6 ports 10/100/1000base-t managed ethernet switch; 5 ports 10/100/1000base-t and 1 port 1000base-x or
100/1000base-x uplink managed ethernet switch; 5 ports 10/100/1000base-t and 1 port 1000base-x or
100/1000base-x uplink management ethernet switch with (13 pages)
9 ports 10/100/1000base-t ethernet managed switch 8 ports 10/100/1000base-t ethernet managed switch with 1 port 1000base-x uplink or 1 port 100/1000base-x uplink 8 ports 10/100/1000base-t ethernet managed switch with 1 port 1000base-x uplink or 1 port 100 (92 pages)
Page 2
Revision History Version Date Description 1.00.00 2018/04/26 First release Add the description of L2PT function and CTS 1.00.02 2018/07/04 branches’ contact information. 1.00.07 2018/10/15 Add the description of fast redundancy function. Revise: Management Command (Section 2.6.16) Interface Command (Section 2.6.32) 1.00.0I...
Page 3
Trademarks CTS is a registered trademark of Connection Technology Systems Inc. Contents are subject to revision without prior notice. All other trademarks remain the property of their owners. Copyright Statement Copyright Connection Technology Systems Inc. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc.
Page 4
CTS Contact Information Headquarter/Manufacturer: ▓ Connection Technology Systems Inc. 18F-6, No.79, Sec.1, Xintai 5th Rd., XiZhi Dist., New Taipei City 221, Taiwan(R.O.C) Tel: +886-2-2698-9661 Fax: +886-2-2698-9662 Dir.Line:+886-2-2698-9201 www.ctsystem.com Global Authorized Representatives: ▓ Connection Technology USA Inc. Connection Technology Systems Japan...
1. INTRODUCTION Thank you for using the 4 10/100/1000Base-T up to 30W PoE ports plus 2 100/1000Base-X SFP ports Managed Industrial PoE Gigabit Ethernet Switch that is specifically designed for FTTx applications. The Managed Industrial Switch provides a built-in management module that enables users to configure and monitor the operational status both locally and remotely.
Ethernet Switch. Direct RJ-45 LAN cable connection between a PC and the Managed Industrial PoE Ethernet Switch is required for Web Management. 1.2 Management Software The following is a list of management software options provided by this Managed Industrial PoE Ethernet Switch: ...
1.3 Management Preparations After you have decided how to manage your Managed Industrial PoE Ethernet Switch, you are required to connect cables properly, determine the Managed Industrial PoE Ethernet Switch IP address and, in some cases, install MIB shipped with your Managed Industrial PoE Ethernet Switch.
Page 14
IP Addresses IP addresses have the format n.n.n.n, (The default factory setting is 192.168.0.1). IP addresses are made up of two parts: The first part (for example 192.168.n.n) refers to network address that identifies the network where the device resides. Network addresses are assigned by three allocation organizations. Depending on your location, each allocation organization assigns a globally unique network number to each network which intends to connect to the Internet.
2. Command Line Interface (CLI) This chapter introduces you how to use Command Line Interface CLI, specifically in: Local Console Telnet Configuring the system Resetting the system The interface and options in Local Console and Telnet are the same. The major difference is the type of connection and the port that is used to manage the Managed Industrial PoE Ethernet Switch.
2.2 Remote Console Management - Telnet You can manage the Managed Industrial PoE Ethernet Switch via Telnet session. However, you must first assign a unique IP address to the Switch before doing so. Use the Local Console to login the Managed Industrial PoE Ethernet Switch and assign the IP address for the first time. Follow these steps to manage the Managed Industrial PoE Ethernet Switch through Telnet session: Step 1.
2.3.1 General Commands This section introduces you some general commands that you can use in User, Privileged, and Configuration modes, including “help”, “exit”, “history” and “logout”. Entering the command… To do this… Available Modes User Mode Obtain a list of available help Privileged Mode commands in the current mode.
2.3.3 Command Format While in CLI, you will see several symbols very often. As mentioned above, you might already know what “>”, “#” and (config)# represent. However, to perform what you intend the device to do, you have to enter a string of complete command correctly. For example, if you want to assign IP address for the Managed Industrial PoE Ethernet Switch, you need to enter the following command with the required parameter and IP, subnet mask and default gateway: Switch(config)#ip address [A.B.C.D] [255.X.X.X] [A.B.C.D]...
Example 2: specifying three values (separated by commas) Switch(config)#qos 802.1p-map 1,3 0 Switch(config)#qos dscp-map 10,13,15 3 Example 3: specifying a range of values (separated by a hyphen) Switch(config)#qos 802.1p-map 1-3 0 Switch(config)#qos dscp-map 10-15 3 2.3.4 Login Username & Password Default Login When you enter Console session, a login prompt for username and password will appear to request a valid and authorized username and password combination.
2.4 User Mode In User mode, only a limited set of commands are provided. Please note that in User mode, you have no authority to configure advanced settings. You need to enter Privileged mode and Configuration mode to set up advanced functions of the Switch. For a list of commands available in User mode, enter the question mark (?) or “help”...
Example Switch> ping 8.8.8.8 Switch> ping 8.8.8.8 –s 128 –t 10 Switch> ping 2001:4860:4860::8888 Switch> ping 2001:4860:4860::8888 –s 128 –t 10 2.4.3 Traceroute Command Traceroute is used to trace the path between the local host and the remote host. Enter the traceroute command in User mode.
2.5 Privileged Mode The only place where you can enter the Privileged mode is in User mode. When you successfully enter the Privileged mode (this mode is password protected), the prompt will be changed to Switch# (the model name of your device together with a pound sign). Enter the question mark (?) or help command to view a list of commands available for use.
[file name] [running backup. | default | startup ] [running | default Specify backup config to be running, default or [user_name] | startup ] startup [password] [user_name] Enter the username for FTP server login. [password] Enter the password for FTP server login. Switch# copy-cfg to [A.B.C.D | Enter the IP address of your TFTP server.
2.5.3 Loopback Command Loopback is used to test the networking cable connectivity between devices. Enter the loopback command in Privileged mode. In this command, you need to specify the diagnostic port, accompany port, VLAN ID and the time value for the loopback test. Command Parameter Description...
2.5.6 Traceroute Command Command Parameter Description Switch# traceroute [A.B.C.D | Enter the IP/IPv6 address that you would like to [A.B.C.D | A:B:C:D:E:F:G:H] ping. A:B:C:D:E:F:G:H] [- [-h (1-100)hops] Specify max hops between the local host and the h (1-100)hops] remote host Example Switch# traceroute 8.8.8.8 Switch# traceroute 8.8.8.8 –h 30...
Page 26
System Contact: Display the contact information for this Managed Industrial PoE Ethernet Switch. Use “switch-info system-contact [sys_contact]” command to edit this field. System Name: Display a descriptive system name for this Managed Industrial PoE Ethernet Switch. Use “switch-info system-name [sys_name]” command to edit this field. System Location: Display a brief location description for this Managed Industrial PoE Ethernet Switch.
Page 27
5. Show CPU & Memory Statistics Show CPU utilization and memory usage rate. Refer to “show switch-info command” section.
2.6 Configuration Mode When you enter “configure” or “config” and press “Enter” in Privileged mode, you will be directed to the Global Configuration mode where you can set up advanced switching functions, such as QoS, VLAN and storm control security globally. All commands entered will apply to running-configuration and the device’s operation.
Switch(config)# interface 1-3 Enter three continuous interfaces. Use a Switch(config-if-1-3)# hyphen to signify a range of interface numbers. In this example, interface 1, 2, and 3 will apply commands entered. Switch(config)# interface 1,3-5 Enter a single interface number together with Switch(config-if-1,3-5)# a range of interface numbers.
Page 30
Current Boot Image: The image that is currently using. Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device. M/B Version: Display the main board version.
2.6.4 ACL Command Command Parameter Description Switch(config)# acl [1-192] [1-192] The total number of ACL rule can be created is 192. Use this command to enter ACL configuration mode for each ACL rule. When you enter each ACL rule, you can further configure detailed settings for this rule.
Page 33
Switch(config-acl-RULE)# Reset IPv4 protocol and IPv6 next header back to the default “ANY”. no protocol Switch(config-acl-RULE)# Disable rate limitation. no rate-limit Switch(config-acl-RULE)# Reset source IPv4 address back to the no source-ipv4 default (ANY). Switch(config-acl-RULE)# Reset source IPv6 address back to the no source-ipv6 default (ANY).
2.6.5 Archive Command Command Parameter Description Switch(config)# archive Enable the auto-backup configuration auto-backup files function. Switch(config)# archive [A.B.C.D | Specify the IP/ IPv6 address of the auto-backup path ftp A:B:C:D:E:F:G:H] FTP server. [A.B.C.D | [file_directory] Specify the file directory of the FTP A:B:C:D:E:F:G:H] server to save the start-up [file_directory] [user_name]...
2.6.6 Channel-group Command 1. Configure a static link aggregation group (LAG). Command Parameter Description Switch(config)# channel-group [group_name] Specify a name for this link trunking [group_name] aggregation group. Use “interface” command to Switch(config)# interface [port_list] [port_list] [group_name] configure a group of ports’ link Switch(config-if-PORT-PORT)# aggregation link membership.
Page 36
Show command Switch(config)# show channel-group Show link aggregation settings. trunking Switch(config)# show channel-group [trunk_name] Show a specific link aggregation trunking [trunk_name] group’s settings including aggregated port numbers and load-balancing status. Below is an example of creating a static link aggregation group (port trunking group) using Channel-group commands to have the users realize the commands we mentioned above in this section.
Page 37
STEP8 group_name channel-group trunking In this example, it configures the name of the Trunking Group as “ABCGROUP”. Example: Switch(config)# channel-group trunking ABCGROUP OK ! port_list STEP9 interface Speciy the interface that you would like to set to Trunking Group. Example: Switch(config)# interface 1,3 Switch(config-if-1,3)# STEP10...
Page 38
2. Use “Interface” command to configure link aggregation groups dynamically (LACP). Channel-group & Interface Parameter Description command Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Enable LACP on the selected channel-group lacp...
Page 39
Below is an example of creating a dynamic link aggregation group using Channel-group commands to have the users realize the commands we mentioned above in this section. Command Purpose STEP1 Enter the global configure configuration mode. Example: Switch# config Switch(config)# STEP2 channel-group distribution-rule source-ip Enable Source IP Address...
Page 40
STEP10 channel-group lacp role active In the Example 1, it configures LACP Port [no channel-group lacp role] 2~4 as “Active” in LACP Role. Example 1: In the Example 2, it Switc (config-if-2-4)# channel-group lacp role active configures LACP Port OK ! 2~4 as “Passive”...
2.6.7 Dot1x Command Command Parameter Description Switch(config)# dot1x Enable IEEE 802.1X/MAB function. When enabled, the Managed Industrial PoE Ethernet Switch acts as a proxy between the 802.1X- enabled client and the authentication server. In other words, the Managed Industrial PoE Ethernet Switch requests identifying information from the client, verifies that information with the...
Page 42
status [port_list] 802.1X/MAB status. Examples of Dot1x command Switch(config)# dot1x Enable IEEE 802.1X/MAB function. Switch(config)# dot1x reauthentication Enable auto reauthentication function of the system. Switch(config)# dot1x secret agagabcxyz Set up the shared secret to “agagabcxyz”. Switch(config)# dot1x server 192.168.1.10 Set up the RADIUS authentication server IP address to 192.168.1.10.
Page 43
Industrial PoE Ethernet Switch will wait for a period of time for the response from the authentication server to an authentication request before it times out. The allowable value is between 1 and 255 seconds. Switch(config-if-PORT-PORT)# [1-65535] Specify a period of reauthentication dot1x timeout reauth-period [1- time that a client authenticates with 65535]...
Examples of Dot1x & interface command Switch(config)# interface 1-3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Set up the selected ports to “auto” Switch(config-if-1-3)# dot1x port-control auto state.
Page 45
Switch(config-output-1)# Reset the normal digital output type no normal back to the default. (Open) Switch(config-output-1)# Disable the alarm of the specified no event digital-input [1] digital input number for the Digital Output 1. Switch(config-output-1)# [port_list] Disable the port alarm of the specified no event port [port_list] port(s) for the Digital Output 1.
2.6.9 Fast-redundancy Command Besides RSTP and Ring Detection, the employment of CTS’s proprietary fast redundancy on your network will help protect mission-critical links against failures, avoids the occurrence of network loops, and keeps network downtime to a minimum to assure the reliability of the network. With these network redundancy, it allows the user to set up redundant loops in a network to provide a backup data transmission route in the event of the disconnection or damage of the cables.
Page 47
Show command Description Display all groups’ fast redundancy Switch# show fast- redundancy all information, status and redundancy port status. Display the specified group’s fast Switch# show fast- [1-2] redundancy id [1-2] redundancy information, status and redundancy port status. Display all groups’ fast redundancy Switch(config)# show fast- redundancy all information, status and redundancy...
2.6.10 IP Command 1. Set up an IP address of the Managed Industrial PoE Ethernet Switch or configure the Managed Industrial PoE Ethernet Switch to get an IP address automatically from DHCP server. IP command Parameter Description Switch(config)# ip enable Enable IPv4 address processing.
Page 49
Switch(config)# ip dhcp Enable DHCP Option 82 / DHCPv6 snooping remote Option 37 Manual Remote Id. Switch(config)# ip dhcp Enable the Formatted Option 82 / snooping remote formatted DHCPv6 Option 37 Remote Id. Switch(config)# ip dhcp [remote_id] You can configure the DHCP Option 82 / snooping remote id DHCPv6 Option 37 remote ID to be a [remote_id]...
Page 50
Switch(config)# ip dhcp snooping initiated 10 Specify the time value that packets might be received to 10 seconds. Specify packets’ expired time to 240 Switch(config)# ip dhcp snooping leased 240 seconds. Switch(config)# ip dhcp snooping option Enable DHCP Option 82 Relay Agent. The remote ID is configured as “123”.
Page 51
Switch(config-if-PORT-PORT)# Reset the selected interfaces back to non- no ip dhcp snooping server-trust DHCP/DHCPv6 server trust ports. Examples of DHCP & Interface Switch(config)# interface 1-3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Enable the selected interfaces’...
Page 52
4. Enable or disable IGMP/MLD snooping globally. IGMP, Internet Group Management Protocol, is a communication protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It can be used for online streaming video and gaming, and allows more efficient use of resources when supporting these uses.
Page 53
Switch(config)# ip igmp [port_list] Specify multicast router ports. snooping mcast-router [port_list] Switch(config)# ip igmp [1-6000] Specify the Query time interval of snooping query-interval [1-6000] IGMP/MLD querier. This is used to set up the time interval between transmitting IGMP/MLD queries. (Range:1-6000 seconds) Switch(config)# ip igmp [1-4094]...
Page 54
5. Configure IGMP filtering policies. IGMP Filtering command Parameter Description Switch(config)# ip igmp filter Globally enable IGMP filtering function. Switch(config)# ip igmp profile [profile_name] Create or modify a profile for IGMP [profile_name] filter. The maximum length of profile name is 20 characters. Up to 60 profiles can be created.
Page 55
Examples of IGMP Filtering Command Switch(config)# ip igmp filter Enable IGMP filtering function. Create a segment “50”. Switch(config)# ip igmp segment 50 Specify a name “Silver” for this Switch(config-segment-50)# name Silver segment 50. Switch(config-segment-50)# range 224.10.0.2 Specify a multicast IP range 229.10.0.1 224.10.0.2 to 229.10.0.1 to segment Switch(config)# ip igmp profile Silverprofile...
Page 56
no ip igmp max-groups multicast streams back to the default (512 channels). Switch(config-if-PORT)# no ip [E.F.G.H | Remove this static multicast IP igmp static-multicast-ip E:F:G:H:I:J:K:L] [E.F.G.H | E:F:G:H:I:J:K:L] vlan Note: Only one port could be [1-4094] assigned at a time. [1-4094] Remvoe the specified VLAN ID.
Page 57
7. Set Up IP Source Binding Function Command Parameter Description Switch(config)# ip source binding [1-5] Specify the IP/IPv6 address security [1-5] ip-address [A.B.C.D | binding number. A:B:C:D:E:F:G:H] [A.B.C.D | A:B:C:D:E:F:G: Specify IP/IPv6 address. Switch(config)# ip source binding [1-5] Enable the IP/IPv6 address for the [1-5] specified number.
Page 58
Switch(config-if-PORT)# ip [A.B.C.D | Add a static IP/IPv6 address to static sourceguard static-ip [A.B.C.D A:B:C:D:E:F:G:H] IP address table. | A:B:C:D:E:F:G:H] vlan [1- 4094] Note: Only one port could be assigned at a time. [1-4094] Specify a VLAN ID. Note : Static IP can only be configured when IP sourceguard is set to fixed-ip.
2.6.11 IPv6 Command Brief Introduction to IPv6 Addressing IPv6 addresses are 128 bits long and number about 3.4×1038. IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPv6 unicast addresses other than those that start with binary 000 are logically divided into two parts: a 64-bit network prefix and a 64-bit interface identifier.
Page 60
Set up the IPv6 address of the Managed Industrial PoE Ethernet Switch or configure the Managed Industrial PoE Ethernet Switch to get an IP address automatically from DHCPv6 server. IPv6 command Parameter Description Switch(config)# ipv6 Configuration of IPv6 addresses using address autoconfig stateless autoconfiguration.
2.6.12 LLDP Command LLDP stands for Link Layer Discovery Protocol and runs over data link layer. It is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.
Page 62
Show command Switch# show lldp Show LLDP settings. Switch# show lldp interface Show each interface’s LLDP configuraiton. Switch# show lldp interface [port_list] Show the selected interfaces’ LLDP configuration. Switch# show lldp status Show the current LLDP status. Switch(config)# show lldp Show LLDP settings.
2.6.13 Loop Detection Command In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.
Page 64
NOTE: 1. Be aware that Looped port unlock- interval converted into seconds should be greater than or equal to Detection Interval seconds multiplied by 10. The ‘10’ is a magic number which is for the system to claims the loop detection disappears when the system does not receive the loop- detection packet from itself at least 10 times.
Page 65
Switch(config)# show loop- [port_list] Show Loop Detection status of the detection status [port_list] specified port(s). Examples of Loop Detection command Switch(config)# loop-detection interval 60 Set the Loop Detection time interval to 60 seconds. Switch(config)# loop-detection unlock-interval 120 Set the Loop Detection unlock time interval to 120 minutes.
2.6.14 l2protocol-tunnel Command L2PT (Layer 2 protocol tunneling) allows Layer 2 protocol data units (PDUs), including CDP(Cisco Discovery Protocol), LLDP(Link Layer Discovery Protocol), STP(Spanning Tree Protocol), VTP(Vlan Trunking Protocol), LACP(Link Aggregation Control Protocol), PAgP(Port Aggregation Protocol), UDLD(Unidirectional Link Detection), to be tunneled through a network. GBPT, also referred to as Generic Bridge PDU Tunneling, provides a scalable approach to PDU tunneling by software encapsulating the PDUs in the ingress edge switches and then multicasting them in hardware.
Page 67
Clear each PDU’s encapsulation and Switch(config)# show l2protocol-tunnel clear decapsulation counters of all ports. Examples of L2PT command Switch(config)# l2protocol-tunnel Enable L2PT function. Specify the priority bit value “3” to L2PT Switch(config)# l2protocol-tunnel cos 3 Class of Service (CoS). Use “Interface” command to configure Layer 2 protocol data units (PDUs) settings. L2PT &...
Page 68
Switch(config-if-PORT-PORT)# no Disable point-to-point layer 2 protocol l2protocol-tunnel point-to-point tunneling for PAgP packets on the pagp selected port(s). Switch(config-if-PORT-PORT)# no Disable point-to-point layer 2 protocol l2protocol-tunnel point-to-point tunneling for UDLD packets on the udld selected port(s). Switch(config-if-PORT-PORT)# no Disable layer 2 protocol tunneling for l2protocol-tunnel stp STP packets on the selected port(s).
2.6.15 MAC Command Set up MAC address table aging time. Entries in the MAC address table containing source MAC addresses and their associated ports will be deleted if they are not accessed within aging time. MAC Command Parameter Description Switch(config)# mac address- Specify the aging time for MAC addresses table aging-time [0-172800s] 172800s]...
with the Destination MAC address can be forwarded to the selected port. Switch(config-if-PORT- Enable MAC learning function of the PORT)# mac learning selected port(s). No command Switch(config-if-PORT)# no [xx:xx:xx:xx:xx:xx] Remove the specified MAC address mac address-table static-mac from the MAC address table. [xx:xx:xx:xx:xx:xx] vlan [1- 4094] Note: Only one port could be set at...
Page 71
disable] the Managed Industrial PoE Ethernet Switch via the specified web management method between http and https. Switch(config)# management [1-1440] To disconnect the Managed Industrial PoE web timeout [1-1440] Ethernet Switch when web management is inactive for a certain period of time. The allowable value is from 1 to 1440(minutes).
2.6.17 Mirror Command Command Parameter Description Switch(config)# mirror [port] Specify the preferred target port (1~6) for destination [port] port mirroring. Switch(config)# mirror source [port_list] Specify a source port number or several [port_list] source port numbers for port mirroring. NOTE: The port selected as the target port cannot be the source port.
Page 73
interval [1-8] Industrial PoE Ethernet Switch synchronize with NTP time server. 1=1hour, 2=2hours, 3=3hours, 4=4hours, 5=6hours, 6=8hours, 7=12hours, 8=24hours Switch(config)# ntp time- [0-135] Specify the time zone to which the zone [0-135] Managed Industrial PoE Ethernet Switch belongs. Use space and a question mark to view the complete code list of 136 time zones.
2.6.19 PoE Command PoE (Power Over Ethernet) is the technology that a data-carrying LAN cable can play a role in power supplier. Typically, a PoE switch is deployed at the center of the network for power transmission and supplys electricity to PDs (powered devices) up to 100 meters away through TP ports.
Page 75
2. Use “interface” command to configure PoE parameters per TP port for PDs. Interface Command Parameter Description Switch(config-if-PORT-PORT)# [shutdown | Set up PoE operation mode for the poe operation [shutdown | injector-30watt selected PoE port(s). injector-30watt | auto-af/at] | auto-af/at] Switch(config-if-PORT)# poe [device_name] Specify a name to the PD connected...
Page 76
Switch(config-if-PORT-PORT)# Disable PoE schedule function on the no poe schedule selected port(s). Switch(config-if-PORT-PORT)# [time-range- Remove PoE schedule setting from the no poe schedule [time-range- name] selected port(s). name]...
2.6.20 QoS Command 1. Set up Qos QoS command Description Parameter Switch(config)# qos [802.1p | dscp] [802.1p | dscp] Specify QoS mode. Switch(config)# qos dscp-map [0- [0-63] Specify a DSCP bit value. 63] [0-7] [0-7] Specify a queue value. Switch(config)# qos management- [0-7] Specify management default priority [0-7]...
Page 78
back to the default. Switch (config-dscp-map-ID)# no Reset the new DSCP bit value new-dscp for the selected priority mapping ID back to the default. Switch (config-dscp-map-ID)# no rx- Reset the received DSCP bit dscp value for the selected priority mapping ID back to the default. Switch(config)# no qos remarking Globally disable 802.1p bit 802.1p...
Page 79
Switch for example to let the users have a clear understanding of these QoS commands. Under this network environment, IPS-3106-SE-PB will be configured as Table 2-1. Port 1-5 are client ports and Port 6 is the uplink port of the device. Client ports will receive the data traffic with different VLAN P-bit value.
Page 80
Below is the complete CLI commands applied to IPS-3106-SE-PB Managed Industrial PoE Ethernet Switch. Command Purpose STEP1 configure Enter the global configuration mode. Example: Switch# config Switch(config)# STEP2 qos 802.1p In this example, it configures the QoS Mode to 802.1p.
Page 81
STEP10 port_list interface Specify Port 5 that you would like to configure QoS Rate limit. Example: Switch(config)# interface 5 Switch(config-if-5)# STEP11 limit_rate(kbps) In this example, it configures qos rate-limit ingress Port 5 with 1G Ingress Rate. Example: Switch(config-if-5)# qos rate-limit ingress 1000000 OK ! limit_rate(kbps) STEP12...
Page 82
After completing the QoS settings for your IPS-3106-SE-PB switches, you can issue the commands listed below for checking your configuration Example 1, Switch(config)# show qos ======================================================================= QoS Information ======================================================================= QoS Mode : 802.1p Egress Mode : weight Weight : 1:2:3:4:5:6:7:8...
Page 83
Example 2, Switch(config)# show vlan interface ======================================================================== IEEE 802.1q Tag VLAN Interface : ======================================================================== Dot1q-Tunnel EtherType : : 0x9100 Port Access-vlan User Priority Port VLAN Mode Trunk-vlan ------ ----------------- ---------------- ------------------------ --------------- 0 access 0 access 0 access 0 access 0 access 0 access Example 3,...
Page 84
Port Ingress Rate Limiter : 1000 Mbps Egress Rate Limiter : 1000 Mbps Press Ctrl-C to exit or any key to continue! Port Ingress Rate Limiter : disable Egress Rate Limiter : disable...
2.6.21 Ring-detection Command The Ring Detection function used in the ring topology is helpful for the network recovery, preventing from the disconnection resulting from any unexpected link down. The main advantages of Ring Detection are lower cost for cabling and installation, and high-speed recovery time. Command Parameter Description...
2.6.22 Security Command When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per switch basis so as to protect network from broadcast/ unknown multicast/ unknown unicast storms.
Page 87
No command Switch(config)# no security Globally disable MAC Limit function on the mac-limit switch. Switch(config)# no security Reset the time interval of sending the mac-limit notification alarm trap or system log back to the threshold interval default if the number of source MAC address learned exceeds the limit continuously.
Page 88
Switch(config-if-PORT- Enable MAC Limit function of the PORT)# security mac-limit selected port(s). Switch(config-if-PORT- [0-1024] Specify the number of MAC address that can be learned. “0” indicates there PORT)# security mac-limit maximum [0-1024] is no limit on specified ports. The valid range of number that can be configured is 0~1024.
Page 89
2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k NOTE: To view a list of allowable values that can be specified you can press “spacebar” and then followed by “?”. For example, “Switch(config-if- PORT-PORT)# security storm- protection unknown-unicast ?” No command Switch(config-if-PORT- Disable MAC Limit function of the PORT)# no security mac-limit...
2.6.23 SNMP-Server Command 1. Create a SNMP community and set up detailed configurations for this community. Snmp-server command Parameter Description Switch(config)# snmp- Enable SNMP server function globally. server Switch(config)# snmp- [community] Create/modify a SNMP community name. server community Up to 20 alphanumeric characters can be [community] accepted.
Page 91
Exit command Switch(config-community-NAME)# exit Return to the global configuration mode. Example of Snmp-server Create a new community “mycomm” and Switch(config)# snmp-server community mycomm edit the details of this community account. Activate the SNMP community “mycomm”. Switch(config-community-mycomm)# active Add a description for “mycomm” Switch(config-community-mycomm)# description rddeptcomm community.
Page 92
Add the description “mycomm” to this trap Switch(config-trap-1)# community mycomm destination. Switch(config-trap-1)# destination Set SNMP server IP address as “192.168.1.254” for this trap destination. 192.168.1.254 3. Set up SNMP trap types that will be sent. Trap-type command Parameter Description Switch(config)# snmp- [all | auth-fail | Specify a trap type that will be sent when server trap-type [all | auth-...
Page 93
mac-limit: A trap will be sent when any port in which the Mac Limit function is enabled exceeds the specified source MAC address limit. And it will keep sending this trap upon the notification threshold interval setup of MAC Limiters function once any port exceeds the specified source MAC address limit continuously..
Page 94
4. Set up detailed configurations for SNMPv3 USM User Simple Network Management Protocol Version 3, SNMPv3 in short, features stronger security mechanism, including authentication and encryption that helps ensure that the message is from a valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source.
Page 95
Show Command Switch(config)# show snmp-server user Show SNMPv3 user configuration. Switch(config)# show snmp-server user Show the specified SNMPv3 user [user_name] configuration. Switch(config-v3-user- user_name)# show Show the specified SNMPv3 user configuration. A combination of a security event as below indicates which security mechanism is used when handling an SNMP packet.
2.6.24 Spanning-tree Command The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.
Page 97
Switch(config)# spanning- [4-30] Specify the forward delay time value in tree delay-time [4-30] seconds. The allowable value is between 4 and 30 seconds. Switch(config)# spanning- [1-10] Specify the hello interval value in tree hello-time [1-10] seconds. The allowable value is between 1 and 10 seconds.
Page 98
port Switch(config)# show Show each interface’s RSTP information, spanning-tree interface including port state, path cost, priority, edge port state, and p2p port state. Switch(config)# show [port_list] Show the specified interfaces’ RSTP spanning-tree interface information, including port state, path [port_list] cost, priority, edge port state, and p2p port state.
Page 99
Use “Interface” command to configure a group of ports’ Spanning Tree settings. Spanning tree & Interface Parameter Description command Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Enable spanning-tree protocol on...
Page 100
information, including the total RSTP packets received, RSTP packets transmitted, STP packets received, STP packets transmitted, TCN (Topology Change Notification) packets received, TCN packets transmited, illegal packets received, and unknown packets received. Switch(config)# show spanning- [port_list | Show the selected interfaces or link tree statistic [port_list | llag] llag] aggregation groups’...
Page 101
For RSTP configuration via CLI, we take the following ring network topology composed of 3 sets of IPS-3106-SE-PB Managed Industrial PoE Ethernet Switches, including Switch A, Switch B and Switch C for example to let the users have a clear understanding of these RSTP commands.
Page 102
STEP3 max_age_time spanning-tree max-age In this example, it configures the Max. Age Time of Switch A as “6”. Example: Switch(config)# spanning-tree max-age 6 OK ! STEP4 hello_interval spanning-tree hello-time In this example, it configures the Hello Time of Switch A as “1”. Example: Switch(config)# spanning-tree hello-time 1 OK !
Page 103
STEP13 exit Return to the global configuration mode. Example: Switch(config-if-5,6)# exit Switch(config)# STEP14 Return to the Privileged mode. exit Example: Switch(config)# exit Switch# STEP15 Save the running configuration write into the startup configuration. Example: Switch# write Save Config Succeeded!
Page 104
After completing the RSTP Switch settings for your IPS-3106-SE-PB switches, you can issue the commands listed below for checking your configuration Example 1, Switch(config)# show spanning-tree ======================================================================== RSTP Switch Information ======================================================================== System Priority : 4096 Max Age Hello Time Forward Delay : 4...
Page 105
Example 3, Switch(config)# show spanning-tree interface ======================================================================== RSTP Port Information ======================================================================== Port State Path-Cost Priority Edge Point2point ------ ---------- ------------- ---------- ---------- -------------- disable disable forced-true disable disable forced-true disable disable forced-true disable disable forced-true enable disable forced-true enable disable forced-true Switch(config)# Example 4,...
Page 106
Example 5, Switch(config)# show spanning-tree statistic ======================================================================== RSTP Port Statistics ======================================================================== Port Rx RSTP Tx RSTP Rx STP Tx STP Rx TCN Tx TCN Rx Ill. Rx Unk ------ ------------- ------------ ------------ ------------ ------------ ----------- ---------- --------- LLAG1 0 LLAG2 0 Press Ctrl-C to exit or any key to continue! LLAG3 0 Switch(config)#...
2.6.25 Switch Command Switch command Parameter Description Switch(config)# switch bpdu 00- [permit] Permit packets from the address 0F [permit] ranging from 0180C2000000 to 0180C200000F. Switch(config)# switch bpdu 20- [permit] Permit packets from the address 2F [permit] ranging from 0180C2000020 to 0180C200002F.
Page 108
Examples of Switch command Switch(config)# switch bpdu 00-0F permit Permit packets from the address ranging from 0180C2000000 to 0180C200000F. Switch(config)# switch bpdu 20-2F permit Permit packets from the address ranging from 0180C2000020 to 0180C200002F. Switch(config)# switch bpdu 10 permit Permit packets from the address 0180C2000010.
2.6.26 Switch-info Command 1. Set up the Managed Industrial PoE Ethernet Switch’s basic information, including company name, hostname, system name, etc.. Switch-info Command Parameter Description Switch(config)# switch-info [company_name] Enter a company name, up to 55 company-name alphanumeric characters, for this Managed [company_name] Switch.
Page 110
Switch(config)# no switch-info cpu-loading- Reset CPU loading threshold back to the threshold default. Switch(config)# no switch-info cpu- Disable the continuous alarm message temperature notification continuous-alarm sending function for CPU temperature of the system. Switch(config)# no switch-info cpu- Reset CPU temperature threshold back to temperature notification threshold the default.
2.6.27 Syslog Command Syslog command Parameter Description Switch(config)# syslog Enable the system log function. Switch(config)# syslog Enable Terminal-history log function. logging-type terminal- history Switch(config)# syslog [A.B.C.D | Specify the primary system log server server1 [A.B.C.D | A:B:C:D:E:F IP/IPv6 address. A:B:C:D:E:F:G:H] :G:H] Switch(config)# syslog [A.B.C.D |...
Page 112
stands for no pausing.) No Command Switch(config)# no terminal Reset terminal length back to the default length (20). Show Command Switch(config)# show Show the current configuration of terminal terminal length.
2.6.29 Time-range Command This command defines a time interval to be activated on a daily or weekly basis. This is convenient to assign when a function should be automatically taken effect. Before using the function, make sure that gateway NTP time server is configured in Time Server Configuration (See Section 2.6.18).
Page 114
l,aug,sep,oct,nov,dec yyyy(year):2000-2097 No end time assigned refers to run a function continuously. One absolute end point can be set at most. Switch(config-timerange-name)# [hh:mm day] to Specify the weekly start and end periodic [hh:mm day] to [hh:mm [hh:mm day] recurring time interval. Two sets of day] periodic intervals can be set at most.
Page 115
Periodic List time range. For example, Users may set: 1. Two Periodics in time range, or 2. One Periodic and one Periodic List in time range, or 3. Two Periodic Lists in time range. Switch(config-timerange-name)# [hh:mm day] Remove the weekly start and end no periodic [hh:mm day] to to [hh:mm recurring time interval.
2.6.30 User Command 1. Create a new login account. User command Parameter Description Switch(config)# user Enable MD5(Message-Digest Algorithm). It is password-encryption md5 a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number.
Page 117
Switch(config-user- Deactivate the selected user account. NAME)# no active Switch(config-user- Remove the configured description for the NAME)# no description specified user account. Switch(config-user- Remove the configured password for the NAME)# no password specified user account. Switch(config-user- Reset the access privilege level back to the NAME)# no level default (Read Only).
Page 118
Switch(config)# user radius [A.B.C.D | Specify the secondary RADIUS server server2 [A.B.C.D | A:B:C:D:E:F IP/IPv6 address. A:B:C:D:E:F:G:H] :G:H] No command Switch(config)# no user radius Disable RADIUS authentication. Reset the radius port setting back to the Switch(config)# no user radius radius-port default.
Page 119
Switch(config)# user [secret] Specify a secret, up to 30 alphanumeric tacacs secret [secret] characters, for TACACS server. This secret key is used to validate communications between TACACS servers. Switch(config)# user [A.B.C.D | Specify the primary TACACS server IP/IPv6 tacacs server1 [A.B.C.D | A:B:C:D:E:F address.
2.6.31 VLAN Command A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
Page 121
Introduction to 802.1Q frame format: Preamble Type/LEN PAYLOAD Original frame 802.1q Preamble Type/LEN PAYLOAD FCS TCI/P/C/VID frame PRE Preamble 62 bits Used to synchronize traffic SFD Start Frame Delimiter 2 bits Marks the beginning of the header Destination Address 6 bytes The MAC address of the destination Source Address 6 bytes...
Page 122
Trunk Native Mode : A Trunk-native port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign a default Access-VLAN to the trunk-native port, all untagged traffic travels on the default Access-VLAN for the trunk-native port, and all untagged traffic is assumed to belong to this Access-VLAN.
2.6.31.3 Introduction to Q-in-Q (DOT1Q-Tunnel) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
Page 124
1. Use “Interface” command to configure a group of ports’ 802.1q/Port-basedVLAN settings. VLAN & Interface command Parameter Description Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# [1-4094] Specify the selected ports’...
Page 125
2. Create/Modify an 802.1q VLAN and a management VLAN rule or create a port-based VLAN group. VLAN dot1q command Parameter Description Switch(config)# vlan dot1q-vlan [1-4094] Enter a VLAN ID number to create [1-4094] a new 802.1q VLAN or modify an existing 802.1q VLAN.
Page 126
Switch(config)# no vlan isolation Disable port isolation mode. Show command Switch(config)# show vlan Show IEEE 802.1q tag VLAN table. Switch(config-vlan-ID)# show Show the membership status of this VLAN ID Switch(config)# show vlan Show all ports’ VLAN assignment interface and VLAN mode. Switch(config)# show vlan [port_list] Show the selected ports’...
Page 127
For 802.1q VLAN configuration via CLI, we will demostrate the following two examples to have the users realize the commands we mentioned above. Example 1, We will configure IPS-3106-SE-PB Managed Industrial PoE Ethernet Switch via CLI as the Table 2-3 listed. Name...
Page 128
1. Create 802.1q VLAN IDs. Enter port 1 to port 2’s interface mode. Switch(config)# interface 1-2 Switch(config-if-1,2)# vlan dot1q-vlan trunk- Set port 1 to port 2’s Trunk-VLAN ID vlan 10, 20 (VID) to 10 and 20. Switch(config-if-1,2)# vlan dot1q-vlan mode Set the selected ports to Trunk Mode trunk (tagged).
Page 129
Dot1q-tunnel 9100 Trunk 9100 Dot1q-tunnel 9100 Dot1q-tunnel 9100 Table 2-4 Below is the complete CLI commands applied to #1 IPS-3106-SE-PB. Also issue the same commands to #2 IPS-3106-SE-PB. Command Purpose STEP1 configure Enter the global configuration mode. Example: Switch# config...
Page 130
STEP7 port_list interface Specify Port 2 that you would like to configure it as Trunk port. Example: Switch(config)# interface 2 Switch(config-if-2)# vlan_id STEP8 vlan dot1q-vlan trunk-vlan In this example, it configures Trunk-VLAN ID “10” to Port 2. Example: Switch(config-if-2)# vlan dot1q-vlan trunk-vlan 10 OK ! trunk STEP9...
Page 131
STEP16 vlan_id vlan dot1q-vlan access-vlan In this example, it configures Access-VLAN ID “20” to Port 4. Example: Switch(config-if-4)# vlan dot1q-vlan access-vlan 20 OK ! STEP17 dot1q-tunnel vlan dot1q-vlan mode Configure Port 4’s VLAN mode as “dot1q-tunnel” mode. Example: Switch(config-if-4)# vlan dot1q-vlan mode dot1q-tunnel OK ! STEP18 Return to the global...
Page 132
After completing the VLAN settings for your IPS-3106-SE-PB switches, you can issue the commands listed below for checking your configuration Example 1, Switch(config)# show vlan interface ======================================================================== IEEE 802.1q Tag VLAN Interface : ======================================================================== Dot1q-Tunnel EtherType : : 0x9100 Port Access-vlan User Priority Port VLAN Mode Trunk-vlan...
2.6.32 Interface Command Use “interface” command to set up configurations of several discontinuous ports or a range of ports. 1. Entering interface numbers. Command Parameter Description Switch(config)# interface [port_list] Enter several port numbers separated by [port_list] commas or a range of port numbers. For example: 1,3 or 2-4 Note : You need to enter interface numbers first before issuing below 2-18 commands.
Page 134
No command Switch(config-if-PORT-PORT)# Disable LACP on the selected interfaces. no channel-group lacp Switch(config-if-PORT-PORT)# Remove the selected ports from a link no channel-group trunking aggregation group. 4. Set up port description. Command Parameter Description Switch(config-if-PORT-PORT)# [description] Enter the description for the selected description [description] port(s).
Page 136
8. Set up IGMP snooping/MLD sub-commands Command Parameter Description Switch(config-if-PORT- Enable IGMP filter for the selected ports. PORT)# ip igmp filter Switch(config-if-PORT- [profile_name] Assign the selected ports to an IGMP filter PORT)# ip igmp filter profile profile. [profile_name] Note : Need to create an IGMP filter profile first under the igmp global configuration mode before assigning it.
Page 137
9. Set up IP source guard Command Parameter Description Switch(config-if-PORT- [dhcp | fixed-ip] Specify the authorized access type as PORT)# ip sourceguard [dhcp either DHCP or fixed-IP for the selected | fixed-ip] ports. dhcp: DHCP server assigns IP address. fixed IP: Only Static IP (Create Static IP table first).
Page 138
No command Switch(config-if-PORT)# no [xx:xx:xx:xx:xx:xx] Remove the specified MAC address from mac address-table static-mac the MAC address table. [xx:xx:xx:xx:xx:xx] vlan [1- 4094] Note: Only one port could be set at a time. [1-4094] Remove the VLAN to which the specified MAC belongs.
Page 139
14. Configure RSTP parameters per port. Command Parameter Description Switch(config-if-PORT- Enable spanning-tree PORT)# spanning-tree protocol on the selected interfaces. Switch(config-if-PORT- [0-200000000] Specify the path cost value PORT)# spanning-tree cost on the selected interfaces. [0-200000000] Switch(config-if-PORT- [0-15] Specify priority value on PORT)# spanning-tree priority the selected interfaces.
Page 140
15. Set up port speed. Command Parameter Description Switch(config-if-PORT-PORT)# [1000|100|10] Configure the port speed as 1000Mbps, speed [1000|100|10] 100Mbps or 10Mbps. Note1: Speed can only be configured when auto-negotiation is disabled. Note2: Fiber ports cannot be configured as 10Mbps. No command Switch(config-if-PORT-PORT)# Reset the port speed setting back to the no speed...
Page 141
No command Switch(config-if-PORT-PORT)# Reset the selected ports’ PVID back to no vlan dot1q-vlan access-vlan the default setting. Switch(config-if-PORT-PORT)# [1-4094] Remove the specified trunk VLAN ID from no vlan dot1q-vlan trunk-vlan [1- the selected ports. 4094] Reset the selected ports’ 802.1q VLAN Switch(config-if-PORT-PORT)# no vlan dot1q-vlan mode mode back to the default setting (Access...
2.6.33 Show Interface Statistics Command The command of “show interface statistics”, displaying port traffic statistics, port packet error statistics and port analysis history, can be used either in Privileged mode or Global Configuration mode. This command is useful for network administrators to diagnose and analyze the real-time conditions of each port traffic.
2.6.34 Show sfp Command When you slide-in SFP transceiver, detailed information about this module can be viewed by issuing this command. Command Description Display SFP information including the speed of transmission, the distance of Switch(config)# show sfp information transmission, vendor name, vendor PN, vendor SN.
Page 144
Switch(config)# show start-up- Show the difference between the config start up configuration and the default configuration. Switch(config)# show start-up- [string] Specify the keyword to search for config include [string] the matched information from the difference between the start up configuration and the default configuration.
3. SNMP NETWORK MANAGEMENT The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
4. WEB MANAGEMENT You can manage the Managed Industrial PoE Ethernet Switch via a web browser. However, you must first assign a unique IP address to the Managed Industrial PoE Ethernet Switch before doing so. Through the connection of any SFP ports using the fiber cable or any TP ports using a RJ45 cable, you will be allowed to have an access of the Managed Industrial PoE Ethernet Switch and set up the IP address for the first time.
Page 147
In the Main Menu, there are 9 main functions, including System Information, User Authentication, Network Management, Switch Management, Switch Monitor, System Utility, Save Configuration, Reset System and Logout contained. We will respectively describe their sub-functions in the following sections of this chapter. ...
4.1 System Information Select System Information from the Main Menu and then the following screen shows up. Company Name: Enter a company name for this Managed Industrial PoE Ethernet Switch. System Object ID: Display the predefined System OID. System Contact: Enter the contact information for this Managed Industrial PoE Ethernet Switch. System Name: Enter a descriptive system name for this Managed Industrial PoE Ethernet Switch.
Page 149
Current Boot Image: The image that is currently being used. Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device. M/B Version: Display the main board version.
4.2 User Authentication To prevent any unauthorized operations, only registered users are allowed to operate the Managed Industrial PoE Ethernet Switch. Users who would like to operate the Managed Industrial PoE Ethernet Switch need to create a user account first. To view or change current registered users, select User Authentication from the Main Menu and then the following screen page shows up.
Page 151
Current/Total/Max Users: View-only field. Current: This shows the number of current registered user. Total: This shows the amount of total users who have already registered. Max: This shows the maximum number available for registration. The maximum number is Account State: Enable or disable this user account. User Name: Specify the authorized user login name.
3. We strongly recommend not to alter off-line Auth Method setting in backup configure file. 4. If Auth-Method is enabled and do firmware downgrade, users must reset default config. 4.2.1 RADIUS/TACACS Configuration Click RADIUS/TACACS Configuration in the User Authentication webpage and then the following screen page appears.
Page 153
When RADIUS Authentication is selected, the user login will be upon those settings on the RADIUS server(s). or the “free NOTE: For advanced RADIUS Server setup, please refer to APPENDIX A RADIUS readme.txt” file on the disc provided with this product. RADIUS Secret Key: The word to encrypt data of being sent to RADIUS server.
Page 154
TACACS Server IP/IPv6 Address: IP address of the primary TACACS server. 2nd TACACS Server IP/IPv6 Address: IP address of the secondary TACACS server.
4.3 Network Management In order to enable network management of the Managed Industrial PoE Ethernet Switch, proper network configuration is required. To do this, click the folder Network Management from the Main Menu and then the following screen page appears. 1.
4.3.1 Network Configuration Click the option Network Configuration from the Network Management menu and then the following screen page appears. Enable IPv4: Click the checkbox in front of enable IPv4 to enable IPv4 function on the Managed Industrial PoE Ethernet Switch. MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Managed Industrial PoE Ethernet Switch.
Page 157
Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 Gateway: Specify the IP address of a gateway or a router, which is responsible for the delivery of the IP packets sent by the Managed Industrial PoE Ethernet Switch. This address is required when the Managed Industrial PoE Ethernet Switch and the network management station are on different networks or subnets.
Page 158
Source Binding state: Globally enable or disable IP source binding. State: Disable or enable the assigned IP address to reach the management. IP/IPv6 Address: Specify the IP address for source binding. NOTE: This Managed Industrial PoE Ethernet Switch also supports auto-provisioning function that enables DHCP clients to automatically download the latest Firmware and configuration image from the server.
4.3.2 System Service Configuration Click the option System Service Configuration from the Network Management menu and then the following screen page appears. Telnet Service: To enable or disable the Telnet Management service. SSH Service: To enable or disable the SSH Management service. SNMP Service: To enable or disable the SNMP Management service.
4.3.4 Time Server Configuration Click the option Time Server Configuration from the Network Management menu and then the following screen page appears. Time Synchronization: To enable or disable the time synchronization function. Time Server IP/IPv6 Address: Set up the IP address of the first NTP time server. 2nd Time Server IP/IPv6 Address: Set up the IP address of the secondary NTP time server.
4.3.5 Time Range This command defines a time interval to be activated on a daily or weekly basis. This is convenient to assign when a function should be automatically taken effect. Before using the function, make sure that gateway NTP time server is configured in Time Server Configuration (See Section 4.3.4).
Page 163
Name: Specify a name to the time interval. Up to 32 alphanumeric characters can be accepted. Absolute: Specify an absolute start time or end time for a time interval for a PoE function. In this time interval setup, the valid range of each parameter is as follows: Hour: 0-23, Minute: 0-59, Date: 1-31 Month:JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC Year: 2000-2097...
Page 164
Periodic List: Click New below Periodic List, you can see a list for the Periodic List interval settings. Specify a time interval for a PoE function on a daily basis. The Periodic List interval only takes effect within specified absolute interval. Specify a list of days in a week for periodic run. The other list for the Periodic List interval settings will be seen by clicking New below Periodic List again, if necessary.
4.3.6 Device Community Click the option Device Community from the Network Management menu and then the following screen page appears. Click New to add a new community and then the following screen page appears. Up to 3 Device Communities can be created. Click Edit to modify the current community settings.
Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters. Description: Enter a unique description for this community name. Up to 35 alphanumeric characters can be accepted. This is mainly for reference only. SNMP Level: Click the pull-down menu to select the desired privilege for the SNMP operation. NOTE: When the community browses the Managed Industrial PoE Ethernet Switch without proper access right, the Managed Industrial PoE Ethernet Switch will not respond.
Page 167
Current/Total/Max Agents: View-only field. Current: This shows the number of current registered community. Total: This shows the amount of total registered communities. Max Agents: This shows the maximum number available for registration. The maximum number is 10. Account State: View-only field that shows this user account is enabled or disabled. User Name: View-only field that shows the authorized user login name.
Page 168
Priv-Password: Specify the passwords, up to 20 characters. SNMP-Level: View-only field that shows user’s authentication level. Administrator: Own the full-access right, including maintaining user account & system information, load factory settings …etc. Read & Write: Own the full-access right but cannot modify user account & system information, cannot load factory settings.
4.3.8 Trap Destination Click the option Trap Destination from the Network Management menu and then the following screen page appears. State: Enable or disable the function of sending trap to the specified destination. Destination: Enter the specific IP address of the network management system that will receive the trap.
4.3.9 Trap Configuration Click the option Trap Configuration from the Network Management menu and then the following screen page appears. Cold Start Trap: Enable or disable the Managed Industrial PoE Ethernet Switch to send a trap when the Managed Industrial PoE Ethernet Switch is turned on. Warm Start Trap: Enable or disable the Managed Industrial PoE Ethernet Switch to send a trap when the Managed Industrial PoE Ethernet Switch restarts.
Page 171
Auto Backup Trap: Enable or disable the Managed Industrial PoE Ethernet Switch to send a trap when the auto backup succeeds or fails. Storm Control Trap: Enable or disable the Managed Switch to send a trap when broadcast/ unknown multicast/unknown unicast packets flood. And it will keep sending this trap upon the notification threshold interval setup of Storm Control function once these packets flood continuously.
4.3.10 Syslog Configuration Click the option Syslog Configuration from the Network Management menu and then the following screen page appears. When DHCP snooping filters unauthorized DHCP packets on the network, the mal-attempt log will allow the Managed Industrial PoE Ethernet Switch to send event notification message to Log server.
4.4 Switch Management In order to manage the Managed Industrial PoE Ethernet Switch and set up required switching functions, click the folder Switch Management from the Main Menu and then several options and folders will be displayed for your selection. 1.
16. Loop Detection Configuration: Enable or disable Loop Detection function and set up Loop Detection configuration. 17. Ring Detection: CTS Fast-Ring provides ring protection and failover time (<30 ms) for Ethernet traffic. At the same time, it ensures there is no loops formed within the ring at the Ethernet layer.
Maximum Frame Size: Specify the maximum frame size between 1518 and 9600 bytes. The default maximum frame size is 9600bytes. MAC Address Aging Time: Specify MAC Address aging time between 0 and 172800 seconds. “0” means that MAC addresses will never age out. Statistics Polling Port: Specify the number of ports for data acquisition at a time.
Page 176
Port Number: Click the pull-down menu to select the port number for configuration. Port State: Enable or disable the current port state. Preferred Media Type: Select copper or fiber as the preferred media type. Port Type: Select Auto-Negotiation or Manual mode as the port type. Port Speed: When you select “Manual”...
4.4.3 Link Aggregation Link aggregation is an inexpensive way to set up a high-speed backbone network that transfers much more data than any one single port or device can deliver without replacing everything and buying new hardware. For most backbone installations, it is common to install more cabling or fiber optic pairs than initially necessary, even if there is no immediate need for the additional cabling.
4.4.3.1 Distribution Rule Click the option Distribution Rule from the Link Aggregation menu, the following screen page appears. There are six rules offered for you to set up packets according to operations. Source IP Address: Enable or disable packets according to source IP address. Destination IP Address: Enable or disable packets according to Destination IP address.
Page 179
The Managed Industrial PoE Ethernet Switch allows users to create 3 trunking groups. Each group consists of 2 to 4 links (ports). Click New to add a new trunking group and then the following screen page appears. Click Edit to modify a registered trunking group’s settings. Click Delete to remove a specified registered trunking group and its settings.
NOTE: All trunking ports in the group must be members of the same VLAN, and their Spanning Tree Protocol (STP) status and QoS default priority configurations must be identical. Port locking, port mirroring and 802.1X cannot be enabled on the trunk group. Furthermore, the LACP aggregated links must all be of the same speed and should be configured as full duplex.
Page 181
Configure Key Value: Select “Key Value” from the pull-down menu of Select Setting. Ports in an aggregated link group must have the same LACP port key. In order to allow a port to join an aggregated group, the port key must be set to the same value. The range of key value is between 0 and 255.
4.4.4 Rapid Spanning Tree The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.
4.4.4.1 RSTP Switch Settings Click the option RSTP Switch Settings from the Rapid Spanning Tree menu and then the following screen page appears. System Priority: Each interface is associated with a port (number) in the STP code. And, each switch has a relative priority and cost that is used to decide what the shortest path is to forward a packet.
4.4.4.2 RSTP Aggregated Port Settings Click the option RSTP Aggregated Port Settings from the Rapid Spanning Tree menu and then the following screen page appears. State: Enable or disable configured trunking groups in RSTP mode. Path Cost: This parameter is used by the RSTP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
4.4.4.3 RSTP Physical Port Settings Click the option RSTP Physical Port Settings from the Rapid Spanning Tree menu and then the following screen page appears. Configure Port State: Select “State” from the pull-down menu of Select Setting. This allows ports to be enabled or disabled. When clicking on the checkbox of the corresponding port number, RSTP will be enabled.
Page 186
Configure Port Priority: Select “Priority” from the pull-down menu of Select Setting. You can choose Port Priority value between 0 and 240. The default value is “128”. Configure Port Edge: Select “Edge” from the pull-down menu of Select Setting. Set the port to “enabled” or “disabled”. When clicking on the checkbox of the corresponding port number, Port Edge will be enabled.
Page 187
Configure Port Point2point: Select “Point2point” from the pull-down menu of Select Setting. Set up the Point to Point setting of each port. The default setting is “Forced True”.
4.4.5 802.1X/MAB Configuration The IEEE 802.1X/MAB standard provides a port-based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports. Before services are made available to clients connecting to a VLAN, clients that are 802.1X- complaint should successfully authenticate with the authentication server.
Enable: Enable or disable 802.1X/MAB on the Managed Industrial PoE Ethernet Switch. When enabled, the Managed Industrial PoE Ethernet Switch acts as a proxy between the 802.1X- enabled client and the authentication server. In other words, the Managed Industrial PoE Ethernet Switch requests identifying information from the client, verifies that information with the authentication server, and relays the response to the client.
MAB: MAC Authentication Bypass (MAB), which uses the connecting device's MAC address to grant or deny network access. To enable MAB for all ports at a time, please click the checkbox of MAB in All port row. RADIUS-Assigned VLAN Enabled: Allow the RADIUS server to send a VLAN assignment to the device port.
4.4.6 MAC Address Management Click the folder MAC Address Management from the Switch Management menu and then the following screen page appears. 1. MAC Table Learning: To enable or disable learning MAC address function. 2. Static MAC Table Configuration: To create, edit or delete Static MAC Table setting. 4.4.6.1 MAC Table Learning Click the option MAC Table Learning from the MAC Address Management menu and then the following screen page appears.
4.4.6.2 Static MAC Table Configuration Click the option Static MAC Table Configuration from the MAC Address Management menu and then the following screen page appears. NOTE: The Managed Industrial PoE Ethernet Switch only supports switch-based MAC security and does not support port-based MAC security. The Managed Industrial PoE Ethernet Switch can support up to 128 entries of MAC security list.
4.4.7 VLAN Configuration A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
Current/Total/Max: The number of current, total and maximum Port-Based VLAN entry or entries. Port Name: Use the default name or specify a name for your Port-Based VLAN. Port Number: By clicking on the checkbox of the corresponding ports, it denotes that the selected ports belong to the specified Port-Based VLAN.
Page 195
Important VLAN Concepts for 802.1Q VLAN Configuration: There are two key concepts to understand. Access-VLAN specifies the VLAN ID to the switch port that will assign the VLAN ID to untagged traffic from that port. A port can only be assigned to one Access-VLAN at a time. When the port is configured as Access Mode, the port is called an Access Port, the link to/from this port is called an Access Link.
Page 196
802.1Q tunneling is called a tunnel port. When you configure tunneling, you assign a tunnel port to a VLAN ID that is dedicated to tunneling. Each customer requires a separate service- provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs. Customer traffic tagged in the normal way with appropriate VLAN IDs comes from an IEEE 802.1Q trunk port on the customer device and into a tunnel port on the service-provider edge switch.
4.4.7.3 Introduction to Q-in-Q (DOT1Q-Tunnel) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
4.4.7.4 IEEE 802.1q Tag VLAN The following screen page appears when you choose IEEE 802.1q Tag VLAN mode from the VLAN Configuration menu and then select VLAN interface function. 1. Trunk VLAN table: To create, modify or remove 802.1Q Tag VLAN settings. 2.
4.4.7.4.1 Trunk VLAN Table The following screen page appears if you choose Trunk VLAN table. Click New to add a new VLAN and then the following screen page appears. Click Edit to modify the selected IEEE 802.1Q Tag VLAN setting. Click Delete to remove an existing VLAN you select.
4.4.7.4.2 VLAN Interface The following screen page appears if you choose VLAN Interface. Dot1q-Tunnel EtherType: Configure outer VLAN's ethertype. (Range: 0000~FFFF, Default: 9100). Mode: Pull down the list in the Mode field and select the appropriate mode for each port. The port behavior of each mode is listed as the following table.
Access-VLAN (PVID): Specify the selected ports’ Access-VLAN ID (PVID). Trunk-VLAN: Specify the selected ports’ Trunk-VLAN ID (VID). 4.4.7.4.3 Management VLAN The following screen page appears if you choose Management VLAN. CPU VLAN ID: Specify an existing VLAN ID. VLAN Mode: Select the VLAN mode for this Management VLAN. Management Port: Click on the checkbox of the corresponding ports that you would like them to become Management ports.
4.4.7.5 VLAN Translation Configuration Besides the aforementioned ways of creating VLANs, another way to establish the translated VLANs is to configure VLAN ID translation (or VLAN mapping) on trunk ports connected to a customer network to map the original VLANs to the translated VLANs. Through this VLAN ID translation, it will save much effort in massive Ethernet network deployments.
Page 203
Occupied/Max Entry: View-only field. Occupied: This shows the amount of total VLAN mapping rules that have already been created. Max: This shows the maximum number available for VLAN mapping rules. The maximum number is 44. Entry: View-only field. This shows the number of VLAN mapping rule that is currently created. Name: Specify a name for the VLAN mapping rule.
4.4.8 QoS Configuration Network traffic is always unpredictable and the only basic assurance that can be offered is the best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is prioritized according to specified criteria and receives preferential treatments.
Page 205
Priority Mode: Select the QoS priority mode of the Managed Industrial PoE Ethernet Switch. IEEE 802.1p: IEEE 802.1p mode utilizes p-bits in VLAN tag for differential service. DSCP: DSCP mode utilizes TOS field in IPv4 header for differential service. Disable: Disable QoS. Queue Mode: Specify the queue mode as Strict or Weight.
Page 206
Remarking: Configure 802.1p Remarking: Check 802.1p Remarking to enable. This allows you to enable or disable 802.1p remarking for each port. The default setting is disabled. Configure DSCP Remarking: Check DSCP Remarking to enable. This allows you to enable or disable DSCP remarking for each port. The default setting is disabled.
Page 207
4.4.8.2 QoS Rate Limit Select the option QoS Rate Limit from the QoS Configuration menu and then the following screen page appears. Configure Ingress Rate: This allows users to specify each port’s inbound bandwidth. The excess traffic will be dropped. Specifying “0”...
Page 208
4.4.9 IGMP/MLD Snooping The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It can be used more efficiently when supporting activities, such as online streaming video and gaming.
Page 209
1. IGMP/MLD Configure: To enable or disable IGMP/MLD Snooping, IGMPv3/MLDv2 Snooping, Unregistered IPMC Flooding and set up router ports. 2. IGMP/MLD VLAN ID Configuration: To set up the ability of IGMP/MLD snooping and querying with VLAN. 3. IPMC Segment: To create, edit or delete IPMC segment. 4.
Page 210
Unregistered IPMC Flooding: Set forwarding mode for unregistered (not-joined) IP multicast traffic. The traffic will flood when enabled. However, the traffic will be forwarded to router-ports only when disabled. Query Interval: The Query Interval is used to set the time between transmitting IGMP queries, entries between 1 ~ 6000 seconds are allowed.
Page 211
4.4.9.3 IPMC Segment Select the option IPMC Segment from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Segment ID, Name and IP Range appears. ID: View-only field that shows the current registered ID number. Segment Name: View-only field that shows the current registered Name.
Page 212
Segment Name: Enter an identification name. This field is limited to 20 characters. IP Range: Specify the multicast IP range for the registered segment. (The IP range is from 224.0.1.0~239.255.255.255.) 4.4.9.4 IPMC Profile Select the option IPMC Profile from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Profile appears.
Page 213
Profile Name: Enter an identification name. This field is limited to 20 characters. Segment ID: Specify the segment ID that is registered in IPMC Segment. 4.4.9.5 IGMP Filtering Select the option IGMP Filtering from the IGMP/MLD Snooping menu and then the following screen page appears.
Page 214
4.4.10 Static Multicast Configuration Select the option Static Multicast Configuration from the Switch Management menu and then the following screen page appears. IP/IPv6 Address: View-only field that shows the current source IP address of multicast stream. VID: View-only field that shows the specified VLAN ID for current multicast stream. Forwarding port: View-only field that shows the forwarding port for current multicast stream.
Page 215
IP/IPv6 Address: Specify the multicast stream source IP/IPv6 address. VLAN: Specify a VLAN ID for multicast stream. Forwarding port: Select a port number for multicast stream forwarding. 4.4.11 Port Mirroring In order to allow the target port to mirror the source Port(s) and enable traffic monitoring, select the option Port Mirroring from the Switch Management menu and then the following screen page appears.
Page 216
4.4.12 Security Configuration In this section, several Layer 2 security mechanisms are provided to increase the security level of your Managed Industrial PoE Ethernet Switch. Layer 2 attacks are typically launched by or from a device that is physically connected to the network. For example, it could be a device that you trust but has been taken over by an attacker.
Page 217
5. Port Isolation: Set up port’s communication availability that they can only communicate with a given "uplink" 6. Static IP/IPv6 Table Configuration: To create static IP/IPv6 table for DHCP snooping setting. 7. Storm Control: To prevent the Managed Industrial PoE Ethernet Switch from unicast, broadcast, and multicast storm.
Page 218
4.4.12.1 DHCP Option 82/DHCPv6 Option 37 Settings The Managed Industrial PoE Ethernet Switch can add information about the source of client DHCP requests that relay to DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information.
Page 219
For example, A DHCP request is from Port 1 that is marked as both Opt82 port and trust port. A. If a DHCP request is with Opt82 Agent information and then the Managed Industrial PoE Ethernet Switch will forward it. B.
Page 220
4.4.12.2 DHCP Option 82 Configuration The Managed Industrial PoE Ethernet Switch adds the option 82 information in the packet when it receives the DHCP request. In general, the switch MAC address(the remote-ID suboption) and the port identifier, vlan-mod-port or snmp-ifindex are included in the option 82 information. You can configure the remote ID and circuit ID.
Page 221
Specify the VLAN and port identifier using a VLAN ID in the range of 1 to 4094. Besides, you can configure the circuit ID to be a string of up to 64 characters. The default circuit ID is the port identifier, the format of which is vlan-mod-port.
Page 222
4.4.12.3 DHCP Snooping Select the option DHCP Snooping from the Security Configuration menu and then the following screen page appears. DHCP/DHCPv6 Snooping: Enable or disable DHCP/DHCPv6 Snooping function. Default DHCP Initiated Time: Specify the time value (0~9999 Seconds) that packets might be received.
Page 223
DHCP Server Trust IP: After enabling Trust Port, you may additionally specify Trust IP address for identification of DHCP server. Click drop-down menu and select “Enabled”, then specify Trust IP address. 4.4.12.4 IP Source Guard Settings Select the option IP Source Guard Settings from the Security Configuration menu and then the following screen page appears.
Page 224
4.4.12.5 Port Isolation This is used to set up port’s communication availability that they can only communicate with a given "uplink". Please note that if the port isolation function is enabled, the Port-based VLAN will be invaild automatically. Port Isolation Enable: Enable or disable port isolation function. If port isolation is set to enabled, the ports cannot communicate with each other.
Page 225
4.4.12.6 Static IP/IPv6 Table Configuration Select the option Static IP/IPv6 Table Configuration from the Security Configuration menu and then the following screen page appears. This static IP address and Port mapping table shows the following information. IP/IPv6 Address: View-only field that shows the current static IP address. VLAN ID: View-only field that shows the VLAN ID.
Page 226
4.4.12.6.1 Configure DHCP Snooping When you would like to use DHCP Snooping function, follow the steps described below to enable a client to receive an IP from DHCP server. Step 1. Select each port’s IP type Select “Unlimited” or “DHCP” Step 2.
Page 227
4.4.12.7 Storm Control Select the option Storm Control from the Security Configuration menu to set up storm control parameters for each port and then the following screen page appears. When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen.
Page 228
Three options of frame traffic are provided to allow users to enable or disable the storm control. Unknown Unicast Rate: Enable or disable unknown Unicast traffic control and set up unknown Unicast Rate packet per second (pps) for each port. 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k can be chosen from the pull-down menu of each port.
Page 229
4.4.12.8 MAC Limiters This is to set number of threshold within which MAC address can be learned. After it reaches threshold, any other incoming MAC address would be dropped until the recovery mechanism activates. Please note that mac address table will be erased if the Mac Limit function is enabled. Select the option MAC Limiters from the Security Configuration menu to set up MAC Limit parameters for ports and then the following screen page appears.
Page 230
4.4.13 Access Control List (ACL) Configuration Creating an access control list allows users to define who has the authority to access information or perform tasks on the network. In the Managed Industrial PoE Ethernet Switch, users can establish rules applied to port numbers to permit or deny actions. Select the option ACL Configuration from the Switch Management menu and then the following screen page appears.
Page 231
This is the overview of ACL status. Rule ID: The identification number for each rule. Status: The current status for each rule. Click Edit to modify settings of the specified rule and then the following screen page appears. Click Delete to remove a rule configured. Click Refresh to update the latest status. Rule ID: Specify a rule ID.
Page 232
VLAN ID: Select “Any” or specify a VLAN ID. Source MAC: Select “Any” or specify a source MAC address. Destination MAC: Select “Any” or specify a destination MAC address. TOS/Traffic Class: Select “Any” or specify a TOS/Traffic class. Protocol/Next Header: Specify IPv4 protocol and IPv6 next header IPv4 Source IP: Select “Any”...
Page 233
4.4.14 Layer 2 Protocol Tunnel Configuration Select the option Layer 2 Protocol Tunneling Configuration from the Switch Management menu and then the following screen page appears. L2PT (Layer 2 protocol tunneling) allows Layer 2 protocol data units (PDUs), including CDP(Cisco Discovery Protocol), LLDP(Link Layer Discovery Protocol), STP(Spanning Tree Protocol), VTP(Vlan Trunking Protocol), LACP(Link Aggregation Control Protocol), PAgP(Port Aggregation Protocol), and UDLD(Unidirectional Link Detection), to be tunneled through a network.
Page 234
The encapsulation involves the rewriting of the destination media access control (MAC) address in the PDU. An ingress edge switch rewrites the destination MAC address of the PDUs received on a Layer 2 tunnel port with the desired multicast address. Layer 2 Protocol Tunneling: Enable or disable the Layer 2 Protocol Tunneling fuction globally.
Page 235
4.4.15 LLDP Configuration LLDP stands for Link Layer Discovery Protocol and runs over data link layer which is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.
Page 236
Selection of LLDP TLVs to send: LLDP uses a set of attributes to discover neighbor devices. These attributes contains type, length, and value descriptions and are referred to TLVs. Details such as port description, system name, system description, system capabilities, management address can be sent from this Managed Industrial PoE Ethernet Switch.
Page 237
4.4.16 Loop Detection Configuration In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.
Page 238
Loop Detection Enable: Check to enable the Loop Detection function on a system basis. The default setting is disabled. Detection Interval: This is the time interval (in seconds) that the device will periodically send loop detection packets to detect the presence of looped network. The valid range is from 1 to 180 seconds.
Page 239
4.4.17 Ring Detection Ring Detection used in the ring topology is helpful for the network recovery, preventing from the disconnection resulting from any unexpected link down. The main advantages of Ring Detection are lower cost for cabling and installation, and high-speed recovery time. Select the option Ring Detection from the Switch Management menu and then the following screen page appears.
Page 240
CTS’s fast redundancy provides Fast Ring v2 and Chain two redundancy protocols, which allows you to configure 2 rings, 2 chains, or 1 ring & 1 chain at most for a switch.
Page 242
4.4.18.1 Fast Ring v2 Protocol Fast Ring v2 protocol, the newer version of our Ring Detection, is to optimize communication redundancy and achieve a fast recovery time (<50 ms) on the network for up to 200 switches. Like Ring Detection, Fast Ring v2 protocol manually specifies one switch as the master of the network to identify which segment in the redundant ring acts as the backup path, and then automatically block packets from traveling through any of the network’s redundant loops.
Page 243
Role: Pull down the menu of Role to assign the role of the Managed Industrial PoE switch as either Slave or Master when Fast Ring v2 protocol is chosen. Master: A role possesses the ability of blocking or forwarding packets. Please note that the blocked segment is the segment that connects to the 2nd redundancy port on the master.
Page 244
4.4.18.1.1 Configure a Ring Example using the Fast Ring v2 Protocol Fig. 4-1 Fast Ring v2 Example Diagram The above topology often occurs using the Fast Ring v2 protocol and is configured as the following table. Switch ID Role Redundancy Port Physical Port Redundancy Port Port 5...
Page 245
Just follow the procedures listed below for step-by-step instructions to configure a ring as Fig. 4-1 using the Fast Ring v2 protocol. Step 1: Set up the Fast Ring v2 configuration on Switch 1. 1-1 . Connect a computer to Switch 1 directly; do not connect to Port 5 & 6. 1-2.
Page 246
NOTE: To avoid the occurrence of loop, please do not connect Switch 1, 2, 3 & 4 together in the ring topology before the end of Fast Ring v2 configuration. Step 3: Follow the configuration to connect the Switch 1, 2, 3 & 4 together to establish the Fast Ring v2 application.
Page 247
The Chain redundancy protocol can be applied to industrial networks with a complex topology. If the industrial network uses a multi-ring architecture, CTS’s Chain can be the best solution to create flexible and scalable topologies with a fast media recovery time.
Page 248
Occupied/Max Entry: View-only field. Occupied: This shows the amount of total fast redundancy that have already been created. Max: This shows the maximum number available for fast redundancy. The maximum number is 2. Entry: View-only field. This shows the number of fast redundancy that is currently created. ID: The group ID of the fast redundancy.
Page 249
4.4.18.2.1 Configure a Chain Example using the Chain Protocol Fig. 4-2 Chain Example Diagram The above topology often occurs using the Chain protocol and is configured as the following table. Switch ID Redundancy Port Physical Port Port Role Redundancy Port Port 5 Head Switch 1...
Page 250
Just follow the procedures listed below for step-by-step instructions to configure a chain as Fig. 4-2 using the Chain protocol. Step 1: Set up the Chain configuration on Switch 1. 1-1 . Connect a computer to Switch 1 directly; do not connect to Port 5 & 6. 1-2 .
Page 251
Step 3: Set up the Chain configuration on Switch 3. 3-1 . Connect a computer to Switch 3 directly; do not connect to Port 5 & 6. 3-2 . Login into the Switch 3 and also go to Switch Management > Fast Redundancy for the chain configuration.
Page 252
4.4.19 Digital Input/Output Configuration This is a way of serving as an alarm via relay that is an electrically operated switch used where it is necessary to control a circuit by a low-power signal, or where several circuits must be controlled by one signal, thus helping us understand immediate status on a circuit with fault relay feature from remote site.
Page 253
To set up the digital input function, select Input Config from the Digital Input/Output Config menu and then the following screen page appears. There is one Digital Input Normal Status option shown on the screen page. Normal Status refers to where the contacts remain in one state unless actuated.
Page 254
4.4.19.2 Digital Output Configuration To set up digital output function, select Output Config from the Digital Input/Output Config menu and then the following screen page appears. Click Edit button in the Action field, the configuration section of Digital Output 1 will pop up on this webpage.
Page 255
- Digital Input-1: Enable or disable the alarm transmission for Digital Input-1 previously mentioned in Section 4.4.19.1. - Power 1: Enable or disable the alarm transmission for Power 1. - Power 2: Enable or disable the alarm transmission for Power 2. - Port Number: Enable the alarm transmission by clicking the corresponding checkbox of Port Number or disable it by unchecking.
Page 256
4.4.20 PoE Configuration PoE (Power Over Ethernet) is the technology that a data-carrying LAN cable can play a role in power supplier. Typically, a PoE switch is deployed at the center of the network for power transmission and supplys electricity to PDs (powered devices) up to 100 meters away through TP ports.
Page 257
Power Device Name: Specify a name to the PD connected with each TP port. Priority: Assign the priority to the specified ports. If there is insufficient power supply, the power supplied by the TP port would be cut off based on the priority listed below. Low: It indicates the port(s) with this priority will be the first port(s) to get power cut off.
Page 258
4.5 Switch Monitor Switch Monitor allows users to monitor the real-time operation status of the Managed Industrial PoE Ethernet Switch. Users may monitor the port link-up status or traffic counters for maintenance or diagnostic purposes. Select the folder Switch Monitor from the Main Menu and then several options and folders will be displayed.
Page 259
8. LACP Monitor: View the LACP port status and statistics. 9. RSTP Monitor: View RSTP VLAN Bridge, Port Status, and Statistics. 10. 802.1X/MAB Monitor: View port status and Statistics. 11. IGMP/MLD Monitor: View-only field that shows IGMP status and Groups table. 12.
Page 260
4.5.1 CPU and Memory Statistics CPU & Memory Statistics is to manually or automatically update statistics of CPU and Memory. Click “CPU & Memory Statistics” and the following screen appears. Refresh Page Interval: Automatically updates statistics of CPU & Memory at a specified interval in seconds.
Page 261
Memory Free: The memory in kilobytes that is idle. Memory Buffers: The memory in kilobytes temporarily stored in a buffer area. Buffer allows the computer to be able to focus on other matters after it writes up the data in the buffer; as oppose to constantly focus on the data until the device is done.
Page 262
Refresh Page Interval: Automatically updates CPU temperature of the system at a specified interval in seconds. Please note that the value you assign in this parameter is temporarily used and will not be saved into the configuration file of the Managed Switch. This value will not be applied into the next system boot-up.
Page 263
Last Status Normal Over the Threshold Detected Status Send the “CPU No message will be sent. temperature is at or Normal under threshold” normal message. Send the “CPU Send the “CPU temperature is over temperature is over Over the threshold” alarm threshold”...
Page 264
4.5.3 Switch Port Status In order to view the real-time port status of the Managed Industrial PoE Ethernet Switch, select Switch Port Status from the Switch Monitor menu and then the following screen page appears. Port Number: The number of the port. Media Type: The media type of the port, either TX or FX.
Page 265
4.5.4 Port Traffic Statistics In order to view the real-time port traffic statistics of the Managed Industrial PoE Ethernet Switch, select Port Traffic Statistics from the Switch Monitor menu and then the following screen page appears. Select: Choose the way of representing Port Traffic Statistics from the pull-down menu. Either “Rate”...
Page 266
4.5.5 Port Packet Error Statistics Port Packet Error Statistics mode counters allow users to view the port error of the Managed Industrial PoE Ethernet Switch. The event mode counter is calculated since the last time that counter was reset or cleared. Select Port Packet Error Statistics from the Switch Monitor menu and then the following screen page appears.
Page 267
4.5.6 Port Packet Analysis Statistics Port Packet Analysis Statistics Mode Counters allow users to view the port analysis history of the Managed Industrial PoE Ethernet Switch. Event mode counters are calculated since the last time that counter was reset or cleared. Select Port Packet Analysis Statistics from the Switch Monitor menu and then the following screen page appears.
Page 268
4.5.7 IEEE 802.1q Tag VLAN Table Select IEEE 802.1q Tag VLAN Table from the Switch Monitor menu and then the following screen page appears. VLAN Name: View-only filed that shows the VLAN name. VID: View-only filed that shows the VID. 4.5.8 LACP Monitor Click the LACP Monitor folder and then two options within this folder will be displayed.
Page 269
4.5.8.1 LACP Port Status LACP Port Status allows users to view a list of all LACP ports’ information. Select LACP Port Status from the LACP monitor menu and then the following screen page appears. In this page, you can find the following information about LACP port status: Port Number: The number of the port.
Page 270
4.5.8.2 LACP Statistics In order to view the real-time LACP statistics status of the Managed Industrial PoE Ethernet Switch, select LACP Statistics from the LACP Monitor menu and then the following screen page appears. Port: The port that LACP packets (LACPDU) are transmitted or received. LACP Transmitted: The current LACP packets transmitted from the port.
Page 271
4.5.9 RSTP Monitor Click the RSTP Monitor folder and then three options within this folder will be displayed. 4.5.9.1 RSTP Bridge Overview RSTP Bridge Overview allows users to view a list of RSTP brief information, such as Bridge ID, topology status and Root ID. Select RSTP Bridge Overview from the RSTP Monitor menu and then the following screen page appears.
Page 272
Topology: The state of the topology. Root ID: Display this Managed Industrial PoE Ethernet Switch’s Root ID. Root port: Display this Managed Industrial PoE Ethernet Switch’s Root Port Number. 4.5.9.2 RSTP Port Status RSTP Port Status allows users to view a list of all RSTP ports’ information. Select RSTP Port Status from the RSTP Monitor menu and then the following screen page appears.
Page 273
4.5.9.3 RSTP Statistics In order to view the real-time RSTP statistics status of the Managed Industrial PoE Ethernet Switch, select RSTP Statistics from the RSTP Monitor menu and then the following screen page appears. Port Number: The number of the port. RSTP Transmitted: The total transmitted RSTP packets from current port.
Page 274
4.5.10 802.1X/MAB Monitor Click the 802.1X/MAB Monitor folder and then two options within this folder will be displayed. 4.5.10.1 802.1X/MAB Port Status Port Status allows users to view a list of all 802.1x ports’ information. Select port status from the 802.1x/MAB Monitor menu and then the following screen page appears.
Page 275
Port: The number of the port. Port State: Display the number of the port 802.1x link state LinkDown or LinkUp. Last Source MAC: Display the MAC address of the port’s last Source. Last Username: Display the username of the port’s last login. Assigned VLAN: Display the VLAN assigned by 802.1xServer.
Page 276
4.5.11 IGMP/MLD Monitor Click the IGMP/MLD Monitor folder and then four options within this folder will be displayed. 4.5.11.1 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select IGMP Snooping Status from the IGMP/MLD Monitor menu and then the following screen page appears.
Page 277
Upon receiving an IGMP general query, the Managed Industrial PoE Ethernet Switch forwards it through all ports in the VLAN except the receiving port. Querier: The state of IGMP querier in the VLAN. Queries Transmitted: The total IGMP general queries transmitted will be sent to IGMP hosts. Queries Received: The total received IGMP general queries from IGMP querier.
Page 278
4.5.11.3 MLD Snooping Status MLD Snooping Status allows users to view a list of MLD queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select MLD Snooping Status from the IGMP/MLD Monitor menu and then the following screen page appears. Update: Click Update to update the MLD snooping status.
Page 279
Update: Click Update to update the MLD group table. VLAN ID: VID of the specific VLAN Group: The multicast IP address of MLD querier. Port: The port(s) grouped in the specific multicast group.
Page 280
4.5.12 SFP Information Click the SFP Information folder and then two options within this folder will be displayed. 4.5.12.1 SFP Port Info SFP Port Info displays each port’s slide-in SFP Transceiver information e.g. the speed of transmission, the distance of transmission, vendor Name, vendor PN, vendor SN, etc. Select SFP Port Info from the SFP Information menu and then the following screen page appears.
Page 281
Vendor PN: Vendor PN of the slide-in SFP Transceiver. Vendor SN: Vendor SN of the slide-in SFP Transceiver. 4.5.12.2 SFP Port State SFP Port State displays each port’s slide-in SFP Transceiver information e.g. the currently detected temperature, voltage, TX Bias, etc.. Select SFP Port State from the SFP Information menu and then the following screen page appears.
Page 282
4.5.13 DCHP Snooping DHCP Snooping displays the Managed Industrial PoE Ethernet Switch’s DHCP Snooping table. Select DHCP Snooping from the Switch Monitor menu and then the following screen page appears. Update: Click Update to update the DHCP snooping table. Cli Port: View-only field that shows where the DHCP client binding port is. Srv Port: View-only field that shows the port where the IP addrsss is obtained from VID: View-only field that shows the VLAN ID of the client port.
Page 283
4.5.14 MAC Limiters Status MAC Limiters Status displays the valid MAC Limit Status of each port. Update: Click Update to update the MAC Limiters status. Port: The number of each port. Limit: The MAC address threshold configured. Current: The current number of MAC address. 4.5.15 MAC Address Table MAC Address Table displays MAC addresses learned when MAC Address Learning is enabled.
Page 284
4.5.16 Layer 2 Protocol Tunneling Status Layer 2 Protocol Tunneling Status displays the state of each Layer 2 protocol data units (PDUs), and each PDU’s encapsulation as well as decapsulation statistics. Select Layer 2 Protocol Tunneling Status option from the Switch Monitor menu and then the following screen page appears.
Page 285
4.5.17 LLDP Status Select LLDP Status from the Switch Monitor menu and then the following screen page appears. Click Update to update the LLDP Status table. Local Port: View-only field that shows the port number on which LLDP frames are received. Chassis ID: View-only field that shows the MAC address of the LLDP frames received (the MAC address of the neighboring device).
Page 286
Remote Port: View-only field that shows the port number of the neighboring device. System Name: View-only field that shows the system name advertised by the neighboring device. Port Description: View-only field that shows the port description of the remote port. System Capabilities: View-only field that shows the capability of the neighboring device.
Page 287
4.5.19 Ring Detection Status Ring Detection Table displays the Ring Detection status of each port and the system. Select Ring Detection Status from the Switch Monitor menu and then the following screen page appears. Click Update to update the Ring Detection Table. Port Enable: Shows the status of whether Ring Detection on each port is enabled or disabled.
Page 288
4.5.20 Fast Redundancy Status Fast Redundancy Status allows users to view a list of Fast Redundancy detailed information. This status page is mainly divided into three subdivisions: Topology Change Status, allowing users to keep abreast of the dynamic change of the topology wherein the switches operate; Fast Redundancy Status, delivering a comprehensive information in exact accordance with the saved- configuration;...
Page 289
1. Entry: A designated number as either 1 or 2, which is given according to the sequence of added Fast Redundancy. The maximum number is 2. 2. Group ID: The group ID of the fast redundancy. 3. Description: The description of the group. 4.
Page 290
Fast Redundancy Statistics: Includes the following information. 1. Entry: A designated number as either 1 or 2, which given according to the sequence of the created Fast Redundancy. The maximum number is 2. 2. TX/RX Source Normal: The amount of packets successfully transmitted/received. 3.
Page 291
4.5.21 Digital Input/Output Status In order to view the current status of the digital Input/Output. Click the Digital Input/Output Status folder and then two options within this folder will be displayed. 4.5.21.1 Digital Input Status Select Input Status from the Digital Input/Output Status menu and then the following screen page appears.
Page 292
4.5.21.2 Digital Ouput Status Select Ouput Status from the Digital Input/Output Status menu and then the following screen page appears. Click Update to update the digital output, alarm and event status. Current Status: View-only field that shows the current status of Digital Output 1. Alarm: View-only field that shows whether the alarm is triggered or not.
Page 293
4.5.22 PoE Status In order to view PoE status of each TP port. Select PoE Status from the Switch Monitor menu and then the following screen page appears. Total PoE Power Consumption: View-only field that shows the total power in watt and the percentage currently used on the switch.
Page 294
4.6 System Utility System Utility allows users to easily operate and maintain the system. Select the folder System Utility from the Main Menu and then the following screen page appears. 1. Ping: Ping can help you test the network connectivity between the Managed Industrial PoE Ethernet Switch and the host.
Page 295
4.6.1 Ping Ping can help you test the network connectivity between the Managed Industrial PoE Ethernet Switch and the host. Select Ping from the System Utility menu and then the following screen page appears. Enter the IP/IPv6 address of the host you would like to ping. You can also specify count, timeout and size of the Ping packets.
Page 296
Diagnostic Port: Pull down the menu to select the desired port number as the diagnostic port for the loopback test. The diagnostic port you select should be configured as the VLAN TRUNK mode. VLAN ID: Specify the VLAN ID. Except the diagnostic port and the accompany port, this specified VLAN ID cannot be used by other ports.
Page 297
4.6.3 Event Log Event log keeps a record of switch-related information, such as user login, logout timestamp and so on. Select Event Log from the System Utility menu and then the following screen page appears. All event logs will be cleared when system reset occurs. Click Clear All to clear the record of all event logs.
Page 298
The related parameter description of the configuration update is as follows: Config Type: There are three types of the configuration file: Running-config, Default-config and Start-up- config. Running-config: Back up the data you’re processing. Default-config: Back up the data same as factory setting. Start-up-config: Back up the data same as last saved data.
Page 299
4.6.5 FTP/TFTP Upgrade The Managed Industrial PoE Ethernet Switch has both built-in TFTP and FTP clients. Users may save or restore their configuration and update their firmware. Select FTP/TFTP Upgrade from the System Utility menu and then the following screen page appears. Protocol: Select the preferred protocol, either FTP or TFTP.
Page 300
4.6.6 Load Factory Settings Load Factory Setting will set all the configurations of the Managed Industrial PoE Ethernet Switch back to the factory default settings, including the IP and Gateway address. Load Factory Setting is useful when network administrators would like to re-configure the system. A system reset is required to make all changes effective after Load Factory Setting.
Page 301
4.6.8 Auto-Backup Configuration In Managed Industrial PoE Ethernet Switch, the forementioned HTTP Upgrade and FTP/TFTP Upgrade functions are offered for the users to do the manual backup of the start-up configuration. Alternatively, you can choose the Auto-backup configuration function to do this backup automatically and periodically.
Page 302
Backup Time: Set up the time when the backup of the start-up configuration files will start every day for the system. Protocol: Either FTP or TFTP server can be selected to backup the start-up configuration files. File Type: Display the type of files that will be backed up. Server IP/IPv6 Address: Set up the IP/IPv6 address of FTP/TFTP server.
Page 303
4.7 Save Configuration In order to save the configuration permanently, users need to save configuration first before resetting the Managed Industrial PoE Ethernet Switch. Select Save Configuration from the the Main Menu and then the following screen page appears. Click OK to save the configuration. 4.8 Reset System To reboot the system, please select Reset System from the Main Menu and then the following screen page appears.
Page 304
APPENDIX A: Free RADIUS readme The advanced RADIUS Server Set up for RADIUS Authentication is described as below. When free RADIUS client is enabled on the device, On the server side, it needs to put this file "dictionary.sample" under the directory /raddb, and modify these three files - "users", "clients.conf"...
Page 305
APPENDIX B: Set Up DHCP Auto-Provisioning Networking devices, such as switches or gateways, with DHCP Auto-provisioning function allow you to automatically upgrade firmware and configuration at startup process. Before setting up DHCP Server for auto-upgrade of firmware and configuration, please make sure the Managed Industrial PoE Ethernet Switch that you purchased can support DHCP Auto-provisioning.
Page 306
Step 2. Set up Auto Provision Server Update DHCP Client Linux Fedora 12 supports “yum” function by default. First of all, update DHCP client function by issuing “yum install dhclient” command. Install DHCP Server Issue “yum install dhcp” command to install DHCP server.
Page 307
Copy dhcpd.conf to /etc/dhcp/ directory Copy dhcpd.conf file provided by the vendor to /etc/dhcp/ directory. Please note that each vendor has their own way to define auto provisioning. Make sure to use the file provided by the vendor. Enable and run DHCP service 1.
Page 308
Step 3. Modify dhcpd.conf file Open dhcpd.conf file in /etc/dhcp/ directory Double-click dhcpd.conf placed in /etc/dhcp/ directory to open it.
Page 309
Modify dhcpd.conf file The following marked areas in dhcpd.conf file can be modified with values that work with your networking environment. 1. Define DHCP default and maximum lease time in seconds. Default lease time: If a client does not request a specific IP lease time, the server will assign a default lease time value.
Page 310
5. This value is configurable and can be defined by users. 6. Specify the protocol used (Protocol 1: FTP; Protocol 0: TFTP). 7. Specify the FTP or TFTP IP address. 8. Login TFTP server anonymously (TFTP does not require a login name and password). 9.
Page 312
Every time when you modify dhcpd.conf file, DHCP service must be restarted. Issue “killall dhcpd” command to disable DHCP service and then issue “dhcpd” command to enable DHCP service. Step 4. Backup a Configuration File Before preparing a configuration file in TFTP/FTP Server, make sure the device generating the configuration file is set to “Get IP address from DHCP”...
Page 313
B. Auto-Provisioning Process This switching device is setting-free (through auto-upgrade and configuration) and its upgrade procedures are as follows: 1. The ISC DHCP server will recognize the device whenever it sends an IP address request to it, and it will tell the device how to get a new firmware or configuration. 2.
Page 314
APPENDIX C: VLAN Application Note Overview A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme instead of the physical layout. It can be used to combine any collection of LAN segments into a group that appears as a single LAN so as to logically segment the network into different broadcast domains.
Page 315
I. Port-Based VLAN Port-Based VLAN is uncomplicated in implementation and is useful for network administrators who wish to quickly and easily set up VLANs to isolate the effect of broadcast packets on their network. In the network diagram provided below, the network administrator is required to set up VLANs to separate traffic based on the following design conditions: ...
Page 316
Based on design conditions described above, port-based VLAN assignments can be summarized in the table below. VLAN Name Member ports Marketing 1, 21, 23, 48 2, 22, 23, 48...
Page 317
CLI Configuration: Steps… Commands… Switch> enable 1. Enter Global Configuration Password: mode. Switch# config Switch(config)# Switch(config)# vlan port-based Marketing 2. Create port-based VLANs OK ! “Marketing” and “RD” Switch(config)# vlan port-based RD OK ! Switch(config)# interface 1,21,23,48 3. Select port 1, 21, 23 and 48 to Switch(config-if-1,21,23,48)# configure.
Page 318
2. Click “New” to add a new Port-Based VLAN Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN 3. Add Port 1, 21, 23 and 48 in a group and name it to “Marketing”. Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN Click “OK” to apply the settings.
Page 319
4. Click “New” to add a new Port-Based VLAN Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN 5. Add Port 2, 22, 23 and 48 in a group and name it to “RD”. Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN Click “OK” to apply the settings.
Page 320
6. Check Port-Based VLAN settings. Switch Management>VLAN Configuration>Port Based VLAN>Configure VLAN NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Deafult_VLAN from the VLAN table, make sure you have correct management VLAN and VLAN mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Industrial PoE Ethernet Switch immediately when you enter the command.
Page 321
II. Data VLAN In networking environment, VLANs can carry various types of network traffic. The most common network traffic carried in a VLAN could be voice-based traffic, management traffic and data traffic. In practice, it is common to separate voice and management traffic from data traffic such as files, emails.
Page 322
Management Priority : 0 VLAN Name VLAN 48 CPU ------------- ---- -------- -------- --- Default_VLAN VVVVVVVV … VVVVVVVV DataVLAN V------- -------V NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Default_VLAN from the VLAN table, make sure you have correct management VLAN and VLAN mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Industrial PoE Ethernet Switch immediately when you enter the command.
Page 323
2. Create a new Data VLAN 11 that includes Port 1 and Port 48 as members. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>VLAN INterface Click “OK” to apply the settings.
Page 324
3. Edit a name for new Trunk VLAN 11 that includes Port 1 and 48 as member ports. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Trunk VLAN table Click “Edit”, the following screen shows up. The VLAN Name is only the editable item. Click “OK”...
Page 325
4. Check Trunk VLAN 11 settings. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>Trunk VLAN table 5. Change Port 1’s Access VLAN to 11, and set Port 48 to trunk mode. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN> VLAN Interface Click “OK” to apply the settings.
Page 326
Treatments of Packets: 1. A untagged packet arrives at Port 1 When an untagged packet arrives at Port 1, port 1’s Port VLAN ID (11) will be added to the original port. Because port 48 is set as a trunk port, it will forward the packet with tag 11 out to the Carrier Ethernet.
Page 327
III. Management VLAN For security and performance reasons, it is best to separate user traffic and management traffic. When Management VLAN is set up, only a host or hosts that is/are in this Management VLAN can manage the device; thus, broadcasts that the device receives or traffic (e.g. multicast) directed to the management port will be minimized.
Page 328
1. Change the Management default VLAN 1 into VLAN 15 that includes Port 45, 46, 47 and 48 under Access mode. Click “OK” to apply the settings. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Industrial PoE Ethernet Switch immediately when you click “OK”...
Page 330
2. Now, change the Management VLAN 15 into VLAN 20 and includes Port 45, 46 and 47 under Access mode (It’s necessary to include Port 46 to prevent the disconnection.) Click “OK” to apply the settings. Note: To check the current status of Management VLAN, please refer to IEEE 802.1q Tag VLAN Table or VLAN Interface.
Page 332
Web Management Configuration (Trunk Mode): In Management VLAN Network Diagram shown below, the management PC on the right would like to manage the Managed Industrial PoE Ethernet Switch on the left remotely. You can follow the steps described below to set up the Management VLAN. Management VLAN Network Diagram Supposed that the Management PC is remotely connected to Managed Industrial PoE Ethernet Switch Port 46 as shown above while we have a various of existing trunk vlan and the...
Page 333
1. Change the Management VLAN 15 into VLAN 20 that includes Port 45, 46, 47 under Trunk mode. Click “OK” to apply the settings. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Industrial PoE Ethernet Switch immediately when you click “OK”...
Page 334
IEEE 802.1q Tag VLAN Table VLAN Interface CLI Configuration(Access Mode): Supposed that we have the default Management VLAN whose VLAN ID is 1 for all ports, we can create new Management VLANs as required. This example is to demonstrate how to set up Management VLAN 15 and then change VLAN 15 into VLAN 20 on specified ports under Access mode.
Page 335
1. Change the Management default VLAN 1 into VLAN 15 that includes Port 45, 46, 47 and 48 under Access mode. Steps… Commands… Switch> enable 1. Enter Global Configuration Password: mode. Switch# configure Switch(config)# Switch(config)# vlan management-vlan 15 2. Assign VLAN 15 to management-port 45-48 mode access Management VLAN and Port OK !
Page 336
CLI Configuration(Trunk Mode): This part is to demonstrate how to change Management VLAN 15 into VLAN 20 on specified ports under Trunk mode. Supposed that we have the existing Management VLAN 15 on Port 45,46,47,48 and CPU, we can create new Management VLAN 20 as required. 1.
Page 337
IV. Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
Page 338
Default_VLAN. Before removing the Default_VLAN from the VLAN table, make sure you have correct management VLAN and VLAN mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Industrial PoE Ethernet Switch immediately when you enter the command. Web Management Configuration: 1.
Page 339
2. Create a new Service VLAN 15 that includes Port 1 and Port 48 as member ports. Switch Management>VLAN Configuration>IEEE 802.1q Tag VLAN>QinQ VLAN Configuration...
Page 340
Click enable Specify S-tag VID Check ISP port Click “OK” to apply the settings. NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Deafult_VLAN from the VLAN table, make sure you have correct management VLAN and PVID configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Industrial PoE Ethernet Switch immediately when you enter the command.
Page 341
This page is intentionally left blank. Revision History Manual Version Modification Firmware Version Date Add SSH function 1.08.90 2012/4 Remove CFM function Add “show default-setting” CLI command Modify Appendix C - VLAN Application 1.08.00 2011/9 Note with new CLI and Web GUI Revise VLAN descriptions...
Need help?
Do you have a question about the IPS-3106-SE and is the answer not in the manual?
Questions and answers