Page 2
CTC Union Technologies Co., Ltd. Far Eastern Vienna Technology Center (Neihu Technology Park) 8F, No. 60 Zhouzi St. Neihu District Taipei 114 Taiwan Tel: +886-2-26591021 Fax: +886-2-26275211 Email: sales@ctcu.com URL: http://www.ctcu.com GSW-3208M1/3216M1/3424M1 User Manual 8+2, 16+2 and 24+4 Gigabit Ethernet Layer 2 Switches w/SNMP Version 2.0 November 06, 2013 (Updated)
Page 3
About this manual … This manual is a general manual for different models of our Gigabit Management Switch. They are similar in operation but have different hardware configurations. These models are 8 * TX + 2 * SFP (10G) ports model This model supports eight TX ports and two extra SFP ports for Gigabit Ethernet connections.
Contents 1. INTRODUCTION......................3 1.1 P ....................3 ACKAGE ONTENTS 2. WHERE TO PLACE THE SWITCH................4 3. CONFIGURE NETWORK CONNECTION ..............7 3.1 C ..............7 ONNECTING EVICES TO THE WITCH 3.2 C ..........7 ONNECTING TO NOTHER THERNET WITCH 3.3 A ......................
Introduction There are three models for the Gigabit Management Switch Series – 8TX+2SFP(10G) model, 16TX+2SFP(18G) model, and 24TX+4SFP(24G) model. This Gigabit Management Switch is a Layer2 Management switch with lots of advanced network functions including VLAN, trunking, spanning tree, mirror port, rate limit, IGMP and port configuration.
Where To Place the Switch This Switch can be placed on a flat surface (your desk, shelf or table). Place the Switch at a location with these connection considerations in mind: The switch configuration does not break the rules as specified in Section ...
Page 8
mounted switch. 3. Circuit Overloading - Be sure that the supply circuit to the rack assembly is not overload after installing this switch. 4. Grounding - Rack-mounted equipment should be properly and well grounded. Particular attention should be given to supply connections other than direct connections to the mains.
Page 9
1. Position a bracket that is already attached to the switch on one side of the rack. 2. Line up the screw holes on the bracket with the screw holes on the side of the rack. 3. Use a screwdriver to install the rack screws through the mounting bracket holes into the rack.
3.3 Application A switch can be used to overcome the hub-to-hub connectivity limitations as well as improve overall network performance. Switches make intelligent decisions about where to send network traffic based on the destination address of the packet. As a result, the switch can significantly reduce unnecessary traffic. The example below demonstrates the switch ability to segment the network.
4. Adding Module This switch supports SFP (for 100/1000SX/LX/… modules) connectors for fiber optic connection. Because the SFP slots support hot-swap function, you can plug/unplug SFP transceiver to/from the SFP slot directly. The switch can auto-detect the fiber optic connection from SFP slot. S F P S lo t Follow the steps for module adding and removing.
5. LEDs Conditions Definition The LEDs provide useful information about the switch and the status of all individual ports. [ For 8TX+2SFP / 16TX+2SFP / 24TX+4SFP Models ] STATUS CONDITION Pow er Sw itch is receiving pow er. Sw itch is pow er OFF. System System is booting.
6. Manage / Configure the Switch 6.1 Introduction of the management functions This switch is a L2 Management switch. It supports in -band management function from Http/Telnet/SNMP interfaces. Console is supported for local command-line settings. It supports network configuration functions, like VLAN, Trunking, Port Mirror, QoS, spanning tree and software backup/update.
Page 15
automatically. But it will also cause a period of delay (30 seconds for STP and shorter time for RSTP) if any network connection is changed because of the network topology detection operation of the protocol. Because there could be more than one switch in the network, users can configure this function for their network spanning tree applicatio n.
Page 16
7. Dynamic Mac ID Number Limit Beside Static Mac ID Limit, there is another Dynamic Mac ID Number Limit function for Mac address security on port. This function can limit the Mac ID number to access network through a port. For example, five Mac ID are That means up to five users are allowed, but don’t care allowed for Port 2.
Page 17
14. IP Source Guard This function can limit the IP address for accessing network from switch port. That can prevent illegal IP problem in network. 15. ACL (Access Control List) This function is used to define network access control policy - a list of packet filtering rules.
6.2 Settings with Console Connection 6.2.1 Basic of the Console Interface << Enter Console Interface >> Please follow the steps to complete the console hardware connec tion first. 1. Connect from console port of the switch to COM port of PC with the console cable.
Page 19
administrator level could be created with “username” command under “(config)#”. The previlege level is “3” for them. After login the switch, a prompt “#” will be shown. Because this switch supports command-line for console interface, you can press “?” to check the command list.
Page 20
switch can be configured in this mode. ---------------------------------------------------------------- (config)# interface vlan 10 (config-if)# ---------------------------------------------------------------- [ operator level ] Users with operator level could be created by administrator with “username” command under “(config)#”. The previlege level is “2” for them. After login the switch, a prompt “>” will be shown. Because this switch supports command-line for console interface, you can press “?”...
Page 21
exit Exit from current mode help Show available commands history Show a list of previously run commands logout Disconnect quit Quit commands show Show s information > --------------------------------------------------------------------------------------------- With guest level, it is allowed to view the switch status and configuration only. No setup/configure commands are supported.
Page 22
If the settings are for ports, it is done with “interface ethernet 1/x” command in configure mode. And the prompt will become “(config-if)#”. For example, “interface ethernet 1/5” is for settings on Port 5. If the settings are for VLAN group, it is done with “interface vlan x” command in configure mode.
6.2.2 General Basic Commands When “admin” / “admin” is used for username/password, the console will enter administrator mode. Enter “?”, command list will be shown. --------------------------------------------------------------------------------------------- exit Exit from current mode help Show available commands history Show a list of previously run commands logout Disconnect ping...
Page 24
Enter “ping ?” at the prompt, the command syntax will be shown. # ping ? Syntax: ping [-n count] [-l length] [-i ping interval] ip -n count : Number of echo requests to send.(1~60) -l length : Send buffer size, and length (2-1452) : ping interval (0-30) : IP address (xxx.xxx.xxx.xxx) For example, “ping 192.168.1.80”.
Page 25
ddmi Digital Diagnostics Monitoring Interface dhcp-relay DHCP Relay Configuration dot1x 802.1x content Show eee configuration history History information interface Interface information IP information lacp LACP statistics lldp Show lldp Configuration Log records loopback-detection Show loopback detection mac-address-table Configuration of the address table mac-security MAC Security Configuration management...
Page 26
Mirror Configuration: ===================== Mirror Port: Disabled Port Mode ---- -------- Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled If the display is more than one console page, “Esc” can be used to break the display. For the details, please refer to section 6.2.6 Show commands. 10.
Page 27
address>”(IPv4 or IPv6 address) as file name “yyy” in text format. copy config tftp running-config <ip address> yyy command is used to restore text configuration file “yyy” from TFTP Server at IP “<ip address>”(IPv4 or IPv6 address). copy firmware running-firmware tftp <ip address> yyy command is used to backup current running firmware to TFTP Server at IP “<ip address>”(IPv4 or IPv6 address) as file name “yyy”...
6.2.3 Configure Mode Commands Entering “configure” command at console interface, the prompt will become ... “(configure)#”. All the general settings for the switch can be done in this mode. If the settings are for ports, it is done with “interface” command in configure mode.
Page 29
Configuration of QoS radius-accounting-server Configures RADIUS Accounting Server radius-authentication-server Configures RADIUS Authentication Server rmon Configures RMON function sflow Configures sflow function snmp-server Modifies SNMP server parameters spanning-tree Configures spanning tree parameters storm-control Configures storm control tacacs-authentication-server Configures TACACS+ Authentication Server username Establishes user name authentication vlan...
Page 30
aaa authentication login ssh [local|none|radius|tacacs+] command will set the authentication manner for user login from SSH connection. aaa authentication login telnet [local|none|radius|tacacs+] command will set the authentication manner for user login from telnet connection. aaa authentication login web [local|none|radius|tacacs+] command will set the authentication manner for user login from web connection.
Page 31
number between 1~256. That is the index of this ACE. This command will change the prompt to “(config-ace-x)#” for ACL setting of this filtering rule. “x” is the index number of this rule. After ACL rules are defined, apply ACL rules to connection ports with “acl” command in port interface configuring mode under prompt “(config -if)#”...
Page 32
tag_prio VLAN tag priority Specify vlan id Here is the details of these sub-commands. 1). exit : this command is used to exit the ACL setting. 2). help : this command will show all available commands. 3). history : this command will list the input command history. 4).
Page 33
“next_id x” command can jump to another ACE setting. “x” is the ACE index number between 1 to 256. 12). policy : this command is used to set the policy number for group of ports to apply this ACE. Policy number of port is defined under port interface prompt with “(config-if)#”.
Page 34
8 aggregation command This command is used to configure the aggregation hash mode. Frames will go through port in the aggregation connection accrod ing to the result of hash operation. aggregation destination_mac_address : The Destination MAC Address can be used to calculate the destination port for the frame. aggregation ip_address : The IP address can be used to calculate the destination port for the frame.
Page 35
used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain. The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client.
Page 36
contains it is received. replace: Replace the original relay information when a DHCP message that already contains it is received. dhcp-relay mode command enable the DHCP relay function. And “no dhcp- relay mode” command can disable it. When DHCP relay mode operation is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain.
Page 37
dot1x agetime x command is used to set aging time. “x” is a num ber between 10~10000000 in seconds. This setting applies to the following modes, i.e. modes using the Port Security functionality to secure MAC addresses: • Single 802.1X •...
Page 38
• Single 802.1X • Multi 802.1X • MAC-Based Auth. If a client is denied access - either because the RADIUS server denies the client access or becaus e the RADIUS server request times out (according to the timeout specified in “AAA") - the client is put on hold in the Unauthorized state.
Page 39
Note: 1. Setting 802.1x function on ports, use “dot1x” command in interface configuring mode. 2. Setting for RADIUS servers, use “radius -accounting-server” and “radius - authentication-server” command. Please refer to sections for the commands. 14 end command This command is used to exit from configure mode. 15 hostname command This command is used to set the name of the switch in network.
Page 40
17 ip command This command is used to configure some IP-depending functions. Entering “ip ?”, the sub-commands will be shown. (config)# ip ? default-gatew ay Specifies the default gatew ay Set the DNS server address dns-proxy Setthe IP DNS Proxy mode ipv6-default-gatew ay Specifies the default gatew ay https HTTPS server configuration...
Page 41
proxy Set the mode of Proxy ssm-range Enable IGMP query function unregflood Enable unregister flood function <cr> Enable Snooping ip igmp snooping command is used to enable IGMP function of the switch. And “no ip igmp snooping” command can be used to disable it. ip igmp snooping vlan x ...
Page 42
ip igmp snooping vlan x parameter-qri y command is used to set IGMP Query Response Interval. Query Response Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into the periodic General Queries. “x” is VALN ID with number 1~4095. “y”...
Page 43
leave-proxy Enable filtering proxy Set the mode of Proxy ssm-range Enable IGMP query function unregflood Enable unregister flood function <cr> Enable Snooping ip mld snooping command is used to enable MLD function of the switch. And “no ip mld snooping” command can be used to disable it. ip mld snooping vlan x ...
Page 44
by the Querier. “x” is VALN ID with number 1~4095. “y” is 1 to 31744 in seconds. ip mld snooping vlan x parameter-qri y command is used to set Query Response Interval. Query Response Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into the periodic General Queries.
Page 45
server” command is used to disable it. SSH is an acronym for Secure SHell. It is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The encryption used by SSH provides confidentiality and integrity of data over an insecure network.
Page 46
Entering “lldp ?”, the commands will be listed. (config)# lldp ? interval Specify transmit interval tx-hold Specify hold time multiplier tx-delay Specify delay interval reinit-delay Specify reinit delay lldp interval x command is used to specify transmit interval. The switch periodically transmits LLDP frames to its neighbours for having the network discovery information up-to-date.
Page 47
log-level Log level remote-log Enable logging to remote host clear Clear logging table information logging log-level x command is used define the log level of events. Indicates what kind of message will send to syslog server. Possible modes are: 0: Info - Send informations, warnings and errors. 1: Warning - Send warnings and errors.
Page 48
mode Set the Loop Protection to be enabled shutdow n Set or show the Loop Protection shutdow n time transmit Set the Loop Protection transmit interval loopback-detection mode command is used to enable this function globally. And “no loopback-detection mode” command is used to disable it globally. Only both loopback-detection function are enabled globally and by port, this function starts to work on those ports.
Page 49
the four different actions - None, Trap, Shutdown, Trap & Shutdown. The Limit Control module utilizes a lower-layer module, Port Security module, which manages MAC addresses learnt on the port. mac-security aging x command is used to configure the aging time of secured mac address.
Page 50
(config)# management 1 ? ipaddr Set IP and net mask for a specified set protocol Set protocol for a specified set management enable command is used to enable the management security function. And “no management enable“ command is used to disable it. management x ipaddr y.y.y.y z.z.z.z command is used to set the IP address range allowed for this rule.
Page 51
** Before configuring MVR function, complete the VLAN setting first ** Using MVR function, you have to enable IGMP snooping function first. This switch supports eight MVR VLANs. They are referred with their VLAN ID. For any MVR setting, you have to assign the VLAN ID in the command. Entering “mvr ?”, the sub-commands will be shown.
Page 52
After MVR VLAN is created, you can assign IP multicast groups (video channels) to the MVR VLAN. And you can assign more than one IP multicast groups (video channels) to one MVR VLAN. For example, “mvr 10 group abc 224.0.0.2”. start-address 224.0.0.1 end-address mvr x mode [compatible | dynamic] command is used to s pecify the MVR mode of operation.
Page 53
hostname Sets system's netw ork name Global IP configuration sub commands ip-source-guard IP Source Guard Configuration lldp LLDP setting logging Modifies message logging facilities loopback-detection Configures loopback detection mac-address-table Configuration of the address table mac-security Configuration of mac security management Specifies management IP filter mirror Configuration of mirror...
Page 54
ntp server x <IP address> command is used to set the IP address of network time server for NTP protocol operation. Up to five time servers is supported. “x” is the index(1~5) of time servers. <IP address> provides the IPv4 or IPv6 address of a NTP server.
Page 55
Other Port-based QoS settings are configured in port configuring mode under prompt “(config-if)#”. Entering “qos ?”, the following sub-commands will be shown. (config)# qos ? dscp DSCP Configuration QoS Control List Configuration The first sub-command is for DSCP Configuration. The second sub- command is for QCL(QoS Control List) Configuration.
Page 56
Classification settings. It takes effect for those trusted DSCP val ues. qos dscp translation x y command is used to set global ingress DSCP translation table. “x” is the DSCP value 0~63 before translation. “y” is the DSCP value 0~63 after translation. Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map.
Page 57
logout command This command is used to logout from console interface. quit command This command is used to quit from console interface. It has the same function as logout. action command This command is used to define the QoS action for a frame when this QCE is matched.
Page 58
- IPv4 (DSCP value / IP-Fragment or not / Protocol - Port Number of TCP, UDP, other / Source IP Address) - IPv6 (DSCP value / Protocol - Port Number of TCP, UDP, other / Source IP Address) - LLC (SSAP / DSAP / Control) - SNAP (PID) key smac [any | xx-xx-xx] command is used to define the key parameters by the Source MAC address: 24 MS bits (OUI).
Page 59
set to 0 (zero), the default port (1813) is used. Configure the operation parameters ... radius-accounting-server dead-time x command is used to specify Dead Time of Common Servers. “x” is the Dead Time with a number between 0 and 3600 seconds. The Dead Time is the period during which the switch will not send new requests to a server that has failed to respond to a previous request.
Page 60
radius-authentication-server dead-time x command is used to specify Dead Time of Common Servers. “x” is the Dead Time with a number between 0 and 3600 seconds. The Dead Time is the period during which the switch will not send new requests to a server that has failed to respond to a previous request.
Page 61
startup-alarm The method of sampling variable Indicates the particular variable to be sampled rmon alarm x falling-index y command is used to set the Falling event index of the alarm. “x” is the index of the entry between 1~65535. “y” is the Falling event index (1-65535).
Page 62
community Specify the community w hen trap is sent desc Indicates this event, the string length is from 0 to 127 type Indicates the notification of the event rmon event x community yyy command is used to specify the community when trap is sent.
Page 63
65535. For example, entering “rmon statistics 10 ?”, the follwing sub- commands will be shown. (config)# rmon statistics 10 ? data_source Indicates the port ID w hich w ants to be monitored rmon statistics x data_source .1.3.6.1.2.1.2.2.1.1.y command is used “x”...
Page 64
• If sFlow is currently configured through SNMP, Owner is a string identifying the sFlow receiver. If sFlow is configured through SNMP, all controls are disabled to avoid inadvertent reconfiguration. sflow receiver time_out x command is used to set the Receiver Time_out for list of receiver ID.
Page 65
failure“ command is used to disable it. snmp-server x community yyy command is used to set the the community access string when sending SNMP trap packet. “x” is the index of the trap 1~1. “yyy” is community string with length is 0 to 255, and the allowed content is ASCII characters from 33 to 126.
Page 66
ASCII characters from 33 to 126. “zzz” is the name of the MIB view defining the MIB objects for which this request may potentially set new values. The allowed string length is 1 to 32, and the allowed content is ASCII chara cters And “no snmp-server snmpv3-access group-name xxx from 33 to 126.
Page 67
to create a SNMPv3 user with “Authentication and No Privacy” security level. “xxx” is SNMPV3 Engine ID. “yyy” is a string identifying the user name that this entry should belong to. “zzz” is a string identifying the authentication password phrase. snmp-server snmpv3-user xxx yyy auth-priv [md5 | sha] zzz des www command is used to create a SNMPv3 user with “Authentication and Privacy”...
Page 68
This command is used to configure spanning tree protocol of the switch. Entering “spanning-tree”, the sub-commands will be shown. (config)# spanning-tree ? bpdufilter Set edge port BPDU Filtering bpduguard Set edge port BPDU Guard cname Set configuration name and revision for MSTI forw ard-delay Global STA forw ard time configuration.
Page 69
operation mode of spanning tree. It could be MSTP, RSTP, or STP. spanning-tree msti instance x vlan y command is used to add a VLAN to a MSTI. “x” is a number between 1~7 to indicate the MSTI. “y” is the VLAN ID (1~4094) of the VLAN added to the MSTI.
Page 70
and could be 1, 2, 4, 8, ..., 512, 1k, 2k, 4k, ..., 512k, 1024k, 2048k, ..., 32768k. storm-control unicast x command is used to set unicast flooding traffic suppression rate. “x” is the suppression rate in pps(packet per second), and could be 1, 2, 4, 8, ..., 512, 1k, 2k, 4k, ..., 512k, 1024k, 2048k, ..., 32768k.
Page 71
subintervals of equal length. If a reply is not received within the subinterval, the request is transmitted again. This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead. 39 username command This command is used to create a user and assign username, password, and privilege_level for him/her.
Page 72
<cr> Enable Voice VLAN mode operation voice-vlan command is used to enable Voice VLAN function. And “no voice- lan” command can be used to disable it. voice-vlan agetime x command is used to configure the Voice VLAN secure learning aging time. “x” is the aging time. The allowed range is 10 to 10000000 seconds.
6.2.4 Interface Configuring Commands Commands in Configuring Mode are for general switch settings. And its prompt is “(config)#”. The port interface function and VLAN group interface function are set with “interface” command. (config)# interface ? ethernet Ethernet port vlan Sw itch Virtual LAN interface interface ethernet 1/x command is used to configure settings for Port x.
Page 74
this command will be applied to ports in this range. Fo r example, “interface ethernet 1/4-7” and the settings after this command will be applied to Port 4, Port 5, Port 6, and Port 7. (Port 4~7) 4. interface ethernet 1/w,x,..,y-z and “w”,”x”,”y”,”z” are port number. All the settings after this command will be applied to those ports.
Page 75
sflow configured sFlow samplers shutdown Shuts down the selected interface spanning-tree Specifies spanning tree configuration speed Configures speed operation switchport Configures switching mode characteristics voice-vlan Voice VLAN Configuration ---------------------------------------------------------------------------------------------- 1 exit command This command is used to leave current operation mode. Go back to last mode.
Page 76
permitted ("permit") or denied ("deny") for the interface port(s). acl logging command is used to enable frames received on the port are stored in the System Log. Please note that the System Log memory size And “no acl logging“ command is used to and logging rate is limited.
Page 77
8 channel-group command This command is used to add the interface port(s) to a Aggregation Group. This is a static Aggregation Group assignment. Only full duplex ports can join an aggregation and ports must be in the same speed in each group. channel-group x will add the interface port(s) to the trunk group “x”.
Page 78
the port's Admin State is in an EAPOL-based or MAC-based mode. dot1x clear command is used to clear 802.1X statistics for the interface port(s). dot1x guest_vlan command is used to enable Guest VLAN function for the interface port(s). And “no dot1x guest_vlan“ command is used to dis able it. Guest VLAN function works when Guest VLAN is both globally enabled and enabled for a given port.
Page 79
can be used by anyone. Also, only the MD5 -Challenge method is supported. The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality. - multi-802.1x : Configures more supplicants can get authenticated on the same port at the same time.
Page 80
)authentication fails or the RADIUS Access -Accept packet no longer carries a QoS Class or it's invalid, or the supplicant is otherwise no longer present on the port, the port's QoS Class is immediately reverted to the original QoS Class (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned).
Page 81
12 end command This command is used to exit from interface mode. (config-if)# end (config)# 13 excessive command This command is used to configure the operation when excessive collision happens on half duplex mode. excessive [discard | restart] command is used to configure the operation when excessive collision happens on half duplex mo de.
Page 82
16 ip command This command is used to configure IGMP/MLD Snooping function for the port(s). ip igmp snooping fastleave / ip mld snooping fastleave command is used to And “no ip igmp snooping enable fast-leave function for the port(s). fastleave“ / “no ip mld snooping fastleave“ command is used to disable it. Multicast snooping Fast Leave processing allows the switch to remove an interface from the forwarding-table entry without first sending out group specific queries to the interface.
Page 83
packets forwarding that are matched in static entries on the specific port. ip-source-guard mode command is used to enable this function for the ports. And “no ip-source-guard mode” command is used to disable it. Note: Dynamic IP Source entry is learned from DHCP request. Before enable IP Source Guard, DHCP Snooping function should be enabled first.
Page 84
- enable : enable LLDP operation on the ports. The switch will send out LLDP information, and will analyze LLDP information received from neighbours. - rx-only : set the the ports as Receive-Only for LLDP operation. The switch will not send out LLDP information, but LLDP information from neighbour units is analyzed.
Page 85
And “no lldp address” included in LLDP information transmitted. management-address“ command is used to disable it. 20 loopback-detection command This command is used to configure Loopback Detection for the ports. loopback-detection action [log | shutdown | shut_log] command is used to configure the action performed when a loop is detected on a port.
Page 86
23 mdi/mdi-x command This command is used to configure MDI/MDI-X mode of port. mdi/mdi-x [auto | mdi | mdi-x] command is used to configure MDI/MDI-X mode of ports. “mdi” is for Hub/Switch connection. “mdi-x” is for PC device connection. “auto” can auto-detect the connection. 24 mvr command This command is used to configure MVR function for the ports.
Page 87
port Configures the characteristics of the port port-vlan Configures Port-Based VLAN pow er-control Decrease energy consumption Configuration of QoS sflow configured sFlow samplers shutdow n Shuts dow n the selected interface spanning-tree Specifies spanning tree configuration speed Configures speed operation sw itchport Configures sw itching mode characteristics voice-vlan...
Page 88
maximum number and its valid value is 0-1024. For example, x=5 will allow up to five network devices / PC access network through the inter face port(s). If the limit is exceeded, the corresponding action is taken. The switch is "born" with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security-enabled port.
Page 89
dscp QoS Port DSCP Configuration policer QoS Ingress Port Policers queueshaper Queue Shaper scheduler QoS Egress Port Schedulers shaper QoS Egress Port Shapers tagremarking QoS Egress Port Tag Remarking “qos classification ...” command is used to configure default QoS Ingress Port Classification on ports.
Page 90
ports. - enable : Rewrite enabled without remapping. The new DSCP value is defined by “qos dscp classification-map” command in (config)#. - remap_dp_aware : Rewrite enabled with remapping. The remapped DSCP value is defined by “qos dscp egressremap” command in (config)#. - remap_dp_unaware : Rewrite enabled with remapping.
Page 91
qos scheduler weight x y command is used to set weighting “y” for transmit queue “x”. “x” is queue number with value 0~7. “y” is weighting with value 1~100. It is for traffic scheduling in Weighted mode. “qos shaper ...” command is used to configure traffic shaper function of the ports.
Page 92
number of bytes that should be copied from a sampled packet to the sFlow datagram. “x” is the maximum number with valid range 14~200 bytes. If the maximum datagram size does not take into account the maximum header size, samples may be dropped. sflow flowsampler sampling-rate x command is used to set the statistical sampling rate for packet sampling.
Page 93
spanning-tree edge-port command is used to spanning-tree edge-port command is used to set the operEdge flag should start as set. (The initial operEdge state when a port is initialized). “ no spanning-tree edge-port“ command is used to set the operEdge flag should start as cleared.
Page 94
set it can cause temporary loss of connectivity after changes in a spanning tree's active topology as a result of persistently incorre ct learned station location information. It is set by a network administrator to prevent bridges external to a core region of the network, causing address flushing in that region, possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently.
Page 95
used to allow the interface port(s) to accept tagged or untagged frame. - all : The port accepts all frames, tagged or untagged. - tagged : The port accepts only tagged frames. - untagged : The port accepts only untagged frames. switchport allowed vlan [add x | remove x | forbidden add x | forbidden remove x] command will add the interface port(s) to VLAN x, remove the interface port(s) from VLAN x, as forbidden port(s) to VLAV x, not forbidden...
Page 96
untagged. - untag_pvid : this is a hybrid egress port. All egress packets except the configured PVID will be tagged. 35 voice-vlan command This command is used to configure Voice VLAN function for the interface port(s). (config-if)# voice-vlan ? discovery-protocol Set the Voice VLAN port discovery protocol mode port-mode Set the Voice VLAN port mode...
Page 97
Note: The general VLAN settings are done with “vlan database” command. 6.2.5 VLAN Configuring Commands for the details. Please refer to section interface vlan x command is used to assign characteristics to a VLAN group interface. For example, assigning IP address to a VLAN inte rface is done with this command.
Page 98
5. quit command This command is used to quit from console interface. It has the same function as logout. 6. interface command This command is used to change to another interface VLAN groups for next setup commands. (config-if)# interface ? vlan Sw itch Virtual LAN interface For example,...
Page 99
8. ipv6 command This command is used to set IPv6 address of the switch on this VLAN interface. And only users in this VLAN can a ccess this switch with the IPv6 address remotely. (config-if)# ipv6 address ? autoconfig Set the IPv6 AUTOCONFIG mode renew Renew IP <ipv6 address>...
6.2.5 VLAN Configuring Commands Commands in Configuring Mode are for general switch settings. And its prompt is “(config)#”. If the settings are for VLANs, it should enter VLAN configuring mode first by “ vlan database” command in configure mode. And its prompt will become “(config- vlan)#”.
Page 101
4 logout command This command is used to logout from console interface. 5 quit command This command is used to quit from console interface. It has the same function as logout. 6 end command This command is used to exit from VLAN Configuring mode. (config-vlan)# end (config)# 7 no command...
6.2.6 Show Commands Show command is put in General Basic Commands for viewing system configuration and information. Enter “show ?” at the prompt, the sub-command list will be shown. ---------------------------------------------------------------------------------------------- # show ? Show AAA service configuration Packet Access Control List calendar Date and time information ddmi...
Page 103
1. show acl command This command will show ACL settings and status. # show acl ? ports Show the ACL port configuration rate Show the ACL rate limiter status Show ACL status <1-256> show an access list configuration <cr> show all access list configuration show acl port command will show ACL port configration.
Page 104
------------ ---- 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS show acl status command will show ACL status. For example, # show acl status User...
Page 105
- Counter : counter indicates the number of times the ACE was hit by a frame. - Confl. : the hardware status of the specific ACE. The specific ACE is not applied to the hardware due to hardware limitations. show acl x command is used to show an ACE status. “x” is the ID of ACE with value 1~256.
Page 106
DHCP Relay Server : 192.168.1.100 DHCP Relay Information Mode : Enabled DHCP Relay Information Policy : Replace Server Statistics: ------------------ Transmit to Server Transmit Error Receive from Server Receive Missing Agent Option : Receive Missing Circuit ID : Receive Missing Remote ID Receive Bad Circuit ID Receive Bad Remote ID Client Statistics:...
Page 107
and status of the switch. For example, # show dot1x configuration 802.1X Configuration: ===================== Mode : Disabled Reauth. : Disabled Reauth. Period : 3600 EAPOL Timeout : 30 Age Period : 300 Hold Time : 10 RADIUS QoS : Disabled RADIUS VLAN : Disabled Guest VLAN...
Page 108
Disabled Disabled show dot1x radius_vlan command is used to show per-port enabledness of RADIUS-assigned VLAN. For example, # show dot1x radius_vlan RADIUS Port VLAN Current ---- ------- ------- Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled show dot1x statistics command is used to show 802.1X statistics. For example, # show dot1x statistics Port 1 EAPOL Statistics:...
Page 109
---- ------- ------------- Disabled none Disabled none Disabled none Disabled none Disabled 1 Disabled none Disabled none Disabled none none none 6. show history command This command is used to show the history of input commands. # show history 1. config 2.
Page 110
Errors Drops Filtered ========================================== Tx Counter Statistics Packets Octets Errors Drops show interface detailed_counters command will show detail statistics counters for all ports. show interface detailed_counters ethernet 1/x command will show detail statistics counters for Port x. (“x” is the port number). For example, # show interface detailed_counters ethernet 1/5 Rx Packets:...
Page 111
V = Voice VLAN Port Users State MAC Cnt ---- ----- ------------- ------- ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users show interface sfp command will show the detected sfp type.
Page 112
show interface switchport command will show VLAN configuration of all ports. For example, #show interface sw itchport VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- Disabled Untag PVID Unaw are Disabled Untag PVID Unaw are Disabled...
Page 113
8. show ip command This command is used to show switch IP configuration and current ARP Inspection, DHCP Snooping, Http Configuration, IGMP/MLD Snooping, SSH , IP Source Guard,... status and configuration. # show ip ? Address Resolution Protocol dhcp DHCP snooping http Show HTTP configuration igmp...
Page 114
DHCP Snooping Mode : Disabled Port Port Mode ---- ----------- trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted # show ip dhcp snooping statistics Port 1 Statistics: -------------------- Rx Discover: Tx Discover: Rx Offer: Tx Offer: Rx Request: Tx Request: Rx Decline: Tx Decline:...
Page 115
IGMP Interface Setting Compatibility ---- ------------- (Please create IGMP Interfaces) IGMP Port Status ( Router-Port ) Port Router Dynamic Router ---- -------- -------------- Disabled No ---More--- show ip interface command will show current switch IP configuration. # show ip interface IP Configuration: ================= DHCP Client...
Page 116
(Please create MLD Interfaces) MLD Port Status ( Router-Port ) Port Router Dynamic Router ---- -------- -------------- Disabled No ---More--- show ip ssh command will show current SSH settings. # show ip ssh SSH Configuration: ================== SSH Mode : Enabled show ip verify source command will show IP Source Guard configuration.
Page 117
show lacp config command will show current LACP configuration. # show lacp config LACP Configuration: =================== System Priority: 32768 Port Mode Role Timeout ---- -------- ---- ------ ------- Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast...
Page 118
Disabled 1 Disabled 1 Disabled 1 10. show lldp command This command is used to show current LLDP configuration and status. show lldp command will show current LLDP configuration. # show lldp LLDP Configuration: =================== Interval : 30 Hold Tx Delay Reinit Delay: 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP aw areness...
Page 119
---- ------ ------ ------ -------- ------ ------- ------- ----- 11. show log command This command is used to show current system log and system log configuration. # show log ? configuration logging configuration <cr> show log command is used to show current system log content. For example, # show log Number of entries:...
Page 120
This command is used to show Loopback Detection configuration and status. # show loopback-detection ? config Loop protect configuration ethernet Show loop protection port configuration status Show the loop protection status show loopback-detection config command will show Loopback Detection configuration. # show loopback-detection config Loop Protection Configuration: ==============================...
Page 121
13. show mac-address-table command This command is used to set Mac address table and configuration about it. # show mac-address-table ? aging-time Aging time for entries in the address table address Address information learning Show the port learn mode statistics Show MAC address table statistics <cr>...
Page 122
Port Learning ---- -------- Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto show mac-address-table statistics command will show MAC address table statistics. # show mac-address-table statistics Port Dynamic Addresses ---- ----------------- Total Dynamic Addresses: 23 Total Static Addresses : 7 14.
Page 123
Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled 15. show management command This command is used to show switch management security settings and statistics.
Page 124
Port QoS class DP level PCP DEI Tag class. ---- --------- -------- ---------- Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled QoS Port Classification Map: ============================ Port PCP DEI QoS class DP level ---- --------- -------- ---More--- 17. show mvr command This command is used to show MVR configuration and status.
Page 125
================== MVR Mode: Disabled MVR Interface Setting Name Mode Tagging Priority LLQI ---- -------------------------------- ---------- -------- -------- ----- Dynamic Tagged [Port Setting of aaa(VID-10)] Inactive Port: 1-10 [Channel Setting of aaa(VID-10)] Name : aaa Start Address: 224.0.0.1 End Address : 224.0.0.10 MVR Immediate Leave Setting Port Immediate Leave ---- ---------------...
Page 126
18. show ntp command <**> This command is used to show system time settings of the switch. # show ntp ? config Show NTP configuration Show daylight saving time configuration zone Show system timezone configuration show ntp config command will show NTP configuration. # show ntp config NTP Configuration: ==================...
Page 127
# show ntp zone System Timezone Configuration: ============================== Timezone Offset : 5400 ( 540 minutes) Timezone Acronym : Japan 19. show port command This command is used to show port mirror function setting. show port monitor command is used to show port mirror function setting. For example, # show port monitor Mirror Configuration:...
Page 128
Number of QCEs: 1 show queue status command will show QCL status. # show queue status User ID Frame Class DP DSCP Conflict Port ---------- ----- ----- -- --------- -------- ------- Static Number of QCEs: 1 21. show radius-server command This command is used to show RADIUS Server configuration and statistics.
Page 129
For example, # show running-config !building running-config, please w ait..!10G …… …… interface ethernet 1/5 qos tagremarking map 2 1 0 0 exit interface ethernet 1/1-10 sw itchport allow ed vlan add 1 exit interface vlan 1 ip address 192.168.1.118 255.255.255.0 ipv6 address fc80::215:c5ff:fe03:4dc0 120 exit 23.
Page 130
Flow Ctl Disabled ....24. show rmon command This command is used to show RMON configuration. # show rmon ? alarm Show RMON alarm entries event Show RMON event entries history Show RMON history entries statistics Show RMON statistics entries show rmon alarm command will show RMON alarm configuration.
Page 131
25. sflow command This command is used to show sFlow configuration and stauts. # show sflow ? counter_poller Show counter polling interval configuration per port flow _sampler Show flow sampler configuration per port. receiver Show the sFlow receiver statistics Show statistics show sflow counter_poller command will show sFlow counter polling interval configuration per port.
Page 132
# show sflow statistics samplers Per-Port Statistics: ==================== No non-zero counters. 26. show snmp command This command is used to show SNMP configuration of the switch. # show snmp ? access SNMPv3 access entry community SNMPv3 community entry group SNMPv3 group entry user SNMPv3 user entry view...
Page 133
default_ro_group NoAuth, NoPriv default_view None 2 default_rw _group NoAuth, NoPriv default_view default_view Number of entries: 2 show snmp community command will show SNMPv3 community entry. # show snmp community SNMPv3 Communities Table: Idx Community Source IP Source Mask --- -------------------------------- --------------- --------------- public 0.0.0.0...
Page 134
Number of entries: 3 27. show spanning-tree command This command is used to show spanning tree configuration of the switch. # show spanning-tree ? ethernet Show STP Port configuration Show MSTP configuration statistics Show STP port statistics status Show STP Bridge status <cr>...
Page 135
configuration. “x” is the index of MSTI with value 0~7. # show spanning-tree ethernet 0 MSTI Port Path Cost Priority ---- ---- ---------- -------- CIST Aggr Auto MSTI Port Path Cost Priority ---- ---- ---------- -------- CIST 1 Auto CIST 2 Auto CIST 3 Auto...
Page 136
Port Rx_MSTP Tx_MSTP Rx_RSTP Tx_RSTP Rx_STP Tx_STP Rx_TCN Tx_TCN Rx_Ill. Rx_Unk. --------- -------- -------- -------- -------- ------- ------- ------- ------- ------- ----- show spanning-tree status x command will show MSTP Bridge status. “x” is the index of MSTI with value 0~7. # show spanning-tree status 0 CIST Bridge STP Status Bridge ID...
Page 137
Softw are Date : 2012-08-17T14:31:24+08:00 MAC Address : 00-c0-f9-66-66-99 Number of Ports : 10 Previous Restart: Cold 30. show tacacs-server command This command used show TACACS+ Authentication Server Configuration. # show tacacs-server Server Timeout : 15 seconds Server Dead Time : 300 seconds TACACS+ Authentication Server Configuration: ============================================ Server Mode...
Page 138
LLAG1 Static 1,2 None 32. show users command This command is used to show users configuration. For example, # show users Users Configuration: ==================== User Name Privilege Level -------------------------------- --------------- admin ad01 op01 gu01 33. show version command This command is used to show system version information and model information.
Page 139
default 1-10 None VLAN forbidden port list: ========================= VLAN Name Ports ---- -------------------------------- ----- show vlan id x command is used to show VLAN setting of VLAN x. (“x” is the VLAN ID). # show vlan id 10 VLAN Name User Ports Conflicts Conflict_Ports ----...
Page 140
Combined None None VLAN forbidden port list: ========================= VLAN Name Ports ---- -------------------------------- ----- show vlan port-based command will show Port-Based VLAN Configuration. # show vlan port-based PVLAN ID Ports -------- ----- 1-10 show vlan voice command will show Voice VLAN configuration. # show vlan voice Voice VLAN Configuration: =========================...
6.3 About Telnet and SNMP Management Interfaces 6.3.1 About Telnet Management Interface If you want to use Telnet to manage the switch from remote site, you have to set the IP/NetMask/Gateway address to the switch first. Then use "telnet <IP>" command to connect to the switch.
6.4 Management with Http Connection Users can manage the switch with Http Web Browser connection. default IP setting is 192.168.1.1 and NetMask 255.255.255.0. The default IP Gateway is 192.168.1.254. Before http connection, IP address configuration of the switch could be changed first. 1 Please follow the instruction in Section 6.2 to complete the console connection.
Page 143
Left part of the homepage is a function list. Users can select one of them for status monitoring or switch configuration. There are four operation groups in the function list. Configuration : this is for switch function configuration. Monitor : this is for switch function status and statistics monitor. Diagnostics : this is diagnostics functions for switch.
6.4.1 Configuration - System 1). Configuration - System - Information This is used to configure System Name, System Location, and System Contact. The information is also applied to SNMP agent function. 2). Configuration - System - IP This page is used to setup IP configuration of the switch. You can enable DHCP client function to get IP configuration from DHCP server automatically.
Page 145
3). Configuration - System - IPv6 This page is used to setup IPv6 configuration of the switch. You can enable Auto Configuration function to get IP configuration automatically. Or, disable Auto Configuration function and set IP configuration manually. 4). Configuration - System - NTP This switch support NTP protocol to get time from Internet time server.
Page 146
Refer to your location to configure “Time Zone”. Daylight Saving Time function will set the system time one-hour early than normal time in a period of time. [Start Time] and [End Time] can be used to set the time period. 6).
Page 147
Users can configure Syslog Server here. If this function is enabled, the switch will record events to the Syslog Server. The Server Address is the IPv4 host address of syslog server. If the switch provide DNS feature, it also can be a host name. The Syslog Level indicates what kind of message will send to syslog server.
6.4.2 Configuration - Power Reduction Power Reduction 1). Configuration - - EEE This page is used to configure EEE (Energy Efficient Ethernet) function of the switch for power reduction. It can be enabled by port. EEE Urgent Queues will activate tranmission of frames as soon as data is available.
6.4.3 Configuration - Ports 1). Configuration - Ports This page is used to configure ports of the switch. And Link status can be found in the page. Speed can configure the operation speed and duplex mode of ports. Flow Control can configure the flow control function for full duplex connections. Excessive Collision Mode can configure the collision function for half duplex connections.
6.4.4 Configuration - Security 6.4.4.1 Configuration - Security - Switch 1). Configuration - Security - Switch - Users This page is used to create users for the switch. There are three Privilege Level for users ... 3 - This is for administrator. This user can do every configuration and view every status of the switch.
Page 151
- local: use the local user database on the switch for authentication. - radius: use a remote RADIUS server for authentication. - tacacs+: use a remote TACACS+ server for authentication. RADIUS server and TACACS+ server are configured in Configuration - Security - AAA page.
Page 152
This page is used to configure IP address range that is allowed for remote management. The remote management interface could be HTTP/HTTPS, SNMP, or TELNET/SSH. 6). Configuration - Security - Switch - SNMP 6-1). Configuration - Security - Switch - SNMP - System...
Page 153
This page is used to configure SNMP System configuration and Trap configuration. 6-2). Configuration - Security - Switch - SNMP - Communities This page is used to configure SNMPv3 Community. Entry could be added or deleted.
Page 154
6-3). Configuration - Security - Switch - SNMP - Users This page is used to configure SNMPv3 User. Entry could be added or deleted. 6-4). Configuration - Security - Switch - SNMP - Groups This page is used to configure SNMPv3 Group. Entry could be added or deleted.
Page 155
This page is used to configure SNMPv3 Access. Entry could be added or deleted. 7). Configuration - Security - Switch - RMON 7-1). Configuration - Security - Switch - RMON - Statistics This page is used to configure RMON Statistics. Entry could be added or deleted.
Page 156
This page is used to configure RMON Alarm. Entry could be added or deleted. 7-4). Configuration - Security - Switch - RMON - Event This page is used to configure RMON Event. Entry could be added or deleted. 6.4.4.2 Configuration - Security - Network 1).
Page 157
This page is used to configure Port Security Limit Control function. Limit Control allows for limiting the number of users on a given port. A user is identified by a MAC address and VLAN ID. If Limit Control is enabled on a port, the limit specifies the maximum number of users on the port.
Page 158
This page is used to configure 802.1x Network Access Control function. Users need to be authenticated first for network access through switch ports. The authentication is processed by RADIUS Server. The details for the operation is configured here. RADIUS Server is configured in Configuration - Security - AAA page. 3).
Page 159
This page is used to configure the ACL parameters (ACE) of each switch port. These parameters will affect frames received on a port unless the frame matches a specific ACE. 3-2). Configuration - Security - Network - ACL - Rate Limiters...
Page 160
This page is used to define rate limiters. Those Rate Limiters are used for ACL action. The Rate Limiters could be defined by pps (Packet per second) or kbps (kilo bit per second). 3-3). Configuration - Security - Network - ACL - Access Control List Click “(+)”, the ACE configuration window will be prompted.
Page 161
4). Configuration - Security - Network - DHCP 4-1). Configuration - Security - Network - DHCP - Snooping This page is used to configure DHCP Snooping function. When DHCP snooping mode operation is enabled, the DHCP request mes sages will be forwarded to trusted ports and only allow reply packets from trusted ports.
Page 162
This page is used to configure DHCP Relay and DHCP Opti on 82 functions. When DHCP relay mode operation is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain.
Page 163
IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. This function limit the maximum number of dynamic clients that can be learned on given port.
Page 164
This page is used to add/delete Static IP Source Entry. A Static IP Source Entry consists of Port, VLAN ID, IP Addtress and Mac address. This static table is used to prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.
Page 165
This page is used to add/delete Static ARP Entry in Static ARP Inspection Table. This table will be used for ARP Inspection security function. 6.4.4.3 Configuration - Security - AAA...
Page 166
This page is used to configure RADIUS and TACACS+ Servers. The settings are used for 802.1x network access and switch user login authentication operations.
6.4.5 Configuration - Aggregation 6.4.5.1 Configuration - Aggregation - Static This page is used to configure Aggregation Hash Mode and Static Aggregation Group. The Aggregation Hash Mode selects the Hash Code Contributors that can be used to calculate the destination port for the frame. Up to five Static Aggregation Groups can be used for Aggregation.
Page 168
This page is used to configure LACP function for Aggregation operation. LACP is an IEEE 802.3ad standard protocol. The Link Aggregation Control Protocol, allows bundling several physical ports together to form a single logical port. Two switches can create aggregation connection with LACP function.
6.4.6 Configuration - Loop Protection This page is used to configure Loopback Detection function. Loopback on port will cause packet storm in switch. If Loopback Detection is enabled on ports and Tx Mode is enabled, the port is actively generating loop protection PDU's . If loopback is found, the action could be shutdown port or log it.
6.4.7 Configuration - Spanning Tree 6.4.7.1 Configuration - Spanning Tree - Bridge Settings This page is used to configure Spanning Tree Bridge configuration. This switch supports STP(IEEE 802.1D), RSTP(IEEE 802.1w), and MSTP(IEEE 802.1s). It could be selected at Prorocol Version. 6.4.7.2 Configuration - Spanning Tree - MSTI Mapping...
Page 171
This page is used to configure the mapping between MSTI and VLAN. Configuration Identification consists of the name and revision to identify the VLAN to MSTI mapping. Bridges must share the name and revisio n, as well as the VLAN-to-MSTI mapping configuration in order to share spanning trees for MSTI's (Intra-region).
Page 172
This page is used to configuration MSTI Priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6 -byte MAC address of the switch forms a Bridge Identifier. 6.4.7.4 Configuration - Spanning Tree - CIST Ports...
Page 173
This page is used to configure Spanning Tree opeartion on Ports. 6.4.7.5 Configuration - Spanning Tree - MSTI Ports Select the MSTI. Click [Get]. The MSTI Port Configuration will be shown.
Page 174
An MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options. Path Cost controls the path cost incurred by the port.
6.4.8 Configuration - MVR This page is used to configure MVR function. The MVR featur e enables multicast traffic forwarding on the Multicast VLANs. In a multicast television application, a PC or a network television or a set-top box can receive the multicast stream.
6.4.9 Configuration - IPMC 6.4.9.1 Configuration - IPMC - IGMP Snooping 1). Configuration - IPMC - IGMP Snooping - Basic Configuration This page is used to configure the basic configuration of IGMP Snooping function. Configuration for general settings and port settings can be done here.
Page 178
This page is used to maintain the IGMP Snooping VLAN Table. The following functions are supported. - Add a new IGMP VLAN. Configure it. And Save. - Edit a IGMP VLAN. - Delete a IGMP VLAN 3). Configuration - IPMC - IGMP Snooping - Port Group Filtering This page is used to maintain IGMP Filtering Group on Port.
Page 179
This page is used to configure the basic configuration of MLD Snooping function. Configuration for general settings and port settings can be done here. 2). Configuration - IPMC - MLD Snooping - VLAN Configuration This page is used to maintain the MLD Snooping VLAN Table. The following functions are supported.
Page 180
This page is used to maintain MLD Filtering Group on Port. The IP Multicast Group in the table will be filtered on the port.
6.4.10 Configuration - LLDP This page is used to configure LLDP function of the switch. The system general settings and ports settings can be configured. LLDP is an IEEE 802.1ab standard protocol. The Link Layer Discovery Protocol(LLDP) specified in this standard allows stations attached to an IEEE 802 LAN to advertise, to other stations attached to the same IEEE 802 LAN, the major capabilities provided by the system incorporating that station, the management address or addresses of the entity...
6.4.11 Configuration - MAC Table This page is used to configure Mac Table function of the switch. Aging Time, Mac Address Learning, Static Mac Address can be configured in this function. If Mac Address Learning is set to Secure, o nly static MAC entries are learned, all other frames are dropped.
6.4.12 Configuration - VLANs 6.4.12.1 Configuration - VLANs - VLAN Membership This page is used to maintain 802.1Q VLAN Group. Add a new VLAN, and assign VLAN ID, VLAN Name, Ports to it. Edit a VLAN. Delete a VLAN. 6.4.12.2 Configuration - VLANs - Ports This page is used to configure 802.1Q VLAN and Q-in-Q function on Ports.
Page 184
About Port Type ... - Unaware: When a port is setup as Unaware. Incoming frames will be treated as untagged. Even when an incoming frame is tagged, this tag is treated by the switch as payload. And the frame will be classified to port based VLAN — PVID.
6.4.13 Configuration - Port-Based VLANs 6.4.13.1 Configuration - Port-Based VLANs - PVLAN Membership This page is used to configure Port-based VLAN. Port-based VLAN can be created, edited, deleted. 6.4.13.2 Configuration - Port-Based VLANs - Port Isolation This page is used to configure Port Isolation function. If ports are marked as Isolation, they cannot communicate with each other even they are in the same VLAN.
6.4.14 Configuration - Voice VLAN 6.4.14.1 Configuration -Voice VLAN - Configuration This page is used to configure Voice VLAN of the switch. It can configure general system settings and port settings. If the function is enabled, the switch can auto -detect VoIP traffic and forward the traffic in the Voice VLAN with specific priority.
Page 188
This page is used to maintain the OUI table for Voice IP traffic. OUI is the first three bytes of Mac Address. Packets with OUI in the table will be treated as Voice traffic.
6.4.15 Configuration - QoS 6.4.15.1 Configuration - QoS - Port Classification This page is used to configure the basic QoS Ingress Classification settings for all switch ports. The following parameters could be configured - Default QoS Class, default DP(Drop Precedence) Level, default PCP(Priority Code Point) for untagged frames, default DEI(Drop Eligible Indicator) for untagged frames, default process for tagged frames, DSCP-based QoS.
Page 190
The QoS class and DP level settings works only when both tag classification and DSCP classification are disabled. The PCP and DEI s ettings will be applied when untagged packets are translate to tagged packets. When both tag classification and DSCP classification are disabled, QoS class and DP level settings are statically assigned to a port.
Page 191
This page will show port egress scheduler mode and weight of each queue. Click Port number to configure its Egress Scheduler. The following pag e will be shown. This page is used to configure Egress traffic Scheduler and Egress traffic Shaper on port.
Page 192
The traffic shaper could operate by queue or by port. Enable by checking it and give a limit value. 6.4.15.4 Configuration - QoS - Port Shaping This page will show egress shaper settings of each port and each queue. Click Port number to configure its Egress Shaper. The following page will be shown.
Page 193
This page is used to configure Egress traffic Scheduler and Egress traffic Shaper on port. The traffic scheduler could operate in Strict Priority mode or Weighted mode. If in Weighted mode, the weighting of each queue could be configured. The traffic shaper could operate by queue or by port. Enable by checking it and give a limit value.
Page 194
When “Default” or Select the mode and configure the parameters for it. “Mapped” is selected, the defaulf/mapped PCP and DEI will applied to the egress tagged packet when the egress port is a tagged port. The original PCP and DEI settings will be remarked by the defaulf/mapped PCP and DEI. Or, the defaulf/mapped PCP and DEI will be applied to out tag for double tagging Q-in- Q applications.
Page 195
to QoS mapping is done in the [DSCP-Based QoS] page.) Instead Ingress Classify in [Port DSCP] means QoS to internal DSCP mapping. When a QoS class (either from port default or VLAN Tag or DSCP) is gotten, the Ingress Classify can map this QoS class to internal DSCP. This internal DSCP then can do another egress map to affect the DSCP value when the frame is sent out.
Page 196
This page is used to configure QoS Ingress Classification for each DSCP value. Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level. Frames with untrusted DSCP valu es are treated as a non-IP frame.
Page 197
2. Classify: Select the DSCP value to enable its QoS Class to internal DSCP mapping operation when Ingess Classify is “Selected” in [Port DSCP] page . For Egress, there are the following configurable parameters for Egress side - 1. Remap DP0 Controls the remapping for frames with DP leve l 0. 2.
Page 198
6.4.15.10 Configuration - QoS - QoS Control List This page is used to configured QCL(QoS Control List). Each QCE consists of packet parameters and QoS action for packets match the parameters. With this function, specific packet traffic could be processed with expected QoS action.
6.4.16 Configuration - Mirroring This page is used to configure Mirror function of the switch. To debug network problems, selected traffic can be copied, or mirrored, on a mirror port where a frame analyzer can be attached to analyze the frame flow. The mirror traffic could be transmit packets (egress or destination mirroring), receive packets (ingress or source mirroring), or both.
6.4.17 Configuration - sFlow This page is used to configuring sFlow. The configuration is divided into two parts: Configuration of the sFlow receiver (a.k.a. sFlow collector) and configuration of per-port flow and counter samplers. sFlow configuration is not persisted to non-volatile memory, which means that a reboot will disable sFlow sampling.
6.4.18 Monitor - System 6.4.18.1 Monitor - System - Information switch system information. This page is used to show 6.4.18.2 Monitor - System - Log system log information of the switch. This page is used to show Level is a filter for showing expected system information. Clear Level is the level that will be applied for clear operation by clicking [Clear].
Page 202
This page is used to show the details of log. Entering the ID, details of the log will be shown.
6.4.19 Monitor - Port 6.4.19.1 Monitor - Port - State This page is used to show Port Link status. Clicking port will show its statistics. 6.4.19.2 Monitor - Port - Traffic Overview This page is used to show brief statistics of each port. 6.4.19.3 Monitor - Port - QoS Statistics...
Page 204
This page is used to show traffic statistics of queues on each port. Clicking port will show its statistics. 6.4.19.4 Monitor - Port - QCL Status This page is used to show the QCL status by different QCL users. Each ro w describes the QCE that is defined.
Page 205
This page is used to show detail statistics of port. Select the port. And detail statistics of the port will be shown. 6.4.19.6 Monitor - Port - DDMI This page is used to show SFP transceiver information and status if the transceiver supports DDMI (Digital Diagnostics Monitoring Interface) function.
6.4.20 Monitor - Security 6.4.20.1 Monitor - Security - Access Management Statistics This page is used to show management traffic statistics of every interface. 6.4.20.2 Monitor - Security - Network 1-1). Monitor - Security - Network - Port Security - Switch This page is used to show the current state of the port and the number of currently learned MAC addresses (forwarding as well as blocked) and the maximum number of MAC addresses that can be learned on the port,...
Page 207
State of port could be ... - Disabled: No user modules are currently using the Port Security service. - Ready: The Port Security service is in use by at least one user module, and is awaiting frames from unknown MAC addresses to arrive. - Limit Reached: The Port Security service is enabled by at least the Limit Control user module, and that module has indicated that the limit is reached and no more MAC addresses should be taken in.
Page 208
This page provides an overview of the current NAS (by 802.1x) port states. NAS is an acronym for Network Access Server. The NAS is meant to act as a gateway to guard access to a protected source. A client connects to the NAS, and the NAS connects to another resource asking whether the client's supplied credentials are valid.
Page 209
4-1). Monitor - Security - Network - DHCP - Snooping Statistics This page is used to show DHCP Snooping traffic statistics on port. Select Port. And the DHCP Snooping traffic statistics on the port will be shown. The statistics doesn't count the DHCP packets for system DHCP client or DHCP relay mode is enabled 4-2).
Page 210
Entries in the Dynamic ARP Inspection Table are shown on this page. The Dynamic ARP Inspection Table contains up to 1024 entries, a nd is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. 6).
Page 211
The Status could be ... - Disabled: The server is disabled. - Not Ready: The server is enabled, but IP communication is not yet up and running. - Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept access attempts.
Page 212
1). Monitor - Security - Switch - RMON 1-1) Monitor - Security - Switch - RMON - Statistics This page provides an overview of RMON Statistics entries. 1-2) Monitor - Security - Switch - RMON - History This page provides an overview of RMON History entries. 1-3) Monitor - Security - Switch - RMON - Alarm This page provides an overview of RMON Alarm entries.
Page 213
This page provides an overview of RMON Event table entries.
6.4.21 Monitor - LACP 6.4.21.1 Monitor - LACP - System Status This page provides a status overview for all LACP instances. 6.4.21.2 Monitor - LACP - Port Status This page provides a status overview for LACP status for all ports. 6.4.21.3 Monitor - LACP - Port Statistics...
Page 215
This page provides an overview for LACP statistics for all ports.
6.4.22 Monitor - Loop Protection This page displays the loop protection port status for ports of the switch. If loop happens on port, packet storm will be generates from the switch. That will cause serious problem for normal network operation. Loop Protection function can prevent such problem happens on ports.
6.4.23 Monitor - Spanning Tree 6.4.23.1 Monitor - Spanning Tree - Bridge Status This page provides a status overview of all STP bridge instances. Click CIST or MSTIx, STP Detailed Bridge Status will be shown. 6.4.23.2 Monitor - Spanning Tree - Port Status...
Page 218
This page displays the STP CIST port status for physical ports of the switch. The CIST Role could be AlternatePort, BackupPort, RootPort, DesignatedPort, or Disabled. The CIST State could be Discarding, Learning, or Forwarding. 6.4.23.3 Monitor - Spanning Tree - Port Statistics This page displays the STP port statistics counters of bridge ports in the switc h.
6.4.24 Monitor - MVR 6.4.24.1 Monitor - MVR - Statistics This page provides MVR Statistics information. 6.4.24.2 Monitor - MVR - MVR Channel Groups Entries in the MVR Channels (Groups) Information Table are shown on this page. The MVR Channels (Groups) Information Table is sorted first by VLAN ID, and then by group.
6.4.25 Monitor - IPMC 6.4.25.1 Monitor - IPMC - IGMP Snooping 1). Monitor - IPMC - IGMP Snooping - Status This page provides IGMP Snooping status. Protocol status and statistics are shown. Router Port active status is shown. 2). Monitor - IPMC - IGMP Snooping - Groups Information Entries in the IGMP Group Table are shown on this page.
Page 221
Entries in the IGMP SFM Information Table are sh own on this page. The IGMP SFM (Source-Filtered Multicast) Information Table also contains the SSM (Source-Specific Multicast) information. This table is sorted first by VLAN ID, then by group, and then by Port. Different source addresses belong to the sam e group are treated as single entry.
Page 222
Entries in the MLD SFM Information Table are shown on this page. The MLD SFM (Source-Filtered Multicast) Information Table also contains the SSM (Source-Specific Multicast) information. This table is sorted first by VLAN ID, then by group, and then by Port. Different source addresses belong to the same group are treated as single entry.
6.4.26 Monitor - LLDP 6.4.26.1 Monitor - LLDP - Neighbours This page provides a status overview for all LLDP neighbours. The displayed table contains a row for each port on which an L LDP neighbour is detected. 6.4.26.2 Monitor - LLDP - EEE This page provides an overview of EEE information exchanged by LLDP.
Page 224
This page provides an overview of all LLDP traffic. Two types of counters are shown. Global counters are counters that refer to the whole switch, while local counters refer to per port counters for the currently selected switch.
6.4.27 Monitor - MAC Table Entries in the MAC Table are shown on this page. The MAC Table contains up to 8192 entries, and is sorted first by VLAN ID, then by MAC address.
6.4.28 Monitor - VLANs 6.4.28.1 Monitor - VLANs - VLAN Membership This page provides an overview of membership status of VLAN. 6.4.28.2 Monitor - VLANs - VLAN Port This page provides VLAN Port Status and Setting.
6.4.30 Diagnostics - Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues. After you click [Start], ICMP packets are transmitted, and the sequence n umber and round trip time are displayed upon reception of a reply. The amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space(the ICMP header).
6.4.32 Diagnostics - VeriPHY This page is used for running the VeriPHY Cable Diagnostics for 10/100 and 1G copper ports. Click [Start] to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table.
6.4.33 Maintenance - Restart Device You can restart the switch on this page. After restart, the switch will boot normally. [Yes] : Click to restart device. [No] : Click to return to the Port State page without restarting. 6.4.34 Maintenance - Factory Defaults You can reset the configuration of the switch on this page.
Page 231
6.4.35.1 Maintenance - Software - Upload This page facilitates an update of the firmware controlling the switch. [Browse] to the location of a software image and click [Upload]. After the software image is uploaded, a pa ge announces that the firmware update is initiated.
Page 232
alternate firmware images. Note: 1. In case the active firmware image is the alternate image, only the "Active Image" table is shown. In this case, the “Activate Alternate Image” button is also disabled. 2. If the alternate image is active (due to a corruption of the primary image or by manual intervention), uploading a new firmware image to the device will automatically use the primary image slot and activate this.
7. Software Update and Backup This switch supports software update and configuration backup/update/restore functions. It could be done in two ways. 1. From web browser: Doing by http protocol and by web browser. Please refer to the description of “Maintenance” function in Section 6.4.35 for Software Update and Section 6.4.36 for Configuration Backup/Restore.
Product Hardware Specifications [ 8TX+2SFP Model ] Access Method Ethernet, CSMA/CD Standards Conformance IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE IEEE 802.3z, IEEE 802.3ab (1000Base) Communication Rate 10/100/1000Mbps for TX, 100/1000Mbps for SFP Full / Half duplex (auto-negotiation) MDI/MDIX Auto-Detect Indicator Panel LEDs for each unit : Power, System each port : Link/Act(Green:1000M, Yellow:10/100M)
Page 235
Dimensions 250 x 117 x 37 mm Certification CE Mark, FCC Class A Temperature Standard Operating: 0 to 50℃ Humidity 10% to 90% (Non-condensing) Fanless Bridging Function Filtering, forwarding and learning Switching Method Store-and-forward Address Table 8K entries Filtering/Forwarding Rate Line speed Maximum Packet Size 9600 Bytes...
Product Software Specifications Port Control Port speed, duplex mode, and flow control Port frame size (1518 - 9600 bytes) Port state (administrative status) Port status (link monitoring) Port statistics (MIB counters) Port VeriPHY (cable diagnostics) Power Control L2 Switching Auto MAC address learning/aging and MAC addresses (static) IEEE 802.1Q VLAN, Q-in-Q, Port isolation, Port Based VLAN...
Page 237
TACACS+ Web and CLI authentication and authorization Authorization (3 levels) ACLs for filtering(256 entries), policing, and port copy IP source guard Synchronization NTPv4 Client Power Saving ActiPHY, PerfectReach Ethernet Energy Efficient power management(EEE) Management HTTP server CLI console port Telnet Management access filtering SSHv2 and HTTPS IPv6 Management...
Compliances EMI Certification FCC Class A Certification (USA) Warning: This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the i nstruction manual, may cause interference to radio communications. It has been tested and found to comply with the limits for a Class A digital device pursuant to Subpart B of Part 15 of FCC Rules, which are designed to provide reasonable protection against such interference when operated in a commercial environment.
Warranty We warrant to the original owner that the product delivered in this package will be free from defects in material and workmanship for a period of warranty time from the date of purchase from us or the authorized reseller. The warranty does not cover the product if it is damaged in the process of being installed.