Page 1 SICOM3009A/3306/3216/KIEN7009 Series Industrial Ethernet Switches Web Operation Manual Kyland Technology Co., LTD. Publication Date: May 2012 Version: V1.1 Customer Service Hotline: (+8610) 88796676 FAX: (+8610) 88796678 Website: http://www.kyland.cn E-mail: support@kyland.biz...
Page 2 Disclaimer: Kyland Technology Co., Ltd. tries to keep the content in this manual as accurate and as up-to-date as possible. This document is not guaranteed to be error-free, and we reserve the right to amend it without notice. Copyright © 2012 KYLAND Technology CO., LTD.
Page 3: Table Of Contents
Contents Preface ......................1 1. Product Introduction ..................6 1.1 Overview ................... 6 1.2 Product Models ................. 6 1.3 Software Features ................7 2. Switch Access ..................... 8 2.1 View Types ..................8 2.2 Console Port Access ................. 9 2.3 Telnet Access .................. 12 2.4 Web Access ..................
Page 4 7. ARP Configuration ..................37 7.1 Introduction ..................37 7.2 Explanation ..................37 7.3 Web Configuration ................38 8. QoS Configuration ..................40 8.1 Introduction ..................40 8.2 Principle ..................40 8.3 Web Configuration ................41 8.4 Typical Configuration Example ............44 9.
Page 5 12.2 RSTP/STP Configuration ..............64 12.2.1 Introduction ................64 12.2.2 Basic Concepts ............... 65 12.2.3 Configuration BPDU ............... 66 12.2.4 Implementation ............... 66 12.2.5 Web Configuration ..............68 12.2.6 Typical Configuration Example ..........71 12.3 RSTP/STP Transparent Transmission ..........73 12.3.1 Introduction ................
Page 6 13.3.3 Principle .................. 93 13.3.4 Web Configuration ..............94 13.3.5 Typical Application Example ........... 95 14. Diagnosis Function .................. 97 14.1 Port Mirroring .................. 97 14.1.1 Introduction ................97 14.1.2 Explanation ................97 14.1.3 Web Configuration ..............98 14.1.4 Typical Configuration Example ..........99 14.2 Link Check ..................
Page 7 16.3 Port Security .................. 126 16.3.1 Introduction ................126 16.3.2 Web Configuration ..............126 16.3.3 Typical Configuration Example ..........128 16.4 AAA Configuration ................. 128 16.4.1 Introduction ................128 16.4.2 Implementation ..............128 16.4.3 Web Configuration ..............129 16.5 TACACS+ Information ..............130 16.5.1 Introduction ................
Page 8 17.3.4 Typical Configuration Example ..........151 18. RMON ....................153 18.1 Introduction ................... 153 18.2 RMON Group ................153 18.3 Web Configuration ................ 155 19. Unicast Configuration ................160 19.1 Introduction ................... 160 19.2 Web Configuration ................ 160 20. Alarm and Log ..................163 20.1 Alarm .....................
Page 9 22.1.1 Introduction ................183 22.1.2 DHCP Address Pool ............. 184 22.1.3 Web Configuration ..............184 22.1.4 Typical Configuration Example ..........190 22.2 DHCP Snooping ................193 22.2.1 Introduction ................193 22.2.2 Web Configuration ..............194 22.2.3 Typical Configuration Example ..........195 22.3 Option 82 Configuration ..............
Page 10: Preface
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Preface This manual mainly introduces the access methods and software features of SICOM3009A/3306/3216/KIEN7009 series industrial Ethernet switches, and introduces the Web configuration methods in detail. Content Structure The manual contains the following contents: Main Content Explanation ...
Page 11 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 10. MAC Aging Time* 11. Port Rate*  12. Redundant DT-Ring Configuration  RSTP/STP Configuration*  RSTP/STP Transparent Transmission*   13. Multicast* GMRP  Static FDB Multicast  IGMP Snooping  14. Diagnosis Port Mirroring* ...
Page 12: Conventions In The Manual
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  DHCP Snooping  Option82 configuration Note: Features with an asterisk (*) are not available on KIEN7009. Conventions in the manual 1. Text format conventions Format Explanation < > The content in < > is a button name. For example, click <Apply> button The content in [ ] is a window name or a menu name.
Page 13 The documents of SICOM3009A/3306/3216/KIEN7009 series industrial Ethernet switches include: Name of Document Content Introduction Introduces hardware structure, hardware SICOM3009A Series Industrial Ethernet specifications, mounting and dismounting Switches Hardware Installation Manual methods of SICOM3009A Introduces hardware structure, hardware SICOM3306 Series Industrial Ethernet...
Page 14 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Manual all functional modules Document Obtainment Product documents can be obtained by:  CD shipped with the device  Kyland website: www.kyland.cn...
Page 15: Product Introduction
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Product Introduction Overview SICOM3009A/3306/3216/KIEN7009 includes a series of green DIN-rail industrial Ethernet switches applied in the wind power, distribution network automation, power, and intelligent transportation industries. The series switches provide Mini USB Console port, and supports IEC62439-6 and VCT. The Reset button allows one-touch recovery.
Page 16: Software Features
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 SICOM3216-2GX/GE-2S/M-14T KIEN7009-8T KIEN7009-2S/M-6T KIEN7009-2S/M-4T KIEN7009-3S/M-6T KIEN7009-1S/M-7T Software Features This series switches provide abundant software features, satisfying customers' various requirements.  Redundancy protocols: RSTP/STP, DT-Ring, and IEC62439-6  Multicast protocols: IGMP Snooping, GMRP, and static multicast ...
Page 17: Switch Access
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Switch Access There are 4 ways to access a switch.  Console port  Telnet  Web browser  Kyvision management software Kyvision network management software is designed by Kyland. Please refer to its user manual for more information. View Types When logging into CLI (Command Line Interface) by Console port or Telnet, user can enter different views or switch between different views by using...
Page 18: Console Port Access
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  Restore default to the user view configuration  Save current configuration  Software update  Reboot switch SWITCH(config) # Configuration Configure all switch Input "exit" or "end" to View functional modules return to the management view When a switch is configured by command lines, "?"...
Page 19 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 1: Hyper Terminal 4. Create a new connection "Switch", as shown in Figure 2. Figure 2: New Connection 5. Connect a correct communication port, as shown in Figure 3.
Page 20 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 3: Select communication port Note: confirm communication port, please right click Computer]→[Property]→[Hardware]→[Device Manager]→[Port] to check the USB port-used communication port. 6. Serial port setting as shown in Figure 4. Bits per second (Baud rate): 115200;...
Page 21: Telnet Access
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 7. Click <OK> button to enter the switch CLI. Input password "admin" and press <Enter> to enter the user view, as shown in Figure 5. Figure 5: CLI Telnet Access The precondition of accessing a switch by Telnet is the normal communication of PC and switch.
Page 22: Web Access
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 2. In the Telnet interface, input "admin" in User, and "123" in Password. Click <Enter > to log in to the switch, as shown in Figure 7. Figure 7: Telnet Interface Web Access The precondition of accessing switch by Web is the normal communication of PC and switch.
Page 23 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 8: Web Login The default setting is the English login interface. Click <中文> button to change to the Chinese login interface. Note: To confirm the switch IP address, please refer to "5.1 IP Address" to learn how to obtain the IP address.
Page 24 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 9 : Web Interface You can expand or collapse the navigation tree by clicking <Expand> or <Collapse> on the top of the navigation tree. You can perform corresponding operations by clicking [Save Settings] or [Load Default] in the top menu. In the upper right corner, you can click <中文>...
Page 25: Device Management
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Device Management Click [Device Management]→[Reboot]/[Logout]. You can reboot the device or exit the Web interface. Before rebooting the device, you need to save the current settings as required. If you have saved the settings, the switch automatically configures itself with the saved settings after restart.
Page 26: Device Status
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Device Status Basic Information The switch basic information contains MAC address, SN, IP address, subnet mask, gateway, system name, device model, software version, BootROM version, as shown in Figure 10. Figure 10: Switch Basic Information Port Status Port status interface can automatically display port number, port type, administration status, link status, speed, duplex, flow control, as shown in...
Page 27 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 11: Port Status Port Show port number printed on the switch front panel Type FE: 10/100Base-TX RJ45 port FX: 100Base-FX port GE: 10/100/1000Base-TX RJ45 port GX: Gigabit SFP port Administration Status Show the administration status of ports Enable: the port is available and permits data transmission Disable: the port is locked without data transmission Link...
Page 28: Port Statistics
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Full-duplex: the port can receive and transmit data at the same time Half-duplex: the port only receives or transmits data at the same time Flow Control Show the flow control status of LinkUp ports Note: Please refer to "5.3 Port Configuration"...
Page 29: Basic Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Basic Configuration IP Address 1. Show switch IP address by using Console port Use Console port to log into switch command line interface, input "show interface" command in the user view to check the switch IP address. As Figure 13 shows, the IP address is circled in red.
Page 30: Device Information Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 more details, please refer to "22.1 DHCP Server Configuration". Figure 14: IP Address Caution:  IP address and gateway must be in the same segment, otherwise, the IP address cannot be modified.  For this series switches, the change in IP address will take effect immediately after modification without the need of reboot.
Page 31: Port Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration range: 1~64 characters Switch Name Configuration range: 1~32 characters Location Configuration options: character/Chinese character Configuration range: 1~255 characters (One Chinese character occupies two characters) Contact Configuration options: character/Chinese character Configuration range: 1~32 characters (One Chinese character occupies two characters) Port Configuration Port configuration can configure port status, port speed, flow control and other...
Page 32 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 can directly disable the port in hardware and trigger port alarms. When it is disabled, the port's operation state cannot be set. Operation Status Configuration options: Enable/Disable Default: Enable Function: configure the port operation state. Explanation: The port is disabled by protocols.
Page 33 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Caution:  10/100Base-TX ports can be configured to auto-negotiation, 10M&full duplex, 10M&half duplex, 100M&full duplex, 100M&half duplex  100Base-FX ports are forced to 100M&full duplex  1000M electrical ports can be configured to auto-negotiation, 1000M&full duplex ...
Page 34: Change Password
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Change Password Users can change the password for the "admin" account. The operation is shown in Figure 17. Figure 17: Change Password Software Update Switch can obtain more performances by software update. For this series switches, software updates contains BootROM software version update and system software version update.
Page 35 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 18: Create a new FTP user 2. Input the storage path of the update file in the space of "Home Directory", as shown in Figure 19, click <Done> Figure 19: File storage path...
Page 36 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 3. To update the BootROM software, input the following command in the management view. Switch#update ftp-mode bootrom File_name Ftp_server_ip_address User_name Password Table 3 lists the parameter descriptions. Table 3: Parameters for BootROM Update by FTP Parameter Description File_name...
Page 37 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 5. Make sure the normal communication of FTP server and switch, as shown in Figure 21. Figure 21: Normal communication of FTP server and switch 6. Wait for the update to complete, as shown in Figure 22. Figure 22: Wait for update to complete...
Page 38: Software Update By Tftp
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 7. When update completes as shown in Figure 23, please reboot the device and open the Basic Information to check if update succeeded and the new version is active. Figure 23: Successful software update by FTP Warning: ...
Page 39 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 24: TFTP server configuration 1. In Current Directory, choose the storage path of the update file on server; input the server IP address in Server interface. 2. To update the BootROM software, input the following command in the management view.
Page 40 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 25: Software update by TFTP Caution: If software is updated by TFTP, there is no need of user name and password 4. Make sure the normal communication of TFTP server and switch, as shown in Figure 26. Figure 26: Normal communication of TFTP server and switch 5.
Page 41 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 27: Wait for update 6. When update completes as shown in Figure 28, please reboot the device and open the Basic Information to check if update succeeded and the new version is active. Figure 28: Successful software update by TFTP Warning: ...
Page 42: Configuration Upload & Download
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Upload & Download Configuration backup function can save current switch configuration files on the server. When the switch configuration is changed, users can download the original configuration files from the server to switch by FTP/TFTP protocol. File uploading is to upload the switch configuration files to the server and save them to *.doc and *.txt files.
Page 43 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 31: Configuration file upload in TFTP mode Figure 32: Configuration file download in TFTP mode...
Page 44: Lldp
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 LLDP Introduction LLDP (Link Layer Discovery Protocol) provides a standard Link layer discovery method, which can encapsulate the main capabilities, management address, device identifier, interface identifier and other information of the local device into LLDPDU (Link Layer Discovery Protocol Data Unit), and then send the LLDPDU to its connected neighbors.
Page 45 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 remote port on the neighbor device, the IP address and the MAC address of the neighbor device, as shown in Figure 34. Figure 34: LLDP information Caution: LLDP information can be displayed only after LLDP protocol is enabled in both connected devices.
Page 46: Arp Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Introduction ARP (Address Resolution Protocol) uses address request and response mechanism to resolve the mapping relationship of IP address and MAC address. The switch not only can dynamically learn the IP address-and-MAC address mapping relationships of other hosts that are in the same segment with the switch, but also can configure static ARP entries to specify the fixed mapping relationships of IP and MAC addresses.
Page 47: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Web Configuration 1. Configure ARP aging time, as shown in Figure 35. Figure 35: Configure aging time ARP Aging Time Configuration range: 10~60min Default: 20min Function: configure ARP aging time. Explanation: The ARP aging time begins once a dynamic ARP entry adds into the address table.
Page 48 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Caution:  The IP address set in the static ARP entry must be in the same segment with the switch IP address.  When the switch IP address is set in the static ARP entry, the system will automatically correspond to the switch MAC address.
Page 49: Qos Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 QoS Configuration Introduction QoS (Quality of Service) is a mechanism that utilizes flow control and resource allocation to offer different services to multi traffics that have different demands on the limited bandwidth in the IP network, according with the transmission features of different traffics as far as possible, reducing network congestion and minimizing the influence of network congestion on the high priority traffics.
Page 50: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 the traffic priority: port, DSCP, and 802.1p.  If the Ingress Type of a port is set to Port, the port default priority determines a queue to save a message. The mapping relationship of port default priority and queue is consistent with that of 802.1p priority and queue.
Page 51 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 38: QoS Port Configuration Ingress Type Configuration options: Port/802.1P/DSCP Default: 802.1P Function: configure the port-used priority mechanism. Explanation: Select only one type of priority mechanism for each port. Egress Type Configuration options: SP/WRR Default: SP Function: configure the bandwidth allocation mode for port.
Page 52 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 39: 802.1p priority-queue mapping table 802.1P Priority 0~7 Group configuration: {Priority, Queue} Configuration range: {0~7, 0~3} Default: priority 0 and 1 map to queue 0; priority 2 and 3 map to queue 1; priority 4 and 5 map to queue 2; priority 6 and 7 map to queue 3; Function: Map 802.1P priority/port priority to queue 3.
Page 53: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 DSCP Priority 0~63 Group configuration: {Priority, Queue} Configuration range: {0~63, 0~3} Default: priority 0~15 maps to queue 0; priority 16~31 maps to queue 1; priority 32~47 maps to queue 2; priority 48~63 maps to queue 3; Function: Map DSCP priority to queue Typical Configuration Example As Figure 41 shows, port 1, 2, 3, 4 forward messages to port 5.
Page 54 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 The messages from port 1 and port 4 add into the queue 3; the messages from port 2 add into the queue 1; and the messages from port 3 add into the queue 2. Then according to the corresponding relationship between queue and weight ratio, (the weight ratio of queue 1 is 2;...
Page 55: Port Trunk
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Port Trunk Introduction Port trunk is to bind a group of physical ports that have the same configuration to a logical port. The member ports in a Trunk group not only can share the flow to, but also can become a dynamic backup of each other to enhance the connection reliability.
Page 56: Explanation
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Explanation Port Trunk and the following port operations are mutually exclusive:  The mutual exclusion of Port Trunk and port ring protocol. A port joining Trunk group cannot enable a ring protocol or be configured to a ring port, while a ring protocol-enabled port or a ring port cannot join a Trunk group.
Page 57 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 43: Port Trunk Mode Setting Port Trunk Mode Configuration options: XOR/HASH Default: HASH Function: set port trunk mode Explanation: Port Trunk Mode determines the way of flow sharing of Trunk Group. 2. Set Trunk group, as shown in Figure 44. Figure 44: Trunk Group Configuration Trunk ID Configuration range: 1 to 16...
Page 58: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 45: Trunk Group List Click a Trunk group in the list shown in Figure 45 to check group members, modify Trunk group configuration and delete Trunk group, as shown in Figure Figure 46: Detailed configuration of Trunk Group Modify the members of Trunk group (Add new ports or delete the existing ports).
Page 59 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 members, as shown in Figure 44.
Page 60: Mac Aging Time
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 MAC Aging Time 10.1 Introduction Each port of a switch has the function of auto-learning addresses. That is to learn the source address of the port-received frame, including source MAC address and switch port number, and store it in the address table. Aging time starts once the dynamic address adds into the address table.
Page 61: Port Rate Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Port Rate 11.1 Introduction Port rate configuration is to limit the amount of port-received/transmitted messages and drop the data that is over the limitation. Ingress ports limit the rate of the selected messages, while egress ports limit the rate of all messages.
Page 62: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 bucket, the packet may be transmitted until there are sufficient tokens in the bucket or may be dropped. Port rate configuration uses token buckets to control flow. If port rate is set in a port, the messages in this port will be processed by Token Bucket before forwarding.
Page 63 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 64~100000Kbps The ingress rate of Gigabit Ethernet port is in the range of 64~200000Kbps Egress Rate Configuration range: 64~1000000Kbps Function: limit the egress rate of port-transmitted packets and the egress rate is shared by 5 token buckets in a port. Explanation: The egress rate of Fast Ethernet port is in the range of 64~100000Kbps The egress rate of Gigabit Ethernet port is in the range of 64~1000000Kbps...
Page 64: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 49: Port rate configuration list In the Packet Type, 1 means UUF (Unknown unicast frame), 2 means UMF (Unknown multicast frame, 3 means BF (Broadcast frame), 4 means MF (multicast frame), 5 means UF (Unicast frame). 11.4 Typical Configuration Example Limit the ingress rate of UUF, UMF and BF in port 1 to 70Kbps and set the...
Page 65: Redundant Protocols
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Redundant 12.1 DT-Ring Configuration 12.1.1 Introduction DT-Ring and DT-Ring+ are Kyland-proprietary redundancy protocols. They enable a network to recover within 50ms when a link fails, ensuring stable and reliable communication. DT rings fall into two types: port-based (DT-Port-Ring) and VLAN-based (DT-VLAN-Ring).
Page 66: Implementation
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 backup port.  Master backup port: When a ring has two backup ports, the backup port with the larger MAC address is the master backup port. It is in forwarding state.  Slave backup port: When a ring has two backup ports, the backup port with the smaller MAC address is the slave backup port.
Page 67 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  All switches in the same ring must have the same domain number.  Each ring can have only one master station and multiple slave stations.  Only two ports can be configured on each switch for a ring. ...
Page 68 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 51 DT-Ring Recovery 2. Implementation of DT-Ring+ DT-Ring+ can provide backup for two DT rings, as shown in Figure 52. One backup port is configured respectively on Switch C and Switch D. Which port is the master backup port depends on the MAC addresses of the two ports.
Page 69: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 3. Implementation of DT-VLAN-Ring DT-VLAN-Ring allows the packets of different VLANs to be forwarded in different paths. Each forwarding path for a VLAN forms a DT-VLAN-Ring. Different DT-VLAN-Rings can have different master stations. As shown in Figure 53, two DT-VLAN-Rings are configured.
Page 70 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Default: Disable Function: Enable or disable ring status detection. Description: After ring status detection is enabled, the switch automatically detects ring status. When a non-ring port receives DT-Ring packets, the port will be locked. Therefore, use the function with caution. 2.
Page 71 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Options: Master/Slave Default: Master Function: Select the role of the switch in the current ring. Ring Port1/Ring Port2 Options: All ports of the switch Function: Select two ring ports. Caution: Port trunk and ring are mutually exclusive. The ports added to a trunk group cannot be configured as a ring port, and a ring port cannot be added to a trunk group.
Page 72 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 3. View and modify DT-Ring configuration. Click the DT-Ring options in Figure 56. You can view and modify the configurations of the ring, as shown in Figure 57. Figure 57 Viewing and Modifying DT-Ring Configuration After modification is completed, click <Apply>...
Page 73: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 12.1.5 Typical Configuration Example As shown in Figure 52, Switch A, B, C, and D form Ring 1; Switch E, F, G, and H form Ring 2; CE and DF are the backup links of Ring 1 and Ring 2. Configuration on Switch A: 1.
Page 74: Basic Concepts
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 packet storm in the network. The disadvantage of STP is that it does not support rapid port state transition and ports must wait for twice Forward delay time before transiting to a forwarding state. In order to solve this disadvantage, IEEE802.1w standard was launched as the supplement of 802.1D standard and defined RSTP (Rapid Spanning Tree Protocol).
Page 75: Configuration Bpdu
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 port and forward data without delay. 12.2.3 Configuration BPDU In order to avoid loops in network, all bridges on LAN calculate a spanning tree together. They confirm the network topology by delivering BPDU messages between them, as shown in Table 5. Table 5: BPDU Data …...
Page 76 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 configuration BPDUs, meanwhile it also receives configuration BPDUs from other devices. Once receiving a configuration BPDU, each port will compare it with its own configuration BPDU.  If the priority of the configuration BPDU generated by the local port is higher than its received configuration BPDU, the device does not perform any processing.
Page 77: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  Root path cost is replaced by that of the configuration BPDU of the root port plus the corresponding path cost of the root port  Designated bridge ID is replaced by the device ID ...
Page 78 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 60: Configure bridge BPDU Spanning Tree Priority Configuration range: 0~65535 with the step length of 4096 Default: 32768 Function: configure bridge priority Explanation: the bridge priority is used to elect the root bridge. The smaller the value is, the higher the priority is.
Page 79 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 1.0 seconds). 3. Configure the RSTP protocol-enabled port, as shown in Figure 61. Figure 61: Configure the RSTP protocol-enabled port Protocol Status Configuration options: Enable/Disable Default: Disable Function: Enable/Disable the spanning tree protocol in port Caution: ...
Page 80: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: Set the port priority to determine the port role Path Cost Configuration range: 1~200000000 Default: 2000000 (10M port), 200000 (100M port), 20000 (1000M port) Explanation: port path cost is used to calculate the optimum path. This value is subject to the bandwidth.
Page 81 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 62: RSTP Example Switch A Configuration: 1. Set the priority to 0 and the time parameters to the defaults, as shown in Figure 60. 2. Set the path cost of port 1 to 5, and the path cost of port 2 to 10, as shown in Figure 61.
Page 82: Rstp/Stp Transparent Transmission
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 in Figure 61.  The priority of Switch A is 0 and has the smallest bridge ID, so it is elected to the root bridge  The path cost from AP1 to BP1 is 5, and the path cost from AP2 to BP2 is 14, so the BP1 is elected to the root port ...
Page 83: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 63: RSTP Transparent Transmission Application 12.3.2 Web Configuration Configure the RSTP transparent transmission function on port, as shown in Figure 64. Figure 64: RSTP Transparent Transmission Configuration RSTP/STP Transparent Transmission Configuration options: Enable/Disable Default: Disable Function: Enable RSTP transparent transmission function on port...
Page 84: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Caution: The RSTP protocol-enabled port cannot enable RSTP transparent transmission function. 12.3.3 Typical Configuration Example As Figure 63 shows, Switch A, B, C and D form a DRP ring; Switch E and F forms a RSTP ring, in which Switch A and B form a transparent transmission link to transmit the RTSP protocol messages sent from Switch E or F.
Page 85: Implementation
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 topology and is not fixed. Root periodically sends out an Announce message and other devices forward this message to guarantee the topology stability.  B-Root: The switch in which a ring port is Link-down, or a ring port deteriorates (it means the number of CRC messages exceeds the threshold) ...
Page 86 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 65: DRP Topology 1. In the initial state, all switch are in INIT state 2. In the ring network, switches compare the Announce message forwarded between them, and then elect Switch A to be Root due to its optimum configuration.
Page 87: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 DRP protocol can provide backup between two DRP rings. As Figure 67 shows, each switch can configure a backup port. The master backup port is the forwarding port, and the other backup ports are blocked. If the master backup port/link fails, the system will select a slave backup port to forward data, guaranteeing the normal communication between redundant rings.
Page 88 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 68: DRP Configuration Redundancy Forced configuration: DRP Domain ID Configuration range: 1~32 Function: Domain ID is used to distinguish different rings. One switch can set max 16 DRP rings. Domain Name Configuration range: 1~31 characters Function: set the name of domain Role Priority Configuration range: 0~255...
Page 89 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration options: all switch ports Function: Select two ring ports Caution:  Port mirroring and ring port configuration are mutually exclusive. The mirroring source/destination port cannot be configured to ring port, while the ring port cannot be set to the mirroring source/destination port. ...
Page 90: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 70: Show and modify DRP configuration After setting, click <Apply> to activate changes; click <Delete> to delete this DRP configuration entry. 3. Show the switch role and port status in DRP ring, as shown in Figure 71. Figure 71: DRP status 12.4.5 Typical Configuration Example...
Page 91 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Domain ID: 1; Domain name: Ring. The port priority is the default setting. Ring port: port 1 and port 2; Backup port: port 3, as shown in Figure 68.  Switch E, F, G, H configuration Domain ID: 2;...
Page 92: Multicast Protocol
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Multicast 13.1 GMRP 13.1.1 GARP Introduction GARP (Generic Attribute Registration Protocol) is used to distribute, propagate and register certain information (such as VLAN, multicast address) between switches in a network. GARP application is divided to GVRP and GMRP. GVRP will be introduced in "17.3 ".
Page 93: Gmrp Protocol
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 the message quantity for network stability.  Join Timer: in order to guarantee that the Join message can be reliably transmitted to other switches, the GARP-enabled switch will wait for a time interval of a Join timer after sending the first Join message. If the switch does not receive a Join In message during this time, it will send out a Join message again, otherwise, it won't send the second message.
Page 94: Explanation
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 13.1.3 Explanation Agent port: the port that enable GMRP function and agent function Propagation port: the port that only enables GMRP function, and does not enable agent function GMRP application requires one or multiple agent ports. The agent entries in the device agent port will be propagated from the device propagation port to the propagation port of the next device.
Page 95 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Explanation: if the LeaveAll timers of different devices time out at the same time, multiple LeaveAll messages will be sent out at the same time, which increases the message quantity. In order to avoid this problem, the actual running time of a LeaveAll timer is a random value, which is longer than the time of a LeaveAll timer, and less than 1.5 times of a LeaveAll timer.
Page 96 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration range: 100ms~327600ms Default: 100ms Explanation: This value must be a multiple of 100. It is better to set a same time of Hold timers for all GMRP-enabled ports Join Timer Configuration range: 100ms~327600ms Default: 500ms Explanation: This value must be a multiple of 100.
Page 97 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration format: HH-HH-HH-HH- HH - HH (H is a hexadecimal number) Function: configure the MAC address of the multicast group, and the lowest bit of the highest byte is 1. VLAN ID Configuration options: all existing VLAN IDs Function: configure a VLAN ID for the GMRP agent entry Explanation: GMRP agent entry can only be forwarded from the propagation port whose VLAN ID is the same as that of the agent entry.
Page 98: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  The connected devices both enable GMRP function  The two ports that connect two devices must be propagation ports. Figure 76: GMRP Dynamic multicast table GMRP Dynamic Multicast List Group displaying: {Index, Multicast MAC, VLAN ID, Member Port} Function: show GMRP dynamic multicast entries 13.1.5 Typical Configuration Example...
Page 99: Static Multicast Address Table
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 3. Configure the agent multicast entry. <MAC address, VLAN ID, Member port> configure to {01-00-00-00-00-01, 1, 1> and {01-00-00-00-00-02, 2, 1}, as shown in Figure 74. Switch B configuration: 1. Enable global GMRP function in switch B; LeaveAll timer uses the default value, as shown in Figure 72.
Page 100: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 corresponding member port according to the entry 13.2.2 Web Configuration 1. Enable static FDB multicast, as shown in Figure 78. Figure 78: Static FDB Multicast Table FDB Multicast Status Configuration options: Enable/Disable Default: Disable Function: Enable/Disable static multicast address table 2.
Page 101: Igmp Snooping
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: set the VLAN ID of the static multicast entry. Only VLAN member ports can forward this multicast message. Port List Function: choose the member ports of the multicast address. If a host connected to a port would like to receive a certain multicast group data, statically add this port into the multicast group and become a static member port.
Page 102: Principle
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 group information. If there are multiple queriers in network, they will automatically elect the one with the smallest IP address to be querier. Only the elected querier can periodically send out IGMP query messages, while other non-querier devices can receive and forward query messages, instead of sending out query messages.
Page 103: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 multicast group that the host would like to join in).  Leave group message: if a host wishes to leave a multicast group, it will send an IGMP leave message with the fixed destination IP address of 224.0.0.2.
Page 104: Typical Application Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 2. Show IGMP member list, as shown in Figure 82. Figure 82: IGMP Snooping Member List IGMP Member List Group Displaying: {MAC, VLAN ID, Member} Function: show the FDB multicast table that are dynamically learned by IGMP Snooping.
Page 105 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  Because Switch 3 is elected to the querier, it will periodically send out a general query message, and then port 4 of Switch 2 will receive the query message, so it is elected to a router port, then the query message will be forwarded from the port 3 of Switch 2, and the port 2 of Switch 1 will receive the message and it will be elected to a router port.
Page 106: Diagnosis Function
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Diagnosis 14.1 Port Mirroring 14.1.1 Introduction Port mirroring function is that the switch copies all received or transmitted data frames in a port (mirroring source port) to another port (mirroring destination port), and the mirroring destination port connects with a protocol analyzer or RMON monitor for network monitoring, management and fault diagnosis.
Page 107: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 14.1.3 Web Configuration 1. Select the mirroring destination port, as shown in Figure 84. Figure 84: Mirroring Destination Port Monitoring Port Configuration options: NULL/ one switch port Default: NULL Function: Select a port to be the mirroring destination port. There is one and only one mirroring destination port.
Page 108: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 TX only mirror the transmitted messages of the source port RX only mirror the received messages of the source port TX&RX mirror all messages of the source port 14.1.4 Typical Configuration Example As Figure 86 shows, the mirroring destination port is port 2 and the mirroring source port is port 1.
Page 109: Virtual Cable Tester
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 87: Link Check Administration Status Configuration options: Enable/Disable Default: Enable Explanation: only the ring protocol-enabled port can enable this function Run Status Configuration options: Normal Link/Receive Fault/Disable Explanation: If a ring port enables the Link Check function, its run status is Normal when this port receives and transmits data properly, otherwise, its run status is Receive Fault;...
Page 110: Implementation
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 when the transmitted pulse signal reaches the end of the cable or the fault point, and VCT technology can measure the signal arrival time at the fault point and the time of getting back to the sending source, then calculates the distance according to the time.
Page 111 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 known Method: click <VCT Start> to detect the cable connecting state of the current port. Test multiple times to obtain an accurate and stable test result. 2. Compare the test result with the actual situation, as shown in Figure 89. Figure 89: VCT Test Result Status Displaying options: Open/Short/Normal/Imped...
Page 112 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 91: Test Result after Adjustment...
Page 113: Sntp
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 SNTP 15.1 Introduction SNTP (Simple Network Time Protocol) calibrates time by requests and responses between servers and clients. Switches work as clients to calibrate time according to the messages from the server. Four SNTP servers are supported at the same time, but only one server is in active state.
Page 114 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration options: Enable/Disable Default: Disable Function: enable/disable SNTP protocol Server IP Configuration format: A.B.C.D Function: configure the IP address of the SNTP server and the client calibrates time according to the messages from this server Interval Time Configuration range: 16~16284s Function: set the interval of the SNTP client sending a synchronous request to...
Page 115 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Update Configuration options: Automatism/Manual Default: Automatism Function: choose the client-and-server time synchronization form 3. Show SNTP configuration information, as shown in Figure 94. Figure 94: SNTP Configuration Information Number Select the number to delete the corresponding server configuration. Server Status Displaying options: active/repose The server in active state provides SNTP time to the client.
Page 116: Security Functions
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Security 16.1 16.1.1 Introduction SSH (Secure Shell) is a network protocol for secure remote login. It encrypts all transmitted data to prevent information disclosure. When data is encrypted by SSH, users can only use command lines to configure switches. This series switches support SSH server function and allow the connection of multiple SSH clients that can log into remote switches by SSH.
Page 117: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  Key and algorithm negotiation stage: SSH supports multiple types of encryption algorithms. The two parties negotiate an algorithm to use.  Authentication state: the SSH client sends an authentication request to the server and the server authenticates the client. ...
Page 118 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 96: Create a new key pair 4. Enable SSH protocol and configure the SSH server, as shown in Figure Figure 97: SSH server configuration SSH State Configuration options: Enable/Disable Default: Disable Function: Enable/Disable SSH protocol. If it is enabled, the switch works as the...
Page 119 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 SSH server. Authentication Retry Times Configuration range: 1~10 Default: 10 Function: set the number of attempts to log into SSH server Time Out Configuration range: 60~300 Default: 300 Function: set the time that the SSH client connection lasts when there is no date transmission.
Page 120 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 98: SSH key configuration Key Name Configuration range: 3~20 characters Function: set the key name and support max 3 keys Key Type Fixed configuration: RSA Explanation: this series switches only support RSA key algorithm Key Value Configuration format: {algorithm name, public key, key info} Algorithm name: ssh-rsa | ssh-dsa...
Page 121 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 99: Show key list  SSH user configuration steps: 1. SSH user configuration, as shown in Figure 100. Figure 100: SSH user configuration User Name Configuration range: 3~20 characters Function: create a user name and support max 4 users Authentication Type Configuration options: Public Key/Password Default: Public key...
Page 122: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 101: Show User List 16.1.5 Typical Configuration Example The Host works as the SSH client to establish a local connection with Switch, as shown in Figure 102. Figure 102: SSH configuration example  SSH user chooses the authentication type of "Password": 1.
Page 123 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 103: SSH client configuration 4. Click <Open> button and the following warning message appears shown in Figure 104, click the <是(Y)> button. Figure 104: Warning message...
Page 124 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 5. Input the user name "ddd" and the password "444" to enter the switch configuration interface, as shown in Figure 105. Figure 105: Login interface of the SSH password authentication  SSH user chooses the authentication type of "Public Key": 1.
Page 125 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 106: Generate the client key 3. In the generation process, please move the mouse in the screen, otherwise, the progress bar does not move forward and the generation stops, as shown in Figure 107.
Page 126 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 107: Key Generation 4. As Figure 108 shows, click <Save private key> to save the private key, and copy the public key to the space of Key Value in the SSH Key Configuration interface and input the key name, as shown in Figure 98.
Page 127 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 108: Generate the key value 5. Configure the SSH user name to ddd, and select the authentication type of "Public Key", choose the corresponding key name, as shown in Figure 100. 6. Establish a connection with the SSH server. First, run the PuTTY.exe software, as shown in Figure 109;...
Page 128 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 109: SSH client configuration of the "Public Key" authentication 7. Click [SSH] → [Auth] in the left side of the Figure 109, and the screen shown in Figure 110 appears, click <Browse> and choose the private file saved in the step 4.
Page 129 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 110: Choose the key file 8. Click <Open> button; input the user name to enter the switch configuration interface, as shown in Figure 111.
Page 130: Dot1X
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 111: Login interface of the SSH public key authentication 16.2 Dot1x 16.2.1 Introduction In order to solve the WLAN security problem, IEEE802LAN/WAN committee put forwarded the 802.1X protocol. IEEE802.1X protocol is used in Ethernet as a common access control mechanism, mainly solving authentication and security problems of Ethernet.
Page 131 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 112: Enable global Dot1x Dot1x On-Off Configuration options: Enable/Disable Default: Disable Function: Enable/Disable global Dot1x security function 2. Dot1x information configuration on port, as shown in Figure 113. Figure 113: Dot1x information Port ID Configuration options: all switch ports Function: choose the port to enable Dot1x function User Name...
Page 132 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 114: Configure authentication method and timeout Dot1x Method Configuration options: Local/Remote Default: Local Function: choose the Dot1x authentication method Explanation: If choose Local, user needs to manually add authentication username and password on switch. If choose Remote, user needs to pass TACACS+ server authentication with the user name and password set on TACACS+ server.
Page 133 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: Enable/Disable Dot1x protocol on port. When this function is enabled, user can log into switch from this port only after passing authentication. Mode Configuration options: ForceUnauthorized/Auto/ForceAuthorized Default: Auto Function: choose the authentication mode of the port Explanation: ForceUnauthorized means that the port is always in an unauthorized state and does not allow user authentication and the authenticator does not offer the authentication service to clients that would like...
Page 134: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 16.2.3 Typical Configuration Example As Figure 116 shows, Dot1x client connects with switch port 3; enable Dot1x protocol in port 3 and choose Auto authentication mode; the local authentication username and password are both ccc and the remote authentication username and password are both ddd, other settings use the default values.
Page 135: Port Security
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 password "ddd" to do authentication. User can access the switch after passing authentication. 16.3 Port Security 16.3.1 Introduction Port security is a MAC address-based security mechanism for network access control. This mechanism detects the source MAC addresses of the port-received frames to control the network access of unauthorized devices.
Page 136 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 118: Port security address configuration Port ID Configuration options: the ports that enable port security function Function: select the port to bind to the security address MAC Address Function: set the MAC address that is bound to the port. Only the message whose source MAC address is this binding address can pass through this port, otherwise the message is dropped.
Page 137: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 119: Port security list 16.3.3 Typical Configuration Example Bind the MAC address of 0x000101010000 to the port 1 in VLAN 2, then only the message with the source MAC address of 0x000101010000 can pass through the port 1 in VLAN 2.
Page 138: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 standard with user standards in the database one by one. If there is conformity, the user passes the authentication; if there is not, the server refuses the network connection request. Next, user obtains rights to operate corresponding tasks by Authorization. For example, user is likely to execute some commands for operation after logging into system, so the Authorization process will detect whether the user has rights to execute these commands.
Page 139: Introduction
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 120: Configure authentication method Authentication Method Order Configuration Configuration options: local/tacacs+/local, tacacs+/tacacs+, local Default: local Function: choose the authentication order Explanation: local: take the local authentication, which uses the user name and password created on device to login. tacacas+: take the TACACS+ authentication, which uses the user name and password set on TACACS+ server local, tacacs+: take the local authentication first, if cannot pass the...
Page 140: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 application based on TCP transmission protocol and uses client/server mode to achieve the communication between NAS (Network Access Server) and TACACS+ server. Clients run on NAS and the server performs centralized management of user information. For users, NAS is a sever, but for TACACS+ server, NAS is a client.
Page 141 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Protocol Status Configuration options: Enable/Disable Default: Disable Function: Enable/Disable TACACS+ protocol 2. TACACS+ server configuration, as shown in Figure 124. Figure 124: TACACS+ server configuration Server Attribute Configuration options: Primary/Secondary Default: Primary Function: choose the server type Server Address Function: input the server IP address TCP Port...
Page 142: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration range: 1~32 characters Function: configure key value Explanation: set the key value to improve the communication security between client and TACACS+ server. Two parties share the key to verify the message legality. Only when the keys are same can both parties receive messages from each other and respond to messages, so please make sure the key set on the client is same as the key on TACACS+ server.
Page 143: Introduction
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 2. Server configuration: IP address is 192.168.1.23, enable "Encrypt" and the Key Value is aaa, as shown in Figure 124. Web login uses Local authentication and Telnet login uses TACACS+ authentication, as shown in Figure 120 and Figure 121. 3.
Page 144: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 16.6.2 Web Configuration 1. Enable HTTPS protocol, as shown in Figure 127. Figure 127: Enable HTTPS protocol WEB Default Visit Configuration options: HTTP/HTTPS Default: HTTP Function: choose the protocol to access Web browser. Explanation: If choose HTTPS, use https:// to log into switch Web ipaddress Interface.
Page 145 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 128: HTTPS logging interface 3. Input the username "admin" and password "123" to successfully log into switch through HTTPS.
Page 146: Vlan
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 VLAN 17.1 VLAN Configuration 17.1.1 Introduction VLAN (Virtual Local Area Network) divides a LAN to multiple logic VLANs. The devices in a same VLAN can communicate to each other and the devices in different VLANs cannot conduct intercommunication, in this way, the broadcast messages are limited in a VLAN, highly improving LAN security.
Page 147: Port-Based Vlan
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 are reserved by protocol. Note:  VLAN 1 is the default VLAN and cannot be manually created and deleted by users.  Reserved VLANs are reserved to realize specific functions by system and cannot be manually created and deleted by users. The message containing 802.1Q header is a Tag message;...
Page 148: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 The port PVID is the VLAN ID of the Untag port. By default, all ports' PVID is VLAN 1. After setting port type and PVID, there are several ways to process port-received and port-transmitted messages, as shown in Table 8. Table 8: Different Processing Modes for Packets Processing Received Packets Processing Packets to Be Forwarded...
Page 149 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 129: VLAN Configuration VLAN Name Configuration range: 1~31 characters Function: set VLAN name VLAN ID Configuration range: a number in the range of 2~4093 Function: Configure VLAN ID Explanation: VLAN ID is used to distinguish different VLANs. This series switches support max 256 VLANs.
Page 150 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration options: Enable/Disable Default: Disable Function: For Tag port, enable PVLAN or not. More information about PVLAN will be introduced in "17.2 PVLAN". Caution: An Untag port can join only one VLAN and its VLAN ID is the port PVID. By default, it is VLAN 1, but a tag port can join multiple VLANs.
Page 151 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 131: Port PVID List Caution: Each port must have an Untag attribute. If it is not set, the Untag port is default in VLAN 1. 4. Modify/Delete VLAN Click a VLAN in the Figure 130 to enter the corresponding screen in which the VLAN can be deleted or modified.
Page 152: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 132: Modify/Delete VLAN 17.1.5 Typical Configuration Example As Figure 133 shows, the entire LAN is divided into 3 VLANs: VLAN2, VLAN100 and VLAN200. It is required that the devices in a same VLAN can communicate to each other, but different VLANs are isolated.
Page 153 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Set Switch A and B's port 3 and port 4 to Untag ports, port 7 to Tag VLAN100 port Set Switch A and B's port 5 and port 6 to Untag ports, port 7 to Tag VLAN200 port Figure 133: VLAN Application...
Page 154: Pvlan
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 17.2 PVLAN 17.2.1 Introduction PVLAN (Private VLAN) uses two layers isolation technologies to realize the complex port traffic isolation function, achieving network security and broadcast domain isolation. The upper VLAN is a shared domain VLAN in which ports are uplink ports. The lower VLANs are isolation domains in which ports are downlink ports.
Page 155: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 17.2.2 Web Configuration 1. Enable PVLAN function on port, as shown in Figure 135. Figure 135: Enable PVLAN function In VLAN configuration interface, Tag ports can enable PVLAN function. If the VLAN is a shared domain, the uplink port should be set to untagged, and the downlink port should be set to tagged.
Page 156: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 136: PVLAN Member Configuration PVLAN List Configuration options: tick or not Default: no tick Function: Choose VLAN members for PVLAN 17.2.3 Typical Configuration Example Figure 137 shows PVLAN application. VLAN300 is a shared domain and port 1 and port 2 are uplink ports;...
Page 157: Gvrp
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 of VLAN 300, and enable PVLAN; 2. Configure the isolation domain of VLAN 100, as shown in Figure 135. Port 1 and port 2 are set to Tagged and are assigned to the isolation domain of VLAN 100, and enable PVLAN; Port 3 and port 4 are set to Untag ports and are assigned to the isolation domain of VLAN 100.
Page 158: Port Mode
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 17.3.2 Port Mode There are three types of GVRP registration mode on a port: Normal, Fixed and Disable.  Normal: allow the port to dynamically register or deregister VLAN attribute, and propagate dynamic and static VLAN information. ...
Page 159 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 GVRP Status Configuration options: Enable/Disable Default: Disable Function: Enable/Disable GVRP protocol LeaveAll Timer Configuration range: 100ms~327600ms Default: 10000ms Function: set the time interval of sending leave all message. It must be a multiple of 100. Explanation: If LeaveAll timers of different devices time out at the same time, the devices will send out a LeaveAll message at the same time, which increases the message quantity.
Page 160: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 139: GVRP Port Setting GVRP Mode Configuration options: Disable/Normal/Fixed Default: Disable Function: Set GVRP mode on port; Caution:  The port in Normal mode can only be set to Untagged and exist in the default VLAN (VLAN 1) ...
Page 161 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Switch A is set to Fixed mode to statically register VLAN information; port 2 is set to Normal mode and propagates the VLAN information of port 1. Port 2 of Switch B is set to Normal mode and registers the VLAN information of Switch A. In this way, port 2 of Switch B can register the same VLAN information as that in port 1 of Switch A.
Page 162: Rmon
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 RMON 18.1 Introduction RMON (Remote Network Monitoring) is based on SNMP architecture and let network management devices more actively monitor and manage the managed devices. RMON includes NMS (Network Management Station) and Agent. NMS manages Agent and Agent can perform statistics of all kinds of traffic information on port.
Page 163 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 statistics result is a continuous accumulated value.  History Group History group stipulates that the system periodically take sampling of all kinds of traffic information on port and saves the sampling values in the history record table, so as that the management device can view them at any time.
Page 164: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 18.3 Web Configuration 1. Set statistics information, as shown in Figure 142. Figure 142: RMON Statistics Configuration Index Configuration range: 1~65535 Function: set a index of a statistics information entry Owner Configuration range: 1~32 characters Function: set the name of a statistics information entry Data Source Configuration options: ifIndex.portid...
Page 165 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Index Configuration range: 1~65535 Function: set the index of history control entry Data Source Configuration options: ifIndex.portid Function: select the port to take sampling Owner Configuration range: 1~32 characters Function: set the name of a history control entry Sampling Number Configuration range: 1~65535 Function: set the times to take sampling...
Page 166 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: set the name of a event control entry Event Type Configuration options: NONE/LOG/Snmp-trap/log&Trap Default: NONE Function: set the event type when alarm happens. It is the alarm handling method. Event Description Configuration range: 1~32 characters Function: set the event description Event Community Configuration range: 1~32 characters...
Page 167 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: choose the MIB information to do statistics, such as the number of unicast message in the ingress port Index Configuration range: 1~65535 Function: set the index of a alarm control entry Function: set the OID number of the current MIB node Owner Configuration range: 1~32 characters Function: set the name of a alarm control entry...
Page 168 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: set a rising threshold. When the sampling value exceeds the rising threshold and the alarm type is RisingAlarm or RisOrFallAlarm, the alarm will be triggered and the rising event index will be activated. Falling Threshold Configuration range: 1~65535 Function: set a falling threshold.
Page 169: Unicast Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Unicast Configuration 19.1 Introduction When a switch forwards a message, it searches in the MAC address table to confirm the destination port number corresponding to the destination MAC address of the message. MAC address is divided into static MAC address and dynamic MAC address. Static MAC address is configured by users and has the highest priority (cannot be covered by dynamic MAC address) and is permanently valid.
Page 170 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration format: HH-HH-HH-HH-HH-HH (H means a hexadecimal number) Function: configure unicast MAC address and the lowest bit in the highest byte is 0 VLAN ID Function: set the VLAN ID of port Member Port Configuration options: all switch ports Function: select a port to forward the message with this destination MAC address and the selects port must be in the above specified VLAN 2.
Page 171 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 148: Dynamic unicast FDB table...
Page 172: Alarm And Log
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Alarm and Syslog 20.1 Alarm 20.1.1 Introduction This series switches support three types of alarms. When an alarm is triggered, the Alarm LED in the front panel goes ON.  Power alarm: if it is enabled, the alarm will be triggered for single power input ...
Page 173 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 149: Alarm setting Power Alarm Options: Enable/Disable Default: Disable Function: Enable/disable power alarm Port Alarm Options: Enable/Disable Default: Disable Function: Enable/disable port alarm. DT-RING Alarm Options: Enable/Disable Default: Disable Function: Enable or disable the DT-Ring function. 2.
Page 174: Log
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 150: Show alarm status Power Alarm Status Options: NONE/WARN Explanation: after the power alarm function is enabled, NONE is displayed for the power in power-on state, while WARN is displayed for the power in power-off state.
Page 175: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1  Task suspension log  Reboot caused by task suspension  Reboot caused by pressing <Reset> button on switch front panel  Reboot caused by Reboot command  Reboot caused by clicking <Reboot> button on Web interface ...
Page 176 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration options: Enable/Disable Default: Enable Function: Enable/Disable RunLog. Once it is enabled, running log can be recorded. Save in Flash Configuration options: Enable/Disable Default: Disable Function: Save logs in Flash or not. Once it is enabled, the logs can be viewed on switch.
Page 177 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 2. Log uploading, as shown in Figure 153 and Figure 154. Figure 153: Upload logs by FTP mode Figure 154: Upload logs by TFTP mode Transfer Mode Configuration options: Ftp Mode/Tftp Mode Default: Ftp Mode Function: Choose the mode to upload logs to server Server IP Address Configuration format: A.B.C.D...
Page 178 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: Input FTP user name. There is no need to input user name when the file is uploaded by TFTP mode Password Configuration range: 1~32 characters Function: Input FTP user password. There is no need to input password when the file is uploaded by TFTP mode 3.
Page 179: Snmp
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 SNMP 21.1 SNMPv2 21.1.1 Introduction SNMP (Simple Network Management Protocol) is a frame of using TCP/IP protocol suite to manage devices in a network. Network administrator can check device information, modify device parameters, monitor device status and locate network faults by SNMP function.
Page 180: Explanation
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 requests, it will send out Get-Response message as respond. When an alarm happens, Agent will automatically send Trap message to NMS to inform the occurrence of abnormal events. 21.1.3 Explanation SNMP Agent of this series device supports SNMP v2 and SNMP v3 versions. SNMPv2 is compatible with SNMP v1.
Page 181: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 156: NMS, Agent and MIB relationship MIB defines a tree structure and each tree node is a managed object. Each tree node contains an OID (Object Identifier) that can indicate the node position in the MIB tree structure. As Figure 157 shows, the OID of the managed object A is 1.2.1.1.
Page 182 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Function: Enable/Disable SNMP protocol V2 Status Configuration options: Enable/Disable Default: Enable Function: Enable SNMPv2 version that is compatible with SNMPv1 2. Configure access rights, as shown in Figure 159. Figure 159: Access rights configuration Read-Only Community Configuration range: 3~16 characters Default: public Function: set the read-only community name.
Page 183 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 160: Trap Configuration Trap on-off Configuration options: Enable/Disable Default: Enable Function: Enable/Disable the function of switch sending Trap messages Trap Port ID Configuration options: 1~65535 Default: 162 Function: Set the port ID of sending Trap messages Server IP Address Configuration format: A.B.C.D Function: configure the server IP address of receiving Trap messages.
Page 184: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 automatically displayed as long as run the network management software on server and read & write device MIB node information. 21.1.6 Typical Configuration Example SNMP NMS connects with the switch through Ethernet. The IP address of NMS is 192.168.1.23 and the switch IP address is 192.168.1.2.
Page 185: Snmpv3
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 21.2 SNMPv3 21.2.1 Introduction SNMPv3 provides a USM (User-Based Security Model) authentication mechanism. User can configure authentication and encryption functions. Authentication is used to verify the legality of the message sender to avoid the access from illegal users. Encryption is to encrypt the transmitted messages between NMS and Agent to avoid being eavesdropped.
Page 186 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 163: SNMPv3 user table configuration User Name Configuration range: 4~16 characters Function: create user name Authentication Protocol Configuration options: NONE/HMAC-MD5/HMAC-SHA Default: NONE Function: choose a kind of authentication encryption algorithm Authentication Password Configuration range: 4~16 characters Function: set a user password 2.
Page 187 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 164: SNMPv3 access table configuration Group Name Configuration range: 4~16 characters Function: set the name of group table. For this series switches, each group is only for a single user, so the group name must be the same as the user name set in the user table.
Page 188 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 3. Context table configuration, as shown in Figure 165. Figure 165: SNMPv3 context table configuration Context Name Configuration range: 4~16 characters Function: define a series of managed objects that can be accessed by SNMP. This name must be the same as the context name set in access table. 4.
Page 189: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 166: SNMPv3 group table Security Name Configuration range: 4~16 characters Function: set the name of group table. For this series switches, each group is only for a single user, so the security name must be the same as the user name set in user table.
Page 190 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 167: SNMPv3 configuration example Agent Configuration: 1. Configure SNMPv3 user table. Set the user name to 111, choose the authentication protocol of HMAC-MD5, and set the authentication password to "aaaa", as shown in Figure 163. 2.
Page 191: Dhcp
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 DHCP With the continuous expansion of network scale and the growing of network complexity, under the conditions of the frequent movement of computers (such as laptops or wireless network) and the computers outnumbering the allocable IP addresses, the BOOTP protocol that is specially for the static host configuration has become increasingly unable to meet actual needs.
Page 192: Dhcp Server Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 DHCP server are in a same segment. If they are in the different segments, the client can communicate with the server via a DHCP relay to get IP addresses and other configuration parameters. This series switches do not support DHCP relay, so the client and the server must be in a same segment.
Page 193: Dhcp Address Pool
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 22.1.2 DHCP Address Pool The DHCP server selects an IP address from an address pool and allocates it together with other parameters to the client. The IP address allocation sequence is as follows: 1. The IP address statically bound to the client MAC address or the port ID connecting to the server.
Page 194 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Explanation: Common mode contains dynamic IP address allocation and static MAC address binding. Port mode means the port desired IP setting. 3. Port-Mode configuration When select Port-mode in the DHCP server mode, allocate static binding IP addresses to ports, as shown in Figure 171.
Page 195 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 172: Port mode server configuration The subnet mask of the network-address The subnet mask is a number with a length of 32 bits and consists of a string of 1 and a string of 0. "1" corresponds to network number fields and subnet number fields, while "0"...
Page 196 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 173: Static MAC address binding Static MAC address binding is to bind the client MAC address to IP address. When the server receives an IP address request message whose source MAC address is the MAC address set here, the IP address bound to this MAC address will be allocated to the client.
Page 197 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 175: Common mode server configuration DHCP server IP-pool name Configuration range: 1-15 characters Function: configure the name of the IP address pool The domain name for the IP-Pool Configuration range: 1-60 characters Function: configure the domain name of the IP address pool The starting IP address of the IP-Pool/The ending IP address of the IP-Pool Configuration format: A.B.C.D (the starting IP address and the ending IP...
Page 198 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration range: 0 Days 0 Hours 1 Minutes – 1000 Days 23 Hours 59 Minutes/Infinite Default: 0 Days 1 Hours 0 Minutes Explanation: If the IP address request message sent from the client does not contain a valid lease time, the lease time of the IP address the server allocates to the client is the default value.
Page 199: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Caution: After configuration, click <Run> button to allocate correct IP addresses to clients. 22.1.4 Typical Configuration Example As Figure 176 shows, switch A works as a DHCP server and switch B works as a DHCP client. The port 3 of Switch A connects with the port 4 of Switch B. The client sends out IP address request messages and the server can allocate an IP address to the client in three ways.
Page 200 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 177: DHCP client obtain IP address-1 Static MAC address binding method  Switch A configuration 1. Enable the DHCP server status, as shown in Figure 169 2. Select Common-Mode in the DHCP server mode, as shown in Figure 170. 3.
Page 201 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 178: DHCP client obtain IP address-2 Dynamic obtainment of IP address in address pool  Switch A configuration 1. Enable DHCP server status, as shown in Figure 169. 2. Select Common-Mode in the DHCP server mode, as shown in Figure 170. 3.
Page 202: Dhcp Snooping
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 179: DHCP client obtain IP address-3 22.2 DHCP Snooping 22.2.1 Introduction DHCP Snooping is a monitoring function of DHCP services on layer 2 and is a security feature of DHCP, ensuring the security of the client further. The DHCP Snooping security mechanism can control that only the trusted port can forward the request message of the DHCP client to the legal server, meanwhile, it can control the source of the response message of the DHCP...
Page 203: Web Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 obtaining invalid IP addresses. 22.2.2 Web Configuration 1. Enable DHCP Snooping function, as shown in Figure 180. Figure 180: DHCP Snooping state DHCP Snooping Status Configuration options: Enable/Disable Default: Disable Function: Enable/Disable switch DHCP Snooping function Caution: The switch working as DHCP server and client cannot enable DHCP Snooping function.
Page 204: Typical Configuration Example
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Protocol Status Configuration options: Trust/Untrust Default: Untrust Function: set the port to a trusted port or an untrusted port. The ports that connect with valid DHCP servers directly or indirectly are trusted ports. Caution: The trusted port configuration and Port Trunk is mutually exclusive. The port joining in a trunk group cannot be set to a trusted port.
Page 205: Option 82 Configuration
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Figure 182: DHCP Snooping Typical Configuration Example Switch B configuration:  Enable DHCP Snooping function, as shown in Figure 180.  Set the port 1 of switch B to a trusted port and set the port 3 to an untrusted port, as shown in Figure 181.
Page 206 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 sub-options are shown below:  Sub-option 1 contains the VLAN ID and number of the port that receives the request message from the DHCP client, as shown in Table 10. Table 10: Sub-option 1 Field Format Sub-option type Length (0x04) VLAN ID...
Page 207: Dhcp Snooping Supports Option 82 Function
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 (The character is indicated by ASCII code and each character occupies one byte). The length is fixed to 16. If the configured length of the character string is less than 16 bytes, fill in the missing characters by 0. 22.3.1 DHCP Snooping Supports Option 82 Function 1.
Page 208 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 field and forward the message to the client; if the message does not contain Option 82 field, process the response message according to the server policy, as shown in Table 14. Table 14: Processing Modes for Response Messages (DHCP Snooping) Receive response Configuration policy...
Page 209: Dhcp Server Supports Option 82 Function
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Configuration options: Drop/Replace/Keep Default: Keep Function: Configure client policy. The DHCP Snooping device processes the request message sent from the Client according to Client Policy, as shown in Table 13. Server Policy Configuration options: Drop/Keep Default: Keep Function: Configure server policy.
Page 210 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 If the DHCP Server is set to support Option82 function, when the DHCP server receives the DHCP request message, it will provides different address allocation solution according to whether the message contains Option82 field and server configuration. The DHCP server includes the following variables: ...
Page 211 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 option field: Add Option82 field into response message, and allocate IP address and other parameters to the client  The value of relay agent information option is not matched to the Option82 field: the server does not allocate IP address to the client Do not configure...
Page 212 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 The request message contains Option82 The server does not allocate IP address field and other parameters to the client The request message does not contain The response message does not contain Option82 field Option82 field, and the server allocate IP address and other parameter to the client...
Page 213: Appendix: Acronyms
SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Appendix: Acronyms Acronym Full Spelling Authentication, Authorization, Accounting Address Resolution Protocol BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Command Line Interface Cyclic Redundancy Check DHCP Dynamic Host Configuration Protocol DSCP Differentiated Services Code Point File Transfer Protocol GARP Generic Attribute Registration Protocol...
Page 214 SICOM3009A/3306/3216/KIEN7009 Series Web Operation Manual_V1.1 Spanning Tree Protocol TACACS+ Terminal Access Controller Access Control System Transmission Control Protocol TFTP Trivial File Transfer Protocol Type of Service User Datagram Protocol User-Based Security Model Virtual Cable Tester VLAN Virtual Local Area Network Weighted Round Robin...

This manual is also suitable for:

Sicom3306 series Sicom3216 series Kien7009 series

KYLAND Technology SICOM3009A Series Web Operation Manual

1 Product Introduction

2 Switch Access

3 Device Management

4 Device Status

5 Basic Configuration

6 Lldp

7 ARP Configuration

8 Qos Configuration

9 Port Trunk

10 MAC Aging Time

11 Port Rate Configuration

12 Redundant Protocols

13 Multicast Protocol

14 Diagnosis Function

15 Sntp

16 Security Functions

18 Rmon

19 Unicast Configuration

20 Alarm and Log

21 Snmp

22 Dhcp

Appendix: Acronyms

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KYLAND Technology SICOM3009A Series

Summary of Contents for KYLAND Technology SICOM3009A Series

This manual is also suitable for:

Table of Contents