Vigitron MaxiiNet VI3026 Operational Manual
  1. Manuals
  2. Brands
  3. Vigitron Manuals
  4. Switch
  5. MaxiiNet VI3026
  6. Operational manual

Vigitron MaxiiNet VI3026 Operational Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

TM
MaxiiNet
VI3026
Operational Manual
20 GE PoE-Plus + 4 GE PoE-Plus Combo SFP + 2 GE SFP L2
26 Port Managed Switch
Release 2.44
 2013 Vigitron, Inc. All rights reserved. All brand and product names are trademarks or registered trademarks of
their respective companies.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the MaxiiNet VI3026 and is the answer not in the manual?

Questions and answers

Related Manuals for Vigitron MaxiiNet VI3026

Summary of Contents for Vigitron MaxiiNet VI3026

  • Page 1 20 GE PoE-Plus + 4 GE PoE-Plus Combo SFP + 2 GE SFP L2 26 Port Managed Switch Release 2.44  2013 Vigitron, Inc. All rights reserved. All brand and product names are trademarks or registered trademarks of their respective companies.

  • Page 2: About This Manual

    Copyright © 2013 Vigitron, Inc. All rights reserved. The products and programs Copyright described in this User’s Manual are licensed products of Vigitron Inc. This User’s Manual contains proprietary information protected by copyright, and this User’s Manual and all accompanying hardware, software, and documentation are copyrighted.
  • Page 3 User’s Manual, at any time without notice. FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the CE/FCC remove Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.

  • Page 4: Table Of Contents

    Contents About This Manual ..............................2 Introduction ................................. 10 Overview ................................. 10 Chapter 1: Operation of Web-Based Management....................11 Connecting Network Devices ..........................14 Twisted-Pair Devices ............................... 14 Cabling Guidelines ..............................14 Chapter 2: System Configuration .......................... 16 2-1 System Information ............................16 2-1.1 Information ...............................
  • Page 5 3-1.1 Configuration ............................43 3-1.2 Port Description ............................46 3-1.3 Traffic Overview ............................47 3-1.4 Detailed Statistics ............................48 3-1.5 QoS Statistics ............................. 50 3-1.6 SFP Information ............................51 3-1.7 EEE ................................53 3-2 ACL ..................................55 3-2.1 Ports ................................55 3-2.2 Rate Limiters .............................
  • Page 6 3-6.6 IPv6 SSM Information ..........................109 3-7 MVR ................................110 3-7.1 Configuration ............................110 3-7.2 Port Group Allow ............................. 112 3-7.3 Groups Information ..........................113 3-7.4 Statistics ..............................114 3-8 LLDP ................................115 3-8.1 LLDP Configuration ..........................115 3-8.2 LLDP Neighbours ............................. 118 3-8.3 LLDP-MED Configuration .........................
  • Page 7 3-14.1 Configuration ............................168 3-14.2 Statistics ..............................170 3-15 QoS ................................171 3-15.1 Port Classification ..........................171 3-15.2 Port Policing ............................174 3-15.3 Port Scheduler ............................176 3-15.4 Port Shaping ............................179 3-15.5 Port Tag Remarking ..........................182 3-15.6 Port DSCP .............................. 184 3-15.7 DSCP-Based QoS ...........................
  • Page 8 4-3 DHCP Snooping ............................... 222 4-3.1 Configuration ............................222 4-3.2 Statistics ..............................224 4-4 DHCP Relay ..............................226 4-4.1 Configuration ............................226 4-4.2 Statistics ..............................228 4-5 NAS ................................. 230 4-5.1 Configuration ............................230 4-5.2 Switch Status ............................238 4-5.3 Port Status ............................... 240 4-6 AAA .................................
  • Page 9 5-5 Diagnostics ..............................273 5-5.1 Ping ................................. 273 5-5.2 Ping6 ............................... 274 Glossary of Web-based Management ........................ 275 A .................................... 275 C .................................... 276 D .................................... 276 E .................................... 278 F .................................... 278 H .................................... 279 I ..................................... 279 L..................................... 280 M ...................................

  • Page 10: Introduction

    The Vi3026 series, the next generation web managed switches from Vigitron, is a portfolio of affordable managed switches that provides a reliable infrastructure for your business network.

  • Page 11: Chapter 1: Operation Of Web-Based Management

    Chapter 1: Operation of Web-Based Management This chapter instructs you on how to configure and manage the Vi3026 through the Initial web user interface. With this facility, you can easily access and monitor through Configuration any one port of the switch and all the status of the switch, including MIBs status, each port activity, Spanning tree status, port aggregation status, multicast traffic, VLAN and priority status, even illegal access record and so on.
  • Page 12 NOTE: The Vi3026 function enables DHCP, so if you do not have DHCP server to provide IP addresses to the switch, the switch’s default IP is 192.168.1.1. The server 192.168.20.15 at Vi3026 requires a username and password. Figure 1: The Login Page NOTE: If you need to configure the function or parameter, you can refer to the detail in the User Guide.
  • Page 13 Vi3026 Web Help Function: Vi3026 00-40-D8-55-35-57...

  • Page 14: Connecting Network Devices

    The switch is designed to be connected to 10, 100, or 1,000 Mbps network cards in Connecting PCs and servers, as well as, to other switches and hubs. It may also be connected to Network Devices remote devices using optional SFP transceivers. Each device requires an unshielded twisted-pair (UTP) cable with RJ-45 connectors Twisted-Pair at both ends.
  • Page 15 Step 2: If the device is a network card and the switch is in the wiring closet, attach the other end of the cable segment to a modular wall outlet that is connected to the wiring closet (eee the section “Network Wiring Connections”). Otherwise, attach the other end to an available port on the switch.

  • Page 16: Chapter 2: System Configuration

    Chapter 2: System Configuration This chapter describes the entire basic configuration tasks, which includes the 2-1 System System Information and management of the Switch (E.g. Time, Account, IP, Syslog Information and SNMP). 2-1.1 Information After you login, the switch shows you the system information. This page is default and tells you the basic information of the system, including “Model Name”, “System Description”, “Contact”, “Device Name”, “System Up Time”, “BIOS Version”, “Firmware Version”, “Hardware-Mechanical Version”, “Serial Number”, “Host IP...
  • Page 17 Model name: The model name of this device. Parameter Description System description: This tells what this device is. Here, it is “20-Port 10/100/1000Base-T + 4 TP/ (100/1G) SFP Combo + 2 (100/1G) SFP PoE+ L2 Plus Managed Switch”. 26 total ports. Location: It is the location where this switch is put.

  • Page 18: 2-1.2 Configuration

    You can identify the system by configuring the contact information, name, and 2-1.2 Configuration location of the switch. Web Interface To configure System Information in the web interface: 1. Click System, System Information, then Configuration. 2. Write System Contact, System Name, System Location information on this page.

  • Page 19: Time

    This page configures the switch’s time. Time configure includes Time Configuration 2-2 Time and NTP Configuration. The switch provides manual and automatic ways to set the system time via NTP. 2-2.1 Manual Manual setting is simple and you just input “Year”, “Month”, “Day”, “Hour”, “Minute”...
  • Page 20 Clock Source: To view the Vi3026’s clock source, select “Use local Settings” or “Use Parameter NTP Server”. Description Date and Time Format: The drop bar is for choose appropriate time format. Three selections are provided as below.  YYYY-MM-DD HH:MM:SS ...

  • Page 21: 2-2.2 Ntp

    NTP is Network Time Protocol and is used to sync the network time based 2-2.2 NTP Greenwich Mean Time (GMT). If you use the NTP mode and select a built-in NTP time server or manually specify a user-defined NTP server as well as Time Zone, the switch will sync the time in a short after pressing <Apply>...

  • Page 22: Account

    2-3 Account In this function, only an administrator can create, modify or delete the username and password. Administrator can modify other guest identities’ password without confirming the password, but it is necessary to modify the administrator-equivalent identity. Guest-equivalent identity can modify his password only. Please note that you must confirm administrator/guest identity in the field of Authorization in advance before configuring the username and password.
  • Page 23 User Name: The name identifying the user. This is also a link to add/edit User. Parameter Description Password: To type the password. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126. Password (again): To type the password again.

  • Page 24: 2-3.2 Privilege Level

    2-3.2 Privilege This page provides an overview of the privilege levels. The switch provides user set Level Account, Aggregation, Diagnostics, EEE, GARP, GVRP, IP, IPMC Snooping, LACP, LLDP, LLDP MED, MAC Table, MRP, MVR, MVRP Maintenance, Mirroring, POE Ports, Private VLANs, QoS, SNMP, Security, Spanning Tree, System Trap Event, VCL, VLANs, and Voice VLAN Privilege Levels from 1 to 15 .
  • Page 25 Group Name: The name identifying the privilege group. In most cases, a privilege Parameter level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of them Description contains more than one. The following description defines these privilege level groups in details: ...

  • Page 26: 2-4.1 Ipv4

    IP is an acronym for Internet Protocol. It is a protocol used for communicating data 2-4 IP across an internet network. IP is a "best effort" system, which means that no packet of information sent over is assured to reach its destination in the same condition it was sent. Each device connected to a Local Area Network (LAN) or Wide Area Network (WAN) is given an Internet Protocol address, and this IP address is used to identify the device uniquely among all other devices connected to the extended network.
  • Page 27 DHCP Client: Enables the DHCP client by checking this box. If DHCP fails and the Parameter configured IP address is zero, DHCP will retry. If DHCP fails and the configured IP Description address is non-zero, DHCP will stop and the configured IP settings will be used. The DHCP client will announce the configured System Name as hostname to provide DNS lookup.

  • Page 28: 2-4.2 Ipv6

    2-4.2 IPv6 This section describes how to configure the switch-managed IPv6 information. The “Configured” column is used to view or change the IPv6 configuration. The “Current” column is used to show the active IPv6 configuration. Configure the switch-managed IPv6 information on this page: ...

  • Page 29: Syslog

    2-5 Syslog The Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It can be used as a generalized informational, analysis, and debugging messages.

  • Page 30: 2-5.2 Log

    2-5.2 Log This section describes how to display the system log information of the switch. Web Interface To display the log configuration in the web interface: 1. Click Syslog, then Log. 2. Display the log information. Figure 2- 5.2: The System Log configuration Auto-refresh: Click “Auto-Refresh”...

  • Page 31: 2-5.3 Detailed

    2-5.3 Detailed Log This section describes how to display the detailed log information of the switch. Web Interface To display the detailed log configuration in the web interface: 1. Click Syslog, then Detailed Log. 2. Display the log information. Figure 2-5.3: The Detailed System Log Information ID: The ID (>= 1) of the system log entry.

  • Page 32: Snmp

    2-6 SNMP Any Network Management System (NMS) running the Simple Network Management Protocol (SNMP) can manage the Managed devices equipped with SNMP agent, provided that the Management Information Base (MIB) is installed correctly on the managed devices. The SNMP is a protocol that is used to govern the transfer of information between SNMP manager and agent and traverses the Object Identity (OID) of the management Information Base (MIB), described in the form of SMI syntax.

  • Page 33: 2-6.2 Configuration

    The function is used to configure SNMP communities. To enable a new community 2-6.2 Configuration statistics, please check the button ▼, and choice <Enable> to configure SNMP function. Web Interface To display the configure SNMP Configuration in the web interface: 1.

  • Page 34: 2-6.3 Communities

    2-6.3 Communities The function is used to configure SNMPv3 communities. The Community and UserName are unique. To create a new community account, please check <Add New Community> button. Enter the account information and then check <Save>. Max Group Number: 4. Web Interface To display the configure SNMP Communities in the web interface: 1.

  • Page 35: 2-6.4 Users

    2-6.4 Users The function is used to configure SNMPv3 user. The Entry index key is UserName. To create a new UserName account, please check <Add New User> button. Enter the user information and then check <Save>. Max Group Number: 10. Web Interface To display the configure SNMP Users in the web interface: 1.
  • Page 36 Authentication Password: A string identifying the authentication password phrase. For MD5 authentication protocol, the allowed string length is 8 to 32. For SHA authentication protocol, the allowed string length is 8 to 40. The allowed content is ASCII characters from 33 to 126. Privacy Protocol: Indicates the privacy protocol that this entry should belong to.

  • Page 37: 2-6.5 Groups

    The function is used to configure SNMPv3 group. The Entry index keys are Security 2-6.5 Groups Model and Security Name. To create a new group account, please check <Add new group> button. Enter the group information and then check <Save>. Max Group Number: v1: 2, v2: 2, v3:10.

  • Page 38: 2-6.6 Views

    The function is used to configure SNMPv3 view. The entry index key is OID Subtree 2-6.6 Views and View Name. To create a new view account, please check <Add New View> button, and enter the view information then check <Save>. Max Group Number: 28.

  • Page 39: 2-6.7 Access

    2-6.7 Access The function is used to configure SNMPv3 accesses. The Entry index key are Group Name, Security Model and Security level. To create a new access account, please check <Add new access> button, and enter the access information then check <Save>.
  • Page 40 Read View Name: The name of the MIB view defining the MIB objects for which this request may request the current values. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. The name of the MIB view defines the MIB objects for which this request may potentially set new values.

  • Page 41: 2-6.8 Trap

    The function is used to configure SNMP trap. To create a new trap account, please 2-6.8 Trap check <No number> button and enter the trap information, then check <Apply>. Max Group Number: 6. Web Interface To configure SNMP Trap setting: 1.
  • Page 42 Delete: Click <Delete> to delete the entry. Parameter Description Trap Version: You may choose v1, v2c, or v3 trap. Server IP: To assign the SNMP Host IP address. UDP Port: To assign port number. Default: 162. Community / Security Name: The length of “Community/Security Name” string is restricted to 1-32.

  • Page 43: Chapter 3: Configuration

    Chapter 3: Configuration This chapter describes all of the basic network configuration tasks, which include the 3-1 Port Ports, Layer 2 network protocol (e.g. VLANs, QoS, IGMP, ACLs, PoE, etc.) and any setting of the switch. 3-1.1 Configuration The section describes how to configure the port detail parameters of the switch. You could use the Port configure to enable or disable the Port of the switch.
  • Page 44 Figure 3-1.1: The Port Configuration Parameter Port: This is the logical port number for this row. Description Link: The current link state is displayed graphically. Green indicates the link is up and red that it is down. Current Link Speed: Provides the current link speed of the port. Configured Link Speed: Selects any available link speed for the given switch port.
  • Page 45 Flow Control (Auto mode will not read Flow Control): When “Auto Speed” is selected on a port. This section indicates the flow control capability that is advertised to the link partner. When a fixed-speed setting is selected, that is what is used.

  • Page 46: 3-1.2 Port Description

    3-1.2 Port The section describes how to configure the port’s alias or any descriptions for the Description port Identity. It provides user to write down an alphanumeric string, describing the full name and version identification for the system’s hardware type, software version, and networking application.

  • Page 47: 3-1.3 Traffic Overview

    The section describes how to the port statistics information and provides overview 3-1.3 Traffic of general traffic statistics for all switch ports. Overview Web Interface To display the Port Statistics Overview in the web interface: 1. Click Configuration, Port, then Traffic Overview 2.

  • Page 48: 3-1.4 Detailed Statistics

    3-1.4 Detailed The section describes how to provide detailed traffic statistics for a specific switch Statistics port. Use the port select box to select which switch port details to display. The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit.
  • Page 49 Rx and Tx Broadcast: The number of received and transmitted (good and bad) broadcast packets. Rx and Tx Pause: A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation. Receive and Transmit Size Counters The number of received and transmitted (good and bad) packets split into categories based on their respective frame sizes.

  • Page 50: 3-1.5 Qos Statistics

    3-1.5 QoS Statistics The section describes how to the switch could display the QoS detailed queuing counters for a specific switch port for the different queues for all switch ports. Web Interface To display the Queuing Counters in the web interface: 1.

  • Page 51: 3-1.6 Sfp Information

    The section describes how to switch could display the SFP module detail information 3-1.6 SFP which you connect it to the switch. The information includes: connector type, fiber Information type, wavelength, baud rate, vendor OUI and more. Web Interface To display the SFP information in the web interface: 1.
  • Page 52 Vendor Revision: Displays the module revision. Vendor Serial Number: Shows the serial number assigned by the manufacturer. Date Code: Shows the date this SFP module was made. Temperature: Shows the current temperature of SFP module. Vcc: Shows the working DC voltage of SFP module. Mon1 (Bias) mA: Shows the Bias current of SFP module.

  • Page 53: 3-1.7 Eee

    3-1.7 EEE The section shows the user instructions on how to inspect and configure the current EEE port settings. EEE is a power saving option that reduces the power usage when there is very low traffic utilization (or no traffic). EEE works by powering down circuits when there is no traffic.
  • Page 54 Figure 3-1.7: The EEE Configuration EEE Port Configuration: The EEE port settings relate to the currently selected, as Parameter reflected by the page header. Description Port: The switch port number of the logical EEE port. EEE Enabled: Controls whether EEE is enabled for this switch port. EEE Urgent Queues: Queues set will activate transmission of frames as soon as any data is available.

  • Page 55: Acl

    The Vi3026 switch access control list (ACL) is probably the most commonly used 3-2 ACL object in the IOS. It is used for packet filtering but also for selecting types of traffic to be analyzed, forwarded, or influenced in some way. The ACLs are divided into EtherTypes - IPv4, ARP protocol, MAC, and VLAN parameters.
  • Page 56 Port: The logical port for the settings contained in the same row. Parameter Description Policy ID: Selects the policy to apply to this port. The allowed values are 0 through 255. The default value is 0. Action: Selects whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit".

  • Page 57: 3-2.2 Rate Limiters

    The section describes how to configure the switch’s ACL rate limiter parameters. 3-2.2 Rate Limiters The rate limiter Level from 1 to 16 allows the user to set rate limiter value and units with pps or kbps. Web Interface To configure ACL Rate Limiter in the web interface: 1.

  • Page 58: 3-2.3 Access Control List

    3-2.3 Access The section describes how to configure Access Control List rule. An Access Control Control List List (ACL) is a sequential list of permitted or denied conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one.
  • Page 59 Ingress Port: Select the ingress port for which this ACE applies. Parameter Description  All: The ACE applies to all port.  Port n: The ACE applies to this port number, where “n” is the number of the switch port. Policy Filter: Specify the policy number filter for this ACE.
  • Page 60 Disabled: Port shut down is disabled for the ACE. Counter: The counter indicates the number of times the ACE was hit by a frame. MAC Parameters SMAC Filter: (Only displayed when the frame type is Ethernet Type or ARP) Specifies the source MAC filter for this ACE: ...
  • Page 61 ARP Parameters The ARP parameters can be configured when Frame Type "ARP" is selected. ARP/RARP: Specifies the available ARP/RARP opcode (OP) flag for this ACE.  Any: No ARP/RARP OP flag is specified (OP is "don't-care").  ARP: Frame must have ARP/RARP opcode set to ARP. ...
  • Page 62 IP/Ethernet Length: Specifies whether frames can hit the action according to their ARP/RARP hardware address length (HLN) and protocol address length (PLN) settings.  0: ARP/RARP frames where the HLN is not equal to Ethernet (0x06) or the (PLN) is not equal to IPv4 (0x04). ...
  • Page 63 IP Fragment: Specifies the fragment offset settings for this ACE. This involves the settings for the “More Fragments” (MF) bit and the “Fragment Offset” (FRAG OFFSET) field for an IPv4 frame.  No: IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry.
  • Page 64 ICMP Type Value: When "Specific" is selected for the ICMP filter, you can enter a specific ICMP value. The allowed range is 0 to 255. A frame that hits this ACE matches this ICMP value. ICMP Code Filter: Specifies the ICMP code filter for this ACE. ...
  • Page 65 TCP FIN: Specifies the TCP "No more data from sender" (FIN) value for this ACE.  0: TCP frames where the FIN field is set must not be able to match this entry.  1: TCP frames where the FIN field is set must be able to match this entry. Any: Any value is allowed ("don't-care").
  • Page 66 : Moves the ACE up the list. : Moves the ACE down the list. : Deletes the ACE. : The lowest plus sign adds a new entry at the bottom of the ACE listings. Buttons:  Apply – Click “Apply” to apply changes. ...

  • Page 67: 3-2.4 Acl Status

    The section describes how to show the ACL status by different ACL users. Each row 3-2.4 ACL Status describes the ACE that is defined. It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations. The maximum number of ACEs is 256 on each switch.
  • Page 68 Mirror: Specifies the mirror operation of this port. The allowed values are:  Enabled: Frames received on the port are mirrored.  Disabled: Frames received on the port are not mirrored.  The default value is "Disabled". CPU: Forward packet that matched the specific ACE to CPU. CPU Once: Forward first packet that matched the specific ACE to CPU.

  • Page 69: Aggregation

    Aggregation is used to configure the settings of Link Aggregation. You can bundle 3-3 Aggregation more than one port with the same speed, full-duplex and the same MAC to be a single logical port. Thus, the logical port aggregates the bandwidth of these ports. This means you can apply your current Ethernet equipment’s to build the bandwidth aggregation.
  • Page 70 Hash Code Contributors Parameter Description Source MAC Address: The source MAC address can be used to calculate the destination port for the frame. Check to enable the use of the source MAC address or uncheck to disable. By default, the source MAC Address is enabled. Destination MAC Address: The destination MAC address can be used to calculate the destination port for the frame.

  • Page 71: 3-3.2 Lacp

    Ports using Link Aggregation Control Protocol (according to IEEE 802.3ad 3-3.2 LACP specification) as their trunking method can choose their unique LACP GroupID to form a logic “trunked port”. The benefit of using LACP is that a port makes an agreement with its peer port before it becomes a ready member of a “trunk group”...
  • Page 72 Port: The switch port number. Parameter Description LACP Enabled: Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner. LACP can form max 12 LLAGs per switch and 2 GLAGs. Key: The key value incurred by the port, ranging from 1-65535 .
  • Page 73 This section describes how to set up the LACP function on the switch, then it 3-3.2.2 System provides a status overview for all LACP instances Status Web Interface To display the LACP System status in the web interface: 1. Click Configuration, LACP, then System Status. 2.
  • Page 74 This section describes how to set up the LACP function on the switch, then it 3-3.2.3 Port Status provides a Port Status overview for all LACP instances. Web Interface To display the LACP Port status in the web interface: 1. Click Configuration, LACP, then Port Status. 2.
  • Page 75 3-3.2.4 Port This section describes how to set up the LACP function on the switch in order to Statistics provide a port statistics overview for all LACP instances. Web Interface To display the LACP Port status in the web interface: 1.

  • Page 76: Spanning Tree

    The Spanning Tree Protocol (STP) can be used to detect and disable network loops, 3-4 Spanning Tree and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STP-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network.
  • Page 77 Figure 3-4.1: The STP Bridge Configuration Basic Settings Parameter Description Protocol Version: The STP protocol version setting. Valid values are STP, RSTP, and MSTP. Bridge Priority: Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6- byte MAC address of the switch forms a Bridge Identifier.
  • Page 78 Port Error Recovery: Controls whether a port in the error-disabled state automatically will be enabled after a certain time. If recovery is not enabled, the ports have to be disabled and re-enabled for normal STP operation. The condition is also cleared by a system reboot. Port Error Recovery Timeout: The time to pass before a port in the error-disabled state can be enabled.

  • Page 79: 2-4.2 Msti Mapping

    2-4.2 MSTI When you implement a Spanning Tree protocol on the switch, the CIST is not Mapping available for explicit mapping because it will receive the VLANs not explicitly mapped. Due to the reason that you need to set the list of VLANs mapped to the MSTI.
  • Page 80 Configuration Identification Parameter Description Configuration Name: The name identifying the VLAN to MSTI mapping. Bridges must share the name and revision (see below), as well as, the VLAN-to-MSTI mapping configuration in order to share spanning trees for MSTI's (Intra-region). The name is at most 32 characters.

  • Page 81: 3-4.3 Msti Priorities

    When you implement a Spanning Tree protocol on the switch, the CIST is the default 3-4.3 MSTI instance which is always active. For controls the bridge priority. Lower numeric Priorities values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a bridge identifier.

  • Page 82: 3-4.4 Cist Ports

    When you implement a Spanning Tree protocol on the switch that the bridge 3-4.4 CIST Ports instance, you need to configure the CIST Ports. The section allows the user to inspect and change the current STP CIST port configurations. Web Interface To configure the Spanning Tree CIST Ports parameters in the web interface: 1.
  • Page 83 Port: The switch port number of the logical STP port. Parameter Description STP Enabled: Controls whether STP is enabled on this switch port. Path Cost: Controls the path cost incurred by the port. The auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values.

  • Page 84: 3-4.5 Msti Ports

    The section allows the user to inspect and change the current STP MSTI port 3-4.5 MSTI Ports configurations. An MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options.
  • Page 85 Port: The switch port number of the corresponding STP CIST (and MSTI) port. Parameter Description Path Cost: Controls the path cost incurred by the port. The “Auto” setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values.

  • Page 86: 3-4.6 Bridge Status

    After you complete the MSTI port configuration that you could to ask the switch 3-4.6 Bridge Status display the bridge status. The section provides a status overview of all STP bridge instances. The displayed table contains a row for each STP bridge instance, where the column displays the following information: Web Interface To display the STP Bridges status in the web interface:...

  • Page 87: 3-4.7 Port Status

    After you complete the STP configuration, you could ask the switch to display the 3-4.7 Port Status STP port status. This section allows you to ask the switch to display the STP CIST port status for all physical ports of the currently selected switch. Web Interface To display the STP Port status in the web interface: 1.

  • Page 88: 3-4.8 Port Statistics

    After you complete the STP configuration, then you could let the switch display the 3-4.8 Port STP Statistics. The section provides you to ask switch to display the STP Statistics Statistics detail counters of bridge ports in the currently selected switch. Web Interface To display the STP Port status in the web interface: 1.

  • Page 89: Igmp Snooping

    3-5 IGMP Snooping The function is used to establish the multicast groups to forward the multicast packet to the member ports, and in nature, to avoid wasting the bandwidth while IP multicast packets are running over the network. This is because a switch that does not support IGMP or IGMP Snooping cannot tell the multicast packet from the broadcast packet, so it can only treat them all as the broadcast packet.
  • Page 90 Figure 3-5.1: The IGMP Snooping Configuration. Snooping Enabled: Enables the Global IGMP Snooping. Parameter Unregistered IPMCv4 Flooding enabled: Enables unregistered IPMCv4 traffic Description flooding. IGMP SSM Range: SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers run the SSM service model for the groups in the address range. Format: (IP address/ sub mask).

  • Page 91: 3-5.2 Vlan Configuration

    The section describes the VLAN configuration setting process integrated with IGMP 3-5.2 VLAN snooping function. Each setting page shows up to 99 entries from the VLAN table. Configuration The default is 20 and can be selected through the "Entries Per Page" input field. During your first visit, the web page will show the first 20 entries from the beginning of the VLAN Table.
  • Page 92 LLQI (LMQI for IGMP): Last Member Query Interval. The last member query time is the time value represented by the last member query interval, multiplied by the last member query count. The allowed range is 0 to 31744 in tenths of seconds. The default last member query interval is 10 in tenths of seconds (1 second).

  • Page 93: 3-5.3 Port Group Filtering

    3-5.3 Port Group The section describes how to set the “IGMP Port Group Filtering”. With the IGMP Filtering filtering feature, a user can exert this type of control. In some network application environments, as like the metropolitan or multiple-dwelling unit (MDU) installations, a user might want to control the multicast groups to which a user on a switch port can belong.
  • Page 94 Delete: Check to delete the entry. It will be deleted during the next save. Parameter Description Port: To evoke the port enable the IGMP Snooping Port Group Filtering function. Filtering Groups: The IP multicast group that will be filtered. Buttons: ...

  • Page 95: 3-5.4 Status

    After you complete the IGMP snooping configuration, then you could let the switch 3-5.4 Status display the IGMP snooping status. The section describes how to let the switch display the IGMP snooping detail status. Web Interface To display the IGMP Snooping status in the web interface: 1.
  • Page 96 VLAN ID: The VLAN ID of the entry. Parameter Description Querier Version: Working querier version currently. Host Version: Working host version currently. Querier Status: Shows the querier status is "ACTIVE" or "IDLE". Queries Transmitted: The number of transmitted queries. Queries Received: The number of received queries. V1 Reports Received: The number of Received V1 Reports.

  • Page 97: 3-5.5 Group Information

    After you set the IGMP snooping function, then you could let the switch to display 3-5.5 Group the IGMP snooping group information. Entries in the IGMP group table are shown Information on this page. The IGMP group table is sorted first by VLAN ID and then by group. The will use the last entry of the currently displayed table as a basis for the next lookup.

  • Page 98: 3-5.6 Ipv4 Ssm Information

    3-5.6 IPv4 SSM Source Specific Multicast (SSM) is a datagram delivery model that best supports one- Information to-many applications, also known as broadcast applications. SSM is a core network technology of IP multicast targeted for audio and video broadcast application environments.
  • Page 99 Navigating the IGMPv3 Information Table Parameter Description Each page shows up to 99 entries from the IGMPv3 SSM (Source Specific Multicast) Information table. The default is 20, selected through the "Entries Per Page" input field. During the first visit, the web page will show the first 20 entries from the beginning of the IGMPv3 Information Table.

  • Page 100: Mld Snooping

    Curiously enough, a network node that acts as a source of IPv6 multicast traffic is 3-6 MLD Snooping only an indirect participant in MLD snooping. It just provides multicast traffic and MLD doesn’t interact with it. Note: In an application like desktop conferencing a network node may act as both a source and an MLD host.
  • Page 101 Figure 3-6.1: The MLD Snooping Basic Configuration. Snooping Enabled: Enables the global MLD snooping. Parameter Unregistered IPMCv6 Flooding Enabled: Enables unregistered IPMCv6 traffic Description flooding. Please note that disabling unregistered IPMCv6 traffic flooding may lead to failure of “Neighbor Discovery”. MLD SSM Range: SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers run the SSM service model for the groups in the address (using IPv6 address) range.
  • Page 102 Fast Leave: Evokes to enable the fast leave on the port. Throttling: Enables to limit the number of multicast groups to which a switch port can belong. Buttons:  Apply – Click “Apply” to save changes.  Reset- Click “Reset” to undo any changes made locally and revert back to previously saved values.

  • Page 103: 3-6.2 Vlan Configuration

    When MLD snooping is enabled on a VLAN, the switch acts to minimize unnecessary 3-6.2 VLAN multicast traffic. If the switch receives multicast traffic destined for a given multicast Configuration address, it forwards that traffic only to ports on the VLAN that have MLD hosts for that address.
  • Page 104 LLQI (LMQI for IGMP): Last Listener Query Interval. The last listener query interval is the maximum response delay used to calculate the maximum response code inserted into multicast address specific queries sent in response to version 1 multicast listener done messages. It is also the maximum response delay used to calculate the maximum response code inserted into multicast address and source specific query messages.

  • Page 105: 3-6.3 Port Group Filtering

    The section describes how to you could to set the port group filtering in the mld 3-6.3 Port Group snooping function. On the UI, you could add new filtering group and safety policy. Filtering Web Interface To configure the MLD Snooping Port Group Configuration in the web interface: 1.

  • Page 106: 3-6.4 Status

    The section describes when you complete the MLD snooping, and how To display 3-6.4 Status the MLD snooping status and detail information. It will help you to find out the detail information of MLD snooping status. Web Interface To display the MLD Snooping Status in the web interface: 1.
  • Page 107 V1 Leaves Received: The number of Received V1 Leaves. Auto-refresh: Evoke “Auto-refresh” to refresh the log automatically. Upper right icon (Refresh, <<, >>): You can click them to refresh the IGMP Group Status manually. Click “<<” or “>>” to move to the next or previous page.

  • Page 108: 3-6.5 Group Information

    The section describes how the user could set the MLD snooping groups Information. 3-6.5 Group The "Start from VLAN" and "Group" input fields allow the user to select the starting Information point in the MLD group table. Each page shows up to 99 entries from the MLD group table. The default is 20 and can be selected through the "Entries Per Page"...

  • Page 109: 3-6.6 Ipv6 Ssm Information

    The section describes how the user can configure the entries in the MLDv2 3-6.6 IPv6 SSM information table are shown on this page. The MLDv2 information table is sorted Information first by VLAN ID, then by group, and then by Port No. Different source addresses belong to the same group are treated as single entry.

  • Page 110: Mvr

    The MVR feature enables multicast traffic forwarding on the Multicast VLAN. In a 3-7 MVR multicast television application, a PC or a television with a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port.
  • Page 111 MVR Mode: Enables/Disables the Global MVR. Parameter Description VLAN ID: Specifies the multicast VLAN ID. Mode: Enables MVR on the port. Type: Specifies the MVR port type on the port. Immediate Leave: Enables the fast leave on the port. Buttons: ...

  • Page 112: 3-7.2 Port Group Allow

    The section describes how the user could add the IP Multicast Group, which 3-7.2 Port Group allowed to receive the multicast stream. Entries in the MVR port group allow table is Allow shown on this page. The MVR Port Group Table is sorted first by port, and then by IP address Web Interface To display the MVR Groups Information in the web interface:...

  • Page 113: 3-7.3 Groups Information

    The section describes how the user could display the MVR groups detail information 3-7.3 Groups on the switch. Entries in the MVR group table are shown on this page. The MVR Information group table is sorted first by VLAN ID, and then by group. Web Interface To display the MVR Groups Information in the web interface: 1.

  • Page 114: 3-7.4 Statistics

    The section describes how the switch will display the MVR detail statistics after you 3-7.4 Statistics had configured MVR on the switch. It provides the detail MVR statistics information. Web Interface To display the MVR Statistics Information in the web interface: 1.

  • Page 115: Lldp

    3-8 LLDP The switch supports the LLDP. For current information on your switch model, the “Link Layer Discovery Protocol” (LLDP) provides a standards-based method for enabling switches to advertise themselves to adjacent devices and to learn about adjacent LLDP devices. The “Link Layer Discovery Protocol” (LLDP) is a vendor- neutral link layer protocol in the internet protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet.
  • Page 116 LLDP Parameters Parameter Description Tx Interval: The switch periodically transmits LLDP frames to its neighbors to have the network discovery information up-to-date. The interval between each LLDP frame is determined by the Tx Interval value. Valid values are restricted to 5 - 32768 seconds.
  • Page 117  Both the CDP and LLDP support "system capabilities", but the CDP capabilities cover capabilities that are not part of the LLDP. These capabilities are shown as "others" in the LLDP neighbors’ table.  If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices.

  • Page 118: 3-8.2 Lldp Neighbours

    This page provides a status overview for all LLDP neighbours. The displayed table 3-8.2 LLDP contains a row for each port on which an LLDP neighbour is detected. Neighbours Web Interface To show LLDP neighbours: 1. Click “LLDP Neighbours”. 2. Click “Refresh” for manual update web screen. 3.
  • Page 119 System Description: System description is the port description advertised by the neighbour unit. Management Address: Management address is the neighbour unit's address that is used for higher layer entities to assist discovery by the network management. This could hold the neighbour's IP address. Auto-refresh: Evoke the auto-refresh icon to refresh the information automatically.

  • Page 120: 3-8.3 Lldp-Med Configuration

    3-8.3 LLDP-MED Media endpoint discovery is an enhancement of LLDP, known as LLDP-MED that Configuration provides the following facilities:  Auto-discovery of LAN policies (e.g. VLAN, Layer 2 Priority and Differentiated services [Diffserv] settings) enabling plug and play networking.  Device location discovery to allow creation of location databases and in the case of Voice over Internet Protocol (VoIP), enhanced 911 services.
  • Page 121 Fast start repeat count Parameter description Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspect of VoIP systems in general. In addition, it is best to advertise only those pieces of information, which are specifically relevant to particular endpoint type.
  • Page 122 Map Datum: The map datum is used for the coordinates given in these options:  WGS84: (Geographical 3D) - World Geodesic System 1984, CRS Code 4327, Prime Meridian Name: Greenwich.  NAD83/NAVD88: North American Datum 1983, CRS Code 4269, Prime Meridian Name: Greenwich.
  • Page 123 Additional code: Additional code - Example: 1320300003. Emergency Call Service Emergency Call Service (e.g. E911 and others), such as defined by TIA or NENA. Emergency Call Service: Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP.
  • Page 124 Tag: Tag indicate whether the specified application type is using a 'tagged' or an 'untagged' VLAN. Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802.1Q-2003. In this case, both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance.

  • Page 125: 3-8.4 Llpd-Med Neighbours

    This page provides a status overview of all LLDP-MED neighbours. The displayed 3-8.4 LLPD-MED table contains a row for each port on which an LLDP neighbour is detected. This Neighbours function applies to VoIP devices which support LLDP-MED. Web Interface To show LLDP-MED neighbor: 1.
  • Page 126 LLDP-MED Generic Endpoint (Class I): The LLDP-MED generic endpoint (Class I) definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA-1057. However, it does not support IP media or act as an end-user communication appliance. Such devices may include (but are not limited to) IP communication controllers, other communication related servers, or any device requiring basic services as defined in TIA-1057.
  • Page 127 similar appliances supporting interactive voice services. 4. Guest Voice Signaling - For use in network topologies that require a different policy for the guest voice signaling than for the guest voice media. 5. Softphone Voice - For use by softphone applications on typical data centric devices, such as PCs or laptops.

  • Page 128: 3-8.5 Eee

    By using EEE, power savings can be achieved at the expense of traffic latency. This 3-8.5 EEE latency occurs because the circuits EEE turnd off to save power and needs time to boot up before sending traffic over the link. This time is called "Wakeup Time". To achieve minimal latency, devices can use LLDP to exchange information about their respective Tx and Rx "Wakeup Time", as a way to agree upon the minimum wakeup time they need.
  • Page 129 Resolved Tx Tw: The resolved Tx Tw for this link. Note: NOT the link partner. The resolved value that is the actual "Tx Wakeup Time" used for this link (based on EEE information exchanged via LLDP). Resolved Rx Tw: The resolved Rx Tw for this link. Note: NOT the link partner. The resolved value that is the actual "Tx Wakeup Time"...

  • Page 130: 3-8.6 Port Statistics

    Two types of counters are shown. Global counters are counters that refer to the 3-8.6 Port whole switch, while local counters refer to per port counters for the currently Statistics selected switch. Web Interface To show LLDP Statistics: 1. Click LLDP, and then click Port Statistics to show LLDP counters. 2.
  • Page 131 Total Neighbours Entries Aged Out: Shows the number of entries deleted due to Time-To-Live expiring. Local Counters The displayed table contains a row for each port. The columns hold the following information: Local Port: The port on which LLDP frames are received or transmitted. Tx Frames: The number of LLDP frames transmitted on the port.

  • Page 132: Poe

    3-9 PoE PoE is an acronym for Power over Ethernet. Power over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable. For example, it could be used for powering IP telephones, wireless LAN access points, and other equipment where it would be difficult or expensive to connect the equipment to main power supply.
  • Page 133 Power Supply Configuration Parameter Description Primary Power Supply [W]: The switch can have PoE power supplies. It is used as power source. To determine the amount of power the PD may use, it must define the amount of power the power sources can deliver. PoE Power: The PoE power supply settings will be shown.

  • Page 134: 3-9.2 Status

    3-9.2 Status This page allows the user to inspect the current status for all PoE ports. Web Interface To display Power over Ethernet Status in the web interface: 1. Click “Status”. 2. Display Power over Ethernet Status Information. 3. Click “Refresh”. Figure 3-9.2: Power over Ethernet Status...
  • Page 135 Local Port: This is the logical port number for this row. Parameter Description PD Class: The recognition of PD class generates from the current that PD transmits back to the PSE during the detection between PSE and PD. The current is classified by 802.3 at/af protocol.

  • Page 136: 3-9.3 Power Delay

    This page allows the user to set the delay time of the provided power after the 3-9.3 Power Delay device reboot. Web Interface To display Power over Ethernet Status in the web interface: 1. Click Configuration, PoE, and Power delay. 2.
  • Page 137 Port: This is the logical port number for this row. Parameter Description Delay Mode: Turns on/off the power delay function. Delay Time (0~300sec): When rebooting, the PoE port will start to provide power to the PD after the delay time. Button: ...

  • Page 138: 3-9.4 Auto Checking

    3-9.4 Auto This page allows the user to specify the auto detection parameters to check the Checking linking status between PoE ports and PDs. When it detects the fail connection, it will reboot the remote PD automatically. Web Interface To display Power over Ethernet Auto Checking in the web interface: 1.
  • Page 139 Ping Check: Enables the “Ping Check” function to detect the connection between Parameter PoE port and power device. “Disable” will turn off the detection. Description Port: This is the logical port number for this row. Ping IP Address: The PD’s IP address the system should ping. Interval Time (sec): The device will send checking message to PD each interval time.

  • Page 140: 3-9.5 Scheduling

    This page allows the user to make a perfect schedule of PoE power supply. PoE 3-9.5 Scheduling scheduling makes PoE management easier and saves more energy. Web Interface To display Power over Ethernet Scheduling in the web interface: 1. Click Configuration, PoE, and Scheduling. 2.

  • Page 141: Filtering Data Base

    Filtering Data Base Configuration gathers many functions, including MAC Table 3-10 Filtering Data Information, Static MAC Learning, which cannot be categorized to some function Base type. MAC table Switching of frames is based upon the DMAC address contained in the frame. The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to (based upon the DMAC address in the frame).
  • Page 142 Figure 3- 10.1: The MAC Address Table Configuration Parameter Aging Configuration: By default, the dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging. Description Configure aging time by entering a value here in seconds (e.g. age time The allowed range is 10 to 1000000 seconds.
  • Page 143 Static MAC Table Configuration The static entries in the MAC table are shown in this table. The static MAC table can contain 64 entries. The MAC table is sorted first by VLAN ID and then by MAC address. Delete: Check to delete the entry. It will be deleted during the next save. VLAN ID: The VLAN ID of the entry.

  • Page 144: 3-10.2 Dynamic Mac Table

    Entries in the MAC table are shown on this page. The MAC table contains up to 8192 3-10.2 Dynamic entries, and is sorted first by VLAN ID, then by MAC address. MAC Table Web Interface To display MAC Address Table in the web interface: 1.

  • Page 145: Vlan

    To assign a specific VLAN for management purpose. The management VLAN is used 3-11 VLAN to establish an IP connection to the switch from a workstation connected to a port in the VLAN. This connection supports a VSM, SNMP, and Telnet session. By default, the active management VLAN is VLAN 1, but you can designate any VLAN as the management VLAN using the Management VLAN window.
  • Page 146 Delete: To delete a VLAN entry, check this box. The entry will be deleted on the Parameter selected switch. If none of the ports of this switch are members of a VLAN, then the Description delete checkbox will be greyed out (you cannot delete that entry during the next save).

  • Page 147: 3-11.2 Ports

    3-11.2 Ports The user can input VID number to each port by using the function in VLAN tag rule setting. The range of VID number is from 1 to 4094. The user also can choose ingress filtering rules to each port. There are two ingress filtering rules which can be applied to the switch.
  • Page 148 Ethertype for Custom S-ports: This field specifies the Ethertype used for custom S- Parameter ports. This is a global setting for all the custom S-ports. The custom Ethertype Description enables the user to change the Ethertype value on a port in order to support network devices that do not use the standard 0x8100 Ethertype field value on 802.1Q-tagged or 802.1p-tagged frames.

  • Page 149: 3-11.3 Switch Status

    The function switch status gathers the information of all VLAN status and reports it 3-11.3 Switch by the order of Static, NAS, MVRP, MVP, Voice VLAN, MSTP, and GVRP Combined. Status Web Interface To display VLAN membership status in the web interface: 1.
  • Page 150 VLAN Membership: The VLAN membership status page shall show the current VLAN port members for all VLANs configured by a selected VLAN User (selection shall be allowed by a combo box). When “All VLAN Users” are selected, by default, it shall show this information for all the VLAN users.

  • Page 151: 3-11.4 Port Status

    The function Port Status gathers the information of all VLAN status and reports it by 3-11.4 Port Status the order of Static, NAS, MVRP, MVP, Voice VLAN, MSTP, and GVRP Combined. Web Interface To display VLAN Port Status in the web interface: 1.
  • Page 152 Conflicts: Shows status of conflicts whether they exists or not. When a volatile VLAN sser requests to set VLAN membership or VLAN port configuration, the following conflicts can occur:  Functional conflicts between features.  Conflicts due to hardware limitation. ...

  • Page 153: 3-11.5 Private Vlans

    In a private VLAN, communication between ports in that private VLAN is not 3-11.5 Private permitted. A VLAN can be configured as a private VLAN. VLANs The private VLAN membership configurations for the switch can be monitored and 3-11.5.1 Private modified here.
  • Page 154 Port isolation provides for an apparatus and method to isolate ports on layer 2 3-11.5.2 Port switches on the same VLAN to restrict traffic flow. The apparatus comprises a Isolation switch having said plurality of ports, each port configured as a protected port or a non-protected port.

  • Page 155: 3-11.6 Mac-Based Vlan

    MAC address-based VLAN decides the VLAN for forwarding an untagged frame 3-11.6 MAC-Based based on the source MAC address of the frame. VLAN A most common way of grouping VLAN members is by port, hence the name “Port- based VLAN”. Typically, the device adds the same VLAN tag to untagged packets that are received through the same port.
  • Page 156 Figure 3-11.6.1: The MAC-Based VLAN Membership Configuration Delete: To delete a MAC-based VLAN entry, check this box and press save. The entry Parameter will be deleted on the selected switch. Description MAC Address: Indicates the MAC address. VLAN ID: Indicates the VLAN ID. Port Members: A row of check boxes for each port is displayed for each MAC-based VLAN entry.
  • Page 157 This section shows MAC-based VLAN entries configured by various MAC-based VLAN 3-11.6.2 Status users. Currently, we support following VLAN User types: NAS: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. Web Interface To display MAC-based VLAN configured in the web interface: 1.

  • Page 158: 3-11.7 Protocol-Based Vlan

    This section describes protocol-based VLAN. The switch support protocol include 3-11.7 Protocol- Ethernet LLC SNAP Protocol. Based VLAN LLC: The Logical Link Control (LLC) data communication protocol layer is the upper sub-layer of the “Data Link Layer” (which is layer 2 itself, just above the physical layer) in the seven-layer OSI reference model.
  • Page 159 Delete: To delete a protocol to group mame map entry, check this box. The entry will Parameter be deleted on the switch during the next save. Description Frame Type: Frame type can have one of the following values: 1. Ethernet 2.
  • Page 160 This section allows you to map an already configured group mame to a VLAN for the 3-11.7.2 Group to selected switch. VLAN Web Interface To display Group Name to VLAN mapping table configured in the web interface: 1. Click “Group Name VLAN Configuration” and add new entry. 2.
  • Page 161 Delete: To delete a Group Name to VLAN map entry, check this box. The entry will Parameter be deleted on the switch during the next Save Description Group Name: A valid Group Name is a string of at most 16 characters, which consists of a combination of alphabets (a-z or A-Z) and integers (0-9).

  • Page 162: Voice Vlan

    Voice VLAN is VLAN configured specially for voice traffic. By adding the ports with 3-12 Voice VLAN voice devices attached to voice VLAN, we can perform QoS-related configuration for voice data to ensure the transmission priority of voice traffic and voice quality. The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN, then the 3-12.1 switch can classify and schedule network traffic.
  • Page 163 Mode: Indicates the Voice VLAN mode operation. We must disable MSTP feature Parameter before we enable Voice VLAN. It can avoid the conflict of ingress filtering. Possible Description modes are:  Enabled: Enable Voice VLAN mode operation.  Disabled: Disable Voice VLAN mode operation. VLAN ID: Indicates the Voice VLAN ID.

  • Page 164: 3-12.2 Oui

    The section describes how to Configure VOICE VLAN OUI table. The maximum entry 3-12.2 OUI number is 16. Modifying the OUI table will restart auto detection of OUI process. Web Interface To configure Voice VLAN OUI Table in the web interface: 1.

  • Page 165: Garp

    The Generic Attribute Registration Protocol (GARP) provides a generic framework 3-13 GARP whereby devices in a bridged LAN (e.g. end stations and switches can register and de-register attribute values, such as VLAN Identifiers, with each other). In doing so, the attributes are propagated to devices in the bridged LAN, and these devices form a reachability tree that is a subset of an active topology.
  • Page 166 Port: The Port column shows the list of ports for which you can configure GARP Parameter settings. There are 2 types of configuration settings which can be configured on per Description port bases.  Timer Values  Application  Attribute Type ...

  • Page 167: 3-13.2 Statistics

    The section describes how to port statistics of GARP for all switch ports. The port 3-13.2 Statistics statistics relate to the currently selected unit, as reflected by the page header. Web Interface To display GARP Port statistics in the web interface: 1.

  • Page 168: Gvrp

    GVRP is an application based on Generic Attribute Registration Protocol (GARP). It is 3-14 GVRP mainly used to automatically and dynamically maintain the group membership information of the VLANs. The GVRP offers the function to provide the VLAN registration service through a GARP application. It makes use of the GARP Information Declaration (GID) to maintain the ports associated with their attribute database and the GARP Information Propagation (GIP) to communicate among switches and end stations.
  • Page 169 GVRP Mode: GVRP Mode is a global setting. To enable the GVRP globally, select Parameter “Enable” from menu and to disable GVRP globally, select “Disable”. Description Port: The port column shows the list of ports that you can configure per port GVRP settings.

  • Page 170: 3-14.2 Statistics

    The section describes the basic GVRP port statistics for all switch ports. The statistics 3-14.2 Statistics relate to the currently selected unit as reflected by the page header. Web Interface To display GVRP Port statistics in the web interface: 1. Click “GVRP Statistics”. 2.

  • Page 171: Qos

    3-15 QoS The switch supports four QoS queues per port with strict or weighted fair queuing scheduling. It supports QoS Control Lists (QCL) for advance programmable QoS classification, based on IEEE 802.1p, Ethertype, VID, IPv4/IPv6 DSCP, and UDP/TCP ports and ranges. High flexibility in the classification of incoming frames to a QoS class.
  • Page 172 Figure 3-15.1: The QoS Configuration Parameter Port: The port number for which the configuration below applies. Description QoS class: Controls the default QoS class (e.g. the QoS class for frames not classified in any other way). There is a one to one mapping between QoS class, queue, and priority.
  • Page 173 NOTE: DP level: Every incoming frame is classified to a Drop Precedence Level (DP level), which is used throughout the device to provide congestion control guarantees to the frame, according to what was configured for that specific DP level. PCP: PCP is an acronym for Priority Code Point. It is a 3-bit field storing the priority level for the 802.1Q frame.

  • Page 174: 3-15.2 Port Policing

    This section provides an overview of QoS ingress port policers for all switch ports. 3-15.2 Port The port policing is useful in constraining traffic flows and marking frames above Policing specific rates. Policing is primarily useful for data flows and voice or video flows because voice and video usually maintains a steady rate of traffic.
  • Page 175 Port: The logical port for the settings contained in the same row. Click on the port Parameter number in order to configure the schedulers. Description Mode: To evoke which port you need to enable the QoS ingress port policers function. Rate: To set the rate limit value for this port.

  • Page 176: 3-15.3 Port Scheduler

    3-15.3 Port This section provides an overview of QoS egress port schedulers for all switch ports Scheduler and the ports belong to the currently selected unit, as reflected by the page header. Web Interface To display the QoS Port Schedulers in the web interface: 1.
  • Page 177 If you select the scheduler mode with weighted, then the screen will change as the figure. Port: The logical port for the settings contained in the same row. Click on the port Parameter number in order to configure the schedulers. Description Mode: Shows the scheduling mode for this port.
  • Page 178 Queue Scheduler Percent: Shows the weight in percent for this queue. This parameter is only shown if scheduler mode is set to "Weighted". Port Shaper Enable: Controls whether the port shaper is enabled for this switch port. Port Shaper Rate: Controls the rate for the port shaper. The default value is 500. This value is restricted to 100-1000000 when the unit is "kbps", and it is restricted to 1- 1000 when the unit is "Mbps".

  • Page 179: 3-15.4 Port Shaping

    3-15.4 Port This section provides an overview of QoS egress port shaping for all switch ports. Shaping The user could also get all detailed information of the ports to the currently selected unit, as reflected by the page header. Web Interface To display the QoS Port Shapers in the web interface: 1.
  • Page 180 If you select the scheduler mode with weighted, then the screen will change as the figure. Port: The logical port for the settings contained in the same row. Click on the port Parameter number in order to configure the shapers. Description Shapers (Qn): Shows "Disabled"...
  • Page 181 This parameter is only shown if scheduler mode is set to "Weighted". Queue Scheduler Percent: Shows the weight in percent for this queue. This parameter is only shown if scheduler mode is set to "Weighted". Port Shaper Enable: Controls whether the port shaper is enabled for this switch port.

  • Page 182: 3-15.5 Port Tag Remarking

    The section provides user to get an overview of QoS egress port tag remarking for all 3-15.5 Port Tag switch ports. The ports belong to the currently selected unit, as reflected by the Remarking page header. Web Interface To display the QoS Port Tag Remarking in the web interface: 1.
  • Page 183  Mapped: Use mapped versions of QoS class and DP level. Buttons:  Apply – Click “Apply” to save changes.  Reset- Click “Reset” to undo any changes made locally and revert back to previously saved values.  Cancel – Click “Cancel” to cancel the changes.

  • Page 184: 3-15.6 Port Dscp

    The section sets the QoS Port DSCP configuration that allowed the user to configure 3-15.6 Port DSCP the basic QoS Port DSCP configuration settings for all switch ports. The settings relate to the currently selected unit, as reflected by the page header. Web Interface To configure the QoS Port DSCP parameters in the web interface: 1.
  • Page 185 Port: The port column shows the list of ports for which you can configure dscp Parameter ingress and egress settings. Description Ingress: In ingress settings, you can change ingress translation and classification settings for individual ports. There are two configuration parameters available in ingress: 1.

  • Page 186: 3-15.7 Dscp-Based Qos

    3-15.7 DSCP-Based The section configures the DSCP-Based QoS mode. The user can configure the basic QoS DSCP based QoS Ingress Classification settings for all switches. Web Interface To configure the DSCP –Based QoS Ingress Classification parameters in the web interface: 1.
  • Page 187 DSCP: The maximum number of supported DSCP values is 64. Parameter Description Trust: Click to check if the DSCP value is trusted. QoS Class: QoS Class value can be any of (0-7). DPL: Drop Precedence Level (0-3). Buttons:  Apply – Click “Apply” to save changes. ...

  • Page 188: 3-15.8 Dscp Translation

    3-15.8 DSCP The section configures the basic QoS DSCP translation settings for all switches. DSCP Translation translation can be done in ingress or egress. Web Interface To configure the DSCP Translation parameters in the web interface: 1. Click Configuration, QoS, and DSCP Translation. 2.
  • Page 189 DSCP: The maximum number of supported DSCP values is 64. The valid DSCP value Parameter ranges from 0 to 63. Description Ingress: Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP Translation: 1.

  • Page 190: 3-15.9 Dscp Classification

    The section teaches the user how to configure and map the DSCP value to a QoS 3-15.9 DSCP Class and DPL value. The settings relate to the currently selected unit, as reflected by Classification the page header. Web Interface To configure the DSCP Classification parameters in the web interface: Click Configuration, QoS, and DSCP Translation.

  • Page 191: 3-15.10 Qos Control List Configuration

    The section shows the QoS Control List (QCL), which is made up of the QCEs. Each 3-15.10 QoS row describes a QCE that is defined. The maximum number of QCEs is 256 on each Control List switch. Click on the lowest plus sign to add a new QCE to the list. Configuration Web Interface To configure the QoS Control List parameters in the web interface:...
  • Page 192 SMAC: Displays the OUI field of source MAC address (e.g. first three octet (byte) of MAC address). DMAC: Specifies the type of destination MAC addresses for incoming frame. Possible values are: 1. Any: All types of destination MAC addresses are allowed. 2.
  • Page 193 Key Parameters: Key configuration is described as below:  Tag value of tag field can be “Any”, “Un-tag”, or “Tag”.  VID valid value of VLAN ID can be in the range of 1-4095 or “Any”. The user can enter either a specific value or a range of VIDs. ...
  • Page 194 Action Parameters:  Class QoS Class: Class 0-7, default- basic classification.  DP Valid DP Level can be 0-3, default- basic classification.  DSCP Valid can be 0-63, BE, CS1-CS7, EF, or AF11-AF43. Buttons:  Apply – Click “Apply” to save changes. ...

  • Page 195: 3-15.11 Qcl Status

    The section configures and shows the QCL status by different QCL users. Each row 3-15.11 QCL Status describes the QCE that is defined. It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations. The maximum number of QCEs is 256 on each switch.
  • Page 196 Conflict: Displays the QCE status. Resources required to add a QCE may not available. In that case, it shows conflict status as “Yes”. Otherwise, it is always “No”. Please note that conflicts can be resolved by releasing the resource required by the QCE and pressing “Refresh”...

  • Page 197: 3-15.12 Storm Control

    The section configures the storm control for the switch. There is a unicast storm 3-15.12 Storm rate control, multicast storm rate control, and a broadcast storm rate control. These Control only affect flooded frames (e.g. frames with a (VLAN ID, DMAC) pair not present on the MAC Address table).

  • Page 198: S-Flow Agent

    The sFlow Collector configuration for the switch can be monitored and modified 3-16 S-Flow Agent here. Up to 1 Collector is supported. This page allows for configuring sFlow collector IP type, sFlow collector IP Address, Port Number, and for each sFlow Collector. 3-16.1 Collector The "Current"...
  • Page 199 The value accepted is within the range of 1-65535. But an appropriate port number not used by other protocols need to be configured. By default, the port's number is 6343. Time out: It is the duration during which the collector receives samples. Once it is expired, the sampler stops sending the samples.

  • Page 200: 3-16.2 Sampler

    The user can set or edit the sFlow sampler for their requirements. That will help the 3-16.2 Sampler user based on a defined sampling rate. An average of 1 out of N packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.
  • Page 201 sFlow Ports: List of the port numbers on which sFlow is configured. Parameter Description sFlow Instance: Configured sFlow instance for the port number. Sampler Type: Configured sampler type on the port and could be any of the types: None, Rx, Tx, or All. You can scroll to choose one for your sampler type. By default, the value is “None”.

  • Page 202: Loop Protection

    3-17 Loop The loop protection is used to detect the presence of traffic. When switch receives Protection packet’s (looping detection frame) MAC address, the same as oneself from port, looping happens. The port will be locked when it receives the looping detection frames.
  • Page 203 General Settings Parameter Description Enable Loop Protection: Controls whether loop protections is enabled (as a whole). Transmission Time: The interval between each loop protection PDU sent on each port. Valid values are 1 to 10 seconds. Shutdown Time: The period (in seconds) for which a port will be kept disabled in the event of a loop is detected (and the port action shuts down the port).

  • Page 204: 3-17.2 Status

    This page displays the loop protection port status the ports of the switch. 3-17.2 Status Web Interface To configure the Loop Protection parameters in the web interface: 1. Click Configuration, Loop Protection, and Status. 2. Evoke “Auto-refresh” or click “Refresh” to refresh the loop protection port status manually.

  • Page 205: Single Ip

    Vi3026 provides single IP address management of up to 32 switches and not limited 3-18 Single IP to specific models, distance barriers, specialized cables, or stacking method. Each single IP group consists of one master switch and up to 32 slave switches. The master switch is used to be an agent to manage all switches in the same group.

  • Page 206: 3-18.2 Information

    This page displays the active slave switch information. 3-18.2 Information Web Interface To display the active slave information in the web interface: 1. Click Configuration, Single IP, and Information. 2. Evoke “Auto-refresh” or click to refresh the single IP status manually. Figure 3-18.2: The Loop Protection Status.

  • Page 207: Easy Port

    3-19 Easy Port Easy Port provides a convenient way to save and share common configurations. You can use it to enable features and settings based on the location of a switch in the network, and for mass configuration deployments across the network. It’s easy to implement Voice IP phone, Wireless Access Point, IP Cameras, and more.
  • Page 208 Port Members: A row of check boxes for each port is displayed for each VLAN ID. Parameter To include a port in an Easy Port, check the box as . To remove or exclude the Description port from the VLAN, make sure the box is unchecked as shown: .
  • Page 209 A port entering error-disabled state due to this setting is subject to the bridge port error recovery setting as well. Buttons:  Apply – Click “Apply” to save changes.  Reset- Click “Reset” to undo any changes made locally and revert back to previously saved values.

  • Page 210: Mirroring

    3-20 Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Mirror configuration is to monitor the traffic of the network.
  • Page 211 Port to mirror: Port to mirror is also known as the mirror port. Frames from ports Parameter that have either source (RX) or destination (TX) mirroring enabled are mirrored on Description this port. “Disabled” will disable mirroring. Mirroring Port Configuration The following table is used for RX and TX enabling.

  • Page 212: Trap Event Severity

    The function is used to set an alarm trap and get the event log. The trap events 3-21 Trap Event configuration function is used to enable the switch to send out the trap information Severity while pre-defined trap events occurred. Web Interface To configure the Trap Event Severity Configuration in the web interface: 1.

  • Page 213: Upnp

    UPnP is an acronym for universal plug and play. The goals of UPnP are to allow 3-22 UPnP devices to connect seamlessly and to simplify the implementation of networks in the home (data sharing, communications, and entertainment) and in corporate environments for simplified installation of computer components.

  • Page 214: Chapter 4: Security

    Chapter 4: Security This chapter describes all of the switch security configuration tasks to enhance the 4-1 IP Source security of local network including IP Source Guard, ARP Inspection, DHCP Snooping, Guard AAA, and more. 4-1.1 Configuration The section describes how to configure the IP source guard detail parameters of the switch.
  • Page 215 Mode of IP Source Guard Configuration: Enables the global IP source guard or Parameter disables the global IP source guard. All configured ACEs will be lost when the mode description is enabled. Port Mode Configuration: Specifies that the IP source guard is enabled on which ports.

  • Page 216: 4-1.2 Static Table

    The section describes how to configure the static IP source guard table parameters 4-1.2 Static Table of the switch. You could configure the static IP source guard table to manage the entries. Web Interface To configure a Static IP Source Guard Table Configuration in the web interface: 1.

  • Page 217: 4-1.3 Dynamic Table

    The section configures the dynamic IP source guard table parameters of the switch. 4-1.3 Dynamic You could use the dynamic IP source guard Table configure to manage the entries. Table Web Interface To configure a Dynamic IP Source Guard Table Configuration in the web interface: 1.

  • Page 218: Arp Inspection

    4-2 ARP Inspection The section describes how to configure the ARP Inspection parameters of the switch. You could use the ARP Inspection configure to manage the ARP table. 4-2.1 Configuration This section describes how to configure the ARP inspection setting including: ...
  • Page 219 Mode of ARP Inspection Configuration: Enables or disables the global ARP Parameter inspection. Description Port Mode Configuration: Specifies the ARP Inspection is enabled on which ports. Only when both global mode and port mode on a given port are enabled, ARP inspection is enabled on this given port.

  • Page 220: 4-2.2 Static Table

    The section configures the static ARP inspection table parameters of the switch. You 4-2.2 Static Table could use the static ARP inspection table configure to manage the ARP entries. Web Interface To configure a Static ARP Inspection Table Configuration in the web interface: 1.

  • Page 221: 4-2.3 Dynamic Table

    The section configures the dynamic ARP inspection table parameters of the switch. 4-2.3 Dynamic The dynamic ARP inspection table contains up to 1024 entries and is sorted first by Table port, then by VLAN ID, then by MAC address, and then by IP address. Web Interface To configure a Dynamic ARP Inspection Table Configuration in the web interface: 1.

  • Page 222: Dhcp Snooping

    The section describes how to configure the DHCP snooping parameters of the 4-3 DHCP Snooping switch. The DHCP snooping can prevent attackers from adding their own DHCP servers to the network. 4-3.1 Configuration This section describes how to configure DHCP snooping setting including: ...
  • Page 223 Snooping Mode: Indicates the DHCP snooping mode operation. Possible modes are: Parameter Description  Enabled: Enables DHCP snooping mode operation. When the DHCP snooping mode operation is enabled, the DHCP requests messages to be forwarded to trusted ports and only allow reply packets from trusted ports. ...

  • Page 224: 4-3.2 Statistics

    The section describes how to show the DHCP snooping statistics information of the 4-3.2 Statistics switch. The statistics show only packet counters when the DHCP snooping mode is enabled and the relay mode is disabled. It doesn't count the DHCP packets for the DHCP client.
  • Page 225 Rx and Tx Lease Unknown: The number of lease unknown (option 53 with value 12) packets received and transmitted. Rx and Tx Lease Active: The number of lease active (option 53 with value 13) packets received and transmitted. Auto-refresh: Evoke the auto-refresh icon to refresh the information automatically. Upper right icon (Refresh, Clear): You can click them to refresh the DHCP snooping port statistics manually.

  • Page 226: Dhcp Relay

    The section describes how to forward the DHCP requests to another specific DHCP 4-4 DHCP Relay servers via DHCP relay. The DHCP servers may be on another network. 4-4.1 Configuration This section describes how to configure DHCP relay setting including: ...
  • Page 227 DHCP client. It only works when DHCP relay operation mode is enabled.  Disabled: Disables the DHCP relay information mode operation. Relay Information Policy: Indicates the DHCP relay information option policy. When the DHCP relay information mode operation is enabled and if the agent receives a DHCP message that already contains the relay agent information, it will enforce the policy.

  • Page 228: 4-4.2 Statistics

    The section describes how to show the DHCP relay statistics information of the 4-4.2 Statistics switch. The statistics shows both the server and the client packet counters when the DHCP relay mode is enabled. Web Interface To configure a DHCP Snooping Statistics Configuration in the web interface: 1.
  • Page 229 Receive Agent Option: The number of received packets with the relay agent information option. Replace Agent Option: The number of packets which were replaced with the relay agent information option. Keep Agent Option: The number of packets whose relay agent information was retained.

  • Page 230: Nas

    4-5 NAS The section describes how configure the NAS parameters of the switch. The NAS server can be employed to connect users to a variety of resources including internet access, conference calls, printing documents on shared printers, or by simply logging on to the internet.
  • Page 231 Mode: Indicates if the NAS is globally enabled or disabled on the switch. If the NAS Parameter is globally disabled, all ports are allowed to forward frames. Description Reauthentication Enabled: If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the reauthentication period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached.
  • Page 232 The hold time can be set to a number between 10 and 1000000 seconds. RADIUS-Assigned QoS Enabled: The RADIUS-assigned QoS provides a mean to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch. The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature (see RADIUS-Assigned QoS Enabled below for a detailed description).
  • Page 233 The table has one row for each port on the selected switch and a number of Port Configuration columns, which are: Port: The port number for which the configuration below applies. Admin State: If the NAS is globally enabled, “Admin State” controls the port's authentication mode.
  • Page 234 Single 802.1X: Once a supplicant is successfully authenticated on a port in a port- based 802.1X authentication, the whole port is opened for network traffic. This allows other clients connected to the port (e.g. through a hub) to piggy-back on the successfully authenticated client and get network access, even though they really aren't authenticated.
  • Page 235 Only then, will frames from the client be forwarded on the switch. There are no EAPOL frames involved in this authentication. Therefore, the MAC-based authentication has nothing to do with the 802.1X standard. The advantage of the MAC-based authentication over the port-based 802.1X is that several clients can be connected to the same port (e.g.
  • Page 236 If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a VLAN ID or it's invalid, or the supplicant is no longer present on the port, the port's VLAN ID is immediately reverted to the original VLAN ID (which may be changed by the administrator without affecting the RADIUS-assigned).
  • Page 237 Once in the guest VLAN, the port is considered authenticated and all attached clients on the port are allowed access on this VLAN. The switch will not transmit an EAPOL success frame when entering the guest VLAN. While in the guest VLAN, the switch monitors the link for EAPOL frames and if one such frame is received, the switch immediately takes the port out of the guest VLAN and starts authenticating the supplicant according to the port mode.

  • Page 238: 4-5.2 Switch Status

    The section shows the NAS status information of each port on the switch. The status 4-5.2 Switch Status includes Admin State Port State, Last Source, Last ID, QoS Class, and Port VLAN ID. Web Interface To configure a NAS Switch Status Configuration in the web interface: 1.
  • Page 239 Port VLAN ID: The VLAN ID that NAS has put the port in. The field is blank, if the port VLAN ID is not overridden by NAS. If the VLAN ID is assigned by the RADIUS server, "(RADIUS-assigned)" is appended to the VLAN ID.

  • Page 240: 4-5.3 Port Status

    The section provides detailed NAS statistics for a specific switch port running EAPOL- 4-5.3 Port Status based IEEE 802.1X authentication. Web Interface To configure a NAS Port Status Configuration in the web interface: 1. Specify the port you want to check. 2.

  • Page 241: Aaa

    This section uses an AAA (Authentication, Authorization, Accounting) server to 4-6 AAA provide access control to your network. The AAA server can be a TACACS+ or RADIUS server to create and manage objects that contain settings for using AAA servers. 4-6.1 Configuration This section configures the AAA setting of the TACACS+ or RADIUS server.
  • Page 242 Figure 4-5.3.2: The TACACS+ Accounting Configuration Figure 4-5.3.3: The RADIUS Configuration Figure 4-5.3.4: The RADIUS Accounting Configuration Figure 4-5.3.5: The TACACS+ Authentication Configuration...
  • Page 243 Timeout: Timeout is the maximum time to wait for a reply from a server. It can be Parameter set to a number between 3 and 3600 seconds. Description If the server does not reply within this timeframe, we will consider it to be dead and continue with the next enabled server (if any).
  • Page 244 RADIUS Accounting Server Configuration The table has one row for each RADIUS accounting server and a number of columns, which are: #: The RADIUS accounting server number for which the configuration below applies. Enabled: Enable the RADIUS accounting server by checking this box. IP Address/Hostname: The IP address or hostname of the RADIUS accounting server.

  • Page 245: 4-6.2 Radius Overview

    4-6.2 Radius This section shows you an overview of the RADIUS Authentication and Accounting Overview servers status to ensure the function is workable. Web Interface To configure a RADIUS Overview Configuration in the web interface: 1. Checked “Auto-refresh”. Figure 4-6.2: The RADIUS Authentication Server Status Overview Parameter #: The RADIUS server number.
  • Page 246 RADIUS Accounting Servers #: The RADIUS server number. Click to navigate the detailed statistics for this server. IP Address: The IP address and UDP port number (in <IP Address>:<UDP Port> notation) of this server. State: The current state of the server. This field takes one of the following values: ...

  • Page 247: 4-6.3 Radius Details

    This section shows the detailed statistics of the RADIUS authentication and 4-6.3 Radius accounting servers. The statistics mapped closely to those specified in RFC4668 - Details RADIUS Authentication Client MIB. Web Interface To configure a RADIUS Details Configuration in the web interface: 1.
  • Page 248 The number of RADIUS Access-Response radiusAuthClientExtBadAuthe packets containing invalid authenticators or Authenticators nticators message authenticator attributes received from the server. The number of RADIUS packets that were Unknown radiusAuthClientExtUnknownT received with unknown types from the server Types ypes on the authentication port and dropped. The number of RADIUS packets that were Packets radiusAuthClientExtPacketsDr...
  • Page 249 The time interval (measured in milliseconds) between the most recent Access-Reply/Access-Challenge and the Access-Request Round-Trip radiusAuthClientExtRoundTrip that matched it from the RADIUS authentication server. The Time Time granularity of this measurement is 100 ms. A value of 0 ms indicates that there hasn't been round-trip communication with the server yet.
  • Page 250 same server is counted as a retransmittion and a timeout. A send to a different server is counted as a request and a timeout. Other Info This section contains information about the state of the server and the latest round-trip time. Name RFC4670 Name Description...

  • Page 251: Port Security

    4-7 Port Security This section configures the port security settings of the switch. You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses. 4-7.1 Limit Control This section configures the port security settings of the switch. You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses.
  • Page 252 System Configuration Parameter Description Mode: Indicates if the limit control is globally enabled or disabled on the switch. If it’s globally disabled, other modules may still use the underlying functionality, but limit checks and corresponding actions are disabled. Aging Enabled: If this is checked, secured MAC addresses are subject to aging as discussed under “Aging Period”.
  • Page 253 port, and no new address will be learned. Even if the link is physically disconnected and reconnected on the port (by disconnecting the cable), the port will remain shut down. There are three ways to re-open the port: 1. Boot the switch, 2.

  • Page 254: 4-7.2 Switch Status

    This section shows the port security status. Port security is a module with no direct 4-7.2 Switch Status configuration. Configuration comes indirectly from other modules - the user modules. When a user module enabled port security on a port, the port is set up for software-based learning.
  • Page 255 User Module Legend Parameter Description The legend shows all user modules that may request port security services. User Module Name: The full name of a module that may request port security services. Abbr: A one-letter abbreviation of the user module. This is used in the “Users” column in the port status table.

  • Page 256: 4-7.3 Port Status

    This section shows the MAC addresses secured by the Port Security module. Port 4-7.3 Port Status Security is a module with no direct configuration. Configuration comes indirectly from other modules - the user modules. When a user module has enabled port security on a port, the port is set-up for software-based learning.

  • Page 257: Access Management

    This section configures the access management table of the switch including 4-8 Access HTTP/HTTPS, SNMP, and TELNET/SSH. You can manage the switch over an Ethernet Management LAN or over the Internet. 4-8.1 Configuration This section configures the access management table of the switch. The maximum entry number is 16.
  • Page 258 Mode: Indicates the access management mode operation. Possible modes are: Parameter  Description Enabled: Enable access management mode operation.  Disabled: Disable access management mode operation. Delete: Check to delete the entry. It will be deleted during the next save. Start IP address: Indicates the start IP address for the access management entry.

  • Page 259: 4-8.2 Statistics

    This section shows the detailed statistics of the access management including HTTP, 4-8.2 Statistics HTTPS, SSH TELNET, and SSH. Web Interface To configure an Assess Management Statistics in the web interface: 1. Checked “Auto-refresh”. Figure 4-8.2: The Access Management Statistics Parameter Interface: The interface type through which the remote host can access the switch.

  • Page 260: Ssh

    This section shows you to use SSH (Secure SHell) to securely access the switch. SSH 4-9 SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication. Web Interface To configure a SSH Configuration in the web interface: 1.

  • Page 261: Https

    This section uses HTTPS to securely access the switch. HTTPS is a secure 4-10 HTTPs communication protocol that combines authentication and data encryption to provide secure encrypted communication via the browser. Web Interface To configure a HTTPS Configuration in the web interface: 1.

  • Page 262: Auth Method

    This page shows how to configure an authenticated user when they log into the 4-11 Auth Method switch via one of the management client interfaces. Web Interface To configure an Authentication Method Configuration in the web interface: 1. Specify which client (console, telent, ssh, web) you want to monitor. 2.

  • Page 263: Chapter 5: Maintenance

    Chapter 5: Maintenance 5-1 Restart Device This chapter describes the entire switch maintenance configuration tasks to enhance the performance of local network including Restart Device, Firmware upgrade, Save/Restore, Import/Export, and Diagnostics. It also describes how to restart the switch for any maintenance needs. Any configuration files or scripts that you saved in the switch should still be available afterwards.

  • Page 264: Firmware

    This section describes how to upgrade the firmware. The switch can be enhanced 5-2 Firmware with more value-added functions by installing firmware upgrades. 5-2.1 Firmware This page facilitates an update of the firmware controlling the switch. Upgrade Web Interface To configure a Firmware Upgrade Configuration in the web interface: 1.

  • Page 265: 5-2.2 Firmware Selection

    The switch supports dual image for firmware redundancy purpose. You can select 5-2.2 Firmware the firmware image for the device’s start firmware or operating firmware. This page Selection provides information about the active and alternate (backup) firmware images in the device and allows you to switch to the alternate image.
  • Page 266 NOTE: 1. In case the active firmware image is the alternate image, only the "Active Image" table is shown. In this case, the “Activate Alternate Image” button is also disabled. 2. If the alternate image is active (due to a corruption of the primary image or manually intervention), uploading a new firmware image to the device will automatically use the primary image slot and activate this.

  • Page 267: Save/Restore

    This section describes how to save and restore the switch configuration including 5-3 Save/Restore reset to Factory Defaults, Save Start, Save Users, and Restore Users for any maintenance needs. 5-3.1 Factory This section describes how to reset the switch configuration to factory defaults. Any configuration files or scripts will be reverted to factory default values.

  • Page 268: 5-3.2 Save Start

    This section describes how to save the switch start configuration. Any current 5-3.2 Save Start configuration files will be saved as XML format. Web Interface To configure a Save Start Configuration in the web interface: 1. Click “Save Start”. 2. Click “Yes”. Figure 5-3.2: The Save Start Configuration Parameter Buttons:...

  • Page 269: 5-3.3 Save User

    This section describes how to save users information. Any current configuration 5-3.3 Save User files will be saved as XML format. Web Interface To configure a Save User Configuration in the web interface: 1. Click “Save User”. 2. Click “Yes”. Figure 5-3.3: The Save as Backup Configuration Parameter Buttons:...

  • Page 270: 5-3.4 Restore User

    This section describes how to restore users’ information back to the switch. Any 5-3.4 Restore User current configuration files will be restored via XML format. Web Interface To configure a Restore User Configuration in the web interface: 1. Click “Restore User”. 2.

  • Page 271: Export/Import

    This section describes how to export and import the switch configuration. Any 5-4 Export/Import current configuration files will be exported as XML format. This section describes how to export the switch configuration for maintenance 5-4.1 Export Config needs. Any current configuration files will be exported as XML format. Web Interface To configure an Export Config Configuration in the web interface: 1.

  • Page 272: 5-4.2 Import Config

    This section describes how to export the switch configuration for any maintenance 5-4.2 Import needs. Any current configuration files will be exported as XML format. Config Web Interface To configure an Import Config Configuration in the web interface: 1. Click “Browse” to select the configuration file. 2.

  • Page 273: Diagnostics

    This section provides a set of basic system diagnosis. It lets the users know that 5-5 Diagnostics whether the system is healthy or needs to be fixed. The basic system check includes ICMP Ping, ICMPv6, and VeriPHY Cable Diagnostics. 5-5.1 Ping This section allows you to issue ICMP PING packets to troubleshoot IPv6 connectivity issues.

  • Page 274: 5-5.2 Ping6

    This section allows you to issue ICMPv6 PING packets to troubleshoot IPv6 5-5.2 Ping6 connectivity issues. Web Interface To configure an ICMPv6 PING Configuration in the web interface: 1. Specify the ICMPv6 PING IP address. 2. Specify the ICMPv6 PING size. 3.

  • Page 275: Glossary Of Web-Based Management

    Glossary of Web-based Management ACE is an acronym for Access Control Entry. It describes the access permission associated with a particular ACE ID. There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also contains many detailed and different parameter options that are available for individual application.
  • Page 276 AES is an acronym for Advanced Encryption Standard. The encryption key protocol is applied in 802.1i standard to improve WLAN security. It is an encryption standard by the U.S. government, which will replace DES and 3DES. AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits.
  • Page 277 Encrypting data converts it to an unintelligible form called cipher. Decrypting cipher converts the data back to its original form called plaintext. The algorithm described in this standard specifies both enciphering and deciphering operations, which are based on a binary number called a key. DHCP DHCP is an acronym for Dynamic Host Configuration Protocol.
  • Page 278 DNS is an acronym for Domain Name System. It stores and associates many types of information with domain names. Most importantly, DNS translates human-friendly domain names and computer hostnames into computer-friendly IP addresses. For example, the domain name www.example.com might translate to 192.168.0.1. DoS is an acronym for Denial of Service.
  • Page 279 HTTP is an acronym for Hypertext Transfer Protocol. It is a protocol that used to transfer or convey information on the World Wide Web (WWW). HTTP HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. The other main standard that controls how the World Wide Web works is HTML, which covers how Web pages are formatted and displayed.
  • Page 280 IGMP is an acronym for Internet Group Management Protocol. It is a IGMP communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It is an integral part of the IP multicast specification, like ICMP for unicast connections.
  • Page 281 LLDP is an IEEE 802.1ab standard protocol. LLDP The Link Layer Discovery Protocol (LLDP) specified in this standard allows stations attached to an IEEE 802 LAN to advertise, to other stations attached to the same IEEE 802 LAN, the major capabilities provided by the system incorporating that station, the management address or addresses of the entity or entities that provide management of those capabilities, and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities.
  • Page 282 MLD is an acronym for Multicast Listener Discovery for IPv6. MLD is used by IPv6 routers to discover multicast listeners on a directly attached link, much as IGMP is used in IPv4. The protocol is embedded in ICMPv6 instead of using a separate protocol.
  • Page 283 A LLDP frame contains multiple TLVs. For some TLVs, it is configurable if the switch Optional TLVs shall include the TLV in the LLDP frame. These TLVs are known as optional TLVs. If an optional TLVs is disabled, the corresponding information is not included in the LLDP frame.
  • Page 284 PTP is an acronym for Precision Time Protocol, a network protocol for synchronizing the clocks of computer systems. QCE is an acronym for QoS Control Entry. It describes QoS class associated with a particular QCE ID. There are six QCE frame types: Ethernet Type, VLAN, UDP/TCP Port, DSCP, TOS, and Tag Priority.
  • Page 285 SHA is an acronym for Secure Hash Algorithm. It designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. Hash algorithms compute a fixed-length digital representation (known as a message digest) of an input data sequence (the message) of any length. Shaper A shaper can limit the bandwidth of transmitted frames.
  • Page 286 Spanning Tree Protocol is an OSI layer-2 protocol which ensures a loop free topology for any bridged LAN. The original STP protocol is now obsolete by RSTP. SyncE SyncE is an abbreviation for Synchronous Ethernet. This functionality is used to make a network 'clock frequency' synchronized.
  • Page 287 UDP is an alternative to the Transmission Control Protocol (TCP) that uses the Internet Protocol (IP). Unlike TCP, UDP does not provide the service of dividing a message into packet datagrams, and UDP doesn't provide reassembling and sequencing of the packets. This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order.

  • Page 288: Contact Information

    Contact Information 7620 Miramar Road, Suite 4100 Vigitron, Inc. San Diego, CA 92126 support@vigitron.com Tel: (858) 484-5209 Fax: (858) 484-1205 www.vigitron.com Vigitron Central Barox Kommunikation AG Europe Baden-Dättwil, Schweiz rohr.rudolf@barox.ch Tel: +41 56 210 45 20 Fax: +41 56 210 45 21...

Table of Contents