1. Manuals
  2. Brands
  3. KYLAND Technology Manuals
  4. Switch
  5. Aquam8512
  6. Web operation manual

KYLAND Technology Aquam8512 Web Operation Manual

Industrial
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Aquam8512 Industrial Ethernet Switches
Web Operation Manual
Publication Date: May 2015
Version: V1.0

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Aquam8512 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KYLAND Technology Aquam8512

Summary of Contents for KYLAND Technology Aquam8512

  • Page 1 Aquam8512 Industrial Ethernet Switches Web Operation Manual Publication Date: May 2015 Version: V1.0...
  • Page 2 Disclaimer: Kyland Technology Co., Ltd. tries to keep the content in this manual as accurate and as up-to-date as possible. This document is not guaranteed to be error-free, and we reserve the right to amend it without notice. All rights reserved...

  • Page 3: Table Of Contents

    Contents Preface ..........................1 1. Product Introduction......................5 1.1 Overview ........................5 1.2 Software Features ......................5 2. Switch Access ........................7 2.1 View Types ........................7 2.2 Switch Access by Console Port ..................8 2.3 Switch Access by Telnet ..................... 12 2.4 Switch Access by Web ....................13 3.
  • Page 4 5.4.2 Principle ....................... 36 5.4.3 Port-based VLAN ....................36 5.4.4 Web Configuration ....................38 5.4.5 Typical Configuration Example ................45 5.5 PVLAN Configuration ....................46 5.5.1 Introduction ......................46 5.5.2 Explanation ......................47 5.5.3 Typical Configuration Example ................47 5.6 Port Mirroring ......................48 5.6.1 Introduction ......................
  • Page 5 5.10.1 Introduction ......................59 5.10.2 Web Configuration ..................... 60 5.11 SSH Server Configuration ..................61 5.11.1 Introduction ......................61 5.11.2 Secret Key ......................62 5.11.3 Implementation ....................62 5.11.4 Web Configuration ..................... 63 5.11.5 Typical Configuration Example ................65 5.12 SSL Configuration ....................73 5.12.1 Introduce......................
  • Page 6 6.3.2 Implementation ....................103 6.3.3 Explanation ......................103 6.3.4 MIB Introduction ....................104 6.3.5 Web configuration ....................105 6.3.6 Typical Configuration Example ................109 6.4 SNMPv3 ........................109 6.4.1 Introduce......................109 6.4.2 Implementation ....................110 6.4.3 Web Configuration ..................... 110 6.4.4 Typical Configuration Example ................
  • Page 7 6.8 DHP ......................... 147 6.8.1 Overview......................147 6.8.2 Concepts ......................148 6.8.3 Implementation ....................149 6.8.4 Description ......................150 6.8.5 Web Configuration ..................... 150 6.8.6 Typical Configuration Example ................160 6.9 MSTP Configuration ....................160 6.9.1 Introduction ......................160 6.9.2 Basic Concepts ....................162 6.9.3 MSTP Implementation ..................
  • Page 8 6.15 QoS Configuration ....................246 6.15.1 Introduction ...................... 246 6.15.2 QoS CAR ......................246 6.15.3 QoS Remark ....................247 6.15.4 Principle ......................247 6.15.5 Web Configuration ................... 248 6.15.6 Typical Configuration Example ................ 263 6.16 IEC61850 Configuration ..................264 6.16.1 Introduction ...................... 264 6.16.2 Web Configuration ...................
  • Page 9 6.21 LLDP ........................283 6.21.1 Introduction ...................... 283 6.21.2 Web Configuration ................... 283 6.22 VRRP ........................286 6.22.1 Introduction ...................... 286 6.22.2 Master Election ....................288 6.22.3 Monitoring a Specified Interface ..............288 6.22.4 Web Configuration ................... 289 6.22.5 Typical Configuration Example ................ 293 6.23 SNTP Configuration ....................
  • Page 10 6.27.3 Typical Configuration Example ................ 320 6.28 Authentication login configuration ................321 6.29 Link Check ......................322 6.29.1 Introduction ...................... 322 6.29.2 Web Configuration ................... 323 6.30 TTDP ........................325 6.30.1 Introduction ...................... 325 6.30.2 Topology ......................325 6.30.3 Inauguration ..................... 326 6.30.4 Network IP Address Map .................

  • Page 11: Preface

    Product Introduction Preface This manual mainly introduces the access methods and software features of Aquam8512 industrial Ethernet switches, and details Web configuration methods. Content Structure The manual contains the following contents: Main Content Explanation  1. Product introduction Overview ...

  • Page 12: Qos Configuration

    Product Introduction  SSL configuration  File transmission (TFTP service, FTP service)  MAC address table configuration  Basic configuration debug  6. Device advanced ARP configuration  configuration Layer-3 interface configuration  SNMP v2c, SNMP v3  DT-Ring  DRP configuration ...

  • Page 13: Conventions In The Manual

    Product Introduction  RADIUS configuration  IEEE802.1x configuration  Authentication login configuration  Link check  TTDP Conventions in the manual 2. CLI conventions Format Description Bold The keywords of a command line are in bold. Italic Command arguments are in italic. Items (keywords or arguments) in [ ] are optional.
  • Page 14 The matters call for special attention. Incorrect operation might cause data loss Warning or damage to devices. Product Documents The documents of Aquam8512 series industrial Ethernet switches include: Name of Document Content Introduction Aquam8010/Aquam8020/Aquam8512 Series Describes the hardware structure, hardware...

  • Page 15: Product Introduction

    1.1 Overview Aquam8512 includes a series of high-performance managed industrial Ethernet switches applied in the rail transit industry. Aquam8512 conforms to EN50155 and EN50121 industrial standards. The switch is a layer 3 switch that supports the layer 3 routing protocol, and MSTP, RSTP, DT-Ring, IEC62439-6 redundancy protocols, guaranteeing the reliable operation of the system.
  • Page 16 Product Introduction management software, DHCP, and SNMP v1/v2c/v3  Train communication: TTDP, R-NAT, Bypass...

  • Page 17: Switch Access

    Switch Access 2. Switch Access You can access the switch by:  Console port  Telnet  Web browser  Kyvision management software Kyvision network management software is designed by Kyland. For details, refer to its user manual. 2.1 View Types When logging into the Command Line Interface (CLI) by the console port or Telnet, you can enter different views or switch between views by using the following commands.

  • Page 18: Switch Access By Console Port

    Switch Access  Reboot switch. Switch (config) # Configuration Configure all switch functions. Input "exit" to return to mode privileged mode. When the switch is configured through the CLI, "?" can be used to get command help. In the help information, there are different parameter description formats. For example, <1, 255> means a number range;...
  • Page 19 Switch Access Figure 1 Starting the Hyper Terminal 3. Create a new connection "Switch", as shown in Figure 2. Figure 2 Creating a New Connection 4. Connect the communication port in use, as shown in Figure 3. Figure 3 Selecting the Communication Port Note:...
  • Page 20 Switch Access [Hardware] → [Device Manager] → [Port]. 5. Set port parameters (Bits per second: 115200, Data bits: 8, Parity: None, Stop bits: 1, and Flow control: None), as shown in Figure 4. Figure 4 Setting Port Parameters 6. Click <OK> button to enter the switch CLI. Input password "admin" and press <Enter> to enter the General mode, as shown in Figure 5.
  • Page 21 Switch Access Figure 5 CLI 7. Input command “enable”, default user "admin”, and password”123” to enter the privileged mode. You can also input other created users and password, as shown in Figure 6.

  • Page 22: Switch Access By Telnet

    Switch Access Figure 6 Privileged mode 2.3 Switch Access by Telnet The precondition for accessing a switch by Telnet is the normal communication between the PC and the switch. 1. Enter "telnet IP address" in the Run dialog box, as shown in Figure 7. The default IP address of a Kyland switch is 192.168.0.2.

  • Page 23: Switch Access By Web

    Switch Access Figure 8 Telnet Interface 2.4 Switch Access by Web The precondition for accessing a switch by Web is the normal communication between the PC and the switch. Note: IE8.0 or a later version is recommended for the best Web display results. 1.
  • Page 24 Switch Access Figure 9 Web Login The English login interface is displayed by default. You can select <中文> to change to the Chinese login interface. Note: To confirm the switch IP address, please refer to "6.2.1 Switch IP Address" to learn how to obtain IP address.
  • Page 25 Switch Access Figure 10 Web Interface In the top right corner, you can click <中文> to change language to Chinese or <Exit> to exit the Web interface.

  • Page 26: Device Information

    Device Information 3. Device Information 3.1 Switch Basic Information The switch basic information includes the prompt, MAC address, hardware version, software version, BootROM version, device type, compilation date, and runtime. Click [Device Information] → [Switch basic information] in the navigation tree to show the switch basic information, as shown in Figure 11.

  • Page 27: Switch Maintenance

    Switch Maintenance 4. Switch Maintenance In the navigation tree, you can click [Save current running-config] to save the current configuration or [Reboot with the default configuration] to enter the page shown in Figure 12. Then you can click <Yes> to restore the default configuration. Figure 12 Restoring Default Configuration 4.1 Reboot To reboot the device, click [Switch maintenance] →...

  • Page 28: Software Update By Ftp

    Switch Maintenance 4.2.1 Software Update by FTP Install an FTP server. The following uses WFTPD software as an example to introduce FTP server configuration and software update. 1. Click [Security] → [Users/Rights]. The "Users/Rights Security Dialog" dialog box is displayed. Click <New User> to create a new FTP user, as shown in Figure 14. Create a user name and password, for example, user name "admin"...
  • Page 29 Switch Maintenance Figure 15 File Location 3. Click [Switch maintenance] → [FTP software update] in the navigation tree to enter the FTP software update page, as shown in Figure 16. Enter the IP address of FTP server, FTP user name, password, and file name on the server. Click <Update>. Figure 16 Software Update by FTP Transmission type Options: binary/ascii...
  • Page 30 Switch Maintenance Function: Select the file transmission standard. Explanation: ascii means using ASCII standard to transmit file; binary means using binary standard to transmit file. ForceUpdate Options: YES/NO Default: NO Function: Select the handling method when the software version does not match the switch hardware.

  • Page 31: Software Update By Tftp

    Switch Maintenance Figure 17 Normal Communication between FTP Server and Switch Caution: To display update log information as shown in Figure 17, you need to click [Logging] → [Log Options] in WFTPD and select Enable Logging and the log information to be displayed. 5.
  • Page 32 Switch Maintenance Figure 18 TFTP Server Configuration 1. In "Current Directory", select the storage path of update file on server. Enter the server IP address in "Server interface". 2. Click [Switch maintenance] → [TFTP software update] in the navigation tree to enter the TFTP software update page, as shown in Figure 19.
  • Page 33 Switch Maintenance standard to transmit file. ForceUpdate Options: YES/NO Default: NO Function: Select the handling method when the software version does not match the switch hardware. Explanation: NO means to cancel software update if software and hardware do not match. YES means to continue software update even if software and hardware do not match.
  • Page 34 Switch Maintenance 4. When the update is completed, please reboot the device and open the Switch Basic Information page to check whether the update succeeded and the new version is active. Warning:  In the software update process, keeps the TFTP server software running. ...

  • Page 35: Device Basic Configuration

    Device Basic Configuration 5. Device Basic Configuration 5.1 Switch Basic Configuration Switch basic configuration includes hostname, mapping between host and IP address, and switch clock. 5.1.1 Basic Configuration 1. Setting Hostname Click [Device Basic Configuration] → [Switch Basic Configuration] → [Basic Config] to enter switch basic configuration page, as shown in Figure 21.

  • Page 36: Setting The Clock

    Device Basic Configuration Figure 22 Mapping between Hostname and IP Address {Host name, IP address} Format: {1-15 characters, A.B.C.D} Function: According to the mapping, use hostname to access the corresponding device. Method: Input valid hostname and IP address. Then click <Add> to set a mapping entry of hostname and IP address or <Del>...
  • Page 37 Device Basic Configuration Figure 23 Clock Configuration HH:MM:SS Range: The value of HH ranges from 0 to 23, and that of MM and SS ranges from 0 to 59. YYYY.MM.DD Range: The value of YYYY ranges from 1970 to 2099, that of MM from 1 to 12, and that of DD from 1 to 31.

  • Page 38: User Management Configuration

    Device Basic Configuration Caution:  Start time should be different from end time.  Start time indicates non-DST time. End time indicates DST time. For example, run DST from 10:00:00 April 1st to 9:00:00 October 1st. Non-DST time will run until 10:00:00 April 1st. Then the clock jumps to 11:00:00 to start DST. DST runs until 9:00:00 October 1st.
  • Page 39 Device Basic Configuration Click [Device Basic Configuration] →[User Configuration]→[User Configuration] to enter user configuration page, as shown in Figure 24. Figure 24 User Configuration Name Range: 1~16 characters Service Options: console/telnet/ssh/web Function: Select switch access mode for the current user. One or multiple access modes can be selected.
  • Page 40 Device Basic Configuration Function: Configure the password to be used when the current user accesses the switch. Key name Function: Select the key name to be used when current user accesses the switch in ssh mode. Note:  Currently, console/telnet/web does not support the key-based authentication mode. Therefore, when the service type is console/telnet/web, does not select key-based authentication as the authentication type.
  • Page 41 Device Basic Configuration Figure 26 SSH Key Configuration Key Name Range: 1~16 characters Key Type Mandatory configuration: RSA This series switches only support RSA key algorithm. Key Value Format: {algorithm name, public key, key info} Algorithm name: ssh-rsa | ssh-dsa Public key: it is based on 64 codes and the length is less than 2048 bytes Key info: more info for the key Function: Configure the public key corresponding to the client.

  • Page 42: Port Configuration

    Device Basic Configuration Figure 27 Modify New password/Repeat password Range: 1~32 characters 5. Configure timeouts for switch access modes Click [Device Basic Configuration] → [User Configuration]→[Timeouts Configuration] to enter password modification page, as shown in Figure 28. Figure 28 Timeouts Configuration Time Range: 0~44640 min Default: 5 min for console/ssh/telnet;...
  • Page 43 Device Basic Configuration 5.3.1.2 Web Configuration Click [Device Basic Configuration] → [Port configuration] → [Ethernet port configuration] → [Physical port configuration] to enter the port configuration page, as shown in Figure 29. Figure 29 Physical Port Configuration Port Options: all switch ports Description: X/Y is the port name format;...
  • Page 44 Device Basic Configuration Options: auto, 10M/Half, 10M/Full, 100M/Half, 100M/Full, 1000M/Half, 1000M/Full Default: auto Function: Configure the port speed and duplex mode. Description: Port speed and duplex mode support auto-negotiation and forced configuration. If it is set to "auto", the port speed and duplex mode will be automatically negotiated according to port connecting status.

  • Page 45: Port Information

    Device Basic Configuration 5.3.2 Port Information Click [Device Basic Configuration] → [Port configuration] → [Port debug and maintenance] → [Show port information] to enter the port information page. It contains the port connecting status, port type, input/output packet statistics, and other information, as shown in Figure 31. Figure 31 Port Information 5.4 VLAN Configuration 5.4.1 Introduction...

  • Page 46: Principle

    Device Basic Configuration are restricted to a VLAN, optimizing LAN security. VLAN partition is not restricted by physical location. Each VLAN is regarded as a logical network. If a host in one VLAN needs to send data packets to a host in another VLAN, a router or layer-3 device must be involved.
  • Page 47 Device Basic Configuration After a port is added to a specified VLAN, the port can forward the packets with the tag for the VLAN. 1. Port Type Ports fall into two types according to how they handle VLAN tags when they forward packets. ...

  • Page 48: Web Configuration

    Device Basic Configuration VLANs allowed through, accept the packet.  If the VLAN ID in a Keep the tag and forward the packet is not in the list of packet. VLANs allowed through, discard the packet. 5.4.4 Web Configuration 1. Create or delete a VLAN. Click [Device Basic Configuration] →...
  • Page 49 Device Basic Configuration Figure 33 VLAN Configuration VLAN ID Range: all created VLANs Function: Input the ID of the VLAN whose name is to be modified. VLAN Name Range: 1~11 characters Function: Input the name of the VLAN with the specified ID. VLAN Type Options: universal Default: universal...
  • Page 50 Device Basic Configuration Figure 35 Port Type Configuration Port Options: all switch ports Type Options: access/trunk Default: access Function: Select the mode for the specified port. Each port supports only one mode. After setting is completed, the "Port mode configuration" page lists all port types, as shown in Figure 36.
  • Page 51 Device Basic Configuration Figure 37 Allocating Access Ports to VLANs Tag Type Option: Tag/Untag Function: Select the type of the port to be added to the VLAN. Caution:  In access mode, the port must be untag and added to one VLAN. ...
  • Page 52 Device Basic Configuration Figure 38 Trunk Port PVID Configuration Trunk Port Options: all Trunk ports Trunk Native VLAN (pvid) Options: all created VLANs Default: 1 Function: Configure the PVID for a Trunk port. Description: No matter whether a port does not exist in a VLAN or exists in a VLAN in the form of Untag/tag, after the PVID is specified, this port will be added to the VLAN in the form of Untag.
  • Page 53 Device Basic Configuration Default: all created VLANs Function: Configure VLANs for the selected Trunk port. After setting is completed, the VLAN information of all Trunk ports is displayed, as shown in Figure 40. Figure 40 VLAN Configuration of Trunk Ports 7.
  • Page 54 Device Basic Configuration Figure 42 VLAN Ingress Rule Information 8. Configure VLAN-aware Click [Device Basic Configuration] → [VLAN configuration] → [VLAN configuration] → [VLAN-aware] → [VLAN-aware] to enter the VLAN ingress rule configuration page, as shown in Figure 43. Figure 43 VLAN-aware Configuration Option: Aware/Unaware Default: Aware Function: When Aware is selected, the device identifies and judges the VLAN according to...

  • Page 55: Typical Configuration Example

    Device Basic Configuration Figure 44 VLAN Information 5.4.5 Typical Configuration Example As shown in Figure 45, the entire LAN is divided into 3 VLANs: VLAN2, VLAN100, and VLAN200. It is required that the devices in the same VLAN can communicate with each other, but different VLANs are isolated.

  • Page 56: Pvlan Configuration

    Device Basic Configuration Figure 45 VLAN Application Configurations on Switch A and Switch B: 1. Create VLAN2, VLAN100, and VLAN200, as shown in Figure 32. 2. Configure ports 1/1, 1/2, 1/3, 1/4, 1/5, 1/6 as Access ports, and port 1/7 as Trunk port, as shown in Figure 35.

  • Page 57: Explanation

    Device Basic Configuration Figure 46 PVLAN Application As shown in Figure 46, the shared domain is VLAN100 and the isolation domains are VLAN 10 and VLAN 30; the devices in the isolation domains can communicate with the device in the share domain, such as VLAN 10 can communicate with VLAN 100; VLAN 30 can also communicate with VLAN 100, but the devices in different isolation domains cannot communicate with each other, such as VLAN 10 cannot communicate with VLAN 30.

  • Page 58: Port Mirroring

    Device Basic Configuration Figure 47 PVLAN Configuration Example Switch configuration: 1. Create VLAN300, VLAN 100, and VLAN 200, as shown in Figure 32. 2. Configure ports 1, 2, 3, 4, 5, 6 as trunk ports, as shown in Figure 35. 3.

  • Page 59: Explanation

    Device Basic Configuration 5.6.2 Explanation A switch supports only one mirroring destination port but multiple source ports. Multiple source ports can be either in the same VLAN, or in different VLANs. Mirroring source port and destination port can be in the same VLAN or in different VLANs. The source port and destination port cannot be the same port.

  • Page 60: Typical Configuration Example

    Device Basic Configuration Description: rx indicates only the received packets are mirrored in the source port. tx indicates only the transmitted packets are mirrored in the source port. Both indicates both transmitted and received packets are mirrored in the source port. Source port Options: all switch ports Function: Select the mirroring source port.

  • Page 61: Port Storm Control

    Device Basic Configuration Figure 50 Port Mirroring Example Configuration process: 1. Set port 2 to the mirroring destination port, as shown in Figure 49. 2. Set port 1 to the mirroring source port and the port mirroring mode to both, as shown in Figure 48.
  • Page 62 Device Basic Configuration Port name Options: all switch ports Function: Select the ports that need rate limiting. Rate Unit: Options: bps/kbps/percent Function: Select the unit of the threshold. Rate Value: Range: 1~1000000kbps/1~1000000000bps/1~100 Percent Default: 0, when the value is 0, port storm control is disabled. Function: Configure the threshold for port rate limiting and the packets that exceed the threshold will be dropped.

  • Page 63: Typical Configuration Example

    Device Basic Configuration Figure 52 Configuring the Packets to Be Controlled Port name Options: all ports on which port storm control is enabled Suppression Type Options: Multicast/broadcast/dlf Function: Select the type of packets to be controlled. Function Options: Enable/Disable Default: Disable Function: Enable or disable the control on the type of packets.

  • Page 64: Web Configuration

    Device Basic Configuration this method will cause a waste of limited VLAN resources. By adopting the port isolation feature, you can isolate ports in the same VLAN from each other. User only needs to add port to isolation group, and the isolation of data in layer 2 among ports of the isolation group would be realized because the ports in the isolation group would not forward packets to other ports of the isolation group.

  • Page 65: Typical Configuration Example

    Device Basic Configuration Function: Enable or disable the port isolate. Caution: One port is added to only one isolation group. 5.8.3 Typical Configuration Example Connect PC1, PC2, and PC3 to the Ethernet port 1, 2, and 3 of the switch, and connect port 4 to the external network.

  • Page 66: Implementation

    Device Basic Configuration reliability. Port group is a physical port group on the configuration layer. Only the physical ports that join in port group can participate in link aggregation and become a member of port channel. When physical ports in a port group meet certain conditions, they can conduct port aggregation and form a port channel and become an independent logical port, thereby increasing network bandwidth and providing link backup.

  • Page 67: Web Configuration

    Device Basic Configuration Caution:  A port can be added to only one port group.  Port channel and isolated port are mutually exclusive. The port in a port channel cannot be added to an isolation group; the port of isolation group cannot be added to a port channel. ...
  • Page 68 Device Basic Configuration 2. Create or delete a port group, as shown in Figure 57. Figure 57 Port Channel Configuration LACP group number Range: 1~8 Function: Set the port group number with a maximum of 8 port groups. Operation type Options: add port group/remove port group Default: add port group Function: Create or delete a port group.

  • Page 69: Typical Configuration Example

    Device Basic Configuration LACP group number Options: all created port group numbers Port Options: all switch ports Function: Select the port to be added to or deleted from a port group. Description: The member ports in a same port group have the same port attributes. Operation type Options: Add port to group/Remove port from group Default: Add port to group...

  • Page 70: Web Configuration

    Device Basic Configuration the server. This series switches can serve as a Telnet server or client. When a switch serves as a Telnet server, you can log in to the switch by using the Telnet client software in the Windows or other OSs. When the switch serves as a Telnet server, it can establish TCP connections with a maximum of 5 Telnet clients.

  • Page 71: Ssh Server Configuration

    Device Basic Configuration Click [Device Basic Configuration] → [Telnet server configuration] → [Telnet security IP] to enter security IP address configuration page, as shown in Figure 61. Figure 61 Telnet Server Security IP Security IP address Format: A.B.C.D Function: Configure security IP address for Telnet client login when the switch works as a Telnet server.

  • Page 72: Secret Key

    Device Basic Configuration command lines to configure switches. The switch supports the SSH server function and allows the connection of multiple SSH users that log in to the switch remotely through SSH, but a maximum of two users can connect to the switch at a time. 5.11.2 Secret Key The unencrypted message is called plaintext, and the encrypted message is called cipher text.

  • Page 73: Web Configuration

    Device Basic Configuration 5.11.4 Web Configuration  SSH server configuration steps: Click [Device Basic Configuration] → [SSH Server Configuration] → [SSH server configuration] to enter the SSH server configuration page. 1. Disable SSH status. 2. Click <Destroy> to destroy the old key pair, as shown in Figure 63. Figure 63 Destroy the Old Key Pair 3.
  • Page 74 Device Basic Configuration Option: Open/Close Default: Close Function: Enable/Disable SSH protocol. If it is enabled, the switch works as the SSH server. Authentication Retry Times Configuration range: 1~10 Default: 10 Function: set the number of attempts to log into SSH server. Local Key Pair Configuration options: Create/Destroy Function: create or destroy the local key pair of the SSH server.

  • Page 75: Typical Configuration Example

    Device Basic Configuration and configure the switch by SSH. Explanation: A switch allows a maximum of 6 security IP addresses. By default, no security IP address is configured. 5.11.5 Typical Configuration Example The Host works as the SSH client to establish a local connection with switch, as shown in Figure 66.
  • Page 76 Device Basic Configuration Figure 67 SSH Client Configuration 4. Click <Open> button and following warning message appears shown in Figure 68, click the <是(Y)> button. Figure 68 Warning Message...
  • Page 77 Device Basic Configuration 5. Input the user name "333" and the password "333" to enter the switch configuration interface, as shown in Figure 69. Figure 69 Login Interface of the SSH Password Authentication  SSH user chooses the authentication type of "Key". 1.
  • Page 78 Device Basic Configuration Figure 70 Generate the Client Key 3. In the generation process, please move the mouse in the screen, otherwise, the progress bar does not move forward and the generation stops, as shown in Figure 71.
  • Page 79 Device Basic Configuration Figure 71 Key Generation 4. As Figure 72 shows, click <Save private key> to save the private key as 444.ppk, and copy the public key to the space of Key Value in the SSH Key Configuration interface and input the key name 444, as shown in Figure 26.
  • Page 80 Device Basic Configuration Figure 72 Generate the Key Value 5. Set SSH user name to 444, service to SSH, authen-type to key, key name to 444, see Figure 24 6. Establish a connection with the SSH server. First, run the PuTTY.exe software, as shown in Figure 73;...
  • Page 81 Device Basic Configuration Figure 73 SSH Client Configuration of the “key” Authentication 7. Click [SSH] →[Auth] in the left side of the Figure 73, and the screen shown in Figure 74 appears, click <Browse> and choose the private file saved in the step 4.
  • Page 82 Device Basic Configuration Figure 74 Choose the Key File 8. Click <Open> button; input the user name to enter the switch configuration interface, as shown in Figure 75.

  • Page 83: Ssl Configuration

    Device Basic Configuration Figure 75 Login Interface of the SSH Public Key Authentication 5.12 SSL Configuration 5.12.1 Introduce SSL (Secure Socket Layer) is a security protocol and provides the security link for the TCP-based application layer protocol, such as HTTPS. SSL encrypts the network connection at the transport layer and uses the symmetric encryption algorithm to guarantee the data security, and uses the secret key authentication code to ensure the information reliability.
  • Page 84 Device Basic Configuration Click [Device Basic Configuration] → [SSH configuration] → [SSH Configuration] to enter the SSL configuration page, as shown in Figure 76. Figure 76 Enable HTTPS Protocol Server state Option: Enable/Disable Default: Disable Function: Enable or disable the SSL protocol. Explanation: After enabling SSL, users must use the secure link https://ip address to access the switch.

  • Page 85: File Transmission Service

    Device Basic Configuration 5.13 File Transmission Service File transmission service enables mutual file backup between the server and the client. When a file on the server (or client) is changed, you can obtain the backup file from the client (or server) through FTP or TFTP. The switch can serve as the client or server to upload and download files through FTP or TFTP.
  • Page 86 Device Basic Configuration Figure 78 TFTP Client Service Server IP address Format: A.B.C.D Description: Input the server IP address. Local file name Range: 1~100 characters Description: Input the file name of the switch. Server file name Range: 1~100 characters Description: Input the file name of the server. Transmission type: Configuration items: binary/ascii Default: binary...
  • Page 87 Device Basic Configuration Figure 79 Successful File Upload through TFTP Figure 80 Successful File Download through TFTP Caution:  In the file transmission process, keeps the TFTP server running.  Software version file is not a text file, and it must adopt the binary standard for transmission 2.

  • Page 88: Ftp Service

    Device Basic Configuration Range: 5~3600s Default: 20s Function: Configure the timeout of TFTP server connection. TFTP Retransmit times Range: 1~20 Default: 5 Function: Configure the retransmission times of TFTP server during timeout.  Install TFTP client software, as shown in Figure 82. Input switch IP address in Host; select the client file storage path in Local File;...
  • Page 89 Device Basic Configuration password, for example, username: admin; password: 123. Click <OK>. Figure 83 Creating a New FTP User  Input the file storage path in server in Home Directory, as shown in Figure 84. Click <Done>.
  • Page 90 Device Basic Configuration Figure 84 File Storage Path  Click [Device Basic Configuration] → [File transmit] → [FTP Service] → [FTP client service] to enter FTP client configuration page, as shown in Figure 85. Figure 85 FTP Client Service Server IP address Format: A.B.C.D Description: indicates the server IP address.
  • Page 91 Device Basic Configuration Explanation: ascii means using ASCII standard to transmit file; binary means using binary standard to transmit file. Method: Click <Upload to PC> to upload the file from switch to server. Click <Download to Device> to download file from server to switch. ...
  • Page 92 Device Basic Configuration Figure 88 TFTP Server Service FTP Server state Options: Close/open Default: close Function: Enable or disable the FTP server function. FTP Timeout Range: 5~3600s Default: 600s Function: Configure the timeout of FTP server connection. Description: If no data is transmitted between the FTP server and client within the timeout, the connection between them is disconnected.
  • Page 93 Device Basic Configuration clients at the same time. State Options: Plain text/Encrypted text Default: Plain text Function: Select the password display mode.  Click [Start] → [Run] in the Windows OS. The Run dialog box is displayed. Input "cmd" and press Enter. The following page is displayed. Figure 90 CLI ...
  • Page 94 Device Basic Configuration Figure 91 FTP Server Connection  Use the configured user name "admin" and password "123" to log in to the FTP server, as shown in Figure 92. Figure 92 Logging in to the FTP Server  Use the "get" command to download the file to the designated path on client, as shown in Figure 93.
  • Page 95 Device Basic Configuration downloaded in Remote file and the file name saved in client in Local file. Figure 93 Downloading File from Switch to Client  Use the "put" command to upload the file in the designated path in the client to the server, as shown in Figure 94.

  • Page 96: Mac Address Configuration

    Device Basic Configuration 5.14 MAC Address Configuration 5.14.1 Introduction When forwarding a packet, the switch searches for the forwarding port in the MAC address table based on the destination MAC address of the packet. A MAC address can be either static or dynamic. A static MAC address is configured by a user.
  • Page 97 Device Basic Configuration Figure 95 MAC Bind Configuration MAC bind state Option: Enable/Disable Default: Disable Function: Enable or disable MAC binding function. When enable is selected, for a packet whose source MAC address and VLAN ID are consistent with the MAC address and VLAN ID of a static unicast MAC address entry, the switch checks whether the inlet port is consistent with the port of this static unicast MAC address entry.
  • Page 98 Device Basic Configuration Function: Select the type of the MAC address entry. Description: Static means establishing mapping between the designated MAC address and port number or VLAN ID. Blackhole is to drop the packet whose source MAC address or destination MAC address is the designated MAC address.
  • Page 99 Device Basic Configuration Figure 98 MAC Address Aging Time Configuration Aging time Range: 10~100000s Default: 300s Function: Set the aging time for the dynamic MAC address entry. Description: When aging time is set to 0, aging is prohibited. In this case, the address dynamically learned does not age with time.

  • Page 100: Basic Configuration Maintenance And Debugging Information

    Device Basic Configuration Figure 101 Unicast Address Query 5.15 Basic Configuration Maintenance and Debugging Information When configuring the switch, you may need to check the correctness of various configurations to ensure normal running; or when certain anomalies occur, you may need to locate the fault.
  • Page 101 Device Basic Configuration Function: If the mapping between the remote host and IP address has been set, just input the remote host name and conduct Ping operation. Description: The switch sends ICMP request packets to the remote device to detect the communication between the switch and remote device.
  • Page 102 Device Basic Configuration Click [Device Basic Configuration] → [Basic configuration debug] → [show clock] to enter clock information page, as shown in Figure 104. Figure 104 Clock Information 4. View the file information in Flash. Click [Device Basic Configuration] → [Basic configuration debug] → [show flash] to enter flash information page, as shown in Figure 105.
  • Page 103 Device Basic Configuration Figure 106 Configuration Information 6. View port information. Click [Device Basic Configuration] → [Basic configuration debug] → [show switchport interface] to enter port information page, as shown in Figure 107. Figure 107 Port Information Type...
  • Page 104 Device Basic Configuration Description: the VLAN type. Mode Description: the port mode. Port VID Description: the port PVID Trunk allowed Vlan With TAG Description: Indicates VLANs for the selected Trunk port as tag. Trunk allowed Vlan With UNTAG Description: Indicates VLANs for the selected trunk port as untag. 7.
  • Page 105 Device Basic Configuration Description: indicates the current status of TCP connection. 8. View the UDP connection status. Click [Device Basic Configuration] → [Basic configuration debug] → [show udp] to enter UDP connection information page, as shown in Figure 109. Figure 109 UDP Connection Information Local Address Description: indicates the local address of UDP connection.

  • Page 106: Device Advanced Configuration

    Device Advanced Configuration 6. Device Advanced Configuration 6.1 ARP Configuration 6.1.1 Introduction The Address Resolution Protocol resolves the mapping between IP addresses and MAC addresses by the address request and response mechanism. The switch can learn the mapping between IP addresses and MAC addresses of other hosts on the same network segment.
  • Page 107 Device Advanced Configuration Figure 111 Configuring a Static ARP Entry IP address Format: A.B.C.D Function: Configure the IP address of the static ARP entry. MAC address Format: HH-HH-HH-HH-HH-HH (H is a hexadecimal number) Function: Configure the MAC address of the static ARP entry. Operation type Options: Add/Del Default: Add...
  • Page 108 Device Advanced Configuration  In a VLAN, an ARP entry can correspond to only one forwarding port.  Generally, the switch automatically learns ARP entries without administrator intervention. 2. View ARP addresses entry. Click [Device Advanced Configuration] → [ARP configuration] → [Show ARP] to enter the ARP configuration page, as shown in Figure 112.

  • Page 109: Layer-3 Interface Configuration

    Device Advanced Configuration Figure 113 Clearing ARP Cache Click <Apply> to clear dynamic ARP entries in cache. 6.2 Layer-3 interface configuration 6.2.1 Switch IP Address Log in to the CLI of the switch through the console port. Run the enable command in the general view to enter the privileged view.
  • Page 110 Device Advanced Configuration This series switches support VLAN interfaces, which are virtual Layer 3 interfaces used for inter-VLAN communication. You can create one VLAN interface for each VLAN. The interface is used for forwarding Layer 3 packets of the ports in the VLAN. Click [Device Advanced Configuration] →...
  • Page 111 Device Advanced Configuration Figure 116 Obtaining the IP Address Port Options: all created Layer-3 VLAN interfaces Default: VLAN1 IP Mode Options: bootp-client/dhcp-client/Specify IP address Default: Specify IP address Function: Select the mode for obtaining an IP address. Description: Specify IP address is to configure IP address manually; bootp-client/dhcp-client is that the switch automatically obtains an IP address through DHCP/BOOTP.

  • Page 112: Snmp V2C

    Device Advanced Configuration Configuration format: A.B.C.D Function: Configure the IP address for the specified Layer-3 VLAN interface. Subnet mask The subnet mask is a number with a length of 32 bits and consists of a string of 1 and a string of 0.

  • Page 113: Implementation

    Device Advanced Configuration 6.3.2 Implementation SNMP adopts the management station/agent mode. Therefore, SNMP involves two types of NEs: NMS and agent.  The Network Management Station (NMS) is a station running SNMP-enabled network management software client. It is the core for the network management of an SNMP network.

  • Page 114: Mib Introduction

    Device Advanced Configuration extends the functions of SNMP v1. To enable the communication between the NMS and agent, their SNMP versions must match. Different SNMP version can be configured on an agent, so that it can use different versions to communicate with different NMSs. 6.3.4 MIB Introduction Any managed resource is called managed object.

  • Page 115: Web Configuration

    Device Advanced Configuration 6.3.5 Web configuration 1. Configure SNMP v2c Click [Device Advanced Configuration] → [SNMP Configuration] → [SNMP Base Configuration] to configure SNMP v2c, as shown in Figure 120. Figure 120 SNMP v2c Configuration Snmp Agent state Options: Enable/Disable Default: Disable Function: Enable/Disable SNMP.
  • Page 116 Device Advanced Configuration Range: 1~65535 Default: 161 Function: Configure the number of the port for receiving SNMP requests. Community Range: 4~16 characters Function: Configure switch community. Description: The packet can access the switch MIB only when the community name carried in the SNMP packet is the same as this community string.
  • Page 117 Device Advanced Configuration Security IP Check Option: Enable/Disable Default: Disable Function: Enable or disable security IP check. If security IP check is disabled, there is not restriction on NMS IP address, any NMS connected to the switch can access switch MIB information.
  • Page 118 Device Advanced Configuration TRAP Port Options: 1~65535 Default: 162 Function: Configure the number of port for sending trap messages. Version Option: V1/ V2C/ V3 Function: V1/V2C indicates that the switch sends trap messages of version 1/version 2C to the server. V3 indicates that the switch sends trap messages of version 3 to the server. If you select V1/ V2C, only destination IP address needs to be configured.

  • Page 119: Typical Configuration Example

    Device Advanced Configuration 6.3.6 Typical Configuration Example SNMP management server is connected to the switch through Ethernet. The IP address of the management server is 192.168.0.23, and that of the switch is 192.168.0.2.The NMS monitors and manages the Agent through SNMP v2c, and reads and writes the MIB node information of the Agent.

  • Page 120: Implementation

    Device Advanced Configuration packets transmitted between the NMS and the Agent, avoiding interception. The authentication and encryption functions can improve the security of communication between the SNMP NMS and the SNMP Agent. 6.4.2 Implementation SNMP v3 provides five configuration tables. Each table can contain 16 entries. These tables determine whether specific users can access MIB information.
  • Page 121 Device Advanced Configuration Figure 125 SNMP v3 User Table Configuration User Name Range: 4~16 characters Function: Create the user name. Authentication protocol Options: NONE/HMAC-MD5/HMAC-SHA Default: NONE Function: Select an authentication algorithm. Authentication password Range: 4~16 characters Function: Create the authentication password. Privacy protocol Options: NONE/HMAC-DES Default: NONE...
  • Page 122 Device Advanced Configuration Range: 4~16 characters Function: Create the packet encryption password. 2. Configure the group table Click [Device Advanced Configuration] → [SNMP Configuration] → [V3 Group Table] to enter the V3 group table configuration page, as shown in Figure 126. Figure 126 SNMP v3 Group Table Configuration Group Name Range: 4~16 characters...
  • Page 123 Device Advanced Configuration name in the user table. Users with the same group name belong to the same group. Security Model Default: SNMP v3 Description: SNMP v3 indicates that User-based Security Model (USM) is adopted. Currently, the value must be SNMP v3. 3.
  • Page 124 Device Advanced Configuration 4. Configure the view table Click [Device Advanced Configuration] → [SNMP Configuration] → [V3 View Table] to enter the V3 view table configuration page, as shown in Figure 128. Figure 128 SNMP v3 View Table Configuration View Name Range: 4~16 characters Function: Configure the view name.
  • Page 125 Device Advanced Configuration Function: MIB tree, indicated by the OID of the root node of the tree. Mask Function: Mask of the MIB tree. Oid-tree and mask together determine the MIB node information of the current view. For example, in the Figure 128, the view name "view1" can only access the information of node 1.3.6.1.2.1.1.1, 1.3.6.1.2.1.2.1, 1.3.6.1.2.1.3.1, and 1.3.6.1.2.1.4.1…...
  • Page 126 Device Advanced Configuration Context Match Options: exact/prefix Default: exact Function: Select the match mode of the context name. Exact indicates that the value of Context Prefix must be identical with the context name. Prefix indicates that the value of Context Prefix must be identical with the first 4 to 16 characters of the context name. In this case, context names with the same prefix have the same access rights.
  • Page 127 Device Advanced Configuration Function: Select the name of view that can send trap message. 6. Configure security IP addresses. Click [Device Advanced Configuration] → [SNMP Configuration] → [IP Address of SNMP Manager] to enter security IP address configuration page, as shown in Figure 130. Figure 130 Security IP Address Configuration Security IP Check Option: Enable/Disable...
  • Page 128 Device Advanced Configuration configure trap, as shown in Figure 131. Figure 131 SNMP v3 Trap Configuration TRAP State Options: Open/Close Default: Close Function: Allow switch to send Trap message or not. TRAP Port Options: 1~65535 Default: 162 Function: Configure the number of port for sending trap messages. Version Option: V1/V2C/V3 Function: V1/V2C indicates that the switch sends trap messages of version 1/version 2C to...

  • Page 129: Typical Configuration Example

    Device Advanced Configuration configurations must be consistent with those in the access table. The security level can be equal to or higher than that in the access table. For example, when the access right of user 1111 is set to AuthNoPriv, the switch can send trap messages to the server only if the security level of security name 1111 is AuthNoPriv or AuthPriv.

  • Page 130: Dt-Ring

    Device Advanced Configuration node of MIB tree 1, as shown in Figure 128. 5. Configure the SNMP v3 access table. Set the group name to group, context name to context, context match to exact, security level to AuthNoPriv, readView to view-all, writeView to view-no, and notifyView to view-all, as shown in Figure 129.

  • Page 131: Implementation

    Device Advanced Configuration Slave: A ring can include multiple slaves. Slaves listen to and forward DT-Ring protocol packets and report fault information to the master. Backup port: The port for communication between DT rings is called the backup port. Master backup port: When a ring has multiple backup ports, the backup port with the larger MAC address is the master backup port.
  • Page 132 Device Advanced Configuration Figure 133 CD Link Fault 4. If link AC is faulty, as shown in Figure 134. a) When link AC is faulty, port 1 is in blocking state and port 2 changes to forwarding state, ensuring normal link communication. b) After the fault is rectified, port 1 is still in blocking state and port 8 is in forwarding state.
  • Page 133 Device Advanced Configuration Figure 134 DT-Ring Link Fault Caution: Link status change affects the status of ring ports. DT-Ring-VLAN Implementation DT-Ring-VLAN allows the packets of different VLANs to be forwarded in different paths. Each forwarding path for a VLAN forms a DT-Ring-VLAN. Different DT-VLAN-Rings can have different masters.

  • Page 134: Explanation

    Device Advanced Configuration the slave backup port will forward packets, preventing loops and ensuring normal communication between redundant rings. Figure 136 DT-Ring+ Topology Caution: Link status change affects the status of backup ports. 6.5.4 Explanation DT-Ring configurations should meet the following conditions: ...
  • Page 135 Device Advanced Configuration Figure 137 Redundant Ring Mode Configuration Redundancy Mode Set Options: Disable/DT-PORT/DT-VLAN Default: Disable Function: Enable/disable DT-Ring protocol and choose redundant ring mode. Caution:  Port-based ring protocols include RSTP, DT-Ring-Port, and DRP-Port, and VLAN-based ring protocols include MSTP, DT-Ring-VLAN, and DRP-VLAN. ...
  • Page 136 Device Advanced Configuration Figure 139 DT-Ring Configuration Figure 140 DT-VLAN-Ring Configuration Redundancy Forced configuration: DT-Ring Domain ID Configuration rang: 1~32...
  • Page 137 Device Advanced Configuration Function: The domain ID is used to distinguish different rings. One switch supports a maximum of 16 port-based rings or 8 VLAN-based rings. Domain name Range: 1~31 characters Function: Configure the domain name. Station Type Options: Master/Slave Default: Master Function: Select the switch role in a ring.
  • Page 138 Device Advanced Configuration DT-Ring+ Options: Enable/Disable Default: Disable Function: Enable/disable DT-Ring+. Backup port Options: all switch ports Function: Set a port to backup port. Explanation: Enable DT-Ring+ before setting backup port. Add VLAN list Options: all created VLANs Function: Select the VLANs for the ring port. After setting is completed, DT-Ring List shows all created rings, as shown in Figure 141.

  • Page 139: Typical Configuration Example

    Device Advanced Configuration Figure 142 DT-Ring Configuration Click <Apply> to make changes take effect after modification. Click <Delete> to delete the DT-Ring configuration entry. 5. View DT-Ring and port status, as shown in Figure 143. Figure 143 DT-Ring State 6.5.6 Typical Configuration Example As shown in Figure 136, Switch A, B, C, and D form Ring 1;...

  • Page 140: Stp/Rstp

    Device Advanced Configuration DT-Ring+: Disable; do not set backup ports, as shown in Figure 139. Configuration on Switch B: 2. Domain ID: 1; Domain name: Ring; Ring port: port 1 and port 2; Station type: Master; DT-Ring+: Disable; do not set backup ports, as shown in Figure 139. Configuration on Switch C and Switch D: 3.

  • Page 141: Concepts

    Device Advanced Configuration 6.6.2 Concepts Root bridge: serves as the root for a tree. A network has only one root bridge. The root bridge changes with network topology. The root bridge periodically sends BPDU to the other devices, which forward the BPDU to ensure topology stability. Root port: indicates the best port for transmission from the non-root bridges to the root bridge.

  • Page 142: Implementation

    Device Advanced Configuration designated bridge (6 bytes). Designated port ID: port priority+port number. Message age: duration that a BPDU can be spread in a network. Max age: maximum duration that a BPDU can be saved on a device. When Message age is larger than Max age, the BPDU is discarded.

  • Page 143: Web Configuration

    Device Advanced Configuration order. The BPDU with a smaller ID has a higher priority. The BPDU with a smaller root bridge ID has a higher priority. 3. Selection of the root bridge The root bridge of the spanning tree is the bridge with the smallest bridge ID. 4.
  • Page 144 Device Advanced Configuration Default: Disable Function: Disable or enable RSTP or STP. Caution:  Port-based ring protocols include RSTP, DT-Ring-Port, and DRP-Port, and VLAN-based ring protocols include MSTP, DT-Ring-VLAN, and DRP-VLAN.  Port-based ring protocol and VLAN-based ring protocol are mutually exclusive, and only one ring protocol mode can be selected for one device.
  • Page 145 Device Advanced Configuration Description: If the value of message age in the BPDU is larger than the specified value, then the BPDU is discarded. Forward Delay Time Range: 4~30s Default: 15s Function: Configure status change time from Discarding to Learning or from Learning to Forwarding.
  • Page 146 Device Advanced Configuration Figure 146 Port Settings Protocol Status Options: Enable/Disable Default: Disable Function: Enable or disable STP/RSTP on ports. Caution:  RSTP port and port channel are mutually exclusive. A RSTP port cannot be added to a port channel; a port in a port channel cannot be configured as a RSTP port. ...
  • Page 147 Device Advanced Configuration same time, and RSTP ports cannot be added to a isolation group Port Priority Range: 0~255. The step is 16. Default: 128 Function: Configure the port priority, which determines the roles of ports. Path Cost Range: 1~200000000 Default: 2000000 (10M port), 200000 (100M port), 20000 (1000M port) Description: The path cost of a port is used to calculate the best path.

  • Page 148: Typical Configuration Example

    Device Advanced Configuration Figure 147 RSTP Status Information 6.6.6 Typical Configuration Example The priorities of Switch A, B, and C are 0, 4096, and 8192. Path costs of links are 4, 5, and 10, as shown in Figure 148.
  • Page 149 Device Advanced Configuration Figure 148 RSTP Configuration Example Configuration on Switch A: 1. Set priority to 0 and time parameters to default values, as shown in Figure 145. 2. Set the path cost of port 1 to 5 and that of port 2 to 10, as shown in Figure 146. Configuration on Switch B: 1.

  • Page 150: Drp

    Device Advanced Configuration 6.7 DRP 6.7.1 Overview Kyland develops the Distributed Redundancy Protocol (DRP) for data transmission on ring-topology networks. It can prevent broadcast storms for ring networks. When a link or node is faulty, the backup link can take over services in real time to ensure continuous data transmission.

  • Page 151: Concepts

    Device Advanced Configuration 6.7.2 Concepts 1. DRP Modes DRP involves two modes: DRP-Port-Based and DRP-VLAN-Based. DRP-Port-Based: forwards or blocks packets based on specific ports. DRP-VLAN-Based: forwards or blocks packets based on VLANs. If a port is in blocking state, only the data packets of the specified VLAN are blocked. Therefore, multiple VLANs can be configured on tangent ring ports.

  • Page 152: Implementation

    Device Advanced Configuration B-Root: indicates the device on which DRP is enabled, meeting at least one of the following conditions: one ring port is in Link up state while the other is in Link down, CRC degradation, the priority is not less than 200. The B-Root compares and forwards Announce packets. If the vector of a received Announce packet is smaller than that of its own Announce packet, the B-Root changes its role to Root;...
  • Page 153 Device Advanced Configuration Role priority: The value can be set on the Web UI. The parameters in Table 8 are compared in the following procedure: 1. The value of link status is checked first. The device with a larger link status value is considered to have a larger vector.
  • Page 154 Device Advanced Configuration degradation is the Normal. The fault recovery procedure is as follows: 1. In the initial topology, A is the Root; port 1 is in forwarding state and port 2 in blocking state. B, C, and D are Normal(s), and their ring ports are in forwarding state, as shown in the following figure.
  • Page 155 Device Advanced Configuration Figure151 Link Recovery 3. When link CD recovers, D is still the Root because its vector is larger than the vector of C. Because D is the Root, port 7 is in blocking state. In this case, port 6 is in Link up state, so DRP changes the state of port 6 to forwarding.
  • Page 156 Device Advanced Configuration along the link. A is the Root. STG2-based ring link: FB-BC-CD-DE-EF. Packets of VLAN30 are forwarded along the link. F is the Root. The two rings are tangent at link BC, CD, and DE. Switch C and Switch D share the same ports in the two rings, but use different logical links based on VLANs.

  • Page 157: Dhp

    Device Advanced Configuration master backup port is in forwarding state and the other backup ports are in blocking state. If the master backup port or its link is faulty, a slave backup port will be selected to forward data. Figure153 DRP Backup Caution:...

  • Page 158: Concepts

    Device Advanced Configuration Figure154 DHP Application 6.8.2 Concepts The implementation of DHP is based on DRP. The role election and assignment mechanism of DHP is the same as that of DRP. DHP provides link backup through the configuration of Home-node, Normal-node, and Home-port. Home-node: indicates the devices at both ends of the DHP link and terminates DRP packets.

  • Page 159: Implementation

    Device Advanced Configuration 6.8.3 Implementation Figure155 DHP Configuration As shown in the preceding figure, the configurations of A, B, C, and D in Figure 6 are as follows:  DRP configuration: C is the Root; port 2 is in blocking state; A, B, and D are Normal; all the other ring ports are in forwarding state.

  • Page 160: Description

    Device Advanced Configuration Figure156 DHP Fault Recovery 6.8.4 Description DRP configurations meet the following requirements:  All switches in the same ring must have the same domain number.  One ring contains only one Root, but can contain multiple B-Roots or Normal(s). ...
  • Page 161 Device Advanced Configuration  Port-based ring protocol and VLAN-based ring protocol are mutually exclusive, and only one ring protocol mode can be selected for one device. 2. Create a DRP-Port-Based entry. Click [Device Advanced Configuration] → [DRP configuration] → [Port-Based DRP Configuration] to enter the DRP entry creating page, as shown in the following figure.
  • Page 162 Device Advanced Configuration Description: Each ring has a unique domain ID. On one switch, a maximum of 16 DRP rings can be configured. Domain name Range: 1~31 characters Function: Configure the domain name. Ring Port 1/Ring Port 2 Options: all switch ports Function: Select two ring ports.
  • Page 163 Device Advanced Configuration Role-Priority Range: 0~255 Default: 128 Function: Configure the priority of a switch. Backup Port Options: all switch ports Function: Configure the backup port. Caution: Do not configure a ring port as a backup port. After you have completed setting the parameters, the created entry will be displayed in the DRP List, as shown in the following figure.
  • Page 164 Device Advanced Configuration  It is not recommended that ports in an isolation group are configured as DRP ports and backup ports at the same time, and DRP ports and backup ports cannot be added to an isolation group.  View the parameter settings of a DRP-Port-Based entry. Click the DRP entry in Figure160.
  • Page 165 Device Advanced Configuration 3. Configure a DRP-VLAN-Based entry. Click [Device Advanced Configuration] → [DRP configuration] → [DRP Mode] to enter the DRP mode configuration page. Select VLAN Based.  DRP instance configuration Click [Device Advanced Configuration] → [DRP configuration] → [VLAN-Based DRP Configuration] →...
  • Page 166 Device Advanced Configuration Function: Configure the VLAN ID for the DRP instance. Description: One instance can correspond to multiple VLAN IDs, but one VLAN ID can correspond to only one instance.  View the information about DRP instances. Click [Device Advanced Configuration] → [DRP configuration] → [VLAN-Based DRP Configuration] →...
  • Page 167 Device Advanced Configuration Figure167 Configuring a DRP-VLAN-Based Entry Redundancy Mandatory configuration: DRP Domain ID Range: 1~32 Function: Each ring has a unique domain ID. A maximum of 8 DRP rings can be configured on one switch. Domain name Range: 1~31 characters Function: Configure the domain name.
  • Page 168 Device Advanced Configuration received CRCs. If the number of CRCs of one ring port exceeds the threshold, the system considers the port to have CRC degradation. As a result, the CRC degradation value is set to 1 in the vector of the Announce packet of the port. Role-Priority Range: 0~255 Default: 128...
  • Page 169 Device Advanced Configuration correspond to the instance. Protocol VLAN (1~4093) Range: 1~4093 Description: The VLAN ID must be one of those that correspond to the STG instance. Function: DRP packets with the VLAN ID serve as the basis for the diagnosis and maintenance of the DRP-VLAN-Based ring.

  • Page 170: Typical Configuration Example

    Device Advanced Configuration View the roles and port status of a DRP ring, as shown in the following figure. Figure170 DRP-VLAN-Based Entry Query 6.8.6 Typical Configuration Example As shown in Figure153, A, B, C, and D form Ring 1; E, F, G, and H form Ring 2; CE and DF are the backup links of Ring 1 and Ring 2.
  • Page 171 Device Advanced Configuration cannot forward the packets of VLAN 1. As a result, the VLAN 1 port of switch A cannot communicate with that of switch C. Figure 171 RSTP Disadvantage To solve this problem, the Multiple Spanning Tree Protocol (MSTP) came into being. It achieves both rapid convergence and separate forwarding paths for the traffic of different VLANs, providing a better load sharing mechanism for redundant links.

  • Page 172: Basic Concepts

    Device Advanced Configuration Figure 172 MSTP Topology 6.9.2 Basic Concepts Learn MSTP concepts based on Figure 173 to Figure 176.
  • Page 173 Device Advanced Configuration Figure 173 MSTP Concepts Figure 174 VLAN 1 Mapping to Instance 1 Figure 175 VLAN2 Mapping to Instance 2...
  • Page 174 Device Advanced Configuration Figure 176 Other VLAN Mapping to Instance 0 Instance: a collection of multiple VLANs. One VLAN (as shown in Figure 174 and Figure 175) or multiple VLANs with the same topology (as shown in Figure 176) can be mapped to one instance;...
  • Page 175 Device Advanced Configuration instance 0 of each region, as shown in Figure 176. Common Spanning Tree (CST): indicates the spanning tree connecting all MST regions in a switching network. If each MST region is a device node, the CST is the spanning tree calculated based on STP/RSTP by these device nodes.

  • Page 176: Mstp Implementation

    Device Advanced Configuration or discarding state. Master port: indicates the port that connects an MST region to the common root. The port is in the shortest path to the common root. From the CST, the master port is the root port of a region (as a node).

  • Page 177: Web Configuration

    Device Advanced Configuration independently. The calculation process is similar to that in STP. In an MST region, VLAN packets are forwarded along corresponding MSTIs. Between MST regions, VLAN packets are forwarded along the CST. 6.9.4 Web Configuration 1. Enable MSTP protocol. Click [Device Advanced Configuration] →...
  • Page 178 Device Advanced Configuration Figure 178 Forcing Port to Work in MSTP Mode Port Options: all switch ports Function: When MSTP-enabled port is connected to STP-enable device, this port will be automatically changed to work in STP mode. If the STP-enable device is removed, this port won't automatically go back to work in MSTP mode.
  • Page 179 Device Advanced Configuration Figure 180 Configuring MST Region Parameters MSTP Region Name config Range: 1-32 characters Default: device MAC address Function: Configure the name of MST region. MSTP Revision level config Options: 0~65535 Default: 0 Function: Configure the revision parameter of MSTP region. Description: Revision parameter, MST region name, and VLAN mapping table codetermines the MST region that the device belongs to.
  • Page 180 Device Advanced Configuration Default: {0, 1~4094} Function: Configure the VLAN mapping table in MST region. Description: By default, all VLANs map to instance 0. One VLAN maps to only one spanning tree instance. If a VLAN with an existing mapping is mapped to another instance, the previous mapping is cancelled.
  • Page 181 Device Advanced Configuration MSTP-enabled device can be configured with different priorities in different spanning tree instance. 7. Configure port priority and path cost in the designated instance, as shown in Figure 183. Figure 183 Setting Port Priority and Path Cost in Designated Instance MSTP Instance ID Options: all created instances Port...
  • Page 182 Device Advanced Configuration 100Mbps 200000 200000~2000000 1Gbps 20000 20000~200000 Table 10 Default Path Cost of Aggregation Port Number of Aggregation Ports Recommended Range Port Type (in Allowed Aggregation Range) 10Mbps 2000000/N 100Mbps 200000/N 1Gbps 20000/N Function: Configure the path cost of the port in the designated instance. Description: Port path cost is used to calculate the optimum path.
  • Page 183 Device Advanced Configuration Learning – Forwarding). MSTP Hello Time Range: 1~10s Default: 2s Function: Configure the time interval for sending BPDUs. MSTP Max Age Time Range: 6~40s Default: 20s Function: Set the maximum age of BPDU packets. Caution:  The values of Forward Delay Time, Hello Time and Max Age Time should meet the following requirements: 2 * (Forward Delay Time–1.0 seconds) >= Max Age Time;...
  • Page 184 Device Advanced Configuration 9. Configure rapid state transition feature of MSTP. Click [Device Advanced Configuration] → [MSTP configuration] → [MSTP Fast Transfer Config] to enter the configuration page, as shown in Figure 185. Figure 185 Configuring Rapid State Transition MSTP Port Link Type Options: AUTO/Force True/Force False Default: AUTO Function: Set the link type of the port.

  • Page 185: Typical Configuration Example

    Device Advanced Configuration 10. View MSTP configuration. Click [Device Advanced Configuration] → [MSTP configuration] → [MSTP Information] to show the MSTP configuration, as shown in Figure 186. Figure 186 MSTP Configuration 6.9.5 Typical Configuration Example As shown in Figure 187, Switch A, B, C, and D belong to the same MST region. The VLANs marked in red indicate the VLAN packets can be transmitted through the links.
  • Page 186 Device Advanced Configuration Figure 187 MSTP Typical Configuration Example Configuration on Switch A: 1. Create VLAN 10, 20, and 30 on Switch A; set the ports to Trunk ports and allow the packets of corresponding VLANs to pass through. 2. Enable global MSTP protocol, as shown in Figure 177. 3.
  • Page 187 Device Advanced Configuration respectively, as shown in Figure 181. 10. Set switch bridge priority in instance 3 and instance 0 to 4096, and keep default priority in other instances, as shown in Figure 182. Configuration on Switch C: 11. Create VLAN 10, 20 and 40 on Switch C; set the ports to Trunk ports and allow the packets of corresponding VLANs to pass through.

  • Page 188: Alarm

    Device Advanced Configuration Figure 188 Spanning Tree Instance of each VLAN 6.10 Alarm 6.10.1 Introduction This series switches support the following types of alarms:  Port alarm: If this function is enabled, an alarm is triggered when the port is in link down state.

  • Page 189: Web Configuration

    Device Advanced Configuration with the default setting of 95℃. General high-temperature alarm is triggered when the switch temperature (T-cur) is higher than the T-high threshold and lower than the T-Max threshold (T-high <T-cur<T-max). Dangerous high-temperature alarm is triggered when the switch temperature is equal to or higher than the T-Max threshold (T-cur>=T-max).
  • Page 190 Device Advanced Configuration Figure 189 Port Alarm Configuration Port Options: all switch ports Alarm Administrative State Options: Disable/Enable Default: Disable Function: Enable/Disable port alarm.  Click [Device Advanced Configuration] → [Alarm] → [Alarm Show] to display port alarm, as shown in Figure 190. Figure 190 Port Alarm Alarm Administrative State Options: LinkDown/LinkUp...
  • Page 191 Device Advanced Configuration Description: LinkUp means the port is in connection state and supports normal communication. LinkDown means the port is disconnected or in abnormal connection (communication failure). 2. Configure and display DT-Ring alarm.  Click [Device Advanced Configuration] → [Alarm] → [Alarm Configuration] to enter DT-Ring alarm configuration page, as shown in Figure 191.
  • Page 192 Device Advanced Configuration Options: Alarm/No alarm Function: View the status of rings on which the DT-Ring alarm function is enabled. Description: No alarm means DT-Ring is closed. Alarm means DT-Ring is open or in abnormal state. 3. Configure and display DRP alarm. ...
  • Page 193 Device Advanced Configuration 4. Configure and display power and temperature alarm.  Click [Device Advanced Configuration] → [Alarm] → [Alarm Configuration] to enter power and temperature alarm configuration page, as shown in Figure 195. Figure 195 Power and Temperature Alarm Configuration Alarm type Options: Power Alarm/High-Temperature Alarm/Low-Temperature Alarm Function: Select the alarm type.

  • Page 194: Port Traffic Alarming

    Device Advanced Configuration Power Alarm administrative state Options: Normal/Abnormal Function: View power alarm status. Description: Abnormal: For redundant power products, one of the power modules fails or works abnormally and an alarm is triggered. Normal: For single power products, the power module supplies power normally; for redundant power product, two power modules both supply power normally.

  • Page 195: Web Configuration

    Device Advanced Configuration to different alarms.  If a CRC error occurs, an alarm is generated. 6.11.2 Web Configuration 1. Configure port traffic alarming. Click [Device Advanced Configuration] → [Alarm] → [Alarm about PortRate/CRC] to enter the port traffic alarming configuration page, as shown in Figure 197. Figure 197 Configuring Port Traffic Alarming Alarm Type Options: input rate alarm/output rate alarm/CRC...

  • Page 196: Log Configuration

    Device Advanced Configuration Figure 198 Port Traffic Alarm Information 6.12 Log Configuration 6.12.1 Introduction The log function mainly records system status, fault, debugging, anomaly, and other information. With appropriate configuration, the switch can upload logs into a Syslog-supported server in real time. Logs fall into 4 levels based on their importance and the importance from Critical, Warning, Information, to Debugging in descending order.
  • Page 197 Device Advanced Configuration Click [Device Advanced Configuration] → [Log Configuration] → [Log Configuration] to enter the log configuration page, as shown in Figure 199. Figure 199 Log Configuration IP Address of remote logging server Configure the IP address of the server that log information is uploaded to. Facility Options: Local0-Local7 Default: Local0...
  • Page 198 Device Advanced Configuration Figure 200 Uploading Log Information in Real Time 2. View log configuration Click [Device Advanced Configuration] → [Log Configuration] → [Show Log] to view log, as shown in Figure 201. Figure 201 Log Settings Level Options: Warning/Critical Default: Warning Function: Select the lowest level of log information to be displayed.
  • Page 199 Device Advanced Configuration Figure 202 Log Information Caution: Only the Critical and Warning log information are saved in Buffer without Information and Debugging log information. 3. Log uploading Click [Device Advanced Configuration] → [Log Configuration] → [Log Transmit] to enter the log uploading page, as shown in Figure 203.

  • Page 200: Route Configuration

    Device Advanced Configuration User Name Function: Configure FTP user name. Password Function: Configure FTP user password. File Name Range: 1~32 characters Function: set the file name saved in server. Caution: FTP server must remain in online state when logs are uploading. 4.

  • Page 201: Static Route Configuration

    Device Advanced Configuration 6.13.1 Static Route Configuration 6.13.1.1 Introduction Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly. Static routes are easy to configure and stable. They can be used to achieve load balancing and route backup, preventing illegitimate route changes.
  • Page 202 Device Advanced Configuration 6.13.1.3 Default Route To prevent too many entries in a routing table, you can configure a default route. The default route is a static route. If a data packet fails to find a match in the routing table, it is forwarded according to the default route.
  • Page 203 Device Advanced Configuration Priority Range: 1~255 Default: 1 Function: Set the priority of the current route. The route with the smallest value for priority is selected as the best route for packet forwarding. To delete a route entry, you need to set all the parameters to be consistent with those of the route;...
  • Page 204 Device Advanced Configuration Figure 207 Example for Configuring Static Routes Configuration on Switch A: 1. Set IP addresses for VLAN interfaces. 2. Configure a static route with the following parameters: Destination IP address: 1.1.3.0; destination network mask: 255.255.255.0; default gateway: 1.1.2.2;...

  • Page 205: Rip Configuration

    Device Advanced Configuration Destination IP address: 0.0.0.0; destination network mask: 0.0.0.0; default gateway: 1.1.4.2; priority: 1, as shown in Figure 205. 7. Configure the default gateways for host A, host B, and host C as 1.1.1.3, 1.1.3.2, and 1.1.5.2 respectively. 6.13.2 RIP Configuration 6.13.2.1 Introduction Note:...
  • Page 206 Device Advanced Configuration domains. By default, layer-3 switch transmits RIP-2 message in multicast mode, receives RIP-1 and RIP-2 message. RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0. The hop count from a router to a directly connected router is 1.
  • Page 207 Device Advanced Configuration 2. After receiving such information, the router updates its local routing table, and sends triggered update messages to its neighbors. All routers on the network do the same to keep the lastest routing information. 3. By default, the local routing table will be sent to neighboring routers at 30-second intervals. After receiving the packet carrying this routing table, the neighboring routers running RIP will maintain their own local routes, select an optimal route, and send an update message to their respective neighbors so that the updated route will be globally effective.
  • Page 208 Device Advanced Configuration Default: Disable RIP Function: Enable/Disable RIP. 2. Enable RIP on interface [Route configuration]→[RIP → Click [Device Advanced Configuration] configuration]→[Enable RIP]→[Enable port to receive/transmit RIP packet] to enable RIP on interface, as shown in Figure 209. Figure 209 Enable RIP on Interface Enable port to receive/transmit RIP packet Options: set/cancel Default: set...
  • Page 209 Device Advanced Configuration Range: 1~16 Function: Redistribute the metric value of the imported route. This parameter is optional. If the parameter is not configured, it will be redistributed according to default metric value. Operation type Options: Add/Del Function: Add/Cancel importing other routing protocol to RIP. By default, no other routing protocol is imported to RIP.
  • Page 210 Device Advanced Configuration changed. 5. Configure RIP port Click [Device Advanced Configuration] →[Route configuration]→[RIP configuration]→[RIP parameter configuration]→[RIP port configuration] to enter RIP port configuration page, as shown in Figure 212. Figure 212 RIP Port Configuration Receiving RIP version Options: version 1/version 2/version 1 and 2 Default: version 1 and 2 Function: Set the version of RIP message received by interface.
  • Page 211 Device Advanced Configuration Options: Yes/No Default: Yes Function: Allow interface to receive RIP message or not. Send packet Options: Yes/No Default: Yes Function: Allow interface to transmit RIP message or not. Split-horizon status Options: permit/forbid Default: permit Function: Permit/Forbid horizontal split. Horizontal split is to avoid routing loops, means avoid routes learned from an interface are transmitted from this interface again.
  • Page 212 Device Advanced Configuration Figure 213 RIP Mode Configuration Set receiving/sending RIP version for all ports Options: version 1/version 2/cancel Default: Transmitting RIP-2 message, receiving RIP 1 and RIP 2 message. Function: Configure the version of RIP message transmitted and received by all routing interfaces.
  • Page 213 Device Advanced Configuration best routing. Set default route cost for imported route Range: 1~16 Default: 1 Function: Configure default metric value of the imported route. Rip checkzero Options: set checkzero/cancel checkzero Default: set checkzero Function: Check RIP-1 message zero field or not. Some fields in the RIP-1 message must be zero.
  • Page 214 Device Advanced Configuration Figure 214 RIP Timers Configuration Update timer Range: 1~2147483647 Default: 30 Function: Configure the interval between routing updates. Invalid timer Range: 1~2147483647 Default: 180 Function: Configure the time range of declaring RIP routing invalid. If an L3 switch does not receive route update information from a neighbor within the specified time interval (invalid timer value), all routes from this neighbor will be considered an invalid route and the route enters the suppression state.

  • Page 215: Ospf Configuration

    Device Advanced Configuration Figure 215 RIP Configuration Example Configuration on Switch A: 1. Set IP address for VLAN 2 interface. 2. Enable RIP protocol, as shown in Figure 208. 3. Enable VLAN 2 interface to transmit/ receive RIP message, as shown in Figure 209. Configuration on Switch B: 1.
  • Page 216 Device Advanced Configuration Note: Routers in this chapter refer to Layer-3 switches. 6.13.3.2 Basic Concepts 1. AS An Autonomous System (AS) comprises a group of routers that run the same routing protocol. 2. Router ID Router ID (RID): An OSPF-enabled router must have its own router ID, which is the unique identifier of the router in the AS.
  • Page 217 Device Advanced Configuration parameters of the two routers match, they become neighbors. Adjacency: Two OSPF neighbors establish an adjacency relationship to synchronize their LSDBs. Therefore, any two neighbors without exchanging route information do not establish an adjacency. 5. LSA types LSAs can be exchanged only between adjacent routers.
  • Page 218 Device Advanced Configuration Type 4 and Type 5 LSAs are not allowed to enter stub areas. To ensure that the routes to the other areas in the AS or to other ASs are still reachable, the ABR generates a default route and advertises it to other routers in the area.
  • Page 219 Device Advanced Configuration Figure 217 OSPF Router Types Internal router: All interfaces on an internal router belong to one OSPF area. For example, R1 and R4 in Figure 217. ABR: An ABR connects one or multiple areas to the backbone area. On an ABR, at least one interface must belong to the backbone area.
  • Page 220 Device Advanced Configuration Figure 218 Virtual Link A virtual link is a logical connection established between two ABRs through a non-backbone area and is configured on both ABRs to take effect. The non-backbone area is called a transit area. For example, the red dotted line in Figure 218 is a virtual link and Area 1 is the transit area for the virtual link.
  • Page 221 Device Advanced Configuration Figure 219 DR and DBR As shown in Figure 219, the first figure shows Ethernet physical connections, and the second figure show the established adjacent relationship. After DR/BDR is adopted, five routers require only seven adjacent relationships. The rules for DR/BDR election are as follows: ...
  • Page 222 Device Advanced Configuration 6.13.3.5 Web Configuration 1. Enable OSPF. Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [OSPF process configuration] → [OSPF Enable/Disable] to enter the OSPF enable page, as shown in Figure 220. Figure 220 Enabling OSPF OSPF Status Options: Enable/Disable Default: Disable...
  • Page 223 Device Advanced Configuration Caution: The change of an RID takes effect only after OSPF is re-enabled. 3. Set an OSPF network range. Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [OSPF process configuration] → [OSPF network range configuration] to enter the OSPF network range configuration page, as shown in Figure 222.
  • Page 224 Device Advanced Configuration Function: Configure whether to advertise the digest information of the routes in the network range. 4. Set the area for the VLAN interface. Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [OSPF process configuration] → [OSPF area configuration for port (must)] to enter the VLAN interface area configuration page, as shown in Figure 223.
  • Page 225 Device Advanced Configuration Authentication mode Options: SIMPLE/MD5 Function: Configure the authentication mode for OSPF packet receiving on a specified interface. Description: SIMPLE indicates plain-text authentication. MD5 indicates encrypted authentication. SIMPLE Authentication key Range: 1~8 characters Function: Set the key for SIMPLE authentication. Description: The setting of this parameter takes effect only if SIMPLE is selected as the authentication mode.
  • Page 226 Device Advanced Configuration Figure 225 Configuring the OSPF Rx/Tx Mode for the VLAN Interface VLAN Port Options: VLAN interfaces on which OSPF is to be enabled. Function: Configure the specified VLAN interface to only receive (but not send) OSPF packets. Description: By default, all OSPF-enabled interfaces can send and receive OSPF packets.
  • Page 227 Device Advanced Configuration Function: Configure the interval for sending hello packets on the specified interface. Description: The switch periodically sends hello packets to adjacent devices to discover and maintain adjacent relationships and elect the DR and BDR. Neighbour router invalid interval Range: 1~2147483647 s Default: 40s Function: Configure the interval for the expiration of routes to adjacent switches.
  • Page 228 Device Advanced Configuration [Imported route parameter configuration] → [Imported route parameter configuration] to enter the OSPF routes importing configuration page, as shown in Figure 227. Figure 227 Setting Parameters for Router Importing Imported route parameter configuration Options: 1/2 Default: 2 Function: Set the default type of imported routes.
  • Page 229 Device Advanced Configuration Default: 1s Function: Set the interval for importing external routes. OSPF periodically imports external route information and flood the information in the entire AS. Maximum imported route Range: 1~65535 Default: 100 Function: Set the maximum number of routes that can be imported by OSPF at one time. 9.
  • Page 230 Device Advanced Configuration Range: 0~4294967295 Function: Configure the tag of imported routes. Metric Value Range: 1~16777214 Function: Configure the metric value of imported routes. 10. Setting Priorities for Routing Protocols Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [Other parameter configuration] →...
  • Page 231 Device Advanced Configuration If the same route is discovered by multiple routing protocols, the protocol with the highest priority (smallest number) is valid. 11. Configuring a stub area. Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [Other parameter configuration] → [OSPF STUB area and default route cost] to enter the stub area configuration page, as shown in Figure 230.
  • Page 232 Device Advanced Configuration Figure 231 Configuring OSPF Virtual Links Route ID Format: A.B.C.D Function: Set the RID for the peer end of the virtual link. Transit Area ID Range: 1~4294967295 Function: Specify the transit area for the virtual link. Hello packet interval Range: 1~65535s Default: 10s Function: Configure the interval for sending hello packets on the specified interface.
  • Page 233 Device Advanced Configuration Default: 1s Function: Configure LSA sending delay on the specified interface. Sending link-state packet retransmit interval Range: 1~65535s Default: 5s Function: Set the interval for retransmitting LSAs to adjacent switches on a specified interface. Description: After sending an LSA to an adjacent device, the switch keeps the LSA until it receives the confirmation from the adjacent device.
  • Page 234 Device Advanced Configuration 14. View OSPF information. Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [OSPF debug] → [show ip ospf] to enter the OSPF information page, as shown in Figure 233. Figure 233 OSPF Information 15. View OSPF external route information. Click [Device Advanced Configuration] →...
  • Page 235 Device Advanced Configuration Figure 235 OSPF Statistics 17. View OSPF database information Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [OSPF debug] → [show ip ospf database] to enter the OSPF database information page, as shown in Figure 236. Figure 236 OSPF Database Information 18.
  • Page 236 Device Advanced Configuration Click [Device Advanced Configuration] → [Route configuration] → [OSPF configuration] → [OSPF debug] → [show ip ospf neighbor] to enter the OSPF neighbor information page, as shown in Figure 237. Figure 237 OSPF Neighbor Information 19. View OSPF routing information. Click [Device Advanced Configuration] →...
  • Page 237 Device Advanced Configuration Figure 239 Routing Table 6.13.3.6 Typical Configuration Example It is required to enable OSPF on all the switches and divide the entire AS into three areas. Area 2 is not directly connected to Area 0. A virtual link is required between R2 and R3. As the transit area, Area 1 connects Area 2 to Area 0.
  • Page 238 Device Advanced Configuration 1. Set the IP address of interface VLAN1 to 192.168.1.2 and subnet mask to 255.255.255.0, and those of interface VLAN2 to 192.168.2.1 and 255.255.255.0. 2. Set the RID to 192.168.1.2, as shown in Figure 221. 3. Enable OSPF, as shown in Figure 220. 4.

  • Page 239: Dhcp Configuration

    Device Advanced Configuration to 255.255.255.0, Area ID to 2, and Advertise to Yes, as shown in Figure 222. 5. Add interface VLAN4 to Area 2, as shown in Figure 223. Configuration on R5: 1. Set the IP address of interface VLAN2 to 192.168.2.2 and subnet mask to 255.255.255.0, and those of interface VLAN3 to 192.168.3.1 and 255.255.255.0.

  • Page 240: Dhcp Server Configuration

    Device Advanced Configuration Figure 241 DHCP Typical Application Caution: In the process of dynamic obtainment of IP addresses, the messages are transmitted in the way of broadcast, so it is required that the DHCP client and the DHCP server are in a same segment.
  • Page 241 Device Advanced Configuration parameters to the client as required. In the following conditions, the DHCP server generally is used to allocate IP addresses.  Large network scale. The workload of manual configuration is heavy and it is hard to manage the entire network. ...
  • Page 242 Device Advanced Configuration not. 2. Statically allocate IP Address Click [Device Advanced Configuration] → [DHCP configuration] → [DHCP server configuration] → [Address pool configuration] to create DHCP address pool, as shown in Figure 243. Figure 243 Create Address Pool DHCP pool name Range: 1~32 characters Function: configure the name of the IP address pool.
  • Page 243 Device Advanced Configuration address pool that contains only one specific IP address. Therefore, a DHCP address pool must be created before the statically allocated IP address.  Only one type of IP address allocation mechanism can be configured for each DHCP address pool.
  • Page 244 Device Advanced Configuration Client network mask The subnet mask is a number with a length of 32 bits and consists of a string of 1 and a string of 0. "1" corresponds to network number fields and subnet number fields, while "0" corresponds to host number fields.
  • Page 245 Device Advanced Configuration Address range of allocating {IP, MASK} Fuction: Configure the range of the IP address pool, and the address range is determined by the subnet mask. The subnet mask is a number with a length of 32 bits and consists of a string of 1 and a string of 0.
  • Page 246 Device Advanced Configuration address pool have the same lease time. 4. Configure DHCP client’s gateway Click [Device Advanced Configuration] → [DHCP configuration] → [DHCP server configuration] → [Client’s default gateway configuration] to enter DHCP client’s gateway configuration page, as shown in Figure 246. Figure 246 DHCP Client’s Gateway Configuration DHCP pool name Function: select a created pool name.
  • Page 247 Device Advanced Configuration Figure 247 DHCP Client DNS Server Configuration DHCP pool name Function: select a created pool name. DNS server 1~DNS server 8 Function: Configure the client DNS server address allocated by DHCP server. Explanation: When visiting the network host via a domain name, the domain name needs to be resolved to an IP address, which is realized by DNS (Domain Name System).
  • Page 248 Device Advanced Configuration Figure 248 DHCP Client WINS Server Configuration DHCP pool name Function: select a created pool name. WINS server 1~WINS server 8 Function: Configure the client WINS server address allocated by the DHCP server. Explanation: For the client running a Microsoft Windows operating system (OS), the Windows Internet Naming Service (WINS) server provides the service of resolving a host name into an IP address for the host that uses the NetBIOS protocol for communication.
  • Page 249 Device Advanced Configuration Figure 249 DHCP Client TFTP Server Address and Bootfile Name Configuration DHCP pool name Function: select a created pool name. DHCP client bootfile name Range: 1~128 characters Function: Configure the client startup file name allocated by the DHCP server. During startup of a diskless device, the startup file must be downloaded from the server and then imported.
  • Page 250 Device Advanced Configuration Figure 250 DHCP Network Parameter Configuration DHCP pool name Function: select a created pool name. Code Range: 0~254 Function: Configure the DHCP option. The DHCP retains the message format of BootP for compatibility with BootP. The newly added function of BootP is implemented through the Option field.
  • Page 251 Device Advanced Configuration Network parameter value Function: Configure a corresponding network parameter value based on the network parameter value type. Operation type Option: Set/cancel network parameter. Function: Set/cancel the network parameter value of the current option. 9. Query DHCP address pool configuration Click [Device Advanced Configuration] →...
  • Page 252 Device Advanced Configuration Figure 252 Configure the Range of IP Addresses are not Allocated Dynamically Starting address/Ending address Function: Configure the range of IP addresses are not allocated dynamically in the DHCP address pool. When allocating IP addresses, the DHCP server must eliminate the occupied IP address (for example, IP addresses of the gateway and DNS server).
  • Page 253 Device Advanced Configuration Figure 253 View DHCP Packet Statistics You can click <Show> button to update DHCP data packet statistics in real time, and you can click <Clear> button to clear the received/transmitted DHCP data packet statistics. 12. Delete DHCP server statistics log Click [Device Advanced Configuration] →...
  • Page 254 Device Advanced Configuration Click [Device Advanced Configuration] → [DHCP configuration] → [DHCP debugging] → [Show IP-MAC binding] to show IP-MAC binding information, as shown in Figure 255. Figure 255 Show IP-MAC Binding Information 6.14.1.4 Typical Configuration Example As Figure 256 shows, switch A works as a DHCP server and switch B works as a DHCP client.
  • Page 255 Device Advanced Configuration 2. The switch B obtains the IP address of 192.168.0.6 and the subnet mask of 255.255.255.0 from the DHCP server, as shown in Figure 257. Figure 257 DHCP Client Obtain IP Address-1 Dynamically allocate IP address  Switch A configuration: 1.
  • Page 256 Device Advanced Configuration Figure 258 DHCP Client Obtain IP Address-2 6.15 QoS Configuration 6.15.1 Introduction Quality of Service (QoS) enables differentiated services based on different requirements under limited bandwidths by means of traffic control and resource allocation on IP networks. QoS tries to satisfy the transmission of different services to reduce network congestion and minimize congestion's impact on the services of high priority.
  • Page 257 Device Advanced Configuration 6.15.3 QoS Remark QoS Remark quotes the ACL rule for stream identification and specifies priority (DSCP or COS value) for the matched package again. 6.15.4 Principle Each port of this series switches supports 8 cache queues, from 0 to 7 in priority ascending order.

  • Page 258: Web Configuration

    Device Advanced Configuration 6.15.5 Web Configuration 1. Enable QoS function. Click [Device Advanced Configuration] → [QoS configuration] → [Enable QoS] → [Enable/Disable QoS] to enable QoS, as shown in Figure 259. Figure 259 Enable QoS QoS Status Options: Open/close Default: Close Function: Enable/Disable the global QoS function.
  • Page 259 Device Advanced Configuration Click [Device Advanced Configuration] → [QoS configuration] → [Class-map configuration] → [Class-map configuration] to enter class-map configuration page, as shown in Figure 261. Figure 261 Match action of the class-map configuration Class-map name Options: All created class-maps Match action Default: access-group 1st Function: Configure match action of the class-map.
  • Page 260 Device Advanced Configuration Policy-map name Range: 1~16 characters Function: Configure policy-map name. Operation type Options: Create policy table/ Remove policy table Function: Create/Remove policy table 5. Configuration policy-map bandwidth Click [Device Advanced Configuration] → [QoS configuration] → [Policy-map configuration] → [Policy-map bandwidth configuration] to enter policy-map bandwidth configuration page, as shown in Figure 263.
  • Page 261 Device Advanced Configuration Exceed action Options: Drop Function: Execute the packet dropping policy for the part exceeding the rate limit value in the packet meeting match action in the class-map. Operation type Options: Set/Del Function: Set/Delete policy-map bandwidth configuration 6. Configure priority remarking of the policy-map Click [Device Advanced Configuration] →...
  • Page 262 Device Advanced Configuration Description: Execute the re-marking policy for the priority value in the packet meeting match action in the class-map. Operation type Options: Set/Del Function: Set/Delete priority remarking of the policy-map. 7. Apply policy-map to port Click [Device Advanced Configuration] → [QoS configuration] → [Apply QoS to the port] → [Apply policy-map to port] to apply policy-map to port, as shown in Figure 265.
  • Page 263 Device Advanced Configuration 8. Configure port trust mode. Click [Device Advanced Configuration] → [QoS Configuration] → [Apply QoS to port] → [Port trust mode configuration] to enter port trust mode configuration page, as shown in Figure 266. Figure 266 Port Trust Mode Configuration Port Options: all switch ports Port trust status...
  • Page 264 Device Advanced Configuration packet's CoS value to the one in the mapping between DSCP and CoS during packet forwarding, but dscp pass through cos does not change the packet's CoS value during packet forwarding. Port priority Options: 0~7 Default: 0 Function: Assign a priority to the physical port.
  • Page 265 Device Advanced Configuration configuration] → [Port Egress-queue work mode configuration] to enter priority-queue scheduling mode configuration page, as shown in Figure 268. Figure 268 Egress-queue Mode Configuration Egress-queue Work Mode Options: PQ/WRR Default: PQ Function: Configure the egress-queue mode of the selected port. 11.
  • Page 266 Device Advanced Configuration Function: Configure a group of weight values. Explanation: The switch supports a maximum of 6 groups of weight values. {Weight for queue0, Weight for queue1, Weight for queue2, Weight for queue3, Weight for queue4, Weight for queue5, Weight for queue6, Weight for queue7} Options: {0~15, 0~15, 0~15, 0~15, 0~15, 0~15, 0~15} Default: {1, 2, 3, 4, 5, 6, 7, 8} Function: Configure weight values.
  • Page 267 Device Advanced Configuration Click [Device Advanced Configuration] → [QoS Configuration] → [Egress-queue configuration] → [Mapping CoS values to egress queue] to enter CoS and queue mapping configuration page, as shown in Figure 271. Figure 271 Configuring Mapping between CoS Value and Queue {Queue-ID, COS value} Options: {0~7, 0~7} Default: CoS value 0 is mapped to queue 0;...
  • Page 268 Device Advanced Configuration Figure 272 Configuring Mapping between DSCP Value and Queue Operation type Options: Set/Del Default: Set Function: Configure the mapping between DSCP and Queue. Description: Set is to establish the new mapping between DSCP value and queue. Del is to restore the default mapping between DSCP value and queue.
  • Page 269 Device Advanced Configuration 15. Configure mapping between CoS value and DSCP value. Click [Device Advanced Configuration] → [QoS Configuration] → [QoS mapping configuration] → [CoS-to-DSCP mapping] to enter CoS to DSCP mapping configuration page, as shown in Figure 273. Figure 273 Configuring Mapping between CoS and DSCP Operation type Configuration type: Set/Del Default: Set...
  • Page 270 Device Advanced Configuration page, as shown in Figure 274. Figure 274 Configuring Mapping between DSCP and CoS Operation type Configuration type: Set/Del Default: Set Function: Configure mapping between DSCP and CoS. Description: Set is to establish the new mapping between DSCP and CoS. Del is to restore the default mapping between DSCP and CoS.
  • Page 271 Device Advanced Configuration Function: Configure the mapping between DSCP and CoS. When the port trust mode is DSCP, the packet CoS value can be changed according to this mapping. Explanation: A maximum of 8 DSCP values can be mapped to one CoS value. 17.
  • Page 272 Device Advanced Configuration Range: 1~16 characters Function: Set a name for DSCP mutation. {Out-DSCP value, In-DSCP value} Options: {0~63, 0~63} Function: Configure the mapping between DSCP and DSCP. To change the packet DSCP value, use this mapping when the egress forwards the packet. Explanation: A maximum of 8 DSCP values can be mapped to one DSCP value.

  • Page 273: Typical Configuration Example

    Device Advanced Configuration 6.15.6 Typical Configuration Example As shown in Figure 277, port 1, 2, 3, and 4 forward packet to port 5. Among them, the DSCP value of port 1 received packet is 6, trust mode is DSCP pass CoS, and the packets entering port 1 are mapped to queue 3;...
  • Page 274 Device Advanced Configuration enter queue 2. According to the mapping between queue and weight, the weight of queue 1 is 2, and that of queue 2 is 3, and that of queue 3 is 4, so the bandwidth proportion allocated to the packets in ingress queue 1 is 2/ (2+3+4), that allocated to the packets in ingress queue 2 is 3/ (2+3+4), and that allocated to the packets in ingress queue 3 is 4/ (2+3+4).
  • Page 275 Device Advanced Configuration Figure 278 IEC61850 Configuration IEC61850 Function Options: Enable/Disable Default: Disable Function: Enable or disable the IEC61850 function. 2. Configure IEC 61850 Figure 279 IEC61850 Configuration Access Point Range: 1~25 characters Default: S1 Function: Configure name of access point corresponding to the IED in CID file. CID File Range: 1~25 characters Default: switch.cid...
  • Page 276 Device Advanced Configuration Report Scan Rate Range: 100~2000ms Default: 100ms Function: Configure interval of scanning device node information. Caution: Access Point and IED name configurations must be consistent with the Access Point and IED name in the specified modeling file. Otherwise, the IEC61850 function cannot be enabled. 6.17 IGMP Snooping 6.17.1 Introduction Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast protocol at...

  • Page 277: Principle

    Device Advanced Configuration 6.17.3 Principle IGMP Snooping manages and maintains multicast group members by exchanging related packets among IGMP-enabled devices. The related packets are as follows: General query packet: The querier periodically sends general query packets (destination IP address: 224.0.0.1) to confirm whether the multicast group has member ports. After receiving the query packet, a non-querier device forwards the packet to all its connected ports.
  • Page 278 Device Advanced Configuration Options: Open/Close Default: Close Function: Enable or disable the global IGMP Snooping protocol. IGMP Snooping and GMRP cannot be enabled at the same time. 2. Configure IGMP Snooping parameters. Click [Device Advanced Configuration] → [Multicast protocol configuration] → [IGMP Snooping configuration] →...
  • Page 279 Device Advanced Configuration Options: All created VLAN IDs Function: Select the VLAN ID to enable IGMP query function. Query State Options: Open/ Close Default: Close Function: Enable or disable the IGMP query function for the selected VLAN. The precondition of this function is to enable global IGMP Snooping function. Description: If there are multiple queriers in network, they will automatically select the one with the smallest IP address to be the querier.
  • Page 280 Device Advanced Configuration Max Response Range: 10~25s Default: 10s Function: Configure the max response time of responding the query packet. After setting is completed, "IGMP Configuration" lists IGMP configuration information, as shown in Figure 283. Figure 283 IGMP Configuration 4. Configure IGMP Snooping static multicast parameters. Click [Device Advanced Configuration] →...
  • Page 281 Device Advanced Configuration Function: Select the member port to be added to or deleted from the multicast group. If a port is connected to a host and the host receives data of a certain multicast group, this port can be configured to join a static multicast group and becomes the static member port. Multicast address Range: 224.0.1.0~239.255.255.255 Function: Input the multicast group address.
  • Page 282 Device Advanced Configuration Figure 286 IGMP Snooping Application Example  Because Switch 3 is elected as the querier, it periodically sends out a general query message.  Port 4 of Switch 2 receives query message. It becomes router port. Meanwhile, Switch 2 forwards query message from port 3.
  • Page 283 Device Advanced Configuration network. With GARP, the configuration information of a GARP member will spread the information to the entire switching network. A GARP member instructs the other GARP members to register or cancel its own configuration information by means of join/leave message respectively. The member also registers or cancels the configuration information of other members based on join/leave messages sent by other members.
  • Page 284 Device Advanced Configuration JoinIn message before the timer expires, the entity does not send the second Join message. Leave Timer: When a GARP application entity wants to cancel the information about an attribute, the entity sends a Leave message. The entity receiving the message starts Leave timer.

  • Page 285: Web Configuration

    Device Advanced Configuration 6.18.4 Web Configuration 1. Enable the global GMRP protocol. Click [Device Advanced Configuration] → [Multicast protocol configuration] → [GMRP configuration] → [GMRP configuration] to enter GMRP configuration page, as shown in Figure 287. Figure 287 GMRP Global Configuration GMRP function Options: Enable/Disable Default: Disable...
  • Page 286 Device Advanced Configuration Figure 288 Port GMRP Configuration Port name Options: all switch ports GMRP Function Options: Enable/Disable Default: Disable Function: Enable GMRP function on port or not GMRP Agent Function Options: Enable/Disable Default: Disable Function: Enable GMRP agent function on port or not Caution:...
  • Page 287 Device Advanced Configuration Range: 100ms~327600ms Default: 3000ms This value must be a multiple of 100. It is better to set same time of Leave timers on all GMRP-enabled ports 3. Add a GMRP agent entry. Click [Device Advanced Configuration] → [Multicast protocol configuration] → [GMRP configuration] →...

  • Page 288: Typical Configuration Example

    Device Advanced Configuration configuration] → [Show GMRP agent configuration] to show GMRP agent entries, as shown in Figure 290. Figure 290 GMRP Agent Entry 5. The multicast members of this agent entry on the connected neighbor device are displayed, as shown in Figure 291. It should meet following conditions: ...
  • Page 289 Device Advanced Configuration Figure 292 GMRP Networking Configuration on Switch A: 1. Enable global GMRP function in switch A; set LeaveAll timer to the default value, as shown in Figure 287. 2. Enable GMRP function and agent function in port 1; enable only GMRP function in port 2; set the timers to default values, as shown in Figure 288.
  • Page 290 Device Advanced Configuration MAC: 01-00-00-00-00-01 Access VID= 1 Access VID= 2 VLAN ID: 2 Member port: 2 6.19 Unregistered Multicast Action Configuration 6.19.1 Introduction Unregistered multicast packets refer to the multicast packets without corresponding forwarding entries on the switch. When receiving an unregistered multicast packet, the switch broadcasts the packet within the VLAN (all ports except the inlet port).
  • Page 291 Device Advanced Configuration Figure 294 Multicast Stream Monitor Port Configuration Multicast Stream Monitor Port Options: Disable/Enable Default: Disable Function: Configure multicast stream monitor port. This monitor port forwards the multicast service streams (including the registered multicast service stream and unregistered multicast service stream) received by other ports within the same VLAN.

  • Page 292: Web Configuration

    Device Advanced Configuration 6.20.2 Web Configuration 1. Add a static multicast entry Click [Device Advanced Configuration] → [Multicast protocol configuration] → [Static Multicast Configuration] to enter static multicast configuration page, as shown in Figure 295. Figure 295 Add Static Multicast Address Entry VLAN Options: All existing VLAN IDs Function: set the VLAN ID of the static multicast entry.

  • Page 293: Lldp

    Device Advanced Configuration Figure 296 View Static Multicast Entries 6.21 LLDP 6.21.1 Introduction The Link Layer Discovery Protocol (LLDP) provides a standard link layer discovery mechanism. It encapsulates device information such as the capability, management address, device identifier, and interface identifier in a Link Layer Discovery Protocol Data Unit (LLDPDU), and advertises the LLDPDU to its directly connected neighbors.
  • Page 294 Device Advanced Configuration Figure 298 Enabling TLV Management Address TLV Management Address Options: Enable/Disable Default: Disable Function: Send the interface IP address (that is, the primary IP address of the first VLAN interface where this port resides) to the connected device when this function is disabled. If no IP address is configured for the VLAN interface where this port resides, the interface IP address is 127.0.0.1.
  • Page 295 Device Advanced Configuration interface where port 3/4 resides. Figure 300 LLDP Information-2 When TLV Management Address Is Enabled The preceding figure shows the condition that the primary IP address of the first VLAN interface where port 3/4 resides is 192.168.1.225. When the TLV management address is enabled, the LLDP display information includes the connected local port on the switch and the remote port on the neighbor device, interface IP address, all IP addresses configured, MAC address, and system information of the neighbor...

  • Page 296: Vrrp

    Device Advanced Configuration connected local port on the switch and the remote port on the neighbor device, interface IP address, MAC address, and system information of the neighbor device. Caution: The precondition for displaying LLDP information is that the LLDP-enabled devices are connected to each other.
  • Page 297 Device Advanced Configuration Figure 303 VRRP As shown in Figure 303, Device A, Device B, and Device C form a virtual router with an IP address. Hosts can communicate with external networks through the virtual router only if the IP address of the virtual router is configured as the next hop of the default route on the hosts. A virtual router consists of one master and multiple backup switches.

  • Page 298: Master Election

    Device Advanced Configuration 6.22.2 Master Election VRRP selects the master by election. 1. A router with the highest priority in a VRRP group is elected to be the master. The master periodically sends VRRP advertisements to inform the other routers in the VRRP group that it operates properly.

  • Page 299: Web Configuration

    Device Advanced Configuration aware of the uplink interface failure. If the router is the master, hosts on the LAN are not able to access external networks. This problem can be solved by monitoring a specified uplink interface. If the uplink interface fails, the priority of the master is automatically decreased by a specified value and a higher-priority router in the VRRP group becomes the master.
  • Page 300 Device Advanced Configuration Format: A.B.C.D Function: Set the IP address of the virtual router. Note: The IP address of the virtual router must be on the same network segment with the interface IP address. Set virtual router type Options: Master/Backup Description: Master indicates that the current device is the IP address owner of the virtual router.
  • Page 301 Device Advanced Configuration Default: 100 (for non-IP address owner) Function: Set the priority of the router in the VRRP group. Set preempt mode Options: true/false Default: true Function: Set the working mode of the virtual router. Description: True indicates the preemptive mode, and false indicates the non-preemptive mode.
  • Page 302 Device Advanced Configuration Monitor Interface Function: Select the VLAN interface to be monitored. Priority decrement Range: 1~253 Function: Set the value of the priority decrement. Caution:  The IP address owner of the virtual router cannot be configured as the monitored interface. ...

  • Page 303: Typical Configuration Example

    Device Advanced Configuration Authentication string Range: 1~8 characters Function: Configure the authentication string. 8. Enable a VRRP group. Click [Device Advanced Configuration] → [VRRP Configuration] → [VRRP Initialization] to enter the VRRP initialization page, as shown in Figure 311. Figure 311 Enabling VRRP Function: Enable the VRRP group function.

  • Page 304: Sntp Configuration

    Device Advanced Configuration Figure 312 VRRP Typical Configuration Example Configuration on Switch A: 1. Set the IP address of VLAN 2 to 192.168.2.2, and subnet mask to 255.255.255.0. 2. Create VRRP group 1, as shown in Figure 304. 3. Set the virtual IP address of VRRP group 1 to 192.168.2.4, and router type to Master, as shown in Figure 305.

  • Page 305: Web Configuration

    Device Advanced Configuration The SNTP client sends a request to each server one by one through unicast. The server that first gives a response is in active state. The other servers are in non-active state. Caution:  To synchronize time by SNTP, there must be an active SNTP server. ...
  • Page 306 Device Advanced Configuration Figure 314 SNTP Server Configuration Server address Format: A.B.C.D Function: Configure the IP address of the SNTP server. Clients will synchronize time according to server packets. Version Options: 1~4 Function: Configure the version of SNTP. Caution: There is no limit on the number of SNTP Servers, but to guarantee proper operation, no more than 5 servers are recommended in application.

  • Page 307: Ntp Configuration

    Device Advanced Configuration Figure 316 Synchronization Clock Click <Show Clock>. The Information Display page displays the clock information after the synchronization from SNTP server. 5. View SNTP configuration information. Click [Device Advanced Configuration] → [SNTP configuration] → [SNTP information] to view the SNTP configuration, as shown in Figure 317.

  • Page 308: Ntp Working Modes

    Device Advanced Configuration As shown in Figure 318, the round-trip delay "(T4-T1)-(T3-T2)" and clock offset "((T2-T1) + (T3-T4))/2" can be calculated based on the exchange of NTP packets, thereby achieving high-precision clock synchronization among devices. Figure 318 NTP 6.24.2 NTP Working Modes NTP can adopt the following working modes for time synchronization.

  • Page 309: Web Configuration

    Device Advanced Configuration synchronization packets (broadcast mode). After receiving the packets, the broadcast client sends clock synchronization packets (client mode) to the server. After receiving the request packets, the server sends response packets (server mode). The server and the client accomplish clock synchronization by exchanging eight request and response packets.
  • Page 310 Device Advanced Configuration 2. Configure NTP unicast, as shown in Figure 320. Figure 320 Configuring NTP Unicast NTP State Options: Server Mode/Peer Mode Function: Select the NTP working mode. Description: Server mode indicates that the NTP working mode is client/server mode; peer mode indicates that the NTP working mode is peer mode.
  • Page 311 Device Advanced Configuration Function: Configure the maximum request interval for the NTP packet exchange between the local device and the server. Packet source interface Function: Specify the port for sending NTP packets. Description: When the client/server mode is adopted, the local device sends NTP packets to the server.
  • Page 312 Device Advanced Configuration When the local device works in server or passive peer mode, the specified port of the local device can be used for receiving request packets. In this case, the source IP address in the response packets is the primary IP address of the specified port. Caution:...
  • Page 313 Device Advanced Configuration Figure 323 Configuring a Unicast Client Multicast IP Address Format: A.B.C.D Function: Configure the IP address used in multicast mode. If no specified multicast IP address is available, 224.0.1.1 is adopted by default. Enable Multicast Interface Function: Specify the multicast port. Min-Poll Range: 4 to 16.
  • Page 314 Device Advanced Configuration Function: Configure the maximum TTL for multicast requests sent by the multicast client. 6. Configure the NTP broadcast server. Click [Device Advanced Configuration] → [NTP configuration] → [Broadcast Server Configuration] to enter the broadcast server configuration page, as shown in Figure 324. Figure 324 Configuring a Broadcast Server Enable Broadcast Interface Function: Specify the broadcast port.

  • Page 315: Typical Configuration Example

    Device Advanced Configuration Figure 326 Configuring the Reference Clock Reference Clock IP Address Format: 127.127.t.u Default: 127.127.0.1 Description: "t" in 127.127.0.1 indicates the reference clock type, while "u" indicates the instance ID. Only 127.127.0.1 is supported currently. That is, the system clock serves as the reference clock.
  • Page 316 Device Advanced Configuration Figure 327 Networking in Peer Mode Configuration on Switch D: 1. Enable NTP, as shown in Figure 319. 2. Set the IP address of the reference clock to 127.127.0.1 and clock stratum to 2, as shown in Figure 326. Configuration on Switch A: 3.
  • Page 317 Device Advanced Configuration Figure 328 Networking in Multicast Mode Configuration on Switch D: 1. Enable NTP, as shown in Figure 319. 2. Set the IP address of the reference clock to 127.127.0.1 and clock stratum to 2, as shown in Figure 326. 3.

  • Page 318: Tacacs+ Configuration

    Device Advanced Configuration Figure 329 Networking in Broadcast Mode Configuration on Switch D: 1. Enable NTP, as shown in Figure 319. 2. Set the IP address of the reference clock to 127.127.0.1 and clock stratum to 2, as shown in Figure 326. 3.

  • Page 319: Web Configuration

    Device Advanced Configuration Figure 330 TACACS+ Structure The protocol authenticates, authorizes, and charges terminal users that need to log in to the device for operations. The device serves as the TACACS+ client, and sends the user name and password to the TACACS+ server for authentication. The server receives TCP connection requests from users, responds to authentication requests, and checks the legitimacy of users.
  • Page 320 Device Advanced Configuration 2. Configure the TACACS+ server, as shown in Figure 332. Figure 332 TACACS+ Server Configuration Server Options: Primary/Secondary Default: Primary Function: Select the server type. IP Address Format: A.B.C.D Function: Enter the server IP address. TCP port Range: 1~65535 Default: 49 Function: Set the number of ports that receive NAS authentication requests.

  • Page 321: Typical Configuration Example

    Device Advanced Configuration Figure 333 Server Configuration List 6.25.3 Typical Configuration Example As shown in Figure 334, TACACS+ server can authenticate and authorize users by the switch. The server IP address is 192.168.0.23, and the shared key used when switch and server exchange packets is aaa.

  • Page 322: Radius Configuration

    Device Advanced Configuration 6.26 RADIUS Configuration 6.26.1 Introduction RADIUS (Remote Authentication Dial-In User Service) is a distributed information exchange protocol. It defines UDP-based RADIUS frame format and information transmission mechanism, protecting networks from unauthorized access. RADIUS is usually used in networks that require high security and remote user access.
  • Page 323 Device Advanced Configuration to enter the RADIUS configuration page, as shown in Figure 336. Figure 336 RADIUS Parameter Configuration Request Times Range: 1~3 Default: 3 Function: Set the maximum retransmission attempts for RADIUS request packets. If the device still receives no response packets from the RADIUS server after maximum retransmission attempts, the device consider the authentication fails.

  • Page 324: Typical Configuration Example

    Device Advanced Configuration Server IP Format: A.B.C.D Function: Set the IP address of the RADIUS server. Port Range: 1~65535 Default: 1812 Function: Set UDP port of the RADIUS server. Password Range: 1~32 characters Function: Configure the password of RADIUS server. 6.26.3 Typical Configuration Example As shown in Figure 338, IEEE802.1x is enabled on port 1of the switch.

  • Page 325: Ieee802.1X Configuration

    Device Advanced Configuration Configuration”. 3. Set dot1x to radius authentication, as shown in Figure 346. 4. Set both the user name and password on the RADIUS Server to ccc, encrypt key to aaaa. 5. Install and run 802.1x client software on a PC. Enter ccc for the user name and password. Then the user can pass the authentication and access the switch through port 1.

  • Page 326: Web Configuration

    Device Advanced Configuration 6.27.2 Web Configuration 1. Enable global IEEE802.1x protocol. Click [Device Advanced Configuration] → [IEEE802.1x configuration] → [IEEE802.1x configuration] to enter the IEEE802.1x configuration page, as shown in Figure 339. Figure 339 Enabling Global IEEE802.1x IEEE802.1x State Options: Enable/Disable Default: Disable Function: Enable/Disable global IEEE802.1x security function.
  • Page 327 Device Advanced Configuration Description: Unauthorized-force means the port is always in unauthorized state and does not allow users to conduct authentication and the switch does not provide authentication services to clients that access the switch from this port. Auto means the initial state of port is unauthorized and the port does not allow users to access network resources.
  • Page 328 Device Advanced Configuration Description: MAC_Based indicates that users using the port need to be authenticated respectively. When a user is offline, only the user cannot use the network. Port_Based indicates that users are authenticated based on port. After the first user using the port passes authentication, all the other users using the port do not need to be authenticated.
  • Page 329 Device Advanced Configuration 4. Configure IEEE802.1x group Click [Device Advanced Configuration] → [IEEE802.1x configuration] → [IEEE802.1x Group configuration] to enter IEEE802.1x group configuration page, as shown in Figure 342. Figure 342 IEEE802.1x Group Configuration Group Name Range: 1~16 characters Function: Configure group name. Format: HH-HH-HH-HH-HH-HH (H is a hexadecimal number) Function: Configure the MAC address for the group.

  • Page 330: Typical Configuration Example

    Device Advanced Configuration Figure 343 IEEE802.1x User Configuration User Name Range: 1~16 characters Function: Configure IEEE802.1x user name. Password Range: 1~16 characters Function: Configure IEEE802.1x password. Group Function: Bind the user to a group. Description: If the current user is bound to a user authentication group, only the user whose MAC address and access port number both match the bound group can pass the authentication and access the switch.

  • Page 331: Authentication Login Configuration

    Device Advanced Configuration are both ddd. Keep default values for other parameters. Figure 345 IEEE802.1x Configuration Example  Local authentication configuration 1. Enable global IEEE802.1x protocol, as shown in Figure 339. 2. Set dot1x to local authentication, as shown in Figure 346. 3.

  • Page 332: Link Check

    Device Advanced Configuration Figure 346 Authentication Login Configuration Login Method Options: Telnet/Web/dot1x/SSH Function: Select access mode to switch. Authentication Method/Authentication Method 2/Authentication Method 3 Options: Local/Tacacs+/Radius Default: Local Function: Select the order of authentication. Authentication method 1 is first performed. If the authentication fails, authentication method 2 is conducted.

  • Page 333: Web Configuration

    Device Advanced Configuration handled in time. The port for which link status check is enabled sends link-check packets periodically (every 1s) to check the link status. If the port does not receive a link-check packet from the peer end within the receive timeout period (5s), it indicates that the link is abnormal and the port displays Rx fault state.
  • Page 334 Device Advanced Configuration Link Check Administrative State Options: Disable/Enable Default: Disable Function: Enable/Disable link check on port. Caution: If the peer device does not support the function, the function shall be disabled on the connected port of the local device. 2.

  • Page 335: Ttdp

    Device Advanced Configuration Check is not enabled on a port, Disable is displayed. 6.30 TTDP 6.30.1 Introduction The Ethernet technology has been widely applied on train communication networks and vehicle-mounted terminals. The IEC proposes the Ethernet-based train communication network standard, including Ethernet Train Backbone (ETB) defined in IEC61375-2-5 and Ethernet Consist Network (ECN) defined in IEC61375-3-4.

  • Page 336: Inauguration

    Device Advanced Configuration four lines could be aggregated, letters “A”, “B”, “C”, and “D” are used. In each consist, “local ETBN ID” is configured to identify an ETBN. The ETBN whose local ETBN ID is 1 is defined as the consist ETBN top node, the direction pointing to the consist ETBN top node is the consist reference direction.

  • Page 337: Network Ip Address Map

    0: TCMS 1: Multimedia 2: Not specialized 3: Not specialized The value is 0 for Aquam8512. Virtual bit. If set, defines virtual IP address for ETBN redundancy. If v=0, t=ETBN ID, inauguration result, between [1, 63]. If v=1, t=Subnet ID, inauguration result, between [1, 63].

  • Page 338: Redundancy

    1: Multimedia 2: Not specialized 3: Not specialized The value is 0 for Aquam8512. Reserved bit. The value is 0. Subnet ID, inauguration result, between [1, 63]. Host part number could take any value. For ETBN redundancy, host part number should be set to 1 for the master and virtual router, 2 for backup.

  • Page 339: Bypass

    Two redundant ETBNs should be in the same consist. 6.30.6 Bypass TCMS is very important for train operation, so Aquam8512 provides two pairs of Bypass ports. When the power supply is turned off, the bypass function is enabled, that is, each pair of bypass ports are physically connected directly to prevent the communication of the two networks/ devices connected to each pair of bypass interfaces from being affected.

  • Page 340: R-Nat

    Device Advanced Configuration power supply is turned on properly, the bypass function is disabled. As shown in Figure 351, when the power supply is turned off for ETBN B, the bypass is enabled. EDs connected to ETBN A can communicate correctly with EDs connected to ETBN C. Figure 351 Bypass 6.30.7 R-NAT Within the CN subnet, a part of the terminals do not support DHCP and therefore some...

  • Page 341: Cli Configuration

    Device Advanced Configuration Figure 352 R-NAT 6.30.8 CLI Configuration Table 15 CLI Configuration Command View Type Description ttdp enable Enable TTDP protocol Configuration mode SWITCH(Config)# ttdp disable Disable TTDP protocol Configure TTDP lines and ports ttdp line Configuration mode SWITCH(Config)# Clear TTDP lines and ports ttdp etb vlan Configuration mode SWITCH(Config)#...
  • Page 342 Device Advanced Configuration Configure the attached relationship between ETBNs and CNs in a consist ttdp consist etbn Configuration mode SWITCH(Config)# Clear attached relationship between ETBNs and CNs in a consist ttdp etb redundancy Configure the ETBN role for ETBN Configuration mode SWITCH(Config)# state redundancy ttdp consist uuid...
  • Page 343 Device Advanced Configuration Function Configure TTDP lines and ports Clear TTDP lines and ports Command ttdp line {dir1|dir2} {line-a|line-b|line-c|line-d} interface ethernet port_id ttdp line {dir1|dir2} {line-a|line-b|line-c|line-d} clear Parameters dir1|dir2:Each ETBN has two directions: dir1 and dir2. dir1 is the reference direction and dir2 is the inverse direction.
  • Page 344 Device Advanced Configuration Parameters vlan-id: VLAN ID on EN side. Description VLAN 1 is not recommended for VLAN configuration on EN side. View Type Configuration mode SWITCH(Config)# 5. ttdp consist cn num ttdp consist cn num Function Configure the number of CN in a consist Command ttdp consist cn num number_value Parameters...
  • Page 345 Device Advanced Configuration 8. ttdp consist etbn id ttdp consist etbn id Configure “local ETBN ID” of current ETBN in a consist Function Command ttdp consist etbn id etbn_id Parameters etbn_id: configuration range is 1~32. The parameter is valid only in the local consist. “Local ETBN ID”...
  • Page 346 Device Advanced Configuration Parameters Backup: the ETBN role is backup in ETBN redundancy Master: the ETBN role is master in ETBN redundancy None: no ETBN redundancy View Type Configuration mode SWITCH(Config)# 11. ttdp consist uuid creat ttdp consist uuid creat Function Create the consist UUID Command...
  • Page 347 Device Advanced Configuration 14. show ttdp basic show ttdp basic Function Show the TTDP basic information Command show ttdp basic View Type Privileged mode SWITCH# [Example] Show the TTDP basic information for ETBN. Figure 353 TTDP Basic Information Table 16 TTDP Basic Information Filed Description Filed Description TTDP Enable State...
  • Page 348 Device Advanced Configuration ETBN ID ETBN ID of current ETBN, inauguration result Subnet ID Subnet ID of the subnet connected to current ETBN, inauguration result ETB Vlan Interface VLAN interface on ETB side CN Vlan Interface VLAN interface on CN side ETBN Redundancy ETBN role for ETBN redundancy ETB IP...
  • Page 349 Device Advanced Configuration Command show ttdp consist View Type Privileged mode SWITCH# [Example] Show the TTDP consist information for ETBN. Figure 354 TTDP Consist Information Table 17 TTDP Consist Information Filed Description Filed Description Cst UUID Consist UUID CN Number The number of CN in a consist ETBN Number The number of ETBN in a consist...
  • Page 350 Device Advanced Configuration [Example] Show the TTDP topology information for ETBN. Figure 355 TTDP Topology Information Table 18 TTDP Topology Information Filed Description Filed Description UUID Consist UUID CN ID CN ID of the subnets connected to ETBNs Subnet ID Subnet ID of the subnets connected to ETBNs, inauguration result ETBN ID ETBN ID of ETBNs, inauguration result...

  • Page 351: Typical Configuration Example

    Device Advanced Configuration rx: debug the receiving of TTDP packets. tx: debug the transmitting of TTDP packets. state: debug TTDP status change. table: debug the establishment of TTDP entries. test: debug TTDP test information. timer: debug the TTDP timer. View Type Privileged mode SWITCH# 6.30.9 Typical Configuration Example...
  • Page 352 Device Advanced Configuration 4. TTDP configuration: ttdp line dir1 line-a interface ethernet 1/9 //Configure port of line-a at dir1 side ttdp line dir1 line-b interface ethernet 1/11 //Configure port of line-b at dir1 side ttdp line dir2 line-a interface ethernet 1/10 //Configure port of line-a at dir2 side ttdp line dir2 line-b interface ethernet 1/12 //Configure port of line-b at dir2 side...
  • Page 353 Device Advanced Configuration ttdp line dir1 line-b interface ethernet 1/11 //Configure port of line-b at dir1 side ttdp line dir2 line-a interface ethernet 1/10 //Configure port of line-a at dir2 side ttdp line dir2 line-b interface ethernet 1/12 //Configure port of line-b at dir2 side ttdp etb vlan 2 //Configure the VLAN on ETB side ttdp cn vlan 3...
  • Page 354 Device Advanced Configuration ttdp line dir1 line-b interface ethernet 1/11 //Configure port of line-b at dir1 side ttdp line dir2 line-a interface ethernet 1/10 //Configure port of line-a at dir2 side ttdp line dir2 line-b interface ethernet 1/12 //Configure port of line-b at dir2 side ttdp etb vlan 2 //Configure the VLAN on ETB side ttdp cn vlan 3...

  • Page 355: Appendix: Acronyms

    Appendix: Acronyms Appendix: Acronyms Acronym Full Spelling Area Border Router Autonomous System ASBR Autonomous System Boundary Router Address Resolution Protocol Backup Designated Router BootP Bootstrap Protocol BPDU Bridge Protocol Data Unit Committed Access Rate CIST Common and Internal Spanning Tree Command Line Interface Class of Service Common Spanning Tree...
  • Page 356 Appendix: Acronyms GVRP GARP VLAN Registration Protocol HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol Intelligent Electronic Device IGMP Internet Group Management Protocol IGMP Snooping Internet Group Management Protocol Snooping Internal Spanning Tree LLDP Link Layer Discovery Protocol LLDPDU Link Layer Discovery Protocol Data Unit Link State Advertisement...
  • Page 357 Appendix: Acronyms Routing Information Protocol RMON Remote Network Monitoring RSTP Rapid Spanning Tree Protocol Real Time Clock SNMP Simple Network Management Protocol SNTP Simple Network Time Protocol Secure Shell Secure Sockets Layer Spanning Tree Protocol TACACS+ Terminal Access Controller Access Control System TCMS Train Control and Monitoring System Transmission Control Protocol...

Table of Contents