COPYRIGHT All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, whether electronic, mechanical, photo copying, recording or otherwise, without the prior written permission of the publisher.
Page 3
Take special care to read and understand all the content in the warning boxes. Warning Take special care to read and understand all the content in the warning boxes. Warning Do not work on the system or connect or disconnect cables during periods of lightning activity.
Page 4
If a redundant power system (RPS) is not connected to the switch, Warning install an RPS connector cover on the back of the switch. Read the wall-mounting instructions carefully before beginning installation. Failure to use the correct hardware or to follow the correct Warning procedures could result in a hazardous situation to people and damage to the system.
Page 5
This unit might have more than one power supply connection. All connections must be removed to de-energize the unit. Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Warning When installing or replacing the unit, the ground connection must always be made first and disconnected last.
Table of Contents 1. ABOUT THIS MANUAL................13 1.1....................... 13 NTRODUCTION 1.2......................... 13 URPOSE 1.3......................13 ERMS SAGE 2. ABOUT THE NGI-M08C2 ................14 2.1....................... 14 EATURES 2.2...................... 14 PECIFICATIONS 3. HARDWARE DESCRIPTION ............... 17 3.1.
Page 7
5.2.1.1. CLI C ....................44 ONFIGURATION 5.2.1.2....................45 ONFIGURATION 5.2.2. MAC T ........................46 ABLE 5.2.2.1. CLI C ....................46 ONFIGURATION 5.2.2.2....................46 ONFIGURATION 5.2.3........................48 5.2.3.1. CLI C ....................48 ONFIGURATION 5.2.3.2....................48 ONFIGURATION 5.3......................
Page 8
6.2.1.3.1. CLI C ....................85 ONFIGURATION 6.2.1.3.2. W ....................86 ONFIGURATION 6.2.2. IGMP S ..................87 NOOPING ILTERING 6.2.2.1....................... 87 ENERAL ETTINGS 6.2.2.1.1. CLI C ....................87 ONFIGURATION 6.2.2.1.2. W ....................87 ONFIGURATION 6.2.2.2...................... 89 ULTICAST ROUP 6.2.2.2.1. CLI C ....................
Page 10
7.1.2.2......................177 INDING ABLE 7.1.2.2.1. CLI C ....................177 ONFIGURATIONS 7.1.2.2.2. W ....................177 ONFIGURATIONS 7.1.3. ARP I ......................178 NSPECTION 7.1.3.1. ARP I ......................179 NSPECTION 7.1.3.1.1. CLI C ....................179 ONFIGURATIONS 7.1.3.1.2. W ....................180 ONFIGURATIONS 7.1.3.2......................
Page 11
9.1.1.1.2. W ....................212 ONFIGURATIONS 9.1.1.2...................... 213 OMMUNITY 9.1.1.2.1. CLI C ....................213 ONFIGURATIONS 9.1.1.2.2. W ....................214 ONFIGURATIONS 9.1.2. SNMP T ........................ 216 9.1.2.1....................216 ECEIVER ETTINGS 9.1.2.1.1. CLI C ....................216 ONFIGURATIONS 9.1.2.1.2. W ....................216 ONFIGURATIONS 9.1.2.2.
1. About this Manual 1.1. Introduction The NGI-M08C2is a full Managed Industrial Switch specifically designed to suit your heavy industrial environments and contains all necessary standard features to deploy in automation systems. Engineered with hardened components and enclosed in a rugged IP30 case, the NGI-M08C2 can operate in wide temperatures from -40°C to 70°C and has excellent tolerance capability to high vibration and shock.
2. About the NGI-M08C2 2.1. Features Network Functions Traffic management &QoS Port-based Mirroring Port Priority 256 Active VLAN Rate Limitation IGMP Snooping v1/v2/v3 Storm Control IGMP Querier Port Isolation DHCP Relay/Option 82 802.1Q Tag-based VLAN Link Aggregation Auto MDI/MDI-X Link Layer Discovery Protocol Loop Detection, Auto Recovery Timer Network Management STP/RSTP...
Page 15
Performance Switch Fabric 2Gbps L2 Forwarding 14.8Mpps Packet buffer size 4.1Mbit MAC Entries Jumbo frame Throughput 1,488,000pps when 1000Mbps speed Physical ports 10/100/1000Base-T (RJ45) 100FX/Gigabit SFP Slots Power Input Voltage: Primary input 24~48VDC at a maximum of 0.4A Redundant input 24~48VDC at a maximum of 0.4A Connection: Removable 6-pin terminal block...
Page 16
Operating humidity 5 to 95% RH (non-condensing) Storage humidity 5 to 95% RH (non-condensing) Altitude Up to 2000 m (6561 ft.)
3. Hardware Description NGI-M08C2 Front Panel 8 x 10/100/1000 RJ45 & 2 x 100/1000 SFP Managed Industrial Switch 3.1. Connectors The Switches utilizes ports with copper and SFP fiber port connectors functioning under Ethernet/Fast Ethernet/Gigabit Ethernet standards. 10/100/1000Base-T Ports The 10/100/1000 RJ45 ports support network speeds of 10Mbps, 100Mbps or 1000Mbps and can operate in half- and full-duplex transfer modes.
To properly connect fiber cabling: Check that the fiber terminators are clean. You can clean the cable plugs by wiping them gently with a clean tissue or cotton ball moistened with a little ethanol. Dirty fiber terminators on fiber optic cables will impair the quality of the light transmitted through the cable and lead to degraded performance on the port.
Page 19
Mounting the Switch Place the NGI-M08C2 on the DIN rail from above using the slot and push the front of the switch toward the mounting surface until it snaps into place with a click sound. Dismounting the Switch Push the switch down to free the bottom of the plate from the DIN rail. Rotate the bottom of the device towards you and away from the DIN rail.
Page 20
Attention A corrosion-free mounting rail is advisable. When installing, make sure to allow for enough space to properly install the cabling. Wiring Power Inputs You can use “Terminal Block (PWR)” for Primary Power input and “Terminal Block (RPS)” for secondary power source for Redundant Power Input. To insert power wire and connect the 24~48 VDC power to the power terminal block, follow the steps below: Step 1: Insert the positive/negative DC wires into the V+/V- terminal, respectively.
Page 21
Insert the terminal block connector, which includes “PWR” and “RPS” into the terminal block receptor. Connect power cables to terminal block: Use screwdriver to insert the power cables. WARNING Safety measures should be taken before connecting the power cable Turn off the power before connecting modules or wires.
Page 22
If the condition is satisfied, the fault circuit will be closed. Warning Use copper conductors only, 60/75˚C (140/167°F), tighten to 0.56 N•m (5 lb•in). The wire gauge for the terminal block should range between 12~24 AWG. Powering On the Unit The Switch accepts the power input voltage of 24~48VDC.
3.3. LED Indicators This Switch is equipped with Unit LEDs to enable you to determine the status of the Switch, as well as Port LEDs to display what is happening in all your connections. They are as follows: System LEDs Illuminated Primary Power on Primary Power off or failure...
3.4. DIP Switches 1. PWR Primary power input from terminal block Primary power alarm reporting is enabled Primary power alarm reporting is disabled 2. RPS Redundant power input from terminal block Redundant power alarm reporting is enabled Redundant power alarm reporting is disabled Warning Do not block air ventilation holes, as heat dissipated passes through it ATTENTION...
4. System Status 4.1. Console Port Connect your computer to the console port on the Switch using the appropriate cable. Use terminal emulation software with the following settings: Default Settings for the Console Port Setting Default Value Terminal Emulation VT100 Baud Rate 38400...
You can execute a few limited commands when CLI prompt is displayed as below. L2SWITCH> If you want to execute more powerful commands, you must enter the privileged mode. Input command “enable” L2SWITCH>enable Input a valid username and password when below prompt are displayed. user: admin password: admin L2SWITCH#...
Page 27
interface Its command prompt is “L2SWITCH(config-if)#”. It means these commands can be executed in this command prompt. In Configure code, executing command “interface gigaethernet1/0/5” enter the interface port 5 node. In Configure code, executing command “interface fastethernet1/0/5” enter the interface port 5 node.
4.5. Management via Internet Browser Interface From a PC, open your Web browser, type the following in the Web address (or location) box: http://192.168.0.254 and then press <Enter>. This is the factory default IP address for the Switch. A login dialog is displayed, as shown in the figure: Parameter Description...
4.6. System Information 4.6.1. CLI Configuration Node Command Description enable show hostname This command displays the system’s network name. enable show interface eth0 This command will display the interface et0 information. enable show model This command will display information of switch like vendor, product, mac-address, serial boot code, firmware version etc…...
4.6.2. Web Configuration The System Information window appears each time you log into the program. Alternatively, this window can be accessed by clicking System Status > System Information. Parameter Description System Information Model Name This field displays the model name of the Switch. Host name This field displays the name of the Switch.
Page 31
Default Gateway This field indicates the default gateway of the Switch. This field displays the MAC (Media Access Control) address MAC Address of the Switch. The serial number assigned by manufacture for identification Serial Number of the unit. This field displays the VLAN ID that is used for the Switch Management VLAN management purposes.
5. Basic Settings 5.1. System Settings 5.1.1. System Management VLAN To specify a VLAN group which can access the Switch. The valid VLAN range is from 1 to 4094. If you want to configure a management VLAN, the management VLAN should ...
Page 33
enable & renew: Use DHCP client to get an IP address from DHCP server. next_restart: The settings will take effect on next system restart. eth0 management vlan <1-4094> This command configures the management vlan. eth0 ip ipv6-address This command configures a global AAAA:BBBB:CCCC:DDDD:E scope of IPv6 address and subnet mask EEE:FFFF:GGGG:HHHH/M...
5.1.1.2. Web Configuration Parameter Description System Settings Hostname The field configures a hostname for the system. Management VLAN The field configures a VLAN group to manage the Switch. IPv4 Settings Select Enable to allow the Switch to automatically get an IP address from a DHCP server.
Page 35
Select Enable to allow the Switch to automatically get an IP address from a DHCPv6 server. Click Renew to have the DHCPv6 Client Switch re-get an IP address from the DHCP server. Select Disable if you want to configure the Switch’s IP address manually.
5.1.2. Jumbo Frame Jumbo frames are Ethernet frames with a payload greater than 1500 bytes. Jumbo frames can enhance data transmission efficiency in a network. The bigger the frame size, the better the performance. Notice: The default jumbo frame is 10240 bytes. ...
5.1.3. SNTP The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. A less complex implementation of NTP, using the same protocol but without requiring the storage of state over extended periods of time is known as the Simple Network Time Protocol (SNTP).NTP provides Coordinated Universal Time (UTC).
Page 38
day: 1-31 configure time daylight-saving-time This command enables the daylight saving time. configure no time daylight-saving-time This command disables daylight saving on the Switch. configure time daylight-saving-time start- This command sets the start time of date the Daylight Saving Time. (first|second|third|fourth|last)(S unday|Monday|Tuesday|Wedne sday|Thursday|Friday|Saturday...
5.1.3.2. Web Configuration Parameter Description Current Time and Date Current Time This field displays the time you open / refresh this menu. Current Date This field displays the date you open / refresh this menu. Time and Date Setting Select this option if you want to enter the system date and time Manual manually.
Page 40
server. The Switch searches for the timeserver for up to 60 seconds. Select the time difference between UTC (Universal Time Time Zone Coordinated, formerly known as GMT, Greenwich Mean Time) and your time zone from the drop-down list box. Daylight Saving Settings Select Enable if you want to use Daylight Saving Time.
5.1.4. Management Host The feature limits the hosts which can manage the Switch. The default has no management host. That is, any hosts can manage the Switch via telnet or web browser. If user has configured one or more management host, the Switch can be managed by these hosts only. The feature allow user to configure management IP up to 10 entries.
Management Host This field displays the management host and the number of (IP/Mask) mask bit. Action Click Delete to remove the specified entry. 5.2. MAC Management Dynamic Address: The MAC addresses are learnt by the switch. When the switch receives frames, it will record the source MAC, the received port and the VLAN in the address table with an age time.
Figure: MAC Table Flowchart Notices: The default MAC address table age time is 300 seconds. The Maximum static address entry is 256. 5.2.1. Static MAC A static Media Access Control (MAC) address is an address that has been manually entered in the MAC address table, and do not age out.
5.2.1.2. Web Configuration Parameter Description Static MAC Settings Enter the MAC address of a computer or device that you want MAC Address to add to the MAC address table. Valid format is hh:hh:hh:hh:hh:hh. VLAN ID Enter the VLAN ID to apply to the computer or device. Enter the port number to which the computer or device is Port connected.
5.2.2. MAC Table 5.2.2.1. CLI Configuration Node Command Description enable show mac-address-table This command displays the current static/dynamic unicast address entries. (static|dynamic) enable show mac-address-table This command displays information of a mac MACADDR specific MAC. enable show mac-address-table This command displays the current unicast port PORT_ID address entries learnt by the specific port.
Page 47
VLAN ID This field displays the VLAN ID of the MAC address entry. This field displays the port number / Trunk ID the MAC address entry is associated. Port / Trunk ID It displays CPU if it is the entry for the Switch itself. The CPU means that it is the Switch’s MAC.
5.2.3. Age Time 5.2.3.1. CLI Configuration Node Command Description enable show mac-address-table This command displays the current MAC aging-time address table age time. enable configure terminal This command changes the node to configure node. configure mac-address-table aging- This command configures the mac table aging time VALUE time.
5.3. Port Mirror Port-Based Mirroring The Port-Based Mirroring is used on a network switch to send a copy of network packets sent/received on one or a range of switch ports to a network monitoring connection on another switch port (Monitor to Port). This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system.
Success! L2SWITCH(config)#exit L2SWITCH#show mirror Mirror Configurations: State : Disabled. Monitor port : 9. Ingress port(s): 1-8. Egress port(s) : None. 5.3.2. Web Configuration Parameter Description Port Mirroring Settings Select Enable to turn on port mirroring or select Disable to State turn it off.
Page 51
Select Disable to not copy any traffic from the specified source ports to the monitor port. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
5.4. Port Settings Duplex Mode A duplex communication system is a system composed of two connected parties or devices that can communicate with one another in both directions. Half Duplex: A half-duplex system provides for communication in both directions, but only one direction at a time (not simultaneously).
Auto Negotiation Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto- negotiation is turned on, a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode.
Page 54
100-full–n | 100-half | 100-half- auto: Auto negotiation mode. n | 1000-full | 1000-full-n) 10-full: 10Mbps Full duplex force mode. 10-full-n: 10Mbps Full duplex auto negotiation mode. 10-half: 10Mbps Half duplex force mode. 10-half-n: 10Mbps Half duplex auto negotiation mode. 100-full: 100Mbps Full duplex force mode.
Page 55
1000-full:1000Mbps Full duplex force mode. 1000-full-n: 1000Mbps Full duplex auto negotiation mode.
5.4.1.2. Web Configuration Parameter Description Port Settings Port Select a port or a range ports you want to configure on this screen. State Select Enable to activate the port or Disable to deactivate the port. Select the speed and duplex mode of the port. The choices are: •...
Click Apply to take effect the settings. Apply Refresh Click Refresh to begin configuring this screen afresh. Port Status Port This field displays the port number. State This field displays whether the port is enabled or disabled. This field displays the speed either 10M, 100M or 1000M and the Speed/Duplex duplex mode Full or Half.
if-range no description This command configures the default port description for the specific ports. if-range alias STRING This command configures an alias for the specific ports. The length of alias is up to 64 characters. if-range no alias This command reset the alias to default.
Page 59
Port Status Port This field displays the port number. Description The meaningful name for the port. Alias The alias name for the port. The field displays the detail port status if the port is blocked by Status some protocol. Uptime The sustained time from last link up.
6. Advanced Settings 6.1. Bandwidth Control 6.1.1. Each egress port can support up to 8 transmit queues. Each egress transmit queue contains a list specifying the packet transmission order. Every incoming frame is forwarded to one of the 8 egress transmit queues of the assigned egress port, based on its priority. The egress port transmits packets from each of the 8 transmit queues according to a configurable scheduling algorithm, which can be a combination of Strict Priority (SP) and/or Weighted Round Robin (WRR).
Page 61
DSCP Based QoS - Assign priority to packets based on their Differentiated Services Code Points (DSCPs). Note: Advanced QoS methods only affect the internal priority queue mapping for the Switch. The Switch does not modify the IEEE 802.1p value for the egress frames. You can choose one of these ways to alter the way incoming packets are prioritized or you can choose not to use any QoS enhancement setting on the Switch.
6.1.1.1. Port Priority 6.1.1.1.1. CLI Configuration Node Command Description enable show interface This command displays the current port IFNAME configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node.
Page 64
Select a priority for packets received by the port. Only packets 802.1p Priority without 802.1p priority tagged will be applied the priority you set here. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
6.1.1.2. IP DiffServ (DSCP) DiffServ (DSCP) Differentiated Services or DiffServ is a computer networking architecture that specifies a simple, scalable and coarse-grained mechanism for classifying, managing network traffic and providing Quality of Service (QoS) guarantees on modern IP networks. DiffServ can, for example, be used to provide low-latency, guaranteed service (GS) to critical network traffic such as voice or video while providing simple best-effort traffic guarantees to non- critical services such as web traffic or file transfers.
Precedence 111 - Network Control 110 - Internetwork Control 101 - CRITIC/ECP 100 - Flash Override 011 - Flash 010 - Immediate 001 - Priority 000 - Routine The use of the Delay, Throughput, and Reliability indications may increase the cost (in some sense) of the service.
6.1.1.2.2. Web Configuration Parameter Description DSCP Settings “Tag Over DSCP” or “DSCP Over Tag”. “Tag Over DSCP” means the Mode 802.1p tag has higher priority than DSCP. This field displays each priority level. The values range from 0 (lowest Priority priority) to 7 (highest priority).
6.1.1.3. Priority/Queue Mapping 6.1.1.3.1. CLI Configuration Node Command Description enable show queue cos-map This command displays the current 802.1p priority mapping to the service queue. enable configure terminal This command changes the node to configure node. configure queue cos-map <0-7> This command configures the 802.1p priority <0-7>...
6.1.1.3.2. Web Configuration Parameter Description Priority/Queue Mapping Settings Click this button to reset the priority to queue mappings to the Reset to Default defaults. This field displays each priority level. The values range from 0 Priority (lowest priority) to 7 (highest priority). Queue ID Select the number of a queue for packets with the priority level.
6.1.1.4. Schedule Mode Queuing Algorithms Queuing algorithms allow switches to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth. Strict-Priority (SPQ) The packets on the high priority queue are always service firstly. Weighted round robin (WRR) ...
This field indicates which Queue (0 to 7) you are configuring. Queue ID Queue 0 has the lowest priority and Queue 7 the highest priority. You can only configure the queue weights when Weighted Round Robin is selected. Bandwidth is divided across the Weight Value different traffic queues according to their weights.
Page 73
configure no storm-control type This command disables the bandwidth limit (broadcast | multicast for broadcast or multicast or DLF packets. |DLF) ports PORTLISTS...
6.1.2.1.2. Web Configuration Parameter Description Storm Control Settings Select the port number for which you want to configure storm control Port settings. Select the number of packets (of the type specified in the Type field) Rate per second the Switch can receive per second. Select Broadcast - to specify a limit for the amount of broadcast packets received per second.
6.1.2.2. Bandwidth Limitation The rate limitation is used to control the rate of traffic sent or received on a network interface. Rate Limitation unit: 16 Kbits. 6.1.2.2.1. CLI Configuration Node Command Description enable show bandwidth-limit This command displays the current rate control configurations.
6.1.2.2.2. Web Configuration Parameter Description Bandwidth Limitation Settings Port Selects a port that you want to configure. Ingress Configures the rate limitation for the ingress packets. Egress Configures the rate limitation for the egress packets. Click Apply to take effect the settings. Apply Click Refresh to begin configuring this screen afresh.
6.2. IGMP Snooping 6.2.1. IGMP Snooping The IGMP snooping is for multicast traffic. The Switch can passively snoop on IGMP packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly.
Page 78
global state is enabled, user must enable per VLAN states to enable the IGMP Snooping on the specific VLAN.
6.2.1.1. General Settings 6.2.1.1.1. CLI Configuration Node Command Description enable show igmp-snooping This command displays the current IGMP snooping configurations. enable configure terminal This command changes the node to configure node. This command disables / enables the IGMP configure igmp-snooping (disable|enable) snooping on the switch.
Page 80
Parameter Description IGMP Snooping Settings Select Enable to activate IGMP Snooping to forward group IGMP Snooping State multicast traffic only to ports that are members of that group. Select Disable to deactivate the feature. Select Add and enter VLANs upon which the Switch is to perform IGMP snooping.
6.2.1.2. Port Settings Immediate Leave When you enable IGMP Immediate-Leave processing, the switch immediately removes a port when it detects an IGMP version 2 leave message on that port. You should use the Immediate-Leave feature only when there is a single receiver present on every port in the VLAN.
Page 82
configure interface IFNAME This command enters the interface configure node. interface igmp-immediate-leave This command enables the IGMP Snooping immediate leave function for the specific port. interface no igmp-immediate- This command disables the IGMP Snooping leave immediate leave function for the specific port. interface igmp-group-limit This command configures the maximum...
6.2.1.2.2. Web Configuration Parameter Description Port Settings Select the desired setting, Auto, Fixed, or Edge. Auto means the Switch uses the port as an IGMP query port if the port receives IGMP query packets. Fixed means the Switch always treats the port(s) as IGMP query port(s). This is for when connecting an IGMP multicast server to the port(s).
Page 84
Port The port ID. Querier Mode The Querier mode setting for the specific port. Immediate Leave The Immediate Leave setting for the specific port. Group / Limit The current joining group count and the maximum group count.
6.2.1.3. Querier Settings IGMP Querier There is normally only one Querier per physical network. All multicast routers start up as a Querier on each attached network. If a multicast router hears a Query message from a router with a lower IP address, it MUST become a Non-Querier on that network. If a router has not heard a Query message from another router for [Other Querier Present Interval], it resumes the role of Querier.
6.2.1.3.2. Web Configuration Parameter Description Querier Settings State This field configures the global Querier state. This field configures the interval which Querier send query Query Interval packet periodically. VLAN State This field enables the Querier state in a vlan or a range of vlan. Apply Click Apply to take effect the settings.
6.2.2. IGMP Snooping Filtering The IGMP Snooping Filter allows users to configure one or some of range or multicast address to drop or to forward them. 6.2.2.1. General Settings 6.2.2.1.1. CLI Configuration Node Command Description enable show igmp-snooping filtering This command displays the IGMP snooping filtering configurations.
Page 88
IGMP Filtering Settings IGMP Filtering This field configures the global IGMP Filtering state. State Profile This field creates the IGMP Filtering profile. Type The field configures the type of action for the profile. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
6.2.2.2. Multicast Group 6.2.2.2.1. CLI Configuration Node Command Description enable show igmp-snooping filtering This command displays the IGMP snooping filtering configurations. enable configure terminal This command changes the node to configure node. configure igmp-snooping filtering profile This command creates a filtering STRING profile and enters the IGMP snooping filtering profiles configuration node.
This field selects the profile which you want to configure the Profile group. Group This field selects the group index. Start Address The field configures the first multicast address of the group. End Address The field configures the last multicast address of the group. Apply Click Apply to take effect the settings.
6.2.2.3.2. Web Configuration Parameter Description Port Settings This field selects the profile which you want to activate on the Profile ports. Selects the ports which you want to activate the IGMP Filtering Activate on Ports profile. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
6.2.3. Multicast Address A multicast address is associated with a group of interested receivers. According to RFC 3171, addresses 224.0.0.0 to 239.255.255.255, the former Class D addresses, are designated as multicast addresses in IPv4. The IANA owns the OUI MAC address 01:00:5e, therefore multicast packets are delivered by using the Ethernet MAC address range 01:00:5e:00:00:00 - 01:00:5e:7f:ff:ff.
IP Multicast Description Address 224.0.0.0 Base address (reserved). The All Hosts multicast group that contains all systems on the same 224.0.0.1 network segment. The All Routers multicast group that contains all routers on the same 224.0.0.2 network segment. The Open Shortest Path First (OSPF) All SPF Routers address. Used to 224.0.0.5 send Hello packets to all OSPF routers on a network segment.
configure ip-multicast IPADDR server This command configures an IP IPADDR vlan <1-4094> port multicast group. PORTLISTS configure no ip-multicast IPADDR This command deletes an IP multicast server IPADDR vlan <1-4094> group. 6.2.3.2. Web Configuration Parameter Description Static Multicast Address Settings VLAN ID Configures the VLAN that you want to configure.
6.3. VLAN 6.3.1. Port Isolation The port isolation is a port-based virtual LAN feature. It partitions the switching ports into virtual private domains designated on a per port basis. Data switching outside of the port’s private domain is not allowed. It will ignore the packets’ tag VLAN information. This feature is a per port setting to configure the egress port(s) for the specific port to forward its received packets.
6.3.1.2. Web Configurations Parameter Description Port Isolation Settings Select a port number to configure its port isolation settings. Port Select All Ports to configure the port isolation settings for all ports on the Switch. An egress port is an outgoing port, that is, a port through which a data packet leaves.
Click Refresh to begin configuring this screen afresh. Refresh Port Isolation Status “V” indicates the port’s packets can be sent to that port. “-” indicates the port’s packets cannot be sent to that port. 6.3.2. 802.1Q VLAN A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location.
forward a frame from an 802.1Q VLAN-unaware switch to an 802.1QVLAN-aware switch, the Switch first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port's default VID. The default PVID is VLAN 1 for all ports, but this can be changed.
Page 99
enable configure terminal This command changes the node to configure node. configure vlan <1~4094> This command enables a VLAN and enters the VLAN node. configure no vlan <1~4094> This command deletes a VLAN. vlan show This command displays the current VLAN configurations.
6.3.2.1.2. Web Configurations Parameter Description VLAN Settings Enter the VLAN ID for this entry; the valid range is between 1 VLAN ID and 4094. Enter a descriptive name for the VLAN for identification purposes. The VLAN name should be the combination of the VLAN Name digit or the alphabet or hyphens (-) or underscores (_).
6.3.2.2. Tag Settings 6.3.2.2.1. CLI Configurations Node Command Description enable show vlan This command displays all of the VLAN configurations. enable show vlan <1-4094> This command displays the VLAN configurations. enable configure terminal This command changes the node to configure node. configure vlan <1~4094>...
6.3.2.2.2. Web Configurations Parameter Description Tag Settings Select a VLAN ID to configure its port tagging settings. VLAN ID Selecting a port which is a member of the selected VLAN ID Tag Port will make it a tag port. This means the port will tag all outgoing frames transmitted with the VLAN ID.
6.3.2.3. Port Settings 6.3.2.3.1. CLI Configurations Node Command Description enable show vlan This command displays all of the VLAN configurations. enable show vlan <1-4094> This command displays the VLAN configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface...
6.3.2.3.2. Web Configurations Parameter Description Port Settings Select a port number to configure from the drop-down box. Port Select All to configure all ports at the same time. Select a PVID (Port VLAN ID number) from the drop-down PVID box. Specify the type of frames allowed on a port.
This field displays the type of frames allowed on the port. This Acceptable Frame will either display All or VLAN Tagged Only or VLAN Untagged Only. 6.3.3. MAC VLAN The MAC base VLAN allows users to create VLAN with MAC address. The MAC address can be the leading three or more bytes of the MAC address.
6.3.3.2. Web Configurations Parameter Description MAC VLAN Settings Configures the leading three or more bytes of the MAC MAC Address address. VLAN Configures the VLAN. Priority Configures the 802.1Q priority. Click Apply to take effect the settings. Apply Click Refresh to begin configuring this screen afresh. Refresh Click Delete to delete the MAC VLAN profile.
6.3.4. Q-in-Q VLAN (VLAN Stacking) Q-in-Q tunneling is also known as VLAN stacking. Both of them use 802.1q double tagging technology. Q-in-Q is required by ISPs (Internet Service Provider) that need Transparent LAN services (TLS), and the service provider has their own set of VLAN, independent of customer VLANs.
Page 108
Priority refers to the IEEE 802.1p standard that allows the service provider to prioritize traffic based on the class of service (CoS) the customer has paid for. "0" is the lowest priority level and "7" is the highest. VID is the VLAN ID. SP VID is the VID for the second or outer (service provider’s) VLAN tag.
6.3.4.1. VLAN Stacking 6.3.4.1.1. CLI Configurations Node Command Description enable show vlan-stacking This command displays the current vlan- stacking type. enable show vlan-stacking tpid- This command displays the TPID inform configurations. enable configure terminal This command changes the node to configure node.
6.3.4.1.2. Web Configurations Parameter Description VLAN Stacking Settings Select one of the three modes, Disable or Port-Based or Action Selective for the VLAN stacking. Configures the TPID Table: The TPID table has 6 entries. Tunnel TPID Index Selects the table index. Tunnel TPID Index Selects the table index.
Click Refresh to begin configuring this screen afresh. Refresh Click Delete to delete the MAC VLAN profile. Action 6.3.4.2. Port-based Q-in-Q Port-based Q-in-Q Q-in-Q encapsulation is to convert a single tagged 802.1Q packet into a double tagged Q- in-Q packet. The Q-in-Q encapsulation can be based on port or traffic. Port-based Q-in-Q is to encapsulate all the packets incoming to a port with the same SPVID outer tag.
interface vlan-stacking port-based priority This command sets the priority in port <0~7> based Q-in-Q. interface vlan-stacking port-based role This command sets VLAN stacking (tunnel|access|normal) port role. interface vlan-stacking port-based spvid This command sets the service <1~4096> provider’s VID of the specified port. interface vlan-stacking tunnel-tpid index This command sets TPID for a Q-in-Q...
Page 114
SPVID Configures the service provider’s VLAN. Priority Configures the priority for the specific ports. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. Action Click Delete to delete the MAC VLAN profile.
6.4. DHCP Option (Option 82) DHCP Option 82 is the “DHCP Relay Agent Information Option”. Option 82 was designed to allow a DHCP Relay Agent to insert circuit specific information into a request that is being forwarded to a DHCP server. Specifically the option works by setting two sub- options: Circuit ID and Remote ID.
Page 116
. . . The Agent Information field consists of a sequence of Sub-Opt/Length value for each sub-option, encoded in the following manner: Sub- Sub-Option Value Option . . . DHCP Agent Sub-Option Description Sub-option Code --------------- ---------------------- Agent Circuit ID Sub-option Agent Remote ID Sub-option Circuit ID Sub-option Format: Sub-option...
PVLAN. CVLAN - Add the customer VLAN ID into the Circuit sub-option. If the CVLAN is not defined, the system returns 0. PORT - Add the transmit port ID into the Circuit sub-option. FRAME - Add the frame ID into the Circuit sub-option. The frame ID is configured with the CLI command, “dhcp- options option82 circuit_frame VALUE”.
6.4.2. Web Configurations Parameter Description DHCP Option 82 Settings Select this option to enable / disable the DHCP option 82 State on the Switch. Circuit Frame The frame ID for the circuit sub-option. Circuit Shelf The shelf ID for the circuit sub-option. Circuit Slot The slot ID for the circuit sub-option.
Page 119
Port The port ID. The String of the circuit ID sub-option information for the Circuit-ID String specific port. The String of the remote ID sub-option information for Remote-ID String the specific port. Click Apply to take effect the settings. Apply Click Refresh to begin configuring this screen afresh.
6.5. DHCP Relay Because the DHCPDISCOVER message is a broadcast message, and broadcasts only cross other segments when they are explicitly routed, you might have to configure a DHCP Relay Agent on the router interface so that all DHCPDISCOVER messages can be forwarded to your DHCP server.
DHCP Server Application-2 (Local in different VLANs) • The DHCP cleint-1 and DHCP client-2 are located in different VLAN. But they allocate IP address from the same DHCP server. Switch DHCP Relay agent Server client client client client client client client VLAN 1: port 1,2 (Management VLAN) VLAN 2: port 3, 4...
6.6. Dual Homing Dual Homing, a network topology in which a device is connected to the network by the way of two independent access points (points of attachment). One access point is considered as a primary connection while other is standby. The standby access point is getting activated once primary connection fails.
6.6.1. CLI Configurations Node Command Description enable show dual-homing This command displays the dual-homing information. enable configure terminal This command changes the node to configure node. configure dual-homing This command disables / enables the dual-homing (disable|enable) function for the system. configure dual-homing This command sets the dual-homing primary...
6.6.2. Web Configurations Parameter Description Dual Homing Settings State Enables / disables the Dual-Homing for the Switch. Group ID Selects a group which you want to configure. Group State Enables / disables the Dual-Homing for a group. Configures / Resets the primary channel for a group. The Primary channel channel can be single port or a trunk group.
Page 127
Click Refresh to begin configuring this screen afresh. Refresh...
6.7. EEE The Energy Efficient Ethernet (EEE) is an IEEE 802.3az standard that is designed to reduce power consumption in Ethernet networks during idle periods. EEE can be enabled on devices that support low power idle (LPI) mode. Such devices can save power by entering LPI mode during periods of low utilization.
Page 129
Click a port to enable IEEE 802.3az Energy Efficient Ethernet EEE Port State on that port. Click this to enable IEEE 802.3az Energy Efficient Ethernet Select All across all ports. Click this to disable IEEE 802.3az Energy Efficient Ethernet Deselect All across all ports.
6.8. ERPS The ITU-T G.8032 Ethernet Ring Protection Switching feature implements protection switching mechanisms for Ethernet layer ring topologies. This feature uses the G.8032 Ethernet Ring Protection (ERP) protocol, defined in ITU-T G.8032, to provide protection for Ethernet traffic in a ring topology, while ensuring that no loops are within the ring at the Ethernet layer.
such as after a switch fail (SF), manual switch (MS), or forced switch (FS). When this timer expires, the ERN begins to apply actions from the R-APS it receives. This timer cannot be manually stopped. Wait to Restore (WTR) timer -- The RPL owner uses the WTR timer. The WTR timer applies to the revertive mode to prevent frequent triggering of the protection switching due to port flapping or intermittent signal failure defects.
In ERPS version 1, if a port is blocked by ERPS, all packets are blocked. In ERPS version 2, if a port is blocked by a ring of ERPS, only the packets belong to the vlans in the instance are blocked. Notice: Control VLAN and Instance: In CLI or Web configurations, there are the Control VLAN and the Instance settings.
erps-ring left-port PORTID type This command configures the left port and [owner|neighbor|normal] type for the ERPS ring. erps-ring mel <0-7> This command configures a Control MEL for the ERPS ring. erps-ring name STRING This command configures a name for the ERPS ring.
Page 134
Global State Enables/disables the global ERPS state. ERPS Ring Settings Ring ID Configures the ring ID. The Valid value is from 1 to 255. State Enables/disables the ring state. Ring Name Configures the ring name.(Up to 32 characters) Revertive Enables/disables the revertive mode. Configures the instance for the ring.
6.8.2. Instance For ERPS version 2, the instance is a profile specifies a control vlan and a data vlan or multiple data vlans for the ERPS. In ERPS, it can separate the control packets and data packets in different vlans. The control packets is in the Control VLAN and the data packets can be in one or multiple data vlan.
6.8.2.2. Web Configurations Parameter Description Instance Settings Configures the instance ID. The valid value is from 1 to Instance Configures the control VLAN for the instance. The valid Control VLAN value is from 1 to 4094. Configures the data VLAN for the instance. The valid Data VLAN value is from 1 to 4094.
6.9. Link Aggregation Link Aggregation (Trunking) is the grouping of physical ports into one logical higher- capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link. However, the more ports you aggregate then the fewer available ports you have.
6.9.1.2. Web Configurations Parameter Description Trunk Group Settings Select the group ID to use for this trunk group, that is, one Group State logical link containing multiple ports. Select Enable to use this static trunk group. Configures the load balance algorithm (MAC/IP) for the specific Load Balance trunk group.
6.9.2. LACP The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port trunking. The IEEE 802.3ad standard describes the Link Aggregation Control Protocol (LACP) for dynamically creating and managing trunk groups. When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups.
6.9.2.1. CLI Configurations Node Command Description enable show lacp counters This command displays the LACP counters [GROUP_ID] for the specific group or all groups. enable show lacp port_priority This command c displays the port priority for the LACP. enable show lacp sys_id This command displays the actor’s and partner’s system ID.
6.9.2.2. Web Configurations Parameter Description LACP Settings Select Enable from the drop down box to enable Link State Aggregation Control Protocol (LACP). Select Disable to not use LACP. LACP system priority is a number between 1 and 65,535. The switch with the lowest system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Select a port or a range of ports to configure its (their) LACP Port Priority priority. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. 6.9.3. LACP Information 6.9.3.1. CLI Configurations Node Command Description enable...
Port The LACP member port ID. LACP system priority is used to determine link aggregation group (LAG) membership, and to identify this device to other System Priority switches during LAG negotiations. (Range: 0-65535; Default: 32768) System ID The neighbor Switch’s system ID. Port The direct connected port Id of the neighbor Switch.
6.10. Loop Detection Loop detection is designed to handle loop problems on the edge of your network. This can occur when a port is connected to a Switch that is in a loop state. Loop state occurs as a result of human error. It happens when two ports on a switch are connected with the same cable.
Page 145
configure no loop-detection address This command configures the destination MAC to default (00:0b:04:AA:AA:AB). configure interface IFNAME This command enters the interface configure node. interface loop-detection (disable|enable) This command disables / enables the loop detection on the port. interface no shutdown This command enables the port.
6.10.2. Web Configurations Parameter Description Loop Detection Settings State Select this option to enable loop detection on the Switch. Enter the destination MAC address the probe packets will be MAC Address sent to. If the port receives these same packets the port will be shut down.
Page 147
Click Refresh to begin configuring this screen afresh. Refresh Loop Detection Status Port This field displays a port number. State This field displays if the loop detection feature is enabled. Status This field displays if the port is blocked. Clicks Unblock to reactivate the port immediately. Manual Recovery Recovery State This field displays if the loop recovery feature is enabled.
6.11. Modbus TCP Modbus TCP supports different types of data format for reading. The primary four types of them are: Data Access Type Function Function Name Note Code Bit access Physical Discrete Read Discrete Inputs Not support Inputs Internal Bits or Read Coils Not support Physical...
Page 149
Word 0 Hi byte = ‘9’ Word 0 Lo byte = ‘0’ Word 1 Hi byte = ‘1’ Word 1 Lo byte = ‘5’ Word 2 Hi byte = ‘-’ Word 2 Lo byte = ‘0’ Word 3 Hi byte = ‘0’ Word 3 Lo byte = ‘0’...
Page 150
0x000C: 1000M-Half-FC_OFF 0xFFFF: No port 0x0200 to 20 words ASCII Port 1 to 6 Description 0x0213 (port 1) Port Description = “100TX,RJ45.” Or 0x0220 to “1000TX,SFP.” 0x0233 (port 2) Word 0 Hi byte = ‘1’ … Word 0 Lo byte = ‘0’ 0x0320 to Word 1 Hi byte = ‘0’...
Word 0 Lo byte = MAC0 Word 0 Hi byte = MAC1 Word 1Lo byte = MAC2 Word 1 Hi byte = MAC3 Word 2Lo byte = MAC4 Word 2 Hi byte = MAC5 0x0518 1 word Primary Port of the Xpress-ring1 Word 0 Hi byte = Port ID.
configure modbus-tcp This command disables / enables the Modbus TCP (disable|enable) on the switch. 6.11.2. Web Configurations Parameter Description Modbus TCP Settings State Select this option to enable / disable the Modbus on the Switch. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh.
Page 153
Clicks the Download button to download all of the regisers Download information to load host.
6.12. STP / RSTP (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a Switch to interact with other (R)STP compliant switches in your network to ensure that only one path exists between any two stations on the network. The Switch supports Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) as defined in the following standards.
Page 155
Forward Time (Forward Delay): This is the maximum time (in seconds) the Switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state;...
Page 156
without the danger of bridge loops, or the need for manual enabling/disabling of these backup links. Bridge loops must be avoided because they result in flooding the network. The Spanning Tree Protocol (STP) is defined in the IEEEStandard802.1D. As the name suggests, it creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches), and disables those links that are not part of the tree, leaving a single active path between any two network nodes.
detect edge ports. As soon as the bridge detects a BPDU coming to an edge port, the port becomes a non-edge port. Forward Delay: The range is from 4 to 30 seconds. This is the maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding).
Page 158
The Root Guard feature forces an interface to become a designated port to prevent surrounding switches from becoming a root switch. In other words, Root Guard provides a way to enforce the root bridge placement in the network. The Root Guard feature prevents a Designated Port from becoming a Root Port.
6.12.1. General Settings 6.12.1.1. CLI Configurations Node Command Description enable show spanning-tree active This command displays the spanning tree information and active ports’ information. enable show spanning-tree blocked This command displays the spanning tree ports information for only blocked port(s) enable show spanning-tree summary This command displays the summary of...
6.12.1.2. Web Configurations Parameter Description STP Settings Select Enabled to use Spanning Tree Protocol (STP) or Rapid State Spanning Tree Protocol (RSTP). Select to use either Spanning Tree Protocol (STP) or Rapid Spanning Mode Tree Protocol (RSTP). STP Parameter Settings This is the maximum time (in seconds) the Switch will wait before changing states.
Priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch.
Page 162
Cost range: 16-bit based value range 1-65535, 32-bit based value range 1-200000000. interface no spanning-tree cost This command configures the path cost to default for the specific port. interface spanning-tree port-priority <0- This command configures the port 240> priority for the specific port. Default: 128.
6.12.2.2. Web Configurations Parameter Description Port Parameters Settings Port Selects a port that you want to configure. Active Enables/Disables the spanning tree function for the specific port. Path Cost Configures the path cost for the specific port. Priority Configures the priority for the specific port. Edge Port Configures the port type for the specific port.
Page 164
Port Status Active The state of the STP function. The port role. Should be one of the Alternated / Designated / Root / Role Backup / None. The port’s status. Should be one of the Discarding / Blocking / Status Listening / Learning / Forwarding / Disabled.
6.12.3. STP Status 6.12.3.1. CLI Configurations Node Command Description enable show spanning-tree active This command displays the spanning tree information and active ports’ information. 6.12.3.2. Web Configurations Parameter Description Current Root Status MAC address This is the MAC address of the root bridge. Root refers to the base of the spanning tree (the root bridge).
Page 166
Priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address Priority will then become the root switch.
7. Security 7.1. IP Source Guard IP Source Guard is a security feature that restricts IP traffic on un-trusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.
Page 168
A packet is received on an un-trusted interface, and the source MAC address and the DHCP client hardware address do not match any of the current bindings. Use DHCP snooping to filter unauthorized DHCP packets on the network and to build the binding table dynamically.
Page 169
The main purposes of the DHCP Snooping are: 1. Create and maintain binding table for ARP Inspection function. 2. Filter the DHCP server’s packets that the DHCP server connects to an untrusted port. The DHCP server connected to an untrusted port will be filtered. Notices: There are a global state and per VLAN states.
4. Enable the global DHCP Snooping and VLAN 1 DHCP Snooping. A. L2SWITCH(config)#dhcp-snooping B. L2SWITCH(config)#dhcp-snooping vlan 1 C. L2SWITCH(config)#interface gi1/0/1 D. L2SWITCH(config-if)#dhcp-snooping trust E. DHCP Client-1: ipconfig /release F. DHCP Client-1: ipconfig /renew DHCP Client-1 can get an IP address. 5.
7.1.1.1.2. Web Configurations Parameter Description DHCP Snooping Settings Select Enable to use DHCP snooping on the Switch. You still have to enable DHCP snooping on specific VLANs and specify trusted ports. State Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
7.1.1.2. Port Settings 7.1.1.2.1. CLI Configurations Node Command Description enable show dhcp-snooping This command displays the current DHCP snooping configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node. interface dhcp-snooping host count This command configures the maximum...
7.1.1.2.2. Web Configurations Parameter Description Port Settings Port Select a port number to modify its configurations.. Trust Configures the specific port if it is a trust port. Maximum Host Enter the maximum number of hosts (1-32) that are permitted Count to simultaneously connect to a port.
7.1.1.3. Server Screening The Switch supports DHCP Server Screening, a feature that denies access to rogue DHCP servers. That is, when one or more DHCP servers are present on the network and both provide DHCP services to different distinct groups of clients, the valid DHCP server’s packets will be passed to the client.
This field displays the index number of the DHCP server entry. Click the number to modify the entry. IP Address This field displays the IP address of the DHCP server. Click Delete to remove a configured DHCP server. Action 7.1.2. Binding Table The DHCP Snooping binding table records the host information learned by DHCP snooping function (dynamic) or set by user (static).
7.1.2.1.2. Web Configurations Parameter Description Static Entry Settings MAC Address Enter the source MAC address in the binding. Enter the IP address assigned to the MAC address in the IP Address binding. VLAN ID Enter the source VLAN ID in the binding. Port Specify the port in the binding.
Static: This binding was learned from information provided manually by an administrator. Dynamic: This binding was learned by snooping DHCP packets. Action Click Delete to remove the specified entry. 7.1.2.2. Binding Table Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network.
This field displays how the Switch learned the binding. Static: This binding was learned from information provided Type manually by an administrator. Dynamic: This binding was learned by snooping DHCP packets. Apply Click Apply to configure the settings. Refresh Click Refresh to begin configuring this screen afresh. 7.1.3.
7.1.3.1. ARP Inspection 7.1.3.1.1. CLI Configurations Node Command Description enable show arp-inspection This command displays the current ARP Inspection configurations. enable configure terminal This command changes the node to configure node. configure arp-inspection This command disables/enables the ARP (disable|enable) Inspection function on the switch. configure arp-inspection vlan This command enables the ARP Inspection...
7.1.3.1.2. Web Configurations Parameter Description ARP Inspection Settings Use this to Enable or Disable ARP inspection on the Switch. State Enter the VLAN IDs you want the Switch to enable ARP VLAN State Inspection for. You can designate multiple VLANs individually by using a comma (,) and by range with a hyphen (-).
Page 181
Click Refresh to begin configuring this screen afresh. Refresh ARP Inspection Status ARP Inspection This field displays the current status of the ARP Inspection State feature, Enabled or Disabled. This field displays the VLAN IDs that have ARP Inspection enabled on them. This will display None if no VLANs have Enabled on VLAN been set.
7.1.3.2. Filter Table Dynamic ARP inspections validates the packet by performing IP to MAC address binding inspection stored in a trusted database (the DHCP snooping database) before forwarding the packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
7.1.3.2.2. Web Configurations Parameter Description Filter Age Time Settings This setting has no effect on existing MAC address filters. Enter how long (1-10080 minutes) the MAC address filter Filter Age Time remains in the Switch after the Switch identifies an unauthorized ARP packet.
7.2. Access Control List Access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. ACL function allows user to configure a few rules to reject packets from the specific ingress ports or all ports.
7.2.1. CLI Configurations Node Command Description enable show access-list This command displays all of the access control profiles. configure access-list STRING This command creates a new access control profile. Where the STRING is the profile name. configure no access-list This command deletes an access control profile. STRING show This command displays the current access control...
Page 186
destination ip host This command configures a specific destination IPADDR IP address for the profile. destination ip This command configures the destination IP IPADDR IPMASK address and mask for the profile. no destination ip This command removes the destination IP address from the profile.
Destination MAC Address: any Source MAC Address: any Ethernet Type: any Source IP Address: any Destination IP Address: any Source Application: any Destination Application: any 7.2.2. Web Configurations Parameter Description IP Type Selects IPv4 / IPv6 type for the profile. Profile Name The access control profile name.
Page 188
Ethernet Type Configures the ethernet type of the packets for the profile. VLAN Configures the VLAN of the packets for the profile. Source MAC Configures the source MAC of the packets for the profile. Configures the bitmap mask of the source MAC of the packets for the profile.
Page 189
Click Refresh to begin configuring this screen afresh. Refresh...
Page 190
7.3. 802.1x IEEE 802.1X is an IEEE Standard for port-based Network Access Control ("port" meaning a single point of attachment to the LAN infrastructure). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.
When the client provides the login credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port. Local User Accounts By storing user profiles locally on the Switch, your Switch is able to authenticate users without interacting with a network authentication server.
Page 192
Supp-Timeout: The supp-timeout value is the initialization value used for timing out a Supplicant. Max-req Time: Specify the amount of times the Switch will try to connect to the authentication server before determining the server is down. The acceptable range for this field is 1 to 10 times.
7.3.1. Global Settings 7.3.1.1. CLI Configurations Node Command Description enable show dot1x This command displays the current 802.1x configurations. enable show dot1x username This command displays the current user accounts for the local authentication. enable show dot1x accounting-record This command displays the local accounting records.
configure no dot1x username <STRING> This command deletes the user account for local authentication. 7.3.1.2. Web Configurations Parameter Description Global Settings Select Enable to permit 802.1x authentication on the Switch. State Note: You must first enable 802.1x authentication on the Switch before configuring it on each port.
Page 195
essence, RADIUS allows you to validate an unlimited number of users from a central location. Guest VLAN Configure the guest VLAN. When RADIUS is selected as the 802.1x authentication method, Primary Radius the Primary Radius Server will be used for all authentication Server attempts.
7.3.2. Port Settings 7.3.2.1. CLI Configurations Node Command Description enable show dot1x This command displays the current 802.1x configurations. enable configure terminal This command changes the node to configure node. configure interface IFNAME This command enters the interface configure node. interface dot1x admin-control-direction This command configures the...
7.3.2.2. Web Configurations Parameter Description Port Settings Port Select a port number to configure. Select Enable to permit 802.1x authentication on the port. 802.1x State You must first enable 802.1x authentication on the Switch before configuring it on each port. Select Both to drop incoming and outgoing packets on the Admin Control port when a user has not passed 802.1x port authentication.
Page 198
Select Force Authorized to always force this port to be authorized. Select Force Unauthorized to always force this port to be unauthorized. No packets can pass through this port. Select Disable to disable Guest VLAN on the port. Guest VLAN Select Enable to enable Guest VLAN on the port.
7.4. Port Security The Switch will learn the MAC address of the device directly connected to a particular port and allow traffic through. We will ask the question: “How do we control who and how many can connect to a switch port?” This is where port security can assist us. The Switch allow us to control which devices can connect to a switch port or how many of them can connect to it (such as when a hub or another switch is connected to the port).
7.4.2. Web Configurations Parameter Description Port Security Settings Port Security Select Enable/Disable to permit Port Security on the Switch. Port Select a port number to configure. State Select Enable/Disable to permit Port Security on the port. The maximum number of MAC addresses allowed per Maximum MAC interface.
8. Monitor 8.1. Alarm The feature displays if there are any abnormal situation need process immediately. Notice: The Alarm DIP switch allow users to configure if send alarm message when the corresponding event occurs. For Example: P1: ON, The Switch will send alarm message when port 1 is link down. PWR: ON, The Switch will send alarm message when the main power supply disconnect.
8.2. Port Statistics This feature helps users to monitor the ports’ statistics, to display the link up ports’ traffic utilization only. 8.2.1. CLI Configurations Node Command Description enable show port-statistics This command displays the link up ports’ statistics. 8.2.2. Web Configurations Parameter Description Port...
8.3. Port Utilization This feature helps users to monitor the ports’ traffic utilization, to display the link up ports’ traffic utilization only. 8.3.1. CLI Configurations Node Command Description enable show port-utilization This command displays the link up ports’ traffic (bps|Kbps|Mbps) utilization.
8.4. RMON Statistics This feature helps users to monitor or clear the port’s RMON statistics. 8.4.1. CLI Configurations Node Command Description enable show rmon statistics This command displays the RMON statistics. enable configure terminal This command changes the node to configure node.
8.5. SFP Information The SFP information allows user to know the SFP module’s information, such as vendor name, connector type, revision, serial number, manufacture date, and to know the DDMI information if the SFP modules have supported the DDMI function. 8.5.1.
Vendor PN Part Number. Vendor rev Revision level for part number. Vendor SN Serial number (ASCII). Date Code Manufacturing date code. Notice: If the fiber cable is not connected, the Rx Power fields are not available. 8.6. Traffic Monitor The function can be enabled / disabled on a specific port or globally be enabled disabled on the Switch.
Page 207
configure interface range This command enters the if-range configure gigabitethernet1/0/ node. PORTLISTS if-range traffic-monitor This command enables / disables the traffic (disable|enable) monitor on the port. if-range traffic-monitor This command configures the packet rate and rateRATE_LIMIT packet type for the traffic monitor on the port. bcast –...
8.6.2. Web Configurations Parameter Description Traffic Monitor Settings State Globally enables / disables the traffic monitor function. Port The port range which you want to configure. State Enables / disables the traffic monitor function on these ports. Packet Type Specify the packet type which you want to monitor. Packet Rate Specify the packet rate which you want to monitor.
Page 209
Configures the quarantine times for the traffic monitor on Quarantine Times these ports. (Range: 1 – 20 times) Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. Select Unblock to enable these ports blocked by traffic Manual Recovery monitor.
9. Management 9.1. SNMP Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.
Page 211
enable configure terminal This command changes the node to configure node. configure snmp (disable|enable) This command disables/enables the SNMP on the switch. configure snmp system-contact This command configures contact information for STRING the system. configure snmp system-location This command configures the location STRING information for the system.
9.1.1.1.2. Web Configurations Parameter Description SNMP Settings Select Enable to activate SNMP on the Switch. SNMP State Select Disable to not use SNMP on the Switch. Type a System Name for the Switch. System Name (The System Name is same as the host name) System Location Type a System Location for the Switch.
9.1.1.2. Community Name SNMP community act like passwords and are used to define the security parameters of SNMP clients in an SNMP v1 and SNMP v2c environments. The default SNMP community is “public” for both SNMP v1 and SNMP v2c. Network ID of Trusted Host: The IP address is a combination of the Network ID and the Host ID.
9.1.1.2.2. Web Configurations Parameter Description Community Name Settings Enter a Community string, this will act as a password for requests from the management station. An SNMP community string is a text string that acts as a password. It is used to authenticate messages that are sent Community String between the management station (the SNMP manager) and the device (the SNMP agent).
Page 215
This field indicates the community number. It is used for identification only. Click on the individual community number to edit the community settings. This field displays the SNMP community string. An SNMP Community String community string is a text string that acts as a password. This field displays the community string’s rights.
9.1.2. SNMP Trap 9.1.2.1. Receiver Settings 9.1.2.1.1. CLI Configurations Node Command Description enable show snmp This command displays the SNMP configurations. enable configure terminal This command changes the node to configure node. configure snmp trap-receiver This command configures the trap receiver’s IPADDR (v1|v2c) configurations, including the IP address, version COMMUNITY...
Select the version of the Simple Network Management Protocol Version to use. v1 or v2c. Specify the community string used with this remote trap Community String station. Apply Click Apply to take effect the settings. Click Refresh to begin configuring this screen afresh. Refresh Trap Receiver List This field displays the index number of the trap receiver entry.
9.1.2.2.1. CLI Configurations Node Command Description enable show snmp trap-event This command displays the SNMP configurations. enable configure terminal This command changes the node to configure node. configure snmp trap-event alarm-over-heat This command enables/disables the (disable/enable) alarm-over-heat trap. configure snmp trap-event alarm-over-load This command enables/disables the (disable/enable) alarm-over-load trap.
9.1.2.2.2. Web Configurations Parameter Description Trap Event State Settings Select all Enables all of trap events. Deselect All Disables all os trap events. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. 9.1.2.3.
Page 220
interface no snmp port-link-change-trap This command disables the link change trap on the specific port. configure interface range This command enters the if-range gigabitethernet1/0/PORTLISTS configure node. if-range snmp port-link-change-trap This command enables the link change trap on the specific ports. if-range no snmp port-link-change-trap This command disables the link...
9.1.2.3.2. Web Configurations Parameter Description Port Link-Change Trap Settings Selects a port or a range of ports to configure the port event Port trap. State Enables / Disable the port link change trap. Port Link-Change Trap Status Port The port ID. State The state of the port.
9.1.3. SNMPv3 9.1.3.1. SNMPv3 Group 9.1.3.1.1. CLI Configurations Node Command Description This command displays all snmp v3 enable show snmp group groups. enable configure terminal This command changes the node to configure node. snmp group GROUPNAME Configures v3 group of non- configure noauth (read STRINGS write authentication.
Note that if a group is defined without a read view than all Read View objects are available to read. (default value is none.) if no write or notify view is defined, no write access is granted Write View and no objects can send notifications to members of the group. (default value is none.) By using a notify view, a group determines the list of Notify View...
9.1.3.2.2. Web Configurations Parameter Description User Name Enter the v3 user name. Group Name Map the v3 user name into a group name. Select the security level of the v3 user to use. noauth means no authentication and no encryption. Security Level auth means messages are authenticated but not encrypted.
User Name This field displays the v3 user name. Group Name This field displays the group name which the v3 user mapping. Auth Protocol These fields display the security level to this v3 user. Priv Protocol Rowstatus This field displays the v3 user rowstatus. Click Delete to remove a v3 user.
The OID defining the root of the subtree to add to (or exclude View Subtree from) the named view. Select included or excluded to define subtree adding to the View Type view or not. Click Apply to take effect the settings. Apply Refresh Click Refresh to begin configuring this screen afresh.
4. If the Firmware_Version is difference than current firmware version, download the Firmware_Image_File and upgrade firmware. 5. If upgrade firmware succeeded and Firmware_Reboot=1, let reboot_flag=1. 6. If the Global_Configuration_State =1, download the Global_Configuration_File and upgrade configuration; otherwise, do step 8. 7.
9.2.2. Web Configurations Parameter Description Auto Provision Settings State The field enables / disables the auto provision function. Status The field displays the state machine status of auto provision. Version The field displays the auto provision version of current system. Protocol The field configures the protocol for file transfer.
Configuration Change : The system configurations in the NV-RAM have been updated. Firmware Upgrade : The system firmware image has been updated. Port Blocked : A port is blocked by looping detection or BPDU Guard. Port Link Change : A port link up or down.
Page 230
configure mail-alarm (disable|enable) This command disables / enables the Mail Alarm function. configure mail-alarm auth-account This command configures the Mail server authentication account. configure mail-alarm mail-from This command configures the mail sender. configure mail-alarm mail-to This command configures the mail receiver. configure mail-alarm server (ip|domain- This command configures the...
Page 231
Parameter Description Mail Alarm Settings State Enable / disable the Mail Alarm function. Selects one of below options: IP: The mail server’s IP format is IPv4. Server Domain Name: The mail server’s IP format is a domain name. Server Port Specifies the TCP port for the SMTP.
9.4. Maintenance 9.4.1. Configuration 9.4.1.1. CLI Configurations Node Command Description enable configure terminal This command changes the node to configure node. configure write memory This command writes current operating configurations to the configuration file. configure archive download-config This command downloads a new copy <URL PATH>...
When users execute the command, write memory, the system will save all of the running configurations to startup-config file. When the Switch boot up, it will load startup-config as the system configurations. When users execute the command, reload default-config, the system will copy user- ...
Upload / Download Configurations to /from a your server Follow the steps below to save the configuration file to your PC. Select the “Press “Download” to save configurations file to your PC”. Click the “Download” button to start the process. ...
configure archive download-secondary- This command downloads a new copy fw <URL PATH> of firmware file for secondary image from TFTP / FTP / HTTP server. Where <URL PATH> can be: ftp://user:pass@192.168.1.1/file http://192.168.1.1/file tftp://192.168.1.1/file configure archive ipv6-download- This command downloads a new copy secondary-fw <URL PATH>...
9.4.3. Reboot 9.4.3.1. CLI Configurations Node Command Description enable configure terminal This command changes the node to configure node. configure reboot This command reboots the system. 9.4.3.2. Web Configurations Reboot allows you to restart the Switch without physically turning the power off. Follow the steps below to reboot the Switch.
9.4.4. Server Control The function allows users to enable or disable the HTTP or HTTPS or SNMP v1/v2c or SNMP v3 or SSH or Telnet service individual using the CLI or GUI. Notice: SNMP state v.s snmp_v1v2c v.s snmp_v3 The global SNMP state has the highest priority. ...
9.4.4.2. Web Configurations Parameter Description Server Settings Selects Enable or Disable to enable or disable the HTTP HTTP Server State service. HTTP Server TCP Configures the TCP port for the HTTP service. Port Selects Enable or Disable to enable or disable the SSH SSH Server State service.
9.5. Sys log The syslog function records some of system information for debugging purpose. Each log message recorded with one of these levels, Alert / Critical / Error / Warning / Notice / Information. The syslog message can be recorded in local NV-RAM or be sent to Syslog server.
9.5.2. Web Configurations Parameter Description Select IP type for the server’s IP. Enter the Syslog server IP address. Server IP Select Enable to activate switch sent log message to Syslog server when any new log message occurred. Facility Selects the facility level.. Apply Click Apply to take effect the settings.
9.6. User Account The Switch allows users to create up to 6 user account. The user name and the password should be the combination of the digit or the alphabet. The last admin user account cannot be deleted. Users should input a valid user account to login the CLI or web management. User Authority The Switch supports two types of the user account, admin and normal.
9.6.2. Web Configuration Parameter Description User Account Settings User Name Type a new username or modify an existing one. Type a new password or modify an existing one. Enter up to 32 User Password alphanumeric or digit characters. Select with which group the user associates: admin (read and User Authority write) or normal (read only) for this user account.
9.7. Device management The Topology map uses the LLDP, ONVIF and Manual Registration data to draw the map. 9.7.1. LLDP The Link Layer Discovery Protocol (LLDP) specified in this standard allows stations attached to an IEEE 802® LAN to advertise, to other stations attached to the same IEEE 802 LAN, the major capabilities provided by the system incorporating that station, the management address or addresses of the entity or entities that provide management of those capabilities, and the identification of the station’s point of attachment to the IEEE 802 LAN...
config interface range This command enters the if-range configure node. gigabitethernet1/0/ PORTLISTS if-range lldp-agent This command configures the LLDP agent (disable|enable|rx- function. only|tx-only) disable – Disable the LLDP on the specific port. enable – Transmit and Receive the LLDP packet on the specific port.
Page 245
Parameter Description LLDP Settings State Globally enables / disables the LLDP on the Switch. Tx Interval Configures the interval to transmit the LLDP packets. Configures the tx-hold time which determines the TTL of Tx Hold the Switch’s message. (TTL=tx-hold * tx-interval) Time To Live The hold time for the Switch’s information.
9.7.2. Manual Registration If devices do not support LLDP and ONVIF, user has to enter the details of it by manually under manual registration. The function supports four types, IP-Cam, PLC, Switch and PC. 9.7.2.1. CLI Configurations Node Command Description enable show manual-registration-device This command displays...
Page 247
Apply Click Apply to take effect the settings. Click Refresh to begin configuring this screen Refresh afresh. Manual Registration Table Type The kind of devices connected to switch. MAC Address The MAC address on the ONVIF device. Action Whether to delete entered device or not.
9.7.3. ONVIF ONVIF is an open industry forum that provides and promotes standardized interfaces for effective interoperability of IP-based physical security products. The Switch use ONVIF to discovery if there is ONVIF device connected to the Switch. ONVIF settings and ONVIF Neighbor The page show the detail information about ONVIF settings and ONVIF devices connected to the Switch.
Page 249
Configures the sending ONVIF discovery packet interval. Tx Interval Valid range is 6 ~ 3600 seconds. Apply Click Apply to take effect the settings. Refresh Click Refresh to begin configuring this screen afresh. ONVIF Neighbor Information Port The connected port of the ONVIF device. IP Address The IP address of the ONVIF device.
9.8. Topology Map The Topology map is a feature to check neighbor devices’ information or to configure them easily. Click the Topology map, the system will display topology as below. All devices connect to the Switch directly and support LLDP will be displayed on the screen.
Page 251
You can view the basic details of the devices connected to the host, by placing the cursor on it. When there is something wrong with the devices, the screen will appear as below. So that you can find the details of events that have gone wrong, and correct it.
The red ‘X’ indicates that connection is lost with the host. 9.8.1. Background Configuration You can upload your company floor layout plan picture in to the background image so that you can identify easily where the switches has been placed.
Page 253
Picture To choice a file which you want to display it in the background and the Preview window will display your select immediately. If you click the “Upgrade” button, the file will be download to the Switch and it will be applied on next reboot. Color ...
9.8.2. Client-Switch Management By Right clicking on the neighbor non-Lite management switch (L2 Switch) you get this menu and you can configure as shown below. Non-Lite management switch and other devices menu: Save All Device Location To fix the location of all devices on the map, so that it restores its places after refresh.
Page 255
Interface show cable-test result This command displays the cable test result. Interface cable-test start This command starts to test the cable.
The user must use shielded cables and connectors with this equipment. Any changes or modifications to this equipment not expressly approved by Eaton could void the user's authority to operate this equipment.
Need help?
Do you have a question about the TRIPP LITE NGI-M08C2 and is the answer not in the manual?
Questions and answers