Planet FGSW-2624SF User Manual

Planet FGSW-2624SF User Manual

24 port 10/100mbps with 2g tp/sfp combo managed ethernet switch 24 100base-fx sfp slots with 2g tp/sfp combo managed ethernet switch
Hide thumbs Also See for FGSW-2624SF:
Table of Contents

Advertisement

FGSW-2620VM / FGSW-2624SF User's Manual
User's Manual
FGSW-2620VM
24-Port 10/100Mbps with
2G TP/SFP Combo
Managed Ethernet Switch
FGSW-2624SF
24 100Base-FX SFP Slots with
2G TP/SFP Combo
Managed Ethernet Switch
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FGSW-2624SF and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Planet FGSW-2624SF

  • Page 1 FGSW-2620VM / FGSW-2624SF User’s Manual User's Manual FGSW-2620VM 24-Port 10/100Mbps with 2G TP/SFP Combo Managed Ethernet Switch FGSW-2624SF 24 100Base-FX SFP Slots with 2G TP/SFP Combo Managed Ethernet Switch...
  • Page 2: Ce Mark Warning

    Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose.
  • Page 3: Table Of Contents

    4.1.1.1 Basic...23 4.1.1.2 Advanced...24 4.1.2 IP Configuration ...25 4.1.3 Account Password ...26 4.1.4 SNMP Management...27 4.1.4.1 System Configuration ...27 4.1.4.2 Trap Configuration ...28 4.1.5 TFTP Upgrade ...29 FGSW-2620VM / FGSW-2624SF User’s Manual Table of Contents ... 19 ... 20 ... 22...
  • Page 4 4.5.1.2 Per port Configuration...68 4.5.1.3 802.1X Client Configuration...70 4.5.1.4 Misc Configuration ...73 4.5.2 Access Control List ...74 4.5.3 Static MAC Address ...75 4.5.4 MAC Filter...76 4.5.5 IP Secuity...77 5. SWITCH OPERATION...78 5.1 A ... 78 DDRESS ABLE 5.2 L ... 78 EARNING 5.3 F...
  • Page 5 Case 2: Deny specific Source IP Address – Class C ...87 Case 3: Deny specific VLAN packets...89 Case 4: Deny Specify Protocol – HTTP / WWW ...91 Case 5: Deny Specify Protocol – SMTP ...93 FGSW-2620VM / FGSW-2624SF User’s Manual ... 80 ... 81 SSIGNMENTS...
  • Page 6: How To Use Thi Manual

    APPENDIX, CABLE PIN ASSIGNMENT The chapter contains cable information of the Switch. In the following section, terms “Managed Switch” with upper case denote the FGSW-2620VM / FGSW-2624SF Ethernet Switch. Terms with lower case "switch" means any Ethernet switches. FGSW-2620VM / FGSW-2624SF User’s Manual Switch by Web interface.
  • Page 7: Product Feature

    ■ MAC Filter and Static MAC ■ IP Security for management security ■ IEEE 802.1x Port-Based authentication Management ■ Web interface for Switch basic management and setup ■ Supports SNMP v1 switch management ■ SNMP trap for interface Link Up and Link Down notification...
  • Page 8: Product Specification

    Management Interface Port Configuration Port Status Trunk Configuration VLAN Configuration Spanning Tree Protocol Port Monitoring FGSW-2620VM / FGSW-2624SF User’s Manual FGSW-2620VM 24 10/100Base-TX RJ-45 Auto-MDI/MDI-X ports 2 10/100/1000Base-T RJ-45, Auto-MDI/MDI-X ports 2 1000Base-SX/LX SFP slots, shared with Port-25 and Port-26 Store-and-Forward 6.547Mpps...
  • Page 9 IEEE 802.3z Standards Compliance IEEE 802.3x IEEE 802.1Q IEEE 802.1p IEEE 802.1X IEEE 802.1w The specification of FGSW-2624SF is for hardware version 2 only. FGSW-2620VM / FGSW-2624SF User’s Manual Ethernet Fast Ethernet Gigabit Ethernet Gigabit Ethernet Full-duplex flow control Tag-Based VLAN...
  • Page 10: Installation

    This section describes the functionalities of the FGSW Managed Switch's components and guides how to install it on the desktop or shelf. Basic knowledge of networking is assumed. Please read this chapter completely before continuing. 2.1 Product Description The PLANET FGSW Managed Switch offers 24 10/100Mbps Fast Ethernet ports or 24 100Base-FX SFP slots with 2 Gigabit TP/SFP combo ports (Port-25, 26).
  • Page 11: Switch Front Panel

    2.1.2 Switch Front Panel The unit front panel provides a simple interface monitoring the Switch. Figure 2-1 to 2-2 shows the front panel of the Managed Switches. FGSW-2620VM Front Panel FGSW-2624SF Front Panel 2.1.3 LED Indications The front panel LEDs indicates instant status of port links, data activity and system power; helps monitor and troubleshoot when needed.
  • Page 12 Off: indicate that the port is operating at 10Mbps or 100Mbps. LNK/ACT 1000 Green Blink: indicate that the switch is actively sending or receiving data over that port. Lit: indicate that the port is operating at 100Mbps. Off: indicate that the port is operating at 10Mbps or 1000Mbps.
  • Page 13: Switch Rear Panel

    2.1.4 Switch Rear Panel The rear panel of the Managed Switch indicates an AC inlet power socket, which accepts input power from 100 to 240V AC, 50-60Hz. Figure 2-3 and Figure 2-4 shows the rear panel of the Switch FGSW-2620VM Rear Panel...
  • Page 14: Install The Switch

    2.2 Install the Switch This section describes how to install the Managed Switch and make connections to it. Please read the following topics and perform the procedures in the order being presented. 2.2.1 Desktop Installation To install the Managed Switch on desktop or shelf, please follows these steps: Step1: Attach the rubber feet to the recessed areas on the bottom of the Managed Switch.
  • Page 15 Step4: Follow the same steps to attach the second bracket to the opposite side. Step5: After the brackets are attached to the Managed Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-6.
  • Page 16: Installing The Sfp Transceiver

    PLANET Managed Switches supports both single mode and multi mode SFP transceiver. The following list of approved PLANET SFP transceivers is correct at the time of publication: 100Base-FX SFP transceiver (FGSW-2624SF / 100Base-FX SFP Slot only): ■MFB-FX SFP (100Base-FX SFP transceiver – Multi mode / 2km / TX 1300nm) ■MFB-F20 SFP (100Base-FX SFP transceiver –...
  • Page 17 Connect the other end of the cable to a device – switches with SFP installed, fiber NIC on a workstation or a Media Converter.. Check the LNK/ACT LED of the SFP slot on the front of the Switch. Ensure that the SFP transceiver is operating correctly.
  • Page 18 FGSW-2620VM / FGSW-2624SF User’s Manual Figure 2-8 Pull out the SFP transceiver Never pull out the module without pull the handle or the push bolts on the module. Direct pull out the module with violent could damage the module and SFP module slot of the Managed...
  • Page 19: Switch Management

    3.1 About Web-based Management Inside the CPU board of the Managed Switch exist an embedded HTML web site residing in flash memory. It offers advanced management features and allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer.
  • Page 20: Preparing For Web Management

    3.3 Preparing for Web Management The following shows how to start up the Web Management of the Managed Switch. Note the FGSW Managed Switch is configured through an Ethernet connection, please make sure the manager PC must be set on the same IP subnet address.
  • Page 21 FGSW-2620VM / FGSW-2624SF User’s Manual Figure 3-2 Login screen Click "Enter" or "OK", then the home screen of the Web-based management appears. Figure 3-3 FGSW-2620VM Web Management Interface...
  • Page 22: Online Help

    3.6 View the Port Information You can direct click the port on the Switch figure on the top of web page. Then, you will see the port information. Figure 3-4 Port information interface...
  • Page 23: Web-Based Management

    To modify your PC’s IP domain to the same with Managed Switch then use the default IP address (192.168.0.100) to remote configure Managed Switch through the Web interface. Notice: The following section will base on the Web screens of FGSW-2620VM, for FGSW-2624SF the display will be the same to FGSW-2620VM. 4.1 System...
  • Page 24: Advanced

    1/2, 1/4, 1/8, 1/16 and off. Default is “1/4”. Provide Collision Retry Forever function ”Disable” or ”Enable” on Switch; If this function is disabled, when a packet meet a collision, the Switch will retry 6 times before discard the packets. Otherwise, the Switch will retry until the packet is successfully sent.
  • Page 25: Ip Configuration

    DHCP will not effective and the switch will continue using the manually entered static IP. If you have changed the switch to a static IP address, you can set the IP address back to its default IP address or you can reset the Switch back to factory default.
  • Page 26: Account Password

    You can change web management login user name and password. Object User name New Password Confirm password Apply button FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-1-4 Account password screenshot Description Type the new user name. The default is "admin". Type the new password.
  • Page 27: Snmp Management

    You can define management stations as trap managers and to enter SNMP community strings. You also can define a name, location, and contact person for the Switch. Fill in the system options data, and then click Apply to update the changes.
  • Page 28: Trap Configuration

    Trap Manager A trap manager is a management station that receives traps, the system alerts generated by the switch. If no trap manager is defined, no traps will issue. Create a trap manager by entering the IP address of the station and a community string.
  • Page 29: Tftp Upgrade

    4.1.5 TFTP Upgrade It provides the functions to allow a user to update the Switch firmware. Before updating, make sure you have your TFTP server ready and the firmware image is on the TFTP server. Figure 4-1-7 TFTP Update Firmware screentshot...
  • Page 30: System Reboot

    FGSW-2620VM / FGSW-2624SF User’s Manual 4.1.7 System Reboot Reboot the Switch in software reset. Click button to reboot the Switch. Figure 4-1-9 System Reboot screenshot...
  • Page 31: Port Configuration

    Port trunk. We will describe the configure detail in following. 4.2.1 Port Control This section introduces detail settings of per port on Switch; the screen in Figure 4-2-1 appears and following table descriptions the Port Configuration objects of the Switch. Object...
  • Page 32 FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-2-2 Select the Port Control screenshot For the model FGSw-2624SF, Port-1 to Port-24 is set to 100Full as default setting.
  • Page 33: Port Mirror

    Monitor Port The ports you want to monitor. All monitor port traffic will be copied to mirror port. You can select max 25 monitor ports in the switch. User can choose which port wants to monitor in only one mirror mode.
  • Page 34: Bandwidth Control

    4.2.3 Bandwidth Control This section provides current rate limit and traffic shapping status of each port from the Switch, the screen in Figure 4-2-4 appears. Object Description InRate* Input the value of packet rate sent from the connected port to this port must enable the flow control feature of this port for the function to work normally.
  • Page 35: Port Statistics

    The state of the link, indicating a valid link partner device. "Up" means a device is successful connected to the port. “Down” means no device is connected. State Display the port Disable or Enable state of each port on the Switch. Clear button Press the button to clean all counts. FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 36: Port Trunk

    This feature can expand bandwidth to a device on the network. LACP operation requires full-duplex mode, more detail information refers to IEEE 802.3ad. 4.2.5.1 Aggregator setting This section provides Port Trunk-Aggregator Setting of each port from the Switch, the screen in Figure 4-2-6 appears. Object Description System Priority A value used to identify the active LACP.
  • Page 37: Aggregator Information

    When you had setup the LACP aggregator, you will see relation information in here. Figure 4-2-7 Trunking - Aggregator Information interface Object Description Group Key Indicates the Static Trunking Groupd ID. Port Member Indicates the selected ports that joined the Trunk group. FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 38: Aggregator State Activity

    LACP protocol packet from the opposite device. If you are active LACP's actor, when you are select trunking port, the active status will be created automatically. FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-2-8 Trunking – State Activity interface...
  • Page 39: Switching

    A weighted round robin system is employed on the Switch to determine the rate at which the queues are emptied of packets. The ratio used for clearing the queues is 4:1. This means that the highest priority queue, Queue 1, will clear 4 packets for every 1 packet cleared from Queue 0.
  • Page 40 Port-based VLAN Port-based VLAN limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire department.
  • Page 41: Port Vlan Id

    Some relevant terms: Tagging - The act of putting 802.1Q VLAN information into the header of a packet. Untagging - The act of stripping 802.1Q VLAN information out of the packet header. 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the Ether Type field.
  • Page 42: Vlan Configuration

    Because of the existence of the PVID for untagged packets and the VID for tagged packets, tag-aware and tag-unaware network devices can coexist on the same network. A switch port can have only one PVID, but can have as many VID as the switch has memory in its VLAN table to store them.
  • Page 43: Port-Based Vlan

    VLAN group. Then the following figure appears. Enter the VLAN Group ID, the available range is 2-4094. Select the members for the VLAN group. Click button. You will see the VLAN Group displays. FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-3-1 VLAN – PortBase interface...
  • Page 44: 802.1Q Vlan

    Tagged-based VLAN is an IEEE 802.1Q specification standard. Therefore, it is possible to create a VLAN across devices from different switch venders. IEEE 802.1Q VLAN uses a technique to insert a "tag" into the Ethernet frames. Tag contains a VLAN Identifier (VID) that indicates the VLAN numbers.
  • Page 45 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an untagging port will have no 802.1Q VLAN information. (Remember that the PVID is only used internally within the Switch). Untagging is used to send packets from an 802.1Q-compliant network device to a non-compliant network device.
  • Page 46 If there are many groups that over the limit of one page, you can click button to delete unwanted VLAN. button to modify existing VLAN group. Eable 802.1Q VLAN, the all ports on the switch belong to default VLAN, VID is 1. The default VLAN can't be deleting. FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 47: 802.1Q Ingress Filter

    FGSW-2620VM / FGSW-2624SF User’s Manual 4.3.1.2 802.1Q Ingress Filter This section provides 802.1Q Ingress Filter of each port from the Switch, the screen in Figure 4-3-5 appears. Figure 4-3-5 802.1Q Ingress filter interface...
  • Page 48: Rapid Spaning Tree

    。 Creates a single spanning tree from any combination of switching or bridging elements. 。 Creates multiple spanning trees – from any combination of ports contained within a single switch, in user specified groups. 。 Automatically reconfigures the spanning tree to compensate for the failure, addition, or removal of any element in the tree.
  • Page 49 Creating a Stable STP Topology It is to make the root port a fastest link. If all switches have STP enabled with default settings, the switch with the lowest MAC address in the network will become the root switch. By increasing the priority (lowering the priority number) of the best switch, STP can be forced to select the best switch as the root switch.
  • Page 50 STP Operation Levels The Switch allows for two levels of operation: the switch level and the port level. The switch level forms a spanning tree consisting of links between one or more switches. The port level constructs a spanning tree consisting of groups of one or more ports.
  • Page 51 On the switch level, STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges. On the port level, STP sets the Root Port and the Designated Ports. The following are the user-configurable STP parameters for the switch level:...
  • Page 52 STP assistance is not applied. If switch A broadcasts a packet to switch B, switch B will broadcast it to switch C, and switch C will broadcast it to back to switch A ... and so on. The broadcast packet will be passed indefinitely in a loop, potentially causing a network failure.
  • Page 53 LAN 2 The switch with the lowest Bridge ID (switch C) was elected the root bridge, and the ports were selected to give a high port cost between switches B and C. The two (optional) Gigabit ports (default port cost = 4) on switch A are connected to FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 54: System Configuration

    (optional) Gigabit port on both switch B and C. The redundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link (default port cost = 19). Gigabit ports could be used, but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link.
  • Page 55: Per Port Configuration

    Admin Non Stp If true, this port will not participate in RSTP. Apply button Press the button to save the modification. FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 56: Igmp Snooping

    A host will send a “leave” report when it wants to leave a group (for version 2). Multicast routers send IGMP queries (to the all-hosts group address: 224.0.0.1) periodically to see whether any group FGSW-2620VM / FGSW-2624SF User’s Manual Checksum...
  • Page 57 IGMP. Enabling IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch. IGMP have three fundamental types of message as follows: FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 58 Message A message sent from the querier (IGMP router or switch) asking for a response from Query each host belonging to the multicast group. A message sent by a host to the querier to indicate that the host wants to be or is a Report member of a given group indicated in the report message.
  • Page 59: Forwarding Table

    You can configure forwarding table of every port, the screen in Figure 4-3-9. Object Description Port No Indicate port 1 to port 26. Current MAC Address List the source MAC addresses those be learned on the specify port. FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-3-9 Forwarding Table screen...
  • Page 60: Qos

    QoS reduces bandwidth limitations, delay, loss, and jitter. It also provides increased reliability for delivery of your data and allows you to prioritize certain applications across your network. You can define exactly how you want the switch to treat selected applications and types of traffic.
  • Page 61 FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-4-1 QoS Configuration Web Page screen...
  • Page 62: Security

    Highest:secHigh:SecLow:Lowest=15:10:5:1 Default mode is Highest:secHigh:SecLow:Lowest=8:4:2:1 Static Port Ingress Allow to assign Ingress priority on each port of the Switch, the available options are OFF and Priority 0-7. Default mode is 0. 802.1p Priority [7-0] Allow assign high and low on each priority, the available options are shown as below: Lowest, SecLow, SecHigh, Highest.
  • Page 63: 802.1X/Radius

    Authentication server—performs the actual authentication of the client. The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client. In this release, the Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server;...
  • Page 64 EAP frame, which is then encapsulated for Ethernet and sent to the client. Authentication Initiation and Message Exchange The switch or the client can initiate authentication. If you enable authentication on a port by using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the port link state transitions from down to up.
  • Page 65 Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets.
  • Page 66: System Configuration

    Figure 4-5-1 802.1x Configuration - System Configuration interface Radius Server — In this situation, need a Radius server in the network, the normal topologies as below Select the “Radius Server” mode. The RADIUS Server configuration table includes the following fields: FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 67 Press this button to save the value on the Switch. Setup the RADIUS server and assign the client IP address to the Web-Smart switch. In this case, field in the default IP Address of the Web-Smart switch with 192.168.0.100. And also make sure the shared secret key is as same as the one you had set at the switch RADIUS server –...
  • Page 68: Per Port Configuration

    Press this button to save the value on the Switch. Set the Ports Authenticate Status to “Authorized” if the port is connected to the RADIUS server or the port is a uplink port that is connected to another switch. Or once the 802.1X stat to work, the Notice: switch might not be able to access the RADIUS server.
  • Page 69 Radius Server PC. For example, the Radius Server founded on Win2000 Server, and then: Enter ” Active Directory Users and Computers”, create legal user data, the next, right-click a user what you created to enter properties, and what to be noticed: FGSW-2620VM / FGSW-2624SF User’s Manual...
  • Page 70: 802.1X Client Configuration

    The following procedures show how to configure 802.1X Authentication in Windows XP. Please note that if you want to change the 802.1x authentication type of a wireless client, i.e. switch to EAP-TLS from EAP-MD5, you must remove the current existing wireless network from your preferred connection first, and add it in again.
  • Page 71 Select “Enable network access control using IEEE 802.1X” to enable 802.1x authentication. Select “MD-5 Challenge” from the drop-down list box for EAP type. Click “OK”. When client has associated with the switch, a user authentication notice appears in system tray. Click on the notice to continue.
  • Page 72 FGSW-2620VM / FGSW-2624SF User’s Manual Enter the user name, password and the logon domain that your account belongs. 10. Click “OK” to complete the validation process.
  • Page 73: Misc Configuration

    Set the period the port waits to retransmit next EAPOL PDU during an authentication session. Supplicant Timeout Set the period of time the switch waits for a supplicant response to an EAP request. Server Timeout Set the period of time the switch waits for a server response to an authentication request.
  • Page 74: Access Control List

    Current List Display “IPv4” or “Non-IPv4” ACL groups, maximum up to 16 groups. Add button Press this button for add Access Control List group on the Switch. Del button Press this button for delete Access Control List group on theSwitch.
  • Page 75: Static Mac Address

    4.5.3 Static MAC Address When you add a static MAC address, it remains in the switch's address table, regardless of whether the device is physically connected to the switch. This saves the switch from having to re-learn a device's MAC address when the disconnected or powered-off device is active on the network again.
  • Page 76: Mac Filter

    4.5.4 MAC Filter MAC address filtering allows the switch to drop unwanted traffic. Traffic is filtered based on the destination addresses. To filter the MAC Address, click on the Security/MAC Filtering menu button, the main web page then shows the MAC Filter function table.
  • Page 77: Ip Secuity

    Enter the MAC address that wants to filter. VLAN ID If tag-based (802.1Q) VLAN are set up on the switch, in the VLAN ID box, type the VID to associate with the MAC address. Press this button for add MAC filtering on the Switch.
  • Page 78: Addres Table

    5.2 Learning When one packet comes in from any port. The Switch will record the source address, port no. And the other related information in address table. This information will be used to decide either forwarding or filtering for future packets.
  • Page 79: Auto-Negotiation

    This confines network traffic to its respective domain, reducing the overall load on the network. The Switch performs "Store and forward" therefore, no error packets occur. More reliably, it reduces the re-transmission rate. No packet loss will occur.
  • Page 80: Troubleshooting

    6.1 Incorrect connections The switch port can auto detect straight or crossover cable when you link switch with other Ethernet device. For the RJ-45 connector should use correct UTP or STP cable, 10/100Mbps port use 2 pairs twisted cable. If the RJ-45 connector is not correct pin on right position then the link will fail.
  • Page 81: Appendix A: Cable Pin Assignment

    "+" and "-" signs represent the polarity of the wires that make up each wire pair. All ports on this switch support automatic MDI/MDI-X operation, you can use straight-through cables for all network connections to PCs or servers, or to other switches or hubs. In straight-through cable, pins 1, 2, 3, and 6, at one end of the cable, are connected straight through to pins 1, 2, 3 and 6 at the other end of the cable.
  • Page 82: Cable Pin Assignment

    Figure 7-1: Straight-Through and Crossover Cable Please make sure your connected cables are with same pin assignment and color as above picture before deploying the cables into your network. FGSW-2620VM / FGSW-2624SF User’s Manual SIDE 1 SIDE 1 1 = White / Orange...
  • Page 83: Appendix B : Access Control List Application Guide

    (Permit/Deny) is taken and the additional rules are not checked for a match. On this sample the switch to which an ACL applies must be specified, as well as whether it applies to inbound or outbound traffic.
  • Page 84: Before The Acl Configure

    FGSW-2620VM / FGSW-2624SF User’s Manual Before the ACL Configure … Notice – It is important to set the VLAN mode to “Port-Based” or “802.1Q” VLAN before you start the ACL configure. Due to the ACL will check the VLAN ID if necessary, the VLAN mode must be set to Port-Based or 802.1Q mode. And once the VLAN mode is changed, the system has to reboot to apply the new settings.
  • Page 85: Case 1: Deny Specific Source Ip Address - Host

    No matter IP packets form the target be transmitted to Internet or Intranet within the same IP segment, they will be dropped. Case Design: Action Match Source IP Address Destination IP Address Device Connection and Configuration: FGSW-2620VM / FGSW-2624SF User’s Manual DENY Host IP 192.168.1.1 / 255.255.255.255...
  • Page 86 FGSW-2620VM / FGSW-2624SF User’s Manual Stream Target Protocol Source Address Destination Address Host 192.168.1.1 ACL Policy Configuration: ACL Policy Entry:...
  • Page 87: Case 2: Deny Specific Source Ip Address - Class C

    No matter IP packets form the targets be transmitted to Internet or Intranet within the same IP segment, they will be dropped. Case Design: Action Match Source IP Address Destination IP Address Device Connection and Configuration: FGSW-2620VM / FGSW-2624SF User’s Manual DENY Class C 192.168.1.0 / 255.255.255.0...
  • Page 88 FGSW-2620VM / FGSW-2624SF User’s Manual Stream Target Protocol Source Address Destination Address Class C 192.168.1.0 / 255.255.255.0 ACL Policy Configuration: ACL Policy Entry:...
  • Page 89: Case 3: Deny Specific Vlan Packets

    Packets with VLAN ID= specific ACL VLAN ID will be dropped. Packets with VLAN ID not match the specific ACL VLAN ID will be forwarded. Case Design: Action Match Source IP Address Destination IP Address Device Connection and Configuration: FGSW-2620VM / FGSW-2624SF User’s Manual DENY VLAN...
  • Page 90 FGSW-2620VM / FGSW-2624SF User’s Manual ACL Policy Configuration:...
  • Page 91: Case 4: Deny Specify Protocol - Http / Www

    Packets with Layer 4 protocol not match the specific ACL protocol will be forwarded. Case Design: Action Match Service Type Source IP Address Destination IP Address Device Connection and Configuration: FGSW-2620VM / FGSW-2624SF User’s Manual DENY Protocol HTTP/WWW ( Port 80) Host...
  • Page 92 FGSW-2620VM / FGSW-2624SF User’s Manual Stream Target Protocol Source Address Destination Address 192.168.1.1 / HTTP Host 255.255.255.255 ( Port 80) ACL Policy Configuration: ACL Policy Entry:...
  • Page 93: Case 5: Deny Specify Protocol - Smtp

    SMTP packets from specific Host IP Address will be dropped. Other packets from specific Host IP Address will be forwarded. Case Design: Action Match Service Type Source IP Address Destination IP Address Device Connection and Configuration: FGSW-2620VM / FGSW-2624SF User’s Manual DENY Protocol SMTP ( Port 25) Host...
  • Page 94 FGSW-2620VM / FGSW-2624SF User’s Manual ACL Policy Configuration: ACL Policy Entry:...
  • Page 95: Ec Declaration Of Conformity

    EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port 10/100 + 2 Gigabit TP/SFP Combo Layer 2 Managed Ethernet Switch *Model Number: FGSW-2620VM * Produced by: Manufacturer‘s Name : Planet Technology Corp. Manufacturer‘s Address : 11F, No. 96, Min Chuan Road, Hsin Tien Taipei, Taiwan, R.O.C.
  • Page 96 EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port 100Mbps SFP + 2 Gigabit TP/SFP Combo Web Smart Ethernet Switch *Model Number: FGSW-2624SF * Produced by: Manufacturer‘s Name : Planet Technology Corp. Manufacturer‘s Address: 11F, No 96, Min Chuan Road Hsin Tien, Taipei, Taiwan , R.

This manual is also suitable for:

Fgsw-2620vm

Table of Contents