1. Manuals
  2. Brands
  3. Alfa Network Manuals
  4. Switch
  5. AFSG-2242
  6. User manual

Alfa Network AFSG-2242 User Manual

Ip-mac lock switch
Hide thumbs Also See for AFSG-2242:
Table of Contents

Advertisement

Quick Links

Download this manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AFSG-2242 and is the answer not in the manual?

Questions and answers

Related Manuals for Alfa Network AFSG-2242

Summary of Contents for Alfa Network AFSG-2242

  • Page 2: Table Of Contents

    IP- MAC Lock Control brief introduction product special feature introduces Web-Based Management ……………………………… Web interface management style- The system logs on… 07 Web manages a menu brief introduction ……………… 08 System information explains IP structure explains ……………………………… S E T D H C P S e r v e r … … … … … … … … … … … … 1 3 DHCP user's information ………………………………...
  • Page 3 S E T V L A N c o n f i g u r a t i o n … … … … … … … … … … 5 0 S E T P o r t - b a s e d V L A N … … … … … … … … … 5 1 S E T 8 0 2 .
  • Page 4 V i e w A l l M A C A d d r e s s e s … … … … … … … … … 1 0 5 A c c e s s C o n t r o l L i s t ( A C L ) … … … … … … … … 1 0 6 How make use of ACL the function reach space to control…...
  • Page 5 About …. IP – MAC Lock Control Lock of the IP- MAC Control is a local - area network information security a key defense line, the IP in the local - area network's using a security is easily ignored, no matter BE deliberately embezzle, or usually caused the trouble of information personnel management as for misapplication that pay no attention.。...
  • Page 6 Special specification Adopt the chip of the latest ASIC, handle capability multiplication complete hardware type handles the function of IP- MAC Lock. Support Multilingual to turn a management interface Found exchanger Multilingual to turn a management interface, manage more diversified. Automatically learn on-line information of the IP/ MAC/ Port/ VLAN Don't need to pursue a pen to key-in the data of the IP/ MAC, can be opened by the automatic lieutenant general of the learning detailed list legal user to...

  • Page 7: Web-Based Management

    Web-Based Management This chapter will introduce structure and function concerning network interface management management. network interface manage In the central panel flash memory of transducer in having already contained HTML the format can provide a valid management and let the user all anywhere can manage this transducer as Explorer of Internet of Microsoft through the browser of standardization at any time.

  • Page 8: Web Interface Management Style- The System Logs On

    Web interface management style- The system logs on At first factory default IP address : 192.168.2.1 Sub - network : Gateway : 192.168.2.254 User name : admin Password : password Run Internet Explorer. Press the Enter key after inputing an IP address.. Log on menu to appear Key-in user name and password.

  • Page 9: Web Manages A Menu Brief Introduction

    Web manages a menu brief introduction Above graphic: Stats of Port(the port link a status) When the port connectivity operates, the port's will display green lamp signal. Left side graphic: The function manages row The containment of the system function: The system address of the information/ IP sets/ DHCP server/ TFTP update picking/ event record/ SNTP time set/ safe ccess management/ user name and password manage/ enter the rank manage.
  • Page 10 containment of the interblock function of IP and MAC: The IP and MAC interblock sets the interblock status of table/ IP and MAC to set/ IP and MAC learn and lock out table. network security manages function containment: access of the 802.1 xes/Radius/ MAC address table/ ACL controls tabulator/ illegal DHCP filter setting.

  • Page 11: System Information Explains

    System information explains This page can provide you originally the basic information of the product, containment: The address of the model number/ product name/ place/ the release of the contact body release/ nucleus of the information/ Ren/ MAC that this machine belong to address.

  • Page 12: Ip Structure Explains

    IP structure explains You can change the client function of the setting of the IP of this product and DHCP through this function. DHCP Client: Can select to open or close an au to obtain IP this function. While obtaining IP function to open automatically, this switch will start DHCP server function automatically.
  • Page 13 DNS1: Point to send the first the address of DNS IP. DNS2: Point to send the second the address of DNS IP. Press the "Send" key.
  • Page 14 DHCP Server – Set DHCP Server This product provides DHCP the server function. After you open the function of DHCP server, will start the function belonged to. DHCP Server : not. IP address of begin : Low IP address is a dynamic state IP the point of departure of the range. IP address of end : For example: Dynamic state IP range by 192.168.16.100~192.168.16.200.
  • Page 15 Rental agreement time (sec) : Setting a period of time lets the system reallocate dynamic state IP to will not be taken up with long hours with insuring dynamic state IP or server's DOing not confirm dynamic state IP is an idle status.

  • Page 16: Dhcp User's Information

    DHCP user's information When the DHCP server function is to start as usual, the system will collect DHCP at this time the customer carries of information and from here the page display come out.
  • Page 17 DHCP Server – Set Port and IP Bindings Port and IP address Bindings You can assign the IP address of designation to the appointed port in the dynamic state IP the allocation the range. When the device links to that port, the system points the IP that you specify the parties to that port for the meeting.

  • Page 18: T F T P - U P D A T E F I R M W A R

    TFTP - Update Firmware You can update switch firmware through this function. You can store current initial value through TFTP before updating, then again by recover to set the page of the file to reply this initial value. Before updating, please confirm the server of your TFTP first to is ready and the file of firmware map also at TFTP the operation of the server exactitude.
  • Page 19 1. Immediately after click "the exes of the Tftpd32."s to run it, the following diagram. Note: If you didn't put the firmware and the exes of the Tftpd32. at the same the user whom the data clips, please click Step 2 diagrams in of Settings will appear following menu, then clip path in the Base the input firmware place data of Directory and press"OK".
  • Page 20 2. Please open the interface of Web setting(please open the Internet Explorer also manages in the Web address row input switch IP), Choose the unipole select"system" on the left side->"Tftp update picking", will be seen as follows menu.At"TFTP Server IP address" input the IP address of your computer (if place the computer IP of firmware in the diagram is 192.168.2.52), And "want the firmware file of update"...
  • Page 21 3. The exes of the Tftpd32., this program,s will appear following menu while starting updating firmware. 4. Will appear the menu that the system reboots after update completes, please press to"reboot". 5. Treat to reboot like after, please select by examinations "instauration default" that the left side chooses unipole, please must remember and select"sticking...
  • Page 22 currently IP address? "With" reserve currently user name and password?", Otherwise Switch IP address and user account number, passwordses all become revovery default. 6. After pressing to"Reset", the system will reboot one more. 7. Finally invite the left side to choose single"system"->"system information", if successfully update firmware, the firmware release will display For the latest version.

  • Page 23: T F T P - R E S T O R E C O N F I G U R A T I O

    TFTP – Restore Configuration You can store current initial value through TFTP, then again by recover to set the page of the file to reply this initial value. 1. TFTP the address of the server IP: Fill in TFTP server IP. 2.
  • Page 24 2. Please open the interface of Web setting(please open the Internet Explorer also inputs a switch management IP in the Web address row), choose the unipole select"system" on the left side->"Tftp update picking", will be seen as follows menu.Input the IP address of your computer in "the TFTP server IP address", input again "want to recover the setting file of setting", click a "Apply"...

  • Page 25: T F T P - B A C K U P C O N F I G U R A T I O

    TFTP - Backup Configuration You can be accessed existing EEPROM by the switch to be worth TFTP server, the square can get into TFTP instauration allocation the interface is from the new access EEPROM value. 1. TFTP the address of the server IP: Fill in TFTP server IP. 2.
  • Page 26 menu.Input the IP address of your computer in "the TFTP server IP address", input again "the filename of backup", click a "Settings" key then.

  • Page 27: S Y S T E M E V E N T L O

    System Event Log – Syslog Configuration The mode of the system event and the IP of the system log server selecting you to want to collect: system records mode: customer to carry, server port perhaps both all have. system records a server address: Appointed address of the system event server IP.

  • Page 28: System Event Log - Smtp Configuration

    System Event Log - SMTP Configuration You can create a mail server, IP bank account and password and forward an E-mail to reach an event guard. Send out mail alarm: SMTP the address of the server IP: warnning function opens, this function can be used). Authentication: E-mail account number and password(be an E-mail guard to open, this function can use.
  • Page 29 of e-mails to receive alarm Click. Press the "Apply" key.

  • Page 30: System Event Log - Event Configuration

    System Event Log - Event Configuration You can select system to recording the event of event and SMTP be choose of the action take place of time, the system will send out record information. The event of record and SMTP of each port can select in the meantime. After completing the above-mentioned step, select a "Apply": System event selects : 3 pickings can be provided as select.
  • Page 31 Port event selection : Select each port and each SMTP event. Have three pickings respectively: Disable : means to don't open this function Link UP : At port for up spread of situation bottom, the system will announce a record action. Link Down : Under the sistuation that the port is a download, the system will announce a record action.
  • Page 32 SNTP Configuration SNTP You can use SNTP(simple network time make an agreement) to set and make Switch built-in clock and network behavior synchronized for time. SNTP client : Whether select wants to open or closes from the function in SNTP time of server retrieval or not. Daylight saving time: function.
  • Page 33 ALA - Alaskan Standard HAW - Hawaiian Standard Nome, Alaska CET - Central European FWT - French Winter MET - Middle European MEWT - Middle European Winter SWT - Swedish Winter EET - Eastern European, USSR Zone BT - Baghdad, USSR Zone 2 ZP4 - USSR Zone 3 ZP5 - USSR Zone 4 ZP6 - USSR Zone 5...
  • Page 34 1. SNTP Sever URL: set the SNTP server IP address. 2. Daylight Saving Period set up the Daylight Saving beginning time and Daylight Saving ending time. Both will be different in every year. 3. Daylight Saving Offset (mins): set up the offset time. 4.
  • Page 35 IP Security IP security function allows user to assign 10 specific IP addresses that have permission to access the switch through the web browser for the securing switch management. IP Security Mode: Server and Enable Telnet Server check boxes will then be available. Enable HTTP Server: among Security IP1 ~ IP10 will be allowed to access via HTTP service.
  • Page 36 NOTE: Remember to execute the “Save Configuration” action, otherwise the new configuration will lose when switch power off.

  • Page 37: User Authentication

    User Authentication Change web management login user name and password for the management security issue User name: Key in the new user name(The default is “admin”) Password: Key in the new password(The default is “password”) Confirm password: And then, click “Apply” NOTE : If when you forgot user name or the password of modification back ask and your distributor's contact, because of this product for support Anne type equipment, our...

  • Page 38: Advanced Configuration- Broadcast Storm Filter

    Advanced configuration– Broadcast storm filter To set the broadcast storm rate to prevent network crash.. Flooded Unicast/Multicast Packets: Control Packets: IP Multicast Packets: Broadcast Packets: Enable/disable to limit the frame type. Enable/disable to limit the frame type. Enable/disable to limit the frame type. Enable/disable to limit the frame type.

  • Page 39: Advanced Configuration- Aging Time

    Advanced configuration– Aging Time Aging Time of MAC Table: Auto Flush MAC Table When Link Down: Advanced configuration– Jumbo frame Jumbo Frame: Enable/disable per port Jumbo frame function. Default 300 secs. enable/disable the function...

  • Page 40: P O R T S T A T I S T I C

    Port Statistics The following information provides the current port statistic information Down say information to provide current Port flow to statistics information. Can click "clear" button clearance all covariances. This page can display: 1. Type : 10TX / 100 TX / 1000TX / SX / LX。 2.
  • Page 41 operate as usual currently. 6. Rx good packet : display up spreads the encapsulation amount that the status operates as usual currently. 7. Rx Bad packet: display up spread the encapsulation amount that the status can't operate as usual currently. 8.

  • Page 42: P O R T C O N T R O

    Port Control In Port control, you can view every port status that depended on user setting and the negotiation result. Port: select the port that you want to configure. State: Current port status. The port can be set to disable or enable mode. If the port setting is disable then will not receive or transmit any packet.
  • Page 43 Duplex: set full-duplex or half-duplex mode of the port. Flow Control: set flow control function Security: When its state is “On”, means this port accepts only one MAC address. Click “Apply”.

  • Page 44: P O R T T R U N

    Port Trunk The Link Aggregation Control Protocol (LACP) provides a standardized means for exchanging information between Partner Systems on a link to allow their Link Aggregation Control instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs, move the link to that Link Aggregation Group, and enable its transmission and reception functions in an orderly manner.
  • Page 45 LACP: If enable, the group is LACP static trunk group. If disable, the group is local static trunk group. All ports support LACP dynamic trunk group. If connecting to the device that also supports LACP, the LACP dynamic trunk group will be created automatically. Work ports: allow max four ports can be aggregated at the same time.

  • Page 46: A G G R E G A T O R I N F O R M A T I O

    Aggregator Information When you had setup the LACP aggregator, you will see relation information in here。 According to top the diagram is an example and be you to set a page in the flock Port the 06/ Port 08/ Port 10/ Port 12 set for Trunk. One time, the page of the flock information presents your initial value for the meeting...

  • Page 47: S T A T E A C T I V I T

    State Activity When you had setup the LACP aggregator, you can configure port state activity. You can mark or un-mark the port. When you mark the port and click ”Apply” button the port state activity will change to Active. Opposite is Passive" Active: The port automatically sends LACP protocol packets.

  • Page 48: P O R T M I R R O R I N

    Port Mirroring The Port mirroring is a method for monitor traffic in switched networks. Traffic through ports can be monitored by one specific port. That means traffic goes in or out monitored (source) ports will be duplicated into mirror (destination) port. Analysis Port : There is only one port can be selected to be destination (mirror) port for monitoring both RX and TX traffic which come from source port.

  • Page 49: R A T E L I M I T I N

    Rate Limiting This series product can the asymmetric limit single connector to up spread / the bandwidth of download, the lowest bandwidth limits unit to 64 kbpses。The general exchanger all can not limit to up spread a bandwidth really effectively, this series product all bandwidth restrictions are all completed by ASIC chip, really will up spread bandwidth restriction to live.
  • Page 50 Up spreading the download bandwidth can the asymmetric select, can directly select the row according to the menu: 64 kbps/ 128 kbps / 256 kbps / 512 kbps / 1M bps/2Mbps /4Mkbps /8Mbps /16M bps / 32M bps /64M bps。(Prepare to establish the value as"off"). Switch runs appointed earth to up and down spread velocity: InRate: Enter the port effective ingress rate(The default value is “0”).

  • Page 51: Vlan Configuration

    VLAN configuration A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain, which would allow you to isolate network traffic, so only the members of the VLAN will receive traffic from the same members of VLAN. Basically, creating a VLAN from a switch is logically equivalent of reconnecting a group of network devices to another Layer 2 switch.
  • Page 52 LAN configuration - Port-based VLAN Packets can go among only members of the same VLAN group. Note all unselected ports are treated as belonging to another single VLAN. If the port-based VLAN enabled, the VLAN-tagging is ignored. In order for an end station to send packets to different VLAN groups, it itself has to be either capable of tagging packets it sends with VLAN tags or attached to a VLAN-aware bridge that is capable of classifying and tagging the packet with different VLAN ID based on not only default PVID but also other information about...
  • Page 53 3.Entering the VLAN name, group ID and grouping the members of VLAN group 4. And then, click “Apply”. 5. Use “Delete” button to delete unwanted VLAN. 6. Use ”Edit” button to modify existing VLAN group. [NOTE] Remember to execute the “Save Configuration” action, otherwise the new configuration will lose when switch power off.
  • Page 54 802.1Q VLAN Tagged-based VLAN is an IEEE 802.1Q specification standard. Therefore, it is possible to create a VLAN across devices from different switch venders. IEEE 802.1Q VLAN uses a technique to insert a “tag” into the Ethernet frames. Tag contains a VLAN Identifier (VID) that indicates the VLAN numbers. You can create Tag-based VLAN, and enable or disable GVRP protocol.
  • Page 55 Select the port that wants to configure. Link Type: there are 3 types of link type. Access Link ( Untag VLAN ) : single switch only, allow user to group ports by setting the same VID. Trunk Link ( Tag VLAN ): extended application of Access Link, allow user to group ports by setting the same VID with 2 or more switches.
  • Page 56 operate as usual. 2. If you set by the method of command line, at this time, you can recover primaries by the method of command line.Factory default remits the setting files of previous backup again to then relieve. The method of command line make reference to, CLI explains.

  • Page 57: Group Configuration

    Group Configuration Edit the existing VLAN Group Select the VLAN group in the table list. Click “Edit”. You can Change the VLAN group name and VLAN ID. Click “Apply” . Note : 1. The function of this series product support 4094 sets of 802.1 Qs VLAN. 2.
  • Page 58 4094 sets of 802.1Q VLAN setting Mode Link type : Select the mode of Trunk Link. 2. Be apart from the set that you need setting to set to input XX-XX in the field at"bring label Vid", as above diagram Show: 1- 4094 is 4094 sets of setting samples of VLANs.

  • Page 59: Rapid Spanning Tree

    Rapid Spanning Tree The Rapid Spanning Tree Protocol (RSTP) is an evolution of the Spanning Tree Protocol and provides for faster spanning tree convergence after a topology change. The system also supports STP and the system will auto detect the connected device that is running STP or RSTP protocol.
  • Page 60 selected as the root. If the value changes, user must reboot the switch. The value must be multiple of 4096 according to the protocol standard rule. Max Age ( 6-40 ) : receiving Spanning-tree Protocol configuration messages before attempting a reconfiguration. Enter a value between 6 through 40 Helleo Time ( 1-10 ) : BPDU packet to check RSTP current status.

  • Page 61: Rstp - Port Co Nfig Uration

    RSTP - Port Configuration You can configure path cost and priority of every port 1. Select the port in Port column Path Cost : The cost of the path to the other bridge from this transmitting bridge at the specified port. Enter a number 1 through 200000000 Priority : Decide which port should be blocked by priority in LAN.
  • Page 62 administratively. True is P2P enabling. False is P2P disabling. Admin Edge : The port directly connected to end stations cannot create bridging loop in the network. To configure the port as an edge port, set the port to “True” status.. Admin Non Stp: The port includes the STP mathematic calculation.

  • Page 63: System Configuration

    SNMP V1 / V2c Configuration Simple Network Management Protocol (SNMP) is the protocol developed to manage nodes (servers, workstations, routers, switches and hubs etc.) on an IP network. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. Network management systems learn of problems by receiving traps or change notices from network devices implementing SNMP.
  • Page 64 To remove the community string, select the community string that you have defined and click ”Remove”. You cannot remove the default community string set. Agent Mode : Select the SNMP version that you want to use it. And then click ”Change” to switch to the selected SNMP version mode.

  • Page 65: Trap Configuration

    Trap Configuration A trap manager is a management station that receives traps, the system alerts generated by the switch. If no trap manager is defined, no traps will issue. Create a trap manager by entering the IP address of the station and a community string.

  • Page 66: Context Table

    SNMPV3 Configuration SNMPV3 Configure the SNMP V3 function including Context Table, User Profile, Group Table, Access Table and MIBView Table. Context Table Configure SNMP v3 context table. Assign the context name of context table. Click ”Add” to add context name. Click ”Remove” to remove unwanted context name User Profile Configure SNMP v3 user table...

  • Page 67: Access Table

    Group Table Configure SNMP v3 group table. Security Name (User ID): assign the user name that you have set up in user table. Group Name: set up the group name. Click “Add” to add context name. Click “Remove” to remove unwanted context name. Access Table Configure SNMP v3 access table.

  • Page 68: Mibview Table

    Click “Remove” to remove unwanted context name MIBview Table Configure MIB view table. ViewName: set up the name. Sub-Oid Tree: fill the Sub OID. Type: select the type – exclude or included. Click ”Add” to add context name. Click ”Remove” to remove unwanted context name.

  • Page 69: Qo Configuration

    QoS Configuration You can configure Qos mode, 802.1p priority [7-0] setting, Static Port Ingress Priority setting and TOS setting. Select the Qos Mode: Select the Qos policy rule Disable QoS Priority: The default status of Qos Priority is disabled. High Empty Then Low: When all the high priority packets are empty in queue, low priority packets will be processed then.
  • Page 70 And the traffic in the Lowest Priority queue are not transmitted until all Highest, SecHigh, and SecLow traffic are serviced. Highest:SecHigh:SecLow:Lowest:15:7:3:1: The process order is in compliance with the transfer rate of 15:7:3:1. Highest:SecHigh:SecLow:Lowest:15:10:5:1: The process order is in compliance with the transfer rate of 15:10:5:1. 802.1p priority [7-0]: Configure per priority level.

  • Page 71: Igmp Configuration

    IGMP Configuration The Internet Group Management Protocol (IGMP) is an internal protocol of the Internet Protocol (IP) suite. IP manages multicast traffic by using switches, routers, and hosts that support IGMP. Enabling IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch.
  • Page 72 IGMP Protocol: enable or disable the IGMP protocol. IGMP Query: enable or disable the IGMP query function. The IGMP query information will be display in IGMP status section. Click “Apply”.

  • Page 73: Lldp

    LLDP LLDP (Link Layer Discovery Protocol) function allows the switch to advertise its information to other nodes on the network and store the information it discovers. LLDP Protocol: Disable or enable LLDP function. LLDP Interval: Set the interval of learning the information time in second. Click “Apply”.
  • Page 74 The IP MAC Lock function explains This chapter will explain the function of IP-MAC interblock. The function of IP-MAC Lock of this series product is in the patent application currently and apply for process in namely possess patent is protected power. Please consumer identify purchases.
  • Page 75 the rules change back originally after setting, can immediately use a network. The mode of Lock and Mapping Lock Mode : A particular user because change the information of the IP/ MAC / Port/ Vid of pc, then will have been keeping on after being blockaded by the switch is blockaded, even if user change initial value to return to originally correct mode, the switch still will keep on blockader, unless the net tube personnel gets into the interface of the switch management relieves its lockup, that user can recover a...
  • Page 76 Be in use for the first time the function of IP- MAC Lock When you use the function of IP-MAC Lock for the very first time, you can make use of the auto that this series product possesses singly to learn function, it can learn your information of the IP/ MAC/ Port/ Vid of all on-line equipments automatically tabulator, you need not pursue the pen key-in the above-mentioned information, then through auto learning the mechanism lightly loosen loose function...
  • Page 77 Port 25 with Port 26 connect a port for string. 3. Will other connect to link a port is 01~ Port24s at Port. 4. Automatic learning function select "Be in use to learn", please.. 4. Stat's treating pretty much a clock is or so, then by examine a type in the automatic learning detailed list all IPs/ MACs/ Ports/ Vids property.
  • Page 78 initial value to store action. he same connector as long as have a set of IP – MAC to set for the by port Lock a status, Other together the users of port have to set Lock the status of the by port is at the IP-MAC.
  • Page 79 IP-MAC Lock Click "IP-MAC Lock parameter setting" page to input an IP address after getting into, Mac address, VID, Port No and click "outgoing" key. The system will store the information of the IP-MAC-Port in setting menu. This is set with hand operation increment.
  • Page 80 Lamp signal status : Green light( pass): The indicating the user's network usage is a normal operation. Red light( stop): Indicate that user has already been lived by the switch cotter, before relieving a cotter to live function Can't the on-line use a The automatic cotter lives reason: : 1.
  • Page 81 Manual LOCK Opportune Moment: When you think that the certain user has to break off a network on-line right away, you can get into this page to click to make the gray lamp signal in the status, be a lamp signal color to change red, indicate that user already immediately switch break off on-line, you can also use "order prompt character"...
  • Page 82 Relieve lockup : Clicking the red-light status of user into green light status can immediately go through Identify a mode : You click 192.168.2.1 user's statuses into green light status by hand operation in the switch, you open again after the program in the computer system gathers of the window of"order prompt character"...

  • Page 83: Ip-Mac-Lock.

    IP-MAC Lock State Configuration Click "IP-MAC Lock the interblock status set" page, the status column can select "Be in use(Enable)"or" Disable(stop using)"key, in the select'' stop using" after click" assurance" key to close the function of the IP-MAC-Lock. After the status column select"Enable", each Port can select:"Mapping"...
  • Page 84 network on-line. Suggest: The unit usage needing to be controled strictly, this function can make automatically revealed in material body. Combining the system effect of the conductor defense is better! ! Mapping Mode : The mode of Mapping: A particular user because change the information of the IP/ MAC/ Port/ Vid of pc, then will have been keeping on after being blockaded by the switch is blockaded, be user again change initial value to return to originally correct mode, the switch will automatically let the user recover...
  • Page 85 IP-MAC Locked Table This product automatically learns function for together quality product in it found function, it can learn your information of the IP/ MAC/ Port/ Vid of all on-line equipments automatically tabulator, you need not pursue the pen key-in the above-mentioned information, can immediately lightly loosen loose function of Lock of the usage IP-MAC through the automatic learning mechanism.
  • Page 86 Exception status: : When the on-line equipment presents a dormancy status, the switch can't learn the equipment's all informations, at this time you as long as reboot dormancy equipment, the switch will immediately learn to that equipment of the information of the IP/ MAC/ Port/ Vid. Note : When the function of IP-MAC Lock starts, the learning function is a compulsive sex start, you can't close it, and this is needed by function characteristic.
  • Page 87 3. When single port of this switch and then string connect other switch equipments, learn a table page will display many users appear in same port in the meantime. The diagram example explains: Last diagram present 192.168.2.33 all show at port 8 with 192.168.2.250 two users, show port 8 again the string connected a switch and remind you: When you above-mentioned port 8 of 192.168.2.33 .When user selected by port to control, another an user 192.168.2.250 have to also select in the meantime.
  • Page 88 Relieve 192. 168 . 2 . 250 lockup Methods: : 1. Go to IP – MAC the lock parameter set a page and delete shines 192.168.2.250 user datases of red light. 2. Go to blockade a detailed list page(learning page), click the field dozen with 192.168.2.250 Ports is after hanging up.
  • Page 89 IP – MAC Lock the function make use of…Personnel manages Aim at a computer the user can carry on IP/ MAC/ Port/ VLAN to control, as long as when the user changes an among those items setting IP-MAC Lock Switch will lock out an user and obstruct to change an usage network, even if change change to return to original setting still can't use a network, unless relieve setting square through the information personnel can the on-line gets to the Internet again.
  • Page 90 IP – MAC Lock the function make use of. …Equipment manages The diagram example explains: ( The composition of the Chunghwa Telecom engine room emulation) 一、 Equipment 1: The for-rent type electron exchanges machine The IP can use a block: 192.168.10.10 ~ 192.168.10.20 二、...
  • Page 91 safeguard an equipment at the engine room each time as long as link network tie line is 20~ Port24s at Port, can obtain a set of fixed IP, carry on an equipment maintenance.
  • Page 92 IP – MAC Lock the function make use of …Space manages Lock of the IP- MAC Control can also be made use of to space to control, the above diagram is an example, each section all adopts Switch of Lock of an IP-MAC to control user IP to use with MAC, the IP-MAC of the accountant office Lock Switch's setting don't join IP and MAC of business section and stock management unit user in the table, so these two personnels of sections can't border...
  • Page 93 border on supervisor and the network Fang of section colleague to do compartment and reach boxing off of the same space to control.
  • Page 94 IP – MAC Lock the function make use of …Direct a defense usage When the IM runs into IP- MAC Lock Control was a perfect system of the conductor defense! The IM(the system of the security management of the network content) provides Email and WebMail, Web and IM, P2 Pses and FTP.
  • Page 95 the rules to record note Control at this time Server, after down attain blockader command Lock is to the IP-MAC Control, the IP of B3:192.168.5.13 Locks(the cotter live), immediately compulsorily stop usage network, reach directly commanding defensive management. Suggest: Match Top the View net tube software use.
  • Page 96 IP – MAC Lock the function make use of … Brushing the card will also Exclusive specification Brushing the card will also Exclusively found to brush a card control IP start, make use of IP-MAC Lock Control function, strictly control an IP usage status, be easily not afraid of a network to permit a phenomemon any further, observant and conscientious person private again how imitate a legality, the status still keeps escaping however IP-MAC Lock Control of tight control, ignore BE...
  • Page 97 IP – MAC Lock configure an usage …… Economic type project Economic project IP-MAC Lock Switch place at Firewall under, Routing sets at Firewall, first floor all computers users who pay Internet or VPN all can accept IP-MAC Lock Switch control, only Switch the II of I and Switch each other of because have no IP-MAC Lock Control function still will free mutual communication, once suffering a virus hit Switch the II of I and Switch each other of still will influence each other.
  • Page 98 IP – MAC Lock configure an usage …… Enter a rank to manage Enter a rank to manage IP-MAC Lock Switch place to carry at the network limit, all computer users can directly accept IP-MAC Lock controling of Control, can set the user as IP-MAC Lock by port, in addition to directly limiting an user to change IP or MAC to set, can also limit the usage of connector, once when the user changes a connector without authorization IP-MAC Lock Control the function...

  • Page 99: Radius Configuration

    Security In this section, you can configure 802.1x and MAC address table. 802.1X / Radius Configuration 802.1x is an IEEE authentication specification that allows a client to connect to a wireless access point or wired switch but prevents the client from gaining access to the Internet until it provides authority, like a user name and password that are verified by a separate server.
  • Page 100 with the specified radius server. This key must match the encryption key used on the Radius Server. NAS, Identifier: set the identifier for the radius client. Click “Apply”.
  • Page 101 802.1x Per Port Configuration Port 在這一頁, 可以選擇指定的 port 並且設定認證狀態。每個 port 皆有四種認證狀態可 您 選擇。 可以使用“Space 您 You can configure 802.1x authentication state for each port. The State provides Disable, Accept, Reject and Authorize. Use “Space” key change the state value. Reject: the specified port is required to be held in the unauthorized state. Accept: the specified port is required to be held in the Authorized state.

  • Page 102: Misc Configuration

    Misc Configuration Quiet Period: set the period during which the port doesn’t try to acquire a supplicant. TX Period: set the period the port wait for retransmit next EAPOL PDU during an authentication session. Supplicant Timeout: set the period of time the switch waits for a supplicant response to an EAP request.

  • Page 103: Mac Address Table

    MAC Address Table Use the MAC address table to ensure the port security. Static MAC Address You can add a static MAC address; it remains in the switch's address table, regardless of whether the device is physically connected to the switch. This saves the switch from having to re-learn a device's MAC address when the disconnected or powered-off device is active on the network again.
  • Page 104 If you want to delete the MAC address from filtering table, select the MAC address and click “Delete”...

  • Page 105: Mac Filtering

    MAC Filtering By filtering MAC address, the switch can easily filter pre-configure MAC address and reduce the un-safety. You can add and delete filtering MAC address. MAC Address: Enter the MAC address that you want to filter. VID: Type in the VID of the MAC address. Click “Add”.

  • Page 106: All Mac Addresses

    All MAC Addresses You can view the port that connected device’s MAC address and related devices’ MAC address. Select the port. The selected port of static MAC address information will display. Click”Clear Mac Table” to clear the current port static MAC address information on screen.

  • Page 107: A C C E S S C O N T R O L L I S T ( A C

    Access Control List(ACL) Packets can be forwarded or dropped by ACL rules include Ipv4 or non-Ipv4. LG-3242S Plus can be used to block packets by maintaining a table of packet fragments indexed by source and destination IP address, protocol, and so on. Layer 3 ACL can limit appointed IP is allowed or refuse an on-line.

  • Page 108: How Make Use Of Acl The Function Reach Space To Control

    How make use of ACL the function reach space to control When you control in the same switch under, you can make use of IP- The function of MAC Lock matches ACL to control mode, limiting the certain user can't border on to access the data of other users through the network Fang.
  • Page 109 6. Serial number: Please establish the range of the rule input(1~229) according to system. 7. Click to"add" key, can immediately complete setting. 8. After setting to complete, the the page"set tabulator"'s field will present your current initial valu. he ACL page operates step guide: After completing to set, The user can't link the computer of B user through the network My Network Places,But the B user still can link the computer of AN user through the My Network Places,Reaching the one-way contacts controls.
  • Page 110 blockader to live.The not only My Network Place link fails.Will be also blockaded by this product to the Internet on-line,Even change back originally correct of IP(192.168.2.33)still can’t Pass. Only A user oneself is active to contact a net tube a personnel to relieve the on-line that the blockader then would recover Internet。...
  • Page 111 field. Src IP Address (Set this field if Packet Type is IPv4, else ignore.) Any / IP and Mask a. Any: Any IP address. b. IP :A certain IP address. Mask: ***.***.***.*** * is represent a digit from 0~9, *** is range from 0 to 255 Notice: This is not subnet mask.
  • Page 112 Type (Set this field if Packet Type is Non-IPv4, else ignore.) 0~0xFFFF If ether type not find in Ether Type field, you can direct assign number. Current List You create ACL groups.

  • Page 113: I L L E G A L D H C P S E R V E R F I L T E R

    Illegal DHCP Server filters This function can expel illegal DHCP Server, any don't licensed DHCP Server's equiping all can't use. As long as select the port that you want to control, press to"assurance" key then the completion set Suggest: You can select all port and strictly control illegal DHCP Server.

  • Page 114: F A C T O R Y D E F A U L

    Factory Default Reset switch to default configuration. Click ”Reset” to reset all configurations to the default value.。 Use opportune moment: 1. When you think that the initial value has to change too many, perhaps initial value already when whether indetermination is correct or not, you can carry to Reply an original factory initial value with this function, reset the initial value that you need 2.

  • Page 115: S A V E C O N F I G U R A T I O

    Save Configuration Save all configurations that you have made in the system. To ensure the all configuration will be saved. Click ”Save” to save the all configuration to the flash memory Remind you: Whenever after you once changed initial value, must when this page complete a "storage", if you neglected completion"storage"...

  • Page 116: S Y S T E M R E B O O

    System Reboot Reboot the switch in software reset. Click ”Reboot” to reboot the system.
  • Page 117 CLI User Guide Commands Level...

  • Page 118: Login In The Console Interface

    Console Management 1 Login in the Console Interface When the connection between Switch and PC is ready, turn on the PC and run a terminal emulation program or Hyper Terminal and configure its communication parameters to match the following default characteristics of the console port: Baud Rate: 9600 bps Data Bits: 8 Parity: none...
  • Page 119 Console login screen...

  • Page 120: Commands Level

    2 Commands Level Modes Access Method Begin a session with your switch. User EXEC Enter the enable command while in Privileged user EXEC mode. EXEC Enter the configure command while in Global privileged EXEC configuration mode. Enter the vlan database command VLAN while in privileged database...

  • Page 121: System Commands Set

    3 Commands Set List User EXEC Privileged EXEC Global configuration VLAN database Interface configuration 3.1 System Commands Set Netstar Commands show config show terminal menu write memory system name [System Name] system location [System Location] system description [System Description] system contact [System Contact] show system-info ip address...
  • Page 122 dhcpserver enable dhcpserver lowip [Low IP] dhcpserver highip [High IP] dhcpserver subnetmask [Subnet mask] dhcpserver gateway [Gateway] dhcpserver dnsip [DNS IP] dhcpserver leasetime [Hours] dhcpserver ipbinding [IP address] show dhcpserver configuration show dhcpserver clients show dhcpserver ip-binding no dhcpserver security enable security http security telnet security ip...

  • Page 123: Port Commands Set

    3.2 Port Commands Set Netstar Commands interface fastEthernet [Portid] duplex [full | half] speed [10|100|1000|auto] flowcontrol mode [Symmetric|Asymmetric] no flowcontrol security enable no security bandwidth in [Value] Level Description Choose the port for modification. Use the duplex configuration command to specify the duplex mode of operation for Fast Ethernet.
  • Page 124 bandwidth out [Value] show bandwidth state [Enable | Disable] show interface configuration show interface status show interface accounting no accounting Set interface output bandwidth. Rate Range is from 100 kbps to 102400 kbps or to 256000 kbps for giga ports, and zero means no limit.

  • Page 125: Trunk Commands Set

    3.3 Trunk Commands Set Netstar Commands aggregator priority [1~65535] aggregator activityport [Port Numbers] aggregator group [GroupID] [Port-list] lacp workp [Workport] Level Description Set port group system priority. Set activity port. Assign a trunk group with LACP active. [GroupID] :1~3 [Port-list]:Member port list, This parameter could be a port range(ex.1-4) or a port list separate by a...

  • Page 126: Vlan Commands Set

    aggregator group [GroupID] [Port-list] nolacp show aggregator no aggregator lacp [GroupID] no aggregator group [GroupID] 3.4 VLAN Commands Set Netstar Commands vlan database Vlanmode [portbase| 802.1q | gvrp] no vlan Ported based VLAN configuration vlan port-based grpname Assign a static trunk group.
  • Page 127 [Group Name] grpid [GroupID] port [PortNumbers] show vlan [GroupID] show vlan no vlan group [GroupID] IEEE 802.1Q VLAN vlan 8021q name [GroupName] [VID] vlan 8021q port [PortNumber] access-link untag [UntaggedVID] vlan 8021q port [PortNumber] trunk-link tag [TaggedVID List] vlan 8021q port [PortNumber] hybrid-link untag [UntaggedVID]...

  • Page 129: Spanning Tree Commands Set

    3.5 Spanning Tree Commands Set Netstar Commands spanning-tree enable spanning-tree priority [0~61440] spanning-tree max-age [seconds] spanning-tree hello-time [seconds] spanning-tree forward-time [seconds] stp-path-cost [1~200000000] Level Description Enable spanning tree. Configure spanning tree priority parameter. Use the spanning-tree max-age global configuration command to change the interval between messages the spanning tree receives...
  • Page 130 stp-path-priority [Port Priority] stp-admin-p2p [Auto|True|False] stp-admin-edge [True|False] stp-admin-non-stp [True|False] show spanning-tree no spanning-tree the forwarding state. Use the spanning-tree port-priority interface configuration command to configure a port priority that is used when two switches tie for position as the root switch. Admin P2P of STP priority on this interface.

  • Page 131: Qos Commands Set

    3.6 QOS Commands Set Netstar Commands qos mode [SP|WRR|WRR1|WRR2] High-Empty-Then-Low WRR : WRR_8_4_2_1 WRR1: WRR_15_7_3_1 WRR2: WRR_15_10_5_1 no qos qos 8021p-priority [Index][LowSet|SecLow| SecHigh|Highest] priority-static-port-ingress [Priority] no qos qos priority tos [Index][Priority] show qos Level Description Set Qos mode. Disable QoS. Configure 802.1p Priority.

  • Page 132: Igmp Commands Set

    3.7 IGMP Commands Set Netstar Commands igmp enable Igmp-query auto Igmp-query force show igmp configuration show igmp multi no igmp no igmp-query Level Description Enable IGMP snooping function. Set IGMP query to auto mode. Set IGMP query to force mode. Displays the details of an IGMP configuration.
  • Page 133 3.8 MAC / Filter Table Commands Set Netstar Commands mac-address-table static hwaddr [MAC] mac-address-table filter hwaddr [MAC] show mac-address-table show mac-address-table static show mac-address-table filter no mac-address-table static hwaddr Level Description Configure MAC address table of interface (static). Configure MAC address table(filter).

  • Page 134: Snmp Commands Set

    [MAC] no mac-address-table filter hwaddr [MAC] no mac-address-table 3.9 SNMP Commands Set Netstar Commands snmp system-name [System Name] snmp system-location [System Location] snmp system-contact (static). Remove an entry of MAC address table (filter). Remove dynamic entry of MAC address table. Level Description Set SNMP agent system...
  • Page 135 [System Contact] snmp agent-mode [v1v2c|v3|v1v2cv3] snmp community-strings [Community] right [RO/RW] snmp-server host [IP address] community [Community-string] trap-version [v1|v2c] snmpv3 context-name [Context Name ] snmpv3 user [User Name] group [Group Name] password [Authentication Password] [Privacy Password] snmpv3 access context-name [Context Name ] group [Group Name ] security-level...
  • Page 136 context-name [Context Name ] group [Group Name ] security-level [NoAuthNoPriv|AuthNoPriv| AuthPriv] match-rule [Exact|Prifix] views [Read View Name] [Write View Name] [Notify View Name] no snmpv3 mibview view [View Name] type [Excluded|Included] sub-oid [OID] table of SNMPv3 agent. Remove specified mibview table of SNMPV3 agent.

  • Page 137: Port Mirroring Commands Set

    3.10 Port Mirroring Commands Set Netstar Commands monitor mode [RX|TX|Both] monitor destination [Port ID] monitor source [Port ID] show monitor show monitor no monitor Level Description Configure mode of monitor function. Set destination port. Set source port. Show port monitor information.

  • Page 138: X Commands Set

    3.11 802.1x Commands Set Netstar Commands 8021x enable 8021x system radiousip [IP address] 8021x system serverport [port ID] 8021x system accountport [port ID] 8021x system sharekey [ID] 8021x system nasid [words] Level Description Use the 802.1x global configuration command to enable 802.1x protocols.
  • Page 139 8021x misc quietperiod [sec.] 8021x misc txperiod [sec.] 8021x misc supptimeout [sec.] 8021x misc servertimeout [sec.] 8021x misc maxrequest [number] 8021x misc reauthperiod [sec.] 8021x portstate [disable | reject | accept | authorize] show 8021x no 8021x Use the 802.1x misc quiet period global configuration command to specify the quiet period...

  • Page 140: Tftp Commands Set

    3.12 TFTP Commands Set Netstar Commands backup flash:backup_cfg restore flash:restore_cfg Level Description Save configuration to TFTP and need to specify the IP of TFTP server and the file name of image. Get configuration from TFTP server and need to specify the IP of TFTP server and the file name of image.
  • Page 141 upgrade flash:upgrade_fw Upgrade firmware by switch(config)#upgrade lash:upgrade_fw TFTP and need to specify the IP of TFTP server and the file name of image. 3.13 SystemLog, SMTP and Event Commands Set Netstar Commands Level Description Example...
  • Page 142 systemlog ip [IP address] systemlog mode [client|server|both] show systemlog show systemlog no systemlog smtp enable smtp serverip [IP address] smtp subject [subject] smtp sender [sendername] smtp authentication smtp account [account] smtp password [password] smtp rcptemail [Index] [Email address] show smtp no smtp event device-warm-start [Systemlog|SMTP|Both]...

  • Page 143: Sntp Commands Set

    3.14 SNTP Commands Set Netstar Commands sntp enable sntp daylight sntp daylight-period [Start time] [End time] sntp daylight-offset [Minute] sntp ip [IP] sntp timezone [Timezone] show sntp show sntp timezone no sntp no sntp daylight Level Description Enable SNTP function. Enable daylight saving time, if SNTP function is inactive, this command...
  • Page 144 3.15 Access Control List Commands Set Netstar Commands show acl acl gid [Group Id] acl action [Permit|Deny] acl port [None|Port#] acl vid [Any|VLAN Id] acl pktype [IPv4|Non-IPv4] acl ethtype [Any|ARP|IPX|Type value] acl sip [Any|IP][Mask] acl dip [Any|IP][Mask] acl frg [Check|Uncheck] acl l4 other [Any|ICMP|IGMP|Protocol value]...
  • Page 145 no acl [GroupID] acl show 3.16 IP/MAC LOCK/mapping function Commands Set Netstar Commands ipmac add [IP|MAC|VID|PORT] ipmac lock [IP][on |off] ipmac-mode [on|off] ipmac-locked-table unlock-with-port [IP] ipmac-locked-table unlock-without-port [IP] ipmac-mode [mapping|lock] Show ipmac Delete rule from access control list table. Show current temp rule. Level Description Add a new entry...
  • Page 146 Netstar Commands Level Description Example dhcp-filter Enable dhcp filter by port switch(config)#dhcp-filter 2 on [port#][on|off] 3.17 DHCP filter Commands Set...

  • Page 147: Troubleshooting

    Troubleshooting This chapter will help you to work out greatly part of general problems. Incorrect connections After you link switch and other Ethernet road equipment, Switch Port can automatically observe the line of the keeping of wireways or exchanges. While using links RJ-45s, it should revise to wring the 10/100 of the wire link Mbps with two pairs of pairs port and with the 1000 T port UTP or STP of four pairs of pairs Gigabit that...
  • Page 148 wring wire link. If the junctions RJ-45s can't authentically be used in the correct location, the link will lose efficacy. While using fiber - optic link, please watch for fiber-optic cable mode and fiber-optic unit to want to fit together each other.. Faulty the cables of the or loose has drawback or lax wireways The inspection loosens or has the link of obvious drawback.
  • Page 149 here. When the power cord puts on but the dousing of the energy indicator, you may have the problem of AC outlet or power cord. However, if after revolving switch indicator dousing, please check loose energy link, the energy loses or the power supply wave of socket flow out.

  • Page 150: Technical Specification

    Technical Specification This chapter provides 2410/100 TX pluses 2-Gigabit the explanation of Switch of Managed of Combo of GBIC of the copper/Mini, the following form lists various explanation. Specification RFC Standard / Request to suggest specification IEEE802.3 10BASE-T IEEE802.3u 100BASE-TX/100BASE-FX IEEE802.3z Gigabit Fiber IEE802.3ab 1000Base-T IEEE802.3x Flow Control and Back pressure...
  • Page 151 The indicator of LED Connector / Connect a crunode structure Switch MAC Address Encapsulation buffer Energy consumption Size EMI & Safety System power (Green) Gigabit Fiber: Link/Activity (Green) Gigabit Copper: Link/Activity (Green), Full Duplex/Collision (Orange) MINI GBIC: Link/Activity (Green) RS-232 console: Female DB-9 24-port 10/100TX: RJ-45 2 Gigabit Copper + 2 MINI GBIC Combo: 2 x RJ45 + 2 x 3.3v MINI GBIC...

  • Page 152: Console Port Pin Assignments

    Appendix Console Port Pin Assignments BE used to link band in the serieses DB-9s on the switch outside of the lord control port setting. The lord controls port setting driver can from the terminal or the pc run the program of the imitating of terminal and get into. The following form will provide to use to Pin of linking the continuous port to point a parties..

  • Page 153: Cable Types And Specifications

    Console Port to 9-Pin DTE Port on PC Switch’s 9-Pin Serial Port 2 RXD 3 TXD 5 SGND The cable of Cables Support an automatic operation of MDI/MDI-X in the ports RJ-45s on Switch, therefore you can use direct sex double lay wire of standard to link to any network equipment(pc, server, exchanger, router or twin conductor machine).
  • Page 154 100-ohm UTP 100BASE-TX/10BASE-T Pin Assignments On the wireways of the 100 BASEs-TX/10 BASEs-T, pins 1 and 2 is used to deliver data, pins 3 and 6 use to receive data. RJ-45 Pin Assignments Pin number. Note to record: "+" And"-" the symbol represent each two polars of wirewayses All operations that all support automatic MDI/MDI-X in the ports on Switch, you can use direct sex wireways to come to the pc, server or other transducers and the twin conductor machine.

Table of Contents