Rack-mount console kvm switch with ip access (24 pages)
Summary of Contents for Tripp Lite NGI-M08POE8-L2
Page 2
COPYRIGHT All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, whether electronic, mechanical, photo copying, recording or otherwise, without the prior written permission of the publisher. FCC WARNING This equipment has been tested and found to comply with the limits for a class A device, pursuant to part 15 of FCC rules.
Page 3
Do not work on the system or connect or disconnect cables during periods of lightning activity. Warning Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will Warning heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals.
Page 4
Before performing any of the following procedures, ensure that power is removed from the DC circuit. Warning Read the installation instructions before connecting the system to the power source. Warning To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable.
Page 5
Voltages that present a shock hazard may exist on Power over Ethernet (PoE) circuits if interconnections are made using uninsulated exposed Warning metal contacts, conductors, or terminals. Avoid using such interconnection methods, unless the exposed metal parts are located within a restricted access location and users and service people who are authorized within the restricted access location are made aware of the hazard.
1.1. W .......................... 15 ELCOME 1.1. P ..........................15 URPOSE 1.2. T ........................15 ERMS SAGE ABOUT THE NGI-M08POE8-L2 ..................16 2.1. F ........................... 16 EATURES 2.2. S ......................... 16 PECIFICATIONS Performance ..........................17 Physical Ports ..........................17 Power ............................17 Mechanical ...........................
Page 7
5.1.3.2. W ..................... 40 ONFIGURATION 5.1.4......................42 ANAGEMENT 5.1.4.1. CLI C ...................... 42 ONFIGURATION 5.1.4.2. W ..................... 43 ONFIGURATION 5.2. MAC M ......................44 ANAGEMENT 5.2.1. MAC ........................45 TATIC 5.2.1.1. CLI C ...................... 45 ONFIGURATION 5.2.1.2. W ..................... 45 ONFIGURATION 5.2.2.
Page 8
6.2 IGMP S ........................ 77 NOOPING 6.2.1 IGMP S ......................77 NOOPING 6.2.1.1 G ......................78 ENERAL ETTINGS 6.2.1.1.1 CLI C ...................... 78 ONFIGURATION 6.2.1.1.2 W ..................... 79 ONFIGURATION 6.2.1.2 P ....................... 81 ETTINGS 6.2.1.2.1 CLI C ...................... 81 ONFIGURATION 6.2.1.2.2 W .....................
Page 9
6.3.2.2.2 W ....................115 ONFIGURATION 6.3.2.3 P ......................116 ETTINGS 6.3.2.3.1 CLI C ....................116 ONFIGURATION 6.3.2.3.2 W ....................117 ONFIGURATION 6.3.3 GARP/GVRP ........................ 118 6.3.3.1 GVRP ..........................119 6.3.3.1.1 CLI C ....................119 ONFIGURATION 6.3.3.1.2 W ....................119 ONFIGURATION 6.3.3.2 GARP T .........................
Page 10
6.7.2.1 CLI C ....................160 ONFIGURATION 6.7.2.2 W ....................161 ONFIGURATION 6.8 L ......................162 GGREGATION 6.8.1 ......................162 TATIC RUNK 6.8.1.1 CLI C ....................162 ONFIGURATION 6.8.1.2 W ....................163 ONFIGURATION 6.8.2 LACP ..........................164 6.8.2.1 CLI C ....................165 ONFIGURATION 6.8.2.2 W ....................
Page 11
6.13.1 ..................... 209 CONFIGURATION 6.13.2 ....................212 EB CONFIGURATION 6.14 STP ........................... 214 6.14.1 ...................... 218 ENERAL ETTINGS 6.14.1.1 CLI C ....................218 ONFIGURATIONS 6.14.1.2 W ....................219 ONFIGURATIONS 6.14.2 ....................... 220 ARAMETERS 6.14.2.1 CLI C ....................220 ONFIGURATIONS 6.14.2.2 W ....................
Page 12
7.1.2.1.2 W ....................257 ONFIGURATIONS 7.1.2.2 B ......................258 INDING ABLE 7.1.2.2.1 CLI C ....................258 ONFIGURATIONS 7.1.2.2.2 W ....................258 ONFIGURATIONS 7.1.3 ARP I ......................260 NSPECTION 7.1.3.1 ARP I ......................260 NSPECTION 7.1.3.1.1 CLI C ....................260 ONFIGURATIONS 7.1.3.1.2 W ....................
Page 13
8.6.2 ....................296 ONFIGURATIONS MANAGEMENT ....................... 298 9.1 SNMP ..........................298 9.1.1 SNMP ..........................299 9.1.1.1 SNMP S ......................299 ETTINGS 9.1.1.1.1 CLI C ....................299 ONFIGURATIONS 9.1.1.1.2 W ....................299 ONFIGURATIONS 9.1.1.2 C ....................... 300 OMMUNITY 9.1.1.2.1 CLI C ....................
Page 14
9.4.4.2 W ....................327 ONFIGURATIONS 9.5 S ........................328 YSTEM 9.5.1 CLI C ....................328 ONFIGURATIONS 9.5.2 ....................329 ONFIGURATIONS 9.6 USB F ........................330 UNCTION 9.6.1 CLI C ....................330 ONFIGURATIONS 9.6.2 ....................330 ONFIGURATIONS 9.7 U ......................... 332 CCOUNT 9.7.1 CLI C...
This guide discusses how to install and configure your Managed Industrial PoE+ Switch. 1.2. Terms/ Usage In this guide, the term “Switch” (first letter upper case) refers to the NGI-M08POE8-L2 Switch, and “switch” (first letter lower case) refers to other switches.
IEEE 802.1D Spanning Tree Protocol IEEE 802.1w Rapid Spanning Tree Protocol IEEE 802.1S Multiple Spanning Tree Protocol IEEE 802.1Q VLAN Tagging IEEE 1588v2 Precision Time Protocol IEEE 802.1p Class of Service IEEE 802.1X Port Authentication IEEE 802.1AB Link Layer Discovery Protocol IEEE 802.3ad Port Trunk with LACP IEEE 802.3af...
Housing IP30 protection -40℃ to 75℃ (-40°F to 167°F) Operating Requirement Operating temperature -45℃ to 85℃ (-113°F to 185°F) Storage temperature Operating humidity 10% to 95% RH (Non-Condensing) Storage humidity 5% to 95% RH (Non-Condensing) Power Available at PD 25.50W Max Power delivered by PSE 30 W Voltage Range (at PSE)
3. Hardware Description NGI-M08POE8-L2 Front Panel 8 10/100/1000Base-T w/PoE ports Managed Industrial Ethernet PoE+ Switch 3.1. Connectors The Switch utilizes ports with copper and SFP fiber port connectors functioning under Ethernet/Fast Ethernet/Gigabit Ethernet standards. 10/100/1000Base-T Ports The 10/100/1000Base-T ports support network speeds of 10Mbps, 100Mbps or 1000Mbps, and can operate in half- and full-duplex transfer modes.
ATTENTION The NGI-M08POE8-L2 is an open type device and NGI-M08POE8-L2 shall be DIN- Rail mounted or wall mounted (optional) in a cabinet or enclosure Hardware Installation Step1: Unpack the device and other contents of the package.
Page 21
Location: The NGI-M08POE8-L2 can be DIN-Rail-mounted in cabinet or enclosure. Mounting the Switch Place the NGI-M08POE8-L2 on the DIN rail from above using the slot. Push the front of the switch toward the mounting surface until it snaps into place with a click sound Dismounting the Switch Pull out the lower edge of the switch and then remove the switch from the DIN rail.
Page 22
ATTENTION The product should be mounted in an Industrial Control Panel and the ambient temperature should not exceed 75°C (167°F). ATTENTION A corrosion-free mounting rail is advisable. When installing, make sure to allow for enough space to properly install the cabling. Wiring Power Inputs You can use “Terminal Block (PWR)”...
Page 23
WARNING Safety measures should be taken before connecting the power cable Turn off the power before connecting modules or wires. The correct power supply voltage is listed on the product label. Check the voltage of your power source to make sure that you are using the correct voltage.
is lit. If not, check that the power cable is correctly and securely plugged in. Notice: Turn off the power before connecting modules or wires. The correct power supply voltage is listed on the product label. Check the voltage of your power source to make sure that you are using the correct voltage.
For example, if you are running with Firmware version 1.0.0.S0 you need to upgrade the firmware to version 1.0.1.S0 then you need to follow these steps: Create a folder with model name in USB (eg: NGI-M08POE8-L2) Note: don’t add ‘A’ in folder name.
3.5. DIP Switches Power: DIP 1 and DIP 2 is for primary power and redundant power supplies. No Name Description ON: Primary power alarm reporting is enabled. OFF: Primary power alarm reporting is disabled. ON: Redundant power alarm reporting is enabled. OFF: Redundant power alarm reporting is disabled.
4. System Status 4.1. Console Port Connect your computer to the console port on the Switch using the appropriate cable. Use terminal emulation software with the following settings: Default Settings for the Console Port Setting Default Value Terminal Emulation VT100 Baud Rate 38400...
Input command “enable” L2SWITCH>enable Input a valid username and password when below prompt are displayed. user: admin password: admin L2SWITCH# 4.4. CLI Command Concept Node Command Description enable show hostname This command displays the system’s network name. configure reboot This command reboots the system. eth0 ip address A.B.C.D/M This command configures a static IP and subnet mask for the system.
In Configure code, executing command “interface fastethernet1/0/5” enter the interface port 5 node. Note: depend on your port speed, gigaethernet1/0/5 for gigabit Ethernet ports and fastethernet1/0/5 for fast Ethernet ports. L2SWITCH(config)#interface gigaethernet1/0/5 L2SWITCH(config-if)# vlan Its command prompt is “L2SWITCH(config-vlan)#”. It means these commands can be executed in this command prompt.
4.6. System Information 4.6.1. CLI Configuration Node Command Description enable show hostname This command displays the system’s network name. enable show interface eth0 This command displays the current Eth0 configurations. enable show model This command displays the system information. enable show running-config This command displays the current operating configurations.
4.6.2. Web Configuration The System Information window appears each time you log into the program. Alternatively, this window can be accessed by clicking System Status > System Information. Parameter Description System Information Model Name This field displays the model name of the Switch. Host name This field displays the name of the Switch.
Page 32
Version This field displays the version of primary firmware. Built Date This field displays the built date of primary firmware. Checksum This field displays the checksum of primary firmware. Secondary Firmware Version This field displays the version of secondary firmware. Built Date This field displays the built date of econdary firmware.
5. Basic Settings 5.1. General Settings 5.1.1. System Management VLAN To specify a VLAN group which can access the Switch. The valid VLAN range is from 1 to 4094. If you want to configure a management VLAN, the management VLAN should be ...
Page 34
eth0 ip ipv6-address This command configures a global scope of AAAA:BBBB:CCCC:DDDD:E IPv6 address and subnet mask for the system. EEE:FFFF:GGGG:HHHH/M eth0 ip ipv6-addressdefault-gateway This command configures a default gateway for AAAA:BBBB:CCCC:DDDD:E the system. EEE:FFFF:GGGG:HHHH eth0 ip ipv6-dhcp client This command configures a DHCPv6 client (disable|enable|renew| function for the system.
5.1.1.2. Web Configuration Parameter Description System Settings Enter up to 64 alphanumeric characters for the name of your Switch. Hostname The hostname should be the combination of the digit or the alphabet or hyphens (-) or underscores (_). Management Enter a VLAN ID used for Switch management purposes. VLAN DHCP Server Port Configures a port or a range of ports for valid DHCP server.
Page 36
Select Enable to allow the Switch to automatically get an IP address from a DHCPv6 server. Click Renew to have the Switch re-get an IP DHCPv6 Client address from the DHCP server. Select Disable if you want to configure the Switch’s IP address manually.
5.1.2. Jumbo Frame Jumbo frames are Ethernet frames with a payload greater than 1500 bytes. Jumboframes can enhance data transmission efficiency in a network. The bigger the frame size, the better the performance. Notice: The default jumbo frame is 10240 bytes. ...
Parameter Description Jumbo Frame Settings Port This field specifies a port or a range of ports for configuration. This field configures the maximum number of bytes of frame size Frame Size for specified port(s). (available size:1522/1536/1552/9010/9216/10240) Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
Page 39
HOUR:MINUTE:SECOND hour: 0-23 min: 0-59 sec: 0-59 Note: If you configure Daylight Saving Time after you configure the time, the Switch will apply Daylight Saving Time. configure time date Sets the current date on the Switch. YEAR/MONTH/DAY year: 1970- month: 1-12 day: 1-31 configure time daylight-saving-time...
5.1.3.2. Web Configuration Parameter Description Current Time and Date Current Time This field displays the time you open / refresh this menu. Current Date This field displays the date you open / refresh this menu. Time and Date Setting Select this option if you want to enter the system date and time Manual manually.
Page 41
Select the time difference between UTC (Universal Time Coordinated, Time Zone formerly known as GMT, Greenwich Mean Time) and your time zone from the drop-down list box. Daylight Saving Settings Select Enable if you want to use Daylight Saving Time. Otherwise, State select Disable to turn it off.
5.1.4. Management Host The feature limits the hosts which can manage the Switch. That is, any hosts can manage the Switch via telnet or web browser. If user has configured one or more management host, the Switch can be managed by these hosts only. The feature allow user to configure management IP based on particular IP or whole subnet.
5.2. MAC Management Dynamic Address: The MAC addresses are learnt by the switch. When the switch receives frames, it will record the source MAC, the received port and the VLAN in the address table with an age time. When the age time is expired, the address entry will be removed from the address table.
5.2.1. Static MAC 5.2.1.1. CLI Configuration Node Command Description This command displays the current static/dynamic enable show mac-address-table (static|dynamic) unicast address entries. enable configure terminal This command changes the node to configure node. configure mac-address-table static This command configures a static unicast entry. MACADDR vlan <1- 4094>...
Page 46
Port Enter the port number to which the computer or device is connected. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. Static MAC Table This field displays the MAC address of a manually entered MAC MAC Address address entry.
5.2.2. MAC Table 5.2.2.1. CLI Configuration Node Command Description This command displays the current static/dynamic enable show mac-address- table(static|dynamic) unicast address entries. enable show mac-address-table This command displays information of a specific mac MACADDR MAC. enable show mac-address-table This command displays the current unicast address port PORT_ID entries learnt by the specific port.
Page 48
Parameter Description Mac Table Select All, Static, Dynamic or Port and then click Apply to Show Type Apply display the corresponding MAC address entries on this screen. Refresh Click Refresh to begin configuring this screen afresh. MAC Address This field displays a MAC address. This field displays whether this entry was entered manually Type (Static) or whether it was learned by the Switch (Dynamic).
5.2.3. Age Time Settings 5.2.3.1. CLI Configuration Node Command Description enable show mac-address-table This command displays the current MAC address aging-time table age time. enable configure terminal This command changes the node to configure node. configure mac-address-table aging- This command configures the mac table aging time. time VALUE The range is 20 to 500 or 0: disable.
Refusal ( 5.2.4. Black-hole MAC) This type of MAC address entries are configured manually. A switch discards the packets destined for or originated from the MAC addresses contained in black-hole MAC address entries. Black-hole entries are configured for filtering out frames with specific source or destination MAC addresses.
5.2.4.2. Web Configuration Parameter Description Refusal MAC Settings Enter the MAC address of a computer or device that you want to MAC Address refusal. Valid format is hh:hh:hh:hh:hh:hh. VLAN ID Enter the VLAN ID to apply to the computer or device. Apply Click Apply to take effect the settings.
5.3. Port Mirror Port-based Mirroring The Port-Based Mirroring is used on a network switch to send a copy of network packets sent/received on one or a range of switch ports to a network monitoring connection on another switch port (Monitor to Port). This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system.
L2SWITCH#show mirror Mirror Configurations: State : Disabled. Monitor port : 9. Ingress port(s): 1-8. Egress port(s) : None. 5.3.2. Web Configuration Parameter Description Port Mirroring Settings Select Enable to turn on port mirroring or select Disable to turn it State off.
Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. 5.4. Port Settings Duplex mode A duplex communication system is a system composed of two connected parties or devices that can communicate with one another in both directions. Half Duplex: A half-duplex system provides for communication in both directions, but only one direction at a time (not simultaneously).
Auto Negotiation Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode.
Page 56
interface speed (auto|10-full||10-half| 100- This command configures the speed and full|100-half|1000-full) duplex for the port. interface shutdown This command disables the specific port. interface no shutdown This command enables the specific port. configure interface range This command enters the if-range gigabitethernet1/0/PORTLISTS configure node.
5.4.1.2. Web Configuration Parameter Description Port Settings Port Select a port or a range ports you want to configure on this screen. State Select Enable to activate the port or Disable to deactivate the port. Select the speed and duplex mode of the port. The choices are: •...
Click Refresh to begin configuring this screen afresh. Refresh Port Status Port This field displays the port number. State This field displays whether the port is enabled or disabled. This field displays the speed either 10M, 100Mor 1000Mand the duplex Speed/Duplex mode Full or Half.
5.4.2.2. Web Configuration Parameter Description Port Settings Port Select a port or a range ports you want to configure on this screen. Description Configures a meaningful name for the port(s). Alias Configures an alias for the port(s). Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
Page 60
protocol. Uptime The sustained time from last link up. Medium Mode The current working medium mode, copper or fiber, for the port.
6. Advanced Settings 6.1. Bandwidth Control 6.1.1. Each egress port can support up to 8 transmit queues. Each egress transmit queue contains a list specifying the packet transmission order. Every incoming frame is forwarded to one of the 8 egress transmit queues of the assigned egress port, based on its priority. The egress port transmits packets from each of the 8 transmit queues according to a configurable scheduling algorithm, which can be a combination of Strict Priority (SP) and/or Weighted Round Robin (WRR).
Page 62
Note: Advanced QoS methods only affect the internal priority queue mapping for the Switch. The Switch does not modify the IEEE 802.1p value for the egress frames. You can choose one of these ways to alter the way incoming packets are prioritized or you can choose not to use any QoS enhancement setting on the Switch.
6.1.1.1 Port Priority 6.1.1.1.1 CLI Configuration Node Command Description enable show interface This command displays the current port IFNAME configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node. interface default-priority <0-7>...
Refresh Click Refresh to begin configuring this screen afresh. 6.1.1.2 IP DiffServ (DSCP) DiffServ (DSCP) Differentiated Services or DiffServ is a computer networking architecture that specifies a simple, scalable and coarse-grained mechanism for classifying, managing network traffic and providing Quality of Service (QoS) guarantees on modern IP networks. DiffServ can, for example, be used to provide low-latency, guaranteed service (GS) to critical network traffic such as voice or video while providing simple best-effort traffic guarantees to non-critical services such as web traffic or file transfers.
Page 66
PRECEDENCE | D | T | R | 0 | 0 | +-----+-----+-----+-----+-----+-----+-----+-----+ Precedence 111 - Network Control 110 - Internetwork Control 101 - CRITIC/ECP 100 - Flash Override 011 - Flash 010 - Immediate 001 - Priority 000 - Routine The use of the Delay, Throughput, and Reliability indications may increase the cost (in some sense) of the service.
6.1.1.3 Priority/Queue Mapping 6.1.1.3.1 CLI Configuration Node Command Description enable show queue cos-map This command displays the current 802.1p priority mapping to the service queue. enable configure terminal This command changes the node to configure node. configure queue cos-map <0-7> This command configures the 802.1p priority <0-7>...
6.1.1.3.2 Web Configuration Parameter Description Priority/Queue Mapping Settings Click this button to reset the priority to queue mappings to the Reset to Default defaults. This field displays each priority level. The values range from 0 Priority (lowest priority) to 7 (highest priority). Queue ID Select the number of a queue for packets with the priority level.
6.1.1.4 Schedule Mode Queuing Algorithms Queuing algorithms allow switches to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth. Strict-Priority (SPQ) The packets on the high priority queue are always service firstly. Weighted round robin (WRR) ...
6.1.1.4.2 Web Configuration Parameter Description Schedule Mode Settings Select Strict Priority (SP) or Weighted Round Robin (WRR). Note: Queue weights can only be changed when Weighted Round Robin is selected. Schedule Mode Weighted Round Robin scheduling services queues on a rotating basis based on their queue weight (the number you configure in the queue Weight field).
6.1.2 Rate Limitation 6.1.2.1 Storm Control A broadcast storm means that your network is overwhelmed with constant broadcast or multicast traffic. Broadcast storms can eventually lead to a complete loss of network connectivity as the packets proliferate. Storm Control protects the Switch bandwidth from flooding packets, including broadcast packets, multicast packets, and destination lookup failure (DLF).
6.1.2.1.2 Web Configuration Parameter Description Storm Control Settings Select the port number for which you want to configure storm control Port settings. Select the number of packets (of the type specified in the Type field) per Rate second the Switch can receive per second. Select Broadcast - to specify a limit for the amount of broadcast packets received per second.
6.1.2.2 Bandwidth Limitation The rate limitation is used to control the rate of traffic sent or received on a network interface. Rate Limitation unit: Mbps. Default Settings All ports’ Ingress and Egress rate limitation are disabled. 6.1.2.2.1 CLI Configuration Node Command Description enable...
6.1.2.2.2 Web Configuration Parameter Description Bandwidth Limitation Settings Port Selects a port that you want to configure. Ingress Configures the rate limitation for the ingress packets. Egress Configures the rate limitation for the egress packets. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
6.2 IGMP Snooping 6.2.1 IGMP Snooping The IGMP snooping is for multicast traffic. The Switch can passively snoop on IGMP packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly.
IGMP snooping on the Switch is disabled even per VLAN states are enabled. When the global state is enabled, user must enable per VLAN states to enable the IGMP Snooping on the specific VLAN. 6.2.1.1 General Settings 6.2.1.1.1 CLI Configuration Node Command Description...
6.2.1.1.2 Web Configuration Parameter Description IGMP Snooping Settings Select Enable to activate IGMP Snooping to forward group IGMP Snooping State multicast traffic only to ports that are members of that group. Select Disable to deactivate the feature. Report Suppression Select Enable/Disable to activate/deactivate IGMP report State suppression function.
Page 80
This field displays VLANs on which the Switch is to perform Enable on VLAN IGMP snooping. None displays if you have not enabled IGMP snooping on any VLAN yet. Unknown Multicast This field displays whether the Switch is set to drop or Packets flooding unknown multicast packets.
6.2.1.2 Port Settings Immediate Leave When you enable IGMP Immediate-Leave processing, the switch immediately removes a port when it detects an IGMP version 2 leave message on that port. You should use the Immediate- Leave feature only when there is a single receiver present on every port in the VLAN. (Immediate Leave is only supported on IGMP Version 2 hosts).
Page 82
interface igmp-group-limit This command configures the maximum groups VALUE for the specific port. interface no igmp-group-limit This command configures the default value for the limitation of the maximum groups for the specific port. interface igmp-querier-mode This command specifies whether or not and under (auto|fixed|edge) what conditions the port(s) is (are) IGMP query port(s).
6.2.1.2.2 Web Configuration Parameter Description Port Settings Select the desired setting, Auto, Fixed, or Edge. Auto means the Switch uses the port as an IGMP query port if the port receives IGMP query packets. Fixed means the Switch always treats the port(s) as IGMP query port(s).
6.2.1.3 Querier Settings IGMP Querier There is normally only one Querier per physical network. All multicast routers start up as a Querier on each attached network. If a multicast router hears a Query message from a router with a lower IP address, it MUST become a Non-Querier on that network. If a router has not heard a Query message from another router for [Other Querier Present Interval], it resumes the role of Querier.
6.2.1.3.2 Web Configuration Parameter Description Querier Settings State This field configures the global Querier state. This field configures the interval which Querier send query packet Query Interval periodically. VLAN State This field enables the Querier state in a vlan or a range of vlan. Apply Click Apply to take effect the settings.
6.2.2 IGMP Snooping Filtering The IGMP Snooping Filter allows users to configure one or some of range or multicast address to drop or to forward them. 6.2.2.1 General Settings 6.2.2.1.1 CLI Configurations Node Command Description enable show igmp-snooping filtering This command displays the IGMP snooping filtering configurations.
6.2.2.1.2 Web Configurations Parameter Description IGMP Filtering Settings IGMP Filtering This field configures the global IGMP Filtering state. State Profile This field creates the IGMP Filtering profile. Type The field configures the type of action for the profile. Click Apply to take effect the settings. Apply Click Refresh to begin configuring this screen afresh.
6.2.2.2 Group Settings 6.2.2.2.1 CLI Configurations Node Command Description enable show igmp-snooping filtering This command displays the IGMP snooping filtering configurations. enable configure terminal This command changes the node to configure node. configure igmp-snooping filtering profile This command creates a filtering profile STRING and enters the IGMP snooping filtering profiles configuration node.
Page 89
Start Address The field configures the first multicast address of the group. End Address The field configures the last multicast address of the group. Click Apply to take effect the settings. Apply Click Refresh to begin configuring this screen afresh. Refresh...
6.2.2.3 Port Settings 6.2.2.3.1 CLI Configurations Node Command Description enable show igmp-snooping filtering This command displays the IGMP snooping filtering configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node.
Page 91
profile. Apply Click Apply to take effect the settings. Click Refresh to begin configuring this screen afresh. Refresh...
6.2.3 Multicast Listener Discovery (MLD) Snooping for IPv6 Multicast Listener Discovery Snooping is an IPv6 multicast constraining mechanism that runs on layer 2 switches to manage and control IPv6 multicast groups. With MLDS, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN.
Page 93
node. configure mld-snooping enable This command enables the MLD Snooping. configure no mld-snooping enable This command disables the MLD Snooping. configure mld-snooping proxy enable This command enables the MLD Snooping Proxy. (Default: disable) configure no mld-snooping proxy This command disables the MLD Snooping enable Proxy.
6.2.3.1.2 Web Configuration Parameter Description MLD Snooping Settings Global State Configures the global state of the MLD snooping on the Switch. Router Interval Configures the MLD Snooping router interval. Proxy State Enables / Disables the MLD Snooping Proxy state on the Switch. Report Suppression Configures the MLD Snooping report suppression interval.
6.2.3.2 VLAN Settings 6.2.3.2.1 CLI Configuration Node Command Description enable show mld-snooping This command displays the current MLD information configurations. enable show mld-snooping group This command displays the current MLD group information. enable configure terminal This command changes the node to configure node.
6.2.3.2.2 Web Configuration Parameter Description VLAN Settings VLAN ID Select the vlan which you want to configure. Query Interval Configures the query interval for the vlan. VLAN State Enables / Disables the MLD Snooping on the vlan. Version Selects the MLD Snooping version on the vlan. Immediate Leave Enables / Disables the MLD Snooping immediate leave on the vlan.
6.2.4 MVR refers to Multicast VLAN Registration that enables a media server to transmit multicast stream in a single multicast VLAN while clients receiving multicast VLAN stream can reside in different VLANs. Clients in different VLANs intend to join or leave the multicast group simply by sending the IGMP Join/leave message to a receiver port.
Page 98
Figure-1: MOD Without MVR Switch MoD Server Receiver Ports VLAN1 VLAN2 VLAN3 VLAN4 VLAN5 VLAN6 Figure-2: MOD Support MVR Switch supports MVR MoD Server Receiver Ports VLAN1 VLAN2 VLAN3 VLAN4 VLAN5 VLAN6 Default Settings There is no MVR vlan. Default configuration for a new MVR: MVR VLAN Information VLAN ID Name...
Notices • IGMP snooping and MVR can be independently enabled. • IGMP snooping and MVR use the same IGMP timers. • MVR can recognize IGMPv3 reports. • About the IGMPv3 report, switch does not treat those group records with the following group record types as membership reports.
source-port This command sets the source port(s). Normally the PORTLIST source ports are connected to the streaming server. no source-port This command removes a port or range of ports from PORTLIST the source port(s). tagged PORTLIST This command sets the tagged port(s). Same as the VLAN tagged port.
Page 101
Configures the source port(s) for the MVR. Normally the source ports are Source Ports connected to the streaming server. Receive Ports Configures the receive port(s) for the MVR. Normally the source ports are connected to the streaming client Configures the tagged port(s) for the MVR. Same as the VLAN tagged Tagged Ports port.
6.2.4.2 Group Settings 6.2.4.2.1 CLI Configuration Node Command Description enable show mvr This command displays the current MVR configurations. enable show mvr vlan This command displays the current MVR configurations VLANLISTS of the specific VLAN. enable configure terminal This command changes the node to configure node. configure mvr VLANLISTS This command configures the MVR configurations for...
Page 103
Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
6.2.5 Multicast Address A multicast address is associated with a group of interested receivers. According to RFC 3171, addresses 224.0.0.0 to 239.255.255.255, the former Class D addresses, are designated as multicast addresses in IPv4. The IANA owns the OUI MAC address 01:00:5e, therefore multicast packets are delivered by using the Ethernet MAC address range 01:00:5e:00:00:00 - 01:00:5e:7f:ff:ff.
IP multicast Description address 224.0.0.0 Base address (reserved) The All Hosts multicast group that contains all systems on the same network 224.0.0.1 segment The All Routers multicast group that contains all routers on the same network 224.0.0.2 segment The Open Shortest Path First (OSPF) All SPF Routers address. Used to send 224.0.0.5 Hello packets to all OSPF routers on a network segment The OSPF All D Routers address.
configure no mac-address-table multicast This command removes a static multicast MACADDR entry from the address table. 6.2.5.2 Web Configuration Parameter Description Static Multicast Address Settings VLAN ID Configures the VLAN that you want to configure. Configures the multicast MAC which will not be aged out. Address Valid format is hh:hh:hh:hh:hh:hh.
6.2.6 Explicit Host Tracking This capability enables the Switch to track each individual host that is joined to a particular group or channel and to achieve minimal leave latencies when hosts leave a multicast group or channel. Notice: Before configuring the ip igmp-explicit-tracking command, IGMP must be enabled. ...
Index This field indicates the index of the entry. Port This field indicates the port of the entry. Multicast This field indicates the multicast address of the entry. Group This field indicates the vlan of the entry. Timeout This field indicates the remaining time in the table of the entry. Host IP This field indicates the host IP which joins the multicast group.
port. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node. interface port-isolation ports This command configures a port or a range of ports to PORTLISTS egress traffic from the specific port. interface no port-isolation This command configures all ports to egress traffic from...
An egress port is an outgoing port, that is, a port through which a data packet leaves. Egress Port Selecting a port as an outgoing port means it will communicate with the port currently being configured. Click Select All to mark all ports as egress ports and permit traffic. Click Deselect All to unmark all ports and isolate them.
Page 111
Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware switch, the Switch first decides where to forward the frame and then strips off the VLAN tag. To forward a frame from an 802.1Q VLAN-unaware switch to an 802.1QVLAN-aware switch, the Switch first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port's default VID.
6.3.2.1 VLAN 6.3.2.1.1 CLI Configuration Node Command Description enable show vlan This command displays all of the VLAN configurations. enable show vlan <1-4094> This command displays the VLAN configurations. enable configure terminal This command changes the node to configure node. configure vlan <1~4094>...
6.3.2.1.2 Web Configuration Parameter Description VLAN Settings Enter the VLAN ID for this entry; the valid range is between 1 and VLAN ID 4094. Enter a descriptive name for the VLAN for identification purposes. The VLAN name should be the combination of the digit or the VLAN Name alphabet or hyphens (-) or underscores (_).
6.3.2.2 Tag Settings 6.3.2.2.1 CLI Configuration Node Command Description enable show vlan This command displays all of the VLAN configurations. enable show vlan <1-4094> This command displays the VLAN configurations. enable configure terminal This command changes the node to configure node.
6.3.2.2.2 Web Configuration Parameter Description Tag Settings Enter the VLAN ID range for port tagging settings; the valid range is VLAN ID between 1 and 4094. Selecting a port which is a member of the selected VLAN ID will Tag Port make it a tag port.
6.3.2.3 Port Settings 6.3.2.3.1 CLI Configuration Node Command Description enable show vlan This command displays all of the VLAN configurations. enable show vlan <1-4094> This command displays the VLAN configurations. enable configure terminal This command changes the node to configure node.
6.3.2.3.2 Web Configuration Parameter Description Port Settings Select a port number to configure from the drop-down box. Port Select All to configure all ports at the same time. PVID Select a PVID (Port VLAN ID number) from the drop-down box. Specify the type of frames allowed on a port.
6.3.3 GARP/GVRP GARP and GVRP are industry-standard protocols that are described in IEEE 802.1p.GVRP is a GARP application that provides 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. With GVRP, the switch can exchange VLAN configuration information with other GVRP switches, prune unnecessary broadcast and unknown unicast traffic, and dynamically create and manage VLANs on switches that are connected through 802.1Q trunk ports.
Default Settings The default port Join Time is 20 for all ports. The default port Leave Time is 60 for all ports. The default port Leave-all Time is 1000 for all ports. The default port Hold Time is 10 for all ports. 6.3.3.1 GVRP 6.3.3.1.1 CLI Configuration Node...
Page 120
Parameter Description GARP Settings Select Enable to activate GVRP function to exchange VLAN GVRP State configuration information with other GVRP switches. Select Disable to deactivate the feature. Port Select the port that you want to configure the GVRP settings. Select Enable to activate the port GVRP function. Select Disable to State deactivate the port GVRP function.
6.3.3.2 GARP Timer 6.3.3.2.1 CLI Configuration Node Command Description enable show garp timer This command displays the timers for the GARP. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node. interface garp join-time <1- This command configures the join time / leaves time...
Page 122
Parameter Description GARP Timer Settings Specifies the maximum number of milliseconds the interface waits before Join Time sending VLAN advertisements. Specifies the number of milliseconds an interface waits after receiving a Leave Time leave message before the interface leaves the VLAN specified in the message.
6.3.4 IP Subnet VLAN IP subnet based VLANs enable the user to categorize the group of traffics into logical VLANs based on the source IP addresses and the subnet masks of packets. After receiving an untagged packet from a port, the switch checks its source IP address and the IP subnet from where is came from.
6.3.4.2 Web Configuration Parameter Description IP Subnet VLAN Settings IP Address Configures the IP address. Subnet Mask Configures the IP subnet mask. VLAN Configures the vlan. Priority Configures the priority. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. IP Subnet VLAN Table Action Clicks Delete to delete this rule.
6.3.5 MAC-based VLAN The MAC base VLAN allows users to create VLAN with MAC address. The MAC address can be the leading three or more bytes of the MAC address. For example, 00:01:02 or 00:03:04:05 or 00:01:02:03:04:05. When the Switch receives packets, it will compare MAC-based VLAN configures. If the SA is matched the MAC-based VLAN configures, the Switch replace the VLAN with user configured and them forward them.
6.3.5.2 Web Configuration Parameter Description MAC VLAN Settings MAC Address Configures the leading three or more bytes of the MAC address. VLAN Configures the VLAN. Priority Configures the 802.1Q priority. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. MAC VLAN Table Action Click Delete to delete the MAC VLAN profile.
6.3.6 Protocol-based VLAN The Protocol based VLAN allows users to create VLAN with packet frame type. The packet frame type can be one of the three frame types: EthernetII, Non-LLC-SNAP and LLC-SNAP. If configuring the EthernetII frame type, the configuration will be more detail with the Ethernet type.
6.3.6.2 Web Configuration Parameter Description Protocol VLAN Settings Select one of three frame types, “EthernetIU” and “NonLLC-SNAP” Frame Type and “LLC-SNAP”. Ethernet type Input the Ethernet type for the EthernetII frame type. VLAN Configure the VLAN ID. Port List Configure the member ports. Apply Click Apply to take effect the settings.
6.3.7 Q-in-Q VLAN (VLAN Stacking) Q-in-Q tunneling is also known as VLAN stacking. Both of them use 802.1q double tagging technology. Q-in-Q is required by ISPs (Internet Service Provider) that need Transparent LAN services (TLS), and the service provider has their own set of VLAN, independent of customer VLANs.
Page 130
VID is the VLAN ID. SP VID is the VID for the second or outer (service provider’s) VLAN tag. CVID is the VID for the first or inner (Customer’s) VLAN tag. The frame formats for an untagged Ethernet frame; a single-tagged 802.1Q frame (customer)and a “double-tagged”...
Page 131
within its network by adding tag 100to distinguish customer X and tag 200todistinguish customer Y at edge device A and then stripping those tags at edge device B as the data frames leave the network. This example shows how to configure switch A with ports 1 on the Switch to tag incoming frames with the service provider’s VID of 200 (ports are connected to customer X network) and configure port 7 to service provider’s VID of 100 (ports are connected to customer Y network).This example also shows how to set the priority for port 1 to 3 and port 7 to 4.
6.3.7.1.2 Web Configuration Parameter Description VLAN Stacking Settings Select one of the three modes, Disable or Port-Based or Selective for Action the VLAN stacking. Configures the TPID Table: The TPID table has 6 entries. Tunnel TPID Index Selects the table index. Tunnel TPID Index Selects the table index.
Page 136
Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. Click Delete to delete the MAC VLAN profile. Action...
6.3.7.2.2 Web Configuration Parameter Description Port-based Q-in-Q Settings Port Selects a port or a range of ports which you want to configure. Selects one of the three roles, Normal and Access and Tunnel, for the Role specific ports. SPVID Configures the service provider’s VLAN. Priority Configures the priority for the specific ports.
6.3.7.3 Selective Q-in-Q 6.3.7.3.1 CLI Configuration Node Command Description enable show vlan-stacking selective- This command displays the selective Q-in-Q qinq configurations. enable configure terminal This command changes the node to configure node. configure vlan-stacking (disable|port- This command disables the vlan stacking or based|selective) enables the vlan-stacking with port-based or selective on the switch.
6.3.7.3.2 Web Configuration Parameter Description Selective Q-in-Q Settings Name Configures the selective Q-in-Q profile name. Access Ports Configures a port or a range of ports for the access ports. Tunnel Ports Configures a port or a range of ports for the tunnel ports. CVID Configures a customer’s VLAN.
6.3.8 VLAN Translation VLAN Translation is a simple VLAN swapping on service provider network. When connecting a large number of networks at service provider, VLAN overlap is a major issue as customer ‘A’ and customer ‘B’ may use same VLAN tag. Here VLAN translation will be used to prevent overlaps.
6.3.8.2 Web Configuration Parameter Description Vlan Translation Configurations Select “Ingress” or “Egress” which you want to create the type of Vlan Translation vlan translation. Port Selects a port or a range of ports for the vlan translation rule. Priority Configures a new priority for the vlan translation rule. Old Vlan Configures the vlan for the old vlan in the vlan translation rule.
6.4 DHCP Options 6.4.1 Option 66 and 67 The Dynamic Host Configuration Protocol (DHCP) is used by device for requesting Internet Protocol parameters, such as an IP address from a network server. The protocol operates based on the client-server model. When the Switch connects to a network, its DHCP client software in the operating system sends a broadcast query requesting necessary information like IP address.
When the Switch gets the option 66 and 67 information, it downloads the configuration file from TFTP server automatically. The Switch will take effect the configuration file immediately. If the configuration file has an auto-back command, the Switch backups the current system ...
Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. 6.4.2 DHCP Option 82 DHCP Option 82 is the “DHCP Relay Agent Information Option”. Option 82 was designed to allow a DHCP Relay Agent to insert circuit specific information into a request that is being forwarded to a DHCP server.
Page 146
Option Frame Format: Code Agent Information Field . . . The Agent Information field consists of a sequence of Sub-Opt/Length value for each sub- option, encoded in the following manner: Sub-Option Sub-Option Value . . . DHCP Agent Sub-Option Description Sub-option Code --------------- ----------------------...
PVLAN. CVLAN - Add the customer VLAN ID into the Circuit sub-option. If the CVLAN is not defined, the system returns 0. PORT - Add the transmit port ID into the Circuit sub-option. FRAME - Add the frame ID into the Circuit sub-option. The frame ID is configured with the CLI command, “dhcp-options option82 circuit_frame VALUE”.
6.4.2.2 Web Configuration Parameter Description Option 82 Settings Select this option to enable / disable the DHCP option 82 on the State Switch. Circuit Frame The frame ID for the circuit sub-option. Circuit Shelf The shelf ID for the circuit sub-option. Circuit Slot The slot ID for the circuit sub-option.
Page 149
Option 82 Port Settings Port The port ID. The String of the circuit ID sub-option information for the Circuit-ID String specific port. The String of the remote ID sub-option information for the Remote-ID String specific port.
6.5 DHCP Relay Because the DHCPDISCOVER message is a broadcast message, and broadcasts only cross other segments when they are explicitly routed, you might have to configure a DHCP Relay Agent on the router interface so that all DHCPDISCOVER messages can be forwarded to your DHCP server.
The DHCP cleint-1 and DHCP client-2 are located in different VLAN. But they allocate IP address from the same DHCP server. Switch DHCP Relay agent Server client client client client client client client VLAN 1: port 1,2 (Management VLAN) VLAN 2: port 3, 4 VLAN 3: port 5, 6 VLAN 4: port 7, 8 DHCP Server ...
6.6 Dual Homing Dual Homing is a network topology in which a device is connected to the network by way of two independent access points (points of attachment). One access point is the primary connection, and the other is a standby connection that is activated in the event of a failure of the primary connection.
6.6.2 Web Configuration Parameter Description Dual Homing Settings State Enables/ disables the Dual-Homing for the Switch. Group ID Selects a group which you want to configure. Group State Enables/ disables the Dual-Homing for a group.
Page 155
Configures / Resets the primary channel for a group. The Primary channel channel can be single port or a trunk group. Configures / Resets the secondary channel for a group. The Secondary channel channel can be single port or a trunk group. Apply Click Apply to take effect the settings.
6.7 ERPS The ITU-T G.8032 Ethernet Ring Protection Switching feature implements protection switching mechanisms for Ethernet layer ring topologies. This feature uses the G.8032 Ethernet Ring Protection (ERP) protocol, defined in ITU-T G.8032, to provide protection for Ethernet traffic in a ring topology, while ensuring that no loops are within the ring at the Ethernet layer. The loops are prevented by blocking traffic on either a predetermined link or a failed link.
Page 157
Wait to restore (WTR) timer -- The RPL owner uses the WTR timer. The WTR timer applies to the revertive mode to prevent frequent triggering of the protection switching due to port flapping or intermittent signal failure defects. When this timer expires, the RPL owner sends a R-APS (NR, RB) through the ring.
6.7.1 Ring 6.7.1.1 CLI Configuration Node Command Description enable show erps This command displays the ERPS configurations. enable configure terminal This command changes the node to configure node. configure erps enable This command enables the global ERPS on the Switch. configure no erps enable This command disables the global ERPS on the...
6.7.1.2 Web Configuration Parameter Description ERPS Ring Settings Global State Enables / disables the global ERPS state. Ring ID Configures the ring ID. The Valid value is from 1 to 255. State Enables/ disables the ring state. Ring Name Configures the ring name.(Up to 32 characters) Revertive Enables / disables the revertive mode.
Configures the Hold-off time for the ring. The Valid value is from 0 Hold-off Timer to 10000 (ms). Configures the WTR time for the ring. The Valid value is from 5 to WTR Timer 12 (min). Configures the Control MEL for the ring. The Valid value is from 0 to 7.
data-vlan VLANLISTS config- no instance <1-30> This command removes an instance. erps-inst config- show This command displays all of the instance erps-inst configurations. 6.7.2.2 Web Configuration Parameter Description Instance Settings Instance Configures the instance ID. The valid value is from 1 to 31. Configures the control vlan for the instance.
6.8 Link Aggregation 6.8.1 Static Trunk Link Aggregation (Trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link. However, the more ports you aggregate then the fewer available ports you have.
6.8.1.2 Web Configuration Parameter Description Static Trunk Settings Select the group ID to use for this trunk group, that is, one logical link Group State containing multiple ports. Select Enable to use this static trunk group. Configures the load balance algorithm (MAC/IP) for the specific trunk Load Balance group.
6.8.2 LACP The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port trunking. The IEEE 802.3ad standard describes the Link Aggregation Control Protocol (LACP) for dynamically creating and managing trunk groups. When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups.
6.8.2.1 CLI Configuration Node Command Description enable show lacp counters This command displays the LACP counters for the [GROUP_ID] specific group or all groups. enable show lacp port_priority This command c displays the port priority for the LACP. enable show lacp sys_id This command displays the actor’s and partner’s system ID.
6.8.2.2 Web Configuration Parameter Description LACP Settings Select Enable from the drop down box to enable Link Aggregation State Control Protocol (LACP). Select Disable to not use LACP. LACP system priority is a number between 1 and 65,535. The switch with the lowest system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Port Priority Select a port or a range of ports to configure its (their) LACP priority. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. 6.8.3 LACP Information 6.8.3.1 CLI Configurations Node Command Description enable...
Page 168
Port The LACP member port ID. LACP system priority is used to determine link aggregation group System Priority (LAG) membership, and to identify this device to other switches during LAG negotiations. (Range: 0-65535; Default: 32768) System ID The neighbor Switch’s system ID. Port The direct connected port ID of the neighbor Switch.
6.9 Loop Detection Loop detection is designed to handle loop problems on the edge of your network. This can occur when a port is connected to a Switch that is in a loop state. Loop state occurs as a result of human error.
Page 170
configure interface IFNAME This command enters the interface configure node. interface loop-detection (disable|enable) This command disables / enables the loop detection on the port. interface no shutdown This command enables the port. It can unblock port blocked by loop detection. interface loop-detection recovery This command enables / disables the recovery...
6.9.2 Web Configuration Parameter Description Loop Detection Settings State Select this option to enable loop guard on the Switch. Enter the destination MAC address the probe packets will be sent to. MAC Address If the port receives these same packets the port will be shut down. Port Select a port on which to configure loop guard protection.
Page 172
Refresh Click Refresh to begin configuring this screen afresh. Loop Detection Status Port This field displays a port number. State This field displays if the loop guard feature is enabled. Status This field displays if the port is blocked. Manual Recovery Clicks Unblock to reactivate the port manually.
Physical Output Read Holding Not support now Registers Registers MODBUS Data Map and Information Interpretation of Tripp Lite IE Switches MODBUS base address of Tripp Lite switches is 1001(decimal) for Function Code 4. Address Offset Data Type Interpretation Description System Information...
Page 174
Word 7 Lo byte = ‘\0’ 0x0040 7 words Product Serial Number Ex: Serial No=A000000000001 0x0050 12 words ASCII Firmware Version=”8608-000-1.4.1.S0” Word 0 Hi byte = ‘8’ Word 0 Lo byte = ‘6’ Word 1 Hi byte = ‘0’ Word 1 Lo byte = ‘8’ Word 2 Hi byte = ‘-’...
Page 175
0x000A: 1000M-Full-FC_OFF 0x000B: 1000M-Half-FC_ON 0x000C: 1000M-Half-FC_OFF 0xFFFF: No port 0x0200 to 20 words ASCII Port 1 to 6 Description 0x0213 (port 1) Port Description = “100TX,RJ45.” Or “1000TX,SFP.” 0x0220 to Word 0 Hi byte = ‘1’ 0x0233 (port 2) Word 0 Lo byte = ‘0’ …...
Word 0 Lo byte = MAC0 Word 0 Hi byte = MAC1 Word 1Lo byte = MAC2 Word 1 Hi byte = MAC3 Word 2Lo byte = MAC4 Word 2 Hi byte = MAC5 0x0518 1 word Primary Port of the Xpress-ring1 Word 0 Hi byte = Port ID.
6.10.2 Web Configuration Parameter Description Modbus TCP Settings State Select this option to enable / disable the Modbus on the Switch. Click Apply to take effect the settings. Apply Refresh Click Refresh to begin configuring this screen afresh. Modbus TCP Information Clicks the Download button to download all of the regisers Download information to load host.
6.11 PoE (Power over Ethernet) 6.11.1 Power over Ethernet or PoE technology describes a system to pass electrical power safely, along with data, on Ethernet cabling. PoE requires category 5 cable or higher for high power levels, but can operate with category 3 cable for low power levels. Power can come from a power supply within a PoE-enabled networking device such as an Ethernet switch or can be injected into a cable run with a mid-span power supply.
Page 179
Maximum cable 12.5 20 Ω (Category resistance per Ω (Cat gory 12.5 Ω 12.5 Ω pairset Four power Eight power class level (1- Six power class class levels (1- Three power 4) negotiated levels (1-6) 8) negotiated class leve s (1- by signature negotiated by Power management...
Fast POE This feature switches on power without waiting for IOS to boot up. When poe-ha is enabled on a particular port, the switch on a recovery after power failure, provides power to the connected endpoint devices within short duration before even the IOS forwarding starts up. 6.11.1.1 CLI Configuration Node...
6.11.1.2 Web Configuration Parameter Description PoE Settings State Select this option to enable / disable the PoE on the Switch. Fast PoE Select this option to enable / disable the Fast PoE on the Switch. Perpetual PoE Select this option to enable / disable the Prepetual PoE on the Switch. Total Power(W) Configure the total power for the Switch.
Page 182
Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. PoE Status State Displays the PoE state for the Switch. Fast PoE Display the Fast PoE state for the Switch. Perpetual PoE Display the Perpetual PoE state for the Switch. Total Power Displays the total power that the Switch supports.
6.11.2 PD Alive Check The function has a global state configuration. If the global state configuration is enabled. The Switch will check the configurations of every port. If the port’s state is enabled, the Switch will send keep-a-live probe packet every interval time. If the host cannot respond when the keep-a-live probe packet count is over the retry times, the Switch performs the action, reboot/alarm/all to the Power Device, depending on the port’s configuration.
packet for the specific port. interface pd-alive power-off-time This command configures the power-off time and <3-120> startup-time startup time. Unit: second. <30-600> 6.11.2.2 Web Configuration Parameter Description PD Alive Check Settings State Enables/Disables the PD Alive Check. Port Selects a port or a range of ports which you want to configure. State Enables/Disables the PD Alive Check for the specific port(s).
When PD has been rebooted, the PoE port restored power after the Power Off Time Power Off Time. The Switch waits the Start Up Time to do PoE Auto Checking Start Up Time when the PD is rebooting. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
6.11.3.2 Web Configuration Parameter Description Power Delay Settings Port Selects a port or a range of ports which you want to configure. State Enables/Disables the PoE Power Delay for these specific ports. Time The delay time for the specific ports. Apply Click Apply to take effect the settings.
6.11.4 PoE Schedule The function has a global state configuration. If the global state configuration is disabled. The Switch will not perform the schedule function. If the global state is enabled, the Switch will check every port’s configurations. If the port’s check configuration is NO for a specific day, the Switch will not perform action for the specific port.
6.11.4.2 Web Configuration Parameter Description Schedule Settings Selects a port that you want to configure the PoE schedule Port function. State Enables/Disables the PoE schedule for the specific ports. Week Select a week day that you want to configure the schedule. Enables or Disables the PoE schedule on the specific port for a Check defined time period.
PTP (IEEE-1588 V2) PTP (Precision Time Protocol) is a distributed protocol to do time synchronization with each other systems in the network. There are 4 different clocks in PTP: 1. Ordinary Clock: Switch communicates with the network by using specified single port. It will be same as grand master clock.
Adding Primary Domain: This command is used to add specified domain ID as primary domain in PTP; By default primary domain ID is 0. L2SWITCH(config)#ptp primary-domain 1 Deleting Primary Domain: This command is used to delete existing primary domain ID from PTP and adds default domain ID (0) as primary domain ID.
PTP Status PTP Status The current global PTP state. PTP Primary Configure the primary domain. Domain Domain ID Creates / Removes a Domain. Domain Status The current state of the domain. Slave The current slave mode of the domain. Path Trace The current path track mode of the domain.
Page 192
PTP domain and assigns default clock mode (Forward) in PTP domain. ptp_config clock-priority1 <Value> This command assigns specified priority for PTP domain dataset’s 1 priority. ptp_config no clock-priority1 This command deletes existing 1 priority from PTP domain clock and assigns default priority value (128).
6.11.6.2 Web Configuration Parameter Description Domain Settings Selects a domain ID to configure. Domain ID Enables / Disables the domain. Domain Enable - enables path trace TLV and adds TLV in list. Path Trace Disable - disables path trace TLV in domain and delete it from list. Enable - enables PTP domain as slave.
Page 194
Configures a priority for PTP domain dataset’s 2 priority. Clock Priority_2 The default priority value is 128. Ordinary Clock - Switch communicates with the network by using specified single port. It will be same as grand master clock. Boundary Clock - Switch can use multiple ports to communicate with network and each port behaves as ordinary clock.
6.11.7 Port Settings 6.11.7.1 CLI Configuration Node Command Description Enable show ptp port <Domain- This command displays specified PTP domain ID> <Port-ID> and port configurations. enable configure terminal This command changes the node to configure node. configure ptp primary-domain This command configures a specified Domain <Domain-ID>...
one step as “ptp_config” node. ptp_config_port This command provides command prompt as “enable” node. 6.11.7.2 Web Configuration Parameter Description Port Settings Selects a domain ID to configure. Domain ID Selects a port to join the domain. Port Enable - enables PTP port in domain as acceptable master. Acceptable Master Disable - deletes PTP port in domain from acceptable master list.
Page 197
Add - configures to send periodical announce messages in specified intervals in PTP port. Announce Interval Default - deletes existing announce interval from PTP port and adds default interval (1). Add - configures specified value as announce time in PTP port. Announce Timeout Default - deletes existing announce timeout from PTP port and adds default timeout (3).
6.12 PPPoE IA PPPoE Intermediate Agent (PPPoE IA) is placed between a subscriber and BRAS to help the service provider BRAS distinguish between end hosts connected over Ethernet to an access switch. On the access switch, PPPoE IA enables Subscriber Line Identification by appropriately tagging Ethernet frames of different users (The tag contains specific information like which subscriber is connected to the switch and VLAN).
Page 199
packet to the PPPoE server. 6. PPPoEIA intercepts PPPoE discovery frames from the client and inserts a unique line identifier (circuit-id/remote-id) using the PPPoE Vendor-Specific tag (0x0105) to PADR (PPPoE Active Discovery Request) packets. The PPPoE IA forwards these packets to the PPPoE server after the insertion.
Page 200
option. The system variables can be the host name of the access node (Switch), the port number of the PPPoE client and/or the VLAN ID on the PPPoE packet. Table 4 PPPoE IA System Variable SYSTEM VARIABLE DESCRIPTION %HOSTNAME Host name of access node(Switch) %SPACE Space key(ASCII 0x20) %PORT...
If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port, the Switch forwards it to other trusted port(s). Note: The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trusted ports.
configure no pppoe intermediate-agent This no command removes the user defined format-type user-defined circuit ID for the PPPoE IA. configure no pppoe intermediate-agent This no command disablePPPoE IA on all vlan VLANs. configure no pppoe intermediate-agent This no command disables thePPPoE IA on vlan VLANLISTS specific VLANs.
Page 203
Parameter Description PPPoE IA Global Configurations Selects Enable to activate the PPPoE-IA or Disable to deactivate PPPoE-IA the PPPoE-IA. User defined circuit ID string for the PPPoE IA. User-Defined-String Selects Add to increase the PPPoE-IA Vlan or Remove to delete PPPoE IA VLAN the PPPoE-IA Vlan.
6.12.2 Port Configuration 6.12.2.1 CLI Configuration Node Command Description enable show pppoe intermediate-agent This command displays the current configuration configurations for the PPPoE IA. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node.
L2SWITCH(config)#interface 1/0/1 L2SWITCH(config-if)#pppoe intermediate-agent enable L2SWITCH(config-if)#interface 1/0/8 L2SWITCH(config-if)#pppoe intermediate-agent enable L2SWITCH(config-if)#pppoe intermediate-agent trust L2SWITCH(config-if)#pppoe intermediate-agent vlan 1 L2SWITCH(if-pppoe-vlan)# 6.12.2.2 Web Configuration Parameter Description PPPoE IA Port Configurations Selects a port number you want to configure on this screen. Port Number...
Page 206
Selects Enable to activate the port or Disable to deactivate the State port. Selects yes to sets a physical interface as trusted port. Trusted Set the retransmitting policy of the specific interface for the Vendor-Tag PADO/PADS packet<keep|replace|strip>.Default:Keep User defined circuit ID string on specific interface for the PPPoE Circuit-ID String User defined remote ID string on specific interface for the PPPoE Remote ID String...
6.12.3 Statistics 6.12.3.1 CLI Configuration Node Command Description enable show pppoe intermediate-agent This command displays the current statistics statistics for the PPPoE IA. enable show pppoe intermediate-agent This command displays the current statistics statistics by-vlan VLANLISTS by specific VLANs for the PPPoE IA. enable configure terminal This command changes the node to...
6.13 Static Route Static routes, which define explicit paths between two routers, cannot be automatically updated; you must manually reconfigure static routes when network changes occur. Static routes use less bandwidth than dynamic routes. No CPU cycles are used to calculate and analyze routing updates. IP forwarding IP forwarding provides on end to end delivery of IP packet between hosts with help of routers.
Page 210
<IPv4_ADDR><MAC_ADDR> from ARP table. configure no ipv6 arp This command deletes a static IPv6 ARP entry <IPv6_ADDR><MAC_ADDR> from ARP table. configure interface vlan VLAN-ID This command enters the L3 interface node. ipv4 address A.B.C.D/M This command assigns a specified IPv4 interface interface route to the interface.
Page 211
L2SWITCH(config)#no ip forwarding enable ARP proxy enable: This command is used to enable ARP proxy. L2SWITCH(config)#ip arp proxy enable ARP proxy disable: This command is used to disable ARP proxy. L2SWITCH(config)#no ip arp proxy enable Add a static IPv4/IPv6 ARP entry: This command is used to add a static IPv4/IPv6 ARP ...
6.13.2 Web configuration Parameter Description Global Settings IP Forwarding Enables / disables the IP forwarding globally. IP ARP Proxy Enables / disables the route to act as an ARP proxy globally. Adds a static IPv4 ARP entry in the ARP table. IPv4 ARP Table / Deletes a static IPv4 ARP entry from the ARP table.
Page 213
The IP address for the entry. MAC: The MAC address for the entry. Route Settings vlan Specifics an interface vlan. Adds an IPv4 Interface Route / Static Route onto the interface vlan. / Deletes an IPv4 Interface Route / Static Route from the interface vlan. IPv4 Selects the route type, Interface Route or Static Route.
6.14 STP (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a Switch to interact with other (R)STP compliant switches in your network to ensure that only one path exists between any two stations on the network. The Switch supports Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) as defined in the following standards.
Page 215
Forward Time (Forward Delay): This is the maximum time (in seconds) the Switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state;...
Page 216
The Spanning Tree Protocol (STP) is defined in the IEEEStandard802.1D. As the name suggests, it creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches), and disables those links that are not part of the tree, leaving a single active path between any two network nodes.
Page 217
Transmission Limit: This is used to configure the minimum interval between the transmissions of consecutive RSTP BPDUs. This function can only be enabled in RSTP mode. The range is from 1 to 10 seconds. Hello Time: Set the time at which the root switch transmits a configuration message. The range is from 1 to 10 seconds.
6.14.1 General Settings 6.14.1.1 CLI Configurations Node Command Description enable show spanning-tree active This command displays the spanning tree information for only active port(s). enable show spanning-tree blocked This command displays the spanning tree ports information for only blocked port(s). enable show spanning-tree summary This command displays the summary of port...
6.14.1.2 Web Configurations Parameter Description Spanning Tree Protocol Settings Select Enabled to use Spanning Tree Protocol (STP) or Rapid Spanning Tree State Protocol (RSTP). Select to use either Spanning Tree Protocol (STP) or Rapid Spanning Tree Mode Protocol (RSTP) or Multiple Spanning Tree Protocol (MSTP). This is the maximum time (in seconds) the Switch will wait before changing states.
root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch. Enter a value from 0~61440. The lower the numeric value you assign, the higher the priority for this bridge. Priority determines the root bridge, which in turn determines the Root Hello Time, Root Maximum Age and Root Forwarding Delay.
Page 221
default for the specific port. configure interface range This command enters the if-range configure gigabitethernet1/0/PORTLISTS node. if-range spanning-tree(disable|enable) This command configures enables/disables the STP function for the specific port. if-range spanning-tree bpdufilter This command configures enables/disables the (disable|enable) bpdu filter function for the specific port. if-range spanning-tree bpduguard This command configures enables/disables the...
6.14.2.2 Web Configurations Parameter Description STP Port Settings Port Selects a port that you want to configure. Active Enables/Disables the spanning tree function for the specific port. Path Cost Configures the path cost for the specific port. Priority Configures the priority for the specific port. Edge Port Configures the port type for the specific port.
Page 223
STP Port Status Active The state of the STP function. The port role. Should be one of the Alternated / Designated / Root / Backup Role / None. The port’s status. Should be one of the Discarding / Blocking / Listening / Status Learning / Forwarding / Disabled.
6.14.3 STP Status 6.14.3.1 Web Configurations Parameter Description Current Root Status MAC address This is the MAC address of the root bridge. Root refers to the base of the spanning tree (the root bridge). This field Priority displays the root bridge’s priority. This Switch may also be the root bridge.
Any port that age out STP information (provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network.
Page 226
which is either a single spanning-tree switch or a switch with a different MST configuration. At the boundary, the roles of the MST ports do not matter, and their state is forced to be the same as the IST port state (MST ports at the boundary are in the forwarding state only when the IST port is forwarding).
but each region can support up to 16 spanning-tree instances. You can assign a VLAN to only one spanning-tree instance at a time. 6.14.4.1 General Settings 6.14.4.1.1 CLI Configurations Node Command Description enable show spanning-tree mst This command displays the MSTP configurations. configuration enable show spanning-tree mst...
Page 228
show (current|pending) This command shows the MSTP configures. Current – the working configurations. Pending – the not applied configurations.
6.14.4.1.2 Web Configurations Parameter Description STP Global Settings Select Enabled to use Spanning Tree Protocol (STP) or Rapid State Spanning Tree Protocol (RSTP) or Multiple Spanning Tree Protocol (MSTP). Selects the Spanning Tree running mode. STP - Spanning Tree Protocol. Mode RSTP - Rapid Spanning Tree Protocol.
the root switch. Enter a value from 0~61440. The lower the numeric value you assign, the higher the priority for this bridge. Priority determines the root bridge, which in turn determines the Root Hello Time, Root Maximum Age and Root Forwarding Delay. Select one or more vlans which will join the instance.
<1-40> count. configure no spanning-tree mst max- This command resets the maximum hop count. hops The default maximum hop count is 20. 6.14.4.2.2 Web Configurations Parameter Description Bridge Parameters Settings This is the maximum time (in seconds) the Switch will wait before changing states.
Refresh Click Refresh to begin configuring this screen afresh. 6.14.4.3 Port Parameters 6.14.4.3.1 CLI Configurations Node Command Description enable show spanning-tree mst This command displays the configurations on interface IFNAME an interface of the MSTP. enable configure terminal This command changes the node to configure node.
Page 233
if-range spanning-tree bpdufilter This command configures enables/disables the (disable|enable) bpdu filter function for the specific port. if-range spanning-tree bpduguard This command configures enables/disables the (disable|enable) bpdu guard function for the specific port. if-range spanning-tree rootguard This command enables/disables the BPDU (disable|enable) Root guard port setting for the specific port.
6.14.4.3.2 Web Configurations Parameter Description STP Port Settings Instance Selects an instance that you want to configure. Port Selects a port or a range of ports that you want to configure. Path Cost Configures the path cost for the specific port. Priority Configures the priority for the specific port.
Page 235
Click Apply to take effect the settings. Apply Refresh Click Refresh to begin configuring this screen afresh. STP Port Status Active The state of the STP function. The port role. Should be one of the Alternated / Designated / Root / Role Backup / None.
6.14.4.4 STP Status 6.14.4.4.1 CLI Configurations Node Command Description enable show spanning-tree mst root This command displays the root bridge configurations. 6.14.4.4.2 Web Configurations Parameter Description Current Root Status Instance The Instance ID. MAC address This is the MAC address of the root bridge. Root refers to the base of the spanning tree (the root bridge).
Page 237
Current Bridge Status Instance This is the MAC address of the current bridge. MAC address This is the MAC address of the bridge. Priority This is the priority of the Switch. Refresh Click Refresh to begin configuring this screen afresh.
6.15 UDLD The UDLD (UniDirectional Link Detection) protocol is used to detect and/or disable unidirectional connections before they create dangerous situations such as Spanning Tree loops or other protocol malfunctions. The UDLD protocol was implemented to help correct certain assumptions made by other protocols and in particular to help the STP to function properly so as to avoid the creation of dangerous Layer 2 loops.
Page 239
L2SWITCH(config)# interface <id> //All interfaces one by one except port 1 L2SWITCH(config-if)# no udld port enable L2SWITCH(config-if)# exit L2SWITCH(config)# udld enable Case 2: To configure UDLD on all ports L2SWITCH#configure terminal L2SWITCH(config)# udld enable Case 3: To disable UDLD on all ports L2SWITCH#configure terminal L2SWITCH(config)# no udld enable Case 4: To disable UDLD on a specific port;...
Page 240
5. Time field is expiry timer of the neighbor entry; It will get refreshed whenever it receives a neighbor information advertisement. 6. Status shows a. Active: If neighbor is participating in advertisement and it last refreshed time is less than message interval time. So, it is actively updating from the connected switch.
6.15.1.2 Web Configurations Parameter Description Port Settings Selects Enable or Disable to enable or disable the global UDLD State state. Message Interval Configures the message interval time. Time Port Selects a port or a range of ports to be configured. State Selects the port state for above selection.
Page 242
Port Status State Display the current UDLD port state for the specific port. Aggressive Display the current Aggressive state for the specific port. Bidirectional State Display the current detection state. Operational State Display the current operational state.
6.15.2 Neighbors 6.15.2.1 CLI Configurations Node Command Description enable show udld neighbor This command displays the port’s neighbor information. 6.15.2.2 Web Configurations Parameter Description Neighbor Information Selects Enable or Disable to enable or disable the global UDLD Select Port state. Port The local port number.
6.16 Xpress Ring The Xpress-Ring is a fast-acting, self-healing ring recovery technology that enables networks to recover from link failure within 10ms. Fast Link Recovery and Ring Redundancy are important features for increasing the reliability of non-stop systems. If the network is planned correctly with an arbiter Switch and ring ports, the network will recover from any segment failure within a very short time.
(RING1|RING2) role (forwarder/arbiter) for the ring on the Switch. (forwarder|arbiter) configure xpress-ring ring This command configures the primary port for the (RING1|RING2) primary- ring on the Switch. port PORTID Notice: If the global xpress ring is disabled or ring state is disabled, you can input 0 to reset the primary port.
Page 246
MAC(Last byte) Role Configures the role for the ring. Primary Port Configures the primary port for the ring. Secondary Port Configure the secondary port for the ring. Click Apply to take effect the settings. Apply Click Refresh to begin configuring this screen afresh. Refresh Xpress Ring Status State...
7. Security 7.1 IP Source Guard IP Source Guard is a security feature that restricts IP traffic on un-trusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.
Page 248
table dynamically. This can prevent clients from getting IP addresses from unauthorized DHCP servers. Trusted vs. Untrusted Ports Every port is either a trusted port or an un-trusted port for DHCP snooping. This setting is independent of the trusted/un-trusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or un-trusted) can receive each second.
Page 249
The DHCP server connected to an untrusted port will be filtered. Notices: There are a global state and per VLAN states. When the global state is disabled, the DHCP Snooping on the Switch is disabled even per VLAN states are enabled. ...
D. L2SWITCH(config-if)#dhcp-snooping trust E. DHCP Client-1: ipconfig /release F. DHCP Client-1: ipconfig /renew DHCP Client-1 can get an IP address. 5. If you configure a static host entry in the DHCP snooping binding table, and then you want to change the host to DHCP client, the host will not get a new IP from DHCP server, and then you must delete the static host entry first.
Page 251
Parameter Description DHCP Snooping Settings Select Enable to use DHCP snooping on the Switch. You still have to enable DHCP snooping on specific VLANs and specify trusted ports. State Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
7.1.1.2 Port Settings 7.1.1.2.1 CLI Configurations Node Command Description enable show dhcp-snooping This command displays the current DHCP snooping configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node.
7.1.1.2.2 Web Configurations Parameter Description Port Settings Port Select a port number to modify its configurations. Trust Configures the specific port if it is a trust port. Maximum Host Enter the maximum number of hosts (1-32) that are permitted to Count simultaneously connect to a port.
7.1.1.3 Server Screening The Switch supports DHCP Server Screening, a feature that denies access to rogue DHCP servers. That is, when one or more DHCP servers are present on the network and both provide DHCP services to different distinct groups of clients, the valid DHCP server’s packets will be passed to the client.
Page 255
Server Screening List This field displays the index number of the DHCP server entry. Click the number to modify the entry. IP Address This field displays the IP address of the DHCP server. Action Click Delete to remove a configured DHCP server.
7.1.2 Binding Table The DHCP Snooping binding table records the host information learned by DHCP snooping function (dynamic) or set by user (static). The ARP inspection will use this table to forward or drop the ARP packets. If the ARP packets sent by invalid host, they will be dropped. If the Lease time is expired, the entry will be removed from the table.
7.1.2.1.2 Web Configurations Parameter Description Static Entry Settings MAC Address Enter the source MAC address in the binding. IP Address Enter the IP address assigned to the MAC address in the binding. VLAN ID Enter the source VLAN ID in the binding. Port Specify the port in the binding.
manually by an administrator. Dynamic: This binding was learned by snooping DHCP packets. Action Click Delete to remove the specified entry. 7.1.2.2 Binding Table Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the dynamic bindings by snooping DHCP packets and from information provided manually in the Static Entry Settings screen.
Page 259
This field displays how the Switch learned the binding. Static: This binding was learned from information provided manually by Type an administrator. Dynamic: This binding was learned by snooping DHCP packets. Apply Click Apply to configure the settings. Refresh Click Refresh to begin configuring this screen afresh.
7.1.3 ARP Inspection Dynamic ARP inspection is a security feature which validates ARP packet in a network by performing IP to MAC address binding inspection. Those will be stored in a trusted database (the DHCP snooping database) before forwarding. Dynamic ARP intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.
configure interface IFNAME This command enters the interface configure node. interface arp-inspection trust This command configures the trust port for the specific port. interface no arp-inspection This command configures the un-trust port for the trust specific port. Example: L2SWITCH#configure terminal L2SWITCH(config)#arp-inspection enable L2SWITCH(config)#arp-inspection vlan 1 L2SWITCH(config)#interface 1/0/1...
Page 262
untrusted. The Switch does not discard ARP packets on trusted ports for any reason. The Switch discards ARP packets on un-trusted ports in the following situations: • The sender’s information in the ARP packet does not match any of the current bindings. •...
7.1.3.2 Filter Table Dynamic ARP inspections validates the packet by performing IP to MAC address binding inspection stored in a trusted database (the DHCP snooping database) before forwarding the packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
7.1.3.2.2 Web Configurations Parameter Description Filter Age Time Settings This setting has no effect on existing MAC address filters. Enter how long (1-10080 minutes) the MAC address filter remains in Filter Age Time the Switch after the Switch identifies an unauthorized ARP packet. The Switch automatically deletes the MAC address filter afterwards.
7.2 ACL Access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. L2 ACL function allows user to configure a few rules to reject packets from the specific ingress ports or all ports.
7.2.1 CLI Configurations Node Command Description enable show access-list This command displays all of the access control profiles. enable configure terminal This command changes the node to configure node. configure access-list STRING ip-type This command creates a new access control (ipv4|ipv6) profile.
Page 267
from the profile. ethertype STRING This command configures the ether type for the profile. Where the STRING is a hex- decimal value. e.g.: 08AA. no ethertype This command removes the limitation of the ether type from the profile. source mac host MACADDR This command configures the source MAC and mask for the profile.
Page 268
Example: source mac 00:01:02:03:04:05 ff:ff:ff:ff:00 The command will filter source MAC range from 00:01:02:03:00:00 to 00:01:02:03:ff:ff Where the IPMASK mask allows users to filter a range of IP in the packets’ source IP or destination IP. For example: source ip 172.20.1.1 255.255.0.0 ...
Page 269
7.2.2 Web Configurations Parameter Description Access Control List Settings IP Type Selects IPv4 / IPv6 type for the profile. Profile Name The access control profile name. Action Selects Disables/Drop/Permits/DSCP/802.1P action for the profile. Ethernet Type Configures the Ethernet type of the packets for the profile. VLAN Configures the VLAN of the packets for the profile.
Page 270
field. Destination MAC Configures the destination MAC of the packets that you want to filter. Configures the bitmap mask of the destination MAC of the packets that you want to filter. Mask of If the Destination MAC field has been configured and this field is Destination MAC empty, it means the profile will filter the one MAC configured in Destination MAC field.
7.3 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control ("port" meaning a single point of attachment to the LAN infrastructure). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.
Page 272
Local User Accounts By storing user profiles locally on the Switch, your Switch is able to authenticate users without interacting with a network authentication server. However, there is a limit on the number of users you may authenticate in this way. Guest VLAN: The Guest VLAN in IEEE 802.1x port authentication on the switch to provide limited services to clients, such as downloading the IEEE 802.1x client.
Default Settings The default global 802.1x state is disabled. The default 802.1x Authentication Method is local. The default port 802.1x state is disabled for all ports. The default port Admin Control Direction is both for all ports. The default port Re-authentication is disabled for all ports. The default port Control Mode is auto for all ports.
<IP> port PORTID radius server. configure dot1x radius secondary-server-ip This command configures the secondary <IP> port PORTID key KEY radius server. configure no dot1x radius secondary-server-ip This command removes the secondary radius server. configure dot1x username <USERNAME> This command configures the user account <PASSWORD>...
Page 275
allows you to validate an unlimited number of users from a central location. Guest VLAN Configure the guest vlan. Primary Radius When RADIUS is selected as the 802.1x authentication method, the Server Primary Radius Server will be used for all authentication attempts. Enter the IP address of an external RADIUS server in dotted decimal IP Address notation.
7.3.2 Port Settings 7.3.2.1 CLI Configurations Node Command Description enable show dot1x This command displays the current 802.1x configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node. interface dot1x admin-control-direction This command configures the control...
7.3.2.2 Web Configurations Parameter Description Port Settings Port Select a port number to configure. Select Enable to permit 802.1x authentication on the port. 802.1x State You must first enable 802.1x authentication on the Switch before configuring it on each port. Select Both to drop incoming and outgoing packets on the port Admin Control when a user has not passed 802.1x port authentication.
Page 278
Select Auto to require authentication on the port. Select Force Authorized to always force this port to be Port Control Mode authorized. Select Force Unauthorized to always force this port to be unauthorized. No packets can pass through this port. Select Disable to disable Guest VLAN on the port.
7.4 Port Security The Switch will learn the MAC address of the device directly connected to a particular port and allow traffic through. We will ask the question: “How do we control who and how many can connect to a switch port?” This is where port security can assist us. The Switch allow us to control which devices can connect to a switch port or how many of them can connect to it (such as when a hub or another switch is connected to the port).
7.4.1.2 Web Configurations Parameter Description Port Security Settings Port Security Select Enable/Disable to permit Port Security on the Switch. Port Select a port number to configure. State Select Enable/Disable to permit Port Security on the port. The maximum number of MAC addresses allowed per interface. Maximum MAC The acceptable range is 1 to 1000.
7.4.2 Sticky Mac Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link- down condition.
L2SWITCH(config-if)#port-security enable To enable the sticky on the port. L2SWITCH(config-if)#port-security mac-address sticky 7.4.2.2 Web Configurations Parameter Description Sticky MAC Settings MAC Address Configures a Sticky MAC. VLAN ID Configures a VLAN for the Sticky MAC. Port Configures a port for the Sticky MAC. Apply Click Apply to take effect the settings.
In order for the TACACS+ feature on the TRIPP LITE products to work it would need a TACACS+ server, which would typically be a daemon running on a centralized UNIX or windows NT authentication, authorization and accounting facilities for managing network access points from a single management service.
Notices: TACACS+ service must be enabled before configuring the authentication, authorization and accounting parameters, otherwise it will return error as TACACS+ service is not enabled. Not allowed to disable the Authentication login mode when both enabled login-mode and login local.
Page 285
configure tacacs-plus enable To enable the TACACS+ service. configure no tacacs-plus enable To disable the TACACS+ service. configure tacacs-plus authentication login- To enable the authentication login mode. mode enable configure no tacacs-plus authentication To disable the authentication login mode. login-mode enable configure tacacs-plus authentication login- To enable the authentication login local mode.
Page 287
Parameter Description Global Settings State Enables / Disables the TACACS+ service. Authentication Console Mode Enables / Disables the authentication in console mode. Authentication Login Mode Enables / Disables the authentication in login mode. (this (TACACS+ server) authentication is done by TACACS+ server). Enables / Disables the authentication in login mode.
8. Monitor 8.1 Alarm The feature displays if there are any abnormal situation need process immediately. Notice: The Alarm DIP switch allow users to configure if send alarm message when the corresponding event occurs. Example: P1: ON, The Switch will send alarm message when port 1 is link down. PWR: ON, The Switch will send alarm message when the main power supply disconnect.
Page 289
Refresh Click Refresh to begin configuring this screen afresh.
8.2 Hardware Information The feature displays some hardware information to monitor the system to guarantee the network correctly. A. Displays the board’s and CPU’s and MAC chip’s temperature. B. Displays the 1.0V and 2.5V and 3.3V input status. 8.2.1 CLI Configurations Node Command Description...
8.2.2 Web Configurations Parameter Description Hardware Information Temperature unit This field allows you to select unit in Celsius (C) or Fahrenheit (F). Hardware monitor This field allows to enable/disable the hardware-Monitor alarm to be alarm reported or not. Hardware Working Information The field displays the temperature information of board, CPU and Temperature PHY.
8.3 Port Statistics This feature helps users to monitor the ports’ statistics, to display the link up ports’ traffic utilization only. 8.3.1 CLI Configurations Node Command Description enable show port-statistics This command displays the link up ports’ statistics. Example: L2SWITCH#show port-statistics Packets Bytes Errors...
8.4 Port Utilization This feature helps users to monitor the ports’ traffic utilization, to display the link up ports’ traffic utilization only. 8.4.1 CLI Configuration Node Command Description enable show port-utilization This command displays the link up ports’ traffic (bps|Kbps|Mbps) utilization.
8.5 RMON Statistics This feature helps users to monitor or clear the port’s RMON statistics. 8.5.1 CLI Configuration Node Command Description enable show rmon statistics This command displays the RMON statistics. enable configure terminal This command changes the node to configure node. configure clear rmon statistics This command clears one port’s or all ports’...
8.6 Traffic Monitor The function can be enabled / disabled on a specific port or globally be enabled disabled on the Switch. The function will monitor the broadcast / multicast / broadcast and multicast packets rate. If the packet rate is over the user’s specification, the port will be blocked. And if the recovery function is enabled, the port will be enabled after recovery time.
if-range traffic-monitor This command configures the quarantine times for the quarantine times traffic monitor on the port. <1-20> 8.6.2 Web Configurations Parameter Description Traffic Monitor Settings State Globally enables / disables the traffic monitor function. Port The port range which you want to configure. State Enables / disables the traffic monitor function on these ports.
Page 297
Enables / disables the recovery function for the traffic monitor Recover State function on these ports. Configures the recovery time for the traffic monitor function on Recovery Time these ports. (Range: 1 – 60 minutes) Configures the quarantine times for the traffic monitor on these Quarantine Times ports.
9. Management 9.1 SNMP Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF).
9.1.1 SNMP 9.1.1.1 SNMP Settings 9.1.1.1.1 CLI Configurations Node Command Description enable show snmp This command displays the SNMP configurations. enable configure terminal This command changes the node to configure node. configure snmp (disable|enable) This command disables/enables the SNMP on the switch.
Parameter Description Select Enable to activate SNMP on the Switch. SNMP State Select Disable to not use SNMP on the Switch. Type a System Name for the Switch. System Name (The System Name is same as the host name) System Location Type a System Location for the Switch.
Page 301
Parameter Description Community Name Settings Enter a Community string, this will act as a password for requests from the management station. An SNMP community string is a text string that acts as a password. It Community String is used to authenticate messages that are sent between the management station (the SNMP manager) and the device (the SNMP agent).
9.1.2 SNMP Trap 9.1.2.1 Trap Receiver 9.1.2.1.1 CLI Configurations Node Command Description enable show snmp This command displays the SNMP configurations. enable configure terminal This command changes the node to configure node. configure snmp trap-receiver This command configures the trap receiver’s IPADDR (v1|v2c) configurations, including the IP address, version (v1 or COMMUNITY...
9.1.2.2 Trap Event The features allow users to enable/disables individual trap notification. alarm-over-heat - Trap when system’s temperature is too high. alarm-over-load - Trap when system is over load. alarm-power-fail - Trap when system power is over voltage/under voltage/ RPS over voltage/RPS under voltage. bpdu - Trap when port is blocked by BPDU Guard/BDPU Root Guard/BPDU port state changed.
9.1.2.3 Port Trap Event The features allow users to enable/disables port-link-change trap notification by individual port. 9.1.2.3.1 CLI Configurations Node Command Description enable show snmp port-link-change-trap This command displays the SNMP port link-change trap configurations. enable configure terminal This command changes the node to configure node.
Page 306
Parameter Description Trap Event State Settings Port Selects the range of ports. State Selects the state for the ports.. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
9.1.3 SNMPv3 9.1.3.1 Group Settings 9.1.3.1.1 CLI Configurations Node Command Description enable show snmp group This command displays all snmp v3 groups. enable configure terminal This command changes the node to configure node. snmp group GROUPNAME configure noauth (read STRINGS write Configures v3 group of non- authentication.
9.1.3.1.2 Web Configurations Parameter Description Group Name Enter the v3 user name. Security Level Select the security level of the v3 group to use. Note that if a group is defined without a read view than all objects are Read View available to read.
Page 309
Write View Notify View Click Delete to remove a v3 group. Action...
9.1.3.2 User Settings 9.1.3.2.1 CLI Configurations Node Command Description enable show snmp user This command displays all snmp v3 users. enable configure terminal This command changes the node to configure node. snmp user USERNAME configure Configures v3 user of non- authentication. GROUPNAME noauth snmp user USERNAME configure...
Page 311
Parameter Description User Name Enter the v3 user name. Group Name Map the v3 user name into a group name. Select the security level of the v3 user to use. noauth means no authentication and no encryption. Security Level auth means messages are authenticated but not encrypted. priv means messages are authenticated and encrypted.
9.1.3.3 View Settings 9.1.3.3.1 CLI Configurations Node Command Description enable show snmp view This command displays all snmp v3 view. enable configure terminal This command changes the node to configure node. snmp view VIEWNAME configure To identify the subtree. STRINGS (included|excluded) no snmp view VIEWNAME This command removes a v3 view from configure...
Page 313
View Subtree This field displays the subtree. View Type This field displays the subtree adding to the view or not. Click Delete to remove a v3 view. Action...
9.2 Auto Provision Auto provision is a service that service provider can quickly, easily and automatically configure remote device or doing firmware upgrade at remote side. 1. When the Auto Provision is enabled, the Switch will download the auto provision information file from the auto provision server first.
hours and go back to step 1. Default Settings Auto provision configuration profile: Active : Disable Version Protocol : FTP FTP user/pwd Folder Server address 9.2.1 CLI Configurations Node Command Description enable show auto-provision This command displays the current auto provision configurations.
9.3 Mail Alarm The feature sends an e-mail trap to a predefined administrator when some events occur. The events are listed below: System Reboot : The system warn start or cold start. Port Link Change : A port link up or down. ...
9.3.2 CLI Configurations Node Command Description enable show mail-alarm This command displays the Mail Alarm configurations. enable configure terminal This command changes the node to configure node. configure mail-alarm (disable|enable) This command disables / enables the Mail Alarm function. configure mail-alarm auth-account This command configures the Mail server authentication account.
9.3.3 Web Configurations Parameter Description State Enable / disable the Mail Alarm function. Selects one of below options: IP: The mail server’s IP format is IPv4. Server IPv6: The mail server’s IP format is IPv6. Domain Name: The mail server’s IP format is a domain name. Server Port Specifies the TCP port for the SMTP server.
9.4 Maintenance 9.4.1 Configuration 9.4.1.1 CLI Configurations Node Command Description enable configure terminal This command changes the node to configure node. configure write memory This command writes current operating configurations to the configuration file. configure archive download-config This command downloads a new copy of <URL PATH>...
Page 321
How to build your own default configuration file? 1. You can prepare a configuration file and then do below command, archive download-config URL_PATH user-default-config 2. You can login the system with console/Telnet/Http. And then follow below procedures: To setup all configurations what you want. ...
9.4.1.2 Web Configurations Save Configurations Press the Save button to save the current settings to the NV-RAM (flash). Upload / Download Configurations to / from Your Server Follow the steps below to save the configuration file to your PC. Select the “Press “Download” to save configurations file to your PC”. ...
Page 323
Reset the Factory Default Settings of the Switch Press the Reset button to set the settings to factory default configurations.
9.4.2 Firmware 9.4.2.1 CLI Configurations Node Command Description enable configure terminal This command changes the node to configure node. configure archive download-fw <URL This command downloads a new copy of PATH> firmware file from TFTP / FTP / HTTP server. Where <URL PATH>...
9.4.3 Reboot 9.4.3.1 CLI Configurations Node Command Description enable configure terminal This command changes the node to configure node. configure reboot This command reboots the system. 9.4.3.2 Web Configurations Reboot allows you to restart the Switch without physically turning the power off. Follow the steps below to reboot the Switch.
9.4.4 Server Control The function allows users to enable or disable the SSH or Telnet or Web service individual using the CLI or GUI. 9.4.4.1 CLI Configurations Node Command Description enable show server status This command displays the current server status. enable configure terminal This command changes the node to configure node.
9.4.4.2 Web Configurations Parameter Description Server Settings HTTP Server State Selects Enable or Disable to enable or disable the HTTP service. HTTP Server TCP Port Configures the TCP port for the HTTP service. SSH Server State Selects Enable or Disable to enable or disable the SSH service. Telnet Server State Selects Enable or Disable to enable or disable the Telnet service.
9.5 System Log The syslog function records some of system information for debugging purpose. Each log message recorded with one of these levels, Alert / Critical / Error / Warning / Notice / Information. The syslog function can be enabled or disabled. The default setting is disabled. The log message is recorded in the Switch file system.
9.5.2 Web Configurations Parameter Description Select IP type for the server’s IP. Enter the Syslog server IP address. Server IP Select Enable to activate switch sent log message to Syslog server when any new log message occurred. Facility Selects the facility level. Click Apply to take effect the settings.
9.6 USB Function The USB Function is used on a network switch for automatic execution of tasks, such as firmware upgrade, download configurations and system log. 9.6.1 CLI Configurations Node Command Description enable show usb status This command displays the current USB function configurations.
Page 331
Parameter Description Select Enable to turn on automatic upgrade firmware or Auto Upgrade Firmware select Disable to turn it off. Select Enable to turn on automatic download Auto Download Config configurations or select Disable to turn it off. Select Enable to turn on automatic download system log or Auto Download Syslog select Disable to turn it off.
9.7 User Account The Switch allows users to create up to 6 user account. The user name and the password should be the combination of the digit or the alphabet. The last admin user account cannot be deleted. Users should input a valid user account to login the CLI or web management. User Authority The Switch supports two types of the user account, admin and normal.
Example: L2SWITCH#configure terminal L2SWITCH(config)#add user q q admin L2SWITCH(config)#add user 1 1 normal 9.7.2 Web Configurations Parameter Description User Account Settings User Name Type a new username or modify an existing one. Type a new password or modify an existing one. Enter up to 32 User Password alphanumeric or digit characters.
9.8 Device Management 9.8.1 LLDP The Link Layer Discovery Protocol (LLDP) specified in this standard allows stations attached to an IEEE 802® LAN to advertise, to other stations attached to the same IEEE 802 LAN, the major capabilities provided by the system incorporating that station, the management address or addresses of the entity or entities that provide management of those capabilities, and the identification of the station’s point of attachment to the IEEE 802 LAN required by those management entity or entities.
rx-only – Receive the LLDP packet on the specific port. 9.8.1.2 Web Configurations Parameter Description LLDP Settings State Globally enables / disables the LLDP on the Switch. Tx Interval Configures the interval to transmit the LLDP packets. Configures the tx-hold time which determines the TTL of Tx Hold the Switch’s message.
Page 336
Remote Port ID The connected port ID. Chassis ID The neighbor’s chassis ID. System Name The neighbor’s system name. System Description The neighbor’s system description. System Capabilities The neighbor’s capability. Management IP The neighbor management address.
9.8.2 Manual Registration 9.8.2.1 CLI Configurations Node Command Description enable show manual-registration-device This command displays the manual registration device configurations. enable configure terminal This command changes the node to configure node. configure manual-registration-device type This command configures a device (ipcam|plc|switch|pc) mac for the Topology Map.
Page 338
Refresh Click Refresh to begin configuring this screen afresh. Manual Registration Table Action Clicks Delete to delete this device.
9.8.3 ONVIF 9.8.3.1 CLI Configurations Node Command Description enable show onvif This command displays the ONVIF configurations. enable configure terminal This command changes the node to configure node. config onvif enable This command enables the ONVIF on the Switch. config onvif tx-interval This command configures the tx interval for the <6-3600>...
Page 340
MAC Address The MAC address on the ONVIF device. VLAN ID The VLAN ID of the ONVIF device join. Product Name Name of the product added. Product Type What kind of product that is added. Model Model of the product. Location Location where it is placed.
9.9 Topology Map When you click the “Topology Map Lock”, the screen will appear as below: The green circle on the devices indicates they are working normally.
Page 342
You can view the basic details of the devices connected to the host, by placing the cursor on it. When there is something wrong with the devices, the screen will appear as below. So that you can find the details of events that have gone wrong, and correct it.
The red ‘X’ indicates that connection is lost with the host. 9.9.1 Background Configuration You can upload your company floor layout plan picture in to the background image so that you can identify easily where the switches has been placed. Picture ...
9.9.2 Client-Switch Management By right-clicking on the neighbor non-Lite management switch (L2 switch), the following menu will appear and you can configure, as shown below. Non-Lite management switch and other devices menu: Save All Device Location To fix the location of all devices on the map, so that it restores its places after refresh. ...
Page 345
configure node. Interface show cable-test result This command displays the cable test result. Interface cable-test start This command starts to test the cable.
Page 346
WARRANTY & PRODUCT REGISTRATION 3-Year Limited Warranty TRIPP LITE warrants its products to be free from defects in materials and workmanship for a period of three (3) years from the date of initial purchase. TRIPP LITE’s obligation under this warranty is limited to repairing or replacing (at its sole option) any such defective products. To obtain service under this warranty, you must obtain a Returned Material Authorization (RMA) number from TRIPP LITE or an authorized TRIPP LITE service center.
Page 347
The user must use shielded cables and connectors with this equipment. Any changes or modifications to this equipment not expressly approved by Tripp Lite could void the user’s authority to operate this equipment.