Page 1
Ethernet Switch Web Operation Manual V1.0.0...
Page 2
Foreword General This manual introduces operations on web interface of the Ethernet Switch (hereinafter referred to as "the Switch"). You can visit the switch on web browser, configure and manage the switch. Safety Instructions The following categorized signal words with defined meaning might appear in the manual. Signal Words Meaning Indicates a high potential hazard which, if not avoided, will result in...
Page 3
Upgrade the reader software or try other mainstream reader software if the manual (in PDF format) cannot be opened. All trademarks, registered trademarks and the company names in the manual are the properties of their respective owners. Please visit our website, contact the supplier or customer service if there is any problem ...
Important Safeguards and Warnings The manual helps you to use our product properly. To avoid danger and property damage, read the manual carefully before using the product, and we highly recommend you to keep it well for future reference. Operating Requirements Do not expose the device directly to the sunlight, and keep it away from heat source.
Login Before login, make sure: You already configure the IP address of the switch. The IP address of VLAN 1 is 192.168.1.110 by default. The PC with web browser is connected to the network, and the PC can ping the switch ...
Quick Settings You can view the system information, and set the device parameters, VLAN, link aggregation, IP address and route. Take 4-port PoE switch for example. The quick setting interface is different depending on the models of switch. The actual interface shall prevail. System Information You can view the name, type, serial number, software version, IP address, port status and port information of the device.
Parameter Description Two link states: Up and Down. Up indicates the port is connected successfully, and Down indicates the port is not connected or the Link connection fails. Flow Control Displays the flow control state. Online: It displays the port rate and the duplex mode. ...
VLAN Add the port to the VLAN, and configure the VLAN. By default, the port is VLAN1. Click Vlan on the Quick Setting interface. Step 1 The Vlan interface is displayed. Figure 2-3 VLAN Step 2 Configure the port VLAN parameters. Table 2-2 Port VLAN configuration parameter Parameter Description...
Aggregation Add the port to the aggregation. For details, see "3.1.4 Aggregation. " Click Aggregation on Quick Setting interface, and the Aggregation interface is displayed. Figure 2-4 Aggregation 2.4.1 Static Aggregation Configuration Static aggregation is a method of combining or bundling of multiple switch ports or NICs to form a single etherchannel.
2.4.2 Dynamic Aggregation Configuration Dynamic aggregation differs from static aggregation in that port quantity is fixed in static aggregation, but quantity of actually aggregated port is adjusted dynamically according to flow rate strategy. Step 1 Add the ports to the dynamic group. Select LACP (Active) in the Mode area, and add the ports to the aggregation group.
Page 13
Figure 2-7 IP and route Step 2 Add the VLAN interface. Click Add in the IP Config area. Figure 2-8 VLAN interface Configure the parameters. Table 2-3 VLAN interface Parameter Description VLAN Enter VLAN number. IP address Set the IP address of the VLAN interface. Mask Length Set the mask length of the VLAN interface.
Page 14
Figure 2-9 IP route Configure the parameters. Table 2-4 IP routes Parameter Description Network It is the destination of the IP packet. Mask length, with the destination address, is to identify the IP address of the destination host or the route. After Logical AND between destination Mask Length address and network mask, you can get the IP address of the destination host or the route.
Advanced Settings You can configure system, port, VLAN, aggregation, MAC table and other parameters on the advanced settings interface. The advanced settings interface is different depending on the models of switch, and the actual interface shall prevail. Take 4-port PoE switch for example. Common Configuration 3.1.1 System Configuration 3.1.1.1 System Information...
Page 16
Figure 3-1 System information Step 2 Enter the device name, IP address and mask length, and Select DHCP enable. Step 3 Click Save. 3.1.1.2 IP and Route The hosts of different VLANs cannot communicate. Route or the layer 3 switch is needed for forwarding.
Page 17
The switch supports layer 3 forwarding through VLAN interface. VLAN interface is the virtual interface of layer 3 mode, for layer 3 communication between the VLANs. It is not the physical entity on the device. Every VLAN is related to a VLAN interface, and the VLAN interface can forward packet for the VLAN.
Page 18
Configure the parameters. Table 3-1 VLAN interface Parameter Description VLAN Enter VLAN number. IP address Set the IP address of the VLAN interface. Mask Length Set the mask length of the IP address. Click OK. Step 3 Add the IP route. Click Add in the Route Setting region.
Page 19
Figure 3-5 Current time (1) You can set the system time through the following three methods: Set the time manually Set the date and time on Current Time interface, and then click Save. Sync time Click Sync PC, and the switch time synchronizes with the local PC time automatically. Sync NTP server time ...
The switch time automatically synchronizes with the time of server 1. 3.1.1.4 Log You can view logs, export logs and clear logs. Select Advanced > Common > System Config > Log. The Log interface is displayed. Figure 3-7 View logs. ...
Page 21
Figure 3-8 Port configuration Table 3-3 Port parameter Parameter Description Port Displays all ports of the switch. Green Up indicates the port is connected successfully, and Red Down Link indicates the port is not connected or the connection fails. Down means disconnection, and the specific speed means successful Speed Duplex Status connection.
Parameter Description Displays whether data can flow into the port. Only Hybrid supports the configuration (By default, all date flows into the port under other models). See the following situations: Ingress Acceptance Tagged and Untagged: All data flows into the port. ...
Page 24
Destination MAC Address: The aggregation load balancing algorithm based on destination MAC address. IP Address: The aggregation load balancing algorithm based on source IPv4 address and destination IPv4 address. TCP/UDP Port: The aggregation load balancing algorithm based on source and ...
Figure 3-12 LACP (1) Select LACP (Passive) in the Mode area, and add the port member to the dynamic Step 2 aggregation group. For example, add port 3 and port 4 to aggregation Group 2. Select LACP (Passive) in the Mode area, and add the port member to the dynamic Step 3 aggregation group.
Page 26
3.1.5.1 Adding Static MAC Table Select Advanced > Common > MAC Table > MAC Address Table. Step 1 Figure 3-14 MAC address table Step 2 Bind the MAC address to the port in the certain VLAN. For example, bind the MAC address 00:00:00:00:00:01 to the port 3 in VLAN 2.
Page 27
3.1.5.2 Port MAC Filtering After enabling port MAC filtering, the following two MAC devices can communicate with the port. Devices in MAC allowlist The static MAC devices changing from the dynamic MAC devices Step 1 Select Advanced > Common > MAC Table > Port MAC Filtering. The Port MAC Filtering interface is displayed.
Page 28
Figure 3-17 Enable port MAC filtering Change dynamic MAC device to static. Select one record, and click Reserved. Click Save. The type changes from Dynamic to Static. Static MAC devices can communicate with the port normally. Add MAC allowlist. ...
Click OK. The devices in MAC allowlist can communicate with port normally. 3.1.6 Spanning Tree The spanning tree protocol is the protocol of layer 2. It can eliminate the ring cycle of layer 2 by choosing to block the redundant links in the network, and it can back up the links. Similar to other protocols, the spanning tree protocol is updated with the development of the network: From STP (Spanning Tree Protocol), to RSTP (Rapid Spanning Tree Protocol), and to the latest MSTP (Multiple Spanning Tree Protocol).
Page 31
Figure 3-22 MSTP Step 4 Select 3 ports at least to combine an STP/RSTP/MSTP snoop. For example: Port 1, port 2 and port 3 combine an STP snoop. Figure 3-23 STP snoop Click Save. Step 5 The states of port 1, port 2 and port 3 will change.
3.1.7 Long Distance PoE After you enable long distance PoE, the maximum transmission distance will change from 100 m to 250 m, and the transmission speed will be reduced from 1 Gbps to 10 Mbps. Non-PoE Ethernet switches do not support this function. Select Advanced >...
Page 33
3.2.1.1 MEP Configuration MEP (Maintenance Entity Point) is a part of ERPS. The layer 2 device added into ERPS are called node. Add no more than 2 ports into an ERPS for each node. Step 1 Select Advanced > Seldom-used > ERPS > MEP Setting. Figure 3-25 MEP configuration Click Add.
Page 34
Figure 3-27 ERPS configuration Step 2 Click Add. Figure 3-28 Add ERPS Step 3 Configure the parameters. Table 3-6 ERPS parameters Parameter Description ERPS ID The ID number of ERPS. Port 0 The two ports added into the ERPS. Port 1 Port 0 APS MEP The corresponding protocol packet ERPS to ERPS port.
Page 35
3.2.1.3 Example: ERPS Single Ring Configuration Networking Requirement Three switches, port 1 and port 2 are requested to combine an ERPS. See Figure 3-29. The corresponding relationship: Switch 1: MEP 1 and MEP 2; Switch 2: MEP3 and MEP 4; Switch 3: MEP 5 and MEP 6.
Page 36
Figure 3-30 Add port 1 and port 2 into VLAN 1 Step 2 Create MEP1 and MEP 2 Select Advanced > Seldom-used > ERPS > MEP Setting. Click Add. Set Instance to be 1. See Figure 3-31. Set Residence Port to be 1. Set Level to be 0.
Page 37
Click 1 and 2 separately under Instance to enter the configuration interface. Modify MEP ID Step 3 and add peer ID. Figure 3-32 Configure the peer ID of MEP 1 Figure 3-33 Configure the peer ID of MEP 2 Step 4 Click OK.
Page 38
Figure 3-34 Add ERPS Click 1 under ERPSID to enter the configuration interface. Step 6 Figure 3-35 ERPS configuration Click VLANconfig. Click Add.
Set ERPS VLAN to be 2. See Figure 3-36. Click OK. Figure 3-36 ERPS VLAN configuration Set port 2 of switch 1 to be RPL owner in RPL Configuration. Figure 3-37 Owner port configuration Click OK. Step 7 Step 8 Configure switch 2 and switch 3 in the same way.
Step 3 Set the ACL ID, and the range is 1–128. Click OK. Step 4 3.2.2.2 ACL Group Configuration Select Advanced > Seldom-used > ACL > ACL Group Setting. Step 1 Figure 3-41 ACL group configuration Step 2 Enter ACL ID. Ensure the ACL ID has been added during ACL configuration. Click Save.
3.2.4 Security 3.2.4.1 User Management You can add, edit, and delete the user. Select Advanced > Seldom-used > Security > User Management. Figure 3-43 User management Add user Click Add. Step 1 Figure 3-44 Add user Step 2 Enter the user name, password, and confirm password. The password must consist of 8 to 32 non-blank characters and contain at least two types of characters among upper case, lower case, number, and special character (excluding ' "...
Page 43
Figure 3-45 New user added Modify and Delete User Click , and then the Modify User interface is displayed. Figure 3-46 Modify user Click to delete the user. You cannot delete the admin user. You can enable or disable SSH function. corresponding to SSH on the upper right corner of the User Management interface.
Page 44
authentication and encryption communication. It is widely applied in world wide web for security sensitive communication. For example, protect account security and user information. Click corresponding to HTTPS on the upper right corner of the User Management interface to enable HTTPS service. 3.2.4.2 NAS Configuration NAS (Network Access Server) is a server that allows ISP to provide Internet access service.
Page 45
Select Enabled in the Mode area to enable mirroring function. Step 2 Select the Reauthentication Enabled box to enable reauthentication. Step 3 Step 4 Set Admin State: Force Authorized, Force Unauthorized, Port based 802.1X or MAC-based Auth. Click Save. Step 5 3.2.4.3 Radius Configuration RADIUS (Remote Authentication Dial-In User Service) is a common protocol to realize AAA (Authentication, Authorization and Accounting).
Figure 3-49 Add new server Step 3 Set the server address, auth port, acct port, restransmit, and key. Click OK. Step 4 3.2.5 IGMP Snooping IGMP Snooping (Internet Group Management Protocol Snooping) is the multicast constraint mechanism running on the device of layer 2, for managing and controlling the multicast. Through analyzing the received IGMP packet, the device of layer 2, which runs IGMP Snooping, creates the mapping between the port and the MAC multicast address, and forwards the multicast data according to the mapping.
Select Enable in the IGMP Snooping area to enable the function. Step 2 Step 3 Select Disable or Enable in the Discarding Unknown IGMP Packets area. Step 4 Click Add. Figure 3-51 Add VLAN Step 5 Set VLAN ID and querier address, and select the Querier Election box to enable the querier Click OK.
Page 48
poor control of the arrived flow in a certain time, which leads to the flow exceeding the distributive network resource, is also a factor for generating congestion. 3.2.6.1 Port Through setting CoS, the priority for packet passing egress port of switch can be decided. If the congestion occurs at the egress port, the switch will give a CoS value to the packet after it passes the ingress port.
Page 49
Figure 3-54 Set CoS Click Save. Step 3 3.2.6.2 Port Schedulers The two modes of port schedulers: Strict Priority. When congestion occurs, the priority for packet passing egress port of switch depends on the CoS value in Port Classification. 2–8 Queues Weighted.
Page 50
Figure 3-55 Port schedulers Step 2 Click the port, such as port 1. The QoS Egress Port Schedulers and Shapers Port 1 interface is displayed. The CoS of Q0 is 0, and so on.
Page 51
Figure 3-56 Port configuration Step 3 Select mode. Strict Priority. The priority for packet passing egress port of switch depends on the CoS value in Port Classification. 2–8 Queues Weighted. When congestion occurs, the priority for packet passing egress ...
Page 52
Figure 3-57 Port schedulers Click OK. Step 4 3.2.6.3 Port Shapers The configuration is the same for port schedulers and port shapers. The only difference is that the port schedulers interface shows the weight value and the port shapers interface shows the speed rate.
Page 53
Figure 3-58 Port shapers 3.2.6.4 DSCP-Based Make sure that you have enabled DSCP before configuring DSCP function. Select Advanced > Seldom-used > QoS > Port Classification. Step 1 Step 2 Enable DSCP at DSCP port. Suppose port 3 is the egress port.
Page 54
Figure 3-59 Port classification Click Save. Step 3 Select Advanced > Seldom-used > QoS > DSCP-Based. Step 4 Step 5 When setting DSCP to be 4 and 8, the CoS is 2 and DPL are 2 and 1. When DSCP are 4 and 8, select Trust to enable the function. See Figure 3-60. When setting DSCP to be 4, CoS is 2 and DPL is 2.
Page 55
Figure 3-60 DSCP-Based Click Save. Step 6 3.2.6.5 Storm Policer Inhibit the three packets, including unicast, multicast and broadcast. Select Advanced > Seldom-used > QoS > Storm Policer. Step 1...
Page 56
Figure 3-61 Storm policer Step 2 The port can receive the rate up to 1024 fps. See Figure 3-62. In Unicast, select the Enable box, and enter 1024 in Rate. It means that the port can receive the rate up to 1024 fps of unicast packet. In Multicast, select the Enable box, and enter 1024 in Rate.
3.2.7 SNMP SNMP (Simple Network Management Protocol) is the standard protocol for network management in Internet, and it is widely applied for management device to access and manage the managed devices. SNMP has the following features: It supports intelligent management for network device. By using the network management ...
Page 58
in SNMP to enable SNMP. Step 2 Click Every SNMP v3 agent has an engine ID as its unique identifier. 3.2.7.2 Configuring SNMP v1/v2 Example: Configure SNMP v1. The configuration of SNMP v2 is the same as that of SNMP v1. Select SNMP v1 in SNMP Version.
Page 59
Figure 3-64 SNMP v3 Step 2 Set the trap address, trap port and trap name. Step 3 Set the read-only username, authentication type, authentication password, encryption type and encryption password.
Step 4 Set the read&write username, authentication type, authentication password, encryption type and encryption password. Click Save. Step 5 3.2.8 DHCP Server DHCP Server is the server for managing DHCP standard in the specific network. DHCP Server is to allocate IP address for the workstation and make sure that the IP address for every workstation is different.
Page 61
Step 3 Configure DHCP mode. Add VLAN interface first. See "3.1.1.2 IP and Route." Click Add in VLAN Mode. Figure 3-66 Add VLAN mode Enter the VLAN range, such as 2-4. Click OK. Step 4 Configure network segment of excluded IP. Excluded IP refers to the IP reserved for the server, which will not assign to the client.
Figure 3-68 Add pool Configure the parameters. Table 3-7 Pool parameters Parameter Description DHCP address pool name, such as “pool01”. Pool Name Only numbers or letters can be entered, and the length of the string is limited to 1~32. Two types: Network and Host. Type Network: The network segment of an IP.
Page 63
Figure 3-69 LLDP Step 2 Set LLDP mode. Select Enable: Both send and receive LLDP packet. Select Disable: Neither send nor receive LLDP packet. Select Rx only: Only receive LLDP packet. Select Tx only: Only send LLDP packet. ...
Figure 3-70 LLDP neighbor 3.2.10 485 Configuration Transmit the data of asynchronous serial port RS–232/485 transparently through Ethernet. Select Advanced > Seldom-used > 485 Config. Figure 3-71 485 configuration...
3.2.11 PoE PoE (Power over Ethernet) is the function that through Ethernet RJ-45 port, the device can provide power for the external PD (Powered Device) remotely with twisted pair. PoE function helps to centralize power supply and facilitate backup. The network terminal does not need the external power source anymore, and one network cable is enough, It conforms to the standards of IEEE 802.3af, IEEE 802.3at, and IEEE 802.3bt, adopting the power port globally agreed.
Page 66
In PoE Settings, you can view the total power of the 4 ports, and configure available power Step 2 and overload power. In Power Status, you can view consumed power, remaining power and reserved power. Step 3 In Port Status and Control, select the Enable box to enable or disable PoE of the Step 4 corresponding port.
Page 67
Figure 3-74 Legacy support Select the Enable box for the corresponding port. Step 2 Click Save. Step 3 3.2.11.4 PoE Watchdog With PoE watchdog enabled, you can monitor PD and keep it online, and check the status of PD devices every 60 s. If there is no data transmission, the PoE port will be automatically powered off and restarted.
Maintenance Take 4-port PoE switch for example. The maintenance interface is different depending on the models of switch. The actual interface shall prevail. System Reboot Step 1 Select Maintain > Common > System Reboot. Figure 4-1 System reboot Click Reboot. Step 2 Click Confirm, and the device reboots.
The device restarts after the upgrade is finished. Figure 4-7 Confirm update Mirroring Port mirroring is also called port monitoring. Port monitoring is the data package acquiring technology that through configuring switch, data package from one or several ports (mirroring source ports) can be copied to a specific port (mirroring destination port).
In Global Settings, select Enabled in Mode to enable mirroring. Step 2 In Port Configuration, select Source or Destination according to the actual situation. Step 3 Select the following four ways for source port. Both: Enable the port as the source address of mirror. ...
Page 74
Cybersecurity Recommendations Appendix 1 Cybersecurity is more than just a buzzword: it’s something that pertains to every device that is connected to the internet. IP video surveillance is not immune to cyber risks, but taking basic steps toward protecting and strengthening networks and networked appliances will make them less susceptible to attacks.
Page 75
Enable HTTPS We suggest you to enable HTTPS, so that you visit Web service through a secure communication channel. MAC Address Binding We recommend you to bind the IP and MAC address of the gateway to the equipment, thus reducing the risk of ARP spoofing. Assign Accounts and Privileges Reasonably According to business and management requirements, reasonably add users and assign a minimum set of permissions to them.