specify destination IPv4 mask Switch(config-acl-RULE)# Specify destination IPv6 address as “ANY” destination-ipv6 any Switch(config-acl-RULE)# [A:B:C:D:E:F:G:H] Specify destination IPv6 address destination-ipv6 address [A:B:C:D:E:F:G:H] [10~128] Specify destination IPv6 prefix-length [10~128] Switch(config-acl-RULE)# Specify destination Layer4 port as “ANY”...
  • Page 28 Specify source MAC as “ANY” Switch(config-acl-RULE)# source-mac any Switch(config-acl-RULE)# [xx:xx:xx:xx:xx:xx] Specify source MAC source-mac [xx:xx:xx:xx:xx:xx] [ff:ff:ff:00:00:00] Specify source MAC mask [ff:ff:ff:00:00:00] Switch(config-acl-RULE)# [any | 0xWX] Specify IPv4 TOS and IPv6 traffic class or “ANY” tos [any | 0xWX] Specify 802.1q VLAN ID or “ANY” Switch(config-acl-RULE)# [any | 1-4094] vid [any | 1-4094]...

  • Page 29: Channel-Group Command

    2.6.5 Channel-group Command 1. Configure a static link aggregation group (LAG). Command Parameter Description Switch(config)# channel-group [group_name] Specify a name for this link trunking [group_name] aggregation group. Use “interface” command to Switch(config)# interface [port_list] [port_list] [group_name] configure a group of ports’ link Switch(config-if-PORT-PORT)# aggregation link membership.
  • Page 30 Show command Switch(config)# show channel-group Show or verify link aggregation trunking settings. Switch(config)# show channel-group [group_name] Show or verify a specific link trunking [group_name] aggregation group’s settings including aggregated port numbers and load-balancing status. Channel-group command example Switch(config)# channel-group trunking corenetwork Create a link aggregation group called “corenetwork”.

  • Page 31: Dot1X Command

    Switch(config)# show channel- Clear all LACP statistics. group lacp statistics clear Channel-group & interface command example Enter port 1 to port 3’s interface mode. Switch(config)# interface 1-3 Switch(config-if-1-3)# channel-group lacp Enable LACP on the selected interfaces. Set a key value “10” to the selected Switch(config-if-1-3)# channel-group lacp key 10 interfaces.
  • Page 32 No command Switch(config)# no dot1x Disable IEEE 802.1x function. Switch(config)# no dot1x reauth- Reset the re-authentication period period value back to the default setting (60 seconds). Switch(config)# no dot1x Disable re-authentication function. reauthentication Switch(config)# no dot1x secret Remove the original shared secret. Switch(config)# no dot1x server Remove the specified server IP address.
  • Page 33 Use “Interface” command to configure a group of ports’ IEEE 802.1x settings. Dot1x & Interface command Parameter Description Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Specify the selected ports to “auto”...

  • Page 34: Ip Command

    Dot1x & interface command example Switch(config)# interface 1-3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-1-3)# dot1x port-control auto Set the selected ports to “auto” state. Switch(config-if-1-3)# dot1x reauthenticate Re-authenticate the selected interfaces immediately.
  • Page 35 snooping leased [180-259200] 259200] Seconds). Switch(config)# ip dhcp Enable DHCP Option 82 Relay Agent. snooping option No command Switch(config)# no ip dhcp Disable DHCP Snooping function. snooping Switch(config)# no ip dhcp Remove DHCP server ports. snooping dhcp-server Switch(config)# no ip dhcp Reset the DHCP server trust IP to the snooping dhcp-server-ip default setting.
  • Page 36 Switch(config)# interface [port_list] Enter several discontinuous port numbers [port_list] separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Set the selected interfaces to non-DHCP no ip dhcp snooping option Option 82 Relay Agent. Switch(config-if-PORT-PORT)# Set the selected interfaces’...
  • Page 37 Switch(config)# ip igmp Set forwarding mode for unregistered (not- snooping flooding joined) IP multicast traffic. The traffic will flood when enabled. However, the traffic will forward to router-ports only when disabled. Switch(config)# ip igmp Enable immediate leave function. snooping immediate-leave Switch(config)# ip igmp [1-6000] Specify the maximum response time.
  • Page 38 Switch(config-profile-ID)# [1-400] Specify an existing segment ID. segment [1-400] Switch(config)# ip igmp [1-400] Specify a segment ID. segment [1-400] Switch(config-segment-ID)# [segment_name] Specify a name for this segment. name [segment_name] Switch(config-segment-ID)# [E.F.G.H] Specify a multicast IP range. range [E.F.G.H] [E.F.G.H] [E.F.G.H] No command Switch(config)# no ip igmp filter Disable IGMP Filtering function.
  • Page 39 Switch(config-if-PORT-PORT)# ip [1-512] Specify the maximum number of igmp max-groups [1-512] multicast streams. Switch(config-if-PORT-PORT)# ip [E.F.G.H] Create a static multicast IP to VLAN igmp static-multicast-ip [E.F.G.H] entry. vlan [1-4094] Specify static multicast IP address. [1-4094] Specify a VLAN ID Switch(config-if-PORT-PORT)# ip [dhcp | fixed-ip] Specify authorized access sourceguard [dhcp | fixed-ip]...

  • Page 40: Ipv6 Command

    filter Switch(config)# show ip igmp [port_list] Show the specified ports’ IGMP filter interface [port_list] Filtering status. Switch(config)# show ip igmp Show IP multicast profile information. profile Switch(config)# show ip igmp [profile_name] Show the specified profile’s setting. profile [profile_name] Switch(config)# show ip igmp Show IP multicast segment segment information.
  • Page 41 Link local address The first step a host takes on startup or initialization is to form a link-local address from its MAC address and the link-local prefix FE80::/10. This is done by putting the prefix into the leftmost bits and the MAC address (in EUI-64 format) into the rightmost bits, and if there are any bits left in between, those are set to zero.

  • Page 42: Lldp Command

    address autoconfig Switch(config)# no ipv6 Disable DHCPv6 function. address dhcp Switch(config)# no ipv6 Disable rapid-commit feature. address dhcp rapid- commit Switch(config)# ipv6 Clear IPv6 global address entry address global Switch(config)# ipv6 Clear IPv6 link-local address entry address link-local Switch(config)# no ipv6 Disable IPv6 processing.
  • Page 43 Switch(config)# lldp [1-180] Specify the time interval for updated LLDP packets interval [1-180] to be sent. The allowable interval value is between 1 and 180 seconds. Switch(config)# lldp [1-16] Specify the amount of packets that are sent in packets [1-16] each discovery.

  • Page 44: Loop Detection Command

    Switch(config)# lldp tlv-select port- Enable Port Description attribute to be sent. description Switch(config)# lldp tlv-select system- Enable System Description to be sent. description Switch(config)# lldp tlv-select system- Enable System Name to be sent. name Use “Interface” command to configure a group of ports’ LLDP settings. LLDP &...

  • Page 45: Mac Command

    Switch(config)# loop-detection unlock-interval 120 Set the Loop Detection unlock time interval to 120 minutes. Switch(config)# loop-detection vlan-id 100 Set the Loop Detection VLAN ID to 100. Use “Interface” command to configure a group of ports’ Loop Detection settings. Dot1x & Interface command Parameter Description Switch(config)# interface [port_list]...

  • Page 46: Management Command

    seconds. Use “Interface” command to configure a group of ports’ MAC Table settings. MAC & Interface command Parameter Description Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT- [xx:xx:xx:xx:xx:xx] Create a MAC address to VLAN entry.

  • Page 47: Mirror Command

    Switch(config)# management To management the Managed Switch via telnet Telnet. Switch(config)# management [1-65535] When telnet is enabled, you can set up the telnet port [1-65535] port number that allows telnet access. The default port number is set to 23. However, you can also identify a port number between 1 and 65535.

  • Page 48: Ntp Command

    2.6.14 NTP Command Command Parameter Description Switch(config)# ntp Enable the Managed Switch to synchronize the clock with a time server. Switch(config)# ntp Enable the daylight saving function. daylight-saving Switch(config)# ntp Enable daylight saving with recurring daylight-saving recurring mode. Switch(config)# ntp Enable daylight saving with date mode.

  • Page 49: Qos Command

    Show command Switch(config)# show ntp Show or verify current time server settings. NTP command example Switch(config)# ntp Enable the Managed Switch to synchronize the clock with a time server. Switch(config)# ntp daylight-saving date Enable the daylight saving function at ddate mode Switch(config)# ntp offset [100,12:00- Daylight saving time date start from the 101,12:00]...

  • Page 50: Security Command

    Switch(config)# no queuing-mode Specify QoS queuing mode as strict mode Switch(config)# no qos queue- Undo specify the queue weighted weighted Switch(config)# no qos remarking Undo specify DSCP bit dscp remarking mode Switch(config)# no qos remarking [1-8] Undo specify DSCP and priority dscp-map [1-8] mapping ID Switch(config)# no qos remarking...
  • Page 51 multicast/ unknown unicast storms. Any broadcast/multicast/unknown unicast packets exceeding the specified value will then be dropped. Enable or disable broadcast/multicast/unknown unicast storm control. Security command Parameter Description Switch(config)# security [1-1024k] Specify the maximum broadcast packets storm-protection broadcast per second (pps). Any broadcast packets [1-1024k] exceeding the specified threshold will then be dropped.

  • Page 52: Snmp-Server Command

    No command Switch(config)# no security Disable broadcast storm control. storm-protection broadcast Switch(config)# no security Disable multicast storm control. storm-protection multicast Switch(config)# no security Disable unicast storm control. storm-protection unicast Show command Switch(config)# show Show current storm control settings. security storm-protection Security command example Switch(config)# security storm-protection Set the maximum broadcast packets per...
  • Page 53 No command Switch(config)# no snmp- Disable SNMP function. server Switch(config)# no snmp- [community] Delete the specified community. server community [community] Switch(config-community- Disable this SNMP community account. In this example “mycomm” community is NAME)# no active disabled. Switch(config-community- Remove the SNMP community descriptions for “mycomm”.
  • Page 54 server trap-dest [1-10] account. Switch(config-trap- Disable this SNMP trap destination ACCOUNT)# no active account. Switch(config-trap- Delete the configured community name. ACCOUNT)# no community Switch(config-trap- Delete the configured trap destination ACCOUNT)# no description description. Show command Switch(config)# show snmp- Show SNMP trap destination account server trap-destination information.

  • Page 55: Spanning-Tree Command

    port-link: A trap will be sent when the link is up or down. power-down: A trap will be sent when the device’s power is down. warm-start: A trap will be sent when the device restarts. No command Switch(config)# no snmp- [all | auth-fail Specify a trap type that will not be sent server trap-type [all | auth-...
  • Page 56 Spanning-tree command Parameter Description Switch(config)# spanning- Enable Spanning Tree Protocl function tree aggregated-port on aggregated ports. Switch(config)# spanning- [0-200000000] Specify aggregated ports’ path cost. tree aggregated-port cost [0- 200000000] Switch(config)# spanning- [0-15] Specify aggregated ports’ priority. tree aggregated-port priority [0-15] 0=0, 1=16, 2=32, 3=48, 4=64, 5=80 6=96, 7=112, 8=128, 9=144, 10=160 11=176, 12=192, 13=208, 14=224,...
  • Page 57 No command Switch(config)# no spanning- Disable STP on aggregated ports. tree aggregated-port Switch(config)# no spanning- Reset aggregated ports’ cost to the tree aggregated-port cost factory default. Switch(config)# no spanning- Reset aggregated ports’ priority to the tree aggregated-port priority factory default. Switch(config)# no spanning- Disable aggregated ports’...
  • Page 58 | llag] Switch(config)# show Show the current STP state. spanning-tree overview Spanning-tree command example Description Switch(config)# spanning-tree aggregated- Enable Spanning Tree on aggregated port ports. Switch(config)# spanning-tree aggregated- Set the aggregated ports’ cost to 100. port cost 100 Switch(config)# spanning-tree aggregated- Set the aggregated ports’...
  • Page 59 Switch(config-if-PORT-PORT)# no Disable spanning-tree protocol on spanning-tree the selected interfaces. Switch(config-if-PORT-PORT)# no Set the cost value back to the spanning-tree cost factory default. Switch(config-if-PORT-PORT)# no Set the priority value back to the spanning-tree priority factory default. Switch(config-if-PORT-PORT)# no Set the selected interfaces to non- spanning-tree edge edge ports.

  • Page 60: Switch Command

    example:1,3 or 2-4 Switch(config-if-1-3)# spanning-tree cost 100 Set the selected interfaces’ cost to 100. Switch(config-if-1-3)# spanning-tree priority 0 Set the selected interfaces’ priority to 0 Switch(config-if-1-3)# spanning-tree edge Set the selected ports to edge ports. Switch(config-if-1-3)# spanning-tree p2p Set the selected ports to non-P2P forced_false ports.

  • Page 61: Switch-Info Command

    Switch(config)# switch mtu 9600 Set the maximum transmission unit to 9600 bytes. 2.6.20 Switch-info Command 1. Set up the Managed Switch’s basic information, including company name, hostname, system name, etc.. Switch-info Command Parameter Description Switch(config)# switch-info [company_name] Enter a company name, up to 55 company-name alphanumeric characters, for this Managed [company_name]...

  • Page 62: Syslog Command

    location, system name, model name, firmware version and fiber type. Switch-info example Set the company name to “telecomxyz”. Switch(config)# switch-info company-name telecomxyz Switch(config)# switch-info system-contact Set the system contact field to “info@compnay.com”. info@company.com Set the system location field to “13thfloor”. Switch(config)# switch-info system-location 13thfloor Set the system name field to “backbone1”.

  • Page 63: User Command

    2.6.22 User Command 1. Create a new login account. User command Parameter Description Switch(config)# user name [user_name] Enter the new account’s username. The [user_name] authorized user login name is up to 20 alphanumeric characters. Only 3 login accounts can be registered in this device. Switch(config-user- Activate this user account.
  • Page 64 Switch(config-user-miseric)# description Add a description to this new account “miseric”. misengineer Switch(config-user-miseric)# password Set up a password for this new account “miseric” mis2256i Switch(config-user-miseric)# level rw Set this user account’s privilege level to “read and write”. 2. Configure RADIUS server settings. User command Parameter Description...

  • Page 65: Vlan Command

    Switch(config)# user radius server1 Set the primary RADIUS server address to 192.180.3.1 192.180.3.1. Switch(config)# user radius server2 Set the secondary RADIUS server address 192.180.3.2 to 192.180.3.2. 2.6.23 VLAN Command A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout.
  • Page 66 Important VLAN Concepts for 802.1Q VLAN Configuration: There are two key concepts to understand. Access-VLAN specifies the VLAN ID to the switch port that will assign the VLAN ID to untagged traffic from that port. A port can only be assigned to one Access-VLAN at a time. When the port is configured as Access Mode, the port is called an Access Port, the link to/from this port is called an Access Link.
  • Page 67 PVID is 20) PortX receives Untagged packets only Trunk-VLAN = 10,11,12 PortX is a Trunk Port Access-VLAN = 20 PortX’s VID is 10,11 and 12 Mode = Trunk PortX’s PVID is ignored PortX sends and receives Tagged packets VID 10,11 and 12 Trunk-VLAN = 10,11,12 PortX is a Trunk-native Port Access-VLAN = 20...
  • Page 68 native Switch(config-if-PORT-PORT)# [1-4094] Remove the selected ports’ from the no vlan dot1q-vlan trunk-vlan [1- specified trunk VLAN. 4094] Switch(config-if-PORT-PORT)# [name] Delete the selected ports from the no vlan port-based [name] specified port-based VLAN. VLAN & interface command example Enter port 1 to port 3’s interface mode. Switch(config)# interface 1-3 Switch(config-if-1-3)# vlan dot1q-vlan access- Set port 1 to port 3’s Access-VLAN ID...
  • Page 69 “access” mode: Set the selected ports to untagged. Switch(config)# vlan port-based [name] Specify a name for this port-based [name] VLAN. No command Switch(config-vlan-ID)# no name Remove the descriptive name for the specified VLAN ID. Switch(config)# no vlan port- [name] Delete the specified port-based based [name] VLAN.
  • Page 70 802.1q VLAN Configuration Example 1. Create 802.1q VLAN IDs Enter port 1 to port 22’s interface Switch(config)# interface 1-22 mode. Switch(config-if-1-22)# vlan dot1q-vlan trunk- Set port 1 to port 22’s Trunk-VLAN ID vlan 10, 20 (VID) to 10 and 20. Switch(config-if-1-22)# vlan dot1q-vlan mode Set the selected ports to Trunk Mode trunk...

  • Page 71: Interface Command

    Switch(config-vlan-10,20)# name Sales Enater name for VLAN 10 and 20 Switch(config-vlan-10,20)# exit Exit VLAN 10 and 20 Switch(config)# vlan dot1q-vlan 30,40,50 Enter VLAN 30,40 and 50 Switch(config-vlan-30,40,50)# name RD Enater name for VLAN 30,40 and 50 Switch(config-vlan-30,40,50)# exit Exit VLAN 30,40 and 50 Switch(config)# vlan dot1q-vlan 60 Enter VLAN 60 Switch(config-vlan-60)# name SQA...
  • Page 72 Switch(config-if-PORT-PORT)# Specify LACP role as passive. channel-group lacp role Switch(config-if-PORT-PORT)# Specify LACP role as active. channel-group lacp role active Switch(config-if-PORT-PORT)# [group_name] Specify ports to the trunking group. channel-group trunking [group_name] Note1 : At lease 2 ports, not more than 8 ports can be aggregated. Note2 : Ports can not be in LACP and port-trunking mode at the same time.
  • Page 73 Switch(config-if-PORT-PORT)# Disable flow control on port(s). no flowcontrol 7. Set up port DHCP and IGMP parameters. Setup DHCP snooping/relay sub-commands Command Parameter Description Switch(config-if-PORT-PORT)# Enable DHCP option 82 on port(s). ip dhcp snooping option Switch(config-if-PORT-PORT)# Configure port(s) as DHCP option 82 trust ip dhcp snooping trust port(s) Switch(config-if-PORT-PORT)#...
  • Page 74 Switch(config-if-PORT-PORT)# Un-specify static multicast address and no ip igmp static-multicast-ip VLAN ID. [E.F.G.H] vlan [1-4094] Setup IP source guard Command Parameter Description Switch(config-if-PORT-PORT)# [dhcp|fixed-ip] Configure IP sourceguard setting as ip sourceguard [dhcp|fixed-ip] either DHCP or fixed-IP. Switch(config-if-PORT-PORT)# [A.B.C.D] Specify static IP address. ip sourceguard static-ip [A.B.C.D] mask [255.x.x.x] vlan [255.x.x.x]...
  • Page 75 Command Parameter Description Switch(config-if-PORT-PORT)# [sfp] Configure the media type of the port(s) as media-type [sfp] SFP. No command Switch(config-if-PORT-PORT)# no Configure the media type of the port(s) as media-type copper. Note : Only port 45-48 can be configured as copper. 11.
  • Page 76 15=61440 Switch(config-if-PORT- Specify the port as edge PORT)# spanning-tree edge port so to enable it to move directly to forwarding state upon link-up. Switch(config-if-PORT- [forced_true|forced_false|auto] Specify the port as point to PORT)# spanning-tree p2p point port and its mode. [forced_true|forced_false|auto] No command Switch(config-if-PORT- Disable spanning-tree...

  • Page 77: Show Interface Statistics Command

    Switch(config-if-PORT-PORT)# Configure port as dot-1q trunk native port. vlan dot1q-vlan mode trunk native Switch(config-if-PORT-PORT)# [name] Join port to specific port-based VLAN vlan port-based [name] group. Note : Need to create a port-based VLAN group first at Switch Management-->VLAN Configuration-- >Port Based VLAN-->Configure VLAN. No command Switch(config-if-PORT-PORT)# Undo configure port PVID.

  • Page 78: Show Sfp Command

    Switch(config)# show interface [port_list] Display error packets statistics statistics error rate [port_list] (rates) for the selected ports. Switch(config)# show interface Display traffic statistics (events) for statistics traffic each port. Switch(config)# show interface [port_list] Display traffic statistics (events) for statistics traffic [port_list] the selected ports.

  • Page 79: Snmp Network Management

    3. SNMP NETWORK MANAGEMENT The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.

  • Page 80: Web Management

    4. WEB MANAGEMENT You can manage the Managed Switch via a Web browser. However, you must first assign a unique IP address to the Managed Switch before doing so. Use the RS-232 RJ-45 console port or use a RJ45 LAN cable and any of the 10/100/1000Base-T RJ-45 ports of the Managed Switch (as the temporary RJ-45 Management console port) to login to the Managed Switch and set up the IP address for the first time.

  • Page 81: System Information

    1. System Information: Name the Managed Switch, specify the location and check the current version of information. 2. User Authentication: View the registered user list. Add a new user or remove an existing user. 3. Network Management: Set up or view the IP address and related information of the Managed Switch required for network management applications.
  • Page 82 Company Name: Display a company name for this Managed Switch. Use “switch-info company- name [company-name]” command to edit this field. System Object ID: Display the predefined System OID. System Contact: Display contact information for this Managed Switch. Use “switch-info sys- contact [sys-contact]”...

  • Page 83: User Authentication

    Date Code: Display the Managed Switch Firmware date code. Up Time: Display the up time since last restarting. Local Time: Display local time. Case Fan (1-6): Display the status of case fans. Power (A-B): Display the status of powers. Battery State: Display the status of battery (For BAT version only). 4.2 User Authentication To prevent any unauthorized operations, only registered users are allowed to operate the Managed Switch.
  • Page 84 Current/Total/Max Users: View-only field. Current: This shows the number of current registered users. Total: This shows the total number of users who have already registered. Max: This shows the maximum number available for registration. The maximum number is Account State: Enable or disable this user account. User Name: Specify the authorized user login name, up to 20 alphanumeric characters.

  • Page 85: Radius Configuration

    4.2.1 RADIUS Configuration Click RADIUS Configuration in User Authentication and then the following screen page appears. When RADIUS Authentication is enabled, User login will be according to those settings on the RADIUS server(s). or the “free NOTE: For advanced RADIUS Server setup, please refer to APPENDIX A RADIUS readme.txt”...

  • Page 86: Network Configuration

    1. Network Configuration: Set up the required IP configuration of the Managed Switch. 2. System Service Configuration: Enable or disable the specified network services. 3. RS232/Telnet/Console Configuration: View the RS-232 serial port setting, specific Telnet and Console services. 4. Time Server Configuration: Set up the time server’s configuration. 5.
  • Page 87 Enable IPv4: Check to enable IPv4 on the Managed Switch MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Managed switch. You cannot change the Managed Switch’s MAC address. Configuration Type: There are two configuration types that users can select from the pull- down menu, "DHCP"...
  • Page 88 Current State: This View-only field shows currently assigned IP address (by DHCP or manual), Subnet Mask and Gateway of the Managed Switch. Enable IPv6: Check to enable IPv6 on the Managed Switch Auto-configuration: Enable Auto-configuration for the Managed Switch to get IPv6 address automatically or disable it for manual configuration.

  • Page 89: System Service Configuration

    Source Binding state: Enable or disable IP source binding. State: Disable or enable IP/IPv6 Address: Specify the IP address for source binding. NOTE: This Managed Switch also supports auto-provisioning function that enables DHCP clients to automatically download the latest Firmware and configuration image from the server.

  • Page 90: Rs232/Telnet/Console Configuration

    Telnet Service: To enable or disable the Telnet Management service. SNMP Service: To enable or Disable the SNMP Management service. Web Service: To enable or Disable the Web Management service. 4.3.3 RS232/Telnet/Console Configuration Click the option RS232/Telnet/Console Configuration from the Network Management menu and then the following screen page appears.

  • Page 91: Time Server Configuration

    Flow Control: None, RS-232 setting, view-only field. Telnet Port: Specify the desired TCP port number for the Telnet console. The default TCP port number of the Telnet is 23. System Time Out: Specify the desired time that the Managed Switch will wait before disconnecting an inactive console/telnet.

  • Page 92: Device Community

    Daylight Saving Time Date End: Click the pull-down menu to select the end date of daylight saving time. NOTE: SNTP is used to get the time from those NTP servers. It is recommended that the time server is in the same LAN with the Managed Switch or at least not too far away. In this way, the time will be more accurate.

  • Page 93: Trap Destination

    Current: This shows the number of currently registered communities. Total: This shows the number of total registered community users. Max Agents: This shows the number of maximum number available for registration. The default maximum number is 10. Account State: Enable or disable this Community Account. Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters.

  • Page 94: Trap Configuration

    4.3.7 Trap Configuration Click the option Trap Configuration from the Network Management menu and then the following screen page appears. Cold Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch is turned on. Warm Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch restarts.

  • Page 95: Switch Management

    When DHCP snooping filters unauthorized DHCP packets on the network, the Mal-attempt log will allow the Managed Switch to send event notification message to Log server. Log Server: Enable or disable Mal-attempt log function. SNTP Status: View-only field that shows the SNTP server status. Log Server IP/IPv6: Specify the default Log server IP/IPv6 address.
  • Page 96 1. Switch Configuration: Set up frame size, address learning, etc. 2. Port Configuration: Enable or disable port speed, flow control, etc. 3. Link Aggregation: Set up port trunk and LACP port configuration. 4. Rapid Spanning Tree: Set up RSTP switch settings, aggregated port settings, physical port settings, etc.

  • Page 97: Switch Configuration

    4.4.1 Switch Configuration Click the option Switch Configuration from the Switch Management menu and then the following screen page appears. Maximum Frame Size: Specify the maximum frame size between 1518 and 9600 bytes. The default maximum frame size is 9600bytes. MAC Address Aging Time: Specify MAC Address aging time between 0 and 77925 seconds.

  • Page 98: Link Aggregation

    Port Number: Click the pull-down menu to select the port number for configuration. Port State: Enable or disable the current port state. Preferred Media Type: Select copper or fiber as the preferred media type. Port Type: Select Auto-Negotiation or Manual mode as the port type. Port Speed: When you select Manual port type, you can further specify the transmission speed (10Mbps/100Mbps/1000Mbps) of the port(s).

  • Page 99: Distribution Rule

    Click Link Aggregation folder from the Switch Management menu and then three options within this folder will be displayed. 1. Distribution Rule: Configure the distribution rule of Port Trunking group(s). 2. Port Trunking: Create, edit or delete port trunking group(s). 3.

  • Page 100: Port Trunking

    Destination IP Address: Enable or disable packets according to Destination IP address. Source L4 Port: Enable or disable packets according to source L4 Port. Destination L4 Port: Enable or disable packets according to Destination L4 Port. Source MAC Address: Enable or disable packets according to source MAC address. Destination MAC Address: Enable or disable packets according to Destination MAC address.
  • Page 101 Current/Total/Max Groups: View-only field. Current: This shows the number of currently registered groups. Total: This shows the number of total registered groups. Max: This shows the number of maximum number available for registration. The default maximum number is 16. Group Name: Specify the trunking group name, up to 15 alphanumeric characters. Port Members: Select ports that belong to the specified trunking group.

  • Page 102: Lacp Port Configuration

    4.4.3.3 LACP Port Configuration The Managed Switch supports dynamic Link Aggregation Control Protocol (LACP) which is specified in IEEE 802.3ad. Static trunks have to be manually configured at both ends of the link. In other words, LACP configured ports can automatically negotiate a trunked link with LACP configured ports on other devices.
  • Page 103 Configure Key Value: Select “Key Value” from the pull-down menu of Select Setting. Ports in an aggregated link group must have the same LACP port Key. In order to allow a port to join an aggregated group, the port Key must be set to the same value. The range of key value is between 0 and 255.

  • Page 104: Rapid Spanning Tree

    “Disable” Port Role: Disable LACP on specified port(s) “Active” Port Role: Active LACP ports are capable of processing and sending LACP control frames. This allows LACP compliant devices to negotiate the aggregated link so that the group may be changed dynamically as required. In order to utilize the ability to change an aggregated port group, that is, to add or remove ports from the group, at least one of the participating devices must designate LACP ports as active.

  • Page 105: Rstp Switch Settings

    designated bridge proposes to its neighbors to determine if it can make a rapid transition. This is one of the major elements which allows RSTP to achieve faster convergence times than STP. Click the folder Rapid Spanning Tree from the Switch Management menu and then three options within this folder will be displayed as follows.

  • Page 106: Rstp Aggregated Port Settings

    packet. The lowest cost path is always used unless the other path is down. If you have multiple bridges and interfaces then you may need to adjust the priority to achieve optimized performance. The Managed Switch with the lowest priority will be selected as the root bridge. The root bridge is the “central”...

  • Page 107: Rstp Physical Port Settings

    Point to Point: Forced True: indicates a point-to-point (P2P) shared link.P2P ports are similar to edge ports; however, they are restricted in that a P2P port must operate in full duplex. Similar to edge ports, P2P ports transit to a forwarding state rapidly thus benefiting from RSTP. Forced False: the port cannot have P2P status.
  • Page 108 This sets up each port’s path cost. The default value is “0”.
  • Page 109 Configure Port Priority: Select “Priority” from the pull-down menu of Select Setting. You can choose Port Priority value between 0 and 240. The default value is “0”. Configure Port Edge: Select “Edge” from the pull-down menu of Select Setting. Set the port to “enabled” or “disabled”. When it is On, Port Edge is enabled.

  • Page 110: Configuration

    Configure Port Point2point: Select “Point2point” from the pull-down menu of Select Setting. Set up the Point to Point setting. The default setting is “Forced True”. 4.4.5 802.1X Configuration The IEEE 802.1X standard provides a port-based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports.

  • Page 111: System Settings

    1. 802.1X System Settings: Set up 802.1X RADIUS IP, RADIUS Secret, Reauthentication, Timeout. 2. 802.1X Port Admin State: Set up aggregation, Path Cost, Priority, Edge, etc. 3. 802.1X Port Reauthenticate: Set up Physical, ability and edge status of port. 4.4.5.1 802.1X System Settings Click the option 802.1X System Settings from the 802.1X Configuration folder and then the following screen page appears.

  • Page 112: Port Reauthenticate

    Authorized: This forces the Managed Switch to grant access to all clients, either 802.1X-aware or 802.1x-unaware. No authentication exchange is required. By default, all ports are set to “Authorized”. Unauthorized: This forces the Managed Switch to deny access to all clients, either 802.1X-aware or 802.1X-unaware.

  • Page 113: Mac Address Management

    This allows users to enable or disable port Reauthenticate. When enabled, the authentication message will be sent immediately after you click the “OK” button. 4.4.6 MAC Address Management Click the folder MAC Address Management from the Switch Management menu and then the following screen page appears.

  • Page 114: Static Mac Table Configuration

    Auto: Enable port MAC address learning. Disabled: Disable port MAC address learning. 4.4.6.2 Static MAC Table Configuration Click the option Static MAC Table Configuration from the MAC Address Table menu and then the following screen page appears. NOTE: The Managed Switch only supports switch-based MAC security and does not support port-based MAC security.

  • Page 115: Vlan Configuration

    Current/Total/Max: The number of current, total and maximum MAC address entry or entries. MAC Address: Specify a destination MAC address in the packet with the 00:00:00:00:00:00 format. VID: Specify the VLAN where the packets with the Destination MAC address can be forwarded. Forwarding Port: If the incoming packet has the same destination MAC address as the one specified in VID, it will be forwarded to the selected port directly.

  • Page 116: Port-Based Vlan

    4.4.7.1 Port-Based VLAN Port-based VLAN can effectively segment one network into several broadcast domains. Broadcast, multicast and unknown packets will be limited to within the VLAN. Port-Based VLAN is uncomplicated and fairly rigid in implementation and is useful for network administrators who wish to quickly and easily set up VLAN so as to isolate the effect of broadcast packets on their network.

  • Page 117: Q Vlan Concept

    Current/Total/Max: The number of current, total and maximum Port-Based VLAN entry or entries. Port Name: Use the default name or specify a name. Port Number: By checking the ports, it denotes that the port selected belongs to the specified Port-Based VLAN. 4.4.7.2 802.1Q VLAN Concept A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout.
  • Page 118 VLAN membership information to Ethernet frames, the IEEE 802.1Q can help network administrators break large switched networks into smaller segments so that broadcast and multicast traffic will not occupy too much available bandwidth as well as provide a higher level security between segments of internal networks.
  • Page 119 Trunk Mode : Trunk Links (the link to/from trunk ports) is configured to carry packets for multiple VLANs. These types of ports are usually found in connections between switches. These links require the ability to carry packets from multiple VLANs because VLANs span over multiple switches. Trunk Native Mode : A Trunk-native port can carry untagged packets simultaneously with the 802.1Q tagged packets.

  • Page 120: Introduction To Q-In-Q

    4.4.7.3 Introduction to Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.

  • Page 121: Q Vlan

    4.4.7.4 802.1Q VLAN The following screen page appears when you choose IEEE 802.1q Tag VLAN. 1. Trunk VLAN table: To edit 802.1Q Tag VLAN settings. 2. VLAN Interface: To set up VLAN mode and create 802.1Q VLAN on the selected port(s). 3.

  • Page 122: Trunk Vlan Table

    Trunk-Native: Enable native VLAN for untagged traffic on the selected port. Mode Port Behavior Receive untagged packets only. Drop tagged packets. Access Send untagged packets only. Receive tagged packets only. Drop untagged packets. Trunk Send tagged packets only. Receive both untagged Untagged packets: PVID is added and tagged packets Tagged packets: Stay intact...

  • Page 123: Management Vlan

    VLAN ID: View only field shows the VLAN ID of this VLAN group. VLAN Name: Use the default name or specify a VLAN name. VLAN Members: If you check the ports, it denotes that the ports selected belong to the specified VLAN group.

  • Page 124: Qinq Vlan Configuration

    CPU VLAN ID: Specify an existing VLAN ID. Mode: Select the VLAN mode for this Management VLAN. Management Port: Tick the checkbox on the ports that you would like them to become Management ports. 4.4.7.4.4 QinQ VLAN configuration The following screen page appears if you choose QinQ VLAN configuration.

  • Page 125: Qos Configuration

    QinQ Mode: Enable or Disable QinQ mode Ether Type: Specify the Ether-type of the QinQ VLAN tag Stag VID: Specify the selected ports’ Stag (service tag). ISP Port: Check the port if it is the outbound port to the ISP. 4.4.8 QoS Configuration Network traffic is always unpredictable and the only basic assurance that can be offered is the best effort traffic delivery.
  • Page 126 Priority Mode: Select the QoS priority mode of the Managed Switch. IEEE 802.1p: IEEE 802.1p mode utilizes p-bits in VLAN tag for differential service. DSCP: DSCP mode utilizes TOS field in IPv4 header for differential service. Disable: Disable Qos. Queue Mode: Enable or Disable QinQ mode Strict: This indicates that services to the egress queues are offered in the sequential order and all traffic with higher priority queues is transmitted first before lower priority queues are serviced.
  • Page 127 There are eight priority levels that you can choose to classify data packets. Specify one of the listed options for CoS (Class of Service) priority tag values. The default value is “0”. The default 802.1p settings are shown in the following table: Priority Level normal normal...

  • Page 128: Qos Rate Limit

    Configure 802.1p Remark: Check 802.1p Remarking to enable. This allows you to enable or disable 802.1p remarking for each port. The default setting is disabled. Configure DSCP Remark: Check DSCP Remarking to enable. This allows you to enable or disable DSCP remarking for each port. The default setting is disabled. 4.4.8.2 QoS Rate Limit Select the option QoS Rate Limit from the QoS Configuration menu and then the following screen page appears.

  • Page 129: Igmp/Mld Snooping

    This allows users to specify each port’s inbound bandwidth. The excess traffic will be dropped. Specifying “0” is to disable this function. Configure Shaper Rate: This allows users to specify each port’s outbound bandwidth. The excess traffic will be dropped. Specifying “0”...

  • Page 130: Igmp/Mld Configure

    IGMP Snooping is the process of listening to IGMP traffic. IGMP snooping, as implied by the name, is a feature that allows the switch to “listen in” on the IGMP conversation between hosts and routers by processing the layer 3 packets that IGMP packets sent in a multicast network. When IGMP snooping is enabled in a switch, it analyses all the IGMP packets between hosts connected to the switch and multicast routers in the network.

  • Page 131: Igmp/Mld Vlan Id Configuration

    IGMP/MLD Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic. Unregistered IPMC Flooding: Set forwarding mode for unregistered (not-joined) IP multicast traffic. The traffic will flood when enabled. However, the traffic will be forwarded to router-ports only when disabled.

  • Page 132: Ipmc Segment

    Snooping: When enabled, the port in VLAN will monitor network traffic and determine which hosts to receive the multicast traffic. Querying: When enabled, the port in VLAN can serve as the Querier which is responsible for asking hosts whether they want to receive multicast traffic. 4.4.9.3 IPMC Segment Select the option IPMC Segment from the IGMP/MLD Snooping menu and then the following screen page with the ability information of IPMC Segment ID, Name and IP Range appears.

  • Page 133: Ipmc Profile

    Current/Total/Max Agents: View-only field. Current: This shows the number of current registered IPMC Segment. Total: This shows the total number of registered IPMC Segment. Max: This shows the maximum number available for IPMC Segment. The maximum number is 400. Segment ID: Specify a number from 1~400 for a new ID. Segment Name: Enter an identification name.

  • Page 134: Igmp/Mld Filtering

    Click Delete to remove a current IPMC Profile registration. Current/Total/Max Agents: View-only field. Current: This shows the number of current registered IPMC Profile. Total: This shows the number of total IPMC Profiles that are registered. Max: This shows the maximum number available for IPMC Profile. The maximum number is 60.

  • Page 135: Static Multicast Configuration

    IGMP Filter: This option may enable or disable the IGMP filter. The default setting is “Disabled”. Port: View-only field that shows the port number that is currently configured. Channel Limit: Specify the maximum transport multicast stream. Enable: To enable each port’s IGMP filtering function. The default setting is “Off” which is disabled. IPMC Profile: In IGMP filtering, it only allows information specified in IPMC Profile fields to pass through.

  • Page 136: Port Mirroring

    Current/Total/Max Agents: View-only field. Current: This shows the number of current registered static multicast configuration. Total: This shows the total number of registered static multicast configuration. Max: This shows the maximum number available for static multicast configuration. The default maximum number is 128. IP/IPv6 Address: Specify the multicast stream source IP/IPv6 address.

  • Page 137: Security Configuration

    Source Port: Select the preferred source port for mirroring. Target Port: Choose from port 1 to port 48 or “disable” from the pull-down menu to designate the target port or disable the port mirroring function. 4.4.12 Security Configuration In this section, several Layer 2 security mechanisms are provided to increase the security level of your Managed Switch.

  • Page 138: Dhcp Option 82/Dhcpv6 Option 37 Settings

    1. DHCP Opt82/DHCPv6 Opt37 Settings: To enable or disable DHCP Option 82 (for DHCPv4) and Option 37 (for DHCPv6) relay agent global setting and show each port’s configuration. 2. IP Source Guard Settings: Customer port DHCP snooping setting. 3. Filter Configuration: Customer port filtering setting. 4.
  • Page 139 Relay Agent: To enable or disable DHCP Option 82 Relay Agent Global setting. When enabled, Relay Agent Information option is inserted by the DHCP relay agent when forwarding client- originated DHCP packets to a DHCP server. Servers recognizing the Relay Agent Information option may use the Information to implement IP address or other parameter assignment policies.
  • Page 140 Configure Trust Port Setting: Trust Port: Check if you would like ports to become trust ports. The trusted ports will not discard DHCP messages. For example: A DHCP request is from Port 1 that is marked as both Opt82 port and trust port. A.

  • Page 141: Ip Source Guard Settings

    A. If a DHCP request is with Opt82 Agent information and then the Managed Switch will drop it because it is not marked as a trust port. B. If a DHCP request is without Opt82 Agent information and then the Managed Switch will add Opt82 Agent information and then forward it.
  • Page 142 DHCP/DHCPv6 Snooping: Enable or disable DHCP/DHCPv6 Snooping function. Default DHCP Initiated Time: Specify the time value (0~9999 Seconds) that packets might be received. Default DHCP Leased Time: Specify packets’ expired time (180~259200 Seconds). DHCP Server Trust Port: Specify designated port to be Trust Port that can give you “offer” from DHCP server.

  • Page 143: Static Ip/Ipv6 Table Configuration

    4.4.12.4 Static IP/IPv6 Table Configuration Select the option Static IP/IPv6 Table Configuration from the Security Configuration menu and then the following screen page appears. This static IP address and Port mapping table shows the following information. IP/IPv6 Address: View-only field that shows the current static IP address. VLAN ID: View-only field that shows the VLAN ID.

  • Page 144: Configure Dhcp Snooping

    4.4.12.5 Configure DHCP Snooping When you want to use DHCP Snooping function, follow the steps described below to enable a client to receive an IP from DHCP server. Step 1. Select each port’s IP type Select “Unlimited” or “DHCP” Step 2. Enable DHCP Snooping Step 3.

  • Page 145: Access Control List (Acl) Configuratiom

    When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast storms may occur, which eventually degrades network performance and even worse cause a complete halt. The network can be protected from broadcast storms by setting a threshold for broadcast traffic for each port.
  • Page 146 Rule ID: Specify a rule ID. A port can only use one rule ID; however, a rule ID can be applied to many ports. Status: View only field shows the status of this rule. Ingress Port: Select “Any” or specify a port number as the ingress port. EtherType Filter: Select “Any”...

  • Page 147: Lldp Configuration

    TCP/UDP Destination Port Filter: Select “Any” to filter frames bound for any destination port or specify a destination port number. Action: Deny or permit the action. Port number: Specify a port number that you would like to configure. Rate Limiter: Disable or enable rate limiter. When rater limiter is enabled, you can further set up each Rate Limiter’s rate.

  • Page 148: Loop Detection Configuration

    Sending LLDP Packet Interval: Enter the time interval for updated LLDP packets to be sent. Sending Packets Per Discover: Enter the amount of packets sent in each discover. Delay LLDP Initialization: A period of time the Managed Switch will wait before the initial LLDP packet is sent.

  • Page 149: Switch Monitor

    Loop Detection: Enable or disable Loop Detection function. Detection Interval: Specify the time interval of performing Loop Detection. The maximum time interval is 180 seconds. Looped port unlock-interval: Specify the time interval of unlocking looped ports. The maximum time interval is 1440 minutes. VLAN ID: Specify the VLANs where Loop Detection will be performed.

  • Page 150: Switch Port State

    1. Switch Port State: View current port media type, port state, etc. 2. Port Traffic Statistics: View each port’s frames and bytes received or sent, utilization, etc.. 3. Port Packet Error Statistics: View each port’s traffic condition of error packets, e.g. CRC, fragment, Jabber, etc.
  • Page 151 Port Number: The number of the port. Media Type: The media type of the port, either TX or FX. Port State: This shows each port’s state which can be Disabled, Blocking/Listening, Learning or Forwarding. Disabled: A port in this state does not participate in frame relay or the operation of the Spanning Tree Algorithm and Protocol if any.

  • Page 152: Port Traffic Statistics

    4.5.2 Port Traffic Statistics In order to view the real-time port traffic statistics of the Managed Switch, select Port Traffic Statistics from the Switch Monitor menu and then the following screen page appears. Select: Choose the Traffic Statistics from the pull-down menu. Bytes Received: Total bytes received from each port.

  • Page 153: Port Packet Analysis Statistics

    Select: Choose the Packet Error Statistics from the pull-down menu. RX CRC/Align Error: CRC/Align Error frames received. RX Undersize Frames: Undersize frames received. RX Fragments Frames: Fragments frames received. RX Jabber Frames: Jabber frames received. RX Oversize Frames: Oversize frames received. RX Dropped Frames: Drop frames received.

  • Page 154: Lacp Monitor

    Select: Choose the Packet Error Statistics from the pull-down menu. Frames 64 Bytes: 64 bytes frames received. Frames 65-127 Bytes: 65-127 bytes frames received. Frames 128-255 Bytes: 128-255 bytes frames received. Frames 256-511 Bytes: 256-511 bytes frames received. Frames 512-1023 Bytes: 512-1023 bytes frames received. Frames 1024-1518 Bytes: 1024-1518 bytes frames received.

  • Page 155: Lacp Port Status

    4.5.5.1 LACP Port Status LACP Port Status allows users to view a list of all LACP ports’ information. Select LACP Port Status from the LACP monitor menu and then the following screen page appears. In this page, you can find the following information about LACP port status: Port Number: The number of the port.

  • Page 156: Lacp Statistics

    Aggr ID: The ID of the LACP group. In LACP mode, link aggregation control protocol data unit (LACPDU) is used for exchanging information among LACP-enabled devices. After LACP is enabled on a port, the port sends LACPDUs to notify the remote system of its system LACP priority, system MAC address, port LACP priority, port number and operational key.

  • Page 157: Rstp Monitor

    4.5.6 RSTP Monitor Click the RSTP Monitor folder and then three options appear. 4.5.6.1 RSTP Bridge Overview RSTP Bridge Overview allows users to view a list of all RSTP VLANs’ brief information, such as Bridge ID, topology status and Root ID. Select RSTP Bridge Overview from the RSTP Monitor menu and then the following screen page appears.

  • Page 158: Rstp Port Status

    4.5.6.2 RSTP Port Status RSTP Port Status allows users to view a list of all RSTP ports’ information. Select RSTP Port Status from the RSTP Monitor menu and then the following screen page appears. In this page, you can find the following information about RSTP status: Port Number: The number of the port.

  • Page 159: Monitor

    Port Number: The number of the port. RSTP Transmitted: The total transmitted RSTP packets from current port. STP Transmitted: The total transmitted STP packets from current port. TCN Transmitted: The total transmitted TCN (Topology Change Notification) packets from current port. RSTP Received: The total received RSTP packets from current port.

  • Page 160: Port Status

    4.5.7.1 802.1X Port Status 802.1X Port Status allows users to view a list of all 802.1x ports’ information. Select 802.1X port status from the 802.1x Monitor menu and then the following screen page appears. In this page, you can find the following information about 802.1X ports: Port: The number of the port.

  • Page 161: Statistics

    Last ID: Display the number of the port’s Last ID. 4.5.7.2 802.1X Statistics In order to view the real-time 802.1X port statistics status of the Managed Switch, select 802.1x Statistics from the 802.1x Monitor menu and then the following screen page shows up. 4.5.8 IGMP/MLD Monitor Click the IGMP/MLD Monitor folder and then the following screen page appears.

  • Page 162: Igmp Snooping Status

    4.5.8.1 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select IGMP Snooping Status from the IGMP Monitor menu and then the following screen page appears. Update: Click “Update”...

  • Page 163: Mld Snooping Status

    Update: Click “Update” to update the table. VLAN ID: VID of the specific VLAN Group: The multicast IP address of IGMP querier. Port: The port(s) grouped in the specific multicast group. 4.5.8.3 MLD Snooping Status MLD Snooping Status allows users to view a list of IGMP queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets.

  • Page 164: Mld Group Table

    4.5.8.4 MLD Group Table In order to view the real-time IGMP multicast group status of the Managed Switch, select MLD Group Table from the IGMP/MLD monitor menu and then the following screen page appears. Update: Click “Update” to update the table. VLAN ID: VID of the specific VLAN Group: The multicast IP address of IGMP querier.

  • Page 165: Sfp Port State

    Port: The number of the port. Speed: Data rate of the slide-in SFP Transceiver. Distance: Transmission distance of the slide-in SFP Transceiver. Vendor Name: Vendor name of the slide-in SFP Transceiver. Vendor PN: Vendor PN of the slide-in SFP Transceiver. Vendor SN: Vendor SN of the slide-in SFP Transceiver.

  • Page 166: Dchp Snooping

    Port Number: The number of the SFP module slide-in port. Temperature (C): The Slide-in SFP module operation temperature. Voltage (V): The Slide-in SFP module operation voltage. TX Bias (mA): The Slide-in SFP module operation current. TX Power (dbm): The Slide-in SFP module optical Transmission power. RX Power (dbm): The Slide-in SFP module optical Receiver power.

  • Page 167: Mac Address Table

    Update: Click “Update” to update the DHCP snooping table. Cli Port: View-only field that shows where the DHCP client binding port is. VID: View-only field that shows the VLAN ID of the client port. CliIP Addr: View-only field that shows client IP address. Cli MAC Addr: View-only field that shows client MAC address.

  • Page 168: Loop Detection Status

    Click “Update” to refresh LLDP Status table. Local Port: View-only field that shows the port number on which LLDP frames are received. Chassis ID: View-only field that shows the MAC address of the LLDP frames received (the MAC address of the neighboring device). Remote Port: View-only field that shows the port number of the neighboring device.

  • Page 169: Ieee 802.1Q Tag Vlan Table

    Status: View-only filed that shows the loop status of each port. Lock Cause: View-only filed that shows the cause why the port is locked. 4.5.14 IEEE 802.1q Tag VLAN Table Select IEEE 802.1q Tag VLAN Table from the Switch Monitor menu and then the following screen page appears.

  • Page 170: Ping

    1. Ping: Ping can help you test the network connectivity between the Managed Switch and the host. You can also specify count s, timeout and size of the Ping packets. 2. Event Log: Event log can keep a record of system’s log events such as system warm start, cold start, link up/down, user login/logout, etc.

  • Page 171: Event Log

    You can also specify count s, timeout and size of the Ping packets. Click Start to start the Ping process. 4.6.2 Event Log Event log keep a record of user login and logout timestamp information. Select Event Log from the System Utility menu and then the following screen page appears. Click Clear to clear all Event log records.
  • Page 172 Protocol: Select the preferred protocol, either FTP or TFTP. File Type: Select the file to process, either Firmware or Configuration. Upgrade Image Option: Choose Image1 or Image2 which the firmware will be upgraded to. Config Type: Choose “Running-config”, “Default-config” or “Start-up-config” which the config file will be saved or restored to Server IP/IPv6 Address: Enter the specific IP/IPv6 address of the File Server.

  • Page 173: Load Factory Settings

    4.6.4 Load Factory Settings Load Factory Setting will set all the configurations of the Managed Switch back to the factory default settings, including the IP and Gateway address. Load Factory Setting is useful when network administrators would like to re-configure the system. A system reset is required to make all changes effective after Load Factory Setting.

  • Page 174: Reset System

    Click OK to save the configuration. 4.8 Reset System After any configuration change, Reset System can make it effective. Select Reset System from the Console main menu and then the following screen page appears. Click Set Next bootup Image to change the boot-up image if needed. Click Reboot to restart the Managed Switch.

  • Page 175: Appendix A: Free Radius Readme

    APPENDIX A: Free RADIUS readme The advanced RADIUS Server Set up for RADIUS Authentication is described as below. When free RADIUS client is enabled on the device, On the server side, it needs to put this file "dictionary.sample" under the directory /raddb, and modify these three files - "users", "clients.conf"...

  • Page 176: Appendix B: Set Up Dhcp Auto-Provisioning

    APPENDIX B: Set Up DHCP Auto-Provisioning Networking devices, such as switches or gateways, with DHCP Auto-provisioning function allow you to automatically upgrade firmware and configuration at startup process. Before setting up DHCP Server for auto-upgrade of firmware and configuration, please make sure the Managed Switch that you purchased can support DHCP Auto-provisioning.
  • Page 177 Step 2. Set up Auto Provision Server  Update DHCP Client Linux Fedora 12 supports “yum” function by default. First of all, update DHCP client function by issuing “yum install dhclient” command.  Install DHCP Server Issue “yum install dhcp” command to install DHCP server.
  • Page 178  Copy dhcpd.conf to /etc/dhcp/ directory Copy dhcpd.conf file provided by the vendor to /etc/dhcp/ directory. Please note that each vendor has their own way to define auto provisioning. Make sure to use the file provided by the vendor.  Enable and run DHCP service 1.
  • Page 179 Step 3. Modify dhcpd.conf file  Open dhcpd.conf file in /etc/dhcp/ directory Double-click dhcpd.conf placed in /etc/dhcp/ directory to open it.
  • Page 180  Modify dhcpd.conf file The following marked areas in dhcpd.conf file can be modified with values that work with your networking environment. 1. Define DHCP default and maximum lease time in seconds. Default lease time: If a client does not request a specific IP lease time, the server will assign a default lease time value.
  • Page 181 5. This value is configurable and can be defined by users. 6. Specify the protocol used (Protocol 1: FTP; Protocol 0: TFTP). 7. Specify the FTP or TFTP IP address. 8. Login TFTP server anonymously (TFTP does not require a login name and password). 9.
  • Page 182  Restart DHCP service...
  • Page 183 Every time when you modify dhcpd.conf file, DHCP service must be restarted. Issue “killall dhcpd” command to disable DHCP service and then issue “dhcpd” command to enable DHCP service. Step 4. Backup a Configuration File Before preparing a configuration file in TFTP/FTP Server, make sure the device generating the configuration file is set to “Get IP address from DHCP”...
  • Page 184 B. Auto-Provisioning Process This switching device is setting-free (through auto-upgrade and configuration) and its upgrade procedures are as follows: 1. The ISC DHCP server will recognize the device whenever it sends an IP address request to it, and it will tell the device how to get a new firmware or configuration. 2.

  • Page 185: Appendix C: Vlan Application Note

    APPENDIX C: VLAN Application Note Overview A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme instead of the physical layout. It can be used to combine any collection of LAN segments into a group that appears as a single LAN so as to logically segment the network into different broadcast domains.
  • Page 186 I. Port-Based VLAN Port-Based VLAN is uncomplicated in implementation and is useful for network administrators who wish to quickly and easily set up VLANs to isolate the effect of broadcast packets on their network. In the network diagram provided below, the network administrator is required to set up VLANs to separate traffic based on the following design conditions: ...
  • Page 187 CLI Configuration: Steps… Commands… SWH> enable 1. Enter Global Configuration Password: mode. SWH# config SWH(config)# SWH(config)# vlan port-based Marketing 2. Create port-based VLANs OK ! “Marketing” and “RD” SWH(config)# vlan port-based RD OK ! SWH(config)# interface 1,21,23,26 3. Select port 1, 21, 23 and 26 to SWH(config-if-1,21,23,26)# configure.
  • Page 188 3. Add Port 1, 21, 23 and 26 in a group and name it to “Marketing”. Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN Click “OK” to apply the settings. 4. Click “New” to add a new Port-Based VLAN Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN 5.
  • Page 189 6. Check Port-Based VLAN settings. Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Deafult_VLAN from the VLAN table, make sure you have correct management VLAN and PVID configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command.
  • Page 190 II. Data VLAN In networking environment, VLANs can carry various types of network traffic. The most common network traffic carried in a VLAN could be voice-based traffic, management traffic and data traffic. In practice, it is common to separate voice and management traffic from data traffic such as files, emails.
  • Page 191 NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Default_VLAN from the VLAN table, make sure you have correct management VLAN and PVID configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command.
  • Page 192 2. Create a new Data VLAN 11 that includes Port 1 and Port 26 as members. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Click “New” to create a new VLAN. Data VLAN 11 that includes Port 1 and Port 26 as member ports.
  • Page 193 4. Change Port 1’s PVID to 11, and set Port 26 to trunk mode. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN> VLAN Interface Change Port 1’s PVID to 11 Select “TRUNK” Click “OK” to apply the settings. Treatments of Packets: 1. A untagged packet arrives at Port 1 When an untagged packet arrives at Port 1, port 1’s Port VLAN ID (11) will be added to the original port.
  • Page 194 III. Management VLAN For security and performance reasons, it is best to separate user traffic and management traffic. When Management VLAN is set up, only a host or hosts that is/are in this Management VLAN can manage the device; thus, broadcasts that the device receives or traffic (e.g. multicast) directed to the management port will be minimized.
  • Page 195 Web Management Configuration: 1. Select “Configure VLAN” option in IEEE 802.1Q Tag VLAN menu. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Click “New” to create a new VLAN. 2. Create a new Management VLAN 10 that includes only Port 26 as a member port. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Management VLAN 10 that...
  • Page 196 NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Deafult_VLAN from the VLAN table, make sure you have correct management VLAN and PVID configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command. 4.
  • Page 197 IV. Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
  • Page 198 SWH(config)# interface 1 6. Set Port 1 to tunnel mode. SWH(config-if-1)# vlan dot1q-vlan mode dot1q- tunnel OK ! SWH(config-if-1)# vlan dot1q-vlan access-vlan 15 7. Change Port 1’s PVID to 15. OK ! SWH(config-if-1)# exit SWH(config)# interface 26 8. Set Port 26 to trunk mode. SWH(config-if-26)# vlan dot1q-vlan mode trunk OK ! SWH(config)# show vlan interface...
  • Page 199 2. Create a new Service VLAN 15 that includes Port 1 and Port 26 as member ports. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Configure VLAN Click “New” to create a new VLAN. Create S-VLAN 15 that includes Port 1 and Port 26 as member ports.
  • Page 200 4. Change Port 1’s PVID to 15, and set Port 1 to DOT1Q-TUNNEL mode and Port 26 to TRUNK mode. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>VLAN Interface Set Port 1 to DOT1Q-TUNNEL mode and change Port 1’s PVID to 15 Set Port 26 to TRUNK mode Click “OK”...
  • Page 201 This page is intentionally left blank. Revision History Manual Version Modification Firmware Version Date Add SSH function 1.08.90 2012/4 Remove CFM function Add “show default-setting” CLI command Modify Appendix C - VLAN Application 1.08.00 2011/9 Note with new CLI and Web GUI Revise VLAN descriptions...

Table of Contents