Page 1 KGS-1064-HP Web Management Interface User s Manual Software Rev.1.0 or up DOC.170505...
Page 2 Vitesse switch products. (C) 2016 KTI Networks Inc. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any directive work (such as translation or transformation) without permission...
Page 3 KTI Networks Inc. reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of KTI Networks Inc. to provide notification of such revision or change. For more information, contact: 15F-7, No.
Page 4: Table Of Contents
Table of Contents 1. Web Management ............................. 11 1.1 Start Browser Software and Making Connection ............11 1.2 Login to the Switch Unit ....................12 1.3 Main Management Menu ....................14 2. Configuration ............................17 2.1 System ........................... 17 2.1.1 Information ........................17 2.1.2 IP ..........................
Page 5 2.5.1.7.6 Access........................45 2.5.1.8 RMON ........................47 2.5.1.8.1 Statistics ........................ 47 2.5.1.8.2 History ........................48 2.5.1.8.3 Alarm ........................49 2.5.1.8.4 Event ........................51 2.5.2 Network ........................52 2.5.2.1 Limit Control ......................52 2.5.2.2 NAS .......................... 55 2.5.2.3 ACL .......................... 64 2.5.2.3.1 Ports ........................
Page 6 2.8.5 MSTI Ports ........................87 2.9 MVR ..........................89 2.10 IPMC ..........................92 2.10.1 IGMP Snooping ......................92 2.10.1.1 Basic Configuration ....................92 2.10.1.2 VLAN Configuration ....................94 2.10.1.3 Port Group Filtering ....................96 2.10.2 MLD Snooping ......................96 2.10.2.1 Basic Configuration ....................96 2.10.2.2 VLAN Configuration ....................
Page 7 2.17.5 Tag Remarking ......................131 2.17.6 Port DSCP ....................... 133 2.17.7 DSCP-Based QoS ....................135 2.17.8 DSCP Translation ....................138 2.17.9 DSCP Classification ....................141 2.17.10 QoS Control List ....................142 2.17.11 Storm Control ......................144 2.18 Mirroring ........................145 2.19 UPnP ..........................
Page 8 3.4.2.2 NAS ........................167 3.4.2.2.1 Switch........................167 3.4.2.2.2 Port ........................168 3.4.2.3 ACL Status ......................168 3.4.2.4 DHCP ........................170 3.4.2.4.1 Snooping Statistics ....................170 3.4.2.4.2 Relay ........................171 3.4.2.5 ARP Inspection....................... 172 3.4.2.6 IP Source Guard ..................... 172 3.4.3 AAA ........................... 173 3.4.3.1 RADIUS Overview ....................
Page 9 3.9.1.1 Status ........................189 3.9.1.2 Groups Information ....................190 3.9.1.3 IPv4 SFM Information ..................... 190 3.9.2 MLD Snooping ......................191 3.9.2.1 Status ........................191 3.9.2.2 Groups Information ....................192 3.9.2.3 IPv6 SFM Information ..................... 192 3.10 LLDP .......................... 193 3.10.1 Neighbours ......................193 3.10.2 LLDP-MED Neighbours ...................
Page 10 5.4 Configuration ........................ 219 5.4.1 Save .......................... 219 5.4.2 Upload ........................220 Glossary ..............................221 -10-...
Page 11: Web Management
1. Web Management The switch features an http server which can serve the management requests coming from any web browser software over TCP/IP network. Web Browser Compatible web browser software with JAVA script support Microsoft Internet Explorer 4.0 or later Set IP Address for the System Unit Before the switch can be managed from web browser software, make sure a unique IP address is configured for the switch.
Page 12: Login To The Switch Unit
1.2 Login to the Switch Unit When browser software connects to the switch unit successfully, a Login screen is provided for you to login to the device as the left display below: “Port State Overview” page is displayed after a successful login. [Logout] button and [Show Help] button Check this box to refresh the page automatically.
Page 13 Click to refresh the current page. Port state icons are: Status Description RJ-45 port disabled RJ-45 port link down RJ-45 port link up SFP port disabled SFP port link down SFP port link in 1G full duplex SFP port link in 100M full duplex The switch can accept more than one successful management connection simultaneously.
Page 14: Main Management Menu
1.3 Main Management Menu Main Menu: Sub-menus: Configuration System Switch information, IP configuration, SNTP setting, and Password setting Power Reduction power saving configuration Thermal Protection Thermal protection is used to protect the chip from getting overheated. Ports Port operation related configuration, frame size, and power saving control Security Switch &...
Page 15 MAC Table MAC address learning settings and static MAC address port configuration VLANs VLAN groups and VLAN port-related configuration Private VLANs PVLAN groups and port isolation configuration Voice VLAN Voice VLAN feature enables voice traffic forwarding on the Voice VLAN, port ingress, egress and configuration, Port rate control, QCL wizard Mirroring...
Page 16 Restart Device Command to reboot the switch Factory Defaults Command to restore the switch with factory default settings Software Command to update the switch firmware Configuration Command to save or upload the system configuration -16-...
Page 17: Configuration
2. Configuration 2.1 System 2.1.1 Information Configuration Description System Contact The textual identification of the contact person for this managed node, together with information on how to contact this person. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126. System Name An administratively assigned name for this managed node.
Page 18 2.1.2 IP Configuration Description DHCP Client Enable the DHCP client by checking this box. IP Address Provide the address of this switch unit. IP Mask Provide the IP mask of this switch unit. IP Router Provide the IP address of the default router for this switch unit. VLAN ID Provide the managed VLAN...
Page 19: Management Vid (Mvid) Operation Rules
2.1.2.1 Management VID (MVID) Operation Rules The MVID setting restricts the ports that are allowed to communicate with the embedded system processor. The allowed ports are limited in the member ports of the VLAN with MVID. The table below lists the conditions that a management frame can reach the system process and the replied frame type sent by the system processor.
Page 20 example, '::192.1.2.34'. Prefix Provide the IPv6 Prefix of this switch. The allowed range is 1 to 128. Router Provide the IPv6 gateway address of this switch. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:).
Page 21: Ntp
2.1.4 NTP Configuration Description Mode Indicates the mode operation. Possible modes are: Enabled: Enable NTP mode operation. When enable NTP mode operation, the agent forward and to transfer NTP messages between the clients and the server when they are not on the same subnet domain. Disabled: Disable NTP mode operation.
Page 22: Time
2.1.5 Time Configuration Description Time Zone Indicates the NTP mode operation. Possible modes are: Acronym User can set the acronym of the time zone. This is a User configurable acronym to identify the time zone. ( Range : Up to 16 alpha-numeric characters and can contain '-', '_' or '.') Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration.
Page 23 Start time settings Month Select the starting month. Date Select the starting day. Year Select the starting year number. Hours Select the starting hour. Minutes Select the starting minute. End time settings Month Select the ending month. Date Select the ending day. Year Select the ending year number.
Page 24: Log
2.1.6 Log Configuration Description Server Mode Indicates the server mode operation. When the mode operation is enabled, the syslog message will send out to syslog server. The syslog protocol is based on UDP communication and received on port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments.
Page 25: Power Reduction
2.2 Power Reduction 2.2.1 EEE is a power saving option that reduces the power usage when there is low or no traffic utilization. EEE works by powering down circuits when there is no traffic. When a port gets data to be transmitted all circuits are powered up.
Page 26 duplex mode. Ports that are not EEE-capable are grayed out and thus impossible to enable EEE for. Configuration Description Port The switch port number of the logical EEE port. Enabled Controls whether EEE is enabled for this switch port. EEE Urgent Queues Queues set will activate transmission of frames as soon as data is available.
Page 27: Thermal Protection
2.3 Thermal Protection This page allows the user to inspect and configure the current setting for controlling thermal protection. Thermal protection is used to protect the chip from getting overheated. When the temperature exceeds the configured thermal protection temperature, ports will be turned off in order to decrease the power consumption. It is possible to arrange the ports with different priorities.
Page 28: Ports
2.4 Ports Configuration Description Port The port number associated to this configuration row Link The current link status is displayed graphically. Green indicates the link is up and red that it is down. Speed - Current Provide the current link speed of the port. Speed - Configured Select any available link speed for the given switch port.
Page 29 Flow Control – Configured Click to enable flow control for fixed speed settings. When “Auto” Speed is selected for a port, this selection indicates the flow control capability that is advertised to the link partner. Maximum Frame Size Enter the maximum frame size allowed for the switch port, including FCS. The allowed range is 1518 bytes to 9600 bytes.
Page 30: Security
2.5 Security 2.5.1 Switch 2.5.1.1 Users Configuration Description User Name The name identifying the user. Click also to edit a configured user. Privilege Level The privilege level of the user. The allowed range is 1 to 15. If the privilege level value is 15, it can access all groups, i.e.
Page 31 Configuration Description User Name A string identifying the user name that this entry should belong to. The allowed string length is 1 to 31. The valid user name is a combination of letters, numbers and underscores. The name is for identifying the user. Password The password of the user The allowed string length is 0 to 31.
Page 32: Privilege Level
2.5.1.2 Privilege Level Configuration Description Group Name The name identifying the privilege group In most cases, a privilege level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of them contains more than one. The following description defines these privilege level groups in details: System: Contact, Name, Location, Timezone, Daylight Saving Time, Log.
Page 33 MAC based and the MAC Address Limit), ACL, HTTPS, SSH, Inspection, source guard. IP: Everything except 'ping'. Port: Everything except 'VeriPHY'. Diagnostics: 'ping' and 'VeriPHY'. Maintenance: CLI- System Reboot, System Restore Default, System Password, Configuration Save, Configuration Load and Firmware Load. Web- Users, Privilege Levels and everything in Maintenance.
Page 34: Auth Method
2.5.1.3 Auth Method This page allows you to configure how a user is authenticated when he logs into the switch via one of the management client interfaces. Configuration Description Client The management client for which the configuration below applies. Authentication Method Authentication Method can be set to one of the following values: none: authentication is disabled and login is not possible.
Page 35: Ssh
2.5.1.4 SSH Configuration Description Mode Indicates the mode operation. Possible modes are: Enabled: Enable SSH mode operation. Disabled: Disable SSH mode operation. Save Click to save the changes. Reset Click to undo any changes made locally and revert to previously saved values. -35-...
Page 36: Https
2.5.1.5 HTTPS Configuration Description Mode Indicates the HTTPS mode operation. When the current connection is HTTPS, to apply HTTPS disabled mode operation will automatically redirect web browser to an HTTP connection. Possible modes are: Enabled: Enable HTTPS mode operation. Disabled: Disable HTTPS mode operation. Automatic Redirect Indicates the HTTPS redirect mode operation.
Page 37: Access Management
2.5.1.6 Access Management Add New Entry Configure access management table on this page. The maximum number of entries is 16. If the application's type match any one of the access management entries, it will allow access to the switch. Configuration Description Mode Indicates the access management mode operation.
Page 38: Snmp
2.5.1.7 SNMP 2.5.1.7.1 System System Configuration Description Mode Indicates the SNMP mode operation. Possible modes are: Enabled: Enable SNMP mode operation. Disabled: Disable SNMP mode operation. Version Indicates the SNMP supported version. Possible versions are: SNMP v1: Set SNMP supported version 1. SNMP v2c: Set SNMP supported version 2c.
Page 39 SNMP v3: Set SNMP supported version 3. Read Community Indicates the community read access string to permit access to SNMP agent. The allowed string length is 0 ~ 255, and the allowed content is the ASCII characters from 33 to 126. Note: This field only suits when SNMP version is setting SNMPv1 or SNMPv2c.
Page 40 groups of contiguous zeros; but it can only appear once. It also used a following legally IPv4 address. For example, '::192.1.2.34'. Trap Authentication Failure Indicates the SNMP entity is permitted to generate authentication failure traps. Possible modes are: Enabled: Enable SNMP trap authentication failure. Disabled: Disable SNMP trap authentication failure.
Page 41: Communities
2.5.1.7.2 Communities Configuration Description Delete Check to delete the entry. It will be deleted during the next save. Community Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126.
Page 42: Users
2.5.1.7.3 Users Configuration Description Delete Check to delete the entry. It will be deleted during the next save. Engine ID An octet string identifying the engine ID that this entry should belong to. The string must contain an even number between 10 and 64 hexadecimal digits, but all-zeros and all-'F's are not allowed.
Page 43: Groups
string length is 8 to 40. The allowed content is the ASCII characters from 33 to 126. Privacy Protocol Indicates the privacy protocol that this entry should belong to. Possible privacy protocols are: None: None privacy protocol. DES: An optional flag to indicate that this user using DES authentication protocol. Privacy Password A string identifying the privacy pass phrase.
Page 44: Views
string length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126. Group Name A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126.
Page 45: Access
excluded: An optional flag to indicate that this view sub-tree should be excluded. General, if a view entry's view type is 'excluded', it should be exist another view entry which view type is 'included' and it's OID sub-tree overstep the 'excluded' view entry. OID Subtree The OID defining the root of the sub-tree to add to the named view.
Page 46 Security Level Indicates the security model that this entry should belong to. Possible security models are: NoAuth, NoPriv: None authentication and none privacy. Auth, NoPriv: Authentication and none privacy. Auth, Priv: Authentication and privacy. Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values.
Page 47: Rmon
2.5.1.8 RMON 2.5.1.8.1 Statistics Configuration Description Delete Check to delete the RMON entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Data Source Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000*(switch ID-1), for example, if the port is switch 3 port 5, the value is 2005.
Page 48: History
2.5.1.8.2 History Configuration Description Delete Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Data Source Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000*(switch ID-1), for example, if the port is switch 3 port 5, the value is 2005.
Page 49: Alarm
2.5.1.8.3 Alarm Configuration Description Delete Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold.
Page 50 Delta: Calculate the difference between samples (default). Value The value of the statistic during the last sampling period. Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds, possible sample types are: RisingTrigger alarm when the first value is larger than the rising threshold.
Page 51: Event
2.5.1.8.4 Event Configuration Description Delete Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Desc Indicates this event, the string length is from 0 to 127, default is a null string. Type Indicates the notification of the event, the possible types are: none: The total number of octets received on the interface, including framing...
Page 52: Network
2.5.2 Network 2.5.2.1 Limit Control Limit Control allows for limiting the number of users on a given port. A user is identified by a MAC address VLAN ID. If Limit Control is enabled on a port, the limit specifies the maximum number of users on the port.
Page 53 Configuration Description System Configuration Mode Indicates if Limit Control is globally enabled or disabled on the switch. If globally disabled, other modules may still use the underlying functionality, but limit checks and corresponding actions are disabled. Aging Enabled If checked, secured MAC addresses are subject to aging as discussed under Aging Period.
Page 54 Shutdown: If (Limit + 1) MAC addresses are seen on the port, shut down the port. This implies that all secured MAC addresses will be removed from the port, and no new address will be learned. Even if the link is physically disconnected and reconnected on the port (by disconnecting the cable), the port will remain shut down.
Page 55: Nas
2.5.2.2 NAS System Configuration Description Mode Indicates if is globally enabled or disabled on the switch stack. If globally disabled, all ports are allowed forwarding of frames. Reauthentication Enabled If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached.
Page 56 client is still present on a port (see Age Period below). Reauthentication Period Determines the period, in seconds, after which a connected client must be reauthenticated. This is only active if the Reauthentication Enabled checkbox is checked. Valid values are in the range 1 to 3600 seconds. EAPOL Timeout Determines the time between retransmission of Request Identity EAPOL...
Page 57 RADIUS-Assigned QoS Enabled RADIUS-assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch. The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature (see RADIUS-Assigned Enabled below for a detailed description).
Page 58 life-time of the port. Once the switch considers whether to enter the Guest VLAN, it will first check if this option is enabled or disabled. If disabled (unchecked; default), the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life-time of the port.
Page 59 many information exchange frames are needed for a particular method. The switch simply encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it. When authentication is complete, the RADIUS server sends a special packet containing a success or failure indication.
Page 60 aren't authenticated. To overcome this security breach, use the Multi 802.1X variant. Multi 802.1X is really not an IEEE standard, but features many of the same characteristics as does port-based 802.1X. Multi 802.1X is - like Single 802.1X - not an IEEE standard, but a variant that features many of the same characteristics.
Page 61 supplicant software to authenticate. The advantage of MAC-based authentication over 802.1X-based authentication is that the clients don't need special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be used by anyone.
Page 62 on the port will be classified and switched on the RADIUS-assigned VLAN ID. If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a VLAN ID or it's invalid, or the supplicant is otherwise no longer present on the port, the port's VLAN ID is immediately reverted to the original VLAN ID (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned).
Page 63 EAPOL Request Identity frames. If the number of transmissions of such frames exceeds Max. Reauth. Count and no EAPOL frames have been received in the meanwhile, the switch considers entering the Guest VLAN. The interval between transmissions of EAPOL Request Identity frames is configured with EAPOL Timeout.
Page 64: Acl
Reintialize : Forces a reinitialization of the clients on the port and thereby a reauthentication immediately. The clients will transfer to the unauthorized state while the reauthentication is in progress. Save Click to save the changes. Reset Click to undo any changes made locally and revert to previously saved values. 2.5.2.3 ACL 2.5.2.3.1 Ports Configuration...
Page 65 Port The logical port for the settings contained in the same row. Policy ID Select the policy to apply to this port. The allowed values are 0 through 255. The default value is 0. Action Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit".
Page 66: Rate Limits
2.5.2.3.2 Rate Limits Configuration Description Rate Limiter ID The rate limiter ID for the settings contained in the same row. Rate The allowed values are: 0-3276700 in pps or 0, 100, 200, 300, ..., 1000000 in kbps. Unit Specify the rate unit. The allowed values are: pps: packets per second.
Page 67: Access Control List
2.5.2.3.3 Access Control List Configuration Description Ingress Port Indicates the ingress port of the ACE. Possible values are: All: The ACE will match all ingress port. Port: The ACE will match a specific ingress port. Policy/Bitmask Indicates the policy number and bitmask of the ACE. Frame Type Indicates the frame type of the ACE.
Page 68 Edits the ACE. () Moves the ACE up the list. () Moves the ACE down the list. Deletes the ACE. The lowest plus sign adds a new entry at the bottom of the list of ACL. Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds.
Page 69: Dhcp
2.5.2.4 DHCP 2.5.2.4.1 Snooping Configuration Description Snooping Mode Indicates the DHCP snooping mode operation. Possible modes are: Enabled: Enable DHCP snooping mode operation. When enable DHCP snooping mode operation, the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports.
Page 70: Relay
2.5.2.4.2 Relay Configuration Description Relay Mode Indicates the DHCP relay mode operation. Possible modes are: Enabled: Enable DHCP relay mode operation. When enable DHCP relay mode operation, the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain. And the DHCP broadcast message won't flood for security considered.
Page 71: Ip Source Guard
information. Save Click to save the changes. Reset Click to undo any changes made locally and revert to previously saved values. 2.5.2.5 IP Source Guard 2.5.2.5.1 Configuration Configuration Description Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured ACEs will be lost when the mode is enabled.
Page 72: Static Table
and Port Mode on a given port are enabled, IP Source Guard is enabled on this given port. Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on given ports. This value can be 0, 1, 2 and unlimited. If the port mode is enabled and the value of max dynamic client is equal 0, it means only allow the IP packets forwarding that are matched in static entries on the specific port.
Page 73: Arp Inspection
2.5.2.6 ARP Inspection 2.5.2.6.1 Configuration Configuration Description ARP Inspection Mode Enable the Global ARP Inspection or disable the Global ARP Inspection. Port Mode Specify ARP Inspection is enabled on which ports. Only when both Global Mode and Port Mode on a given port are enabled, ARP Inspection is enabled on this given port. Translate dynamic to static Click to translate all dynamic entries to static entries.
Page 74: Static Table
2.5.2.6.2 Static Table Configuration Description Delete Check to delete the entry. It will be deleted during the next save. Port The logical port for the settings VLAN ID The VLAN ID for the settings MAC Address Allowed MAC address IP Address Allowed Source IP address Add new entry Click to add a new entry.
Page 75: Aaa
2.5.3 AAA Common Server Description Timeout The Timeout, which can be set to a number between 3 and 3600 seconds, is the maximum time to wait for a reply from a server. If the server does not reply within this timeframe, we will consider it to be dead and continue with the next enabled server (if any).
Page 76 to cope with lost frames, the timeout interval is divided into 3 subintervals of equal length. If a reply is not received within the subinterval, the request is transmitted again. This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead.
Page 77: Aggregation
2.6 Aggregation function can combine multiple physical switched ports, called “Aggregation The Port Link Aggregation Group” into one logical port. It allows making connection between two switches using more than one physical links to increase the connection bandwidth between two switches. Two aggregation modes, “Static” and “LACP”...
Page 78: Lacp
TCP/UDP Port Number The TCP/UDP port number can be used to calculate the destination port for the frame. Check to enable the use of the TCP/UDP Port Number, or uncheck to disable. By default, TCP/UDP Port Number is enabled. Aggregation Group Configuration Group ID Indicates the group ID for the settings contained in the same row.
Page 79: Loop Protection
Specific: a user-defined value can be entered. Ports with the same Key value can participate in the same aggregation group, while ports with different keys cannot. The Role shows the LACP activity status. The “Active” will transmit LACP packets each Role second while “Passive”...
Page 80: Spanning Tree
Configuration Description Enable Loop Protection Controls whether loop protections is enabled (as a whole). Transmission Time The interval between each loop protection PDU sent on each port. valid values are 1 to 10 seconds. Shutdown Time The period (in seconds) for which a port will be kept disabled in the event of a loop is detected (and the port action shuts down the port).
Page 81: Bridge Settings
2.8.1 Bridge Settings Basic Configuration Description Protocol Version The STP protocol version setting Valid values: STP, RSTP, MSTP Bridge Priority Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier.
Page 82 Valid values: 1 ~ 10 BPDU’s per second Advanced Configuration Edge Port BPDU Filtering Check to configure a port explicitly as Edge will transmit and receive BPDUs Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU.
Page 83: Msti Mapping
2.8.2 MSTI Mapping Configuration Description Configuration Name The name identifying the VLAN to MSTI mapping Bridges must share the name and revision (see below), as well as the VLAN-to-MSTI mapping configuration in order to share spanning trees for MSTI’s. (Intra-region) The name is at most 32 characters.
Page 84: Msti Priorities
VLANs Mapped The list of VLAN’s mapped to the MSTI. The VLANs must be separated with comma and/or space. A VLAN can only be mapped to one MSTI. An unused MSTI should just be left empty. (i.e. not having any VLANs mapped to it.) Save Click to save the changes.
Page 85: Cist Ports
2.8.4 CIST Ports Configuration Description Port The switch port number of the logical STP port. STP Enabled Controls whether STP is enabled on this switch port. Path Cost Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values.
Page 86 port or not. Restricted-Role If enabled, causes the port not to be selected as Root Port for the CIST or any MSTI, even if it has the best spanning tree priority vector. Such a port will be selected as an Alternate Port after the Root Port has been selected.
Page 87: Msti Ports
2.8.5 MSTI Ports A MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured and applicable for the port. The MSTI instance must be selected before displaying actual MSTI port configuration options. This page contains MSTI port settings for physical and aggregated ports.
Page 88 Click Configuration Description (Example with MSTI1) Port The switch port number of the corresponding STP CIST (and MSTI) port. Path Cost Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered.
Page 89: Mvr
2.9 MVR feature enables multicast traffic forwarding on the Multicast VLANs. In a multicast television application, a PC or a network television or a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port.
Page 90 the MVR group table is full. Delete Check to delete the entry. The designated entry will be deleted during the next save. MVR VID Specify the Multicast VLAN ID. Be Caution: MVR source ports are not recommended to be overlapped with management VLAN ports.
Page 91 The default Role is Inactive. Immediate Leave Enable the fast leave on the port. Add New MVR VLAN Click to add a new entry. Save Click to save the changes. Reset Click to undo any changes made locally and revert to previously saved values. Click Add New MVR VLAN : -91-...
Page 92: Ipmc
2.10 IPMC 2.10.1 IGMP Snooping 2.10.1.1 Basic Configuration Configuration Description (Example with MSTI1) Snooping Enabled Enable the Global IGMP Snooping. -92-...
Page 93 Unregistered IPMCv4 Flooding Enabled Enable unregistered IPMCv4 traffic flooding. The flooding control takes effect only when IGMP Snooping is enabled. When IGMP Snooping is disabled, unregistered IPMCv4 traffic flooding is always active in spite of this setting. IGMP SSM Range SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers run the SSM service model for the groups in the address range.
Page 94: Vlan Configuration
2.10.1.2 VLAN Configuration Each page shows up to 99 entries from the VLAN table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table.
Page 95 repetitions of a host's initial report of membership in a group. The allowed range is 0 to 31744 seconds, default unsolicited report interval is 1 second. Refresh Refreshes the displayed table starting from the "VLAN" input fields. |<< Updates the table starting from the first entry in the VLAN Table, i.e. the entry with the lowest VLAN ID.
Page 96: Port Group Filtering
2.10.1.3 Port Group Filtering Configuration Description (Example with MSTI1) Delete Check to delete the entry. It will be deleted during the next save. Port The logical port for the settings. Filtering Groups The IP Multicast Group that will be filtered. Add New Filtering Group Click to add a new entry to the Group Filtering table.
Page 97 Configuration Description (Example with MSTI1) Snooping Enabled Enable the Global Snooping. Unregistered IPMCv6 Flooding Enabled Enable unregistered IPMCv6 traffic flooding. The flooding control takes effect only when MLD Snooping is enabled. When MLD Snooping is disabled, unregistered IPMCv6 traffic flooding is always active in spite of this setting.
Page 98: Vlan Configuration
If an aggregation member port is selected as a router port, the whole aggregation will act as a router port. Fast Leave Enable the fast leave on the port. Throttling Enable to limit the number of multicast groups to which a switch port can belong. Save Click to save the changes.
Page 99: Port Group Filtering
Maximum Response Code inserted into the periodic General Queries. The allowed range is 0 to 31744 in tenths of seconds, default query response interval is 100 in tenths of seconds (10 seconds). LLQI Last Member Query Interval. The Last Member Query Time is the time value represented by the Last Member Query Interval, multiplied by the Last Member Query Count.
Page 100 Filtering Groups The IP Multicast Group that will be filtered. Add New Filtering Group Click to add a new entry to the Group Filtering table. Specify the Port, and Filtering Group of the new entry. Click "Save". Save Click to save the changes. Reset Click to undo any changes made locally and revert to previously saved values.
Page 101: Lldp
2.11 LLDP 2.11.1 LLDP Global Configuration Description Tx Interval The switch is periodically transmitting LLDP frames to its neighbors for having the network discovery information up-to-date. The interval between each LLDP frame is determined by the Tx Interval value. Valid values: 5 – 32768 seconds Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid.
Page 102 Tx Delay If some configuration is changed (e.g. the IP address) a new LLDP frame is transmitted, but the time between the LLDP frames will always be at least the value of Tx Delay seconds. Tx Delay cannot be larger than 1/4 of the Tx Interval value. Valid values: 1 –...
Page 103: Lldp-Med
"others" in the LLDP neighbors table. If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices. If at least one port has CDP awareness enabled all CDP frames are terminated by the switch. Note: When CDP awareness for a port is disabled the CDP information isn't removed immediately, but will be removed when the hold time is exceeded.
Page 104 Fast start repeat count The number of times the fast start transmission is repeated. The recommended value is 4 times, giving that 4 LLDP frames with a 1 second interval will be transmitted, when a LLDP frame with new information is received. Coordinates Location Latitude Latitude SHOULD be normalized to within 0-90 degrees with a maximum of 4 digits.
Page 105 Block (Neighborhood) Neighborhood, block Street Street - Example: Poppelvej Leading street direction Leading street direction - Example: N Trailing street suffix Trailing street suffix - Example: SW Street suffix Street suffix - Example: Ave, Platz House no. House number - Example: 21 House no.
Page 106 separate VLAN for ease of deployment and enhanced security by isolation from data applications. 2. Voice Signaling (conditional) - for use in network topologies that require a different policy for the voice signaling than for the voice media. This application type should not be advertised if all the same network policies apply as those advertised in the Voice application policy.
Page 107 The tagged frame format also includes priority tagged frames as defined by IEEE 802.1Q-2003. VLAN ID VLAN identifier (VID) for the port as defined in IEEE 802.1Q-2003 L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application type. L2 Priority may specify one of eight priority levels (0 through 7), as defined by IEEE 802.1D-2004.
Page 108 3. Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474) This network policy is potentially advertised and associated with multiple sets of application types supported on a given port. The application types specifically addressed are: 1. Voice 2. Guest Voice 3.
Page 109: Poe
2.12 PoE Configuration Description Reserved Power determined by There are three modes for configuring how the ports/PDs may reserve power. Allocated mode: In this mode the user allocates the amount of power that each port may reserve. The allocated/reserved power for each port/PD is specified in the Maximum Power fields.
Page 110 port is shut down. Power Management Mode There are 2 modes for configuring when to the ports are shut down. Actual Consumption: In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port.
Page 111: Poe Redundancy Support
Reset Click to undo any changes made locally and revert to previously saved values. 2.12.1 PoE Redundancy Support One PoE PSE port. called PoE primary port in the following description can be specified one PSE port as its backup port to support a PoE redundancy. “Disable” selection on Backup Port setting means PoE redundancy function is disabled.
Page 112 Activate backup port As PoE failure is detected and concluded by the system on the primary port, port TX/RX function of the primary port is disabled and the specified backup is activated immediately. PoE function and port function of the backup is resumed and operates. Note: PoE function on the primary port is kept enabled although a PoE failure is detected by the system.
Page 113: Mac Table
2.13 MAC Table Aging Configuration Description Disable Automatic Aging Check to disable aging for MAC address entries. By default, dynamic entries are removed from the MAC after 300 seconds. This removal is also called aging. Aging Time Configure aging time by entering a value here in seconds Valid values: 10 to 1000000 seconds Port MAC Table Learning Auto...
Page 114: Vlans
Click Add New Static Entry : 2.14 VLANs 2.14.1 Abbreviation Ingress Port: Ingress port is the input port on which a packet is received. Egress Port: Egress port is the output port from which a packet is sent out. IEEE 802.1Q Packets: A packet which is embedded with a VLAN Tag field IEEE 802.1Q VLAN Tag: In IEEE 802.1Q packet format, 4-byte tag field is inserted in the original Ethernet frame between the Source Address and Type/Length fields.
Page 115: Vlan Membership
as an IEEE 802.1Q-tagged frame. This field is located at the same position as the EtherType/length field in untagged frames, and is thus used to distinguish the frame from untagged frames. Tag control information (TCI): divided into PCP, DEI, and VID Priority code point (PCP): a 3-bit field which refers to the IEEE 802.1p class of service and maps to the frame priority level.
Page 116 Configuration Description Start from VLAN ….. Select range of VLAN table entries. Delete Check to delete a VLAN entry. The entry will be deleted on the switch unit during the next Save. VLAN ID Indicates the ID of this particular VLAN. VLAN Name Indicates the name of the VLAN.
Page 117: Ports
2.14.3 Ports Configuration Description Ethertype for Custom S-ports 0x This field specifies the ether type used for S-custom-ports. This is a global setting for all the S-custom-ports. Port This is the logical port number of this row. Port Type Port can be one of the following types: Unaware, Customer port(C-port), Service port(S-port), Custom Service port(S-custom-port) Each frame received on an ingress port will be classified to a VLAN before it is forwarding to other ports.
Page 118 All tagged (VID > 0) The frame’s embedded VID The tag removal rules for different port types are: Unaware No frame tag is removed. C-port The tag is removed for 1-tag frames. S-port The outer tag is removed for double-tagged frames. S-custom-port Ingress Filtering Enable ingress filtering on a port by checking the box.
Page 119 None - a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port. This mode is normally used for ports connected to VLAN aware switches. Tx tag should be set to Untag_pvid when this mode is used. Specific (the default value) - a Port VLAN ID can be configured (see below).
Page 120: Private Vlans
2.15 Private VLANs Private VLANs are based on the source port mask, and there are no connections to VLANs. This means that VLAN IDs and Private VLAN IDs can be identical. A port must be a member of both a VLAN and a Private VLAN to be able to forward packets.
Page 121: Port Isolation
2.15.2 Port Isolation A port member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN. Configuration Description Port Members A check box is provided for each port of a private VLAN. When checked, port isolation is enabled on that port. When unchecked, port isolation is disabled on that port.
Page 122: Voice Vlan
2.16 Voice VLAN Voice VLAN feature enables voice traffic forwarding on the Voice VLAN, then the switch can classify and schedule network traffic. It is recommended that there be two VLANs on a port - one for voice, one for data.
Page 123 cannot equal each port PVID. It is a conflict in configuration if the value equals management VID, MVR VID, PVID etc. The allowed range is 1 to 4095. Aging Time Indicates the Voice VLAN secure learning aging time. The allowed range is 10 to 10000000 seconds.
Page 124: Oui
2.16.2 OUI Configuration Description Delete Check to delete the entry. It will be deleted during the next save. Telephony Telephony OUI address is a globally unique identifier assigned to a vendor by IEEE. It must be 6 characters long and the input format is "xx-xx-xx" (x is a hexadecimal digit).
Page 125: Qos
2.17 QoS 2.17.1 Port Classification Configuration Description Port The port number for which the configuration below applies. QoS class Controls the default class. All frames are classified to a QoS class. There is a one to one mapping between QoS class, queue and priority.
Page 126 QoS class: 1 0 2 3 4 5 6 7 If the port is VLAN aware, the frame is tagged and Tag Class is enabled, then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag.
Page 127: Port Policing
2.17.2 Port Policing Configuration Description Port The port number for which the configuration below applies. Enabled Controls whether the policer is enabled on this switch port. Rate Controls the rate for the policer. The default value is 500. This value is restricted to 100-1000000 when the "Unit"...
Page 128: Scheduler
2.17.3 Scheduler Configuration Description Port The logical port for the settings contained in the same row. Click on the port number in order to configure the schedulers. Mode Shows the scheduling mode for this port. Shows the weight for this queue and port. Save Click to save the changes.
Page 129 Port Shows "disabled" or actual port shaper rate - e.g. "800 Mbps". Click Port 1 icon as an example: Configuration Description Scheduler Mode Controls whether the scheduler mode is "Strict Priority" or "Weighted" on this switch port. Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port.
Page 130 Queue Scheduler Weight Controls the weight for this queue. The default value is "17". This value is restricted to 1-100. This parameter is only shown if "Scheduler Mode" is set to "Weighted". Queue Scheduler Percent Shows the weight in percent for this queue. This parameter is only shown if "Scheduler Mode"...
Page 131: Tag Remarking
2.17.5 Tag Remarking Configuration Description Port The logical port for the settings contained in the same row. Click on the port number in order to configure tag remarking. Mode Shows the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values.
Page 132 Mode = Mapped Configuration Description Mode Controls the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level. PCP/DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default. DP level Configuration Controls the Drop Precedence level translation table when the mode is set to Mapped.
Page 133: Port Dscp
Controls the mapping of the classified (QoS class, DP level) to (PCP, DEI) values when the mode is set to Mapped. Save Click to save the changes. Reset Click to undo any changes made locally and revert to previously saved values. Cancel Click to undo any changes made locally and revert to previously page.
Page 134 Disable: No Egress rewrite. Enable: Rewrite enabled without remapping. Remap DP Unaware: DSCP from analyzer is remapped and frame is remarked with remapped DSCP value. The remapped DSCP value is always taken from the 'DSCP Translation->Egress Remap DP0' table. Remap DP Aware: DSCP from analyzer is remapped and frame is remarked with remapped DSCP value.
Page 135: Dscp-Based Qos
2.17.7 DSCP-Based QoS -135-...
Page 136 -136-...
Page 137 Configuration Description DSCP Maximum number of supported DSCP values are 64. Trust Controls whether a specific DSCP value is trusted. Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level. Frames with untrusted DSCP values are treated as a non-IP frame. QoS Class QoS class value can be any of (0-7) Drop Precedence Level (0-1)
Page 138: Dscp Translation
2.17.8 DSCP Translation -138-...
Page 139 -139-...
Page 140 Configuration Description DSCP Maximal number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63. Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP Translation –...
Page 141: Dscp Classification
2.17.9 DSCP Classification Configuration Description QoS Class Actual QoS class. Actual Drop Precedence Level DSCP Select the classified DSCP value (0-63). Save Click to save the changes. Reset Click to undo any changes made locally and revert to previously saved values. -141-...
Page 142: Qos Control List
2.17.10 QoS Control List Click Configuration Description Port Members Check the checkbox button to include the port in the entry. By default all ports are included. Key Parameters Key configuration is described as below: Value of Tag field can be 'Any', 'Untag' or 'Tag'. Valid value of VLAN ID can be any value in the range 1-4095 or 'Any';...
Page 143 Frame Type Frame Type can have any of the following values: Any, Ethernet, LLC, SNAP, IPv4, IPv6 Note: All frame types are explained below. 1. Any: Allow all types of frames. 2. Ethernet: Ethernet Type Valid ethernet type can have a value within 0x600-0xFFFF or 'Any' but excluding 0x800(IPv4) and 0x86DD(IPv6), default value is 'Any'.
Page 144: Storm Control
Action Parameters Class QoS class: (0-7) or 'Default'. Valid Drop Precedence Level can be (0-1) or 'Default'. DSCP Valid DSCP value can be (0-63, BE, CS1-CS7, EF or AF11-AF43) or 'Default'. 'Default' means that the default classified value is not modified by this QCE. Save Click to save the changes.
Page 145: Mirroring
2.18 Mirroring To debug network problems, selected traffic can be copied, or mirrored, on a mirror port where a frame analyzer can be attached to analyze the frame flow. The traffic to be copied on the mirror port is selected as follows: 1.
Page 146: Upnp
Disabled: Neither frames transmitted nor frames received are mirrored. Enabled: Frames received and frames transmitted are mirrored on the mirror port. Note: For a given port, a frame is only transmitted once. It is therefore not possible to mirror mirror port Tx frames. Because of this, mode for the selected mirror port is limited to Disabled or Rx only.
Page 147: Sflow
2.20 sFlow Receiver Configuration Description Owner Basically, sFlow can be configured in two ways: Through local management using the Web or CLI interface or through SNMP. This read-only field shows the owner of the current sFlow configuration and assumes values as follows: •...
Page 148 Release The button is disabled if sFlow is currently unclaimed. If configured through SNMP, the release must be confirmed (a confirmation request will appear). IP Address/Hostname The IP address or hostname of the sFlow receiver. Both IPv4 and IPv6 addresses are supported.
Page 149: Multi Ring
2.21 Multi Ring For industrial applications, multiple switches are often connected like a cascaded chain due to topology limitation. In such configuration, a backup (redundant) mechanism with fast response is often required to keep the network operating when any cable fault or even device fault occur. The switch is featured with Auto Multi-Ring Technology to support redundant ring connections.
Page 150 Fault Monitoring & Activating Backup Link T he ring master monitors the network continuously. As any fault is reported, the master activates (enable) the 4 2 2 B backup link in standby state immediately to recover the communication channel and keep the network operating.
Page 151 T he faults to be monitored are cable connections between ring ports and the switch members in a ring. 4 3 2 B Other faults beyond these are not supported. T he cabling of the backup link should be protected securely and has NO RISK for any failure. 4 3 3 B W hen the backup link is activated, the faults should be investigated and repaired immediately.
Page 152: Opa (Optical Power Alarm) Configuration
2.22 OPA (Optical Power Alarm) Configuration OPA function allows to set lower and upper alarm thresholds for the optical power of the fiber ports. The alarm is sent via relay alarm output and SNMP trap. The optical power is monitored once every second. Note that if no SFP transceiver is installed or no DDM is supported in the SFP transceiver, OPA function is dsiabled automatically.
Page 153: Als (Auto Laser Shutdown) Configuration
2.23 ALS (Auto Laser Shutdown) Configuration ALS function is supported for the SFP transceiver and used to automatically shut down the output power of the transmitter in case of fiber break. ALS is provisioned on both ends of the fiber pair. “Auto” mode is set to turn on transmitter automatically if the broken fiber is believed to have been repaired.
Page 154: Monitor
3. Monitor _____________________________________________________________________________________________________________________________ ______________________ I con Function 1 0 9 4 B _ ______________________________________________________________________________________________________________________________ ____________________ 7 2 9 B U Check this box to refresh the page automatically. Automatic refresh occurs every 3 1 0 9 5 B seconds. Updates the system log entries, starting from the current entry ID. Flushes the selected log entries.
Page 155: System
3.1 System 3.1.1 Information Status Description System Contact The textual identification of the contact person for this managed node, together with information on how to contact this person. System Name An administratively assigned name for this managed node. System Location The physical location of this node (e.g., telephone closet, 3rd floor) MAC Address The MAC Address of this switch.
Page 156: Cpu Load
3.1.2 CPU Load This page displays the CPU load, using an SVG graph. The load is measured as averaged over the last 100ms, 1sec and 10 seconds intervals. The last 120 samples are graphed, and the last numbers are displayed as text as well.
Page 157: Log
3.1.3 Log Status Description System Log Level Specify the level of log entries for display and refresh. Clear Level Specify the level of log entries for Clear button. The ID (>= 1) of the system log entry. Level The level of the system log entry. The following level types are supported: Info: Information level of the system log.
Page 158: Detailed Log
3.1.4 Detailed Log Status Description The ID (>= 1) of the system log entry. Message The detailed message of the system log entry. 3.2 Thermal Protection Status Description Thermal Protection Port Status Shows if the port is thermally protected (link is down) or if the port is operating normally.
Page 159: Ports
3.3 Ports 3.3.1 State Status Description RJ-45 port disabled RJ-45 port link down RJ-45 port link up SFP port disabled SFP port link down SFP port link in 1G full duplex SFP port link in 100M full duplex -159-...
Page 160: Traffic Overview
3.3.2 Traffic Overview Status Description Port The logical port for the settings contained in the same row. Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port.
Page 161: Qcl Status
3.3.4 QCL Status Status Description User Indicates the user. QCE# Indicates the index of QCE. Frame Type Indicates the type of frame to look for incoming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed.
Page 162: Detailed Statistics
3.3.5 Detailed Statistics Status Description Receive Total and Transmit Total Rx and Tx Packets The number of received and transmitted (good and bad) packets. Rx and Tx Octets The number of received and transmitted (good and bad) bytes. Includes FCS, but excludes framing bits.
Page 163 Rx Undersize The number of short 1 frames received with valid CRC. Rx Oversize The number of long 2 frames received with valid CRC. Rx Fragments The number of short 1 frames received with invalid CRC. Rx Jabber The number of long 2 frames received with invalid CRC. Rx Filtered The number of received frames filtered by the forwarding process.
Page 164: Security
3.4 Security 3.4.1 Access Management Statistics Status Description Interface The interface type through which the remote host can access the switch. Received Packets Number of received packets from the interface when access management mode is enabled Allowed Packets Number of allowed packets from the interface when access management mode is enabled Discarded Packets Number of discarded packets from the interface when access management mode is...
Page 165: Switch
3.4.2.1.1 Switch Status Description User Module Name The full name of a module that may request Port Security services. Abbr A one-letter abbreviation of the user module This is used in the Users column in the port status table. Port Status The table has one row for each port on the selected switch in the stack and a number of columns, which are: Port...
Page 166: Port
addresses should be taken in. Shutdown: The Port Security service is enabled by at least the Limit Control user module, and that module has indicated that the limit is exceeded. No MAC addresses can be learned on the port until it is administratively re-opened on the Limit Control configuration Web-page.
Page 167: Nas
3.4.2.2 NAS 3.4.2.2.1 Switch Status Description Port The switch port number. Click to navigate to detailed statistics for this port. Admin State The port's current administrative state. Refer to NAS Admin State for a description of possible values. Port State The current state of the port.
Page 168: Port
3.4.2.2.2 Port Status Description Admin State The port's current administrative state. Refer to NAS Admin State for a description of possible values. Port State The current state of the port. Refer to NAS Port State for a description of the individual states.
Page 169 IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol. IPv4/UDP: The ACE will match IPv4 frames with protocol. IPv4/TCP: The ACE will match IPv4 frames with protocol. IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP. IPv6: The ACE will match all IPv6 standard frames. Action Indicates the forwarding action of the ACE.
Page 170: Dhcp
3.4.2.4 DHCP 3.4.2.4.1 Snooping Statistics Status Description Receive and Transmit Packets Rx and Tx Discover The number of discover (option 53 with value 1) packets received and transmitted. Rx and Tx Offer The number of offer (option 53 with value 2) packets received and transmitted. Rx and Tx Request The number of request (option 53 with value 3) packets received and transmitted.
Page 171: Relay
3.4.2.4.2 Relay Status Description Server Statistics Transmit to Server The number of packets that are relayed from client to server. Transmit Error The number of packets that resulted in errors while being sent to clients. Receive from Server The number of packets received from server. Receive Missing Agent Option The number of packets received without agent information options.
Page 172: Arp Inspection
3.4.2.5 ARP Inspection The Dynamic ARP Inspection Table contains up to 1024 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. The "Start from port address", "VLAN", "MAC address" and "IP address" input fields allow the user to select the starting point in the Dynamic ARP Inspection Table.
Page 173: Aaa
3.4.3 AAA 3.4.3.1 RADIUS Overview Status Description RADIUS Authentication Servers RADIUS server number Click to navigate to detailed statistics for this server. IP Address The IP address and UDP port number (in <IP Address>:<UDP Port> notation) of this server. Status The current status of the server This field takes one of the following values: Disabled: The server is disabled.
Page 174: Radius Details
Click to navigate to detailed statistics for this server. IP Address The IP address and UDP port number (in <IP Address>:<UDP Port> notation) of this server. Status The current status of the server This field takes one of the following values: Disabled: The server is disabled.
Page 175 Authentication Server Description Server # Select a RADIUS server number. Rx Access Accepts RFC4670 name: radiusAuthClientExtAccessAccepts The number of RADIUS Access-Accept packets (valid or invalid) received from the server. Rx Access Rejects RFC4670 name: radiusAuthClientExtAccessRejects The number of RADIUS Access-Reject packets (valid or invalid) received from the server.
Page 176 Access-Request is sent and decremented due to receipt of an Access-Accept, Access-Reject, Access-Challenge, timeout, or retransmission. Tx Timeouts RFC4670 name: radiusAuthClientExtTimeouts The number of authentication timeouts to the server. After a timeout, the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout.
Page 177 server on the accounting port. Rx Packets Dropped RFC4670 name: radiusAccClientExtPacketsDropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason. Tx Requests RFC4670 name: radiusAccClientExtRequests The number of RADIUS packets sent to the server. This does not include retransmissions.
Page 178: Switch-Rmon
3.4.4 Switch-RMON 3.4.4.1 Statistics Status Description Indicates the index of Statistics entry. Data Source(ifIndex) The port ID which wants to be monitored. Drop The total number of events in which packets were dropped by the probe due to lack of resources. Octets The total number of octets of data (including those in bad packets) received on the network.
Page 179: History
127 octets in length. 128~255 The total number of packets (including bad packets) received that were between 128 to 255 octets in length. 256~511 The total number of packets (including bad packets) received that were between 256 to 511 octets in length. 512~1023 The total number of packets (including bad packets) received that were between 512 to 1023 octets in length.
Page 180: Alarm
Jabb. The number of frames which size is larger than 64 octets received with invalid CRC. Coll. The best estimate of the total number of collisions on this Ethernet segment. Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval, in hundredths of a percent.
Page 181 Log Index Indicates the index of the log entry. LogTIme Indicates Event log time LogDescription Indicates the Event description. -181-...
Page 182: Lacp
3.5 LACP 3.5.1 System Status Status Description Aggr ID The Aggregation ID associated with this aggregation instance. For LLAG the id is shown as 'isid:aggr-id' and for GLAGs as 'aggr-id' Partner System ID The system ID (MAC address) of the aggregation partner. Partner Key The Key that the partner has assigned to this aggregation ID.
Page 183: Port Statistics
the aggregation group but will join if other port leaves. Meanwhile it's LACP status is disabled. The key assigned to this port. Only ports with the same key can aggregate together. Aggr ID The Aggregation ID assigned to this aggregation group. IDs 1 and 2 are GLAGs while IDs 3-14 are LLAGs.
Page 184: Loop Protection
3.6 Loop Protection Status Description Port The switch port number of the logical port. Action The currently configured port action. Transmit The currently configured port transmit mode. Loops The number of loops detected on this port. Status The current loop protection status of the port. Loop Whether a loop is currently detected on the port.
Page 185: Spanning Tree
3.7 Spanning Tree 3.7.1 Bridge Status Status Description MSTI The Bridge Instance. This is also a link to the Detailed Bridge Status. Bridge ID The Bridge ID of this Bridge instance. Root ID The Bridge ID of the currently elected root bridge. Root Port The switch port currently assigned the root port role.
Page 186: Port Statistics
CIST State The current STP port state of the CIST port. The port state can be one of the following values: Discarding, Learning, Forwarding. Uptime The time since the bridge port was last initialized. 3.7.3 Port Statistics Status Description Port The switch port number of the logical STP port.
Page 187: Mvr
3.8 MVR 3.8.1 Statistics Status Description VLAN ID The Multicast VLAN ID. IGMP/MLD Queries Received The number of Received Queries for IGMP and MLD, respectively. IGMP/MLD Queries Transmitted The number of Transmitted Queries for IGMP and MLD, respectively. IGMPv1 Joins Received The number of Received IGMPv1 Join's.
Page 188: Mvr Sfm Information
3.8.3 MVR SFM Information Status Description VLAN ID VLAN ID of the group. Group Group address of the group displayed. Port Switch port number. Mode Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis. It can be either Include or Exclude. Source Address IP Address of the source.
Page 189: Ipmc
3.9 IPMC 3.9.1 IGMP Snooping 3.9.1.1 Status Status Description VLAN ID The VLAN ID of the entry. Querier Version Working Querier Version currently. Host Version Working Host Version currently. Querier Status Shows the Querier status is "ACTIVE" or "IDLE". "DISABLE" denotes the specific interface is administratively disabled. Queries Transmitted The number of Transmitted Queries.
Page 190: Groups Information
Static denotes the specific port is configured to be a router port. Dynamic denotes the specific port is learnt to be a router port. Both denote the specific port is configured or learnt to be a router port. Port Switch port number. Status Indicate whether specific port is a router port or not.
Page 191: Mld Snooping
3.9.2 MLD Snooping 3.9.2.1 Status Status Description VLAN ID The VLAN ID of the entry. Querier Version Working Querier Version currently. Host Version Working Host Version currently. Querier Status Shows the Querier status is ACTIVE or IDLE. "DISABLE" denotes the specific interface is administratively disabled. Queries Transmitted The number of Transmitted Queries.
Page 192: Groups Information
3.9.2.2 Groups Information Status Description VLAN ID VLAN ID of the group. Groups Group address of the group displayed. Port Members Ports under this group. 3.9.2.3 IPv6 SFM Information Status Description VLAN ID VLAN ID of the group. Group Group address of the group displayed. Port Switch port number.
Page 193: Lldp
3.10 LLDP 3.10.1 Neighbours Status Description Local Port The port on which the LLDP frame was received. Chassis ID The Chassis ID is the identification of the neighbor's LLDP frames. Port ID The Port ID is the identification of the neighbor port. Port Description Port Description is the port description advertised by the neighbor unit.
Page 194: Lldp-Med Neighbours
3.10.2 LLDP-MED Neighbours Status Description Port The port on which the LLDP frame was received. Device Type LLDP-MED Devices are comprised of two primary Device Types: Network Connectivity Devices and Endpoint Devices. LLDP-MED Network Connectivity Device Definition LLDP-MED Network Connectivity Devices, as defined in TIA-1057, provide access to the IEEE 802 based LAN infrastructure for LLDP-MED Endpoint Devices.
Page 195 however do not support IP media or act as an end-user communication appliance. Such devices may include (but are not limited to) IP Communication Controllers, other communication related servers, or any device requiring basic services as defined in TIA-1057. Discovery services defined in this class include LAN configuration, device location, network policy, power management, and inventory management.
Page 196 7. Reserved Application Type Application Type indicating the primary function of the application(s) defined for this network policy, advertised by an Endpoint or Network Connectivity Device. The possible application types are shown below. 1. Voice - for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services.
Page 197: Poe
Tagged) is used if the device is using priority tagged frames as defined by IEEE 802.1Q-2003, meaning that only the IEEE 802.1D priority level is significant and the default PVID of the ingress port is used instead. Priority Priority is the Layer 2 priority to be used for the specified application type. One of the eight priority levels (0 through 7).
Page 198: Eee
levels of power priority. The three levels are: Critical, High and Low. If the power priority is unknown it is indicated as "Unknown" Maximum Power The Maximum Power Value contains a numerical value that indicates the maximum power in watts required by a PD device from a PSE device, or the minimum power a PSE device is capable of sourcing over a maximum length cable based on its current configuration.
Page 199: Port Statistics
EEE information exchanged via LLDP). Resolved Rx Tw The resolved Rx Tw for this link. Note : NOT the link partner The resolved value that is the actual "tx wakeup time " used for this link (based on EEE information exchanged via LLDP). EEE in Sync Shows whether the switch and the link partner have agreed on wake times.
Page 200 Local Port The port on which LLDP frames are received or transmitted. Tx Frames The number of LLDP frames transmitted on the port. Rx Frames The number of LLDP frames received on the port. Rx Errors The number of received LLDP frames containing some kind of error. Frames Discarded If an LLDP frame is received on a port, and the switch's internal table has run full, the LLDP frame is counted and discarded.
Page 201: Poe
3.11 PoE Status Description Local Port This is the logical port number for this row. PD Class Each PD is classified according to a class that defines the maximum power the PD will use. The PD Class shows the PDs class. Five Classes are defined: Class 0: Max.
Page 202 PoE turned OFF - PD is off. Invalid PD - PD detected, but is not working correctly. PoE Redundancy related Primary port status Normal: Port PoE operation is normal with no failure detected. Fail: PoE failure is detected on the port according to detection mode. Backup port status Standby: Primary port is under normal operation.
Page 203: Mac Table
3.12 MAC Table Status Description Type Indicates whether the entry is a static or a dynamic entry. MAC address The MAC address of the entry. VLAN The VLAN ID of the entry. Port Members The ports that are members of the entry. -203-...
Page 204: Vlans
3.13 VLANs 3.13.1 VLAN Membership Status Description VLAN USER VLAN User module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID. Currently we support the following VLAN user types: Statis: These is referred to CLI/Web/SNMP.
Page 205: Vlan Ports
3.13.2 VLAN Ports VLAN USER VLAN User module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID, UVID. Currently we support following VLAN User types: Statis: This is referred to CLI/Web/SNMP:. NAS: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server.
Page 206 processing. If ingress filtering is enabled and the ingress port is not a member of the classified VLAN, the frame is discarded. Frame Type Shows whether the port accepts all frames or only tagged frames. This parameter affects VLAN ingress processing. If the port only accepts tagged frames, untagged frames received on that port are discarded.
Page 207: Sflow
3.14 sFlow Status Description Owner This field shows the current owner of the sFlow configuration. It assumes one of three values as follows: • If sFlow is currently unconfigured/unclaimed, Owner contains <none>. • If sFlow is currently configured through Web or CLI, Owner contains <Configured through local management>.
Page 208 Port The port number for which the following statistics applies. Rx and Tx Flow Samples The number of flow samples sent to the sFlow receiver originating from this port. Here, flow samples are divided into Rx and Tx flow samples, where Rx flow samples contains the number of packets that were sampled upon reception (ingress) on the port and Tx flow samples contains the number of packets that were sampled upon transmission (egress) on the port.
Page 209: Multi Ring Status
3.15 Multi Ring Status Status Description Group # Ring entities Ring Status Status: [STANDBY] - The ring is normal and with no failure. The backup link is under standby and not activated. [BACKUP] - Failure occurred somewhere on the ring and the master has activated the backup link to support continuous operation of the ring.
Page 210: Relay Alarm Status
Protocol The protocol and role served by the port Ring - normal ring port of the associated redundant ring (Ring ID) Ring (Backup Port) - Backup port of the associated redundant ring (Ring ID) RSTP - the port is serving RSTP instead of Multi-Ring protocol. Ring ID Ring Group ID the port connected 3.16 Relay Alarm Status...
Page 211: Diagnostics
4. Diagnostics Ping & Ping6 Settings Description IP Address The destination IP Address. Ping Length The payload size of the ICMP packet. Values range from 2 bytes to 1452 bytes. Ping Count The count of the ICMP packet. Values range from 1 time to 60 times. Ping Interval The interval of the ICMP packet.
Page 212 Result displayed for a failed ping test Result displayed for a successful ping test New Ping Click to start a new ping test. -212-...
Page 213: Veriphy
4.2 VeriPHY Status Description Port The port where you are requesting Copper Cable Diagnostics. All: select all ports Cable Status Port: Port number. Pair: The status of the cable pair. Pair A, B, C, D The status of the cable pair. OK - Correctly terminated pair Open - Open pair Short - Shorted pair...
Page 214 selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table. Note that VeriPHY is only accurate for cables of length 7 - 140 meters. 10 and 100 Mbps ports will be linked down while running VeriPHY.
Page 215: Sfp Ddm
4.3 SFP DDM Status Description SFP Ports Port numbers which are equipped with slot. Identifier Identification information of the transceiver Connector The connector type used on the transceiver SONET Compliance The SONET compliance information of the transceiver GbE Compliance Gigabit Ethernet compliance information of the transceiver Vendor Name The vendor name of the transceiver Vendor OUI...
Page 216: Maintenance
5. Maintenance 5.1 Restart Device You can reset the stack switch on this page. After reset, the system will boot normally as if you had powered-on the devices. Click to reboot device. The following message is displayed as follows. -216-...
Page 217: Factory Defaults
5.2 Factory Defaults Click to reboot device. “System rebooting” message is displayed as follows. Click to return to the Port State page without rebooting. 5.3 Software 5.3.1 Upload This page facilitates an update of the firmware controlling the switch. Browse Click to the location of a software image Upload Click to start uploading.
Page 218: Image Select
5.3.2 Image Select This page provides information about the active and alternate (backup) firmware images in the device, and allows you to revert to the alternate image. The web page displays two tables with information about the active and alternate firmware images. Note: 1.
Page 219: Configuration
state. Cancel activating the backup image. Navigates away from this page. 5.4 Configuration 5.4.1 Save You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags: Header tags: <?xml version="1.0"?> and <configuration>. These tags are mandatory and must be present at the beginning of the file.
Page 220: Upload
<version val="1"></version> </platform> <global> <mac> <age val="200"></age>> </mac> </global> <switch sid="1"> <mac> <entry port="1-24" learn_mode="auto"></entry> </mac> </switch> </configuration> Save configuration Click to start download of the configuration. 5.4.2 Upload Browse Click to the location of a configuration file Upload Click to start uploading configuration. -220-...
Page 221: Glossary
Glossary C D E F L M N O P Q R S T U V W X Y Z is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID. There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny).
Page 222 past the ACE matching without getting matched. In that case a counter associated with that port is incremented. See the Web page help text for each specific port property. ACL|Rate Limiters: Under this page you can configure the rate limiters. There can be 15 different rate limiters, each ranging from 1-1024K packets per seconds.
Page 223 is an acronym for Continuity Check. It is a functionality that is able to detect loss of continuity in a network by transmitting frames to a peer MEP. is an acronym for Continuity Check Message. It is a frame transmitted from a MEP to it's peer MEP and used to implement functionality.
Page 224 assigned to a second client while the first client's assignment is valid (its lease has not expired). Therefore, IP address pool management is done by the server and not by a human network administrator. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task.
Page 225 network sites or network connection, an attacker may be able to prevent network users from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer. Dotted Decimal Notation Dotted Decimal Notation refers to a method of writing IP addresses using decimal numbers and dots as separators between octets.
Page 226 This processing applies to IGMP and MLD. HTTP HTTP is an acronym for Hypertext Transfer Protocol. It is a protocol that used to transfer or convey information on the World Wide Web (WWW). HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
Page 227 can be centrally controlled from a server, which means that authorized users can use the same credentials for authentication from any point within the network. IGMP IGMP is an acronym for Internet Group Management Protocol. It is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships.
Page 228 IPMC IPMC is an acronym for IP MultiCast. IPMC supports IPv4 and IPv6 multicasting. IPMCv4 denotes multicast for IPv4. IPMCv6 denotes multicast for IPv6. IP Source Guard IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings.
Page 229 last listener for a multicast address or source. In IGMP, this term is called LMQI (Last Member Query Interval). LOC is an acronym for Loss Of Connectivity and is detected by a and is indicating lost connectivity in the network. Can be used as a switch criteria by MAC Table Switching of frames is based upon the DMAC address contained in the frame.
Page 230 in IEEE 802.1D-2005. MSTI It may be necessary to have different topologies for different VLANs, for load-sharing or other purposes. MSTP enables the grouping of multiple VLANs with the same topology requirements into one MST instance (MSTI). Instances are not supported in STP or RSTP, so those two versions have the same spanning-tree in common for all of the VLANs.
Page 231 OAM is an acronym for Operation Administration and Maintenance. It is a protocol described in ITU-T Y.1731 used to implement carrier ethernet functionality. functionality like is based on this Optional TLVs. A LLDP frame contains multiple TLVs For some TLVs it is configurable if the switch shall include the TLV in the LLDP frame. These TLVs are known as optional TLVs.
Page 232 queue. POP3 POP3 is an acronym for Post Office Protocol version 3. It is a protocol for email clients to retrieve email messages from a mail server. POP3 is designed to delete mail on the server as soon as the user has downloaded it. However, some implementations allow users or an administrator to specify that mail be saved for some period of time.
Page 233 Each accessible traffic object contains an identifier to its QCL. The privileges determine specific traffic object to specific QoS class. QL In SyncE this is the Quality Level of a given clock source. This is received on a port in a indicating the quality of the clock received in the port.
Page 234 time being backwards-compatible with STP. SAMBA Samba is a program running under UNIX-like operating systems that provides seamless integration between UNIX and Microsoft Windows machines. Samba acts as file and print servers for Microsoft Windows, IBM OS/2, and other SMB client machines. Samba uses the Server Message Block (SMB) protocol and Common Internet File System (CIFS), which is the underlying protocol used in Microsoft Windows networking.
Page 235 transfer service. SMTP transfers mail messages between systems and notifications regarding incoming mail. SNAP The SubNetwork Access Protocol (SNAP) is a mechanism for multiplexing, on networks using IEEE 802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point (SAP) fields.
Page 236 Spanning Tree Protocol is an OSI layer-2 protocol which ensures a loop free topology for any bridged LAN. The original STP protocol is now obsolete by RSTP. Switch ID Switch IDs (1-?) are used to uniquely identify the switches within a stack. The Switch ID of each switch is shown on the display on the front of the switch and is used widely in the web pages as well as in the CLI commands.
Page 237 network. To start a Telnet session, the client user must log in to a server by entering a valid username and password. Then, the client user can enter commands through the Telnet program just as if they were entering commands directly on the server console. TFTP TFTP is an acronym for Trivial File Transfer Protocol.
Page 238 UPnP UPnP is an acronym for Universal Plug and Play. The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home (data sharing, communications, and entertainment) and in corporate environments for simplified installation of computer components User Priority User Priority is a 3-bit field storing the priority level for the 802.1Q frame.
Page 239 (Wikipedia). WiFi WiFi is an acronym for Wireless Fidelity. It is meant to be used generically when referring of any type of 802.11 network, whether 802.11b, 802.11a, dual-band, etc. The term is promulgated by the Wi-Fi Alliance. WPA is an acronym for Wi-Fi Protected Access. It was created in response to several serious weaknesses researchers had found in the previous system , Wired Equivalent Privacy (WEP).
Page 240 level assigned to a frame results in a higher probability that the frame is dropped during times of congestion. WTR is an acronym for Wait To Restore. This is the time a fail on a resource has to be 'not active' before restoration back to this (previously failing) resource is done.

KTI Networks KGS-1064-HP User Manual

1 Web Management

2 Configuration

3 Monitor

4 Diagnostics

5 Maintenance

Glossary

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KTI Networks KGS-1064-HP

Summary of Contents for KTI Networks KGS-1064-HP