Page 1 AZTECA 1000 Web Managed Switch Series DG-GS1500E Series Gigabit Ethernet Web Managed Switch Management Guide V1.0 2014-03-05 As our products undergo continuous development the specifications are subject to change without prior notice...
Page 2 A N A G E M E N T U I D E DG-GS1510HPE G IGABIT THERNET WITCH Layer 2 Gigabit Ethernet PoE Switch with 8 10/100/1000BASE-T Ports (RJ-45) and 2 Gigabit SFP Ports DG-GS1526HPE G IGABIT THERNET WITCH Layer 2 Gigabit Ethernet PoE Switch with 24 10/100/1000BASE-T Ports (RJ-45) and 2 Gigabit SFP Ports DG-GS1526E G...
Page 3: About This Guide
BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Page 4: Table Of Contents
ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features System Defaults NITIAL WITCH ONFIGURATION ECTION ONFIGURATION SING THE NTERFACE Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu ONFIGURING THE WITCH Configuring System Information Setting an IP Address...
Page 5 ONTENTS Reducing Power to Idle Queue Circuits Configuring Port Connections Configuring Security Configuring User Accounts Configuring User Privilege Levels Configuring The Authentication Method For Management Access Configuring SSH Configuring HTTPS Filtering IP Addresses for Management Access Using Simple Network Management Protocol Remote Monitoring Configuring Port Limit Controls Configuring Authentication Through Network Access Servers...
Page 6 ONTENTS MLD Snooping Configuring Global and Port-Related Settings for MLD Snooping Configuring VLAN Settings for MLD Snooping and Query Configuring MLD Filtering Link Layer Discovery Protocol Configuring LLDP Timing and TLVs Configuring LLDP-MED TLVs Power over Ethernet Configuring the MAC Address Table IEEE 802.1Q VLANs Assigning Ports to VLANs Configuring VLAN Attributes for Port Members...
Page 7 ONTENTS Configuring UPnP Configuring sFlow ONITORING THE WITCH Displaying Basic Information About the System Displaying System Information Displaying CPU Utilization Displaying Log Messages Displaying Log Details Displaying Information About Ports Displaying Port Status On the Front Panel Displaying an Overview of Port Statistics Displaying QoS Statistics Displaying QCL Status Displaying Detailed Port Statistics...
Page 8 ONTENTS Displaying LACP Port Statistics Displaying Information on Loop Protection Displaying Information on the Spanning Tree Displaying Bridge Status for STA Displaying Port Status for STA Displaying Port Statistics for STA Displaying MVR Information Displaying MVR Statistics Displaying MVR Group Information Displaying MVR SFM Information Showing IGMP Snooping Information Showing IGMP Snooping Status...
Page 9 ONTENTS Restoring Factory Defaults Upgrading Firmware Activating the Alternate Image Managing Configuration Files Saving Configuration Settings Restoring Configuration Settings ECTION PPENDICES OFTWARE PECIFICATIONS Software Features Management Features Standards Management Information Bases ROUBLESHOOTING Problems Accessing the Management Interface Using System Logs LOSSARY NDEX –...
Page 10: Figures
IGURES Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Configuration Figure 4: IP Configuration Figure 5: IPv6 Configuration Figure 6: NTP Configuration Figure 7: Time Zone and Daylight Savings Time Configuration Figure 8: Configuring Settings for Remote Logging of Error Messages Figure 9: Configuring EEE Power Reduction Figure 10: Port Configuration Figure 11: Showing User Accounts...
Page 11 IGURES Figure 32: ACL Port Configuration Figure 33: ACL Rate Limiter Configuration Figure 34: Access Control List Configuration Figure 35: DHCP Snooping Configuration Figure 36: DHCP Relay Configuration Figure 37: Configuring Global and Port-based Settings for IP Source Guard Figure 38: Configuring Static Bindings for IP Source Guard Figure 39: Configuring Global and Port Settings for ARP Inspection Figure 40: Configuring Static Bindings for ARP Inspection Figure 41: Authentication Configuration...
Page 12 IGURES Figure 68: Private VLAN Membership Configuration Figure 69: Port Isolation Configuration Figure 70: Configuring MAC-Based VLANs Figure 71: Configuring Protocol VLANs Figure 72: Assigning Ports to Protocol VLANs Figure 73: Assigning Ports to an IP Subnet-based VLAN Figure 74: Configuring Global and Port Settings for a Voice VLAN Figure 75: Configuring an OUI Telephony List Figure 76: Configuring Ingress Port QoS Classification Figure 77: Configuring Ingress Port Tag Classification...
Page 13 IGURES Figure 104: QoS Control List Status Figure 105: Detailed Port Statistics Figure 106: Access Management Statistics Figure 107: Port Security Switch Status Figure 108: Port Security Port Status Figure 109: Network Access Server Switch Status Figure 110: NAS Statistics for Specified Port Figure 111: ACL Status Figure 112: DHCP Snooping Statistics Figure 113: DHCP Relay Statistics...
Page 14 IGURES Figure 140: LLDP-MED Neighbor Information Figure 141: LLDP Neighbor PoE Information Figure 142: LLDP Neighbor EEE Information Figure 143: LLDP Port Statistics Figure 144: Power over Ethernet Status Figure 145: MAC Address Table Figure 146: Showing VLAN Members Figure 147: Showing VLAN Port Status Figure 148: Showing MAC-based VLAN Membership Status Figure 149: Showing sFlow Statistics Figure 150: ICMP Ping...
Page 15: Tables
ABLES Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: HTTPS System Support Table 6: SNMP Security Models and Levels Table 7: Dynamic QoS Profiles Table 8: QCE Modification Buttons Table 9: Recommended STA Path Cost Range Table 10: Recommended STA Path Costs Table 11: Default STA Path Costs...
Page 16: Sectioni
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 17 •...
Page 17: Key Features
NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 18: Description Of Software Features
| Introduction HAPTER Description of Software Features Table 1: Key Features (Continued) Feature Description Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP) Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private VLANs, and voice VLANs, and QinQ tunnel Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/...
Page 19 | Introduction HAPTER Description of Software Features ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP CCESS ONTROL port number or frame type) or layer 2 frames (based on any destination ISTS MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag priority).
Page 20 | Introduction HAPTER Description of Software Features be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port. IEEE 802.1D B The switch supports IEEE 802.1D transparent bridging.
Page 21 | Introduction HAPTER Description of Software Features The switch supports up to 4096 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 22: System Defaults
| Introduction HAPTER System Defaults Differentiated Services (DiffServ) provides policy-based management UALITY OF ERVICE mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, DSCP values, or VLAN lists.
Page 23 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default SNMP SNMP Agent Disabled Community Strings “public” (read only) “private” (read/write) Traps Global: disabled Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: default_view Group: default_rw_group Port Configuration Admin Status Enabled Auto-negotiation...
Page 24 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default IP Settings Management. VLAN VLAN 1 IP Address 192.168.1.10 Subnet Mask 255.255.255.0 Default Gateway 0.0.0.0 DHCP Client: Disabled Snooping: Disabled Proxy service: Disabled Multicast Filtering IGMP Snooping Snooping: Disabled Querier: Disabled MLD Snooping...
Page 25: Initial Switch Configuration
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. To make use of the management features of your switch, you must first configure it with an IP address that is compatible with the network in which it is being installed.
Page 26 | Initial Switch Configuration HAPTER logging out. To change the password, click Security and then Users. Select “admin” from the User Configuration list, fill in the Password fields, and then click Save. – 26 –...
Page 27: Ection
ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 28 • "Configuring the Switch" on page 39 •...
Page 28: Using The Web Interface
SING THE NTERFACE This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Mozilla Firefox 2.0.0.0, or more recent versions).
Page 29: Configuration Options
| Using the Web Interface HAPTER Navigating the Web Browser Interface Configurable parameters have a dialog box or a drop-down list. Once a ONFIGURATION configuration change has been made on a page, be sure to click on the PTIONS Save button to confirm the new setting. The following table summarizes the web page configuration buttons.
Page 30 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configures the logging of messages to a remote logging process, specifies the remote log server, and limits the type of system log messages sent Ports Configures port connection settings Aggregation...
Page 31 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configures the Secure Shell server HTTPS Configures secure HTTP settings Access Sets IP addresses of clients allowed management access via Management HTTP/HTTPS, and SNMP, and Telnet/SSH SNMP Simple Network Management Protocol...
Page 32 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configures RADIUS authentication server, RADIUS accounting server, and TACACS+ authentication server settings Aggregation Static Specifies ports to group into static trunks LACP Allows ports to dynamically join trunks Loop Protection...
Page 33 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page PVLAN Configures PVLAN groups Membership Port Isolation Prevents communications between designated ports within the same private VLAN Configures Power-over-Ethernet settings for each port VLAN Control List MAC-based VLAN Maps traffic with specified source MAC address to a VLAN...
Page 34 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Storm Control Sets limits for broadcast, multicast, and unknown unicast traffic Sets source and target ports for local or remote mirroring Mirroring &...
Page 35 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Snooping Shows statistics for various types of DHCP protocol packets Statistics Relay Displays server and client statistics for packets affected by Statistics the relay information policy ARP Inspection...
Page 36 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page IPv4 SFM Displays IGMP Source-Filtered Multicast information Information including group, filtering mode (include or exclude), source address, and type (allow or deny) MLD Snooping Multicast Listener Discovery Snooping Status...
Page 37 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Factory Defaults Restores factory default settings Software Upload Updates software on the switch with a file specified on the management station Image Select Displays information about the active and alternate (backup) firmware images in the switch, and allows you to revert to...
Page 38 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configuration Save Saves configuration settings to a file on the management station Upload Restores configuration settings from a file on the management station The Basic Configuration menu is a subset of Advanced Configuration.
Page 39: Configuring The Switch
ONFIGURING THE WITCH This chapter describes all of the basic configuration tasks. ONFIGURING YSTEM NFORMATION Use the System Information Configuration page to identify the system by configuring contact information, system name, and the location of the switch. Basic/Advanced Configuration, System, Information ARAMETERS These parameters are displayed: System Contact...
Page 40: Setting An Ip Address
| Configuring the Switch HAPTER Setting an IP Address IP A ETTING AN DDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.
Page 41: Setting An Ipv6 Address
| Configuring the Switch HAPTER Setting an IP Address IP Router – IP address of the gateway router between the switch and • management stations that exist on other network segments. VLAN ID – ID of the configured VLAN. By default, all ports on the •...
Page 42 | Configuring the Switch HAPTER Setting an IP Address kind of address cannot be passed by any router outside of the subnet. A link-local address is easy to set up, and may be useful for simple networks or basic troubleshooting tasks. However, to connect to a larger network with multiple segments, the switch must be configured with a global unicast address.
Page 43: Figure 5: Ipv6 Configuration
| Configuring the Switch HAPTER Setting an IP Address Address – Manually configures a global unicast address by specifying • the full address and network prefix length (in the Prefix field). (Default: ::192.168.1.10) Prefix – Defines the prefix length as a decimal value indicating how •...
Page 44: Configuring Ntp Service
| Configuring the Switch HAPTER Configuring NTP Service NTP S ONFIGURING ERVICE Use the NTP Configuration page to specify the Network Time Protocol (NTP) servers to query for the current time. NTP allows the switch to set its internal clock based on periodic updates from an NTP time server. Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.
Page 45: Configuring The Time Zone And Daylight Savings Time
| Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time ONFIGURING THE ONE AND AYLIGHT AVINGS Use the Time Zone and Daylight Savings Time page to set the time zone and Daylight Savings Time. Time Zone – NTP/SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Page 46: Figure 7: Time Zone And Daylight Savings Time Configuration
| Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time From – Start time for summer-time. • To – End time for summer-time. • Offset – The number of minutes to add during Daylight Saving • Time. (Range: 1-1440) NTERFACE To set the time zone or Daylight Savings Time: Click Configuration, System, Time.
Page 47: Configuring Remote Log Messages
| Configuring the Switch HAPTER Configuring Remote Log Messages ONFIGURING EMOTE ESSAGES Use the System Log Configuration page to send log messages to syslog servers or other management stations. You can also limit the event messages sent to specified types. Basic/Advanced Configuration, System, Log OMMAND SAGE...
Page 48: Configuring Power Reduction
| Configuring the Switch HAPTER Configuring Power Reduction Figure 8: Configuring Settings for Remote Logging of Error Messages ONFIGURING OWER EDUCTION The switch provides power saving methods including powering down the circuitry for port queues when not in use. Use the EEE Configuration page to configure Energy Efficient Ethernet EDUCING OWER TO (EEE) for specified queues, and to specify urgent queues which are to...
Page 49: Configuring Port Connections
| Configuring the Switch HAPTER Configuring Port Connections EEE Urgent Queues – Specifies which are to transmit data after the • maximum latency expires regardless queue length. NTERFACE To configure the power reduction for idle queue circuits: Click Configuration, Power Reduction, EEE. Select the circuits which will use EEE.
Page 50 | Configuring the Switch HAPTER Configuring Port Connections Auto - Enables auto-negotiation. When using auto-negotiation, the • optimal settings will be negotiated between the link partners based on their advertised capabilities. 1Gbps FDX - Supports 1 Gbps full-duplex operation • 100Mbps FDX - Supports 100 Mbps full-duplex operation •...
Page 51: Figure 10: Port Configuration
| Configuring the Switch HAPTER Configuring Port Connections Power Control – Adjusts the power provided to ports based on the • length of the cable used to connect to other devices. Only sufficient power is used to maintain connection requirements. IEEE 802.3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters.
Page 52: Configuring Security
| Configuring the Switch HAPTER Configuring Security ONFIGURING ECURITY You can configure this switch to authenticate users logging into the system for management access or to control client access to the data ports. Management Access Security (Switch menu) – Management access to the switch can be controlled through local authentication of user names and passwords stored on the switch, or remote authentication of users via a RADIUS or TACACS+ server.
Page 53: Figure 11: Showing User Accounts
| Configuring the Switch HAPTER Configuring Security be used for an administrator account, privilege level 10 for a standard user account, and privilege level 5 for a guest account. ARAMETERS These parameters are displayed: User Name – The name of the user. •...
Page 54: Configuring User Privilege Levels
| Configuring the Switch HAPTER Configuring Security Click Save. Figure 12: Configuring User Accounts Use the Privilege Levels page to set the privilege level required to read or ONFIGURING configure specific software modules or system settings. RIVILEGE EVELS Advanced Configuration, Security, Switch, Privilege Levels ARAMETERS These parameters are displayed: Group Name –...
Page 55 | Configuring the Switch HAPTER Configuring Security The default settings provide four access levels: 1 – Read access of port status and statistics. • 5 – Read access of all system functions except for maintenance and • debugging 10 – read and write access of all system functions except for •...
Page 56: Configuring The Authentication Method For Management Access
| Configuring the Switch HAPTER Configuring Security Figure 13: Configuring Privilege Levels Use the Authentication Method Configuration page to specify the ONFIGURING authentication method for controlling management access through the UTHENTICATION console, Telnet, SSH or HTTP/HTTPS. Access can be based on the (local) ETHOD user name and password configured on the switch, or can be controlled ANAGEMENT...
Page 57: Figure 14: Authentication Server Operation
| Configuring the Switch HAPTER Configuring Security pairs with associated privilege levels for each user that requires management access to the switch. Figure 14: Authentication Server Operation 1. Client attempts management access. 2. Switch contacts authentication server RADIUS/ 3. Authentication server challenges client. 4.
Page 58: Figure 15: Authentication Method For Management Access
| Configuring the Switch HAPTER Configuring Security This guide assumes that RADIUS and TACACS+ servers have already been configured to support AAA. The configuration of RADIUS and TACACS+ server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS and TACACS+ server software.
Page 59: Configuring Ssh
| Configuring the Switch HAPTER Configuring Security Use the SSH Configuration page to configure access to the Secure Shell ONFIGURING (SSH) management interface. SSH provides remote management access to this switch as a secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a public-key that the client uses along with a local user name and password for access authentication.
Page 60: Configuring Https
| Configuring the Switch HAPTER Configuring Security HTTPS Use the HTTPS Configuration page to enable the Secure Hypertext Transfer ONFIGURING Protocol (HTTPS) over the Secure Socket Layer (SSL). HTTPS provides secure access (i.e., an encrypted connection) to the switch's web interface. Advanced Configuration, Security, Switch, HTTPS SAGE UIDELINES...
Page 61: Filtering Ip Addresses For Management Access
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure HTTPS: Click Advanced Configuration, HTTPS. Enable HTTPS if required and set the Automatic Redirect mode. Click Save. Figure 17: HTTPS Configuration Use the Access Management Configuration page to create a list of up to 16 ILTERING IP addresses or IP address groups that are allowed management access to DDRESSES...
Page 62: Using Simple Network Management Protocol
| Configuring the Switch HAPTER Configuring Security Click Advanced Configuration, Security, Switch, Access Management. Set the Mode to Enabled. Click “Add new entry.” Enter the start and end of an address range. Mark the protocols to restrict based on the specified address range. The following example shows how to restrict management access for all protocols to a specific address range.
Page 63: Table 6: Snmp Security Models And Levels
| Configuring the Switch HAPTER Configuring Security Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity, authentication, and encryption; as well as controlling user access to specific areas of the MIB tree. The SNMPv3 security structure consists of security models, with each model having it's own security levels.
Page 64 | Configuring the Switch HAPTER Configuring Security Advanced Configuration, Security, Switch, SNMP, System ARAMETERS These parameters are displayed: SNMP System Configuration Mode - Enables or disables SNMP service. (Default: Disabled) • Version - Specifies the SNMP version to use. (Options: SNMP v1, •...
Page 65 | Configuring the Switch HAPTER Configuring Security Trap Version - Indicates if the target user is running SNMP v1, v2c, or • v3. (Default: SNMP v1) Trap Community - Specifies the community access string to use when • sending SNMP trap packets.
Page 66 | Configuring the Switch HAPTER Configuring Security field is used. (Range: 10-64 hex digits, excluding a string of all 0’s or all F’s) The Trap Probe Security Engine ID must be disabled before an engine ID can be manually entered in this field. Trap Security Name (SNMPv3) - Indicates the SNMP trap security •...
Page 67: Figure 19: Snmp System Configuration
| Configuring the Switch HAPTER Configuring Security Figure 19: SNMP System Configuration SNMP ETTING OMMUNITY CCESS TRINGS Use the SNMPv3 Community Configuration page to set community access strings. All community strings used to authorize access by SNMP v1 and v2c clients should be listed in the SNMPv3 Communities Configuration table.
Page 68: Figure 20: Snmpv3 Community Configuration
| Configuring the Switch HAPTER Configuring Security For SNMPv3, these strings are treated as a Security Name, and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 Groups Configuration table (see "Configuring SNMPv3 Groups" on page 70). Source IP - Specifies the source address of an SNMP client.
Page 69 | Configuring the Switch HAPTER Configuring Security ARAMETERS These parameters are displayed: Engine ID - The engine identifier for the SNMP agent on the remote • device where the user resides. (Range: 10-64 hex digits, excluding a string of all 0’s or all F’s) To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides.
Page 70: Figure 21: Snmpv3 User Configuration
| Configuring the Switch HAPTER Configuring Security Define the user name, security level, authentication and privacy settings. Click Save. Figure 21: SNMPv3 User Configuration SNMP ONFIGURING ROUPS Use the SNMPv3 Group Configuration page to configure SNMPv3 groups. An SNMPv3 group defines the access policy for assigned users, restricting them to specific read and write views as defined on the SNMPv3 Access Configuration page (page...
Page 71: Figure 22: Snmpv3 Group Configuration
| Configuring the Switch HAPTER Configuring Security Select the security name. For SNMP v1 and v2c, the security names displayed are based on the those configured in the SNMPv3 Communities menu. For USM, the security names displayed are based on the those configured in the SNMPv3 Users Configuration menu. Enter a group name.
Page 72: Figure 23: Snmpv3 View Configuration
| Configuring the Switch HAPTER Configuring Security Enter the view name, view type, and OID subtree. Click Save. Figure 23: SNMPv3 View Configuration SNMP ONFIGURING ROUP CCESS IGHTS Use the SNMPv3 Access Configuration page to assign portions of the MIB tree to which each SNMPv3 group is granted access.
Page 73: Remote Monitoring
| Configuring the Switch HAPTER Configuring Security Click Add New Access to create a new entry. Specify the group name, security settings, read view, and write view. Click Save. Figure 24: SNMPv3 Access Configuration Remote Monitoring allows a remote device to collect information or EMOTE ONITORING respond to specified events on an independent basis.
Page 74: Figure 25: Rmon Statistics Configuration
| Configuring the Switch HAPTER Configuring Security ARAMETERS The following parameters are displayed: ID - Index to this entry. (Range: 1-65535) • Data Source – Port identifier. • NTERFACE To enable regular sampling of statistics on a port: Click Advanced Configuration, Security, Switch, RMON, Statistics. Click Add New Entry.
Page 75: Figure 26: Rmon History Configuration
| Configuring the Switch HAPTER Configuring Security Data Source – Port identifier. • Interval - The polling interval. (Range: 1-3600 seconds; Default: 1800 • seconds) Buckets number buckets requested this entry. • (Range: 1-3600; Default: 50) Buckets Granted - The number of buckets granted. •...
Page 76 | Configuring the Switch HAPTER Configuring Security Variable – The object identifier of the MIB variable to be sampled. • Only variables of the type ifEntry.n.n may be sampled. Note that ifEntry.n uniquely defines the MIB variable, and ifEntry.n.n defines variable, plus example,...
Page 77: Figure 27: Rmon Alarm Configuration
| Configuring the Switch HAPTER Configuring Security threshold, and again moves back down to the failing threshold. (Range: -2147483647 to 2147483647) Falling Index – The index of the event to use if an alarm is triggered • by monitored variables crossing below the falling threshold. If there is no corresponding entry in the event control table, then no event will be generated.
Page 78: Configuring Port Limit Controls
| Configuring the Switch HAPTER Configuring Security settings for event logging (see "Configuring Remote Log Messages" on page 47). snmptrap – Sends a trap message to all configured trap managers • (see "Configuring SNMP System and Trap Settings" on page 63).
Page 79 | Configuring the Switch HAPTER Configuring Security System Configuration Mode – Enables or disables Limit Control is globally on the switch. If • globally disabled, other modules may still use the underlying functionality, but limit checks and corresponding actions are disabled. Aging Enabled –...
Page 80 | Configuring the Switch HAPTER Configuring Security removed from the port, and no new addresses will be learned. Even if the link is physically disconnected and reconnected on the port (by disconnecting the cable), the port will remain shut down. There are three ways to re-open the port: Boot the switch, •...
Page 81: Configuring Authentication Through Network Access Servers
| Configuring the Switch HAPTER Configuring Security Figure 29: Port Limit Control Configuration Network switches can provide open and easy access to network resources ONFIGURING by simply attaching a client PC. Although this automatic configuration and UTHENTICATION access is a desirable feature, it also allows unauthorized personnel to easily HROUGH ETWORK intrude and possibly gain access to sensitive network data.
Page 82 | Configuring the Switch HAPTER Configuring Security This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the client, and a remote RADIUS authentication server to verify user identity and access rights. These backend servers are configured on the AAA menu (see page 114).
Page 83 | Configuring the Switch HAPTER Configuring Security these encryption methods in Windows 95 and 98, you can use the AEGIS dot1x client or other comparable client software.) MAC-based authentication allows for authentication of more than one user on the same port, and does not require the user to have special 802.1X software installed on his system.
Page 84 | Configuring the Switch HAPTER Configuring Security When the NAS module uses the Port Security module to secure MAC addresses, the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within the given age period.
Page 85: Table 7: Dynamic Qos Profiles
| Configuring the Switch HAPTER Configuring Security RADIUS Attributes Used in Identifying a QoS Class The User-Priority-Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access-Accept packet. Only the first occurrence of the attribute in the packet will be considered.
Page 86 | Configuring the Switch HAPTER Configuring Security Illegal characters found in a profile value (for example, a non- • digital character in an 802.1p profile value). Failure to configure the received profiles on the authenticated • port. When the last user logs off on a port with a dynamic QoS •...
Page 87 | Configuring the Switch HAPTER Configuring Security RADIUS Attributes Used in Identifying a VLAN ID RFC 2868 and RFC 3580 form the basis for the attributes used in identifying a VLAN ID in an Access-Accept packet. The following criteria are used: The Tunnel-Medium-Type, Tunnel-Type, and Tunnel-Private-Group- •...
Page 88 | Configuring the Switch HAPTER Configuring Security of EAPOL Request Identity frames is configured with EAPOL Timeout. If Allow Guest VLAN if EAPOL Seen is enabled, the port will now be placed in the Guest VLAN. If disabled, the switch will first check its history to see if an EAPOL frame has previously been received on the port (this history is cleared if the port link goes down or the port's Admin State is changed), and if not, the port will be placed in the Guest VLAN.
Page 89 | Configuring the Switch HAPTER Configuring Security Port-based 802.1X - Requires a dot1x-aware client to be • authorized by the authentication server. Clients that are not dot1x- aware will be denied access. Single 802.1X - At most one supplicant can get authenticated on •...
Page 90 | Configuring the Switch HAPTER Configuring Security up or block traffic for that particular client, using the Port Security module. Only then will frames from the client be forwarded on the switch. There are no EAPOL frames involved in this authentication, and therefore, MAC-based Authentication has nothing to do with the 802.1X standard.
Page 91 | Configuring the Switch HAPTER Configuring Security Globally Disabled - 802.1X and MAC-based authentication are • globally disabled. (This is the default state.) Link Down - 802.1X or MAC-based authentication is enabled, but • there is no link on the port. Authorized - The port is in Force Authorized mode, or a single- •...
Page 92: Filtering Traffic With Access Control Lists
| Configuring the Switch HAPTER Configuring Security Figure 31: Network Access Server Configuration An Access Control List (ACL) is a sequential list of permit or deny ILTERING RAFFIC conditions that apply to IP addresses, MAC addresses, or other more WITH CCESS specific criteria.
Page 93 | Configuring the Switch HAPTER Configuring Security Advanced Configuration, Security, Network, ACL, Ports ARAMETERS These parameters are displayed: Port - Port Identifier. • Policy ID - An ACL policy configured on the ACE Configuration page • (page 97). (Range: 1-8; Default: 1, which is undefined) Action - Permits or denies a frame based on whether it matches a rule •...
Page 94: Figure 32: Acl Port Configuration
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure ACL policies and responses for a port: Click Advanced Configuration, Security, Network, ACL, Ports. Assign an ACL policy configured on the ACE Configuration page, specify the responses to invoke when a matching frame is seen, including the filter mode, copying matching frames to another port, logging matching frames, or shutting down the port.
Page 95: Figure 33: Acl Rate Limiter Configuration
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure rate limits which can be applied to a port: Click Advanced Configuration, Security, Network, ACL, Rate Limiters. For any of the rate limiters, select the maximum ingress rate that will be supported on a port once a match has been found in an assigned ACL.
Page 96 | Configuring the Switch HAPTER Configuring Security Any frame type (based on MAC address, VLAN ID, VLAN priority) • Ethernet type (based on Ethernet type value, MAC address, VLAN • ID, VLAN priority) ARP (based on ARP/RARP type, request/reply, sender/target IP, •...
Page 97: Table 8: Qce Modification Buttons
| Configuring the Switch HAPTER Configuring Security The following buttons are used to edit or move the ACL entry (ACE): Table 8: QCE Modification Buttons Button Description Inserts a new ACE before the current row. Edits the ACE. Moves the ACE up the list. Moves the ACE down the list.
Page 98 | Configuring the Switch HAPTER Configuring Security A detailed listing of Ethernet protocol types can be found in RFC • 1060. A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX). ARP: • MAC Parameters • SMAC Filter - The type of source MAC address.
Page 99 | Configuring the Switch HAPTER Configuring Security protocol address length (PLN) settings. (Options: Any - any value is allowed, 0 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must not match this entry, 1 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must match this entry;...
Page 100 | Configuring the Switch HAPTER Configuring Security TCP Parameters Source Port Filter - Specifies the TCP source filter for this rule. • (Options: Any, Specific (0-65535), Range (0-65535); Default: Any) Dest. Port Filter - Specifies the TCP destination filter for this •...
Page 101 | Configuring the Switch HAPTER Configuring Security Any - any value is allowed, Yes - IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must match this entry, No - IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not match this entry;...
Page 102 | Configuring the Switch HAPTER Configuring Security Counter - Shows he number of frames which have matched any of the • rules defined for this ACL. VLAN Parameters 802.1Q Tagged - Specifies whether or not frames should be 802.1Q • tagged.
Page 103: Configuring Dhcp Snooping
| Configuring the Switch HAPTER Configuring Security Figure 34: Access Control List Configuration DHCP Use the DHCP Snooping Configuration page to filter IP traffic on insecure ONFIGURING ports for which the source address cannot be identified via DHCP snooping. NOOPING The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard).
Page 104 | Configuring the Switch HAPTER Configuring Security VLAN interface, DHCP messages received on an untrusted interface from a device not listed in the DHCP snooping table will be dropped. Table entries are only learned for trusted interfaces. An entry is added •...
Page 105: Figure 35: Dhcp Snooping Configuration
| Configuring the Switch HAPTER Configuring Security DHCP server, any packets received from untrusted ports are dropped. ARAMETERS These parameters are displayed: Snooping Mode – Enables DHCP snooping globally. When DHCP • snooping is enabled, DHCP request messages will be forwarded to trusted ports, and reply packets only allowed from trusted ports.
Page 106: Configuring Dhcp Relay And Option 82 Information
| Configuring the Switch HAPTER Configuring Security DHCP Use the DHCP Relay Configuration page to configure DHCP relay service for ONFIGURING attached host devices. If a subnet does not include a DHCP server, you can ELAY AND PTION relay DHCP client requests to a DHCP server on another subnet. NFORMATION When DHCP relay is enabled and the switch sees a DHCP request broadcast, it inserts its own IP address into the request (so that the DHCP...
Page 107: Configuring Ip Source Guard
| Configuring the Switch HAPTER Configuring Security Drop - Drops the packet when it receives a DHCP message that • already contains relay information. NTERFACE To configure DHCP Relay: Click Advanced Configuration, Security, Network, DHCP, Relay. Enable the DHCP relay function, specify the DHCP server’s IP address, enable Option 82 information mode, and set the policy by which to handle relay information found in client packets.
Page 108 | Configuring the Switch HAPTER Configuring Security Multicast addresses cannot be used by IP Source Guard. When enabled, traffic is filtered based upon dynamic entries learned via • DHCP snooping (see "Configuring DHCP Snooping"), or static addresses configured in the source guard binding table. If IP source guard is enabled, an inbound packet’s IP address will be •...
Page 109: Figure 37: Configuring Global And Port-Based Settings For Ip Source Guard
| Configuring the Switch HAPTER Configuring Security Max Dynamic Clients – Specifies the maximum number of dynamic • clients that can be learned on given ports. This value can be 0, 1, 2 or unlimited. If the port mode is enabled and the maximum number of dynamic clients is equal 0, the switch will only forward IP packets that are matched in static entries for a given port.
Page 110: Figure 38: Configuring Static Bindings For Ip Source Guard
| Configuring the Switch HAPTER Configuring Security If there is an entry with the same VLAN ID and MAC address, and • the type of entry is static IP source guard binding, then the new entry will replace the old one. If there is an entry with the same VLAN ID and MAC address, and •...
Page 111: Configuring Arp Inspection
| Configuring the Switch HAPTER Configuring Security ARP Inspection is a security feature that validates the MAC Address ONFIGURING bindings for Address Resolution Protocol packets. It provides protection NSPECTION against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the-middle” attacks. This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination.
Page 112: Figure 39: Configuring Global And Port Settings For Arp Inspection
| Configuring the Switch HAPTER Configuring Security ARP I ONFIGURING LOBAL AND ETTINGS FOR NSPECTION Use the ARP Inspection Configuration page to enable ARP inspection globally for the switch and for any ports on which it is required. Advanced Configuration, Security, Network, ARP Inspection, Configuration ARAMETERS These parameters are displayed: Global Configuration...
Page 113: Figure 40: Configuring Static Bindings For Arp Inspection
| Configuring the Switch HAPTER Configuring Security ARP I ONFIGURING TATIC INDINGS FOR NSPECTION Use the Static ARP Inspection Table to bind a static address to a port. Table entries include a port identifier, VLAN identifier, source MAC address in ARP request packets, and source IP address in ARP request packets.
Page 114: Specifying Authentication Servers
| Configuring the Switch HAPTER Configuring Security Use the Authentication Server Configuration page to control management PECIFYING access based on a list of user names and passwords configured on a UTHENTICATION RADIUS or TACACS+ remote access authentication server, and to ERVERS authenticate client access for IEEE 802.1X port authentication (see page...
Page 115: Figure 41: Authentication Configuration
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure authentication for management access in the web interface: Click Advanced Configuration, Security, AAA. Configure the authentication method for management client types, the common server timing parameters, and address, UDP port, and secret key for each required RADIUS or TACACS+ server.
Page 116: Creating Trunk Groups
| Configuring the Switch HAPTER Creating Trunk Groups REATING RUNK ROUPS You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches.
Page 117 | Configuring the Switch HAPTER Creating Trunk Groups Basic/Advanced Configuration, Aggregation, Static SAGE UIDELINES When configuring static trunks, you may not be able to link switches of • different types, depending on the manufacturer's implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
Page 118 | Configuring the Switch HAPTER Creating Trunk Groups for switch-to-router trunk links where the destination MAC address is the same for all traffic. IP Address – All traffic with the same source and destination IP • address is output on the same link in a trunk. This mode works best for switch-to-router trunk links where traffic through the switch is destined for many different hosts.
Page 119: Configuring Lacp
| Configuring the Switch HAPTER Creating Trunk Groups Figure 42: Static Trunk Configuration LACP Use the LACP Port Configuration page to enable LACP on selected ports, ONFIGURING configure the administrative key, and the protocol initiation mode. Basic/Advanced Configuration, Aggregation, LACP SAGE UIDELINES To avoid creating a loop in the network, be sure you enable LACP before...
Page 120 | Configuring the Switch HAPTER Creating Trunk Groups Ports assigned to a common link aggregation group (LAG) must meet • the following criteria: Ports must have the same LACP Admin Key. Using auto- • configuration of the Admin Key will avoid this problem. One of the ports at either the near end or far end must be set to •...
Page 121: Configuring Loop Protection
| Configuring the Switch HAPTER Configuring Loop Protection Set at least one of the ports in each LAG to Active initiation mode, either at the near end or far end of the trunk. Click Save. Figure 43: LACP Port Configuration ONFIGURING ROTECTION Use the Loop Protection page to detect general loopback conditions caused...
Page 122 | Configuring the Switch HAPTER Configuring Loop Protection Shutdown Time – The interval to wait before the switch automatically • releases interface from shutdown state. (Range: 1-604,800 seconds, or 0 to disable automatic recovery) If the recovery time is set to zero, any ports placed in shutdown state will remain in that state until the switch is reset.
Page 123: Configuring The Spanning Tree Algorithm
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 44: Loop Protection Configuration ONFIGURING THE PANNING LGORITHM The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
Page 124: Figure 45: Stp Root Ports And Designated Ports
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 45: STP Root Ports and Designated Ports Designated Root Root Designated Port Port Designated Bridge Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
Page 125: Configuring Global Settings For Sta
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including the Region Name, Revision Level and Configuration Digest – see "Configuring Multiple Spanning Trees" on page 129).
Page 126 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Note: STP and RSTP BPDUs are transmitted as untagged frames, and will cross any VLAN boundaries. Rapid Spanning Tree Protocol • RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: STP Mode –...
Page 127 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm MSTP: Multiple Spanning Tree (IEEE 802.1s); This is the default. • Bridge Priority – Bridge priority is used in selecting the root device, • root port, and designated port. The device with the highest priority becomes the STA root device.
Page 128 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Transmit Hold Count – The number of BPDU's a bridge port can send • per second. When exceeded, transmission of the next BPDU will be delayed. (Range: 1-10; Default: 6) Advanced Settings Edge Port BPDU Filtering –...
Page 129: Configuring Multiple Spanning Trees
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 48: STA Bridge Configuration Use the MSTI Mapping page to add VLAN groups to an MSTP instance ONFIGURING (MSTI), or to designate the name and revision of the VLAN-to-MSTI ULTIPLE PANNING mapping used on this switch.
Page 130 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Enter the spanning tree priority for the CIST and selected MST instance on the MSTI Priorities page. All VLANs are automatically added to the CIST (MST Instance 0). To ensure that the MSTI maintains connectivity across the network, you must configure a related set of bridges with the same MSTI settings.
Page 131: Configuring Spanning Tree Bridge Priorities
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 49: Adding a VLAN to an MST Instance Use the MSTI Priorities page to configure the bridge priority for the CIST ONFIGURING and any configured MSTI. Remember that RSTP looks upon each MST PANNING Instance as a single bridge node.
Page 132: Configuring Stp/Rstp/Cist Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm NTERFACE To add VLAN groups to an MSTP instance: Click Configuration, Spanning Tree, MSTI Priorities. Set the bridge priority for the CIST or any configured MSTI. Click Save Figure 50: Configuring STA Bridge Priorities Use the CIST Ports Configuration page to configure STA attributes for ONFIGURING interfaces when the spanning tree mode is set to STP or RSTP, or for...
Page 133: Table 9: Recommended Sta Path Cost Range
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm STP Enabled – Sets the interface to enable STA, disable STA, or • disable STA with BPDU transparency. (Default: Enabled) BPDU transparency is commonly used to support BPDU tunneling, passing BPDUs across a service provider’s network without any changes, thereby combining remote network segments into a single spanning tree.
Page 134 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Priority – Defines the priority used for this port in the Spanning Tree • Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 135: Figure 51: Stp/Rstp/Cist Port Configuration
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm If enabled, the port will disable itself upon receiving valid BPDU's. Contrary to the similar bridge setting, the port Edge status does not affect this setting. A port entering error-disabled state due to this setting is subject to the bridge Port Error Recovery setting as well (see "Configuring Global Settings for STA"...
Page 136: Configuring Mist Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm MIST Use the MIST Ports Configuration page to configure STA attributes for ONFIGURING interfaces in a specific MSTI, including path cost, and port priority. You may NTERFACES use a different priority or path cost for ports of the same media type to indicate the preferred path.
Page 137: Multicast Vlan Registration
| Configuring the Switch HAPTER Multicast VLAN Registration Figure 52: MSTI Port Configuration VLAN R ULTICAST EGISTRATION Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN most commonly used for transmitting multicast traffic (such as television channels or video-on-demand) across a service provider’s network.
Page 138: Configuring General Mvr Settings
| Configuring the Switch HAPTER Multicast VLAN Registration Use the MVR Configuration page to enable MVR globally on the switch, ONFIGURING select the VLAN that will serve as the sole channel for common multicast ENERAL streams supported by the service provider, and to configure each interface ETTINGS that participates in the MVR protocol as a source port or receiver port.
Page 139 | Configuring the Switch HAPTER Multicast VLAN Registration Dynamic – MVR allows dynamic MVR membership reports on • source ports. (This is the default.) Compatible – MVR membership reports are forbidden on source • ports. Tagging – Specifies whether the traversed IGMP/MLD control frames •...
Page 140: Configuring Mvr Channel Settings
| Configuring the Switch HAPTER Multicast VLAN Registration Note that immediate leave should only be enabled on receiver ports to which only one subscriber is attached. Otherwise, service to other active receivers will be affected. NTERFACE To configure global and interface settings for MVR: Click Advanced Configuration, MVR.
Page 141: Configuring Mvr Channel Settings
| Configuring the Switch HAPTER Multicast VLAN Registration Only IGMP version 2 or 3 hosts can issue multicast join or leave • messages. If MVR must be configured for an IGMP version 1 host, the multicast groups must be statically assigned using this configuration page.
Page 142: Igmp Snooping
| Configuring the Switch HAPTER IGMP Snooping IGMP S NOOPING Multicasting used support real-time applications such videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Page 143 | Configuring the Switch HAPTER IGMP Snooping ARAMETERS These parameters are displayed: Global Configuration Snooping Enabled - When enabled, the switch will monitor network • traffic to determine which hosts want to receive multicast traffic. (Default: Enabled) This switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers/switches and IP multicast host groups to identify the IP multicast group members.
Page 144 | Configuring the Switch HAPTER IGMP Snooping IGMP leave proxy suppresses all unnecessary IGMP leave messages so that a non-querier switch forwards an IGMP leave packet only when the last dynamic member port leaves a multicast group. The leave-proxy feature does not function when a switch is set as the querier.
Page 145 | Configuring the Switch HAPTER IGMP Snooping Leave function is enabled. This allows the switch to remove a port from the multicast forwarding table without first having to send an IGMP group-specific (GS) query to that interface. If Fast Leave is not used, a multicast router (or querier) will send a GS-query message when an IGMPv2/v3 group leave message is received.
Page 146: Configuring Vlan Settings For Igmp Snooping And Query
| Configuring the Switch HAPTER IGMP Snooping VLAN Use the IGMP Snooping VLAN Configuration page to configure IGMP ONFIGURING snooping and query for a VLAN interface IGMP ETTINGS FOR NOOPING AND UERY Advanced Configuration, IPMC, IGMP Snooping, VLAN Configuration ARAMETERS These parameters are displayed: VLAN ID - VLAN Identifier.
Page 147 | Configuring the Switch HAPTER IGMP Snooping An MLD general query message is sent by the switch at the interval specified by this attribute. When this message is received by downstream hosts, all receivers build an MLD report for the multicast groups they have joined.
Page 148: Configuring Igmp Filtering
| Configuring the Switch HAPTER IGMP Snooping Figure 57: Configuring VLAN Settings for IGMP Snooping and Query IGMP Use the IGMP Snooping Port Group Filtering Configuration page to filter ONFIGURING specific multicast traffic. In certain switch applications, the administrator ILTERING may want to control the multicast services that are available to end users;...
Page 149: Mld Snooping
| Configuring the Switch HAPTER MLD Snooping MLD S NOOPING Multicast Listener Discovery (MLD) snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4. That is, MLD snooping dynamically configures switch ports to limit IPv6 multicast traffic so that it is forwarded only to ports with users that want to receive it.
Page 150 | Configuring the Switch HAPTER MLD Snooping Once the table used to store multicast entries for MLD snooping is filled, no new entries are learned. If no router port is configured in the attached VLAN, and Unregistered IPMCv6 Flooding is disabled, any subsequent multicast traffic not found in the table is dropped, otherwise it is flooded throughout the VLAN.
Page 151 | Configuring the Switch HAPTER MLD Snooping Router Port - Sets a port to function as a router port, which leads • towards a Layer 3 multicast device or MLD querier. (Default: Disabled) If MLD snooping cannot locate the MLD querier, you can manually designate a port which is connected to a known MLD querier (i.e., a multicast router/switch).
Page 152: Configuring Vlan Settings For Mld Snooping And Query
| Configuring the Switch HAPTER MLD Snooping Figure 59: Configuring Global and Port-related Settings for MLD Snooping VLAN Use the MLD Snooping VLAN Configuration page to configure MLD snooping ONFIGURING and query for a VLAN interface ETTINGS FOR NOOPING AND UERY Advanced Configuration, IPMC, MLD Snooping, VLAN Configuration ARAMETERS...
Page 153 | Configuring the Switch HAPTER MLD Snooping An IPv6 address must be configured on the VLAN interface from which the querier will act if elected. When serving as the querier, the switch uses this IPv6 address as the query source address. The querier will not start or will disable itself after having started if it detects an IPv6 multicast router on the network.
Page 154: Configuring Mld Filtering
| Configuring the Switch HAPTER MLD Snooping A reduced value will result in reduced time to detect the loss of the last member of a group or source, but may generate more burst traffic. This attribute will take effect only if MLD snooping proxy reporting is enabled (see page 149).
Page 155: Link Layer Discovery Protocol
| Configuring the Switch HAPTER Link Layer Discovery Protocol NTERFACE To configure MLD Snooping Port Group Filtering: Click Configuration, IPMC, MLD Snooping, Port Group Filtering. Click Add New Filtering Group to display a new entry in the table. Select the port to which the filter will be applied. Enter the IP address of the multicast service to be filtered.
Page 156 | Configuring the Switch HAPTER Link Layer Discovery Protocol This attribute must comply with the following rule: (Transmission Interval * Transmission Hold Time)  65536, and Transmission Interval  (4 * Transmission Delay) Tx Hold – Configures the time-to-live (TTL) value sent in LLDP •...
Page 157 | Configuring the Switch HAPTER Link Layer Discovery Protocol CDP TLV “Port ID” is mapped into the LLDP “Port ID” field. • CDP TLV “Version and Platform” is mapped into the LLDP “System • Description” field. Both the CDP and LLDP support “system capabilities,” but the CDP •...
Page 158: Configuring Lldp-Med Tlvs
| Configuring the Switch HAPTER Link Layer Discovery Protocol NTERFACE To configure LLDP timing and advertised TLVs: Click Configuration, LLDP. Modify any of the timing parameters as required. Set the required mode for transmitting or receiving LLDP messages. Enable or disable decoding CDP frames. Specify the information to include in the TLV field of advertised messages.
Page 159 | Configuring the Switch HAPTER Link Layer Discovery Protocol ARAMETERS These parameters are displayed: Fast Start Repeat Count – Rapid startup and Emergency Call Service • Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general.In addition, it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types (for example only advertise the voice network policy to permitted voice-capable devices), both in order to conserve...
Page 160 | Configuring the Switch HAPTER Link Layer Discovery Protocol Meters: Representing meters of Altitude defined by the vertical • datum specified. Floors: Representing altitude in a form more relevant in buildings • which have different floor-to-floor dimensions. An altitude = 0.0 is meaningful even outside a building, and represents ground level at the given latitude and longitude.
Page 161 | Configuring the Switch HAPTER Link Layer Discovery Protocol Room no. - Room number. (Example: 450F) • Place type - Place type. (Example: Office) • Postal community name Postal community name. • (Example: Leonia) P.O. Box - Post office box (P.O. BOX). (Example: 12345) •...
Page 162 | Configuring the Switch HAPTER Link Layer Discovery Protocol A large network may support multiple VoIP policies across the entire organization, and different policies per application type. LLDP-MED allows multiple policies to be advertised per port, each corresponding to a different application type. Different ports on the same Network Connectivity Device may advertise different sets of policies, based on the authenticated user identity or port configuration.
Page 163 | Configuring the Switch HAPTER Link Layer Discovery Protocol Video Signaling (conditional) - For use in network topologies • that require a separate policy for the video signaling than for the video media. This application type should not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy.
Page 164: Power Over Ethernet
| Configuring the Switch HAPTER Power over Ethernet Figure 63: LLDP-MED Configuration OWER OVER THERNET Use the Power Over Ethernet Configuration page to set the maximum PoE power provided to a port, the maximum power budget for the switch (power available to all RJ-45 ports), the port PoE operating mode, power allocation priority, and the maximum power allocated to each port.
Page 165 | Configuring the Switch HAPTER Power over Ethernet This switch supports both the IEEE 802.3af PoE and IEEE 802.3at-2009 • PoE Plus standards. To ensure that the correct power is supplied to powered devices (PD) compliant with these standards, the first detection pulse from the switch is based on 802.3af to which the 802.3af PDs will respond normally.
Page 166 | Configuring the Switch HAPTER Power over Ethernet Allocation – The amount of power that each port may reserve is • specified. The allocated/reserved power for each port/PD is specified in the Maximum Power fields. LLDP-MED – This mode is similar to the Class mode expect that •...
Page 167: Configuring The Mac Address Table
| Configuring the Switch HAPTER Configuring the MAC Address Table NTERFACE To configure global and port-specific PoE settings: Click Advanced Configuration, PoE. Set the global PoE parameters, including the method used to determine reserved port power, the method by which port power is shut down, and the switch’s overall power budget.
Page 168 | Configuring the Switch HAPTER Configuring the MAC Address Table ARAMETERS These parameters are displayed: Aging Configuration Disable Automatic Aging - Disables the automatic aging of dynamic • entries. (Address aging is enabled by default.) Aging Time - The time after which a learned entry is discarded. •...
Page 169: Ieee 802.1Q Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs Specify the way in which MAC addresses are learned on any port. Add any required static MAC addresses by clicking the Add New Static Entry button, entering the VLAN ID and MAC address, and marking the ports to which the address is to be mapped.
Page 170: Assigning Ports To Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.
Page 171: Configuring Vlan Attributes For Port Members
| Configuring the Switch HAPTER IEEE 802.1Q VLANs Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups, such as file servers or printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you must connect them through a router.
Page 172 | Configuring the Switch HAPTER IEEE 802.1Q VLANs When Port Type is set to S-port or S-custom-port, the port will change the EtherType of all frames received to indicate that double-tagged frames are being forwarded across the switch. The switch will pass these frames on to the VLAN indicated in the outer tag.
Page 173 | Configuring the Switch HAPTER IEEE 802.1Q VLANs only tagged frames, all untagged frames received on the interface are discarded. (Option: All, Tagged, Untagged; Default: All) Port VLAN Mode - Determines how to process VLAN tags for ingress • and egress traffic. (Options: None, Specific; Default: Specific) None - The ID for the VLAN to which this frame has been assigned •...
Page 174: Configuring Private Vlans
| Configuring the Switch HAPTER Configuring Private VLANs Figure 67: VLAN Port Configuration VLAN ONFIGURING RIVATE Use the Private VLAN Membership Configuration page to assign port members to private VLANs. Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on ports assigned to a private VLAN can only be forwarded to, and from, uplink ports (that is, ports configured as members of both a standard IEEE 802.1Q VLAN and the private VLAN).
Page 175: Using Port Isolation
| Configuring the Switch HAPTER Using Port Isolation page 170). Then connect the uplink ports to the local servers or other service providers to which the members of PVLAN 1 require access. Port Members - Port identifier. • NTERFACE To configure VLAN port members for private VLANs: Click Configuration, Private VLANs, PVLAN Membership.
Page 176: Configuring Mac-Based Vlans
| Configuring the Switch HAPTER Configuring MAC-based VLANs Click Save. Figure 69: Port Isolation Configuration MAC- VLAN ONFIGURING BASED Use the MAC-based VLAN Membership Configuration page to configure VLAN based on MAC addresses. The MAC-based VLAN feature assigns VLAN IDs to ingress untagged frames according to the source MAC addresses. When MAC-based VLAN classification is enabled, untagged frames received by a port are assigned to the VLAN which is mapped to the frame’s source MAC address.
Page 177: Protocol Vlans
| Configuring the Switch HAPTER Protocol VLANs Enter an identifier in the VLAN field. Note that the specified VLAN need not already be configured. Specify the ports assigned to this VLAN. Click Save. Figure 70: Configuring MAC-Based VLANs VLAN ROTOCOL The network devices required to support multiple protocols cannot be easily grouped into a common VLAN.
Page 178: Configuring Protocol Vlan Groups
| Configuring the Switch HAPTER Protocol VLANs Use the Protocol to Group Mapping Table to create protocol groups. ONFIGURING VLAN ROTOCOL ROUPS Advanced Configuration, VCL, Protocol-based VLANs, Protocol to Group ARAMETERS These parameters are displayed: Frame Type – Choose Ethernet, LLC (Logical Link Control), or SNAP •...
Page 179: Mapping Protocol Groups To Ports
| Configuring the Switch HAPTER Protocol VLANs NTERFACE To configure a protocol group: Click Configuration, VCL, Protocol-based VLANs, Protocol to Group. Click add new entry. Fill in the frame type, value, and group name. Click Save. Figure 71: Configuring Protocol VLANs Use the Group Name to VLAN Mapping Table to map a protocol group to a APPING ROTOCOL...
Page 180: Configuring Ip Subnet-Based Vlans
| Configuring the Switch HAPTER Configuring IP Subnet-based VLANs VLAN ID – VLAN to which matching protocol traffic is forwarded. • (Range: 1-4095) Port Members – Ports assigned to this protocol VLAN. • NTERFACE To map a protocol group to a VLAN for a port or trunk: Click Configuration, VCL, Protocol-based VLANs, Group to VLAN.
Page 181: Figure 73: Assigning Ports To An Ip Subnet-Based Vlan
| Configuring the Switch HAPTER Configuring IP Subnet-based VLANs OMMAND SAGE Each IP subnet can be mapped to only one VLAN ID. An IP subnet • consists of an IP address and a mask. The specified VLAN need not be an existing VLAN.
Page 182: Managing Voip Traffic
| Configuring the Switch HAPTER Managing VoIP Traffic IP T ANAGING RAFFIC When telephony deployed enterprise network, recommended to isolate the Voice over IP (VoIP) network traffic from other data traffic. Traffic isolation can provide higher voice quality by preventing excessive packet delays, packet loss, and jitter.
Page 183 | Configuring the Switch HAPTER Managing VoIP Traffic Registration" on page 137), or the native VLAN assigned to any port (see "Configuring VLAN Attributes for Port Members" on page 171). Aging Time – The time after which a port is removed from the Voice •...
Page 184: Configuring Telephony Oui
| Configuring the Switch HAPTER Managing VoIP Traffic Both – Both OUI table lookup and LLDP are used to detect VoIP • traffic on a port. This option only works when the detection mode is set to “Auto.” LLDP should also be enabled before setting the discovery protocol to “LLDP” or “Both.”...
Page 185: Quality Of Service
| Configuring the Switch HAPTER Quality of Service Advanced Configuration, Voice VLAN, OUI ARAMETERS These parameters are displayed: Telephony OUI – Specifies a globally unique identifier assigned to a • vendor by IEEE to identify VoIP equipment. The OUI must be 6 characters long and the input format “xx-xx-xx”...
Page 186: Configuring Port Classification
| Configuring the Switch HAPTER Quality of Service individual device handles traffic is called per-hop behavior. All devices along a path should be configured in a consistent manner to construct a consistent end-to-end Quality of Service (QoS) solution. This section describes how to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion.
Page 187: Figure 76: Configuring Ingress Port Qos Classification
| Configuring the Switch HAPTER Quality of Service Enabled – Uses the mapped versions of PCP and DEI for tagged • frames. Click on the mode in order to configure the mode and/or mapping. DSCP Based – Click to Enable DSCP Based QoS Ingress Port •...
Page 188: Configuring Port Policiers
| Configuring the Switch HAPTER Quality of Service To configure tag classification for tagged frames: Click Advanced Configuration, QoS, Port Classification. Click on the value displayed in the Tag Class field. Set the tag classification mode to Disabled to use the default QoS class and DP level for tagged frames, or to Enabled to use the mapped versions of PCP and DEI for tagged frames.
Page 189: Configuring Egress Port Scheduler
| Configuring the Switch HAPTER Quality of Service Advanced Configuration, QoS, Port Policing ARAMETERS These parameters are displayed: Port – Port identifier. • Enabled – Enables or disables port policing on a port. • Rate – Controls the maximum rate for frames entering the ingress •...
Page 190 | Configuring the Switch HAPTER Quality of Service Displaying QoS Egress Port Schedulers Port – Port identifier. • Mode – Shows the scheduling mode for this port. • Weight – Shows the weight of each egress queue used by the port. •...
Page 191: Figure 79: Displaying Egress Port Schedulers
| Configuring the Switch HAPTER Quality of Service Rate – Controls the rate for the port shaper. The default value is • 500. This value is restricted to 100-1000000 kbps, or 1-3300 Mbps Unit – Controls the unit of measure for the port shaper rate as •...
Page 192: Configuring Egress Port Shaper
| Configuring the Switch HAPTER Quality of Service Figure 80: Configuring Egress Port Schedulers and Shapers Use the QoS Egress Port Shapers page to show an overview of the QoS ONFIGURING GRESS Egress Port Shapers, including the rate for each queue and port. Click on HAPER any of the entries in the Port field to configure egress queue mode, queue shaper (rate and access to excess bandwidth), and port shaper...
Page 193: Configuring Port Remarking Mode
| Configuring the Switch HAPTER Quality of Service Configuring QoS Egress Port Scheduler, Queue Scheduler and Port Shapers This configuration page can be access from the Port Scheduler or Port Shaper page. Refer to the description of these parameters under "Configuring Egress Port Scheduler".
Page 194 | Configuring the Switch HAPTER Quality of Service Configuring Port Remarking Mode Tag Remarking Mode – Configures the tag remarking mode used by • this port: Classified – Uses classified PCP/DEI values. • Default – Uses default PCP/DEI values. • (Range: PCP –...
Page 195: Figure 83: Configuring Port Tag Remarking Mode
| Configuring the Switch HAPTER Quality of Service Figure 83: Configuring Port Tag Remarking Mode – 195 –...
Page 196: Configuring Port Dscp Translation And Rewriting
| Configuring the Switch HAPTER Quality of Service Use the QoS Port DSCP Configuration page to configure ingress translation ONFIGURING and classification settings and egress re-writing of DSCP values. DSCP RANSLATION EWRITING Advanced Configuration, QoS, Port DSCP ARAMETERS These parameters are displayed: Port –...
Page 197: Configuring Dscp-Based Qos Ingress Classification
| Configuring the Switch HAPTER Quality of Service Figure 84: Configuring Port DSCP Translation and Rewriting DSCP- Use the DSCP-Based QoS Ingress Classification page to configure DSCP- ONFIGURING based QoS ingress classification settings. BASED NGRESS LASSIFICATION Advanced Configuration, QoS, DSCP-Based QoS ARAMETERS These parameters are displayed: DSCP –...
Page 198: Configuring Dscp Translation
| Configuring the Switch HAPTER Quality of Service Figure 85: Configuring DSCP-based QoS Ingress Classification . . . DSCP Use the DSCP Translation page to configure DSCP translation for ingress ONFIGURING traffic or DSCP re-mapping for egress traffic. RANSLATION Advanced Configuration, QoS, DSCP Translation ARAMETERS These parameters are displayed: DSCP –...
Page 199: Configuring Dscp Classification
| Configuring the Switch HAPTER Quality of Service Click Save. Figure 86: Configuring DSCP Translation and Re-mapping . . . DSCP Use the DSCP Classification page to map DSCP values to a QoS class and ONFIGURING drop precedence level. LASSIFICATION Advanced Configuration, QoS, DSCP Classification ARAMETERS These parameters are displayed:...
Page 200: Configuring Qos Control Lists
| Configuring the Switch HAPTER Quality of Service Figure 87: Mapping DSCP to CoS/DPL Values Use the QoS Control List Configuration page to configure Quality of Service ONFIGURING policies for handling ingress packets based on Ethernet type, VLAN ID, ONTROL ISTS TCP/UDP port, DSCP, ToS, or VLAN priority tag.
Page 201: Table 12: Qce Modification Buttons
| Configuring the Switch HAPTER Quality of Service VID – VLAN identifier. (Range: 1-4095) • PCP – Priority Code Point (User Priority). (Specific value: 0, 1, 2, 3, 4, • 5, 6, 7; Range 0-1, 2-3, 4-5, 6-7, 0-3, 4-7; or Any) DEI –...
Page 202 | Configuring the Switch HAPTER Quality of Service Frame Type – The supported types are listed below: • Any – Allow all types of frames. • Ethernet – This option can only be used to filter Ethernet II • formatted packets.
Page 203 | Configuring the Switch HAPTER Quality of Service IP Fragment – Indicates whether or not fragmented packets • are accepted. (Options: Any, Yes, No; Default: Any) Datagrams may be fragmented to ensure they can pass through a network device which uses a maximum transfer unit smaller than the original packet’s size.
Page 204: Configuring Storm Control
| Configuring the Switch HAPTER Quality of Service Figure 88: QoS Control List Configuration Use the Storm Control Configuration page to set limits on broadcast, ONFIGURING TORM multicast and unknown unicast traffic to control traffic storms which may ONTROL occur when a network device is malfunctioning, the network is not properly configured, or application programs are not well designed or properly configured.
Page 205: Configuring Local Port Mirroring
| Configuring the Switch HAPTER Configuring Local Port Mirroring Enable - Enables or disables storm control. (Default: Disabled) • Rate (pps) - The threshold above which packets are dropped. This limit • can be set by specifying a value of 2 packets per second (pps), or by selecting one of the options in Kpps (i.e., marked with the suffix “K”).
Page 206 | Configuring the Switch HAPTER Configuring Local Port Mirroring OMMAND SAGE General port mirroring configured on the Mirroring & RSPAN Configuration page and ACL-based port mirroring are implemented independently. When port mirroring is enabled on the Mirroring & RSPAN Configuration page, mirroring will occur regardless of any configuration settings made on the ACL Ports Configuration page (see "Filtering Traffic with Access Control...
Page 207: Configuring Remote Port Mirroring
| Configuring the Switch HAPTER Configuring Remote Port Mirroring Figure 90: Mirror Configuration ONFIGURING EMOTE IRRORING Use the Mirroring & RSPAN Configuration page to mirror traffic from remote switches for analysis at a destination port on the local switch. This feature, also called Remote Switched Port Analyzer (RSPAN), carries traffic generated on the specified source ports over a user-specified VLAN dedicated to that RSPAN session in all participating switches.
Page 208 | Configuring the Switch HAPTER Configuring Remote Port Mirroring OMMAND SAGE Configuration Guidelines • Take the following step to configure an RSPAN session: Set up the source switch on the Mirroring & RSPAN configuration page by specifying the switch’s Type (Source), the RSPAN VLAN ID, the Reflector port through which mirrored traffic is passed on to the RSPAN VLAN, the traffic type to monitor (Rx, Tx or Both) on the source port(s), and the intermediate (or uplink) ports.
Page 209 | Configuring the Switch HAPTER Configuring Remote Port Mirroring Source - Specifies this device as the source of remotely mirrored • traffic. Source port(s), reflector port, and intermediate port(s) are located on this switch. Intermediate - Specifies this device as an intermediate switch, •...
Page 210: Figure 92: Mirror Configuration (Source)
| Configuring the Switch HAPTER Configuring Remote Port Mirroring Click Save. Figure 92: Mirror Configuration (Source) To configure remote port mirroring for an RSPAN intermediate switch: Click Basic/Advanced Configuration, Mirroring & RSPAN. Set the Mode to Enabled, and the Type to Intermediate. Select the intermediate ports through which all mirrored traffic will be forwarded to other switches.
Page 211: Configuring Upnp
| Configuring the Switch HAPTER Configuring UPnP Select the intermediate ports to add to the RSPAN VLAN, which will then pass traffic on to the destination ports. Select the destination ports which are to monitor the traffic mirrored from the source switch, through any intermediate switches, and finally through the intermediate ports on the destination switch.
Page 212: Figure 95: Upnp Configuration
| Configuring the Switch HAPTER Configuring UPnP actions the service responds to and a list of variables that model the state of the service at run time. If a device has a URL for presentation, then the control point can retrieve a page from this URL, load the page into a web browser, and depending on the capabilities of the page, allow a user to control the device and/or view device status.
Page 213: Configuring Sflow
| Configuring the Switch HAPTER Configuring sFlow ONFIGURING S Use the sFlow Configuration page to configure periodic sampling of traffic flows. The flow sampling (sFlow) feature embedded on this switch, together with a remote sFlow Collector, can provide network administrators with an accurate, detailed and real-time overview of the types and levels of traffic present on their network.
Page 214 | Configuring the Switch HAPTER Configuring sFlow If sFlow is currently configured through SNMP, Owner contains a • string identifying the sFlow receiver. If sFlow is configured through SNMP, all controls, except for the Release-button, are disabled to avoid inadvertent reconfiguration. The Release button can be used to release the current owner and disable sFlow sampling.
Page 215: Figure 96: Sflow Configuration
| Configuring the Switch HAPTER Configuring sFlow Interval – The interval at which the counters are updated. • (Range: 0-3600 seconds, where disables this feature; Default: Disabled) NTERFACE To configure flow sampling: Click Advanced Configuration, sFlow. Set the parameters for flow receiver, flow sampler, and counter poller. Click Save.
Page 216: Monitoring The Switch
ONITORING THE WITCH This chapter describes how to monitor all of the basic functions, configure or view system logs, and how to view traffic status or the address table. ISPLAYING ASIC NFORMATION BOUT THE YSTEM You can use the Monitor/System menu to display a basic description of the switch, log messages, or statistics on traffic used in managing the switch.
Page 217: Displaying Cpu Utilization
| Monitoring the Switch HAPTER Displaying Basic Information About the System • Software Date – Release date of the switch software. • Code Revision – Version control identifier of the switch software. NTERFACE To view System Information, click Monitor, System, Information. Figure 97: System Information Use the CPU Load page to display information on CPU utilization.
Page 218: Displaying Log Messages
| Monitoring the Switch HAPTER Displaying Basic Information About the System NTERFACE To display CPU utilization: Click System, then CPU Load. Figure 98: CPU Load Use the System Log Information page to scroll through the logged system and event ISPLAYING messages.
Page 219: Figure 99: System Log Information
| Monitoring the Switch HAPTER Displaying Basic Information About the System Table Headings • ID – Error ID. • Level – Error level as described above. Time – The time of the system log entry. • • Message – The message text of the system log entry. NTERFACE To display the system log: Click Monitor, System, Log.
Page 220: Displaying Log Details
| Monitoring the Switch HAPTER Displaying Information About Ports ISPLAYING Use the Detailed Log page to view the full text of specific log messages. ETAILS Monitor, System, Detailed Log NTERFACE To display the text of a specific log message, click Monitor, System, Detailed Log. Enter a log identifier in the ID field, and click Refresh.
Page 221: Displaying An Overview Of Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports ISPLAYING AN Use the Port Statistics Overview page to display a summary of basic information on the traffic crossing each port. VERVIEW OF TATISTICS Monitor, Ports, Traffic Overview ARAMETERS These parameters are displayed: •...
Page 222: Displaying Qcl Status
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the queue counters, click Monitor, Ports, QoS Statistics. Figure 103: Queueing Counters Use the QoS Control List Status page to show the QCE entries configured for different ISPLAYING users or software modules, and whether or not there is a conflict.
Page 223: Displaying Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the show the status of QCE entries Click Monitor, Ports, QCL Status. Select the user type to display from the drop-down list at the top of the page. If any of the entries display a conflict, click Resolve Conflict to release the resource required by a QCE.
Page 224 | Monitoring the Switch HAPTER Displaying Information About Ports • Receive/Transmit Queue Counters – The number of received and transmitted packets per input and output queue. Receive Error Counters • Rx Drops – The number of inbound packets which were discarded even •...
Page 225: Figure 105: Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the detailed port statistics, click Monitor, Ports, Detailed Statistics. Figure 105: Detailed Port Statistics – 225 –...
Page 226: Displaying Information About Security Settings
| Monitoring the Switch HAPTER Displaying Information About Security Settings ISPLAYING NFORMATION BOUT ECURITY ETTINGS You can use the Monitor/Security menu to display statistics on management traffic, security controls for client access to the data ports, and the status of remote authentication access servers.
Page 227: Displaying Information About Switch Settings For Port Security
| Monitoring the Switch HAPTER Displaying Information About Security Settings ISPLAYING Use the Port Security Switch Status page to show information about MAC address learning for each port, including the software module requesting port security services, NFORMATION BOUT the service state, the current number of learned addresses, and the maximum number WITCH ETTINGS FOR of secure addresses allowed.
Page 228: Displaying Information About Learned Mac Addresses
| Monitoring the Switch HAPTER Displaying Information About Security Settings MAC addresses can be learned on the port until it is administratively re- opened on the Limit Control configuration Web-page. MAC Count – The two columns indicate the number of currently learned MAC •...
Page 229: Displaying Port Status For Authentication Services
| Monitoring the Switch HAPTER Displaying Information About Security Settings • Time of Addition – Shows the date and time when this MAC address was first seen on the port. Age/Hold – If at least one user module has decided to block this MAC address, it •...
Page 230: Displaying Port Statistics For 802.1X Or Remote Authentication Service
| Monitoring the Switch HAPTER Displaying Information About Security Settings • QoS Class – The QoS class that NAS has assigned to this port. This field is blank if the has not been assigned by NAS. Refer to “RADIUS-Assigned QoS Enabled” page 81).
Page 231 | Monitoring the Switch HAPTER Displaying Information About Security Settings • Port VLAN ID – The VLAN in which NAS has placed this port. This field is blank if the Port VLAN ID is not overridden by NAS. If the VLAN ID is assigned by the RADIUS server, “(RADIUS-assigned)” is appended to the VLAN ID.
Page 232 | Monitoring the Switch HAPTER Displaying Information About Security Settings supplicant. Indicates that the backend server has communication with the switch. MAC-based: Counts all Access Challenges received from the backend server • for this port (left-most table) or client (right-most table). •...
Page 233 | Monitoring the Switch HAPTER Displaying Information About Security Settings MAC-based: Not applicable. • Selected Counters This table is visible when the port is one of the following administrative states: Multi 802.1X or MAC-based Auth. The table is identical to and is placed next to the Port Counters table, and will be empty if no MAC address is currently selected.
Page 234: Displaying Acl Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings Figure 110: NAS Statistics for Specified Port ISPLAYING Use the ACL Status page to show the status for different security modules which use ACL filtering, including ingress port, frame type, and forwarding action. Each row TATUS page 93).
Page 235: Figure 111: Acl Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings IPv4/ICMP: ACE will match IPv4 frames with ICMP protocol. • IPv4/UDP: ACE will match IPv4 frames with UDP protocol. • IPv4/TCP: ACE will match IPv4 frames with TCP protocol. • IPv4/Other: ACE will match IPv4 frames, which are not ICMP/UDP or TCP.
Page 236: Displaying Statistics For Dhcp Snooping
| Monitoring the Switch HAPTER Displaying Information About Security Settings ISPLAYING Use the DHCP Snooping Port Statistics page to show statistics for various types of DHCP protocol packets. TATISTICS FOR DHCP S NOOPING Monitor, Security, Network, DHCP, Snooping Statistics ARAMETERS These parameters are displayed: •...
Page 237: Displaying Dhcp Relay Statistics
| Monitoring the Switch HAPTER Displaying Information About Security Settings Figure 112: DHCP Snooping Statistics DHCP Use the DHCP Relay Statistics page to display statistics for the DHCP relay service ISPLAYING supported by this switch and DHCP relay clients. ELAY TATISTICS Monitor, Security, Network, DHCP, Relay Statistics ARAMETERS...
Page 238: Displaying Mac Address Bindings For Arp Packets
| Monitoring the Switch HAPTER Displaying Information About Security Settings Client Statistics • Transmit to Client – The number of packets that were relayed from the server to a client. • Transmit Error – The number of packets containing errors that were sent to servers.
Page 239: Displaying Entries In The Ip Source Guard Table
| Monitoring the Switch HAPTER Displaying Information About Security Settings NTERFACE To display the Dynamic ARP Inspection Table, click Monitor, Security, Network, ARP Inspection. Figure 114: Dynamic ARP Inspection Table ISPLAYING NTRIES Open the Dynamic IP Source Guard Table to display entries sorted first by port, then IP S VLAN ID, MAC address, and finally IP address.
Page 240: Displaying Information On Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers ISPLAYING NFORMATION ON UTHENTICATION ERVERS Use the Monitor/Authentication pages to display information on RADIUS authentication and accounting servers, including the IP address and statistics for each server. ISPLAYING A IST OF Use the RADIUS Overview page to display a list of configured authentication and accounting servers.
Page 241: Displaying Statistics For Configured Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers ISPLAYING Use the RADIUS Details page to display statistics for configured authentication and accounting servers. The statistics map closely to those specified in RFC4668 - TATISTICS FOR RADIUS Authentication Client MIB. ONFIGURED UTHENTICATION ERVERS...
Page 242 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Timeouts – The number of authentication timeouts to the server. After a • timeout, the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout.
Page 243 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers • Transmit Packets Requests – The number of RADIUS packets sent to the server. This does not • include retransmissions. Retransmissions – The number of RADIUS packets retransmitted to the •...
Page 244: Figure 117: Radius Details
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers NTERFACE To display statistics for configured authentication and accounting servers, click Monitor, Security, AAA, RADIUS Details. Figure 117: RADIUS Details – 244 –...
Page 245: Displaying Information On Rmon
| Monitoring the Switch HAPTER Displaying Information on RMON RMON ISPLAYING NFORMATION ON Use the monitor pages for RMON to display information on RMON statistics, alarms and event responses. RMON Use the RMON Statistics Status Overview page to view a broad range of interface ISPLAYING statistics, including a total count of different frame types and sizes passing through TATISTICS...
Page 246: Displaying Rmon Historical Samples
| Monitoring the Switch HAPTER Displaying Information on RMON • 64 Bytes – The total number of packets (including bad packets) received that were 64 octets in length. x ~ y – The total number of packets (including bad packets) received that were •...
Page 247: Displaying Rmon Alarm Settings
| Monitoring the Switch HAPTER Displaying Information on RMON NTERFACE To display RMON historical samples, click Monitor, Security, Switch, RMON, History. Figure 119: RMON History Overview RMON ISPLAYING Use the RMON Alarm Overview page to display configured alarm settings. LARM ETTINGS Monitor, Security, Switch, RMON, Alarm ARAMETERS...
Page 248: Displaying Rmon Event Settings
| Monitoring the Switch HAPTER Displaying Information on RMON NTERFACE To display RMON alarm settings, click Monitor, Security, Switch, RMON, Alarm. Figure 120: RMON Alarm Overview RMON ISPLAYING Use the RMON Alarm Event page to display configured event settings. VENT ETTINGS Monitor, Security, Switch, RMON, Event ARAMETERS...
Page 249: Displaying Information On Lacp
| Monitoring the Switch HAPTER Displaying Information on LACP LACP ISPLAYING NFORMATION ON Use the monitor pages for LACP to display information on LACP configuration settings, the functional status of participating ports, and statistics on LACP control packets. ISPLAYING AN Use the LACP System Status page to display an overview of LACP groups.
Page 250: Displaying Lacp Port Statistics
| Monitoring the Switch HAPTER Displaying Information on LACP • LACP – Shows LACP status: Yes – LACP is enabled and the port link is up. • No – LACP is not enabled or the port link is down. • Backup –...
Page 251: Displaying Information On Loop Protection
| Monitoring the Switch HAPTER Displaying Information on Loop Protection NTERFACE To display LACP statistics for local ports this switch, click Monitor, LACP, Port Statistics. Figure 124: LACP Port Statistics ISPLAYING NFORMATION ON ROTECTION Use the Loop Protection Status page to display information on loopback conditions. Monitor, Loop Protection ARAMETERS These parameters are displayed:...
Page 252: Displaying Information On The Spanning Tree
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree NTERFACE To display loop protection status, click Monitor, Loop Protection. Figure 125: Loop Protection Status ISPLAYING NFORMATION ON THE PANNING Use the monitor pages for Spanning Tree to display information on spanning tree bridge status, the functional status of participating ports, and statistics on spanning tree protocol packets.
Page 253 | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree • Topology Change Last – Time since the Spanning Tree was last reconfigured. STP Detailed Bridge Status – Click on a bridge instance under the MSTI field to display detailed information on the selected entry. The following additional information is displayed.
Page 254: Figure 126: Spanning Tree Bridge Status
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree • Point-to-Point – Indicates a connection to exactly one other bridge. The flag may be automatically computed or explicitly configured. The point-to-point properties of a port affect how fast it can transition RSTP states. •...
Page 255: Displaying Port Status For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ISPLAYING Use the Port Status page to display the STA functional status of participating ports. TATUS FOR Monitor, Spanning Tree, Port Status ARAMETERS These parameters are displayed: • Port – Port Identifier. •...
Page 256: Displaying Mvr Information
| Monitoring the Switch HAPTER Displaying MVR Information • MSTP – The number of MSTP Configuration BPDU's received/transmitted on a port. RSTP – The number of RSTP Configuration BPDU's received/transmitted on a • port. STP – The number of legacy STP Configuration BPDU's received/transmitted on •...
Page 257: Displaying Mvr Group Information
| Monitoring the Switch HAPTER Displaying MVR Information • IGMP/MLD Queries Received – Number of received queries for IGMP and MLD, respectively. IGMP/MLD Queries Transmitted – Number of transmitted queries for IGMP and • MLD, respectively. IGMPv1 Joins Received – Number of received IGMPv1 Joins. •...
Page 258: Displaying Mvr Sfm Information
| Monitoring the Switch HAPTER Displaying MVR Information Multicast Groups • VLAN ID – Identifier of the VLAN that serves as the channel for streaming multicast services using MVR. • Groups – The present multicast groups. A maximum of 128 groups are allowed in the multicast VLAN.
Page 259: Showing Igmp Snooping Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information NTERFACE To display MVR Source-Filtered Multicast Information, click Monitor, MVR, MVR SFM Information. Figure 132: MVR SFM Information IGMP S HOWING NOOPING NFORMATION Use the IGMP Snooping pages to display IGMP snooping statistics, port members of each service group, and information on source-specific groups.
Page 260: Showing Igmp Snooping Group Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information • V2 Leaves Received – The number of received IGMP Version 2 leave reports. Router Port • Port – Port Identifier. • Status – Ports connected to multicast routers may be dynamically discovered by this switch or statically assigned to an interface on this switch.
Page 261: Showing Ipv4 Sfm Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information NTERFACE To display the port members of each service group, click Monitor, IGMP Snooping, Group Information. Figure 134: IGMP Snooping Group Information 4 SFM HOWING Use the IGMP SFM Information page to display IGMP Source-Filtered Multicast information including group, filtering mode (include or exclude), source address, and NFORMATION type (allow or deny).
Page 262: Showing Mld Snooping Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information NTERFACE To display IGMP Source-Filtered Multicast information, click Monitor, IGMP Snooping, IGMP SFM Information. Figure 135: IPv4 SFM Information MLD S HOWING NOOPING NFORMATION Use the MLD Snooping pages to display MLD snooping statistics, port members of each service group, and information on source-specific groups.
Page 263: Showing Mld Snooping Group Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information • V1 Leaves Received – The number of received MLD Version 1 leave reports. Router Port • Port – Port Identifier. • Status – Ports connected to multicast routers may be dynamically discovered by this switch or statically assigned to an interface on this switch.
Page 264: Showing Ipv6 Sfm Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information NTERFACE To display the port members of each service group, click Monitor, MLD Snooping, Group Information. Figure 137: MLD Snooping Group Information 6 SFM Use the MLD SFM Information page to display MLD Source-Filtered Multicast HOWING information including group, filtering mode (include or exclude), source address, and NFORMATION...
Page 265: Displaying Lldp Information
| Monitoring the Switch HAPTER Displaying LLDP Information NTERFACE To display MLD Source-Filtered Multicast information, click Monitor, MLD Snooping, IPv6 SFM Information. Figure 138: IPv6 SFM Information LLDP I ISPLAYING NFORMATION Use the monitor pages for LLDP to display information advertised by LLDP neighbors and statistics on LLDP control frames.
Page 266: Displaying Lldp-Med Neighbor Information
| Monitoring the Switch HAPTER Displaying LLDP Information Table 13: System Capabilities (Continued) ID Basis Reference Bridge IETF RFC 2674 WLAN Access Point IEEE 802.11 MIB Router IETF RFC 1812 Telephone IETF RFC 2011 DOCSIS cable IETF RFC 2669 and IETF RFC 2670 device Station only IETF RFC 2011...
Page 267 | Monitoring the Switch HAPTER Displaying LLDP Information IEEE 802.3 Repeater (included for historical reasons) • IEEE 802.11 Wireless Access Point • Any device that supports the IEEE 802.1AB and MED extensions defined • by TIA-1057 and can relay IEEE 802 frames via any method. LLDP-MED Endpoint Device –...
Page 268: Displaying Lldp Neighbor Poe Information
| Monitoring the Switch HAPTER Displaying LLDP Information • Capabilities – The neighbor unit's LLDP-MED capabilities: LLDP-MED capabilities • Network Policy • Location Identification • Extended Power via MDI - PSE • Extended Power vis MDI - PD • Inventory •...
Page 269: Displaying Lldp Neighbor Eee Information
| Monitoring the Switch HAPTER Displaying LLDP Information ARAMETERS These parameters are displayed: • Local Port – The port on this switch which received the LLDP frame. Power Type – Shows whether the device is a Power Sourcing Entity (PSE) or •...
Page 270: Figure 142: Lldp Neighbor Eee Information
| Monitoring the Switch HAPTER Displaying LLDP Information • Rx Tw – The link partner's time the receiver would like the transmitter to hold off to allow time for it to wake from sleep. Fallback Receive Tw – The link partner's fallback receive Tw. •...
Page 271: Displaying Lldp Port Statistics
| Monitoring the Switch HAPTER Displaying LLDP Information LLDP ISPLAYING Use the LLDP Port Statistics page to display statistics on LLDP global counters and control frames. TATISTICS Monitor, LLDP, Port Statistics ARAMETERS These parameters are displayed: Global Counters Neighbor entries were last changed at – The time the LLDP neighbor entry list •...
Page 272: Displaying Poe Status
| Monitoring the Switch HAPTER Displaying PoE Status NTERFACE To display statistics on LLDP global counters and control frames, click Monitor, LLDP, Port Statistics. Figure 143: LLDP Port Statistics ISPLAYING TATUS Use the Power Over Ethernet Status to display the status for all PoE ports, including the PD class, requested power, allocated power, power and current used, and PoE priority.
Page 273: Displaying The Mac Address Table
| Monitoring the Switch HAPTER Displaying the MAC Address Table • Port Status – PoE service status for the attached device. NTERFACE To display the status for all PoE ports, click Monitor, PoE. Figure 144: Power over Ethernet Status MAC A ISPLAYING THE DDRESS ABLE...
Page 274: Displaying Information About Vlans
| Monitoring the Switch HAPTER Displaying Information About VLANs NTERFACE To display the address table, click Monitor, MAC Address Table. Figure 145: MAC Address Table VLAN ISPLAYING NFORMATION BOUT Use the monitor pages for VLANs to display information about the port members of VLANs, and the VLAN attributes assigned to each port.
Page 275: Vlan Port Status
| Monitoring the Switch HAPTER Displaying Information About VLANs • VLAN ID – A VLAN which has created by one of the software modules. • Port Members – The ports assigned to this VLAN. NTERFACE To display VLAN members, click Monitor, VLANs, VLAN Membership. Select a software module from the drop-down list on the right side of the page.
Page 276: Displaying Information About Mac-Based Vlans
| Monitoring the Switch HAPTER Displaying Information About MAC-based VLANs • Frame Type – Shows whether the port accepts all frames or only tagged frames. If the port only accepts tagged frames, untagged frames received on that port are discarded. •...
Page 277: Displaying Information About Flow Sampling
| Monitoring the Switch HAPTER Displaying Information About Flow Sampling NAS: Provides port-based authentication, which involves communications • between a Supplicant, Authenticator, and an Authentication Server. Combined: Includes all entries. • MAC Address – A source MAC address which is mapped to a specific VLAN. •...
Page 278: Figure 149: Showing Sflow Statistics
| Monitoring the Switch HAPTER Displaying Information About Flow Sampling • Timeout – The number of seconds remaining before sampling stops and the current sFlow owner is released. Tx Successes – The number of UDP datagrams successfully sent to the sFlow •...
Page 279: Performing Basic Diagnostics
ERFORMING ASIC IAGNOSTICS This chapter describes how to test network connectivity using Ping for IPv4 or IPv6, and how to test network cables. INGING AN DDRESS The Ping page is used to send ICMP echo request packets to another node on the network to determine if it can be reached.
Page 280 | Performing Basic Diagnostics HAPTER Pinging an IPv4 or IPv6 Address After you press Start, the sequence number and round-trip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. Figure 150: ICMP Ping –...
Page 281: Running Cable Diagnostics
| Performing Basic Diagnostics HAPTER Running Cable Diagnostics UNNING ABLE IAGNOSTICS The VeriPHY page is used to perform cable diagnostics for all ports or selected ports to diagnose any cable faults (short, open, etc.) and report the cable length. Diagnostics, VeriPHY ARAMETERS These parameters are displayed on the VeriPHY Cable Diagnostics page: Port –...
Page 282: Performing System Maintenance
ERFORMING YSTEM AINTENANCE This chapter describes how to perform basic maintenance tasks including upgrading software, restoring or saving configuration settings, and resetting the switch. ESTARTING THE WITCH Use the Restart Device page to restart the switch. Maintenance, Restart Device NTERFACE To restart the switch Click Maintenance, Restart Device.
Page 283: Restoring Factory Defaults
PGRADING IRMWARE Use the Software Upload page to upgrade the switch’s system firmware by specifying a file provided by DIGISOL. You can download firmware files for your switch from the Support section of the DIGISOL web site. Maintenance, Software Upload...
Page 284: Activating The Alternate Image
| Performing System Maintenance HAPTER Activating the Alternate Image While the firmware is being updated, Web access appears to be AUTION defunct. The front LED flashes Green/Off at a frequency of 10 Hz while the firmware update is in progress. Do not reset or power off the device at this time or the switch may fail to function afterwards.
Page 285: Managing Configuration Files
| Performing System Maintenance HAPTER Managing Configuration Files ANAGING ONFIGURATION ILES Use the Maintenance Configuration pages to save the current configuration to a file on your computer, or to restore previously saved configuration settings to the switch. Use the Configuration Save page to save the current configuration settings AVING to a file on your local management station.
Page 286: Figure 157: Configuration Upload
| Performing System Maintenance HAPTER Managing Configuration Files NTERFACE To restore your current configuration settings: Click Maintenance, Configuration, Upload. Click the Browse button, and select the configuration file. Click the Upload button to restore the switch’s settings. Figure 157: Configuration Upload –...
Page 287: Ection
ECTION PPENDICES This section provides additional information and includes these items: "Software Specifications" on page 288 "Troubleshooting" on page 292 – 287 –...
Page 288: A Software Specifications
OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, TACACS+, AAA, Port Authentication (802.1X), HTTPS, SSH, ANAGEMENT Port Security, IP Filter, DHCP Snooping UTHENTICATION Access Control Lists (128 rules per system), Port Authentication (802.1X), LIENT CCESS MAC Authentication, Port Security, DHCP Snooping, IP Source Guard, ARP ONTROL Inspection 100BASE-TX: 10/100 Mbps, half/full duplex...
Page 289: Management Features
| Software Specifications PPENDIX Management Features VLAN S Up to 128 groups; port-based, protocol-based, tagged (802.1Q), UPPORT private VLANs, voice VLANs, MAC-based VLANs, and IP subnet-based VLANs Supports four levels of priority LASS OF ERVICE Strict, Weighted Round Robin Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS bit, VLAN tag priority, or port Layer 3/4 priority mapping: IP DSCP remarking DiffServ supports DSCP remarking, ingress traffic policing, and egress...
Page 290: Standards
| Software Specifications PPENDIX Standards TANDARDS ANSI/TIA-1057 LLDP for Media Endpoint Discovery - LLDP-MED IEEE 802.1AB Link Layer Discovery Protocol IEEE-802.1ad Provider Bridge IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802.1p Priority tags IEEE 802.1Q-2005 VLAN IEEE 802.1v Protocol-based VLANs...
Page 291 | Software Specifications PPENDIX Management Information Bases Entity MIB version 3 (RFC 4133) Ether-like MIB (RFC 3635) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB using SMI v2 (RFC 2863) Interfaces Evolution MIB (RFC 2863) IP MIB (RFC 2011) IP Multicasting related MIBs...
Page 292: B Troubleshooting
ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 14: Troubleshooting Chart Symptom Action Cannot connect using a • Be sure the switch is powered up. web browser, or SNMP • Check network cabling between the management station and software the switch. •...
Page 293: Using System Logs
| Troubleshooting PPENDIX Using System Logs SING YSTEM If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 294: Glossary
LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Page 295 LOSSARY Differentiated Services provides quality of service on large networks by employing a well-defined set of building blocks from which a variety of aggregate forwarding behaviors may be built. Each packet carries information (DS byte) used by each hop to give it a particular forwarding treatment, or per-hop behavior, at each network node.
Page 296 LOSSARY GMRP Generic Multicast Registration Protocol. GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 297 LOSSARY IGMP Q On each subnetwork, one IGMP-capable device will act as the querier — UERY that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
Page 298 LOSSARY MD5 Message-Digest is an algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
Page 299 LOSSARY Defines a network link aggregation and trunking method which specifies RUNK how to create a single high-speed logical link that combines several lower- speed physical links. Private VLANs provide port-based security and isolation between ports VLAN RIVATE within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports.
Page 300 LOSSARY Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Spanning Tree Algorithm is a technology that checks your network for any loops.
Page 301: Index
NDEX classification, QoS 199 rewriting, port 196 acceptable frame type 172 translation, port 196 Access Control List See ACL translation, QoS 198 ACL 93 dynamic addresses, displaying 168 binding to a port 93 address table 167 aging time 168 address, management access 25 edge port, STA 134 ARP inspection 111 EEE, LLDP neighbor information 269...
Page 302 NDEX throttling 145 settings 114 ingress classification, QoS 197 TACACS+ client 56 ingress filtering 172 TACACS+ server 56 ingress port tag classification, QoS 187 loopback detection ingress rate limiting 188 non-STA 121 IP address, setting 40 loopback detection, non-STA 121 IP source guard, configuring static entries 109 IPv4 address DHCP 40...
Page 303 NDEX class 186 control lists 200 NTP, specifying servers 44 drop precedence 186 DSCP classification 199 DSCP rewriting 196 DSCP translation 196 passwords 25 egress port scheduler 189 path cost 133 ingress classification 197 STA 133 ingress port classification 186 ingress port tag classification 187 configuring 164 port classification 186...
Page 304 NDEX downloading 283 See LLDP-MED TLV Spanning Tree Protocol See STA specifications, software 288 SSH 59 configuring 59 unknown unicast storm, threshold 204 server, configuring 59 upgrading software 283 STA 123 UPnP BPDU shutdown 134 advertisements 212 edge port 134 configuration 211 global settings, displaying 125 enabling advertisements 212...
Page 305 PRODUCTS SOLD OUTSIDE INDIA CARRY 1 YEAR WARRANTY ONLY...

Digisol DG-GS1500E series Management Manual

About this Guide

Contents

Figures

Tables

Sectioni

Getting Started

1 Introduction

2 Initial Switch Configuration

Ection

Web Configuration

3 Using the Web Interface

4 Configuring the Switch

5 Monitoring the Switch

6 Performing Basic Diagnostics

7 Performing System Maintenance

Ection

Appendices

A Software Specifications

B Troubleshooting

Glossary

Index

Quick Links

Need help?

Questions and answers

Related Manuals for Digisol DG-GS1500E series

Summary of Contents for Digisol DG-GS1500E series