Download
Share
Print this page
  1. Manuals
  2. Brands
  3. ifs Manuals
  4. Switch
  5. NS3503-16P-4C-V2
  6. User manual

ifs NS3503-16P-4C-V2 User Manual

Hide thumbs Also See for NS3503-16P-4C-V2:

Advertisement

Quick Links

Download this manual
NS3503-16P-4C-V2 User
Manual
P/N 1073221 • REV C • ISS 03JUL22

Advertisement

loading
Need help?

Need help?

Do you have a question about the NS3503-16P-4C-V2 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ifs NS3503-16P-4C-V2

Summary of Contents for ifs NS3503-16P-4C-V2

  • Page 1 NS3503-16P-4C-V2 User Manual P/N 1073221 • REV C • ISS 03JUL22...
  • Page 2 Copyright © 2022 Carrier. All rights reserved. Specifications subject to change without prior notice. This document may not be copied in whole or in part or otherwise reproduced without prior written consent from Carrier, except where specifically permitted under US and international copyright law. Trademarks and Trade names used in this document may be trademarks or registered trademarks of patents...
  • Page 3 2012/19/EU (WEEE directive): Products marked with this symbol cannot be disposed of as unsorted municipal waste in the European Union. For proper recycling, return this product to your local supplier upon the purchase of equivalent new equipment, or dispose of it at designated collection points. For more information see: www.recyclethis.info.
  • Page 5 CARRIER DOES NOT ENCRYPT COMMUNICATIONS BETWEEN ITS ALARM OR OTHER CONTROL PANELS AND THEIR WIRELESS OUTPUTS/INPUTS INCLUDING BUT NOT LIMITED TO, SENSORS OR DETECTORS UNLESS REQUIRED BY APPLICABLE LAW. AS A RESULT THESE COMMUNICATIONS MAY BE INTERCEPTED AND COULD BE USED TO CIRCUMVENT YOUR ALARM/SECURITY SYSTEM. NS3503-16P-4C-V2 User Manual...
  • Page 6 CARRIER DOES NOT WARRANT TO YOU THAT ITS SOFTWARE OR PRODUCTS WILL WORK PROPERLY IN ALL ENVIRONMENTS AND APPLICATIONS AND DOES NOT WARRANT ANY PRODUCTS AGAINST HARMFUL ELECTROMAGNETIC INTERFERENCE INDUCTION OR RADIATION (EMI, RFI, ETC.) EMITTED FROM EXTERNAL SOURCES NS3503-16P-4C-V2 User Manual...
  • Page 7 Note: Note messages advise you of the possible loss of time or effort. They describe how to avoid the loss. Notes are also used to point out important information that you should read. NS3503-16P-4C-V2 User Manual...
  • Page 8 Physical Port ........................... 17 Power over Ethernet ....................... 17 Layer 2 Features ........................18 Quality of Service ........................18 Multicast ..........................19 Security ........................... 19 Management ........................... 19 1.5 Product Specifications ........................ 20 IFS NS3503-16P-4C-V2 ......................20 NS3503-16P-4C-V2 User Manual...
  • Page 9 4.2.5 Time Settings ........................48 4.2.5.1 System Time ....................... 48 4.2.5.2 SNTP Server Settings ....................51 4.2.6 Log Management ........................52 4.2.6.1 Local Log ........................52 4.2.6.2 Local Log ........................53 4.2.6.3 Remote Syslog ......................54 4.2.6.4 Log Message ....................... 56 NS3503-16P-4C-V2 User Manual...
  • Page 10 4.5.4 Create VLAN........................101 4.5.5 Interface Settings ........................ 102 4.5.6 Port to VLAN ........................106 4.5.7 Port VLAN Membership ...................... 107 4.5.8 Protocol VLAN Group Setting ..................... 107 4.5.9 Protocol VLAN Port Setting ....................109 4.5.10 GVRP Setting ........................111 NS3503-16P-4C-V2 User Manual...
  • Page 11 4.7.4.5 MLD Router Table ..................... 160 4.7.4.6 MLD Forward All ......................161 4.7.5 MLD Snooping Statics ......................162 4.7.6 Multicast Throttling Setting ....................164 4.7.7 Multicast Filter........................165 4.7.7.1 Multicast Profile Setting..................... 166 4.7.7.2 IGMP Filter Setting ....................167 NS3503-16P-4C-V2 User Manual...
  • Page 12 4.9.2 RADIUS Server........................198 4.9.3 TACACS+ Server ........................ 201 4.9.4 AAA ............................. 203 4.9.4.1 Login List ........................204 4.9.4.2 Enable List ........................ 205 4.9.5 Access ..........................206 4.9.5.1 Telnet ......................... 206 4.9.5.2 SSH ........................... 207 4.9.5.3 HTTP ......................... 209 NS3503-16P-4C-V2 User Manual...
  • Page 13 4.10 ACL ............................244 4.10.1 MAC-based ACL ....................... 245 4.10.2 MAC-based ACE ......................246 4.10.3 IPv4-based ACL ........................ 248 4.10.4 IPv4-based ACE ....................... 249 4.10.5 IPv6-based ACL ........................ 254 4.10.6 IPv6-based ACE ....................... 255 4.10.7 ACL Binding ........................260 NS3503-16P-4C-V2 User Manual...
  • Page 14 4.15.3 Power over Ethernet Configuration .................. 297 4.15.4 PoE Status ........................300 4.15.5 PoE Schedule ........................301 4.15.6 PoE Alive Check Configuration..................305 4.16 Maintenance ..........................306 4.16.1 Factory Default ......................... 307 4.16.2 Reboot Switch........................307 4.16.3 Backup Manager ......................308 NS3503-16P-4C-V2 User Manual...
  • Page 15 5.2 Learning ............................312 5.3 Forwarding & Filtering ....................... 312 5.4 Store-and-Forward ........................312 5.5 Auto-Negotiation ........................313 6. TROUBLESHOOTING .................... 314 APPENDIX A Switch's RJ45 Pin Assignments ............316 A.1 1000Mbps, 1000BASE-T ......................316 A.2 10/100Mbps, 10/100BASE-TX ....................316 NS3503-16P-4C-V2 User Manual...
  • Page 16 1. INTRODUCTION Thank you for purchasing IFS NS3503-16P-4C-V2 Managed Switch, which comes with multiple Gigabit Ethernet copper and SFP fiber optic connectibility and robust layer 2 and layer 4 features. The description of this model is shown below: NS3503-16P-4C-V2 16-Port 10/100/1000T PoE-bt + 4-Port Gigabit TP/SFP Combo Managed Switch “Managed Switch”...
  • Page 17 802.3bt PoE++ 60~95-watt Power over 4-pair UTP Solution IFS NS3503-16P-4C-V2 PoE-bt adopts the IEEE 802.bt PoE++ standard and PoH technology, it is capable to source up to 95 watts of power by using all the four pairs of standard Cat5e/6 Ethernet cabling to deliver power and full-speed data to each remote PoE compliant powered device (PD).
  • Page 18 PoE port resetting the PD’s power source and reducing administrator management burden. Scheduled Power Recycling IFS NS3503-16P-4C-V2 allows each of the connected PoE IP cameras or PoE wireless access points to reboot at a specified time each week. Therefore, it will reduce the chance of IP camera or AP crash resulting from buffer overflow.
  • Page 19 Under the trend of energy saving worldwide and contributing to environmental protection, IFS NS3503-16P-4C-V2 can effectively control the power supply as well as giving high watt power. The “PoE schedule” function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMBs or Enterprises save power and money.
  • Page 20 802.1Q VLAN and Q-in-Q VLAN, Multiple Spanning Tree Protocol (MSTP), loop and BPDU guard, IGMP snooping, and MLD snooping. Via the link aggregation, the IFS NS3503-16P-4C-V2 allows the operation of a high-speed trunk to combine with multiple ports, and supports fail-over as well.
  • Page 21 Flexibility and Long-distance Extension Solution The four mini-GBIC slots built in IFS NS3503-16P-4C-V2 support SFP auto-detection and dual speed as it features 100BASE-FX and 1000BASE-SX/LX SFP (Small Form-factor Pluggable) fiber transceivers to uplink to a backbone switch and monitoring center in long distance. The distance can be extended from 550 meters to 2 kilometers (multi-mode fiber) and up to above 10/20/30/40/50/70 kilometers (single-mode fiber or WDM fiber).
  • Page 22 − Cisco ether-channel (static trunk)  Provides port mirror (many-to-1)  Loop protection to avoid broadcast loops Quality of Service  Ingress and egress rate limit per port bandwidth control  Storm control support − Broadcast/Unknown unicast/Unknown multicast NS3503-16P-4C-V2 User Manual...
  • Page 23 Web switch management Telnet command line interface SNMP v1, v2c and v3 SSH and SSL secure access  User privilege levels control  Built-in Trivial File Transfer Protocol (TFTP) client  BOOTP and DHCP for IP address assignment NS3503-16P-4C-V2 User Manual...
  • Page 24 SNMP trap for interface link up and link down notification  Event message logging to remote Syslog server  Four RMON groups (history, statistics, alarms and events)  IFS smart discovery utility  Smart fan with speed control 1.5 Product Specifications IFS NS3503-16P-4C-V2 Hardware Specifications...
  • Page 25 802.3bt: 1/2(-), 3/6(+), 4/5(+), 7/8(-) • UPoE: 1/2(-), 3/6(+), 4/5(+), 7/8(-) Power Pin Assignment • End-span: 1/2(-), 3/6(+) • Mid-span: 4/5(+), 7/8(-) PoE Power Budget 400 watts (max.) Number of 90W 802.3bt Type-4 PDs Number of 60W 802.3bt Type-3 PDs NS3503-16P-4C-V2 User Manual...
  • Page 26 STP BPDU guard, BPDU filtering and BPDU forwarding DoS attack prevention ARP inspection IP source guard Management Functions Web browser; Telnet; SNMP v1, v2c Basic Management Interfaces Firmware upgrade by HTTP/TFTP Protocol through Ethernet network Remote/Local syslog NS3503-16P-4C-V2 User Manual...
  • Page 27 RFC 2068 HTTP RFC 1112 IGMP v1 RFC 2236 IGMP v2 RFC 3376 IGMP v3 RFC 2710 MLD v1 RFC 3810 MLD v2 Environment Temperature: 0 ~ 50 degrees C Operating Relative Humidity: 5 ~ 95% (non-condensing) NS3503-16P-4C-V2 User Manual...
  • Page 28 Temperature: -20 ~ 70 degrees C Storage Relative Humidity: 5 ~ 95% (non-condensing) NS3503-16P-4C-V2 User Manual...
  • Page 29 2.1.1 Switch Front Panel The front panel provides a simple interface monitoring of the Managed Switch. Figure 2-1-1 show the front panel of the Managed Switch. Figure 2-1-1 NS3503-16P-4C-V2 Front Panel  Gigabit TP Interface 10/100/1000BASE-T copper, RJ45 twisted-pair: Up to 100 meters.
  • Page 30 The front panel LEDs indicates instant status of port links, data activity and system power; it helps monitor and troubleshoot when needed. Figure 2-1-2 shows the LED indications of these Managed Switches. Figure 2-1-2 NS3503-16P-4C-V2 LED indication  System / Alert...
  • Page 31 The rear panel of the Managed Switch indicates an AC inlet power socket, which accepts input power from 100 to 240V AC, 50-60Hz. Figures 2-1-3 show the rear panel of these Managed Switches Figure 2-1-3 Rear Panel of NS3503-16P-4C-V2 ...
  • Page 32 Note: When choosing a location, please keep in mind the environmental restrictions discussed in Chapter 1, Section 4, and specifications. 4. Connect the Managed Switch to network devices. Connect one end of a standard network cable to the 10/100/1000 RJ45 ports on the front of the Managed Switch. NS3503-16P-4C-V2 User Manual...
  • Page 33 4. Follow the same steps to attach the second bracket to the opposite side. 5. After the brackets are attached to the Managed Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-1-6. NS3503-16P-4C-V2 User Manual...
  • Page 34 IFS Managed Switch supports both single mode and multi-mode SFP transceivers. Please visit the firesecurityproducts.com website for compatible SFP transceivers. Note: It is recommended to use IFS SFP on the Managed Switch. If you insert an SFP transceiver that is not supported, the Managed Switch will not recognize it.
  • Page 35 Note: Never pull out the module without lifting up the lever of the module and turning it into a horizontal position. Directly pulling out the module could damage the module and the SFP module slot of the Managed Switch. NS3503-16P-4C-V2 User Manual...
  • Page 36 An external SNMP-based network management application The administration console and Web browser interfaces are embedded in the Managed Switch software and are available for immediate use. Each of these management methods has their own advantages. Table 3-1 compares the three management methods. NS3503-16P-4C-V2 User Manual...
  • Page 37 Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal-emulation program (such as HyperTerminal) to the Managed Switch console (serial) port. When using this management method, a straight RS-232 to RJ45 cable is required to NS3503-16P-4C-V2 User Manual...
  • Page 38 Microsoft Internet Explorer. After you set up your IP address for the switch, you can access the Managed Switch's Web interface applications directly in your Web browser by entering the IP address of the Managed Switch. NS3503-16P-4C-V2 User Manual...
  • Page 39 Station only knows the set community string, it can read and write to the MIBs. However, if it only knows the get community string, it can only read MIBs. The default gets and sets community strings for the Managed Switch are public. NS3503-16P-4C-V2 User Manual...
  • Page 40 Figure 3-1-5 SNMP Management NS3503-16P-4C-V2 User Manual...
  • Page 41 2. When the following login screen appears, please enter the default username "admin" with password “admin” (or the username/password you have changed via console) to login the main screen of Managed Switch. The login screen in Figure 4-1-2 appears. NS3503-16P-4C-V2 User Manual...
  • Page 42 It is recommended to use Internet Explore 11.0 or above to access Managed Switch.  The changed IP address takes effect immediately after clicking on the Save button. You need to use the new IP address to access the Web interface. NS3503-16P-4C-V2 User Manual...
  • Page 43 Link up or Link down. Clicking on the image of a port opens the Port Statistics page. The port states are illustrated as follows: State Disabled Down Link RJ45 Ports SFP Ports PoE Ports NS3503-16P-4C-V2 User Manual...
  • Page 44 This save button allows you to save the running / startup / backup configuration or reset switch in default parameter. If you forgot to save configuration, all configurations will be lost after system reboot. The screen in Figure 4-1-6 appears. NS3503-16P-4C-V2 User Manual...
  • Page 45 To prevent illicit file upload and easier configuration, switch mandates the name of running configuration file to be running-config. Startup Configuration Refers to the configuration sequence used in switch startup. Startup configuration file stores in nonvolatile storage, corresponding to the NS3503-16P-4C-V2 User Manual...
  • Page 46 1. Click ”Save > Save Configurations to FLASH” to login “Configuration Manager” page. 2. Select “Source File = Running Configuration” and “Destination File = Startup Configuration”. 3. Press the “Apply” button to save running configuration to startup configuration. NS3503-16P-4C-V2 User Manual...
  • Page 47 The System Info page provides information for the current device information. System Info page helps a switch administrator to identify the hardware MAC address, software version and system uptime. The screens in Figures 4-2-1 and 4-2-2 appear. Figure 4-2-1 System Information Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 48 The IP Configuration includes the IP Address, Subnet Mask and Gateway. The configured column is used to view or change the IP configuration. Fill out the IP Address, Subnet Mask and Gateway for the device. The screens in Figure 4-2-2 and Figure 4-2-3 appear. Figure 4-2-2 IP Address Setting Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 49 Figure 4-2-3 IP Information Page Screenshot The page includes the following fields: Object Description DHCP State Display the current DHCP state. IP Address Display the current IP address. Subnet Mask Display the current subnet mask. Gateway Display the current gateway. NS3503-16P-4C-V2 User Manual...
  • Page 50 To enable this Managed Switch to accept a configuration from a Dynamic Host Configuration Protocol version 6 (DHCPv6) server. By default, the Managed Switch does not perform DHCPv6 client actions. DHCPv6 clients request the delegation of long-lived prefixes that they can push to individual local hosts. NS3503-16P-4C-V2 User Manual...
  • Page 51 “Apply” button to take effect. Please login Web interface with a new user name and password; the screens in Figure 4-2-6 and Figure 4-2-7 appear. Figure 4-2-6 Local User Information Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 52 Configure SNTP on this page. SNTP is an acronym for Simple Network Time Protocol, a network protocol for synchronizing the clocks of computer systems. You can specify SNTP Servers and set GMT Time zone. The SNTP Configuration screens in Figure 4-2-8 and Figure 4-2-9 appear. NS3503-16P-4C-V2 User Manual...
  • Page 53 Enter the number of minutes to add during Daylight Saving Time. ( Range: 1 to Offset 1440 ) Recurring From Week - Select the starting week number. Day - Select the starting day. Month - Select the starting month. Hours - Select the starting hour. NS3503-16P-4C-V2 User Manual...
  • Page 54 Hours - Select the starting hour. Minutes - Select the starting minute. Buttons : Click to apply changes. Figure 4-2-9 Time Information Page Screenshot The page includes the following fields: Object Description Current Data/Time Display the current data/time NS3503-16P-4C-V2 User Manual...
  • Page 55 Description Type the IP address or domain name of the SNTP server SNTP Server Address Type the port number of the SNTP Server Port Buttons : Click to apply changes. Figure 4-2-11 SNTP Server Information Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 56 The switch system local log information is provided here. The local Log screens in Figure 4-2-12 and Figure 4-2-13 appear. Figure 4-2-12 Logging Settings Page Screenshot The page includes the following fields: Object Description Logging Service Enabled: Enable logging service operation. Disabled: Disable logging service operation. NS3503-16P-4C-V2 User Manual...
  • Page 57 Error level of the error conditions for local log. warning: Warning level of the warning conditions for local log. notice: Notice level of the normal but significant conditions for local log. info: Informational level of the informational messages for local log. NS3503-16P-4C-V2 User Manual...
  • Page 58 You can also limit the event messages sent to only those messages below a specified level. The Remote Syslog screens in Figure 4-2-16 and Figure 4-2-17 appear. NS3503-16P-4C-V2 User Manual...
  • Page 59 The page includes the following fields: Object Description Status Display the current remote syslog state Server Info Display the current remote syslog server information Severity Display the current remote syslog severity Facility Display the current remote syslog facility NS3503-16P-4C-V2 User Manual...
  • Page 60 Debug level of the debugging messages for log view. Category The category of the log view includes: AAA, ACL, CABLE_DIAG, DAI, DHCP_SNOOPING, Dot1X, GVRP, IGMP_SNOOPING, IPSG, L2, LLDP, Mirror, MLD_SNOOPING, Platform, PM, Port, PORT_SECURITY, QoS, Rate, SNMP and STP Buttons : Click to view log. NS3503-16P-4C-V2 User Manual...
  • Page 61 This is the number for logs Timestamp Display the time of log Category Display the category type Severity Display the severity type Message Display the log message Buttons : Click to clear the log. : Click to refresh the log. NS3503-16P-4C-V2 User Manual...
  • Page 62 SNMP community. It will not respond to requests from management stations that do not belong to one of its communities. SNMP default communities are:  Write = private  Read = public NS3503-16P-4C-V2 User Manual...
  • Page 63 Indicates the SNMP mode operation. Possible modes are: Enabled: Enable SNMP mode operation. Disabled: Disable SNMP mode operation. Buttons : Click to apply changes. Figure 4-2-22 SNMP Information Page Screenshot The page includes the following fields: Object Description SNMP Display the current SNMP status NS3503-16P-4C-V2 User Manual...
  • Page 64 'included' and its OID subtree oversteps the 'excluded' view entry. Buttons : Click to add a new view entry. Figure 4-2-24 SNMP View Table Status Page Screenshot The page includes the following fields: Object Description View Name Display the current SNMP view name NS3503-16P-4C-V2 User Manual...
  • Page 65 The allowed string length is 1 to 16. Write View Name Write view name is the name of the view in which you enter data and configure the contents of the agent. The allowed string length is 1 to 16. NS3503-16P-4C-V2 User Manual...
  • Page 66 Display the current security level Read View Name Display the current read view name Write View Name Display the current write view name Notify View Name Display the current notify view name Action : Delete the access group entry. NS3503-16P-4C-V2 User Manual...
  • Page 67 Indicates the SNMP community type operation. Possible types are: RO=Read-Only: Set access string type in read-only mode. RW=Read-Write: Set access string type in read-write mode. Buttons : Click to apply changes. Figure 4-2-28 Community Status Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 68 MD5: An optional flag to indicate that this user using MD5 authentication protocol. SHA: An optional flag to indicate that this user using SHA authentication protocol. The value of security level cannot be modified if entry already exists. That NS3503-16P-4C-V2 User Manual...
  • Page 69 Display the current group Privilege Mode Display the current privilege mode Authentication Protocol Display the current authentication protocol Encryption Protocol Display the current encryption protocol Access Right Display the current access right Action : Delete the user entry NS3503-16P-4C-V2 User Manual...
  • Page 70 Indicates the SNMP trap inform timeout. The allowed range is 1 to 300. Retries Indicates the SNMP trap inform retry times. The allowed range is 1 to 255. Buttons : Click to add a new SNMPv1, 2 host entry. Figure 4-2-32 SNMPv1, 2 Host Status Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 71 1~65535. Time Out Indicates the SNMP trap inform timeout. The allowed range is 1 to 300. Retries Indicates the SNMP trap inform retry times. The allowed range is 1 to 255. NS3503-16P-4C-V2 User Manual...
  • Page 72 The SNMPv3 Engine ID Setting screens in Figure 4-2-35 and Figure 4-2-36 appear. Figure 4-2-35 SNMPv3 Engine ID Setting Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 73 Figure 4-2-37 SNMPv3 Remote Engine ID Setting Page Screenshot The page includes the following fields: Object Description Remote IP Address Indicates the SNMP remote engine ID address. It allows a valid IP address in dotted decimal notation ('x.y.z.w'). NS3503-16P-4C-V2 User Manual...
  • Page 74 Sets the jumbo frame on the switch Port Error Disable Configuration Configures port error disable settings Port Error Disabled Status Disables port error status Protected Ports Configures protected ports settings SFP Module Information Displays SFP module information. NS3503-16P-4C-V2 User Manual...
  • Page 75 The Rx and Tx settings are determined by the result of the last Auto-Negotiation. Check the configured column to use flow control. This setting is related to the setting for Configured Link Speed. NS3503-16P-4C-V2 User Manual...
  • Page 76 4.3.2 Port Counters This page provides an overview of traffic and trunk statistics for all switch ports. The Port Statistics screens in Figure 4-3-3, Figure 4-3-4, Figure 4-3-5 and Figure 4-3-6 appear. Figure 4-3-3 Port MIB Counters Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 77 The total number of packets that higher-level protocols requested is transmitted to a subnetwork-unicast address, including those that were discarded or not sent. Transmit Unknown Unicast The total number of packets that higher-level protocols requested is Packets transmitted to a subnetwork-unicast address, including those that were NS3503-16P-4C-V2 User Manual...
  • Page 78 A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy. Late Collision The number of times that a collision is detected later than 512 bit-times into the transmission of a packet. NS3503-16P-4C-V2 User Manual...
  • Page 79 The total number of good frames received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Packets The total number of good frames received that were directed to this multicast address. NS3503-16P-4C-V2 User Manual...
  • Page 80 Bandwidth utilization statistics can be viewed using a line graph. The Bandwidth Utilization screen in Figure 4-3-7 appears. To view the port utilization, click on the Port Management folder and then the Bandwidth Utilization link: NS3503-16P-4C-V2 User Manual...
  • Page 81  The Managed Switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity. NS3503-16P-4C-V2 User Manual...
  • Page 82 Monitor Session State Enable or disable the port mirroring function. Destination Port Select the port to mirror destination port. Allow-ingress Frames from ports that have either source (rx) or destination (tx) mirroring enabled are mirrored to this port. NS3503-16P-4C-V2 User Manual...
  • Page 83 Display the current RX ports 4.3.5 Jumbo Frame This page provides to select the maximum frame size allowed for the switch port. The Jumbo Frame screen in Figure 4-3-11 and Figure 4-3-12 appear. Figure 4-3-11 Jumbo Frame Setting Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 84 Enter the maximum frame size allowed for the switch port, including FCS. The allowed range is 64 bytes to 9216 bytes. Buttons : Click to apply changes. Figure 4-3-12 Jumbo Frame Information Page Screenshot The page includes the following fields: Object Description Jumbo Display the current maximum frame size NS3503-16P-4C-V2 User Manual...
  • Page 85 Enable or disable the port error disabled function to check status by DHCP rate limit ARP Rate Limit Enable or disable the port error disabled function to check status by ARP rate limit Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 86 Display the current unicast flood status Display the current ACL status Port Security Violation Display the current port security violation status DHCP Rate Limit Display the current DHCP rate limit status ARP Rate Limit Display the current ARP rate limit status NS3503-16P-4C-V2 User Manual...
  • Page 87 Servers in a farm of web servers in a Demilitarized Zone (DMZ) are allowed to communicate with the outside world and with database servers on the inside segment, but are not allowed to communicate with each other NS3503-16P-4C-V2 User Manual...
  • Page 88 VLAN table. This reduces the ports to which forwarding can be done to just the promiscuous ports within the private VLAN. The port settings relate to the currently unit, as reflected by the page header. The Port Isolation Configuration screens in Figure 4-3-16 and Figure 4-3-17 appear. NS3503-16P-4C-V2 User Manual...
  • Page 89 VLAN. This is the default setting. Buttons : Click to apply changes. Figure 4-3-17 Port Isolation Status Page Screenshot The page includes the following fields: Object Description Protected Ports Display the current protected ports Unprotected Ports Display the current unprotected ports NS3503-16P-4C-V2 User Manual...
  • Page 90 Link Aggregation Control Protocol (LACP) LAGs - LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device. If the other device ports are also LACP ports, the devices establish a LAG between them. Figure 4-4-1 Link Aggregation NS3503-16P-4C-V2 User Manual...
  • Page 91 Configures load balance algorithm configuration settings LAG Management Configures LAG configuration settings LAG Port Setting Configures LAG port settings LACP Setting Configures LACP priority settings LACP Port Setting Configure LACP configuration settings LAG Status Display LAG status / LACP information NS3503-16P-4C-V2 User Manual...
  • Page 92 IP/MAC Address: The IP and MAC address can be used to calculate the port for the frame. Buttons : Click to apply changes. Figure 4-4-3 LAG Information Page Screenshot The page includes the following fields: Object Description Load Balance Algorithm Display the current load balance algorithn NS3503-16P-4C-V2 User Manual...
  • Page 93 If the other device ports are also LACP ports, the devices establish a LAG between them. Ports Select port number for this drop down list to establish Link Aggregation Figure 4-4-5 LAG Management Information Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 94 Auto – Set up Auto negotiation. Auto-10M – Set up 10M Auto negotiation. Auto-100M – Set up 100M Auto negotiation. Auto-1000M - Set up 1000M Auto negotiation. Auto-10/100M – Set up 10/100M Auto negotiation. NS3503-16P-4C-V2 User Manual...
  • Page 95 Display the current port type Enable State Display the current enable state Speed Display the current speed Duplex Display the current duplex mode Flow Control Config Display the current flow control configuration Flow Control Status Display the current flow control status NS3503-16P-4C-V2 User Manual...
  • Page 96 LACP peer of the trunk group. Buttons : Click to apply changes. Figure 4-4-9 LACP Information Page Screenshot The page includes the following fields: Object Description System Priority Display the current system priority. NS3503-16P-4C-V2 User Manual...
  • Page 97 The Timeout controls the period between BPDU transmissions. Short will transmit LACP packets each second, while Long will wait for 30 seconds before sending an LACP packet. Buttons : Click to apply changes. Figure 4-4-11 LACP Port Information Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 98 Display the current LAG name Type Display the current trunk type Link State Display the current link state Active Member Display the current active member Standby Member Display the current standby member Figure 4-4-13 LACP Information Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 99 The contents could be true or false. If the contents are false, the web will show “_”; if the contents are true, the Web shows “A”, “T”, “G”, “S”, “C”, “D”, “F” and “E” for each content respectively. NS3503-16P-4C-V2 User Manual...
  • Page 100 The Managed Switch's default is to assign all ports to a single 802.1Q VLAN named DEFAULT_VLAN. As new VLAN is created, the member ports assigned to the new VLAN will be removed from the DEFAULT_ VLAN port member list. The DEFAULT_VLAN has a VID = 1. NS3503-16P-4C-V2 User Manual...
  • Page 101 Up to 255 VLANs based on the IEEE 802.1Q standard  Port overlapping, allowing a port to participate in multiple VLANs  End stations can belong to multiple VLANs  Passing traffic between VLAN-aware and VLAN-unaware devices NS3503-16P-4C-V2 User Manual...
  • Page 102 1 bits 12 bits TPID (Tag Protocol Identifier) TCI (Tag Control Information) 2 bytes 2 bytes Destination Source Ethernet Preamble VLAN TAG Data Address Address Type 6 bytes 6 bytes 4 bytes 2 bytes 46-1500 bytes 4 bytes NS3503-16P-4C-V2 User Manual...
  • Page 103 The Switch initially configures one VLAN, VID = 1, called "default." The factory default setting assigns all ports on the Switch to the "default". As new VLAN are configured in Port-based mode, their respective member ports are removed from the "default." NS3503-16P-4C-V2 User Manual...
  • Page 104 Configure Management VLAN on this page. The screens in Figure 4-5-1 and Figure 4-5-2 appear. Figure 4-5-1 Management VLAN Setting Page Screenshot The page includes the following fields: Object Description Management VLAN Provide the managed VLAN ID NS3503-16P-4C-V2 User Manual...
  • Page 105 VLAN List Indicates the ID of this particular VLAN. VLAN Action This column allows users to add or delete VLAN s. VLAN Name Prefix Indicates the name of this particular VLAN. Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 106 802.1Q VLAN information. (Remember that the PVID is only used internally within the Switch). Untagging is used to send packets from an 802.1Q-compliant network device to a non-compliant network device. NS3503-16P-4C-V2 User Manual...
  • Page 107 VLANs in the MAN space can be used independent of the customers’ VLANs. This is accomplished by adding a VLAN tag with a MAN-related VID for frames entering the MAN. When leaving the MAN, the tag is stripped and the original VLAN tag with the customer-related VID is again available. NS3503-16P-4C-V2 User Manual...
  • Page 108 If ingress filtering is disabled, frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine. However, the port will never transmit frames classified to VLANs that it is not a member of. NS3503-16P-4C-V2 User Manual...
  • Page 109 Display the current interface VLAN mode PVID Display the current PVID Accepted Frame Type Display the current access frame type Ingress Filtering Display the current ingress filtering Uplink Display the current uplink mode TPID Display the current TPID NS3503-16P-4C-V2 User Manual...
  • Page 110 VLAN or CoS information. Note that an interface must be assigned to at least one group as an untagged port. PVID Display the current PVID NS3503-16P-4C-V2 User Manual...
  • Page 111 VLAN groups for each required protocol. When a frame is received at a port, its VLAN membership can then be determined based on the protocol type being used by the inbound packets. NS3503-16P-4C-V2 User Manual...
  • Page 112 Valid value that can be entered in this text field depends on the option selected (0x0600-0xFFFE) from the preceding Frame Type selection menu. Valid values for frame type ranges from 0x0600-0xfffe Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 113 Description Port Select port for this drop down list to assign protocol VLAN port Group Select group ID for this drop down list to protocol VLAN group VLAN VLAN ID assigned to the Special Protocol VLAN Group NS3503-16P-4C-V2 User Manual...
  • Page 114 Figure 4-5-12 Protocol VLAN Port State Page Screenshot The page includes the following fields: Object Description Port Display the current port Group ID Display the current group ID VLAN ID Display the current VLAN ID Delete Click to delete the group ID entry NS3503-16P-4C-V2 User Manual...
  • Page 115 GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. The GVRP Global Setting/Information screens in Figure 4-5-13 and Figure 4-5-14 appear. Figure 4-5-13 GVRP Global Setting Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 116 2 x (join timer) < leave timer < leaveAll timer Buttons : Click to apply changes. Figure 4-5-14 GVRP Global Setting Page Screenshot The page includes the following fields: Object Description GVRP Status Display the current GVRP status NS3503-16P-4C-V2 User Manual...
  • Page 117 GVRP can dynamically create VLANs on switches for trunking purposes. By enabling GVRP dynamic VLAN creation, a switch will add VLANs to its database when it receives GVRP join messages about VLANs it does not have. Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 118 Figure 4-5-17 GVRP VLAN Database Status Page Screenshot The page includes the following fields: Object Description VLAN ID Display the current VLAN ID Member Ports Display the current member ports Dynamic Ports Display the current dynamic ports VLAN Type Display the current VLAN type NS3503-16P-4C-V2 User Manual...
  • Page 119 Display the current leave in (TX/RX) packets LeaveAll (Rx/Tx) Display the current leaveall (TX/RX) packets Figure 4-5-19 GVRP Port Error Statistics Page Screenshot The page includes the following fields: Object Description Port The switch port number of the logical port. NS3503-16P-4C-V2 User Manual...
  • Page 120 VLAN Group 2 and VLAN Group 3 are separated VLANs. Each VLAN isolates network traffic so only members of the VLAN receive traffic from the same VLAN members. The screen in Figure 4-5-20 appears and Table 4-5-2 describes the port configuration of the Managed Switches. NS3503-16P-4C-V2 User Manual...
  • Page 121 1. While [PC-3] transmits a tagged packet with VLAN Tag=2 enters Port-3, [PC-1] and [PC-2] will receive the packet through Port-1 and Port-2. 2. While the packet leaves Port-1 and Port-2, it will be stripped away its tag becoming an untagged packet. NS3503-16P-4C-V2 User Manual...
  • Page 122 2. Assign VLAN mode and PVID to each port: Port-1,Port-2 and Port-3 : VLAN Mode = Hybrid, PVID=2 Port-4,Port-5 and Port-6 : VLAN Mode = Hybrid, PVID=3 3. Assign Tagged/Untagged to each port: VLAN ID = 2: Port-1 & 2 = Untagged, NS3503-16P-4C-V2 User Manual...
  • Page 123 4.5.14.2 VLAN Trunking between two 802.1Q aware switches In most cases, they are used for “Uplink” to other switches. VLANs are separated at different switches, but they need to access other switches within the same VLAN group. The screen in Figure 4-5-21 appears. NS3503-16P-4C-V2 User Manual...
  • Page 124 Add VLAN group 2 and group 3 2. Assign VLAN mode and PVID to each port: Port-1,Port-2 and Port-3 : VLAN Mode = Hybrid, PVID=2 Port-4,Port-5 and Port-6 : VLAN Mode = Hybrid, PVID=3 Port-7 : VLAN Mode = Hybrid, PVID=1 NS3503-16P-4C-V2 User Manual...
  • Page 125 VLAN ID = 1: Port-1~6 = Untagged, Port -7 = Excluded. VLAN ID = 2: Port-1 & 2 = Untagged, Port-3 & 7 = Tagged, Port -4~6 = Excluded. VLAN ID = 3: Port-4 & 5 = Untagged, NS3503-16P-4C-V2 User Manual...
  • Page 126 The Switch STP performs the following functions:  Creates a single spanning tree from any combination of switching or bridging elements.  Creates multiple spanning trees – from any combination of ports contained within a single switch, in user specified groups. NS3503-16P-4C-V2 User Manual...
  • Page 127 Blocking state to a Forwarding state could create temporary data loops. Ports must wait for new network topology information to propagate throughout the network before starting to forward packets. They must also wait for the packet lifetime to expire for NS3503-16P-4C-V2 User Manual...
  • Page 128 Figure 4-6-1 STP Port State Transitions You can modify each port state by using management software. When you enable STP, every port on every switch in the network goes through the blocking state and then transitions through the states of NS3503-16P-4C-V2 User Manual...
  • Page 129 A value used by STP to evaluate paths – Port Cost 200,000-100Mbps Fast Ethernet ports STP calculates path costs and selects the 20,000-1000Mbps Gigabit Ethernet path with the minimum cost as the active ports path 0 - Auto NS3503-16P-4C-V2 User Manual...
  • Page 130 If switch A broadcasts a packet to switch B, switch B will broadcast it to switch C, and switch C will broadcast it to back to switch A and so on. The broadcast packet will be passed indefinitely in a loop, potentially causing a network failure. In this example, STP breaks the loop by blocking the connection NS3503-16P-4C-V2 User Manual...
  • Page 131 Priority setting, or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is, however, relatively straight forward. Figure 4-6-2 Before Applying the STA Rules In this example, only the default STP values are used. NS3503-16P-4C-V2 User Manual...
  • Page 132 Configuration per port STP setting CIST Instance Setting Configure system configuration CIST Port Setting Configure CIST port setting MST Instance Setting Configuration each MST instance setting MST Port Setting Configuration per port MST setting STP Statistics Display the STP statistics NS3503-16P-4C-V2 User Manual...
  • Page 133 RSTP-Operation and MSTP-Operation. Configuration Name Identifier used to identify the configuration currently being used. Configuration Revision Identifier used to identify the configuration currently being used. The values allowed are between 0 and 65535. The default value is 0. NS3503-16P-4C-V2 User Manual...
  • Page 134 Display the current configuration name • Configuration Revision Display the current configuration revision 4.6.3 STP Port Setting This page allows you to configure per port STP settings. The STP Port Setting screens in Figure 4-6-6 and Figure 4-6-7 appear. NS3503-16P-4C-V2 User Manual...
  • Page 135 : Click to apply changes. By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below. Path cost “0” is used to indicate NS3503-16P-4C-V2 User Manual...
  • Page 136 Link Type IEEE 802.1w-2001 Ethernet Half Duplex 2,000,000 Full Duplex 1,000,000 Trunk 500,000 Fast Ethernet Half Duplex 200,000 Full Duplex 100,000 Trunk 50,000 Gigabit Ethernet Full Duplex 10,000 Trunk 5,000 Figure 4-6-7 STP Port Status Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 137 BPDU information. Valid values are in the range 6 to 40 hops. Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to Forwarding (used in STP compatible mode). Valid values are in the range 4 to NS3503-16P-4C-V2 User Manual...
  • Page 138 Object Description Priority Display the current CIST priority Max Hop Display the current Max. hop Forward Delay Display the current forward delay Max Age Display the current Max.Age Tx Hold Count Display the current Tx hold count NS3503-16P-4C-V2 User Manual...
  • Page 139 The path cost is used when establishing the active topology of the network. Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports. Valid values are in the range 1 to 200000000. Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 140 Display the current internal port path cost Edge Port Conf/Oper Display the current edge port conf/oper P2P MAC Conf/Oper Display the current P2P MAC conf/oper Port Role Display the current port role Port State Display the current port state NS3503-16P-4C-V2 User Manual...
  • Page 141 The page includes the following fields: Object Description MSTI Display the current MSTI entry Status Display the current MSTI status VLAN List Display the current VLAN list VLAN Count Display the current VLAN count Priority Display the current MSTI priority NS3503-16P-4C-V2 User Manual...
  • Page 142 MSTI instance configured and applicable for the port. The MSTI instance must be selected before displaying actual MSTI port configuration options. This page contains MSTI port settings for physical and aggregated ports. The aggregation settings are global. The MSTI Ports Setting screens in Figure 4-6-15 and Figure 4-6-16 appear. NS3503-16P-4C-V2 User Manual...
  • Page 143 Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports. Valid values are in the range 1 to 200000000. Buttons : Click to apply changes. Figure 4-6-16 MST Port Status Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 144 • Configuration BPDUs Received Display the current configuration BPDUs received • TCN BPDUs Received Display the current TCN BPDUs received • MSTP BPDUs Received Display the current MSTP BPDUs received • Configuration BPDUs Display the configuration BPDUs transmitted NS3503-16P-4C-V2 User Manual...
  • Page 145 The page includes the following fields: Object Description Unknown Multicast Action Unknown multicast traffic method: Drop, flood or send to router port. IPv4 Forward Method Configure the IPv4 multicast forward method IPv6 Forward Method Configure the IPv6 multicast forward method NS3503-16P-4C-V2 User Manual...
  • Page 146 IGMP, to see if there is at least one member of a multicast group on a given subnet work. If there are no members on a sub network, packets will not be forwarded to that sub network. NS3503-16P-4C-V2 User Manual...
  • Page 147 Figure 4-7-3 Multicast Service Figure 4-7-4 Multicast Flooding NS3503-16P-4C-V2 User Manual...
  • Page 148 Checksum Group Address (all zeros if this is a query) The IGMP Type codes are shown below: Type Meaning 0x11 Membership Query (if Group Address is 0.0.0.0) Specific Group Membership Query (if Group Address is 0x11 Present) NS3503-16P-4C-V2 User Manual...
  • Page 149 ◼ IGMP Querier – A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these NS3503-16P-4C-V2 User Manual...
  • Page 150 Limits the membership report traffic sent to multicast-capable routers. IGMP Snooping Report Suppression When you disable report suppression, all IGMP reports are sent as is to multicast-capable routers. The default is enabled. Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 151 Display the current query max response interval (sec.) Last Member Query count Display the current last member query count Last Member Query Interval Display the current last member query interval (sec) Immediate Leave Display the current immediate leave NS3503-16P-4C-V2 User Manual...
  • Page 152 Sets the querier version for compatibility with other devices on the network. Version: 2 or 3; Default: 2 Buttons : Click to apply changes. Figure 4-7-11 IGMP Querier Status Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 153 Select VLAN ID for this drop down list Group IP Address The IP address for a specific multicast service Member Ports Select port number for this drop down list Buttons : Click to add IGMP router port entry. NS3503-16P-4C-V2 User Manual...
  • Page 154 Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/ switch connected over the network to an interface (port or trunk) on your Managed Switch, you can manually configure the interface (and a NS3503-16P-4C-V2 User Manual...
  • Page 155 : Click to add IGMP router port entry. Figure 4-7-16 Router Port Status Page Screenshot The page includes the following fields: Object Description VLAN ID Display the current VLAN ID Static Ports Display the current static ports Forbidden Ports Display the current forbidden ports NS3503-16P-4C-V2 User Manual...
  • Page 156 Expiry Time (Sec) Display the current expiry time Figure 4-7-18 Static Router Table Page Screenshot The page includes the following fields: Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask NS3503-16P-4C-V2 User Manual...
  • Page 157 Select VLAN ID for this drop down list to assign IGMP membership Port The switch port number of the logical port Membership Select IGMP membership for each interface: Forbidden: Interface is forbidden from automatically joining the IGMP via MVR. NS3503-16P-4C-V2 User Manual...
  • Page 158 4.7.3 IGMP Snooping Statics This page provides IGMP Snooping Statics. The IGMP Snooping Statics screen in Figure 4-7-20 appears. Figure 4-7-20 Forward All Setting Page Screenshot The page includes the following fields: Object Description Total RX Display current total RX NS3503-16P-4C-V2 User Manual...
  • Page 159 Most of the settings are global, whereas the Router Port configuration is related to the current unit, as reflected by the page header. The MLD Snooping Setting, Information and Table screens in Figure 4-7-21, Figure 4-7-22 & Figure 4-7-23 appear. NS3503-16P-4C-V2 User Manual...
  • Page 160 The page includes the following fields: Object Description MLD Snooping Status Display the current MLD snooping status MLD Snooping Version Display the current MLD snooping version MLD Snooping Report Display the current MLD snooping report suppression Suppression NS3503-16P-4C-V2 User Manual...
  • Page 161 Display the current immediate leave Modify Click to edit parameter 4.7.4.2 MLD Static Group The MLD Static Group configuration screens in Figure 4-7-24 and Figure 4-7-25 appear. Figure 4-7-24 Add MLD Static Group Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 162 4.7.4.3 MLD Group Table This page provides MLD Group Table. The MLD Group Table screen in Figure 4-7-26 appears. Figure 4-7-26 MLD Group Table Page Screenshot The page includes the following fields: Object Description VLAN ID Display the current VID NS3503-16P-4C-V2 User Manual...
  • Page 163 Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier. Forbid Port Select Specify which ports un-act as router ports Buttons : Click to add MLD router port entry. NS3503-16P-4C-V2 User Manual...
  • Page 164 Figure 4-7-29 Dynamic Router Table Page Screenshot The page includes the following fields: Object Description VLAN ID Display the current VLAN ID Port Display the current dynamic router ports Expiry Time (Sec) Display the current expiry time NS3503-16P-4C-V2 User Manual...
  • Page 165 The page includes the following fields: Object Description VLAN ID Display the current VLAN ID Port Mask Display the current port mask 4.7.4.6 MLD Forward All This page provides MLD Forward All. The Forward All screen in Figure 4-7-32 appears. NS3503-16P-4C-V2 User Manual...
  • Page 166 VLAN will not be transmitted by the interface. Static: Interface is a member of the MLD. Buttons : Click to apply changes. 4.7.5 MLD Snooping Statics This page provides MLD Snooping Statics. The MLD Snooping Statics screen in Figure 4-7-33 appears. NS3503-16P-4C-V2 User Manual...
  • Page 167 Display current special group and source query RX Query RX Leave TX Display current leave TX Report TX Display current report TX General Query TX Display current general query TX Special Group Query TX Display current special group query TX NS3503-16P-4C-V2 User Manual...
  • Page 168 Sets the maximum number of multicast groups an interface can join at the same time. Range: 0-256; Default: 256 Action Sets the action to take when the maximum number of multicast groups for the interface has been exceeded. NS3503-16P-4C-V2 User Manual...
  • Page 169 If a requested multicast group is denied, the multicast join report is dropped. When you have created a Multicast profile number, you can then configure the multicast groups to filter and set the access mode. Command Usage NS3503-16P-4C-V2 User Manual...
  • Page 170 - Deny When the access mode is set to, multicast join reports are only processed when the multicast group is not in the controlled range. Buttons : Click to add multicast profile entry. NS3503-16P-4C-V2 User Manual...
  • Page 171 The Filter Setting and Status screens in Figure 4-7-38 and Figure 4-7-39 appear. Figure 4-7-38 Filter Setting Page Screenshot The page includes the following fields: Object Description Port Select Select port number for this drop down list Filter Profile ID Select filter profile ID for this drop down list NS3503-16P-4C-V2 User Manual...
  • Page 172 The Filter Setting and Status screens in Figure 4-7-40 and Figure 4-7-41 appear. Figure 4-7-40 Filter Setting Page Screenshot The page includes the following fields: Object Description Port Select Select port number for this drop down list Filter Profile ID Select filter profile ID for this drop down list NS3503-16P-4C-V2 User Manual...
  • Page 173 Assigning priorities to traffic (for example, to set higher priorities to time-critical or business-critical applications).  Applying security policy through traffic filtering.  Provide predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter. NS3503-16P-4C-V2 User Manual...
  • Page 174 8:1. 4.8.2 General 4.8.2.1 QoS Properties The QoS Global Setting and Information screen in Figure 4-8-1 and Figure 4-8-2 appear. Figure 4-8-1 QoS Global Setting Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 175 The QoS Port Settings and Status screens in Figure 4-8-2 and Figure 4-8-3 appear. Figure 4-8-2 QoS Port Setting Page Screenshot The page includes the following fields: Object Description Port Select Select port number for this drop down list CoS Value Select CoS value for this drop down list NS3503-16P-4C-V2 User Manual...
  • Page 176 Display the current remark CoS Remark DSCP Display the current remark DSCP Remark IP Precedence Display the current remark IP precedence 4.8.2.3 Queue Settings The Queue Table and Information screens in Figure 4-8-4 and Figure 4-8-5 appear. NS3503-16P-4C-V2 User Manual...
  • Page 177 Controls the weight for this queue. This value is restricted to 1-100. This parameter is only shown if "Scheduler Mode" is set to "Weighted". % of WRR Bandwidth Display the current bandwidth for each queue Buttons : Click to apply changes. Figure 4-8-5 Queue Information Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 178 Figure 4-8-6 CoS to Queue and Queue to CoS Mapping Page Screenshot The page includes the following fields: Object Description Queue Select Queue value for this drop down list Class of Service Select CoS value for this drop down list Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 179 Display the current mapping to queue Queue Display the current queue value Mapping to CoS Display the current mapping to CoS 4.8.2.5 DSCP Mapping The DSCP to Queue and Queue to DSCP Mapping screens in Figure 4-8-8 and Figure 4-8-9 appear. NS3503-16P-4C-V2 User Manual...
  • Page 180 The page includes the following fields: Object Description Queue Select Queue value for this drop down list DSCP Select DSCP value for this drop down list Buttons : Click to apply changes. Figure 4-8-9 DSCP Mapping Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 181 The IP Precedence to Queue and Queue to IP Precedence Mapping screens in Figure 4-8-10 and Figure 4-8-11 appear. Figure 4-8-10 IP Precedence to Queue and Queue to IP Precedence Mapping Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 182 The page includes the following fields: Object Description IP Precedence Display the current CoS value Mapping to Queue Display the current mapping to queue Queue Display the current queue value Mapping to IP Precedence Display the current mapping to IP Precedence NS3503-16P-4C-V2 User Manual...
  • Page 183 Figure 4-8-13 QoS Information Page Screenshot The page includes the following fields: Object Description Trust Mode Display the current QoS mode 4.8.3.2 Port Settings The QoS Port Setting and Status screen in Figure 4-8-14 and Figure 4-8-15 appear. NS3503-16P-4C-V2 User Manual...
  • Page 184 The page includes the following fields: Object Description Port The switch port number of the logical port Trust Mode Display the current trust type 4.8.4 Rate Limit Configure the switch port rate limit for the switch port on this page. NS3503-16P-4C-V2 User Manual...
  • Page 185 : Click to apply changes. Figure 4-8-17 Ingress Bandwidth Control Status Page Screenshot The page includes the following fields: Object Description Port The switch port number of the logical port Ingress Rate Limit (Kbps) Display the current ingress rate limit NS3503-16P-4C-V2 User Manual...
  • Page 186 : Click to apply changes. Figure 4-8-19 Egress Bandwidth Control Status Page Screenshot The page includes the following fields: Object Description Port The switch port number of the logical port Egress Rate Limit (Kbps) Display the current egress rate limit NS3503-16P-4C-V2 User Manual...
  • Page 187 0 to 1000000. Buttons : Click to apply changes. Figure 4-8-21 Egress Queue Status Page Screenshot The page includes the following fields: Object Description Queue ID Display the current queue ID Rate Limit (Kbps) Display the current rate limit NS3503-16P-4C-V2 User Manual...
  • Page 188 Before connecting the IP device to the switch, the IP phone should configure the voice VLAN ID correctly. It should be configured through its own GUI. This page provides to select the ingress bandwidth preamble. The Ingress Bandwidth Control Setting/Status screen in Figure 4-8-22 and Figure 4-8-23 appears. NS3503-16P-4C-V2 User Manual...
  • Page 189 Enable or disable 802.1p remark Aging Time (30-65536 The time after which a port is removed from the Voice VLAN when VoIP traffic min) is no longer received on the port. (\Default: 1440 minutes). Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 190 4.8.5.3 Telephony OUI MAC Setting Configure VOICE VLAN OUI table on this Page. The Telephony OUI MAC Setting screens in Figure 4-8-24 and Figure 4-8-25 appear. Figure 4-8-24 Voice VLAN OUI Settings Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 191 It is recommended that there be two VLANs on a port - one for voice, one for data. Before connecting the IP device to the switch, the IP phone should configure the voice VLAN ID NS3503-16P-4C-V2 User Manual...
  • Page 192 CoS Mode Select the current CoS mode Buttons : Click to apply changes. Figure 4-8-27 Voice VLAN Port State Page Screenshot The page includes the following fields: Object Description Port The switch port number of the logical port NS3503-16P-4C-V2 User Manual...
  • Page 193 The switch simply encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it. NS3503-16P-4C-V2 User Manual...
  • Page 194 This section includes this conceptual information:  Device Roles  Authentication Initiation and Message Exchange  Ports in Authorized and Unauthorized States ◼ Device Roles With 802.1X port-based authentication, the devices in the network have specific roles as shown below. Figure 4-9-1 NS3503-16P-4C-V2 User Manual...
  • Page 195 When the client supplies its identity, the switch begins its role as the intermediary, passing EAP frames between the client and the authentication server until authentication succeeds or fails. If the authentication succeeds, the switch port becomes authorized. NS3503-16P-4C-V2 User Manual...
  • Page 196 If the authentication fails, the port remains in the unauthorized state, but authentication can be retried. If the authentication server cannot be reached, the switch can retransmit the request. If no response is received from the server after the specified number of attempts, authentication fails, and network access is not granted. NS3503-16P-4C-V2 User Manual...
  • Page 197 Indicates if NAS is globally enabled or disabled on the switch. If globally disabled, all ports are allowed forwarding of frames. Buttons : Click to apply changes. Figure 4-9-4 802.1X Information Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 198 If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached. NS3503-16P-4C-V2 User Manual...
  • Page 199 Reauthentication Period Display the current reauthentication period. Quiet Period Display the current quiet period. Supplicant Timeout Display the current supplicant timeout. Max. EAP Requests Display the current Max. EAP requests. Modify Click to edit 802.1X port setting parameter. NS3503-16P-4C-V2 User Manual...
  • Page 200 The switch follows a set of rules for entering and leaving the Guest VLAN as listed below. The "Guest VLAN Enabled" checkbox provides a quick way to globally enable/disable Guest VLAN functionality. When checked, the individual ports' ditto setting determines whether the port NS3503-16P-4C-V2 User Manual...
  • Page 201 Description Port Name The switch port number of the logical port Enable State Display the current state In Guest VLAN Display the current guest VLAN 4.9.1.5 Authenticated Host The Authenticated Host Table screen in Figure 4-9-9 appears. NS3503-16P-4C-V2 User Manual...
  • Page 202 Dead Time The Dead Time, which can be set to a number between 0 and 3600 seconds, is the period during which the switch will not send new requests to a server that NS3503-16P-4C-V2 User Manual...
  • Page 203 The Timeout, which can be set to a number between 1 and 30 seconds, is the Timeout for Reply maximum time to wait for a reply from a server. If the server does not reply within this timeframe, we will consider it to be dead NS3503-16P-4C-V2 User Manual...
  • Page 204 The page includes the following fields: Object Description IP Address Display the current IP address Auth Port Display the current auth port Acct Port Display the current acct port Display the current key Timeout Display the current timeout NS3503-16P-4C-V2 User Manual...
  • Page 205 Retransmit is the number of times, in the range 1 to 30, a TACACS+ request is retransmitted to a server that is not responding. If the server has not responded after the last retransmit it is considered to be dead. Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 206 Set the server priority Buttons : Click to add Radius server setting. Figure 4-9-15 Login Authentication List Page Screenshot The page includes the following fields: Object Description IP Address Display the current IP address Port Display the current port NS3503-16P-4C-V2 User Manual...
  • Page 207 3. Define a method name for each service to which you want to apply accounting or authorization and specify the RADIUS or TACACS+ server groups to use. Apply the method names to port or line interfaces. NS3503-16P-4C-V2 User Manual...
  • Page 208 Empty / None / Local / TACACS+ / RADIUS / Enable Buttons : Click to add authentication list. Figure 4-9-18 Login Authentication List Screenshot The page includes the following fields: Object Description List Name Display the current list name Method List Display the current method list NS3503-16P-4C-V2 User Manual...
  • Page 209 The page includes the following fields: Object Description List Name Display the current list name Method List Display the current method list Modify Click to edit login authentication list parameter Click to delete login authentication list entry NS3503-16P-4C-V2 User Manual...
  • Page 210 Select enable authentication list for this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Time Set the silent time value Buttons : Click to apply changes : Click to disconnect telnet communication NS3503-16P-4C-V2 User Manual...
  • Page 211 MAC address to forward. If only one chooses to block it, it will be blocked until that user module decides otherwise. The SSH Settings and Information screens in Figure 4-9-23 and Figure 4-9-24 appear. NS3503-16P-4C-V2 User Manual...
  • Page 212 Select enable authentication list for this drop down list Session Timeout Set the session timeout value Password Retry Count Set the password retry count value Silent Time Set the silent time value Buttons : Click to apply changes. : Click to disconnect telnet communication. NS3503-16P-4C-V2 User Manual...
  • Page 213 Current SSH Session Count Display the current SSH session count 4.9.5.3 HTTP The HTTP Settings and Information screens in Figure 4-9-25 and Figure 4-9-26 appear. Figure 4-9-25 HTTP Settings Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 214 Login Authentication List Display the current login authentication list Session Timeout Display the current session timeout 4.9.5.4 HTTPs The HTTPs Settings and Information screen in Figure 4-9-27 and Figure 4-9-28 appear. Figure 4-9-27 HTTPs Settings Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 215 Session Timeout Display the current session timeout 4.9.6 Management Access Method 4.9.6.1 Profile Rules The Profile Rule Table Setting and Table screens in Figure 4-9-29 and Figure 4-9-30 appear. Figure 4-9-29 Profile Rule Table Setting Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 216 Display the current port list Source IPv4 Display the current source IPv4 address Source IPv4 Mask Display the current source IPv4 mask Source IPv6 Display the current source IPv6 address Source IPv6 Prefix Display the current source IPv6 prefix NS3503-16P-4C-V2 User Manual...
  • Page 217 Select access profile for this drop down list Buttons : Click to apply changes. Figure 4-9-32 Access Profile Table Page Screenshot The page includes the following fields: Object Description Access Profile Display the current access profile Delete Click to delete access profile entry NS3503-16P-4C-V2 User Manual...
  • Page 218 If DHCP snooping is enabled globally, and also enabled on the VLAN where the DHCP packet is received, all DHCP packets are forwarded for a trusted port. If the received packet is a DHCP ACK message, a dynamic DHCP snooping entry is also added to the binding table. NS3503-16P-4C-V2 User Manual...
  • Page 219 DHCP reply packet to a legitimate conversation between the DHCP client and server. Configure DHCP Snooping on this page. The DHCP Snooping Setting and Information screens in Figure 4-9-33 and Figure 4-9-34 appear. Figure 4-9-33 DHCP Snooping Setting Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 220 When DHCP snooping is globally enabled, and DHCP snooping is then disabled on a VLAN, all dynamic bindings learned for this VLAN are removed from the binding table. The DHCP Snooping VLAN Setting screens in Figure 4-9-35 and Figure 4-9-36 appear. NS3503-16P-4C-V2 User Manual...
  • Page 221 Figure 4-9-36 DHCP Snooping VLAN Setting Page Screenshot The page includes the following fields: Object Description VLAN List Display the current VLAN list Status Display the current DHCP snooping status 4.9.7.4 Port Setting Configures switch ports as trusted or untrusted. NS3503-16P-4C-V2 User Manual...
  • Page 222 Trusted: Configures the port as trusted sources of the DHCP message. Untrusted: Configures the port as untrusted sources of the DHCP message. Chaddr Check Indicates that the Chaddr check function is enabled on selected port. Chaddr: Client hardware address. Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 223 The switch port number of the logical port Type Display the current type Chaddr Check Display the current chaddr check 4.9.7.5 Statistics The DHCP Snooping Statistics screen in Figure 4-9-39 appears. Figure 4-9-39 DHCP Snooping Statistics Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 224 If the file is not updated in a specified time (set by the write-delay and abort-timeout values), the update stops. The DHCP Snooping Database and Information screens in Figure 4-9-40 and Figure 4-9-41 appear. NS3503-16P-4C-V2 User Manual...
  • Page 225 Specify when to stop the database transfer process after the binding database changes. The range is from 0 to 86400. Use 0 for an infinite duration. The default is 300 seconds (5 minutes). Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 226 After enabling DHCP snooping, the switch will monitor all the DHCP messages and implement software transmission. The DHCP Rate Limit Setting and Config screens in Figure 4-9-42 and Figure 4-9-43 appear. Figure 4-9-42 DHCP Rate Limit Setting Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 227 Remote ID (option2) The Circuit ID sub-option is supposed to include information specific to which circuit the request came in The Remote ID sub-option was designed to carry information relating to the remote host end of the circuit. NS3503-16P-4C-V2 User Manual...
  • Page 228 User-Define means the remote-id content of option 82 specified by users Buttons : Click to apply changes. Figure 4-9-45 Option82 Global Setting Page Screenshot The page includes the following fields: Object Description Option82 Remote ID Display the current option82 remote ID NS3503-16P-4C-V2 User Manual...
  • Page 229 Select port for this drop down list Enable Enable or disable option82 function on port Allow Untrusted Select modes for this drop down list. The following modes are available: Drop Keep Replace Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 230 The page includes the following fields: Object Description Port Select port for this drop down list VLAN Indicates the ID of this particular VLAN Circuit ID Set the option1 (Circuit ID) content of option 82 added by DHCP request packets NS3503-16P-4C-V2 User Manual...
  • Page 231 DAI Setting and Information screens in Figure 4-9-50 and Figure 4-9-51 appear. Figure 4-9-50 DAI Setting Page Screenshot The page includes the following fields: Object Description Enable the Global Dynamic ARP Inspection or disable the Global ARP NS3503-16P-4C-V2 User Manual...
  • Page 232 Figure 4-9-52 DAI VLAN Setting Page Screenshot The page includes the following fields: Object Description Indicates the ID of this particular VLAN VLAN ID Enables Dynamic ARP Inspection on the specified VLAN Status Options: ◼ Enable ◼ Disable Buttons NS3503-16P-4C-V2 User Manual...
  • Page 233 Enable or disable to checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body. This check is performed on both ARP requests and responses. When enabled, packets with different MAC addresses are classified as invalid and are dropped. NS3503-16P-4C-V2 User Manual...
  • Page 234 Display the current port type Src-Mac Chk Display the current Src-Mac Chk status Dst-Mac Chk Display the current Dst-Mac Chk status IP Chk Display the current IP Chk status IP Allow Zero Display the current IP allow zero status NS3503-16P-4C-V2 User Manual...
  • Page 235 Display the current IP-MAC mismatch failures Buttons : Click to clear the statistics. : Click to refresh the statistics. 4.9.8.5 Rate Limit The ARP Rate Limit Setting and Config screens in Figure 4-9-57 and Figure 4-9-58 appear. NS3503-16P-4C-V2 User Manual...
  • Page 236 : Click to apply changes. Figure 4-9-58 ARP Rate Limit Setting Page Screenshot The page includes the following fields: Object Description Port The switch port number of the logical port Rate Limit (pps) Display the current rate limit NS3503-16P-4C-V2 User Manual...
  • Page 237 DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. The IP Source Guard Port Setting and Information screens in Figure 4-9-60 and Figure 4-9-61 appear. NS3503-16P-4C-V2 User Manual...
  • Page 238 Buttons : Click to apply changes. Figure 4-9-61 IP Source Guard Port Setting Page Screenshot The page includes the following fields: Object Description Port The switch port number of the logical port Status Display the current status NS3503-16P-4C-V2 User Manual...
  • Page 239 IP Address Sourcing IP address is allowed Buttons : Click to add authentication list Figure 4-9-63 IP Source Guard Binding Table Status Page Screenshot The page includes the following fields: Object Description Port Display the current port NS3503-16P-4C-V2 User Manual...
  • Page 240 MAC addresses. Action If Limit is reached, the switch can take one of the following actions: Forward: Do not allow more than Limit MAC addresses on the port, but take no further action. NS3503-16P-4C-V2 User Manual...
  • Page 241 4.9.11 DoS The DoS is short for Denial of Service, which is a simple but effective destructive attack on the internet. The server under DoS attack will drop normal user data packet due to non-stop processing the attacker’s NS3503-16P-4C-V2 User Manual...
  • Page 242 The Global DoS Setting and Information screens in Figure 4-9-66 and Figure 4-9-67 appear. Figure 4-9-66 Global DoS Setting Page Screenshot The page includes the following fields: Object Description DMAC = SMAC Enable or disable DoS check mode by DMAC = SMAC NS3503-16P-4C-V2 User Manual...
  • Page 243 Enable or disable DoS check mode by TCP syn-fin attack TCP SYN-RST Attack Enable or disable DoS check mode by TCP syn-rst attack TCP Fragment (Offset = 1) Enable or disable DoS check mode by TCP fragment (offset = 1) Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 244 Display the current x-mas scan attack status TCP SYN-FIN Attack Display the current TCP syn-fin attack status TCP SYN-RST Attack Display the current TCP syn-rst attack status TCP Fragment (Offset = 1) Display the TCP fragment (offset = 1) status NS3503-16P-4C-V2 User Manual...
  • Page 245 Buttons : Click to apply changes. Figure 4-9-68 Port Security Setting Page Screenshot The page includes the following fields: Object Description Port The switch port number of the logical port DoS Protection Display the current DoS protection NS3503-16P-4C-V2 User Manual...
  • Page 246 Set the excluded or included interframe gap Buttons : Click to apply changes. Figure 4-9-70 Storm Control Global Information Page Screenshot The page includes the following fields: Object Description Unit Display the current unit Preamble & IFG Display the current preamble & IFG NS3503-16P-4C-V2 User Manual...
  • Page 247 The settings in a particular row apply to the frame type listed here: broadcast unknown unicast unknown multicast Rate (kbps/pps) Configure the rate for the storm control. The default value is "10,000". Buttons : Click to apply changes NS3503-16P-4C-V2 User Manual...
  • Page 248 ACL can generally be configured to control inbound traffic, and in this context, they are similar to firewalls. is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID. NS3503-16P-4C-V2 User Manual...
  • Page 249 Figure 4-10-1 and Figure 4-10-2 appear. Figure 4-10-1 MAC-based ACL Page Screenshot The page includes the following fields: Object Description ACL Name Create a named MAC-based ACL list ◼ ACL Table Figure 4-10-2 ACL Table Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 250 Figure 4-10-3 MAC-based ACE Page Screenshot The page includes the following fields: Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence Action Indicates the forwarding action of the ACE. NS3503-16P-4C-V2 User Manual...
  • Page 251 You can enter a specific EtherType value. The allowed range is 0x05DD to – 0xFFFF) 0xFFFF. A frame that hits this ACE matches this EtherType value. Buttons : Click to add ACE list. Figure 4-10-4 MAC-based ACE Table Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 252 Figure 4-10-5 and Figure 4-10-6 appear. Figure 4-10-5 IPv4-based ACL Page Screenshot The page includes the following fields: Object Description ACL Name Create a named IPv4-based ACL list Buttons : Click to add ACL name list. NS3503-16P-4C-V2 User Manual...
  • Page 253 ACL name entry. 4.10.4 IPv4-based ACE An ACE consists of several parameters. Different parameter options are displayed depending on the frame type that you selected. The IPv4-based ACE screens in Figure 4-10-7 and Figure 4-10-8 appear. NS3503-16P-4C-V2 User Manual...
  • Page 254 Figure 4-10-7 IP-based ACE Page Screenshot The page includes the following fields: Object Description ACL Name Select ACL name for this drop down list. Sequence Set the ACL sequence. NS3503-16P-4C-V2 User Manual...
  • Page 255 Range: If you want to filter a specific destination port range filter with this ACE, you can enter a specific destination port range value. A field for entering a destination port value appears. NS3503-16P-4C-V2 User Manual...
  • Page 256 0 to 63. A frame that hits this ACE matches this DSCP value. IP Recedence: If you want to filter a specific IP recedence with this ACE, you can enter a specific IP recedence value. A field for entering an IP recedence NS3503-16P-4C-V2 User Manual...
  • Page 257 Display the current source IP address wildcard mask Wildcard Mask Destination IP Address Display the current destination IP address Destination IP Address Display the current destination IP address wildcard mask Wildcard Mask Source Port Range Display the current source port range NS3503-16P-4C-V2 User Manual...
  • Page 258 Figure 4-10-9 IPv6-based ACL Page Screenshot The page includes the following fields: Object Description ACL Name Create a named IPv6-based ACL list Buttons : Click to add ACL name list. Figure 4-10-10 ACL Table Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 259 ACL name entry 4.10.6 IPv6-based ACE An ACE consists of several parameters. Different parameter options are displayed depending on the frame type that you selected. The IPv6-based ACE screens in Figure 4-10-11 and Figure 4-10-12 appear. NS3503-16P-4C-V2 User Manual...
  • Page 260 Figure 4-10-11 IP-based ACE Page Screenshot The page includes the following fields: Object Description ACL Name Select ACL name for this drop down list Sequence Set the ACL sequence NS3503-16P-4C-V2 User Manual...
  • Page 261 Range: If you want to filter a specific destination port range filter with this ACE, you can enter a specific destination port range value. A field for entering a destination port value appears. NS3503-16P-4C-V2 User Manual...
  • Page 262 0 to 63. A frame that hits this ACE matches this DSCP value. IP Recedence: If you want to filter a specific IP recedence with this ACE, you can enter a specific IP recedence value. A field for entering an IP recedence NS3503-16P-4C-V2 User Manual...
  • Page 263 Display the current destination IP address Destination IP Address Display the current destination IP address wildcard mask Wildcard Mask Source Port Range Display the current source port range Destination Port Range Display the current destination port range NS3503-16P-4C-V2 User Manual...
  • Page 264 The page includes the following fields: Object Description Binding Port Select port for this drop down list ACL Select Select ACL list for this drop down list Buttons : Click to apply changes. Figure 4-10-14 ACL Binding Table Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 265 Figure 4-11-1 Statics MAC Setting Page Screenshot The page includes the following fields: Object Description MAC Address Physical address associated with this interface VLAN Select VLAN for this drop down list Port Select port for this drop down list NS3503-16P-4C-V2 User Manual...
  • Page 266 Figure 4-11-3 Figure 4-11-4 appear. Figure 4-11-3 MAC Filtering Setting Page Screenshot The page includes the following fields: Object Description MAC Address Physical address associated with this interface VLAN (1~4096) Indicates the ID of this particular VLAN NS3503-16P-4C-V2 User Manual...
  • Page 267 Figure 4-11-5 Dynamic Addresses Setting Page Screenshot The page includes the following fields: Object Description Aging Time The time after which a learned entry is discarded Range: 10-630 seconds; Default: 300 seconds Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 268 Select port for this drop down list VLAN Select VLAN for this drop down list MAC Address Physical address associated with this interface Buttons : Refreshes the displayed table starting from the "Start from MAC address" and "VLAN" input fields NS3503-16P-4C-V2 User Manual...
  • Page 269 The VLAN ID of the entry Type Indicates whether the entry is a static or dynamic entry Port The ports that are members of the entry Buttons : Click to add dynamic MAC address to static MAC address. NS3503-16P-4C-V2 User Manual...
  • Page 270 Globally enable or disable LLDP function Set LLDP PDU disable action: include “Filtering”, “Bridging” and “Flooding”. LLDP PDU Disable Action Filtering: discrad all LLDP PDU. Bridging: transmit LLDP PDU in the same VLAN. Flooding: transmit LLDP PDU for all port. NS3503-16P-4C-V2 User Manual...
  • Page 271 The MED Fast Start Count parameter is part of the timer which ensures that the LLDP-MED Fast Start mechanism is active for the port. LLDP-MED Fast Start is critical to the timely startup of LLDP, and therefore integral to the rapid availability of Emergency Call Service. NS3503-16P-4C-V2 User Manual...
  • Page 272 Use the LLDP Port Setting to specify the message attributes for individual interfaces, including whether messages are transmitted, received, or both transmitted and received. The LLDP Port Configuration and Status screens in Figure 4-12-3 and Figure 4-12-4 appear. NS3503-16P-4C-V2 User Manual...
  • Page 273 LLDP information transmitted. Management Address: When checked the "Management Address" is included in LLDP information transmitted. 802.1 PVID: When checked the "802.1 PVID" is included in LLDP information transmitted. Buttons : Click to apply changes NS3503-16P-4C-V2 User Manual...
  • Page 274 Figure 4-12-5 VLAN Name TLV Selection Page Screenshot The page includes the following fields: Object Description Port Select Select port for this drop down list. VLAN Select Select VLAN for this drop down list. Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 275 Use the LLDP Local Device Information screen to display information about the switch, such as its address, chassis management IP address, and port information. The Local Device Summary and Port Status screens in Figure 4-12-7 and Figure 4-12-8 appear. Figure 4-12-7 Local Device Summary Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 276 Figure 4-12-8 Port Status Page Screenshot The page includes the following fields: Object Description Interface The switch port number of the logical port. LLDP Status Display the current LLDP status LLDP MED Status Display the current LLDP MED Status NS3503-16P-4C-V2 User Manual...
  • Page 277 VLAN configuration, along with the associated Layer 2 and Layer 3 attributes, which apply for a set of specific protocol applications on that port. Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service. NS3503-16P-4C-V2 User Manual...
  • Page 278 Connectivity Devices and Endpoints, and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN. The Voice Auto Mode Configuration, Network Policy Configuration and LLDP MED Network Policy Table screen in Figure 4-12-10 and Figure 4-12-11 appears. NS3503-16P-4C-V2 User Manual...
  • Page 279 L2 priority field is ignored and only the DSCP value has relevance. Video Conferencing - for use by dedicated Video Conferencing equipment and other similar appliances supporting real-time interactive video/audio services. App Streaming Video - for use by broadcast or multicast based video content NS3503-16P-4C-V2 User Manual...
  • Page 280 Figure 4-12-11 LLDP MED Network Policy Table Page Screenshot The page includes the following fields: Object Description Network Policy Number Display the current network policy number Application Display the current application VLAN ID Display the current VLAN ID NS3503-16P-4C-V2 User Manual...
  • Page 281 - Inventory – This option advertises device details useful for inventory management, such as manufacturer, model, software version and other pertinent information. MED Network Policy Select MED network policy for this drop down list Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 282 Inventory Display the current inventory The MED Location Configuration and LLDP MED Port Location Table screens in Figure 4-12-14 and Figure 4-12-15 appear. Figure 4-12-14 Port LLDP MED Configuration Page Screenshot The page includes the following fields: NS3503-16P-4C-V2 User Manual...
  • Page 283 The switch port number of the logical port Coordinate Display the current coordinate Civic Address Display the current civic address ESC ELIN Display the current ESC ELIN 4.12.8 LLDP Overloading The LLDP Port Overloading screen in Figure 4-12-16 appears. NS3503-16P-4C-V2 User Manual...
  • Page 284 If the LLDP MED extended power via MDI packets were sent, or if they were overloaded MED Inventory Displays if the mandatory group of TLVs was transmitted or overloaded 802.1 TLVs Displays if the 802.1 TLVs were transmitted or overloaded NS3503-16P-4C-V2 User Manual...
  • Page 285 Shows the number of LLDP frames dropped due to that the entry table was full.\ Age Outs Shows the number of entries deleted due to Time-To-Live expiring.\ Buttons : Click to clear the statistics : Click to refresh the statistics NS3503-16P-4C-V2 User Manual...
  • Page 286 Use the Diagnostics menu items to display and configure basic administrative details of the Managed Switch. Under System the following topics are provided to configure and view the system information: NS3503-16P-4C-V2 User Manual...
  • Page 287 The Copper test and test result screens in Figure 4-13-1 and Figure 4-13-2 appear. Figure 4-13-1 Copper Test Page Screenshot The page includes the following fields: Object Description Port Select port for this drop-down list Buttons : Click to run the diagnostics NS3503-16P-4C-V2 User Manual...
  • Page 288 After you press “Apply”, ICMP packets are transmitted, and the sequence number and roundtrip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. The ICMP Ping screen in Figure 4-13-3 appears. NS3503-16P-4C-V2 User Manual...
  • Page 289 After you press “Apply”, 5 ICMPv6 packets are transmitted, and the sequence number and roundtrip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. The ICMPv6 Ping screen in Figure 4-13-4 appears. NS3503-16P-4C-V2 User Manual...
  • Page 290 History: Record periodical statistic samples available from Statistics.  Alarm: Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent records.  Event: A list of all events generated by RMON Agent. NS3503-16P-4C-V2 User Manual...
  • Page 291 The total number of octets of data (including those in bad packets) received on the network Packets The total number of packets (including bad packets, broadcast packets, and multicast packets) received Broadcast Packets The total number of good packets received that were directed to the broadcast address NS3503-16P-4C-V2 User Manual...
  • Page 292 The total number of packets (including bad packets) received that were between 1024 to 1518 octets in length Buttons : Click to clear the RMON statistics 4.14.2 RMON Event Configure RMON Event table on this page. The RMON Event screens in Figure 4-14-2 and Figure 4-14-3 appear. NS3503-16P-4C-V2 User Manual...
  • Page 293 Indicates the owner of this event, the string length is from 0 to 127, default is a null string Description Indicates description of this event, the string length is from 0 to 127, default is a null string Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 294 Figure 4-14-4: RMON Event Log Table Page Screenshot The page includes the following fields: Object Description Select Index Select index for this drop down list Index Indicates the index of the log entry Log Time Indicates Event log time NS3503-16P-4C-V2 User Manual...
  • Page 295 BroadcastPkts: The total number of good frames received that were directed to the broadcast address. Note that this does not include multicast packets. MulticastPkts: The total number of good frames received that were directed to this multicast address. CRCAlignErrors: The number of CRC/alignment errors (FCS or alignment errors). NS3503-16P-4C-V2 User Manual...
  • Page 296 Falling threshold value (0–2147483647) Rising Event Event to fire when the rising threshold is crossed Falling Event Event to fire when the falling threshold is crossed Owner Specify an owner for the alarm Buttons : Click to apply changes. NS3503-16P-4C-V2 User Manual...
  • Page 297 Display the current owner Action Click to delete RMON alarm entry 4.14.5 RMON History Configure RMON History table on this page. The RMON History screens in Figure 4-14-7 and Figure 4-14-8 appear. Figure 4-14-7: RMON History Table Page Screenshot NS3503-16P-4C-V2 User Manual...
  • Page 298 Bucket Requested Interval Display the current interval Owner Display the current owner Action Click to delete RMON history entry. 4.14.6 RMON History Log This page provides a detail of RMON history entries; screen in Figure 4-14-9 appears. NS3503-16P-4C-V2 User Manual...
  • Page 299 Without the power-socket limitation, the NS3503 UPoE Switch makes the installation of cameras or WLAN APs easier and more efficient. PoE Power Budget list for NS3503 UPoE switch Model Name PoE Budget NS3503-16P-4C-V2 400 watts NS3503-16P-4C-V2 User Manual...
  • Page 300 PoE Splitter splits the PoE DC over the Ethernet cable into 5/12/19/24V DC power output. It frees the device deployment from restrictions due to power 3~60 watts outlet locations, which eliminate the costs for additional AC wiring and reduces the installation time. NS3503-16P-4C-V2 User Manual...
  • Page 301 Note: In this mode, the port power is not turned on if the PD requests more available power. 4.15.3 Power over Ethernet Configuration This section allows the user to inspect and configure the current PoE configuration setting as screen in Figure 4-16-1 appears. NS3503-16P-4C-V2 User Manual...
  • Page 302 PoE power budget automatically. Power Budget NS3503-16P-4C-V2 provides 400 watts PoE Budget. PoE Temperature Display the PoE chip temperature. This section displays the PoE Power Usage of Current Power Consumption as Figure 4-16-2 shows.
  • Page 303 3–6 (pair #3 in both T568A and T568B) provide the return. Pins 4–5 (pair #1 in both T568A and T568B) form one side of the DC supply and pins 7–8 (pair #4 in both T568A and T568B) provide the return NS3503-16P-4C-V2 User Manual...
  • Page 304 : Click to apply changes. Note: In this mode, the port power is not turned on if the PD requests more available power. 4.15.4 PoE Status This page displays to per port PoE usage. The screen in Figure 4-16-4 appears. NS3503-16P-4C-V2 User Manual...
  • Page 305 The “PoE schedule” function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMB or Enterprise saving power and money. NS3503-16P-4C-V2 User Manual...
  • Page 306 The Managed PoE switch allows each of the connected PoE IP cameras to reboot at a specified time each week. Therefore, it will reduce the chance of IP camera crash resulting from buffer overflow. The screen in Figure 4-16-5 appears. NS3503-16P-4C-V2 User Manual...
  • Page 307 Allows user to set what minute PoE function does by disabling it. End Min Allows user to enable or disable the whole PoE port reboot by PoE Reboot Enable reboot schedule. Please note that if you want PoE schedule and PoE NS3503-16P-4C-V2 User Manual...
  • Page 308 Allows user to set what minute PoE reboots. This function is only for Reboot Min PoE reboot schedule. Buttons : Click to add new rule. : Click to apply changes : Check to delete the entry. NS3503-16P-4C-V2 User Manual...
  • Page 309 This column allows user to set PoE device IP address for system making ping to the PoE device. Please note that the PD’s IP address must be set to the same network segment with the PoE Switch. NS3503-16P-4C-V2 User Manual...
  • Page 310 Use the Maintenance menu items to display and configure basic configurations of the Managed Switch. Under maintenance, the following topics are provided to back up, upgrade, save and restore the configuration. This section has the following items: NS3503-16P-4C-V2 User Manual...
  • Page 311 The Reboot page enables the device to be rebooted from a remote location. Once the Reboot button is pressed, user has to re-login the Web interface for about 60 seconds. The Reboot Switch screen in Figure 4-16-2 appears. Click to reboot the system. NS3503-16P-4C-V2 User Manual...
  • Page 312 The Backup Manager screen in Figure 4-16-3 appears. Figure 4-16-3 Backup Manager Page Screenshot The page includes the following fields: Object Description Backup Method Select backup method for this drop down list. Server IP Fill in your TFTP server IP address. NS3503-16P-4C-V2 User Manual...
  • Page 313 Server IP Fill in your TFTP server IP address. File Name The name of firmware image or configuration. Upgrade Type Select upgrade type. Image Select active or backup image. Buttons : Click to upgrade image or configuration. NS3503-16P-4C-V2 User Manual...
  • Page 314 Select the active or backup image Buttons : Click to apply active image. Figure 4-16-6: Dual Image Information Page Screenshot The page includes the following fields: Object Description Flash Partition Display the current flash partition Image Name Display the current image name NS3503-16P-4C-V2 User Manual...
  • Page 315 Image Size Display the current image size Created Time Display the created time NS3503-16P-4C-V2 User Manual...
  • Page 316 This information is subsequently used to filter packets whose destination address is on the same segment as the source address. This confines network traffic to its respective domain and reduces the overall load on the network. NS3503-16P-4C-V2 User Manual...
  • Page 317 10BASE-T and 100BASE-TX devices can connect with the port in either half- or full-duplex mode. If attached device is: 100BASE-TX port will set to: 10Mbps, without auto-negotiation 10Mbps. 10Mbps, with auto-negotiation 10/20Mbps (10BASE-T/full-duplex) 100Mbps, without auto-negotiation 100Mbps 100Mbps, with auto-negotiation 100/200Mbps (100BASE-TX/full-duplex) NS3503-16P-4C-V2 User Manual...
  • Page 318 Auto-negotiation may not recognize this type of full-duplex setting.  Switch does not power up Solution: AC power cord is not inserted or is faulty Check whether the AC power cord is inserted correctly NS3503-16P-4C-V2 User Manual...
  • Page 319 The cable should be an 8-wire UTP, Category 5 or above, EIA568 cable within 100 meters. A cable with only 4-wire, short loop or over 100 meters will affect the power supply. Please check and assure the device is fully complied with IEEE 802.3af / 802.3at standard. NS3503-16P-4C-V2 User Manual...
  • Page 320 Tx + (transmit) Rx + (receive) Tx - (transmit) Rx - (receive) Rx + (receive) Tx + (transmit) 4, 5 Not used Rx - (receive) Tx - (transmit) 7, 8 Not used The standard cable, RJ45 pin assignment NS3503-16P-4C-V2 User Manual...
  • Page 321 8 = Brown 7 = White / Brown SIDE 2 8 = Brown Please make sure your connected cables are with the same pin assignment and color as the above table before deploying the cables into your network. NS3503-16P-4C-V2 User Manual...