CTS EPS-5112-8BT User Manual

8 x 10/100/1000base-t rj-45 with ieee 802.3af/at/bt poe++ injector + 2 x 100m/1g/2.5g/5g/10gbase-t rj-45 + 2 x 1/10gbase-r sfp+ managed layer 2 poe switch

page of 416

/ 416
Bookmarks

Quick Links

Download this manual

EPS-5112-8BT

8 x 10/100/1000Base-T RJ-45

with IEEE 802.3af/at/bt PoE++ Injector +

2 x 100M/1G/2.5G/5G/10GBase-T RJ-45 +

2 x 1/10GBase-R SFP+

Managed Layer 2 PoE Switch

Network Management

User's Manual

Version 1.0

Need help?

Do you have a question about the EPS-5112-8BT and is the answer not in the manual?

Questions and answers

Summary of Contents for CTS EPS-5112-8BT

Page 1 EPS-5112-8BT 8 x 10/100/1000Base-T RJ-45 with IEEE 802.3af/at/bt PoE++ Injector + 2 x 100M/1G/2.5G/5G/10GBase-T RJ-45 + 2 x 1/10GBase-R SFP+ Managed Layer 2 PoE Switch Network Management User’s Manual Version 1.0...
Page 2 Revision History Version Date Description 1.00.0S 2024/08/23 First release...
Page 3 Trademarks CTS is a registered trademark of Connection Technology Systems Inc. Contents are subject to revision without prior notice. All other trademarks remain the property of their owners. Copyright Statement Copyright  Connection Technology Systems Inc. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc.
Page 4 CTS Contact Information Headquarters/Manufacturer: ▓ Connection Technology Systems Inc. 18F-6, No.79, Sec.1, Xintai 5th Rd., Xizhi Dist., New Taipei City 221, Taiwan(R.O.C.) Tel: +886-2-2698-9661 Fax: +886-2-2698-3960 Sales Direct Line:+886-2-2698-9201 www.ctsystem.com Global Offices: ▓ Connection Technology USA Connection Technology Systems Japan 40538 La Purissima Way, Higobashi Bldg.
Page 5 Table of Content 1. INTRODUCTION ......................11 1.1 Management Options ....................11 1.2 Management Software ....................12 1.3 Management Preparations ..................13 2. Command Line Interface (CLI) ..................15 2.1 Using the Local Console ..................... 15 2.2 Remote Console Management - Telnet ..............16 2.3 Navigating CLI ......................
Page 6 2.6.9 Event Record ....................... 44 2.6.10 Fast Redundancy Command ................45 2.6.11 IP Command ...................... 48 2.6.12 IPv6 Command ....................60 2.6.13 LLDP Command ....................62 2.6.14 Loop Detection Command ................. 64 2.6.15 l2protocol-tunnel Command ................67 2.6.16 MAC Command ....................70 2.6.17 Management Command ..................
Page 7 4.1.1 Switch Information ..................... 181 4.1.2 IP Setup ......................183 4.1.3 IP Source Binding ....................186 4.1.4 Time Server Setup ..................... 187 4.1.5 Syslog Configuration ..................188 4.1.6 Time Range ....................... 189 4.2 Port Management ..................... 191 4.2.1 Port Setup & Status .................... 192 4.2.2 Port Traffic Statistics ..................
Page 8 4.6.1.2.1 Configure a Chain Example using the Chain Protocol ........235 4.6.2 Fast Redundancy Status ..................238 4.7 MAC Address Management ..................240 4.7.1 MAC Table Learning ..................241 4.7.2 Static MAC Table Setup ..................242 4.7.3 MAC Address Table ................... 244 4.8 QoS Setup ........................
Page 9 4.11.6 MAC Limiters ....................294 4.11.7 Port Linkup Delay ..................... 296 4.11.7.1 Configure Port Linkup Delay Based on “Follow_ Delay_Time” Delay Rule 296 4.11.7.2 Configure Port Linkup Delay Based on “MAC_Limit” Delay Rule ....297 4.11.8 Port Link Flap ....................298 4.11.9 Loop Detection Configuration ................
Page 10 4.17.1 Cable Diagnosis ....................346 4.18 Management ......................348 4.18.1 Management Access Setup ................350 4.18.2 User Account ....................352 4.18.3 RADIUS/TACACS+ ..................355 4.18.4 Management Authentication ................357 4.18.5 SNMP ......................359 4.18.5.1 SNMPv3 USM User ................... 359 4.18.5.2 Device Community ..................362 4.18.5.3 Trap Destination ..................
Page 11 1. INTRODUCTION Thank you for using the 8-port 10/100/1000M RJ-45, 2-port 100M/1G/2.5G/5G/10G RJ-45 with IEEE 802.3af/at/bt 90W PoE injector, and 2-port 1/10G SFP+ Managed Switch that is specifically designed for FTTx applications. The Managed Switch provides a built-in management module that enables users to configure and monitor the operational status both locally and remotely.
Page 12 1.2 Management Software The following is a list of management software options provided by this Managed Switch:  Managed Switch CLI interface  SNMP-based Management Software  Web Browser Application Console Program The Managed Switch has a built-in Command Line Interface called the CLI which you can use to: ...
Page 13 1.3 Management Preparations After you have decided how to manage your Managed Switch, you are required to connect cables properly, determine the Managed switch IP address and, in some cases, install MIB shipped with your Managed Switch. Connecting the Managed Switch It is very important that the proper cables with the correct pin arrangement are used when connecting the Managed switch to other switches, hubs, workstations, etc.
Page 14 IP Addresses IP addresses have the format n.n.n.n, (The default factory setting is 192.168.0.1). IP addresses are made up of two parts:  The first part (for example 192.168.n.n) refers to network address that identifies the network where the device resides. Network addresses are assigned by three allocation organizations. Depending on your location, each allocation organization assigns a globally unique network number to each network which intends to connect to the Internet.
Page 15 2. Command Line Interface (CLI) This chapter introduces you how to use Command Line Interface CLI, specifically in:  Local Console  Telnet  Configuring the system  Resetting the system The interface and options in Local Console and Telnet are the same. The major difference is the type of connection and the port that is used to manage the Managed Switch.
Page 16 2.2 Remote Console Management - Telnet You can manage the Managed Switch via Telnet session. However, you must first assign a unique IP address to the Switch before doing so. Use the Local Console to login the Managed Switch and assign the IP address for the first time. Follow these steps to manage the Managed Switch through Telnet session: Step 1.
Page 17 2.3.1 General Commands This section introduces you some general commands that you can use in User, Privileged, and Configuration modes, including “help”, “exit”, “history” and “logout”. Entering the command… To do this… Available Modes User Mode Obtain a list of available help Privileged Mode commands in the current mode.
Page 18 2.3.3 Command Format While in CLI, you will see several symbols very often. As mentioned above, you might already know what “>”, “#” and (config)# represent. However, to perform what you intend the device to do, you have to enter a string of complete command correctly. For example, if you want to assign IP address for the Managed Switch, you need to enter the following command with the required parameter and IP, subnet mask and default gateway: Switch(config)#ip address [A.B.C.D] [255.X.X.X] [A.B.C.D]...
Page 19 Example 2: specifying three values (separated by commas) Switch(config)#qos 802.1p-map 1,3 0 Switch(config)#qos dscp-map 10,13,15 3 Example 3: specifying a range of values (separated by a hyphen) Switch(config)#qos 802.1p-map 1-3 0 Switch(config)#qos dscp-map 10-15 3 2.3.4 Login Username & Password Default Login When you enter Console session, a login prompt for username and password will appear to request a valid and authorized username and password combination.
Page 20 2.4 User Mode In User mode, only a limited set of commands are provided. Please note that in User mode, you have no authority to configure advanced settings. You need to enter Privileged mode and Configuration mode to set up advanced functions of the Switch. For a list of commands available in User mode, enter the question mark (?) or “help”...
Page 21 [-p 1-5] Enter the counts of PROBE packets that would be transmitted. The allowable value is from 1 to 5. (optional) [-w 1-5] Specify the response time from the remote host. The allowable time value is from 1 to 5 seconds. (optional) Example Switch>...
Page 22 2.5 Privileged Mode The only place where you can enter the Privileged mode is in User mode. When you successfully enter the Privileged mode (this mode is password protected), the prompt will be changed to Switch# (the model name of your device together with a pound sign). Enter the question mark (?) or help command to view a list of commands available for use.
Page 23 ftp [A.B.C.D | A:B:C:D:E:F:G:H] A:B:C:D:E:F:G:H] [file name] Enter the configuration file name that you want to [file name] [running backup. | default | startup ] [running | default Specify backup config to be running, default or [user_name] | startup ] startup [password] [user_name]...
Page 24 2.5.2 Diagnosis Command Ethernet cables, consisting of two separate pairs of insulated wires, could at times malfunction due to unknown technical issues. As troublesome as they are by nature for the data transmission interference, the difficulties in detecting where and what the cable faults stem from undoubtedly make things worse.
Page 25 Note 1: Need to enable DHCP mode under the IP global configuration mode before issuing this command. See Section 2.6.11 for more details. Note 2: The command is just one-time command, and the setting will not be saved into the configuration file. 2.5.5 Ping Command Command Parameter...
Page 26 [A.B.C.D | A:B:C:D:E:F:G:H] that you would like to trace. A:B:C:D:E:F:G:H] [- [-m 1-255] Specify the number of hops between the local m 1-255] [-p 1-5] [- host and the remote host. The allowable number w 1-5] of hops is from 1 to 255. (optional) [-p 1-5] Enter the counts of PROBE packets that would be transmitted.
Page 27 2.5.10 Show Command The “show” command is very important for network administrators to get information about the device, receive outputs to verify a command’s configurations or troubleshoot a network configuration error. It can be used in Privileged or Configuration mode. The following describes different uses of “show”...
Page 28 CPU Temperature: Display the current CPU temperature of this device. 2. Display or verify currently-configured settings Refer to the following sub-sections. “Interface command”, “IP command”, “MAC command”, “QoS command”, “Security command”, “SNMP-Server command”, “User command”, “VLAN command” sections, etc. 3. Display interface information or statistics Refer to “Show interface statistics command”...
Page 29 2.6 Configuration Mode When you enter “configure” or “config” and press “Enter” in Privileged mode, you will be directed to the Global Configuration mode where you can set up advanced switching functions, such as QoS, VLAN and storm control security globally. All commands entered will apply to running-configuration and the device’s operation.
Page 30 Commands Description Switch(config)# interface 1 Enter a single interface. Only interface 1 will Switch(config-if-1)# apply commands entered. Switch(config)# interface 1,3,5 Enter three discontinuous interfaces, Switch(config-if-1,3,5)# separated by commas. Interface 1, 3, 5 will apply commands entered. Switch(config)# interface 1-3 Enter three continuous interfaces. Use a Switch(config-if-1-3)# hyphen to signify a range of interface numbers.
Page 31 Model Name: Display the product’s model name. Host Name: Display the product’s host name. Use “switch-info host-name [host_name]” command to edit this field. Current Boot Image: The image that is currently using. Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device.
Page 32 2.6.4 ACL Command ACL Command Parameter Description Switch(config)# acl ipv4 [1- [1-64] The total number of IPv4 ACL rule can be created is 64. Use this command to enter ACL configuration mode for each ACL rule. When you enter each ACL rule, you can further configure detailed settings for this rule.
Page 33 Switch(config-acl-ipv4(6)- [any | 0xWXYZ] Specify Ethertype (Range: 0x0000 ~FFFF) or “ANY”. RULE)# ethertype [any | 0xWXYZ] Specify ingress port(s) or “ANY”. Switch(config-acl-ipv4(6)- [any | port-list] RULE)# ingress-port [any | port-list] Switch(config-acl-ipv4(6)- [name] Specify the name to the specified ACL RULE)# name [name] rule.
Page 34 Switch(config-acl-ipv4(6)- Reset action back to the default RULE)# no action (permit). Switch(config-acl-ipv4(6)- Reset copy(mirror)-to/redirect-to port RULE)# no action-port back to the default (Port 1). Switch(config-acl-ipv4(6)- Disable the specified ACL rule. RULE)# no apply Switch(config-acl-ipv4- Reset destination IPv4 address back to RULE)# no destination- the default (ANY).
Page 35 Switch# show acl ipv6 [index | sequence] Display all valid IPv6 ACL rules sorted [index | sequence] by specific option. Switch(config)# show acl Display all valid IPv4 ACL rules. ipv4 Switch(config)# show acl Display all valid IPv6 ACL rules. ipv6 Switch(config)# show acl [1-64] Display the specified IPv4 ACL rule...
Page 36 auto-backup Switch(config)# show Display the auto-backup configuration. archive auto-backup 2.6.6 Channel-group Command 1. Configure a static link aggregation group (LAG). Channel-group Command Parameter Description Switch(config)# channel-group [group_name] Specify a name for this link trunking [group_name] aggregation group. Up to 15 alphanumeric characters can be accepted.
Page 37 Show command Switch(config)# show channel-group Show link aggregation settings trunking and distribution rule information. Switch(config)# show channel-group [trunk_name] Show a specific link aggregation trunking [trunk_name] group’s settings including aggregated port numbers and distribution rule information. Below is an example of creating a static link aggregation group (port trunking group) using Channel-group commands to have the users realize the commands we mentioned above in this section.
Page 38 Switch(config)# channel-group trunking CTSGROUP OK ! port_list STEP9 Speciy the interface interface that you would like to set to Trunking Group. Example: Switch(config)# interface 1,3 Switch(config-if-1,3)# group_name STEP10 channel-group trunking In this example, it configures Port 1 and Port 3 as the link Example: membership of Switch(config-if-1,3)# channel-group trunking CTSGROUP...
Page 39 Show command Switch(config)# show channel- Show each interface’s LACP settings group lacp including current mode, key value and LACP role type. Switch(config)# show channel- [port_list] Show the selected interfaces’ LACP group lacp [port_list] settings. Switch(config)# show channel- Show each interface’s current LACP group lacp status status.
Page 40 STEP7 channel-group distribution-rule destination-mac Enable Destination Mac Address in Distribution (Optional) Rule. Example: Switch(config)# channel-group distribution-rule destination-mac OK ! STEP8 port_list Speciy the interfaces that interface you would like to set to LACP Group. Example: Switch(config)# interface 5-7 Switch(config-if-5-7)# STEP9 Enable Port 5~Port 7 to channel-group lacp LACP Port.
Page 41 2.6.7 Dot1x Command The IEEE 802.1X/MAB standard provides a port-based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports. Before services are made available to clients connecting to a VLAN, clients that are 802.1X- complaint should successfully authenticate with the authentication server.
Page 42 Switch(config)# show dot1x Show each interface’s 802.1X/MAB interface configuration. Switch(config)# show dot1x [port_list] Show the specified interfaces’ interface [port_list] 802.1X/MAB configuration. Switch(config)# show dot1x Show each port’s 802.1X/MAB statistics statistics. Switch(config)# show dot1x [port_list] Show the specified interfaces’ statistics [port_list] 802.1X/MAB statistics.
Page 43 Managed Switch to deny access to all clients, neither 802.1X-aware nor 802.1X-unaware. Switch(config-if-PORT-PORT)# Enable radius-assigned vlan of the dot1x radius-assigned vlan specified port. Switch(config-if-PORT-PORT)# Re-authenticate the selected dot1x reauthenticate interfaces right now. Enable the selected ports’ auto Switch(config-if-PORT-PORT)# dot1x reauthentication reauthentication function.
Page 44 2.6.8 Digital Input Command Digital Input Command Parameter Description Switch(config)# digital input Specify the digital input number. Switch(config-input-1)# [open | close] Specify the normal digital input type normal [open | close] between open and close status for the digital input 1. No command Switch(config)# no digital Reset all digital input settings back to...
Page 45 2.6.10 Fast Redundancy Command Besides RSTP and Ring Detection, the employment of CTS’s proprietary fast redundancy on your network will help protect mission-critical links against failures, avoid the occurrence of network loops, and keep network downtime to a minimum to assure the reliability of the network. With these network redundancy, it allows the user to set up redundant loops in a network to provide a backup data transmission route in the event of the disconnection or damage of the cables.
Page 46 Each port can only be assigned to one single interface in the entire configuration of the fast redundancy. [head | tail] Assign a role to the 1 interface of the Chain protocol. [disable] Disable the 2 interface of the Chain protocol. Only when the role of the 1 interface of the Chain protocol is specified as either head...
Page 47 entire configuration of the fast redundancy. No Command Switch(config)# no fast- [1-2] Remove the specified fast redundancy id [group_id] redundancy group. Switch(config-fr-ID)# no Remove the configured description description for the specified fast redundancy group. Switch(config-fr-ID)# no enable Disable the specified group of fast redundancy.
Page 48 Switch(config-fr-1-ringv2-master)# ring-port1 interface Specify the 10 port as the 1 10 ring-port2 interface 11 interface of the Fast Ring v2 protocol, and the 11 port as the 2 interface. 2.6.11 IP Command 1. Set up an IP address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCP server.
Page 49 Switch(config)# interface Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT- Enable IPv4 DHCP Auto Recycle PORT)# ip address dhcp function on the specified ports. Only auto-recycle when one of these specific link-up port is switched from link-down into link-up status, DHCP release packets and...
Page 50 6. Enable DHCPv4/DHCPv6 relay function. DHCP Snooping Parameter Description Command Switch(config)# ip dhcp Enable DHCPv4/DHCPv6 snooping snooping function. Switch(config)# ip dhcp Globally enable DHCPv4/DHCPv6 snooping dhcp-server-ip server trust IPv4/IPv6 address. Switch(config)# ip dhcp [1-4] Specify DHCPv4/DHCPv6 server trust snooping dhcp-server-ip [1- IPv4/IPv6 address number.
Page 51 Switch(config)# no ip dhcp Clear Remote ID description. snooping remote id Show command Switch(config)# show ip Show DHCPv4/DHCPv6 snooping dhcp snooping configuration. Switch(config)# show ip [port_list] Clear the DHCPv4/DHCPv6 snooping dhcp snooping clear entry learned from the specified port. [port_list] Switch(config)# show ip Show each port’s DHCP Snooping dhcp snooping interface...
Page 52 Switch(config-if-PORT-PORT)# [circuit_id] Specify the VLAN and port identifier using ip dhcp snooping circuit id a VLAN ID in the range of 1 to 4094 as [circuit_id] DHCPv4 Option 82 / DHCPv6 Option 37 Circuit ID. Besides, you can configure the circuit ID to be a string of up to 63 characters.
Page 53 IGMP Snooping is the process of listening to IGMP traffic. IGMP snooping, as implied by the name, is a feature that allows the switch to "listen in" on the IGMP conversation between hosts and routers by processing the layer 3 packets IGMP packets sent in a multicast network. When IGMP snooping is enabled in a switch it analyses all the IGMP packets between hosts connected to the switch and multicast routers in the network.
Page 54 before sending an IGMP/MLD response report. Switch(config)# ip igmp [1-6000] Specify the query time interval of snooping query-interval [1-6000] IGMP/MLD querier. This is used to set up the time interval between transmitting IGMP/MLD queries. (Range:1-6000 seconds) Switch(config)# ip igmp [1-4094] Specify a VLAN ID.
Page 55 Switch(config)# show ip mld Show MLD snooping groups table. snooping groups Note: VID marked stands that it is a MVR VLAN ID. Switch(config)# show ip mld Show MLD Snooping status. snooping status Note: VID marked stands that it is a MVR VLAN ID.
Page 56 Switch(config)# no ip igmp [profile_name] Delete the specified profile. profile [profile_name] Switch(config)# no ip igmp [1-400] Delete the specified segment ID. Only segment [1-400] the segment that does not belong to any profiles can be deleted. Switch(config-profile-ID)# no Remove all existing segment IDs from segment the selected profile.
Page 57 example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Enable IGMP filter for the selected ip igmp filter ports. Switch(config-if-PORT-PORT)# [profile_name] Assign the selected ports to an IGMP ip igmp filter profile filter profile. [profile_name] Note: Need to create an IGMP filter profile first under the igmp global configuration mode before assigning it.
Page 58 Switch(config-if-1)# ip igmp static-multicast-ip Create a static multicast IP to VLAN 224.10.0.5 vlan 50 entry. 12. Set Up IP Source Binding Function. IP Source Binding Command Parameter Description Switch(config)# ip source binding [1-5] Specify the IPv4/IPv6 address [1-5] ip-address [A.B.C.D | security binding number.
Page 59 assigned at a time. [1-4094] Specify a VLAN ID. Note: Static IP can only be configured when IP sourceguard is set to fixed-ip. No command Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Reset IP sourceguard type setting of Switch(config-if-PORT-PORT)#...
Page 60 2.6.12 IPv6 Command Brief Introduction to IPv6 Addressing IPv6 addresses are 128 bits long and number about 3.4×1038. IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPv6 unicast addresses other than those that start with binary 000 are logically divided into two parts: a 64-bit network prefix and a 64-bit interface identifier.
Page 61 Set up the IPv6 address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCPv6 server. IPv6 Command Parameter Description Switch(config)# ipv6 Configuration of IPv6 addresses using address autoconfig stateless autoconfiguration. Switch(config)# ipv6 Configure DHCPv6 function into the address dhcp auto auto mode.
Page 62 2.6.13 LLDP Command LLDP stands for Link Layer Discovery Protocol and runs over data link layer. It is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.
Page 63 Switch(config)# no lldp tlv-select port- Disable Port Description attribute to be sent. description Switch(config)# no lldp tlv-select Disable System Description attribute to be sent. system-description Switch(config)# no lldp tlv-select Disable System Name attribute to be sent. system-name Show command Switch# show lldp Show LLDP settings.
Page 64 2.6.14 Loop Detection Command In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.
Page 65 1440 minutes. NOTE: 1. Be aware that Looped port unlock- interval converted into seconds should be greater than or equal to Detection Interval seconds multiplied by 10. The ‘10’ is a magic number which is for the system to claims the loop detection disappears when the system does not receive the loop- detection packet from itself at least...
Page 66 Switch(config)# show loop- [port_list] Show Loop Detection status of the detection status [port_list] specified port(s). Examples of Loop Detection command Switch(config)# loop-detection interval 10 Set the Loop Detection time interval to 10 seconds. Switch(config)# loop-detection unlock-interval 120 Set the Loop Detection unlock time interval to 120 minutes.
Page 67 2.6.15 l2protocol-tunnel Command L2PT (Layer 2 protocol tunneling) allows Layer 2 protocol data units (PDUs), including CDP(Cisco Discovery Protocol), LLDP(Link Layer Discovery Protocol), STP(Spanning Tree Protocol), VTP(Vlan Trunking Protocol), LACP(Link Aggregation Control Protocol), PAgP(Port Aggregation Protocol), UDLD(Unidirectional Link Detection), to be tunneled through a network. GBPT, also referred to as Generic Bridge PDU Tunneling, provides a scalable approach to PDU tunneling by software encapsulating the PDUs in the ingress edge switches and then multicasting them in hardware.
Page 68 Clear each PDU’s encapsulation and Switch(config)# show l2protocol-tunnel clear decapsulation counters of all ports. Examples of L2PT command Switch(config)# l2protocol-tunnel Enable L2PT function. Specify the priority bit value “3” to L2PT Switch(config)# l2protocol-tunnel cos 3 Class of Service (CoS). Use “Interface” command to configure Layer 2 protocol data units (PDUs) settings. L2PT &...
Page 69 Switch(config-if-PORT-PORT)# no Disable point-to-point layer 2 protocol l2protocol-tunnel point-to-point tunneling for PAgP packets on the pagp selected port(s). Switch(config-if-PORT-PORT)# no Disable point-to-point layer 2 protocol l2protocol-tunnel point-to-point tunneling for UDLD packets on the udld selected port(s). Switch(config-if-PORT-PORT)# no Disable layer 2 protocol tunneling for l2protocol-tunnel stp STP packets on the selected port(s).
Page 70 2.6.16 MAC Command Set up MAC address table aging time. Entries in the MAC address table containing source MAC addresses and their associated ports will be deleted if they are not accessed within aging time. MAC Command Parameter Description Switch(config)# mac [0-900s] Specify MAC address table aging time between 0 and 900 seconds.
Page 71 Switch(config)# show mac Show the current MAC address aging time. aging-time Examples of MAC command Switch(config)# mac address-table aging-time Set MAC address aging time to 200 seconds. Use “Interface” command to configure a group of ports’ MAC Table settings. MAC & Interface Command Parameter Description Switch(config)# interface...
Page 72 [xx:xx:xx:xx:xx:xx] sort-by [mac address mask. | port | vlan] [xx:xx:xx:xx:xx:xx] Specify a MAC address to allow the filter to compare it against the specified MAC address mask. [xx:xx:xx:xx:xx:xx] Specify a MAC address mask to allow the filter to compare it against the specified MAC address.
Page 73 addresses learned by the same port are grouped together and arranged in ascending order. Switch#(config) show mac filter type dynamic mac Only the dynamic MAC addresses of exclude mac-address 9C:EB:E8:EA:5E:84 mac- which the first 6 digits are not “9C:EB:E8” will be displayed, yet MAC mask FF:FF:FF:00:00:00 port-list include 5-10 vlan exclude 100 addresses that belong to VLAN 100...
Page 74 2.6.17 Management Command Configure console/telnet/web/SSH access control and timeout value. Management Command Parameter Description Switch(config)# management Enable Console management. To manage console the Managed Switch via Console. Switch(config)# management [1-10] Configure the retry times if the console console fail-retry [1-10] login fails.
Page 75 Switch(config)# no management Reset console timeout back to the default console timeout (300 seconds). Switch(config)# no management Disable SSH management. Switch(config)# no management Disable Telnet management. telnet Switch(config)# no management Reset Telnet port back to the default. The telnet port default port number is 23.
Page 76 Switch(config-radius- [secret] Specify a secret, up to 32 NUMBER)# secret [secret] alphanumeric characters, for the RADIUS server. This secret key is used to validate communications with the RADIUS server. Specify the RADIUS server’s Switch(config-radius- [A.B.C.D | NUMBER)# A:B:C:D:E:F:G: IPv4/IPv6 address. server-ip [A.B.C.D | A:B:C:D:E:F:G:H] No Command...
Page 77 Configure TACACS+ server authentication method. Management Tacacs Command Parameter Description Switch(config)# management [aes-128] Specify AES-128 as the encryption tacacs secret-key-encryption method to secure the secret key [aes-128] against potential malicious attacks. aes-128 (advanced encryption method): An encryption algorithm uses key and block sizes of 128 bits to secure against malicious attacks on sensitive or private data.
Page 78 Show the current configuration of Switch(config)# show management tacacs both 1 and 2 TACACS+ servers. Show the current configuration of the Switch(config)# show management tacacs 1 TACACS+ server. Show the current configuration of the Switch(config)# show management tacacs 2 TACACS+ server. Examples of Management Tacacs Command Switch(config)# management tacacs retry-time 2 Set the retry time value to 2.
Page 79 Switch(config)# [disable | local | Configure the authentication method management authentication radius1 | radius2 | scheme for all interfaces, including all [method 1] [method 2] tacacs1 | tacacs2] Telnet, SSH, Web, and Console. [method 3] [method 4] [method 5] Note: Each method can be configured as disable, local, radius1, radius2, tacacs1, or tacacs2.
Page 80 2.6.18 Mirror Command Mirror Command Parameter Description Switch(config)# mirror Globally enable Port Mirroring function. Switch(config)# mirror index [1-4] [1-4] Specify the index of port mirroring you would like to configure. Up to 4 sets of port mirroring can be set up. Switch (config-mirror-index)# Enable the specified port mirroring.
Page 81 2.6.19 MVR Command MVR (Multicast VLAN Registration) allows clients receiving multicast stream transmitted from the upstream device to reside in different VLANs, which is particularly suitable for networks with the high demand of bandwidth. Instead of transmitting multiple copies of multicast traffic to clients in the different VLANs separately, an upstream device merely needs to transmit multicast traffic to a multicast VLAN if the configured MVR is enabled on Managed Switch.
Page 82 Switch(config-mvr-ID)# no Remove the specific IPv6 multicast group multicast-group ipv6 all assigned with all IPv6 multicast addresses for the selected multicast VLAN. Switch(config-mvr-ID)# no [E.F.G.H] Remove the specified IPv4 multicast multicast-group ipv4 range from group for the selected multicast VLAN. [E.F.G.H] [E.F.G.H] to [E.F.G.H] Switch(config-mvr-ID)# no...
Page 83 [A:B:C:D:E:F:G:H] to [A:B:C:D:E:F:G:H] [A:B:C:D:E:F:G:H] Switch(config)# show mvr vlan [1-4094] Show the current configuration of the [1-4094] specific multicast VLAN. Switch(config)# show mvr [1-4094] Show the current multicast group multicast-group vlan [1-4094] configuration of the specified multicast VLAN. Example of MVR command Switch (config)# mvr Enable the MVR function globally on the Managed Switch.
Page 84 Switch(config-if-PORT-PORT)# [1-4094] Remvoe the selected port(s) configured as no mvr vlan [1-4094] type the sender port for the specified multicast sender-port VLAN.
Page 85 2.6.20 NTP Command NTP Command Parameter Description Switch(config)# ntp Enable Network Time Protocol to have Managed Switch’s system time synchronize with NTP time server. Switch(config)# ntp [recurring] Enable daylight saving function with daylight-saving [ recurring | recurring mode. date ] [date] Enable daylight saving function with date mode.
Page 86 Switch(config)# no ntp time-zone Reset the time-zone setting back to the default. Show command Switch# show ntp Show the current NTP time server configuration. Switch(config)# show ntp Show the current NTP time server configuration. Examples of NTP command Switch(config)# ntp Enable NTP function for the Managed Switch.
Page 87 2.6.21 PoE Command PoE (Power Over Ethernet) is the technology that a data-carrying LAN cable can play a role in power supplier. Typically, a PoE switch is deployed at the center of the network for power transmission and supplys electricity to PDs (powered devices) up to 100 meters away through TP ports.
Page 88 Switch# show poe status [port_list] Show all PoE status on selected port(s). interface [port_list] Switch# show poe interface Show the current PoE configuration of all PoE ports. Switch# show poe interface [port_list] Show the current PoE configuration of [port_list] specific port(s). Switch# show poe interface Show PoE interface detailed configuration detailed...
Page 89 Switch(config-if-PORT-PORT)# [critical | high | Configure PoE output priority when poe priority [critical | high | low] low] total power consumption is over total power budget. low: It indicates the port(s) with this priority will be the first port(s) to get power cut off.
Page 90 function. Also need to set up PoE Schedule Time-range to complete the schedule setup. Specified the pre-defined “Time Range Switch(config-if-PORT-PORT)# [time_range_n Name” for selected PoE port to follow poe schedule time-range ame] [time_range_name] the scheduling rule. Max. 32 characters. Note: To set up time range rule, please refer to Section 2.6.31 Time-...
Page 91 2.6.22 QoS Command 1. Set up QoS QoS Command Description Parameter Switch(config)# qos [802.1p | dscp] [802.1p | dscp] Specify QoS mode. Switch(config)# qos dscp-map [0- [0-63] Specify a DSCP bit value. 63] [0-7] [0-7] Specify a queue value. Switch(config)# qos management- [0-7] Specify management default priority [0-7]...
Page 92 ID back to the default. Switch (config-dscp-map-ID)# no rx- Reset the received DSCP bit dscp value for the selected priority mapping ID back to the default. Switch(config)# no qos remarking Globally disable 802.1p bit 802.1p remarking. Switch(config)# no qos remarking [1-8] Reset the 802.1p remaking for 802.1p-map [1-8]...
Page 93 Kbps/Mbps Mbps). Switch(config-if-PORT-PORT)# [Kbps | Mbps] Specify the unit of the egress rate qos rate-limit egress unit [Kbps | limit between Kbps and Mbps. Mbps] Switch(config-if-PORT-PORT)# [0-7] Specify the default priority bit (P-bit) qos user-priority [0-7] to the selected interfaces. No command Switch(config-if-PORT-PORT)# no Disable QoS ingress rate limit...
Page 94 QoS Mode: 802.1p; Queue Mode: Weight; Port 25: Uplink Port. Queue-Weighted: 1(Q0):2(Q1):3(Q2):4(Q3):5(Q4):6(Q5):7(Q6):8(Q7) 802.1p Priority Queue Ingress Egress Remark P-Bit Mapping Rate Rate The rest of P-Bits are Port 1 Default Default default value. Port 2 Default Default Port 3 10000 10000 Port 4 10000...
Page 95 STEP8 exit Return to the global configuration mode. Example: Switch(config-if-1)# exit Switch(config)# STEP9 port_list interface Specify the Port 2 that you would like to configure P-Bit. Example: Switch(config)# interface 2 Switch(config-if-2)# P-Bit STEP10 In this example, it configures qos user-priority P-Bit value as 1 for Port 2.
Page 96 Switch(config)# STEP19 port_list interface Specify the Port 5 that you would like to configure QoS Rate limit. Example: Switch(config)# interface 5 Switch(config-if-5)# STEP20 kbps/Mbps In this example, it configures qos rate-limit ingress unit the unit of the ingress rate limit as” Kbps” for Port 5 Example: Switch(config-if-5)# qos rate-limit ingress unit Kbps OK !
Page 97 After completing the QoS settings for the Managed Switch, you can issue the commands listed below for checking your configuration Example 1, Switch(config)# show qos ======================================================================= QoS Information ======================================================================= QoS Mode : 802.1p Egress Mode : weight Weight : 1:2:3:4:5:6:7:8 Press Ctrl-C to exit or any key to continue! Priority Queue --------- ----------...
Page 98 Press Ctrl-C to exit or any key to continue! Port Priority ------ -------- 10 0 Press Ctrl-C to exit or any key to continue! 11 0 12 0 13 0 14 0 15 0 16 0 17 0 18 0 19 0 20 0 Press Ctrl-C to exit or any key to continue!
Page 99 Example 2, Switch(config)# show qos interface ======================================================================= QoS port Information : ======================================================================= Ingress Rate Egress Rate ------------------------------- ------------------------------------ Port State Rate Unit State Rate Unit ------ --------- ---------- ---------- ---------- ---------- ----------- 1 disable 500 Kbps disable Kbps 2 disable 500 Kbps disable Kbps...
Page 100 2.6.23 Security Command When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per port basis so as to protect network from broadcast/unknown multicast/ unknown unicast storms.
Page 101 Configure the release delay rule as “follow- Switch(config)# security delay release-delay rule delay-time”. follow-delay-time Configure the release delay rule as “mac- Switch(config)# security limit”. delay release-delay rule mac-limit Switch(config)# security link- [1-20] Specify the maximum times of the port link flap notification threshold [1- flap for sending the alarm trap and syslog message.
Page 102 Switch(config)# no security Disable to filter packets with the l2control-protocol 00-0F destination MAC address ranging from 0180c2000000 to 0180c200000f Switch(config)# no security Disable to filter packets with the l2control-protocol 20-2F destination MAC address ranging from 0180c2000020 to 0180c200002f. Switch(config)# no security Disable to filter packets with the l2control-protocol 10 destination MAC address 0180c2000010.
Page 103 broadcast/unknown multicast/unknown unicast packets flood continuously. 2. Use “Interface” command to configure broadcast/unknown multicast/unknown unicast storm control, port isolation, MAC limit, and port linkup delay. Security & Interface Parameter Description Command Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen.
Page 104 sticky Switch(config-if-PORT- Unlock the selected port(s) that are PORT)# security mac-limit locked because the number of MAC unlock address learned exceeds the threshold and the port action is set as “Shutdown”. Switch(config-if-PORT- Configure the selected port(s) as PORT)# security port-isolation uplinks that are allowed to up-link-port communicate with other ports.
Page 105 The packet rates that can be specified are listed below: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k NOTE: To view a list of allowable values that can be specified you can press “spacebar”...
Page 106 Switch(config-if-1-3)# security mac-limit Configure the maximum 50 sets of maximum 50 MAC address that can be learned for Port1~Port 3 respectively.
Page 107 2.6.24 Sfp Command SFP Port Threshold Configuration function not only displays all SFP ports’ current temperature, voltage, current, TX power and RX power information but is capable of detecting whether these SFP prots are at normal status or not. In the display of the above SFP-related information, you can decide one or all items to be shown at a tme by assigning All/Temperature/Voltage/Current/TX power/RX power parameter upon your requriements.
Page 108 Swtich. Switch(config)# no sfp Disable the continuous alarm message sending function for SFP ports’ threshold notification continuous-alarm temperature/voltage/current/TX power/RX power. Switch(config)# no sfp Reset to default the continuous alarm interval for SFP ports’ threshold notification continuous-alarm interval temperature/voltage/current/TX power/RX power alarm message (120 seconds). Switch(config)# no sfp Reset the time interval of sending SFP ports’...
Page 109 Switch(config)# show sfp [port_list] Show SFP threshold configuration, the specific SFP ports’ current voltage and threshold voltage [port_list] their threshold information of this parameter. Example of SFP Threshold Switch(config)# sfp threshold notification Configure the time interval of sending SFP ports’ temperature/voltage/current/TX interval 300 power/RX power alarm message as 300 seconds.
Page 110 Switch(config-if-PORT- [high | low] Specify the value respectively for high/low PORT)# sfp threshold alarm/warning current threshold for the current [high | low] value selected port. The valid value range is [alarm | [alarm | warning] [0~1500] 0~1500 (Unit: 1/10mA). warning] [0~1500] Switch(config-if-PORT- [high | low]...
Page 111 Switch(config-if-PORT- [high | low] Specify the value respectively for high/low PORT)# sfp threshold tx- alarm/warning TX power threshold for the power [high | low] value selected port. The valid value range is [alarm | [alarm | warning] [-300~100] -300~100 (Unit: 1/10dBm). warning] [-300~100] Switch(config-if-PORT-...
Page 112 Switch(config-if-PORT- [high | low] Respectively reset the high/low alarm or PORT)# no sfp threshold warning temperature threshold value to [alarm | temperature [high | low] default. warning] value [alarm | warning] Switch(config-if-PORT- [high | low] Disable high/low TX power threshold for PORT)# no sfp threshold tx- the selected port(s).
Page 113 2.6.25 SNMP-Server Command 1. Create a SNMP community and set up detailed configurations for this community. Snmp-server Command Parameter Description Switch(config)# snmp- Enable SNMP Management. To manage server the Managed Switch via SNMP. Switch(config)# snmp- [community] Create/modify a SNMP community name. server community Up to 20 alphanumeric characters can be [community]...
Page 114 Exit command Switch(config-community-NAME)# exit Return to the global configuration mode. Example of Snmp-server Create a new community “mycomm” and Switch(config)# snmp-server community mycomm edit the details of this community account. Activate the SNMP community “mycomm”. Switch(config-community-mycomm)# active Add a description for “mycomm” Switch(config-community-mycomm)# description rddeptcomm community.
Page 115 Add the description “mycomm” to this trap Switch(config-trap-1)# community mycomm destination. Switch(config-trap-1)# destination Set SNMP server’s IP address as “192.168.1.254” for this trap destination. 192.168.1.254 3. Set up SNMP trap types that will be sent Trap-type Command Parameter Description Switch(config)# snmp- [all | auth-fail | Specify a trap type that will be sent when server trap-type [all | auth-...
Page 116 enabled exceeds the specified source MAC address limit. And it will keep sending this trap upon the notification threshold interval setup of MAC Limit function once any port exceeds the specified source MAC address limit continuously. poe: A trap will be sent when specified PoE events occur, such as system power exceeding the threshold or port power exceeding the budget.
Page 117 | digital | fast-redundancy | cpu- mac-limit | port-link | port- temperature | link-flap | power-down | digital | fast- sfp-threshold | storm- redundancy | control | system-voltage | mac-limit | port- warm-start] link | port-link- flap | power- down | sfp- threshold | storm-control | system-voltage...
Page 118 MD5 algorithm. Switch (config-v3-user- Specify the authentication password for user_name)# authentication the specified SNMPv3 user. The password password [password] [password] length must be between 8 and 32 characters, and special characters like ‘ “ % | \ are acceptable. Switch (config-v3-user- Specify the method to ensure user_name)# private confidentiality of data.
Page 119 Enables authentication based on the Hashed Message Message Digest Authentication Code(HMAC)- Algorithm(MD5) None MD5 or HMAC-SHA algorithms. or Secure Hash Algorithm(SHA) Enables authentication based on the Hashed Message Authentication Code(HMAC)- Data Encryption MD5 or HMAC-SHA algorithms. MD5 or SHA Standard(DES) What’s more, enables DES 56-bit encryption based on the Cipher Block Chaining (CBC)-DES...
Page 120 2.6.26 Spanning-tree Command The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.
Page 121 point ports (forced_false). Switch(config)# spanning- [4-30] Specify the forward delay time value in tree delay-time [4-30] seconds. The allowable value is between 4 and 30 seconds. Switch(config)# spanning- [1-10] Specify the hello interval value in tree hello-time [1-10] seconds. The allowable value is between 1 and 10 seconds.
Page 122 Switch(config)# show Show RSTP settings on aggregated spanning-tree aggregated- ports. port Switch(config)# show Show each interface’s RSTP information, spanning-tree interface including port state, path cost, priority, edge port state, and p2p port state. Switch(config)# show [port_list] Show the specified interfaces’ RSTP spanning-tree interface information, including port state, path [port_list]...
Page 123 Use “Interface” command to configure a group of ports’ Spanning Tree settings. Spanning tree & Interface Parameter Description Command Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Enable spanning tree protocol on...
Page 124 For RSTP configuration via CLI, we take the following ring network topology composed of 3 sets of 28-port Managed Switches, including Switch A, Switch B and Switch C for example to let the users have a clear understanding of these RSTP commands. Under this network environment, Switch A, Switch B and Switch C will be configured as Table 2-2, and the “Root Switch”...
Page 125 STEP5 forward_delay_time spanning-tree delay-time In this example, it configures the Forward Delay Time of Switch A as Example: Switch(config)# spanning-tree delay-time 4 OK ! stp_version STEP6 spanning-tree version In this example, it configures the STP Version of Switch A as “Normal”.
Page 126 After completing the RSTP Switch settings for your Managed Switches, you can issue the commands listed below for checking your configuration Example 1, Switch(config)# show spanning-tree ======================================================================== RSTP Switch Information ======================================================================== State : enabled System Priority : 4096 Max Age Hello Time Forward Delay : 4 Force Version : normal...
Page 127 Example 3, Switch(config)# show spanning-tree interface ======================================================================== RSTP Port Information ======================================================================== Port State Path-Cost Priority Edge Point2point ------ ---------- ------------- ---------- ---------- -------------- disable disable forced-true disable disable forced-true disable disable forced-true disable disable forced-true disable disable forced-true disable disable forced-true disable disable...
Page 128 Example 5, Switch(config)# show spanning-tree status ======================================================================== RSTP Port Status ======================================================================== Port Path Cost Edge Cost P2P Cost :yes Protocol :RSTP Role :Non-STP Port State :Non-STP --------------------------------------------- Packet Statistics --------------------------------------------- RSTP Received RSTP Transmitted STP Received STP Transmitted TCN Received TCN Transmitted Illegal Received Unknown Received...
Page 129 Port : 10 Path Cost : 2000000 Edge Cost : no P2P Cost : yes Protocol : RSTP Role : Disable Port State : Disable --------------------------------------------- Packet Statistics --------------------------------------------- RSTP Received RSTP Transmitted :0 STP Received STP Transmitted TCN Received TCN Transmitted Illegal Received Unknown Received :0...
Page 130 2.6.27 Switch Command Switch Command Parameter Description Switch(config)# switch mtu [1518- [1518-12288] Specify the maximum frame size 12288] in bytes. The allowable MTU value is between 1518 and 12288 bytes. Switch(config)# switch statistics [1-12] Specify the number of ports for polling port [1-12] data acquisition in each polling.
Page 131 2.6.28 Switch-info Command 1. Set up the Managed Switch’s basic information, including company name, hostname, system name, etc.. Switch-info Command Parameter Description Switch(config)# switch-info [company_name] Enter a company name, up to 55 company-name alphanumeric characters, for this Managed [company_name] Switch. Switch(config)# switch-info [10-3000] Specify CPU loading threshold.
Page 132 No command Switch(config)# no switch-info company-name Reset the entered company name back to the default. Switch(config)# no switch-info cpu-loading- Reset CPU loading threshold back to the threshold default. Switch(config)# no switch-info cpu- Disable the continuous alarm message temperature notification continuous-alarm sending function for CPU temperature of the system.
Page 133 2.6.29 Syslog Command Syslog Command Parameter Description Switch(config)# syslog Enable the system log function. Switch(config)# syslog [0-7] Specify a facility code (Local 0~Local 7) to a facility [0-7] specific device for classifying the syslog message provided by different devices. Switch(config)# syslog Enable Terminal-history log function.
Page 134 2.6.30 Terminal Length Command Terminal Length Parameter Description Command Switch(config)# terminal [0-512] Specify the number of event lines that will show up each time on the screen for “show length [0-512] running-config”, “show default-config” and “show start-up-config” commands. (“0” stands for no pausing.) No Command Switch(config)# no terminal Reset the terminal length back to the default...
Page 135 2.6.31 Time-range Command This command defines a time interval to be activated on a daily or weekly basis. This is convenient to assign when a function should be automatically taken effect. Before using the function, make sure that gateway NTP time server is configured in Time Server Configuration (See Section 2.6.20).
Page 136 Example: 8:00 10 jan 2015 Switch(config-timerange-name)# [hh:mm dd Specify an absolute end time to a time- absolute end [hh:mm dd MMM MMM yyyy] range, using the following format: yyyy] hh:mm dd MMM yyyy hh: 0-23; mm: 0-59; dd: 1-31; yyyy: 2000-2097;...
Page 137 to hh:mm day] Show Command Switch# show time-range Display the time-range configuration. Switch# show time-range [time- Display the specified time-range configuration. range-name] Switch(config)# show time-range Display the time-range configuration. Switch(config)# show time-range Display the specified time-range configuration. [time-range-name] Switch (config-timerange- Display the configuration of the current time range entry.
Page 138 2.6.32 User Command Create a new login account. User Command Parameter Description Switch(config)# user name [user_name] Create/modify a user account. The [user_name] authorized user login name is up to 20 alphanumeric characters. Up to 10 users can be registered. Switch(config)# user [md5 | aes- Select MD5 (Message-Digest Algorithm) or password-encryption [md5...
Page 139 Switch(config-user- Remove the configured password for the NAME)# no password specified user account. Show command Switch(config)# show user Show user account configuration. Switch(config)# show user List all user accounts. name Switch(config)# show user [user_name] Show the specific account’s configuration. name [user_name] Switch(config-user- Show the specific account’s configuration.
Page 140 2.6.33 VLAN Command A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
Page 141 Introduction to 802.1Q frame format: Preamble Type/LEN PAYLOAD Original frame 802.1q Preamble Type/LEN PAYLOAD FCS TCI/P/C/VID frame PRE Preamble 62 bits Used to synchronize traffic SFD Start Frame Delimiter 2 bits Marks the beginning of the header Destination Address 6 bytes The MAC address of the destination Source Address 6 bytes...
Page 142 Trunk Native Mode : A Trunk-native port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign a default Access-VLAN to the trunk-native port, all untagged traffic travels on the default Access-VLAN for the trunk-native port, and all untagged traffic is assumed to belong to this Access-VLAN.
Page 143 PortX sends and receives Tagged packets VID 10,11 and 12 Trunk-VLAN = 10,11,12 PortX is a Trunk-native Port Access-VLAN = 20 PortX’s VID is 10,11 and 12 Mode = Trunk-native PortX’s PVID is 20 PortX sends and receives Tagged packets VID 10,11 and 12 PortX receives Untagged packets and add PVID 20 Trunk-VLAN = 10,11,12 PortX is a Dot1q-tunnel Port...
Page 144 encapsulate the original VLAN with a second VLAN ID of 100. This second VLAN ID is known as SP-VLAN (Service Provider VLAN) that is added as data enters the service provider’s network and then removed as data exits. Eventually, with the help of SP-Tag, the information sent from Headquarter to Branch 1 can be delivered with customers’...
Page 145 traffic is assumed to belong to this Access-VLAN. Switch(config-if-PORT-PORT)# [name] Set the selected ports to a specified vlan port-based [name] port-based VLAN. Note : Need to create a port-based VLAN group under the VLAN global configuration mode before joining No command Switch(config-if-PORT-PORT)# Reset the selected ports’...
Page 146 Switch(config)# vlan port-based Include CPU into the specified [name] include-cpu Port-Based VLAN. Switch(config)# vlan dot1q-tunnel [0xWXYZ] Configure outer VLAN's ethertype. ethertype [0xWXYZ] (Range: 0x0000~FFFF) No command Switch(config-vlan-ID)# no name Remove the descriptive name for the specified VLAN ID. Switch(config)# no vlan port- [name] Delete the specified port-based based [name]...
Page 147 customer network for the VLAN ID translation.Valid range: 1-4094. Note: Different original VIDs belonging to the specific port cannot be translated into the same Mapped VID. [1-4094] Specify the preferred VLAN ID that the assigned original VID will be translated. Valid range: 1-4094. Note: Different Mapped VIDs cannot be assigned to the trunk port with the same original VID.
Page 148 Switch(config)# vlan selective- [1-3] Configure outer VLAN's EtherType qinq tpid [1-3] ethertype for the specified TPID (Tag [0xWXYZ] Protocol Identifier). The system supports 4 TPIDs. The default configuration of these TPIDs is as follows: Default TPID = 8100 (A fixed value that cannot be changed.) TPID 1 = The default setting is 9100.
Page 149 No command Switch(config)# no vlan selective- Disable Selective Q-in-Q function qinq globally. Switch(config)# no vlan selective- [name] Remove the specified Selective Q- qinq name [name] in-Q rule by name from the Selective Q-in-Q rule table Show command Switch(config)# show vlan Show the current all Selective Q- selective-qinq all in-Q configuration.
Page 150 Switch(config-if-1,2)# vlan dot1q-vlan trunk- Set port 1 to port 2’s Trunk-VLAN ID vlan 10, 20 (VID) to 10 and 20. Switch(config-if-1,2)# vlan dot1q-vlan mode Set the selected ports to Trunk Mode trunk (tagged). Switch(config-if-1,2)# exit Exit current ports interface mode. Enter port 3 to 4’s interface mode.
Page 151 Specify ”SQA” as the name for VLAN 60. Switch(config-vlan-60)# name SQA Switch(config-vlan-60)# exit Exit VLAN 60. Switch(config)# vlan dot1q-vlan 70 Enter VLAN 70. Specify ”PME” as the name for VLAN 70. Switch(config-vlan-70)# name PME Switch(config-vlan-70)# exit Exit VLAN 70. Example 2, We will configure two sets of the Managed Switch (including #1 Switch and #2 Switch) via CLI as the Table 2-4 listed.
Page 152 STEP6 exit Return to the global configuration mode. Example: Switch(config-if-1)# exit Switch(config)# port_list STEP7 interface Specify Port 2 that you would like to configure it as Trunk port. Example: Switch(config)# interface 2 Switch(config-if-2)# vlan_id STEP8 vlan dot1q-vlan trunk-vlan In this example, it configures Trunk-VLAN ID “10”...
Page 153 STEP15 port_list interface Specify Port 4 that you would like to configure it as dot1q- tunnel port. Example: Switch(config)# interface 4 Switch(config-if-4)# vlan_id STEP16 vlan dot1q-vlan access-vlan In this example, it configures Access-VLAN ID “20” to Port 4. Example: Switch(config-if-4)# vlan dot1q-vlan pvid 20 OK ! STEP17 dot1q-tunnel...
Page 154 After completing the VLAN settings for your Managed Switches, you can issue the commands listed below for checking your configuration For Example, Switch(config)# show vlan interface ======================================================================== IEEE 802.1q Tag VLAN Interface ======================================================================== CPU VLAN ID Dot1q-Tunnel EtherType : 0x9100 Port P-Bit Port VLAN Mode PVID Trunk-vlan ---- --------- ------------------------ ------- ---------------- dot1q tunnel...
Page 155 Example 3, We will configure one set of Managed Switch via CLI as the Table 2-5 listed to demonstrate Selection Q-in-Q application through a single uplink port. As the above figure shows, three clients are assigned three VLANs that the tag values are 10, 20 &...
Page 156  On Managed Switch, add VLAN 1000 to packets that have inner VLAN IDs 10 and enter Interface 3, and VLAN 2000 to packets that have inner VLAN IDs 20 and enter Interface 3, and VLAN 4000 to packets that have inner VLAN IDs 30 and enter Interface 3. ...
Page 157 STEP10 Switch(config-if-1)# Assign PVID of Port 1 as 101. Set the VLAN mode of Port 1 as vlan dot1q-vlan pvid 101 selective-qinq mode. vlan dot1q-vlan mode selective-qinq Deny VID 1 for tagged packets. no vlan dot1q-vlan trunk-vlan 1 Allow VIDs 1000, 2000 and 3000 for vlan dot1q-vlan trunk-vlan 1000,2000,3000 tagged packets.
Page 158 STEP21 Switch(config)# Create a Selective Q-in-Q rule named “VoIP_ISP”, and configure vlan selective-qinq name VoIP_ISP interface 3 inner-vid outer tag VID as 1000, EtherType as 10 outer-vid 1000 tpid 3 priority 0 TPID 3 (9200) and 802.1p priority as 0 when the inner tag VID of Port 3 is STEP22 Switch(config)# Create a Selective Q-in-Q rule...
Page 159 IPTV 2000 3000 (Packets come from Internet switch A & B) 4000 (Packets come from switch C) Table 2-6  On Managed Switch, add VLAN 1000 to packets that have inner VLAN IDs 10 and enter Interface 1, and VLAN 2000 to packets that have inner VLAN IDs 20 and enter Interface 1, and VLAN 3000 to packets that have inner VLAN IDs 30 and enter Interface 1.
Page 160 STEP6 Switch(config)# Create VLAN 2000. And set VLAN 2000’s name as “IPTV_ISP”. vlan dot1q-vlan 2000 name IPTV_ISP exit STEP7 Switch(config)# Create VLAN 3000. And set VLAN 3000’s name as “Internet_ISP_A”. vlan dot1q-vlan 3000 name Internet_ISP_A exit STEP8 Switch(config)# Create VLAN 4000. And set VLAN 4000’s name as “Internet_ISP_B”.
Page 161 STEP17 Switch(config)# Enter Port 27. interface 27 STEP18 Switch(config-if-27)# Set the VLAN mode of Port 27 as trunk mode. vlan dot1q-vlan mode trunk Deny VID 1 for tagged packets. no vlan dot1q-vlan trunk-vlan 1 Allow VIDs 1000, 2000 and 3000 for vlan dot1q-vlan trunk-vlan 1000,2000,3000 tagged packets.
Page 162 2.6.34 Interface Command Use “interface” command to set up configurations of several discontinuous ports or a range of ports. 1. Entering interface numbers. Interface Command Parameter Description Switch(config)# interface [port_list] Enter several port numbers separated by [port_list] commas or a range of port numbers with a hyphen.
Page 163 created before assigning ports to it. “channel-group”) (See Section 2.6.6 No command Switch(config-if-PORT-PORT)# Disable LACP on the selected interfaces. no channel-group lacp Switch(config-if-PORT-PORT)# Remove the selected ports from a link no channel-group trunking aggregation group. 4. Set up port description. Command Parameter Description...
Page 164 Switch(config-if-PORT-PORT)# Enable the Formatted DHCPv4 Option 82 ip dhcp snooping circuit / DHCPv6 Option 37 Circuit Id for the formatted selected interfaces. Switch(config-if-PORT-PORT)# [circuit_id] Configure DHCPv4 Option 82 / DHCPv6 ip dhcp snooping circuit id Option 37 Circuit ID. The circuit ID can be [circuit_id] a string of up to 63 characters.
Page 165 [1-4094] Specify a VLAN ID. No command Switch(config-if-PORT- Disable IGMP filter for the selected PORT)# no ip igmp filter interfaces. Switch(config-if-PORT- [profile_name] Remove the specified profile from the PORT)# no ip igmp filter selected ports. profile [profile_name] Switch(config-if-PORT- Reset the maximum number of multicast PORT)# no ip igmp max- streams back to the default (512 groups...
Page 166 unlimited: Non-Limited (Allows both static IP and DHCP-assigned IP). This is the default setting. 11. Configure MAC table learning and static MAC table. Command Parameter Description Switch(config-if-PORT)# mac [xx:xx:xx:xx:xx:xx] Specify a MAC address to the VLAN address-table static-mac entry. [xx:xx:xx:xx:xx:xx] vlan [1-4094] Note: Only one port could be set at a time.
Page 167 Switch(config-if-PORT-PORT)# Disable the selected interfaces. shutdown No command Switch(config-if-PORT-PORT)# Enable the selected interfaces. no shutdown 14. Configure RSTP parameters per port. Command Parameter Description Switch(config-if-PORT- Enable spanning-tree PORT)# spanning-tree protocol on the selected interface(s). Switch(config-if-PORT- [0-200000000] Specify the path cost value PORT)# spanning-tree cost on the selected [0-200000000]...
Page 168 15. Set up port speed. Command Parameter Description Switch(config-if-PORT- [10000 | 5000 | Configure the port speed. PORT)# speed [10000 | 2500 | 1000 | 100 | 5000 | 2500 | 1000 | 100 | 10 | auto_sense | Note 1: Speed can only be configured 10 | auto_sense | auto- auto-speed] when auto-negotiation is disabled.
Page 169 vlan port-based [name] based VLAN. Note : Need to create a port-based VLAN group under the VLAN global configuration mode before joining it. No command Switch(config-if-PORT-PORT)# Reset the selected ports’ PVID back to no vlan dot1q-vlan pvid the default setting. Switch(config-if-PORT-PORT)# [1-4094] Remove the specified trunk VLAN ID from...
Page 170 2.6.35 Show interface statistics Command The command of “show interface statistics”, displaying port traffic statistics, port packet error statistics and port analysis history, can be used either in Privileged mode or Global Configuration mode. This command is useful for network administrators to diagnose and analyze the real-time conditions of each port traffic.
Page 171 2.6.36 Show sfp Command When you slide-in SFP transceiver, detailed information about this module can be viewed by issuing this command. Show sfp Command Description Display SFP information, including the speed of transmission, the distance of Switch(config)# show sfp information transmission, vendor name, vendor PN, and vendor SN.
Page 172 Switch(config)# show start-up- Show the difference between the config startup configuration and the default configuration. Switch(config)# show start-up- [string] Specify the keyword to search for config include [string] the matched information from the difference between the startup configuration and the default configuration.
Page 173 separated by commas or a range of items with a hyphen. For example:1,3 or 2-4 Note: Use quick key: a “space” followed by “?” to view the comprehensive item list. Switch#(config) show log log- [exclude | Display events by filtering out or item [exclude | include] include] encompassing events of the specified...
Page 174 [hh:mm dddd] Specify the ending point of a Managed Switch’s uptime period. hh: 0-23 mm: 0-59 dddd: 0-9999 2.6.39 Show log link-flap Command Command Parameters Description Show the specific port’s log history of Switch# show log link-flap [port_number] [port_number] trigger events such as the port link flap (a port’s linkdown or linkup), the count of port’s port link flap, the reason that causes these triggered...
Page 175 3. SNMP NETWORK MANAGEMENT The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
Page 176 4. WEB MANAGEMENT You can manage the Managed Switch via a web browser. However, you must first assign a unique IP address to the Managed Switch before doing so. Through the connection of any SFP ports using the fiber cable or any TP ports using a RJ-45 cable, you will be allowed to have an access of the Managed Switch and set up the IP address for the first time.
Page 177 Besides the Main Menu, a general overview of the Managed Switch’s all functions will also be displayed when clicking on the icon among the quick buttons located on the top-right corner of each webpage. You can also reach each fucnions from the listed hyperlink. As for other quick buttons, the icon is provided for the user to save any new settings permanently into Flash, the...
Page 178  Rapid Spanning Tree: Set up RSTP switch settings, aggregated port settings, physical port settings, etc. And view RSTP VLAN Bridge, port status, and statistics.  Fast Redundancy: Set up CTS’s fast redundancy functionality, including two redundancy protocols Fast Ring v2 and Chain.
Page 179  Multicast: Configure IGMP/MLD Snooping, static multicast and MVR parameters, and view the IGMP/MLD status and Groups table.  ACL Setup: Set up access control entries and lists.  Security Setup: Set up DHCP Snooping, DHCP Option 82 / DHCPv6 Option 37 relay agent, port isolation, storm control, MAC limiter, static IPv4/IPv6 table configuration, and so on.
Page 180 4.1 System Setup In order to enable network management of the Managed Switch, proper network configuration is required. To do this, click the folder System Setup from the Main Menu and then 6 options within this folder will be displayed as follows. 1.
Page 181 4.1.1 Switch Information Select the option System Information from the System Setup menu and then the following screen shows up. Company Name: Enter a company name for this Managed Switch. System Object ID: Display the predefined System OID. System Contact: Enter the contact information for this Managed Switch. System Name: Enter a descriptive system name for this Managed Switch.
Page 182 M/B Version: Display the main board version. Serial Number: Display the serial number of this Managed Switch. Date Code: Display the date code of the Managed Switch firmware. Up Time: Display the up time since last restarting. Local Time: Display the local time of the system. CPU Temperature: Display the current CPU temperature of this device.
Page 183 4.1.2 IP Setup Click the option IP Setup from the System Setup menu and then the following screen page appears. Enable IPv4: Click the checkbox in front of enable IPv4 to enable IPv4 function on the Managed Switch. MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Managed switch.
Page 184 Gateway: Specify the IP address of a gateway or a router, which is responsible for the delivery of the IP packets sent by the Managed Switch. This address is required when the Managed Switch and the network management station are on different networks or subnets. The default value of this parameter is 0.0.0.0, which means no gateway exists and the network management station and Managed Switch are on the same network.
Page 185 Active: DHCP Tag-alternation is enabled, and the Configuration Type is specified as DHCP. But the Managed Switch has not acquired the DHCP-assgined IP address. (Note that the workings of the DHCP Tag-alternation functionality will not stop as long as the state is Active.) Just click on the checkbox of the corresponding port number to select the port(s) as IPv4 DHCP auto recycle port.
Page 186 Rapid Commit: Check to enable Rapid Commit which allows the server and client to use a two-message exchange to configure clients, rather than the default four-message exchange, DHCPv6 Unique Identifier (DUID): View-only field that shows the DHCP Unique Identifier (DUID). Current State: View-only field that shows currently assigned IPv6 address (by auto- configuration or manual) and Gateway of the Managed Switch.
Page 187 4.1.4 Time Server Setup Click the option Time Server Setup from the System Setup menu and then the following screen page appears. Time Synchronization: To enable or disable the time synchronization function. 1st Time Server: Set up the IPv4/IPv6 address of the first NTP time server. 2nd Time Server: Set up the IPv4/IPv6 address of the secondary NTP time server.
Page 188 4.1.5 Syslog Configuration Click the option Syslog Setup from the System Setup menu and then the following screen page appears. When DHCP snooping filters unauthorized DHCP packets on the network, the mal-attempt log will allow the Managed Switch to send event notification message to log server. Log Server: Enable or disable mal-attempt log function.
Page 189 4.1.6 Time Range Click the option Time Range from the System Setup menu and then the following screen page appears. This table displays the overview of each configured time range. Up to 10 entries can be set up. Occupied/Max Entry: View-only field. Occupied: This shows the amount of total Time Ranges that have already been created.
Page 190 Click Add Time Range to add a new time range entry and then the following screen page apprears for the further Time Range settings. Name: Specify a name for the Time Range Entry. Up to 32 alphanumeric characters can be accepted.
Page 191 4.2 Port Management In order to configure each port of the Managed Switch and monitor the real-time ports’ link-up status or traffic counters for maintenance or diagnostic purposes. Select the folder Port Management from the Main Menu and then 5 options within this folder will be displayed for your selection.
Page 192 4.2.1 Port Setup & Status Click the option Port Setup &Status from the Port Management menu and then the following screen page appears. Maximum Frame Size: Specify the maximum frame size between 1518 and 12288 bytes. The default maximum frame size is 12288 bytes. Statistics Polling Port: Specify the number of ports for data acquisition at a time.
Page 193 Reason in Port State field: View-only field that shows the cause of port’s link-down state. Description: Enter a unique description for the port. Up to 35 alphanumeric characters can be accepted. Preferred Media Type: Select copper or fiber as the preferred media type. Port Type: Select Auto-Negotiation or Manual mode as the port type.
Page 194 4.2.2 Port Traffic Statistics In order to view the real-time port traffic statistics of the Managed Switch, select the option Port Traffic Statistics from the Port Management menu and then the following screen page appears. Monitor: Choose the way of representing Port Traffic Statistics from the pull-down menu. Either “Rate”...
Page 195 4.2.3 Port Packet Error Statistics Port Packet Error Statistics mode counters allow users to view the port error of the Managed Switch. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Error Statistics from the Port Management menu and then the following screen page appears.
Page 196 4.2.4 Port Packet Analysis Statistics Port Packet Analysis Statistics mode counters allow users to view the port analysis history of the Managed Switch in both “Rate” and “Event” representing ways. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Analysis Statistics from the Port Management menu and then the following screen page appears.
Page 197 4.2.5 Port Mirroring In order to allow the destination port to mirror the source port(s) and enable traffic monitoring, select the option Port Mirroring from the Port Management menu and then the following screen page appears. Please note that functions of Port Isolation and Port Mirroring cannot be enabled concurrently.
Page 198 Enabled: Enable or disable the specific port mirroring. TX Source Port: Input the port number (e.g.1, 2, 3-7) to specify the transmitting packets of preferred source port(s) for mirroring. Please note that the port selected as the destination port cannot be the source port. RX Source Port: Input the port number (e.g.1, 2, 3-7) to specify the receiving packets of preferred source port(s) for mirroring.
Page 199 4.3 Link Aggregation Link aggregation is an inexpensive way to set up a high-speed backbone network that transfers much more data than any one single port or device can deliver without replacing everything and buying new hardware. For most backbone installations, it is common to install more cabling or fiber optic pairs than initially necessary, even if there is no immediate need for the additional cabling.
Page 200 4.3.1 Distribution Rule Click the option Distribution Rule from the Link Aggregation menu, the following screen page appears. There are six rules offered for you to set up packets according to operations. Source MAC Address: Enable or disable packets according to source MAC address. Destination MAC Address: Enable or disable packets according to Destination MAC address.
Page 201 The Managed Switch allows users to create 6 trunking groups. Each group consists of 2 to 8 links (ports). Occupied/Max Entry: View-only field. Occupied: This shows the amount of total registered trunking groups. Max: This shows the maximum number available for registration. The maximum number is Click Add Port Trunking to create a new trunking group and then the following screen page appears for the further port trunking settings.
Page 202 4.3.3 Link Aggregation Setup The Managed Switch supports dynamic Link Aggregation Control Protocol (LACP) which is specified in IEEE 802.3ad. Static trunks have to be manually configured at both ends of the link. In other words, LACP configured ports can automatically negotiate a trunked link with LACP configured ports on other devices.
Page 203 key value is between 0 and 255. When key value is set to 0, the port key is automatically set by the Managed Switch. Role: This allows LACP to be enabled (active or passive) or disabled on each port. Disable: Disable LACP on specified port(s). Active: Active LACP ports are capable of processing and sending LACP control frames.
Page 204 4.3.4 LACP Port Status LACP Port Status allows users to view a list of all LACP ports’ information. Select the option LACP Port Status from the Link Aggregation menu and then the following screen page appears. In this page, you can find the following information about LACP port status: Port: The number of the port.
Page 205 4.3.5 LACP Port Statistics In order to view the real-time LACP statistics status of the Managed Switch, select the option LACP Port Statistics from the Link Aggregation menu and then the following screen page appears. Port: The port that LACP packets (LACPDU) are transmitted or received. LACP Transmitted: The current LACP packets transmitted from the port.
Page 206 4.4 VLAN Setup A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
Page 207 Click the icon to remove a specified Port-Based VLAN and its settings from the Port-Based VLAN table. Or click Batch Delete to remove a number of / all Port-Based VLANs at a time by clicking on the checkbox belonging to the corresponding Port-Based VLAN in the Action field and then click Delete Select Item, these selected VLANs will be deleted immediately.
Page 208 4.4.2 802.1Q VLAN 802.1Q VLAN Concept Port-Based VLAN is simple to implement and use, but it cannot be deployed cross switches VLAN. The 802.1Q protocol was developed in order to provide the solution to this problem. By tagging VLAN membership information to Ethernet frames, the IEEE 802.1Q can help network administrators break large switched networks into smaller segments so that broadcast and multicast traffic will not occupy too much available bandwidth as well as provide a higher level security between segments of internal networks.
Page 209 It is important to note at this point that any network host connected to an Access Port is totally unaware of the VLAN assigned to the port. The network host simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them.
Page 210 Example : PortX configuration Configuration Result Trunk-VLAN = 10, 11, 12 PortX is an Access Port Access-VLAN = 20 PortX’s VID is ignored Mode = Access PortX’s PVID is 20 PortX sends Untagged packets (PortX takes away VLAN tag if the PVID is 20) PortX receives Untagged packets only Trunk-VLAN = 10,11,12...
Page 211 4.4.3 Introduction to Q-in-Q (DOT1Q-Tunnel) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
Page 212 4.4.4 IEEE 802.1q Tag VLAN The following screen page appears when you choose the option IEEE 802.1q Tag VLAN mode from the VLAN Setup menu and then select VLAN Interface function. 1. Trunk VLAN Setup: To create, modify or remove IEEE 802.1q Tag VLAN settings. 2.
Page 213 4.4.4.1 Trunk VLAN Setup The following screen page appears if you choose Trunk VLAN Setup function. Click Add Trunk VLAN to add a new VLAN and then the following screen page appears for the further IEEE 802.1q Tag VLAN settings. Click the icon to modify the settings of a specified 802.1q VLAN.
Page 214 4.4.4.2 VLAN Interface The following screen page appears if you choose VLAN Interface function. CPU VLAN ID: Specify an existing VLAN ID. Dot1q-Tunnel EtherType: Configure outer VLAN's ethertype. (Range: 0000~FFFF, Default: 9100). Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 215 Mode: Pull down the list in the Mode field and select the appropriate mode for each port. The port behavior of each mode is listed as the following table. Access: Set the selected port to the access mode (untagged). Trunk: Set the selected port to the trunk mode (tagged). Trunk-Native: Enable native VLAN for untagged traffic on the selected port.
Page 216 4.4.4.3 IEEE 802.1q VLAN Table The following screen page appears if you choose VLAN Table function. Please note that when the VLAN of specified port has already been changed by 802.1x Server through the 802.1x Assigned-VLAN function, please check the current assigned VLAN status on the 802.1X Setup > 802.1X Port Status webpage that we will describe in Section 4.12.
Page 217 4.4.5 VLAN Translation Configuration Besides the aforementioned ways of creating VLANs, another way to establish the translated VLANs is to configure VLAN ID translation (or VLAN mapping) on trunk ports connected to a customer network to map the original VLANs to the translated VLANs. Through this VLAN ID translation, it will save much effort in massive Ethernet network deployments.
Page 218 Entry: View-only field. This shows the number of VLAN mapping rule that is currently created. Name: Specify a name for the VLAN mapping rule. Up to 32 alphanumeric characters can be accepted. Port: Specify one preferred trunk port used for the VLAN ID translation. (For more details on turnk Section 4.4.4.2 “VLAN port settings, please refer to Interface”.)
Page 219 4.4.6 Selective Q-in-Q Configuration Selective Q-in-Q, an extension of DOT1Q-Tunnel, is implemented based on both interfaces and VLAN IDs. An interface configured with Selective Q-in-Q can forward packets based on a single VLAN tag or double VLAN tags. Additionally, Selective Q-in-Q adds different outer VLAN tags to packets carrying different inner VLAN IDs.
Page 220 Sort By: Sort all of the registered Selective Q-in-Q rules by selecting Entry/Port/Inner VID/Outer VID option from the Sort By pull-down menu. Occupied/Max Entry: View-only field. Occupied: This shows the amount of total Selective Q-in-Q rules that have already been created.
Page 221 Click the icon to modify the settings of a specified Selective Q-in-Q rule. Click the icon to remove a specified Selective Q-in-Q rule and its settings from the Selective Q- in-Q rule table. Or click Batch Delete to remove a number of / all Selective Q-in-Q rules at a time by clicking on the checkbox belonging to the corresponding rule in the Action field and then click Delete Select Item, these selected rules will be deleted immediately.
Page 222 4.5 Rapid Spanning Tree The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.
Page 223 4.5.1 RSTP Switch Setup Click the option RSTP Switch Setup from the Rapid Spanning Tree menu and then the following screen page appears. State: Enable or disable Rapid Spanning Tree function globally. System Priority: Each interface is associated with a port (number) in the STP code. And, each switch has a relative priority and cost that is used to decide what the shortest path is to forward a packet.
Page 224 4.5.2 RSTP Port Setup Click the option RSTP Port Setup from the Rapid Spanning Tree menu and then the following screen page appears. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 225 4.5.3 RSTP Status RSTP Status allows users to view a list of RSTP brief information such as Bridge ID, topology status and Root ID, a list of all RSTP ports’ information, and the real-time RSTP statistics of the Managed Switch. Please select the option RSTP Status from the Rapid Spanning Tree menu and then the following screen page appears.
Page 226 Edge Port: “Yes” is displayed if the port is the Edge port connecting to an end station and does not receive BPDU. P2P Port: “Yes” is displayed if the port link is connected to another STP device. Protocol: Display RSTP or STP. Role: Display the Role of the port (non-STP, forwarding or blocked).
Page 227 CTS’s fast redundancy provides Fast Ring v2 and Chain two redundancy protocols, which allows you to configure 2 rings, 2 chains, or 1 ring & 1 chain at most for a switch.
Page 228 1. Fast Redundancy Setup: Configure Fast Ring v2 or Chain protocol to achieve network redundancy and maximum availability. 2. Fast Redundancy Status: Investigate a comprehensive table displaying the up-to-date Fast Redundancy status for the monitoring and analysis of your configured network redundancy. 4.6.1 Fast Redundancy Setup To configure the Fast Ring v2 or Chain fast redundancy, click the option Fast Redundancy Setup from the Fast Redundancy menu and then the following screen page appears.
Page 229 Occupied: This shows the amount of total fast redundancy that have already been created. Max: This shows the maximum number available for fast redundancy. The maximum number is 2. Group ID: The group ID of the fast redundancy. Up to 2 group IDs can be supported. Enable: Enable or disable the ring you configure.
Page 230 4.6.1.1.1 Configure a Ring Example using the Fast Ring v2 Protocol Fig. 4-1 Fast Ring v2 Example Diagram The above topology often occurs using the Fast Ring v2 protocol and is configured as the following table. Switch ID Role Redundancy Port Physical Port Redundancy Port Port 5...
Page 231 Just follow the procedures listed below for step-by-step instructions to configure a ring as Fig. 4-1 using the Fast Ring v2 protocol. Step 1: Set up the Fast Ring v2 configuration on Switch 1. 1-1 . Connect a computer to Switch 1 directly; do not connect to Port 5 & 6. 1-2.
Page 232 The Chain redundancy protocol can be applied to the networks with a complex topology. If the network uses a multi-ring architecture, CTS’s Chain can be the best solution to create flexible and scalable topologies with a fast media recovery time.
Page 233 Occupied/Max Entry: View-only field. Occupied: This shows the amount of total fast redundancy that have already been created. Max: This shows the maximum number available for fast redundancy. The maximum number is 2. Group ID: The group ID of the fast redundancy.
Page 234 Click the icon to modify the settings of a specified fast redundancy. Click the icon to remove a specified fast redundancy and its settings from the Fast Redundancy Setup table. Or click Batch Delete to remove a number of / all fast redundancy at a time by clicking on the checkbox belonging to the corresponding fast redundancy in the Action field and then click Delete Select Item, the fast redundancy will be deleted immediately.
Page 235 4.6.1.2.1 Configure a Chain Example using the Chain Protocol Fig. 4-2 Chain Example Diagram The above topology often occurs using the Chain protocol and is configured as the following table. Switch ID Redundancy Port Physical Port Port Role Redundancy Port Port 5 Head Switch 1...
Page 236 Just follow the procedures listed below for step-by-step instructions to configure a chain as Fig. 4-2 using the Chain protocol. Step 1: Set up the Chain configuration on Switch 1. 1-1 . Connect a computer to Switch 1 directly; do not connect to Port 5 & 6. 1-2 .
Page 237 Step 3: Set up the Chain configuration on Switch 3. 3-1 . Connect a computer to Switch 3 directly; do not connect to Port 5 & 6. 3-2 . Login into the Switch 3 and also go to Fast Redundancy > Fast Redundancy Setup for the chain configuration.
Page 238 4.6.2 Fast Redundancy Status Fast Redundancy Status allows users to view a list of Fast Redundancy detailed information. This status page is mainly divided into three subdivisions: Topology Change Status, allowing users to keep abreast of the dynamic change of the topology wherein the switches operate; Fast Redundancy Status, delivering a comprehensive information in exact accordance with the saved- configuration;...
Page 239 2. Group ID: The group ID of the fast redundancy. 3. Description: The description of the group. 4. Enable: The availability of the fast redundancy. 5. Protocol: The fast redundancy specified as either “Fast Ring v2” or “Chain.” 6. Role: The role assigned to the Managed Switch as either Slave or Master when Fast Ring v2 protocol is chosen.
Page 240 the created Fast Redundancy. The maximum number is 2. 2. TX/RX Source Normal: The amount of packets successfully transmitted/received. 3. TX/RX Source Failure: The amount of packet loss in transmitting/receiving. 4. Clear: This allows users to reset the recorded information. 4.7 MAC Address Management Select the folder MAC Address Management from the Main Menu and then 3 options will be displayed for your selection.
Page 241 4.7.1 MAC Table Learning Click the option MAC Table Learning from the MAC Address Management menu and then the following screen page appears. MAC Address Aging Time: Specify MAC address table aging time between 0 and 900 seconds. “0” means that MAC addresses will never age out. MAC Address Learning Per Port: Enable port MAC address learning function on the specified ports by clicking on the checkbox of the corresponding port number.
Page 242 4.7.2 Static MAC Table Setup Click the option Static MAC Table Setup from the MAC Address Management menu and then the following screen page appears. This table will display the overview of each port’s static source MAC addresses typed as “Manual”, which are manually added by clicking on the Add Static MAC button.
Page 243 Occupied/Max Entry: View-only field. Occupied: This shows the amount of total static MAC address that have already been created of the specific port. Different ports may have different values. Max: This shows the maximum number available for static MAC address of each port. The maximum number is 50.
Page 244 4.7.3 MAC Address Table MAC Address Table displays MAC addresses learned when MAC Address Learning is enabled. Select the option MAC Address Table from the MAC Address Management menu and then the following screen page appears. The table that sits at the very top of the webpage displays an up-to-date summary of the MAC address table down below.
Page 245 MAC Address Filter Condition section delivers a flexible approach to investigating the MAC address table in accordance with the specified filter options, which are respectively described below to guide you through the filter setup. When you have done determining the filtering behavior, click Search to update the MAC address table.
Page 246 4.8 QoS Setup Network traffic is always unpredictable and the only basic assurance that can be offered is the best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is prioritized according to specified criteria and receives preferential treatments.
Page 247 4.8.1 QoS Priority Select the option QoS Priority from the QoS Setup menu and then the following screen page appears. Priority Mode: Select the QoS priority mode of the Managed Switch. IEEE 802.1p: IEEE 802.1p mode utilizes p-bits in VLAN tag for differential service. DSCP: DSCP mode utilizes TOS field in IPv4 header for differential service.
Page 248 802.1p to Queue Mapping: Assign an 802.1p value (0~7) of 8 different levels to the specific queue. DSCP to Queue Mapping: Assign a DSCP value (0~63) of 64 different levels to the specific queue by pulling down the Queue menu. Or directly input a range of the DSCP value (e.g.1, 2, 3-7) in the DSCP Value List field and specify them to the preferred queue from the Queue pull-down menu at a time.
Page 249 4.8.2 QoS Remarking QoS Remarking includes 802.1p Remarking and DSCP Remarking. To configure it, select the option QoS Remarking from the QoS Setup menu and then the following screen page appears Please note that 802.1p / DSCP remarking rule will not affect the priority mapping rule. Configure 802.1p Remarking: This allows you to enable or disable 802.1p remarking for each priority by pulling down the 802.1p Remarking...
Page 250 Configure DSCP Remarking: This allows you to enable or disable DSCP remarking for each priority by pulling down the DSCP Remarking menu. The default setting is disabled.
Page 251 4.8.3 QoS Rate Limit Select the option QoS Rate Limit from the QoS Setup menu and then the following screen page appears. This allows users to specify each port’s both inbound and outbound bandwidth. The excess traffic will be dropped. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 252 4.9 Multicast Configuration Select the folder Multicast from the Main Menu, IGMP/MLD Snooping subfolder, Static Multicast Setup option and MVR subfolder for multicast setup will be displayed. 4.9.1 IGMP/MLD Snooping The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups.
Page 253 1. IGMP/MLD Setup: To enable or disable IGMP/MLD Snooping, IGMPv3/MLDv2 Snooping, Unregistered IPMC Flooding and set up router ports. 2. IGMP/MLD VLAN Setup: To set up the ability of IGMP/MLD snooping and querying with VLAN. 3. IPMC Segment: To create, edit or delete IPMC segment. 4.
Page 254 4.9.1.1 IGMP/MLD Setup Select the option IGMP/MLD Setup from the IGMP/MLD Snooping menu and then the following screen page appears. Please note that Query Interval value must be greater than the value of Query Response Interval. IGMP/MLD Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic.
Page 255 Router Port: When ports are connected to the IGMP administrative routers, they should be checked. Or directly input the port number (e.g.1, 2, 3-7) in the Quick Select field and then press the Select button, the specified port(s) will be checked immediately. Besides, you can choose all ports at a time by clicking on the checkbox in front of Select All as well.
Page 256 4.9.1.2 IGMP/MLD VLAN Setup Select the option IGMP/MLD VLAN Setup from the IGMP/MLD Snooping menu and then the following screen page with the fucnions of IGMP Snooping and Querying in VLAN(s) appears. Select: Enable or disable any new settings configured in the row of All VID to be applied as well to all VIDs at a time.
Page 257 4.9.1.3 IPMC Segment Select the option IPMC Segment from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Segment ID, Name and IP Range appears. This table will display the overview of each configured IPMC segment. Up to 400 IPMC segments can be created.
Page 258 Click the icon to remove a specified registered IPMC segment entry and its settings from the IPMC segment table. Or click Batch Delete to remove a number of /all IPMC segments at a time by clicking on the checkbox belonging to the corresponding IPMC segment in the Action field and then click Delete Select Item, the selected IPMC segment(s) will be deleted immediately.
Page 259 4.9.1.4 IPMC Profile Select the option IPMC Profile from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Profile appears. This table will display the overview of each configured IPMC profile. Up to 60 IPMC profiles can be registered.
Page 260 Click the icon to remove a specified registered IPMC profile entry and its settings from the IPMC profile table. Or click Batch Delete to remove a number of /all IPMC profiles at a time by clicking on the checkbox belonging to the corresponding IPMC profile in the Action field and then click Delete Select Item, the selected IPMC profile(s) will be deleted immediately.
Page 261 4.9.1.5 IGMP/MLD Filtering Select the option IGMP/MLD Filtering from the IGMP/MLD Snooping menu and then the following screen page appears. Port: View-only field that shows the port number that is currently configured. Channel Limit: Specify the maximum transport multicast stream. Vaild range is 1~512. To quickly set up this parameter at a time, just directly input the port number (e.g.1, 2, 3-7) in the field of Port List, the specified port(s) will be given the assigned value in the Channel Limit field in front of the Insert button immediately when pressing this Insert button.
Page 262 IGMP/MLD Filter: This option is to globally enable or disable the IGMP/MLD filter. The default setting is “Disabled”. Enable: To enable each port’s IGMP/MLD filtering function by clicking on the checkbox of the corresponding port number. The default setting is “unchecked”, which is disabled. IPMC Profile: In IGMP filtering, it only allows information specified in IPMC Profile fields to pass through.
Page 263 4.9.1.6 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select the option IGMP Snooping Status from the IGMP/MLD Snooping menu and then the following screen page appears.
Page 264 4.9.1.7 IGMP Group Table In order to view the real-time IGMP multicast group status of the Managed Switch, select the option IGMP Group Table from the IGMP/MLD Snooping menu and then the following screen page appears. Total Entry: The total number of entries displayed in the IGMP group table. Refresh: Click Refresh to update the IGMP group table.
Page 265 4.9.1.8 MLD Snooping Status MLD Snooping Status allows users to view a list of MLD queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select the option MLD Snooping Status from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest MLD snooping status.
Page 266 4.9.1.9 MLD Group Table In order to view the real-time MLD multicast group status of the Managed Switch, select the option MLD Group Table from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest MLD group table. VLAN ID: VID of the specific VLAN.
Page 267 4.9.2 Static Multicast Configuration Select the option Static Multicast Setup from the Multicast menu and then the following screen page appears. This table will display the overview of each configured static multicast entry. Up to 128 static multicast entries can be created. Occupied/Max Entry: View-only field.
Page 268 Click the icon to remove a specified registered static multicast entry and its settings from the static multicast table. Or click Batch Delete to remove a number of /all static multicast entries at a time by clicking on the checkbox belonging to the corresponding static multicast entry in the Action field and then click Delete Select Item, the selected static multicast entry/entries will be deleted immediately.
Page 269 4.9.3 MVR Configuration MVR (Multicast VLAN Registration) allows clients receiving multicast stream transmitted from the upstream device to reside in different VLANs, which is particularly suitable for networks with the high demand of bandwidth. Instead of transmitting multiple copies of multicast traffic to clients in the different VLANs separately, an upstream device merely needs to transmit multicast traffic to a multicast VLAN if the configured MVR is enabled on Managed Switch.
Page 270 4.9.3.1 MVR Sytstem Setup MVR System Setup allows users to create the multicast VLANs. Select the option MVR System Setup from the MVR menu and then the following screen page appears. This table will display the overview of each configured multicast VLAN entry. Up to 128 MVR entries can be created.
Page 271 Index: The identification number for each MVR entry. MVR VLAN: Specify a VLAN ID to configure the specified VLAN as the multicast VLAN. Name: Specify a MVR name for the specific multicast VLAN. Up to 15 characters can be accepted. Enable: Enable or disable the new MVR you create.
Page 272 4.9.3.2 MVR Port Setup MVR Port Setup allows users to configure the receiver/sender MVR port for the existing multicast VLANs. Select the option MVR Port Setup from the MVR menu and then the following screen page appears. This table will display the overview of each configured MVR port entry. Up to 512 MVR port entries can be created.
Page 273 Port: Specify a port number to configure the specified port as the multicast port. Port Type: Specify the port type for the specific multicast port, either receiver or sender. Receiver port: Configure a port as a receiver port if it is a client port and should only receive multicast data.
Page 274 4.9.3.3 Multicast Group Setup Multicast Group Setup allows users to configure a range of multicast IP addresses for the existing multicast VLANs. Select the option Multicast Group Setup from the MVR menu and then the following screen page appears. This table will display the overview of each configured multicast group entry. Up to 128 multicast group entries can be created.
Page 275 NOTE: The value of the multicast IP address that starts for the specific multicast group cannot be greater than the one ends. Click OK when the settings are completed, this new multicast group entry will be listed on the multicast group table, or click Cancel to cancel the settings. Click the icon to modify the settings of a specified multicast group entry.
Page 276 4.10 Access Control List (ACL) Setup Creating an access control list allows users to define who has the authority to access information or perform tasks on the network. In the Managed Switch, users can establish entries applied to port numbers to permit or deny actions. Select ACL Setup from the Main Menu and then the following screen page appears.
Page 277 Add an IPv4 ACL Entry Add an IPv6 ACL Entry...
Page 278 Sort By: Sort all of the created IPv4/IPv6 ACL entries by selecting Index/Sequence option from the Sort By pull-down menu. Index: The identification number for each ACL entry. Name: Specify the name of the ACL entry. Sequence: Valid range: 1-65536, 1 will be processed first. Default: 100 Enable: Enable or disable the ACL entry.
Page 279 Click the icon to modify the settings of a specified ACL entry. Click the icon to remove an existing ACL entry and its settings from the IPv4 or IPv6 ACL table. Or click Batch Delete to remove a number of /all ACL entries at a time by clicking on the checkbox belonging to the corresponding ACL entry in the Action field and then click Delete Select Item, the selected ACL entries will be deleted immediately.
Page 280 4.11 Security Setup In this section, several Layer 2 security mechanisms are provided to increase the security level of your Managed Switch. Layer 2 attacks are typically launched by or from a device that is physically connected to the network. For example, it could be a device that you trust but has been taken over by an attacker.
Page 281 7. Port Linkup Delay: Set up the delay time for activating the delay port(s). 8. Port Link Flap: Set up the maximum times of a port’s port link flap (linkdown or linkup) for sending the alarm message out via SNMP trap and syslog. 9.
Page 282 4.11.1 DHCP Snooping Configuration Select the option DHCP Snooping from the Security Setup folder and then three functions, including DHCP Snooping Setup, DHCP Option 82 / DHCPv6 Option 37 Setup and DHCP Snooping Table will be displayed for your selection. 4.11.1.1 DHCP Snooping Setup The following screen page appears if you choose DHCP Snooping Setup function.
Page 283 4.11.1.2 DHCP Option 82 / DHCPv6 Option 37 Setup The Managed Switch can add information about the source of client DHCP requests that relay to DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information.
Page 284 forwards the request message to DHCP server. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time. To enable it, please click on its checkbox in the row of All port, and then all ports will be checked immediately afterwards.
Page 285 A DHCP request is from Port 2 that is marked as Opt82 port. A. If a DHCP request is with Opt82 Agent information and then the Managed Switch will drop it because it is not marked as a trust port. B.
Page 286 4.11.1.3 DHCP Snooping Table DHCP Snooping Table displays the Managed Switch’s DHCP Snooping table. The following screen page appears if you choose DHCP Snooping Table function. Clear DHCP Client Binding Port: Clear the DHCPv4/DHCPv6 snooping entry. Specify the DHCP client binding port, and click Clear to remove the intended DHCPv4/DHCPv6 snooping entry. Refresh: Click Refresh to update the DHCP snooping table.
Page 287 4.11.2 IP Source Guard Setup Select the option IP Source Guard Setup from the Security Setup menu and then the following screen page appears. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 288 4.11.3 Port Isolation This is used to set up port’s communication availability that they can only communicate with a given "uplink". Please note that if the port isolation function is enabled, the Port-based VLAN will be invaild automatically. Also note that "Port Isolation" function is not "Private VLAN" fucntion. Select the option Port Isolation from the Security Setup menu and then the following screen page appears.
Page 289 4.11.4 Static IPv4/IPv6 Table Setup Click the option Static IPv4/IPv6 Table Setup from the Security Setup menu and then the following screen page appears. This table will display the overview of each configured static IPv4/IPv6 IP address and port mapping. Up to 48 static IP addresses can be created. Occupied/Max Entry: View-only field.
Page 290 Click the icon to remove a specified static IP address entry and its settings from the static IPv4/IPv6 table. Or click Batch Delete to remove a number of /all static IP addresses at a time by clicking on the checkbox belonging to the corresponding static IP address in the Action field and then click Delete Select Item, the selected static IP address/addresses will be deleted immediately.
Page 291 Step 2. Enable DHCP Snooping Step 3. Connect your clients to the Managed Switch After you complete Step 1 & 2, connect your clients to the Managed Switch. Your clients will send a DHCP Request out to DHCP Server soon after they receive a DHCP offer. When DCHP Server responds with a DHCP ACK message that contains lease duration and other configuration information, the IP configuration process is complete.
Page 292 4.11.5 Storm Control When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per port basis so as to protect network from broadcast/unknown multicast/ unknown unicast storms.
Page 293 when pressing the Select button in back of it. The new settings configured in the row of All port will be applied to these checked ports. Port: The number of the port. Three options of frame traffic are provided to allow users to enable or disable the storm control: Unknown Unicast Rate: Enable or disable unknown Unicast traffic control and set up unknown Unicast Rate packet per second (pps) for each port.
Page 294 4.11.6 MAC Limiters This is to set number of threshold within which MAC address can be learned. After it reaches the threshold, any other incoming MAC address would be dropped or port would be shutdown until the recovery mechanism activates. Please note that MAC address table will be erased if the Mac Limit function is enabled.
Page 295 MAC Limit: Globally enable the MAC Limit function of the switch. After that, proceed to further port settings as shown below. Threshold Interval for Notification: To set up the time interval of sending the alarm trap or system log if the number of source MAC address learned exceeds the limit continuously. Refresh: Click Refresh to update the MAC Limiters status.
Page 296 4.11.7 Port Linkup Delay Port Linkup Delay is to set up a period of time for postponing the specific port(s) to be active in the stage of the system initialization. As for the remaining ports of the switch, they will be normally activated and be able to learn the MAC address first.
Page 297 4.11.7.2 Configure Port Linkup Delay Based on “MAC_Limit” Delay Rule When Release Delay Rule is configured as “MAC_Limit”, and the field of Release Delay Trigger Port List will be displayed for the user to set up the trigger port(s) for the port linkup delay. For example, In case that Release Delay Rule is configured as "MAC-Limit", Delay Port List is configured as port number 1-10, and Release Delay Trigger Port List is configured as port number 11-12 with...
Page 298 4.11.8 Port Link Flap Port Link Flap will notify the user the link-down and link-up alarm message of any port via SNMP trap and syslog when its port link flap times exceed the threshold. A port links down or links up, which will be considered as one time of this port’s port link flap.
Page 299 Note: Under loop condition, the LED of looped port continues to slowly blink orange even the connected network cable is unplugged out of looped port. To set up Loop Detection function, select the option Loop Detection from the Security Setup menu and then the following screen page appears.
Page 300 All VLAN: Check All VLAN box to enable loop detection on all trunk-VLAN-vids configured in the VLAN Interface under IEEE 802.1q Tag VLAN (Refer to Section 4.4.4.2) NOTE: When All VLAN checkbox is checked, it invalidates the configured “Specific VLAN”. Specific VLAN: Set up loop detection on specified VLAN.
Page 301 4.11.10 L2 Control Protocol Filter Setup Select the option L2 Control Protocol Filter Setup from the Security Setup menu and then the following screen page appears. Layer 2 Control Protocol: 0180C200000X: Select either “Disabled” or “Enabled”. When “Enabled” is selected, packets from the address ranging from 0180C2000000 to 0180C200000F will be dropped.
Page 302 4.12 802.1X Setup The IEEE 802.1X/MAB standard provides a port-based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports. Before services are made available to clients connecting to a VLAN, clients that are 802.1X- complaint should successfully authenticate with the authentication server.
Page 303 4.12.1 802.1X System Setup The following screen page appears if you choose 802.1X System Setup function. Enable: Enable or disable IEEE 802.1X/MAB on the Managed Switch. When enabled, the Managed Switch acts as a proxy between the 802.1X-enabled client and the authentication server. In other words, the Managed Switch requests identifying information from the client, verifies that information with the authentication server, and relays the response to the client.
Page 304 4.12.2 802.1X Port Setup The following screen page appears if you choose 802.1X Port Setup function. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time. To enable it, please click on its checkbox in the row of All port, and then all ports will be checked immediately afterwards.
Page 305 RADIUS-Assigned VLAN Enabled: Allow the RADIUS server to send a VLAN assignment to the device port. Re-Authentication Enabled: Enable or disable the auto re-authentication function for each port. Re-Authentication Period (Secs 1-65535): Specify a period of authentication time that a client authenticates with the authentication server.
Page 306 4.12.3 802.1X Port Status 802.1X Port Status allows users to view a list of all 802.1x ports’ information. The following screen page appears if you choose 802.1X Port Status function. In this webpage, you can find the following information about 802.1X ports and view the real-time 802.1X port statistics of the Managed Switch.
Page 307 Rx Auth. Failures: Display the number of the received RADIUS Access-Reject messages on the port. Tx Total: Display the number of the EAPOL messages transmitted on the port. Tx Request ID: Display the number of the EAP-Request/Identity messages transmitted on the port.
Page 308 4.13 LLDP Configuration LLDP stands for Link Layer Discovery Protocol and runs over data link layer which is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.
Page 309 4.13.1 LLDP Setup Click the option LLDP Setup from the LLDP menu and then the following screen page appears. State: Globally enable or disable LLDP function. Receiver Hold-Time (TTL): Enter the amount of time for receiver hold-time in seconds. The Managed Switch will keep the information sent by the remote device for a period of time you specify here before discarding it.
Page 310 4.13.2 LLDP Status Click the option LLDP Status from the LLDP menu and then the following screen page appears. Refresh: Click Refresh to update the LLDP Status table. Port: View-only field that shows the port number on which LLDP frames are received. Chassis ID: View-only field that shows the MAC address of the LLDP frames received (the MAC address of the neighboring device).
Page 311 4.14 Power over Ethernet PoE (Power Over Ethernet) is the technology that a data-carrying RJ-45 cable can play a role in power supplier. Typically, a PoE switch is deployed at the center of the network for power transmission and supplys electricity to PDs (powered devices) up to 100 meters away through TP ports.
Page 312 4.14.1 PoE Setup Click the option PoE Setup from the Power over Ethernet menu and then the following screen page appears. PoE: Globally enable or disable PoE function. Total PoE Budget: View-only field. It shows the total power budget in watt that Switch can provide. PoE Usage Alarm Threshold: Set up the power usage alarm threshold in percentage.
Page 313 Priority: Each PoE port will be powered on in sequence according to assigned port priority. PoE Setting (Port): Configure PoE-related settings for each port. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 314    NOTE: Power will be cut off upon the order of port number (Port4 Port3 Port2 Port1) if ports are assigned with the same priority. For example, When Port2 and Port4 are both the low- priority ports, power supplied by Port4 will be cut off earlier than Port2. Budget: The power budget for specified port.
Page 315 4.14.2 PoE Status Click the option PoE Status from the Power over Ethernet menu and then the following screen page appears. Refresh: Click Refresh to update the PoE Status table. Port: View-only field that shows the port number of each PoE port. Powered Device Name: View-only field that shows the Powered device name entered on the “PoE Setup”...
Page 316 PoE Output Status: View-only field that shows the current PoE output status. Each status is described below. Overload: The power output of the port exceeds the PoE budget. Searching: The power output of the port has been cut off, the port is not currently connected, or the port is recovering from “Auto Off”...
Page 317 4.15 Layer 2 Protocol Tunneling Configuration L2PT (Layer 2 Protocol Tunneling) allows Layer 2 protocol data units (PDUs), including CDP(Cisco Discovery Protocol), LLDP(Link Layer Discovery Protocol), STP(Spanning Tree Protocol), VTP(Vlan Trunking Protocol), LACP(Link Aggregation Control Protocol), PAgP(Port Aggregation Protocol), and UDLD(Unidirectional Link Detection), to be tunneled through a network. Without L2PT, the handling of the PDUs will create different spanning tree domains (different spanning tree roots) for the customer switches.
Page 318 1. Layer 2 Protocol Tunneling Setup: Enable or disable L2PT function and set up acceptable BPDUs for GBPT (Generic Bridge PDU Tunneling). 2. Layer 2 Protocol Tunneling Status: View the state of Layer 2 protocol data units (PDUs) and their encapsulation, decapsulation and drop counters of each port.
Page 319 4.15.1 Layer 2 Protocol Tunneling Setup Select the option Layer 2 Protocol Tunneling Setup from the Layer 2 Protocol Tunneling menu and then the following screen page appears. Layer 2 Protocol Tunneling: Enable or disable the Layer 2 Protocol Tunneling fuction globally. Destination MAC Address: Specify a MAC address for GBPT.
Page 320 4.15.2 Layer 2 Protocol Tunneling Status Layer 2 Protocol Tunneling Status displays the state of each Layer 2 protocol data units (PDUs) and the statistics of each PDU’s encapsulation as well as decapsulation. Select Layer 2 Protocol Tunneling Status option from the Layer 2 Protocol Tunneling menu and then the following screen page appears.
Page 321 4.16 Maintenance Maintenance allows users to monitor the real-time operation status of the Managed Switch for maintenance or diagnostic purposes and easily operate and maintain the system. Select the folder Maintenance from the Main Menu and then 9 options within this folder will be displayed for your selection.
Page 322 host. You can also specify the counts and size of Ping packets. 7. Event Log: Event log can keep a record of system’s log events such as system warm start, cold start, link up/down, user login/logout, etc. They will be kept only when your CPU version is A06 with Boot ROM version A08 or later version.
Page 323 4.16.1 CPU Loading CPU Loading is to manually or automatically update the current loading of CPU as well as the CPU loading record, and configure the CPU loading alarm notification. Select the option CPU Loading from the Maintenance menu and then the following screen page appears.
Page 324 Threshold: Specify a value for the CPU loading alarm threshold. Valid range: 1-99 (percentage). Restore: Specify a value for the CPU loading restore threshold. Valid range: 1-99 (percentage). The Restore threshold value should be lower than the value entered in Threshold column. Observation Interval: Specify a value for Threshold and Restore Observation Interval time in seconds.
Page 325 4.16.2 System Memory System Memory is to manually or automatically update statistics of Memory. Select the option System Memory from the Maintenance menu and then the following screen page appears. Refresh Page Interval: Automatically updates statistics of Memory at a specified interval in seconds.
Page 326 4.16.3 CPU Temperature Status With the built-in temperature sensor, the Managed Switch is capable of detecting whether CPU temperature is at normal status or not. In addition, by the the notification via trap, syslog and event log, the user can realize the real-time CPU temperature to prevent the device’s lifespan from being shorten due to the abnormal operation environment.
Page 327 Refresh Page Interval: Automatically updates CPU temperature of the system at a specified interval in seconds. Please note that the value you assign in this parameter is temporarily used and will not be saved into the configuration file of the Managed Switch. This value will not be applied into the next system boot-up.
Page 328 Last Status Normal Over the Threshold Detected Status Send the “CPU No message will be sent. temperature is at or Normal under threshold” normal message. Send the “CPU Send the “CPU temperature is over temperature is over Over the threshold” alarm threshold”...
Page 329 4.16.4 FAN State FAN State is to manually or automatically update the fan’s (located on the rear panel of Switch) speed and status for the system diagnostics. With the built-in fan sensor of Chassis, the user can diagnose device’s heat dissipation is good or not by monitoring the real-time speed of the fan. Select the option FAN State from Maintenance menu and then the following screen page appears.
Page 330 4.16.5 System Voltage System Voltage, also offered for the system diagnostics, is to let the user know that whether the system is in healthy status or not through the diagnosis of system’s internal powers such as ASIC system power, ASIC core power, and internal power. The user can manually or automatically update the voltages as well as status of the above powers and realize their real-time information with the voltage sensor built in Managed Switch.
Page 331 State: In ASIC system power, “Warning” will be shown in orange color if its voltage is at or over the High threshold (≥ 3.40 V) or is at or under the Low threshold (≤ 3.20 V). Or it will show “Normal” in green color if its voltage is higher than the Low threshold and lower than the High threshold (3.20 V <...
Page 332 4.16.6 Ping Ping can help you test the network connectivity between the Managed Switch and the host. Select the option Ping from the Maintenance menu and then the following screen page appears. Enter the IPv4/IPv6 address of the host you would like to ping. You can also specify the count and size of the Ping packets.
Page 333 4.16.7 Event Log Event log keeps a record of switch-related information. A network manager can investigate the information captured in the Event Log and therefore analyze the network traffic, usage, and security. Select the option Event Log from the Maintenance menu and then the following screen page appears.
Page 334 3. Click the pull-down menu of entries per page to select the maximum number of event entries displayed on each page. Click First, Last or select the intended page from the pull-down menu of Page to achieve page jumps; click Previous or Next to maneuver the display of the event log table. Filter: Configure each filter setting to customize the display of the event log table.
Page 335 4. Item List: Click Select to specify certain/all event categories from the collapsible section to enable event filtering. 5. Display Log Item List: Click each checkbox of one particular event category to select the intended event categories. Or quickly configure the desired event categories at a time by directly inputting the item number (e.g.1, 2, 3-7) in the Quick Select field located at the top- right corner of the Display Log Item List table.
Page 336 4.16.8 Port Link Flap Log Port Link Flap Log shows each port’s log history of trigger events such as the port link flap (a port’s linkdown or linkup), the count of port’s port link flap, the reason that causes these triggered events, the time duration that the port link flap lasts, Rx power(dBm) of SFP ports, and so on.
Page 337 Status Duration: The period of time that the specific port’s port link flap lasts until a new one occurs. This value is equal to the above parameters "Up Time" of the next index – "Up Time" of the specific index. (e.g. Index 5’s status duration = Index 6’s "Up Time" – Index 5’s "Up Time".) As to the status duration of the newest link flap, it will be equal to system’s "Up Time"...
Page 338 4.16.9 SFP Information Select the option SFP Information from the Maintenance menu and then two functions, including SFP Port Info, SFP Port State, and SFP Port Threshold Configuration within this subfolder will be displayed. 4.16.9.1 SFP Port Info SFP Port Info displays each port’s slide-in SFP/SFP+ Transceiver information e.g. the speed of transmission, the distance of transmission, vendor Name, vendor PN, vendor SN, etc.
Page 339 Speed: Data rate of the slide-in SFP/SFP+ Transceiver. Distance: Transmission distance of the slide-in SFP/SFP+ Transceiver. Vendor Name: Vendor name of the slide-in SFP/SFP+ Transceiver. Vendor PN: Vendor PN of the slide-in SFP/SFP+ Transceiver. Vendor SN: Vendor SN of the slide-in SFP/SFP+ Transceiver.
Page 340 4.16.9.2 SFP Port State SFP Port State displays each port’s slide-in SFP/SFP+ Transceiver information e.g. the currently detected temperature, voltage, TX Bias, etc. The following screen page appears if you choose SFP Port State function. Refresh: Click Refresh to update the SFP Port State status. Port: The number of the SFP/SFP+ module slide-in port.
Page 341 SFP Threshold Enable: Globally enable or disable the alarm notification of temperature/current/ voltage/TX power/RX power for SFP ports of the Managed Swtich. Threshold Interval for Notification: Specify the time interval of sending SFP ports’ temperature/current/voltage/TX power/RX power alarm message in seconds. The interval can be set from 120 to 86400 seconds.
Page 342 ports will be checked immediately afterwards. Or quickly configure the desired ports at a time, you can also directly input the port number (e.g.1, 2, 3-7) in the Quick Select field located at the top- right corner of the SFP Threshold table, the specified port(s) will be checked immediately when pressing the Select button in back of it.
Page 343 4.16.10 Digital Input The DI (Digital Input) with a dry contact is a voltage-free connector that is used to decide whether the trigger occurs or not by detecting its open/close status. Refer to the following figure for the DI configuration. Open: Logic Level 0 Close: Logic Level Select the option Digital Input from the Maintenance menu and then two functions, including...
Page 344 4.16.10.2 Digital Input Status Select Digital Input Status from the Digital Input menu and then the following screen page appears. Click Refresh to update the digital input and alarm status. Current Status: View-only field that shows the current status of Digital Input 1. Alarm: View-only field that shows the current alarm status.
Page 345 4.17 Advanced Diagnosis Apart from the universal monitoring functionality that comes with the Managed Switch, Advanced Diagnosis allows administrators to examine the device’s operation at a more detailed level and therefore efficiently pinpoint the root cause of potential/existing erroneous functioning. Select the folder Advanced Diagnosis from the Main Menu and then all the available testing options within this folder will be displayed for your selection.
Page 346 4.17.1 Cable Diagnosis Ethernet cables, consisting of two separate pairs of insulated wires, could at times malfunction due to unknown technical issues. As troublesome as they are by nature for the data transmission interference, the difficulties in detecting where and what the cable faults stem from undoubtedly make things worse.
Page 347 Port Type: The port type of the interface. It’s either Auto-Negotiation or Manual depending on the specified port configuration right upon the testing. Port Speed: The current transmission speed of the interface, depending on the port speed configuration right upon the testing. Local Pair: Which pair of the wires in the connected Ethernet cable;...
Page 348 4.18 Management In order to do the firmware upgrade, load the factory default settings, etc.. for the Managed Switch, please click the folder Management from the Main Menu and then 8 options will be displayed for your selection. 1. Management Access Setup: Enable or disable the specified network services, view the RS- 232 serial port setting, specific Telnet and Console services.
Page 349 5. SNMP: Allow administrator to configure password and encryption method of user accounts generated in User Account for SNMPv3; view the registered SNMP community name list, add a new community name or remove an existing community name; view the registered SNMP trap destination list, add a new trap destination or remove an existing trap destination;...
Page 350 4.18.1 Management Access Setup Click the option Management Access Setup from the Management menu and then the following screen page appears. Telnet Service: To enable or disable the Telnet Management service. SSH Service: To enable or disable the SSH Management service. SNMP Service: To enable or disable the SNMP Management service.
Page 351 HTTPS is provided for authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against attacks by hackers. The user is allowed to access the Managed Switch either by inputting its IP address with the format of https://192.168.0.1 or http://192.168.0.1 that will be automatically transferred into https://192.168.0.1 in URL.
Page 352 4.18.2 User Account To prevent any unauthorized operations, only registered users are allowed to operate the Managed Switch. Users who would like to operate the Managed Switch need to create a user account first. To view or change current registered users, select the option User Account from the Management menu and then the following screen page shows up.
Page 353 Account State: Enable or disable this user account. User Name: Specify the authorized user login name. Up to 20 alphanumeric characters can be accepted. Password: Enter the desired user password. Up to 20 alphanumeric characters can be accepted. Retype Password: Enter the password again for double-checking. Description: Enter a unique description for this user.
Page 354 on CLI/Web interface. 3. We strongly recommend not to alter off-line Auth Method setting in backup configure file. 4. If Auth-Method is enabled and do firmware downgrade, users must reset default config.
Page 355 4.18.3 RADIUS/TACACS+ RADIUS and TACACS+ are namely two protocols used in the centralized management over the access into the network mainly for preventing the unauthorized connection, both working under the framework AAA (authentication, authorization, and accounting). The first “A” denotes that a RADIUS/TACACS+ client is required to transmit its username and its password for the authentication against the RADIUS/TACACS+ server.
Page 356 NOTE: For FreeRADIUS server setup, please refer to APPENDIX A for the creation of CTS vendor-specific dictionary and modification of the configuration files. TACACS+: Configure the TACACS+ server authentication method. Secret Key Encryption: Pull down the menu of Secret Key Encryption to select one method to secure the secret key against potential malicious attacks.
Page 357 4.18.4 Management Authentication Management Authentication makes possible the versatile approaches to authentication on the Managed Switch. Network administrators can opt for multiple authentication methods and prioritize them in accordance with their most desired plan. This function brings not only enhanced flexibility to the authentication management, but also a smart countermeasure for an unexpected user authentication failure.
Page 358 ought-to-be-authenticated user, yet at the expense of network security. To fully protect against malicious users, it’s recommended to set this function disabled. 2. Disabling this function means the device will only apply Method 1. Access to the Managed Switch will be denied to those who fail the authentication with Method 1.
Page 359 4.18.5 SNMP Select the option SNMP from the Management menu and then four functions, including SNMPv3 USM User, Device Community, Trap Destination and Trap Setup will be displayed for your selection. 4.18.5.1 SNMPv3 USM User Simple Network Management Protocol Version 3, SNMPv3 in short, features stronger security mechanism, including authentication and encryption that helps ensure that the message is from a valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source.
Page 360 Account State: View-only field that shows this user account is enabled or disabled. User Name: View-only field that shows the authorized user login name. Authentication: This is used to ensure the identity of users. The following is the method to perform authentication.
Page 361 SNMP Level: View-only field that shows user’s authentication level. Administrator: Own the full-access right, including maintaining user account & system information, load factory settings …etc. Read & Write: Own the full-access right but cannot modify user account & system information, cannot load factory settings. Read Only: Allow to view only.
Page 362 4.18.5.2 Device Community The following screen page appears if you choose Device Community function. This table will display the overview of each configured devcie community. Up to 10 devcie communities can be registered. Occupied/Max Entry: View-only field. Occupied: his shows the amount of total registered communities. Max: This shows the maximum number available for the device community registration.
Page 363 Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters. Description: Enter a unique description for this community name. Up to 35 alphanumeric characters can be accepted. This is mainly for reference only. Click when the settings are completed, this new community will be listed on the devcie community table, or click to cancel the settings.
Page 364 4.18.5.3 Trap Destination The following screen page appears if you choose Trap Destination function. State: Enable or disable the function of sending trap to the specified destination. Destination IP: Enter the specific IPv4/IPv6 address of the network management system that will receive the trap.
Page 365 4.18.5.4 Trap Setup The following screen page appears if you choose Trap Setup function. Cold Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch is turned on. Warm Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch restarts.
Page 366 Port Link Flap Trap: Enable or disable the Managed Switch to send a trap when a port’s port link flap count exceeds the threshold. Fan Trap: Enable or disable the Managed Switch to send a trap when the fan state is at/above the high threshold (≥...
Page 367 4.18.6 Firmware Upgrade The Managed Switch offers three methods, including HTTP, FTP and TFTP to back up/restore the configuration and update the firmware. To do this, please select the option Firmware Upgrade from the Management menu and then the following screen page appears. 4.18.6.1 Configuration Backup/Restore via HTTP To back up or restore the configuration via HTTP, just pull down the Protocol menu and select HTTP.
Page 368 Backup: Click Backup to begin download the configuration file to your PC. Select File: Click Choose File to select the designated data and then click Update to restore the configuration. 4.18.6.2 Firmware Upgrade via HTTP To update the firmware via HTTP, just pull down the Protocol menu and select HTTP. Also configure the type of file as “Firmware”...
Page 369 4.18.6.3 Configuration Backup/Restore via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may back up or restore the configuration via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Configuration” to process. The related parameter description is as below.
Page 370 4.18.6.4 Firmware Upgrade via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may update the firmware via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Firmware” to process. The related parameter description is as below. Protocol: Select the preferred protocol, either FTP or TFTP.
Page 371 4.18.7 Firmware Copy Firmware Copy allows the currently running firmware image to be copied to the other firmware image. Select the option Firmware Copy from the Management menu and then the following screen page appears. Copy: Click the Copy button to copy the firmware from the current image to the backup image. This Process may take a few minutes, please do NOT power off the Managed Switch during the firmware copying.
Page 372 4.18.8 Load Factory Settings Load Factory Settings will set all the configurations of the Managed Switch back to the factory default settings, including the IP and Gateway address. Load Factory Setting is useful when network administrators would like to re-configure the system. A system reset is required to make all changes effective after Load Factory Setting.
Page 373 4.18.9 Auto-Backup Setup In the Managed Switch, the forementioned HTTP Upgrade and FTP/TFTP Upgrade functions are offered for the users to do the manual backup of the start-up configuration. Alternatively, you can choose the Auto-Backup Setup function to do this backup automatically and periodically. It is useful to prevent the loss of users’...
Page 374 Auto Backup: Enable/Disable the auto-backup function for the start-up configuration files of the device. Backup Time: Set up the time when the backup of the start-up configuration files will start every day for the system. Protocol: Either FTP or TFTP server can be selected to backup the start-up configuration files. File Type: Display the type of files that will be backed up.
Page 375 4.18.10 Save Configuration In order to save the configuration permanently, users need to save configuration first before resetting the Managed Switch. Select the option Save Configuration from the Management menu and then the following screen page appears. Click OK to save the configuration. Alternatively, you can also press the Save quick button located on the top-right side of the webpage, which has the same function as Save Configuration.
Page 376 The simple quick setup of FreeRADIUS server for RADIUS Authentication is described below. On the server-side, you need to 1) create a CTS vendor-specific dictionary and 2) modify three configuration files, “dictionary”, “authorize”, and “clients.conf”, which are already included in FreeRADIUS upon the completed installation.
Page 377 VALUE WEB_LEVEL Read-Write 2 VALUE WEB_LEVEL Administrator END-VENDOR cts 2. Modifying three configuration files * Before editing any of the following files, it’s good practice to read through the official and most- current documentation contained within each file mentioned down below.
Page 378 APPENDIX B: Set Up DHCP Auto-Provisioning Networking devices, such as switches or gateways, with DHCP Auto-provisioning function allow you to automatically upgrade firmware and configuration at startup process. Before setting up DHCP Server for auto-upgrade of firmware and configuration, please make sure the Managed Switch that you purchased can support DHCP Auto-provisioning.
Page 379 Step 2. Set up Auto Provision Server  Update DHCP Client Linux Fedora 12 supports “yum” function by default. First of all, update DHCP client function by issuing “yum install dhclient” command.  Install DHCP Server Issue “yum install dhcp” command to install DHCP server.
Page 380  Copy dhcpd.conf to /etc/dhcp/ directory Copy dhcpd.conf file provided by the vendor to /etc/dhcp/ directory. Please note that each vendor has their own way to define auto provisioning. Make sure to use the file provided by the vendor.  Enable and run DHCP service 1.
Page 381 Step 3. Modify dhcpd.conf file  Open dhcpd.conf file in /etc/dhcp/ directory Double-click dhcpd.conf placed in /etc/dhcp/ directory to open it.
Page 382  Modify dhcpd.conf file The following marked areas in dhcpd.conf file can be modified with values that work with your networking environment. 1. Define DHCP default and maximum lease time in seconds. Default lease time: If a client does not request a specific IP lease time, the server will assign a default lease time value.
Page 383 5. This value is configurable and can be defined by users. 6. Specify the protocol used (Protocol 1: FTP; Protocol 0: TFTP). 7. Specify the FTP or TFTP IP address. 8. Login TFTP server anonymously (TFTP does not require a login name and password). 9.
Page 384  Restart DHCP service...
Page 385 Every time when you modify dhcpd.conf file, DHCP service must be restarted. Issue “killall dhcpd” command to disable DHCP service and then issue “dhcpd” command to enable DHCP service. Step 4. Backup a Configuration File Before preparing a configuration file in TFTP/FTP Server, make sure the device generating the configuration file is set to “Get IP address from DHCP”...
Page 386 B. Auto-Provisioning Process This switching device is setting-free (through auto-upgrade and configuration) and its upgrade procedures are as follows: 1. The ISC DHCP server will recognize the device whenever it sends an IP address request to it, and it will tell the device how to get a new firmware or configuration. 2.
Page 387 APPENDIX C: VLAN Application Note Overview A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme instead of the physical layout. It can be used to combine any collection of LAN segments into a group that appears as a single LAN so as to logically segment the network into different broadcast domains.
Page 388 I. Port-Based VLAN Port-Based VLAN is uncomplicated in implementation and is useful for network administrators who wish to quickly and easily set up VLANs to isolate the effect of broadcast packets on their network. In the network diagram provided below, the network administrator is required to set up VLANs to separate traffic based on the following design conditions: ...
Page 389 CLI Configuration: Steps… Commands… Switch> enable 1. Enter Global Configuration Password: mode. Switch#config Switch(config)# Switch(config)# vlan port-based Marketing 2. Create port-based VLANs OK ! “Marketing” and “RD” Switch(config)# vlan port-based RD OK ! Switch(config)# interface 1,21,23,28 3. Select port 1, 21, 23 and 28 to Switch(config-if-1,21,23,28)# configure.
Page 390 2. Click “Add Port Based VLAN” to add a new Port-Based VLAN VLAN Setup>Port Based VLAN>Add Port Based VLAN 3. Add Port 1, 21, 23 and 28 in a group and name it to “Marketing”. VLAN Setup>Port Based VLAN>Add Port Based VLAN Click to apply the new settings when completing.
Page 391 5. Add Port 2, 22, 23 and 28 in a group and name it to “RD”. VLAN Setup>Port Based VLAN>Add Port Based VLAN Click to apply the new settings when completing. 6. Check Port-Based VLAN settings. VLAN Setup>Port Based VLAN NOTE: By default, all ports are member ports of the Default_VLAN.
Page 392 II. Data VLAN In networking environment, VLANs can carry various types of network traffic. The most common network traffic carried in a VLAN could be voice-based traffic, management traffic and data traffic. In practice, it is common to separate voice and management traffic from data traffic such as files, emails.
Page 393 Switch(config)# interface 28 4. Set Port 28 to trunk mode. Switch(config-if-28)# vlan dot1q-vlan mode trunk OK ! Switch(config-if-28)# exit 5. Change Port 1’s Access VLAN Switch(config)# interface 1 Switch(config-if-1)# vlan dot1q-vlan pvid 11 ID into “11”. OK ! Switch(config-if-1)# exit Switch(config)# show vlan interface 6.
Page 394 2. Create a new Data VLAN 11 that includes Port 1 and Port 28 as members. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing.. 3. Click icon belonging to the new Trunk VLAN 11 named VLAN0011, and the following screen shows up.
Page 395 4. Check Trunk VLAN 11 settings. VLAN Setup>IEEE 802.1q Tag VLAN>Trunk VLAN Setup...
Page 396 5. Change Port 1’s Access VLAN ID into 11, and set Port 28 to trunk mode. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing. Treatments of Packets: 1. A untagged packet arrives at Port 1 When an untagged packet arrives at Port 1, Port 1’s Port VLAN ID (11) will be added to the original port.
Page 397 III. Management VLAN For security and performance reasons, it is best to separate user traffic and management traffic. When Management VLAN is set up, only a host or hosts that is/are in this Management VLAN can manage the device; thus, broadcasts that the device receives or traffic (e.g. multicast) directed to the management port will be minimized.
Page 398 1. Change the Management default VLAN 1 into VLAN 15 that includes Port 25, 26, 27 and 28 under the Access mode. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you click OK to apply.
Page 399 Note2: To check the current status of Management VLAN, please refer to VLAN Table.
Page 400 2. Now, change the Management VLAN 15 into VLAN 20 and includes Port 25, 26 and 27 under Access mode (It’s necessary to include Port 26 to prevent the disconnection.) VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing..
Page 401 Note: To check the current status of Management VLAN, please refer to VLAN Table.
Page 402 Web Management Configuration (Trunk Mode): In Management VLAN Network Diagram shown below, the management PC on the right would like to manage the Managed Switch on the left remotely. You can follow the steps described below to set up the Management VLAN. Management VLAN Network Diagram Supposed that the Management PC is remotely connected to Managed Switch Port 15 as shown above while we have a variety of existing trunk vlan and the Management VLAN 15 is set on Port...
Page 403 1. Change the Management VLAN 15 into VLAN 20 that includes Port 25, 26, 27 under Trunk mode. Click OK to apply the new settings when completing. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you click OK to apply.
Page 404 Then, Management VLAN has been changed into VLAN 20. IEEE 802.1q Tag VLAN Table VLAN Interface...
Page 405 CLI Configuration (Access Mode): Supposed that we have the default Management VLAN whose VLAN ID is 1 for all ports, we can create new Management VLANs as required. This example is to demonstrate how to set up Management VLAN 15 and then change VLAN 15 into VLAN 20 on specified ports under Access mode.
Page 406 2. Now, change the Management VLAN 15 into VLAN 20 and includes Port 25, 26 and 27 to Access mode (It’s necessary to include Port 26 to prevent the disconnection.) Steps… Commands… Switch> enable 1. Enter Global Configuration Password: mode. Switch# configure Switch(config)# Switch(config)# vlan management-vlan 20...
Page 407 CLI Configuration(Trunk Mode): This part is to demonstrate how to change Management VLAN 15 into VLAN 20 on specified ports under Trunk mode. Supposed that we have the existing Management VLAN 15 on Port 25,26,27,28 and CPU, we can create new Management VLAN 20 as required. Here, we supposed that the Management PC is remotely connected to Managed Switch Port 15.
Page 408 IV. Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
Page 409 0 access . . . 0 access 0 trunk 1 15 NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Default_VLAN from the VLAN table, make sure you have correct management VLAN and VLAN mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command.
Page 410 APPENDIX D: SFP/SFP+ Port Threshold Command & Configuration Guide Version 1.0 Chapter 1. SFP/SFP+ Port Threshold 1.1 Introduction The Managed Switch supports alarm and warning thresholds for temperature (degrees C), voltage (V), current (mA), TX power (dBm) and RX power (dbm) commands that is easy troubleshooting for network manager when SFP/SFP+ transceiver has issue or prevent issue in advance.
Page 411 2.2 Configuring Auto Detection SFP/SFP+ Port Threshold Interface Parameters To configure the auto detection SFP/SFP+ port threshold parameters, perform this task: Command or Action Purpose Step 1 Switch# configure Enters global configuration mode. Step 2 Switch(config)# interface interface-id Specifies the Layer 2 port to configure, and enters interface configuration mode.
Page 412 default parameter. Step 5 Switch (config-if-interface-id)# sfp threshold To set specific value for high/low alarm/warning current [high | low] value [0-1500] current threshold for specific port. This command can set high/low alarm and warning current threshold at the same time; and use the same specific value, the value range is 0~1500 (Unit is 1/10mA).
Page 413 threshold in default parameter. Note: The value of low threshold cannot at or over high threshold. Step 12 Switch (config-if-interface-id)# sfp threshold To set specific value for high/low alarm/warning temperature [high | low] value [alarm | warning] temperature threshold for specific port. [-400~1200] This command can set high/low alarm or warning temperature threshold, the value range is -400~1200...
Page 414 parameter. Note: 1. The value of low alarm threshold cannot over low warning threshold; 2. The value of low warning threshold cannot at or over high warning threshold; 3. The value of high warning threshold cannot over high alarm threshold. Please don’t use step 14 and 15 at the same time.
Page 415 You can display SFP/SFP+ Port Threshold configuration and information of the monitored items on the specified port of the switch by performing the following tasks: Command Purpose Switch# show sfp threshold interface-id Display all interface, single interface or interface range of temperature (degrees C), voltage (V), current (mA), TX power (dBm) and RX power (dBm) information that include SFP current status, high alarm, high warning,...
Page 416 This page is intentionally left blank. Revision History NOTE: This User’s Manual is written or revised according to the officially-released Firmware version. The content of this Manual is subject to change without prior notice.

CTS EPS-5112-8BT User Manual

Quick Links

Need help?

Questions and answers

Related Manuals for CTS EPS-5112-8BT

Summary of Contents for CTS EPS-5112-8BT