Page 1 GSW-3208M1/3216M1/3424M1 L2 Managed GbE Switches...
Page 2 CTC Union Technologies Co., Ltd. Far Eastern Vienna Technology Center (Neihu Technology Park) 8F, No. 60 Zhouzi St. Neihu District Taipei 114 Taiwan Tel: +886-2-26591021 Fax: +886-2-26275211 Email: sales@ctcu.com URL: http://www.ctcu.com GSW-3208M1/3216M1/3424M1 User Manual 8+2, 16+2 and 24+4 Gigabit Ethernet Layer 2 Switches w/SNMP Version 2.0 November 06, 2013 (Updated)
Page 3 About this manual … This manual is a general manual for different models of our Gigabit Management Switch. They are similar in operation but have different hardware configurations. These models are 8 * TX + 2 * SFP (10G) ports model This model supports eight TX ports and two extra SFP ports for Gigabit Ethernet connections.
Page 4: Table Of Contents
Contents 1. INTRODUCTION......................3 1.1 P ....................3 ACKAGE ONTENTS 2. WHERE TO PLACE THE SWITCH................4 3. CONFIGURE NETWORK CONNECTION ..............7 3.1 C ..............7 ONNECTING EVICES TO THE WITCH 3.2 C ..........7 ONNECTING TO NOTHER THERNET WITCH 3.3 A ......................
Page 5 6.4.15 Configuration - QoS ................186 6.4.16 Configuration - Mirroring ................196 6.4.17 Configuration - sFlow ................197 6.4.18 Monitor - System ..................198 6.4.19 Monitor - Port ....................200 6.4.20 Monitor - Security ..................203 6.4.21 Monitor - LACP ..................211 6.4.22 Monitor - Loop Protection ...............213 6.4.23 Monitor - Spanning Tree.................214 6.4.24 Monitor - MVR ...................216 6.4.25 Monitor - IPMC..................217...
Page 6: Introduction
Introduction There are three models for the Gigabit Management Switch Series – 8TX+2SFP(10G) model, 16TX+2SFP(18G) model, and 24TX+4SFP(24G) model. This Gigabit Management Switch is a Layer2 Management switch with lots of advanced network functions including VLAN, trunking, spanning tree, mirror port, rate limit, IGMP and port configuration.
Page 7: Where To Place The Switch
Where To Place the Switch This Switch can be placed on a flat surface (your desk, shelf or table). Place the Switch at a location with these connection considerations in mind:  The switch configuration does not break the rules as specified in Section ...
Page 8 mounted switch. 3. Circuit Overloading - Be sure that the supply circuit to the rack assembly is not overload after installing this switch. 4. Grounding - Rack-mounted equipment should be properly and well grounded. Particular attention should be given to supply connections other than direct connections to the mains.
Page 9 1. Position a bracket that is already attached to the switch on one side of the rack. 2. Line up the screw holes on the bracket with the screw holes on the side of the rack. 3. Use a screwdriver to install the rack screws through the mounting bracket holes into the rack.
Page 10: Configure Network Connection
3. Configure Network Connection 3.1 Connecting Devices to the Switch [ Connection Guidelines: ]  For 10BaseT connection : Category 3 or 5 twisted-pair Ethernet cable  For 100BaseTX connection : Category 5 twisted-pair Ethernet cable  For 1000BaseTX connection: Category 5e or 6 twisted -pair Ethernet cable ...
Page 11: Application
3.3 Application A switch can be used to overcome the hub-to-hub connectivity limitations as well as improve overall network performance. Switches make intelligent decisions about where to send network traffic based on the destination address of the packet. As a result, the switch can significantly reduce unnecessary traffic. The example below demonstrates the switch ability to segment the network.
Page 12: Adding Module
4. Adding Module This switch supports SFP (for 100/1000SX/LX/… modules) connectors for fiber optic connection. Because the SFP slots support hot-swap function, you can plug/unplug SFP transceiver to/from the SFP slot directly. The switch can auto-detect the fiber optic connection from SFP slot. S F P S lo t Follow the steps for module adding and removing.
Page 13: Leds Conditions Definition
5. LEDs Conditions Definition The LEDs provide useful information about the switch and the status of all individual ports. [ For 8TX+2SFP / 16TX+2SFP / 24TX+4SFP Models ] STATUS CONDITION Pow er Sw itch is receiving pow er. Sw itch is pow er OFF. System System is booting.
Page 14: Manage / Configure The Switch
6. Manage / Configure the Switch 6.1 Introduction of the management functions This switch is a L2 Management switch. It supports in -band management function from Http/Telnet/SNMP interfaces. Console is supported for local command-line settings. It supports network configuration functions, like VLAN, Trunking, Port Mirror, QoS, spanning tree and software backup/update.
Page 15 automatically. But it will also cause a period of delay (30 seconds for STP and shorter time for RSTP) if any network connection is changed because of the network topology detection operation of the protocol. Because there could be more than one switch in the network, users can configure this function for their network spanning tree applicatio n.
Page 16 7. Dynamic Mac ID Number Limit Beside Static Mac ID Limit, there is another Dynamic Mac ID Number Limit function for Mac address security on port. This function can limit the Mac ID number to access network through a port. For example, five Mac ID are That means up to five users are allowed, but don’t care allowed for Port 2.
Page 17 14. IP Source Guard This function can limit the IP address for accessing network from switch port. That can prevent illegal IP problem in network. 15. ACL (Access Control List) This function is used to define network access control policy - a list of packet filtering rules.
Page 18: Settings With Console Connection
6.2 Settings with Console Connection 6.2.1 Basic of the Console Interface << Enter Console Interface >> Please follow the steps to complete the console hardware connec tion first. 1. Connect from console port of the switch to COM port of PC with the console cable.
Page 19 administrator level could be created with “username” command under “(config)#”. The previlege level is “3” for them. After login the switch, a prompt “#” will be shown. Because this switch supports command-line for console interface, you can press “?” to check the command list.
Page 20 switch can be configured in this mode. ---------------------------------------------------------------- (config)# interface vlan 10 (config-if)# ---------------------------------------------------------------- [ operator level ] Users with operator level could be created by administrator with “username” command under “(config)#”. The previlege level is “2” for them. After login the switch, a prompt “>” will be shown. Because this switch supports command-line for console interface, you can press “?”...
Page 21 exit Exit from current mode help Show available commands history Show a list of previously run commands logout Disconnect quit Quit commands show Show s information > --------------------------------------------------------------------------------------------- With guest level, it is allowed to view the switch status and configuration only. No setup/configure commands are supported.
Page 22 If the settings are for ports, it is done with “interface ethernet 1/x” command in configure mode. And the prompt will become “(config-if)#”. For example, “interface ethernet 1/5” is for settings on Port 5. If the settings are for VLAN group, it is done with “interface vlan x” command in configure mode.
Page 23: General Basic Commands
6.2.2 General Basic Commands When “admin” / “admin” is used for username/password, the console will enter administrator mode. Enter “?”, command list will be shown. --------------------------------------------------------------------------------------------- exit Exit from current mode help Show available commands history Show a list of previously run commands logout Disconnect ping...
Page 24 Enter “ping ?” at the prompt, the command syntax will be shown. # ping ? Syntax: ping [-n count] [-l length] [-i ping interval] ip -n count : Number of echo requests to send.(1~60) -l length : Send buffer size, and length (2-1452) : ping interval (0-30) : IP address (xxx.xxx.xxx.xxx) For example, “ping 192.168.1.80”.
Page 25 ddmi Digital Diagnostics Monitoring Interface dhcp-relay DHCP Relay Configuration dot1x 802.1x content Show eee configuration history History information interface Interface information IP information lacp LACP statistics lldp Show lldp Configuration Log records loopback-detection Show loopback detection mac-address-table Configuration of the address table mac-security MAC Security Configuration management...
Page 26 Mirror Configuration: ===================== Mirror Port: Disabled Port Mode ---- -------- Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled If the display is more than one console page, “Esc” can be used to break the display. For the details, please refer to section 6.2.6 Show commands. 10.
Page 27 address>”(IPv4 or IPv6 address) as file name “yyy” in text format. copy config tftp running-config <ip address> yyy command is used to restore text configuration file “yyy” from TFTP Server at IP “<ip address>”(IPv4 or IPv6 address). copy firmware running-firmware tftp <ip address> yyy command is used to backup current running firmware to TFTP Server at IP “<ip address>”(IPv4 or IPv6 address) as file name “yyy”...
Page 28: Configure Mode Commands
6.2.3 Configure Mode Commands Entering “configure” command at console interface, the prompt will become ... “(configure)#”. All the general settings for the switch can be done in this mode. If the settings are for ports, it is done with “interface” command in configure mode.
Page 29 Configuration of QoS radius-accounting-server Configures RADIUS Accounting Server radius-authentication-server Configures RADIUS Authentication Server rmon Configures RMON function sflow Configures sflow function snmp-server Modifies SNMP server parameters spanning-tree Configures spanning tree parameters storm-control Configures storm control tacacs-authentication-server Configures TACACS+ Authentication Server username Establishes user name authentication vlan...
Page 30 aaa authentication login ssh [local|none|radius|tacacs+] command will set the authentication manner for user login from SSH connection. aaa authentication login telnet [local|none|radius|tacacs+] command will set the authentication manner for user login from telnet connection. aaa authentication login web [local|none|radius|tacacs+] command will set the authentication manner for user login from web connection.
Page 31 number between 1~256. That is the index of this ACE. This command will change the prompt to “(config-ace-x)#” for ACL setting of this filtering rule. “x” is the index number of this rule. After ACL rules are defined, apply ACL rules to connection ports with “acl” command in port interface configuring mode under prompt “(config -if)#”...
Page 32 tag_prio VLAN tag priority Specify vlan id Here is the details of these sub-commands. 1). exit : this command is used to exit the ACL setting. 2). help : this command will show all available commands. 3). history : this command will list the input command history. 4).
Page 33 “next_id x” command can jump to another ACE setting. “x” is the ACE index number between 1 to 256. 12). policy : this command is used to set the policy number for group of ports to apply this ACE. Policy number of port is defined under port interface prompt with “(config-if)#”.
Page 34 8 aggregation command This command is used to configure the aggregation hash mode. Frames will go through port in the aggregation connection accrod ing to the result of hash operation. aggregation destination_mac_address : The Destination MAC Address can be used to calculate the destination port for the frame. aggregation ip_address : The IP address can be used to calculate the destination port for the frame.
Page 35 used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain. The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client.
Page 36 contains it is received. replace: Replace the original relay information when a DHCP message that already contains it is received. dhcp-relay mode command enable the DHCP relay function. And “no dhcp- relay mode” command can disable it. When DHCP relay mode operation is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain.
Page 37 dot1x agetime x command is used to set aging time. “x” is a num ber between 10~10000000 in seconds. This setting applies to the following modes, i.e. modes using the Port Security functionality to secure MAC addresses: • Single 802.1X •...
Page 38 • Single 802.1X • Multi 802.1X • MAC-Based Auth. If a client is denied access - either because the RADIUS server denies the client access or becaus e the RADIUS server request times out (according to the timeout specified in “AAA") - the client is put on hold in the Unauthorized state.
Page 39 Note: 1. Setting 802.1x function on ports, use “dot1x” command in interface configuring mode. 2. Setting for RADIUS servers, use “radius -accounting-server” and “radius - authentication-server” command. Please refer to sections for the commands. 14 end command This command is used to exit from configure mode. 15 hostname command This command is used to set the name of the switch in network.
Page 40 17 ip command This command is used to configure some IP-depending functions. Entering “ip ?”, the sub-commands will be shown. (config)# ip ? default-gatew ay Specifies the default gatew ay Set the DNS server address dns-proxy Setthe IP DNS Proxy mode ipv6-default-gatew ay Specifies the default gatew ay https HTTPS server configuration...
Page 41 proxy Set the mode of Proxy ssm-range Enable IGMP query function unregflood Enable unregister flood function <cr> Enable Snooping ip igmp snooping command is used to enable IGMP function of the switch. And “no ip igmp snooping” command can be used to disable it. ip igmp snooping vlan x ...
Page 42 ip igmp snooping vlan x parameter-qri y command is used to set IGMP Query Response Interval. Query Response Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into the periodic General Queries. “x” is VALN ID with number 1~4095. “y”...
Page 43 leave-proxy Enable filtering proxy Set the mode of Proxy ssm-range Enable IGMP query function unregflood Enable unregister flood function <cr> Enable Snooping ip mld snooping command is used to enable MLD function of the switch. And “no ip mld snooping” command can be used to disable it. ip mld snooping vlan x ...
Page 44 by the Querier. “x” is VALN ID with number 1~4095. “y” is 1 to 31744 in seconds. ip mld snooping vlan x parameter-qri y command is used to set Query Response Interval. Query Response Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into the periodic General Queries.
Page 45 server” command is used to disable it. SSH is an acronym for Secure SHell. It is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The encryption used by SSH provides confidentiality and integrity of data over an insecure network.
Page 46 Entering “lldp ?”, the commands will be listed. (config)# lldp ? interval Specify transmit interval tx-hold Specify hold time multiplier tx-delay Specify delay interval reinit-delay Specify reinit delay lldp interval x command is used to specify transmit interval. The switch periodically transmits LLDP frames to its neighbours for having the network discovery information up-to-date.
Page 47 log-level Log level remote-log Enable logging to remote host clear Clear logging table information logging log-level x command is used define the log level of events. Indicates what kind of message will send to syslog server. Possible modes are: 0: Info - Send informations, warnings and errors. 1: Warning - Send warnings and errors.
Page 48 mode Set the Loop Protection to be enabled shutdow n Set or show the Loop Protection shutdow n time transmit Set the Loop Protection transmit interval loopback-detection mode command is used to enable this function globally. And “no loopback-detection mode” command is used to disable it globally. Only both loopback-detection function are enabled globally and by port, this function starts to work on those ports.
Page 49 the four different actions - None, Trap, Shutdown, Trap & Shutdown. The Limit Control module utilizes a lower-layer module, Port Security module, which manages MAC addresses learnt on the port. mac-security aging x command is used to configure the aging time of secured mac address.
Page 50 (config)# management 1 ? ipaddr Set IP and net mask for a specified set protocol Set protocol for a specified set management enable command is used to enable the management security function. And “no management enable“ command is used to disable it. management x ipaddr y.y.y.y z.z.z.z command is used to set the IP address range allowed for this rule.
Page 51 ** Before configuring MVR function, complete the VLAN setting first ** Using MVR function, you have to enable IGMP snooping function first. This switch supports eight MVR VLANs. They are referred with their VLAN ID. For any MVR setting, you have to assign the VLAN ID in the command. Entering “mvr ?”, the sub-commands will be shown.
Page 52 After MVR VLAN is created, you can assign IP multicast groups (video channels) to the MVR VLAN. And you can assign more than one IP multicast groups (video channels) to one MVR VLAN. For example, “mvr 10 group abc 224.0.0.2”. start-address 224.0.0.1 end-address mvr x mode [compatible | dynamic] command is used to s pecify the MVR mode of operation.
Page 53 hostname Sets system's netw ork name Global IP configuration sub commands ip-source-guard IP Source Guard Configuration lldp LLDP setting logging Modifies message logging facilities loopback-detection Configures loopback detection mac-address-table Configuration of the address table mac-security Configuration of mac security management Specifies management IP filter mirror Configuration of mirror...
Page 54 ntp server x <IP address> command is used to set the IP address of network time server for NTP protocol operation. Up to five time servers is supported. “x” is the index(1~5) of time servers. <IP address> provides the IPv4 or IPv6 address of a NTP server.
Page 55 Other Port-based QoS settings are configured in port configuring mode under prompt “(config-if)#”. Entering “qos ?”, the following sub-commands will be shown. (config)# qos ? dscp DSCP Configuration QoS Control List Configuration The first sub-command is for DSCP Configuration. The second sub- command is for QCL(QoS Control List) Configuration.
Page 56 Classification settings. It takes effect for those trusted DSCP val ues. qos dscp translation x y command is used to set global ingress DSCP translation table. “x” is the DSCP value 0~63 before translation. “y” is the DSCP value 0~63 after translation. Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map.
Page 57 logout command This command is used to logout from console interface. quit command This command is used to quit from console interface. It has the same function as logout. action command This command is used to define the QoS action for a frame when this QCE is matched.
Page 58 - IPv4 (DSCP value / IP-Fragment or not / Protocol - Port Number of TCP, UDP, other / Source IP Address) - IPv6 (DSCP value / Protocol - Port Number of TCP, UDP, other / Source IP Address) - LLC (SSAP / DSAP / Control) - SNAP (PID) key smac [any | xx-xx-xx] command is used to define the key parameters by the Source MAC address: 24 MS bits (OUI).
Page 59 set to 0 (zero), the default port (1813) is used. Configure the operation parameters ... radius-accounting-server dead-time x command is used to specify Dead Time of Common Servers. “x” is the Dead Time with a number between 0 and 3600 seconds. The Dead Time is the period during which the switch will not send new requests to a server that has failed to respond to a previous request.
Page 60 radius-authentication-server dead-time x command is used to specify Dead Time of Common Servers. “x” is the Dead Time with a number between 0 and 3600 seconds. The Dead Time is the period during which the switch will not send new requests to a server that has failed to respond to a previous request.
Page 61 startup-alarm The method of sampling variable Indicates the particular variable to be sampled rmon alarm x falling-index y command is used to set the Falling event index of the alarm. “x” is the index of the entry between 1~65535. “y” is the Falling event index (1-65535).
Page 62 community Specify the community w hen trap is sent desc Indicates this event, the string length is from 0 to 127 type Indicates the notification of the event rmon event x community yyy command is used to specify the community when trap is sent.
Page 63 65535. For example, entering “rmon statistics 10 ?”, the follwing sub- commands will be shown. (config)# rmon statistics 10 ? data_source Indicates the port ID w hich w ants to be monitored rmon statistics x data_source .1.3.6.1.2.1.2.2.1.1.y command is used “x”...
Page 64 • If sFlow is currently configured through SNMP, Owner is a string identifying the sFlow receiver. If sFlow is configured through SNMP, all controls are disabled to avoid inadvertent reconfiguration. sflow receiver time_out x command is used to set the Receiver Time_out for list of receiver ID.
Page 65 failure“ command is used to disable it. snmp-server x community yyy command is used to set the the community access string when sending SNMP trap packet. “x” is the index of the trap 1~1. “yyy” is community string with length is 0 to 255, and the allowed content is ASCII characters from 33 to 126.
Page 66 ASCII characters from 33 to 126. “zzz” is the name of the MIB view defining the MIB objects for which this request may potentially set new values. The allowed string length is 1 to 32, and the allowed content is ASCII chara cters And “no snmp-server snmpv3-access group-name xxx from 33 to 126.
Page 67 to create a SNMPv3 user with “Authentication and No Privacy” security level. “xxx” is SNMPV3 Engine ID. “yyy” is a string identifying the user name that this entry should belong to. “zzz” is a string identifying the authentication password phrase. snmp-server snmpv3-user xxx yyy auth-priv [md5 | sha] zzz des www command is used to create a SNMPv3 user with “Authentication and Privacy”...
Page 68 This command is used to configure spanning tree protocol of the switch. Entering “spanning-tree”, the sub-commands will be shown. (config)# spanning-tree ? bpdufilter Set edge port BPDU Filtering bpduguard Set edge port BPDU Guard cname Set configuration name and revision for MSTI forw ard-delay Global STA forw ard time configuration.
Page 69 operation mode of spanning tree. It could be MSTP, RSTP, or STP. spanning-tree msti instance x vlan y command is used to add a VLAN to a MSTI. “x” is a number between 1~7 to indicate the MSTI. “y” is the VLAN ID (1~4094) of the VLAN added to the MSTI.
Page 70 and could be 1, 2, 4, 8, ..., 512, 1k, 2k, 4k, ..., 512k, 1024k, 2048k, ..., 32768k. storm-control unicast x command is used to set unicast flooding traffic suppression rate. “x” is the suppression rate in pps(packet per second), and could be 1, 2, 4, 8, ..., 512, 1k, 2k, 4k, ..., 512k, 1024k, 2048k, ..., 32768k.
Page 71 subintervals of equal length. If a reply is not received within the subinterval, the request is transmitted again. This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead. 39 username command This command is used to create a user and assign username, password, and privilege_level for him/her.
Page 72 <cr> Enable Voice VLAN mode operation voice-vlan command is used to enable Voice VLAN function. And “no voice- lan” command can be used to disable it. voice-vlan agetime x command is used to configure the Voice VLAN secure learning aging time. “x” is the aging time. The allowed range is 10 to 10000000 seconds.
Page 73: Interface Configuring Commands
6.2.4 Interface Configuring Commands Commands in Configuring Mode are for general switch settings. And its prompt is “(config)#”. The port interface function and VLAN group interface function are set with “interface” command. (config)# interface ? ethernet Ethernet port vlan Sw itch Virtual LAN interface interface ethernet 1/x command is used to configure settings for Port x.
Page 74 this command will be applied to ports in this range. Fo r example, “interface ethernet 1/4-7” and the settings after this command will be applied to Port 4, Port 5, Port 6, and Port 7. (Port 4~7) 4. interface ethernet 1/w,x,..,y-z and “w”,”x”,”y”,”z” are port number. All the settings after this command will be applied to those ports.
Page 75 sflow configured sFlow samplers shutdown Shuts down the selected interface spanning-tree Specifies spanning tree configuration speed Configures speed operation switchport Configures switching mode characteristics voice-vlan Voice VLAN Configuration ---------------------------------------------------------------------------------------------- 1 exit command This command is used to leave current operation mode. Go back to last mode.
Page 76 permitted ("permit") or denied ("deny") for the interface port(s). acl logging command is used to enable frames received on the port are stored in the System Log. Please note that the System Log memory size And “no acl logging“ command is used to and logging rate is limited.
Page 77 8 channel-group command This command is used to add the interface port(s) to a Aggregation Group. This is a static Aggregation Group assignment. Only full duplex ports can join an aggregation and ports must be in the same speed in each group. channel-group x will add the interface port(s) to the trunk group “x”.
Page 78 the port's Admin State is in an EAPOL-based or MAC-based mode. dot1x clear command is used to clear 802.1X statistics for the interface port(s). dot1x guest_vlan command is used to enable Guest VLAN function for the interface port(s). And “no dot1x guest_vlan“ command is used to dis able it. Guest VLAN function works when Guest VLAN is both globally enabled and enabled for a given port.
Page 79 can be used by anyone. Also, only the MD5 -Challenge method is supported. The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality. - multi-802.1x : Configures more supplicants can get authenticated on the same port at the same time.
Page 80 )authentication fails or the RADIUS Access -Accept packet no longer carries a QoS Class or it's invalid, or the supplicant is otherwise no longer present on the port, the port's QoS Class is immediately reverted to the original QoS Class (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned).
Page 81 12 end command This command is used to exit from interface mode. (config-if)# end (config)# 13 excessive command This command is used to configure the operation when excessive collision happens on half duplex mode. excessive [discard | restart] command is used to configure the operation when excessive collision happens on half duplex mo de.
Page 82 16 ip command This command is used to configure IGMP/MLD Snooping function for the port(s). ip igmp snooping fastleave / ip mld snooping fastleave command is used to And “no ip igmp snooping enable fast-leave function for the port(s). fastleave“ / “no ip mld snooping fastleave“ command is used to disable it. Multicast snooping Fast Leave processing allows the switch to remove an interface from the forwarding-table entry without first sending out group specific queries to the interface.
Page 83 packets forwarding that are matched in static entries on the specific port. ip-source-guard mode command is used to enable this function for the ports. And “no ip-source-guard mode” command is used to disable it. Note: Dynamic IP Source entry is learned from DHCP request. Before enable IP Source Guard, DHCP Snooping function should be enabled first.
Page 84 - enable : enable LLDP operation on the ports. The switch will send out LLDP information, and will analyze LLDP information received from neighbours. - rx-only : set the the ports as Receive-Only for LLDP operation. The switch will not send out LLDP information, but LLDP information from neighbour units is analyzed.
Page 85 And “no lldp address” included in LLDP information transmitted. management-address“ command is used to disable it. 20 loopback-detection command This command is used to configure Loopback Detection for the ports. loopback-detection action [log | shutdown | shut_log] command is used to configure the action performed when a loop is detected on a port.
Page 86 23 mdi/mdi-x command This command is used to configure MDI/MDI-X mode of port. mdi/mdi-x [auto | mdi | mdi-x] command is used to configure MDI/MDI-X mode of ports. “mdi” is for Hub/Switch connection. “mdi-x” is for PC device connection. “auto” can auto-detect the connection. 24 mvr command This command is used to configure MVR function for the ports.
Page 87 port Configures the characteristics of the port port-vlan Configures Port-Based VLAN pow er-control Decrease energy consumption Configuration of QoS sflow configured sFlow samplers shutdow n Shuts dow n the selected interface spanning-tree Specifies spanning tree configuration speed Configures speed operation sw itchport Configures sw itching mode characteristics voice-vlan...
Page 88 maximum number and its valid value is 0-1024. For example, x=5 will allow up to five network devices / PC access network through the inter face port(s). If the limit is exceeded, the corresponding action is taken. The switch is "born" with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security-enabled port.
Page 89 dscp QoS Port DSCP Configuration policer QoS Ingress Port Policers queueshaper Queue Shaper scheduler QoS Egress Port Schedulers shaper QoS Egress Port Shapers tagremarking QoS Egress Port Tag Remarking “qos classification ...” command is used to configure default QoS Ingress Port Classification on ports.
Page 90 ports. - enable : Rewrite enabled without remapping. The new DSCP value is defined by “qos dscp classification-map” command in (config)#. - remap_dp_aware : Rewrite enabled with remapping. The remapped DSCP value is defined by “qos dscp egressremap” command in (config)#. - remap_dp_unaware : Rewrite enabled with remapping.
Page 91 qos scheduler weight x y command is used to set weighting “y” for transmit queue “x”. “x” is queue number with value 0~7. “y” is weighting with value 1~100. It is for traffic scheduling in Weighted mode. “qos shaper ...” command is used to configure traffic shaper function of the ports.
Page 92 number of bytes that should be copied from a sampled packet to the sFlow datagram. “x” is the maximum number with valid range 14~200 bytes. If the maximum datagram size does not take into account the maximum header size, samples may be dropped. sflow flowsampler sampling-rate x command is used to set the statistical sampling rate for packet sampling.
Page 93 spanning-tree edge-port command is used to spanning-tree edge-port command is used to set the operEdge flag should start as set. (The initial operEdge state when a port is initialized). “ no spanning-tree edge-port“ command is used to set the operEdge flag should start as cleared.
Page 94 set it can cause temporary loss of connectivity after changes in a spanning tree's active topology as a result of persistently incorre ct learned station location information. It is set by a network administrator to prevent bridges external to a core region of the network, causing address flushing in that region, possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently.
Page 95 used to allow the interface port(s) to accept tagged or untagged frame. - all : The port accepts all frames, tagged or untagged. - tagged : The port accepts only tagged frames. - untagged : The port accepts only untagged frames. switchport allowed vlan [add x | remove x | forbidden add x | forbidden remove x] command will add the interface port(s) to VLAN x, remove the interface port(s) from VLAN x, as forbidden port(s) to VLAV x, not forbidden...
Page 96 untagged. - untag_pvid : this is a hybrid egress port. All egress packets except the configured PVID will be tagged. 35 voice-vlan command This command is used to configure Voice VLAN function for the interface port(s). (config-if)# voice-vlan ? discovery-protocol Set the Voice VLAN port discovery protocol mode port-mode Set the Voice VLAN port mode...
Page 97 Note: The general VLAN settings are done with “vlan database” command. 6.2.5 VLAN Configuring Commands for the details. Please refer to section interface vlan x command is used to assign characteristics to a VLAN group interface. For example, assigning IP address to a VLAN inte rface is done with this command.
Page 98 5. quit command This command is used to quit from console interface. It has the same function as logout. 6. interface command This command is used to change to another interface VLAN groups for next setup commands. (config-if)# interface ? vlan Sw itch Virtual LAN interface For example,...
Page 99 8. ipv6 command This command is used to set IPv6 address of the switch on this VLAN interface. And only users in this VLAN can a ccess this switch with the IPv6 address remotely. (config-if)# ipv6 address ? autoconfig Set the IPv6 AUTOCONFIG mode renew Renew IP <ipv6 address>...
Page 100: Vlan Configuring Commands
6.2.5 VLAN Configuring Commands Commands in Configuring Mode are for general switch settings. And its prompt is “(config)#”. If the settings are for VLANs, it should enter VLAN configuring mode first by “ vlan database” command in configure mode. And its prompt will become “(config- vlan)#”.
Page 101 4 logout command This command is used to logout from console interface. 5 quit command This command is used to quit from console interface. It has the same function as logout. 6 end command This command is used to exit from VLAN Configuring mode. (config-vlan)# end (config)# 7 no command...
Page 102: Show Commands
6.2.6 Show Commands Show command is put in General Basic Commands for viewing system configuration and information. Enter “show ?” at the prompt, the sub-command list will be shown. ---------------------------------------------------------------------------------------------- # show ? Show AAA service configuration Packet Access Control List calendar Date and time information ddmi...
Page 103 1. show acl command This command will show ACL settings and status. # show acl ? ports Show the ACL port configuration rate Show the ACL rate limiter status Show ACL status <1-256> show an access list configuration <cr> show all access list configuration show acl port command will show ACL port configration.
Page 104 ------------ ---- 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS 1 PPS show acl status command will show ACL status. For example, # show acl status User...
Page 105 - Counter : counter indicates the number of times the ACE was hit by a frame. - Confl. : the hardware status of the specific ACE. The specific ACE is not applied to the hardware due to hardware limitations. show acl x command is used to show an ACE status. “x” is the ID of ACE with value 1~256.
Page 106 DHCP Relay Server : 192.168.1.100 DHCP Relay Information Mode : Enabled DHCP Relay Information Policy : Replace Server Statistics: ------------------ Transmit to Server Transmit Error Receive from Server Receive Missing Agent Option : Receive Missing Circuit ID : Receive Missing Remote ID Receive Bad Circuit ID Receive Bad Remote ID Client Statistics:...
Page 107 and status of the switch. For example, # show dot1x configuration 802.1X Configuration: ===================== Mode : Disabled Reauth. : Disabled Reauth. Period : 3600 EAPOL Timeout : 30 Age Period : 300 Hold Time : 10 RADIUS QoS : Disabled RADIUS VLAN : Disabled Guest VLAN...
Page 108 Disabled Disabled show dot1x radius_vlan command is used to show per-port enabledness of RADIUS-assigned VLAN. For example, # show dot1x radius_vlan RADIUS Port VLAN Current ---- ------- ------- Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled show dot1x statistics command is used to show 802.1X statistics. For example, # show dot1x statistics Port 1 EAPOL Statistics:...
Page 109 ---- ------- ------------- Disabled none Disabled none Disabled none Disabled none Disabled 1 Disabled none Disabled none Disabled none none none 6. show history command This command is used to show the history of input commands. # show history 1. config 2.
Page 110 Errors Drops Filtered ========================================== Tx Counter Statistics Packets Octets Errors Drops show interface detailed_counters command will show detail statistics counters for all ports. show interface detailed_counters ethernet 1/x command will show detail statistics counters for Port x. (“x” is the port number). For example, # show interface detailed_counters ethernet 1/5 Rx Packets:...
Page 111 V = Voice VLAN Port Users State MAC Cnt ---- ----- ------------- ------- ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users ---- No users show interface sfp command will show the detected sfp type.
Page 112 show interface switchport command will show VLAN configuration of all ports. For example, #show interface sw itchport VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- Disabled Untag PVID Unaw are Disabled Untag PVID Unaw are Disabled...
Page 113 8. show ip command This command is used to show switch IP configuration and current ARP Inspection, DHCP Snooping, Http Configuration, IGMP/MLD Snooping, SSH , IP Source Guard,... status and configuration. # show ip ? Address Resolution Protocol dhcp DHCP snooping http Show HTTP configuration igmp...
Page 114 DHCP Snooping Mode : Disabled Port Port Mode ---- ----------- trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted # show ip dhcp snooping statistics Port 1 Statistics: -------------------- Rx Discover: Tx Discover: Rx Offer: Tx Offer: Rx Request: Tx Request: Rx Decline: Tx Decline:...
Page 115 IGMP Interface Setting Compatibility ---- ------------- (Please create IGMP Interfaces) IGMP Port Status ( Router-Port ) Port Router Dynamic Router ---- -------- -------------- Disabled No ---More--- show ip interface command will show current switch IP configuration. # show ip interface IP Configuration: ================= DHCP Client...
Page 116 (Please create MLD Interfaces) MLD Port Status ( Router-Port ) Port Router Dynamic Router ---- -------- -------------- Disabled No ---More--- show ip ssh command will show current SSH settings. # show ip ssh SSH Configuration: ================== SSH Mode : Enabled show ip verify source command will show IP Source Guard configuration.
Page 117 show lacp config command will show current LACP configuration. # show lacp config LACP Configuration: =================== System Priority: 32768 Port Mode Role Timeout ---- -------- ---- ------ ------- Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast Disabled Auto Active Fast...
Page 118 Disabled 1 Disabled 1 Disabled 1 10. show lldp command This command is used to show current LLDP configuration and status. show lldp command will show current LLDP configuration. # show lldp LLDP Configuration: =================== Interval : 30 Hold Tx Delay Reinit Delay: 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP aw areness...
Page 119 ---- ------ ------ ------ -------- ------ ------- ------- ----- 11. show log command This command is used to show current system log and system log configuration. # show log ? configuration logging configuration <cr> show log command is used to show current system log content. For example, # show log Number of entries:...
Page 120 This command is used to show Loopback Detection configuration and status. # show loopback-detection ? config Loop protect configuration ethernet Show loop protection port configuration status Show the loop protection status show loopback-detection config command will show Loopback Detection configuration. # show loopback-detection config Loop Protection Configuration: ==============================...
Page 121 13. show mac-address-table command This command is used to set Mac address table and configuration about it. # show mac-address-table ? aging-time Aging time for entries in the address table address Address information learning Show the port learn mode statistics Show MAC address table statistics <cr>...
Page 122 Port Learning ---- -------- Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto show mac-address-table statistics command will show MAC address table statistics. # show mac-address-table statistics Port Dynamic Addresses ---- ----------------- Total Dynamic Addresses: 23 Total Static Addresses : 7 14.
Page 123 Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled Disabled 4 None Disabled 15. show management command This command is used to show switch management security settings and statistics.
Page 124 Port QoS class DP level PCP DEI Tag class. ---- --------- -------- ---------- Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled QoS Port Classification Map: ============================ Port PCP DEI QoS class DP level ---- --------- -------- ---More--- 17. show mvr command This command is used to show MVR configuration and status.
Page 125 ================== MVR Mode: Disabled MVR Interface Setting Name Mode Tagging Priority LLQI ---- -------------------------------- ---------- -------- -------- ----- Dynamic Tagged [Port Setting of aaa(VID-10)] Inactive Port: 1-10 [Channel Setting of aaa(VID-10)] Name : aaa Start Address: 224.0.0.1 End Address : 224.0.0.10 MVR Immediate Leave Setting Port Immediate Leave ---- ---------------...
Page 126 18. show ntp command <**> This command is used to show system time settings of the switch. # show ntp ? config Show NTP configuration Show daylight saving time configuration zone Show system timezone configuration show ntp config command will show NTP configuration. # show ntp config NTP Configuration: ==================...
Page 127 # show ntp zone System Timezone Configuration: ============================== Timezone Offset : 5400 ( 540 minutes) Timezone Acronym : Japan 19. show port command This command is used to show port mirror function setting. show port monitor command is used to show port mirror function setting. For example, # show port monitor Mirror Configuration:...
Page 128 Number of QCEs: 1 show queue status command will show QCL status. # show queue status User ID Frame Class DP DSCP Conflict Port ---------- ----- ----- -- --------- -------- ------- Static Number of QCEs: 1 21. show radius-server command This command is used to show RADIUS Server configuration and statistics.
Page 129 For example, # show running-config !building running-config, please w ait..!10G …… …… interface ethernet 1/5 qos tagremarking map 2 1 0 0 exit interface ethernet 1/1-10 sw itchport allow ed vlan add 1 exit interface vlan 1 ip address 192.168.1.118 255.255.255.0 ipv6 address fc80::215:c5ff:fe03:4dc0 120 exit 23.
Page 130 Flow Ctl Disabled ....24. show rmon command This command is used to show RMON configuration. # show rmon ? alarm Show RMON alarm entries event Show RMON event entries history Show RMON history entries statistics Show RMON statistics entries show rmon alarm command will show RMON alarm configuration.
Page 131 25. sflow command This command is used to show sFlow configuration and stauts. # show sflow ? counter_poller Show counter polling interval configuration per port flow _sampler Show flow sampler configuration per port. receiver Show the sFlow receiver statistics Show statistics show sflow counter_poller command will show sFlow counter polling interval configuration per port.
Page 132 # show sflow statistics samplers Per-Port Statistics: ==================== No non-zero counters. 26. show snmp command This command is used to show SNMP configuration of the switch. # show snmp ? access SNMPv3 access entry community SNMPv3 community entry group SNMPv3 group entry user SNMPv3 user entry view...
Page 133 default_ro_group NoAuth, NoPriv default_view None 2 default_rw _group NoAuth, NoPriv default_view default_view Number of entries: 2 show snmp community command will show SNMPv3 community entry. # show snmp community SNMPv3 Communities Table: Idx Community Source IP Source Mask --- -------------------------------- --------------- --------------- public 0.0.0.0...
Page 134 Number of entries: 3 27. show spanning-tree command This command is used to show spanning tree configuration of the switch. # show spanning-tree ? ethernet Show STP Port configuration Show MSTP configuration statistics Show STP port statistics status Show STP Bridge status <cr>...
Page 135 configuration. “x” is the index of MSTI with value 0~7. # show spanning-tree ethernet 0 MSTI Port Path Cost Priority ---- ---- ---------- -------- CIST Aggr Auto MSTI Port Path Cost Priority ---- ---- ---------- -------- CIST 1 Auto CIST 2 Auto CIST 3 Auto...
Page 136 Port Rx_MSTP Tx_MSTP Rx_RSTP Tx_RSTP Rx_STP Tx_STP Rx_TCN Tx_TCN Rx_Ill. Rx_Unk. --------- -------- -------- -------- -------- ------- ------- ------- ------- ------- ----- show spanning-tree status x command will show MSTP Bridge status. “x” is the index of MSTI with value 0~7. # show spanning-tree status 0 CIST Bridge STP Status Bridge ID...
Page 137 Softw are Date : 2012-08-17T14:31:24+08:00 MAC Address : 00-c0-f9-66-66-99 Number of Ports : 10 Previous Restart: Cold 30. show tacacs-server command This command used show TACACS+ Authentication Server Configuration. # show tacacs-server Server Timeout : 15 seconds Server Dead Time : 300 seconds TACACS+ Authentication Server Configuration: ============================================ Server Mode...
Page 138 LLAG1 Static 1,2 None 32. show users command This command is used to show users configuration. For example, # show users Users Configuration: ==================== User Name Privilege Level -------------------------------- --------------- admin ad01 op01 gu01 33. show version command This command is used to show system version information and model information.
Page 139 default 1-10 None VLAN forbidden port list: ========================= VLAN Name Ports ---- -------------------------------- ----- show vlan id x command is used to show VLAN setting of VLAN x. (“x” is the VLAN ID). # show vlan id 10 VLAN Name User Ports Conflicts Conflict_Ports ----...
Page 140 Combined None None VLAN forbidden port list: ========================= VLAN Name Ports ---- -------------------------------- ----- show vlan port-based command will show Port-Based VLAN Configuration. # show vlan port-based PVLAN ID Ports -------- ----- 1-10 show vlan voice command will show Voice VLAN configuration. # show vlan voice Voice VLAN Configuration: =========================...
Page 141: About Telnet And Snmp Management Interfaces
6.3 About Telnet and SNMP Management Interfaces 6.3.1 About Telnet Management Interface If you want to use Telnet to manage the switch from remote site, you have to set the IP/NetMask/Gateway address to the switch first. Then use "telnet <IP>" command to connect to the switch.
Page 142: Management With Http Connection
6.4 Management with Http Connection Users can manage the switch with Http Web Browser connection. default IP setting is 192.168.1.1 and NetMask 255.255.255.0. The default IP Gateway is 192.168.1.254. Before http connection, IP address configuration of the switch could be changed first. 1 Please follow the instruction in Section 6.2 to complete the console connection.
Page 143 Left part of the homepage is a function list. Users can select one of them for status monitoring or switch configuration. There are four operation groups in the function list. Configuration : this is for switch function configuration. Monitor : this is for switch function status and statistics monitor. Diagnostics : this is diagnostics functions for switch.
Page 144: Configuration - System
6.4.1 Configuration - System 1). Configuration - System - Information This is used to configure System Name, System Location, and System Contact. The information is also applied to SNMP agent function. 2). Configuration - System - IP This page is used to setup IP configuration of the switch. You can enable DHCP client function to get IP configuration from DHCP server automatically.
Page 145 3). Configuration - System - IPv6 This page is used to setup IPv6 configuration of the switch. You can enable Auto Configuration function to get IP configuration automatically. Or, disable Auto Configuration function and set IP configuration manually. 4). Configuration - System - NTP This switch support NTP protocol to get time from Internet time server.
Page 146 Refer to your location to configure “Time Zone”. Daylight Saving Time function will set the system time one-hour early than normal time in a period of time. [Start Time] and [End Time] can be used to set the time period. 6).
Page 147 Users can configure Syslog Server here. If this function is enabled, the switch will record events to the Syslog Server. The Server Address is the IPv4 host address of syslog server. If the switch provide DNS feature, it also can be a host name. The Syslog Level indicates what kind of message will send to syslog server.
Page 148: Configuration - Power Reduction
6.4.2 Configuration - Power Reduction Power Reduction 1). Configuration - - EEE This page is used to configure EEE (Energy Efficient Ethernet) function of the switch for power reduction. It can be enabled by port. EEE Urgent Queues will activate tranmission of frames as soon as data is available.
Page 149: Configuration - Ports
6.4.3 Configuration - Ports 1). Configuration - Ports This page is used to configure ports of the switch. And Link status can be found in the page. Speed can configure the operation speed and duplex mode of ports. Flow Control can configure the flow control function for full duplex connections. Excessive Collision Mode can configure the collision function for half duplex connections.
Page 150: Configuration - Security
6.4.4 Configuration - Security 6.4.4.1 Configuration - Security - Switch 1). Configuration - Security - Switch - Users This page is used to create users for the switch. There are three Privilege Level for users ... 3 - This is for administrator. This user can do every configuration and view every status of the switch.
Page 151 - local: use the local user database on the switch for authentication. - radius: use a remote RADIUS server for authentication. - tacacs+: use a remote TACACS+ server for authentication. RADIUS server and TACACS+ server are configured in Configuration - Security - AAA page.
Page 152 This page is used to configure IP address range that is allowed for remote management. The remote management interface could be HTTP/HTTPS, SNMP, or TELNET/SSH. 6). Configuration - Security - Switch - SNMP 6-1). Configuration - Security - Switch - SNMP - System...
Page 153 This page is used to configure SNMP System configuration and Trap configuration. 6-2). Configuration - Security - Switch - SNMP - Communities This page is used to configure SNMPv3 Community. Entry could be added or deleted.
Page 154 6-3). Configuration - Security - Switch - SNMP - Users This page is used to configure SNMPv3 User. Entry could be added or deleted. 6-4). Configuration - Security - Switch - SNMP - Groups This page is used to configure SNMPv3 Group. Entry could be added or deleted.
Page 155 This page is used to configure SNMPv3 Access. Entry could be added or deleted. 7). Configuration - Security - Switch - RMON 7-1). Configuration - Security - Switch - RMON - Statistics This page is used to configure RMON Statistics. Entry could be added or deleted.
Page 156 This page is used to configure RMON Alarm. Entry could be added or deleted. 7-4). Configuration - Security - Switch - RMON - Event This page is used to configure RMON Event. Entry could be added or deleted. 6.4.4.2 Configuration - Security - Network 1).
Page 157 This page is used to configure Port Security Limit Control function. Limit Control allows for limiting the number of users on a given port. A user is identified by a MAC address and VLAN ID. If Limit Control is enabled on a port, the limit specifies the maximum number of users on the port.
Page 158 This page is used to configure 802.1x Network Access Control function. Users need to be authenticated first for network access through switch ports. The authentication is processed by RADIUS Server. The details for the operation is configured here. RADIUS Server is configured in Configuration - Security - AAA page. 3).
Page 159 This page is used to configure the ACL parameters (ACE) of each switch port. These parameters will affect frames received on a port unless the frame matches a specific ACE. 3-2). Configuration - Security - Network - ACL - Rate Limiters...
Page 160 This page is used to define rate limiters. Those Rate Limiters are used for ACL action. The Rate Limiters could be defined by pps (Packet per second) or kbps (kilo bit per second). 3-3). Configuration - Security - Network - ACL - Access Control List Click “(+)”, the ACE configuration window will be prompted.
Page 161 4). Configuration - Security - Network - DHCP 4-1). Configuration - Security - Network - DHCP - Snooping This page is used to configure DHCP Snooping function. When DHCP snooping mode operation is enabled, the DHCP request mes sages will be forwarded to trusted ports and only allow reply packets from trusted ports.
Page 162 This page is used to configure DHCP Relay and DHCP Opti on 82 functions. When DHCP relay mode operation is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain.
Page 163 IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. This function limit the maximum number of dynamic clients that can be learned on given port.
Page 164 This page is used to add/delete Static IP Source Entry. A Static IP Source Entry consists of Port, VLAN ID, IP Addtress and Mac address. This static table is used to prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.
Page 165 This page is used to add/delete Static ARP Entry in Static ARP Inspection Table. This table will be used for ARP Inspection security function. 6.4.4.3 Configuration - Security - AAA...
Page 166 This page is used to configure RADIUS and TACACS+ Servers. The settings are used for 802.1x network access and switch user login authentication operations.
Page 167: Configuration - Aggregation
6.4.5 Configuration - Aggregation 6.4.5.1 Configuration - Aggregation - Static This page is used to configure Aggregation Hash Mode and Static Aggregation Group. The Aggregation Hash Mode selects the Hash Code Contributors that can be used to calculate the destination port for the frame. Up to five Static Aggregation Groups can be used for Aggregation.
Page 168 This page is used to configure LACP function for Aggregation operation. LACP is an IEEE 802.3ad standard protocol. The Link Aggregation Control Protocol, allows bundling several physical ports together to form a single logical port. Two switches can create aggregation connection with LACP function.
Page 169: Configuration - Loop Protection
6.4.6 Configuration - Loop Protection This page is used to configure Loopback Detection function. Loopback on port will cause packet storm in switch. If Loopback Detection is enabled on ports and Tx Mode is enabled, the port is actively generating loop protection PDU's . If loopback is found, the action could be shutdown port or log it.
Page 170: Configuration - Spanning Tree
6.4.7 Configuration - Spanning Tree 6.4.7.1 Configuration - Spanning Tree - Bridge Settings This page is used to configure Spanning Tree Bridge configuration. This switch supports STP(IEEE 802.1D), RSTP(IEEE 802.1w), and MSTP(IEEE 802.1s). It could be selected at Prorocol Version. 6.4.7.2 Configuration - Spanning Tree - MSTI Mapping...
Page 171 This page is used to configure the mapping between MSTI and VLAN. Configuration Identification consists of the name and revision to identify the VLAN to MSTI mapping. Bridges must share the name and revisio n, as well as the VLAN-to-MSTI mapping configuration in order to share spanning trees for MSTI's (Intra-region).
Page 172 This page is used to configuration MSTI Priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6 -byte MAC address of the switch forms a Bridge Identifier. 6.4.7.4 Configuration - Spanning Tree - CIST Ports...
Page 173 This page is used to configure Spanning Tree opeartion on Ports. 6.4.7.5 Configuration - Spanning Tree - MSTI Ports Select the MSTI. Click [Get]. The MSTI Port Configuration will be shown.
Page 174 An MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options. Path Cost controls the path cost incurred by the port.
Page 175: Configuration - Mvr
6.4.8 Configuration - MVR This page is used to configure MVR function. The MVR featur e enables multicast traffic forwarding on the Multicast VLANs. In a multicast television application, a PC or a network television or a set-top box can receive the multicast stream.
Page 177: Configuration - Ipmc
6.4.9 Configuration - IPMC 6.4.9.1 Configuration - IPMC - IGMP Snooping 1). Configuration - IPMC - IGMP Snooping - Basic Configuration This page is used to configure the basic configuration of IGMP Snooping function. Configuration for general settings and port settings can be done here.
Page 178 This page is used to maintain the IGMP Snooping VLAN Table. The following functions are supported. - Add a new IGMP VLAN. Configure it. And Save. - Edit a IGMP VLAN. - Delete a IGMP VLAN 3). Configuration - IPMC - IGMP Snooping - Port Group Filtering This page is used to maintain IGMP Filtering Group on Port.
Page 179 This page is used to configure the basic configuration of MLD Snooping function. Configuration for general settings and port settings can be done here. 2). Configuration - IPMC - MLD Snooping - VLAN Configuration This page is used to maintain the MLD Snooping VLAN Table. The following functions are supported.
Page 180 This page is used to maintain MLD Filtering Group on Port. The IP Multicast Group in the table will be filtered on the port.
Page 181: Configuration - Lldp
6.4.10 Configuration - LLDP This page is used to configure LLDP function of the switch. The system general settings and ports settings can be configured. LLDP is an IEEE 802.1ab standard protocol. The Link Layer Discovery Protocol(LLDP) specified in this standard allows stations attached to an IEEE 802 LAN to advertise, to other stations attached to the same IEEE 802 LAN, the major capabilities provided by the system incorporating that station, the management address or addresses of the entity...
Page 182: Configuration - Mac Table
6.4.11 Configuration - MAC Table This page is used to configure Mac Table function of the switch. Aging Time, Mac Address Learning, Static Mac Address can be configured in this function. If Mac Address Learning is set to Secure, o nly static MAC entries are learned, all other frames are dropped.
Page 183: Configuration - Vlans
6.4.12 Configuration - VLANs 6.4.12.1 Configuration - VLANs - VLAN Membership This page is used to maintain 802.1Q VLAN Group. Add a new VLAN, and assign VLAN ID, VLAN Name, Ports to it. Edit a VLAN. Delete a VLAN. 6.4.12.2 Configuration - VLANs - Ports This page is used to configure 802.1Q VLAN and Q-in-Q function on Ports.
Page 184 About Port Type ... - Unaware: When a port is setup as Unaware. Incoming frames will be treated as untagged. Even when an incoming frame is tagged, this tag is treated by the switch as payload. And the frame will be classified to port based VLAN — PVID.
Page 186: Configuration - Port-Based Vlans
6.4.13 Configuration - Port-Based VLANs 6.4.13.1 Configuration - Port-Based VLANs - PVLAN Membership This page is used to configure Port-based VLAN. Port-based VLAN can be created, edited, deleted. 6.4.13.2 Configuration - Port-Based VLANs - Port Isolation This page is used to configure Port Isolation function. If ports are marked as Isolation, they cannot communicate with each other even they are in the same VLAN.
Page 187: Configuration - Voice Vlan
6.4.14 Configuration - Voice VLAN 6.4.14.1 Configuration -Voice VLAN - Configuration This page is used to configure Voice VLAN of the switch. It can configure general system settings and port settings. If the function is enabled, the switch can auto -detect VoIP traffic and forward the traffic in the Voice VLAN with specific priority.
Page 188 This page is used to maintain the OUI table for Voice IP traffic. OUI is the first three bytes of Mac Address. Packets with OUI in the table will be treated as Voice traffic.
Page 189: Configuration - Qos
6.4.15 Configuration - QoS 6.4.15.1 Configuration - QoS - Port Classification This page is used to configure the basic QoS Ingress Classification settings for all switch ports. The following parameters could be configured - Default QoS Class, default DP(Drop Precedence) Level, default PCP(Priority Code Point) for untagged frames, default DEI(Drop Eligible Indicator) for untagged frames, default process for tagged frames, DSCP-based QoS.
Page 190 The QoS class and DP level settings works only when both tag classification and DSCP classification are disabled. The PCP and DEI s ettings will be applied when untagged packets are translate to tagged packets. When both tag classification and DSCP classification are disabled, QoS class and DP level settings are statically assigned to a port.
Page 191 This page will show port egress scheduler mode and weight of each queue. Click Port number to configure its Egress Scheduler. The following pag e will be shown. This page is used to configure Egress traffic Scheduler and Egress traffic Shaper on port.
Page 192 The traffic shaper could operate by queue or by port. Enable by checking it and give a limit value. 6.4.15.4 Configuration - QoS - Port Shaping This page will show egress shaper settings of each port and each queue. Click Port number to configure its Egress Shaper. The following page will be shown.
Page 193 This page is used to configure Egress traffic Scheduler and Egress traffic Shaper on port. The traffic scheduler could operate in Strict Priority mode or Weighted mode. If in Weighted mode, the weighting of each queue could be configured. The traffic shaper could operate by queue or by port. Enable by checking it and give a limit value.
Page 194 When “Default” or Select the mode and configure the parameters for it. “Mapped” is selected, the defaulf/mapped PCP and DEI will applied to the egress tagged packet when the egress port is a tagged port. The original PCP and DEI settings will be remarked by the defaulf/mapped PCP and DEI. Or, the defaulf/mapped PCP and DEI will be applied to out tag for double tagging Q-in- Q applications.
Page 195 to QoS mapping is done in the [DSCP-Based QoS] page.) Instead Ingress Classify in [Port DSCP] means QoS to internal DSCP mapping. When a QoS class (either from port default or VLAN Tag or DSCP) is gotten, the Ingress Classify can map this QoS class to internal DSCP. This internal DSCP then can do another egress map to affect the DSCP value when the frame is sent out.
Page 196 This page is used to configure QoS Ingress Classification for each DSCP value. Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level. Frames with untrusted DSCP valu es are treated as a non-IP frame.
Page 197 2. Classify: Select the DSCP value to enable its QoS Class to internal DSCP mapping operation when Ingess Classify is “Selected” in [Port DSCP] page . For Egress, there are the following configurable parameters for Egress side - 1. Remap DP0 Controls the remapping for frames with DP leve l 0. 2.
Page 198 6.4.15.10 Configuration - QoS - QoS Control List This page is used to configured QCL(QoS Control List). Each QCE consists of packet parameters and QoS action for packets match the parameters. With this function, specific packet traffic could be processed with expected QoS action.
Page 199: Configuration - Mirroring
6.4.16 Configuration - Mirroring This page is used to configure Mirror function of the switch. To debug network problems, selected traffic can be copied, or mirrored, on a mirror port where a frame analyzer can be attached to analyze the frame flow. The mirror traffic could be transmit packets (egress or destination mirroring), receive packets (ingress or source mirroring), or both.
Page 200: Configuration - Sflow
6.4.17 Configuration - sFlow This page is used to configuring sFlow. The configuration is divided into two parts: Configuration of the sFlow receiver (a.k.a. sFlow collector) and configuration of per-port flow and counter samplers. sFlow configuration is not persisted to non-volatile memory, which means that a reboot will disable sFlow sampling.
Page 201: Monitor - System
6.4.18 Monitor - System 6.4.18.1 Monitor - System - Information switch system information. This page is used to show 6.4.18.2 Monitor - System - Log system log information of the switch. This page is used to show Level is a filter for showing expected system information. Clear Level is the level that will be applied for clear operation by clicking [Clear].
Page 202 This page is used to show the details of log. Entering the ID, details of the log will be shown.
Page 203: Monitor - Port
6.4.19 Monitor - Port 6.4.19.1 Monitor - Port - State This page is used to show Port Link status. Clicking port will show its statistics. 6.4.19.2 Monitor - Port - Traffic Overview This page is used to show brief statistics of each port. 6.4.19.3 Monitor - Port - QoS Statistics...
Page 204 This page is used to show traffic statistics of queues on each port. Clicking port will show its statistics. 6.4.19.4 Monitor - Port - QCL Status This page is used to show the QCL status by different QCL users. Each ro w describes the QCE that is defined.
Page 205 This page is used to show detail statistics of port. Select the port. And detail statistics of the port will be shown. 6.4.19.6 Monitor - Port - DDMI This page is used to show SFP transceiver information and status if the transceiver supports DDMI (Digital Diagnostics Monitoring Interface) function.
Page 206: Monitor - Security
6.4.20 Monitor - Security 6.4.20.1 Monitor - Security - Access Management Statistics This page is used to show management traffic statistics of every interface. 6.4.20.2 Monitor - Security - Network 1-1). Monitor - Security - Network - Port Security - Switch This page is used to show the current state of the port and the number of currently learned MAC addresses (forwarding as well as blocked) and the maximum number of MAC addresses that can be learned on the port,...
Page 207 State of port could be ... - Disabled: No user modules are currently using the Port Security service. - Ready: The Port Security service is in use by at least one user module, and is awaiting frames from unknown MAC addresses to arrive. - Limit Reached: The Port Security service is enabled by at least the Limit Control user module, and that module has indicated that the limit is reached and no more MAC addresses should be taken in.
Page 208 This page provides an overview of the current NAS (by 802.1x) port states. NAS is an acronym for Network Access Server. The NAS is meant to act as a gateway to guard access to a protected source. A client connects to the NAS, and the NAS connects to another resource asking whether the client's supplied credentials are valid.
Page 209 4-1). Monitor - Security - Network - DHCP - Snooping Statistics This page is used to show DHCP Snooping traffic statistics on port. Select Port. And the DHCP Snooping traffic statistics on the port will be shown. The statistics doesn't count the DHCP packets for system DHCP client or DHCP relay mode is enabled 4-2).
Page 210 Entries in the Dynamic ARP Inspection Table are shown on this page. The Dynamic ARP Inspection Table contains up to 1024 entries, a nd is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. 6).
Page 211 The Status could be ... - Disabled: The server is disabled. - Not Ready: The server is enabled, but IP communication is not yet up and running. - Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept access attempts.
Page 212 1). Monitor - Security - Switch - RMON 1-1) Monitor - Security - Switch - RMON - Statistics This page provides an overview of RMON Statistics entries. 1-2) Monitor - Security - Switch - RMON - History This page provides an overview of RMON History entries. 1-3) Monitor - Security - Switch - RMON - Alarm This page provides an overview of RMON Alarm entries.
Page 213 This page provides an overview of RMON Event table entries.
Page 214: Monitor - Lacp
6.4.21 Monitor - LACP 6.4.21.1 Monitor - LACP - System Status This page provides a status overview for all LACP instances. 6.4.21.2 Monitor - LACP - Port Status This page provides a status overview for LACP status for all ports. 6.4.21.3 Monitor - LACP - Port Statistics...
Page 215 This page provides an overview for LACP statistics for all ports.
Page 216: Monitor - Loop Protection
6.4.22 Monitor - Loop Protection This page displays the loop protection port status for ports of the switch. If loop happens on port, packet storm will be generates from the switch. That will cause serious problem for normal network operation. Loop Protection function can prevent such problem happens on ports.
Page 217: Monitor - Spanning Tree
6.4.23 Monitor - Spanning Tree 6.4.23.1 Monitor - Spanning Tree - Bridge Status This page provides a status overview of all STP bridge instances. Click CIST or MSTIx, STP Detailed Bridge Status will be shown. 6.4.23.2 Monitor - Spanning Tree - Port Status...
Page 218 This page displays the STP CIST port status for physical ports of the switch. The CIST Role could be AlternatePort, BackupPort, RootPort, DesignatedPort, or Disabled. The CIST State could be Discarding, Learning, or Forwarding. 6.4.23.3 Monitor - Spanning Tree - Port Statistics This page displays the STP port statistics counters of bridge ports in the switc h.
Page 219: Monitor - Mvr
6.4.24 Monitor - MVR 6.4.24.1 Monitor - MVR - Statistics This page provides MVR Statistics information. 6.4.24.2 Monitor - MVR - MVR Channel Groups Entries in the MVR Channels (Groups) Information Table are shown on this page. The MVR Channels (Groups) Information Table is sorted first by VLAN ID, and then by group.
Page 220: Monitor - Ipmc
6.4.25 Monitor - IPMC 6.4.25.1 Monitor - IPMC - IGMP Snooping 1). Monitor - IPMC - IGMP Snooping - Status This page provides IGMP Snooping status. Protocol status and statistics are shown. Router Port active status is shown. 2). Monitor - IPMC - IGMP Snooping - Groups Information Entries in the IGMP Group Table are shown on this page.
Page 221 Entries in the IGMP SFM Information Table are sh own on this page. The IGMP SFM (Source-Filtered Multicast) Information Table also contains the SSM (Source-Specific Multicast) information. This table is sorted first by VLAN ID, then by group, and then by Port. Different source addresses belong to the sam e group are treated as single entry.
Page 222 Entries in the MLD SFM Information Table are shown on this page. The MLD SFM (Source-Filtered Multicast) Information Table also contains the SSM (Source-Specific Multicast) information. This table is sorted first by VLAN ID, then by group, and then by Port. Different source addresses belong to the same group are treated as single entry.
Page 223: Monitor - Lldp
6.4.26 Monitor - LLDP 6.4.26.1 Monitor - LLDP - Neighbours This page provides a status overview for all LLDP neighbours. The displayed table contains a row for each port on which an L LDP neighbour is detected. 6.4.26.2 Monitor - LLDP - EEE This page provides an overview of EEE information exchanged by LLDP.
Page 224 This page provides an overview of all LLDP traffic. Two types of counters are shown. Global counters are counters that refer to the whole switch, while local counters refer to per port counters for the currently selected switch.
Page 225: Monitor - Mac Table
6.4.27 Monitor - MAC Table Entries in the MAC Table are shown on this page. The MAC Table contains up to 8192 entries, and is sorted first by VLAN ID, then by MAC address.
Page 226: Monitor - Vlans
6.4.28 Monitor - VLANs 6.4.28.1 Monitor - VLANs - VLAN Membership This page provides an overview of membership status of VLAN. 6.4.28.2 Monitor - VLANs - VLAN Port This page provides VLAN Port Status and Setting.
Page 227: Monitor - Sflow
6.4.29 Monitor - sFlow This page shows receiver and per-port sFlow statistics.
Page 228: Diagnostics - Ping
6.4.30 Diagnostics - Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues. After you click [Start], ICMP packets are transmitted, and the sequence n umber and round trip time are displayed upon reception of a reply. The amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space(the ICMP header).
Page 229: Diagnostics - Veriphy
6.4.32 Diagnostics - VeriPHY This page is used for running the VeriPHY Cable Diagnostics for 10/100 and 1G copper ports. Click [Start] to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table.
Page 230: Maintenance - Restart Device
6.4.33 Maintenance - Restart Device You can restart the switch on this page. After restart, the switch will boot normally. [Yes] : Click to restart device. [No] : Click to return to the Port State page without restarting. 6.4.34 Maintenance - Factory Defaults You can reset the configuration of the switch on this page.
Page 231 6.4.35.1 Maintenance - Software - Upload This page facilitates an update of the firmware controlling the switch. [Browse] to the location of a software image and click [Upload]. After the software image is uploaded, a pa ge announces that the firmware update is initiated.
Page 232 alternate firmware images. Note: 1. In case the active firmware image is the alternate image, only the "Active Image" table is shown. In this case, the “Activate Alternate Image” button is also disabled. 2. If the alternate image is active (due to a corruption of the primary image or by manual intervention), uploading a new firmware image to the device will automatically use the primary image slot and activate this.
Page 233: Software Update And Backup
7. Software Update and Backup This switch supports software update and configuration backup/update/restore functions. It could be done in two ways. 1. From web browser: Doing by http protocol and by web browser. Please refer to the description of “Maintenance” function in Section 6.4.35 for Software Update and Section 6.4.36 for Configuration Backup/Restore.
Page 234: Product Hardware Specifications
Product Hardware Specifications [ 8TX+2SFP Model ] Access Method Ethernet, CSMA/CD Standards Conformance IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE IEEE 802.3z, IEEE 802.3ab (1000Base) Communication Rate 10/100/1000Mbps for TX, 100/1000Mbps for SFP Full / Half duplex (auto-negotiation) MDI/MDIX Auto-Detect Indicator Panel LEDs for each unit : Power, System each port : Link/Act(Green:1000M, Yellow:10/100M)
Page 235 Dimensions 250 x 117 x 37 mm Certification CE Mark, FCC Class A Temperature Standard Operating: 0 to 50℃ Humidity 10% to 90% (Non-condensing) Fanless Bridging Function Filtering, forwarding and learning Switching Method Store-and-forward Address Table 8K entries Filtering/Forwarding Rate Line speed Maximum Packet Size 9600 Bytes...
Page 236: Product Software Specifications
Product Software Specifications Port Control Port speed, duplex mode, and flow control Port frame size (1518 - 9600 bytes) Port state (administrative status) Port status (link monitoring) Port statistics (MIB counters) Port VeriPHY (cable diagnostics) Power Control L2 Switching Auto MAC address learning/aging and MAC addresses (static) IEEE 802.1Q VLAN, Q-in-Q, Port isolation, Port Based VLAN...
Page 237 TACACS+ Web and CLI authentication and authorization Authorization (3 levels) ACLs for filtering(256 entries), policing, and port copy IP source guard Synchronization NTPv4 Client Power Saving ActiPHY, PerfectReach Ethernet Energy Efficient power management(EEE) Management HTTP server CLI console port Telnet Management access filtering SSHv2 and HTTPS IPv6 Management...
Page 238: Compliances
Compliances EMI Certification FCC Class A Certification (USA) Warning: This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the i nstruction manual, may cause interference to radio communications. It has been tested and found to comply with the limits for a Class A digital device pursuant to Subpart B of Part 15 of FCC Rules, which are designed to provide reasonable protection against such interference when operated in a commercial environment.
Page 239: Warranty
Warranty We warrant to the original owner that the product delivered in this package will be free from defects in material and workmanship for a period of warranty time from the date of purchase from us or the authorized reseller. The warranty does not cover the product if it is damaged in the process of being installed.

This manual is also suitable for:

Gsw-3216m1 Gsw-3424m1

CTC Union GSW-3208M1 User Manual

1 Introduction

2 Where to Place the Switch

3 Configure Network Connection

4 Adding Module

5 Leds Conditions Definition

6 Manage / Configure the Switch

7 Software Update and Backup

Product Hardware Specifications

Product Software Specifications

Compliances

Warranty

Quick Links

Related Manuals for CTC Union GSW-3208M1

Summary of Contents for CTC Union GSW-3208M1

This manual is also suitable for:

Table of Contents