CTS HES-5106SFP+ User Manual
  1. Manuals
  2. Brands
  3. CTS Manuals
  4. Switch
  5. HES-5106SFP+
  6. User manual

CTS HES-5106SFP+ User Manual

4-port 10/100/1000base-t + 1-port nbase-t 1g/2.5g/5g/10g + 1-port 1g/10gbase-r sfp+ l2 managed fiber cpe switch
Hide thumbs Also See for HES-5106SFP+:
Table of Contents

Advertisement

Quick Links

Download this manual
HES-5106SFP+
4-port 10/100/1000Base-T +
1-port NBase-T (1G/2.5G/5G/10G) +
1-port 1G/10GBase-R SFP+
L2 Managed Fiber CPE Switch
Network Management
User's Manual
Version 1.1
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the HES-5106SFP+ and is the answer not in the manual?

Questions and answers

Related Manuals for CTS HES-5106SFP+

Summary of Contents for CTS HES-5106SFP+

  • Page 1 HES-5106SFP+ 4-port 10/100/1000Base-T + 1-port NBase-T (1G/2.5G/5G/10G) + 1-port 1G/10GBase-R SFP+ L2 Managed Fiber CPE Switch Network Management User’s Manual Version 1.1...
  • Page 2 Revision History Version Date Description 1.00.00 2020/05/22 First release 1.00.00 2020/06/24 Modify the pictures of HES-5106SFP+...
  • Page 3 Trademarks CTS is a registered trademark of Connection Technology Systems Inc.. Contents are subject to revision without prior notice. All other trademarks remain the property of their owners. Copyright Statement Copyright  Connection Technology Systems Inc.. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc..
  • Page 4 CTS Contact Information Headquarters/Manufacturer: ▓ Connection Technology Systems Inc. 18F-6, No.79, Sec.1, Xintai 5th Rd., Xizhi Dist., New Taipei City 221, Taiwan(R.O.C.) Tel: +886-2-2698-9661 Fax: +886-2-2698-3960 Sales Direct Line:+886-2-2698-9201 www.ctsystem.com Global Offices: ▓ Connection Technology USA Connection Technology Systems Japan 40538 La Purissima Way, Higobashi Bldg.

  • Page 5: Table Of Contents

    Table of Content Chapter 1. INTRODUCTION ....................10 1.1 Management Options ....................10 1.2 Management Software ....................11 1.3 Management Preparations ..................12 Chapter 2. Command Line Interface (CLI)................ 14 2.1 Remote Management – Telnet/SSH ................14 2.2 Navigating CLI ......................15 2.2.1 General Commands .....................
  • Page 6 2.5.11 MAC Command ....................53 2.5.12 Management Command ..................55 2.5.13 Mirror Command ....................57 2.5.14 NTP Command ....................58 2.5.15 QoS Command ....................60 2.5.16 Security Command .................... 69 2.5.17 SNMP-Server Command ................... 73 2.5.18 Switch Command ....................79 2.5.19 Switch-info Command ..................
  • Page 7 4.3 VLAN Setup ......................132 4.3.1 Port Based VLAN ....................132 4.3.2 802.1Q VLAN ..................... 134 4.3.3 Introduction to Q-in-Q (DOT1Q-Tunnel) ............. 137 4.3.4 IEEE 802.1q Tag VLAN ..................138 4.3.4.1 Trunk VLAN Setup ..................139 4.3.4.2 VLAN Interface .................... 140 4.3.4.3 IEEE 802.1q VLAN Table ................
  • Page 8 4.8.4 Static IPv4/IPv6 Table Setup ................182 4.8.4.1 Configure DHCP Snooping ................. 183 4.8.5 Storm Control ..................... 185 4.8.6 Port Linkup Delay....................187 4.8.6.1 Configure Port Linkup Delay by Following Delay Time ........ 187 4.8.7 Port Link Flap ..................... 188 4.8.8 Loop Detection Configuration ................
  • Page 9 APPENDIX A: Free RADIUS readme ................231 APPENDIX B: Set Up DHCP Auto-Provisioning ............. 232 APPENDIX C: VLAN Application Note ................241...

  • Page 10: Chapter 1. Introduction

    1. INTRODUCTION Thank you for using the 5 RJ-45 ports (4 10/100/1000Base-T & 1 NBase-T (1G/2.5G/5G/10G)) plus 1 1G/10GBase-R SFP+ uplink port Managed Ethernet CPE Switch that is specifically designed for FTTx applications. The Managed Switch provides a built-in management module that enables users to configure and monitor the operational status remotely.

  • Page 11: Management Software

    1.2 Management Software The following is a list of management software options provided by this Managed Switch:  Managed Switch CLI interface  SNMP-based Management Software  Web Browser Application Command Line Interface Program The Managed Switch has a built-in Command Line Interface called the CLI which you can use to: ...

  • Page 12: Management Preparations

    1.3 Management Preparations After you have decided how to manage your Managed Switch, you are required to connect cables properly, determine the Managed switch IP address and, in some cases, install MIB shipped with your Managed Switch. Connecting the Managed Switch It is very important that the proper cables with the correct pin arrangement are used when connecting the Managed switch to other switches, hubs, workstations, etc..
  • Page 13 IP Addresses IP addresses have the format n.n.n.n, (The default factory setting is 192.168.0.1). IP addresses are made up of two parts:  The first part (for example 192.168.n.n) refers to network address that identifies the network where the device resides. Network addresses are assigned by three allocation organizations. Depending on your location, each allocation organization assigns a globally unique network number to each network which intends to connect to the Internet.

  • Page 14: Chapter 2. Command Line Interface (Cli)

    2. Command Line Interface (CLI) This chapter introduces you how to use Command Line Interface CLI, specifically in:  Telnet  Configuring the system  Resetting the system 2.1 Remote Management – Telnet/SSH You can use Command Line Interface to manage the Managed Switch via Telnet/SSH session. For first-time users, you must first assign a unique IP address to the Managed Switch before you can manage it remotely.

  • Page 15: Navigating Cli

    2.2 Navigating CLI When you successfully access the Managed Switch, you will be asked for a login username. Enter your authorized username and password, and then you will be directed to User mode. In CLI management, the User mode only provides users with basic functions to operate the Managed Switch.

  • Page 16: Quick Keys

    2.2.2 Quick Keys In CLI, there are several quick keys that you can use to perform several functions. The following table summarizes the most frequently used quick keys in CLI. Keys Purpose Enter an unfinished command and press “Tab” key to complete the command.

  • Page 17: Login Username & Password

    Syntax Brief Description Reference parameter. [-s size] [-r repeat] [-t timeout] These three parameters are used in ping command and are optional, which means that you can ignore these three parameters if they are unnecessary when executing ping command. [A.B.C.D ] Brackets represent that this is a required field.
  • Page 18 Privileged Mode Password Privileged mode is password-protected. When you try to enter Privileged mode, a password prompt will appear to request the user to provide the legitimate passwords. Privileged mode password is the same as the one entered after login password prompt. By default, no password is required. Therefore, press Enter key in password prompt.

  • Page 19: User Mode

    2.3 User Mode In User mode, only a limited set of commands are provided. Please note that in User mode, you have no authority to configure advanced settings. You need to enter Privileged mode and Configuration mode to set up advanced functions of the Switch. For a list of commands available in User mode, enter the question mark (?) or “help”...
  • Page 20 [-m 1-255] Specify the number of hops between the local host and the remote host. The allowable number of hops is from 1 to 255. (optional) [-p 1-5] Enter the counts of PROBE packets that would be transmitted. The allowable value is from 1 to 5. (optional) [-w 1-5] Specify the response time from the remote host.

  • Page 21: Privileged Mode

    2.4 Privileged Mode The only place where you can enter the Privileged mode is in User mode. When you successfully enter the Privileged mode (this mode is password protected), the prompt will be changed to Switch# (the model name of your device together with a pound sign). Enter the question mark (?) or help command to view a list of commands available for use.

  • Page 22: Firmware Command

    2. Backup a configuration file to FTP or TFTP server. Command Parameter Description Switch# copy-cfg to [A.B.C.D | Enter the IPv4/IPv6 address of your FTP server. ftp [A.B.C.D | A:B:C:D:E:F:G:H] A:B:C:D:E:F:G:H] [file name] Enter the configuration file name that you want to [file name] [running backup.

  • Page 23: Ip Command

    [A.B.C.D | [file_name] Enter the firmware file name that you want to A:B:C:D:E:F:G:H] upgrade. [file_name] [Image- [Image-1| Image- Choose image-1 or image-2 for the firmware to 1| Image-2] be upgraded to. Example Switch# firmware upgrade ftp 192.168.1.198 HS_0600_file.bin Image-1 edgeswitch10 abcxyz Switch# firmware upgrade tftp 192.168.1.198 HS_0600_file.bin Image-2 2.4.3 IP Command...

  • Page 24: Reload Command

    2.4.5 Reload Command 1. To restart the Managed Switch. Command / Example Switch# reload 2. To specify the image for the next restart before restarting. Command / Example Switch# reload Image-2 Switch# reload 2.4.6 Traceroute Command Traceroute is used to trace the path between the local host and the remote host. Enter the traceroute command in Privileged mode.

  • Page 25: Configure Command

    2.4.8 Configure Command The only place where you can enter the Global Configuration mode is in Privileged mode. You can type in “configure” or “config” for short to enter the Global Configuration mode. The display prompt will change from “Switch#” to “Switch(config)#” once you successfully enter the Global Configuration mode.
  • Page 26 M/B Version: Display the main board version. Serial Number: Display the serial number of this Managed Switch. Date Code: Display the date code of the Managed Switch firmware. Up Time: Display the up time since last restarting. Local Time: Display the local time of the system. CPU Temperature: Display the current CPU temperature of this device.

  • Page 27: Configuration Mode

    2.5 Configuration Mode When you enter “configure” or “config” and press “Enter” in Privileged mode, you will be directed to the Global Configuration mode where you can set up advanced switching functions, such as QoS, VLAN and storm control security globally. All commands entered will apply to running-configuration and the device’s operation.

  • Page 28: No Command

    Switch(config)# interface 1-3 Enter three continuous interfaces. Use a Switch(config-if-1-3)# hyphen to signify a range of interface numbers. In this example, interface 1, 2, and 3 will apply commands entered. Switch(config)# interface 1,3-5 Enter a single interface number together with Switch(config-if-1,3-5)# a range of interface numbers.
  • Page 29 Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device. M/B Version: Display the main board version. Serial Number: Display the serial number of this Managed Switch.

  • Page 30: Acl Command

    2.5.4 ACL Command ACL Command Parameter Description Switch(config)# acl ipv4 [1- [1-64] The total number of IPv4 ACL rule can be created is 64. Use this command to enter ACL configuration mode for each ACL rule. When you enter each ACL rule, you can further configure detailed settings for this rule.
  • Page 31 Switch(config-acl-ipv4(6)- [any | 0xWXYZ] Specify Ethertype (Range: 0x0000 RULE)# ethertype [any | ~FFFF) or “ANY”. 0xWXYZ] Switch(config-acl-ipv4(6)- [any | port-list] Specify ingress port(s) or “ANY”. RULE)# ingress-port [any | port-list] Switch(config-acl-ipv4(6)- [name] Specify the name to the specified ACL RULE)# name [name] rule.
  • Page 32 Switch(config-acl-ipv4(6)- Reset action back to the default RULE)# no action (permit). Switch(config-acl-ipv4(6)- Reset copy(mirror)-to/redirect-to port RULE)# no action-port back to the default (Port 1). Switch(config-acl-ipv4(6)- Disable the specified ACL rule. RULE)# no apply Switch(config-acl-ipv4- Reset destination IPv4 address back to RULE)# no destination- the default (ANY).
  • Page 33 Switch# show acl ipv6 [index | sequence] Display all valid IPv6 ACL rules sorted [index | sequence] by specific option. Switch(config)# show acl Display all valid IPv4 ACL rules. ipv4 Switch(config)# show acl Display all valid IPv6 ACL rules. ipv6 Switch(config)# show acl [1-64] Display the specified IPv4 ACL rule...

  • Page 34: Archive Command

    2.5.5 Archive Command Archive Command Parameter Description Switch(config)# archive Enable the auto-backup configuration auto-backup files function. Switch(config)# archive [A.B.C.D | Specify the IPv4/IPv6 address of the auto-backup path ftp A:B:C:D:E:F:G:H] FTP server. [A.B.C.D | [file_directory] Specify the file directory of the FTP A:B:C:D:E:F:G:H] server to save the start-up [file_directory] [user_name]...

  • Page 35: Ip Command

    2.5.6 IP Command 1. Set up an IP address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCP server. IP Command Parameter Description Switch(config)# ip enable Enable IPv4 address processing. Switch(config)# ip [A.B.C.D] Enter the desired IP address for your Managed address [A.B.C.D]...
  • Page 36 auto-recycle when one of these specific link-up ports is switched from link-down into link-up status, DHCP release packets and Discover packets will be sent to DHCP server automatically. And it will ask for IP address from DHCP server again. No command Switch(config-if-PORT- Disable IPv4 DHCP Auto Recycle PORT)# no ip address dhcp...
  • Page 37 Switch(config)# no ip dhcp Disable DHCPv4 Option 82 / DHCPv6 snooping option Option 37 relay agent. Switch(config)# no ip dhcp Globally disable DHCPv4 Option 82 / snooping remote DHCPv6 Option 37 Manual Remote Id. Switch(config)# no ip dhcp Disable the Formatted DHCPv4 Option snooping remote formatted 82 / DHCPv6 Option 37 Remote Id.
  • Page 38 Switch(config-if-PORT-PORT)# [circuit_id] Specify the VLAN and port identifier using ip dhcp snooping circuit id a VLAN ID in the range of 1 to 4094 as [circuit_id] DHCPv4 Option 82 / DHCPv6 Option 37 Circuit ID. Besides, you can configure the circuit ID to be a string of up to 63 characters.
  • Page 39 6. Enable or disable IGMP/MLD snooping globally. IGMP, Internet Group Management Protocol, is a communication protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It can be used for online streaming video and gaming, and allows more efficient use of resources when supporting these uses.
  • Page 40 Switch(config)# ip igmp [1-6000] Specify the query time interval of snooping query-interval [1-6000] IGMP/MLD querier. This is used to set up the time interval between transmitting IGMP/MLD queries. (Range:1-6000 seconds) Switch(config)# ip igmp [1-4094] Specify a VLAN ID. This enables snooping vlan [1-4094] IGMP/MLD Snooping for the specified VLAN.
  • Page 41 no ip igmp snooping mcast- multicast router port list. router Examples of IP DHCP Snooping & Interface Switch(config)# interface 1-3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-1-3)# ip dhcp snooping Configure Port 1~3 as the multicast router option...
  • Page 42 Switch(config)# show ip igmp Show the profile configuration of profile IGMP filter. Switch(config)# show ip igmp [profile_name] Show the specified profile’s profile [profile_name] configuration. Switch(config)# show ip igmp Show the segment configuration of segment IGMP filter. Switch(config)# show ip igmp [1-400] Show the specified segment’s segment [1-400]...
  • Page 43 Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Disable IGMP filter for the selected no ip igmp filter ports. Switch(config-if-PORT-PORT)# [profile_name] Remove the specified profile from no ip igmp filter profile the selected ports.
  • Page 44 Switch(config)# no ip source Remove the IPv4/IPv6 address of binding [1-5] ip-address the specified number from the IP Source Binding list. Show command Switch(config)# show ip source Show IPv4/IPv6 Source configuration. 11. Use “Interface” command to configure IP Source Guard for Security. IP Source Guard &...
  • Page 45 Show command Switch# show ip sourceguard Show each interface’s IP interface sourceguard type. Switch# show ip sourceguard [port_list] Show the specified interface’s IP interface [port_list] sourceguard type. Switch# show ip sourceguard Show IP souceguard static IP table. static-ip Switch(config)# show ip Show each interface’s IP sourceguard interface sourceguard type.

  • Page 46: Ipv6 Command

    2.5.7 IPv6 Command Brief Introduction to IPv6 Addressing IPv6 addresses are 128 bits long and number about 3.4×1038. IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPv6 unicast addresses other than those that start with binary 000 are logically divided into two parts: a 64-bit network prefix and a 64-bit interface identifier.
  • Page 47 Set up the IPv6 address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCPv6 server. IPv6 Command Parameter Description Switch(config)# ipv6 Configuration of IPv6 addresses using address autoconfig stateless autoconfiguration. Switch(config)# ipv6 Configure DHCPv6 function into the address dhcp auto auto mode.

  • Page 48: Lan-Follow-Wan Command

    2.5.8 lan-follow-wan Command With the lan-follow-wan function, the device(s) connected with the LAN port(s) of the Managed Switch can be immediately triggered by its link-up WAN port (SFP+ port that is located at the rear panel of the Managed Switch) switched from link-down into link-up status in order to obtain the new DHCP IP address and the related update information, such as the firmware or the configuration file, from the DHCP server.

  • Page 49: Loop Detection Command

    2.5.9 Loop Detection Command In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.
  • Page 50 NOTE: 1. Be aware that Looped port unlock- interval converted into seconds should be greater than or equal to Detection Interval seconds multiplied by 10. The ‘10’ is a magic number which is for the system to claims the loop detection disappears when the system does not receive the loop- detection packet from itself at least 10 times.
  • Page 51 Switch(config)# show loop- [port_list] Show Loop Detection status of the detection status [port_list] specified port(s). Examples of Loop Detection command Switch(config)# loop-detection interval 10 Set the Loop Detection time interval to 10 seconds. Switch(config)# loop-detection unlock-interval 120 Set the Loop Detection unlock time interval to 120 minutes.

  • Page 52: Led Command

    2.5.10 led Command LED commands allows the user to control the light intensity of all LEDs at will on the Managed Switch in order to decrease the possibility of the light pollution damage. 1. Set up the intensity of the light for all LEDs on the Managed Switch. led Command Parameter Description...

  • Page 53: Mac Command

    2.5.11 MAC Command Set up MAC address table aging time. Entries in the MAC address table containing source MAC addresses and their associated ports will be deleted if they are not accessed within aging time. MAC Command Parameter Description Switch(config)# mac [0-900s] Specify MAC address table aging time address-table aging-time...
  • Page 54 Examples of MAC command Switch(config)# mac address-table aging-time Set MAC address aging time to 200 seconds. Use “Interface” command to configure a group of ports’ MAC Table settings. MAC & Interface Command Parameter Description Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen.

  • Page 55: Management Command

    2.5.12 Management Command Management Command Parameter Description Switch(config)# management [1-1440] To disconnect the Managed Switch when console timeout [1-1440] console management is inactive for a certain period of time. The allowable value is from 1 to 1440 (seconds). Switch(config)# management [1-1440] To disconnect the Managed Switch when console timeout [1-1440] min...
  • Page 56 Switch(config)# management telnet port 23 Set Telnet port to port 23. Switch(config)# management web https Enable Web Management and manage the Managed Switch via “https” web management method.

  • Page 57: Mirror Command

    2.5.13 Mirror Command Mirror Command Parameter Description Switch(config)# mirror Globally enable Port Mirroring function. Switch(config)# mirror index [1-4] [1-4] Specify the index of port mirroring you would like to configure. Up to 4 sets of port mirroring can be set up. Switch (config-mirror-index)# Enable the specified port mirroring.

  • Page 58: Ntp Command

    2.5.14 NTP Command NTP Command Parameter Description Switch(config)# ntp Enable Network Time Protocol to have Managed Switch’s system time synchronize with NTP time server. Switch(config)# ntp [recurring] Enable daylight saving function with daylight-saving [ recurring | recurring mode. date ] [date] Enable daylight saving function with date mode.
  • Page 59 Show command Switch# show ntp Show the current NTP time server configuration. Switch(config)# show ntp Show the current NTP time server configuration. Examples of NTP command Switch(config)# ntp Enable NTP function for the Managed Switch. Switch(config)# ntp daylight-saving date Enable the daylight saving function in date mode.

  • Page 60: Qos Command

    2.5.15 QoS Command 1. Set up QoS QoS Command Description Parameter Switch(config)# qos [802.1p | dscp] [802.1p | dscp] Specify QoS mode. Switch(config)# qos dscp-map [0- [0-63] Specify a DSCP bit value. 63] [0-7] [0-7] Specify a queue value. Switch(config)# qos management- [0-7] Specify management default priority [0-7]...
  • Page 61 Switch (config-dscp-map-ID)# no rx- Reset the received DSCP bit dscp value for the selected priority mapping ID back to the default. Switch(config)# no qos remarking Globally disable 802.1p bit 802.1p remarking. Switch(config)# no qos remarking [1-8] Reset the 802.1p remaking for 802.1p-map [1-8] the specified priority mapping ID back to the default.
  • Page 62 Switch(config-if-PORT-PORT)# [Kbps | Mbps] Specify the unit of the ingress rate qos rate-limit ingress unit [Kbps | limit between Kbps and Mbps. Mbps] Switch(config-if-PORT-PORT)# Enable QoS egress rate limit qos rate-limit egress settings. Switch(config-if-PORT-PORT)# 500- Specify the egress rate limit value. qos rate-limit egress rate [500- 10000000 | (Valid range is from 500 ~1000000...
  • Page 63 For QoS configuration via CLI, we take an HES-5106SFP+ Managed Switch for example to let the users have a clear understanding of these QoS commands. Under this network environment, HES-5106SFP+ will be configured as Table 2-1. Ports 1-5 are client ports and Port 6 is the uplink port of the device.
  • Page 64 In this example, it configures STEP3 qos queuing-mode weight Queue Mode as “Weight”. Example: HES-5106SFP+(config)# qos queuing-mode weight OK ! In this example, it configures STEP4 weighted qos queue-weighted the Queue Weighted to : 1(Q0):2(Q1):3(Q2):4(Q3): 5(Q4):6(Q5):7(Q6):8(Q7). Example: HES-5106SFP+(config)# qos queue-weighted 1:2:3:4:5:6:7:8 OK ! In this example, it configures...
  • Page 65 In this example, it configures STEP13 kbps/Mbps qos rate-limit ingress unit the unit of the ingress rate limit as” Mbps” for Port 3 and Example: Port 4. HES-5106SFP+(config-if-3,4)# qos rate-limit ingress unit Mbps OK ! In this example, it configures STEP14 limit_rate(kbps/Mbps) qos rate-limit ingress rate...
  • Page 66 In this example, it configures STEP23 limit_rate(kbps/Mbps) qos rate-limit egress rate Port 5 with 1G Engress Rate. Example: HES-5106SFP+(config-if-5)# qos rate-limit egress rate 1000000 OK ! In this example, it configures STEP24 P-Bit qos user-priority P-Bit value as 5 for Port 5. Example: HES-5106SFP+(config-if-5)# qos user-priority 5 Return to the global...
  • Page 67 After completing the QoS settings for your HES-5106SFP+ switches, you can issue the commands listed below for checking your configuration Example 1, HES-5106SFP+(config)# show qos ======================================================================= QoS Information ======================================================================= QoS Mode : 802.1p Egress Mode : weight Weight : 1:2:3:4:5:6:7:8 Press Ctrl-C to exit or any key to continue! Priority Queue --------- ----------...
  • Page 68 Example 2, HES-5106SFP+(config)# show qos interface ======================================================================= QoS port Information : ======================================================================= Ingress Rate Egress Rate ------------------------------- ------------------------------------ Port State Rate Unit State Rate Unit ------ --------- ---------- ---------- ---------- ---------- ----------- 1 disable 500 Kbps disable Kbps 2 disable 500 Kbps disable Kbps...

  • Page 69: Security Command

    2.5.16 Security Command When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per port basis so as to protect network from broadcast/unknown multicast/ unknown unicast storms.
  • Page 70 Switch(config)# security [120-86400] To set up the time interval of sending the storm-protection notification alarm trap or system log if threshold interval [120- broadcast/unknown multicast/unknown 86400] unicast packets flood continuously. The allowable value is between 120 and 86400 seconds. No command Switch(config)# no security Reset the maximum times of the port link link-flap notification threshold...
  • Page 71 up-link-port communicate with other ports. Switch(config-if-PORT- [1-256k] Specify the maximum broadcast PORT)# security storm- packets per second (pps). Any protection broadcast [1-256k] broadcast packets exceeding the specified threshold will then be dropped. The packet rates that can be specified are listed below: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k NOTE: To view a list of allowable...
  • Page 72 isolation up-link-port Switch(config-if-PORT- Disable broadcast storm control on the PORT)# no security storm- selected ports. protection broadcast Switch(config-if-PORT- Disable unknown-multicast storm PORT)# no security storm- control on the selected ports. protection unknown-multicast Switch(config-if-PORT- Disable unknown-unicast storm control PORT)# no security storm- on the selected ports.

  • Page 73: Snmp-Server Command

    2.5.17 SNMP-Server Command 1. Create a SNMP community and set up detailed configurations for this community. Snmp-server Command Parameter Description Switch(config)# snmp- Enable SNMP Management. To manage server the Managed Switch via SNMP. Switch(config)# snmp- [community] Create/modify a SNMP community name. server community Up to 20 alphanumeric characters can be [community]...
  • Page 74 Exit command Switch(config-community-NAME)# exit Return to the global configuration mode. Example of Snmp-server Switch(config)# snmp-server community Create a new community “mycomm” and mycomm edit the details of this community account. Switch(config-community-mycomm)# active Activate the SNMP community “mycomm”. Switch(config-community-mycomm)# Add a description for “mycomm” description rddeptcomm community.
  • Page 75 Switch(config-trap-1)# community mycomm Add the description “mycomm” to this trap destination. Switch(config-trap-1)# destination Set SNMP server’s IP address as 192.168.1.254 “192.168.1.254” for this trap destination. 3. Set up SNMP trap types that will be sent. Trap-type Command Parameter Description Switch(config)# snmp- [all | auth-fail | Specify a trap type that will be sent when server trap-type [all | auth-...
  • Page 76 sending this trap upon the notification threshold interval setup of Storm Control function once these packets flood continuously. warm-start: A trap will be sent when the Managed Switch restarts. No command Switch(config)# no snmp- [all | auth-fail | Specify a trap type that will not be sent server trap-type [all | auth- auto-backup | when a certain situation occurs.
  • Page 77 4. Set up detailed configurations for SNMPv3 USM User Simple Network Management Protocol Version 3, SNMPv3 in short, features stronger security mechanism, including authentication and encryption that helps ensure that the message is from a valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source.
  • Page 78 Switch (config-v3-community- user_name)# no private Delete the configured private password. password Show Command Switch(config)# show snmp- Show SNMPv3 user configuration. server user Switch(config)# show snmp- [user_name] Show the specified SNMPv3 user server user [user_name] configuration. Switch(config-v3-user- Show the specified SNMPv3 user user_name)# show configuration.

  • Page 79: Switch Command

    2.5.18 Switch Command Switch Command Parameter Description Switch(config)# switch mtu [1518- [1518-9600] Specify the maximum frame size 9600] in bytes. The allowable MTU value is between 1518 and 9600 bytes. Switch(config)# switch statistics [1-6] Specify the number of ports for polling port [1-6] data acquisition in each polling.

  • Page 80: Switch-Info Command

    2.5.19 Switch-info Command 1. Set up the Managed Switch’s basic information, including company name, hostname, system name, etc.. Switch-info Command Parameter Description Switch(config)# switch-info [company_name] Enter a company name, up to 55 company-name alphanumeric characters, for this Managed [company_name] Switch. Switch(config)# switch-info [10-3000] Specify CPU loading threshold.
  • Page 81 No command Switch(config)# no switch-info company-name Reset the entered company name back to the default. Switch(config)# no switch-info cpu-loading- Reset CPU loading threshold back to the threshold default. Switch(config)# no switch-info cpu- Disable the continuous alarm message temperature notification continuous-alarm sending function for CPU temperature of the system.

  • Page 82: Syslog Command

    2.5.20 Syslog Command Syslog Command Parameter Description Switch(config)# syslog Enable the system log function. Switch(config)# syslog [0-7] Specify a facility code (Local 0~Local 7) to a facility [0-7] specific device for classifying the syslog message provided by different devices. Switch(config)# syslog Enable Terminal-history log function.

  • Page 83: Terminal Length Command

    2.5.21 Terminal Length Command Terminal Length Parameter Description Command Switch(config)# terminal [0-512] Specify the number of event lines that will length [0-512] show up each time on the screen for “show running-config”, “show default-config” and “show start-up-config” commands. (“0” stands for no pausing.) No Command Switch(config)# no terminal Reset the terminal length back to the default...

  • Page 84: User Command

    2.5.22 User Command 1. Create a new login account. User Command Parameter Description Switch(config)# user name [user_name] Create/modify a user account. The [user_name] authorized user login name is up to 20 alphanumeric characters. Up to 10 users can be registered. Switch(config)# user Enable MD5 (Message-Digest Algorithm).
  • Page 85 Switch(config)# no user Disable MD5(Message-Digest Algorithm). password-encryption Switch(config-user- Deactivate the selected user account. NAME)# no active Switch(config-user- Remove the configured description for the NAME)# no description specified user account. Switch(config-user- Reset the access privilege level back to the NAME)# no level default (Read Only).
  • Page 86 2. Configure RADIUS server settings. User Command Parameter Description Switch(config)# user radius Enable RADIUS authentication. Switch(config)# user radius [1025- Specify RADIUS server port number. radius-port [1025-65535] 65535] Switch(config)# user radius [0-2] Specify the retry time value. This is the retry-time [0-2] number of times that the Managed Switch will try to reconnect if the RADIUS server is not reachable.

  • Page 87: Vlan Command

    2.5.23 VLAN Command A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
  • Page 88 Introduction to 802.1Q frame format: Preamble Type/LEN PAYLOAD Original frame 802.1q Preamble Type/LEN PAYLOAD FCS TCI/P/C/VID frame PRE Preamble 62 bits Used to synchronize traffic SFD Start Frame Delimiter 2 bits Marks the beginning of the header Destination Address 6 bytes The MAC address of the destination Source Address 6 bytes...
  • Page 89 Trunk Native Mode : A Trunk-native port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign a default Access-VLAN to the trunk-native port, all untagged traffic travels on the default Access-VLAN for the trunk-native port, and all untagged traffic is assumed to belong to this Access-VLAN.

  • Page 90: Introduction To Q-In-Q (Dot1Q-Tunnel)

    2.5.23.3 Introduction to Q-in-Q (DOT1Q-Tunnel) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
  • Page 91 Use “Interface” command to configure a group of ports’ 802.1q/Port-based VLAN settings. VLAN & Interface Command Parameter Description Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# [1-4094] Specify the selected ports’...
  • Page 92 2. Create/Modify an 802.1q VLAN and a management VLAN rule or create a port-based VLAN group. VLAN dot1q Command Parameter Description Switch(config)# vlan dot1q-vlan [1-4094] Enter a VLAN ID number to create [1-4094] a new 802.1q VLAN or modify an existing 802.1q VLAN.
  • Page 93 Show port-based VLAN table. Switch(config)# show vlan port- based Exit command Switch(config-vlan-ID)# exit Return to Global Configuration mode. Examples of Port-based VLAN Switch(config)# vlan port-based MKT_Office Create a port-based VLAN “MKT_Office”. Switch(config)# vlan management-vlan 1 Set VLAN 1 to management VLAN management-port 1-3 mode access (untagged) and Port 1~3 as management ports.
  • Page 94 No command Switch(config)# no vlan mapping Disable VLAN Translation function globally. Switch(config)# no vlan mapping [name] Remove the specified mapping name [name] rule by name from the VLAN mapping rule table. Show command Switch(config)# show vlan Show the current VLAN mapping Translation configuration.
  • Page 95 HES-5106SFP+(config-if-5,6)# vlan dot1q-vlan Set port 5 to port 6’s Access-VLAN ID pvid 60 (PVID) to 60. HES-5106SFP+(config-if-5,6)# vlan dot1q-vlan Set the selected ports to Access Mode mode access (untagged). HES-5106SFP+(config-if-5,6)# exit Exit current ports interface mode. 2. Modify 802.1q VLAN IDs’ names. HES-5106SFP+(config)# vlan dot1q-vlan 10 Enter VLAN 10.
  • Page 96 Example 2, We will configure two sets of HES-5106SFP+ Managed Switch( including #1 HES-5106SFP+ and #2 HES-5106SFP+) via CLI as the Table 2-4 listed. Port Access-VLAN Trunk-VLAN Mode EtherType (PVID) (VID) Dot1q-tunnel 9100 Trunk 9100 Dot1q-tunnel 9100 Dot1q-tunnel 9100 Table 2-4 Below is the complete CLI commands applied to #1 HES-5106SFP+.
  • Page 97 HES-5106SFP+(config)# interface 2 HES-5106SFP+(config-if-2)# In this example, it configures vlan_id STEP8 vlan dot1q-vlan trunk-vlan Trunk-VLAN ID “10” to Port 2. Example: HES-5106SFP+(config-if-2)# vlan dot1q-vlan trunk-vlan 10 OK ! Configure Port 2’s VLAN mode trunk STEP9 v lan dot1q-vlan mode as “Trunk” mode. Example: HES-5106SFP+(config-if-2)# vlan dot1q-vlan mode trunk OK !
  • Page 98 In this example, it configures STEP16 vlan_id vlan dot1q-vlan access-vlan Access-VLAN ID “20” to Port 4. Example: HES-5106SFP+(config-if-4)# vlan dot1q-vlan pvid 20 OK !
  • Page 99 Configure Port 4’s VLAN mode STEP17 dot1q-tunnel vlan dot1q-vlan mode as “dot1q-tunnel” mode. Example: HES-5106SFP+ (config-if-4)# vlan dot1q-vlan mode dot1q- tunnel OK ! Return to the global STEP18 exit configuration mode. Example: HES-5106SFP+ (config-if-4)# exit HES-5106SFP+ (config)# Return to the Privileged mode. STEP19 exit Example:...
  • Page 100 After completing the VLAN settings for your HES-5106SFP+ switches, you can issue the commands listed below for checking your configuration Example 1, HES-5106SFP+(config)# show vlan interface ======================================================================== IEEE 802.1q Tag VLAN Interface ======================================================================== CPU VLAN ID Dot1q-Tunnel EtherType : 0x9100 Port P-Bit Port VLAN Mode PVID Trunk-vlan ---- --------- ------------------------ ------- ---------------- dot1q tunnel...

  • Page 101: Interface Command

    2.5.24 Interface Command Use “interface” command to set up configurations of several discontinuous ports or a range of ports. 1. Entering interface numbers. Interface Command Parameter Description Switch(config)# interface [port_list] Enter several port numbers separated by [port_list] commas or a range of port numbers with a hyphen.
  • Page 102 5. Enable flow control operation. Command Parameter Description Switch(config-if-PORT-PORT)# Enable flow control on the selected flowcontrol port(s). No command Switch(config-if-PORT-PORT)# Disable flow control on the selected no flowcontrol port(s). 6. Setup DHCP snooping/relay sub-commands Command Parameter Description Switch(config-if-PORT-PORT)# Enable the selected interfaces’ DHCP ip dhcp snooping option Option 82 / DHCPv6 Option 37 relay agent globally.
  • Page 103 7. Setup IGMP snooping/MLD sub-commands Command Parameter Description Switch(config-if-PORT- Enable IGMP filter for the selected ports. PORT)# ip igmp filter Switch(config-if-PORT- [profile_name] Assign the selected ports to an IGMP filter PORT)# ip igmp filter profile profile. [profile_name] Note: Need to create an IGMP filter profile first under the igmp global configuration mode before assigning it.
  • Page 104 9. Setup IP source guard Command Parameter Description Switch(config-if-PORT- [dhcp | fixed-ip] Specify the authorized access type as PORT)# ip sourceguard [dhcp either DHCP or fixed-IP for the selected | fixed-ip] ports. dhcp: DHCP server assigns IP address. fixed IP: Only Static IP (Create Static IP table first).
  • Page 105 11. Configure QoS rate limit. Command Parameter Description Switch(config-if-PORT-PORT)# 500- Specify the ingress rate limit value. qos rate-limit ingress rate [500- 10000000 | (Valid range is from 500 ~1000000 in unit 10000000 | 1-10000] Kbps/Mbps 1-10000] of Kbps or 1~1000 in unit of Mbps for Ports Kbps/Mbps 1~4 and 500-10000000 in unit of Kbps or 1- 10000 in unit of Mbps for Ports 5~6.).
  • Page 106 14. Set up VLAN parameters per port. Command Parameter Description Switch(config-if-PORT-PORT)# [1-4094] Specify the selected ports’ Access-VLAN vlan dot1q-vlan pvid [1-4094] ID (PVID). Switch(config-if-PORT-PORT)# [1-4094] Specify the selected ports’ Trunk-VLAN ID vlan dot1q-vlan trunk-vlan [1- (VID). 4094] Switch(config-if-PORT-PORT)# Set the selected ports to the access mode vlan dot1q-vlan mode access (untagged).

  • Page 107: Show Interface Statistics Command

    2.5.25 Show interface statistics Command The command of “show interface statistics”, displaying port traffic statistics, port packet error statistics and port analysis history, can be used either in Privileged mode or Global Configuration mode. This command is useful for network administrators to diagnose and analyze the real-time conditions of each port traffic.

  • Page 108: Show Sfp Command

    2.5.26 Show sfp Command When you slide-in SFP transceiver, detailed information about this module can be viewed by issuing this command. Show sfp Command Description Display SFP information, including the speed of transmission, the distance of Switch(config)# show sfp information transmission, vendor name, vendor PN, and vendor SN.

  • Page 109: Show Log Command

    Switch(config)# show start-up- Show the difference between the config startup configuration and the default configuration. Switch(config)# show start-up- [string] Specify the keyword to search for config include [string] the matched information from the difference between the startup configuration and the default configuration.
  • Page 110 link flap lasts, Rx power(dBm) of SFP ports, and so on. Switch(config)# show log link- Remove all logs of the triggered event flap [port_number] clear for the specified port.

  • Page 111: Chapter 3. Snmp Network Management

    3. SNMP NETWORK MANAGEMENT The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.

  • Page 112: Chapter 4. Web Management

    4. WEB MANAGEMENT You can manage the Managed Switch via a web browser. However, you must first assign a unique IP address to the Managed Switch before doing so. Through the connection of any SFP ports using the fiber cable or any TP ports using a RJ45 cable, you will be allowed to have an access of the Managed Switch and set up the IP address for the first time.
  • Page 113 In the Main Menu, there are 11 main functions, including System Setup, Port Management, VLAN Setup, MAC Address Management, QoS Setup, Multicast, ACL Setup, Security Setup, Maintenance, Management and Logout contained. We will respectively describe their sub-functions in the following sections of this chapter.

  • Page 114: System Setup

    4.1 System Setup In order to enable network management of the Managed Switch, proper network configuration is required. To do this, click the folder System Setup from the Main Menu and then 5 options within this folder will be displayed as follows. Switch Information: Name the Managed Switch, specify the location and check the current version of information IP Setup: Set up the required IP configuration of the Managed Switch.

  • Page 115: Switch Information

    4.1.1 Switch Information Select the option System Information from the System Setup menu and then the following screen shows up. Company Name: Enter a company name for this Managed Switch. System Object ID: Display the predefined System OID. System Contact: Enter the contact information for this Managed Switch. System Name: Enter a descriptive system name for this Managed Switch.
  • Page 116 Model Name: Display the product’s model name. Host Name: Enter the product’s host name. Current Boot Image: The image that is currently being used. Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device.

  • Page 117: Ip Setup

    4.1.2 IP Setup Click the option IP Setup from the System Setup menu and then the following screen page appears. Enable IPv4: Click the checkbox in front of enable IPv4 to enable IPv4 function on the Managed Switch. MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Managed switch.
  • Page 118 The default value of this parameter is 0.0.0.0, which means no gateway exists and the network management station and Managed Switch are on the same network. Current State: This view-only field shows currently assigned IP address (by DHCP or manual), Subnet Mask and Gateway of the Managed Switch. IPv4 DHCP Recycle: Click on Recycle manually, DHCP Release packets and Discover packets will be sent to DHCP server.
  • Page 119 there are any bits left in between, those are set to zero. IPv6 Global Address/Prefix Length: This is done in the same fashion as the link-local address, but instead of the link-local prefix FE80:: it will use the prefix supplied by the router and put it together with its identifier (which by default is the MAC address in EUI-64 format).

  • Page 120: Ip Source Binding

    4.1.3 IP Source Binding Click the option IP Source Binding from the System Setup menu and then the following screen page appears. Source Binding State: Globally enable or disable IP source binding. State: Disable or enable the assigned IP address to reach the management. IPv4/IPv6 Address: Specify the IP address for source binding.

  • Page 121: Time Server Setup

    4.1.4 Time Server Setup Click the option Time Server Setup from the System Setup menu and then the following screen page appears. Time Synchronization: To enable or disable the time synchronization function. 1st Time Server: Set up the IPv4/IPv6 address of the first NTP time server. 2nd Time Server: Set up the IPv4/IPv6 address of the secondary NTP time server.

  • Page 122: Syslog Configuration

    4.1.5 Syslog Configuration Click the option Syslog Setup from the System Setup menu and then the following screen page appears. When DHCP snooping filters unauthorized DHCP packets on the network, the mal-attempt log will allow the Managed Switch to send event notification message to log server. Log Server: Enable or disable mal-attempt log function.

  • Page 123: Port Management

    4.2 Port Management In order to configure each port of the Managed Switch and monitor the real-time ports’ link-up status or traffic counters for maintenance or diagnostic purposes. Select the folder Port Management from the Main Menu and then 5 options within this folder will be displayed for your selection. 1.

  • Page 124: Port Setup & Status

    4.2.1 Port Setup & Status Click the option Port Setup &Status from the Port Management menu and then the following screen page appears. Maximum Frame Size: Specify the maximum frame size between 1518 and 9600 bytes. The default maximum frame size is 9600 bytes. Statistics Polling Port: Specify the number of ports for data acquisition at a time.
  • Page 125 Description: Enter a unique description for the port. Up to 35 alphanumeric characters can be accepted. Preferred Media Type: Select copper or fiber as the preferred media type. Port Type: Select Auto-Negotiation or Manual mode as the port type. State of Port in Speed field: View-only field that shows the current operation speed of ports, which can be 10Mbps/100Mbps/1000Mbps in 1-4 TP port(s), 100Mbps/1000Mbps/2.5G/5G/10G in NBase-T Port 5 and 1000Mbps/10Gbps in SFP+ Port 6, and the current operation duplex mode of the port, either Full or Half.

  • Page 126: Port Traffic Statistics

    4.2.2 Port Traffic Statistics In order to view the real-time port traffic statistics of the Managed Switch, select the option Port Traffic Statistics from the Port Management menu and then the following screen page appears. Monitor: Choose the way of representing Port Traffic Statistics from the pull-down menu. Either “Rate”...

  • Page 127: Port Packet Error Statistics

    4.2.3 Port Packet Error Statistics Port Packet Error Statistics mode counters allow users to view the port error of the Managed Switch. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Error Statistics from the Port Management menu and then the following screen page appears.

  • Page 128: Port Packet Analysis Statistics

    4.2.4 Port Packet Analysis Statistics Port Packet Analysis Statistics mode counters allow users to view the port analysis history of the Managed Switch in both “Rate” and “Event” representing ways. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Analysis Statistics from the Port Management menu and then the following screen page appears.

  • Page 129: Port Mirroring

    4.2.5 Port Mirroring In order to allow the destination port to mirror the source port(s) and enable traffic monitoring, select the option Port Mirroring from the Port Management menu and then the following screen page appears. Please note that functions of Port Isolation and Port Mirroring cannot be enabled concurrently.
  • Page 130 Enabled: Enable or disable the specific port mirroring. TX Source Port: Input the port number (e.g.1, 2, 3-4) to specify the transmitting packets of preferred source port(s) for mirroring. Please note that the port selected as the destination port cannot be the source port.

  • Page 131: Lan Follow Wan

    4.2.6 LAN Follow WAN With the lan-follow-wan function, the device(s) connected with the LAN port(s) of the Managed Switch can be immediately triggered by its link-up WAN port (SFP+ port that is located at the rear panel of the Managed Switch) switched from link-down into link-up status in order to obtain the new DHCP IP address and the related update information, such as the firmware or the configuration file, from the DHCP server.

  • Page 132: Vlan Setup

    4.3 VLAN Setup A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
  • Page 133 Click the icon to remove a specified Port-Based VLAN and its settings from the Port-Based VLAN table. Or click Batch Delete to remove a number of / all Port-Based VLANs at a time by clicking on the checkbox belonging to the corresponding Port-Based VLAN in the Action field and then click Delete Select Item, these selected VLANs will be deleted immediately.

  • Page 134: Q Vlan

    4.3.2 802.1Q VLAN 802.1Q VLAN Concept Port-Based VLAN is simple to implement and use, but it cannot be deployed cross switches VLAN. The 802.1Q protocol was developed in order to provide the solution to this problem. By tagging VLAN membership information to Ethernet frames, the IEEE 802.1Q can help network administrators break large switched networks into smaller segments so that broadcast and multicast traffic will not occupy too much available bandwidth as well as provide a higher level security between segments of internal networks.
  • Page 135 totally unaware of the VLAN assigned to the port. The network host simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them.
  • Page 136 PortX sends and receives Tagged packets VID 10,11 and 12 Trunk-VLAN = 10,11,12 PortX is a Trunk-native Port Access-VLAN = 20 PortX’s VID is 10,11 and 12 Mode = Trunk-native PortX’s PVID is 20 PortX sends and receives Tagged packets VID 10,11 and 12 PortX receives Untagged packets and add PVID 20 Trunk-VLAN = 10,11,12 PortX is a Dot1q-tunnel Port...

  • Page 137: Introduction To Q-In-Q (Dot1Q-Tunnel)

    4.3.3 Introduction to Q-in-Q (DOT1Q-Tunnel) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.

  • Page 138: Ieee 802.1Q Tag Vlan

    4.3.4 IEEE 802.1q Tag VLAN The following screen page appears when you choose the option IEEE 802.1q Tag VLAN mode from the VLAN Setup menu and then select VLAN Interface function. Trunk VLAN Setup: To create, modify or remove IEEE 802.1q Tag VLAN settings. 2.

  • Page 139: Trunk Vlan Setup

    4.3.4.1 Trunk VLAN Setup The following screen page appears if you choose Trunk VLAN Setup function. Click Add Trunk VLAN to add a new VLAN and then the following screen page appears for the further IEEE 802.1q Tag VLAN settings. icon to modify the settings of a specified 802.1q VLAN.

  • Page 140: Vlan Interface

    4.3.4.2 VLAN Interface The following screen page appears if you choose VLAN Interface function. CPU VLAN ID: Specify an existing VLAN ID. Dot1q-Tunnel EtherType: Configure outer VLAN's ethertype. (Range: 0000~FFFF, Default: 9100). Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.

  • Page 141: Ieee 802.1Q Vlan Table

    Mode: Pull down the list in the Mode field and select the appropriate mode for each port. The port behavior of each mode is listed as the following table. Access: Set the selected port to the access mode (untagged). Trunk: Set the selected port to the trunk mode (tagged). Trunk-Native: Enable native VLAN for untagged traffic on the selected port.

  • Page 142: Vlan Translation Configuration

    4.3.5 VLAN Translation Configuration Besides the aforementioned ways of creating VLANs, another way to establish the translated VLANs is to configure VLAN ID translation (or VLAN mapping) on trunk ports connected to a customer network to map the original VLANs to the translated VLANs. Through this VLAN ID translation, it will save much effort in massive Ethernet network deployments.
  • Page 143 Entry: View-only field. This shows the number of VLAN mapping rule that is currently created. Name: Specify a name for the VLAN mapping rule. Up to 32 alphanumeric characters can be accepted. Port: Specify one preferred trunk port used for the VLAN ID translation. (For more details on turnk Section 4.3.4.2 “VLAN Interface”.) port settings, please refer to...

  • Page 144: Mac Address Management

    4.4 MAC Address Management Select the folder MAC Address Management from the Main Menu and then 3 options will be displayed for your selection. 1. MAC Table Learning: Set up MAC address table aging time, and enable/disable MAC address learning function. Static MAC Table Setup: To create, edit or delete the Static MAC Table setting.
  • Page 145 MAC Address Aging Time: Specify MAC address table aging time between 0 and 900 seconds. “0” means that MAC addresses will never age out. MAC Address Learning Per Port: Enable port MAC address learning function on the specified ports by clicking on the checkbox of the corresponding port number. Besides, you can choose all ports at a time by clicking on the checkbox in front of Select All as well.

  • Page 146: Static Mac Table Setup

    4.4.2 Static MAC Table Setup Click the option Static MAC Table Setup from the MAC Address Management menu and then the following screen page appears. This table will display the overview of the static source MAC addresses, which are manually added by clicking on the Add Static MAC button.
  • Page 147 VID: Specify the VLAN ID where the packets with the destination MAC address can be forwarded. Forwarding Port: If the incoming packet has the same destination MAC address as the one specified in VID, it will be forwarded to the selected port directly. when the settings are completed, this new static MAC address will be listed on the static Click MAC address table, or click...

  • Page 148: Mac Address Table

    4.4.3 MAC Address Table MAC Address Table displays MAC addresses learned when MAC Address Learning is enabled. Select the option MAC Address Table from the MAC Address Management menu and then the following screen page appears. The table above is composed of the MAC addresses that are automatically learned from each port of Managed Switch or manually created by the users.

  • Page 149: Qos Setup

    4.5 QoS Setup Network traffic is always unpredictable and the only basic assurance that can be offered is the best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is prioritized according to specified criteria and receives preferential treatments.

  • Page 150: Qos Priority

    4.5.1 QoS Priority Select the option QoS Priority from the QoS Setup menu and then the following screen page appears. Priority Mode: Select the QoS priority mode of the Managed Switch. IEEE 802.1p: IEEE 802.1p mode utilizes p-bits in VLAN tag for differential service. DSCP: DSCP mode utilizes TOS field in IPv4 header for differential service.
  • Page 151 802.1p to Queue Mapping: Assign an 802.1p value (0~7) of 8 different levels to the specific queue. DSCP to Queue Mapping: Assign a DSCP value (0~63) of 64 different levels to the specific queue by pulling down the Queue menu. Or directly input a range of the DSCP value (e.g.1, 2, 3-7) in the DSCP Value List field and specify them to the preferred queue from the Queue pull-down menu at a time.

  • Page 152: Qos Remarking

    4.5.2 QoS Remarking QoS Remarking includes 802.1p Remarking and DSCP Remarking. To configure it, select the option QoS Remarking from the QoS Setup menu and then the following screen page appears. Please note that 802.1p / DSCP remarking rule will not affect the priority mapping rule. Configure 802.1p Remarking: This allows you to enable or disable 802.1p remarking for each priority by pulling down the 802.1p Remarking...
  • Page 153 Configure DSCP Remarking: This allows you to enable or disable DSCP remarking for each priority by pulling down the DSCP Remarking menu. The default setting is disabled.

  • Page 154: Qos Rate Limit

    4.5.3 QoS Rate Limit Select the option QoS Rate Limit from the QoS Setup menu and then the following screen page appears. This allows users to specify each port’s both inbound and outbound bandwidth. The excess traffic will be dropped. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.

  • Page 155: Multicast Configuration

    4.6 Multicast Configuration Select the folder Multicast from the Main Menu, IGMP/MLD Snooping subfolder and Static Multicast Setup option for multicast setup will be displayed. 4.6.1 IGMP/MLD Snooping The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups.

  • Page 156: Igmp/Mld Setup

    1. IGMP/MLD Setup: To enable or disable IGMP/MLD Snooping, IGMPv3/MLDv2 Snooping, Unregistered IPMC Flooding and set up router ports. 2. IGMP/MLD VLAN Setup: To set up the ability of IGMP/MLD snooping and querying with VLAN. IPMC Segment: To create, edit or delete IPMC segment. IPMC Profile: To create, edit or delete IPMC profile.

  • Page 157: Igmp/Mld Vlan Setup

    IGMP/MLD Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic. IGMPv3/MLDv2 Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic. This is for IGMPv3 and MLDv2 only. Unregistered IPMC Flooding: Set forwarding mode for unregistered (not-joined) IP multicast traffic.
  • Page 158 VLAN Name: View-only field that shows the VLAN name. Snooping: When enabled, the port in VLAN will monitor network traffic and determine which hosts to receive the multicast traffic. Querying: When enabled, the port in VLAN can serve as the Querier which is responsible for asking hosts whether they would like to receive multicast traffic.

  • Page 159: Ipmc Segment

    4.6.1.3 IPMC Segment Select the option IPMC Segment from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Segment ID, Name and IP Range appears. This table will display the overview of each configured IPMC segment. Up to 400 IPMC segments can be created.
  • Page 160 IPMC segment table. Or click Batch Delete to remove a number of /all IPMC segments at a time by clicking on the checkbox belonging to the corresponding IPMC segment in the Action field and then click Delete Select Item, the selected IPMC segment(s) will be deleted immediately. To cancel this batch delete, please click Cancel Batch Delete to cancel the selection.

  • Page 161: Ipmc Profile

    4.6.1.4 IPMC Profile Select the option IPMC Profile from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Profile appears. This table will display the overview of each configured IPMC profile. Up to 60 IPMC profiles can be registered.
  • Page 162 Click the icon to remove a specified registered IPMC profile entry and its settings from the IPMC profile table. Or click Batch Delete to remove a number of /all IPMC profiles at a time by clicking on the checkbox belonging to the corresponding IPMC profile in the Action field and then click Delete Select Item, the selected IPMC profile(s) will be deleted immediately.

  • Page 163: Igmp/Mld Filtering

    4.6.1.5 IGMP/MLD Filtering Select the option IGMP/MLD Filtering from the IGMP/MLD Snooping menu and then the following screen page appears. Port: View-only field that shows the port number that is currently configured. Channel Limit: Specify the maximum transport multicast stream. Vaild range is 1~512. IGMP/MLD Filter: This option is to globally enable or disable the IGMP/MLD filter.

  • Page 164: Igmp Snooping Status

    4.6.1.6 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select the option IGMP Snooping Status from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest IGMP snooping status.

  • Page 165: Igmp Group Table

    4.6.1.7 IGMP Group Table In order to view the real-time IGMP multicast group status of the Managed Switch, select the option IGMP Group Table from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest IGMP group table. VLAN ID: VID of the specific VLAN.

  • Page 166: Mld Group Table

    v2 Reports: The total amount of received MLD Version 2 reports (packets). Done: The total amount of received MLD Version 1 done (packets). 4.6.1.9 MLD Group Table In order to view the real-time MLD multicast group status of the Managed Switch, select the option MLD Group Table from the IGMP/MLD Snooping menu and then the following screen page appears.

  • Page 167: Static Multicast Configuration

    4.6.2 Static Multicast Configuration Select the option Static Multicast Setup from the Multicast menu and then the following screen page appears. This table will display the overview of each configured static multicast entry. Up to 128 static multicast entries can be created. Occupied/Max Entry: View-only field.
  • Page 168 Click the icon to remove a specified registered static multicast entry and its settings from the static multicast table. Or click Batch Delete to remove a number of /all static multicast entries at a time by clicking on the checkbox belonging to the corresponding static multicast entry in the Action field and then click Delete Select Item, the selected static multicast entry/entries will be deleted immediately.

  • Page 169: Access Control List (Acl) Setup

    4.7 Access Control List (ACL) Setup Creating an access control list allows users to define who has the authority to access information or perform tasks on the network. In the Managed Switch, users can establish entries applied to port numbers to permit or deny actions. Select ACL Setup from the Main Menu and then the following screen page appears.
  • Page 170 Add an IPv4 ACL Entry Add an IPv6 ACL Entry...
  • Page 171 Sort By: Sort all of the created IPv4/IPv6 ACL entries by selecting Index/Sequence option from the Sort By pull-down menu. Index: The identification number for each ACL entry. Name: Specify the name of the ACL entry. Sequence: Valid range: 1-65536, 1 will be processed first. Default: 100 Enable: Enable or disable the ACL entry.
  • Page 172 Click the icon to modify the settings of a specified ACL entry. Click the icon to remove an existing ACL entry and its settings from the IPv4 or IPv6 ACL table. Or click Batch Delete to remove a number of /all ACL entries at a time by clicking on the checkbox belonging to the corresponding ACL entry in the Action field and then click Delete Select Item, the selected ACL entries will be deleted immediately.

  • Page 173: Security Setup

    4.8 Security Setup In this section, several Layer 2 security mechanisms are provided to increase the security level of your Managed Switch. Layer 2 attacks are typically launched by or from a device that is physically connected to the network. For example, it could be a device that you trust but has been taken over by an attacker.
  • Page 174 5. Storm Control: To prevent the Managed Switch from unicast, broadcast, and multicast storm. 6. Port Linkup Delay: Set up the delay time for activating the delay port(s). 7. Port Link Flap: Set up the maximum times of a port’s port link flap (linkdown or linkup) for sending the alarm message out via SNMP trap and syslog.

  • Page 175: Dhcp Snooping Configuration

    4.8.1 DHCP Snooping Configuration Select the option DHCP Snooping from the Security Setup folder and then three functions, including DHCP Snooping Setup, DHCP Option 82 / DHCPv6 Option 37 Setup and DHCP Snooping Table will be displayed for your selection. 4.8.1.1 DHCP Snooping Setup The following screen page appears if you choose DHCP Snooping Setup function.

  • Page 176: Dhcp Option 82 / Dhcpv6 Option 37 Setup

    4.8.1.2 DHCP Option 82 / DHCPv6 Option 37 Setup The Managed Switch can add information about the source of client DHCP requests that relay to DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information. The feature of DHCP Relay Agent Information adds Agent Information field to the Option 82 field that is in the DHCP headers of client DHCP request frames.
  • Page 177 Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time. To enable it, please click on its checkbox in the row of All port, and then all ports will be checked immediately afterwards.
  • Page 178 A DHCP request is from Port 1 that is marked as both Opt82 port and trust port. A. If a DHCP request is with Opt82 Agent information and then the Managed Switch will forward B. If a DHCP request is without Opt82 Agent information and then the Managed Switch will add Opt82 Agent information and forward it.

  • Page 179: Dhcp Snooping Table

    4.8.1.3 DHCP Snooping Table DHCP Snooping Table displays the Managed Switch’s DHCP Snooping table. The following screen page appears if you choose DHCP Snooping Table function. Refresh: Click Refresh to update the DHCP snooping table. Port of Client: View-only field that shows where the DHCP client binding port is. Port of Server: View-only field that shows the port where the IP addrsss is obtained from VID: View-only field that shows the VLAN ID of the client port.

  • Page 180: Ip Source Guard Setup

    4.8.2 IP Source Guard Setup Select the option IP Source Guard Setup from the Security Setup menu and then the following screen page appears. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.

  • Page 181: Port Isolation

    4.8.3 Port Isolation This is used to set up port’s communication availability that they can only communicate with a given "uplink". Please note that if the port isolation function is enabled, the Port-based VLAN will be invaild automatically. Also note that "Port Isolation" function is not "Private VLAN" fucntion. Select the option Port Isolation from the Security Setup menu and then the following screen page appears.

  • Page 182: Static Ipv4/Ipv6 Table Setup

    4.8.4 Static IPv4/IPv6 Table Setup Click the option Static IPv4/IPv6 Table Setup from the Security Setup menu and then the following screen page appears. This table will display the overview of each configured static IPv4/IPv6 IP address and port mapping. Up to 48 static IP addresses can be created. Occupied/Max Entry: View-only field.

  • Page 183: Configure Dhcp Snooping

    Click the icon to remove a specified static IP address entry and its settings from the static IPv4/IPv6 table. Or click Batch Delete to remove a number of /all static IP addresses at a time by clicking on the checkbox belonging to the corresponding static IP address in the Action field and then click Delete Select Item, the selected static IP address/addresses will be deleted immediately.
  • Page 184 Step 2. Enable DHCP Snooping Step 3. Connect your clients to the Managed Switch After you complete Step 1 & 2, connect your clients to the Managed Switch. Your clients will send a DHCP Request out to DHCP Server soon after they receive a DHCP offer. When DCHP Server responds with a DHCP ACK message that contains lease duration and other configuration information, the IP configuration process is complete.

  • Page 185: Storm Control

    4.8.5 Storm Control When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per port basis so as to protect network from broadcast/unknown multicast/ unknown unicast storms.
  • Page 186 Three options of frame traffic are provided to allow users to enable or disable the storm control: Unknown Unicast Rate: Enable or disable unknown Unicast traffic control and set up unknown Unicast Rate packet per second (pps) for each port. 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k can be chosen from the pull-down menu of each port.

  • Page 187: Port Linkup Delay

    4.8.6 Port Linkup Delay Port Linkup Delay is to set up a period of time for postponing the specific port(s) to be active in the stage of the system initialization. As for the remaining ports of the switch, they will be normally activated and be able to learn the MAC address first.

  • Page 188: Port Link Flap

    4.8.7 Port Link Flap Port Link Flap will notify the user the link-down and link-up alarm message of any port via SNMP trap and syslog when its port link flap times exceed the threshold. A port links down or links up, which will be considered as one time of this port’s port link flap.

  • Page 189: Loop Detection Configuration

    4.8.8 Loop Detection Configuration In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.
  • Page 190 Loop Detection Enable: Enable or disable the Loop Detection function on a system basis. The default setting is disabled. Detection Interval: This is the time interval (in seconds) that the device will periodically send loop detection packets to detect the presence of looped network. The valid range is from 1 to 20 seconds.
  • Page 191 Status: View-only field that shows the loop status of each port. Reason of being locked: View-only field that shows the cause why the port is locked. Unlock: Press the Unlock button to unlock the specific port if this port is locked.

  • Page 192: Maintenance

    4.9 Maintenance Maintenance allows users to monitor the real-time operation status of the Managed Switch for maintenance or diagnostic purposes and easily operate and maintain the system. Select the folder Maintenance from the Main Menu and then 6 options within this folder will be displayed for your selection.
  • Page 193 5. Port Link Flap Log: Count and record each port’s port link flap (a port’s linkdown or linkup) history, causes, and so on. 6. SFP Information: View the current port’s SFP information, e.g. speed, Vendor ID, Vendor S/N, etc.. SFP port state shows current DMI (Diagnostic monitoring interface) temperature, voltage, TX Bias, etc..

  • Page 194: Cpu And Memory Statistics

    4.9.1 CPU and Memory Statistics CPU & Memory Statistics is to manually or automatically update statistics of CPU and Memory. Select the option CPU & Memory Statistics from the Maintenance menu and then the following screen page appears. Refresh Page Interval: Automatically updates statistics of CPU & Memory at a specified interval in seconds.
  • Page 195 Load Averages – 1 min: The average active tasks percentage in last 1 minute. Load Averages – 5 min: The average active tasks percentage in last 5 minutes. Load Averages – 15 min: The average active tasks percentage in last 15 minutes. Total Memory: It shows the entire memory in kilobytes.

  • Page 196: Cpu Temperature Status

    4.9.2 CPU Temperature Status With the built-in temperature sensor, the Managed Switch is capable of detecting whether CPU temperature is at normal status or not. In addition, by the the notification via trap, syslog and event log, the user can realize the real-time CPU temperature to prevent the device’s lifespan from being shorten due to the abnormal operation environment.
  • Page 197 Refresh Page Interval: Automatically updates CPU temperature of the system at a specified interval in seconds. Please note that the value you assign in this parameter is temporarily used and will not be saved into the configuration file of the Managed Switch. This value will not be applied into the next system boot-up.
  • Page 198 Last Status Normal Over the Threshold Detected Status Send the “CPU No message will be sent. temperature is at or Normal under threshold” normal message. Send the “CPU Send the “CPU temperature is over temperature is over Over the threshold” alarm threshold”...

  • Page 199: Ping

    4.9.3 Ping Ping can help you test the network connectivity between the Managed Switch and the host. Select the option Ping from the Maintenance menu and then the following screen page appears. Enter the IPv4/IPv6 address of the host you would like to ping. You can also specify the count and size of the Ping packets.
  • Page 200 Click Clear All to clear the record of all event logs.

  • Page 201: Port Link Flap Log

    4.9.5 Port Link Flap Log Port Link Flap Log shows each port’s log history of trigger events such as the port link flap (a port’s linkdown or linkup), the count of port’s port link flap, the reason that causes these triggered events, the time duration that the port link flap lasts, Rx power(dBm) of SFP ports, and so on.
  • Page 202 Status Duration: The period of time that the specific port’s port link flap lasts until a new one occurs. This value is equal to the above parameters "Up Time" of the next index – "Up Time" of the specific index. (e.g. Index 5’s status duration = Index 6’s "Up Time" – Index 5’s "Up Time".) As to the status duration of the newest link flap, it will be equal to system’s "Up Time"...

  • Page 203: Sfp Information

    4.9.6 SFP Information Select the option SFP Information from the Maintenance menu and then two functions, including SFP Port Info and SFP Port State within this subfolder will be displayed. 4.9.6.1 SFP Port Info SFP Port Info displays each port’s slide-in SFP/SFP+ Transceiver information e.g. the speed of transmission, the distance of transmission, vendor Name, vendor PN, vendor SN, etc.
  • Page 204 Refresh: Click Refresh to update the SFP Port Info status. Port: The number of the SFP/SFP+ module slide-in port. Speed: Data rate of the slide-in SFP/SFP+ Transceiver. Distance: Transmission distance of the slide-in SFP/SFP+ Transceiver. Vendor Name: Vendor name of the slide-in SFP/SFP+ Transceiver. Vendor PN: Vendor PN of the slide-in SFP/SFP+ Transceiver.

  • Page 205: Sfp Port State

    4.9.6.2 SFP Port State SFP Port State displays each port’s slide-in SFP/SFP+ Transceiver information e.g. the currently detected temperature, voltage, TX Bias, etc.. The following screen page appears if you choose SFP Port State function. Refresh: Click Refresh to update the SFP Port State status. Port: The number of the SFP/SFP+ module slide-in port.

  • Page 206: Management

    4.10 Management In order to do the firmware upgrade, load the factory default settings, etc.. for the Managed Switch, please click the folder Management from the Main Menu and then 9 options will be displayed for your selection. 1. Management Access Setup: Enable or disable the specified network services, and set up the specific Telnet and Console services.
  • Page 207 Load Factory Settings: Load Factory Setting will reset the configuration including or excluding the IP and Gateway addresses of the Managed Switch back to the factory default settings. Auto-Backup Setup: Periodically execute the automatic backup of the start-up configuration files based on the given time you set up. Save Configuration: Save all changes to the system.

  • Page 208: Management Access Setup

    4.10.1 Management Access Setup Click the option Management Access Setup from the Management menu and then the following screen page appears. Telnet Service: To enable or disable the Telnet Management service. SSH Service: To enable or disable the SSH Management service. SNMP Service: To enable or disable the SNMP Management service.
  • Page 209 Unit: Specify the unit for the Console Time Out parameter. Web Time Out: Specify the desired time that the Managed Switch will wait before disconnecting an inactive web session. Valid range:1-1440 minutes.

  • Page 210: User Authentication

    4.10.2 User Authentication To prevent any unauthorized operations, only registered users are allowed to operate the Managed Switch. Users who would like to operate the Managed Switch need to create a user account first. To view or change current registered users, select the option User Authentication from the Management menu and then the following screen page shows up.
  • Page 211 Account State: Enable or disable this user account. User Name: Specify the authorized user login name. Up to 20 alphanumeric characters can be accepted. Password: Enter the desired user password. Up to 20 alphanumeric characters can be accepted. Retype Password: Enter the password again for double-checking. Description: Enter a unique description for this user.

  • Page 212: Radius Configuration

    NOTE: 1. To prevent incautious operations, users cannot delete their own account, modify their own user name and change their own account state. 2. The acquired hashed password from backup config file is not applicable for user login on CLI/Web interface. 3.
  • Page 213 RADIUS Secret Key: The word to encrypt data of being sent to RADIUS server. RADIUS Port: The RADIUS service port on RADIUS server. RADIUS Retry Times: Times of trying to reconnect if the RADISU server is not reachable. 1st RADIUS Server IPv4/IPv6 Address: IPv4/IPv6 address of the primary RADIUS server. 2nd RADIUS Server IPv4/IPv6 Address: IPv4/IPv6 address of the secondary RADIUS server.

  • Page 214: Snmp

    4.10.3 SNMP Select the option SNMP from the Management menu and then four functions, including SNMPv3 USM User, Device Community, Trap Destination and Trap Setup will be displayed for your selection. 4.10.3.1 SNMPv3 USM User Simple Network Management Protocol Version 3, SNMPv3 in short, features stronger security mechanism, including authentication and encryption that helps ensure that the message is from a valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source.
  • Page 215 Account State: View-only field that shows this user account is enabled or disabled. User Name: View-only field that shows the authorized user login name. Authentication: This is used to ensure the identity of users. The following is the method to perform authentication.
  • Page 216 SNMP Level: View-only field that shows user’s authentication level. Administrator: Own the full-access right, including maintaining user account & system information, load factory settings …etc. Read & Write: Own the full-access right but cannot modify user account & system information, cannot load factory settings. Read Only: Allow to view only.

  • Page 217: Device Community

    4.10.3.2 Device Community The following screen page appears if you choose Device Community function. This table will display the overview of each configured devcie community. Up to 10 devcie communities can be registered. Occupied/Max Entry: View-only field. Occupied: his shows the amount of total registered communities. Max: This shows the maximum number available for the device community registration.
  • Page 218 Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters. Description: Enter a unique description for this community name. Up to 35 alphanumeric characters can be accepted. This is mainly for reference only. when the settings are completed, this new community will be listed on the devcie Click community table, or click to cancel the settings.

  • Page 219: Trap Destination

    4.10.3.3 Trap Destination The following screen page appears if you choose Trap Destination function. State: Enable or disable the function of sending trap to the specified destination. Destination IP: Enter the specific IPv4/IPv6 address of the network management system that will receive the trap.

  • Page 220: Trap Setup

    4.10.3.4 Trap Setup The following screen page appears if you choose Trap Setup function. Cold Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch is turned on. Warm Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch restarts.
  • Page 221 Storm Control Trap: Enable or disable the Managed Switch to send a trap when broadcast/ unknown multicast/unknown unicast packets flood. And it will keep sending this trap upon the notification threshold interval setup of Storm Control function once these packets flood continuously.

  • Page 222: Led Control Setup

    4.10.4 LED Control Setup LED Control Setup allows the user to control the light intensity of all LEDs at will on the Managed Switch in order to decrease the possibility of the light pollution damage. Select the option LED Control Setup from the Management menu and then the following screen page shows up. LED Intensity: Assign the intensity of the light for all LEDs.

  • Page 223: Firmware Upgrade

    4.10.5 Firmware Upgrade The Managed Switch offers three methods, including HTTP, FTP and TFTP to back up/restore the configuration and update the firmware. To do this, please select the option Firmware Upgrade from the Management menu and then the following screen page appears. 4.10.5.1 Configuration Backup/Restore via HTTP To back up or restore the configuration via HTTP, just pull down the Protocol menu and select HTTP.

  • Page 224: Firmware Upgrade Via Http

    Backup: Click Backup to begin download the configuration file to your PC. Select File: Click Choose File to select the designated data and then click Update to restore the configuration. 4.10.5.2 Firmware Upgrade via HTTP To update the firmware via HTTP, just pull down the Protocol menu and select HTTP. Also configure the type of file as “Firmware”...

  • Page 225: Configuration Backup/Restore Via Ftp/Tftp

    4.10.5.3 Configuration Backup/Restore via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may back up or restore the configuration via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Configuration” to process. The related parameter description is as below.

  • Page 226: Firmware Upgrade Via Ftp/Tftp

    4.10.5.4 Firmware Upgrade via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may update the firmware via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Firmware” to process. The related parameter description is as below. Protocol: Select the preferred protocol, either FTP or TFTP.

  • Page 227: Load Factory Settings

    4.10.6 Load Factory Settings Load Factory Settings will set all the configurations of the Managed Switch back to the factory default settings, including the IP and Gateway address. Load Factory Setting is useful when network administrators would like to re-configure the system. A system reset is required to make all changes effective after Load Factory Setting.

  • Page 228: Auto-Backup Setup

    4.10.7 Auto-Backup Setup In the Managed Switch, the forementioned HTTP Upgrade and FTP/TFTP Upgrade functions are offered for the users to do the manual backup of the start-up configuration. Alternatively, you can choose the Auto-Backup Setup function to do this backup automatically and periodically. It is useful to prevent the loss of users’...
  • Page 229 Auto Backup: Enable/Disable the auto-backup function for the start-up configuration files of the device. Backup Time: Set up the time when the backup of the start-up configuration files will start every day for the system. Protocol: Either FTP or TFTP server can be selected to backup the start-up configuration files. File Type: Display the type of files that will be backed up.

  • Page 230: Save Configuration

    4.10.8 Save Configuration In order to save the configuration permanently, users need to save configuration first before resetting the Managed Switch. Select the option Save Configuration from the Management menu and then the following screen page appears. Click OK to save the configuration. Alternatively, you can also press the Save quick button located on the top-right side of the webpage, which has the same function as Save Configuration.
  • Page 231 APPENDIX A: Free RADIUS readme The advanced RADIUS Server Set up for RADIUS Authentication is described as below. When free RADIUS client is enabled on the device, On the server side, it needs to put this file "dictionary.sample" under the directory /raddb, and modify these three files - "users", "clients.conf"...
  • Page 232 APPENDIX B: Set Up DHCP Auto-Provisioning Networking devices, such as switches or gateways, with DHCP Auto-provisioning function allow you to automatically upgrade firmware and configuration at startup process. Before setting up DHCP Server for auto-upgrade of firmware and configuration, please make sure the Managed Switch that you purchased can support DHCP Auto-provisioning.
  • Page 233 Step 2. Set up Auto Provision Server  Update DHCP Client Linux Fedora 12 supports “yum” function by default. First of all, update DHCP client function by issuing “yum install dhclient” command.  Install DHCP Server Issue “yum install dhcp” command to install DHCP server.
  • Page 234  Copy dhcpd.conf to /etc/dhcp/ directory Copy dhcpd.conf file provided by the vendor to /etc/dhcp/ directory. Please note that each vendor has their own way to define auto provisioning. Make sure to use the file provided by the vendor.  Enable and run DHCP service 1.
  • Page 235 Step 3. Modify dhcpd.conf file  Open dhcpd.conf file in /etc/dhcp/ directory Double-click dhcpd.conf placed in /etc/dhcp/ directory to open it.
  • Page 236  Modify dhcpd.conf file The following marked areas in dhcpd.conf file can be modified with values that work with your networking environment. 1. Define DHCP default and maximum lease time in seconds. Default lease time: If a client does not request a specific IP lease time, the server will assign a default lease time value.
  • Page 237 5. This value is configurable and can be defined by users. 6. Specify the protocol used (Protocol 1: FTP; Protocol 0: TFTP). 7. Specify the FTP or TFTP IP address. 8. Login TFTP server anonymously (TFTP does not require a login name and password). 9.
  • Page 238  Restart DHCP service...
  • Page 239 Every time when you modify dhcpd.conf file, DHCP service must be restarted. Issue “killall dhcpd” command to disable DHCP service and then issue “dhcpd” command to enable DHCP service. Step 4. Backup a Configuration File Before preparing a configuration file in TFTP/FTP Server, make sure the device generating the configuration file is set to “Get IP address from DHCP”...
  • Page 240 B. Auto-Provisioning Process This switching device is setting-free (through auto-upgrade and configuration) and its upgrade procedures are as follows: 1. The ISC DHCP server will recognize the device whenever it sends an IP address request to it, and it will tell the device how to get a new firmware or configuration. 2.
  • Page 241 APPENDIX C: VLAN Application Note Overview A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme instead of the physical layout. It can be used to combine any collection of LAN segments into a group that appears as a single LAN so as to logically segment the network into different broadcast domains.
  • Page 242 I. Port-Based VLAN Port-Based VLAN is uncomplicated in implementation and is useful for network administrators who wish to quickly and easily set up VLANs to isolate the effect of broadcast packets on their network. In the network diagram provided below, the network administrator is required to set up VLANs to separate traffic based on the following design conditions: ...
  • Page 243 CLI Configuration: Steps… Commands… Switch> enable 1. Enter Global Configuration Password: mode. Switch#config Switch(config)# Switch(config)# vlan port-based Marketing 2. Create port-based VLANs OK ! “Marketing” and “RD” Switch(config)# vlan port-based RD OK ! 3. Select port 1, 21, 23 and 28 to Switch(config)# interface 1,21,23,28 Switch(config-if-1,21,23,28)# configure.
  • Page 244 2. Click “Add Port Based VLAN” to add a new Port-Based VLAN VLAN Setup>Port Based VLAN>Add Port Based VLAN 3. Add Port 1, 21, 23 and 28 in a group and name it to “Marketing”. VLAN Setup>Port Based VLAN>Add Port Based VLAN Click to apply the new settings when completing.
  • Page 245 5. Add Port 2, 22, 23 and 28 in a group and name it to “RD”. VLAN Setup>Port Based VLAN>Add Port Based VLAN Click to apply the new settings when completing. 6. Check Port-Based VLAN settings. VLAN Setup>Port Based VLAN NOTE: By default, all ports are member ports of the Default_VLAN.
  • Page 246 II. Data VLAN In networking environment, VLANs can carry various types of network traffic. The most common network traffic carried in a VLAN could be voice-based traffic, management traffic and data traffic. In practice, it is common to separate voice and management traffic from data traffic such as files, emails.
  • Page 247 4. Set Port 28 to trunk mode. Switch(config)# interface 28 Switch(config-if-28)# vlan dot1q-vlan mode trunk OK ! Switch(config-if-28)# exit 5. Change Port 1’s Access VLAN Switch(config)# interface 1 Switch(config-if-1)# vlan dot1q-vlan pvid 11 ID into “11”. OK ! Switch(config-if-1)# exit Switch(config)# show vlan interface 6.
  • Page 248 2. Create a new Data VLAN 11 that includes Port 1 and Port 28 as members. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing.. icon belonging to the new Trunk VLAN 11 named VLAN0011, and the following 3.
  • Page 249 4. Check Trunk VLAN 11 settings. VLAN Setup>IEEE 802.1q Tag VLAN>Trunk VLAN Setup...
  • Page 250 5. Change Port 1’s Access VLAN ID into 11, and set Port 28 to trunk mode. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing. Treatments of Packets: 1. A untagged packet arrives at Port 1 When an untagged packet arrives at Port 1, Port 1’s Port VLAN ID (11) will be added to the original port.
  • Page 251 III. Management VLAN For security and performance reasons, it is best to separate user traffic and management traffic. When Management VLAN is set up, only a host or hosts that is/are in this Management VLAN can manage the device; thus, broadcasts that the device receives or traffic (e.g. multicast) directed to the management port will be minimized.
  • Page 252 1. Change the Management default VLAN 1 into VLAN 15 that includes Port 25, 26, 27 and 28 under the Access mode. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you click OK to apply.
  • Page 253 Note2: To check the current status of Management VLAN, please refer to VLAN Table.
  • Page 254 2. Now, change the Management VLAN 15 into VLAN 20 and includes Port 25, 26 and 27 under Access mode (It’s necessary to include Port 26 to prevent the disconnection.) VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing..
  • Page 255 Note: To check the current status of Management VLAN, please refer to VLAN Table.
  • Page 256 Web Management Configuration (Trunk Mode): In Management VLAN Network Diagram shown below, the management PC on the right would like to manage the Managed Switch on the left remotely. You can follow the steps described below to set up the Management VLAN. Management VLAN Network Diagram Supposed that the Management PC is remotely connected to Managed Switch Port 15 as shown above while we have a variety of existing trunk vlan and the Management VLAN 15 is set on Port...
  • Page 257 1. Change the Management VLAN 15 into VLAN 20 that includes Port 25, 26, 27 under Trunk mode. Click OK to apply the new settings when completing. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you click OK to apply.
  • Page 258 Then, Management VLAN has been changed into VLAN 20. IEEE 802.1q Tag VLAN Table VLAN Interface...
  • Page 259 CLI Configuration (Access Mode): Supposed that we have the default Management VLAN whose VLAN ID is 1 for all ports, we can create new Management VLANs as required. This example is to demonstrate how to set up Management VLAN 15 and then change VLAN 15 into VLAN 20 on specified ports under Access mode.
  • Page 260 2. Now, change the Management VLAN 15 into VLAN 20 and includes Port 25, 26 and 27 to Access mode (It’s necessary to include Port 26 to prevent the disconnection.) Steps… Commands… Switch> enable 1. Enter Global Configuration Password: mode. Switch# configure Switch(config)# Switch(config)# vlan management-vlan 20...
  • Page 261 CLI Configuration(Trunk Mode): This part is to demonstrate how to change Management VLAN 15 into VLAN 20 on specified ports under Trunk mode. Supposed that we have the existing Management VLAN 15 on Port 25,26,27,28 and CPU, we can create new Management VLAN 20 as required. Here, we supposed that the Management PC is remotely connected to Managed Switch Port 15.
  • Page 262 IV. Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
  • Page 263 0 access . . . 0 access 0 trunk 1 15 NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Default_VLAN from the VLAN table, make sure you have correct management VLAN and VLAN mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command.
  • Page 264 This page is intentionally left blank. Revision History Manual Version Modification Firmware Version Date Add SSH function 1.08.90 2012/4 Remove CFM function Add “show default-setting” CLI command Modify Appendix C - VLAN Application 1.08.00 2011/9 Note with new CLI and Web GUI Revise VLAN descriptions...

Table of Contents