Page 1
User Manual EKI-9500 Series Full Managed Ethernet Switches...
Page 2
No part of this manual may be reproduced, copied, translated or transmitted in any form or by any means without the prior written permission of Advantech Co., Ltd. Information provided in this manual is intended to be accurate and reliable. How- ever, Advantech Co., Ltd.
This product has passed the CE test for environmental specifications when shielded cables are used for external wiring. We recommend the use of shielded cables. This kind of cable is available from Advantech. Please contact your local supplier for ordering information.
Technical Support and Assistance Visit the Advantech web site at www.advantech.com/support where you can find the latest information about the product. Contact your distributor, sales representative, or Advantech's customer service center for technical support if you need additional assistance. Please have the following information ready before you call: –...
The sound pressure level at the operator's position according to IEC 704-1:1982 is no more than 70 dB (A). DISCLAIMER: This set of instructions is given according to IEC 704-1. Advantech disclaims all responsibility for the accuracy of any statements contained herein.
Page 6
Der arbeitsplatzbezogene Schalldruckpegel nach DIN 45 635 Teil 1000 beträgt 70dB(A) oder weiger. Haftungsausschluss: Die Bedienungsanleitungen wurden entsprechend der IEC- 704-1 erstellt. Advantech lehnt jegliche Verantwortung für die Richtigkeit der in die- sem Zusammenhang getätigten Aussagen ab. EKI-9500 Series User Manual...
Page 7
Safety Precaution - Static Electricity Follow these simple precautions to protect yourself from harm and the products from damage. To avoid electrical shock, always disconnect the power from your PC chassis before you work on it. Don't touch any components on the CPU card or other cards while the PC is on.
Technical Support and Assistance Visit the Advantech web site at www.advantech.com/support where you can find the latest information about the product. Contract your distributor, sales representative, or Advantech's customer service center for technical support if you need additional assistance. Please have the following information ready before you call: –...
Contents Chapter Product Overview ........1 Supported Models ..................2 Specifications .................... 2 Hardware Views ..................4 1.3.1 Front View..................4 Figure 1.1 Front View ..............4 Figure 1.2 Front View ..............5 Figure 1.3 Front View ..............6 Figure 1.4 Front View ..............
Page 10
3.2.2 Accessing the CLI............... 23 Web Browser Configuration ..............23 3.3.1 Preparing for Web Configuration ..........23 3.3.2 System Login ................23 Chapter Managing Switch....... 24 Log In ...................... 25 Figure 4.1 Login Screen ............25 Recommended Practices................ 25 4.2.1 Changing Default Password ............
Page 11
Figure 4.28 System > Advanced Configuration > Email Alerts > Server............46 Figure 4.29 System > Advanced Configuration > Email Alerts > Server > Add ..........47 Figure 4.30 System > Advanced Configuration > Email Alerts > Statistics ............ 47 Figure 4.31 System >...
Page 12
Figure 4.58 System > Advanced Configuration > SNMP > User Security Model ..........68 Figure 4.59 System > Advanced Configuration > SNMP > User Security Model > Add ........69 Figure 4.60 System > Advanced Configuration > SNMP > Source Interface Configuration....... 70 Figure 4.61 System >...
Page 13
Figure 4.91 System > Connectivity > Service Port IPv4 .... 94 Figure 4.92 System > Connectivity > Service Port IPv6 .... 95 Figure 4.93 System > Connectivity > Service Port IPv6 Neighbors ............... 96 Figure 4.94 System > Connectivity > Service Port IPv6 Neighbors List >...
Page 18
Security ....................259 4.6.1 Port Access Control ..............259 Figure 4.286Security > Port Access Control > Configuration ... 259 Figure 4.287Security > Port Access Control > Port Summary . 260 Figure 4.288Security > Port Access Control > Port Configuration ............262 Figure 4.289Security >...
252 x 174 x 643mm (include M23 connector) (W x H x D) LED Display System LED SYS, Power 1, Power 2, CFG, ALM Port LED DATA, PoE (only for EKI-9516P-LV, EKI-9516P-HV, EKI-9512P-LV, EKI-9512P-HV, EKI-9516DP-LV, EKI-9516DP-HV, EKI-9512DP-LV and EKI-9512DP- EKI-9500 Series User Manual...
Hardware Views 1.3.1 Front View The following view applies to EKI-9516 and EKI-9516D. DATA DATA DATA DATA PWR2 PWR1 EKI-9516 Signal VBUS Pin PWR L 1 /V + Signal L 1 /V - L2/V + L2/V - Pair Console DA - Pair DB - P1-N...
The following view applies to EKI-9516P-HV, EKI-9516P-LV, EKI-9516DP-HV and EKI-9516DP-LV. DATA DATA DATA DATA PWR2 PWR1 EKI-9516P Signal VBUS Pin PWR Signal L 1 /V + L 1 /V - L2/V + L2/V - Pair Console DA - Pair DB -...
The following view applies to EKI-9512 and EKI-9512D. DATA DATA DATA PWR2 PWR1 EKI-9512 Signal VBUS Pin PWR Signal L 1 /V + L 1 /V - L2/V + L2/V - Pair Console DA - Pair DB - P1-N P1-P DD - P2-N P2-P...
The following view applies to EKI-9512P-HV, EKI-9512P-LV, EKI-9512DP-HV and EKI-9512DP-LV. DATA DATA DATA PWR2 PWR1 EKI-9512P Signal VBUS Pin PWR Signal L 1 /V + L 1 /V - L2/V + L2/V - Pair Console DA - Pair DB - P1-N P1-P P2-N...
Link down Green on Providing power over 15.4 W. (only available in Blink green Providing power under 15.4 W. EKI-9516P-LV, User turns off PoE mode at corresponding Giga- EKI-9516P-HV, bit Ethernet port. EKI-9512P-LV, EKI-9512P-HV, EKI-9516DP-LV, EKI-9516DP-HV, EKI-9512DP-LV EKI-9512DP-HV) EKI-9500 Series User Manual...
Installation Guidelines The following guidelines are provided to optimize the device performance. Review the guidelines before installing the device. Make sure cabling is away from sources of electrical noise. Radios, power lines, and fluorescent lighting fixtures can interference with the device performance. ...
Insert the screws into the wall sinks. Leave a 6 mm gap between the wall and the screw head to allow for wall mount plate insertion. 10 mm 4.0 mm 4.0 mm (Max: 4.3mm) Figure 2.1 Securing Wall Mounting Screws ...
Power Supply Installation 2.4.1 Overview Warning! Power down and disconnect the power cord before servicing or wiring the switch. Caution! Do not disconnect modules or cabling unless the power is first switched off. The device only supports the voltage outlined in the type plate. Do not use any other power components except those specifically designated for the switch device.
Do not bundle together wiring with similar electrical characteristics. Make sure to separate input and output wiring. Label all wiring and cabling to the various devices for more effective manage- ment and servicing. Note! Routing communications and power wiring through the same conduit may cause signal interference.
Electromagnetic Interference (EMI) affects the transmission performance of a device. By properly grounding the device to earth ground through a drain wire, you can setup the best possible noise immunity and emissions. DATA DATA DATA PWR2 PWR1 EKI-9512P Signal VBUS Pin PWR L 1 /V + Signal...
Remove the protection cap from the power input. Figure 2.5 Removing the Protection Cap Secure the power cable to the power input. Figure 2.6 Installing the Power Cable The power input is now connected to the switch. The switch can be powered on. 2.4.4.1 Standard M23 6-Pin Male Pin Assignment This section describes the proper connection of the 12, 24, -48, 110, 125 and...
Description L1/V+ L1/V- L2/V+ L2/V- Connecting the Ethernet Media 2.5.1 Connecting the 10/100/1000BaseT(X) The managed Ethernet models have four Gigabit Ethernet ports (8-pin shielded M12 connector with X coding) or Fast Ethernet ports (4-pin shielded M12 connector with D coding) circular connectors. The 10/100/1000BaseT(X) ports located on the switch's front side are used to connect to Ethernet-enabled devices.
The console port, used to access the managed switch’s software, has an 8-pin M12 (male) port. A console cable with the mating M12 (female) port and both a DB-9 and / or a USB connector is available for purchase from Advantech. 2.7.0.1 Pin Assignment Figure 2.11 M12 Console Pin Assignment...
First Time Setup 3.1.1 Overview The Industrial Ethernet Managed Switch is a configurable device that facilitates the interconnection of Ethernet devices on an Ethernet network. This includes comput- ers, operator interfaces, I/O, controllers, RTUs, PLCs, other switches/hubs or any device that supports the standard IEEE 802.3 protocol. This switch has all the capabilities of a store and forward Ethernet switch plus advanced management features such as SNMP, RSTP and port mirroring.
3.1.4 Using the Graphical (Web) Interface The graphical interface is provided via a web server in the switch and can be accessed via a web browser such as Opera, Mozilla, or Internet Explorer. Note! JavaScript must be supported and enabled in your browser for the graphical interface to work correctly.
3.1.6 Configuring the Ethernet Ports The switch comes with default port settings that should allow you to connect to the Ethernet Ports with out any necessary configuration. Should there be a need to change the name of the ports, negotiation settings or flow control settings, you can do this in the Port Configuration menu.
– parameter will specify the parameter within the section. For example, the net- work section will have parameters for DHCP, IP address, subnet mask, and default gateway. – value is the new value of the parameter. If value is omitted, the current value is displayed.
Log In To access the login window, connect the device to the network, see “Connecting the Ethernet Media” on page 16. Once the switch is installed and connected, power on the switch see the following procedures to log into your switch. When the switch is first installed, the default network configuration is set to DHCP enabled.
In the Password field, type in the new password. Re-type the same password in the Confirm field. Click Submit to change the current account settings. Figure 4.3 Changing a Default Password After saving all the desired settings, perform a system save (Save Configuration). The changes are saved.
Page 46
Item Description Access Type The way the user accesses the system. This field can be configured only when adding a new authentication list, and only the Login and Enable access types can be selected. The access types are as fol- lows: ...
To add a new authentication list: Click System > AAA > Authentication List > Add. Figure 4.5 System > AAA > Authentication List > Add The following table describes the items in the previous figure. Item Description Authentication Methods Available Methods The authentication methods that can be used for the authentication list.
The following table describes the items in the previous figure. Item Description Terminal Console The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a connection to the console port. Telnet The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a Telnet ses-...
Item Description Method Options The method(s) used to record user activity. The possible methods are as follows: TACACS+: Accounting notifications are sent to the configured TACACS+ server. Radius: Accounting notifications are sent to the configured RADIUS server. List Type The type of accounting list, which is one of the following: ...
4.3.1.4 Accounting Selection Use the Accounting List Selection page to associate an accounting list with each access method. For each access method, the following two accounting lists are asso- ciated: Exec: The accounting list to record user login and logout times. ...
4.3.2 Advanced Configuration 4.3.2.1 DHCP Server Global Use the DHCP Server Global Configuration page to configure DHCP global parame- ters. To access this page, click System > Advanced Configuration > DHCP Server > Global. Figure 4.10 System > Advanced Configuration > DHCP Server > Global The following table describes the items in the previous figure.
The following table describes the items in the previous figure. Item Description From The IP address to exclude. In a range of addresses, this value is the lowest address to exclude. The highest address to exclude in a range of addresses. If the excluded address is not part of a range, this field shows the same value as the From field.
The following table describes the items in the previous figure. Item Description Name The name that identifies the DHCP server pool. Type The type of binding for the pool. The options are: Manual: The DHCP server assigns a specific IP address to the client based on the client's MAC address.
Page 54
Item Description Network Base The network portion of the IP address. A DHCP client can be offered Address any available IP address within the defined network as long as it has not been configured as an excluded address (for dynamic pools only). Network Mask The subnet mask associated with the Network Base Address that sep- arates the network bits from the host bits (for dynamic pools only).
Page 55
To access this page, click System > Advanced Configuration > DHCP Server > Pool Configuration. Figure 4.15 System > Advanced Configuration > DHCP Server > Pool Configuration The following table describes the items in the previous figure. Item Description Pool Name Select the pool to configure.
Page 56
Item Description Lease Expiration Indicates whether the information the server provides to the client should expire. Enable: Allows the lease to expire. If you select this option, you can specify the amount of time the lease is valid in the Lease Duration field.
To access this page, click System > Advanced Configuration > DHCP Server > Pool Options. Figure 4.16 System > Advanced Configuration > DHCP Server > Pool Options The following table describes the items in the previous figure. Item Description Pool Name Select the pool to configure.
To add a new vendor option: Click System > Advanced Configuration > DHCP Server > Pool Options > Add Vendor Option. Figure 4.17 System > Advanced Configuration > DHCP Server > Pool Options > Add Vendor Option The following table describes the items in the previous figure. Item Description Option Code...
Item Description Submit Click Submit to save the values. Cancel Click Cancel to close the window. Bindings Use the DHCP Server Bindings page to view information about the IP address bind- ings in the DHCP server database. To access this page, click System > Advanced Configuration > DHCP Server > Bindings.
Page 60
The following table describes the items in the previous figure. Item Description Automatic Bindings The total number of IP addresses from all address pools with auto- matic bindings that the DHCP server has assigned to DHCP clients. Expired Bindings The number of IP addresses that the DHCP server has assigned to DHCP clients that have exceeded the configured lease time.
To access this page, click System > Advanced Configuration > DHCP Server > Conflicts. Figure 4.21 System > Advanced Configuration > DHCP Server > Conflicts The following table describes the items in the previous figure. Item Description IP Address The IP address that has been detected as a duplicate. Detection Method The method used to detect the conflict, which is one of the following: ...
The following table describes the items in the previous figure. Item Description Admin Mode The administrative mode of the DNS client. Default Domain The default domain name for the DNS client to use to complete Name unqualified host names. Domain names are typically composed of a series of labels concatenated with dots.
Item Description IP Address The IPv4 or IPv6 address associated with the configured Host Name. For Static entries, specify the IP Address after you click Add. You can specify either an IPv4 or an IPv6 address. Total Time The number of seconds that the entry will remain in the table. The function is only available for Dynamic entries.
To access this page, click System > Advanced Configuration > DNS > Source Interface Configuration. Figure 4.25 System > Advanced Configuration > DNS > Source Interface Configuration The following table describes the items in the previous figure. Item Description Type The type of interface to use as the source interface: ...
Item Description Log Duration Determines how frequently the non critical messages are sent to the (Minutes) SMTP server. Submit Click Submit to save the values and update the screen. Refresh Click Refresh to update the screen. Cancel Click Cancel to restore default value. Test Use the Email Alert Test page to verify that the Email alert settings are configured properly.
Item Description Password If the Security is TLSv1, this field specifies the password associated with the configured user name for mail server access. When adding or editing the server, you must retype the password to confirm that it is entered correctly. Refresh Click Refresh to update the screen.
Item Description Number of Emails The number of email alerts that failed to be sent since the counters Failed were cleared or system was reset. Time Since Last The amount of time in days, hours, minutes, and seconds that has Email Sent passed since the last email alert was successfully sent.
To add a new Email alert to address: Click System > Advanced Configuration > Email Alerts > Address > Add. Figure 4.33 System > Advanced Configuration > Email Alerts > Address > Add The following table describes the items in the previous figure. Item Description To Address...
Item Description Hold Time Interval The number of seconds the neighbor device should consider the infor- (Seconds) mation it receives in an ISDP packet to be valid. Device ID The identification information the device advertises to its neighbors in the ISDP packets. Device ID Format The possible formats that the device can use for identification pur- Capability...
Interface Use the ISDP Interface Configuration page to configure the ISDP settings for each interface. To access this page, click System > Advanced Configuration > ISDP > Interface. Figure 4.36 System > Advanced Configuration > ISDP > Interface The following table describes the items in the previous figure. Item Description Interface...
Item Description ISDPv1 Packets The total number of ISDP version 1 packets transmitted by the device. Transmitted ISDPv2 Packets The total number of ISDP version 2 packets received by the device. Received ISDPv2 Packets The total number of ISDP version 2 packets transmitted by the device. Transmitted Bad Header The total number of ISDP packets received with bad headers.
Item Description Link Action The action performed on downstream interfaces when the upstream interfaces are down, which can be one of the following: Up: Downstream interfaces are up when upstream interfaces are down. Down: Downstream interfaces go down when upstream inter- faces are down.
Item Description Submit Click Submit to save the values. Cancel Click Cancel to close the window. 4.3.2.6 Protection Denial of Service Use the Denial of Service (DoS) Configuration page to configure DoS control. FAST- PATH SMB software provides support for classifying and blocking specific types of DoS attacks.
Item Description TCP Fragment Enable this option to allow the device to drop packets that have a TCP payload where the IP payload length minus the IP header size is less than the minimum allowed TCP header size. TCP Offset Enable this option to allow the device to drop packets that have a TCP header Offset set to 1.
agent on the device. The sFlow agent can send packet sampling data to multiple sFlow receivers on the network. To access this page, click System > Advanced Configuration > sFlow > Receiver. Figure 4.42 System > Advanced Configuration > sFlow > Receiver The following table describes the items in the previous figure.
Item Description Receiver Index The sFlowReceiver for this sFlow counter poller. The specified Receiver Index must be associated with an active sFlow receiver. If a receiver expires, all pollers associated with the receiver will also expire. Poller Interval The maximum number of seconds between successive samples of the counters associated with this data source.
To access this page, click System > Advanced Configuration > sFlow > Sampler. Figure 4.45 System > Advanced Configuration > sFlow > Sampler The following table describes the items in the previous figure. Item Description Sampler Data Source The sFlowDataSource for this sFlow sampler. The sFlow agent sup- ports physical ports as sFlow data sources.
Source Interface Configuration Use the sFlow Source Interface Configuration page to specify the physical or logical interface to use as the sFlow client source interface. When an IP address is config- ured on the source interface, this address is used for all sFlow communications between the local sFlow client and the remote sFlow server.
The following table describes the items in the previous figure. Item Description Community Name Community name used in SNMPv1/v2 packets. This is configured in the client and identifies the access the user may connect with. Security Name Identifies the security entry that associates communities and Groups for a specific access type.
To add a new SNMP community group: Click System > Advanced Configuration > SNMP > Community > Add Commu- nity Group. Figure 4.50 System > Advanced Configuration > SNMP > Community > Add Community Group The following table describes the items in the previous figure. Item Description Community Name...
Item Description Timeout Value The number of seconds to wait for an acknowledgment from the SNMP management host before resending an inform message. Retries The number of times to resend an inform message that is not acknowledged by the SNMP management host. Filter The name of the filter for the SNMP management host.
Item Description Filter The name of the filter for the SNMP management host. The filter is configured by using the CLI and defines which MIB objects to include or exclude from the view. This field is optional. UDP Port The UDP port on the SNMP management host that will receive the SNMP notifications.
Item Description UDP Port The UDP port on the SNMP management host that will receive the SNMP notifications. If no value is specified when configuring a receiver, the default UDP port value is used. Refresh Click Refresh to update the screen. Click Add to add a new SNMP trap receiver.
Item Description Timeout Value (Sec- The number of seconds to wait for an acknowledgment from the onds) SNMP receiver before resending an inform message. Filter The name of the filter for the SNMP management host. The filter is configured by using the CLI and defines which MIB objects to include or exclude from the view.
To access this page, click System > Advanced Configuration > SNMP > Access Control Group. Figure 4.56 System > Advanced Configuration > SNMP > Access Control Group The following table describes the items in the previous figure. Item Description Group Name The name that identifies the SNMP group.
To add a new access control group: Click System > Advanced Configuration > SNMP > Access Control Group > Add. Figure 4.57 System > Advanced Configuration > SNMP > Access Control Group > Add The following table describes the items in the previous figure. Item Description Access Control Group...
Item Description Write The level of write access rights for the group. The menu includes the available SNMP views. When adding a group, select the check box to allow the field to be configured, then select the desired view that per- mits management read-write access to the contents of the agent but not to the community.
Item Description Refresh Click Refresh to update the screen. Click Add to add a new SNMP user. Remove Click Remove to remove the selected entries. To add a new SNMP user: Click System > Advanced Configuration > SNMP > User Security Model > Add. Figure 4.59 System >...
Item Description Privacy Specifies the privacy protocol to be used on encrypted messages on behalf of the specified user. This parameter is only valid if the Authen- tication method parameter is not NONE. DES: DES protocol will be used. ...
To access this page, click System > Advanced Configuration > SNMP > Server Configuration. Figure 4.61 System > Advanced Configuration > SNMP > Server Configuration The following table describes the items in the previous figure. Item Description SNMP Server Port The UDP port number on which the SNMP server listens for requests.
Item Description Unicast Poll Timeout Specifies the timeout value, in seconds, to wait for an SNTP response (Seconds) when configured in unicast mode. Unicast Poll Retry Specifies the number of times to retry a request to an SNTP server after the first time-out before attempting to use the next configured server when configured in unicast mode.
Item Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes. ...
The following table describes the items in the previous figure. Item Description SNTP Server The address or host name of an SNTP server the device can use to synchronize the system time. Type The configured SNTP server address type, which can be IPv4, IPv6, or DNS.
The SNTP Server Status page displays status information about the SNTP servers configured on your switch. To access this page, click System > Advanced Configuration > SNTP > Server Status. Figure 4.66 System > Advanced Configuration > SNTP > Server Status The following table describes the items in the previous figure.
To access this page, click System > Advanced Configuration > SNTP > Source Interface Configuration. Figure 4.67 System > Advanced Configuration > SNTP > Source Interface Configuration The following table describes the items in the previous figure. Item Description Type The type of interface to use as the source interface: ...
The following table describes the items in the previous figure. Item Description Admin Mode Enables or disables the Time Range administrative mode. When enabled, actions with subscribed components are performed for exist- ing time range entries. Time Range Name The unique ID or name that identifies this time range. A time-based ACL rule can reference the name configured in this field.
To access this page, click System > Advanced Configuration > Time Ranges > Entry Configuration. Figure 4.70 System > Advanced Configuration > Time Ranges > Entry Configuration The following table describes the items in the previous figure. Item Description Time Range Name Click the drop-down menu to select a time range.
The following table describes the items in the previous figure. Item Description Time Range Name The time range configuration that will include the Absolute time range entry. Start Time Select this option to configure values for the Start Date and the Start- ing Time of Day.
The following table describes the items in the previous figure. Item Description Time Range Name The time range configuration that will include the Periodic time range entry. Applicable Days Select the days on which the Periodic time range entry is active: ...
Page 100
The following table describes the items in the previous figure. Item Description Current Time Time The current time on the system clock. This time is used to provide time stamps on log messages. Additionally, some CLI show com- mands include the time in the command output. Zone The acronym that represents the time zone.
To access this page, click System > Advanced Configuration > Time Zone > Time Zone. Figure 4.74 System > Advanced Configuration > Time Zone > Time Zone The following table describes the items in the previous figure. Item Description Time Zone Offset The system clock's offset from UTC, which is also known as Green- wich Mean Time (GMT).
Page 102
The following table describes the items in the previous figure. Item Description Summer Time The summer time mode on the system: Disable: Summer time is not active, and the time does not shift based on the time of year. ...
4.3.2.12 Event Manager The pages in the Event Manager folder allow you to view and configure information about alarm LED, alarm relay, alarm relay2, logs, Email and SNMP traps the system generates. Alarm Status Use the Alarm Status page to view the current alarm status for alarm LED, alarm relay and alarm relay2.
The following table describes the items in the previous figure. Item Description Trap Log Capacity The maximum number of traps the log can store. If the number of traps exceeds the capacity, new entries overwrite the oldest entries. Number of Traps The number of traps the system has generated since the trap log Since Last Reset entries were last cleared, either by clicking Clear Log or by resetting...
To add a new policy list: Click System > Advanced Configuration > Event Manager > Policy List > Add. Figure 4.79 System > Advanced Configuration > Event Manager > Policy List > The following table describes the items in the previous figure. Item Description List Name...
The following table describes the items in the previous figure. Item Description Alarm LED The policy list to trigger system alarm LED as always on, blinking or off. Alarm Relay The policy list to trigger system alarm relay as always on or off. Alarm Relay 2 The policy list to trigger system alarm relay 2 as always on or off.
4.3.3 Basic Configuration 4.3.3.1 Switch IEEE 802.3x flow control works by pausing a port when the port becomes oversub- scribed and dropping all traffic for small bursts of time during the congestion condi- tion. This can lead to high-priority and/or network control traffic loss. When 802.3x flow control is enabled, lower speed switches can communicate with higher speed switches by requesting that the higher speed switch refrains from sending packets.
The following table describes the items in the previous figure. Item Description Save Click Save to initiate a save of all system configuration after display- ing a confirmation message. All of the current system configuration settings, including any that have been changed by the user, are stored into non-volatile memory so that they are preserved across a system reset.
To access this page, click System > Configuration Storage > Copy. Figure 4.86 System > Configuration Storage > Copy The following table describes the items in the previous figure. Item Description Source File Select the configuration file that will overwrite the contents in the selected destination file.
Page 110
The following table describes the items in the previous figure. Item Description Network Configura- Specify how the device acquires network information on the network tion Protocol interface: None: The device does not attempt to acquire network informa- tion dynamically. Select this option to configure a static IP address, subnet mask, and default gateway.
4.3.5.2 IPv6 Use the IPv6 Network Connectivity page to configure and view IPv6 information on the network interface. The network interface is the logical interface that allows remote management of the device via any of the front-panel switch ports. To enable manage- ment of the device over an IPv6 network by using a Web browser, SNMP, Telnet, or SSH, you must first configure the device with the appropriate IPv6 information.
Item Description Dynamic IPv6 Lists the IPv6 addresses on the network interface that have been Addresses dynamically configured through IPv6 auto configuration or DHCPv6. Default IPv6 Routers Lists the IPv6 address of each default router that has been automati- cally configured through IPv6 router discovery. Submit Click Submit to save the values and update the screen.
Item Description Click Add to add a new network port IPv6 neighbor. Remove Click Remove to remove the selected entries. To add a new network port IPv6 neighbor: Click System > Connectivity > IPv6 Neighbors > Add. Figure 4.90 System > Connectivity > IPv6 Neighbors > Add The following table describes the items in the previous figure.
Item Description DHCP Client Identi- The DHCP Client Identifier (Option 61) is used by DHCP clients to fier specify their unique identifier. DHCP servers use this value to index their database of address bindings. This value is expected to be unique for all clients in an administrative domain.
Item Description IPv6 Stateless Sets the IPv6 stateless address auto configuration mode on the ser- Address AutoConfig vice port. Mode Enabled: The service port can acquire an IPv6 address through IPv6 Neighbor Discovery Protocol (NDP) and through the use of Router Advertisement messages.
The following table describes the items in the previous figure. Item Description IPv6 Addresses The IPv6 address of a neighbor device that has been reachable on the local link through the service port. MAC Address The MAC address of the neighboring device. Type The type of the neighbor entry, which is one of the following: ...
4.3.5.7 DHCP Client Options Use the DHCP Client Options page to configure DHCP client settings on the system. To access this page, click System > Connectivity > DHCP Client Options. Figure 4.95 System > Connectivity > DHCP Client Options The following table describes the items in the previous figure. Item Description DHCP Vendor Class...
and add a description to each image on the device. The device uses the HTTP proto- col to transfer the image, and the image is saved as the backup image. To access this page, click System > Firmware > Configuration and Upgrade. Figure 4.97 System >...
reaches the configured maximum size, the oldest message is deleted from the RAM when a new message is added. If the system restarts, all messages are cleared. To access this page, click System > Logs > Buffered Log. Figure 4.98 System > Logs > Buffered Log The following table describes the items in the previous figure.
To access this page, click System > Logs > Event Log. Figure 4.99 System > Logs > Event Log The following table describes the items in the previous figure. Item Description Log Index A display row index number used to identify the event log entry, with the most recent entry listed first (lowest number).
Item Description Severity The severity level associated with the log entry. The severity can be one of the following: Emergency (0): The device is unusable. Alert (1): Action must be taken immediately. Critical (2): The device is experiencing primary system failures. ...
Click System > Logs > Hosts > Add. Figure 4.102 System > Logs > Hosts > Add The following table describes the items in the previous figure. Item Description IP Address/Host The IP address or DNS-resolvable host name of the remote host to Name receive log messages.
Item Description Console Log Configuration Admin Mode Enable or disable logging to any serial device attached to the host. Severity Filter Select the severity of the messages to be logged. All messages at and above the selected threshold are logged to the console. The severity can be one of the following: ...
The following table describes the items in the previous figure. Item Description Type The type of interface to use as the source interface: None: The primary IP address of the originating (outbound) interface is used as the source address. ...
4.3.8 Management Access 4.3.8.1 System Use the System Connectivity page to control access to the management interface by administratively enabling or disabling various access methods. To access this page, click System > Management Access > System. Figure 4.106 System > Management Access > System The following table describes the items in the previous figure.
The Telnet Session Configuration page allows you to control inbound telnet settings on the switch. Inbound telnet sessions originate on a remote system and allow a user on that system to connect to the switch CLI. To access this page, click System > Management Access > Telnet. Figure 4.107 System >...
The following table describes the items in the previous figure. Item Description Serial Time Out (Min- Serial port inactivity timeout value, in minutes. A logged-in user who utes) does not exhibit any CLI activity through the serial port connection for this amount of time is automatically logged out of the device.
To access this page, click System > Management Access > HTTP. Figure 4.110 System > Management Access > HTTP The following table describes the items in the previous figure. Item Description HTTP Admin Mode Enables or disables the HTTP administrative mode. When enabled, the device can be accessed through a web browser using the HTTP protocol.
Page 129
The following table describes the items in the previous figure. Item Description HTTPS Admin Mode Enables or disables the HTTPS administrative mode. When this mode is enabled, the device can be accessed through a web browser using the HTTPS protocol. TLS Version 1 Enables or disables Transport Layer Security Version 1.0.
To access this page, click System > Management Access > SSH. Figure 4.112 System > Management Access > SSH The following table describes the items in the previous figure. Item Description SSH Admin Mode Enables or disables the SSH server administrative mode. When this mode is enabled, the device can be accessed by using an SSH client on a remote system.
Item Description Refresh Click Refresh to update the screen. Cancel Click Cancel to restore default value. 4.3.9 Passwords 4.3.9.1 Line Password Use the Line Password Configuration page to configure line mode passwords. To access this page, click System > Passwords > Line Password. Figure 4.113 System >...
Item Description Refresh Click Refresh to update the screen. Cancel Click Cancel to restore default value. 4.3.9.3 Password Rules Use the Password Rules page to configure settings that apply to all user passwords. To access this page, click System > Passwords > Password Rules. Figure 4.115 System >...
Item Description Minimum Character This minimum number of character classes, defined as the various Classes password strength categories listed above, that must be met in order for a password to be considered valid. It is permissible, therefore, to define strength checking criteria for each of the different types of con- ditions, but only require a valid password to meet some of them.
To access this page, click System > Passwords > Reset Passwords. Figure 4.117 System > Passwords > Reset Passwords The following table describes the items in the previous figure. Item Description Reset Click Reset to initiates a reset of all login passwords to their factory default setting after displaying a confirmation message.
Item Description Power Supply Volt- The measured usage voltage of PSE in dV. age (dV) Temperature Guard Configure PoE temperature guard threshold. Threshold (°C) System Tempera- The measured temperature of PSE in degree Celsius. ture (°C) System Fault Indica- The fault status of the PSE. tion Submit Click Submit to save the values and update the screen.
Item Description Current Consump- The interface port output current(milliAmp) drawn by device. tion Detection Status The status of the port as a provider of PoE. Such devices are referred to as PSE. The status can be one of the following: ...
Item Description Refresh Click Refresh to update the screen. Clear Counters Click Clear Counters to reset all counters to zero. 4.3.11 Port The pages in the Port folder allow you to view and monitor the physical port informa- tion for the ports available on the switch. The Port folder has links to the following pages: 4.3.11.1 Summary...
Item Description STP Mode The Spanning Tree Protocol (STP) Administrative Mode associated with the port or LAG. STP is a layer 2 protocol that provides a tree topology for switches on a bridged LAN. STP allows a network to have redundant paths without the risk of network loops.
Item Description Refresh Click Refresh to update the screen. Edit Click Edit to edit the selected entries. 4.3.11.3 Cable Test The cable test feature enables you to determine the cable connection status on a selected port. You can also obtain an estimate of the length of the cable connected to the port, if the PHY on the ports supports this functionality.
4.3.11.4 Mirroring Port mirroring selects the network traffic for analysis by a network analyzer. This is done for specific ports of the switch. As such, many switch ports are configured as source ports and one switch port is configured as a destination port. You have the ability to configure how traffic is mirrored on a source port.
Item Description Source The ports or VLAN configured to mirror traffic to the destination. You can configure multiple source ports or one source VLAN per session. The source VLAN can also be a remote VLAN. Direction The direction of traffic on the source port (or source ports) or VLAN that is sent to the specified destination.
4.3.12 Statistics 4.3.12.1 System Switch The Switch Statistics page shows summary information about traffic transmitted and received on the device, entries in the MAC address table, and Virtual Local Area Net- works (VLANs) that exist on the device. To access this page, click System > Statistics > System > Switch. Figure 4.126 System >...
Item Description Static Entries The current number of entries in the MAC address table or VLAN database that an administrator has statically configured. Dynamic Entries The current number of entries in the MAC address table or VLAN database that have been dynamically learned by the device. Total Entries Deleted The number of VLANs that have been created and then deleted since the last reboot.
Item Description Clear Counters Click Clear Counters to reset the selected counters to zero. Clear All Counters Click Clear All Counters to reset all counters to zero. Port Detailed The Port Detailed Statistics page shows detailed information about the traffic trans- mitted and received by each interface.
Item Description FCS Errors Frame Check Sequence errors may occur if a network link is bad or if packets are being dropped. Protocol The table shows statistics about various protocol data units (PDUs) or EAPOL frames transmitted or received by the interface. Statistics for transmitted traffic and received traffic are shown in separate columns.
Item Description Request Packets Number of DHCPv6 request messages the client sent in response to Transmitted a DHCPv6 server's advertisement message. Renew Packets Number of renew messages the DHCPv6 client has sent to the server Transmitted to request an extension of the lifetime of the information provided by the server.
Item Description Time Range The name of the periodic or absolute time range to use for data collec- tion. The time range is configured by using the Time Range Summary and Time Range Entry Summary pages. The time range must be con- figured on the system before the time-based statistics can be col- lected.
Page 148
The following table describes the items in the previous figure. Item Description Group The type of traffic statistics to collect for the group, which is one of the following: Received: The number of packets received on the interfaces within the group. ...
To access this page, click System > Statistics > Time Based > Flow Based. Figure 4.132 System > Statistics > Time Based > Flow Based The following table describes the items in the previous figure. Item Description Reporting Methods The methods for reporting the collected statistics at the end of every configured interval.
Click System > Statistics > Time Based > Flow Based > Add. Figure 4.133 System > Statistics > Time Based > Flow Based > Add The following table describes the items in the previous figure. Item Description Rule Id The number that identifies the flow-based statistics collection rule. Time Range The name of the periodic or absolute time range to use for data collec- tion.
Statistics Use the Time Based Statistics page to view time-based statistics collected for the configured traffic groups and flow-based rules. To access this page, click System > Statistics > Time Based > Statistics. Figure 4.134 System > Statistics > Time Based > Statistics The following table describes the items in the previous figure.
The following table describes the items in the previous figure. Item Description MAC Address The physical (MAC) address associated with the IP address of the connection. IP Address The Internet (IP) address of the connection. Interface Shows the switch port through which the connection was established, or displays as Management if the connection occurred via a non-net- work port interface (if applicable).
Item Description 60 Seconds The percentage amount of CPU utilization consumed by the corre- sponding task in the last 60 seconds. 300 Seconds The percentage amount of CPU utilization consumed by the corre- sponding task in the last 300 seconds. Refresh Click Refresh to update the screen.
Page 154
The following table describes the items in the previous figure. Item Description System Information System Description The product name of this device. System Name The configured name used to identify this device. System Location The configured location of this device. System Contact The configured contact person for this device.
To access this page, click System > Summary > Description. Figure 4.139 System > Summary > Description The following table describes the items in the previous figure. Item Description System Description The product name of this device. System Name The name used to identify this device. The factory default is blank. System Location The location of this device.
The following table describes the items in the previous figure. Item Description System Description The product name of this device. Machine Type The hardware platform of this device. Machine Model The product model number. Serial Number The unique serial number used to identify the device. Manufacturer The two-octet code that identifies the manufacturer.
Item Description Status Provides information about the entry and why it is in the table, which can be one of the following: Static: The address has been manually configured and does not age out. Learned: The address has been automatically learned by the device and can age out when it is not in use.
Item Description Access Level The access or privilege level for this user. The options are: Privilege-15: The user can view and modify the configuration. Privilege-1: The user can view the configuration but cannot mod- ify any fields. Privilege-0: The user exists but is not permitted to log on to the device.
Item Description Password Strength Shows the status of password strength check. Encrypted Password Specifies the password encryption. Submit Click Submit to save the values. Cancel Click Cancel to close the window. 4.3.15.2 Auth Server Users Use the Auth Server Users page to add and remove users from the local authentica- tion server user database.
Item Description Password Required Select this option to indicate that the user must enter a password to be authenticated. If this option is clear, the user is required only to enter a valid user name. Password Specify the password to associate with the user name (if required). Confirm Re-enter the password to confirm the entry.
The following table describes the items in the previous figure. Item Description Reset Click Reset to initiates the system reset action after displaying a con- firmation message. 4.3.16.2 Ping Use the Ping page to tell the switch to send a Ping request to a specified IP address. You can use this feature to check whether the switch can communicate with a partic- ular network host.
Item Description Start Click Start to start the ping test. The device sends the specified num- ber of ping packets to the host. Stop Click Stop to interrupts the current ping test. 4.3.16.3 Ping IPv6 Use the Ping IPv6 page to tell the device to send one or more ping requests to a specified IPv6 host.
4.3.16.4 TraceRoute Use the TraceRoute page to determine the layer 3 path a packet takes from the device to a specific IP address or hostname. When you initiate the TraceRoute com- mand by clicking the Start button, the device sends a series of TraceRoute probes toward the destination.
Page 164
Item Description Status The current status of the TraceRoute, which can be: Not Started: The TraceRoute has not been initiated since view- ing the page. In Progress: The TraceRoute has been initiated and is running. Stopped: The TraceRoute was interrupted by clicking the Stop button.
To access this page, click System > Utilities > TraceRoute IPv6. Figure 4.151 System > Utilities > TraceRoute IPv6 The following table describes the items in the previous figure. Item Description Host Name or IPv6 The DNS-resolvable hostname or IPv6 address of the system to Address attempt to reach.
Item Description Results The results of the TraceRoute, which are displayed in the following format: 1 3001::1 708 ms 41 ms 11 ms 2 4001::2 250 ms 200 ms 193 ms 3 5001::3 289 ms 313 ms 278 ms 4 6001::4 651 ms 41 ms 270 ms 5 :: * N * N * N Hop Count = 4 Last TTL = 5 Test attempt = 1 Test Success = 0 For each TTL value probed, the results show the IP address of the...
The following table describes the items in the previous figure. Item Description Status IP Address Conflict Indicates whether a conflicting IP address has been detected since Currently Exists this status was last reset. False: No conflict detected (the subsequent fields on this page display as N/A).
Page 168
Item Description File Type: Specify the type of file to transfer from the device to a remote system. – Active Code: Select this option to transfer an active image. – Backup Code: Select this option to transfer an backup image. –...
Page 169
Item Description File Type: Specify the type of file to transfer to the device: – Active Code: Select this option to transfer a new image to the device. The code file is stored as the active image. – Backup Code: Select this option to transfer a new image to the device.
Item Description Select File: If HTTP is the Transfer Protocol, browse to the direc- tory where the file is located and select the file to transfer to the device. This field is not present if the Transfer Protocol is TFTP or FTP.
To access this page, click Switching > Class of Service > 802.1p. Figure 4.154 Switching > Class of Service > 802.1p The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. The Global entry represents the common settings for all interfaces, unless specifically overridden individually.
VLAN Configuration Use the DHCP Snooping VLAN Configuration page to view and configure the DHCP snooping settings on VLANs that exist on the device. DHCP snooping can be config- ured on switching VLANs and routing VLANs. For Layer 2 (non-routing) VLANs, DHCP snooping forwards valid DHCP client messages received on the VLANs.
Interface Configuration Use the DHCP Snooping Interface Configuration page to view and configure the DHCP snooping settings for each interface. The DHCP snooping feature processes incoming DHCP messages. For DHCPRELEASE and DHCPDECLINE messages, the feature compares the receive interface and VLAN with the client's interface and VLAN in the binding database.
Item Description Rate Limit (pps) The rate limit value for DHCP packets received on the interface. To prevent DHCP packets from being used as a DoS attack when DHCP snooping is enabled, the snooping application enforces a rate limit for DHCP packets received on untrusted interfaces.
The following table describes the items in the previous figure. Item Description Interface The interface on which the DHCP client is authorized. MAC Address The MAC address associated with the DHCP client. This is the Key to the binding database. VLAN ID The ID of the VLAN the client is authorized to use.
To access this page, click Switching > DHCP Snooping > Base > Persistent. Figure 4.162 Switching > DHCP Snooping > Base > Persistent The following table describes the items in the previous figure. Item Description Store The location of the DHCP snooping bindings database, which is either locally on the device (Local) or on a remote system (Remote).
Item Description DHCP Server Msgs The number of DHCP server messages (DHCPOFFER, DHCPACK, Received DHCPNAK, DHCPRELEASEQUERY) that have been dropped on an untrusted port. Refresh Click Refresh to update the screen. Clear Counters Click Clear Counters to reset all statistics to zero for all interfaces. 4.4.2.2 L2 Relay Global...
The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When configuring the settings for one or more interfaces, this field identifies each interface that is being configured. L2 Relay Mode The administrative mode of L2 relay mode on the interface.
Item Description Remote ID The DHCP remote identifier string. When a string is entered here, if a client sends a DHCP request to the device and the client is in a VLAN that corresponds to the S-VID, the device adds the string to the Remote-ID suboption of Option 82 in the DHCP request packet.
To access this page, click Switching > DHCP Snooping > L2 Relay > Statistics. Figure 4.168 Switching > DHCP Snooping > L2 Relay > Statistics The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. Untrusted Server The number of messages received on an untrusted interface from a Messages With...
The following table describes the items in the previous figure. Item Description DHCP Snooping The administrative mode of IPv6 DHCP snooping on the device. Mode MAC Address Vali- Enables or Disables the verification of the sender MAC address for dation IPv6 DHCP snooping.
To enable a VLAN for IPv6 DHCP snooping: Click Switching > IPv6 DHCP Snooping > Base > VLAN Configuration > Add. Figure 4.171 Switching > IPv6 DHCP Snooping > Base > VLAN Configuration > The following table describes the items in the previous figure. Item Description VLAN ID...
The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When configuring the settings for one or more interfaces, this field identifies each interface that is being configured. Trust State The trust state configured on the interface.
The following table describes the items in the previous figure. Item Description Interface The interface on which the DHCPv6 client is authorized. MAC Address The MAC address associated with the DHCP client. This is the key to the binding database. VLAN ID The ID of the VLAN the client is authorized to use.
To access this page, click Switching > IPv6 DHCP Snooping > Base > Dynamic Bindings. Figure 4.175 Switching > IPv6 DHCP Snooping > Base > Dynamic Bindings The following table describes the items in the previous figure. Item Description Interface The interface on which the DHCPv6 client message was received.
Statistics Use the IPv6 DHCP Snooping Statistics page to view and clear per-interface statis- tics about the DHCPv6 messages filtered by the IPv6 DHCP snooping feature. Only interfaces that are enabled for IPv6 DHCP snooping and are untrusted appear in the table.
VLAN (DVLAN) tagging. DVLAN tagging allows the device to add a second (outer) VLAN tag to the frame while preserving the original (inner) VLAN tagging information. To access this page, click Switching > DVLAN > Configuration. Figure 4.178 Switching > DVLAN > Configuration The following table describes the items in the previous figure.
The following table describes the items in the previous figure. Item Description Primary TPID The two-byte hex EtherType value used as the first 16 bits of the DVLAN tag. This value identifies the frame as one of the following types: ...
4.4.5 Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsus- pecting neighbors.
To access this page, click Switching > Dynamic ARP Inspection > VLAN. Figure 4.182 Switching > Dynamic ARP Inspection > VLAN The following table describes the items in the previous figure. Item Description VLAN ID Lists each VLAN that has been enabled for DAI. After you click Add, use the VLAN ID menu to select the VLAN on which to enable DAI.
Item Description Log Invalid Packets Indicates whether DAI logging is enabled on this VLAN. When logging is enabled, DAI generates a log message whenever an invalid ARP packet is discovered and dropped. ARP ACL Name The name of the of ARP access control list (ACL) that the VLAN uses as the filter for ARP packet validation.
Item Description Burst Interval The number of consecutive seconds the interface is monitored for incoming ARP packet rate limit violations. Refresh Click Refresh to update the screen. Edit Click Edit to edit the selected entries. 4.4.5.4 Use the Dynamic ARP Inspection ACL Configuration page to configure ARP Access Control Lists (ACLs).
The following table describes the items in the previous figure. Item Description ACL Name The name of the ACL. Only the ACLs that appear in this column can be referenced by DNI-enabled VLANs. When adding a rule to an existing ACL, use the ACL Name menu to select the ACL to update.
The following table describes the items in the previous figure. Item Description VLAN ID The DAI-enabled VLAN associated with the rest of the information in the row. When DAI is enabled on a VLAN, DAI is enabled on all inter- faces that are members of that VLAN.
To access this page, click Switching > Filters > MAC Filters. Figure 4.189 Switching > Filters > MAC Filters The following table describes the items in the previous figure. Item Description MAC Address The MAC address of the filter. The destination MAC address of an Ethernet frame must match this value to be considered for the filter.
Click Switching > Filters > MAC Filters > Add. Figure 4.190 Switching > Filters > MAC Filters > Add The following table describes the items in the previous figure. Item Description MAC Address The MAC address of the filter. The destination MAC address of an Ethernet frame must match this value to be considered for the filter.
(GMRP). GARP is a general-purpose protocol that registers any network connectivity or membership-style information. GARP defines a set of switches interested in a given network attribute, such as VLAN ID or multicast address. To access this page, click Switching > GARP > Switch. Figure 4.191 Switching >...
Item Description GMRP Mode The administrative mode of GMRP on the interface. When enabled, GMRP can help control the flooding of multicast traffic by keeping track of group membership information. GMRP must also be enabled glob- ally for the protocol to be active on the interface. When disabled, the protocol will not be active on the interface, and the GARP timers have no effect.
Page 199
To access this page, click Switching > IGMP Snooping > Configuration. Figure 4.193 Switching > IGMP Snooping > Configuration The following table describes the items in the previous figure. Item Description Admin Mode The administrative mode of IGMP snooping on the device. Multicast Control The number of data frames forwarded by the CPU.
Item Description Max Response Time The number of seconds the interface should wait after sending a query if it does not receive a report for a particular group. The specified value should be less than the Group Membership Interval. Multicast Router The number of seconds the interface should wait to receive a query Expiration Time before it is removed from the list of interfaces with multicast routers...
Item Description Report Suppression The IGMPv1 and IGMPv2 report suppression mode. The device uses Mode IGMP report suppression to limit the membership report traffic sent to multicast-capable routers. When this mode is enabled, the device does not send duplicate reports to the multicast router. Note that this mode is supported only when the multicast query has IGMPv1 and IGMPv2 reports.
Item Description Report Suppression The IGMPv1 and IGMPv2 report suppression mode. The device uses Mode IGMP report suppression to limit the membership report traffic sent to multicast-capable routers. When this mode is enabled, the device does not send duplicate reports to the multicast router. Note that this mode is supported only when the multicast query has IGMPv1 and IGMPv2 reports.
To access this page, click Switching > IGMP Snooping > Multicast Router VLAN Status. Figure 4.198 Switching > IGMP Snooping > Multicast Router VLAN Status The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. Only inter- faces that are configured with multicast router VLANs appear in the table.
Item Description Configured VLAN The VLANs that are enabled as multicast router interfaces on the selected port or LAG. To disable a VLAN as a multicast router inter- face, click the VLAN ID to select it (or CTRL + click to select multiple VLAN IDs).
To access this page, click Switching > IGMP Snooping Querier > VLAN Configu- ration. Figure 4.201 Switching > IGMP Snooping Querier > VLAN Configuration The following table describes the items in the previous figure. Item Description VLAN ID The VLAN on which the IGMP snooping querier is enabled. When enabling the IGMP snooping querier on a VLAN, use this menu to select the desired VLAN.
The following table describes the items in the previous figure. Item Description VLAN ID The VLAN on which the IGMP snooping querier is enabled. When enabling the IGMP snooping querier on a VLAN, use this menu to select the desired VLAN. Only VLANs that have been configured on the system and are not already enabled for the IGMP snooping querier appear in the menu.
Item Description State The operational state of the IGMP snooping querier on the VLAN, which is one of the following: Querier: The snooping switch is the querier in the VLAN. The snooping switch will send out periodic queries with a time interval equal to the configured querier query interval.
To access this page, click Switching > MLD Snooping > Source Specific Multi- cast. Figure 4.206 Switching > MLD Snooping > Source Specific Multicast The following table describes the items in the previous figure. Item Description VLAN ID The VLAN on which the MLDv2 report is received. Group The IPv6 multicast group address of the multicast group the host belongs to.
Item Description Group Membership The number of seconds the VLAN should wait for a report for a particu- Interval lar group on the VLAN before the MLD snooping feature deletes the VLAN from the group. Max Response Time The number of seconds the VLAN should wait after sending a query if does not receive a report for a particular group.
Item Description Fast Leave Admin The administrative mode of Fast Leave on the VLAN. If Fast Leave is Mode enabled, the VLAN can be immediately removed from the Layer 2 for- warding table entry upon receiving an MLD leave message for a multi- cast group without first sending out MAC-based general queries.
To access this page, click Switching > MLD Snooping > Multicast Router VLAN Status. Figure 4.210 Switching > MLD Snooping > Multicast Router VLAN Status The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. Only inter- faces that are configured with multicast router VLANs appear in the table.
Item Description VLAN ID The ID of each VLAN configured as enabled as a multicast router inter- face on the associated interface. When changing the multicast routing VLAN interfaces that are associated with an interface, click the VLAN ID to select it (or CTRL + click to select multiple VLAN IDs). Submit Click Submit to save the values.
To access this page, click Switching > MLD Snooping Querier > VLAN Configura- tion. Figure 4.213 Switching > MLD Snooping Querier > VLAN Configuration The following table describes the items in the previous figure. Item Description VLAN ID The VLAN on which the MLD snooping querier is enabled. When enabling the MLD snooping querier on a VLAN, use this menu to select the desired VLAN.
The following table describes the items in the previous figure. Item Description VLAN ID The VLAN on which the MLD snooping querier is enabled. When enabling the MLD snooping querier on a VLAN, use this menu to select the desired VLAN. Only VLANs that have been configured on the sys- tem and are not already enabled for the MLD snooping querier appear in the menu.
Item Description State The operational state of the MLD Snooping Querier on a VLAN, which is one of the following: Querier: The snooping switch is the querier in the VLAN. The snooping switch will send out periodic queries with a time interval equal to the configured querier query interval.
The following table describes the items in the previous figure. Item Description VLAN ID The VLAN ID associated with the entry in the MFDB. MAC Address The multicast MAC address that has been added to the MFDB. Component The feature on the device that was responsible for adding the entry to the multicast forwarding database, which is one of the following: ...
Item Description Description A text description of this multicast table entry. Interface(s) The list of interfaces that will forward or filter traffic sent to the multicast MAC address. Refresh Click Refresh to update the screen. 4.4.12.3 IGMP Snooping The Multicast Forwarding Database IGMP Snooping Table page displays the entries in the multicast forwarding database (MFDB) that were added because they were discovered by the IGMP snooping feature.
To access this page, click Switching > Multicast Forwarding Database > MLD Snooping. Figure 4.219 Switching > Multicast Forwarding Database > MLD Snooping The following table describes the items in the previous figure. Item Description VLAN ID The VLAN ID associated with the entry in the MFDB. MAC Address The multicast MAC address associated with the entry in the MFDB.
the Join and Report messages only for the statically configured groups. All other groups are managed by IGMP snooping. MVR uses the multicast VLAN, a dedicated VLAN used to transfer multicast traffic over the network avoiding duplication of multi- cast streams for clients in different VLANs. 4.4.13.1 Global Use the MVR Global Configuration page to view and configure the global settings for...
To access this page, click Switching > MVR > Group. Figure 4.222 Switching > MVR > Group The following table describes the items in the previous figure. Item Description Group The multicast group address. Status The status of the group, which can be one of the following: ...
To access this page, click Switching > MVR > Interface. Figure 4.224 Switching > MVR > Interface The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When configuring MVR settings, this field identifies the interface(s) that are being configured.
To access this page, click Switching > MVR > Statistics. Figure 4.225 Switching > MVR > Statistics The following table describes the items in the previous figure. Item Description IGMP Queries The total number of IGMP Queries successfully transmitted or received by the processor.
The following table describes the items in the previous figure. Item Description Transmit Interval The number of seconds between transmissions of LLDP advertise- (Seconds) ments. Transmit Hold Multi- The Transmit Interval multiplier value, where Transmit Hold Multiplier - plier (Seconds) Transmit Interval = the time to live (TTL) value the device advertises to neighbors.
Item Description Transmit Manage- Indicates whether management address information for the local ment Information device is transmitted in LLDPDUs. Other remote managers can obtain information about the device by using its advertised management address. Refresh Click Refresh to update the screen. Click Add to add a new LLDP interface.
Item Description System Name Select this option to include the user-configured system name in the LLDPDU the interface transmits. The system name is configured on the System Description page and is the SNMP server name for the device. System Description Select this option to include a description of the device in the LLDPDU the interface transmits.
To access this page, click Switching > LLDP > Remote Devices. Figure 4.230 Switching > LLDP > Remote Devices The following table describes the items in the previous figure. Item Description Interface The local interface that is enabled to receive LLDPDUs from remote devices.
Item Description Total Ageouts The number of times the complete set of information advertised by a particular MSAP has been deleted from tables associated with the remote systems because the information timeliness interval has expired. Interface The interface associated with the rest of the data in the row. Transmit Total The number of LLDPDUs transmitted by the LLDP agent on the inter- face.
The following table describes the items in the previous figure. Item Description Fast Start Repeat The number of LLDP-MED Protocol Data Units (PDUs) that will be Count transmitted when the protocol is enabled. Device Class The device's MED Classification. The following three classifications represent the actual endpoints: ...
Item Description Click Add to add a new LLDP interface. Edit Click Edit to edit the selected entries. Remove Click Remove to remove the selected entries. To add a new LLDP interface: Click Switching > LLDP-MED > Interface > Add. Figure 4.234 Switching >...
The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When viewing LLDP-MED details for an interface, this field identifies the interface that is being viewed. Port ID The MAC address of the interface.
pose of a port channel is to increase the bandwidth between two devices. Port chan- nels can also provide redundancy. To access this page, click Switching > Port Channel > Summary. Figure 4.237 Switching > Port Channel > Summary The following table describes the items in the previous figure. Item Description Name...
Item Description Members The ports that are members of a port channel. Each port channel can have a maximum of 8 member ports. To add ports to the port channel, select one or more ports from the Port List field (CTRL + click to select multiple ports).
Item Description Refresh Click Refresh to update the screen. Clear Counters Click Clear Counters to reset the flap counters for all port channels and member ports to zero. 4.4.17 Port Security Port Security can be enabled on a per-port basis. When a port is locked, only packets with allowable source MAC addresses can be forwarded.
To access this page, click Switching > Port Security > Interface. Figure 4.240 Switching > Port Security > Interface The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When configuring the port security settings for one or more interfaces, this field lists the interfaces that are being configured.
Item Description Sticky Mode The sticky MAC address learning mode, which is one of the following: Enabled: MAC addresses learned or manually configured on this interface are learned in sticky mode. A sticky-mode MAC address is a MAC address that does not age out and is added to the running configuration.
Item Description Sticky Mode Indicates whether the static MAC address entry is added in sticky mode. When adding a static MAC address entry, the Sticky Mode field can be selected only if it is enabled on the interface. If a static MAC address is added in sticky mode, and sticky mode is disabled on the interface, the MAC address entry is converted to a dynamic entry and will age out and be removed from the running (and saved) configura-...
To access this page, click Switching > Port Security > Dynamic MAC. Figure 4.243 Switching > Port Security > Dynamic MAC The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When converting dynamic addresses to static addresses, use the Interface menu to select the interface to associate with the MAC addresses.
Item Description Refresh Click Refresh to update the screen. Click Add to add a new protected ports group and add ports to the group. Edit Click Edit to edit the selected entries. Remove Click Remove to remove the selected entries. To add a new protected ports group and add ports to the group: Click Switching >...
resulting in rapid transitioning of the port to 'Forwarding' state and the suppression of Topology Change Notification. These features are represented by the parameters 'pointtopoint' and 'edgeport'. MSTP is compatible to both RSTP and STP. It behaves appropriately to STP and RSTP bridges. A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge.
Item Description Refresh Click Refresh to update the screen. Cancel Click Cancel to restore default value. 4.4.19.2 Use the Spanning Tree MST Summary page to view and configure the Multiple Span- ning Tree Instances (MSTIs) on the device. Multiple Spanning Tree Protocol (MSTP) allows the creation of MSTIs based upon a VLAN or groups of VLANs.
To access this page, click Switching > Spanning Tree > MST Port. Figure 4.248 Switching > Spanning Tree > MST Port The following table describes the items in the previous figure. Item Description MST ID The menu contains the ID of each MST instance that has been created on the device.
Item Description Description A user-configured description of the port. Refresh Click Refresh to update the screen. Edit Click Edit to edit the selected entries. Details Click Details to open a window and display additional information for the selected interface. 4.4.19.4 Use the Spanning Tree CST Configuration page to configure the Common Spanning Tree (CST) settings.
Item Description Spanning Tree Tx The maximum number of BPDUs that a bridge is allowed to send Hold Count within a hello time window. Bridge Identifier A unique value that is automatically generated based on the bridge pri- ority value and the base MAC address of the bridge. When electing the root bridge for the spanning tree, if the bridge priorities for multiple bridges are equal, the bridge with the lowest MAC address is elected as the root bridge.
Page 245
The following table describes the items in the previous figure. Item Description Interface The port or link aggregation group (LAG) associated with the rest of the data in the row. When configuring CST settings for an interface, this field identifies the interface being configured. Port Role The role of the port within the CST, which is one of the following: ...
To access this page, click Switching > Spanning Tree > Statistics. Figure 4.251 Switching > Spanning Tree > Statistics The following table describes the items in the previous figure. Item Description Interface The port or link aggregation group (LAG) associated with the rest of the data in the row.
To access this page, click Switching > VLAN > Status. Note! You cannot remove or rename VLAN 1. Figure 4.252 Switching > VLAN > Status The following table describes the items in the previous figure. Item Description VLAN ID The unique VLAN identifier (VID). Name A user-configurable name that identifies the VLAN.
To add a new VLAN: Click Switching > VLAN > Status > Add. Figure 4.253 Switching > VLAN > Status > Add The following table describes the items in the previous figure. Item Description VLAN ID or Range Specify VLAN ID(s). Use '-' to specify a range and ',' to separate VLAN IDs or VLAN ranges in the list.
Item Description Participation The participation mode of the interface in the selected VLAN, which is one of the following: Include: The port is always a member of the selected VLAN. This mode is equivalent to registration fixed in the IEEE 802.1Q stan- dard.
Page 250
Item Description Acceptable Frame Indicates how the interface handles untagged and priority tagged Type frames. The options include the following: Admit All: Untagged and priority tagged frames received on the interface are accepted and assigned the value of the Port VLAN ID for this interface.
To access this page, click Switching > VLAN > Switchport Summary. Figure 4.256 Switching > VLAN > Switchport Summary The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When editing information for one or more interfaces, this field identifies the interfaces that are being configured.
4.4.20.5 Internal Usage Use the VLAN Internal Usage page to configure which VLAN IDs to use for port- based routing interfaces. When a port-based routing interface is created, an unused VLAN ID is assigned internally. This page also displays a list of VLANs assigned to routing interfaces.
To access this page, click Switching > VLAN > RSPAN. Figure 4.259 Switching > VLAN > Status The following table describes the items in the previous figure. Item Description RSPAN VLAN Click the drop-down menu to select the VLAN to use as the RSAN VLAN.
To add a new IP subnet-based VLAN: Click Switching > IP Subnet Based VLAN > Status > Add. Figure 4.261 Switching > IP Subnet Based VLAN > Status > Add The following table describes the items in the previous figure. Item Description IP Address...
Item Description Edit Click Edit to edit the selected entries. Remove Click Remove to remove the selected entries. To add a new MAC-based VLAN: Click Switching > MAC Based VLAN > Status > Add. Figure 4.263 Switching > MAC Based VLAN > Status > Add The following table describes the items in the previous figure.
Item Description VLAN The VLAN ID associated with the PBVLAN. VLAN tagging for the PBV- LAN works as follows: If the frame received over a port is tagged, normal processing takes place. If the frame received over a port is untagged, the frame type is matched according to the protocol(s) assigned to the group on that port.
The following table describes the items in the previous figure. Item Description Group Name The user-configured name that identifies the PBVLAN group. VLAN The VLAN ID associated with the PBVLAN. VLAN tagging for the PBV- LAN works as follows: If the frame received over a port is tagged, normal processing takes place.
Item Description VLAN The VLAN ID associated with the PBVLAN. Untagged traffic that matches the protocol criteria is tagged with this VLAN ID. Protocol The protocol or protocols to use as the match criteria to determine whether a particular packet belongs to the PBVLAN. The protocols in this list are checked against the two-byte EtherType field of ingress Ethernet frames on the PVBLAN Group Interfaces.
To access this page, click Switching > Private VLAN > Configuration. Figure 4.267 Switching > Private VLAN > Configuration The following table describes the items in the previous figure. Item Description VLAN ID The ID of the VLAN that exists on the device. Type The private VLAN type, which is one of the following: ...
4.4.24.2 Association Use the Private VLAN Association page to configure the association between the pri- mary VLAN and secondary VLANs. Associating a secondary VLAN with a primary VLAN allows host ports in the secondary VLAN to communicate outside the private VLAN.
Page 261
The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When editing interface settings, this field identifies the interface being config- ured. Mode The private VLAN mode of the interface, which is one of the following: ...
4.4.25 X-Ring Pro 4.4.25.1 Configuration Use the X-Ring Pro Configuration page to view and configure the X-Ring settings. To access this page, click Switching > X-Ring Pro > Configuration. Figure 4.271 Switching > X-Ring Pro > Configuration The following table describes the items in the previous figure. Item Description Ring ID...
The following table describes the items in the previous figure. Item Description Ring ID Specifies a number ranging from 1 to 99 to identify a given X-Ring Pro group. Ring Mode Specifies the mode of the X-Ring Pro group. The value is either "Ring" or "Coupling".
Item Description Interface 1 Specifies the first member interface for the X-Ring Pro group. The value is either physical port or LAG (Link-Aggregation-Group) port. Interface 2 Specifies the secondary member interface for the X-Ring Pro group. For the X-Ring Pro group denoted as “Ring”, the value is either physical port or LAG (Link-Aggregation-Group) port.
the requestor, who stores the sender information in its ARP cache. Newer information always replaces existing content in the ARP cache. The number of supported ARP entries is platform-dependent. Devices can be moved in a network, which means the IP address that was at one time associated with a certain MAC address is now found using a different MAC, or may have disappeared from the network altogether (i.e., it has been reconfigured, disconnected, or powered off).
To add a new static ARP entry: Click Routing > ARP Table > Summary > Add. Figure 4.275 Routing > ARP Table > Summary > Add The following table describes the items in the previous figure. Item Description IP Address The IP address of a network host on a subnet attached to one of the device's routing interfaces.
4.5.1.3 Statistics Use the ARP Table Statistics page to view the statistics for the Address Resolution Protocol Table. You can also use this screen to display the contents of the table. To access this page, click Routing > ARP Table > Statistics. Figure 4.277 Routing >...
Page 268
The following table describes the items in the previous figure. Item Description Routing Mode The administrative mode of routing on the device. The options are as follows: Enable: The device can act as a Layer 3 device by routing pack- ets between interfaces configured for IP routing.
To access this page, click Routing > IP > Interface Summary. Figure 4.279 Routing > IP > Interface Summary The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. When viewing details about the routing settings for an interface, this field identifies the interface being viewed.
To access this page, click Routing > IP > Interface Configuration. Figure 4.280 Routing > IP > Interface Configuration The following table describes the items in the previous figure. Item Description Interface The menu contains all non-loopback interfaces that can be configured for routing.
Page 271
Item Description IP Address The IP address of the interface. This field can be configured only when the selected IP Address Configuration Method is Manual. If the method is DHCP, the interface attempts to lease an IP address from a DHCP server on the network, and the IP address appears in this field (read- only) after it is acquired.
To access this page, click Routing > IP > Statistics. Figure 4.281 Routing > IP > Statistics The following table describes the items in the previous figure. Item Description IpInReceives The total number of input datagrams received from all routing inter- faces, including those datagrams received in error.
Page 273
Item Description IpOutDiscards The number of output IP datagrams for which no problem was encoun- tered to prevent their transmission to their destination, but which were discarded (e.g., for lack of buffer space). Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion.
Item Description IcmpOutErrors The number of ICMP messages which this entity did not send due to problems discovered within ICMP, such as a lack of buffers. This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram. In some implementa- tions there may be no type of error that contributes to this counter's value.
Item Description Next Hop IP The outgoing router IP address to use when forwarding traffic to the Address next router (if any) in the path towards the destination. The next router is always one of the adjacent neighbors or the IP address of the local interface for a directly-attached network.
To add a new route: Click Routing > Router > Configured Routes > Add. Figure 4.284 Routing > Router > Configured Routes > Add The following table describes the items in the previous figure. Item Description Route Type The type of route to configure, which is one of the following: ...
To access this page, click Routing > Router > Summary. Figure 4.285 Routing > Router > Summary The following table describes the items in the previous figure. Item Description Route Types Connected Routes The total number of connected routes in the IP routing table. Static Routes The total number of static routes in the IP routing table.
Security 4.6.1 Port Access Control In port-based authentication mode, when 802.1x is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one sup- plicant is allowed to attempt authentication on a port in this mode.
Item Description Monitor Mode The administrative mode of the Monitor Mode feature on the device. Monitor mode is a special mode that can be enabled in conjunction with port-based access control. Monitor mode provides a way for net- work administrators to identify possible issues with the port-based access control configuration on the device without affecting the net- work access to the users of the device.
Page 280
Item Description Control Mode The port-based access control mode configured on the port, which is one of the following: Auto: The port is unauthorized until a successful authentication exchange has taken place. Force Unauthorized: The port ignores supplicant authentication attempts and does not provide authentication services to the cli- ent.
Item Description Edit Click Edit to edit the selected entries. Details Click Details to open a window and display additional information. 4.6.1.3 Port Configuration Use the Port Access Control Port Configuration page to enable and configure port access control on one or more ports. To access this page, click Security >...
Page 282
Item Description Authenticator Options Control Mode The port-based access control mode on the port, which is one of the following: Auto: The port is unauthorized until a successful authentication exchange has taken place. Force Unauthorized: The port ignores supplicant authentication attempts and does not provide authentication services to the cli- ent.
Item Description Supplicant Options Control Mode The port-based access control mode on the port, which is one of the following: Auto: The port is in an unauthorized state until a successful authentication exchange has taken place between the supplicant port, the authenticator port, and the authentication server.
Page 284
Item Description PAE Capabilities The Port Access Entity (PAE) role, which is one of the following: Authenticator: The port enforces authentication and passes authentication information from a remote supplicant (client or host) to the authentication server. If the server successfully authenticates the supplicant, the port allows access.
Item Description Maximum Users The maximum number of clients supported on the port if the Control Mode on the port is MAC-based 802.1X authentication. Refresh Click Refresh to update the screen. 4.6.1.5 Statistics Use the Port Access Control Statistics page to view information about the Extensible Authentication Protocol over LAN (EAPOL) frames and EAP messages sent and received by the local interfaces.
To access this page, click Security > Port Access Control > Client Summary. Figure 4.291 Security > Port Access Control > Client Summary The following table describes the items in the previous figure. Item Description Interface The local interface associated with the rest of the data in the row. When viewing detailed information for an interface, this field identifies the interface being viewed.
Item Description Users The users that are allowed access to the system through the associ- ated port. When configuring user access for a port, the Available Users field lists the users configured on the system that are denied access to the port.
Port Access Control (802.1X) 4.6.2.1 Configuration Use the RADIUS Configuration page to view and configure various settings for the RADIUS servers configured on the system. To access this page, click Security > RADIUS > Configuration. Figure 4.294 Security > RADIUS > Configuration The following table describes the items in the previous figure.
The following table describes the items in the previous figure. Item Description Current Indicates whether the RADIUS server is the current server (True) or a backup server (False) within its group. If more than one RADIUS server is configured with the same Server Name, the device selects one of the servers to be the current server in the named server group.
The following table describes the items in the previous figure. Item Description IP Address/Host The IP address or host name of the RADIUS server. Host names must Name be resolvable by DNS and are composed of a series of labels sepa- rated by dots.
Item Description Pending Requests The number of RADIUS Access-Request packets destined for the server that have not yet timed out or received a response. Timeouts The number of times a response was not received from the server within the configured timeout value. Packets Dropped The number of RADIUS packets received from the server on the authentication port and dropped for some other reason.
The following table describes the items in the previous figure. Item Description IP Address/Host The IP address or host name of the RADIUS accounting server. Host Name names must be resolvable by DNS and are composed of a series of labels separated by dots.
To access this page, click Security > RADIUS > Clear Statistics. Figure 4.301 Security > RADIUS > Clear Statistics The following table describes the items in the previous figure. Item Description Reset Click Reset to clear all RADIUS authentication and RAIDUS account- ing server statistics.
To access this page, click Security > TACACS+ > Configuration. Figure 4.303 Security > TACACS+ > Configuration The following table describes the items in the previous figure. Item Description Key String Specifies the authentication and encryption key for TACACS+ commu- nications between the device and the TACACS+ server.
Click Security > TACACS+ > Server Summary > Add. Figure 4.305 Security > TACACS+ > Server Summary > Add The following table describes the items in the previous figure. Item Description Server Specifies the TACACS+ Server IP address or Hostname. Priority Specifies the order in which the TACACS+ servers are used.
Item Description Refresh Click Refresh to update the screen. Cancel Click Cancel to restore default value. 4.6.3.4 Source Interface Configuration Use the TACACS+ Source Interface Configuration page to specify the physical or logical interface to use as the TACACS+ client source interface. When an IP address is configured on the source interface, this address is used for all TACACS+ communi- cations between the local TACACS+ client and the remote TACACS+ server.
To access this page, click QoS > Access Control Lists > Summary. Figure 4.308 QoS > Access Control Lists > Summary The following table describes the items in the previous figure. Item Description ACL Identifier The name or number that identifies the ACL. The permitted identifier depends on the ACL type.
To add a new ACL: Click QoS > Access Control Lists > Summary > Add. Figure 4.309 QoS > Access Control Lists > Summary > Add The following table describes the items in the previous figure. Item Description ACL Type The type of ACL.
To access this page, click QoS > Access Control Lists > Configuration. Figure 4.310 QoS > Access Control Lists > Configuration The following table describes the items in the previous figure. Item Description ACL Identifier The menu contains the ID for each ACL that exists on the system. Before you add or remove a rule, you must select the ID of the ACL from the menu.
Item Description Action The action to take when a packet or frame matches the criteria in the rule: Permit: The packet or frame is forwarded. Deny: The packet or frame is dropped. NOTE: When configuring ACL rules in the Add Access Control List Rule window, the selected action determines which fields can be configured.
Page 301
Item Description Action The action to take when a packet or frame matches the criteria in the rule: Permit: The packet or frame is forwarded. Deny: The packet or frame is dropped. NOTE: When configuring ACL rules in the Add Access Control List Rule window, the selected action determines which fields can be configured.
Page 302
Item Description IGMP Type The TCP/UDP destination port to match in the packet header. Select one of the following options: Equal, Not Equal, Less Than, Greater Than, or Range and specify the port number or keyword. TCP port keywords include BGP, Domain, Echo, FTP, FTP Data, HTTP, SMTP, Telnet, WWW, POP2, and POP3.
Page 303
Item Description Match Criteria (IPv6 ACLs) Every When this option is selected, all packets will match the rule and will be either permitted or denied. This option is exclusive to all other match criteria, so if Every is selected, no other match criteria can be config- ured.
Page 304
Item Description Match Criteria (MAC ACLs) Every When this option is selected, all packets will match the rule and will be either permitted or denied. This option is exclusive to all other match criteria, so if Every is selected, no other match criteria can be config- ured.
Item Description Time Range Name The name of the time range that will impose a time limitation on the ACL rule. If a time range with the specified name does not exist, and the ACL containing this ACL rule is associated with an interface, the ACL rule is applied immediately.
Item Description ACL Type The type of ACL. The ACL type determines the criteria that can be used to match packets. The type also determines which attributes can be applied to matching traffic. IPv4 ACLs classify Layer 3 and Layer 4 IPv4 traffic, IPv6 ACLs classify Layer 3 and Layer 4 IPv6 traffic, and MAC ACLs classify Layer 2 traffic.
Item Description ACL Identifier The name or number that identifies the ACL. When applying an ACL to an interface, the ACL Identifier menu includes only the ACLs within the selected ACL Type. Submit Click Submit to save the values. Cancel Click Cancel to close the window.
Item Description Refresh Click Refresh to update the screen. Click Add to associate an ACL with a VLAN. Remove Click Remove to remove the association between a VLAN and an ACL. To associate an ACL with a VLAN: Click QoS > Access Control Lists > VLANs > Add. Figure 4.315 QoS >...
To access this page, click QoS > Class of Service > IP DSCP. Figure 4.316 QoS > Class of Service > IP DSCP The following table describes the items in the previous figure. Item Description Interface The interface to configure. To configure the same IP DSCP-to-Traffic Class mappings on all interfaces, select the Global menu option.
Item Description Trust Mode The trust mode for ingress traffic on the interface, which is one of the following: untrusted: The interface ignores any priority designations encoded in incoming packets, and instead sends the packets to a traffic queue based on the ingress port's default priority. ...
Item Description Minimum Bandwidth The minimum guaranteed bandwidth allocated to the selected queue on the interface. Setting this value higher than its corresponding Maxi- mum Bandwidth automatically increases the maximum to the same value. A zero value (0) means no guaranteed minimum. The sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed defined maximum 100.
Item Description WRED Minimum The minimum queue threshold below which now packets are dropped Threshold for the associated drop precedence level. After the minimum is reached, WRED randomly drops packets based on their priority (DSCP or IP precedence). This setting applies to the interface if it is configured with a WRED queue management type.
Item Description Policy Table The current and maximum number of policy entries in the table. The policy determines the traffic conditioning or service provisioning actions applied to a traffic class. Policy Instance The current and maximum number of policy-class instance entries in Table the table.
To add a new DiffServ class: Click QoS > Diffserv > Class Summary > Add. Figure 4.322 QoS > Diffserv > Class Summary > Add The following table describes the items in the previous figure. Item Description Class Enter the name of the DiffServ class. Type The class type, which is one of the following: ...
Item Description Match Criteria The type of match criteria defined for the selected class. Value The configured value of the match criteria that corresponds to the match type. Refresh Click Refresh to update the screen. Add Match Criteria Click Add Match Criteria to define criteria for matching packets within a class.
Page 316
Item Description VLAN Select this option to require a packet's VLAN ID to match a VLAN ID or a VLAN ID within a continuous range. If you configure a range, a match occurs if a packet's VLAN ID is the same as any VLAN ID within the range.
Page 317
Item Description Source IPv6 Select this option to require the source IPv6 address in a packet Address header to match the specified values. After you select this option, use the following fields to configure the source IPv6 address match criteria: ...
Item Description Protocol Select this option to require a packet header's Layer 4 protocol to match the specified value. After you select this option, use one of the following fields to configure the protocol match criteria: Protocol: The L4 keyword that corresponds to value of the IANA protocol number to match.
To add a new DiffServ policy: Click QoS > Diffserv > Policy Summary > Add. Figure 4.326 QoS > Diffserv > Policy Summary > Add The following table describes the items in the previous figure. Item Description Policy Enter the name of the policy. Type The traffic flow direction to which the policy is applied: ...
Item Description Add Attribute Click Add Attribute to add attributes to a policy or to change the policy attributes. Remove Last Class Click Remove Last Class to remove the most recently associated class from the selected policy. To add a class to the policy: Click QoS >...
Page 321
The following table describes the items in the previous figure. Item Description Assign Queue Select this option to assign matching packets to a traffic queue. Use the Queue ID Value field to select the queue to which the packets of this policy-class are assigned.
Page 322
Item Description Police Single Rate Select this option to enable the single-rate traffic policing style for the policy-class. The single-rate form of the police attribute uses a single data rate and two burst sizes, resulting in three outcomes (conform, exceed, and violate). After you select this option, configure the follow- ing policing criteria: ...
Item Description Police Two Rate Select this option to enable the two-rate traffic policing style for the pol- icy-class. The two-rate form of the police attribute uses two data rates and two burst sizes. Only the smaller of the two data rates is intended to be guaranteed.
Item Description Direction The traffic flow direction to which the policy is applied: Inbound: The policy is applied to traffic as it enters the interface. Outbound: The policy is applied to traffic as it exits the interface. Status The status of the policy on the interface.
The following table describes the items in the previous figure. Item Description Interface The interface associated with the rest of the data in the row. The table displays all interfaces that have a DiffServ policy currently attached in a traffic flow direction. Direction The traffic flow direction to which the policy is applied: ...