Page 1 24 x 10/100/1000Base-T PoE + 2 Gigabit SFP Port ALL-SG8926PM User’s Manual...
Page 2 Default-IP 192.168.2.1 Password: admin FCC Warning This Equipment has been tested and found to comply with the limits for a Class-A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy.
Page 3: Table Of Contents
Content 1. Products Overview ..................8 1.1 Major Management Features ..............8 1.2 Product Specification ................. 9 1.3 Package Contents ..................12 1.4 UL Warning ....................12 2. Hardware Description ................13 3. Preparation for Management ..............15 3.1 Preparation for Serial Console ..............15 3.2 Preparation for Web Interface ..............
Page 4 4.4.2.5 IP Source Guard Configuration ............77 4.4.2.6 ARP Inspection ................... 79 4.4.3 Security / AAA Authentication Server Configuration ......81 4.5 Aggregation Configuration ..............84 4.5.1 Static Aggregation ................84 4.5.2 LACP - Dynamic Aggregation ............... 85 4.6 Loop Protection ..................87 4.7 Spanning Tree ..................
Page 5 4.16 Voice VLAN Configuration ..............131 4.16.1 Voice VLAN / Configuration .............. 131 4.16.2 Voice VLAN / OUI Configuration ............133 4.17 QoS ....................... 134 4.17.1 QoS / Ingress Port Classification ............134 4.17.2 QoS / Ingress Port Policer Config ............135 4.17.3 QoS / Port Scheduler .................
Page 6 5.20 sFlow Configuration................184 5.21 Diagnostic Commands ................. 185 5.22 Maintenance Commands ..............186 6. Web Configuration - Monitor, Diagnostic, Maintenance ...... 188 6.1 Monitor ....................188 6.1.1 Monitor / System ................. 188 6.1.1.1 Monitor / System / Information ............188 6.1.1.2 CPU Load ..................
Page 7 6.1.9.2 LLDP MED Neighbours ..............251 6.1.9.3 LLDP PoE ................... 255 6.1.9.4 LLDP EEE ................... 256 6.1.9.5 LLDP Statistics ................... 258 6.1.10 Dynamic MAC Table ................260 6.1.11 VLAN Membership Status ..............261 6.1.13 VCL MAC-Based VLAN Status ............265 6.1.14 sFlow ....................
Page 8: Products Overview
1. Products Overview The switch is a 26-Port Layer 2 Full Management Gigabit PoE Switch which equips with 24-port 10/100/1000M RJ-45 plus 2 Gigabit SFP Open Slot. The Ethernet Ports support IEEE 802.3at PoE, each port supports up to 30W, the system supports up to 500W power. The SFP open slots are available different types SFP transceivers to extend the transmission distance up to hundred kilometers.
Page 9: Product Specification
1.2 Product Specification Hardware Specification Total Port 10/100/1000 Mbps Gigabit SFP Interface Auto-negotiation and Auto-MDIX Backpressure for half duplex, Flow Control 802.3x for full duplex Console -RJ45(RS-232) System (State / Color) Port (State: Link/Act / Color) PoE (State: On / Color) 416MHz Flash 16MB...
Page 10 Software Specification IEEE 802.3 - 10Base-T IEEE 802.3u - 100Base-TX IEEE 802.3ab - 1000Base-T IEEE 802.3z - 1000Base-SX/LX IEEE 802.3x - Flow Control IEEE 802.1Q - VLAN IEEE 802.1p - Class of Service IEEE 802.1D - Spanning Tree Standard IEEE 802.1w - Rapid Spanning Tree IEEE 802.1s - Multiple Spanning Tree IEEE 802.3ad - Link Aggregation Control Protocol (LACP) IEEE802.1v - Protocol VLAN...
Page 11 Loop Protection Protect the unexpected network loop by shutdown port IEEE 802.1D - Legacy Spanning Tree IEEE 802.1w - Rapid Spanning Tree Spanning tree IEEE 802.1s - Multiple Spanning Tree BPDU Guard, BPDU Filtering IGMP Snooping v1/v2/v3, MLD(IPv6) Snooping v1/v2 Multicast Maximum 8K Multicast Groups IGMP/MLD Queries, Router Port, Proxy, Immediate Leave...
Page 12: Package Contents
VeriPH HY Diagnost intenance IPv4/V6 6 Ping Diagn nostics CPU M Monitor Per po rt POE State e Enable/Dis sable Maxim mum system/ /port PoE po ower setting Specificatio Port po ower priorit ty setting PD Sta tus monitor ring te: We reser rve the righ ht to chang...
Page 13: Hardware Description
2. Hardware Description This section mainly describes the hardware of Full L2 Management Network Switch and gives a physical and functional overview on the certain switch. Front Panel The front panel of the L2 management switch consists of 24 10/100/1000 Base-TX RJ-45 ports and 2 gigabit uplink SFP ports.
Page 14 Hardware Installation The switch is usually mounted in the 19” rack, the rack is usually installed in IT room or other secured place. The switch supports AC power input, PoE delivery and rackmount mounting. Make sure all the power cables, Ethernet cables, screws and the air circulation are well prepared and installed as below description.
Page 15: Preparation For Management
3. Preparation for Management The switch provides both in-band and out-band configuration methods. Out-band Management: You can configure the switch via RS232 console cable if you don’t attach your admin PC to your network, or if you lose network connection to your switch. It wouldn’t be affected by network performance.
Page 16: Preparation For Web Interface
Figure 3-2 Putty Configuration Figure 3-3 Putty Login Screen 3.2 Preparation for Web Interface The web management page allows you to use a standard web-browser such as Microsoft Internet Explorer, Google Chrome or Mozilla Firefox, to configure and interrogate the switch from anywhere on the network.
Page 17 5. Launc ch the web browser (Int ternet Explo orer or Mozi lla Firefox) o on the PC. Type http://192. 168.2.1 (or the IP addre ess of the sw witch). And t then press E Enter. 7. The lo ogin screen will appear next.
Page 18: Preparation For Telnet/Ssh Interface
3.3 Preparation for Telnet/SSH Interface If your Windows OS is Win XP, Win 2000 or early version, you can access the Telnet console by default command. If your OS is Windows 7 or later version, please download the terminal tool, such as Hyper Terminal or PuTTY. The switch support both Telnet and SSH console.
Page 19 If you choose Telnet connection, there is no such cipher information and window. It goes to next step directly. After few seconds, the Telnet/SSH connection is established, the login page of Telnet/SSH is the same as console. The command line of Telnet, SSH and console are all the same.
Page 20: Feature Configuration - Web Ui
4. Feature Configuration - Web UI The switch provides abundant software features, after login the switch, you can start configuring the settings or monitoring the status. There is one question mark on the right top of the screen, so you can also click the question mark to get help from the system. Following are the Web UI configuration guide for your reference.
Page 21: Ip Configuration
4.1.2 IP Configuration: Configure the switch-managed IP information on this page: The “Configured” column is used to view or change the IP configuration. The “Current” column is used to show the active IP configuration. DHCP Client Enable the DHCP client by checking this box. If DHCP fails and the configured IP address is zero, DHCP will retry.
Page 22: Ipv6 Configuration
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. Renew: Click to renew DHCP. This button is only available if DHCP is enabled. 4.1.3 IPv6 Configuration Configure the switch-managed IPv6 information on this page: The “Configured”...
Page 23: Ntp Configuration
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. Renew: Click to renew IPv6 AUTOCONF. This button is only available if IPv6 AUTOCONF is enabled. 4.1.4 NTP Configuration: NTP is short of Network Time Protocol. Network Time Protocol (NTP) is used to synchronize time clocks on the internet.
Page 24: System Log Configuration
4.1.5 System Log Configuration: System Log is useful to provide system administrator monitor switch events history. The switch supports syslog server mode. User can install the syslog server in one computer, then configure the server address and event types in the switch's system log configuration. When the events occur, the switch will send information or warning message to the syslog server.
Page 25: Power Reduction
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.2 Power Reduction 4.2.1 LED Power Reduction Configuration LEDs Intensity The LEDs power consumption can be reduced by lowering the LEDs intensity. LEDs intensity could for example be lowered during night time, or they could be turn completely off.
Page 26: Eee Configuration
Time The time at which the LEDs intensity shall be set. The time setting is step by one hour. Intensity The LEDs intensity (100% = Full power, 0% = LED off) Maintenance Time When a network administrator does maintenance of the switch (e.g. adding or moving users) he might want to have full LED intensity during the maintenance period.
Page 27: Port Configuration
EEE is a power saving option that reduces the power usage when there is very low traffic utilization (or no traffic). EEE works by powering down circuits when there is no traffic. When a port gets data to be transmitted all circuits are powered up. The time it takes to power up the circuits is named wakeup time.
Page 28 Port This is the port number for this row. Link The current link state is displayed graphically. Green indicates the link is up and red that it is down. Current Link Speed Provides the current link speed of the port. Ex: 1Gfdx: 1G indicates the Gigabit Speed, fdx indicates the Full Duplex Mode.
Page 29: Security Configuration
Flow Control When Auto Speed is selected on a port, this section indicates the flow control capability that is advertised to the link partner. When a fixed-speed setting is selected, that is what is used. The Current Rx column indicates whether pause frames on the port are obeyed, and the Current Tx column indicates whether pause frames on the port are transmitted.
Page 30 Add New User/Edit User Click "Add New User", the configuration page goes to "Add User" screen. You can see the User Setting table, follow the below instruction to fill the table. Click the created User Name, the page goes to "Edit User" screen, you can change the settings on it: User Name A string identifying the user name that this entry should belong to.
Page 31: Security / Switch / Privilege Levels Configuration
Buttons Add new user: Click to add a new user. 4.4.1.2 Security / Switch / Privilege Levels Configuration This page provides an overview of the privilege levels: Group Name The name identifying the privilege group. In most cases, a privilege level group consists of a single module (e.g.
Page 32: Security / Switch / Auth Method
Privilege Levels Every group has an authorization Privilege level for the following sub groups: configuration read-only, configuration/execute read-write, status/statistics read-only, status/statistics read-write (e.g. for clearing of statistics). User Privilege should be same or greater than the authorization Privilege level to have the access to that group.
Page 33: Security /Switch / Ssh Configuration
none: authentication is disabled and login is not possible. local: use the local user database on the switch for authentication. RADIUS: use a remote RADIUS server for authentication. TACACS+: use a remote TACACS server for authentication. Fallback Enable fallback to local authentication by checking this box. If none of the configured authentication servers are alive, the local user database is used for authentication.
Page 34: Security / Switch / Https Configuration
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.4.1.5 Security / Switch / HTTPS Configuration The web management page also provides secured management HTTPS login. All the configuration commands will be secured and will be hard for the hackers to sniff the login password and configuration commands.
Page 35 Example of the below figure, only the IP Addresses range from 192.168.2.101 to 192.168.2.200 can access the switch's management interface. The available services are HTTP, HTTPS, SNMP, Telnet and SSH. If there is one IP address, 192.168.2.201 try to open the web management interface, it is not allowed.
Page 36: Security / Switch / Snmp
4.4.1.7 Security / Switch / SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. The switch supports SNMP and equips lots of OIDs for remote management. All the OIDs are unique and corresponding to one feature/command.
Page 37 string. In addition to community string, a particular range of source addresses can be used to restrict source subnet. Engine ID Indicates the SNMPv3 engine ID. The string must contain an even number(in hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not allowed. Change of the Engine ID will clear all original local users.
Page 38 used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can only appear once. It can also represent a legally valid IPv4 address. For example, '::192.1.2.34'. Trap Authentication Failure Indicates that the SNMP entity is permitted to generate authentication failure traps. Possible modes are: Enable: SNMP trap authentication failure.
Page 39 Delete Check to delete the entry. It will be deleted during the next save. Community Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string.
Page 40 Delete Check to delete the entry. It will be deleted during the next save. Engine ID An octet string identifying the engine ID that this entry should belong to. The string must contain an even number (in hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not allowed.
Page 41 SNMPv3 Group Configuration Configure SNMPv3 group table on this page: The entry index keys are Security Mode and Security Name Delete Check to delete the entry. It will be deleted during the next save. Security Model Indicates the security model that this entry should belong to. Possible security models are: v1: Reserved for SNMPv1.
Page 42 SNMPv3 View Configuration Configure SNMPv3 view table on this page. The entry index keys are View Name and OID Sub-tree. Delete Check to delete the entry. It will be deleted during the next save. View Name A string identifying the view name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.
Page 43 SNMPv3 Access Configuration Configure SNMPv3 access table on this page. The entry index keys are Group Name, Security Model, and Security Level. Delete Check to delete the entry. It will be deleted during the next save. Group Name A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.
Page 44: Rmon Statistics Configuration
Buttons Add new access: Click to add a new access entry Save: Click to save changes Reset: Click to undo any changes made locally and revert to previously saved values 4.4.1.8 RMON Statistics Configuration RMON is short of Remote Monitoring On Network. An RMON implementation typically operates in a client/server model.
Page 45 RMON Statistics Configuration Configure RMON Statistics table on this page. The entry index key is ID: Delete Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Data Source Indicates the port ID which wants to be monitored.
Page 46 Data Source Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000*(switch ID-1), for example, if the port is switch 3 port 5, the value is 2005. Interval Indicates the interval in seconds for sampling the history statistics data. The range is from 1 to 3600, default value is 1800 seconds.
Page 47 Indicates the index of the entry. The range is from 1 to 65535. Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold. The range is from 1 to 2^31-1. Variable Indicates the particular variable to be sampled, the possible variables are: InOctets: The total number of octets received on the interface, including framing characters.
Page 48 Rising Threshold Rising threshold value (-2147483648-2147483647). Rising Index Rising event index (1-65535). Falling Threshold Falling threshold value (-2147483648-2147483647) Falling Index Falling event index (1-65535). Buttons Add new entry: Click to add a new community entry. Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values.
Page 49: Security /Network
Community Specify the community when trap is sent, the string length is from 0 to 127, default is "public". Event Last Time Indicates the value of sysUp Time at the time this event entry last generated an event. Buttons Add new entry: Click to add a new community entry. Save: Click to save changes.
Page 50 The Limit Control module utilizes a lower-layer module, Port Security module, which manages MAC addresses learnt on the port. The Limit Control configuration consists of two sections, a system- and a port-wide. System Configuration Mode Indicates if Limit Control is globally enabled or disabled on the switch. If globally disabled, other modules may still use the underlying functionality, but limit checks and corresponding actions are disabled.
Page 51 Port Configuration The table allows you to configure the Port Configuration parameters, which are: Port The port number to which the configuration below applies. Mode Controls whether Limit Control is enabled on this port. Both this and the Global Mode must be set to Enabled for Limit Control to be in effect.
Page 52: Security / Network / Network Access Server Configuration
1) Boot the switch, 2) Disable and re-enable Limit Control on the port or the switch, 3) Click the Reopen button. Trap & Shutdown: If Limit + 1 MAC addresses is seen on the port, both the "Trap" and the "Shutdown"...
Page 53 The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. One or more central servers, the backend servers, determine whether the user is allowed access to the network. These backend (RADIUS) servers are configured on the "Configuration→Security→AAA"-page.
Page 54 Hold Time This setting applies to the following modes, i.e. modes using the Port Security functionality to secure MAC addresses: • Single 802.1X • Multi 802.1X • MAC-Based Auth. If a client is denied access - either because the RADIUS server denies the client access or because the RADIUS server request times out (according to the timeout specified on the "Configuration→Security→AAA"-page) - the client is put on hold in the Unauthorized state.
Page 55 Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received on the port for the life-time of the port. Once the switch considers whether to enter the Guest VLAN, it will first check if this option is enabled or disabled.
Page 56 Port based 802.1X: In the 802.1X-world, the user is called the supplicant, the switch is the authenticator, and the RADIUS server is the authentication server. The authenticator acts as the man-in-the-middle, forwarding requests and responses between the supplicant and the authentication server. Frames sent between the supplicant and the switch are special 802.1X frames, known as EAPOL (EAP Over LANs) frames.
Page 57 EAPOL Response Identity frame sent by the supplicant. An exception to this is when no supplicants are attached. In this case, the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination - to wake up any supplicants that might be on the port. The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality.
Page 58 RADIUS-assigned VLAN ID. If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a VLAN ID or it's invalid, or the supplicant is otherwise no longer present on the port, the port's VLAN ID is immediately reverted to the original VLAN ID (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned).
Page 59: Security / Network / Access Control List Configuration
Port State The current state of the port. It can undertake one of the following values: Globally Disabled: NAS is globally disabled. Link Down: NAS is globally enabled, but there is no link on the port. Authorized: The port is in Force Authorized or a single-supplicant mode and the supplicant is authorized.
Page 60 The settings relate to the currently selected stack unit, as reflected by the page header. Port The logical port for the settings contained in the same row. Policy ID Select the policy to apply to this port. The allowed values are 0 through 255. The default value is 0.
Page 61 Action Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit". Rate Limiter ID Select which rate limiter to apply on this port. The allowed values are Disabled or the values 1 through 16. The default value is "Disabled". Port Copy Select which port frames are copied on.
Page 62 The default value is "Disabled". Logging Specify the logging operation of this port. The allowed values are: Enabled: Frames received on the port are stored in the System Log. Disabled: Frames received on the port are not logged. The default value is "Disabled". Please note that the System Log memory size and logging rate is limited.
Page 63 Unit Specify the rate unit. The allowed values are: pps: packets per second. kbps: Kbits per second. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. Access Control List Configuration This page shows the Access Control List (ACL), which is made up of the ACEs defined on this switch.
Page 64 Ingress Port Indicates the ingress port of the ACE. Possible values are: All: The ACE will match all ingress port. Port: The ACE will match a specific ingress port. Policy / Bitmask Indicates the policy number and bitmask of the ACE. Frame Type Indicates the frame type of the ACE.
Page 65 unter counter ind dicates the n number of ti imes the AC CE was hit by y a frame. dification B Buttons can modify y each ACE (A Access Cont trol Entry) in n the table u using the fol lowing butt tons: Inserts a ne...
Page 66 Ingress Port Select the ingress port for which this ACE applies. All: The ACE applies to all port. Port n: The ACE applies to this port number, where n is the number of the switch port. You can select one port or select multiple ports for the entry. Policy Filter Specify the policy number filter for this ACE.
Page 67 Rate Limiter Specify the rate limiter in number of base units. The allowed range is 1 to 16. Disabled indicates that the rate limiter operation is disabled. Port Copy Frames that hit the ACE are copied to the port number specified here. The allowed range is the same as the switch port number range.
Page 68 MAC Parameters SMAC Filter (Only displayed when the frame type is Ethernet Type or ARP.) Specify the source MAC filter for this ACE. Any: No SMAC filter is specified. (SMAC filter status is "don't-care".) Specific: If you want to filter a specific source MAC address with this ACE, choose this value. A field for entering an SMAC value appears.
Page 69 ARP Parameters The ARP parameters can be configured when Frame Type "ARP" is selected. ARP/RARP Specify the available ARP/RARP opcode (OP) flag for this ACE. Any: No ARP/RARP OP flag is specified. (OP is "don't-care".) ARP: Frame must have ARP/RARP opcode set to ARP. RARP: Frame must have ARP/RARP opcode set to RARP.
Page 70 RARP DMAC Match Specify whether frames can hit the action according to their target hardware address field (THA) settings. 0: RARP frames where THA is not equal to the DMAC address. 1: RARP frames where THA is equal to the DMAC address. Any: Any value is allowed ("don't-care").
Page 71 IP Fragment Specify the fragment offset settings for this ACE. This involves the settings for the More Fragments (MF) bit and the Fragment Offset (FRAG OFFSET) field for an IPv4 frame. No: IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry.
Page 72 ICMP Code Filter Specify the ICMP code filter for this ACE. Any: No ICMP code filter is specified (ICMP code filter status is "don't-care"). Specific: If you want to filter a specific ICMP code filter with this ACE, you can enter a specific ICMP code value.
Page 73 TCP SYN Specify the TCP "Synchronize sequence numbers" (SYN) value for this ACE. 0: TCP frames where the SYN field is set must not be able to match this entry. 1: TCP frames where the SYN field is set must be able to match this entry. Any: Any value is allowed ("don't-care").
Page 74: Switch / Network / Dhcp Configuration
4.4.2.4 Switch / Network / DHCP Configuration DHCP Snooping Configuration Configure DHCP Snooping on this page: 74 ...
Page 75 Snooping Mode Indicates the DHCP snooping mode operation. Possible modes are: Enabled: Enable DHCP snooping mode operation. When DHCP snooping mode operation is enabled, the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports. Disabled: Disable DHCP snooping mode operation.
Page 76 Relay Mode Indicates the DHCP relay mode operation. Possible modes are: Enabled: Enable DHCP relay mode operation. When DHCP relay mode operation is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain. And the DHCP broadcast message won't be flooded for security considerations.
Page 77: Ip Source Guard Configuration
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.4.2.5 IP Source Guard Configuration IP Source Guard Configuration This page provides IP Source Guard related configuration: Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard.
Page 78 Translate dynamic to static: Click to translate all dynamic entries to static entries. Static IP Source Guard Table Delete Check to delete the entry. It will be deleted during the next save. Port The logical port for the settings. VLAN ID The vlan id for the settings.
Page 79: Arp Inspection
4.4.2.6 ARP Inspection ARP Inspection This page provides ARP Inspection related configuration. Mode of ARP Inspection Configuration Enable the Global ARP Inspection or disable the Global ARP Inspection. 79 ...
Page 80 Port Mode Configuration Specify ARP Inspection is enabled on which ports. Only when both Global Mode and Port Mode on a given port are enabled, ARP Inspection is enabled on this given port. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. Translate dynamic to static: Click to translate all dynamic entries to static entries.
Page 81: Security / Aaa Authentication Server Configuration
Port The logical port for the settings. VLAND ID The vlan id for the settings. MAC Address Allowed Source MAC address in ARP request packets. IP Address Allowed Source IP address in ARP request packets. Adding new entry Click to add a new entry to the Static ARP Inspection table. Specify the Port, VLAN ID, MAC address, and IP address for the new entry.
Page 82 will consider it to be dead and continue with the next enabled server (if any). RADIUS servers are using the UDP protocol, which is unreliable by design. In order to cope with lost frames, the timeout interval is divided into 3 subintervals of equal length. If a reply is not received within the subinterval, the request is transmitted again.
Page 83 Port The UDP port to use on the RADIUS Accounting Server. If the port is set to 0 (zero), the default port (1813) is used on the RADIUS Accounting Server. Secret The secret - up to 29 characters long - shared between the RADIUS Accounting Server and the switch.
Page 84: Aggregation Configuration
4.5 Aggregation Configuration Link Aggregation is also known as Port Trunking. It allows user using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability. The switch support both Static and Dynamic link aggregation, LACP. The switch also supports different Hash mechanism to forward traffic according to the MAC address or IP, Protocol Port Number.
Page 85: Lacp - Dynamic Aggregation
Aggregation Group Configuration Group ID Indicates the group ID for the settings contained in the same row. Group ID "Normal" indicates there is no aggregation. Only one group ID is valid per port. Port Members Each switch port is listed for each group ID. Select a radio button to include a port in an aggregation, or clear the radio button to remove the port from the aggregation.
Page 86 LACP Enabled Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner. LACP can form max 12 LLAGs per switch and 2 GLAGs per stack. The Key value incurred by the port, range 1-65535.
Page 87: Loop Protection
4.6 Loop Protection This page allows the user to inspect the current Loop Protection configurations, and possibly change them as well. The loop protection feature is very important to protect the unexpected network loop, especially when you install the switch on the internet. The incorrect installation, failure media, or hacker attacking may create network loop.
Page 88: Spanning Tree
Tx Mode Controls whether the port is actively generating loop protection PDU's, or whether it is just passively looking for looped PDU's. Button Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.7 Spanning Tree The switch supports Multiple Spanning Tree Protocol (MSTP), Rapid Spanning Tree Protocol (RSTP) and Legacy Spanning Tree Protocol (STP).
Page 89 Basic Settings Protocol Version The STP protocol version setting. Valid values are STP, RSTP, and MSTP. Bridge Priority Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier.
Page 90: Spanning Tree / Msti Mapping
Port Error Recovery Control whether a port in the error-disabled state automatically will be enabled after a certain time. If recovery is not enabled, ports have to be disabled and re-enabled for normal STP operation. The condition is also cleared by a system reboot. Port Error Recovery Timeout The time to pass before a port in the error-disabled state can be enabled.
Page 91: Spanning Tree / Msti Priorities
MSTI Mapping MSTI The bridge instance. The CIST is not available for explicit mapping, as it will receive the VLANs not explicitly mapped. VLANs Mapped The list of VLANs mapped to the MSTI. The VLANs must be separated with comma and/or space.
Page 92: Spanning Tree / Cist Ports
4.7.4 Spanning Tree / CIST Ports This page allows the user to inspect the current STP CIST port configurations, and possibly change them as well. This page contains settings for physical and aggregated ports: The STP port settings relate to the currently selected stack unit, as reflected by the page header.
Page 93: Spanning Tree Msti Ports
Admin Edge Controls whether the operEdge flag should start as set or cleared. (The initial operEdge state when a port is initialized). Auto Edge Controls whether the bridge should enable automatic edge detection on the bridge port. This allows operEdge to be derived from whether BPDU's are received on the port or not. Restricted Role If enabled, causes the port not to be selected as Root Port for the CIST or any MSTI, even if it has the best spanning tree priority vector.
Page 94 An MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options. This page contains MSTI port settings for physical and aggregated ports.
Page 95 4.8 MVR (Multicast VLAN Registration) MVR is shot of Multicast VLAN Registration. The MVR is a protocol for layer 2 network that enables multicast traffic from a source VLAN to be shared with client/subscriber VLANs. MVR is typically used for IPTV-like service. In non-MVR environment, the IPTV source to different VLAN would be copied multiple copies based on how many client/subscriber VLANs it would deliver.
Page 96: Mvr (Multicast Vlan Registration)
MVR Mode Enable/Disable the Global MVR. VLAN ID Specify the Multicast VLAN ID: 96 ...
Page 97: Ipmc (Ip Multicast)
Mode Enable MVR on the port. Type Specify the MVR port type on the port. Immediate Leave Enable the fast leave on the port. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.9 IPMC (IP Multicast) IPMC is short of IP Multicast, the switch support IPv4 and IPv6 multicast forwarding and filtering.
Page 98: Basic Configuration
4.9.1.1 Basic Configuration This page provides IGMP Snooping related configuration. Global Configuration Snooping Enabled Enable the Global IGMP Snooping. Unregistered IPMCv4 Flooding enabled Enable unregistered IPMCv4 traffic flooding. Unregistered IPMCv4 traffic is so-called unknown multicast. After selected, the unregistered multicast stream will be forwarded like normal packets.
Page 99: Igmp Snooping Vlan Configuration
uplink port to the upper L3 Router or IGMP Querier. For example in below figure, the green port of the 2 switches are Router port. If an aggregation member port is selected as a router port, the whole aggregation will act as a router port.
Page 100 IGMP Snooping VLAN Table Columns VLAN ID The VLAN ID of the entry. IGMP Snooping Enabled Enable the per-VLAN IGMP Snooping. Only up to 64 VLANs can be selected. IGMP Querier Enable the IGMP Querier in the VLAN. Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a network.
Page 101: Igmp Snooping / Port Group Filtering
4.9.1.3 IGMP Snooping / Port Group Filtering IGMP Snooping Port Group Filtering Configuration: Delete Check to delete the entry. It will be deleted during the next save. Port The logical port for the settings. Filtering Groups The IP Multicast Group that will be filtered. Adding New Filtering Group Click to add a new entry to the Group Filtering table.
Page 102: Mld Snooping Configuration
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.9.2 MLD Snooping Configuration This section provides MLD Snooping related configuration. The MLD is for IPv6 Multicast Snooping. The difference between the 2 IGMP and MLD is that the IGMP is applied to IPv4 Multicast stream, the MLD is applied to IPv6 Multicast stream.
Page 103: Mld Snooping Vlan Configuration
Throttling Enable to limit the number of multicast groups to which a switch port can belong. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.9.2.2 MLD Snooping VLAN Configuration Navigating the MLD Snooping VLAN Table Each page shows up to 99 entries from the VLAN table, default being 20, selected through the "entries per page"...
Page 104: Ipmc / Mld Snooping / Port Group Filtering
31744 in tenths of seconds, default query response interval is 100 in tenths of seconds (10 seconds). LLQI Last Listener Query Interval. The Last Listener Query Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages.
Page 105: Lldp Parameters
4.10 LLDP Parameters The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol. LLDP information is sent by devices from each of their interfaces at a fixed interval, in the form of an Ethernet Frame. Each frame contains one LLDP Data Unit (LLDPDU). Each LLDPDU is a sequence of Type-Length-Value (TLV) structures.
Page 106 Tx Delay If some configuration is changed (e.g. the IP address) a new LLDP frame is transmitted, but the time between the LLDP frames will always be at least the value of Tx Delay seconds. Tx Delay cannot be larger than 1/4 of the Tx Interval value. Valid values are restricted to 1 - 8192 seconds.
Page 107: Lldp Media Configuration
Note: When CDP awareness on a port is disabled the CDP information isn't removed immediately, but gets removed when the hold time is exceeded. Port Descr Optional TLV: When checked the "port description" is included in LLDP information transmitted. Sys Name Optional TLV: When checked the "system name"...
Page 108 Fast start repeat count Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general. In addition, it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types (for example only advertise the voice network policy to permitted voice-capable devices), both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy.
Page 109 represents ground level at the given latitude and longitude. Inside a building, 0.0 represents the floor level associated with ground level at the main entrance. Map Datum The Map Datum is used for the coordinates given in these options: WGS84: (Geographical 3D) - World Geodesic System 1984, CRS Code 4327, Prime Meridian Name: Greenwich.
Page 110 Street suffix Street suffix – Example: Ave, Platz House no. House number – Example: 21 House no. suffix House number suffix – Example: A, 1/2 Landmark Landmark or vanity address – Example: Columbia University. Additional location info Additional location info – Example: South Wing. Name Name (residence and office occupant) –...
Page 111 Additional code Additional code – Example: 1320300003. Emergency Call Service Emergency Call Service (e.g. E911 and others), such as defined by TIA or NENA. Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP.
Page 112 This network policy is potentially advertised and associated with multiple sets of application types supported on a given port. The application types specifically addressed are: This network policy is potentially advertised and associated with multiple sets of application types supported on a given port. The application types specifically addressed are: 1.
Page 113 such as PCs or laptops. This class of endpoints frequently does not support multiple VLANs, if at all, and are typically configured to use an 'untagged' VLAN or a single 'tagged' data specific VLAN. When a network policy is defined for use with an 'untagged' VLAN (see Tagged flag below), then the L2 priority field is ignored and only the DSCP value has relevance.
Page 114: Poe Configuration
same network policies, based on the authenticated user identity or port configuration. Port The port number to which the configuration applies. Policy Id The set of policies that shall apply to a given port. The set of policies is selected by check marking the checkboxes that corresponds to the policies.
Page 115 Power Over Ethernet Configuration Reserved Power determined by There are three modes for configuring how the ports/PDs may reserve power. 1. Allocation mode: In this mode the user allocates the amount of power that each port may reserve. The allocated/reserved power for each port/PDs specified in the Maximum Power fields.
Page 116: Mac Address Table Configuration
2. Reserved Power: In this mode the ports are shut down when total reserved powered exceeds the amount of power that the power supply can deliver. In this mode the port power is not turned on if the PD requests more power than available from the power supply.
Page 117 ttons ve: Click to s ave changes et: Click to undo any ch hanges mad e locally and d revert to p previously sa aved values. 4.12 2 MAC Add dress Table Configurat tion MAC Addre ess Table is c configured o on this page e.
Page 118 and can only be restored by using another non-secure port or by connecting to the switch via the serial interface. Static MAC Table Configuration The static entries in the MAC table are shown in this table. The static MAC table can contain 64 entries.
Page 119: Vlan (Virtual Lan)
Port Members Checkmarks indicate which ports are members of the entry. Check or uncheck as needed to modify the entry. Adding a New Static Entry Click to add a new entry to the static MAC table. Specify the VLAN ID, MAC address, and port members for the new entry.
Page 120 vigating th e VLAN Tab Each h page show ws up to 99 e entries from m the VLAN t table, defau lt being 20, selected thr rough "entries per r page" inpu ut field. Wh en first visit ted, the web b page will s show the firs st 20...
Page 121 Adding a New VLAN Click to add a new VLAN ID. An empty row is added to the table, and the VLAN can be configured as needed. Legal values for a VLAN ID are 1 through 4095. The VLAN is enabled when you click on "Save". A VLAN without any port members will be deleted when you click "Save".
Page 122: Vlan Port Configuration
4.13.2 VLAN Port Configuration This page is used for configuring the selected stack switch unit port VLAN. This page is used for configuring the switch port VLAN: Ether type for Custom S-ports This field specifies the ether type used for Custom S-ports. This is a global setting for all the Custom S-ports.
Page 123: Private Vlans
Port VLAN Mode Configures the Port VLAN Mode. The allowed values are None or Specific This parameter affects VLAN ingress and egress processing. If None is selected, a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port. This mode is normally used for ports connected to VLAN aware switches.
Page 124: Private Vlan Membership Configuration
4.14.1 Private VLAN Membership Configuration The Private VLAN membership configurations for the switch can be monitored and modified here. Private VLANs can be added or deleted here. Port members of each Private VLAN can be added or removed here. Private VLANs are based on the source port mask, and there are no connections to VLANs. This means that VLAN IDs and Private VLAN IDs can be identical.
Page 125: Port Isolation Configuration
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.14.2 Port Isolation Configuration Overview This page is used for enabling or disabling port isolation on ports in a Private VLAN: A port member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN.
Page 126: Vcl
4.15 VCL 4.15.1 VCL / MAC-Based VLAN Configuration The MAC-based VLAN entries can be configured here. This page allows for adding and deleting MAC-based VLAN entries and assigning the entries to different ports. This page shows only static entries: Delete To delete a MAC-based VLAN entry, check this box and press save.
Page 127: Vcl / Protocol-Based Vlan
The MAC-based VLAN entry is enabled when you click on "Save". A MAC-based VLAN without any port members will be deleted when you click "Save". The button can be used to undo the addition of new MAC-based VLANs. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values.
Page 128 Frame Type Frame Type can have one of the following values: 1. Ethernet 2. LLC 3. SNAP Note: On changing the Frame type field, valid value of the following text field will vary depending on the new frame type you selected. Value Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu.
Page 129 VLC / Protocol-based VLAN / Group Name to VLAN mapping Table This page allows you to map an already configured Group Name to a VLAN for the switch. The displayed settings are: Delete To delete a Group Name to VLAN map entry, check this box. The entry will be deleted on the switch during the next Save Group Name A valid Group Name is a string of at most 16 characters which consists of a combination of...
Page 130: Vcl / Ip Subnet-Based Vlan
Reset: Click to undo any changes made locally and revert to previously saved values. 4.15.3 VCL / IP Subnet-based VLAN The IP subnet-based VLAN entries can be configured here. This page allows for adding, updating and deleting IP subnet-based VLAN entries and assigning the entries to different ports.
Page 131: Voice Vlan Configuration
Adding a New IP subnet-based VLAN Click "Add New Entry" to add a new IP subnet-based VLAN entry. An empty row is added to the table, and the IP subnet-based VLAN entry can be configured as needed. Any IP address/mask can be configured for the IP subnet-based VLAN entry. Legal values for a VLAN ID are 1 through 4095.
Page 132 Mode Indicates the Voice VLAN mode operation. We must disable MSTP feature before we enable Voice VLAN. It can avoid the conflict of ingress filtering. Possible modes are: Enabled: Enable Voice VLAN mode operation. Disabled: Disable Voice VLAN mode operation. VLAN ID Indicates the Voice VLAN ID.
Page 133: Voice Vlan / Oui Configuration
Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.16.2 Voice VLAN / OUI Configuration Configure VOICE VLAN OUI table on this page. The maximum entry number is 16. Modifying the OUI table will restart auto detection of OUI process: Delete Check to delete the entry.
Page 134: Qos
4.17 QoS 4.17.1 QoS / Ingress Port Classification This page allows you to configure the basic QoS Ingress Classification settings for all switch ports. The settings relate to the currently selected stack unit, as reflected by the page header. The displayed settings are: Port The port number for which the configuration below applies.
Page 135: Qos / Ingress Port Policer Config
Tag Class. Shows the classification mode for tagged frames on this port. Disabled: Use default QoS class and DP level for tagged frames. Enabled: Use mapped versions of PCP and DEI for tagged frames. Click on the mode in order to configure the mode and/or mapping. DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification.
Page 136: Qos / Port Scheduler
Enabled Controls whether the policer is enabled on this switch port. Rate Controls the rate for the policer. The default value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps" or "fps", and it is restricted to 1-3300 when the "Unit"...
Page 137: Qos / Egress Port Shapers
Mode Shows the scheduling mode for this port. Shows the weight for this queue and port. 4.17.4 QoS / Egress Port Shapers This page provides an overview of QoS Egress Port Shapers for all switch ports. The ports belong to the currently selected stack unit, as reflected by the page header. The displayed settings are: Port The logical port for the settings contained in the same row.
Page 138: Qos / Port Dscp Configuration
Port The logical port for the settings contained in the same row. Click on the port number in order to configure tag remarking. Mode Shows the tag remarking mode for this port: Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level..
Page 139 Port The Port column shows the list of ports for which you can configure dscp ingress and egress settings. Ingress In Ingress settings you can change ingress translation and classification settings for individual ports. There are two configuration parameters available in Ingress: 1.
Page 140: Qos / Dscp Based Qos Ingress Classification
Egress Port Egress Rewriting can be one of - Disabled: No Egress rewrite. Enable: Rewrite enabled without remapping. Remap DP Unaware: DSCP from analyzer is remapped and frame is remarked with remapped DSCP value. The remapped DSCP value is always taken from the 'DSCP Translation->Egress Remap DP0' table.
Page 141: Qos / Dscp Translation
DSCP Maximum number of supported DSCP values are 64. Trust Controls whether a specific DSCP value is trusted. Only frames with trusted DSCP values are mapped to a specific QOs class and Drop Precedence Level. Frames with un- trusted DSCP values are treated as a non-IP frame. QoS Class QoS class value can be any of (0-7) Drop Precedence Level (0-1)
Page 142: Qos / Dscp Classification
DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP Translation - 1.
Page 143 QoS Class Actual QoS class. Actual Drop Precedence Level. DSCP Select the classified DSCP value (0-63). Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 143 ...
Page 144: Qos Control List Configuration
4.17.10 QoS / Control List Configuration QoS Control List Configuration This page shows the QoS Control List (QCL), which is made up of the QCEs. Each row describes a QCE that is defined. The maximum number of QCEs is 256 on each switch. Click on the lowest plus sign to add a new QCE to the list.
Page 145 DMAC Specify the type of Destination MAC addresses for incoming frame. Possible values are: Any: All types of Destination MAC addresses are allowed. Unicast: Only Unicast MAC addresses are allowed. Multicast: Only Multicast MAC addresses are allowed. Broadcast: Only Broadcast MAC addresses are allowed. The default value is 'Any'.
Page 146: Qos / Storm Control Configuration
CP: Classified d DSCP value dification B Buttons can modify y each QCE ( QoS Contro l Entry) in th he table usin ng the follow wing button Inserts a ne ew QCE befo ore the curre ent row. Edits the QC Moves the Q QCE up the list.
Page 147: Mirroring Configuration
Frame Type The settings in a particular row apply to the frame type listed here: Unicast, Multicast or Broadcast. Enable Enable or disable the storm control status for the given frame type. Rate The rate unit is packets per second (pps). Valid values are: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, 1024K, 2048K, 4096K, 8192K,...
Page 148 Port The logical port for the settings contained in the same row. Mode Select mirror mode. Rx only Frames received on this port are mirrored on the mirror port. Frames transmitted are not mirrored. Tx only Frames transmitted on this port are mirrored on the mirror port. Frames received are not mirrored.
Page 149: Upnp Configuration
4.19 UPnP Configuration Configure UPnP on this page: Mode Indicates the UPnP operation mode. Possible modes are: Enabled: Enable UPnP mode operation. Disabled: Disable UPnP mode operation. When the mode is enabled, two ACEs are added automatically to trap UPNP related packets to CPU.
Page 150: Sflow Configuration
4.20 sFlow Configuration Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics. The switch supports sFlow feature. The sFlow software agent collects traffic statistics and packet information from the sFlow-enabled interfaces on the switch, encapsulates them into sFlow packets.
Page 151: Feature Configuration - Cli
5. Feature Configuration - CLI The Command Line Interface (CLI) is the user interface to the switch’s embedded software system. You can view the system information, show the status, configure the switch and receive a response back from the system by keying in a command. After login the switch through console CLI, you can see the ">"...
Page 152 Parameters: <name>: System name string. (1-255) Example: Contact Name = poeswitch System>name poeswitch poeswitch:/> (After given system name, the prompt character will be changed automatically.) System Location Syntax: System Location [<location>] Parameters: <location>: System location string. (1-255) Example: Location Name poeswitch:/System>loca fll_01 Time Zone Offset Syntax:...
Page 153 Example: poeswitch:/IP>ntp ser add 1 192.168.100.1 poeswitch:/IP>ntp ser add 2 168.95.1.1 Check the NTP Server settings by below command: poeswitch:/IP>ntp conf IP NTP Configuration: ===================== NTP Mode : Enabled Server IP host address (a.b.c.d) or a host name string ------------------------------------------------------ 192.168.100.1 168.95.1.1 DNS Server...
Page 154 IPv6 Ping Test Syntax: IP IPv6 Ping6 <ipv6_addr> [(Length <ping_length>)] [(Count <ping_count>)] [(Interval <ping_interval>)] Example: poeswitch:/IP>ipv6 ping6 2001:DB8::250:8bff:fee8:f800 NTP Mode Enable NTP Mode by below command: poeswitch:/IP>ntp mode en NTP Server Address Syntax: Setting Type the NTP Server address settings by below command: IP NTP Server Add <server_index>...
Page 155: Power Reduction
Warning: poeswitch:/System>log level war Error: poeswitch:/System>log level err Syntax: Clear Syslog System Log Clear [all|info|warning|error] poeswitch:/System>log clear all poeswitch:/System>log conf System Log Configuration System Log Configuration: ========================= System Log Server Mode : Enabled System Log Server Address : 192.168.2.100 System Log Level : Error 5.2 Power Reduction Feature...
Page 156: Port Configuration
Parameters: <port_list>: Port list or 'all', default: All ports enable : Enable EEE disable: Disable EEE Example: Enable Port 1-5 EEE>mode 1-5 en Syntax: Urgent Queue of EEE Urgent_queues [<port_list>] [<queue_list>] Port Parameters: <port_list> : Port list or 'all', default: All ports <queue_list>: List of queues to configure as urgent queues (1-8 or none) Example: Enable Urgent_Queue on Port 1-5...
Page 157: Security Configuration
Size Example: Set port 1-24's maximum frame size to 9K jumbo frame Port>maxf 1-24 9600 Port Status Port>conf 1-2 Port Status Port Configuration: =================== Port State Mode Flow Control MaxFrame Power Excessive Link ---- -------- ----------- ------------ -------- -------- --------- ---- Enabled Auto Disabled...
Page 158 Type 'up' to move up one level or '/' to go to root level Group Security/Switch>? Command Groups: --------------- Security Switch Users : User management Security Switch Privilege: Privilege level Security Switch Auth : Authentication Security Switch SSH : Secure Shell Security Switch HTTPS : Hypertext Transfer Protocol over Secure Socket Layer...
Page 159 Security/Switch/Privilege>level group VLANs 10 10 10 10 (cro=10, crw=10, sro=10, srw=10) Security/Switch>pri level conf Privilege Level Configuration Table Privilege Level Configuration: ============================== Privilege Current Level: 15 Group Name Privilege Level CRO CRW SRO SRW -------------------------------- --- --- --- --- Aggregation 5 10 5 10 Debug...
Page 160 HTTPS Mode : Enabled HTTPS Redirect Mode : Enabled Syntax: Access Management Security Switch Access Add <access_id> <start_ip_addr> <end_ip_addr> [web] [snmp ] [telnet] Example: Limit the IP range from the 192.168.2.1 to 192.168.2.10 can access the web UI. Security/Switch>access add 1 192.168.2.1 192.168.2.10 web Syntax: SNMP System Security Switch SNMP Mode [enable|disable]...
Page 161 Security Switch SNMP Trap Destination [<ip_addr_string>] Security Switch SNMP Trap IPv6 Destination [<ipv6_addr>] Example: Security/Switch/SNMP/Trap>mode ena Security/Switch/SNMP/Trap>version 2c Security/Switch/SNMP/Trap>community public Security/Switch/SNMP/Trap>destination 192.168.2.100 Result: Trap Mode : Enabled Trap Version : 2c Trap Community : public Trap Destination : 192.168.2.100 Trap IPv6 Destination : :: Syntax: SNMP Trap Event...
Page 162 In Security/Switch Group, the system supports 4 types RMON RMON groups, please follow the RMON Syntax to add the entries. Syntax: Security/Switch>rmon ? Statistics: Security Switch RMON Statistics Add <stats_id> <data_source> Security Switch RMON Statistics Delete <stats_id> Security Switch RMON Statistics Lookup [<stats_id>] Histroy: Security Switch RMON History Add <history_id>...
Page 163 [none|trap|shut|trap_shut] Security Network Limit Reopen [<port_list>] Example: Security/Network>limit port 1 enabl Security/Network>limit limit 1 5 Security/Network>limit action 1 trap Network Access Server Configuration (also known as IEEE 802.1X) Syntax: NAS System Mode: Configuration Security Network NAS Mode [enable|disable] Security Network NAS Reauthentication [enable|disable] Time Settings Security Network NAS ReauthPeriod [<reauth_period>] Security Network NAS EapolTimeout [<eapol_timeout>]...
Page 164 Parameters: <port_list> : Port list or 'all', default: All ports permit : Permit forwarding (default) deny : Deny forwarding <rate_limiter> : Rate limiter number (1-15) or 'disable' <port_redirect>: Port list for copy of frames or 'disable' <mirror> : Mirror of frames: enable|disable <logging>...
Page 165 (udp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]) | (tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>] [<tcp_flags>])] [permit|deny] [<rate_limiter>] [<port_redirect>] [<mirror>] [<logging>][<shutdown>] Parameters: <ace_id> : ACE ID (1-256), default: Next available ID <ace_id_next> : Next ACE ID (1-256), default: Add ACE last port : Port ACE keyword <port_list>...
Page 166 Example: Add one ACE: Security/Network/ACL>add 2 port 6-10 policy 3 8 ip ACE ID 2 added last Edit one ACE: Security/Network/ACL>add 1 port 1-5 policy 2 8 any ACE ID 1 modified last Result: Type Port Policy Frame Action Rate L. Port C. Mirror Counter ------- -------- -------- ----- ------ -------- -------- -------- ------- User...
Page 167 Security Network IP Source Guard Status [<port_list>] Security Network IP Source Guard Translation Example: Security/Network>ip source guard mode en Security/Network>ip source guard port mode 1-10 en (Port 1-10) Security/Network>ip source guard limit 1-10 2 (limit 2 MAC Address) Syntax: IP Source Guard Security Network IP Source Guard Entry [<port_list>] Static Table add|delete <vid>...
Page 168 Syntax: RADIUS Security AAA RADIUS [<server_index>] [enable|disable] Authentication [<ip_addr_string>] [<secret>] [<server_port>] Server Example: Security>aaa radi 1 en 192.168.2.200 password 1812 Syntax: RADIUS Accounting Security AAA ACCT_RADIUS [<server_index>] Server [enable|disable] [<ip_addr_string>] [<secret>] [<server_port>] Example: Security>aaa ACCT_radi 1 en 192.168.2.200 password 1813 Syntax: TACACS+ Security AAA TACACS+ [<server_index>] [enable|disable]...
Page 169: Aggregation Configuration
Disabled Security> 5.5 Aggregation Configuration Feature Command Line Static Aggregation Configuration Syntax: Aggregation Group Aggr Add <port_list> [<aggr_id>] Configuration Example: Add port 5-8 to Group 1 >aggr add 5-8 1 >aggr del 1 (Delete the group 1) Syntax: Hash Code Aggr Mode [smac|dmac|ip|port] [enable|disable] Contributors smac = Source MAC Address...
Page 170: Spanning Tree
Loop Protect Transmit [<transmit-time>] Protection Loop Protect Shutdown [<shutdown-time>] Example: >loop protect mode en Transmission Time >loop protect trans 10 (10 seconds) Shutdown Time >loop protect shut 200 (200 seconds) Port Configuration Syntax: Loop Protection - Loop Protect Port Mode [<port_list>] [enable|disable] Port Configuration Loop Protect Port Action [<port_list>] [shutdown|shut_log|log]...
Page 171 STP MaxAge [<max_age>] Valid values are in the range 6 to 40 seconds, and MaxAge must be <= (FwdDelay-1)*2. Syntax: Maximum Hop STP MaxHops [<maxhops>] Count Valid values are in the range 6 to 40 hops) Syntax: Transmit Hold Count STP Txhold [<holdcount>] Valid values are in the range 1 to 10 BPDU's per second.) Syntax:...
Page 172: Mvr
Syntax: Port Path Cost STP Msti Port Cost [<msti>] [<port_list>] [<path_cost>] Parameters: <msti> : STP bridge instance no (0-7, CIST=0, MSTI1=1, ...) <port_list>: Port list or 'all'. Port zero means aggregations. <path_cost>: STP port path cost (1-200000000) or 'auto' Example: Configure CIST 0 Port Path Cost STP>msti port cost 0 all auto (Path cost = auto) STP>msti port cost 0 all 100000 (Path cost = 100000) Syntax:...
Page 173: Ipmc
MVR Configuration MVR>conf (View the settings of above configuration) MVR Configuration: ================== MVR Mode: Enabled MVR Interface Setting Name Mode Tagging Priority LLQI ---- -------------------------------- ---------- -------- -------- ----- Source2 Dynamic Tagged [Port Setting of Source2(VID-2)] Source Port : 2 Receiver Port: 6,7 Inactive Port: 1,3-5,8-26 [Channel Setting of Source2(VID-2)]...
Page 174: Lldp Configuration
IPMC>leave proxy igmp en (Enable) IPMC>leave proxy igmp dis (Disable) Syntax: Proxy Enable IPMC Proxy [mld|igmp] [enable|disable] Example: IPMC>proxy igmp en (Enable) IPMC>proxy igmp dis (Disable) Port Related Syntax: IPMC Router [mld|igmp] [<port_list>] [enable|disable] Configuration IPMC Fastleave [mld|igmp] [<port_list>] [enable|disable] (Router Port, Fast IPMC Throttling [mld|igmp] [<port_list>] [limit_group_number]...
Page 175: Power Over Ethernet Configuration
LLDP Timers Syntax: LLDP Interval [<interval>] LLDP Hold [<hold>] LLDP Delay [<delay>] LLDP Reinit [<reinit>] Example: LLDP>interval 30 LLDP>hold 4 LLDP>delay 2 LLDP>reini 2 LLDP Mode Syntax: LLDP Mode [<port_list>] [enable|disable|rx|tx] (rx=RX Only, tx=TX Only) Example: Enable LLDP on Ports LLDP>mode 1-10 en (Port 1-10 are enabled) LLDP>mode 1-26 en (Port 1-26 are enabled) CDP aware...
Page 176: Mac Address Table Configuration
reference only. If the <port_power>: PoE maximum power for the port (0-15.4 value is not comfort Watt for PoE mode, 0-30.0 Watt for PoE+ mode) to your product specification, please Example: give the correct PoE>max 1-24 10 (Max. power of Port 1-24 to 10Watt) value before you PoE>max 1-24 15.4 (Max.
Page 177: Vlan Configuration
Example: MAC>lear 1-8 sec MAC>lear 9-12 dis MAC>learn 1-12 auto Static MAC Table Syntax: MAC Add <mac_addr> <port_list> [<vid>] Example: MAC>add 0b16212c3742 1-5 1 (This type will be changed to hexadecimal automatically.) MAC>add 0b-16-21-2c-37-42 1-10 1 (This type is hexadecimal, it will not be changed.) Result: Non-volatile static: VID MAC Address...
Page 178 PVLAN Syntax: PVLAN Configuration [<port_list>] Configuration PVLAN Add <pvlan_id> [<port_list>] PVLAN Delete <pvlan_id> PVLAN Lookup [<pvlan_id>] PVLAN Isolate [<port_list>] [enable|disable] Example: PVLAN>add 10 9-12 PVLAN>add 10 1-2 PVLAN>add 20 1-2 PVLAN>add 20 13-18 PVLAN>iso 9-18 en (Enable Isolated Ports) Result: PVLAN ID Ports -------- ----- 1-8,17-26...
Page 179: Vcl Configuration
5.15 VCL Configuration Feature Command Line MAC-based VLAN Configuration MAC-based VLAN Syntax: VCL Macvlan Add <mac_addr> <vid> [<port_list>] Configuration Example: VCL/Macvlan>add 001122334455 10 1-4 Result: VCL/Macvlan>conf MAC Address Ports ----------------- ---- ----- 00-0b-16-21-2c-37 10 Protocol-based VLAN Configuration Protocol to Group Syntax: VCL ProtoVlan Protocol Add Eth2 <ether_type>|arp|ip|ipx|at <group_id>...
Page 180: Voice Vlan Configuration
VCL/IPVlan>add 1 192.168.10.0/24 10 1-10 Result: VCE ID IP Address Mask Length VID Ports ------ --------------- ----------- ---- ----- 192.168.10.0 1-10 5.16 Voice VLAN Configuration Feature Command Line Voice VLAN Configuration Voice VLAN Syntax: Voice VLAN Mode [enable|disable] Configuration Voice VLAN ID [<vid>] Voice VLAN Agetime [<age_time>] Voice VLAN Traffic Class [<class>] Example:...
Page 181: Qos Configuration
Voice/VLAN>oui lookup Voice VLAN OUI Table: ===================== Telephony OUI Description ------------- ----------- 00-01-E3 Siemens AG phones 00-03-6B Cisco phones 00-0F-E2 H3C phones 00-60-B9 Philips and NEC AG phones 00-D0-1E Pingtel phones 00-E0-75 Polycom phones 00-E0-BB 3Com phones 00-12-77 00-12-08 hello 5.17 QoS Configuration Feature Command Line...
Page 182 QoS/Port/Policer>flow 1-2 en Port Scheduler Syntax: Syntax: QoS Port Scheduler Mode [<port_list>] [strict|weighted] Example: QoS/Port/Scheduler>mode 1-2 stric (Strict Priority) QoS/Port/Scheduler>mode 1-2 wei (Weighted) QoS Egress Port Scheduler and Shapers QoS/Port/Scheduler>wei 1-2 1 30 (Port 1-2, Q1=30) QoS/Port/Scheduler>wei 1-2 2 30 (Port 1-2, Q2=30) Port Shaping Syntax: Port Shaper:...
Page 183: Mirroring Configuration
QoS Port DSCP Translation [<port_list>] [enable|disable] Configuration QoS Port DSCP Classification [<port_list>] [none|zero|selected|all] QoS Port DSCP EgressRemark [<port_list>] [disable|enable|remap_dp_unaware|remap_dp_aware] Note: DSCP is an advanced QoS setting, please follow the DSCP table of upper access/core switch to configure the table. The table of the whole network must be unified. Storm Configuration Strom Control Syntax:...
Page 184: Upnp Configuration
5.19 UPnP Configuration Feature Command Line UPnP Configuration UPnp Configuration Syntax: UPnP Configuration UPnP Mode [enable|disable] UPnP TTL [<ttl>] UPnP AdvertisingDuration [<duration>] Example: UPnP>mode en UPnP>ttl 5 (Default=4) UPnP>adver 200 (Default=100) Result: UPnP Configuration: =================== UPnP Mode : Enabled UPnP TTL UPnP Advertising Duration : 200 5.20 sFlow Configuration Feature...
Page 185: Diagnostic Commands
rate=10, max. size=128) sFlow>coun 1-2 5 (Enable CounterPoller of port 1-2, and set interval to 5) sFlow>statistic sample 1-2 Per-Port Statistics: ==================== Port Rx Flow Samples Tx Flow Samples Counter Samples ---- --------------- --------------- --------------- 5.21 Diagnostic Commands Feature Command Line Ping Ping Test Syntax:...
Page 186: Maintenance Commands
Starting VeriPHY, please wait Port Pair A Length Pair B Length Pair C Length Pair D Length ----- ------- ------- ------- ------- ------- ------- ------- ------ 5.22 Maintenance Commands Feature Command Line Maintenance Commands Restart Device Syntax: System Reboot Example: System>reb System will reboot in a few seconds Factory Defaults...
Page 187 the firewall of your computer. The process may be terminated by your firewall. Note 2: While firmware uploading process is started, please don't shutdown the switch! 187 ...
Page 188: Web Configuration - Monitor, Diagnostic, Maintenance
6. Web Configuration - Monitor, Diagnostic, Maintenance 6.1 Monitor 6.1.1 Monitor / System 6.1.1.1 Monitor / System / Information The switch system information is provided here: Contact The system contact configured in Configuration | System | Information | System Contact. Name The system name configured in Configuration | System | Information | System Name.
Page 189: Cpu Load
Buttons Auto-refresh: Check this box to enable an automatic refresh of the page at regular intervals. Refresh: Click to refresh the page; any changes made locally will be undone. 6.1.1.2 CPU Load This page displays the CPU load, using an SVG graph. The load is measured as averaged over the last 100ms, 1sec and 10 seconds intervals.
Page 190: System Log Information
6.1.1.3 System Log Information The switch system log information is provided here: The ID (>= 1) of the system log entry. Level The level of the system log entry. The following level types are supported: Info: Information level of the system log. Warning: Warning level of the system log.
Page 191 ttons to-refresh : Check t his box to e enable an au utomatic ref resh of the p page at reg ular inte ervals. resh: Updat tes the syste em log entrie es, starting f from the cu rrent entry Clea ar: Flushes a all system lo...
Page 192: Monitor / Port State
6.1. .2 Monitor / Port State 6.1. .2.1 Port St tate This s page provi des an overv view of the current swit tch port stat tes: port states are illustrat ed as follow RJ45 ports SFP ports State Disabl Link ttons to-refresh...
Page 193: Qcl Status
Port logical port t for the sett tings contai ned in the s same row. kets number of received an d transmitte ed packets p per port. Byte number of received an d transmitte ed bytes per r port. Erro number of frames rece eived in erro...
Page 194: Qos Statistics
6.1. .2.3 QoS Sta atistics This s page provi des statistics s for the dif fferent queu ues for all sw witch ports. T The displaye coun nters are: Port logical port t for the sett tings contai ned in the s same row.
Page 195: Detailed Port Statistics
User Indicates the QCL user. QCE# Indicates the index of QCE. Frame Type Indicates the type of frame to look for incomming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed.
Page 196 pres ssing 'Resolv ve Conflict' b button. ttons : Select th he QCL statu us from this drop down list. to-refresh : Check t his box to re efresh the p page automa atically. Auto omatic refre occu urs at regula ar intervals.
Page 197 Receive Total and Transmit Total Rx and Tx Packets The number of received and transmitted (good and bad) packets. Rx and Tx Octets The number of received and transmitted (good and bad) bytes. Includes FCS, but excludes framing bits. Rx and Tx Unicast The number of received and transmitted (good and bad) unicast packets.
Page 198 Rx Jabber he number of long ames receive ed with inva lid CRC. Rx Filtered he number of received frames filte ered by the f forwarding p process. Short frame es are frame s that are sm maller than 64 bytes. Long frames s are frames s that are lo...
Page 199: Monitor / Security
6.1.3 Monitor / Security 6.1.3.1 Security / Access Management Statistics This page provides statistics for access management. Interface The interface type through which the remote host can access the switch. Received Packets Number of received packets from the interface when access management mode is enabled.
Page 200: Security / Network
6.1.3.2 Security / Network Port Security Switch Status This page shows the Port Security status. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules - the user modules. When a user module has enabled port security on a port, the port is set-up for software-based learning.
Page 201 Users Each of the user modules has a column that shows whether that module has enabled Port Security or not. A '-' means that the corresponding user module is not enabled, whereas a letter indicates that the user module abbreviated by that letter has enabled port security. State Shows the current state of the port.
Page 202 MAC Address & VLAN ID The MAC address and VLAN ID that is seen on this port. If no MAC addresses are learned, a single row stating "No MAC addresses attached" is displayed. State Indicates whether the corresponding MAC address is blocked or forwarding. In the blocked state, it will not be allowed to transmit or receive traffic.
Page 203 Buttons Refresh: Click to refresh the page immediately. Auto-refresh: Click this box to enable an automatic refresh of the page at regular intervals. Security / Network / NAS This page provides an overview of the current NAS port states. Port The switch port number.
Page 204 Port VLAN ID The VLAN ID that NAS has put the port in. The field is blank, if the Port VLAN ID is not overridden by NAS. If the VLAN ID is assigned by the RADIUS server, "(RADIUS-assigned)" is appended to the VLAN ID. Read more about RADIUS-assigned VLANs here. If the port is moved to the Guest VLAN, "(Guest)"...
Page 205 EAPOL Counters Direction Name IEEE Name Description The number of valid EAPOL Total dot1xAuthEapolFramesRx frames of any type that have been received by the switch. The number of valid EAPOL Response dot1xAuthEapolRespIdFramesRx Response Identity frames that have been received by the switch. The number of valid EAPOL response frames (other than Responses dot1xAuthEapolRespFramesRx...
Page 206 have been transmitted by the switch. Backend Server Counters These backend (RADIUS) frame counters are available for the following administrative states: • Port-based 802.1X • Single 802.1X • Multi 802.1X • MAC-based Auth. Backend Server Counters Direction Name IEEE Name Description 802.1X-based: Counts the...
Page 207 sends an EAP Request packet following the first to the supplicant. Indicates that the backend server chose an EAP-method. MAC-based: Not applicable. 802.1X- and MAC-based: Counts the number of times that the switch receives a success Auth. dot1xAuthBackendAuthSuccesses indication. Successes Indicates that the supplicant/client has successfully...
Page 208 number of times that the switch attempts to send a supplicant's first response packet to the backend server. Indicates the switch attempted communication with the backend server. Possible retransmissions are not counted. MAC-based: Counts all the backend server packets sent from the switch towards the backend server for a given port...
Page 209 The VLAN ID on which the last frame from the VLAN ID last supplicant/client was received. 802.1X-based: The protocol version number carried in the most Version dot1xAuthLastEapolFrameVersion recently received EAPOL frame. MAC-based: Not applicable. 802.1X-based: The user name (supplicant identity) carried in the most recently received Response Identity EAPOL Identity frame.
Page 210 nters table. If no clients s are attache ed, it shows No clients a attached. AN ID This s column ho lds the VLAN N ID that the e correspon ding client i is currently s secured thro ough Port Securit ty module.
Page 211 Click to clear the counters for the selected port. This button is available in the following modes: • Multi 802.1X • MAC-based Auth.X Click to clear both the port counters and all of the attached client's counters. The "Last Client" will not be cleared, however. This button is available in the following modes: •...
Page 212 Any: The ACE will match any frame type. EType: The ACE will match Ethernet Type frames. Note that an Ethernet Type based ACE will not get matched by IP and ARP frames. ARP: The ACE will match ARP/RARP frames. IPv4: The ACE will match all IPv4 frames. IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol.
Page 213 Action Indicates the forwarding action of the ACE. Permit: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped. Rate Limiter Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled.
Page 214 Buttons : Select the ACL status from this drop down list. Refresh: Click to refresh the page immediately. Auto-refresh: Click this box to enable an automatic refresh of the page at regular intervals. DHCP Snooping Statistics This page provides statistics for DHCP snooping. The statistics show only packet counters when DHCP snooping mode is enabled and relay mode is disabled.
Page 215 The number of NAK (option 53 with value 6) packets received and transmitted. Rx and Tx Release The number of release (option 53 with value 7) packets received and transmitted. Rx and Tx Inform The number of inform (option 53 with value 8) packets received and transmitted. Rx and Tx Lease Query The number of lease query (option 53 with value 10) packets received and transmitted.
Page 216 DHCP Relay Statistics This page provides statistics for DHCP relay: Server Statistics Transmit to Server The number of packets that are relayed from client to server. Transmit Error The number of packets that resulted in errors while being sent to clients. Receive from Server The number of packets received from server.
Page 217 Client Statistics Transmit to Client The number of relayed packets from server to client. Transmit Error The number of packets that resulted in error while being sent to servers. Receive from Client The number of received packets from server. Receive Agent Option The number of received packets with relay agent information option.
Page 218 When the end is reached the text "No more entries" is shown in the displayed table. Use the button to start over. ARP Inspection Table Columns Port Switch Port Number for which the entries are displayed. VLAN ID VLAN-ID in which the ARP traffic is permitted. MAC Address User MAC address of the entry.
Page 219 Buttons Auto-refresh: Click this box to enable an automatic refresh of the page at regular intervals. Refresh: Click to refresh the page immediately. Clear: Flushes all dynamic entries. /<<: Updates the table starting from the first entry in the Dynamic ARP Inspection Tables. >>: Updates the table, starting with the entry after the last entry currently displayed.
Page 220: Security / Aaa
IP Source Guard Table Columns Port Switch Port Number for which the entries are displayed. VLAN ID VLAN-ID in which the IP traffic is permitted. IP Address User IP address of the entry. MAC Address Source MAC address. Buttons Auto-refresh: Click this box to enable an automatic refresh of the page at regular intervals.
Page 221 RADIUS Authentication Servers The RADIUS server number. Click to navigate to detailed statistics for this server. IP Address The IP address and UDP port number (in <IP Address>:<UDP Port> notation) of this server. State The current state of the server. This field takes one of the following values: Disabled: The server is disabled.
Page 222 State The current state of the server. This field takes one of the following values: Disabled: The server is disabled Not Ready: The server is enabled, but IP communication is not yet up and running. Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept accounting attempts.
Page 223 Packet Counters RADIUS authentication server packet counter. There are seven receive and four transmit counters. Direction Name RFC4668 Name Description radiusAuthClientExtAcces The number of RADIUS Access-Accept packets Access Accepts sAccepts (valid or invalid) received from the server. radiusAuthClientExtAcces The number of RADIUS Access-Reject packets Access Rejects sRejects (valid or invalid) received from the server.
Page 224 Requests ndingRequests packets destined for the server that have not yet timed out or received a response. This variable is incremented when an Access-Request is sent and decremented due to receipt of an Access-Accept, Access-Reject, Access-Challenge, timeout, or retransmission. The number of authentication timeouts to the server.
Page 225 The statistics map closely to those specified in RFC4670-RADIUS.Accounting Client MIB. Use the server select box to switch between the backend servers to show details for: Packet Counters RADIUS accounting server packet counter. There are five receive and four transmit counters.
Page 226 the server. This does not include retransmissions. The number of RADIUS packets Retransmission radiusAccClientExtRetrans retransmitted to the RADIUS accounting missions server. The number of RADIUS packets destined for the server that have not yet timed out Pending radiusAccClientExtPendin or received a response. This variable is gRequests incremented when a Request is sent and Requests...
Page 227: Switch / Snmp / Rmon
The time interval (measured in milliseconds) between the most recent Response and the Request that matched it from the radiusAccClientExtRou Round-Trip RADIUS accounting server. The granularity of this measurement Time ndTripTime is 100 ms. A value of 0 ms indicates that there hasn't been round-trip communication with the server yet.
Page 228 The total number of octets of data (including those in bad packets) received on the network. Pkts The total number of packets (including bad packets, broadcast packets, and multicast packets) received. Broad-cast The total number of good packets received that were directed to the broadcast address. Multi-cast The total number of good packets received that were directed to a multicast address.
Page 229 1024~1588 The total number of packets (including bad packets) received that were between 1024 to 1588 octets in length. Buttons Refresh: Click to refresh the page immediately. Auto-refresh: Click this box to enable an automatic refresh of the page at regular intervals.
Page 230 Pkts The total number of packets (including bad packets, broadcast packets, and multicast packets) received. Broadcast The total number of good packets received that were directed to the broadcast address. Multicast The total number of good packets received that were directed to a multicast address. CRCErrors The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets.
Page 231 RMON Alarm Overview This page provides an overview of RMON alarm entries. The displayed fields are: Indicates the index of Alarm control entry. Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold. Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds, possible sample types are:...
Page 232: Lacp System Status
RMON Event Overview This page provides an overview of RMON event entries. The displayed fields are: Event Index Indicates the index of the event entry. Log Index Indicates the index of the log entry. Log TIme Indicates Event log time. Log Description Indicates the Event description.
Page 233 Aggr ID The Aggregation ID associated with this aggregation instance. For LLAG the id is shown as 'isid:aggr-id' and for GLAGs as 'aggr-id' Partner System ID The system ID (MAC address) of the aggregation partner. Partner Key The Key that the partner has assigned to this aggregation ID. Last changed The time since this aggregation changed.
Page 234: Lacp Port Status
6.1.4.2 LACP Port Status This page provides a status overview for LACP status for all ports: Port The switch port number. LACP 'Yes' means that LACP is enabled and the port link is up. 'No' means that LACP is not enabled or that the port link is down.
Page 235: Lacp Statistics
6.1.4.3 LACP statistics This page provides an overview for LACP statistics for all ports: Port The switch port number. LACP Received Shows how many LACP frames have been received at each port. LACP Transmitted Shows how many LACP frames have been sent from each port. Discarded Shows how many unknown or illegal LACP frames have been discarded at each port.
Page 236: Stp Bridge Status
Port The switch port number of the logical port. Action The currently configured port action. Transmit The currently configured port transmit mode. Loops The number of loops detected on this port. Status The current loop protection status of the port. Loop Whether a loop is currently detected on the port.
Page 237 Bridge Insta ance. This is also a link t to the STP D Detailed Brid dge Status Brid dge ID Bridge ID o of this Bridge e instance. ot ID Bridge ID o of the curren ntly elected root bridge ot Port switch port t currently a...
Page 238: Stp Port Status
6.1. .6.2 STP Por rt Status This s page displa ays the STP C CIST port sta atus for phy sical ports o of the switch h. STP port st tatus Port switch port t number of the logical STP port. CIST T Role current STP...
Page 239: Mvr Status
Port switch port t number of the logical STP port. number of MSTP Confi guration BP PDU's receive ed/transmitt ted on the p port. number of RSTP Config guration BPD DU's receive ed/transmitte ed on the po ort. number of legacy STP C Configuratio on BPDU's re...
Page 240: Mvr Group Table
AN ID Multicast V VLAN ID. V1 R Reports Re eceived number of Received V1 1 Reports. V2 R Reports Re eceived number of Received V2 2 Reports. V3 R Reports Re eceived number of Received V3 3 Reports. V2 L Leaves Rec ceived number of...
Page 241 vigating th e MVR Gro oup Table Each h page show ws up to 99 e entries from m the MVR G Group table, default bein ng 20, select thro ough the "en ntries per pa age" input f field. When first visited, , the web pa age will show...
Page 242: Monitor / Ipmc / Igmp Snooping
6.1.8 Monitor / IPMC / IGMP Snooping 6.1.8.1 IGMP Snooping IGMP Snooping Status This page provides IGMP Snooping status: VLAND ID The VLAN ID of the entry. Querier Version Working Querier Version currently. Host Version Working Host Version currently. Querier Status Shows the Querier status is "ACTIVE"...
Page 243 V3 R Reports Re eceived number of Received V3 3 Reports. V2 L Leaves Rec ceived number of Received V2 2 Leaves. uter Port Disp play which p ports act as r router ports . A router p ort is a port on the Ethe ernet switch h that...
Page 244 inpu ut fields will - upon a Re efresh butt on click - as sume the va alue of the f first displaye entr ry, allowing for continu ous refresh with the sa me start add dress. >> will use the last ent ry of the cur rrently displ...
Page 245 vigating th e IGMP SFM M Informat tion Table Each h page show ws up to 99 e entries from m the IGMP S SFM Informa ation table, d default bein ng 20, sele cted throug gh the "entr ies per page e"...
Page 246: Mld Snooping Status
6.1.8.2 MLD Snooping Status This page provides MLD Snooping status: VLAND ID The VLAN ID of the entry. Querier Version Working Querier Version currently. Host Version Working Host Version currently. Querier Status Show the Querier status is "ACTIVE" or "IDLE". "DISABLE"...
Page 247 uter Port Disp play which p ports act as r router ports . A router p ort is a port on the Ethe ernet switch h that lead ds towards t he Layer 3 m multicast dev vice or IGMP P querier.
Page 248 en the end i is reached th he text "No more entrie es" is shown in the displ layed table. |<< button t to start ove ttons to-refresh : Check t his box to e enable an au utomatic ref resh of the p page at reg ular...
Page 249: Monitor / Lldp
end is reach hed the text "No more e entries" is sh hown in the displayed ta able. Use th butt ton to start over. D SFM Info ormation Ta able Colum AN ID AN ID of the group. up address o of the group p displayed.
Page 250 Local Port The port on which the LLDP frame was received. Chassis ID The Chassis ID is the identification of the neighbour's LLDP frames. Remote Port ID The Remote Port ID is the identification of the neighbour port. System Name System Name is the name advertised by the neighbour unit.
Page 251: Lldp Med Neighbours
ttons resh: Click t to refresh th he page imm mediately. to-refresh : Check t his box to e enable an au utomatic ref resh of the p page at reg ular inte ervals. 6.1. .9.2 LLDP M MED Neighb bours This s page provi...
Page 252 LLDP-MED Endpoint Device Definition LLDP-MED Endpoint Devices, as defined in TIA-1057, are located at the IEEE 802 LAN network edge, and participate in IP communication service using the LLDP-MED framework. Within the LLDP-MED Endpoint Device category, the LLDP-MED scheme is broken into further Endpoint Device Classes, as defined in the following.
Page 253 LLDP-MED Communication Endpoint (Class III) The LLDP-MED Communication Endpoint (Class III) definition is applicable to all endpoint products that act as end user communication appliances supporting IP media. Capabilities include all of the capabilities defined for the previous Generic Endpoint (Class I) and Media Endpoint (Class II) classes, and are extended to include aspects related to end user devices.
Page 254 6. Video Conferencing - for use by dedicated Video Conferencing equipment and other similar appliances supporting real-time interactive video/audio services. 7. Streaming Video - for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment.
Page 255: Lldp Poe
6.1.9.3 LLDP PoE This page provides a status overview for all LLDP PoE neighbours. The displayed table contains a row for each port on which an LLDP PoE neighbour is detected. The columns hold the following information: Local Port The port for this switch on which the LLDP frame was received. Power Type The Power Type represents whether the device is a Power Sourcing Entity (PSE) or Power Device (PD).
Page 256: Lldp Eee
The maximum allowed value is 102.3 W. If the device indicates value higher than 102.3 W, it is represented as "reserved" Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. Refresh: Click to refresh the page. 6.1.9.4 LLDP EEE By using EEE power savings can be achieved at the expense of traffic latency.
Page 257 Rx T link parthe r's time that t receiver wo ould like the e transmitte er to holdoff f to allow ti for t the receiver r to wake fro om sleep. Fall lback Recei ive Tw link parthe r's fallback r receive Tw.
Page 258: Lldp Statistics
6.1.9.5 LLDP Statistics This page provides an overview of all LLDP traffic. Two types of counters are shown. Global counters are counters that refer to the whole switch, while local counters refer to per port counters for the currently selected switch. Global Counters Neighbour entries were last changed on It also shows the time when the last entry was last deleted or added.
Page 259 Loca al Counter displayed ta able contain ns a row for each port. T The columns s hold the fo ollowing info ormation: Loca al Port port on wh hich LLDP fra ames are rec ceived or tra ansmitted. Tx F Frames number of LLDP frame...
Page 260: Dynamic Mac Table
6.1.10 Dynamic MAC Table Entries in the MAC Table are shown on this page. The MAC Table contains up to 8192 entries, and is sorted first by VLAND ID, then by MAC address. Navigating the MAC Table Each page shows up to 999 entries from the MAC table, default being 20, selected through the "entries per page"...
Page 261: Vlan Membership Status
AC address MAC addre ess of the en ntry. VLAN ID of f the entry. Port t Members ports that a are member rs of the ent ttons to-refresh : Check t his box to e enable an au utomatic ref resh of the p page at reg ular...
Page 262 CLI/Web/SNMP: These are referred to as static. NAS: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. MVRP: Multiple VLAN Registration Protocol (MVRP) allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network. Voice VLAN: Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones.
Page 263 vigating th e VLAN Mo onitor page Each h page show ws up to 99 e entries from m the VLAN t table, defau lt being 20, selected thr rough "entries per r page" inpu ut field. Wh en first visit ted, the web b page will s show the firs...
Page 264 VLAN USER VLAN User module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID, UVID. Currently we support following VLAN User types: CLI/Web/SNMP: These are referred to as static. NAS: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server.
Page 265: Vcl Mac-Based Vlan Status
egre ess side. nflicts Show ws status of f Conflicts w whether exist ts or not. W hen a Volat ile VLAN Use er requests t to set AN members ship or VLAN N port config guration, th e following conflicts ca n occur: Functio...
Page 266: Sflow
CLI/Web/SNMP: These are referred to as static. NAS: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. MAC Address Indicates the MAC address. VLAN ID Indicates the VLAN ID. Port Members Port members of the MAC-based VLAN entry. Buttons Refresh: Refreshes the displayed table.
Page 267: Diagnostic
Flow Sampling Packet flow sampling refers to arbitrarily choosing some packets out of a specified number, reading the first "Max Hdr Size" bytes and exporting the sampled datagram for analysis. The attributes associated with the flow sampling are: sampler type, sampling rate, maximum header size.
Page 268: Ping
6.2.1 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues: Type the IP Address, ping length (default = 56 bytes), ping count (default=5) and ping interval (default =1). Then press "Start" to start ping remote host. After you press Start, 5 ICMP packets are transmitted, and the sequence number and roundtrip time are displayed upon reception of a reply.
Page 269: Ping6
6.2.2 Ping6 This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues: Type the IPv6 Address, ping length (default = 56 bytes), ping count (default=5) and ping interval (default =1). Then press "Start" to start ping remote host. After you press Start, 5 ICMPv6 packets are transmitted, and the sequence number and roundtrip time are displayed upon reception of a reply.
Page 270 Select the port and then press Start to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table.
Page 271: Maintenance
6.3 Maintenance The section allows user to maintain the switch, such as Reset Factory Default, Firmware upgrading, Configuration Save/Restore and Restart the device. 6.3.1 Restart Device You can restart the switch on this page. After restart, the switch will boot normally: Yes: Click to restart device.
Page 272: Software Upload
6.3.3 Software Upload 6.3.3.1 Firmware Update This page facilitates an update of the firmware controlling the switch: "Browse" to the location of a software image, you can see the file name in the right of the Browse command. Click "Upload" to start the process. After the software image is uploaded, a page announces that the firmware update is initiated.
Page 273: Image Select
6.3.3.2 Image Select There are 2 image saved within the switch. This page provides information about the active and alternate (backup) firmware images in the device, and allows you to revert to the alternate image. The web page displays two tables with information about the active and alternate firmware images.
Page 274: Configuration
6.3.4 Configuration You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags: Header tags: <?xml version="1.0"?> and <configuration>. These tags are mandatory and must be present at the beginning of the file. Section tags: <platform>, <global>...
Page 275: Safety Warnings
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions.  Do not open the device. Opening or removing the device cover can expose you to dangerous high voltage points or other risks. Only qualified service personnel can service the device.
Page 276: Ce-Declaration Of Conformity
The confo ormity to th he above dir ective is ind dicated by th he CE sign on th he device. Allnet ALL- SG8926PM c conforms to o the Counci l Directives of 2004/108/ 8/EC. This s equipment...
Page 277: Gpl
Maistrasse 2 82110 Germering Your request should include: (i) the name of the covered binary, (ii) the version number of the ALLNET product containing the covered binary, (iii) your name, (iv) your company name (if applicable) and (v) your return mailing and email address (if available).
Page 278 LICENSE.GPLv2 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 279 GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program"...
Page 280 distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
Page 281 by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.
Page 282 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
Page 283 the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Also add information on how to contact you by electronic and paper mail.
Page 284 The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it.
Page 285 the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard.
Page 286 the Library does. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty;...
Page 287 refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.
Page 288 Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library.
Page 289 received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works.
Page 290 which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.
Page 291 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;...

Allnet ALL-SG8926PM User Manual

1 Products Overview

2 Hardware Description

3 Preparation for Management

4 Feature Configuration - Web UI

5 Feature Configuration - CLI

6 Web Configuration - Monitor, Diagnostic, Maintenance

7 Safety Warnings

8 CE-Declaration of Conformity

9 Gpl

Quick Links

Need help?

Questions and answers

Related Manuals for Allnet ALL-SG8926PM

Summary of Contents for Allnet ALL-SG8926PM

Table of Contents