TRENDnet TEG-S2620I User Manual

Hide thumbs Also See for TEG-S2620I:

Specifications (3 pages)

Quick installation manual (10 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

page of 109

/ 109
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

Table of Contents

Need help?

Do you have a question about the TEG-S2620I and is the answer not in the manual?

Questions and answers

Summary of Contents for TRENDnet TEG-S2620I

Page 1 ...
Page 2: Table Of Contents
TABLE OF CONTENTS TABLE OF CONTENTS ....................................2 GETTING STARTED ....................................4 ............................4 ONNECTING TO THE WITCH ONSOLE ..................................4 ORT ETTING ............................4 ONNECTING TO THE WITCH EB ................................5 WITCH UNCTION EATURES OPERATION NOTICE .................................... 6 ...
Page 3 4.7.3 SIP/SMAC Binding ............................. 52 WEB USER INTERFACE ..................................53 ....................................53 AIN ..................................53 DMINISTRATION 5.2.1 IP Address Setting ............................. 54 Switch Setting ..............................54 5.2.2 Console Port Information ..........................56 5.2.3 5.2.4 Port Configuration ............................
Page 4: Getting Started
1 Getting Started Thanks for using the firmware for configuring EP‐5926. There is two ways to access the switch management. You can use the Console mode local management and Web‐based interface management. 1.1 Connecting to the Switch Console Port Users can use a RS‐232 non‐crossover serial cable to connect the PC’s COM port to the switch console port. The switch system provides the RS‐232 interface with baud rate 115200‐8‐n‐1. Use terminal emulation program (e.g. Windows HyperTerminal…) to configure the switch system. P C S ystem S w itch S ystem R S -232 cab le 1.2 PC COM Port Setting Baud rate =115200 Data bits = 8 Parity = None Stop bits = 1 Flow control = None 1.3 Connecting to the Switch Web Port Users can use a CAT‐5/6 cable to connect the PC’s LAN port to one of the switch Ethernet port. Use web browser program (e.g. Internet Explorer, Mozilla Firefox) to configure the switch system. See section 3.3. Web login for exhaustive login information. ...
Page 5: Switch Function Features
1.4 Switch Function Features This system provides the following function features to facilitate network management, security and controls: 24 10/100Mbps RJ‐45 ports and 2 10/100/1000Mbps module ports 1 serial (RS‐232) port for console management Support up to 9KB jumbo frame Command line interface (CLI) and browse‐independent, secured web‐based managements (HTTPS) Up to 13‐group and 8‐member per group of static and LACP link aggregation (trunk) Up to 512‐group of port‐based and tag‐based (802.1q) VLAN GVRP for tag‐based VLAN Per‐port storm control for flooded unicast, multicast, IP multicast, broadcast and control packets Spanning‐tree protocols: STP (802.1d), RSTP (802.1w), MSTP (802.1s) IGMP Snooping & Query (IGMP v1/v2) SNMP v1/v2c/v3 management and trap function Support MIB tables: MIB‐II (RFC 1213), Bridge MIBs (RFC 1493), Ethernet‐like MIB (RFC 1643 & RFC 2665), private‐MIB, USM‐MIB (RFC 2574), VACM‐MIB (RFC 2575) and RMON‐MIB 1, 2, 3, 9 groups (RFC 1757& RFC 2819) Telnet/SSH function for remote console management (SSH will be available soon) TFTP and HTTP firmware update and configuration backup/restore Remote Syslog function Static and dynamic MAC table management MAC filtering function MAC limit function Port sniffer (mirroring) Forwarding scope (Protected port) Port status, control, security and statistics Static or DHCP (dynamic) IP address setting DHCP relay & option 82 function Ingress and egress rate control with 128Kbps resolution QoS with 8‐level port priority to 4‐level queue mapping and strict / 802.1p / WRR priority options User login management 802.1x port access control supporting EAP‐MD5, EAP‐TLS and EAP‐PEAP authentication types Layer 2/3/4 access control list (ACL) with 220 rule entries Source IP‐MAC and port binding access control Q‐in‐Q VLAN function LLDP protocol ...
Page 6: Operation Notice
2 Operation Notice To enter the “configuration” mode, you need to be in the privileged mode, and then type the command configure Switch# configure Switch (config) # 2.1 Command Line Editing The following generic function keys provide functions in all of the menus: Keys Function <Ctrl>‐B; ← Moves the cursor back one character. <Ctrl>‐D Deletes the character at the cursor. <Ctrl>‐E Jumps to the end of the current command line. <Ctrl>‐F; → Moves the cursor forward one character. <Ctrl>‐K Deletes from the cursor to the end of the command line. <Ctrl>‐N; ↓ Enters the next command line in the command history. <Ctrl>‐P; ↑ Enters the previous command line in the command history. <Ctrl>‐U Deletes from the cursor to the beginning of the command line. <Ctrl>‐W Deletes the last word typed. <Esc> B Moves the cursor backward one word. <Esc> D Deletes from the cursor to the end of the word. <Esc> F Moves the cursor forward one word. <Backspace> Delete the character before the cursor. <Del> ...
Page 7: Command Help
2.2 Command Help You may enter ? at any command mode, and the CLI will return possible commands at that point, along with some description of the keywords: Switch (config) # copy tftp? running‐config Running configurations flash Flash configurations firmware Download firmware You may use the <Tab> key to do keyword auto completion: Switch (config) # copy tftp r<Tab> Switch (config) # copy tftp running‐config You do not need to type in the entire commands; you only need to type in enough characters for the CLI to recognize the command as unique. The following example shows you how to enter the show running‐config command: Switch (config) # sh ru ...
Page 8: How To Use Loader
2.3 How to Use Loader 2.3.1 Connect switch Use the following setting to connect PC to Switch with RS‐232 cable: Baud Rate 115200 Data Bits 8 Parity None Stop bits 1 Flow Control None PC needs to connect one of the Switch Ethernet port with a CAT‐5/5e/6 cable if loader or firmware image needs to be updated through TFTP in loader mode. 2.3.2 Enter loader Set the HyperTerminal as top table and open the HyperTerminal first. Power on the Switch and press any key to enter into the loader mode when count down message is shown up. Then switch enters into the loader mode when the prompt is shown. 2.3.3 Commands in loader ? – alias for 'help'. To list all available commands in loader For example: tftpupdate – to update firmware or loader image through TFTP network transfer Loader # tftpupdate ImageFileName TftpServerIP TargetBoardIP [loader] Update image via network using TFTP protocol with specified parameters: ImageFileName – the new firmware/loader image file for update. TftpServerIP – the PC’s IP who has TFTP server service. TargetBoardIP – the switch’s IP you can set it. loader – if update loader it needed, if update firmware it not needed. ...
Page 9 TFTP transfer is done. Then the new image will be written into the flash if image checksum is verified. Power off and on the switch to activate the new loader. Another example is to update new firmware file with TFTP in loader. PC should have TFTP server and open it. Enter the command: Loader # tftpupdate image.2510.img 192.168.223.119 192.168.223.1 TFTP transfer is done. Then the new image will be written into the flash if image checksum is verified. ...
Page 10 After flash writing is completed, system will be automatically rebooted to start the new firmware image: kermit – to update firmware or loader image through serial (RS‐232) line transfer in Kermit mode Loader # kermit [loader]‐ update image file over serial line (kermit mode) loader – if update loader it needed, if update firmware it not needed. Here is an example to use the serial line to update new loader: Loader # kermit loader Select send file: filename select the loader image “armboot.bin.img” to update, Protocol “kermit”. ...
Page 11 Press Send button The following next messages will be shown when Kermit transfer is completed. Successfully update the loader. Finally power off and on to activate the new loader. For updating new firmware image over serial line, use the following command: ...
Page 12 Just like the descriptions of loader image updating, send the selected firmware image file “image.2510.img” then wait for the updating procedure is done and the system will be rebooted to activate the new firmware service. version – print monitor version help – <command> print monitor version command – the command in loader For example: ...
Page 13: Login
3 Login 3.1 Power‐On Self‐Testing The power‐on self‐testing is running immediately after the switch system is powered up. The self‐testing program diagnoses the hardware components of a switch system. After hardware tests are all passed, the system will detect and display the module slot status and start the initializations. The system will be in ready state while the prompt is showing up. ======================================= 24 + 2 Switch Module Slot Information ======================================= Slot 1 ..Yes Slot 2 ..Yes ======================================= Username: 3.2 Console Login When you connect to the switch with a terminal emulation program, a login screen is displayed. Enter a user name and password to login to access the switch. ...
Page 14 Items Option Default Value Username Max: 6, Min: 1 characters, case sensitive admin Password Max: 6, Min: 1 characters, case sensitive 123 After user login verification, the homepage of the switch will be shown as below. ...
Page 15: Console User Interface
4 Console User Interface 4.1 System Commands show running‐config Display the running configuration of the switch. copy running‐config startup‐config Backup the switch configurations. erase startup‐config Reset to default factory settings at next boot time. clear arp [<ip‐addr>] Clear entries in the ARP cache. Parameters: [<ip‐addr>] specifies the IP address to be cleared. If no IP address is entered, the entire ARP cache is cleared. show arp Show the IP ARP translation table. ping ip‐addr [<1..999>] Send ICMP ECHO_REQUEST to network hosts. Parameters: [<1..999>] specifies the number of repetitions. If not entered, it will continue to ping until you press <Ctrl>‐C to stop. [no] per‐vlan‐flooding‐portmask Enable or disable per VLAN default flooding portmask. per‐vlan‐flooding‐portmask <unicast | multicast> <vlan‐id> <port‐list> Set unicast or multicast per VLAN default flooding portmask. show per‐vlan‐flooding‐portmask Display unicast and multicast per VLAN default flooding portmask table. ...
Page 16: Switch Static Configuration
4.2 Switch Static Configuration 4.2.1 Port Configuration and Status port state <on | off> [<port‐list>] Turn the port state on or off. Parameters: <port‐list> specifies the ports to be turn on or off. If not entered, all ports are turn on or off. port nego <force | auto | nway‐force> [<port‐list>] Set port negotiation. Parameters: <port‐list> specifies the ports to be set.If not entered, all ports are set. port speed <10 | 100 | 1000> <full | half> [<port‐list>] Set port speed (in mbps) and duplex. Parameters: <port‐list> specifies the ports to be set. If not entered, all ports are set. port flow <enable | disable> <enable | disable> [<port‐list>] Enable or disable port flow control. Parameters: <enable | disable> enables or disables flow control in full duplex mode. <enable | disable> enables or disables flow control in half duplex mode. <port‐list> specifies the ports to be set. If not entered, all ports are set. port rate <ingress | egress> <0..8000> [<port‐list>] Set port effective ingress or egress rate. Parameters: <0..8000> specifies the ingress or egress rate.<0..8000> <port‐list> specifies the ports to be set. If not entered, all ports are set. port security <on | off> [<port‐list>] Set port priority. When port security is on, the port will stop MAC address learning, and forward only packets with MAC address in the static MAC address table. Parameters: <port‐list> specifies the ports to be set. If not entered, all ports are set. port protected group <1‐2> <port‐list> Set protected port group member. ...
Page 17 Show port status, including port State,Link,Trunking,VLAN,Negotiation,Speed,Duplex,Flow control, Rate control ,Priority,Security,BSF control. show port statistics <port‐id> Show port statistics, including TxGoodPkt, TxBadPkt, RxGoodPkt, RxBadPkt,TxAbort, Collision, and DropPkt. Parameters: <port‐id> specifies the port to be shown. show port protection Show protected port information. ...
Page 18: Trunk
4.2.2 Trunk Trunk allows the switch to combine ports so that they function like a single high‐speed link. It can be used to increase the bandwidth to some devices to provide a high‐speed link. For example, trunk is useful when making connections between switches or connecting servers to the switch. Trunk can also provide a redundant link for fault tolerance. If one link in the trunk failed, the switch can balance the traffic among the remaining links. NOTE: 1: The 10/100 Mbps port cannot be trunked with gigabit port (port 25~26). 2: All ports in the same trunk group will be treated as a single port. If a trunk group exists, the ports belonging to that trunk will be replaced by “TRUNK #” in the VLAN configuration screen. The following example configures port 25~26 as “TRUNK 1.” 4.2.2.1 Trunking Commands show trunk Show trunking information. trunk add <trunk‐id> <lacp | no‐lacp> <port‐list> <active‐port‐list> Add a new trunk group. Parameters: <trunk‐id> specifies the trunk group to be added. <lacp> specifies the added trunk group to be LACP enabled. <no‐lacp> specifies the added trunk group to be LACP disabled. <port‐list> specifies the ports to be set. <active‐port‐list> specifies the ports to be set to LACP active. no trunk <trunk‐id> Delete an existing trunk group. Parameters: <trunk‐id> specifies the trunk group to be deleted. ...
Page 19 4.2.2.2 LACP Commands [no] lacp Enable/disable LACP. lacp system‐priority <1..65535> Set LACP system priority. Parameters: <1..65535> specifies the LACP system priority. no lacp system‐priority Set LACP system priority to the default value 32768. show lacp status Show LACP enable/disable status and system priority. show lacp Show LACP information. show lacp agg <trunk‐id> Show LACP aggregator information. Parameters: <trunk‐id> specifies the trunk group to be shown. show lacp port <port‐id> Show LACP information by port. Parameters: <port‐id> specifies the port to be shown. NOTE: If VLAN group exist, all of the members of static trunk group must be in same VLAN group. ...
Page 20: Vlan
4.2.3 VLAN 4.2.3.1 Virtual LANs A Virtual LAN (VLAN) is a logical network group that limits the broadcast domain. It allows you to isolate network traffic so only members of the VLAN receive traffic from the same VLAN members. Basically, creating a VLAN within a switch is logically equivalent of reconnecting a group of network devices to another Layer 2 switch. However, all the network devices are still plugged into the same switch physically. A station can belong to more than one VLAN group. VLAN prevents users from accessing network resources of another on the same LAN, thus the users can not see the hard disks and printers of another user in the same building. VLAN can also increase the network performance by reducing the broadcast traffic and enhance the security of the network by isolating groups. This Switch supports two types of VLANs: • Port‐based • IEEE 802.1Q (tag) ‐based Only one of the two VLAN types can be enabled at one time. Port‐based VLANs are VLANs where the packet forwarding decision is made based on the destination MAC address and its associated port. You must define the outgoing ports allowed for each port when you use port‐based VLANs. In port‐based VLANs, the packets received from one port can only be sent to the ports which are configured to the same VLAN. As shown in the following figure, the switch administrator configured port 1~2 as VLAN 1 and port 3~4 as VLAN 2. The packets received from port 1 can only be forwarded to port 2. The packets received from port 2 can only be forwarded to port 1. That means the computer A can send packets to computer B, and vice versa. The same situation also occurred in VLAN 2. The computer C and D can communicate with each other. However, the computers in VLAN 1 can not see the computers in VLAN 2 since they belonged to different VLANs. ...
Page 21 IEEE 802.1Q (tag) ‐based VLANs enable the Ethernet functionality to propagate tagged packets across the bridges and provides a uniform way for creating VLAN within a network then span across the network. For egress packet, you can choose to tag it or not with the associated VLAN ID of this port. For ingress packet, you can forward this packet to a specific port as long as it is also in the same VLAN group. The 802.1Q VLAN works by using a tag added to the Ethernet packets. The tag contains a VLAN Identifier (VID) which belongs to a specific VLAN group. And ports can belong to more than one VLAN. The difference between a port‐based VLAN and a tag‐based VLAN is that the tag‐based VLAN truly divided the network into several logically connected LANs. Packets rambling around the switches can be forwarded more intelligently. In the figure shown below, by identifying the tag, broadcast packets coming from computer A in VLAN1 at sw1 can be forwarded directly to VLAN1. However, the switch could not be so smart in the port‐based VLAN mechanism. Broadcast packets will also be forwarded to port 4 of sw2. It means the port‐based VLAN can not operate a logical VLAN group among switches. The TEG‐S2620Isupports both port‐based VLAN and tag‐based (802.1Q) VLAN modes. The default configuration is tag‐based (802.1Q) VLAN. In the 802.1Q VLAN, initially, all ports on the switch belong to default VLAN, VID is 1. NOTE: You cannot delete the default VLAN group in 802.1Q VLAN mode. ...
Page 22 4.2.3.2 VLAN Mode VLAN Mode: Port based Packets can go among only members of the same VLAN group. Note all unselected ports are treated as belonging to another single VLAN. If the port‐based VLAN enabled, the VLAN‐tagging is ignored. show vlan mode Display the current VLAN mode. vlan mode (disabled|port‐based|dot1q) Change VLAN mode. Parameters: (disabled|port‐based|dot1q) specifies the VLAN mode. NOTE: Change the VLAN mode for every time, user have to restart the switch for valid value. VLAN Mode: 802.1Q If a trunk group exists, you can see it (e.g. TRUNK1, TRUNK2…) after port 24. And, you can configure it to be a member of the VLAN group. In the setting, port was set to Untagged if devices underneath this port do not support VLAN‐tagging. Thus the switch can send untagged frames to this port. Consequently, device that do not support VLAN‐tagging or do not enable VLAN tagging could successfully fetch the incoming frames and could communicate with device that transfers tagged frames, and vice versa. In the following figure, two different types of devices want to communicate with each other. Since computer A support 802.1Q VLAN and computer B do not, you have to configure two ports both beneath the same VLAN group, and set left port to “Tagged”, right port to “Untagged”. Therefore, two devices will receive packet type as they desired. ...
Page 23 4.2.3.3 Advanced 802.1Q VLAN Setting Ingress filters configuration When a packet was received on a port, you can govern the switch to drop it or not if it is an untagged packet. Furthermore, if the received packet is tagged but not belonging to the same VALN group of the receiving port, you can also control the switch to forward or drop the packet. The example below configures the switch to drop the packets not belonging to the same VLAN group and forward the packets not containing VLAN tags. VLAN Commands show vlan mode Display the current VLAN mode. vlan mode (disabled|port‐based|dot1q) Change VLAN mode. Parameters: (disabled|port‐based|dot1q) specifies the VLAN mode. NOTE: Change the VLAN mode for every time, user have to restart the switch for valid value. vlan add <1‐4094> <NAME> <cpu‐port|no‐cpu‐port> <LIST> [<LIST>] Add or edit VLAN entry. Parameters: <1‐4094> specifies the VLAN id or Group id (if port based VLAN mode) <NAME> specifies the VLAN group name. <cpu‐port|no‐cpu‐port> specifies the CPU port belong this VLAN group. <LIST> specifies the ports to be set to VLAN members. [<LIST>] specifies the ports to be set to tagged members. If not entered, all members set to untagged. e.g. vlan add 1 vlan1 cpu‐port 1‐4 . This VLAN entry has four members (from port1 to port4) and all members are untagged. no vlan <1‐4094> Delete VLAN entry. Parameters: <1‐4094> specifies the VLAN id or group id (if port based VLAN). e.g. no vlan 1 show vlan [<1‐4094>] Show VLAN entry information. Parameters: [<1‐4094>] specifies the VLAN id, null means all valid entries. e.g. show vlan 1 ...
Page 24 <enable|disable> specifies the untagged frame will be dropped or not. If set enable, drop untagged frame. <LIST> specifies the port or trunk list (eg. 3, 6‐8, Trk2) show vlan filter [<LIST>] Show VLAN filter setting. Parameters: [<LIST>] specifies the ports to be showed. If not entered, all ports’ filter rules will be showed. GVRP Commands [no] gvrp Enable or disable GVRP. show gvrp status Show GVRP enable or disable status. [no] port gvrp <LIST> Enable or disable GVRP by port. Parameters: <LIST> specifies the port or trunk list to be set show port gvrp Show GVRP status by port. garp timer <join | leave | leave‐all> <0..65535> Set GARP timer. Parameters: <join | leave | leave‐all> specifies a timer (Join, Leave, or Leave‐All) to be set <0..65535> specifies the timer in seconds. show garp timer Show GARP timer. show gvrp db Show GVRP DB. show gvrp gip Show GVRP GIP. show gvrp machine Show GVRP machine. ...
Page 25 The VLAN ranges required by different customers in the same service‐provider network might overlap, and traffic of customers through the infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer would restrict customer configurations and could easily exceed the VLAN limit (4096) of the IEEE 802.1Q specification. Using the QinQ feature, service ...
Page 26 A port configured to support network end of QinQ tunnel is called a QinQ uplink‐port. Use this command to enable/disabel QinQ uplinkport to specified port(s). qinq tunnel add <1‐25> <1‐4094> <LIST> Add QINQ tunnel. Parameters: <1‐25> specifies the tunnel ID <1‐4094> specifies the VLAN ID <LIST> specifies the ports to be set to QINQ tunnel. qinq tunnel delete <1‐25> Delete QinQ tunnel. Parameters: <1‐25> specifies the tunnel ID show qinq configuration Show QinQ global and portal configuration show qinq tunnel Show QinQ tunnel information For example, refer to the figure of QinQ application in previous page, a QinQ tunnel using VLAN10 wants to be created for Sales VLAN100 across the public network. Port1 on left‐side switch connects to Sales VLAN100 client. Port16 of switch connects to the public network. The following commands needs to be set: qinq enable qinq tpid 8100 qinq userport enable 1 qinq uplinkport enable 16 qinq tunnel add 1 10 1,16 ...
Page 27: Misc Configuration
4.2.4 Misc Configuration [no] mac‐age‐time Enable or disable MAC address age‐out. mac‐age‐time <6..1572858> Set MAC address age‐out time. Parameters: <6..1572858> specifies the MAC address age‐out time. The value must be divisible by 6. Type the number of seconds that an inactive MAC address remains in the switch’s address table show mac‐age‐time Show MAC address age‐out time broadcast mode <off | 1/2 | 1/4 | 1/8 | 1/16> Set broadcast storm filter mode to off, 1/2, 1/4, 1/8, 1/16 broadcast select <unicast/multicast | control packet | ip multicast | broadcast> Select the Broadcast storm filter packet type: Unicast/Multicast: Flood unicast/multicast filter Control Packets: Control packets filter IP multicast: Ip multicast packets filter Broadcast Packets: Broadcast Packets filter Collision‐Retry <off | 16 | 32 | 48> Parameters: <off|16|32|48> In half duplex, collision‐retry maximum is 16, 32 or 48 times and packet will be dropped if collisions still happen. In default (off), if collision happens, it will retry forever. Hash <crc‐hash | direct‐map> Set hash algorithm to CRC‐Hash or DirectMap. 4.2.5...
Page 28: Administration
Administration 4.2.5.1 Change Username/Password hostname <name‐str> Set switch name. <name‐str> specifies the switch name. If you would like to have spaces within the name, use quotes (“”) around the name. no hostname Reset the switch name to factory default setting. [no] password <manager | operator | all> Set or remove username and password for manager or operator. The manager username and password is also used by the web UI. 4.2.5.2 IP Configuration User can configure the IP setting and fill in the new value. ip address <ip‐addr> <ip‐mask> Set IP address and subnet mask. ip default‐gateway <ip‐addr> Set the default gateway IP address. show ip Show IP address, subnet mask, and the default gateway. show info Show basic information, including system info, MAC address, and firmware version. dhcp Set switch as dhcp client, it can get ip from dhcp server NOTE: If this command is set, the switch will reboot. show dhcp show dhcp enable/disable ...
Page 29: Port Mirroring
4.2.6 Port Mirroring Port monitoring is a feature to redirect the traffic occurred on every port to a designated monitoring port on the switch. With this feature, the network administrator can monitor and analyze the traffic on the entire LAN segment. In EP‐5926, you can specify one port to be the monitoring port and any single port to be the monitored port. You also can specify the direction of the traffic that you want to monitor. After properly configured, packets with the specified direction from the monitored ports are forwarded to the monitoring port. NOTES: 1. The default Port Monitoring setting is disabled. 2. The analysis port is dedicated as mirroring port with duplicated traffic flow from mirrored port. The ordinary network traffic is not available for the analysis port. 3. Any trunk group and member port is not available for this function mirror‐port <rx | tx | both> <port‐id> <port‐list> Set port monitoring information. (RX only|TX only|both RX and TX) Parameters: rx specifies monitoring rx only. tx specifies monitoring tx only. both specifies monitoring both rx and tx. <port‐id> specifies the analysis port ID. This port receives traffic from all monitored ports. <port‐list> specifies the monitored port list. show mirror‐port Show port monitoring information ...
Page 30: Quality Of Service
4.2.7 Quality of Service There are four transmission queues with different priorities in EP‐5926: Highest, SecHigh, SecLow and Lowest. The switch will take packets from the four queues according to its QoS mode setting. If the QoS mode was set to “Disable”, the switch will not perform QoS on its switched network. If the QoS mode was set to “High Empty Then Low”, the switch will never exhaust packets from a queue until the queues with higher priorities are empty. If the QoS mode was set to “weight ratio”, the switch will exhaust packets from the queues according to the ratio. The default value of QoS mode is “weight 8:4:2:1.” That means the switch will first exhaust 8 packets from the queue with highest priority, and then exhaust 4 packets from the queue with second high priority, and so on. When the switch received a packet, the switch has to decide which queue to put the received packet into. In EP‐5926, the switch will put received packets into queues according to the settings of “802.1p Priority” and “Static Port Ingress Priority.” When the received packet is an 802.1p tagged packet, the switch will put the packet into a queue according to the 802.1p Priority setting. Otherwise, the switch will put the packet into a queue according the setting of Static Port Ingress Priority. 802.1p Priority: the 802.1p packet has a priority tag in its packet header. The range of the priority is 7~0. The TEG‐S2620Ican specify the mapping between 802.1p priority and the four transmission queues. In the default setting, the packets with 802.1p priority 0~1 are put into the queue with lowest priority, the packets with 802.1p priority 2~3 are put into queue with second low priority, and so on. Static Port Ingress Priority: each port is assigned with one priority 7~0. The priority of the packet received from one port is set to the same priority of the receiving port. When the priority of the received packet was determined, the packet is treated as an 802.1p packet with that priority and will be put into a queue according to the 802.1p Priority setting. 4.2.7.1 QoS Configuration QoS Mode: First Come First Service: The sequence of packets sent is depending on arrive orders. All High before Low: The high priority packets sent before low priority packets. WRR: Weighted Round Robin. Select the preference given to packets in the switch's high‐priority queue. These options represent the number of higher priority packets sent before one lower priority packet is sent. For example, 8 Highest：4 second‐high means that the switch sends 8 highest‐priority packets before sending 4 second‐high priority packets. Qos Level: 0~7 priority level can map to highest, second‐high, second‐low, lowest queue. Commands: qos priority <first‐come‐first‐service | all‐high‐before‐low |weighted‐round‐robin> [<highest‐weight>][<sechigh‐weight>][<sec low ‐weight>] [<lowest‐weight>] ...
Page 31 Show QoS configurations, including 802.1p priority, priority level. e.g. show qos QoS configurations: QoS mode: first come first service Highest weight: 8 Second High weight: 4 Second Low weight: 2 Lowest weight: 1 802.1p priority[0‐7]: Lowest Lowest SecLow SecLow SecHigh SecHigh Highest Highest 4.2.7.2 Per Port Priority port priority <disable | [0‐7]> [<port‐list>] Set port priority. Parameters: [<port‐list>] specifies the ports to be set. If not entered, all ports are set. e.g. port priority disable 1‐5 ...
Page 32: Mac Address Table
4.2.8 MAC Address Table clear mac‐address‐table Clear all dynamic MAC address table entries. mac‐address‐table static <mac‐addr> <vlan‐id> <port‐id | port‐list> Set static unicast or multicast MAC address. If multicast MAC address (address beginning with 01:00:5E) is supplied, the last parameter must be port‐list. Otherwise, it must be port‐id. no mac‐address‐table static <mac‐addr> <vlan‐id> Delete static unicast or multicast MAC address table entries. show mac‐address‐table Display MAC address table entries. show mac‐address table static Display static MAC address table entries. show mac‐address‐table multicast Display multicast related MAC address table. smac‐address‐table static <mac‐addr> <vlan‐id> <port‐id | port‐list> Set static unicast or multicast MAC address in secondary MAC address table. If multicast MAC address (address beginning with 01:00:5E) is supplied, the last parameter must be port‐list. Otherwise, it must be port‐id. show smac‐address‐table Display secondary MAC address table entries. show smac‐address‐table multicast Display multicast related secondary MAC address table. [no] filter <mac‐addr> <vlan‐id> Set MAC address filter. The packets will be filtered if both of the destination MAC address and the VLAN tag matches the filter entry. If the packet does not have a VLAN tag, then it matches an entry with VLAN ID 1. show filter ...
Page 33: Mac Limit
4.2.9 MAC Limit MAC limit allows users to set a maximum number of MAC addresses to be stored in the MAC address table. The MAC addresses chosen to be stored in MAC address table is the result of first‐come‐first‐save policy. Once a MAC address is stored in the MAC address table, it stays in until it is aged out. When an “opening” is available, the switch stored the first new MAC address it sees in that opening. All packets from MAC addresses not in the MAC address table should be blocked. User can configure the MAC limit setting and fill in the new value. mac‐limit Enable MAC limit. no mac‐limit Disable MAC limit. Mac‐limit <port‐list> <1‐64> Set port MAC limit value, 0 to turn off MAC limit of port. show mac‐limit Show MAC limit information, including MAC limit enable/disable, per‐port MAC limit setting. ...
Page 34: Protocol Related Configuration
4.3 Protocol Related Configuration 4.3.1 STP/RSTP [no] spanning‐tree Enable or disable spanning‐tree. spanning‐tree forward‐delay <4‐30> Set spanning tree forward delay used, in seconds. Parameters: <4‐30> specifies the forward delay, in seconds. Default value is 15. Note: The parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) spanning‐tree hello‐time <1‐10> Set spanning tree hello time, in seconds. Parameters: <1‐10> specifies the hello time, in seconds. Default value is 2. Note: The parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) spanning‐tree maximum‐age <6‐40> Set spanning tree maximum age, in seconds. Parameters: <6‐40> specifies the maximum age, in seconds. Default value is 20. Note: The parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) spanning‐tree priority <0‐61440> Set spanning tree bridge priority. Parameters: <0‐61440> specifies the bridge priority. The value must be in steps of 4096. spanning‐tree port path‐cost <1‐200000000> [<port‐list>] Set spanning tree port path cost. Parameters: <1‐200000000> specifies port path cost. [<port‐list>] specifies the ports to be set. Null means all ports. spanning‐tree port priority <0‐240> [<port‐list>] ...
Page 35 Change spanning tree protocol version. Parameters: stp specifies the original spanning tree protocol (STP,802.1d). rstp specifies rapid spanning tree protocol (RSTP,802.1w). [no] spanning‐tree port mcheck [<port‐list>] Force the port to transmit RST BPDUs. No format means not force the port to transmit RST BPDUs. Parameters: [<port‐list>] specifies the ports to be set. Null means all ports. [no] spanning‐tree port edge‐port [<port‐list>] Set the port to be edge connection. No format means set the port to be non‐edge connection. Parameters: [<port‐list>] specifies the ports to be set. Null means all ports. [no] spanning‐tree port non‐stp [<port‐list>] Disable or enable spanning tree protocol on this port. Parameters: [<port‐list>] specifies the ports to be set. Null means all ports. spanning‐tree port point‐to‐point‐mac <auto | true | false> [<port‐list>] Set the port to be point to point connection. Parameters: auto specifies point to point link auto connection. true specifies point to point link true. false specifies point to point link false. [<port‐list>] specifies the ports to be set. Null means all ports. ...
Page 36: Mstp
4.3.2 MSTP [no] spanning‐tree Enable or disable multiple spanning tree. [no] spanning‐tree debug Enable or disable multiple spanning tree debugging information. spanning‐tree forward‐delay <4‐30> Set spanning tree forward delay of CIST, in seconds. Parameters: <4‐30> specifies the forward delay, in seconds. Default value is 15. Note: The parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) spanning‐tree hello‐time <1‐10> Set spanning tree hello time of CIST, in seconds. Parameters: <1‐10> specifies the hello time, in seconds. Default value is 2. Note: The parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) spanning‐tree maximum‐age <6‐40> Set spanning tree maximum age of CIST, in seconds. Parameters: <6‐40> specifies the maximum age, in seconds. Default value is 20. Note: The parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) spanning‐tree priority <0‐61440> Set spanning tree bridge priority of CIST and all MSTIs. Parameters: <0‐61440> specifies the bridge priority. The value must be in steps of 4096. Default value is 32768. spanning‐tree protocol‐version { stp | mstp } Set spanning tree protocol version of CIST. Parameters: stp specifies the original spanning tree protocol (STP,802.1d). mstp specifies the multiple spanning tree protocol (MSTP,802.1s). ...
Page 37 Set spanning tree port path cost of CIST. Parameters: <1‐200000000> specifies port path cost. [<port‐list>] specifies the ports to be set. Null means all ports. spanning‐tree port priority <0‐240> [<port‐list>] Set spanning tree port priority of CIST. Parameters: <0‐240> specifies the port priority. The value must be in steps of 16. [<port‐list>] specifies the ports to be set. Null means all ports. [no] spanning‐tree port mcheck [<port‐list>] Force the port of CIST to transmit MST BPDUs. No format means not force the port of CIST to transmit MST BPDUs. Parameters: [<port‐list>] specifies the ports to be set. Null means all ports. [no] spanning‐tree port edge‐port [<port‐list>] Set the port of CIST to be edge connection. No format means set the port of CIST to be non‐edge connection. Parameters: [<port‐list>] specifies the ports to be set. Null means all ports. [no] spanning‐tree port non‐stp [<port‐list>] Disable or enable spanning tree protocol on the CIST port. Parameters: [<port‐list>] specifies the ports to be set. Null means all ports. spanning‐tree port point‐to‐point‐mac <auto | true | false> [<port‐list>] Set the port of CIST to be point to point connection. Parameters: auto specifies point to point link auto connection. true specifies point to point link true. false specifies point to point link false. [<port‐list>] specifies the ports to be set. Null means all ports. spanning‐tree mst <0‐15> priority <0‐61440> Set spanning tree bridge priority of MSTI. Parameters: <0‐15> specifies the MSTI instance ID. <0‐61440> specifies the MSTI bridge priority. The value must be in steps of 4096. Default value is 32768. ...
Page 38 Set spanning tree port priority of MSTI. Parameters: <0‐240> specifies the port priority. The value must be in steps of 16. [<port‐list>] specifies the ports to be set. Null means all ports. no spanning‐tree mst <0‐15> Delete the specific MSTI. Parameters: <0‐15> specifies the MSTI instance ID. show spanning‐tree Show spanning‐tree information of CIST. show spanning‐tree port [<port‐list>] Show spanning tree port information of CIST. Parameters: [<port‐list>] specifies the port to be shown. Null means all ports. show spanning‐tree mst configuration Show MST instance map. show spanning‐tree mst <0‐15> Show MST instance information. Parameters: <0‐15> specifies the MSTI instance ID. show spanning‐tree mst <0‐15> port <1‐26> Show specific port information of MST instance. Parameters: <0‐15> specifies the MSTI instance ID. <1‐26> specifies port number. show vlan spanning‐tree Show per VLAN per port spanning tree status. ...
Page 39: Snmp
4.3.3 SNMP Any Network Management running the simple Network Management Protocol (SNMP) can be management the switch. 4.3.3.1 System Options Snmp /no snmp Enable or disable SNMP. Show snmp status Show enable or disable status of SNMP. snmp system‐name <name‐str> Set agent system name string. Parameters: <name‐str> specifies the system name string. e.g. snmp system‐name SWITCH snmp system‐location <location‐str> Set agent location string. Parameters: <location‐str> specifies the location string. e.g. snmp system‐location office snmp system‐contact <contact‐str> Set agent system contact string. Parameters: <contact‐str> specifies the contact string. e.g. snmp system‐contact abc@sina.com show snmp system Show SNMP system information. 4.3.3.2 Community Strings snmp community <read‐sysinfo‐only | read‐all‐only | read‐write‐all> <community‐str> Set SNMP community string. Parameters: <community‐str> specifies the community string. e.g. snmp community read‐all‐only public ...
Page 40 4.3.3.3 Trap Managers snmp trap <ip‐addr> [<community‐str>] [<1..65535>] Set SNMP trap receiver IP address, community string, and port number. Parameters: <ip‐addr> specifies the IP address. <community‐str> specifies the community string. <1..65535> specifies the trap receiver port number. e.g. snmp trap 192.168.200.1 public no snmp trap <ip‐addr> [<1..65535>] Remove trap receiver IP address and port number. Parameters: <ip‐addr> specifies the IP address. <1..65535> specifies the trap receiver port number. e.g. no snmp trap 192.168.200.1 show snmp trap Show all trap receivers. 4.3.3.4 SNMP V3 VACM (optional) snmp group <group‐name> <v1 | v2c | usm> <security‐name> Join a group. Parameters: <group‐name> specifies the group name. <v1 | v2c | usm> specifies the security model. <security‐name> specifies the security name. e.g. snmp group test usm testuser no snmp group <v1 | v2c | usm> <security‐name> Leave a group. Parameters: <v1 | v2c | usm> specifies the security model. <security‐name> specifies the security name. e.g. no snmp group usm testuser show snmp group Show group list. ...
Page 41 Parameters: <group‐name> specifies the group name. <v1 | v2c | usm> specifies the security model. <noauth | auth | authpriv> specifies the security level. <read‐name> specifies the access read view name. <write‐name> specifies the access write view name. <notify‐name> specifies the access notify view name. e.g. snmp access test usm testauth all all all no snmp access <group‐name> <v1 | v2c | usm> <noauth | auth | authpriv> Delete an access control. Parameters: <group‐name> specifies the group name. <v1 | v2c | usm> specifies the security model. <noauth | auth | authpriv> specifies the security level. e.g. no snmp access test usm auth show snmp access Show access list. 4.3.3.5 SNMP V3 USM (optional) snmp engine‐id <enterprise‐id> <engine‐id> Setup SNMPv3 engine ID. Parameters: <engine‐id> specifies the engine ID, in the format of text string. e.g. snmp engine‐id 123456789123456789123456 show snmp engine‐id Show SNMPv3 engine ID. snmp usm‐user <user‐name> [<md5 | none>] Add SNMPv3 USM user. Parameters: <user‐name> specifies the user name. <md5 | none> specifies the authentication type. e.g. Create a user name is testuser and password is 12345678, use auth md5 then enter CLI command: snmp usm‐user testuser md5 <cr> New password for authentication (8<=length<=32): 12345678<cr> Retype new password: ...
Page 42: Igmp
4.3.4 IGMP The Internet Group Management Protocol (IGMP) is an internal protocol of the Internet Protocol (IP) suite. [no] igmp Enable/disable IGMP snooping. [no] igmp fastleave Enable/disable IGMP snooping fast leave. If enable, switch will fast delete member who send leave report, else wait one second. [no] igmp querier Enable/disable IGMP snooping querier. [no] igmp CrossVLAN Enable/disable IGMP snooping CrossVLAN [no] igmp debug Enable/disable IGMP snooping debugging output. show igmp <status | router | groups | table> Show IGMP snooping information. Parameters: status specifies IGMP snooping status and statistics information. router specifies IGMP snooping router’s IP address. groups specifies IGMP snooping multicast group list. table specifies IGMP snooping IP multicast table entries. igmp clear_statistics Clear IGMP snooping statistics counters. ...
Page 43 4.3.5 802.1x This switch supports IEEE 802.1x standard which provides port‐based access control by validating end user’s authorization through authentication (RADIUS) server. EAP‐ MD5/TLS/PEAP authentication types are supported for this switch. [no] dot1x Enable or disable 802.1x. radius‐server host <ip‐addr> <1024..65535> <1024..65535> Set radius server IP, port number, and accounting port number. Parameters: <ip‐addr> specifies server’s IP address. <1024..65535> specifies the server port number. <1024..65535> specifies the accounting port number. radius‐server key <key‐str> Set 802.1x shared key. Parameters: <key‐str> specifies shared key string. radius‐server nas <id‐str> Set 802.1x NAS identifier. Parameters: <id‐str> specifies NAS identifier string. show radius‐server Show radius server information, including radius server IP, port number, accounting port number, shared key, NAS identifier, dot1x timeout quiet‐period <0..65535> Set 802.1x quiet period. (default: 60 seconds). Parameters: <0..65535> specifies the quiet period, in seconds. dot1x timeout tx‐period <0..65535> Set 802.1x Tx period. (default: 15 seconds). Parameters: <0..65535> specifies the Tx period, in seconds. dot1x timeout supplicant <1..300> Set 802.1x supplicant timeout (default: 30 seconds) ...
Page 44 dot1x port <fu | fa | au | no> <port‐list> Set 802.1x per port information. Parameters: fu specifies forced unauthorized. fa specifies forced authorized. au specifies authorization. no specifies disable authorization. <port‐list> specifies the ports to be set. show dot1x port Show 802.1x per port information. ...
Page 45: Dhcp Relay & Option 82
4.3.6 DHCP Relay & Option 82 DHCP is widely used in LAN environments to dynamically assign host IP addresses from a centralized server, which significantly reduces the overhead of administration of IP addresses. DHCP also helps conserve the limited IP address space because IP addresses no longer need to be permanently assigned to hosts. When the DHCP Option 82 feature is enabled on the switch, a subscriber device is identified by the switch port through which it connects to the network (in addition to its MAC address). Multiple hosts on the subscriber LAN can be connected to the same port on the access switch and are uniquely identified. Option82 Information is inserted by the switch enabled option‐82 feature when forwarding client‐originated DHCP packets to a DHCP server (RFC 3046). Servers may use this information to implement IP address or other parameter assignment policies. This will significantly enhance the security of DHCP and effectively prevent the attack of DHCP flood. The following figure is an example of DHCP Option 82: If the DHCP relay feature is enabled on the switch, it forwards requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is different from the normal Layer 2 forwarding, in which IP datagrams are switched transparently between networks. Relay agents receive DHCP messages and generate new DHCP messages to send on output interfaces. So DHCP server can provide IP addresses to clients spanning multiple subnets instead of deploying a DHCP server on every subnet. The following figure is an example of DHCP relay: The following commands are provided for DHCP option82 / relay configuration: [no] dhcp‐option82 Enable/disable DHCP option82 function. [no] dhcp‐relay Enable/disable DHCP relay function. ...
Page 46 Enable/disable port‐based option82 function. dhcp‐relay <enable | disable> <LIST> <IP address> Enable/disable port‐based DHCP relay function. dhcp router <LIST> Set DHCP router port show dhcp configuration Show DHCP configuration information For example, refer to the figure of DHCP option 82 in the previous page, use the following commands to achieve: dhcp‐option82 dhcp router 18 dhcp‐option82 enable 12 Refer to the example figure of DHCP relay application, use the following commands to achieve: dhcp‐relay dhcp router 18 dhcp‐relay enable 10.0.0.1 12 ...
Page 47: Lldp
4.3.7 LLDP Link Layer Discovery Protocol (LLDP) operates on data link layer. It stores and maintains the information about the local device and the devices directly connected to it for network administrators to manage networks through NMS (network management systems). In LLDP, device information is encapsulated in LLDP PDUs in the form of TLV (meaning type, length, and value) triplets and is exchanged between directly connected devices. Information in LLDP PDUs received is restored in its MIB. NOTE: Currently the LLDP neighbor(s) can be seen through the console only. SNMP browser will be supported in the future. LLDP Operation Mode LLDP can operate in one of the following modes. TxRx mode: A port in this mode sends and receives LLDP PDUs. Tx mode: A port in this mode only sends LLDP PDUs. Rx mode: A port in this mode only receives LLDP PDUs. Disable mode: A port in this mode does not send or receive LLDP PDUs. LLDP is initialized when an LLDP‐enabled port changes to operate in another LLDP operating mode. To prevent LLDP from being initialized too frequently, LLDP undergoes a period before being initialized on an LLDP‐enabled port when the port changes to operate in another LLDP operating mode. The period is known as initialization delay, which is determined by the re‐initialization delay timer. Sending LLDP PDUs A LLDP‐enabled device operating in the TxRx mode or Tx mode sends LLDP PDUs to its directly connected devices periodically. It also sends LLDP PDUs when the local configuration changes to inform the neighboring devices of the change timely. In any of the two cases, an interval exists between two successive operations of sending LLDP PDUs. This prevents the network from being overwhelmed by LLDP PDUs even if the LLDP operating mode changes frequently. To enable the neighboring devices to be informed of the existence of a device or an LLDP operating mode change (from the disable mode to TxRx mode, or from the Rx mode to Tx mode) timely, a device can invoke the fast sending mechanism. In this case, the interval to send LLDP PDUs changes to one second. After the device sends specific number of LLDP PDUs, the interval restores to the normal. (A neighbor is discovered when a device receives an LLDPDU and no information about the sender is locally available.) Receiving LLDP PDUs An LLDP‐enabled device operating in the TxRx mode or Rx mode validates the TLVs carried in the LLDP PDUs which receive and store the valid neighboring information. An LLDP PDU also carries a TTL (time to live) setting with it. The information about a neighboring device maintained locally ages out when the corresponding TTL expires. The TTL of the information about a neighboring device is determined by the following expression: ...
Page 48 : RX and TX Pkt Tx : 3868 Pkt Rx : 46409 Neighbor Count : 1 Neighbor 1 information TTL Time : 5879 Class ID : 56:78:17:45:25:00 Port ID : port(12) System Name : System Description : VIA TEG‐S2620ISwitch v2.16 Port Description : Port 12 Port SetSpeed : Auto ...
Page 49: Syslog
4.4 Syslog syslog‐server <server‐ip> <logging‐level> Setting the syslog server and loging level. Parameters: <server‐ip> specifies the syslog server IP <logging‐level> specifies the logging level (0: none; 1: major; 2: all) show syslog‐server Display the syslog server IP and logging level 4.5 Reboot switch 4.5.1 Reset to Default erase startup‐config Reset configurations to default factory settings at next boot time. 4.5.2 Restart boot Reboot (warm‐start) the switch. 4.6 TFTP Function 4.6.1 TFTP Firmware Update copy tftp firmware <ip‐addr> <remote‐file> Download firmware from TFTP server. Parameters: <ip‐addr> specifies the IP address of the TFTP server. <remote‐file> specifies the file to be downloaded from the TFTP server. 4.6.2 Restore Configure File copy tftp <running‐config | flash> <ip‐addr> <remote‐file> Retrieve configuration from the TFTP server. If the remote file is the text file of CLI commands, use the keyword running‐config. If the remote file is the configuration flash image of the switch instead, use the keyword flash. ...
Page 50: Access Control List
Access Control List Packets can be forwarded or dropped by ACL rules include IPv4 or non‐IPv4 packets. This switch can be used to block packets by maintaining a table of packet fragments indexed by source and destination IP address, protocol, and so on. NOTE: This function is available only in the 802.1q VLAN enabled environment. 4.7.1 IPv4 ACL commands no acl <group id> Delete ACL group. Parameters: <group id> specifies the group id (1~220). e.g. no acl 1 no acl count <group id> Reset the ACL group count Parameters: <group id> specifies the group id (1~220). Enable/Disable acl <group id> Reset the ACL group count Parameters: <group id> specifies the group id (1~220) show acl [<group id>] Show all or ACL group information by group id Parameters: <group id> specifies the group id, null means all valid groups. e.g. show acl 1 Group Id : 1 ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Action : Permit Rules: Vlan ID : Any IP Fragement : Uncheck Src IP Address : Any Dst IP Address : Any L4 Protocol : Any Port ID : Any Hit Octet Count : 165074 Hit Packet count : 472 ...
Page 51: Non-Ipv4 Acl Commands
<0‐26> specifies the Port id. 0 means don't care. e.g. acl add 1 deny 1 ipv4 0 192.168.1.1 255.255.255.255 0.0.0.0 0.0.0.0 unCheck 0 0 This ACL rule will drop all packet from IP is 192.168.1.1 with VLAN id=1 and IPv4. acl (add|edit) <group id> (qosvoip) <0‐4094> <0‐7> <0‐1F> <0‐1F> <0‐FF> <0‐FF> <0‐FFFF> <0‐FFFF> <0‐FFFF> <0‐FFFF> Add or edit ACL group for Ipv4. Parameters: (add|edit) specifies the operation. <group id>specifies the group id (1~220). (qosvoip) specifies the action, do qos voip packet adjustment. <0‐4094> specifies the VLAN id. 0 means don't care. <0‐1F> specifies the port ID value. <0‐1F> specifies the port ID mask. <0‐FF> specifies the protocol value. <0‐FF> specifies the protocol mask. <0‐FFFF> specifies the source port value. <0‐FFFF> specifies the source port mask. <0‐FFFF> specifies the destination port value. <0‐FFFF> specifies the destination mask. e.g. acl add 1 qosvoip 1 7 1 1 0 0 0 0 0 0 4.7.2 Non‐IPv4 ACL commands no acl <group id> and show acl [<group id>] commands are the same as in Ipv4 ACL commands. acl (add|edit) <1‐220> (permit|deny) <0‐4094> nonipv4 <0‐65535> Add or edit ACL group for non‐Ipv4. Parameters: (add|edit) specifies the operation. <group id> specifies the group id (1~220). (permit|deny) specifies the action. permit: permit packet cross switch; deny: drop packet. <0‐4094> specifies the VLAN id. 0 means don't care. <0‐65535> specifies the Ether Type. 0 means don't care. e.g. acl add 1 deny 0 nonipv4 2054 This ACL rule will drop all packets for ether type is 0x0806 and non‐IPv4 ...
Page 52: Sip/Smac Binding
4.7.3 SIP/SMAC Binding Source IP (SIP) / Source MAC (SMAC) address binding is another type of ACL rule to provide secured access to the switch. Only the traffic which matches all criteria of specified source IP address, source MAC address, VLAN ID and port number can be allowed to access to the switch. This function is also called IP‐MAC lock. bind Enable binding function. no bind Disable binding function. no bind <group id> Delete Binding group. Parameters: <group id> specifies the group id (1~220). e.g. no bind 1 show bind [<group id >] Show Binding group information. Parameters: <group id> specifies the group id (1~220), null means all valid groups. e.g. show bind 1 bind add < group id > A:B:C:D:E:F <0‐4094> A.B.C.D <1‐26> Add Binding group. Parameters: < group id > specifies the group id (1~220). A.B.C.D specifies the MAC address. <0‐4094> specifies the VLAN id. 0 means don't care. A.B.C.D specifies the Source IP address. 0.0.0.0 means don't care. A.B.C.D specifies the IP Address. <1‐26> specifies the Port id. e.g. bind add 1 00:11:22:33:44:55 0 192.168.1.1 1. This Binding rule will permit all packet cross switch from device’s IP is 192.168.1.1 and MAC is 00:11:22:33:44:55 and this device connect to switch port id=1. ...
Page 53: Web User Interface
5 Web User Interface 5.1 Main Menu This is the main menu of the switch firmware in web interface. 5.2 Administration There are many management functions can be set or performed if you expand the submenus of Administrator in MENU area. These functions are: IP address Setting Switch Settings Console Port information Port Controls SNMP Configuration Security Manager 802.1x Configuration Quality of Service (QoS) Syslog Setting Firmware Update Configuration Backup ...
Page 54: Ip Address Setting
5.2.1 IP Address Setting User can see and modify the IP address, subnet mask and default gateway in this page, then clicks “Apply” button to confirm (save) the settings, then the switch reboot must be done to activate the updates. The IP address can be statically set or dynamically be assigned by enabling DHCP option. NOTE: If any of the value is changed in this field, reboot is necessary. 5.2.2 Switch Setting Basic 5.2.2.1 All information in Basic page is all read only, user can’t modify the contents. Model name: Display the switch’s model name. Description: Display the name of device type. MAC Address: The unique hardware address assigned by manufacturer (default) Firmware version: Display the switch’s firmware version. ...
Page 55 Module Info 5.2.2.2 All information in this field is read only, user can’t modify its contents. It is only to display the module port information. 5.2.2.3 ISC ONFIG This page is to provide miscellaneous settings: MAC Address Age‐out Time: Type the number of seconds that an inactive MAC address remains in the switch's address table. The valid range is 6~1572858 seconds. Default is 300 seconds. The value is a multiple of 6. Broadcast Storm Filter Mode: To configure broadcast storm control, enable it and set the upper threshold for individual ports. ...
Page 56: Console Port Information
The threshold is the percentage of the port's ingress bandwidth used by broadcast traffic. When broadcast traffic for a port rises above the threshold you set, broadcast storm control becomes active. The valid threshold value are 1/2, 1/4, 1/8, 1/16, and off. Broadcast Storm Filter Packets Select: To select broadcast storm Filter Packets type. If no packets type by selected, mean can not filter any packets .The Broadcast Storm Filter Mode will show OFF. Collisions Retry Forever: In half duplex, collision‐retry maximum is 16, 32, or 48 times and packet will be dropped if collisions still happen. In default (Disable), system will retry forever if collisions happen. Hash Algorithm: Select Hash Algorithm. IP/MAC Bing: Enable or disable SMAC and SIP binding. 802.1x Protocol: Enable or disable 802.1x protocol. 5.2.3 Console Port Information Console is a standard UART (RS‐232) interface to communicate with Serial Port. User can use windows HyperTerminal program to link the switch. Connect To ‐> Configure: Bits per seconds: 115200 Data bits: 8 Parity: none Stop Bits: 1 Flow control: none ...
Page 57: Port Configuration
5.2.4 Port Configuration Port Controls 5.2.4.1 The following webpage is to provide the display and modification for the port settings. Use the dropdown in Port field to select one or multiple ports in the upper control area. The lower display area will show the port settings for the selected port(s). Use the other control fields in the upper area to modify the port settings for the selected port(s). Press Apply to save and activate the port settings. State: User can disable or enable this port. Negotiation: User can set auto negotiation mode is Auto, Nway (specify the speed/duplex on this port and enable auto‐negotiation), Force of per port. Speed: User can set 100Mbps or 10Mbps speed on Port1~Port24. User can set 1000Mbps, 100Mbps or 10Mbps speed on Port25~Port26 (depend on module card mode). Duplex: User can set full‐duplex or half‐duplex mode of per port. Flows control: Full: User can set flow control function is enable or disable in full mode. Half: User can set backpressure is enable or disable in half mode. Rate Control: port1 ~ port 24, supports by‐port ingress and egress rate control. For example, assume port 1 is 10Mbps, users can set its effective egress rate at 1Mbps and ingress rate at 500Kbps. Device will perform flow control or backpressure to confine the ingress rate to meet the specified rate. Ingress: Type the port effective ingress rate. The valid range is 0 ~ 8000. The unit is 128Kbps. 0: disable rate control. 1 ~ 8000: valid rate value Egress: Type the port effective egress rate. The valid range is 0 ~ 8000. The unit is 128Kbps. 0: disable rate control. 1 ~8000: valid rate value. Port Security: A port in security mode will be “locked” without permission of address learning. Only the incoming packets with SMAC already existing in the address table can be forwarded normally. User can disable the port from learning any new MAC addresses, then use the static MAC addresses screen to define a list of MAC addresses that can use the secure port. Enter the settings, then click ...
Page 58 Apply to change on this page. BSF: User can disable/Enable port broadcast storm filtering option by port. The filter mode and filter packets type can be select in Switch Setting > Misc Config page. Jumbo Frame: User can disable/Enable port jumbo frame option by port. When port jumbo frame is enable, the port forward jumbo frame packet ...
Page 59 Port Sniffer 5.2.4.2 The Port Sniffer (mirroring) is a method for monitor traffic in switched networks. Traffic through a port can be monitored by one specific port. That is, traffic goes in or out a monitored port will be duplicated into sniffer port. Sniffer Type: Select a sniffer mode: Disable / Rx / Tx / Both. Analysis (Monitoring) Port: It’ means Analysis port can be used to see the traffic on another port you want to monitor. You can connect Analysis port to LAN analyzer or netxray. Monitored Port: The port you want to monitor. The monitor port traffic will be copied to Analysis port. You can select one monitor ports in the switch. User can choose which port that they want to monitor in only one sniffer type. NOTE: 1. The Analysis port is dedicated for monitoring usage. That is the ordinary port function will be unavailable. 2. If you want to disable this function, you must select monitor port to none. ...
Page 60 Protected Port 5.2.4.3 There are two protected port groups. Ports in different groups can't communicate each other. In the same group, protected ports can't communicate each other, but can communicate with unprotected ports. Unprotected ports can communicate with any ports, including protected ports. In default, all ports are in Group1 and not protected. For example, in the above configuration page for protected port, Port4 in Group2, other ports in Group1, and both Port1& Port2 are protected. These settings provide Port4 can’t communicate with other ports in Group1. Port1 & Port2 can’t communicate each other but can communicate with other ports in Group1. ...
Page 61: Snmp Configuration
5.2.5 SNMP Configuration Any Network Management platform running the simple Network Management Protocol (SNMP) can manage the switch, provided the Management Information Base (MIB) is installed correctly on the management station. The SNMP is a Protocol that governs the transfer of information between management station and agent. System Options 5.2.5.1 Use this page to define management stations as trap managers and to enter SNMP community strings. User can also define a name, location, and contact person for the switch. Fill in the system options data, and then click Apply to update the changes on this page. Name: Enter a name to be used for the switch. Location: Enter the location of the switch. Contact: Enter the name of a person or organization. SNMP Status: Enable/Disable SNMP Function Community strings 5.2.5.2 Serve as passwords and can be entered as one of the following: RO: Read only. Enables requests accompanied by this string to display MIB‐object information. RW: Read write. Enables requests accompanied by this string to display MIB‐object information and to set MIB objects. ...
Page 62 Trap Manager 5.2.5.3 Trap Manager is a management station that receives traps, the system alerts generated by the switch. If no trap manager is defined, no traps are issued. Create a trap manager by entering the IP address of the station and a community string. SNMPv3 Group 5.2.5.4 Maintain SNMPv3 group. Group Name: specifies the group name. v1 | v2c | USM: specifies the security model. Security Name: specifies the security name. ...
Page 63 SNMPv3 View 5.2.5.5 Maintain SNMPv3 view. View Name: specifies the view name. Included | Excluded: specifies the view type. View Subtree: specifies the view subtree (e.g. .1.3.6.1.2.1). View Mask: specifies the view mask, in hexadecimal digits. SNMP 5.2.5.6 CCESS Maintain SNMPv3 access control. Group Name: specifies the group name. v1 | v2c | USM: specifies the security model. SNMP Access: specifies the security level (noauth | auth | authpriv) Read View: specifies the access read view name. Write Name: specifies the access write view name. Notify Name: specifies the access notify view name. ...
Page 64 5.2.5.7 SNMPv3 USM‐User Maintain SNMPv3 USM‐user. User Name: Specifies the user name (should be the security name defined in group) Auth Type: Specifies the authentication type (md5 / none) Auth‐Key: Specifies the authentication key (8~32 chars) Private Key: Specifies the encrypt key (8~32 chars) ...
Page 65: Syslog
5.2.6 Syslog This system supports syslog sent to a remote syslog server. Currently system will do syslog for 3 events: cold start, warm start and link change. In this page, user needs to setup the following parameters to activate the syslog: Syslog server IP: The IP address of remote syslog server Log level: None / Major / All Then click Apply button to activate the syslog function. The following example figure shows the syslog server application (e.g. Tftpd32.exe) got the messages from switch which link status is changed on port13. ...
Page 66: Firmware Update
5.2.7 Firmware Update This system supports firmware update through two different ways: TFTP and HTTP. TFTP Update 5.2.7.1 Use this page to assign a TFTP server IP address and an existing firmware image file. Then press Apply button to start the firmware update process. The firmware image will first update to the RAM area in system. Hit the Update Firmware button to confirm to write to the system’s flash memory. When the whole process is completed, system needs to be rebooted by pressing the reboot button to activate the new firmware. ...
Page 67 HTTP Update 5.2.7.2 An alternative for firmware updating is using HTTP transfer. Just like the file copy in Windows, select the valid firmware image file to be uploaded to the switch and hit Submit to start the updating process. This is easier than ordinary TFTP file transfer. When the firmware image is completely uploaded, system will automatically be rebooted. ...
Page 68: Configuration Backup
5.2.8 Configuration Backup Just like the firmware update, this system also supports configuration backup/restore through either TFTP or HTTP transfer. TFTP Restore Configuration 5.2.8.1 Use this page to assign a TFTP server IP address and an existing configuration filename to be restored. Then press Apply button to start the restore process. 5.2.8.2 TFTP Backup Configuration Use this page to assign a TFTP server IP address and a filename to be stored. Then press Apply button to start the backup process. ...
Page 69: L2 Features
LLDP (optional) 5.3.1 VLAN Configuration A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain. It allows you to isolate network traffic so only members of the VLAN receive traffic from the same VLAN members. Basically, creating a VLAN from a switch is logically equivalent of reconnecting a group of network devices to another Layer 2 switch. However, all the network devices are still plug into the same switch physically. This switch supports port‐based, 802.1Q (tagged‐based) or no VLAN in web management page. In default, 802.1Q VLAN is ...
Page 70 If there are many groups that over the limit of one page, you can click the Next Page to view other VLAN groups. NOTE: If the trunk groups exist, you can see it (ex: TRK1, TRK2…) in select menu of ports, and you can configure it is the member of the VLAN or not. 5.3.1.1.2 802.1Q VLAN In this page, user can create 802.1Q (tag‐based) VLAN. There are up to 512 VLAN groups to provide configuration. While VLAN Operation Mode is changed to 802.1Q VLAN, all ports on the switch belong to default VLAN group which VID is 1. The default VLAN group can’t be deleted. ...
Page 71 Basic Create a VLAN and add tagged member ports to it. 1. From the main menu, click Administrator VLAN configuration, click Add then you will see the page as follow. 2. Type a name for the new VLAN. 3. Type a VID (1~4094). The default is 1. 4. From the Available ports box, select ports to add to the switch and click “Add >>”. If the trunk groups exist, you can see it in here (ex: TRK1, TRK2…), and you can configure it is the member of the VLAN or not. 5. Click Next. Then you can view the page as follow： 6. Uses this page to set the outgoing frames are VLAN‐Tagged frames or no. Then click Apply. Tag: outgoing frames with VLAN‐Tagged. Untag: outgoing frames without VLAN‐Tagged. VLAN Filters Port NO. Port number(s) to be assigned to see or configure the settings. Port VID (PVID) Port VLAN ID will be assigned to untagged traffic on a given port. This feature is useful for accommodating devices that you want to participate in the VLAN but that don’t support tagging. This switch allows user to set one PVID for each port, the range is ...
Page 72 1~4094, default PVID is 1. The PVID must as same as the VLAN ID that the port belong to VLAN group, or the untagged traffic will be dropped. Ingress Filtering Ingress filtering lets frames belonging to a specific VLAN to be forwarded if the port belongs to that VLAN. This switch has two ingress filtering rule as follows: Ingress Filtering Rule 1: A forward only packet with VID matching this port’s configured VID. Ingress Filtering Rule 2: Drop Untagged Frame. ...
Page 73 GVRP VLAN 5.3.1.2 5.3.1.2.1 GVRP Setting GVRP (GARP VLAN Registration Protocol or Generic VLAN Registration Protocol) is a protocol that facilitates control of virtual local area networks (VLANs) within a larger network. GVRP conforms to the IEEE 802.1Q specification, which defines a method of tagging frames with VLAN configuration data. GVRP allows automatic VLAN configuration between the switch and nodes. If the switch is connected to a device with GVRP enabled, you can send a GVRP request using the VID of a VLAN defined on the switch, the switch will automatically add that device to the existing VLAN GVRP can be enabled per port basis. To enable GVRP function for a port, both global GVRP and special port GVRP are required to configure. ...
Page 74 5.3.1.2.2 GVRP Table In this page, the VLAN group(s) dynamically created by GVRP can be displayed with VID and port member(s). ...
Page 75 QinQ VLAN 5.3.1.3 5.3.1.3.1 QinQ Port Setting Business customers of service providers often have specific requirements for VLAN IDs and the number of VLANs to be supported. The VLAN ranges required by different customers in the same service‐provider network might overlap, and traffic of customers through the infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer would restrict customer configurations and could easily exceed the VLAN limit (4096) of the IEEE 802.1Q specification. Using the QinQ feature, service providers can use a single VLAN to support customers who have multiple VLANs. Customer VLAN IDs are preserved, and traffic from different customers is segregated within the service‐provider network, even when they appear to be in the same VLAN. Using QinQ expands VLAN space by using a VLAN‐in‐VLAN hierarchy and retagging the tagged packets. A port configured to support QinQ is called a QinQ user‐port. A port configured to support QinQ Uplink is called a QinQ uplink‐port. To enable QinQ function, the global QinQ option, QinQ Tpid and specified port‐based QinQ User or Uplink port option need to be configured. ...
Page 76 5.3.1.3.2 QinQ Tunnel Setting Virtual private networks (VPNs) provide enterprise‐scale connectivity on a shared infrastructure, often Ethernet‐based, with the same security, prioritization, reliability, and manageability requirements of private networks. QinQ tunnel is a feature designed for service providers who carry traffic of multiple customers across their networks and are required to maintain the VLAN and Layer 2 protocol configurations of each customer without impacting the traffic of other customers. When you configure QinQ tunnel, you assign the QinQ user‐port and uplink‐port to a VLAN ID that is dedicated to QinQ tunnel. To add QinQ tunnel, you first select QinQ Tunnel ID, then fill VLAN ID QinQ dedicated to QinQ tunnel, and select user‐port and uplink‐port to be added to QinQ tunnel. ...
Page 77: Trunking
The Link Aggregation Control Protocol (LACP) provides a standardized means for exchanging information between Partner Systems on a link to allow their Link Aggregation Control instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs, move the link to that Link Aggregation Group, and enable its transmission and reception functions in an orderly manner. In conclusion, Link aggregation lets you group up to eight consecutive ports into a single dedicated connection. This feature can expand bandwidth to a device on the network. LACP operation requires full‐duplex mode, more detail information refers to ...
Page 78 Aggregator Information 5.3.2.2 When you are setting LACP aggregator, you can see relation information in here. The following page shows no group active and no LACP related data. This page shows some static trunk groups are created. This page shows actor and partner trunks one group. ...
Page 79 State Activity 5.3.2.3 Active (select): The port automatically sends LACP protocol packets. N/A (no select): The port does not automatically sends LACP protocol packets, and responds only if it receives LACP protocol packets from the opposite device. 1. A link that has either two active LACP ports or one active port can perform dynamic LACP trunking. A link has two N/A LACP ports will not perform dynamic LACP trunking because both ports are waiting for and LACP protocol packet from the opposite device. 2. If you are active LACP’s actor, when you are select trunking port, the active status will be created automatically. ...
Page 80: Forwarding And Filtering
5.3.3 Forwarding and Filtering In this submenu, the following functions related to forwarding and filtering are provided: IGMP Snooping Dynamic MAC Table Static MAC Table MAC Filtering IGMP Snooping 5.3.3.1 This switch supports multicast IP, one can enable IGMP protocol on web management’s switch setting advanced page, then display the IGMP snooping information in this page, you can view difference multicast group, VID and member port in here, IP multicast addresses range from 224.0.0.0 through 239.255.255.255. ...
Page 81 The Internet Group Management Protocol (IGMP) is an internal protocol of the Internet Protocol (IP) suite. IP manages multicast traffic by using switches, routers, and hosts that support IGMP. Enabling IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch. IGMP have three fundamental types of message as follows: Message Description Query A message sent from the queries (IGMP router or switch) asking for a response from each host belonging multicast group. Report A message sent by a host to the queries to indicate that the host wants to be or is a member of a given group indicated in the report message. Leave Group A message sent by a host to the queries to indicate that the host has quit being a member of a specific multicast group. IGMP protocol: Enable/disable IGMP snooping. IGMP fast leave: Enable/disable IGMP snooping fast leave. If enable, switch will fast delete member who send leave report, else wait one second. IGMP Querier: Enable/disable IGMP snooping querier. If select disable, the switch can’t send query report. ...
Page 82 Dynamic MAC Address 5.3.3.2 The switch will dynamically learn the device’s MAC address when it corresponding with the switch. MAC address will be stored in MAC address table. Dynamic MAC Table shows the MAC addresses learned by the switch. The table will be shown by pages if larger than 500 MAC Addresses. Click Clear to clear Dynamic MAC address table. Click Top to show the first page of MAC address table. Click Prev to show the previous page of MAC address table. If there is nothing to shown or NO is 1, it is the first page. Click Next to show the next page of MAC address table. If there is nothing to shown, it is the end page. ...
Page 83 Static MAC Table 5.3.3.3 When you add a static MAC address, it permanently remains in the switch's address table, regardless of whether the device is physically connected to the switch. This saves the switch from having to re‐learn a device's MAC address when the disconnected or powered‐off device is active on the network again. This table can associate with the Security field in Port Controls configuration to achieve the access control by source MAC / port / VID binding. That is only ingress traffic with matched lookup (with specified MAC address, port number and VID) in this table can be allowed to access to the switch. The following parameters can be associated to setup the Static MAC table: MAC Address: Static MAC address in a MAC entry Port number: Switch port number to associate with the MAC address in a MAC entry Vlan ID: If tag‐based (IEEE 802.1Q) VLANs are enabled, static MAC address can be associated with individual VLANs. Type the VID in this field to associate with the MAC address. Click Add to add a new entry. Click Delete to remove a specified entry. The MAC entries in this table can be sorted by clicking the column NO / MAC / PORT / VID / TYPE. ...
Page 84 MAC Filtering 5.3.3.4 MAC address filtering allows the switch to drop unwanted traffic. Traffic is filtered based on the destination MAC addresses. MAC Address: MAC address that wants to be filtered. Vlan ID: If tag‐based (802.1Q) VLAN are enabled, type the VID in this field to associate with the MAC address. Click Add to add a new entry. Click Delete to remove a specified entry. The MAC entries in this table can be sorted by clicking the column NO / MAC / PORT / VID / TYPE. ...
Page 85: Spanning Tree
5.3.4 Spanning Tree 5.3.4.1 STP system The Spanning Tree Protocol (STP) is a standardized method (IEEE 802.1d) for avoiding loops in switching networks. Enable STP to ensure that only one path at a time is active between any two nodes on the network. You can enable STP on web management’s switch setting advanced item, select enable STP. We are recommended that you enable STP on all switches ensures a single active path on the network. You can view STP information about the Root Bridge. Such as following screen. You can view STP port status about the switch. Such as following screen. ...
Page 86 You can configure STP parameters, then click Apply button to set the values. Such as following screen. You can select STP state item to enable STP. If you want to disable STP, please cancel the item. Default value of STP sate is disabled. Parameter Description Priority You can change priority value, A value used to identify the root bridge. The bridge with lowest value has the highest priority and is selected as the root. Value range <0‐ 61440>, the value must be in steps of 4096. Default value is 32768. Max Age You can change Max Age value. The maximum age of received protocol information before it is discarded. Value range <6‐40>. Default value is 20. Hello Time You can change Hello time value. The time interval between the transmission of Configuration BPDUs by a Bridge that is attempting to become the Root or is the Root. Value range <1‐10>. Default value is 2. Forward Delay You can change forward delay time. The time spent by a Port in the Listening State time and the Learning State before moving to the Learning or Forwarding State, respectively. It is also the value used for the ageing time of dynamic entries in the Filtering Database, while received BPDU indicate a topology change. Value range <4‐ 30>. Default value is 15. NOTE: The above parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) The following parameters can be configured on each port, click Apply button to set the values. You can select one port in the Port Number item to configure the parameters of the port. ...
Page 87 Path Cost The contribution of the path through this port, when the port is the root port, to the total cost of the path to the root for this bridge. Value range <1‐65535>. Port Priority You can make it more or less likely to become the root port, the lowest number has the highest priority. Value range <0‐240>, the value must be in steps of 16. Default value is 128. RSTP system 5.3.4.2 The Rapid Spanning Tree Protocol (RSTP) is a standardized method (IEEE 802.1W) that supersedes the Spanning Tree Algorithm and Protocol (STP) described as above and provides significantly faster reconfiguration. RSTP is compatible for STP, so the following content is mostly the same as the above STP description, adding some enhanced performance. You can view RSTP information about the Root Bridge. Such as following screen. You can view RSTP port status about the switch. Such as following screen. ...
Page 88 Besides STP Debug and STP protocol version items, the remaining items are the same as STP describing above. You can select STP Debug item to output RSTP debug information. If you want to disable the debug, please cancel the item. Default value of STP Debug is disabled. STP protocol version item has two values for you to choose. If you want the protocol version to be STP, you can choose STP. If you want the protocol version to be RSTP, you can choose RSTP. Default value of STP protocol version is RSTP. The following parameters can be configured on each port, click Apply button to set the values. You can select one port in the Port Number item to configure the parameters of the port. Besides Path Cost and Priority items, the remaining items are newly enhanced performance. Priority item is just the same as STP, and the value range of Path Cost item is different from STP. Parameter Description Path Cost The contribution of the path through this port, when the port is the root port, to the total cost of the path to the root for this bridge. Value range <1‐200000000>. Port Priority You can make it more or less likely to become the root port, the lowest number has the highest priority. Value range <0‐240>, the value must be in steps of 16. Default value is 128. Admin Edge You can choose the value of YES if you want the port to be edge port. If the port is edge port, when the port becomes a Designated Port it can rapidly transition to the Forwarding Port State. Value range <NO | YES>. Default value is NO. Admin If you want to disable spanning tree protocol on the port, you can choose the value of Non ‐STP YES to this port. Value range <NO | YES>. Default value is NO. Admin P2P If you want point‐to‐point link auto detection on the port, you can choose the value of AUTO to this port. If you want point‐to‐point link of the port always be true, you can choose the value of YES to this port. If you want point‐to‐point link of the port always be false, you can choose the value of NO to this port. Value range <AUTO | NO | YES>. Default value is AUTO. MSTP system 5.3.4.3 The Multiple Spanning Tree Protocol (MSTP) is a standardized method (IEEE 802.1S) for providing simple and full connectivity for ...
Page 89 You can view MSTP CIST port status about the switch. Such as following screen. ...
Page 90 You can configure MSTP parameters, then click Apply button to set the values. Such as following screen. You can select STP state item to enable MSTP. If you want to disable MSTP, please cancel the item. Default value of STP sate is disabled. You can select STP Debug item to output MSTP debug information. If you want to disable the debug, please cancel the item. Default value of STP Debug is disabled. STP protocol version item has two values for you to choose. If you want the protocol version to be STP, you can choose STP. If you want the protocol version to be MSTP, you can choose MSTP. Default value of STP protocol version is MSTP. Parameter Description Priority You can change priority value, A value used to identify the root bridge. The bridge with lowest value has the highest priority and is selected as the root. Value range <0‐ 61440>, the value must be in steps of 4096. Default value is 32768. Max Age You can change Max Age value. The maximum age of received protocol information before it is discarded. Value range <6‐40>. Default value is 20. Hello Time You can change Hello time value. The time interval between the transmission of Configuration BPDUs by a Bridge that is attempting to become the Root or is the Root. Value range <1‐10>. Default value is 2. Forward Delay You can change forward delay time. The time spent by a Port in the Listening State time and the Learning State before moving to the Learning or Forwarding State, respectively. It is also the value used for the ageing time of dynamic entries in the Filtering Database, while received BPDU indicate a topology change. Value range <4‐ 30>. Default value is 15. NOTE: The above parameters must enforce the following relationships: 2*(hello‐time + 1) <= maximum‐age <= 2*(forward‐delay ‐ 1) The following parameters can be configured on each CIST port, click Apply button to set the values. ...
Page 91 You can select one port in the Port Number item to configure the parameters of the CIST port. Parameter Description Path Cost The contribution of the path through this port, when the port is the root port, to the total cost of the path to the root for this bridge. Value range <1‐200000000>. Port Priority You can make it more or less likely to become the root port, the lowest number has the highest priority. Value range <0‐240>, the value must be in steps of 16. Default value is 128. Admin Edge You can choose the value of YES if you want the port to be edge port. If the port is edge port, when the port becomes a Designated Port it can rapidly transition to the Forwarding Port State. Value range <NO | YES>. Default value is NO. Admin If you want to disable spanning tree protocol on the port, you can choose the value of Non ‐STP YES to this port. Value range <NO | YES>. Default value is NO. Admin P2P If you want point‐to‐point link auto detection on the port, you can choose the value of AUTO to this port. If you want point‐to‐point link of the port always be true, you can choose the value of YES to this port. If you want point‐to‐point link of the port always be false, you can choose the value of NO to this port. Value range <AUTO | NO | YES>. Default value is AUTO. ...
Page 92: Dhcp Relay And Option 82
5.3.5 DHCP Relay and Option 82 The Relay Agent Information option(Option82) is inserted by the DHCP relay agent when forwarding client‐originated DHCP packets to a DHCP server(RFC 3046). Servers recognizing the Relay Agent Information option may use the information to implement IP address or other parameter assignment policies. The DHCP Relay can forward the DHCP broadcast packets to a DHCP server in a different subnet (RFC 1542). So DHCP server can provide IP addresses to clients spanning multiple subnets instead of deploying a DHCP server on every subnet. DHCP Option82 5.3.5.1 To enable DHCP option82 function, need to enable global option82 and special port option82. Then select DHCP router port. DHCP Relay 5.3.5.2 To enable DHCP relay function, need to enable global dhcp‐relay and special port dhcp‐relay. Then select DHCP router port. ...
Page 93: Lldp
5.3.6 LLDP This switch supports LLDP (Link Layer Discovery Protocol) function. Please refer to the section 4.3.7 which has descriptions about the LLDP function and operation in console. Here is the web UI to configure this function. LLDP Configuration 5.3.6.1 This page is to provide the global parameters for LLDP for configuration. LLDP Status: Enable/Disable LLDP. LLDP hello time: LLDP hello time value which is time interval between the transmission LLDP info packets. Value range is from 5 to 32768. Default value is 30. LLDP hold time: LLDP hold time value. Value range is from 2 to 10. Default value is 4. TTL (time to live) is a period of time for keeping the information about a neighboring device. The information will be aged out when the corresponding TTL expires. TTL can be calculated by configuring LLDP hello time and hold time according to the following expression: TTL = LLDP hello time × LLDP hold time 5.3.6.2 PerPort Configuration PerPort LLDP configuration is in this page: ...
Page 94 Port Number: specify the port(s) to be configured in the switch. Port Status: specify one of four port mode to operate LLDP for specified port(s) Tx_only: LLDP transmit the packet of the port only Rx_only: LLDP receive the packet of the port only. Tx_and_Rx: LLDP transmit and receive the packets of the port. Disable: LLDP do not transmit and receive the packets of the port. PerPort LLDP configuration status can be shown in the lower area of this page like the following example: ...
Page 95: Access Control List
5.4 Access Control List Packets can be forwarded or dropped by ACL rules include IPv4 or non‐Ipv4. TEG‐S2620I can be used to block packets by maintaining a table of packet fragments indexed by source and destination IP address, protocol, and so on. There are 2 main ACL rule types to setup: Packet Type (IPv4 and Non‐IPv4) and Binding (SIP‐SMAC‐Port). Enable/Disable ACL rule: Select an ACL entry which you want to enable/disable in the Current List. Then click Enable / Disable to execute. Reset ACL count: Select an ACL entry which you want to reset its counts (octetcnt and packetcnt fields) in the Current List. Then click Reset Hit Count to do the action. ...
Page 96: Ipv4
5.4.1 IPv4 In “Packet Type / Binding” box should select “IPv4”. The related parameters are shown in the following table: Items Option Default value Group ID 1 ~ 220 (max. 220 ACL group) Action Permit / Deny. Permit Permit : Permit packet cross switch. Deny: Drop packet. VLAN Any / VID. Any Any: Any Vlan id. VID: 1~4094. A certain vlan id. Packet Type IPv4 / Non‐IPv4 / Binding IPv4 IPv4: Set Ipv4 packet field. Non‐IPv4: Set non‐Ipv4 packet field. Binding: Set binding entry. Src IP Address (Set this field if Packet Type is IPv4, else ignore.) Any Any / IP and Mask Any: Any IP address. IP :A certain IP address. ...
Page 97 Mask: ***.***.***.*** * is represent a digit from 0~9, *** is range from 0 to 255 Notice: This is not subnet mask. Dst IP Address (Set this field if Packet Type is IPv4, else ignore.) Any Any / IP and Mask Any: Any IP address. IP :A certain IP address. Mask: ***.***.***.*** * is represent a digit from 0~9, *** is range from 0 to 255 IP Fragment (Set this field if Packet Type is IPv4, else ignore.) Uncheck Uncheck / Check Uncheck: Not check IP fragment field. Check: Check IP fragment field. L4 Protocol (Set this field if Packet Type is IPv4, else ignore.) Any Any / ICMP(1) / IGMP(2) / TCP(6) / UDP(17) Protocol (Set this field if Packet Type is IPv4, else ignore.) 0~255. If protocol not find in L4 Protocol field, you can direct assign number. TCP (Set this field if Packet Type is IPv4, else ignore.) Any Any / FTP(21) / HTTP(80) Port (Set this field if Packet Type is IPv4, else ignore.) 0~65535 If TCP port not find in TCP field, you can direct assign number. UDP ...
Page 98: Non-Ipv4
5.4.2 Non‐IPv4 In “Packet Type / Binding” box should select “Non‐IPv4”. The related parameters are shown in the following table: Items Option Default value Group ID 1 ~ 220 (max. 220 ACL group) Action Permit / Deny. Permit Permit : Permit packet cross switch. Deny: Drop packet. Vlan Any / VID. Any Any: Any Vlan id. VID: 1~4094. A certain vlan id. Packet Type IPv4 / Non‐IPv4 / Binding IPv4 IPv4: Set Ipv4 packet field. Non‐IPv4: Set non‐Ipv4 packet field. Binding: Set binding function. Ether Type (Set this field if Packet Type is Non‐IPv4, else ignore.) Any Any / ARP(0x0806) / IPX(0x8137) Type (Set this field if Packet Type is Non‐IPv4, else ignore.) 0~0xFFFF If ether type not find in Ether Type field, you can direct assign number. ...
Page 99: Binding
5.4.3 Binding Let device that has specific IP address and MAC address can use network. We can set specific IP address, MAC address, VLAN id and port id to bind, and device can cross switch if all conditions match. Use binding function; we should enable it first in following page. In “Packet Type / Binding” box should select “Binding”. The related parameters are shown in the following table: Items Option Default value Group ID 1 ~ 220 (max. 220 ACL group) Action Permit / Deny. Permit Permit : Permit packet cross switch. Deny: Drop packet. Vlan Any / VID. Any Any: Any Vlan id. VID: 1~4094. A certain vlan id. Packet Type IPv4 / Non‐IPv4 / Binding IPv4 IPv4: Set Ipv4 packet field. Non‐IPv4: Set non‐Ipv4 packet field. Binding: Set binding function. Mac address **:**:**:**:**:** 00:11:22:33:44:55 * is represent a digit from 0~9 and A~F, *** is range from 0 to FF. ...
Page 100: Qos Voip
5.4.4 QoS VoIP QoS VoIP option in Action field is to provide ingress VoIP packets can be forwarded out with higher priority through the ACL function. NOTE: To make this function work, the QoS mode “All High Before Low “ in QoS Configuration is required. In “Action” box select the “QoS VoIP” checkbox to make QoS VoIP parameter area available to configure. The QoS VoIP related parameters are shown in the following table: QoS VoIP Parameter Option Default value Priority 0 ~ 7 7 PortID 0~1F 0 PortID Mask 0~1F 0 Protocol 0~FF 0 Protocol Mask 0~FF 0 Source Port 0~FFFF 0 Source Port Mask 0~FFFF 0 Destination Port 0~FFFF 0 ...
Page 101: Security
5.5 Security 5.5.1 Security Manager In this page, user can change user name and password with the following parameters. User Name: Type the new user name. Assign/Change password: Type the new password. Reconfirm password: Retype the new password. Click Apply to activate the setting. ...
Page 102: Mac Limit
5.5.2 MAC Limit MAC limit allows users to set a maximum number of MAC addresses to be stored in the MAC address table. The MAC addresses chosen to be stored in MAC address table is the result of first‐come‐first‐save policy. Once a MAC address is stored in the MAC address table, it stays in until it is aged out. When an “opening” is available, the switch stored the first new MAC address it sees in that opening. All packets from MAC addresses not in the MAC address table should be blocked. MAC Limit: enable/disable MAC limit function Limit: select port number and input Limit value (0~64, 0 to turn off MAC limit) Click Apply to activate the setting. ...
Page 103: Configuration
5.5.3 802.1x Configuration 802.1x makes use of the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point‐to‐point connection characteristics, and of preventing access to that port in cases in which the authentication and authorization process fails. In the beginning, 802.1x configuration page is disabled because 802.1x is disabled in default. To enable 802.1x, go to Administration Switch setting Misc Configs page to enable the 802.1x protocol field. After clicked Apply, the 802.1x configuration page will be shown up. System Configuration 5.5.3.1 In this page, the parameters related to authentication (Radius) server are provided: Radius Server IP: the IP address of the authentication server. Server Port: The UDP port number used by the authentication server to authenticate (default: 1812). Accounting Port: The UDP port number used by the authentication server to retrieve accounting information (default: 1813). Shared Key: A key shared between this switch and authentication server. NAS, Identifier: A string used to identify this switch. ...
Page 104 Perport Configuration 5.5.3.2 In this page, you can select the specific port and configure the authorization state. There are 4 kinds of authorization state to provide for each port. Fu: Force the specific port to be unauthorized. Fa: Force the specific port to be authorized. Au: The state of the specific port was determined by the outcome of the authentication. No: The specific port didn't support 802.1x function. Misc Configuration 5.5.3.3 In this page, you can change the default configuration for the 802.1x standard: Quiet Period: Used to define periods of time during which it will not attempt to acquire a supplicant (default time: 60 seconds). Tx Period: Used to determine when an EAPOL PDU is to be transmitted (Default value is 30 seconds). Supplicant Timeout: Used to determine timeout conditions in the exchanges between the supplicant and authentication server (default value: 30 seconds). Server Timeout: Used to determine timeout conditions in the exchanges between the authenticator and authentication server (default value: 30 seconds). ReAuthMax: Used to determine the number of re‐authentication attempts that are permitted before the specific port becomes unauthorized (default value: 2 times). Reauth Period: Used to determine a nonzero number of seconds between periodic re‐authentication of the supplications (default value: 3600 seconds). ...
Page 105: Qos
5.6 QoS This switch provides quality of service (QoS) to prioritize the packet forwarding when traffic congestion happens. This switch supports port‐based (4‐level output queue) and 802.1p (8‐level priority to 4‐level queue mapping) QoS functions. Strict and weight round robin (WRR) QoS mode are supported. 5.6.1 QoS Configuration This page is mainly to set the QoS mode (First Come First Service, All High before Low, and WRR) and 8‐level priority to 4 –level queue mapping. First Come First Service: The sequence of packets sent is depending on arrive orders. This mode can be regarded as QoS is disabled. All High before Low: The high priority packets sent before low priority packets. WRR: Weighted Round Robin. Select the preference given to packets in the switch's high‐priority queue. These options represent the number of higher priority packets sent before one lower priority packet is sent. For example, 8 Highest：4 second‐high means that the switch sends 8 highest‐priority packets before sending 4 second‐high priority packets. QoS Priority: 8‐level (0~7) priority can be mapped to 4‐level (Highest, Second‐High, Second‐Low, Lowest) queue. ...
Page 106: Per-Port Configuration
5.6.2 Per‐Port Configuration Per‐port priority can be configured and shown in this page. Port Number: the ports in the switch. Port Priority: port priority can be disable or 0‐7. Per‐Port priority setting can be displayed like the following figure. ...
Page 107: Monitoring
5.7 Monitoring The following items are provided in Monitoring section: Port status Port statistics 5.7.1 Port Status This page provides current status of every port that depends on user’s setting and the negotiation result. State: Display port statuses: disable or enable. “Unlink” will be treated as “off ”. Link Status: Down means “No Link”; Up means “Link up”. Auto Negotiation: Display the auto negotiation mode: auto/force/nway‐force. Speed status: Display 1000Mbps or 100Mbps or 10Mbps speed, port 1‐ 24 are 10/100Mbps, Port 25‐26 are 10/100/1000Mbps. Duplex status: Display full‐duplex or half‐duplex mode. Flow Control: Display the flow control state Full: Display the flow control is enabled or disabled in full mode. Half: Display the backpressure is enabled or disabled in half mode. Rate Control: Display the rate control setting. Ingress: Display the port effective ingress rate of user setting. Egress: Display the port effective egress rate of user setting. Port Security: Display the port security is enabled or disabled. BSF: Display the port broadcast storm filter control is enable or disable. Jumbo Frame: Display the jumbo frame is supported or not for the port. NOTE: You can click the Browser’s Refresh button or press <F5> to update to the latest status. ...
Page 108: Port Statistics
5.7.2 Port Statistics The following information provides a view of the current status of the whole unit. Press Reset button to clean all count. 5.8 Reset System The page to reset the switch to default configuration is shown as below. 5.9 Reboot The page to reboot (warm restart) the switch is shown as below. ...

TRENDnet TEG-S2620I User Manual

Table of Contents

1 Getting Started

2 Operation Notice

3 Login

4 Console User Interface

5 Web User Interface

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for TRENDnet TEG-S2620I

Summary of Contents for TRENDnet TEG-S2620I

Table of Contents