1. Manuals
  2. Brands
  3. CTS Manuals
  4. Switch
  5. HES-3106-SE Series
  6. User manual

CTS HES-3106-SE Series User Manual

5 x 10/100/1000base-t rj45 + 1 x 100/1000base-x fiber l2 managed cpe switch network management
Hide thumbs Also See for HES-3106-SE Series:
Table of Contents

Advertisement

Quick Links

Download this manual
HES-3106-SE
5 x 10/100/1000Base-T RJ45 + 1 x
100/1000Base-X Fiber L2 Managed CPE
Switch
Network Management
User's Manual
Version 0.9
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the HES-3106-SE Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for CTS HES-3106-SE Series

Summary of Contents for CTS HES-3106-SE Series

  • Page 1 HES-3106-SE 5 x 10/100/1000Base-T RJ45 + 1 x 100/1000Base-X Fiber L2 Managed CPE Switch Network Management User’s Manual Version 0.9...

  • Page 2: Revision History

    Revision History Version Date Description 0.99.0G 2023/01/12 First release...

  • Page 3: Copyright Statement

    Trademarks CTS is a registered trademark of Connection Technology Systems Inc. Contents are subject to revision without prior notice. All other trademarks remain the property of their owners. Copyright Statement Copyright  Connection Technology Systems Inc. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc.

  • Page 4: Cts Contact Information

    CTS Contact Information Headquarters/Manufacturer: ▓ Connection Technology Systems Inc. 18F-6, No.79, Sec.1, Xintai 5th Rd., Xizhi Dist., New Taipei City 221, Taiwan(R.O.C.) Tel: +886-2-2698-9661 Fax: +886-2-2698-3960 Sales Direct Line:+886-2-2698-9201 www.ctsystem.com Global Offices: ▓ Connection Technology USA Connection Technology Systems Japan 40538 La Purissima Way, Higobashi Bldg.

  • Page 5: Table Of Contents

    Table of Content CTS Contact Information ..................... 4 1. INTRODUCTION ....................... 9 1.1 Management Options ....................9 1.2 Management Software ....................10 1.3 Management Preparations ..................11 2. Command Line Interface (CLI) ..................13 2.1 Remote Management – Telnet/SSH ................13 2.2 Navigating CLI ......................
  • Page 6 2.5.11 MAC Command ....................40 2.5.12 Management Command ..................43 2.5.13 Mirror Command ....................44 2.5.14 NTP Command ....................45 2.5.15 QoS Command ....................46 2.5.16 Security Command .................... 50 2.5.17 SNMP-Server Command ................... 52 2.5.18 Switch Command ....................57 2.5.19 Switch-info Command ..................
  • Page 7 4.3.2 Port Based VLAN ....................104 4.3.3 IEEE 802.1q Tag VLAN ..................106 4.3.3.1 Trunk VLAN Setup ..................109 4.3.3.2 VLAN Interface .................... 110 4.3.3.3 VLAN Table ....................112 4.4 MAC Address Management ..................113 4.4.1 MAC Table Learning ..................114 4.4.2 MAC Address Table ...................
  • Page 8 4.9.4.2 Transceiver State ..................155 4.9.4.3 Transceiver Threshold Configuration ............156 4.10 Management ......................159 4.10.1 Management Access Setup ................161 4.10.2 User Authentication ..................162 4.10.3 SNMP ......................166 4.10.3.1 SNMPv3 USM User ................... 166 4.10.3.2 Device Community ..................169 4.10.3.3 Trap Destination ..................

  • Page 9: Introduction

    1. INTRODUCTION Thank you for using the 5-port 10/100/1000Base-T plus 1-port 100/1000Base-X Ethernet Managed Switch that is specifically designed for FTTx applications. The Managed Switch provides a built-in management module that enables users to configure and monitor the operational status remotely.

  • Page 10: Management Software

    1.2 Management Software The following is a list of management software options provided by this Managed Switch:  Managed Switch CLI interface  SNMP-based Management Software  Web Browser Application Command Line Interface Program The Managed Switch has a built-in Command Line Interface called the CLI which you can use to: ...

  • Page 11: Management Preparations

    1.3 Management Preparations After you have decided how to manage your Managed Switch, you are required to connect cables properly, determine the Managed switch IP address and, in some cases, install MIB shipped with your Managed Switch. Connecting the Managed Switch It is very important that the proper cables with the correct pin arrangement are used when connecting the Managed Switch to other switches, hubs, workstations, etc.
  • Page 12 MIB for Network Management Systems Private MIB (Management Information Bases) is provided for managing the Managed Switch through the SNMP-based network management system. You must install the private MIB into your SNMP-based network management system first. The MIB file is shipped together with the Managed Switch. The file name extension is “.mib” that allows SNMP-based compiler can read and compile.

  • Page 13: Command Line Interface (Cli)

    2. Command Line Interface (CLI) This chapter introduces you how to use Command Line Interface CLI, specifically in:  Telnet  Configuring the system  Resetting the system 2.1 Remote Management – Telnet/SSH You can use Command Line Interface to manage the Managed Switch via Telnet/SSH session. For first-time users, you must first assign a unique IP address to the Managed Switch before you can manage it remotely.

  • Page 14: Navigating Cli

    2.2 Navigating CLI When you successfully access the Managed Switch, you will be asked for a login username. Enter your authorized username and password, and then you will be directed to the User mode. In CLI management, the User mode only provides users with basic functions to operate the Managed Switch.

  • Page 15: Command Format

    Enter an unfinished command or keyword and press “?” key to complete the command and get command syntax help. Example: List all available commands starting with the characters that Unfinished you enter. command followed by ? Switch#h? help Show available commands history Show history commands Enter a command and then press Spacebar followed by a “?”...

  • Page 16: Login Username & Password

    field. Enter the subnet mask. [port] Enter one port number. See Section 2.5.25 for detailed explanations. [port_list] Enter a range of port numbers or several discontinuous port numbers. See Section 2.5.25 for detailed explanations. [forced_true | forced_false | auto] There are three options that you can choose.
  • Page 17 If you forgot your login username and password, you can use the “reset button” on the front panel to set all configurations back to factory defaults. Once you have performed system reset to defaults, you can login with default username and password. Please note that if you use this method to gain access to the Managed Switch, all configurations saved in Flash will be lost.

  • Page 18: User Mode

    2.3 User Mode In User mode, only a limited set of commands are provided. Please note that in User mode, you have no authority to configure advanced settings. You need to enter Privileged mode and Configuration mode to set up advanced functions of the Switch. For a list of commands available in User mode, enter the question mark (?) or “help”...

  • Page 19: Traceroute Command

    2.3.2 Traceroute Command Traceroute is used to trace the path between the local host and the remote host. Enter the traceroute command in User mode. In this command, you can add an optional maximum hops value for the number of hops that packets are sent and received, an optional value for the number of counts that PROBE packets are sent, or an optional waiting time value of the remote host response.

  • Page 20: Copy-Cfg Command

    2.4.1 Copy-cfg Command Use “copy-cfg” command to backup a configuration file via FTP or TFTP server and restore the Managed Switch back to the defaults or to the defaults but keep IP configurations. 1. Restore a configuration file via FTP or TFTP server. Command Parameter Description...

  • Page 21: Firmware Command

    4. Restore the Managed Switch back to default settings but keep IP configurations. Command / Example Switch# copy-cfg from default keep-ip Switch# reload 5. Restore the Managed Switch back to default settings but keep the entire data of event log. Command / Example Switch# copy-cfg from default keep-event Switch# reload...

  • Page 22: Ping Command

    2.4.3 Ping Command Ping is used to test the connectivity of end devices and also can be used to self test the network interface card. Enter the ping command in User mode. In this command, you can add an optional packet size value and an optional value for the number of counts that PING packets are sent.

  • Page 23: Write Command

    (optional) [-w 1-5] Specify the response time from the remote host. The allowable time value is from 1 to 5 seconds. (optional) Example Switch> traceroute 8.8.8.8 Switch> traceroute 8.8.8.8 –m 30 Switch> traceroute 2001:4860:4860::8888 Switch> traceroute 2001:4860:4860::8888 -m 30 -p 5 -w 5 2.4.6 Write Command To save running configurations to startup configurations, enter the write command.
  • Page 24 System Location: Enter a brief location description for this Managed Switch. DHCP/DHCPv6 Vendor ID: Vendor Class Identifier. Enter the user-defined DHCP vendor ID, up to 55 alphanumeric characters. Please make sure you have an exact DHCP Vendor ID with the value specified in “vendor-classes” in your dhcpd.conf file. For detailed information, Appendix Model Name: Display the product’s model name.
  • Page 25 Refer to “show default-config command”, “show running-config command” and “show start-up- config command” sections.

  • Page 26: Configuration Mode

    2.5 Configuration Mode When you enter “configure” or “config” and press “Enter” in Privileged mode, you will be directed to the Global Configuration mode where you can set up advanced switching functions, such as QoS, VLAN and storm control security globally. All commands entered will apply to running-configuration and the device’s operation.

  • Page 27: No Command

    Switch(config)# interface 1-3 Enter three continuous interfaces. Use a Switch(config-if-1-3)# hyphen to signify a range of interface numbers. In this example, interface 1, 2, and 3 will apply commands entered. Switch(config)# interface 1,3-5 Enter a single interface number together with Switch(config-if-1,3-5)# a range of interface numbers.
  • Page 28 Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device. M/B Version: Display the main board version. WAN Transceiver Type: The information about the WAN transceiver type. WAN Transceiver Vendor: Vendor name of the WAN transceiver.

  • Page 29: Catv Command

    2.5.4 CATV Command Enable or disable the CATV RF module, and view whether the CATV RF module is ready or not. Please be noted that the commands below are available dependent upon the model at hand. The commands will not be applicable if the Managed Switch doesn’t support a CATV RF module. CATV command Description Switch(config)# catv...
  • Page 30 Switch(config)# no ip address dhcp Disable DHCP mode. Show command Switch(config)# show ip address Show the IP configuration and the current status of the system. IP command Example Switch(config)# ip address Set up the Managed Switch’s IP to 192.168.1.198 255.255.255.0 192.168.1.198, subnet mask to 255.255.255.0, 192.168.1.254 and default gateway IP address to...
  • Page 31 Switch(config)# no ip dhcp Reset the leased time value back to the snooping leased default.(86400 seconds) Switch(config)# no ip dhcp Disable DHCPv4 Option 82 / DHCPv6 snooping option Option 37 relay agent. Switch(config)# no ip dhcp Globally disable DHCPv4 Option 82 / snooping remote DHCPv6 Option 37 Manual Remote Id.
  • Page 32 Switch(config-if-PORT-PORT)# Enable the Formatted DHCPv4 Option 82 / ip dhcp snooping circuit DHCPv6 Option 37 Circuit Id for the formatted selected interfaces. Switch(config-if-PORT-PORT)# [circuit_id] Specify the VLAN and port identifier using ip dhcp snooping circuit id a VLAN ID in the range of 1 to 4094 as [circuit_id] DHCPv4 Option 82 / DHCPv6 Option 37 Circuit ID.
  • Page 33 IGMP Snooping is the process of listening to IGMP traffic. IGMP snooping, as implied by the name, is a feature that allows the switch to "listen in" on the IGMP conversation between hosts and routers by processing the layer 3 packets IGMP packets sent in a multicast network. When IGMP snooping is enabled in a switch it analyses all the IGMP packets between hosts connected to the switch and multicast routers in the network.
  • Page 34 Switch(config)# ip igmp [1-4094] Enable a querier for the specified VLAN. snooping vlan [1-4094] query No command Switch(config)# no ip igmp Disable IGMP/MLD snooping function. snooping Disable Unregistered IPMC Flooding Switch(config)# no ip igmp function. The traffic will be forwarded to snooping flooding router-ports only when disabled.

  • Page 35: Ipv6 Command

    Binding list. Show command Switch(config)# show ip source Show IPv4/IPv6 Source configuration. 2.5.7 IPv6 Command Brief Introduction to IPv6 Addressing IPv6 addresses are 128 bits long and number about 3.4×1038. IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPv6 unicast addresses other than those that start with binary 000 are logically divided into two parts: a 64-bit network prefix and a 64-bit interface identifier.
  • Page 36 Set up the IPv6 address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCPv6 server. IPv6 command Parameter Description Switch(config)# ipv6 Configuration of IPv6 addresses using address autoconfig stateless autoconfiguration. Switch(config)# ipv6 Configure DHCPv6 function into the address dhcp auto auto mode.

  • Page 37: Lldp Command

    2.5.8 LLDP Command LLDP stands for Link Layer Discovery Protocol and runs over data link layer. It is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.
  • Page 38 Switch# show lldp interface Show each interface’s LLDP configuraiton. Switch# show lldp interface [port_list] Show the selected interfaces’ LLDP configuration. Switch# show lldp status Show the current LLDP status. Switch(config)# show lldp Show LLDP settings. Switch(config)# show lldp interface Show each interface’s LLDP configuraiton. Switch(config)# show lldp interface Show the selected interfaces’...

  • Page 39: Loop Detection Command

    2.5.9 Loop Detection Command In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.

  • Page 40: Led Command

    2.5.10 LED Command Users can turn on and off the LED status light on the top panel of the Managed Switch remotely by toggling between the on and off state of the LED status light. LED Command Parameter Description Switch(config)# led control [off | on] Enable or disable the LED status light.
  • Page 41 Switch(config)# show mac [xx:xx:xx] Show the MAC address that its first 3 bytes address-table mac starting with the specified MAC. [xx:xx:xx | [xx:xx:xx:xx:xx:xx] Show the MAC address that its 6 bytes xx:xx:xx:xx:xx:xx] [mac | totally meet the specified MAC. vid | port] [mac | vid | port] Show the matched MAC addresses sorted by specific option.
  • Page 42 Switch(config)# show mac [include | exclude] Display the intended MAC addresses that (don’t) correspond to the result of filter mac [include | exclude] mac-address the comparison between the specified [xx:xx:xx:xx:xx:xx] mac-mask MAC address and the specified MAC [xx:xx:xx:xx:xx:xx] sort-by [mac address mask.

  • Page 43: Management Command

    Switch#(config) show mac filter type static vlan Only the static MAC addresses that include 5 sort-by port belong to VLAN 5 will be displayed, and the MAC address table will be displayed in a way that MAC addresses learned by the same port are grouped together and arranged in ascending order.

  • Page 44: Mirror Command

    Switch(config)# show management Show the current management configuration of the Managed Switch. Examples of Management command Switch(config)# management telnet Enable Telnet management. Switch(config)# management telnet port 23 Set Telnet port to port 23. 2.5.13 Mirror Command Mirror Command Parameter Description Switch(config)# mirror Globally enable Port Mirroring function.

  • Page 45: Ntp Command

    2.5.14 NTP Command NTP Command Parameter Description Switch(config)# ntp Enable Network Time Protocol to have Managed Switch’s system time synchronize with NTP time server. Switch(config)# ntp [recurring] Enable daylight saving function with daylight-saving [ recurring | recurring mode. date ] [date] Enable daylight saving function with date mode.

  • Page 46: Qos Command

    Show command Switch# show ntp Show the current NTP time server configuration. Switch(config)# show ntp Show the current NTP time server configuration. Examples of NTP command Switch(config)# ntp Enable NTP function for the Managed Switch. Switch(config)# ntp daylight-saving date Enable the daylight saving function in date mode.
  • Page 47 2. Set up the DSCP and queue mapping. DSCP-map command Parameter Description Specify the corresponding DSCP value [0-63] you want to map to a priority queue. Switch(config)# qos dscp-map [0- 63] [0-7] Specify a queue to which the DSCP value [0-7] is assigned.
  • Page 48 opportunity of dispatching. Each queue has the specific amount of bandwidth according to its assigned weight. Switch(config)# qos queue- [1:2:4:8:16:32:64:127] Specify the queue weighted. weighted [1:2:4:8:16:32:64:127] No command Switch(config)# no qos queuing-mode Set the queuing mode to the strict mode. Switch(config)# no qos queue-weighted Reset the queue weighted value back to the default.
  • Page 49 Switch (config-802.1p-map-ID)# Reset the new 802.1p bit value for the no priority selected priority mapping ID back to the default. Show command Switch(config)# show qos remarking Show QoS remarking-mapping information. Switch (config-dscp-map-ID)# show Show the DSCP mapping configuration for the selected priority mapping ID. Switch (config-802.1p-map-ID)# show Show the 802.1p mapping configuration for the selected priority mapping ID.

  • Page 50: Security Command

    1000000 | 1-1000] Kbps/Mbps 1000] unit of Kbps or 1-1000 in unit of Kbps/Mbps Mbps). Switch(config-if-PORT-PORT)# [Kbps | Mbps] Specify the unit of the egress rate qos rate-limit egress unit [Kbps | limit between Kbps and Mbps. Mbps] Switch(config-if-PORT-PORT)# [0-7] Specify the default priority bit (P-bit) qos user-priority [0-7] to the selected interfaces.
  • Page 51 press “spacebar” and then followed by “?”. For example, “Switch(config)# security storm-protection broadcast ?” Switch(config-if-PORT- [1-256k] Specify the maximum unknown PORT)# security storm- multicast packets per second (pps). protection unknown-multicast Any unknown multicast packets [1-256k] exceeding the specified threshold will then be dropped.

  • Page 52: Snmp-Server Command

    2.5.17 SNMP-Server Command 1. Create a SNMP community and set up detailed configurations for this community. Snmp-server command Parameter Description Switch(config)# snmp- Enable SNMP server function globally. server Switch(config)# snmp- [community] Create/modify a SNMP community name. server community Up to 20 alphanumeric characters can be [community] accepted.
  • Page 53 Create a new community “mycomm” and Switch(config)# snmp-server community mycomm edit the details of this community account. Activate the SNMP community “mycomm”. Switch(config-community-mycomm)# active Add a description for “mycomm” Switch(config-community-mycomm)# description rddeptcomm community. Set the access privilege level of “mycomm” Switch(config-community-mycomm)# level admin community to admin (full-access privilege).
  • Page 54 3. Set up SNMP trap types that will be sent. Trap-type command Parameter Description Switch(config)# snmp- [all | auth-fail | Specify a trap type that will be sent when server trap-type [all | auth- cold-start | cpu- a certain situation occurs. fail | cold-start | cpu-load | load | port-link | port-link | power-down |...
  • Page 55 valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source. Snmp-server Command Parameter Description Switch(config)# snmp-server [aes-128] Enable encryption method AES-128 on the password-encryption [aes-128] SNMPv3 user password. aes-128 (advanced encryption method): An encryption algorithm uses key and block sizes of 128 bits to secure against malicious attacks on sensitive or private...
  • Page 56 Switch (config-v3-user- Disable data encryption function. user_name)# no private Switch (config-v3-community- user_name)# no private Delete the configured private password. password Show Command Switch(config)# show snmp- Show SNMPv3 user configuration. server user Switch(config)# show snmp- [user_name] Show the specified SNMPv3 user server user [user_name] configuration.

  • Page 57: Switch Command

    2.5.18 Switch Command Switch command Parameter Description Switch(config)# switch mtu [1518- [1518-16367] Specify the maximum frame size 16367] in bytes. The allowable MTU value is between 1518 and 16367 bytes. No command Switch(config)# no switch mtu Reset MTU size back to the default.
  • Page 58 Switch(config)# switch-info [sys_name] Enter a unique name, up to 55 system-name [sys_name] alphanumeric characters, for this Managed Switch. Use a descriptive name to identify the Managed Switch in relation to your network, for example, “Backbone 1”. This name is mainly used for reference only. No command Switch(config)# no switch-info company-name Reset the entered company name back to the default.

  • Page 59: Syslog Command

    2.5.20 Syslog Command Syslog Command Parameter Description Switch(config)# syslog Enable the system log function. Switch(config)# syslog [0-7] Specify a facility code (Local 0~Local 7) to a facility [0-7] specific device for classifying the syslog message provided by different devices. Switch(config)# syslog Enable Terminal-history log function.

  • Page 60: Terminal Command

    2.5.21 Terminal Command Terminal Command Parameter Description Switch(config)# terminal [0-512] Specify the number of event lines that will show up each time on the screen for “show length [0-512] running-config”, “show default-config” and “show start-up-config” commands. (“0” stands for no pausing.) No Command Switch(config)# no terminal Reset the terminal length back to the default...
  • Page 61 2. After each alarm message, the system will follow this specified time interval to continually send the same alarm message (only for the monitored items of which the values exceed the thresholds) until the monitored items return to normal status. Switch(config)# transceiver [120-86400] Specify the time interval of sending...
  • Page 62 all transceivers’ current temperature and transceiver threshold temperature their threshold information of this parameter. Switch(config)# show [port_list] Show transceiver threshold configuration, the specific transceivers’ current transceiver threshold temperature [port_list] temperature and their threshold information of this parameter. Switch(config)# show Show transceiver threshold configuration, all transceivers’...
  • Page 63 Use “Interface” command to configure a group of ports’ transceiver theshold function. Transceiver threshold & Parameter Description interface command Switch(config)# interface [port_list] Enter several discontinuous port numbers [port_list] separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT- Enable auto detect alarm and warning PORT)# transceiver...
  • Page 64 [-400~1200] temperature threshold at the same time and apply the same specified value. The valid value range is -400~1200 (Unit: 1/10 degrees Celsius). Switch(config-if-PORT- [high | low] Specify the value respectively for high/low PORT)# transceiver alarm/warning temperature threshold for threshold temperature [high | the selected port(s).
  • Page 65 Switch(config-if-PORT- [high | low] Reset the high/low alarm and warning PORT)# no transceiver current threshold values to default. threshold current [high | low] value Switch(config-if-PORT- [high | low] Respectively reset the high/low alarm or PORT)# no transceiver warning current threshold value to default. [alarm | threshold current [high | low] warning]...

  • Page 66: User Command

    value [alarm | warning] warning] Example of transceiver threshold & interface commands Switch(config-if-6)# transceiver threshold Enable high temperature threshold for Port temperature high Switch(config-if-6)# transceiver threshold Configure both high alarm and warning temperature high value 800 temperature thresholds as 80 degrees Celsius for Port 6.
  • Page 67 information, user account, load factory settings and upgrade firmware. Ro: Read Only access privilege. Switch(config-user- Enter the password for this user account USERNAME)# password [password] up to 20 alphanumeric characters. [password] No command Switch(config)# no user name [user_name] Delete the specified user account. [user_name] Switch(config)# no user Disable any encryption method on the...

  • Page 68: Vlan Command

    Switch(config)# user radius [aes-128] Specify AES-128 as the encryption secret-key-encryption [aes-128] method to secure the secret key against potential malicious attacks. aes-128 (advanced encryption method): An encryption algorithm uses key and block sizes of 128 bits to secure against malicious attacks on sensitive or private data.

  • Page 69: Port-Based Vlan

    and share its resources, simply by changing the port VLAN settings from one VLAN to another. This allows VLAN to accommodate network moves, changes and additions with the greatest flexibility. 2.5.24.1 Port-Based VLAN Port-based VLAN can effectively segment one network into several broadcast domains. Broadcast, multicast and unknown packets will be limited to within the VLAN.
  • Page 70 Access-VLAN specifies the VLAN ID to the switch port that will assign the VLAN ID to untagged traffic from that port. A port can only be assigned to one Access-VLAN at a time. When the port is configured as Access Mode, the port is called an Access Port, the link to/from this port is called an Access Link.

  • Page 71: Introduction To Q-In-Q (Isp Mode)

    2.5.24.3 Introduction to Q-in-Q (ISP Mode) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
  • Page 72 1. Create/modify an 802.1q VLAN and a management VLAN rule, modify a port-based VLAN group or set up ISP mode (IEEE 802.1Q double tagging VLAN). VLAN dot1q command Parameter Description Switch(config)# vlan dot1q-vlan Enable 802.1q VLAN mode globally. Switch(config)# vlan dot1q-vlan [1-4094] Enter a VLAN ID number to create a new [1-4094]...
  • Page 73 mode stag-priority the default. Valid values are 0 through 7. Reset the service tag’s ethertype to the Switch(config)# no vlan isp- mode stag-ethertype default. Show command Switch(config)# show vlan Show all ports’ VLAN assignment and VLAN interface mode. Switch(config)#show vlan Show the selected ports’...
  • Page 74 under the VLAN global configuration mode before joining it. No command Switch(config-if-PORT-PORT)# no Reset the selected ports’ PVID back to the vlan dot1q-vlan pvid default setting. Reset the selected ports’ 802.1q VLAN Switch(config-if-PORT-PORT)# no vlan dot1q-vlan mode mode back to the default setting (Access Mode).
  • Page 75 Switch(config-if-3,4)# exit Exit current ports interface mode. Switch(config)# interface 5-6 Enter port 5 to port 6’s interface mode. Switch(config-if-5,6)# vlan dot1q-vlan pvid 60 Set port 5 to port 6’s Access-VLAN ID (PVID) to 60. Switch(config-if-5,6)# vlan dot1q-vlan mode Set the selected ports to Access Mode access (untagged).

  • Page 76: Interface Command

    2.5.25 Interface Command Use “interface” command to set up configurations of several discontinuous ports or a range of ports. 1. Entering interface numbers. Command Parameter Description Switch(config)# interface [port_list] Enter several port numbers separated by [port_list] commas or a range of port numbers. For example: 1,3 or 2-4 Note : You need to enter interface numbers first before issuing the commands below.
  • Page 77 5. Enable flow control operation. Command Parameter Description Switch(config-if-PORT-PORT)# Enable flow control on the selected flowcontrol port(s). No command Switch(config-if-PORT-PORT)# Disable flow control on the selected no flowcontrol port(s). 6. Configure QoS rate limit. Command Parameter Description Switch(config-if-PORT-PORT)# [0|32- Configure the ingress rate limit, from qos rate-limit ingress [0|32- 1000000]kbps 32Kbps to 1000Mbps.
  • Page 78 9. Set up VLAN parameters per port. Command Parameter Description Switch(config-if-PORT-PORT)# Specify the selected ports to be the ISP vlan isp-mode isp-port ports (IEEE 802.1Q double tagging port). Switch(config-if-PORT-PORT)# [1-4094] Specify the selected ports’ Access-VLAN vlan dot1q-vlan pvid [1-4094] ID (PVID). Switch(config-if-PORT-PORT)# Specify the selected ports’...

  • Page 79: Show Interface Statistics Command

    2.5.26 Show interface statistics Command The command of “show interface statistics”, displaying port traffic statistics, port packet error statistics and port analysis history, can be used either in Privileged mode or Global Configuration mode. This command is useful for network administrators to diagnose and analyze the real-time conditions of each port traffic.

  • Page 80: Show Transceiver Command

    2.5.27 Show Transceiver Command Detailed information on the transceivers in use can be viewed by issuing this command. Command Description Switch(config)# show transceiver information Display transceiver information including the speed of transmission, the distance of transmission, vendor name, vendor PN, vendor SN. Switch(config)# show transceiver state Show the transceivers’...
  • Page 81 Switch(config)# show start-up- Display the system configuration config full stored in Flash. Switch(config)# show start-up- [string] Specify the keyword to search for config full include [string] the matched information from the full startup configuration. Switch(config)# show default-config Display the system factory default configuration.

  • Page 82: Snmp Network Management

    3. SNMP NETWORK MANAGEMENT The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.

  • Page 83: Web Management

    4. WEB MANAGEMENT You can manage the Managed Switch via a web browser. However, you must first assign a unique IP address to the Managed Switch before doing so. Through the connection of any transceiver using the fiber cable or any TP ports using a RJ45 cable, you will be allowed to have an access of the Managed Switch and set up the IP address for the first time.
  • Page 84 There are 11 main functions in the main menu. We will respectively describe their sub-functions in the following sections of this chapter.  System Setup: Set up or view the Managed Switch’s system information, IP address and related information required for network management applications, etc. ...

  • Page 85: System Setup

    4.1 System Setup In order to enable network management of the Managed Switch, proper network configuration is required. To do this, click the folder System Setup from the Main Menu and then 5 options within this folder will be displayed as follows. 1.

  • Page 86: System Information

    4.1.1 System Information Select the option System Information from the System Setup menu and then the following screen shows up. Company Name: Enter a company name for this Managed Switch. System Object ID: Display the predefined System OID. System Contact: Enter the contact information for this Managed Switch. System Name: Enter a descriptive system name for this Managed Switch.
  • Page 87 Current Boot Image: The image that is currently being used. Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device. M/B Version: Display the main board version.

  • Page 88: Ip Setup

    4.1.2 IP Setup Click the option IP Setup from the System Setup menu and then the following screen page appears. Enable IPv4: Click the checkbox in front of enable IPv4 to enable IPv4 function on the Managed Switch. MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Managed switch.
  • Page 89 Gateway: Specify the IP address of a gateway or a router, which is responsible for the delivery of the IP packets sent by the Managed Switch. This address is required when the Managed Switch and the network management station are on different networks or subnets. The default value of this parameter is 0.0.0.0, which means no gateway exists and the network management station and Managed Switch are on the same network.
  • Page 90 Rapid Commit: Check to enable Rapid Commit which allows the server and client to use a two-message exchange to configure clients, rather than the default four-message exchange, DHCPv6 Unique Identifier (DUID): View-only field that shows the DHCP Unique Identifier (DUID). Current State: View-only field that shows currently assigned IPv6 address (by auto- configuration or manual) and Gateway of the Managed Switch.

  • Page 91: Ip Source Binding

    4.1.3 IP Source Binding Click the option IP Source Binding from the System Setup menu and then the following screen page appears. Source Binding State: Globally enable or disable IP source binding. State: Disable or enable the assigned IP address to reach the management. IPv4/IPv6 Address: Specify the IP address for source binding.

  • Page 92: Time Server Setup

    4.1.4 Time Server Setup Click the option Time Server Setup from the System Setup menu and then the following screen page appears. Time Synchronization: To enable or disable the time synchronization function. 1st Time Server: Set up the IPv4/IPv6 address of the first NTP time server. 2nd Time Server: Set up the IPv4/IPv6 address of the secondary NTP time server.

  • Page 93: Syslog Configuration

    4.1.5 Syslog Configuration Click the option Syslog Setup from the System Setup menu and then the following screen page appears. When DHCP snooping filters unauthorized DHCP packets on the network, the mal-attempt log will allow the Managed Switch to send event notification message to log server. Log Server: Enable or disable mal-attempt log function.

  • Page 94: Port Management

    4.2 Port Management In order to configure each port of the Managed Switch and monitor the real-time ports’ link-up status or traffic counters for maintenance or diagnostic purposes. Select the folder Port Management from the Main Menu and then 5 options within this folder will be displayed for your selection.

  • Page 95: Port Setup & Status

    4.2.1 Port Setup & Status Click the option Port Setup &Status from the Port Management menu and then the following screen page appears. Maximum Frame Size: Specify the maximum frame size between 1518 and 16367 bytes. The default maximum frame size is 16367 bytes. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
  • Page 96 Duplex of Port in Speed field: In fiber ports, only the full-duplex operation mode is allowed. Flow Control: Enable or disable the flow control. MAC Address: The unique MAC address for each interface.

  • Page 97: Port Traffic Statistics

    4.2.2 Port Traffic Statistics In order to view the real-time port traffic statistics of the Managed Switch, select the option Port Traffic Statistics from the Port Management menu and then the following screen page appears. Monitor: Choose the way of representing Port Traffic Statistics from the pull-down menu. Either “Rate”...

  • Page 98: Port Packet Error Statistics

    4.2.3 Port Packet Error Statistics Port Packet Error Statistics mode counters allow users to view the port error of the Managed Switch. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Error Statistics from the Port Management menu and then the following screen page appears.

  • Page 99: Port Packet Analysis Statistics

    4.2.4 Port Packet Analysis Statistics Port Packet Analysis Statistics mode counters allow users to view the port analysis history of the Managed Switch in both “Rate” and “Event” representing ways. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Analysis Statistics from the Port Management menu and then the following screen page appears.

  • Page 100: Port Mirroring

    4.2.5 Port Mirroring In order to allow the destination port to mirror the source port(s) and enable traffic monitoring, select the option Port Mirroring from the Port Management menu and then the following screen page appears. Please note that functions of Port Isolation and Port Mirroring cannot be enabled concurrently.
  • Page 101 Enabled: Enable or disable the specific port mirroring. TX Source Port: Input the port number (e.g.1, 2, 3-7) to specify the transmitting packets of preferred source port(s) for mirroring. Please note that the port selected as the destination port cannot be the source port. RX Source Port: Input the port number (e.g.1, 2, 3-7) to specify the receiving packets of preferred source port(s) for mirroring.

  • Page 102: Vlan Setup

    4.3 VLAN Setup A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.

  • Page 103: Vlan Mode

    4.3.1 VLAN Mode To set up and specify the VLAN mode on which the Managed Switch runs, click the option VLAN Mode from the VLAN Setup menu and then the following screen page appears. VLAN Mode: Specify Port Based VLAN or IEEE 802.1q Tag VLAN from the pull-down menu. The Managed Switch will run VLAN accordingly to the mode that which you decide on.

  • Page 104: Port Based Vlan

    4.3.2 Port Based VLAN Port-based VLAN can effectively segment one network into several broadcast domains. Broadcast, multicast and unknown packets will be limited to within the VLAN. Port-Based VLAN is uncomplicated and fairly rigid in implementation and is useful for network administrators who wish to quickly and easily set up VLAN so as to isolate the effect of broadcast packets on their network.
  • Page 105 Occupied/Max Entry: View-only field. Occupied: This shows the amount of total Port-Based VLANs that have already been created. Max: This shows the maximum number of Port-Based VLANs that can be created. The maximum number is 6. Name: Use the default name or specify a name for your Port-Based VLAN. Port Number: By clicking on the checkbox of the corresponding ports, it denotes that the selected ports belong to the specified Port-Based VLAN.

  • Page 106: Ieee 802.1Q Tag Vlan

    4.3.3 IEEE 802.1q Tag VLAN 802.1Q VLAN Concept Port-Based VLAN is simple to implement and use, but it cannot be deployed cross switches VLAN. The 802.1Q protocol was developed in order to provide the solution to this problem. By tagging VLAN membership information to Ethernet frames, the IEEE 802.1Q can help network administrators break large switched networks into smaller segments so that broadcast and multicast traffic will not occupy too much available bandwidth as well as provide a higher level...
  • Page 107 It is important to note at this point that any network host connected to an Access Port is totally unaware of the VLAN assigned to the port. The network host simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them.
  • Page 108 1. Trunk VLAN Setup: To create, modify or remove IEEE 802.1q Tag VLAN settings. 2. VLAN Interface: To set up ISP mode, create 802.1q VLAN on the selected port(s), and set up CPU VLAN ID. 3. VLAN Table: View the IEEE802.1q VLAN table of the Managed Switch.

  • Page 109: Trunk Vlan Setup

    4.3.3.1 Trunk VLAN Setup The following screen page appears if you choose Trunk VLAN Setup function. Click Add Trunk VLAN to add a new VLAN and then the following screen page appears for the further IEEE 802.1q Tag VLAN settings. Click the icon to modify the settings of a specified 802.1q VLAN.

  • Page 110: Vlan Interface

    4.3.3.2 VLAN Interface VLAN Interface function includes IEEE 802.1Q double tagging VLAN configuration. Before you dive into setting it up, take a look at the concepts down below. Introduction to Q-in-Q (ISP Mode) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad).
  • Page 111 Q-in-Q Example The following screen page appears if you choose VLAN Interface function. CPU VLAN ID: Specify an existing VLAN ID. ISP Mode: Enable or disable ISP mode (IEEE 802.1Q double tagging VLAN) globally. Stag VID: Specify the service tag VID. Valid values are 1 through 4094. Stag Priority: Specify an 802.1p bit value for the service tag VID to prioritize different classes of traffic.

  • Page 112: Vlan Table

    Stag EtherType: Configure the service tag ethertype. (Range: 0000-FFFF, Default: 9100). Mode: Pull down the list in the Mode field and select a mode for each port. The port behavior of each mode is listed as the following table. Access: Set the selected port to the access mode (untagged). Trunk: Set the selected port to the trunk mode (tagged).

  • Page 113: Mac Address Management

    4.4 MAC Address Management Select the folder MAC Address Management from the Main Menu and then 2 options will be displayed for your selection. 1. MAC Table Learning: Set up MAC address table aging time, and enable/disable MAC address learning function. 2.

  • Page 114: Mac Table Learning

    4.4.1 MAC Table Learning Click the option MAC Table Learning from the MAC Address Management menu and then the following screen page appears. MAC Address Aging Time: Specify MAC address table aging time between 0 and 458 seconds. “0” means that MAC addresses will never age out. MAC Address Learning Per Port: Enable port MAC address learning function on the specified ports by clicking on the checkbox of the corresponding port number.

  • Page 115: Mac Address Table

    4.4.2 MAC Address Table MAC Address Table displays MAC addresses learned when MAC Address Learning is enabled. Select the option MAC Address Table from the MAC Address Management menu and then the following screen page appears. The table that sits at the very top of the webpage displays an up-to-date summary of the MAC address table down below.
  • Page 116 MAC Address Filter Condition section delivers a flexible approach to investigating the MAC address table in accordance with the specified filter options, which are respectively described below to guide you through the filter setup. When you have done determining the filtering behavior, click Search to update the MAC address table.

  • Page 117: Qos Setup

    4.5 QoS Setup Network traffic is always unpredictable and the only basic assurance that can be offered is the best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is prioritized according to specified criteria and receives preferential treatments.

  • Page 118: Qos Priority

    4.5.1 QoS Priority Select the option QoS Priority from the QoS Setup menu and then the following screen page appears. Priority Mode: Select the QoS priority mode of the Managed Switch. Port Based: Port Based mode will prioritize traffic accordingly to interface priority level. IEEE 802.1p: IEEE 802.1p mode utilizes p-bits in VLAN tag for differential service.
  • Page 119 Port to Queue Mapping: Assign a priority level to interfaces to prioritize network traffic. The higher the number is, the higher the priority. 802.1p to Queue Mapping: Assign an 802.1p value (0~7) of 8 different levels to the specific queue. DSCP to Queue Mapping: Assign a DSCP value (0~63) of 64 different levels to the specific queue by pulling down the Queue menu.
  • Page 120 listed options for CoS (Class of Service) priority tag values. The default value is “0”. The default 802.1p settings are shown in the following table: Priority Level normal normal medium Medium High high 802.1p Value...

  • Page 121: Qos Remarking

    4.5.2 QoS Remarking QoS Remarking includes 802.1p Remarking and DSCP Remarking. To configure it, select the option QoS Remarking from the QoS Setup menu and then the following screen page appears Please note that 802.1p / DSCP remarking rule will not affect the priority mapping rule. Configure 802.1p Remarking: This allows you to enable or disable 802.1p remarking for each priority by pulling down the 802.1p Remarking...
  • Page 122 Configure DSCP Remarking: This allows you to enable or disable DSCP remarking for each priority by pulling down the DSCP Remarking menu. The default setting is disabled.

  • Page 123: Qos Rate Limit

    4.5.3 QoS Rate Limit Select the option QoS Rate Limit from the QoS Setup menu and then the following screen page appears. This allows users to specify each port’s both inbound and outbound bandwidth. The excess traffic will be dropped. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.

  • Page 124: Multicast

    4.6 Multicast Select the folder Multicast from the Main Menu, the IGMP/MLD Snooping subfolder will be displayed. 4.6.1 IGMP/MLD Snooping The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships.
  • Page 125 1. IGMP/MLD Setup: To enable or disable IGMP/MLD Snooping, IGMPv3/MLDv2 Snooping, Unregistered IPMC Flooding and set up router ports. 2. IGMP/MLD VLAN Setup: To set up the ability of IGMP/MLD snooping and querying with VLAN. 3. IGMP Snooping Status: View the IGMP snooping status. 4.

  • Page 126: Igmp/Mld Setup

    4.6.1.1 IGMP/MLD Setup Select the option IGMP/MLD Setup from the IGMP/MLD Snooping menu and then the following screen page appears. Please note that Query Interval value must be greater than the value of Query Response Interval. IGMP/MLD Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic.

  • Page 127: Igmp/Mld Vlan Setup

    4.6.1.2 IGMP/MLD VLAN Setup Select the option IGMP/MLD VLAN Setup from the IGMP/MLD Snooping menu and then the following screen page with the fucnions of IGMP Snooping and Querying in VLAN(s) appears. VID: VID of the specific VLAN. And VID marked stands that it is a MVR VLAN ID.

  • Page 128: Igmp Snooping Status

    4.6.1.3 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select the option IGMP Snooping Status from the IGMP/MLD Snooping menu and then the following screen page appears.

  • Page 129: Igmp Group Table

    4.6.1.4 IGMP Group Table In order to view the real-time IGMP multicast group status of the Managed Switch, select the option IGMP Group Table from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest IGMP group table. VLAN ID: VID of the specific VLAN.

  • Page 130: Mld Snooping Status

    4.6.1.5 MLD Snooping Status MLD Snooping Status allows users to view a list of MLD queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select the option MLD Snooping Status from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest MLD snooping status.

  • Page 131: Mld Group Table

    4.6.1.6 MLD Group Table In order to view the real-time MLD multicast group status of the Managed Switch, select the option MLD Group Table from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest MLD group table. VLAN ID: VID of the specific VLAN.

  • Page 132: Security Setup

    4.7 Security Setup In this section, several Layer 2 security mechanisms are provided to increase the security level of your Managed Switch. Layer 2 attacks are typically launched by or from a device that is physically connected to the network. For example, it could be a device that you trust but has been taken over by an attacker.

  • Page 133: Dhcp Snooping

    4.7.1 DHCP Snooping Select the option DHCP Snooping from the Security Setup folder and then three functions, including DHCP Snooping Setup, DHCP Option 82 / DHCPv6 Option 37 Setup and DHCP Snooping Table will be displayed for your selection. 4.7.1.1 DHCP Snooping Setup The following screen page appears if you choose DHCP Snooping Setup function.

  • Page 134: Dhcp Option 82 / Dhcpv6 Option 37 Setup

    4.7.1.2 DHCP Option 82 / DHCPv6 Option 37 Setup The Managed Switch can add information about the source of client DHCP requests that relay to DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information.
  • Page 135 Enable (check): Add Agent information. Disable (uncheck): Forward. Trust Port in Opt82/Opt37 field: Click on the checkbox of the corresponding port number if you would like ports to become trust ports. The trusted ports will not discard DHCP messages. For example, A DHCP request is from Port 1 that is marked as both Opt82 port and trust port.
  • Page 136 the circuit ID packet or uncheck to hide the circuit ID type and length of the circuit ID packet. The default setting is checked. Contents in Circuit-ID field: Specify the VLAN and port identifier using a VLAN ID in the range of 1 to 4094.

  • Page 137: Dhcp Snooping Table

    4.7.1.3 DHCP Snooping Table DHCP Snooping Table displays the Managed Switch’s DHCP Snooping table. The following screen page appears if you choose DHCP Snooping Table function. Refresh: Click Refresh to update the DHCP snooping table. Port of Client: View-only field that shows where the DHCP client binding port is. Port of Server: View-only field that shows the port where the IP addrsss is obtained from VID: View-only field that shows the VLAN ID of the client port.

  • Page 138: Port Isolation

    4.7.2 Port Isolation This is used to set up port’s communication availability that they can only communicate with a given "uplink". Please note that if the port isolation function is enabled, the Port-based VLAN will be invaild automatically. Also note that "Port Isolation" function is not "Private VLAN" fucntion. Select the option Port Isolation from the Security Setup menu and then the following screen page appears.

  • Page 139: Storm Control

    4.7.3 Storm Control When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per port basis so as to protect network from broadcast/unknown multicast/ unknown unicast storms.
  • Page 140 Broadcast Rate: Enable or disable Broadcast traffic control and set up broadcast Rate packet per second (pps) for each port. 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k, 512k can be chosen from the pull-down menu of each port.

  • Page 141: Loop Detection

    4.7.4 Loop Detection In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop. After a proper setting of Loop Detection function, the system detects loop condition by periodically sending loop detection packet.
  • Page 142 Loop Detection Enable: Check to enable the Loop Detection function on a system basis. The default setting is disabled. Looped Port Unlock-interval: This is the time interval for the system to detect the existence of loop condition. System un-blocks the looped port if it does not receive any loop-detection packet during the configured unlock-interval.

  • Page 143: Lldp

    4.8 LLDP LLDP stands for Link Layer Discovery Protocol and runs over data link layer which is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.

  • Page 144: Lldp Setup

    4.8.1 LLDP Setup Click the option LLDP Setup from the LLDP menu and then the following screen page appears. State: Globally enable or disable LLDP function. Receiver Hold-Time (TTL): Enter the amount of time for receiver hold-time in seconds. The Managed Switch will keep the information sent by the remote device for a period of time you specify here before discarding it.

  • Page 145: Lldp Status

    4.8.2 LLDP Status Click the option LLDP Status from the LLDP menu and then the following screen page appears. Refresh: Click Refresh to update the LLDP Status table. Port: View-only field that shows the port number on which LLDP frames are received. Chassis ID: View-only field that shows the MAC address of the LLDP frames received (the MAC address of the neighboring device).

  • Page 146: Maintenance

    4.9 Maintenance Maintenance allows users to monitor the real-time operation status of the Managed Switch for maintenance or diagnostic purposes and easily operate and maintain the system. Select the folder Maintenance from the Main Menu and then 4 options within this folder will be displayed for your selection.

  • Page 147: Cpu & Memory Statistics

    4.9.1 CPU & Memory Statistics CPU & Memory Statistics is to manually or automatically update statistics of CPU and Memory. Select the option CPU & Memory Statistics from the Maintenance menu and then the following screen page appears. Refresh Page Interval: Automatically updates statistics of CPU & Memory at a specified interval in seconds.
  • Page 148 trap-sending behavior will correspond to this comparison result and follow the pattern described below: - A one-off CPU Loading alarm trap will be sent once the captured value of Load Averages – 15 min is higher than the threshold, with no follow-up alarm traps if the next captured value still stays above the threshold.

  • Page 149: Ping

    4.9.2 Ping Ping can help you test the network connectivity between the Managed Switch and the host. Select the option Ping from the Maintenance menu and then the following screen page appears. Enter the IPv4/IPv6 address of the host you would like to ping. You can also specify the count and size of the Ping packets.

  • Page 150: Event Log

    4.9.3 Event Log Event log keeps a record of switch-related information. A network manager can investigate the information captured in the Event Log and therefore analyze the network traffic, usage, and security. Select the option Event Log from the Maintenance menu and then the following screen page appears.
  • Page 151 3. Click the pull-down menu of entries per page to select the maximum number of event entries displayed on each page. Click First, Last or select the intended page from the pull-down menu of Page to achieve page jumps; click Previous or Next to maneuver the display of the event log table. Filter: Configure each filter setting to customize the display of the event log table.
  • Page 152 4. Item List: Click Select to specify certain/all event categories from the collapsible section to enable event filtering. 5. Display Log Item List: Click each checkbox of one particular event category to select the intended event categories. Or quickly configure the desired event categories at a time by directly inputting the item number (e.g.1, 2, 3-7) in the Quick Select field located at the top- right corner of the Display Log Item List table.

  • Page 153: Transceiver Information

    4.9.4 Transceiver Information Select the option Transceiver Information from the Maintenance menu and then three functions, including Transceiver Info, Transceiver State, and Transceiver Threshold Configuration within this subfolder will be displayed.

  • Page 154: Transceiver Info

    4.9.4.1 Transceiver Info Transceiver Info displays WAN transceiver information e.g. the speed of transmission, the distance of transmission, vendor Name, vendor PN, vendor SN, etc. The following screen page appears if you choose Transceiver Info function. Refresh: Click Refresh to update the transceiver port Info status. Port: The port number of the transceiver module.

  • Page 155: Transceiver State

    4.9.4.2 Transceiver State Transceiver State displays WAN transceiver information e.g. the currently detected temperature, voltage, TX Bias, etc. The following screen page appears if you choose Transceiver State function. Refresh: Click Refresh to update the transceiver state status. Port: The port number of the transceiver. Temperature (Degree C): The operation temperature of the transceiver currently detected.

  • Page 156: Transceiver Threshold Configuration

    4.9.4.3 Transceiver Threshold Configuration Transceiver Threshold Configuration function not only displays the WAN transceiver current temperature, voltage, current, TX power and RX power information but is capable of detecting whether the WAN transceiver is at normal status or not. In the display of the above WAN traceiver information, you can decide one or all items to be shown at a tme by assigning All/Temperature/Voltage/Current/TX power/RX power parameter upon your requriements.
  • Page 157 time interval configured in Threshold Interval parameter to notify the user once WAN transceiver temperature/current/voltage/TX power/RX power is at the abnormal status. In case this function is disabled, however, the alarm message will be sent only one time to notify the user once WAN transceiver temperature/current/voltage/TX power/RX power is at the abnormal status.
  • Page 158 High/Low Value of Current Threshold Alarm/Warning parameter: Specify the WAN transceiver current Alarm/Warning threshold if the manual mode is applied. Valid range: 0.0 ~ 150.0 mA. Default threshold value of Alarm is High: 90, Low: 0.1; default threshold value of Warning is High: 80, Low: 0.3.

  • Page 159: Management

    4.10 Management In order to do the firmware upgrade, load the factory default settings, etc. for the Managed Switch, please click the folder Management from the Main Menu and then 8 options will be displayed for your selection. 1. Management Access Setup: Enable or disable the specified network services 2.
  • Page 160 7. Save Configuration: Save all changes to the system. 8. Reset System: Reset the Managed Switch.

  • Page 161: Management Access Setup

    4.10.1 Management Access Setup Click the option Management Access Setup from the Management menu and then the following screen page appears. Telnet Service: To enable or disable the Telnet Management service. SSH Service: To enable or disable the SSH Management service. SNMP Service: To enable or disable the SNMP Management service.

  • Page 162: User Authentication

    4.10.2 User Authentication To prevent any unauthorized operations, only registered users are allowed to operate the Managed Switch. Users who would like to operate the Managed Switch need to create a user account first. To view or change current registered users, select the option User Authentication from the Management menu and then the following screen page shows up.
  • Page 163 IPv4/IPv6 address of the RADIUS server. Up to 2 servers can be configured as the RADIUS authentication server. NOTE: For FreeRADIUS server setup, please refer to APPENDIX A for the creation of CTS vendor-specific dictionary and modification of the configuration files.
  • Page 164 Click Add User Authentication to add a new user and then the following screen page appears for the further user registration settings. Account State: Enable or disable this user account. User Name: Specify the authorized user login name. Up to 20 alphanumeric characters can be accepted.
  • Page 165 NOTE: 1. To prevent incautious operations, users cannot delete their own account, modify their own user name and change their own account state. 2. The acquired password from backup config file is not applicable for user login on CLI/Web interface. 3.

  • Page 166: Snmp

    4.10.3 SNMP Select the option SNMP from the Management menu and then four functions, including SNMPv3 USM User, Device Community, Trap Destination and Trap Setup will be displayed for your selection. 4.10.3.1 SNMPv3 USM User Simple Network Management Protocol Version 3, SNMPv3 in short, features stronger security mechanism, including authentication and encryption that helps ensure that the message is from a valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source.
  • Page 167 Account State: View-only field that shows this user account is enabled or disabled. User Name: View-only field that shows the authorized user login name. Authentication: This is used to ensure the identity of users. The following is the method to perform authentication.
  • Page 168 Enables authentication based on the Hashed Message Message Digest Authentication Code(HMAC)- Algorithm(MD5) None MD5 or HMAC-SHA algorithms. or Secure Hash Algorithm(SHA) Enables authentication based on the Hashed Message Authentication Code(HMAC)- Data Encryption MD5 or HMAC-SHA algorithms. MD5 or SHA Standard(DES) What’s more, enables DES 56-bit encryption based on the Cipher Block Chaining (CBC)-DES...

  • Page 169: Device Community

    4.10.3.2 Device Community The following screen page appears if you choose Device Community function. This table will display the overview of each configured devcie community. Up to 10 devcie communities can be registered. Occupied/Max Entry: View-only field. Occupied: his shows the amount of total registered communities. Max: This shows the maximum number available for the device community registration.
  • Page 170 Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters. Description: Enter a unique description for this community name. Up to 35 alphanumeric characters can be accepted. This is mainly for reference only. Click when the settings are completed, this new community will be listed on the devcie community table, or click to cancel the settings.

  • Page 171: Trap Destination

    4.10.3.3 Trap Destination The following screen page appears if you choose Trap Destination function. State: Enable or disable the function of sending trap to the specified destination. Destination IP: Enter the specific IPv4/IPv6 address of the network management system that will receive the trap.

  • Page 172: Trap Setup

    4.10.3.4 Trap Setup The following screen page appears if you choose Trap Setup function. Cold Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch is turned on. Warm Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch restarts.

  • Page 173: Led Control Setup

    4.10.4 LED Control Setup Users can turn on and off the LED status light on the top panel of the Managed Switch remotely. To toggle between the on and off state of the LED status light, select the option LED Control Setup from the Management menu and then the following screen page shows up.

  • Page 174: Firmware Upgrade

    4.10.5 Firmware upgrade The Managed Switch offers three methods, including HTTP, FTP and TFTP to back up/restore the configuration and update the firmware. To do this, please select the option Firmware Upgrade from the Management menu and then the following screen page appears. 4.10.5.1 Configuration Backup/Restore via HTTP To back up or restore the configuration via HTTP, just pull down the Protocol menu and select HTTP.

  • Page 175: Firmware Upgrade Via Http

    Backup: Click Backup to begin download the configuration file to your PC. Select File: Click Choose File to select the designated data and then click Update to restore the configuration. 4.10.5.2 Firmware Upgrade via HTTP To update the firmware via HTTP, just pull down the Protocol menu and select HTTP. Also configure the type of file as “Firmware”...

  • Page 176: Configuration Backup/Restore Via Ftp/Tftp

    4.10.5.3 Configuration Backup/Restore via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may back up or restore the configuration via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Configuration” to process. The related parameter description is as below.

  • Page 177: Firmware Upgrade Via Ftp/Tftp

    4.10.5.4 Firmware Upgrade via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may update the firmware via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Firmware” to process. The related parameter description is as below. Protocol: Select the preferred protocol, either FTP or TFTP.

  • Page 178: Load Factory Settings

    4.10.6 Load Factory Settings Load Factory Settings will set all the configurations of the Managed Switch back to the factory default settings, including the IP and Gateway address. Load Factory Setting is useful when network administrators would like to re-configure the system. A system reset is required to make all changes effective after Load Factory Setting.

  • Page 179: Save Configuration

    4.10.7 Save Configuration In order to save the configuration permanently, users need to save configuration first before resetting the Managed Switch. Select the option Save Configuration from the Management menu and then the following screen page appears. Click OK to save the configuration. Alternatively, you can also press the Save quick button located on the top-right side of the webpage, which has the same function as Save Configuration.

  • Page 180: Reset System

    4.10.8 Reset System To reboot the system, please select the option Reset System from the Management menu and then the following screen page appears. From the pull-down menu of New Configured Boot Image, you can choose the desired image for the next system reboot if necessary. Click Set Next Bootup Image to change the image into the new boot-up image you select.

  • Page 181: Appendix A: Freeradius Readme

    The simple quick setup of FreeRADIUS server for RADIUS Authentication is described below. On the server-side, you need to 1) create a CTS vendor-specific dictionary and 2) modify three configuration files, “dictionary”, “authorize”, and “clients.conf”, which are already included in FreeRADIUS upon the completed installation.
  • Page 182 VALUE WEB_LEVEL Read-Write 2 VALUE WEB_LEVEL Administrator END-VENDOR cts 2. Modifying three configuration files * Before editing any of the following files, it’s good practice to read through the official and most- current documentation contained within each file mentioned down below.

  • Page 183: Appendix B: Set Up Dhcp Auto-Provisioning

    APPENDIX B: Set Up DHCP Auto-Provisioning Networking devices, such as switches or gateways, with DHCP Auto-provisioning function allow you to automatically upgrade firmware and configuration at startup process. Before setting up DHCP Server for auto-upgrade of firmware and configuration, please make sure the Managed Switch that you purchased can support DHCP Auto-provisioning.
  • Page 184 Step 2. Set up Auto Provision Server  Update DHCP Client Linux Fedora 12 supports “yum” function by default. First of all, update DHCP client function by issuing “yum install dhclient” command.  Install DHCP Server Issue “yum install dhcp” command to install DHCP server.
  • Page 185  Copy dhcpd.conf to /etc/dhcp/ directory Copy dhcpd.conf file provided by the vendor to /etc/dhcp/ directory. Please note that each vendor has their own way to define auto provisioning. Make sure to use the file provided by the vendor.  Enable and run DHCP service 1.
  • Page 186 Step 3. Modify dhcpd.conf file  Open dhcpd.conf file in /etc/dhcp/ directory Double-click dhcpd.conf placed in /etc/dhcp/ directory to open it.
  • Page 187  Modify dhcpd.conf file The following marked areas in dhcpd.conf file can be modified with values that work with your networking environment. 1. Define DHCP default and maximum lease time in seconds. Default lease time: If a client does not request a specific IP lease time, the server will assign a default lease time value.
  • Page 188 5. This value is configurable and can be defined by users. 6. Specify the protocol used (Protocol 1: FTP; Protocol 0: TFTP). 7. Specify the FTP or TFTP IP address. 8. Login TFTP server anonymously (TFTP does not require a login name and password). 9.
  • Page 189  Restart DHCP service...
  • Page 190 Every time when you modify dhcpd.conf file, DHCP service must be restarted. Issue “killall dhcpd” command to disable DHCP service and then issue “dhcpd” command to enable DHCP service. Step 4. Backup a Configuration File Before preparing a configuration file in TFTP/FTP Server, make sure the device generating the configuration file is set to “Get IP address from DHCP”...
  • Page 191 B. Auto-Provisioning Process This switching device is setting-free (through auto-upgrade and configuration) and its upgrade procedures are as follows: 1. The ISC DHCP server will recognize the device whenever it sends an IP address request to it, and it will tell the device how to get a new firmware or configuration. 2.

This manual is also suitable for:

Hes-3106b-se-rfHes-3106bw2a(sm-10)-se-drHes-3106bw2a(sm-10)-se-dr-rfHes-3106sfp-se-drHes-3106-se

Table of Contents