10-port fast ethernet switch with 8-port poe (11 pages)
Summary of Contents for Dahua DH-PFS4218-16GT2GF-240
Page 1
Managed Gigabit PoE Switch Web Config Manual V1.0.1...
Page 2
Foreword General This Web Configuration Manual (hereinafter referred to as "the manual") introduces operations on web interface of Managed Gigabit PoE Switch (hereinafter referred to as "the Switch"). You can visit the switch on web browser, configure and manage the switch. Safety Instructions The following categorized signal words with defined meaning might appear in the manual.
Page 3
About the Manual The manual is for reference only. If there is inconsistency between the manual and the actual product, the actual product shall prevail. We are not liable for any loss caused by the operations that do not comply with the manual.
Important Safeguards and Warnings The manual helps you to use our product properly. To avoid danger and property damage, read the manual carefully before using the product, and we highly recommend you to keep it well for future reference. Operating Requirements ...
Login Before login, make sure: You already configure the IP address of the switch. The IP address of VLAN 1 is 192.168.1.110 by default. The PC with web browser is connected to the network, and the PC can ping the switch successfully.
Quick Settings You can view the system information, and set the device parameters, VLAN, link aggregation, IP address and route. Take 4-port PoE switch for example. The quick setting interface is different depending on the models of switch. The actual interface shall prevail. System Information You can view the name, type, serial number, software version, IP address, port status and port information of the device.
Parameter Description Flow Control Displays the flow control state. Online: It displays the port rate and the duplex mode. Speed/Duplex Offline: It displays Down. VLAN VLAN port. It is VLAN 1 by default. Displays the power consumption of POE. Only 1–4 ports are PoE ports. The current receiving speed is divided by the average speed in a Receive Usage certain period (5 minutes usually).
Figure 2-3 VLAN Step 2 Configure the port VLAN parameters. See Table 2-2. Table 2-2 Port VLAN configuration parameter Parameter Description Port Displays all ports of the switch. Three modes: Access, Hybrid, and Trunk. Access: When the port connects to terminal devices (such as PC and Mode IPC), select Access.
Figure 2-4 Aggregation 2.4.1 Static Aggregation Configuration Static aggregation is a method of combining or bundling of multiple switch ports or NICs to form a single etherchannel. For example, add port 1 and port 2 to Static Group 1. Step 1 Select Model as Static in group 1, which indicates that the group is static aggregation.
2.4.2 Dynamic Aggregation Configuration Dynamic aggregation differs from static aggregation in that port quantity is fixed in static aggregation, but quantity of actually aggregated port is adjusted dynamically according to flow rate strategy. Step 1 Add the ports to the dynamic group. Select LACP (Active) in the Mode area, and add the ports to the aggregation group.
Page 13
Figure 2-7 IP and route Step 2 Add the VLAN interface. Click Add in the IP Config area. A new record is added. See Figure 2-8. Figure 2-8 VLAN interface For the parameters, see Table 2-3. Table 2-3 VLAN interface Parameter Description VLAN...
Page 14
A new record is added. See Figure 2-9. Figure 2-9 IP route For the parameters, see Table 2-4. Table 2-4 IP routes Parameter Description Network It is the destination of the IP packet. Mask length, with the destination address, is to identify the IP address of the destination host or the route.
Advanced Settings You can configure system, port, VLAN, aggregation, MAC table and other parameters on the advanced settings interface. The advanced settings interface is different depending on the models of switch, and the actual interface shall prevail. Take 4-port PoE switch for example. Common Configuration 3.1.1 System Configuration 3.1.1.1 System Information...
Page 16
Figure 3-1 System information Step 2 Enter the device name, IP address and mask length and DHCP enable. Step 3 Click Save. 3.1.1.2 IP and Route The hosts of different VLANs cannot communicate. Route or the layer 3 switch is needed for forwarding.
Page 17
entity on the device. Every VLAN is related to a VLAN interface, and the VLAN interface can forward packet for the VLAN. Generally, because the VLAN can isolate the broadcasting domain, every VLAN corresponds to a network segment. VLAN interface is the gateway of the network segment, and it supports layer 3 forwarding for the message based on IP address.
Page 18
Figure 3-3 Add IP For the parameters, see Table 3-1. Table 3-1 VLAN interface Parameter Description VLAN Enter VLAN number. IP address Set the IP address of the VLAN interface. Mask Length Set the mask length of the IP address. Click OK.
Page 19
Step 4 Click Save. 3.1.1.3 System time Set the system time of switch. Select Advanced > Common > System Config > Current Time. The Current Time interface is displayed. See Figure 3-5. Figure 3-5 Current time (1) You can set the system time through the following three methods: Set the time manually ...
Page 20
Figure 3-6 Current time (2) Step 3 Click Save. The switch time automatically synchronizes with the time of server 1. 3.1.1.4 Log You can view logs, export logs and clear logs. Select Advanced > Common > System Config > Log. The Log interface is displayed. See Figure 3-7.
Figure 3-7 View logs. Set the start time, end time and log level, and then click Search to view the details of the logs. Log Level includes Error, Warning, Notice and Information. Click Export to export all logs. Click Clear to clear all logs.
Page 22
Figure 3-8 Port configuration Step 2 For the parameters, see Table 3-3. Table 3-3 Port parameter Parameter Description Port Displays all ports of the switch. Green Up indicates the port is connected successfully, and Red Link Down indicates the port is not connected or the connection fails. Down means disconnection, and the specific speed means Speed Duplex Status successful connection.
Parameter Description Add the port to a VLAN. By default, the port belongs to VLAN1. The Port VLAN range is 1–4094. Displays whether data can flow into the port. Only Hybrid supports the configuration (By default, all date flows into the port under other models).
Page 25
Step 2 Select the aggregation load balancing algorithm mode in Aggregation Configuration. There are four types: Source MAC Address: The aggregation load balancing algorithm based on MAC address. Destination MAC Address: The aggregation load balancing algorithm based on destination MAC address.
Figure 3-12 LACP (1) Step 2 Select LACP (Passive) in the Mode area, and add the port member to the dynamic aggregation group. For example, add port 3 and port 4 to aggregation Group 2. See Figure 3-13. Step 3 Select LACP (Passive) in the Mode area, and add the port member to the dynamic aggregation group.
Page 27
address of the packet is not contained in the MAC address table, the device adopts broadcasting to forward the packet to all the ports except the receiving port in VLAN. 3.1.5.1 Adding Static MAC Table Step 1 Select Advanced > Common > MAC Table > MAC Address Table. The MAC Address Table interface is displayed.
Page 28
Figure 3-15 Adding static MAC table Click OK. 3.1.5.2 Port MAC Filtering After enabling port MAC filtering, the following two MAC devices can communicate with the port. Devices in MAC whitelist The static MAC devices changing from the dynamic MAC devices ...
Page 29
Figure 3-16 Port MAC filtering Step 2 Select the port, such as port 5. Step 3 Click behind Port <5> Enable to enable the port. See Figure 3-17. Advanced Settings 23...
Page 30
Figure 3-17 Enable port MAC filtering Change dynamic MAC device to static. Select one record, and click Reserved. Click Save. The type changes from Dynamic to Static. Static MAC devices can communicate with the port normally. Add MAC whitelist. ...
Set MAC address and VLAN. Click OK. The devices in MAC whitelist can communicate with port normally. 3.1.6 Spanning Tree The spanning tree protocol is the protocol of layer 2. It can eliminate the ring cycle of layer 2 by choosing to block the redundant links in the network, and it can back up the links.
Page 33
Figure 3-22 MSTP Step 4 Select 3 ports at least to combine an STP/RSTP/MSTP snoop. For example: Port 1, port 2 and port 3 combine an STP snoop. See Figure 3-23. Figure 3-23 STP snoop Step 5 Click Save. The states of port 1, port 2 and port 3 will change. Advanced Settings 27...
3.1.7 Long Distance PoE After you enable long distance PoE, the maximum transmission distance will change from 100 m to 250 m, and the transmission speed will be reduced from 1 Gbps to 10 Mbps. Select Advanced > System Config > Long Distance PoE, and then select the check box of the corresponding port to enable long distance PoE.
Page 35
The layer 2 device added into ERPS are called node. Add no more than 2 ports into an ERPS for each node. Step 1 Select Advanced > Seldom-used > ERPS > MEP Setting. The MEP Setting interface is displayed. See Figure 3-25. Figure 3-25 MEP configuration Step 2...
Page 36
Figure 3-27 ERPS configuration Step 2 Click Add. The Add ERPS interface is displayed. See Figure 3-28. Figure 3-28 Add ERPS Step 3 For the parameters, see Table 3-6. Table 3-6 ERPS parameters Parameter Description ERPS ID The ID number of ERPS. Port 0 The two ports added into the ERPS.
Page 37
Step 4 Click OK. 3.2.1.3 Example: ERPS Single Ring Configuration Networking Requirement Three switches, port 1 and port 2 are requested to combine an ERPS. See Figure 3-29. The corresponding relationship: Switch 1: MEP 1 and MEP 2; Switch 2: MEP3 and MEP 4; Switch 3: MEP 5 and MEP 6.
Page 38
Click Save. Figure 3-30 Add port 1 and port 2 into VLAN 1 Step 2 Create MEP1 and MEP 2 Select Advanced > Seldom-used > ERPS > MEP Setting. The MEP Setting interface is displayed. Click Add. The Add interface is displayed. Set Instance to be 1.
Page 39
Figure 3-31 Add MEP Add MEP2 in the same way. Set Instance to be 2, Residence port to be 2, Level to be 0 and Tagged VID to be 3. Step 3 Click 1 and 2 separately under Instance to enter the configuration interface. Modify MEP ID and add peer ID.
Page 40
Figure 3-33 Configure the peer ID of MEP 2 Step 4 Click OK. Step 5 Create ERPS. Select Advanced > Seldom-used > ERPS > ERPS Setting. The ERPS Setting interface is displayed. Click Add. The Add New ERPS interface is displayed. Set ERPS ID to be 1.
Page 41
Figure 3-34 Add ERPS Step 6 Click 1 under ERPSID to enter the configuration interface. For ERPS configuration, see Figure 3-35. Figure 3-35 ERPS configuration Click VLANconfig. Advanced Settings 35...
The ERPS VLAN Configuration interface is displayed. Click Add. Set ERPS VLAN to be 2. See Figure 3-36. Click OK. Figure 3-36 ERPS VLAN configuration Set port 2 of switch 1 to be RPL owner in RPL Configuration. See Figure 3-37. Figure 3-37 Owner port configuration Step 7...
Page 43
When the device port receives the packet, it can analyze the packet field according to the ACL rule of the current port. And after the specific packet is identified, the packet is allowed or forbidden to pass according the preset rule. 3.2.2.1 ACL Configuration Step 1 Select Advanced >...
Page 44
Figure 3-40 Step 3 Set the ACL ID, and the range is 1–128. Step 4 Click OK. 3.2.2.2 ACL Group Configuration Step 1 Select Advanced > Seldom-used > ACL > ACL Group Setting. The ACL Group Setting interface is displayed. See Figure 3-41. Figure 3-41 ACL group configuration Step 2...
3.2.3 Loop Protection Detect the loop among the ports. After the device has detected the loop, it will break the loop. Step 1 Select Advanced > Seldom-used > Loop Protection. The Loop Protection interface is displayed. See Figure 3-42. Figure 3-42 Loop protection Step 2 Click...
Page 46
Figure 3-44 Add user Step 2 Enter the user name, password, and confirm password. The password must consist of 8 to 32 non-blank characters and contain at least two types of characters among upper case, lower case, number, and special character (excluding ' " ; : &). For example, add the new user test 01.
Page 47
Figure 3-46 Modify user Click to delete the user. You cannot delete the admin user. You can enable or disable SSH function. Click corresponding to SSH on the upper right corner of the User Management interface. HTTPS HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) is the HTTP channel for security target.
Page 48
Figure 3-47 NAS configuration Step 2 Select Enabled in the Mode area to enable mirroring function. Step 3 Select the Reauthentication Enabled box to enable reauthentication. Step 4 Set Admin State: Force Authorized, Force Unauthorized, Port based 802.1X or MAC-based Auth. Step 5 Click Save.
Page 49
RADIUS is an information interaction protocol of distributed and C/S construction. It can protect the network from unauthorized visits. It is used in the network that allows remote visits but requests the higher security. It defines the RADIUS packet format and the message transmission mechanism.
Figure 3-49 Add new server Step 3 Set the server address, auth port, acct port, restransmit and key. Step 4 Click OK. 3.2.5 IGMP Snooping IGMP Snooping (Internet Group Management Protocol Snooping) is the multicast constraint mechanism running on the device of layer 2, for managing and controlling the multicast. Through analyzing the received IGMP packet, the device of layer 2, which runs IGMP Snooping, creates the mapping between the port and the MAC multicast address, and forwards the multicast data according to the mapping.
Page 51
Figure 3-50 IGMP snooping Step 2 Select Enable in the IGMP Snooping area to enable the function. Step 3 Select Disable or Enable in the Discarding Unknown IGMP Packets area. Step 4 Click Add. The Add VLAN interface is displayed. See Figure 3-51. Figure 3-51 Add VLAN Step 5...
3.2.6 QoS QoS (Quality of Service) is used to evaluate the capability that server meets customer’s service demands. In Internet, what QoS evaluates is the service capability of network forwarding and packet. QoS can evaluate from the different aspects according to the various services provided by the network.
Page 53
Figure 3-53 Port classification Step 2 Set CoS. For example: Set port 1 to be 1, and port 2 to be 2. See Figure 3-54. Port 1 and port 2 are ingress ports, and port 3 is egress port. The CoS value of port 2 is large than that of port 1, so the data of port 2 will pass port 3 first.
Page 54
Figure 3-54 Set CoS Step 3 Click Save. 3.2.6.2 Port Schedulers The two modes of port schedulers: Strict Priority. When congestion occurs, the priority for packet passing egress port of switch depends on the CoS value in Port Classification. ...
Page 55
Figure 3-55 Port schedulers Step 2 Click the port, such as port 1. The QoS Egress Port Schedulers and Shapers Port 1 interface is displayed. See Figure 3-56. The CoS of Q0 is 0, and so on. Advanced Settings 49...
Page 56
Figure 3-56 Port configuration Step 3 Select mode. Strict Priority. The priority for packet passing egress port of switch depends on the CoS value in Port Classification. 2–8 Queues Weighted. When congestion occurs, the priority for packet passing egress port of switch depends on the proportion of total rate.
Page 57
Figure 3-57 Port schedulers Step 4 Click OK. 3.2.6.3 Port Shapers The configuration is the same for port schedulers and port shapers. The only difference is that the port schedulers interface shows the weight value and the port shapers interface shows the speed rate.
Page 58
Figure 3-58 Port shapers 3.2.6.4 DSCP-Based Make sure that you have enabled DSCP before configuring DSCP function. Step 1 Select Advanced > Seldom-used > QoS > Port Classification. The Port Classification interface is displayed. Step 2 Enable DSCP at DSCP port. Suppose port 3 is the egress port, see Figure 3-59. Advanced Settings 52...
Page 59
Figure 3-59 Port classification Step 3 Click Save. Step 4 Select Advanced > Seldom-used > QoS > DSCP-Based. The DSCP-Based interface is displayed. Step 5 When setting DSCP to be 4 and 8, the CoS is 2 and DPL are 2 and 1. When DSCP are 4 and 8, select Trust to enable the function.
Page 60
Figure 3-60 DSCP-Based Step 6 Click Save. 3.2.6.5 Storm Policer Inhibit the three packets, including unicast, multicast and broadcast. Step 1 Select Advanced > Seldom-used > QoS > Storm Policer. The Storm Policer interface is displayed. See Figure 3-61. Advanced Settings 54...
Page 61
Figure 3-61 Storm policer Step 2 The port can receive the rate up to 1024 fps. See Figure 3-62. In Unicast, select the Enable box, and enter 1024 in Rate. It means that the port can receive the rate up to 1024 fps of unicast packet. ...
3.2.7 SNMP SNMP (Simple Network Management Protocol) is the standard protocol for network management in Internet, and it is widely applied for management device to access and manage the managed devices. SNMP has the following features: It supports intelligent management for network device. By using the network management ...
Page 63
Figure 3-63 SNMP Step 2 Click in SNMP to enable SNMP. Every SNMP v3 agent has an engine ID as its unique identifier. 3.2.7.2 Configuring SNMP v1/v2 Example: Configure SNMP v1. The configuration of SNMP v2 is the same as that of SNMP v1. Step 1 Select SNMP v1 in SNMP Version.
Page 64
Figure 3-64 SNMP v3 Step 2 Set the trap address, trap port and trap name. Step 3 Set the read-only username, authentication type, authentication password, encryption type and encryption password. Advanced Settings 58...
Step 4 Set the read&write username, authentication type, authentication password, encryption type and encryption password. Step 5 Click Save. 3.2.8 DHCP Server DHCP Server is the server for managing DHCP standard in the specific network. DHCP Server is to allocate IP address for the workstation and make sure that the IP address for every workstation is different.
Page 66
Step 2 Click in Global Mode, to enable DHCP Server function. Step 3 Configure DHCP mode. Add VLAN interface first. See "3.1.1.2 IP and Route." Click Add in VLAN Mode. The Add VLAN Mode interface is displayed. See Figure 3-66. Figure 3-66 Add VLAN mode Enter the VLAN range, such as 2-4.
Figure 3-68 Add pool For the parameters, see Table 3-7. Table 3-7 Pool parameters Parameter Description Pool Name DHCP address pool name, such as vlan2_test. Two types: Network and Host. Type Network: The network segment of an IP. Host: A specific IP The IP address of the host or the network.
Page 68
Figure 3-69 LLDP Step 2 Set LLDP mode. Select Enable: Both send and receive LLDP packet. Select Disable: Neither send nor receive LLDP packet. Select Rx only: Only receive LLDP packet. Select Tx only: Only send LLDP packet. Step 3 Click Save.
Figure 3-70 LLDP neighbor 3.2.10 485 Config Transmit the data of asynchronous serial port RS–232/485 transparently through Ethernet. Select Advanced > Seldom-used > 485 Config. The 485 Config interface is displayed. See Figure 3-71. Advanced Settings 63...
Figure 3-71 485 config 3.2.11 PoE PoE (Power over Ethernet) is the function that through Ethernet RJ-45 port, the device can provide power for the external PD (Powered Device) remotely with twisted pair. PoE function helps to centralize power supply and facilitate backup. The network terminal does not need the external power source anymore, and one network cable is enough, It conforms to the standards of IEEE 802.3af, IEEE 802.3at, and IEEE 802.3bt, adopting the power port globally agreed.
Page 71
3.2.11.1 PoE Parameters Configure reserved power, warning power, and enable or disable PoE. Step 1 Select Advanced > Seldom-used > PoE > PoE Settings. The PoE Settings interface is displayed. Figure 3-72 PoE settings Step 2 In PoE Settings, you can view the total power of the 4 ports, and configure available power and overload power.
Page 72
Figure 3-73 Green PoE Step 2 Set PoE Off Time and PoE On Time. Step 3 Select the Enable box and click Save. 3.2.11.3 Legacy Support Enable Legacy Support in case of non-standard powered device. Non-standard powered device means that the device supports 48V PoE power supply, but does not conform to IEEE 802.3af/at.
Page 73
Figure 3-74 Legacy support Step 2 Select the Enable box for the corresponding port. Step 3 Click Save. 3.2.11.4 PoE Watchdog With PoE watchdog enabled, you can monitor PD devices and keep it online, and check the status of PD devices every 60 s. If there is no data transmission, the PoE port will be automatically powered off and restarted.
Maintenance Take 4-port PoE switch for example. The maintenance interface is different depending on the models of switch. The actual interface shall prevail. System Reboot Step 1 Select Maintain > Common > System Reboot. The System Reboot interface is displayed. See Figure 4-1. Figure 4-1 System reboot Step 2...
Mirroring Port mirroring is also called port monitoring. Port monitoring is the data package acquiring technology that through configuring switch, data package from one or several ports (mirroring source ports) can be copied to a specific port (mirroring destination port). The mirroring destination port connects to a PC where data package analyzing software is installed, and it can analyze the received data package for network monitoring and troubleshooting.
Step 3 In Port Configuration, select Source or Destination according to the actual situation. Select the following four ways for source port. Both: Enable the port as the source address of mirror. Disable: Disable the port as the source address of mirror. ...
Network management function is enabled by default. Here are the default username and password. Username: admin Password: lt_91_il_02_nmp Figure 4-8 iLinksView 4.7.2 Exporting Network Management Config File You can export network management configuration file. Step 1 Select Maintain > Common > iLinksView > Export. Figure 4-9 Export configuration file Step 2...
Page 80
Appendix 1 Cybersecurity Recommendations Cybersecurity is more than just a buzzword: it’s something that pertains to every device that is connected to the internet. IP video surveillance is not immune to cyber risks, but taking basic steps toward protecting and strengthening networks and networked appliances will make them less susceptible to attacks.
Page 81
We suggest you to change default HTTP and other service ports into any set of numbers between 1024–65535, reducing the risk of outsiders being able to guess which ports you are using. Enable HTTPS We suggest you to enable HTTPS, so that you visit Web service through a secure communication channel.
Page 82
suggested to use VLAN, network GAP and other technologies to partition the network, so as to achieve the network isolation effect. Establish the 802.1x access authentication system to reduce the risk of unauthorized access to private networks. Cybersecurity Recommendations 76...